Syslog - Generic Linux OS: Login Messages

Vendor Documentation

N/A

Rule Name	Rule Type	Classification	Common Event
Login Messages	Base Rule	Information	LOGIN_INFORMATION
Logon Failure	Sub Rule	Authentication Failure	User Logon Failured
Logon Session Started	Sub Rule	Other Audit Success	Session Started
Logon Successful	Sub Rule	Authentication Success	User Logon

Device Key in Log Message	LogRhythm Schema	Data Type	Schema Description
N/A	<severity>	Text/String	N/A
N/A	<tag1>	Text/String	N/A
N/A	<dname>	Text/String	N/A
N/A	<process>	Text/String	N/A
N/A	<dip>	IP Address	N/A
N/A	<processid>	Number	N/A
N/A	<login>	Text/String	N/A