Junos Syslog Event
Vendor Documentation
Classification
| Rule Name | Rule Type | Classification | Common Event |
|---|---|---|---|
| Junos Syslog Event | Base Rule | Information | General Security Information |
Mapping with LogRhythm Schema
Device Key in Log Message | LogRhythm Schema | Data Type | Schema Description |
|---|---|---|---|
| N/A | N/A | N/A | The time when the log was generated on the SRX Series device. |
| N/A | N/A | N/A | The time when the log was received on the log collector. |
| N/A | N/A | N/A | The name of the SRX Series device. |
| N/A | <vendorinfo> | Text/String | The event name of the log. |
| Source-Country | N/A | N/A | The source country name. |
| source-address | <sip> | IP Address | The source IP address from where the event occurred. |
| Destination-Country | N/A | N/A | Destination country name from where the event occurred. |
| destination-address | <dip> | IP Address | The destination IP address of the event. |
| source-port | <sport> | Number | The source port of the event. |
| destination-port | <dport> | Number | The destination port of the event. |
| Description | <subject> | Text/String | The description of the log. |
| Attack-name | <threatname> | Text/String | Attack name of the log: Trojan, worm, virus, etc. |
| Threat-Severity | <severity> | Text/String | The severity level of the threat. |
| Policy Name | <policy> | Text/String | The policy name in the log. |
| UTM-category or Virus-Name | N/A | N/A | The UTM category of the log. |
| URL | <url> | Text/String | Accessed URL name that triggered the event. |
| Event category | N/A | N/A | The event category of the log. |
| Username | <account> | Text/String | The username of the log. |
| Action | <action> | Text/String | Action taken for the event: warning, allow, and block. |
| Log-Source | N/A | N/A | The IP address of the log source. |
| Application | N/A | N/A | The application name from which the events or logs are generated |
| Hostname | <sname> | Text/String | The host name in the log. |
| Service-Name | N/A | N/A | The name of the application service. For example, FTP, HTTP, SSH, etc. |
| Nested-Application | N/A | N/A | The nested application in the log. |
| source-zone-name | N/A | N/A | The source zone of the log. |
| destination-zone-name | N/A | N/A | The destination zone of the log. |
| Protocol-ID | <protnum> | Number | The protocol ID in the log. |
| Roles | N/A | N/A | The role name associated with the log. |
| Reason | <reason> | Text/String | The reason for the log generation. For example, a connection tear down may have an associated reason such as authentication failed. |
| NAT-Source-Port | <snatport> | Number | The translated source port. |
| NAT-Destination-Port | <dnatport> | Number | The translated destination port. |
| NAT-Source-Rule-Name | N/A | N/A | The NAT source rule name. |
| NAT-Destination-Rule-Name | N/A | N/A | The NAT destination rule name. |
| NAT-Source-address | <snatip> | IP Address | The translated (or natted) source IP address. It can contain IPv4 or IPv6 addresses. |
| nat-destination-address | <dnatip> | IP Address | The translated (also called natted) destination IP address. |
| Traffic-Session-ID | <session> | Number | The traffic session ID of the log. |
| Path-Name | N/A | N/A | The path name of the log. |
| Logical-system-Name | N/A | N/A | The name of the logical system. |
| Rule-Name | N/A | N/A | The name of the rule. |
| Profile-Name | N/A | N/A | The name of the All events profile that triggered the event. |
| Client-Hostname | <dname> | Text/String | Hostname of the client. |
| Malware-Info | N/A | N/A | Information of the malware. |
| Logical-Subsystem-Name | N/A | N/A | The name of the logical system in JSA logs. |