Syslog - Alert Logic
Device Details
Vendor | Alert Logic |
|---|---|
Device Type | Linux-based Software |
Supported Model Name/Number | Unknown |
Supported Software Version(s) | Unknown |
Collection Method | Syslog |
Configurable Log Output? | Unknown |
Log Source Type | Syslog – AlertLogic |
Log Processing Policy | LogRhythm Default |
Exceptions | N/A |
Additional Information | No configuration data for this log source type is available |
Prerequisites
None
Device Configuration Checklist
Software defaults should be used in all cases.
Currently Supported Log Types
Type | Product Version | Supported Schema Fields |
|---|---|---|
Attack Messages | All | <risk>, <event>, <proxy>, <proxy_id>, <log_id>, <source>, <violation>, <path>, <method>, <node>, <action>, <time> |
Linux-format logs | All | <process>, <process_id> (Linux logs have variable format after these 2 fields) |
Parsed Metadata Fields
Product Field Name | LogRhythm Metadata Field | Value/Data Type |
|---|---|---|
<action> | <result> | String |
<event> | <vmid> | String |
<log_id> | <session> | Number |
<method> | <command> | String |
<node> | <object> | String |
<path> | <parentprocesspath> | String |
<proxy_id> | Not parsed | Number |
<proxy> | <url> | String |
<risk> | <severity> | String |
<source> | <sip> | IP Address |
<time> | Not parsed | Timestamp |
<violation> | <policy> | String |