Skip to main content
Skip table of contents

Access Logs (Space Delimited)

Vendor Documentation

https://techdocs.broadcom.com/content/dam/broadcom/techdocs/symantec-security-software/web-and-network-security/proxysg/common/LogFieldsSubs.pdf

Classification

Rule NameRule TypeClassificationCommon Event
Access Logs (Space Delimited)Base RuleInformationGeneral Information
HTTP - 207 - Success - Multistatus ResponseSub RuleInformationHTTP 207 : Success - Multistatus Response
HTTP - 100 - Transitional - ContinueSub RuleInformationHTTP 100 : Transition Status - Continue
HTTP - 101 - Transitional - Protocol SwitchSub RuleInformationHTTP 101 : Transition Status - Protocol Switch
HTTP - 200 - Success - OKSub RuleInformationHTTP 200 : Success Reply - OK
HTTP - 201 - Success - CreatedSub RuleInformationHTTP 201 : Success Reply - Created
HTTP - 202 - Success - AcceptedSub RuleInformationHTTP 202 : Success Reply - Accepted
HTTP - 203 - Success - Nonauthoritative InfoSub RuleInformationHTTP 203 : Success Reply - Nonauthoritative Info
HTTP - 204 - Success - No ContentSub RuleInformationHTTP 204 : Success Reply - No Content
HTTP - 205 - Success - Reset ContentSub RuleInformationHTTP 205 : Success Reply - Reset Content
HTTP - 206 - Success - Partial ContentSub RuleInformationHTTP 206 : Success Reply - Partial Content
HTTP - 300 - Redirect - Multiple ChoicesSub RuleInformationHTTP 300 : Redirect - Multiple Choices
HTTP - 301 - Redirect - Moved PermanentlySub RuleInformationHTTP 301 : Redirect - Moved Permanently
HTTP - 302 - Redirect - Moved TemporarilySub RuleInformationHTTP 302 : Redirect - Moved Temporarily
HTTP - 303 - Redirect - See OtherSub RuleInformationHTTP 303 : Redirect - See Other
HTTP - 304 - Redirect - Not ModifiedSub RuleInformationHTTP 304 : Redirect - Not Modified
HTTP - 305 - Redirect - Use ProxySub RuleMisuseUnauthorized Proxy Activity
HTTP - 306 - Redirect - UnusedSub RuleInformationHTTP 306 : Redirect - Unused
HTTP - 307 - Redirect - Temporary RedirectSub RuleInformationHTTP 307 : Redirect - Temporary Redirect
HTTP - 400 - Req Error - Bad RequestSub RuleErrorHTTP 400 : Request Error - Bad Request
HTTP - 401 - Req Error - UnauthorizedSub RuleErrorHTTP 401 : Request Error - Unauthorized
HTTP - 401.1 - Req Error - Logon FailedSub RuleErrorHTTP 401 : Request Error - Unauthorized
HTTP - 401.2 - Req Error - Logon Fail (Svr Config)Sub RuleErrorHTTP 401 : Request Error - Unauthorized
HTTP - 401.3 - Req Error - Unauth (ACL)Sub RuleErrorHTTP 401 : Request Error - Unauthorized
HTTP - 401.4 - Req Error - Auth Failed (Filter)Sub RuleErrorHTTP 401 : Request Error - Unauthorized
HTTP - 401.5 - Req Error - Auth Failed (ISAPI/CGI)Sub RuleErrorHTTP 401 : Request Error - Unauthorized
HTTP - 401.7 - Req Error - Access Deny (URL Auth)Sub RuleErrorHTTP 401 : Request Error - Unauthorized
HTTP - 402 - Req Error - Payment RequiredSub RuleErrorHTTP 402 : Request Error - Payment Required
HTTP - 403 - Req Error - ForbiddenSub RuleErrorHTTP 403 : Request Error - Forbidden
HTTP - 403.1 - Req Error - No Execute AccessSub RuleErrorHTTP 403 : Request Error - Forbidden
HTTP - 403.2 - Req Error - No Read AccessSub RuleErrorHTTP 403 : Request Error - Forbidden
HTTP - 403.3 - Req Error - No Write AccessSub RuleErrorHTTP 403 : Request Error - Forbidden
HTTP - 403.4 - Req Error - SSL RequiredSub RuleErrorHTTP 403 : Request Error - Forbidden
HTTP - 403.5 - Req Error - SSL 128 RequiredSub RuleErrorHTTP 403 : Request Error - Forbidden
HTTP - 403.6 - Req Error - IP RejectedSub RuleErrorHTTP 403 : Request Error - Forbidden
HTTP - 403.7 - Req Error - Client Cert RequiredSub RuleErrorHTTP 403 : Request Error - Forbidden
HTTP - 403.8 - Req Error - Site Access DeniedSub RuleErrorHTTP 403 : Request Error - Forbidden
HTTP - 403.9 - Req Error - Too Many UsersSub RuleErrorHTTP 403 : Request Error - Forbidden
HTTP - 403.10 - Req Error - Invalid ConfigSub RuleErrorHTTP 403 : Request Error - Forbidden
HTTP - 403.11 - Req Error - Password ChangeSub RuleErrorHTTP 403 : Request Error - Forbidden
HTTP - 403.12 - Req Error - Mapper Denied AccessSub RuleErrorHTTP 403 : Request Error - Forbidden
HTTP - 403.13 - Req Error - Client Cert RevokedSub RuleErrorHTTP 403 : Request Error - Forbidden
HTTP - 403.14 - Req Error - Dir List DeniedSub RuleErrorHTTP 403 : Request Error - Forbidden
HTTP - 403.15 - Req Error - CALs ExceededSub RuleErrorHTTP 403 : Request Error - Forbidden
HTTP - 403.16 - Req Error - Cert Untrusted/InvalidSub RuleErrorHTTP 403 : Request Error - Forbidden
HTTP - 403.17 - Req Error - Cert Expired/Not ValidSub RuleErrorHTTP 403 : Request Error - Forbidden
HTTP - 403.18 - Req Error - Cannot Exec URLSub RuleErrorHTTP 403 : Request Error - Forbidden
HTTP - 403.19 - Req Error - Cannot Exec CGISub RuleErrorHTTP 403 : Request Error - Forbidden
HTTP - 403.20 - Req Error - Passport Logon FailedSub RuleErrorHTTP 403 : Request Error - Forbidden
HTTP - 404 - Req Error - Not FoundSub RuleErrorHTTP 404 : Request Error - Not Found
HTTP - 404.1 - Req Error - Site Not At Req PortSub RuleErrorHTTP 404 : Request Error - Not Found
HTTP - 404.2 - Req Error - Denied By Svc PolicySub RuleErrorHTTP 404 : Request Error - Not Found
HTTP - 404.3 - Req Error - Denied By MIME PolicySub RuleErrorHTTP 404 : Request Error - Not Found
HTTP - 404.4 - Req Error - No HandlerSub RuleErrorHTTP 404 : Request Error - Not Found
HTTP - 404.5 - Req Error - Req URL Seq DeniedSub RuleErrorHTTP 404 : Request Error - Not Found
HTTP - 404.6 - Req Error - Req Verb DeniedSub RuleErrorHTTP 404 : Request Error - Not Found
HTTP - 404.7 - Req Error - Req File Ext DeniedSub RuleErrorHTTP 404 : Request Error - Not Found
HTTP - 404.8 - Req Error - Denied Hidden NamespaceSub RuleErrorHTTP 404 : Request Error - Not Found
HTTP - 404.9 - Req Error - Denied (Hidden File)Sub RuleErrorHTTP 404 : Request Error - Not Found
HTTP - 404.10 - Req Error - Req Header Too LongSub RuleErrorHTTP 404 : Request Error - Not Found
HTTP - 404.11 - Req Error - Req URL Doubled EscSub RuleErrorHTTP 404 : Request Error - Not Found
HTTP - 404.12 - Req Error - Req High Bit CharsSub RuleErrorHTTP 404 : Request Error - Not Found
HTTP - 404.13 - Req Error - Req Content Too LargeSub RuleErrorHTTP 404 : Request Error - Not Found
HTTP - 404.14 - Req Error - Req URL Too LongSub RuleErrorHTTP 404 : Request Error - Not Found
HTTP - 404.15 - Req Error - Req Query Too LongSub RuleErrorHTTP 404 : Request Error - Not Found
HTTP - 405 - Req Error - Method Not AllowedSub RuleErrorHTTP 405 : Request Error - Method Not Allowed
HTTP - 406 - Req Error - Not AcceptableSub RuleErrorHTTP 406 : Request Error - Not Acceptable
HTTP - 407 - Req Error - Proxy Auth ReqSub RuleErrorHTTP 407 : Request Error - Proxy Auth Required
HTTP - 408 - Req Error - Request Time-OutSub RuleErrorHTTP 408 : Request Error - Request Time-Out
HTTP - 409 - Req Error - ConflictSub RuleErrorHTTP 409 : Request Error - Conflict
HTTP - 410 - Req Error - GoneSub RuleErrorHTTP 410 : Request Error - Gone
HTTP - 411 - Req Error - Length RequiredSub RuleErrorHTTP 411 : Request Error - Length Required
HTTP - 412 - Req Error - Precondition FailedSub RuleErrorHTTP 412 : Request Error - Precondition Failed
HTTP - 413 - Req Error - Request Item Too BigSub RuleErrorHTTP 413 : Request Error - Request Item Too Big
HTTP - 414 - Req Error - Request-URL Too LargeSub RuleErrorHTTP 414 : Request Error - Request-URL Too Large
HTTP - 415 - Req Error - Unsupported TypeSub RuleErrorHTTP 415 : Request Error - Unsupported Type
HTTP - 416 - Req Error - Req Rng UnfillableSub RuleErrorHTTP 416 : Request Error - Range Unfillable
HTTP - 417 - Req Error - Expectation FailedSub RuleErrorHTTP 417 : Request Error - Expectation Failed
HTTP - 500 - Svr Error - Internal Server ErrorSub RuleErrorHTTP 500 : Server Error - Internal Server Error
HTTP - 500.12 - Svr Error - App Busy RestartingSub RuleErrorHTTP 500 : Server Error - Internal Server Error
HTTP - 500.13 - Svr Error - Web Server Too BusySub RuleErrorHTTP 500 : Server Error - Internal Server Error
HTTP - 500.15 - Svr Error - Global.asa DisallowedSub RuleErrorHTTP 500 : Server Error - Internal Server Error
HTTP - 500.16 - Svr Error - Bad UNC Auth CredSub RuleErrorHTTP 500 : Server Error - Internal Server Error
HTTP - 500.18 - Svr Error - URL Auth Store FailSub RuleErrorHTTP 500 : Server Error - Internal Server Error
HTTP - 500.100 - Svr Error - Internal ASP ErrorSub RuleErrorHTTP 500 : Server Error - Internal Server Error
HTTP - 501 - Svr Error - Not ImplementedSub RuleErrorHTTP 501 : Server Error - Not Implemented
HTTP - 502 - Svr Error - Bad GatewaySub RuleErrorHTTP 502 : Server Error - Bad Gateway
HTTP - 503 - Svr Error - Service UnavailableSub RuleErrorHTTP 503 : Server Error - Service Unavailable
HTTP - 504 - Svr Error - Gateway Time-OutSub RuleErrorHTTP 504 : Server Error - Gateway Time-Out
HTTP - 505 - Svr Error - HTTP Ver UnsupportedSub RuleErrorHTTP 505 : Server Error - HTTP Ver Unsupported

Mapping with LogRhythm Schema

Device Key in Log Message

LogRhythm Schema

Data Type

N/A<vmid>Text/String
N/A<severity>Text/String
N/A<sip>Ip Address
N/A<dip>Ip Address
N/A<dport>Number
N/A<login>Text/String/Number
N/A<domainorigin>Text/String/Number
N/A<object>Text/String/Number
N/A<objectname>Text/String/Number
N/A<objecttype>Text/String/Number
N/A<subject>Text/String/Number
N/A<useragent>Text/String/Number
N/A<url>Text/String/Number
N/A<group>Text/String/Number
N/A<command>Text/String/Number
N/A<action>Text/String/Number
N/A<responsecode>Number
N/A<bytesin>Number
N/A<bytesout>Number
N/A<duration>Number
N/A<tag2>Text/String/Number


JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close