Vendor Documentation
Classification
|
Rule Name |
Rule Type |
Classification |
Common Event |
|---|---|---|---|
|
Pattern 13 : CLI Syslog |
Base Rule |
Ops/Information |
General Information |
|
CLI Conversation |
Sub Rule |
Ops/Information |
CLI Conversation |
|
CLI Login |
Sub Rule |
Audit/Authentication Success
|
User Logon |
|
Logout |
Sub Rule |
Audit/Authentication Success
|
User Logoff |
|
Executed Command |
Sub Rule |
Ops/Information |
CLI Command Executed |
Mapping with LogRhythm Schema
|
Device Key in Log Message |
LogRhythm Schema |
Data Type |
Schema Description |
|
|
<severity> |
Text\String |
|
|
|
<sip> |
IP Address |
|
|
|
<dip> |
IP Address |
|
|
|
<login> |
Text\String |
|
|
PID |
<session> |
Number |
|
|
|
<subject> |
Text\String |
|
|
|
<command> |
Text\String |
|
|
|
<tag1> |
Text\String |
|
|
|
<tag2> |
Text\String |
|
|
|
<tag3> |
Text\String |
|
|
|
<tag4> |
Text\String |
|