Skip to main content
Skip table of contents

HP OneView Audit Log Events

Vendor Documentation

https://support.hpe.com/hpesc/public/docDisplay?docId=a00118216en_us&page=s_security-audit-atlas.html

Classification

Rule NameRule TypeClassificationCommon Event
HP OneView Audit Log EventsBase RuleOther AuditGeneral Audit Message
Object Added Successfully EventSub RuleAccess SuccessObject Added
Object Modified Successfully EventSub RuleAccess SuccessObject Modified
Object Deleted Successfully EventSub RuleAccess SuccessObject Deleted/Removed
Successful Login EventSub RuleOther AuditLogin Or Logout Event Executed
Successful Logout EventSub RuleOther AuditLogin Or Logout Event Executed
Successful Activity EventSub RuleOther Audit SuccessSuccessful Activity
Object Addition Failure EventSub RuleAccess FailureAdd Object Failure
Object Modification Failure EventSub RuleAccess FailureModify Object Failure
Object Deletion Failure EventSub RuleAccess FailureDelete/Remove Object Failure
Login Failure EventSub RuleAuthentication FailureAuthentication Failure Activity
Logout Failure EventSub RuleAuthentication FailureAuthentication Failure Activity
Failure Activity EventSub RuleOther Audit FailureUnsuccessful Activity
General Audit EventSub RuleOther AuditGeneral Audit Message

Mapping with LogRhythm Schema

Device Key in Log MessageLogRhthm SchemaData TypeSchema Description
Date/timeN/AN/AThe date and time of the event.
Internal component ID<vmid>StringThe unique identifier of an internal component.
ReservedN/AN/AThe organization ID. Reserved for internal use.
User domain<domainorigin>StringThe login domain name of the user.
User name/ID<login>StringThe user name.
Session ID<session>StringThe user session ID associated with the message.
Task ID<processid>StringThe URI of the task resource associated with the message.
Client host/IP<sip>IP AddressThe client (browser) IP address identifies the client machine that initiated the request.
Result<result>
<tag1>		StringThe result of the action, which can be one of the following values:
  • SUCCESS
  • FAILURE
  • SOME_FAILURES
  • CANCELED
  • KILLED
Action<action>
<tag2>		StringA description of the action, which can be one of the following values:
  • ADD
  • MODIFY
  • DELETE
  • ACCESS
  • RUN
  • LIST
  • ENABLE
  • DISABLE
  • SAVE
  • SETUP
  • UNSETUP
  • DEPLOY
  • START
  • DONE
  • KILLED
  • CANCELED
  • LOGIN
  • LOGOUT
  • DOWNLOAD_START
Severity<severity>StringA description of the severity of the event, which can be one of the following values, listed in descending order of importance:
  • INFO
  • NOTICE
  • WARNING
  • ERROR
  • ALERT
  • CRITICAL
Resource categoryN/AN/AN/A
Resource URI/name<object>StringThe resource URI/name associated with the task.
Message<subject>StringThe output message that appears in the audit log.
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close