Audit Events (Syslog - ManageEngine PAM360)

Vendor Documentation

Rule Name	Rule Type	Common Event	Classification
Audit Events	Base Rule	General Audit Message	Other Audit

Device Key in Log Message	LogRhythm Schema	Data Type	Schema Description
N/A	<objecttype>:<login>:<sip>	Text/String/IP Address	ResourceAudit:LOGGED_IN_USERNAME:IPADDRESS OR UserAudit:LOGGED_IN_USERNAME:IPADDRESS
N/A	<action>	Text/String	OPERATION_TYPE
N/A	N/A	N/A	OPERATED_TIME
N/A	<status>	Text/String	STATUS_OF_OPERATION
N/A	<sname>	Text/String	PAM360_SERVER_NAME
N/A	<subject>	Text/String	ORG_NAME-RESOURCE_NAME:ACCOUNT_NAME:SHARED_USER:REASON OR ORG_NAME-LOGGED_IN_USERNAME:REASON