Audit Events | LogRhythm Documentation

Vendor Documentation

Rule Name	Rule Type	Common Event	Classification
Audit Events	Base Rule	General Audit Message	Other Audit

Device Key in Log Message	LogRhythm Schema	Data Type	Schema Description
N/A	<severity>	Text/String	Header: Severity
N/A	<objecttype>:<login>:<sip>	Text/String/IP Address	UserAudit: LOGGED_IN_USERNAME: IPADDRESS OR ResourceAudit: LOGGED_IN_USERNAME:IPADDRESS
N/A	<action>	Text/String	OPERATION_TYPE
N/A	N/A	N/A	OPERATED_TIME
N/A	<status>	Text/String	STATUS_OF_OPERATION
N/A	<sname>	Text/String	PMP_SERVER_NAME
N/A	<subject>:<reason>	Text/String	ORG_NAME-LOGGED_IN_USERNAME: REASON OR ORG_NAME-RESOURCE_NAME:ACCOUNT_NAME:REASON