This document explains the changes required to apply new Message Processing Engine (MPE) rules developed during the Log Source Optimization (LSO) project for the Flat File - Microsoft IIS W3C File log source type.
Vendor Documentation
Prerequisites
-
Download and apply the Knowledge Base. For more information, see KB Synchronization Settings for LSO.
-
Enable the new MPE rules in the LogRhythm System Monitor.Select log source type Flat File - Microsoft IIS W3C File.Enable log processing policy LogRhythm Default v2.0.For details on how to enable LogRhythm Default v2.0, see Apply LogRhythm Default v2.0 on a Log Source.
Supported Log Messages
The following table lists the log message types supported in the current MPE rules. Each page contains detailed information on parsing changes and new log processing settings.
|
Log Message Type |
Event Type |
|---|---|
|
404 Error Messages |
HTTP 404 : Not Found |
|
Catch All : Level 1 |
General Information |
|
Catch All : Level 3 |
General Information |
|
Comment Line |
HTTP Information |
|
Email Attachment Enumeration Messages |
General Email Attachment Message |
|
Fan Status Information |
The Speed Of The Fan Has Changed |
|
General SMTP Messages |
SMTP Request |
|
HTTP GET Method (GET Position - 1) |
HTTP GET Method Event |
|
HTTP GET Method (GET Position - 2) |
HTTP GET Method Event |
|
HTTP GET Method (Get Position - 5) |
HTTP GET Method Event |
|
HTTP Get Requests |
HTTP GET Method Event |
|
HTTP POST Method (Post Position - 1) |
HTTP POST Method Event |
|
HTTP POST Method (Post Position - 2) |
HTTP POST Method Event |
|
HTTP POST Method (Post Position - 3) |
HTTP POST |
|
HTTP POST Method (Post Position - 4) |
HTTP POST Method Event |
|
HTTP POST Method (Post Position - 5) |
HTTP POST Method Event |
|
HTTP Post Request |
HTTP POST Method Event |
|
HTTP Requests |
Web Request |
|
HTTP Request Status Messages |
General HTTP Information |
|
Propfind Messages Request |
Webdav Protocol PROPFIND Method |
|
RPC Data Messages |
General Message Information |
|
SMPD RCPT/MAIL Commands |
SMTP RCPT Data |
|
SMTP DATA Messages |
SMTP Request |
|
SMTP EHLO Events |
SMTP EHLO Announcement |
|
SMTP QUIT MESSAGES |
SMTP QUIT Requested |
|
SMTPRELAY Messages |
General SMTP Information |
|
SMTP RSET/BDAT MESSAGES |
SMTP Request |
|
TCP Request Denied |
Invalid HTTP Request |
|
Timer_Connection Messages |
Timer Information |
|
User Logon |
User Logon |
|
VERSION And BASELINE Control Information |
General Version Information |
|
Web Server Access |
Object Accessed |
Log Processing Policy Updates
This section details log processing policy updates made to AIE Rules, system reports, system investigations, system report templates, and system tails as part of LSO.
Updates to AIE Rules
-
No changes
Updates to System Reports
-
No changes
Updates to System Investigations
-
No changes
Updates to System Report Templates
-
No changes
Updates to System Tails
-
No changes