LastLog Messages
Classification
Rule Name | Rule Type | Classification | Common Event |
|---|---|---|---|
| LastLog Messages | Base Rule | Information | General Authentication Information |
| Terminal LastLog Message | Sub Rule | Other Audit | LastLog Terminal Session |
| LastLog Logoff | Sub Rule | Authentication Success | User Logoff |
| LastLog User Still Logged In | Sub Rule | Information | User Still Logged In |
| Terminal User Still Logged In | Sub Rule | Other Audit | LastLog Terminal Session |
Mapping with LoghRhythm Schema
| Device Key in Log Message | LogRhythm Schema | Data Type |
| N/A | <login> | Text\String |
| N/A | <sip> | IP Address |
| N/A | <object> | Text\String |
| N/A | <tag1> | Text\String |