Skip to main content
Skip table of contents

V 2.0 Configuration Messages

Vendor Documentation

Classification

Rule Name

Rule Type

Common Event

Classification

V 2.0 Configuration Messages

Base Rule

Configuration Modified : System

Configuration

V 2.0 Configuration Apply Failure

Sub RuleFailed Configuration

Warning

V 2.0 Unauthorized Configuration Change AttemptSub RuleFailed ConfigurationOther Audit Failure
V 2.0 Configuration Item DeletedSub RuleConfiguration Deleted : SystemConfiguration

Mapping with LogRhythm Schema  

Device Key in Log MessageLogRhythm SchemaData TypeSchema Description
Type (type)<vmid>Text/StringSpecifies the type of log; value is CONFIG.
Threat/Content Type (subtype)<vendorinfo>NumberSubtype of the configuration log; unused.
Host (host)<sip>IP AddressHostname or IP address of the client machine
Command (cmd)<command>
<tag1>
Text/StringCommand performed by the Admin; values are add, clone, commit, delete, edit, move, rename, set.
Admin (admin)<login>Text/StringUsername of the Administrator performing the configuration
Client (client)<sessiontype>Text/StringClient used by the Administrator; values are Web and CLI
Result (result)<result>
<tag2>
Text/StringResult of the configuration action; values are Submitted, Succeeded, Failed, and Unauthorized
Configuration Path (path)<object>Text/StringThe path of the configuration command issued; up to 512 bytes in length
Device Name (device_name)<objectname>Text/StringThe hostname of the firewall on which the session was logged
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.