Syslog - Linux Audit | LogRhythm Documentation

Device Name	Syslog - Linux Audit
Vendor	Linux
Device Type	N/A
Supported Model Name/Number	N/A
Supported Software Version(s)	N/A
Collection Method	Syslog
Configurable Log Output?	Yes
Log Source Type	Syslog - Linux Audit
Log Processing Policy	LogRhythm Default
Exceptions	N/A
Additional Information	N/A

Type	Product Version	Supported Schema Fields
Audit Events 1	N/A	<severity>, <vmid>, <process>, <amount>, <command>, <vendorinfo>, <object>, <objectname>
Audit Events 2	N/A	<vmid>, <subject>, <Account>, <process>, <object>, <tag2>, <tag3>, <group>, <sname>, <Sip>, <session>, <tag1>
Callback Suppressed	N/A	<severity>, <process>, <quantity>
Catch All : Level 1	N/A	<severity>, <tag1>
Configuration Change	N/A	<severity>, <vmid>, <account>, <session>, <command>, <objectname>, <subject>, <account>
Connection Failed	N/A	<severity>, <process>, <processid>, <dname>, <dport>
CROND Operations	N/A	<severity>, <dname>, <process>, <processid>, <tag1>, <subject>, <tag2>, <login>, <command>
CRONTAB Operations	N/A	<severity>, <dname>, <process>, <processid>, <object>
Finished Catalog Run	N/A	<seveirty>, <process>, <processid>, <object>, <seconds>
General PCI Information	N/A	<tag1>, <itemsin>, <process>, <account>, <group>, <session>, <object>, <tag2>
Group Entry Messages	N/A	<severity>, <dname>, <process>, <object>, <objectname>, <group>, <domain>, <tag1>
GSSAPI Messages	N/A	<severity>, <process>, <subject>, <object>
Kernel Audit Message	N/A	<severity>, <processid>, <session>, <command>, <dname>, <dip>, <sname>, <subject>, <quantity>
Last Message Repeated	N/A	<severity>, <dname>, <subject>, <quantity>, <url>, <protname>, <responsecode>
NTPD Event	N/A	<severity>, <dname>, <process>, <processid>, <dip>, <object>
Path Information	N/A	<severity>, <object>, <account>, <objectname>
Puppet Agent Command Executed Successfully	N/A	<severity>, <dname>, <process>, <processid>, <command>
Session Information	N/A	<severity>, <process>, <processid>, <account>
SNMPD Operations	N/A	<severity>, <dname>, <process>, <processid>, <tag1>, <command>, <tag2>, <protname>, <sip>, <sport>, <dip>, <subject>
System Call Activity	N/A	<severity>, <vmid>, <version>, <command>, <result>, <tag2>, <subject>, <parentprocessid>, <processid>, <login>, <account>, <group>, <session>, <process>, <object>, <objectname>
System Call Information	N/A	<severity>, <process>, <account>, <session>, <command>, <object>, <objectname>
Systemd : User Logs In	N/A	<severity>, <process>, <subject>, <action>, <object>

KB Version	Log Type	Change Type	Details
KB 7.1.588.0	Syslog	Device Support Update	Updated two rules:Kernel Audit MessageSession Information Added two new base rules: GSSAPI Messages Systemd : User Logs In

KB Version

Log Type

Change Type

Details

KB 7.1.588.0

Syslog

Device Support Update

Updated two rules:Kernel Audit MessageSession Information
Added two new base rules:
1. GSSAPI Messages
2. Systemd : User Logs In

Syslog - Linux Audit

Device Details

Supported Log Messages

Revision History