Pattern 13 : CLI Syslog
Vendor Documentation
Classification
| Rule Name | Rule Type | Classification | Common Event |
|---|---|---|---|
| Pattern 13 : CLI Syslog | Base Rule | Ops/Information | General Information |
| CLI Conversation | Sub Rule | Ops/Information | CLI Conversation |
| CLI Login | Sub Rule | Audit/Authentication Success | User Logon |
| Logout | Sub Rule | Audit/Authentication Success | User Logoff |
| Executed Command | Sub Rule | Ops/Information | CLI Command Executed |
Mapping with LogRhythm Schema
| Device Key in Log Message | LogRhythm Schema | Data Type | Schema Description |
| <severity> | Text\String | ||
| <sip> | IP Address | ||
| <dip> | IP Address | ||
| <login> | Text\String | ||
| PID | <session> | Number | |
| <subject> | Text\String | ||
| <command> | Text\String | ||
| <tag1> | Text\String | ||
| <tag2> | Text\String | ||
| <tag3> | Text\String | ||
| <tag4> | Text\String |