Syslog - Generic Linux OS: SSHD Messages

Vendor Documentation

N/A

Rule Name	Rule Type	Common Event	Classification
SSHD Messages	Base Rule	General Information	Information
SSHD Logon Successful	Sub Rule	User Logon	Authentication Success
SSHD Logoff	Sub Rule	User Logoff	Authentication Success
SSHD Logon Failure	Sub Rule	User Logon Failure : Bad Password	Authentication Failure
SSHD Logon Failure	Sub Rule	User Logon Failure	Authentication Failure
SSHD Session Closed	Sub Rule	Session Ended	Other Audit Success
SSHD Session Opened	Sub Rule	Session Started	Other Audit Success
SSHD Session Disconnected	Sub Rule	User Logoff	Authentication Success
SSHD Connection Closed	Sub Rule	Connection Closed	Network Traffic
SSHD Connection Reset	Sub Rule	Connection Reset	Network Traffic
SSHD Unauth User	Sub Rule	Unauthorized Host	Error
SSHD Invalid User	Sub Rule	User Logon Failure : Bad Username	Authentication Failure
SSHD Disconnected From Invalid User	Sub Rule	Invalid User Context	Warning
SSHD Emergency Message	Sub Rule	General Emergency Log Message	Critical
SSHD Alert Message	Sub Rule	General Alert	Critical
SSHD Critical Message	Sub Rule	General Critical	Critical
SSHD Error Message	Sub Rule	General Error	Error
SSHD Warning Message	Sub Rule	General Warning	Warning
SSHD Notice Message	Sub Rule	General Notice	Information
SSHD Information Message	Sub Rule	General Information	Information
SSHD Debug Message	Sub Rule	General Debug Message	Information

Device Key in Log Message	LogRhythm Schema	Data Type	Schema Description
N/A	<severity>	Text/String	N/A
N/A	<tag1>	Text/String	N/A
N/A	<dip>	IP Address	N/A
N/A	<dname>	Text/String	N/A
N/A	<process>	Text/String	N/A
N/A	<processid>	Number	N/A
N/A	<subject>	Text/String	N/A
N/A	<tag2>	Text/String	N/A
N/A	<domainorigin><login>	Text/String	N/A
N/A	<sip>	IP Address	N/A
N/A	<sport>	Number	N/A
N/A	<object>	Text/String	N/A
N/A	<tag3>	Text/String	N/A