Syslog - Broadcomm ProxySG
Device Details
| Device Name | Broadcomm ProxySG |
|---|---|
Vendor | Broadcomm |
Device Type | Broadcomm |
Supported Model Name/Number | N/A |
Supported Software Version(s) | N/A |
Collection Method | Syslog |
Configurable Log Output? | Yes |
Log Source Type | Syslog - Broadcomm ProxySG |
Log Processing Policy | LogRhythm Default |
Exceptions | N/A |
Additional Information |
Supported Log Messages
(List of LR Tags used to parse the log information for each message type)
Type | Product Version | Supported Schema Fields |
|---|---|---|
| Access Log Custom | All | <severity>, <vmid>, <objectname>, <subject>, <sip>, <sport>, <object>, <quantity> |
| Access Logs (Key Value Pair) | All | <vmid>, <severity>, <sip>, <dip>, <dname>, <dport>, <protname>, <login>, <domainorigin>, <object>, <objectname>, <objecttype>, <subject>, <useragent>, <url>, <group>, <command>, <action>, <result>, <responsecode>, <bytesin>, <bytesout>, <duration>, <tag2> |
| Access Logs - No Sub Rules Do NOT use | All | <vmid>, <tag1>, <sip>, <dport>, <process>, <object>, <bytesin>, <bytesout>, <tag2> |
| All | <vmid>, <severity>, <sip>, <dip>, <dport>, <login>, <domainorigin>, <object>, <objectname>, <objecttype>, <subject>, <useragent>, <url>, <group>, command>, <action>, <responsecode>, <bytesin>, <bytesout>, <duration>, <tag2> | |
| Action Discarded | All | <vmid>, <policy>, <object>, <tag1> |
| Administrative Configuration Event | All | <vmid>, <sip>, <login>, <tag1>, <domain>, <object> |
| Administrator Configuration | All | <vmid>, <dip>, <domain>, <login>, <object>, <tag1> |
| Administrator Login | All | <severity>, <sessiontype>, <vmid>, <sip>, <domain>, <login>, <subject>, <object> |
| Administrator Logon | All | <severity>, <vmid>, <command>, <domain>, <login>, <dname>, <sip>, <session>, <object> |
| Authentication Failed | All | <vmid>, <severity>, <login>, <domainorigin>, <object>, <subject>, <reason>, <status>, <responsecode> |
| Catch All : Level 1 | All | <severity>, <tag1> |
| Catch All : Level 3 | All | <vmid>, <tag1> |
| Configuration Mode Change | All | <vmid>, <sip>, <login>, <object>, <tag1> |
| All | <vmid>, <severity> , <tag1>, <object>, <sip>, <sport> | |
| Connection Status | All | <vmid> ,<tag1>, <domain>, <dip>, <dport>, <tag2>, <object> |
| Console Password Authentication Fail | All | <severity>, <vmid>, <sip>, <login>, <object> |
| Content Observed/Denied | All | <vmid>, <sip>, <dport>, <dnatip>, <dinterface>, <protname>, <login>, <sessiontype>, <session>, <object>, <objectname>, <objecttype>, <subject>, <version>, <useragent>, <url>, <group>, <command>, <responsecode>, <status>, <bytesin>, <bytesout>, <tag1>, <tag2> |
| Did Not Receive Identification String | All | <severity>, <vmid>, <sip>, <object> |
| Disconnecting : Authentication Failures | All | <vmid>, <severity>, <login>, <object> |
| DNS Service Restored | All | <vmid>, <tag1>, <tag2>, <tag3>, <tag4> |
| Dynamic Categorization Error | All | <severity>, <vmid>, <subject>, <object>, <objectname> |
| Failed Authentication | All | <severity>, <vmid>, <sip>, <domain>, <login>, <group>, <dname>, <process> |
| Failed Event | All | <severity>, <vmid>, <tag1>, <login>, <sip>, <sport>, <protname>, <object> |
| FTP Access Log | All | <vmid>, <tag3>, <responsecode>, <domain>, <dname>, <dport>, <login>, <subject>, <tag1>, <command>, <tag2>, <dip> |
| General Connection Messages | All | <vmid>, <sip>, <dip>, <dport>, <sport>, <snatip>, <dnatip>, <protname>, <login>, <parentprocesspath>, <object>, <useragent>, <url>, <group>, <action>, <result>, <status>, <bytesin>, <bytesout> |
| Grace Period Timeout | All | <severity>, <vmid>, <tag1>, <object> |
| Header Information | All | <severity>, <objectname>, <version>, <object> |
| HTTP Requests | All | <vmid>, <severity>, <sip>, <sname>, <dip>, <dname>, <sport>, <protname>, <session>, <object>, <subject>, <objectname>, <useragent>, <url>, <tag1> |
| Last Message Repeated | All | <severity>, <dname>, <subject>, <quantity>, <url>, <protname>, <responsecode> |
| Network Connection Messages | All | <vmid>, <severity>, <sip>, <dip>, <dname>, <sport>, <protname>, <useragent>, <url>, <group>, <command>, <duration> |
| NTP Time Comparison | All | <vmid>, <severity>, <protname>, <dname>, <tag1>, <duration>, <object> |
| No Gateway Configured | All | <severity>, <vmid>, <protname>, <object> |
| Null Character Found In Request Line | All | <vmid>, <severity> , <sip>, <object> |
| Process Returned | All | <severity> , <vmid>, <process>, <objectname>, <object> |
| Proxy Realm Information | All | <severity>, <dname>, <sip>, <sinterface>, <object>, <vmid>, <objectname>, <dip>, <command>, <dinterface>, <dport> |
| Severe Error Information | All | <severity>, <vmid>, <object>, <subject> |
| Snapshot Fetched | All | <vmid>, <severity>, <objectname>, <object>, <subject> |
| State Changed | All | <vmid>, <tag1>, <tag2>, <sip>, <tag3> |
| TCP Error | All | <severity>, <sip>, <vmid>, <domain>, <account>, <command>, <url>, <processid>, <responsecode>, <process>, <object>, <useragent>, <dip> |
| Unavailable Web Traffic | All | <tag1>, <url>, <vmid>, <process>, <protname>, <sip>, <bytesout>, <bytesin> |
| Web Traffic | All | <severity>, <milliseconds>, <sip>, <login>, <account>, <domain>, <group>, <tag1>, <subject>, <url>, <responsecode>, <vmid>, <action>, <process>, <objecttype>, <protname>, <dip>, <dname>, <dport>, <object>, <useragent>, <bytesout>, <bytesin>, <tag2> |
| WebURL Access | All | <severity>, <sip>, <dip>, <snatip>, <protnum>, <protname>, <login>, <session>, <object>, <objectname>, <subject>, <useragent>, <url>, <command>, <responsecode>, <tag1> |
| Write Connection Closed | All | <severity>, <vmid>, <object> |
| Authentication Success | All | <severity>, <vmid>, <tag1>, <login>, <sip>, <sport>, <protname>, <object> |
Revision History
KB Version | Log Type | Change Type | Details |
|---|---|---|---|
| KB 7.1.638.0 | Syslog - Broadcom ProxySG | Policy: LogRhythm Default | Log processing policy for Syslog - Broadcom ProxySG |