Pattern 2 : Sendmail Notification | LogRhythm Documentation

Classification

Rule Name	Rule Type	Classification	Common Event
Pattern 2 : Sendmail Notification	Base Rule	Information	General Sendmail Notice
Sendmail: Sender Notify: Delivery Delayed	Sub Rule	Warning	Sender Notify: Delivery Delayed
Sendmail: Sender Notify: User Unknown	Sub Rule	Warning	Sender Notify: User Unknown
Sendmail: Sender Notify: Local Configuration Error	Sub Rule	Error	Sender Notify: Local Configuration Error
Sendmail: Sender Notify: Internal Error	Sub Rule	Error	Sender Notify: Internal Error
Sendmail: Sender Notify: Host Unknown	Sub Rule	Warning	Sender Notify: Host Unknown
Sendmail: Sender Notify: Data Format Error	Sub Rule	Error	Sender Notify: Data Format Error
Sendmail: Sender Notify: Delivery Delayed	Sub Rule	Warning	Sender Notify: Delivery Delayed
Sendmail: Sender Notify: Service Unavailable	Sub Rule	Warning	Sender Notify: Service Unavailable
Sendmail: Return To Sender: Delivery Delayed	Sub Rule	Warning	return to sender: Delivery Delayed
Sendmail: Return To Sender: User Unknown	Sub Rule	Warning	Return To Sender: User Unknown
Sendmail: Return To Sender: Local Config Error	Sub Rule	Error	Return To Sender: Local Configuration Error
Sendmail: Return To Sender: Internal Error	Sub Rule	Error	Return To Sender: Internal Error
Sendmail: Return To Sender: Host Unknown	Sub Rule	Warning	Return To Sender: Host Unknown
Sendmail: Return To Sender: Data Format Error	Sub Rule	Error	Return To Sender: Data Format Error
Sendmail: Return To Sender: Delivery Delayed	Sub Rule	Warning	return to sender: Delivery Delayed
Sendmail: Return To Sender: Service Unavailable	Sub Rule	Warning	Return To Sender: Service Unavailable
Sendmail: Postmaster Notify: Delivery Delayed	Sub Rule	Warning	Postmaster Notify: Delivery Delayed
Sendmail: Postmaster Notify: User Unknown	Sub Rule	Warning	Postmaster Notify: User Unknown
Sendmail: Postmaster Notify: Local Config Error	Sub Rule	Error	Postmaster Notify: Local Configuration Error
Sendmail: Postmaster Notify: Internal Error	Sub Rule	Error	Postmaster Notify: Internal Error
Sendmail: Postmaster Notify: Host Unknown	Sub Rule	Warning	Postmaster Notify: Host Unknown
Sendmail: Postmaster Notify: Data Format Error	Sub Rule	Error	Postmaster Notify: Data Format Error
Sendmail: Postmaster Notify: Delivery Delayed	Sub Rule	Warning	Postmaster Notify: Delivery Delayed
Sendmail: Postmaster Notify: Service Unavailable	Sub Rule	Warning	Postmaster Notify: Service Unavailable
Sendmail: DSN: Delivery Delayed	Sub Rule	Warning	DSN: Delivery Delayed
Sendmail: DSN: User Unknown	Sub Rule	Warning	DSN: User unknown
Sendmail: DSN: Local Configuration Error	Sub Rule	Error	DSN: Local configuration error
Sendmail: DSN: Internal Error	Sub Rule	Error	DSN: Internal error
Sendmail: DSN: Host Unknown	Sub Rule	Warning	DSN: Host unknown
Sendmail: DSN: Data Format Error	Sub Rule	Error	DSN: Data Format Error
Sendmail: DSN: Delivery Delayed	Sub Rule	Warning	DSN: Delivery Delayed
Sendmail: DSN: Service Unavailable	Sub Rule	Warning	DSN: Service unavailable
Sendmail : DSN : Too Many Hops	Sub Rule	Warning	DSN : Too Many Hops
Sendmail: Cannot Create Transcript File	Sub Rule	Access Failure	Create Object Failure
Sendmail: Cannot Save Rejected Email	Sub Rule	Access Failure	Add Object Failure
Sendmail: Savemail Panic Event	Sub Rule	Warning	Sendmail Savemail Panic Event
Sendmail: Unqualified Host Name	Sub Rule	Warning	Unknown Hostname
Sendmail: Unable To Qualify Domain Name	Sub Rule	Warning	Unable To Qualify Domain Name
Sendmail: Unsafe Map File	Sub Rule	Warning	Unsafe Map File
Forward Error: Group Writable Directory	Sub Rule	Error	General Sendmail Error
Gethostbyaddr Failed	Sub Rule	Error	General Sendmail Error
Sendmail: Sender Notify: Delivery Delayed	Sub Rule	Warning	Sender Notify: Delivery Delayed
Sendmail: Premature EOM : Unexpected Close	Sub Rule	Information	End Of Message Recieved

Mapping with LogRhythm Schema

Device Key in Log Message	LogRhythm Schema	Data Type
<MAIL:INFO>	<process>	Text/String
Sendmail	N/A	Number
N/A	<object>	Text/String
N/A	<vmid>	Text/String
N/A	<tag3>	Text/String
Hours	<hours>	Number