Traffic Multicast Message
Vendor Documentation
Classification
| Rule Name | Rule Type | Common Event | Classification |
|---|---|---|---|
| Traffic Multicast Message | Base Rule | General IP Multicast Information | Information |
Mapping with LogRhythm Schema
| Device Key in Log Message | LogRhythm Schema | Data Type | Schema Description |
| N/A | <severity> | Text\String | Each log entry contains a Level (level) field that indicates the estimated severity of the event that caused the log entry. |
| srcip | <sip> | IP Address | IP address of the traffic’s origin. |
| devname | <sname> | Text\String | N/A |
| dstip | <dip> | IP Address | Destination IP address for the web. |
| srcport | <sport> | Number | Port number of the traffic's origin. |
| dstport | <dport> | Number | Port number of the traffic's destination. |
| srcintf | <sinterface> | Text\String | Interface name of the traffic's origin. |
| dstintf | <dinterface> | Text\String | Interface of the traffic's destination. |
| proto | <protnum> | Number | The protocol used by web traffic (tcp by default). |
| sessionid | <session> | Number | N/A |
| action | <action> | Text\String | N/A |
| rcvdbyte | <bytesin> | Number | N/A |
| sentbyte | <bytesout> | Number | N/A |
| rcvdpkt | <packetsin> | Number | N/A |
| sentpkt | <packetsout> | Number | N/A |
| duration | <duration> | Number | N/A |