Syslog - Check Point Log Exporter V2.0
Device Details
Device Name | Check Point Log Exporter |
---|---|
Vendor | Check Point |
Device Type | N/A |
Supported Model Name/Number | N/A |
Supported Software Version(s) | R77.30, R80.10, R80.20, R80.30, R80.40, R81 |
Collection Method | Syslog |
Configurable Log Output? | No |
Log Source Type | Syslog - Check Point Log Exporter |
Log Processing Policy | LogRhythm Default 2.0 |
Exceptions | N/A |
Additional Information |
Supported Log Messages
Type | Product Version | Supported Schema Fields |
---|---|---|
V 2.0 : Anti Malware Events | N/A | <vmid>, <action>, <tag1>, <sip>, <sport>, <dip>, <dport>, <sname>, <protnum>, <sinterface>, <login>, <snatip>, <url>, <useragent>, <bytesin>, <bytesout>, <severity>, <vendorinfo>, <threatname>, <status>, <domainimpacted>, <reason>, <policy> |
V 2.0 : Anti Virus Events | N/A | <vmid>, <reason>, <severity>, <subject>, <dip> |
V 2.0 : Application Control Events | N/A | <vmid>, <action>, <tag1>, <sip>, <sport>, <dip>, <dport>, <protnum>, <sinterface>, <reason>, <vendorinfo>, <snatip>, <snatport>, <dnatip>, <dnatport>, <url>, <severity>, <bytesout>, <bytesin>, <sname>, <login>, <policy>, <subject>, <process> |
V 2.0 : Application Control URL Filtering Events | N/A | <vmid>, <action>, <tag1>, <sip>, <sport>, <dip>, <dport>, <protnum>, <sinterface>, <reason>, <vendorinfo>, <snatip>, <snatport>, <dnatip>, <dnatport>, <login>, <url>, <protname>, <duration>, <version>, <bytesin>, <packetsin>, <bytesout>, <packetsout>, <quantity>, <severity> <policy>, <subject>, <process> |
V 2.0 : Connectra Events | N/A | <vmid>, <action>, <tag1>, <sip>, <sport>, <dip>, <dport>, <protnum>, <reason>, <login>, <snatip>, <result>, <group> |
V 2.0 : Content Awareness Events | N/A | <vmid>, <action>, <tag1>, <sip>, <dip>, <dport>, <protnum>, <object>, <objecttype>, <size>, <object>, <policy> |
V 2.0 : Core Events | N/A | <vmid>, <action>, <sip>, <sport>, <dip>, <dport>, <protnum>, <sinterface>, <reason>, <snatip>, <snatport>, <dnatip>, <dnatport>, <sname>, <login>, <severity>, <vendorinfo>, <version> |
V 2.0 : Device Events | N/A | <vmid>, <action>, <sip>, <sport> , <dip>, <dport> , <protnum>, <sinterface>, <reason>, <snatip>, <snatport>, <dnatip>, <dnatport>, <login>, <severity>, <status>, <version> |
V 2.0 : DLP Events | N/A | <vmid>, <action>, <tag1>, <sip>, <sport>, <dip>, <dport>, <protnum>, <snatip>, <login>, <account>, <sender>, <severity>, <size>, <object>, <recipient>, <policy>, <objecttype>, <reason>, <subject>, <url>, <vendorinfo> |
V 2.0 : Endpoint Management Event | N/A | <vmid>, <dip>, <action>, <vendorinfo>, <status>, <login>, <object>, <objecttype>, <subject> |
V 2.0 : Endpoint Security Mgmt Event | N/A | <vmid>, <dip>, <action>, <tag1>, <vendorinfo>, <status>, <login>, <object>, <objecttype>, <subject>, <sip>, <policy> |
V 2.0 : ESOD Events | N/A | <vmid>, <dip>, <action>, <status> |
V 2.0 : Eventia Analyzer Events | N/A | <vmid>, <action>, <sip>, <sport>, <dip>, <dport>, <protnum>, <sinterface>, <reason>, <snatip>, <snatport>, <dnatip><dnatport>, <url>, <severity>, <login>, <vendorinfo>, <domainimpacted>, <dname> |
V 2.0 : FG VPN-1 & FireWall-1 Events | N/A | <vmid>, <action>, <sip>, <sport>, <dip>, <dport>, <protnum>, <sinterface>, <reason>, <snatip>, <snatport>, <dnatip>, <dnatport>, <sname>, <dname>, <login>, <account>, <bytesout>, <itemsout>, <bytesin>, <itemsin>, <policy> |
V 2.0 : Firewall Events | N/A | <vmid>, <dip>, <reason>, <status>, <tag1>, <result> |
V 2.0 : Forensics Events | N/A | <vmid>, <action>, <tag1>, <sip>, <sport>, <dip>, <dport>, <protnum>, <sinterface>, <reason>, <snatip>, <snatport>, <dnatip>, <dnatport>, <url>, <sname>, <login>, <severity>, <vendorinfo>, <threatname>, <subject>, <hash>, <object>, <objecttype>, <size>, <status> |
V 2.0 : HTTPS Inspection Events | N/A | <vmid>, <dip>, <sip>, <sport>, <dport>, <sinterface>, <dname>, <sname>, <action>, <protnum>, <login>, <account>, <severity>, <vendorinfo>, <reason>, <status>, <tag1>, <result> |
V 2.0 : Identity Awareness Events | N/A | <vmid>, <action>, <sip>, <login>, <domainorigin>, <session>, <reason>, <duration>, <vendorinfo>, <status>, <group>, <sname> |
V 2.0 : Identity Logging Events | N/A | <vmid>, <action>, <login>, <sname>, <sip>, <domainorigin>, <reason>, <duration>, <vendorinfo> |
V 2.0 : iOS Profiles Events | N/A | <vmid>, <action>, <sip>, <sport>, <dip>, <dport>, <protnum>, <sinterface>, <snatip>, <snatport>, <dnatip>, <dnatport>, <url>, <login>, <severity>, <threatname>, <status>, <version> |
V 2.0 : IPS Events | N/A | <vmid>, <dip>, <reason>, <vendorinfo>, <status>, <tag1> |
V 2.0 : Log Update Events | N/A | <vmid>, <action>, <sip>, <sport>, <dip>, <dport>, <protnum> |
V 2.0 : Mobile App Events | N/A | <vmid>, <action>, <sip>, <sport>, <dip>, <dport>, <protnum>, <sinterface>, <snatip>, <snatport>, <dnatip>, <dnatport>, <login>, <severity>, <status>, <version> |
V 2.0 : MTA Events | N/A | <vmid>, <action>, <sip>, <sport>, (<dip>, <dport>, <protnum>, <sinterface>, <reason>, <snatip>, <snatport>, <dnatip>, <dnatport>, <login>, <url>, <recipient>, <sender>, <subject>, <size>, <status>, <tag1> |
V 2.0 : Network Security Events | N/A | <vmid>, <action>, <sip>, <sport>, <dip>, <dport>, <protnum>, <sinterface>, <snatip>, <snatport>, <dnatip>, <dnatport>, <url>, <login>, <severity>, <threatname>, <status>, <version> |
V 2.0 : New Anti-Virus Events | N/A | <vmid>, <action>, <sip>, <sport>, <dip>, <dport>, <protnum>, <sname>, <dname>, <sinterface>, <snatip>, <login>, <account>, <url>, <severity>, <recipient>, <sender>, <bytesin>, <bytesout>, <useragent>, <domainimpacted>, <vendorinfo>, <threatname>, <subject>, <reason>, <objecttype>, <object>, <result>, <threatid>, <policy> |
V 2.0 : OS Exploits Events | N/A | <vmid>, <action>, <sip>, <sport>, <dip>, <dport>, <protnum>, <sinterface>, <reason>, <snatip>, <snatport>, <dnatip>, <dnatport>, <url>, <login>, <severity>, <threatname>, <status>, <version> |
V 2.0 : RAD Events | N/A | <vmid>, <dip>, <reason>, <vendorinfo> |
V 2.0 : Security Gateway/Management Events | N/A | <vmid>, <action>, <sip>, <sport>, <dip>, <dport>, <protnum>, <sinterface>, <reason>, <snatip>, <snatport>, <dnatip>, <dnatport>, <severity>, <vendorinfo>, <status>, <result> |
V 2.0 : SmartConsole Events | N/A | <vmid>, <dip>, <dname>, <action>, <tag1>, <vendorinfo>, <login>, <sip> |
V 2.0 : Smart Defense Events | N/A | <vmid>, <action>, <tag1>, <sip>, <sport>, <dip>, <dport>, <protnum>, <sinterface>, <reason>, <snatip>, <snatport>, <dnatip>, <dnatport>, <login>, <account>, <recipient>, <sender>, <url>, <dname>, <sname>, <vendorinfo>, <threatname>, <severity>, <cve> |
V 2.0 : SmartEvent Client Events | N/A | <vmid>, <action>, <sip>, <sport>, <dip>, <dport>, <protnum>, <sinterface>, <reason>, <snatip>, <snatport>, <dnatip>, <dnatport>, <severity>, <vendorinfo>, <status>, <tag1>, <result> |
V 2.0 : SmartView Events | N/A | <vmid>, <vendorinfo>, <login>, <action>, <sip>, <dip> |
V 2.0 : Syslog Events | N/A | <vmid>, <dip>, <vendorinfo>, <severity> |
V 2.0 : System Monitor Events | N/A | <vmid>, <dip>, <severity>, <vendorinfo>, <object>, <dname>, <subject>, <tag1>, <policy> |
V 2.0 : Threat Emulation Events | N/A | <vmid>, <action>, <sip>, <sport>, <dip>, <dport>, <protnum>, <sinterface>, <snatip>, <url>, <severity>, <result>, <login>, <sname>, <sender>, <recipient>, <subject>, <account>, <useragent>, <object>, <objecttype>, <size>, <session>, <vendorinfo>, <hash>, <threatname>, <reason>, <policy> |
V 2.0 : Threat Extraction Events | N/A | <vmid>, <action>, <sip>, <sport>, <dip>, <dport>, <protnum>, <sinterface>, <reason>, <snatip>, <snatport>, <dnatip>, <dnatport>, <login>, <url>, <severity>, <recipient>, <sender>, <threatname>, <subject>, <hash>, <object>, <objecttype>, <size>, <policy> |
V 2.0 : URL Filtering Events | N/A | <vmid>, <action>, <tag1>, <sip>, <sport>, <dip>, <dport>, <protnum>, <sinterface>, <reason>, <snatip>, <snatport>, <dnatip>, <dnatport>, <url>, <subject>, <sname>, <login>, <bytesout>, <bytesin>, <policy>, <process> |
V 2.0 : VPN-1 & FireWall-1 Events | N/A | <vmid>, <action>, <tag1>, <sip>, <sport>, <dip>, <dport>, <protnum>, <sinterface>, <reason>, <snatip>, <snatport>, <dnatip>, <dnatport>, <login>, <policy> |
V 2.0 : WEB_API | N/A | <vmid>, <action>, <vendorinfo>, <status>, <login>, <sip>, <object>, <objecttype>, <subject> |
V 2.0 : WIFI Network Events | N/A | <vmid>, <action>, <sip>, <sport>, <dip>, <dport>, <protnum>, <reason>, <subject>, <login>, <url>, <sname>, <severity>, <status>, <version> |
V 2.0 : Zero Phishing Events | N/A | <vmid>, <action>, <sip>, <sport>, <dip>, <dport>, <protnum>, <sinterface>, <url>, <sname>, <login>, <severity>, <useragent>, <vendorinfo>, <threatname>, <vendorinfo>, <policy>, <result> |
V 2.0 : CloudGuard IaaS Events | N/A | <vmid>, <action>, <sip>, <sport>, <dip>, <dport>, <protnum>, <sinterface>, <reason>, <subject>, <login>, <url>, <severity>, <version> |
V 2.0 : SmartDashboard Events | N/A | <vmid>, <sip>, <subject>, <status>, <login>, <object>, <objecttype>, <action>, <sinterface>, <version> |
V 2.0 : Cpmidu_update_tool Events | N/A | <vmid>, <sip>, <subject>, <status>, <login>, <object>, <objecttype>, <action>, <sinterface>, <domain>, <version>, <session> |
N/A | <vmid>, <sip>, <subject>, <status>, <login>, <object>, <objecttype>, <action>, <sinterface>, <version> | |
V 2.0 : Web-UI Events | N/A | <vmid>, <sip>, <subject>, <status>, <login>, <object>, <objecttype>, <action>,<sinterface>, <version> |
V 2.0 : Media Encryption & Port Protection Events | N/A | <vmid>, <sip>, <action>, <sip>, <sport>, <dip>, <dport>, <protnum>, <sinterface>, <reason>, <snatip>, <snatport>, <dnatip>, <dnatport>, <sname>, <login>, <severity>, <version>, <status>, <object>, <subject>, <objecttype>, <policy> |
V 2.0 : Smart Anti Spam Events | N/A | <vmid>, <action>, <sip>, <sport>, <dip>, <dport>, <protnum>, <sinterface>, <reason>, <snatip>, <snatport>, <dnatip>, <dnatport>, <login>, <recipient>, <sender>, <url>, <sname>, <policy> |
V 2.0 : URL Filtering Application Control Events | N/A | <vmid>, <action>, <tag1>, <sip>, <sport>, <dip>, <dport>, <protnum>, <sinterface>, <reason>, <snatip>, <snatport>, <dnatip>, <dnatport>, <sname>, <login>, <protname>, <seconds>, <version>, <policy>, <quantity>, <subject>, <severity>, <process> |
Revision History
KB Version | Log Type | Change Type | Details |
---|---|---|---|
N/A | N/A | Documentation | New LSO Default V 2.0 document update |