Breadcrumbs

PAM User Authentication

Classification

Rule Name

Rule Type

Classification

Common Event

PAM User Authentication

Base Rule

Authentication Success

Authentication Activity

PAM User Login

Sub Rule

Authentication Success

User Logon

PAM User Login Failed

Sub Rule

Authentication Failure

User Logon Failure

PAM User Login Failed

Sub Rule

Authentication Failure

User Logon Failure

Mapping with LogRhythm Schema  

Device Key in Log Message

LogRhythm Schema

Data Type

N/A

<severity>

Text/String

sudo

<process>

Text/String

N/A

<processid>

Number

authentication

<tag1>

Text/String

for

<login>

Text/String

N/A

<account>

Text/String