Access Logs (Space Delimited) | LogRhythm Documentation

Vendor Documentation

https://techdocs.broadcom.com/content/dam/broadcom/techdocs/symantec-security-software/web-and-network-security/proxysg/common/LogFieldsSubs.pdf

Classification

Rule Name	Rule Type	Classification	Common Event
Access Logs (Space Delimited)	Base Rule	Information	General Information
HTTP - 207 - Success - Multistatus Response	Sub Rule	Information	HTTP 207 : Success - Multistatus Response
HTTP - 100 - Transitional - Continue	Sub Rule	Information	HTTP 100 : Transition Status - Continue
HTTP - 101 - Transitional - Protocol Switch	Sub Rule	Information	HTTP 101 : Transition Status - Protocol Switch
HTTP - 200 - Success - OK	Sub Rule	Information	HTTP 200 : Success Reply - OK
HTTP - 201 - Success - Created	Sub Rule	Information	HTTP 201 : Success Reply - Created
HTTP - 202 - Success - Accepted	Sub Rule	Information	HTTP 202 : Success Reply - Accepted
HTTP - 203 - Success - Nonauthoritative Info	Sub Rule	Information	HTTP 203 : Success Reply - Nonauthoritative Info
HTTP - 204 - Success - No Content	Sub Rule	Information	HTTP 204 : Success Reply - No Content
HTTP - 205 - Success - Reset Content	Sub Rule	Information	HTTP 205 : Success Reply - Reset Content
HTTP - 206 - Success - Partial Content	Sub Rule	Information	HTTP 206 : Success Reply - Partial Content
HTTP - 300 - Redirect - Multiple Choices	Sub Rule	Information	HTTP 300 : Redirect - Multiple Choices
HTTP - 301 - Redirect - Moved Permanently	Sub Rule	Information	HTTP 301 : Redirect - Moved Permanently
HTTP - 302 - Redirect - Moved Temporarily	Sub Rule	Information	HTTP 302 : Redirect - Moved Temporarily
HTTP - 303 - Redirect - See Other	Sub Rule	Information	HTTP 303 : Redirect - See Other
HTTP - 304 - Redirect - Not Modified	Sub Rule	Information	HTTP 304 : Redirect - Not Modified
HTTP - 305 - Redirect - Use Proxy	Sub Rule	Misuse	Unauthorized Proxy Activity
HTTP - 306 - Redirect - Unused	Sub Rule	Information	HTTP 306 : Redirect - Unused
HTTP - 307 - Redirect - Temporary Redirect	Sub Rule	Information	HTTP 307 : Redirect - Temporary Redirect
HTTP - 400 - Req Error - Bad Request	Sub Rule	Error	HTTP 400 : Request Error - Bad Request
HTTP - 401 - Req Error - Unauthorized	Sub Rule	Error	HTTP 401 : Request Error - Unauthorized
HTTP - 401.1 - Req Error - Logon Failed	Sub Rule	Error	HTTP 401 : Request Error - Unauthorized
HTTP - 401.2 - Req Error - Logon Fail (Svr Config)	Sub Rule	Error	HTTP 401 : Request Error - Unauthorized
HTTP - 401.3 - Req Error - Unauth (ACL)	Sub Rule	Error	HTTP 401 : Request Error - Unauthorized
HTTP - 401.4 - Req Error - Auth Failed (Filter)	Sub Rule	Error	HTTP 401 : Request Error - Unauthorized
HTTP - 401.5 - Req Error - Auth Failed (ISAPI/CGI)	Sub Rule	Error	HTTP 401 : Request Error - Unauthorized
HTTP - 401.7 - Req Error - Access Deny (URL Auth)	Sub Rule	Error	HTTP 401 : Request Error - Unauthorized
HTTP - 402 - Req Error - Payment Required	Sub Rule	Error	HTTP 402 : Request Error - Payment Required
HTTP - 403 - Req Error - Forbidden	Sub Rule	Error	HTTP 403 : Request Error - Forbidden
HTTP - 403.1 - Req Error - No Execute Access	Sub Rule	Error	HTTP 403 : Request Error - Forbidden
HTTP - 403.2 - Req Error - No Read Access	Sub Rule	Error	HTTP 403 : Request Error - Forbidden
HTTP - 403.3 - Req Error - No Write Access	Sub Rule	Error	HTTP 403 : Request Error - Forbidden
HTTP - 403.4 - Req Error - SSL Required	Sub Rule	Error	HTTP 403 : Request Error - Forbidden
HTTP - 403.5 - Req Error - SSL 128 Required	Sub Rule	Error	HTTP 403 : Request Error - Forbidden
HTTP - 403.6 - Req Error - IP Rejected	Sub Rule	Error	HTTP 403 : Request Error - Forbidden
HTTP - 403.7 - Req Error - Client Cert Required	Sub Rule	Error	HTTP 403 : Request Error - Forbidden
HTTP - 403.8 - Req Error - Site Access Denied	Sub Rule	Error	HTTP 403 : Request Error - Forbidden
HTTP - 403.9 - Req Error - Too Many Users	Sub Rule	Error	HTTP 403 : Request Error - Forbidden
HTTP - 403.10 - Req Error - Invalid Config	Sub Rule	Error	HTTP 403 : Request Error - Forbidden
HTTP - 403.11 - Req Error - Password Change	Sub Rule	Error	HTTP 403 : Request Error - Forbidden
HTTP - 403.12 - Req Error - Mapper Denied Access	Sub Rule	Error	HTTP 403 : Request Error - Forbidden
HTTP - 403.13 - Req Error - Client Cert Revoked	Sub Rule	Error	HTTP 403 : Request Error - Forbidden
HTTP - 403.14 - Req Error - Dir List Denied	Sub Rule	Error	HTTP 403 : Request Error - Forbidden
HTTP - 403.15 - Req Error - CALs Exceeded	Sub Rule	Error	HTTP 403 : Request Error - Forbidden
HTTP - 403.16 - Req Error - Cert Untrusted/Invalid	Sub Rule	Error	HTTP 403 : Request Error - Forbidden
HTTP - 403.17 - Req Error - Cert Expired/Not Valid	Sub Rule	Error	HTTP 403 : Request Error - Forbidden
HTTP - 403.18 - Req Error - Cannot Exec URL	Sub Rule	Error	HTTP 403 : Request Error - Forbidden
HTTP - 403.19 - Req Error - Cannot Exec CGI	Sub Rule	Error	HTTP 403 : Request Error - Forbidden
HTTP - 403.20 - Req Error - Passport Logon Failed	Sub Rule	Error	HTTP 403 : Request Error - Forbidden
HTTP - 404 - Req Error - Not Found	Sub Rule	Error	HTTP 404 : Request Error - Not Found
HTTP - 404.1 - Req Error - Site Not At Req Port	Sub Rule	Error	HTTP 404 : Request Error - Not Found
HTTP - 404.2 - Req Error - Denied By Svc Policy	Sub Rule	Error	HTTP 404 : Request Error - Not Found
HTTP - 404.3 - Req Error - Denied By MIME Policy	Sub Rule	Error	HTTP 404 : Request Error - Not Found
HTTP - 404.4 - Req Error - No Handler	Sub Rule	Error	HTTP 404 : Request Error - Not Found
HTTP - 404.5 - Req Error - Req URL Seq Denied	Sub Rule	Error	HTTP 404 : Request Error - Not Found
HTTP - 404.6 - Req Error - Req Verb Denied	Sub Rule	Error	HTTP 404 : Request Error - Not Found
HTTP - 404.7 - Req Error - Req File Ext Denied	Sub Rule	Error	HTTP 404 : Request Error - Not Found
HTTP - 404.8 - Req Error - Denied Hidden Namespace	Sub Rule	Error	HTTP 404 : Request Error - Not Found
HTTP - 404.9 - Req Error - Denied (Hidden File)	Sub Rule	Error	HTTP 404 : Request Error - Not Found
HTTP - 404.10 - Req Error - Req Header Too Long	Sub Rule	Error	HTTP 404 : Request Error - Not Found
HTTP - 404.11 - Req Error - Req URL Doubled Esc	Sub Rule	Error	HTTP 404 : Request Error - Not Found
HTTP - 404.12 - Req Error - Req High Bit Chars	Sub Rule	Error	HTTP 404 : Request Error - Not Found
HTTP - 404.13 - Req Error - Req Content Too Large	Sub Rule	Error	HTTP 404 : Request Error - Not Found
HTTP - 404.14 - Req Error - Req URL Too Long	Sub Rule	Error	HTTP 404 : Request Error - Not Found
HTTP - 404.15 - Req Error - Req Query Too Long	Sub Rule	Error	HTTP 404 : Request Error - Not Found
HTTP - 405 - Req Error - Method Not Allowed	Sub Rule	Error	HTTP 405 : Request Error - Method Not Allowed
HTTP - 406 - Req Error - Not Acceptable	Sub Rule	Error	HTTP 406 : Request Error - Not Acceptable
HTTP - 407 - Req Error - Proxy Auth Req	Sub Rule	Error	HTTP 407 : Request Error - Proxy Auth Required
HTTP - 408 - Req Error - Request Time-Out	Sub Rule	Error	HTTP 408 : Request Error - Request Time-Out
HTTP - 409 - Req Error - Conflict	Sub Rule	Error	HTTP 409 : Request Error - Conflict
HTTP - 410 - Req Error - Gone	Sub Rule	Error	HTTP 410 : Request Error - Gone
HTTP - 411 - Req Error - Length Required	Sub Rule	Error	HTTP 411 : Request Error - Length Required
HTTP - 412 - Req Error - Precondition Failed	Sub Rule	Error	HTTP 412 : Request Error - Precondition Failed
HTTP - 413 - Req Error - Request Item Too Big	Sub Rule	Error	HTTP 413 : Request Error - Request Item Too Big
HTTP - 414 - Req Error - Request-URL Too Large	Sub Rule	Error	HTTP 414 : Request Error - Request-URL Too Large
HTTP - 415 - Req Error - Unsupported Type	Sub Rule	Error	HTTP 415 : Request Error - Unsupported Type
HTTP - 416 - Req Error - Req Rng Unfillable	Sub Rule	Error	HTTP 416 : Request Error - Range Unfillable
HTTP - 417 - Req Error - Expectation Failed	Sub Rule	Error	HTTP 417 : Request Error - Expectation Failed
HTTP - 500 - Svr Error - Internal Server Error	Sub Rule	Error	HTTP 500 : Server Error - Internal Server Error
HTTP - 500.12 - Svr Error - App Busy Restarting	Sub Rule	Error	HTTP 500 : Server Error - Internal Server Error
HTTP - 500.13 - Svr Error - Web Server Too Busy	Sub Rule	Error	HTTP 500 : Server Error - Internal Server Error
HTTP - 500.15 - Svr Error - Global.asa Disallowed	Sub Rule	Error	HTTP 500 : Server Error - Internal Server Error
HTTP - 500.16 - Svr Error - Bad UNC Auth Cred	Sub Rule	Error	HTTP 500 : Server Error - Internal Server Error
HTTP - 500.18 - Svr Error - URL Auth Store Fail	Sub Rule	Error	HTTP 500 : Server Error - Internal Server Error
HTTP - 500.100 - Svr Error - Internal ASP Error	Sub Rule	Error	HTTP 500 : Server Error - Internal Server Error
HTTP - 501 - Svr Error - Not Implemented	Sub Rule	Error	HTTP 501 : Server Error - Not Implemented
HTTP - 502 - Svr Error - Bad Gateway	Sub Rule	Error	HTTP 502 : Server Error - Bad Gateway
HTTP - 503 - Svr Error - Service Unavailable	Sub Rule	Error	HTTP 503 : Server Error - Service Unavailable
HTTP - 504 - Svr Error - Gateway Time-Out	Sub Rule	Error	HTTP 504 : Server Error - Gateway Time-Out
HTTP - 505 - Svr Error - HTTP Ver Unsupported	Sub Rule	Error	HTTP 505 : Server Error - HTTP Ver Unsupported

Mapping with LogRhythm Schema

Device Key in Log Message	LogRhythm Schema	Data Type
N/A	<vmid>	Text/String
N/A	<severity>	Text/String
N/A	<sip>	Ip Address
N/A	<dip>	Ip Address
N/A	<dport>	Number
N/A	<login>	Text/String/Number
N/A	<domainorigin>	Text/String/Number
N/A	<object>	Text/String/Number
N/A	<objectname>	Text/String/Number
N/A	<objecttype>	Text/String/Number
N/A	<subject>	Text/String/Number
N/A	<useragent>	Text/String/Number
N/A	<url>	Text/String/Number
N/A	<group>	Text/String/Number
N/A	<command>	Text/String/Number
N/A	<action>	Text/String/Number
N/A	<responsecode>	Number
N/A	<bytesin>	Number
N/A	<bytesout>	Number
N/A	<duration>	Number
N/A	<tag2>	Text/String/Number