Device Details
|
Device Name |
Broadcomm ProxySG |
|---|---|
|
Vendor |
Broadcomm |
|
Device Type |
Broadcomm |
|
Supported Model Name/Number |
N/A |
|
Supported Software Version(s) |
N/A |
|
Collection Method |
Syslog |
|
Configurable Log Output? |
Yes |
|
Log Source Type |
Syslog - Broadcomm ProxySG |
|
Log Processing Policy |
LogRhythm Default |
|
Exceptions |
N/A |
|
Additional Information |
Supported Log Messages
(List of LR Tags used to parse the log information for each message type)
|
Type |
Product Version |
Supported Schema Fields |
|---|---|---|
|
Access Log Custom |
All |
<severity>, <vmid>, <objectname>, <subject>, <sip>, <sport>, <object>, <quantity> |
|
Access Logs (Key Value Pair) |
All |
<vmid>, <severity>, <sip>, <dip>, <dname>, <dport>, <protname>, <login>, <domainorigin>, <object>, <objectname>, <objecttype>, <subject>, <useragent>, <url>, <group>, <command>, <action>, <result>, <responsecode>, <bytesin>, <bytesout>, <duration>, <tag2> |
|
Access Logs - No Sub Rules Do NOT use |
All |
<vmid>, <tag1>, <sip>, <dport>, <process>, <object>, <bytesin>, <bytesout>, <tag2> |
|
Access Logs (Space Delimited) |
All |
<vmid>, <severity>, <sip>, <dip>, <dport>, <login>, <domainorigin>, <object>, <objectname>, <objecttype>, <subject>, <useragent>, <url>, <group>, command>, <action>, <responsecode>, <bytesin>, <bytesout>, <duration>, <tag2> |
|
Action Discarded |
All |
<vmid>, <policy>, <object>, <tag1> |
|
Administrative Configuration Event |
All |
<vmid>, <sip>, <login>, <tag1>, <domain>, <object> |
|
Administrator Configuration |
All |
<vmid>, <dip>, <domain>, <login>, <object>, <tag1> |
|
Administrator Login |
All |
<severity>, <sessiontype>, <vmid>, <sip>, <domain>, <login>, <subject>, <object> |
|
Administrator Logon |
All |
<severity>, <vmid>, <command>, <domain>, <login>, <dname>, <sip>, <session>, <object> |
|
Authentication Failed |
All |
<vmid>, <severity>, <login>, <domainorigin>, <object>, <subject>, <reason>, <status>, <responsecode> |
|
Catch All : Level 1 |
All |
<severity>, <tag1> |
|
Catch All : Level 3 |
All |
<vmid>, <tag1> |
|
Configuration Mode Change |
All |
<vmid>, <sip>, <login>, <object>, <tag1> |
|
Connection Information
|
All |
<vmid>, <severity> , <tag1>, <object>, <sip>, <sport> |
|
Connection Status |
All |
<vmid> ,<tag1>, <domain>, <dip>, <dport>, <tag2>, <object> |
|
Console Password Authentication Fail |
All |
<severity>, <vmid>, <sip>, <login>, <object> |
|
Content Observed/Denied |
All |
<vmid>, <sip>, <dport>, <dnatip>, <dinterface>, <protname>, <login>, <sessiontype>, <session>, <object>, <objectname>, <objecttype>, <subject>, <version>, <useragent>, <url>, <group>, <command>, <responsecode>, <status>, <bytesin>, <bytesout>, <tag1>, <tag2> |
|
Did Not Receive Identification String |
All |
<severity>, <vmid>, <sip>, <object> |
|
Disconnecting : Authentication Failures |
All |
<vmid>, <severity>, <login>, <object> |
|
DNS Service Restored |
All |
<vmid>, <tag1>, <tag2>, <tag3>, <tag4> |
|
Dynamic Categorization Error |
All |
<severity>, <vmid>, <subject>, <object>, <objectname> |
|
Failed Authentication |
All |
<severity>, <vmid>, <sip>, <domain>, <login>, <group>, <dname>, <process> |
|
Failed Event |
All |
<severity>, <vmid>, <tag1>, <login>, <sip>, <sport>, <protname>, <object> |
|
FTP Access Log |
All |
<vmid>, <tag3>, <responsecode>, <domain>, <dname>, <dport>, <login>, <subject>, <tag1>, <command>, <tag2>, <dip> |
|
General Connection Messages |
All |
<vmid>, <sip>, <dip>, <dport>, <sport>, <snatip>, <dnatip>, <protname>, <login>, <parentprocesspath>, <object>, <useragent>, <url>, <group>, <action>, <result>, <status>, <bytesin>, <bytesout> |
|
Grace Period Timeout |
All |
<severity>, <vmid>, <tag1>, <object> |
|
Header Information |
All |
<severity>, <objectname>, <version>, <object> |
|
HTTP Requests |
All |
<vmid>, <severity>, <sip>, <sname>, <dip>, <dname>, <sport>, <protname>, <session>, <object>, <subject>, <objectname>, <useragent>, <url>, <tag1> |
|
Last Message Repeated |
All |
<severity>, <dname>, <subject>, <quantity>, <url>, <protname>, <responsecode> |
|
Network Connection Messages |
All |
<vmid>, <severity>, <sip>, <dip>, <dname>, <sport>, <protname>, <useragent>, <url>, <group>, <command>, <duration> |
|
NTP Time Comparison |
All |
<vmid>, <severity>, <protname>, <dname>, <tag1>, <duration>, <object> |
|
No Gateway Configured |
All |
<severity>, <vmid>, <protname>, <object> |
|
Null Character Found In Request Line |
All |
<vmid>, <severity> , <sip>, <object> |
|
Process Returned |
All |
<severity> , <vmid>, <process>, <objectname>, <object> |
|
Proxy Realm Information |
All |
<severity>, <dname>, <sip>, <sinterface>, <object>, <vmid>, <objectname>, <dip>, <command>, <dinterface>, <dport> |
|
Severe Error Information |
All |
<severity>, <vmid>, <object>, <subject> |
|
Snapshot Fetched |
All |
<vmid>, <severity>, <objectname>, <object>, <subject> |
|
State Changed |
All |
<vmid>, <tag1>, <tag2>, <sip>, <tag3> |
|
TCP Error |
All |
<severity>, <sip>, <vmid>, <domain>, <account>, <command>, <url>, <processid>, <responsecode>, <process>, <object>, <useragent>, <dip> |
|
Unavailable Web Traffic |
All |
<tag1>, <url>, <vmid>, <process>, <protname>, <sip>, <bytesout>, <bytesin> |
|
Web Traffic |
All |
<severity>, <milliseconds>, <sip>, <login>, <account>, <domain>, <group>, <tag1>, <subject>, <url>, <responsecode>, <vmid>, <action>, <process>, <objecttype>, <protname>, <dip>, <dname>, <dport>, <object>, <useragent>, <bytesout>, <bytesin>, <tag2> |
|
WebURL Access |
All |
<severity>, <sip>, <dip>, <snatip>, <protnum>, <protname>, <login>, <session>, <object>, <objectname>, <subject>, <useragent>, <url>, <command>, <responsecode>, <tag1> |
|
Write Connection Closed |
All |
<severity>, <vmid>, <object> |
|
Authentication Success |
All |
<severity>, <vmid>, <tag1>, <login>, <sip>, <sport>, <protname>, <object> |
Revision History
|
KB Version |
Log Type |
Change Type |
Details |
|---|---|---|---|
|
KB 7.1.638.0 |
Syslog - Broadcom ProxySG |
Policy: LogRhythm Default |
Log processing policy for Syslog - Broadcom ProxySG |