Vendor Documentation
Classification
|
Rule Name |
Rule Type |
Classification |
Common Event |
|---|---|---|---|
|
Spam and Mail Log Messages |
Base Rule |
Ops/Information
|
Spam Messages
|
|
PID Not Found Messages |
Sub Rule |
Ops/Information |
Process Does Not Exist |
|
Case Ctl Running Messages |
Sub Rule |
Ops/Information |
Running Process |
|
Checking Directory Messages |
Sub Rule |
Ops/Information |
Directory Check |
|
Deprecation Warning Messages |
Sub Rule |
Ops/Information |
Deprecation Announcement |
|
High Latency Messages |
Sub Rule |
Ops/Information |
Latency Activity |
|
Launching with Arguments Messages |
Sub Rule |
Ops/Information |
General Information |
|
Processing Request Restarting Messages |
Sub Rule |
Ops/Information |
Request Received |
|
Root or Empty Directory Messages |
Sub Rule |
Ops/Information |
Directory Information |
|
Chmod Process Messages |
Sub Rule |
Ops/Information |
Process Executing |
|
Chmod Running Process Messages |
Sub Rule |
Ops/Information |
Process Executing |
|
SIGHUP to Cased Request Messages |
Sub Rule |
Ops/Information |
Sending Request |
|
SIGUP to Cased Request Messages |
Sub Rule |
Ops/Information |
Sending Request |
|
Cased Shut Down Messages |
Sub Rule |
Audit/Startup and Shutdown |
Process/Service Startup Or Shutdown Activity |
Mapping with LogRhythm Schema
|
Device Key in Log Message |
LogRhythm Schema |
Data Type |
Schema Description |
|
|
<severity> |
Text\String |
|
|
|
<processid> |
Text\String |
|
|
|
<result> <tag1> |
Text\String |
|
|
|
<object> |
Text\String |
|