Classes of audit events in the Rules group

The Rules group represents the LMS_AUDIT_RULE event class.

The keys listed in the following table are used in the bodies of CEF messages of the class.

Possible values of fields for classes of Rules group audit events

Key

Value

cn3Label

Its value is always RuleId.

cn3

ID of the rule in which the event occurred.

cs2Label

Its value is always RuleName.

cs2

Name of the rule in which the event occurred.

cs1Label

The value is always ChangedSettings.

cs1

List of modified rule settings, separated by semicolons (";").

If the record about modified rule settings is longer than the number of characters specified in the Audit Log settings, it is split into parts. Each part is represented by a separate record in the Audit Log.

Page top