Breadcrumbs

HTTP Get Requests 1

Vendor Documentation

Log Fields and Parsing

This section details the log fields available in this log message type, along with values parsed for both LogRhythm Default and LogRhythm Default v2.0 policies. A value of "N/A" (not applicable) means that there is no value parsed for a specified log field.

Log Field

LogRhythm Default

LogRhythm Default v2.0

N/A

N/A

<bytesin>

N/A

N/A

<bytesout>

N/A

<command>

<command>

N/A

<dip>

<dip>

N/A

<dport>

<dport>

N/A

N/A

<dname>

N/A

<millisecond>

N/A

N/A

<milliseconds>

<milliseconds>

N/A

<object>

<object>

N/A

N/A

<login>

N/A

N/A

<process>

N/A

<objectname>

N/A

N/A

<responsecode>

<responsecode>

N/A

<sip>

<sip>

N/A

<tag1>

<tag1>

N/A

<tag2>

<tag2>

N/A

<url>

<url>

N/A

<useragent>

<useragent>

N/A

<vmid>

N/A

N/A

N/A

<version>

Log Processing Settings

This section details log processing changes made from the LogRhythm Default policy to LogRhythm Default v2.0. In some cases, base rules are broken down into sub-rules to appropriately parse log message types by their event types.

LogRhythm Default

Regex ID

Rule Name

Rule Type

Common Event

Classification

1010671

HTTP Get Requests

Base Rule

HTTP GET Method Event

Information

GET Request

Sub Rule

HTTP GET Method Event

Information

HTTP - 200 - Success - OK

Sub Rule

HTTP 200: Success Reply - OK

Information

HTTP - 301 - Redirect - Moved Permanently

Sub Rule

HTTP 301: Redirect - Moved Permanently

Information

HTTP -404 - Req Error - Not Found

Sub Rule

HTTP 404: Not Found

Error

LogRhythm Default v2.0

Regex ID

Rule Name

Rule Type

Common Event

Classification

1013065

V 2.0: IIS W3C Events

Base Rule

General IIS Activity

Information

V 2.0: HTTP POST 400: Bad Request

Sub Rule

HTTP 400: Bad Request

Error

V 2.0: HTTP POST 401: Unauthorized

Sub Rule

HTTP 401: Unauthorized

Error

V 2.0: HTTP POST 402: Request Err - Payment Req

Sub Rule

HTTP 402: Request Error - Payment Required

Error

V 2.0: HTTP POST 403: Forbidden

Sub Rule

HTTP 403: Forbidden

Error

V 2.0: HTTP POST 404: Not Found

Sub Rule

HTTP 404: Not Found

Error

V 2.0: HTTP POST 405: Method Not Allowed

Sub Rule

HTTP 405: Method Not Allowed

Error

V 2.0: HTTP POST 406: Not Acceptable

Sub Rule

HTTP 406: Not Acceptable

Error

V 2.0: HTTP POST 407: Proxy Authentication Req

Sub Rule

HTTP 407: Proxy Authentication Required

Error

V 2.0: HTTP POST 408: Request Timeout

Sub Rule

HTTP 408: Request Timeout

Error

V 2.0: HTTP POST 409: Conflict

Sub Rule

HTTP 409: Conflict

Error

V 2.0: HTTP POST 410: Gone

Sub Rule

HTTP 410: Gone

Error

V 2.0: HTTP POST 411: Length Required

Sub Rule

HTTP 411: Length Required

Error

V 2.0: HTTP POST 412: Precondition Failed

Sub Rule

HTTP 412: Precondition Failed

Error

V 2.0: HTTP POST 413: Request Entity Too Large

Sub Rule

HTTP 413: Request Entity Too Large

Error

V 2.0: HTTP POST 414: Request-URI Too Long

Sub Rule

HTTP 414: Request-URI Too Long

Error

V 2.0: HTTP POST 415: Unsupported Media Type

Sub Rule

HTTP 415: Unsupported Media Type

Error

V 2.0: HTTP POST 416: Requested Range Not Satisfy

Sub Rule

HTTP 416: Requested Range Not Satisfiable

Error

V 2.0: HTTP POST 417: Expectation Failed

Sub Rule

HTTP 417: Expectation Failed

Error

V 2.0: HTTP POST 440: Req Error - Login Timeout

Sub Rule

HTTP 440: Request Error - Login Timeout

Error

V 2.0: HTTP POST 500: Server Err - Int Server Err

Sub Rule

HTTP 500: Server Error - Internal Server Error

Error

V 2.0: HTTP POST 501: Server Err - Not Implement

Sub Rule

HTTP 501: Server Error - Not Implemented

Error

V 2.0: HTTP POST 502: Server Error - Bad Gateway

Sub Rule

HTTP 502: Server Error - Bad Gateway

Error

V 2.0: HTTP POST 503: Service Unavailable

Sub Rule

HTTP 503: Service Unavailable

Error

V 2.0: HTTP POST 504: Server Err -Gateway Timeout

Sub Rule

HTTP 504: Server Error - Gateway Time-Out

Error

V 2.0: HTTP POST 505: Server Err -HTTP Ver Unsupp

Sub Rule

HTTP 505: Server Error - HTTP Ver Unsupported

Error

V 2.0: HTTP POST 995: SSL Operation Aborted

Sub Rule

HTTP 995: Request Error - SSL Operation Aborted

Error

V 2.0: HTTP POST 100: Continue

Sub Rule

HTTP 100: Continue

Information

V 2.0: HTTP POST 101: Transition Status- Protocol

Sub Rule

HTTP 101: Transition Status - Protocol Switch

Information

V 2.0: HTTP POST 200: Success Reply - OK

Sub Rule

HTTP 200: Success Reply - OK

Information

V 2.0: HTTP POST 201: Success Reply - Created

Sub Rule

HTTP 201: Success Reply - Created

Information

V 2.0: HTTP POST 202: Success Reply - Accepted

Sub Rule

HTTP 202: Success Reply - Accepted

Information

V 2.0: HTTP POST 203: Success Reply - Non-auth

Sub Rule

HTTP 203: Success Reply - Nonauthoritative Info

Information

V 2.0: HTTP POST 204: Success Reply - No Content

Sub Rule

HTTP 204: Success Reply - No Content

Information

V 2.0: HTTP POST 205: Success Reply-Reset Content

Sub Rule

HTTP 205: Success Reply - Reset Content

Information

V 2.0: HTTP POST 206: Success Rep -Partial Content

Sub Rule

HTTP 206: Success Reply - Partial Content

Information

V 2.0: HTTP POST 207: Success - Multistatus Resp

Sub Rule

HTTP 207: Success - Multistatus Response

Information

V 2.0: HTTP POST 300: Redirect - Multiple Choice

Sub Rule

HTTP 300: Redirect - Multiple Choices

Information

V 2.0: HTTP POST 301: Redirect - Moved Permanent

Sub Rule

HTTP 301: Redirect - Moved Permanently

Information

V 2.0: HTTP POST 302: Redirect - Moved Temporary

Sub Rule

HTTP 302: Redirect - Moved Temporarily

Information

V 2.0: HTTP POST 303: Redirect - See Other

Sub Rule

HTTP 303: Redirect - See Other

Information

V 2.0: HTTP POST 304: Redirect - Not Modified

Sub Rule

HTTP 304: Redirect - Not Modified

Information

V 2.0: HTTP POST 305: Redirect - Use Proxy

Sub Rule

HTTP 305: Redirect - Use Proxy

Information

V 2.0: HTTP POST 306: Redirect - Unused

Sub Rule

HTTP 306: Redirect - Unused

Information

V 2.0: HTTP POST 307: Redirect -Temporary Redirect

Sub Rule

HTTP 307: Redirect - Temporary Redirect

Information

V 2.0: HTTP GET 100: Transitional - Continue

Sub Rule

HTTP 100: Continue

Information

V 2.0: HTTP GET 101: Transitional - Proto Switch

Sub Rule

HTTP 101: Transition Status - Protocol Switch

Information

V 2.0: HTTP GET 200: Success - OK

Sub Rule

HTTP 200: Success Reply - OK

Information

V 2.0: HTTP GET 201: Success - Created

Sub Rule

HTTP 201: Success Reply - Created

Information

V 2.0: HTTP GET 202: Success - Accepted

Sub Rule

HTTP 202: Success Reply - Accepted

Information

V 2.0: HTTP GET 203: Success - Nonauthoritative

Sub Rule

HTTP 203: Success Reply - Nonauthoritative Info

Information

V 2.0: HTTP GET 204: Success - No Content

Sub Rule

HTTP 204: Success Reply - No Content

Information

V 2.0: HTTP GET 205: Success - Reset Content

Sub Rule

HTTP 205: Success Reply - Reset Content

Information

V 2.0: HTTP GET 206: Success - Partial Content

Sub Rule

HTTP 206: Success Reply - Partial Content

Information

V 2.0: HTTP GET 207: Success - Mult Response

Sub Rule

HTTP 207: Success - Multistatus Response

Information

V 2.0: HTTP GET 300: Redirect - Multiple Choices

Sub Rule

HTTP 300: Redirect - Multiple Choices

Information

V 2.0: HTTP GET 301: Redirect - Moved Permanentl

Sub Rule

HTTP 301: Redirect - Moved Permanently

Information

V 2.0: HTTP GET 302: Redirect- Moved Temporarily

Sub Rule

HTTP 302: Redirect - Moved Temporarily

Information

V 2.0: HTTP GET 303: Redirect - See Other

Sub Rule

HTTP 303: Redirect - See Other

Information

V 2.0: HTTP GET 304: Redirect - Not Modified

Sub Rule

HTTP 304: Redirect - Not Modified

Information

V 2.0: HTTP GET 305: Redirect - Use Proxy

Sub Rule

HTTP 305: Redirect - Use Proxy

Information

V 2.0: HTTP GET 306: Redirect - Unused

Sub Rule

HTTP 306: Redirect - Unused

Information

V 2.0: HTTP GET 307: Redirect-Temporary Redirect

Sub Rule

HTTP 307: Redirect - Temporary Redirect

Information

V 2.0: HTTP GET 400: Req Error - Bad Request

Sub Rule

HTTP 400: Bad Request

Error

V 2.0: HTTP GET 401: Req Error - Unauthorized

Sub Rule

HTTP 401: Unauthorized

Error

V 2.0: HTTP GET 402: Req Error-Payment Required

Sub Rule

HTTP 402: Request Error - Payment Required

Error

V 2.0: HTTP GET 403: Req Error - Forbidden

Sub Rule

HTTP 403: Forbidden

Error

V 2.0: HTTP GET 404: Req Error - Not Found

Sub Rule

HTTP 404: Not Found

Error

V 2.0: HTTP GET 405: Req Error-Method Not Allowed

Sub Rule

HTTP 405: Request Error - Method Not Allowed

Error

V 2.0: HTTP GET 406: Req Error - Not Acceptable

Sub Rule

HTTP 406: Not Acceptable

Error

V 2.0: HTTP GET 407: Req Error-Proxy Auth Request

Sub Rule

HTTP 407: Request Error - Proxy Auth Required

Error

V 2.0: HTTP GET 408: Req Error -Request Time Out

Sub Rule

HTTP 408: Request Error - Request Time-Out

Error

V 2.0: HTTP GET 409: Req Error - Conflict

Sub Rule

HTTP 409: Request Error - Conflict

Error

V 2.0: HTTP GET 410: Req Error - Gone

Sub Rule

HTTP 410: Request Error - Gone

Error

V 2.0: HTTP GET 411: Req Error - Length Required

Sub Rule

HTTP 411: Request Error - Length Required

Error

V 2.0: HTTP GET 412: Req Error-Precondition Failed

Sub Rule

HTTP 412: Request Error - Precondition Failed

Error

V 2.0: HTTP GET 413: Req Error-Req Item Too Big

Sub Rule

HTTP 413: Request Error - Request Item Too Big

Error

V 2.0: HTTP GET 414: Req Error-Req URL Too Large

Sub Rule

HTTP 414: Request-URI Too Long

Error

V 2.0: HTTP GET 415: Req Error -Unsupported Type

Sub Rule

HTTP 415: Request Error - Unsupported Type

Error

V 2.0: HTTP GET 416: Req Error-Req Rng Unfillable

Sub Rule

HTTP 416: Request Error - Range Unfillable

Error

V 2.0: HTTP GET 417: Req Error -Expectation Failed

Sub Rule

HTTP 417: Request Error - Expectation Failed

Error

V 2.0: HTTP GET 440: Client Error -Login Timeout

Sub Rule

HTTP 440: Request Error - Login Timeout

Error

V 2.0: HTTP GET 500: Svr Err -Internal Server Err

Sub Rule

HTTP 500: Server Error - Internal Server Error

Error

V 2.0: HTTP GET 501: Svr Error - Not Implemented

Sub Rule

HTTP 501: Server Error - Not Implemented

Error

V 2.0: HTTP GET 502: Svr Error - Bad Gateway

Sub Rule

HTTP 502: Server Error - Bad Gateway

Error

V 2.0: HTTP GET 503: Svr Err-Service Unavailable

Sub Rule

HTTP 503: Server Error - Service Unavailable

Error

V 2.0: HTTP GET 504: Svr Error -Gateway Time Out

Sub Rule

HTTP 504: Server Error - Gateway Time-Out

Error

V 2.0: HTTP GET 505: Svr Error-HTTP Ver Unsupported

Sub Rule

HTTP 505: Server Error - HTTP Ver Unsupported

Error

V 2.0: GET Request

Sub Rule

HTTP GET Method Event

Information

V 2.0: POST Request

Sub Rule

HTTP POST Method Event

Information

V 2.0: RPC_OUT_DATA: 200 - OK

Sub Rule

HTTP 200: Success Reply - OK

Information

V 2.0: RPC_IN_DATA: 404 - Not Found

Sub Rule

HTTP 404: Not Found

Error

V 2.0: RPC_OUT_DATA: 404 - Not Found

Sub Rule

HTTP 404: Not Found

Error

V 2.0: RPC_IN_DATA: 200 - OK

Sub Rule

HTTP 200: Success Reply - OK

Information

V 2.0: PROPFIND Request

Sub Rule

Webdav Protocol PROPFIND Method

Activity

V 2.0: HEAD Request

Sub Rule

HTTP Head

Activity

V 2.0: HTTP 440: Client Error - Login Timeout

Sub Rule

HTTP 440: Request Error - Login Timeout

Error

V 2.0: HTTP 207: Success - Multistatus Response

Sub Rule

HTTP 207: Success - Multistatus Response

Information

V 2.0: HTTP 100: Transitional - Continue

Sub Rule

HTTP 100: Transition Status - Continue

Information

V 2.0: HTTP 101: Transitional - Protocol Switch

Sub Rule

HTTP 101: Transition Status - Protocol Switch

Information

V 2.0: HTTP 200: Success - OK

Sub Rule

HTTP 200: Success Reply - OK

Information

V 2.0: HTTP 201: Success - Created

Sub Rule

HTTP 201: Success Reply - Created

Information

V 2.0: HTTP 202: Success - Accepted

Sub Rule

HTTP 202: Success Reply - Accepted

Information

V 2.0: HTTP 203: Success - Nonauthoritative Info

Sub Rule

HTTP 203: Success Reply - Nonauthoritative Info

Information

V 2.0: HTTP 204: Success - No Content

Sub Rule

HTTP 204: Success Reply - No Content

Information

V 2.0: HTTP 205: Success - Reset Content

Sub Rule

HTTP 205: Success Reply - Reset Content

Information

V 2.0: HTTP 206: Success - Partial Content

Sub Rule

HTTP 206: Success Reply - Partial Content

Information

V 2.0: HTTP 300: Redirect - Multiple Choices

Sub Rule

HTTP 300: Redirect - Multiple Choices

Information

V 2.0: HTTP 301: Redirect - Moved Permanently

Sub Rule

HTTP 301: Redirect - Moved Permanently

Information

V 2.0: HTTP 302: Redirect - Moved Temporarily

Sub Rule

HTTP 302: Redirect - Moved Temporarily

Information

V 2.0: HTTP 303: Redirect - See Other

Sub Rule

HTTP 303: Redirect - See Other

Information

V 2.0: HTTP 304: Redirect - Not Modified

Sub Rule

HTTP 304: Redirect - Not Modified

Information

V 2.0: HTTP 305: Redirect - Use Proxy

Sub Rule

HTTP 305: Redirect - Use Proxy

Information

V 2.0: HTTP 306: Redirect - Unused

Sub Rule

HTTP 306: Redirect - Unused

Information

V 2.0: HTTP 307: Redirect - Temporary Redirect

Sub Rule

HTTP 307: Redirect - Temporary Redirect

Information

V 2.0: HTTP 400: Req Error - Bad Request

Sub Rule

HTTP 400: Request Error - Bad Request

Error

V 2.0: HTTP 401: Req Error - Unauthorized

Sub Rule

HTTP 401: Request Error - Unauthorized

Error

V 2.0: HTTP 402: Req Error - Payment Required

Sub Rule

HTTP 402: Request Error - Payment Required

Error

V 2.0: HTTP 403: Req Error - Forbidden

Sub Rule

HTTP 403: Request Error - Forbidden

Error

V 2.0: HTTP 404: Req Error - Not Found

Sub Rule

HTTP 404: Request Error - Not Found

Error

V 2.0: HTTP 405: Req Error - Method Not Allowed

Sub Rule

HTTP 405: Request Error - Method Not Allowed

Error

V 2.0: HTTP 406: Req Error - Not Acceptable

Sub Rule

HTTP 406: Request Error - Not Acceptable

Error

V 2.0: HTTP 407: Req Error -Proxy Auth Requested

Sub Rule

HTTP 407: Request Error - Proxy Auth Required

Error

V 2.0: HTTP 408: Req Error - Request Time Out

Sub Rule

HTTP 408: Request Error - Request Time-Out

Error

V 2.0: HTTP 409: Req Error - Conflict

Sub Rule

HTTP 409: Request Error - Conflict

Error

V 2.0: HTTP 410: Req Error - Gone

Sub Rule

HTTP 410: Request Error - Gone

Error

V 2.0: HTTP 411: Req Error - Length Required

Sub Rule

HTTP 411: Request Error - Length Required

Error

V 2.0: HTTP 412: Req Error - Precondition Failed

Sub Rule

HTTP 412: Request Error - Precondition Failed

Error

V 2.0: HTTP 413: Req Error - Req Item Too Big

Sub Rule

HTTP 413: Request Error - Request Item Too Big

Error

V 2.0: HTTP 414: Req Error - Req URL Too Large

Sub Rule

HTTP 414: Request Error - Request-URL Too Large

Error

V 2.0: HTTP 415: Req Error - Unsupported Type

Sub Rule

HTTP 415: Request Error - Unsupported Type

Error

V 2.0: HTTP 416: Req Error - Req Rng Unfillable

Sub Rule

HTTP 416: Request Error - Range Unfillable

Error

V 2.0: HTTP 417: Req Error - Expectation Failed

Sub Rule

HTTP 417: Request Error - Expectation Failed

Error

V 2.0: HTTP 500: Svr Error - Internal Server Err

Sub Rule

HTTP 500: Server Error - Internal Server Error

Error

V 2.0: HTTP 501: Svr Error - Not Implemented

Sub Rule

HTTP 501: Server Error - Not Implemented

Error

V 2.0: HTTP 502: Svr Error - Bad Gateway

Sub Rule

HTTP 502: Server Error - Bad Gateway

Error

V 2.0: HTTP 503: Svr Error - Service Unavailable

Sub Rule

HTTP 503: Server Error - Service Unavailable

Error

V 2.0: HTTP 504: Svr Error - Gateway Time Out

Sub Rule

HTTP 504: Server Error - Gateway Time-Out

Error

V 2.0: HTTP 505: Svr Error - HTTP Ver Unsupported

Sub Rule

HTTP 505: Server Error - HTTP Ver Unsupported

Error