Device Details
|
Vendor |
Alert Logic |
|---|---|
|
Device Type |
Linux-based Software |
|
Supported Model Name/Number |
Unknown |
|
Supported Software Version(s) |
Unknown |
|
Collection Method |
Syslog |
|
Configurable Log Output? |
Unknown |
|
Log Source Type |
Syslog – AlertLogic |
|
Log Processing Policy |
LogRhythm Default |
|
Exceptions |
N/A |
|
Additional Information |
No configuration data for this log source type is available |
Prerequisites
None
Device Configuration Checklist
Software defaults should be used in all cases.
Currently Supported Log Types
|
Type |
Product Version |
Supported Schema Fields
|
|---|---|---|
|
Attack Messages |
All |
<risk>, <event>, <proxy>, <proxy_id>, <log_id>, <source>, <violation>, <path>, <method>, <node>, <action>, <time> |
|
Linux-format logs |
All |
<process>, <process_id> (Linux logs have variable format after these 2 fields) |
Parsed Metadata Fields
|
Product Field Name |
LogRhythm Metadata Field |
Value/Data Type |
|---|---|---|
|
<action> |
<result> |
String |
|
<event> |
<vmid> |
String |
|
<log_id> |
<session> |
Number |
|
<method> |
<command> |
String |
|
<node> |
<object> |
String |
|
<path> |
<parentprocesspath> |
String |
|
<proxy_id> |
Not parsed |
Number |
|
<proxy> |
<url> |
String |
|
<risk> |
<severity> |
String |
|
<source> |
<sip> |
IP Address |
|
<time> |
Not parsed |
Timestamp |
|
<violation> |
<policy> |
String |