Syslog - LogRhythm NetMon V 2.0 : General Diagnostics Event
Vendor Documentation
Classification
Rule Name | Rule Type | Common Event | Classification |
V 2.0: General Diagnostics Event | Base Rule | LogRhythm Diagnostics Event | Other Operations |
V 2.0: NOT SET Messages | Sub Rule | LogRhythm Diagnostics Event | Other Operations |
V 2.0: SERVICE START Messages | Sub Rule | Service Started | Information |
V 2.0: SERVICE TERMINATE Messages | Sub Rule | Process/Service Stopped | Startup and Shutdown |
V 2.0: ELASTIC SEARCH HEALTH Messages | Sub Rule | LogRhythm Diagnostics Event | Other Operations |
V 2.0: DRIVE 50 PERCENT Messages | Sub Rule | LogRhythm Diagnostics Event | Other Operations |
V 2.0: DRIVE 90 PERCENT Messages | Sub Rule | LogRhythm Diagnostics Event | Other Operations |
V 2.0: SEARCH Messages | Sub Rule | LogRhythm Diagnostics Event | Other Operations |
V 2.0: AUTHENTICATION SUCCESS Messages | Sub Rule | General Authentication Information | Information |
V 2.0: AUTHENTICATION FAILURE Messages | Sub Rule | General Authentication Information | Information |
V 2.0: LOGOUT Messages | Sub Rule | Logout Request | Information |
V 2.0: EXPIRED SESSION Messages | Sub Rule | Session Message | Information |
V 2.0: NM CONFIG CHANGE Messages | Sub Rule | Configuration Information | Information |
V 2.0: SECURITY CONFIG CHANGE Messages | Sub Rule | Configuration Information | Information |
V 2.0: PASSWORD CHANGE Messages | Sub Rule | Performing Password Change | Information |
V 2.0: USER CREATED Messages | Sub Rule | User Account Created | Account Created |
V 2.0: USER SETTING CHANGED Messages | Sub Rule | Object Modified | Access Success |
V 2.0: FILE RECONSTRUCTION Messages | Sub Rule | LogRhythm Diagnostics Event | Other Operations |
V 2.0: PCAP RECONSTRUCTION Messages | Sub Rule | LogRhythm Diagnostics Event | Other Operations |
V 2.0: USER DELETED Messages | Sub Rule | User Account Deleted | Account Deleted |
V 2.0: RESTART SERVICES Messages | Sub Rule | Process/Service Restarting | Startup and Shutdown |
V 2.0: SHUTDOWN Messages | Sub Rule | System Shutdown | Startup and Shutdown |
V 2.0: REBOOT Messages | Sub Rule | Process/Service Restarting | Startup and Shutdown |
V 2.0: LICENSE CHANGE Messages | Sub Rule | LogRhythm Diagnostics Event | Other Operations |
V 2.0: NM UPGRADE Messages | Sub Rule | LogRhythm Diagnostics Event | Other Operations |
V 2.0: DPA RULE ADDED Messages | Sub Rule | Object Added | Access Success |
V 2.0: DPA RULE ENABLED Messages | Sub Rule | Object Modified | Access Success |
V 2.0: DPA RULE DISABLED Messages | Sub Rule | Object Modified | Access Success |
V 2.0: DPA RULE MODIFIED Messages | Sub Rule | Object Modified | Access Success |
V 2.0: DPA RULE UPLOADED Messages | Sub Rule | Object Modified | Access Success |
V 2.0: DPA RULE DELETED Messages | Sub Rule | Object Deleted/Removed | Access Success |
V 2.0: NM UPGRADE FAILURE Messages | Sub Rule | Object Update Failed | Error |
V 2.0: NM UPGRADE SUCCES Messages | Sub Rule | Object Modified | Access Success |
V 2.0: FILE DOWNLOADED Messages | Sub Rule | LogRhythm Diagnostics Event | Other Operations |
V 2.0: FILE UPLOADED Messages | Sub Rule | LogRhythm Diagnostics Event | Other Operations |
V 2.0: DPA RULES RELOADED Messages | Sub Rule | LogRhythm Diagnostics Event | Other Operations |
Mapping with LogRhythm Schema
Device Key in Log Message | LogRhythm Schema | Data Type | Schema Description |
N/A | <severity> | Text/String | N/A |
N/A | N/A | N/A | N/A |
N/A | N/A | N/A | N/A |
N/A | N/A | N/A | N/A |
N/A | N/A | N/A | N/A |
N/A | N/A | N/A | N/A |
CODE | <vmid> | Number | N/A |
SEVERITY | <severity> | Text/String | N/A |
SERVICENAME | <objectname> | Text/String | N/A |
EVENT | <process> | Text/String | N/A |
USER | <login> | Text/String | N/A |
IP | <sip> | Ip Address | N/A |
MESSAGE | <subject> | Text/String | N/A |