Classification
|
Rule Name |
Rule Type |
Classification |
Common Event |
|---|---|---|---|
|
IP Chains Firewall Log |
Base Rule |
Network Traffic |
General Firewall Log |
|
Dropped Packet |
Sub Rule |
Network Deny |
Traffic Denied by Host Firewall |
|
Permitted Packet |
Sub Rule |
Network Allow |
Traffic Allowed by Host Firewall |
Mapping with LogRhythm Schema
|
Device Key in Log Message |
LogRhythm Schema |
Data Type |
|---|---|---|
|
KERN |
<Severity> |
Number |
|
kernel |
<vmid> |
Number |
|
N/A |
<command> |
Text/string |
|
IN |
N/A |
N/A |
|
OUT |
N/A |
N/A |
|
SRC |
<SIP> |
Number |
|
DST |
<DIP> |
Number |
|
TOS |
N/A |
N/A |
|
PREC |
N/A |
N/A |
|
TTL |
N/A |
N/A |
|
ID |
N/A |
N/A |
|
PROTO |
<Protname> |
Text/string |
|
SPT |
<Sport> |
Number |
|
DPT |
<dport> |
Number |
|
WINDOW |
N/A |
N/A |
|
RES |
N/A |
N/A |