V 2.0 802.1X Event
Vendor Documentation
Classification
Rule Name | Rule Type | Classification | Common Event |
---|---|---|---|
V 2.0 802.1X Event | Base Rule | Information | IEEE 802.1X Info Msg |
V 2.0 802.1X Deauthentication | Sub Rule | Information | IEEE 802.1X Info Msg |
V 2.0 802.1X Eap Success | Sub Rule | Information | IEEE 802.1X Info Msg |
V 2.0 802.1X Authentication | Sub Rule | Information | IEEE 802.1X Info Msg |
V 2.0 802.1X Client Deauthentication | Sub Rule | Information | IEEE 802.1X Info Msg |
V 2.0 802.1X Failed Authentication Attempt | Sub Rule | Information | IEEE 802.1X Info Msg |
Mapping with LogRhythm Schema
Device Key in Log Message | LogRhythm Schema | Data Type | Schema Description |
---|---|---|---|
N/A | N/A | N/A | Flow start time |
N/A | N/A | N/A | Flow stop time |
N/A | <object> | Text/String | Device |
N/A | <vendorinfo> | Text/String | Event type |
type | <action> <tag1> | Text/String | N/A |
port | <dport> | Number | N/A |
identity | <account> | Text/String | N/A |
radio | N/A | N/A | N/A |
vap | N/A | N/A | N/A |
client_mac | <dmac> | Text/String/Number | N/A |
client_ip | <dip> | IP Address | N/A |
aid | N/A | N/A | N/A |
last_known_client_ip | N/A | N/A | N/A |