Skip to main content
Skip table of contents

Catch All : Level 3 2

Classification

Rule Name

Rule Type

Common Event

Classification

Catch All : Level 3Base RuleGeneral OperationsOther Operations
Return Status SuccessSub RuleReturn Status SuccessOther Audit Success
Session Closed For UserSub RuleSession Closed For UserOther Audit Success
Return Status IgnoreSub RuleReturn Status IgnoreInformation
Error On SubcontainerSub RuleError On SubcontainerError
Connection ClosedSub RuleConnection ClosedNetwork Traffic
Crond Executed CommandSub RuleCommand ExecutedAccess Success
Change Directory FailureSub RuleAccess Object FailureAccess Failure
Change Directory Failure : No Such File Or DirSub RuleAccess Object FailureAccess Failure
Command Line Interface LogoutSub RuleUser LogoffAuthentication Success
Command Line Interface LoginSub RuleUser LogonAuthentication Success
Crond Executed Command As RootSub RuleCrond Executed Command As RootInformation
User SessionSub RuleSession Started For UserOther Audit Success
Access PolicySub RuleGeneral PolicyOther Audit
Session InformationSub RuleSession InformationInformation
No User FoundSub RuleSQL TransactionOther Audit
Disk AlertSub RuleGeneral Disk ErrorError
RADIUS Auth SuccessfulSub RuleAuthentication ActivityAuthentication Success
Authentication FailedSub RuleUser Logon FailureAuthentication Failure

Mapping with LogRhythm Schema  

Device Key in Log Message

LogRhythm Schema

Data Type

N/A<vmid>Number
N/A<severity>Text/String
N/A<sip>IP Address
N/A<sport>Number
N/A<login>Text/String
N/A<account>Text/String
N/A<domainorigin>Text/String
N/A<processid>Number
N/A<process>Text/String
N/A<object>Text/String
N/A<subject>Text/String
N/A<url>Text/String
N/A<amount>Number
N/A<result>Text/String
N/A<tag2>Text/String
N/A<tag3>Text/String
N/A<tag4>Text/String
N/A<tag5>Text/String
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close