Vendor Documentation
Classification
|
Rule Name |
Rule Type |
Common Event |
Classification |
|---|---|---|---|
|
VMware UAG : Audit Events |
Base Rule |
General Audit Message |
Other Audit |
|
VMware UAG : Admin Logon |
Sub Rule |
User Logon |
Authentication Success |
|
VMware UAG : Config Change |
Sub Rule |
Object Modified |
Access Success |
|
VMware UAG : Admin Logout |
Sub Rule |
User Logoff |
Authentication Success |
Mapping with LogRhythm Schema
|
Device Key in Log Message |
LogRhythm Schema |
Data Type |
|---|---|---|
|
log level |
<severity> |
Text/String |
|
log message |
<action> <tag1> |
Text/String |
|
SOURCE_IP_ADDR |
<sip> |
IP Address |
|
USERNAME |
<login> |
Text/String |
|
CHANGE |
<vendorinfo> |
Text/String |