Classification
|
Rule Name |
Rule Type |
Common Event |
Classification |
|
Session Is Being Torn Down |
Base Rule |
Connection Teardown |
Network Traffic |
|
Session Teardown : User Requested |
Sub Rule |
Connection Closed |
Network Traffic |
|
Session Teardown : Peer Reconnected |
Sub Rule |
Connection Teardown |
Network Traffic |
|
Session Teardown : Idle Timeout |
Sub Rule |
Connection Teardown |
Network Traffic |
|
Session Teardown : Max Time Exceeded |
Sub Rule |
Connection Teardown |
Network Traffic |
|
Session Teardown : Phase 2 Mismatch |
Sub Rule |
Connection Teardown |
Network Traffic |
|
Session Teardown : Administrator Reset |
Sub Rule |
Connection Teardown |
Network Traffic |
|
Session Teardown : Peer Address Changed |
Sub Rule |
Connection Teardown |
Network Traffic |
|
Session Teardown : Lost Service |
Sub Rule |
Connection Lost |
Network Traffic |
Mapping with LogRhythm Schema
|
Device Key in Log Message |
LogRhythm Schema |
Data Type |
|
N/A |
<vmid> |
Number |
|
Group |
<group> |
Number |
|
Username |
<login> |
Text/String |
|
IP |
<dip> |
Number |
|
Reason |
<reason> |
Text/String |
|
N/A |
<tag1> |
Text/String |