Classification
|
Rule Name |
Rule Type |
Common Event |
Classification |
|---|---|---|---|
|
AXIS Messages |
Base Rule |
General AXIS Message |
Information |
|
General Debug Message |
Sub Rule |
General Debug Message |
Information |
|
General Error Message |
Sub Rule |
General Error Message |
Error |
|
General Information Message |
Sub Rule |
General Information Log Message |
Information |
|
General Warning Message |
Sub Rule |
General Warning Log Message |
Warning |
|
User Logon |
Sub Rule |
User Logon |
Authentication Success |
|
User Logon |
Sub Rule |
User Logon |
Authentication Success |
|
User Logoff |
Sub Rule |
User Logoff |
Authentication Success |
|
Account Is Disabled |
Sub Rule |
User Logon Failure : Account Disabled |
Authentication Failure |
|
No Account Present For User |
Sub Rule |
User Logon Failure : Bad Username |
Authentication Failure |
|
PAM Authentication Error |
Sub Rule |
PAM Authentication Error |
Error |
|
Syslogd Information |
Sub Rule |
Syslogd Information |
Information |
|
Syslogd Restarted |
Sub Rule |
Process/Service Restarted |
Startup and Shutdown |
|
Syslogd Error |
Sub Rule |
Syslogd Error |
Error |
|
Unknown Host |
Sub Rule |
Unknown Hostname |
Warning |
|
Unknown Priority Name |
Sub Rule |
Unknown Name Or Service |
Warning |
Mapping with LogRhythm Schema
|
Device Key in Log Message |
LogRhythm Schema |
Data Type |
|
N/A |
<severity> |
Text\String |
|
N/A |
<login> |
Text\String |
|
N/A |
<process> |
Text\String |
|
N/A |
<sname> |
Text\String |
|
N/A |
<processid> |
Number |
|
N/A |
<object> |
Text\String |
|
N/A |
<group> |
Text\String |
|
N/A |
<tag3> |
Text\String |
|
N/A |
<tag2> |
Text\String |
|
N/A |
<sip> |
Number |