Breadcrumbs

Network Log Messages

Vendor Documentation

Classification

Rule Name

Rule Type

Common Event

Classification

Network Log Messages

Base Rule

Network Information Message

Information

Network Log FAILED

Sub Rule

Possible Network Failure

Error

Network Log SUCCESSFUL

Sub Rule

Network Traffic

Network Traffic

Mapping with LogRhythm Schema

Device Key in Log Message

LogRhythm Schema

Data Type

Schema Description

N/A

N/A

N/A

Common Event Format identifier: Default or unspecified severity level (can be replaced with specific severity levels such as 1-10).

N/A

N/A

N/A

Vendor or organization name.

N/A

N/A

N/A

Product or service name generating the event.

N/A

<version>

Number

Version number.

N/A

<vmid>

Text/String

N/A

N/A

<vendorinfo>

Text/String

Description.

N/A

<severity>

Text/String

Severity level of the event.

id

<session>

Text/String

N/A

act

<action>

Text/String

N/A

cnt

N/A

N/A

N/A

start

N/A

N/A

N/A

src

<sip>

IP Address

N/A

shost

<sname>

Text/String

N/A

suser

<domainorigin>
<login>

Text/String

N/A

dst

<dip>

IP Address

N/A

dpt

<dport>

Numbers

N/A

dhost

<dname>

Text/String

N/A

proto

<protname>

Text/String

N/A

cs1Label

N/A

N/A

N/A

cs1

<status>
<tag1>

Text/String

N/A

cs2Label

N/A

N/A

N/A

cs2

N/A

N/A

N/A

cs3Label

N/A

N/A

N/A

cs3

<process>

Text/String

N/A

cs6Label

N/A

N/A

N/A

cs6

<result>

Text/String

N/A

cs7Label

N/A

N/A

N/A

cs7

<policy>

Text/String

N/A

cs9Label

N/A

N/A

N/A

cs9

<group>

Text/String

N/A

cs11Label

N/A

N/A

N/A

cs11

N/A

N/A

N/A

cs13Label

N/A

N/A

N/A

cs13

<parentprocesspath>

Text/String

N/A

cs14Label

N/A

N/A

N/A

cs14

<objectname>

Text/String

N/A

cs17Label

N/A

N/A

N/A

cs17

N/A

N/A

N/A

cs18Label

N/A

N/A

N/A

cs18

<hash>

Text/String

N/A

cs19Label

N/A

N/A

N/A

cs19

N/A

N/A

N/A

cs20Label

N/A

N/A

N/A

cs20

N/A

N/A

N/A

cs21Label

N/A

N/A

N/A

cs21

N/A

N/A

N/A