Alert Event Logs

https://ohc.blob.core.windows.net/o-help/manual/634d3f01-92d7-40e4-ad6a-9df16960e7bd/ddan_7.6_sg.pdf

Rule Name

Rule Type

Common Event

Classification

Alert Event Logs

Base Rule

General Alert Message

Information

Updated Component Log

Sub Rule

General Info Log Message

Information

High CPU Usage Log

Sub Rule

High CPU Usage

Warning

Device Key in Log Message

LogRhythm Schema

Data Type

Schema Description

N/A

N/A

N/A

CEF format version

N/A

N/A

N/A

Appliance vendor

N/A

N/A

N/A

Appliance product

N/A

<version>

Numbers

Appliance version

N/A

<vmid>

Numbers/Text

Event ID

N/A

<vendorinfo>

Text/String

Description

N/A

<severity>

Numbers

Severity
2: Informational
6: Important
8: Critical

rt

Event logged

dvc

<dip>

IP Address

Appliance IP address

dvchost

<dname>

Text/String

Appliance hostname

dvcmac

<dmac>

Numbers/Text

Appliance MAC address

deviceExternalId

N/A

N/A

Appliance GUID

cs1Label

N/A

N/A

Rule name label

cs1

<objectname>
<tag1>

Text/String

Rule name

cs2Label

N/A

N/A

Affected Appliance label

cs2

N/A

N/A

Affected Appliance

cs3Label

N/A

N/A

Subject Label

cs3

N/A

N/A

Subject

cs4Label

N/A

N/A

Message Label

cs4

<subject>

Text/String

Message