Agent Log Event Messages
Vendor Documentation
Classification
Rule Name | Rule Type | Common Event | Classification |
|---|---|---|---|
Agent Log Event Messages | Base Rule | General Event Agent Information | Information |
Module Disabled Messages | Sub Rule | Module Unloaded | Other Audit |
Module Error Messages | Sub Rule | Module Error | Error |
Module Not Installed Messages | Sub Rule | Module Initialization Failure | Critical |
Module Running Messages | Sub Rule | Module Loaded | Other Audit Success |
Asset Shutdown Messages | Sub Rule | Service Shutdown | Startup and Shutdown |
Agent Stopped Messages | Sub Rule | Session Stopped | Other Audit Success |
Mapping with LogRhythm Schema
Device Key in Log Message | LogRhythm Schema | Data Type | Schema Description |
N/A | N/A | N/A | Common Event Format identifier: Default or unspecified severity level (can be replaced with specific severity levels such as 1-10). |
N/A | N/A | N/A | Vendor or organization name. |
N/A | N/A | N/A | Product or service name generating the event. |
N/A | <version> | Numbers | Version number. |
N/A | <vmid> | Text/String | N/A |
N/A | <vendorinfo> | Text/String | Description |
N/A | <severity> | Text/String | Severity level of the event |
id | <session> | Text/String | N/A |
shost | <sname> | Text/String | N/A |
start | N/A | N/A | N/A |
cs1Label | N/A | N/A | N/A |
cs1 | <object> | Text/String | N/A |
msg | <subject> | Text/String | N/A |
cs2label | N/A | N/A | N/A |
cs2 | N/A | N/A | N/A |