Skip to main content
Skip table of contents

v6.x Events - User

Vendor Documentation


Rule NameRule TypeCommon EventClassification
v6.x Events - UserBase RuleGeneral User Logged EventInformation
Authentication LogoutSub RuleUser LogoffAuthentication Success
FSSO Active Directory Server Authentication StatusSub RuleSignon Information ReceivedInformation
User Authentication FailedSub RuleAuthentication Failure ActivityAuthentication Failure
Webfilter Override SuccessfulSub RuleWeb Filtering Override CreatedInformation
Table Override FailureSub RuleFailed To Add New Entry To TableError
User AlertSub RuleGeneral User AlertCritical
User CriticalSub RuleUser CriticalCritical
User ErrorSub RuleUser Error MessageError
User NoticeSub RuleUser NoticeInformation
User InfoSub RuleUser InformationInformation

Mapping with LogRhythm Schema  

Device Key in Log MessageLogRhythm SchemaData TypeSchema Description
logid<vmid>NumberThe ID (logid) is a 10-digit field. It is a unique identifier for that specific log.
N/A<severity>Text\StringEach log entry contains a Level (level) field that indicates the estimated severity of the event that caused the log entry.
srcip<sip>IP AddressIP address of the traffic’s origin.
dstip<dip>IP AddressDestination IP address for the web.
user<login>Text\StringName of the user.
Name of the virtual domain in which the log message was recorded.
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.