Breadcrumbs

HP OneView Audit Log Events

Vendor Documentation

Classification

Rule Name

Rule Type

Classification

Common Event

HP OneView Audit Log Events

Base Rule

Other Audit

General Audit Message

Object Added Successfully Event

Sub Rule

Access Success

Object Added

Object Modified Successfully Event

Sub Rule

Access Success

Object Modified

Object Deleted Successfully Event

Sub Rule

Access Success

Object Deleted/Removed

Successful Login Event

Sub Rule

Other Audit

Login Or Logout Event Executed

Successful Logout Event

Sub Rule

Other Audit

Login Or Logout Event Executed

Successful Activity Event

Sub Rule

Other Audit Success

Successful Activity

Object Addition Failure Event

Sub Rule

Access Failure

Add Object Failure

Object Modification Failure Event

Sub Rule

Access Failure

Modify Object Failure

Object Deletion Failure Event

Sub Rule

Access Failure

Delete/Remove Object Failure

Login Failure Event

Sub Rule

Authentication Failure

Authentication Failure Activity

Logout Failure Event

Sub Rule

Authentication Failure

Authentication Failure Activity

Failure Activity Event

Sub Rule

Other Audit Failure

Unsuccessful Activity

General Audit Event

Sub Rule

Other Audit

General Audit Message

Mapping with LogRhythm Schema

Device Key in Log Message

LogRhthm Schema

Data Type

Schema Description

Date/time

N/A

N/A

The date and time of the event.

Internal component ID

<vmid>

String

The unique identifier of an internal component.

Reserved

N/A

N/A

The organization ID. Reserved for internal use.

User domain

<domainorigin>

String

The login domain name of the user.

User name/ID

<login>

String

The user name.

Session ID

<session>

String

The user session ID associated with the message.

Task ID

<processid>

String

The URI of the task resource associated with the message.

Client host/IP

<sip>

IP Address

The client (browser) IP address identifies the client machine that initiated the request.

Result

<result>
<tag1>

String

The result of the action, which can be one of the following values:

  • SUCCESS

  • FAILURE

  • SOME_FAILURES

  • CANCELED

  • KILLED

Action

<action>
<tag2>

String

A description of the action, which can be one of the following values:

  • ADD

  • MODIFY

  • DELETE

  • ACCESS

  • RUN

  • LIST

  • ENABLE

  • DISABLE

  • SAVE

  • SETUP

  • UNSETUP

  • DEPLOY

  • START

  • DONE

  • KILLED

  • CANCELED

  • LOGIN

  • LOGOUT

  • DOWNLOAD_START

Severity

<severity>

String

A description of the severity of the event, which can be one of the following values, listed in descending order of importance:

  • INFO

  • NOTICE

  • WARNING

  • ERROR

  • ALERT

  • CRITICAL

Resource category

N/A

N/A

N/A

Resource URI/name

<object>

String

The resource URI/name associated with the task.

Message

<subject>

String

The output message that appears in the audit log.