Vendor Documentation
Classification
|
Rule Name |
Rule Type |
Common Event |
Classification |
|---|---|---|---|
|
V 2.0: Event: SDWAN |
Base Rule |
General Firewall Event |
Information |
|
V 2.0: WAN Status |
Sub Rule |
WAN Module Info Msg |
Information |
|
V 2.0: WAN Volume Status |
Sub Rule |
WAN Module Info Msg |
Information |
|
V 2.0: WAN SLA Info |
Sub Rule |
WAN Module Info Msg |
Information |
|
V 2.0: WAN Neighbor Status |
Sub Rule |
WAN Module Info Msg |
Information |
|
V 2.0: WAN Neighbor Standalone |
Sub Rule |
WAN Module Info Msg |
Information |
|
V 2.0: WAN Neighbor Primary |
Sub Rule |
WAN Module Info Msg |
Information |
|
V 2.0: WAN Neighbor Secondary |
Sub Rule |
General Warning |
Warning |
|
V 2.0: WAN Neighbor Status Warn |
Sub Rule |
General Warning |
Warning |
|
V 2.0: WAN Neighbor SLA Info Warn |
Sub Rule |
General Warning |
Warning |
Mapping with LogRhythm Schema
|
Device Key in Log Message |
LogRhythm Schema |
Data Type |
Schema Description |
|---|---|---|---|
|
date |
N/A |
N/A |
The date of the event. |
|
time |
N/A |
N/A |
The time of the event. |
|
logid |
<vmid> |
Number |
A unique identifier for the log event. |
|
type |
<vendorinfo> |
Text/String |
The type of log event. In this case, it is an event. |
|
subtype |
N/A |
N/A |
The subtype of the log event. In this case, it is an sdwan event. |
|
level |
<severity> |
Text/String |
The severity level of the log event. In this case, it is a notice. |
|
vd |
<sessiontype> |
Text/String |
The vdom in which the log event occurred. |
|
eventtime |
N/A |
N/A |
The time at which the log event occurred. |
|
tz |
N/A |
N/A |
The time zone of the log event. |
|
logdesc |
N/A |
N/A |
The description of the log event. |
|
eventtype |
<objecttype> |
Text/String |
The type of event. In this case, it is a health check event. |
|
healthcheck |
<object> |
Text/String |
The health check that was performed. |
|
slatargetid |
N/A |
N/A |
The SLA target ID. |
|
oldvalue |
N/A |
N/A |
The old value of the metric. |
|
newvalue |
N/A |
N/A |
The new value of the metric. |
|
msg |
<subject> |
Text/String |
The message associated with the log event. |
|
interface |
<dinterface> |
Text/String |
The interface that was monitored. |
|
status |
<status> |
Text/String |
The status of the interface. |
|
latency |
N/A |
N/A |
The latency of the interface. |
|
jitter |
N/A |
N/A |
The jitter of the interface. |
|
packetloss |
N/A |
N/A |
The packet loss of the interface. |
|
inbandwidth |
N/A |
N/A |
The inbound bandwidth of the interface. |
|
outbandwidth |
N/A |
N/A |
The outbound bandwidth of the interface. |
|
bibandwidth |
N/A |
N/A |
The bidirectional bandwidth of the interface. |
|
slamap |
N/A |
N/A |
The SLA map value. |
|
metric |
N/A |
N/A |
The metric that triggered the SLA failure. |