Vendor Documentation
Classification
|
Rule Name |
Rule Type |
Classification |
Common Event |
|---|---|---|---|
|
Junos Syslog Routing Event |
Base Rule |
Network Traffic |
General Network Traffic |
|
Command Line Access |
Subrule |
Information |
Command Line Read |
|
Committing Configuration Change |
Subrule |
Warning |
Configuration Change Confirmed |
|
Started Child Process |
Subrule |
Information |
Process Startup Detected |
|
Change Junos configuration |
Subrule |
Warning |
Configuration Change Confirmed |
|
User Logged |
Subrule |
Authentication Success |
User Logon |
|
Status of Child Process |
Subrule |
Information |
Process Status |
|
User Logged out |
Subrule |
Authentication Success |
User Logoff |
|
Configuration File Loaded |
Subrule |
Information |
Configuration Information |
|
Connection Task Failed |
Subrule |
Error |
Conection Failure |
|
Authentication Event |
Subrule |
Other Audit |
General Authentication Event |
|
NetConf Command Executed |
Subrule |
Access Success |
Command Executed |
|
Configuration Committed |
Subrule |
Warning |
Configuration Change Confirmed |
|
Configuration Set |
Subrule |
Information |
Configuration Information |
|
Junoscript Command Executed |
Subrule |
Access Success |
Command Executed |
|
SNMP Authentication Failure |
Subrule |
Authentication Failure |
Authentication Failure Activity |
|
Configuration Created |
Subrule |
Other Audit Success |
Configuration Success |
|
Configuration Change Committed |
Subrule |
Warning |
Configuration Change Confirmed |
|
Login Account Locked. |
Subrule |
User Logon Failure |
Account Locked out |
|
Configuration Change Committed Successfully |
Subrule |
Warning |
Configuration Change Confirmed |
|
PAM User Locked |
Subrule |
User Logon Failure |
Account Locked out |
|
CPU Usage Normal |
Subrule |
Information |
CPU Usage is Normal |
|
CPU Usage Exceeded Threshold |
Subrule |
Warning |
High CPU Usage |
|
Login Account Unlocked |
Subrule |
Access Revoked |
Account Locked |
|
SRPD Monitoring Failed. |
Subrule |
Error |
Performance Monitoring Error |
|
SRPD Monitoring Scheduler Failed |
Subrule |
Error |
Performance Monitoring Error |
|
Waited Child Process termination. |
Subrule |
Information |
Waiting For Response |
|
User Logged In Database |
Subrule |
Authentication Success |
User Logon |
|
Unstable VPN Behavior |
Subrule |
Warning |
Tunnel Failure Warning |
Mapping with LogRhythm Schema
|
Device Key in Log Message |
LogRhythm Schema |
Data Type |
Schema Description |
|---|---|---|---|
|
N/A |
<severity> |
Number |
|
|
N/A |
N/A |
N/A |
The time when the log was received on the log collector. |
|
N/A |
<sname> |
Text/String |
The name of the device. |
|
N/A |
N/A |
Text/String |
N/A |
|
N/A |
N/A |
Text/String |
N/A |
|
N/A |
<vendorinfo>
|
Text/String |
The event name of the log |
|
N/A |
N/A |
N/A |
N/A |
|
task-name |
<action> |
Text/String/Number |
N/A |
|
remote-address |
<dip> |
IP Address |
N/A |
|
error-message |
N/A |
N/A |
N/A |
|
ESP CLIENT |
<subject> |
Text/String/Number |
N/A |
|
local-address |
N/A |
N/A |
N/A |
|
local-initiator |
N/A |
N/A |
N/A |
|
remote-responder |
N/A |
N/A |
N/A |
|
argument1 |
N/A |
N/A |
N/A |
|
index1 |
N/A |
N/A |
N/A |
|
index2 |
N/A |
N/A |
N/A |
|
mode |
N/A |
N/A |
N/A |
|
type |
N/A |
N/A |
N/A |
|
traffic-selector-name |
N/A |
N/A |
N/A |
|
Local gateway |
N/A |
N/A |
N/A |
|
Remote gateway |
N/A |
N/A |
N/A |
|
Local ID |
N/A |
N/A |
N/A |
|
Remote ID |
N/A |
N/A |
N/A |
|
Direction |
N/A |
N/A |
N/A |
|
SPI |
N/A |
N/A |
N/A |
|
AUX-SPI |
N/A |
N/A |
N/A |
|
Mode |
N/A |
N/A |
N/A |
|
Type |
N/A |
N/A |
N/A |
|
Traffic-selector |
N/A |
N/A |
N/A |
|
FC Name |
N/A |
N/A |
N/A |