Administrative Configuration Event
Vendor Documentation
Classification
| Rule Name | Rule Type | Classification | Common Event |
|---|---|---|---|
| Administrative Configuration Event | Base Rule | Configuration | Configuration Modified : System |
| VPM Policy Changed | Sub Rule | Policy | Policy Modified : System |
| Syslog Enabled | Sub Rule | Configuration | Configuration Enabled : System |
| Event Log Threshold Changed | Sub Rule | Configuration | Configuration Modified : Security |
| Local Realm Created | Sub Rule | Configuration | Configuration Loaded : System |
| Realm Deleted | Sub Rule | Configuration | Configuration Deleted : System |
| DNS Cache Cleared | Sub Rule | Access Success | Object Modified |
| Access Logging Enabled | Sub Rule | Configuration | Configuration Modified : Security |
| CLI Session Timed Out | Sub Rule | Warning | Session Timed Out |
Mapping with LogRhythm Schema
Device Key in Log Message | LogRhythm Schema | Data Type |
|---|---|---|
N/A | <vmid> | Text/String/Number |
| N/A | <sip> | Ip address |
| N/A | <login> | Text/String/Number |
| N/A | <tag1> | Text/String/Number |
| N/A | <domain> | Text/String/Number |
| N/A | <object> | Text/String/Number |