Skip to main content
Skip table of contents

Syslog - Generic Linux OS: SSHD Messages

Vendor Documentation

N/A

Classification

Rule Name

Rule Type

Common Event

Classification

SSHD MessagesBase RuleGeneral InformationInformation
SSH Logon SuccessfulSub RuleUser LogonAuthentication Success
SSH LogoffSub RuleUser LogoffAuthentication Success
SSH Logon FailureSub RuleUser Logon Failure : Bad PasswordAuthentication Failure
SSH Logon FailureSub RuleUser Logon FailureAuthentication Failure
SSH Session ClosedSub RuleSession EndedOther Audit Success
SSH Session OpenedSub RuleSession StartedOther Audit Success
SSH Session DisconnectedSub RuleUser LogoffAuthentication Success
SSH LogoffSub RuleUser LogoffAuthentication Success
SSH Unauth UserSub RuleUnauthorized HostError
SSH Invalid UserSub RuleWarning
SSHD Emergency MessageSub RuleGeneral Emergency Log MessageCritical
SSHD Alert MessageSub RuleGeneral AlertCritical
SSHD Critical MessageSub RuleGeneral CriticalCritical
SSHD Error MessageSub RuleGeneral ErrorError
SSHD Warning MessageSub RuleGeneral WarningWarning
SSHD Notice MessageSub RuleGeneral NoticeInformation
SSHD Information MessageSub RuleGeneral InformationInformation
SSHD Debug MessageSub RuleGeneral Debug MessageInformation

Mapping with LogRhythm Schema

Device Key in Log Message

LogRhythm Schema

Data Type

Schema Description

N/A<severity>Text/StringN/A
N/A<tag1>Text/StringN/A
N/A<dip>IP AddressN/A
N/A<dname>Text/StringN/A
N/A<process>Text/StringN/A
N/A<processid>NumberN/A
N/A<subject>Text/StringN/A
N/A<tag2>Text/StringN/A
N/A<login>Text/StringN/A
N/A<sip>IP AddressN/A
N/A<sport>NumberN/A
N/A<object>Text/StringN/A
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close