SSH_CLIENT Events

https://www.arubanetworks.com/techdocs/AOS-CX/10.07/HTML/5200-8214/Content/fir-int.htm

https://www.arubanetworks.com/techdocs/AOS-CX/10.07/PDF/5200-8214.pdf

SSH_CLIENT Events

Base Rule

General Information Log Message

Information

Device Key in Log Message

LogRhythm Schema

Data Type

Schema Description

Event ID

<vmid>

Number

Event ID 9001, 9002, 9003

Severity

<severity>

Text/String

For All: Information
For 9002: Error

Message

<subject>
<dip>
<object>
<account>
<dport>

Text/String/Number/IP Address

Event ID 9001:
SSH client session is successful.

<subject>
<dip>
<object>
<dport>

Text/String/Number/IP Address

Event ID 9002:
SSH client session is denied

<subject>
<dip>
<object>
<account>
<dport>

Text/String/Number/IP Address

Event ID 9003:
SSH client session is successful.