Pattern 5 : Hostd Messages
Vendor Documentation
https://www.vmware.com/in/products/esxi-and-esx.html https://www.vmware.com/topics/glossary/content/bare-metal-hypervisor |
Classification
Rule Name | Rule Type | Common Event | Classification |
|---|---|---|---|
| Pattern 5 : Hostd Messages | Base Rule | General Information | Information |
| Hostd : Reboot | Sub Rule | System Restarted | Startup and Shutdown |
| Hostd : Mount State Values Have Changed | Sub Rule | Object Modified | Access Success |
| Hostd : This Product Has Expired | Sub Rule | License Expired | Critical |
| Hostd : Result | Sub Rule | Results Returned | Information |
| Hostd : Established A Connection | Sub Rule | Connection Established | Network Traffic |
| Hostd : Suspended | Sub Rule | System Suspended | Error |
| Hostd : Client Closed Connection | Sub Rule | Client Connection Closed | Other Audit Success |
| Hostd : Deprecated Pam_Stack Module Called | Sub Rule | Deprecated Pam_Stack Module Called | Warning |
| Hostd : Disconnect Check In Progress | Sub Rule | Disconnect Check In Progress | Information |
| Hostd : Environmentbrowser | Sub Rule | General Environmentbrowser Information | Information |
| Hostd : Timedasyncread Failed: Operation Timed Out | Sub Rule | Failed Operation | Warning |
| Hostd : Failed To Validate Vm Ip Address | Sub Rule | Failed Operation | Warning |
| Hostd : Fail To Snd Rsp To The Client: Broken Pipe | Sub Rule | Failed Operation | Warning |
| Hostd : Failed To Power On | Sub Rule | Failed Operation | Warning |
| Hostd : Failed To Find Activation Record | Sub Rule | Failed Operation | Warning |
| Hostd : Failed To Do Power Op | Sub Rule | Failed Operation | Warning |
| Hostd : Failed Operation | Sub Rule | Failed Operation | Warning |
| Hostd : Invoke Done | Sub Rule | Invoke Done | Information |
| Hostd : Mount Vm Completion For Vm | Sub Rule | Mount Vm Complete | Information |
| Hostd : Mount Vm Complete | Sub Rule | Mount Vm Complete | Information |
| Hostd : Mounting Virtual Machine Paths On Conn | Sub Rule | Mounting Virtual Machine Paths On Connection | Information |
| Hostd : Received A Dup Transition From Foundry | Sub Rule | Received A Duplicate Transition From Foundry | Information |
| Hostd : Remote End Sent Pid | Sub Rule | Remote End Sent Pid | Information |
| Hostd : Resumed | Sub Rule | System Resumed | Other Audit Success |
| Hostd : Socket | Sub Rule | General Socket Information | Information |
| Hostd : Ssl Handshake On Client Connection Failed | Sub Rule | Ssl Handshake On Client Connection Failure | Warning |
| Hostd : To Poweron With Option Soft | Sub Rule | Poweron With Option Soft | Information |
| Hostd : Unmounting Vm Complete | Sub Rule | Unmounting Virtual Machine | Information |
| Hostd : Unmounting The Vm: | Sub Rule | Unmounting Virtual Machine | Information |
| Hostd : User Logged Event: Remote Console On | Sub Rule | Console Connection | Other Audit Success |
| Hostd : User Logged Event | Sub Rule | General User Logged Event | Information |
| Hostd : Vmdb_Setcurrentpath Failed | Sub Rule | Set Current Path Failed | Warning |
| Hostd : Vmkernel_Forkexec | Sub Rule | Command Executed | Access Success |
| Hostd : Vmhs: Exec | Sub Rule | Command Executed | Access Success |
| Hostd : Vmodl.Fault.Requestcanceled | Sub Rule | Command Canceled | Other Audit Success |
| Hostd : Vmx Status Has Been Set For Vm | Sub Rule | Status For Virtual Machine Set | Information |
| Hostd : Open Successful | Sub Rule | Object Accessed | Access Success |
| Hostd : Reloading Config State | Sub Rule | Configuration Loaded : System | Configuration |
Mapping with LogRhythm Schema
| Device Key in Log Message | LogRhythm Schema | Data Type |
|---|---|---|
| tag1 | <tag1> | Text/String |