System/HA Statistical Messages

System/HA Statistical Messages

Base Rule

Log Statistics

Information

Admin Login Failure

Sub Rule

User Logon Failure

Authentication Failure

Admin Login Successful

Sub Rule

User Logon

Authentication Success

Email Send Status : Failed

Sub Rule

Email Message Routing Error

Error

Admin Logout Successful

Sub Rule

User Logoff

Authentication Success

Admin Add Object

Sub Rule

Object Added

Access Success

Admin Edit Object

Sub Rule

Object Modified

Access Success

Admin Delete Object

Sub Rule

Object Deleted/Removed

Access Success

Ban IP

Sub Rule

Quarantined Message Blocklist

Failed Activity

Warning Messages

Sub Rule

General Application Warning

Warning

Object Moved

Sub Rule

Object Moved

Access Success

Device Key in Log Message

LogRhythm Schema

Data Type

Schema Description

level

<severity>

Text/String

Each log entry contains a Level (level) field that indicates the estimated severity of the event that caused the log entry.

logid

<vmid>

Number

The ID (logid) is a 10-digit field. It is a unique identifier for that specific log.

srcip

<sip>

IP Address

IP address of the traffic’s origin

ui

<sname>

Text/String

N/A

dstip

<dip>

IP Address

Destination IP address for the web.

srcport

<sport>

Number

Port number of the traffic's origin

dstport

<dport>

Number

Port number of the traffic's destination.

interface

<sinterface>

Text/String

N/A

proto

<protnum>

Number

N/A

user

<login>

Text/String

N/A

service

<session>

Text/String/Number

N/A

subtype

<object>

Text/String

N/A

msg

<subject>

Text/String

N/A

banned_rule

<threatname>

Text/String

N/A

logdesc

<command>

Text/String

N/A

action

<action>

<tag1>

Text/String

N/A