Vendor Documentation
Classification
|
Rule Name |
Rule Type |
Classification |
Common Event |
|---|---|---|---|
|
Administrative Configuration Event |
Base Rule |
Configuration |
Configuration Modified : System |
|
VPM Policy Changed |
Sub Rule |
Policy |
Policy Modified : System |
|
Syslog Enabled |
Sub Rule |
Configuration |
Configuration Enabled : System |
|
Event Log Threshold Changed |
Sub Rule |
Configuration |
Configuration Modified : Security |
|
Local Realm Created |
Sub Rule |
Configuration |
Configuration Loaded : System |
|
Realm Deleted |
Sub Rule |
Configuration |
Configuration Deleted : System |
|
DNS Cache Cleared |
Sub Rule |
Access Success |
Object Modified |
|
Access Logging Enabled |
Sub Rule |
Configuration |
Configuration Modified : Security |
|
CLI Session Timed Out |
Sub Rule |
Warning |
Session Timed Out |
Mapping with LogRhythm Schema
|
Device Key in Log Message |
LogRhythm Schema |
Data Type |
|---|---|---|
|
N/A |
<vmid> |
Text/String/Number |
|
N/A |
<sip> |
Ip address |
|
N/A |
<login> |
Text/String/Number |
|
N/A |
<tag1> |
Text/String/Number |
|
N/A |
<domain> |
Text/String/Number |
|
N/A |
<object> |
Text/String/Number |