Device Details
|
Device Name |
Cisco Firepower |
|---|---|
|
Vendor |
Cisco |
|
Device Type |
Cisco Firepower |
|
Supported Model Name/Number |
N/A |
|
Supported Software Version |
N/A |
|
Collection Method |
Syslog |
|
Configurable Log Output |
No |
|
Log Source Type |
Syslog - Cisco Firepower |
|
Log Processing Policy |
LogRhythm Default |
|
Exceptions |
N/A |
|
Additional Information |
N/A |
Supported Log Messages
(List of LR tags used to parse the log information for each message type)
|
Type |
Product Version |
Supported Schema Fields |
|---|---|---|
|
Access Control Messages |
N/A |
<severity>, <vmid>, <action>, <sip>, <dip>, <sport>, <dport>, <protname>, <policy>, <objectname>, <seconds>, <useragent>, <version>, <packetsout>, <packetsin>, <bytesout>, <bytesin>, <responsecode>, <objecttype>, <url> |
|
Blacklisted DNS Request Messages |
N/A |
<severity>, <vmid>, <action>, <sip>, <dip>, <sport>, <dport>, <protname>, <policy>, <objectname>, <seconds>, <useragent>, <version>, <packetsout>, <packetsin>, <bytesout>, <bytesin>, <responsecode>, <objecttype>, <url> |
|
Catch All : Level 1 1 |
N/A |
<tag1>, <severity> |
|
Catch All : Level 4 : Signature Detection |
N/A |
<vmid>, <severity>, <sip>, <dip>, <sport>, <dport>, <sinterface>, <dinterface>, <protname>, <login>, <object>, <objectname>, <subject>, <threatname>, <sender>, <tag1> |
|
Deny IP Spoof |
N/A |
<severity>, <vendorinfo>, <subject>, <sip>, <dip>, <sinterface> |
| DNS Query Message |
N/A |
<severity>, <sip>, <dip>, <sport>, <dport>, <protname>, <subject>, <objecttype>, <reason>, <account>, <sessiontype>, <policy>, <status>, <tag1> |
| Duplicate TCP SYN |
N/A |
<severity>, <vendorinfo>, <subject>, <dip>, <dport>, <sip>, <sport>, <sinterface>, |
| EPCL IPS Policy |
N/A |
<severity>, <sip>, <dip>, <sname>, <sport>, <dport>, <sinterface>, <dinterface>, <protname>, <login>, <session>, <sessiontype>, <object>, <objectname>, <subject>, <version>, <url>, <policy>, <action>, <bytesin>, <bytesout>, <itemsin>, <itemsout>, <amount>, <quantity> |
| EVID 430001: Intrusion Event |
N/A |
<vmid>, <vendorinfo>, <severity>, <sip>, <sname>, <dip>, <dname>, <sport>, <dport>, <sinterface>, <dinterface>, <protname>, <login>, <process>, <object>, <subject>, <serialnumber>, <useragent>, <policy>, <group>, <command>, <action>, <result>, <responsecode> |
| EVID 430002/430003: Connection event |
N/A |
<severity>, <vmid>, <action>, <objecttype>, <sip>, <dip>, <sport>, <dport>, <protname>, <sinterface>, <dinterface>, <policy>, <reason>, <login>, <useragent>, <quantity>, <itemsout>, <itemsin>, <bytesout>, <bytesin>, <url> |
| EVID 430002/430003: Connection Event Messages |
N/A |
<severity>, <vmid>, <tag1>, <sip>, <dip>, <sport>, <dport>, <protname>, <sinterface>, <dinterface>, <policy>, <subject>, <login>, <useragent>, <objectname>, <object>, <duration>, <itemsout>, <itemsin>, <bytesout>, <bytesin>, <objecttype>, <url> |
| EVID 430005: File Malware Event |
N/A |
<severity>, <vmid>, <sip>, <dip>, <sport>, <dport>, <protname>, <action>, <hash>, <subject>, <threatname>, <objectname>, <objecttype>, <size>, <command>, <login>, <policy>, <url> |
| EVID 733100: Object Exceeded Threshold Rate |
N/A |
<severity>, <vmid>, <threatname>, <subject>, <reason> |
| EVID 771002: System Clock Set |
N/A |
<severity>, <vmid>, <action>, <object>, <sip> |
| Firepower : User System Msg |
N/A |
<severity>, <vendorinfo>, <processid>, <threatid>, <sip>, <sport>, <result>, <protname>, <dport> |
| Firepower Authpriv System Msg |
N/A |
<sip>, <severity>, <vendorinfo>, <login>, <result>, <dip>, <process>, <processid>, <action> |
| Firepower Debug Mesage |
N/A |
<severity>, <dname>, <sname>, <login>, <domainorigin>, <action>, <tag1>, <result> |
| Firepower Error Messages V6.4.0.4 |
N/A |
<severity>, <vmid>, <subject>, <dip>, <dport>, <sip>, <sport>, <reason>, <sinterface>, <process>, <processid>, <quantity> |
| Firepower Informational Message |
N/A |
<vendorinfo>, <severity>, <sip>, <dip>, <sport>, <dport>, <sinterface>, <dinterface>, <protname>, <login>, <domainorigin>, <object>, <objectname>, <subject>, <threatname>, <url>, <useragent>, <policy>, <command>, <action>, <reason>, <sender>, <recipient>, <bytesin>, <bytesout>, <itemsin>, <itemsout>, <tag1> |
| Firepower Local System Msg |
N/A |
<sip>, <severity>, <vendorinfo>, <result>, <protname>, <process>, <processid> |
| Firepower Malware Events |
N/A |
<severity>, <dname>, <vendorinfo>, <hash>, <objecttype>, <threatname>, <sip>, <dip> |
| Firepower Vulnerability Signatures |
N/A |
<vmid>, <severity>, <sip>, <dip>, <sport>, <dport>, <sinterface>, <dinterface>, <protname>, <login>, <object>, <objectname>, <subject>, <threatname>, <version>, <group>, <result>, <tag1> |
| Firepower Warning Message |
N/A |
<severity>, <dname>, <process>, <object>, <subject>, <sname>, <objecttype>, <protname>, <sip>, <sport>, <dip>, <dport> |
| Matching Connection For ICMP |
N/A |
<severity>, <vendorinfo>, <subject>, <dip>, <dport>, <sip>, <sport>, <object>, <sinterface>, <dinterface>, <protname>, <responsecode>, <snatip>, <dnatip> |
| Object Drop |
N/A |
<severity>, <vendorinfo>, <action>, <subject>, <rate>, <amount>, <size> |
| Process Information |
N/A |
<severity>, <process>, <login>, <sip>, <action>, <url>, <status>, <vmid>, <object>, <policy> |
| Recieved ARP |
N/A |
<severity>, <vendorinfo>, <sip>, <dip>, <command>, <smac>, <dmac>, <sinterface>, |
| SFIMS : Catch All Level 1 |
N/A |
<process>, <subject>, <object>, <dname>, <objectname>, <severity>, <protname>, <sip>, <sport>, <dip>, <dport> |
| SFIMS Apache Struts Server Messages |
N/A |
<severity>, <sip>, <dip>, <dname>, <sport>, <dport>, <protname>, <object>, <objectname>, <subject>, <threatname> |
| SFIMS General Messages |
N/A |
<dip>, <dport>, <dmac>, <protname>, <objecttype>, <subject>, <hash>, <command>, <sender>, <recipient>, <amount>, <tag1>, <tag2> |
| Translation Creation Failed |
N/A |
<severity>, <vendorinfo>, <sip>, <dip>, <protname>, <responsecode>, <sinterface>, <dinterface>, <status>, <object> |
Revision History
|
KB Version |
Log Type |
Change Type |
Details |
|---|---|---|---|
|
KB 7.1.620.0 |
Syslog - Cisco Firepower |
Device Documentation |
N/A |