Breadcrumbs

V 2.0 Configuration Messages 1

Log Fields and Parsing

This section details the log fields available in this log message type, along with values parsed for both LogRhythm Default and LogRhythm Default v2.0 policies. A value of "N/A" (not applicable) means that there is no value parsed for a specified log field.

Log Field

LogRhythm Default

LogRhythm Default v2.0

Type (type)

N/A

<vmid>

Threat/Content Type (subtype)

N/A

<vendorinfo>

Host (host)

<sip>

<sip>

Command (cmd)

<action>
<tag1>

<command>
<tag1>

Admin (admin)

<login>

<login>

Client (client)

N/A

<sessiontype>

Result (result)

<tag2>

<result>
<tag2>

Configuration Path (path)

<object>
<account>

<object>

Sequence Number (seqno)

<session>

N/A

Device Name (device_name)

<dname>

<objectname>

Log Processing Settings

This section details log processing changes made from the LogRhythm Default policy to LogRhythm Default v2.0. In some cases, base rules are broken down into sub-rules to appropriately parse log message types by their event types.

LogRhythm Default

Regex ID

Rule Name

Rule Type

Common Events

Classifications

1001983

Configuration Logs

Base Rule

Configuration Modified : System

Configuration

Configuration Commit : Submitted

Sub Rule

Configuration Enabled : System

Configuration

Configuration Edit : Succeeded

Sub Rule

Configuration Modified : System

Configuration

Configuration Delete : Succeeded

Sub Rule

Configuration Deleted : System

Configuration

Configuration Move : Succeeded

Sub Rule

Configuration Modified : System

Configuration

Configuration Rename : Succeeded

Sub Rule

Configuration Modified : System

Configuration

Configuration Set : Succeeded

Sub Rule

Configuration Enabled : System

Configuration

LogRhythm Default v2.0

Regex ID

Rule Name

Rule Type

Common Events

Classifications

1010894

V 2.0 Configuration Messages

Base Rule

Configuration Modified : System

Configuration

V 2.0 Configuration Apply Failure

Sub Rule

Failed Configuration

Warning

V 2.0 Unauthorized Configuration Change Attempt

Sub Rule

Failed Configuration

Other Audit Failure

V 2.0 Configuration Item Deleted

Sub Rule

Configuration Deleted : System

Configuration