Event Messages

Classification

Rule Name	Rule Type	Common Event	Classification
Event Messages	Base Rule	Event Occurred	Information
Message Received	Sub Rule	Message Received	Other Audit Success
Message Sent	Sub Rule	Message Sent	Information
Request Received	Sub Rule	Request Received	Other Audit Success
Request Sent	Sub Rule	Request Prepared	Information
Response Received	Sub Rule	Response Received	Information
Response Sent	Sub Rule	Response Prepared	Information

Mapping with LogRhythm Schema  

Device Key in Log Message	LogRhythm Schema	Data Type
Event	<vmid>	Text\String
Level	<severity>	Number
Src-ip	<sip>	IP Address
Dst-ip	<dip>	IP Address
Src-port	<sport>	Number
Dst-port	<dport>	Number
Protocol	<protname>	Text\String
Service	<object>	Text\String
Method	<command>	Text\String

×