IPsecConfig Messages
Classification
Rule Name | Rule Type | Common Event | Classification |
|---|---|---|---|
| IPsecConfig Messages | Base Rule | General Information | Information |
| IPsec Passphrase Changed | Sub Rule | Password Modified | Account Modified |
| IPsec Connection Created | Sub Rule | Configuration Enabled : Network Access | Configuration |
| IPsec Connection Deleted | Sub Rule | Configuration Deleted : Network Access | Configuration |
| IPsec Connection Disabled | Sub Rule | Configuration Disabled : Network Access | Configuration |
| IPsec Connection Enabled | Sub Rule | Configuration Enabled : Network Access | Configuration |
| IPsec Connection Generated | Sub Rule | Configuration Enabled : Network Access | Configuration |
Mapping with LogRhythm Schema
| Device Key in Log Message | LogRhythm Schema | Data Type |
| N/A | <vmid> | Text\String |
| N/A | <sip> | IP Address |
| N/A | <login> | Text\String |
| N/A | <subject> | Text\String |
| N/A | <tag2> | Text\String |