Pattern Linux : Session Events
Classification
Rule Name | Rule Type | Classification | Common Event |
|---|---|---|---|
| Linux : Session Closed | Sub Rule | Other Audit Success | Session Closed For Host |
| Linux : Session Opened | Sub Rule | Other Audit Success | Session Opened For User |
| Pattern Linux : Session Events | Base Rule | Other Audit Success | General Audit |
Mapping with LogRhythm Schema
Device Key in Log Message | LogRhythm Schema | Data Type |
|---|---|---|
| Apr 4 10:28:00 | <dname> | Text/String |
| N/A | <process> | Text/String |
| N/A | <processid> | Number |
| Session | <tag1> | Text/String |
| For user | <login> | Text/String |
| By | <account> | Text/String |