Device Details
|
Vendor |
ExtraHop |
|---|---|
|
Device Type |
ExtraHop Remote Syslog |
|
Supported Model Name/Number |
Network Detection From Core to Cloud |
|
Supported Software Version(s) |
N/A |
|
Collection Method |
Syslog |
|
Configurable Log Output? |
N/A |
|
Log Source Type |
Syslog – ExtraHop |
|
Log Processing Policy |
LogRhythm Default |
|
Exceptions |
N/A |
|
Additional Information |
https://docs.extrahop.com/current/extrahop-trigger-api/#remotesyslog |
Prerequisites
To access the ExtraHop Remote Syslog, you need one of the following Web browsers:
-
Microsoft Internet Explorer 11 or higher
-
Mozilla Firefox
-
Apple Safari
-
Google Chrome
Device Configuration Checklist
-
https://docs.extrahop.com/7.7/audit-log/#send-audit-log-data-to-a-remote-syslog-server
-
https://docs.extrahop.com/7.7/eta-admin-ui-guide/#notifications
Currently Supported Log Types
|
Type |
ProductVersion |
Supported Schema Fields
|
|---|---|---|
|
Alert Notification Messages |
All |
<severity>, <vmid>, <vendorinfo>, <subject>, <objectname>, <objecttype>, <object>, <smac>, <sip>, <rate> |
|
Audit Notification Messages |
All |
<severity>, <login>, <object>, <action>, <status>, <dip> |
|
Catch All |
All |
<severity> |
Parsed Metadata Fields
|
Product Field Name |
LogRhythm Metadata Field |
Value/Data Type |
|---|---|---|
|
Alert comment |
<subject> |
Text/ String |
|
Alert expression |
<object> |
Object |
|
Alert name |
<vendorinfo> |
Vendor Info |
|
Alert Value |
<rate> |
Numeric/Fraction |
|
Alert/Info |
<severity> |
Severity |
|
Details |
<status> |
Status |
|
Event id |
<vmid> |
Vendor Message Id |
|
Facility |
<object> |
Object |
|
IP |
<dip> |
Destination IP |
|
Ipaddr |
<sip> |
Origin IP |
|
Mcaddr |
<smac> |
Origin Mac Address |
|
Object name |
<objectname> |
Object Name |
|
Object type |
<objecttype> |
Object Type |
|
Operations |
<action> |
Actions |
|
User |
<login> |
Login |