Administrative Configuration Event
Vendor Documentation
Classification
Rule Name | Rule Type | Classification | Common Event |
---|---|---|---|
Administrative Configuration Event | Base Rule | Configuration | Configuration Modified : System |
VPM Policy Changed | Sub Rule | Policy | Policy Modified : System |
Syslog Enabled | Sub Rule | Configuration | Configuration Enabled : System |
Event Log Threshold Changed | Sub Rule | Configuration | Configuration Modified : Security |
Local Realm Created | Sub Rule | Configuration | Configuration Loaded : System |
Realm Deleted | Sub Rule | Configuration | Configuration Deleted : System |
DNS Cache Cleared | Sub Rule | Access Success | Object Modified |
Access Logging Enabled | Sub Rule | Configuration | Configuration Modified : Security |
CLI Session Timed Out | Sub Rule | Warning | Session Timed Out |
Mapping with LogRhythm Schema
Device Key in Log Message | LogRhythm Schema | Data Type |
---|---|---|
N/A | <vmid> | Text/String/Number |
N/A | <sip> | Ip address |
N/A | <login> | Text/String/Number |
N/A | <tag1> | Text/String/Number |
N/A | <domain> | Text/String/Number |
N/A | <object> | Text/String/Number |