V 2.0 General Remote Access Manager Messages 1
Log Fields and Parsing
This section details the log fields available in this log message type, along with values parsed for both LogRhythm Default and LogRhythm Default v2.0 policies. A value of "N/A" (not applicable) means that there is no value parsed for a specified log field.
Log Field | LogRhythm Default | LogRhythm Default v2.0 |
---|---|---|
Type (type) | N/A | <vmid> |
Content/Threat Type (subtype) | N/A | <vendorinfo> |
Event ID (eventid) | N/A | <action> |
Object (object) | N/A | <object> |
Severity (severity) | <severity> | <severity> |
Description (opaque) | <subject> <tag1> <version> <dname> <dip> <tag2> | <subject> |
Device Name (device_name) | N/A | <objectname> |
Log Processing Settings
This section details log processing changes made from the LogRhythm Default policy to LogRhythm Default v2.0. In some cases, base rules are broken down into sub-rules to appropriately parse log message types by their event types.
LogRhythm Default
Regex ID | Rule Name | Rule Type | Common Events | Classifications |
---|---|---|---|---|
1004489 | Catch All : System Messages | Base Rule | General System Information | Information |
All DNS Proxy Cache Entries Were Cleared | Sub Rule | Cache Information | Information | |
Antivirus Update Job Succeeded | Sub Rule | Process/Service Stopped | Startup and Shutdown | |
Auto Update Agent Found No New WildFire Updates | Sub Rule | General Automatic Updates Information | Information | |
EBL Refresh Aborted : No Changes To List | Sub Rule | No Change Detected In Signature File | Information | |
NTP Restart Synchronization Performed | Sub Rule | System Clock Synchronized | Information | |
User Information Refreshed | Sub Rule | Updated User Data | Information | |
WildFire Update Job Succeeded | Sub Rule | Process/Service Stopped | Startup and Shutdown | |
Communication Error : Fail WildFire Upgrade Check | Sub Rule | Communication Failure | Error | |
Antivirus Version Does Not Match | Sub Rule | General Antivirus Warning | Warning | |
Wildfire Auto Update Failed | Sub Rule | Software Update Failed | Error | |
Antivirus : Upload Deployment Job Failed | Sub Rule | File Upload Failed | Error | |
Antivirus : Upload Deployment Job Succeeded | Sub Rule | File Uploaded | Information | |
Content : Upload Deployment Job Failed | Sub Rule | File Upload Failed | Error | |
Content : Upload Deployment Job Succeeded | Sub Rule | File Uploaded | Information | |
License : Upload Deployment Job Failed | Sub Rule | File Upload Failed | Error | |
Antivirus Install Failed | Sub Rule | General Software Installation Error | Error | |
Antivirus Install Succeeded | Sub Rule | Software Installed | Configuration | |
License Install Failed | Sub Rule | License Warning | Warning | |
License Install Succeeded | Sub Rule | License Installed | Information | |
Succeeded Exporting Config Bundle Via SSH | Sub Rule | Configuration Exporting | Other Audit Success | |
Traffic And Logging Resumed | Sub Rule | General Traffic Other Alert | Critical | |
Abnormal System Memory Usage | Sub Rule | Memory Usage Exceeded The Threshold | Warning | |
Traffic And Logging Are Resumed | Sub Rule | General Traffic Other Alert | Critical | |
Route Removed | Sub Rule | Static Route Removed | Information | |
Route Recovered | Sub Rule | Route Created | Information |
LogRhythm Default v2.0
Regex ID | Rule Name | Rule Type | Common Events | Classifications |
---|---|---|---|---|
1010865 | V 2.0 General Remote Access Manager Messages | Base Rule | General Information |