Wireless Event Log Messages
Vendor Documentation
Classification
| Rule Name | Rule Type | Common Event | Classification |
|---|---|---|---|
| Wireless Event Log Messages | Base Rule | Wireless Activity | Information |
| EVID 43586 : Physical AP Information | Sub Rule | Wireless Physical AP Activity | Information |
Mapping with LogRhythm Schema
| Device Key in Log Message | LogRhythm Schema | Data Type | Schema Description |
| logid | <vmid> | Number | The ID (logid) is a 10-digit field. It is a unique identifier for that specific log. |
| logdesc | <vendorinfo> | Text\String | N/A |
| level | <severity> | Text\String | Each log entry contains a Level (level) field that indicates the estimated severity of the event that caused the log entry. |
| ip | <sip> | IP Address | N/A |
| ssid | <sname> | Text\String | N/A |
| bssid | <smac> | IP Address | N/A |
| user | <login> | Text\String | N/A |
| vd | <domainorigin> | Text\String | Name of the virtual domain in which the log message was recorded. |
| msg | <subject> | Text\String | N/A |
| action | <action> | Text\String | N/A |
| reason | <reason> | Text\String | N/A |