Network Log Messages

Vendor Documentation

Rule Name	Rule Type	Common Event	Classification
Network Log Messages	Base Rule	Network Information Message	Information
Network Log FAILED	Sub Rule	Possible Network Failure	Error
Network Log SUCCESSFUL	Sub Rule	Network Traffic	Network Traffic

Device Key in Log Message	LogRhythm Schema	Data Type	Schema Description
N/A	N/A	N/A	Common Event Format identifier: Default or unspecified severity level (can be replaced with specific severity levels such as 1-10).
N/A	N/A	N/A	Vendor or organization name.
N/A	N/A	N/A	Product or service name generating the event.
N/A	<version>	Number	Version number.
N/A	<vmid>	Text/String	N/A
N/A	<vendorinfo>	Text/String	Description.
N/A	<severity>	Text/String	Severity level of the event.
id	<session>	Text/String	N/A
act	<action>	Text/String	N/A
cnt	N/A	N/A	N/A
start	N/A	N/A	N/A
src	<sip>	IP Address	N/A
shost	<sname>	Text/String	N/A
suser	<domainorigin> <login>	Text/String	N/A
dst	<dip>	IP Address	N/A
dpt	<dport>	Numbers	N/A
dhost	<dname>	Text/String	N/A
proto	<protname>	Text/String	N/A
cs1Label	N/A	N/A	N/A
cs1	<status> <tag1>	Text/String	N/A
cs2Label	N/A	N/A	N/A
cs2	N/A	N/A	N/A
cs3Label	N/A	N/A	N/A
cs3	<process>	Text/String	N/A
cs6Label	N/A	N/A	N/A
cs6	<result>	Text/String	N/A
cs7Label	N/A	N/A	N/A
cs7	<policy>	Text/String	N/A
cs9Label	N/A	N/A	N/A
cs9	<group>	Text/String	N/A
cs11Label	N/A	N/A	N/A
cs11	N/A	N/A	N/A
cs13Label	N/A	N/A	N/A
cs13	<parentprocesspath>	Text/String	N/A
cs14Label	N/A	N/A	N/A
cs14	<objectname>	Text/String	N/A
cs17Label	N/A	N/A	N/A
cs17	N/A	N/A	N/A
cs18Label	N/A	N/A	N/A
cs18	<hash>	Text/String	N/A
cs19Label	N/A	N/A	N/A
cs19	N/A	N/A	N/A
cs20Label	N/A	N/A	N/A
cs20	N/A	N/A	N/A
cs21Label	N/A	N/A	N/A
cs21	N/A	N/A	N/A