Firewall Messages - v6.3.X
Vendor Documentation
Classification
Rule Name | Rule Type | Common Event | Classification |
|---|---|---|---|
| Firewall Messages - v6.3.X | Base Rule | General Firewall Event | Information |
| Firewall Related Connection | Sub Rule | General Firewall Event | Information |
| Connection Allowed | Sub Rule | Traffic Allowed by Network Firewall | Network Allow |
| Connection Discarded | Sub Rule | Traffic Denied by Network Firewall | Network Deny |
| Connection Closed | Sub Rule | Connection Closed | Network Traffic |
| Connection Closed Abnormally | Sub Rule | Connection Closed | Network Traffic |
| Connection Progress | Sub Rule | Connection Starting | Network Traffic |
| Connection Interface Changed | Sub Rule | Network Interface Changed State | Information |
| TCP Segment SYN Has No Options | Sub Rule | TCP SYN Received | Network Traffic |
| TCP Checksum Mismatch | Sub Rule | General Checksum Information | Information |
| Logged HTTP URL | Sub Rule | URL Information | Information |
Mapping with LogRhythm Schema
| Device Key in Log Message | LogRhythm Schema | Data Type |
| severity | <severity> | Text/String/Number |
| Version | <version> | Number |
| vmid | <vmid> | Number |
| command | <command> | Text/String |
| requestURL | <url> | Text/String |
| in | <packetsin> | Number |
| out | <packetsout> | Number |
| app | <object> | Text/String/Number |
| deviceFacility | <objectname> | Text/String |
| msg | <subject> | Text/String |
| destinationTranslatedPort | <dport> | Number |
| sourceTranslatedPort | <sport> | Number |
| destinationTranslatedAddress | <dnatip> | IP Address |
| sourceTranslatedAddress | <snatip> | IP Address |
| act | <action> | Text/String |
| deviceinboundinterface | <sinterface> | Text/String/Number |
| proto | <protnum> | Number |
| dpt | <dport> | Number |
| spt | <sport> | Number |
| dst | <dip> | IP Address |
| src | <sip> | IP Address |
| dvchost | <dname> | Text/String/Number |