Syslog - BlueCedar

Device Details

Vendor	BlueCedar
Device Type	Network Security
Supported Model Name/Number	BlueCedar
Supported Software Version(s)	4.6
Collection Method	Syslog
Configurable Log Output?	No
Log Source Type	Syslog – BlueCedar
Log Processing Policy	LogRhythm Default
Exceptions	N/A
Additional Information	https://www.bluecedar.com/platform

Currently Supported Log Types

Type	Product Version	Supported Schema Fields
General Information	3.2	<severity>, <vmid>, <sport>
No Route SubCls:018	3.2	<severity>, <vmid>, <subject>, <dip>
Process Message	3.2	<severity>, <vmid>, <process>, <action>
Cookie Information	3.2	<severity>, <vmid>, <sip>, <sport>, <hash>, <object>, <size>
No Route SubCls:022	3.2	<severity>, <vmid>, <subject>, <dip>
Bytes Received	3.2	<severity>, <vmid>, <bytesin>, <sport>, <dip>
Interface Status	3.2	<severity>, <status>, <interface>
Failed Authentication	3.2	<severity>, <vmid>, <processed>, <action>, <reason>
ESP Deleted	3.2	<severity>, <vmid>, <action>, <object>, <sip>, <dip>
Delete Status	3.2	<severity>, <vmid>, <status>
Connection Information	3.2	<severity>, <vmid>, <rate>, <seconds>
Connection Status	3.2	<severity>, <vmid>, <protocol>, <status>, <quantity>
XAUTH Config Status	3.2	<severity>, <vmid>, <process>, <status>
XAUTH Perp Configuration Information	3.2	<severity>, <vmid>, <bytes>, <sip>, <dip>
Revocation Status	3.2	<severity>, <vmid>, <result>
R-U-THERE Message	3.2	<severity>, <vmid>, <subject>
Connection Information	3.2	<severity>, <vmid>, <sip>
Protocol Connection Information	3.2	<severity>, <vmid>, <protocol>
Bytes Sent	3.2	<severity>, <vmid>, <bytes>, <sip>
Username Update	3.2	<severity>, <vmid>, <subject>, <login>
Session Stop	3.2	<severity>, <vmid>, <login>, <sname>, <version>, <sip>, <process>, <packetsin>, <packetsout>, <bytesout>
Object Deleted	3.2	<severity>, <vmid>, <action>, <sip>, <dip>
Tunnel Interface Information	3.2	<severity>, <vmid>, <action>, <object>, <sinterface>, <action>,
Reconnect Token Status	3.2	<severity>, <vmid>, <action>, <login>
OnSignal Received Error	3.2	<severity>, <vmid>, <responsecode>, <object>
LDAP Attribute Retrieval Failure	3.2	<severity>, <vmid>, <subject>, <amount>, <login>
Remove From Dispatch	3.2	<severity>, <vmid>, <object>
PAM Authentication Message	3.2	<severity>, <vmid>, <login>, <subject>
Invalid Tunnel Credentials	3.2	<severity>, <vmid>, <login>, <action>
IKE Message Received	3.2	<severity>, <vmid>, <subject>, <object>
Failed To Find Auth Group State	3.2	<severity>, <vmid>, <subject>, <object>
Object Changed Ports	3.2	<severity>, <vmid>, <subject>, <responsecode>
IKE_SA Information	3.2	<severity>, <vmid>, <protocol>, <result>
UDP Send Status	3.2	<severity>, <vmid>, <subject>, <status>
IKE Status	3.2	<severity>, <vmid>, <responsecode>, <sip>, <sport>, <subject>
Critical Interface Information	3.2	<severity>, <vmid>, <sinterface>, <sip>, smac
SEQ Number	3.2	<severity>, <vmid>, <responsecode>
Socket Removal Failure	3.2	<severity>, <vmid>, <action>, <object>
IKE Dead Peer Information	3.2	<severity>, <vmid>, <action>, <parentprocessname>, <responsecode>
Unexpected Accounting Stop	3.2	<severity>, <vmid>, <subject>
Auth Information	3.2	<severity>, <vmid>, <subject>
Session Status	3.2	<severity>, <vmid>, <subject>
Trigger Message	3.2	<severity>, <vmid>, <subject>, <object>
OnPortsChanged Message	3.2	<severity>, <vmid>, <subject>, <status>
Session Start	3.2	<severity>, <vmid>, <action>, <login>, <sname>, <version>, <process>
IkeStartHdlrSaCleanup Message	3.2	<severity>, <vmid>, <subject>, <object>
Link Status	3.2	<severity>, <vmid>, <object>, <action>
Failed To Get Assigned IP	3.2	<severity>, <vmid>, <action>, <parentprocessname>, <responsecode>
Catch All	3.2	<severity>, <vmid>,

Parsed Metadata Fields

BlueCedar Field Name	LogRhythm Metadata Field	Value/Data Type
Severity	<severity>	Text/String
subcls	<vmid>	Numeric
N/A	<subject>	Text/String
N/A	<object>	Text/String
N/A	<action>	Text/String
N/A	<sip>	IP Address
N/A	<dip>	IP Address
N/A	<sport>	Numeric
N/A	<responsecode>	Numeric
N/A	<parentprocesspath>	Text/String
N/A	<status>	Text/String
N/A	<result>	Text/String
N/A	<quantity>	Numeric