Log Update 1

Vendor Documentation

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk122323

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk144192

Classification

Rule Name	Rule Type	Common Event	Classification
Log Update	Base Rule	Log Statistics	Information

Mapping with LogRhythm Schema

Device Key in Log Message	LogRhythm Schema	Data Type
N/A	<version>	Text/String
Origin	<sender>	Number/Text
Action	<action>	Number/Text
SIP	<sip>	Number
SPort	<sport>	Number
DIP	<dip>	Number
DPort	<dport>	Number
Protocol	<protnum>	Number
N/A	<protname>	Number/Text
IFName	<sinterface>	Number/Text
IFDirection	<tag2>	Number/Text
Reason	<reason>	Text/String
Info	<vendorinfo>	Number/Text
XlateDIP	<dnatip>	Number/Text
User	<login>	Number/Text
url	<url>	Number/Text
Action	<tag1>	Text/String