IP Chains Firewall Log
Classification
Rule Name | Rule Type | Classification | Common Event |
---|---|---|---|
Base Rule | Network Traffic | General Firewall Log | |
Dropped Packet | Sub Rule | Network Deny | Traffic Denied by Host Firewall |
Permitted Packet | Sub Rule | Network Allow | Traffic Allowed by Host Firewall |
Mapping with LogRhythm Schema
Device Key in Log Message | LogRhythm Schema | Data Type |
---|---|---|
KERN | <Severity> | Number |
kernel | <vmid> | Number |
N/A | <command> | Text/string |
IN | N/A | N/A |
OUT | N/A | N/A |
SRC | <SIP> | Number |
DST | <DIP> | Number |
TOS | N/A | N/A |
PREC | N/A | N/A |
TTL | N/A | N/A |
ID | N/A | N/A |
PROTO | <Protname> | Text/string |
SPT | <Sport> | Number |
DPT | <dport> | Number |
WINDOW | N/A | N/A |
RES | N/A | N/A |