Syslog - Generic Linux OS: Login Messages

Vendor Documentation

N/A

Rule Name	Rule Type	Common Event	Classification
Login Messages	Base Rule	LOGIN_INFORMATION	Information
Logon Failure	Sub Rule	User Logon Failured	Authentication Failure
Logon Session Started	Sub Rule	Session Started	Other Audit Success
Logon Successful	Sub Rule	User Logon	Authentication Success
Login Emergency Message	Sub Rule	General Emergency Log Message	Critical
Login Alert Message	Sub Rule	General Alert	Critical
Login Critical Message	Sub Rule	General Critical	Critical
Login Error Message	Sub Rule	General Error	Error
Login Warning Message	Sub Rule	General Warning	Warning
Login Notice Message	Sub Rule	General Notice	Information
Login Information Message	Sub Rule	General Information	Information
Login Debug Message	Sub Rule	General Debug Message	Information

Device Key in Log Message	LogRhythm Schema	Data Type	Schema Description
N/A	<severity>	Text/String	N/A
N/A	<tag1>	Text/String	N/A
N/A	<dip>	IP Address	N/A
N/A	<dname>	Text/String	N/A
N/A	<process>	Text/String	N/A
N/A	<processid>	Number	N/A
N/A	<subject>	Text/String	N/A
N/A	<tag2>	Text/String	N/A
N/A	<login>	Text/String	N/A