Catch All : Level 4 1
Vendor Documentation
Classification
| Rule Name | Rule Type | Common Event | Classification |
|---|---|---|---|
| Catch All : Level 4 | Base Rule | General Information | Information |
| Alert Messages | Sub Rule | General Alert | Warning |
| Emergency Messages | Sub Rule | General Critical Log Message | Critical |
| Informational Messages | Sub Rule | General Information | Information |
| Notification Messages | Sub Rule | General Information | Information |
| Warning Messages | Sub Rule | General Warning Log Message | Warning |
Mapping with LogRhythm Schema
| Device Key in Log Message | LogRhythm Schema | Data Type | Schema Description |
| logid | <vmid> | Number | The ID (logid) is a 10-digit field. It is a unique identifier for that specific log. |
| level | <severity> | Text\String | Each log entry contains a Level (level) field that indicates the estimated severity of the event that caused the log entry. |
| srcip | <sip> | IP Address | IP address of the traffic’s origin. |
| dstip | <dip> | IP Address | Destination IP address for the web. |
| srcport | <sport> | Number | Port number of the traffic's origin. |
| dstport | <dport> | Number | Port number of the traffic's destination. |
| srcintf | <sinterface> | Text\String | Interface name of the traffic's origin. |
| dstintf | <dinterface> | Text\String | Interface of the traffic's destination. |
| vd | <domainorigin> | Text\String | Name of the virtual domain in which the log message was recorded. |
| type | <object> | Text\String | Each log entry contains a Type (type) or category field. |
| subtype | <objectname> | Text\String | Each log entry contains a Sub Type (subtype) or subcategory field. |