Gatekeeper Syslog Messages

Gatekeeper Syslog Messages

Base Rule

General Warning

Warning

Timeout Expired Messages

Sub Rule

User Timed Out And Disconnected

Warning

User Added Messages

Sub Rule

Host Information Added

Information

Bad User ID Messages

Sub Rule

User Logon Failure : Bad Username

Authentication Failure

Created Policy Messages

Sub Rule

Policy Created : User/Password

Policy

Download Messages

Sub Rule

Object Downloaded

Access Success

GIT Server Updated Messages

Sub Rule

General Windows Server Update Services Information

Information

Log Records Messages

Sub Rule

General Information Log Message

Information

Login Successful Messages

Sub Rule

Info : LOGIN_INFORMATION

Information

Logout Messages

Sub Rule

Logout Request

Information

Port Scan Messages

Sub Rule

Port Scan

Reconnaissance

Administration Section Messages

Sub Rule

General Administration Event

Other Audit

Configuration Section Messages

Sub Rule

Configuration Information

Information

Unauthorized Access Messages

Sub Rule

Unauthorized Activity

Misuse

User Update Messages

Sub Rule

Updated User Data

Information

Updated Policy Messages

Sub Rule

Policy Modified : Object

Policy

Uploaded Object Messages

Sub Rule

File Uploaded

Information

Login Timeout Messages

Sub Rule

Info : LOGIN_TIMED_OUT

Information

severity

<severity>

Text/String

processid

<processid>

Number

Private IP

<sip>

IP Address

Nat/Proxy IP

<snatip>

IP Address

user

<login>

Text/String

Transaction

<action>

Text/String

Address

<dip>

IP Address

Device Name:

<sname>

Text/String

User Group

<group>

Text/String

Port

<sport>

Number

Access/Protocol

<protname>

Number

Details

<subject>

Text/String

N/A

<tag1>

Text/String

Services

<useragent>

Text/String

object

<object>

Text/String

kilobytes

<kilobytes>

Number

url

<url>

Text/String

dname

<dname>

Text/String

dc

<domainorigin>

Text/String

policy

<policy>

Text/String