V 2.0 Configuration Messages 1
Log Fields and Parsing
This section details the log fields available in this log message type, along with values parsed for both LogRhythm Default and LogRhythm Default v2.0 policies. A value of "N/A" (not applicable) means that there is no value parsed for a specified log field.
Log Field | LogRhythm Default | LogRhythm Default v2.0 |
|---|---|---|
| N/A | N/A | <vmid> |
| N/A | <sip> | <sip> |
| N/A | N/A | <command> |
| N/A | <tag1> | <tag1> |
| N/A | <login> | <login> |
| N/A | N/A | <sessiontype> |
| N/A | N/A | <result> |
| N/A | <tag2> | <tag2> |
| N/A | <object> | <object> |
| N/A | <dname> | N/A |
| N/A | <account> | N/A |
| N/A | <session> | N/A |
| N/A | <action> | N/A |
Log Processing Settings
This section details log processing changes made from the LogRhythm Default policy to LogRhythm Default v2.0. In some cases, base rules are broken down into sub-rules to appropriately parse log message types by their event types.
LogRhythm Default
| Regex ID | Rule Name | Rule Type | Common Events | Classifications |
|---|---|---|---|---|
| 1001983 | Configuration Logs | Base Rule | Configuration Modified : System | Configuration |
| Configuration Commit : Submitted | Sub Rule | Configuration Enabled : System | Configuration | |
| Configuration Edit : Succeeded | Sub Rule | Configuration Modified : System | Configuration | |
| Configuration Delete : Succeeded | Sub Rule | Configuration Deleted : System | Configuration | |
| Configuration Move : Succeeded | Sub Rule | Configuration Modified : System | Configuration | |
| Configuration Rename : Succeeded | Sub Rule | Configuration Modified : System | Configuration | |
| Configuration Set : Succeeded | Sub Rule | Configuration Enabled : System | Configuration |
LogRhythm Default v2.0
Regex ID | Rule Name | Rule Type | Common Events | Classifications |
|---|---|---|---|---|
| 1010894 | V 2.0 Configuration Messages | Base Rule | Configuration Modified : System | Configuration |
| V 2.0 Configuration Apply Failure | Sub Rule | Failed Configuration | Warning | |
| V 2.0 Unauthorized Configuration Change Attempt | Sub Rule | Failed Configuration | Warning | |
| V 2.0 Configuration Item Deleted | Sub Rule | Configuration Deleted : System | Configuration |