Skip to main content
Skip table of contents

SSH Server Messages

Classification

Rule Name

Rule Type

Common Event

Classification

Server StoppingSub RuleSystem ShutdownStartup and Shutdown
Server File ClosedSub RuleObject ClosedAccess Success
Directory ClosedSub RuleObject ClosedAccess Success
Session Channel ClosedSub RuleObject ClosedAccess Success
File CreatedSub RuleObject CreatedAccess Success
File RenamedSub RuleObject RenamedAccess Success
SSH Server MessagesBase RuleConnection InformationInformation
Server StartingSub RuleProcess/Service StartingStartup and Shutdown
Connection EstablishedSub RuleConnection EstablishedNetwork Traffic
File Attributes SetSub RuleObject Attribute ModifiedAccess Success
Server File Information RetrievedSub RuleObject AccessedAccess Success
Server File Information RetrievedSub RuleObject AccessedAccess Success
Server File Information RetrievedSub RuleObject AccessedAccess Success
File Upload BeginSub RuleObject AccessedAccess Success
File Upload EndSub RuleObject AccessedAccess Success
Server DisconnectedSub RuleReceived DisconnectOther Operations
Server DisconnectedSub RuleReceived DisconnectOther Operations
Server Opened FileSub RuleObject ReadAccess Success
Directory OpenedSub RuleObject ReadAccess Success
File ReadSub RuleObject ReadAccess Success
Session Channel OpenSub RuleObject ReadAccess Success
Server ConnectedSub RuleServer Connection RestoredInformation
Failed To Resolve HostnameSub RuleFailed To Resolve HostError
LoginSub RuleUser LogonAuthentication Success
LoginSub RuleUser LogonAuthentication Success
LoginSub RuleUser LogonAuthentication Success
LoginSub RuleUser LogonAuthentication Success
LogoutSub RuleUser LogoffAuthentication Success
Login FailureSub RuleUser Logon FailureAuthentication Failure
File Download BeginSub RuleObject DownloadedAccess Success
File Download EndSub RuleObject DownloadedAccess Success
Server File Information Retrieval FailedSub RuleRead Object FailureAccess Failure
Connection DeniedSub RuleTraffic Denied by Host FirewallNetwork Deny

Mapping with LogRhythm Schema  

Device Key in Log MessageLogRhythm SchemaData Type
N/A<vmid>Text\String
N/A<login>Text\String
N/A<session>Text\String
N/A<sname>Text\String
N/A<dname>Text\String
N/A<object>Text\String
N/A<reason>Text\String
N/A<tag1>Text\String
N/A<tag2>Text\String
N/A<sip>Number
N/A<dip>Number
N/A<sport>Number
N/A<dport>Number
N/A<responsecode>Number
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close