Junos Syslog Routing Event
Vendor Documentation
Classification
Rule Name | Rule Type | Classification | Common Event |
|---|---|---|---|
Junos Syslog Routing Event | Base Rule | Network Traffic | General Network Traffic |
Command Line Access | Subrule | Information | Command Line Read |
Committing Configuration Change | Subrule | Warning | Configuration Change Confirmed |
Started Child Process | Subrule | Information | Process Startup Detected |
Change Junos configuration | Subrule | Warning | Configuration Change Confirmed |
User Logged | Subrule | Authentication Success | User Logon |
Status of Child Process | Subrule | Information | Process Status |
User Logged out | Subrule | Authentication Success | User Logoff |
Configuration File Loaded | Subrule | Information | Configuration Information |
Connection Task Failed | Subrule | Error | Conection Failure |
Authentication Event | Subrule | Other Audit | General Authentication Event |
NetConf Command Executed | Subrule | Access Success | Command Executed |
Configuration Committed | Subrule | Warning | Configuration Change Confirmed |
Configuration Set | Subrule | Information | Configuration Information |
Junoscript Command Executed | Subrule | Access Success | Command Executed |
SNMP Authentication Failure | Subrule | Authentication Failure | Authentication Failure Activity |
Configuration Created | Subrule | Other Audit Success | Configuration Success |
Configuration Change Committed | Subrule | Warning | Configuration Change Confirmed |
Login Account Locked. | Subrule | User Logon Failure | Account Locked out |
Configuration Change Committed Successfully | Subrule | Warning | Configuration Change Confirmed |
PAM User Locked | Subrule | User Logon Failure | Account Locked out |
CPU Usage Normal | Subrule | Information | CPU Usage is Normal |
CPU Usage Exceeded Threshold | Subrule | Warning | High CPU Usage |
Login Account Unlocked | Subrule | Access Revoked | Account Locked |
SRPD Monitoring Failed. | Subrule | Error | Performance Monitoring Error |
SRPD Monitoring Scheduler Failed | Subrule | Error | Performance Monitoring Error |
Waited Child Process termination. | Subrule | Information | Waiting For Response |
User Logged In Database | Subrule | Authentication Success | User Logon |
Unstable VPN Behavior | Subrule | Warning | Tunnel Failure Warning |
Mapping with LogRhythm Schema
Device Key in Log Message | LogRhythm Schema | Data Type | Schema Description |
|---|---|---|---|
N/A | <severity> | Number |
|
N/A | N/A | N/A | The time when the log was received on the log collector. |
N/A | <sname> | Text/String | The name of the device. |
N/A | N/A | Text/String | N/A |
N/A | N/A | Text/String | N/A |
N/A | <vendorinfo> | Text/String | The event name of the log |
N/A | N/A | N/A | N/A |
task-name | <action> | Text/String/Number | N/A |
remote-address | <dip> | IP Address | N/A |
error-message | N/A | N/A | N/A |
ESP CLIENT | <subject> | Text/String/Number | N/A |
local-address | N/A | N/A | N/A |
local-initiator | N/A | N/A | N/A |
remote-responder | N/A | N/A | N/A |
argument1 | N/A | N/A | N/A |
index1 | N/A | N/A | N/A |
index2 | N/A | N/A | N/A |
mode | N/A | N/A | N/A |
type | N/A | N/A | N/A |
traffic-selector-name | N/A | N/A | N/A |
Local gateway | N/A | N/A | N/A |
Remote gateway | N/A | N/A | N/A |
Local ID | N/A | N/A | N/A |
Remote ID | N/A | N/A | N/A |
Direction | N/A | N/A | N/A |
SPI | N/A | N/A | N/A |
AUX-SPI | N/A | N/A | N/A |
Mode | N/A | N/A | N/A |
Type | N/A | N/A | N/A |
Traffic-selector | N/A | N/A | N/A |
FC Name | N/A | N/A | N/A |