Syslog - Forcepoint Stonesoft NGFW

Device Details

Device Name	Forcepoint Stonesoft NGFW
Vendor	Forcepoint
Device Type	Next Generation Firewall
Supported Model Name/Number	N/A
Supported Software Version	All
Collection Method	Syslog
Configurable Log Output	N/A
Log Source Type	Syslog - Forcepoint Stonesoft NGFW
Log Processing Policy	LogRhythm Default
Exceptions	N/A
Additional Information	https://www.forcepoint.com/product/ngfw-next-generation-firewall https://help.stonesoft.com/onlinehelp/StoneGate/SMC/6.5.0/GUID-71291199-8540-496C-A4DF-52A69E8FE227.html https://support.forcepoint.com/KBArticle?id=000015002 https://www.websense.com/content/support/library/ngfw/v64/mgmt/ngfw_640_pg_a_en-us.pdf

Supported Log Messages

(List of LR Tags used to parse the log information for each message type)

Type	Product Version	Supported Schema Fields
Alert Messages	All	<version>, <vmid>, <objectname>, <cve>, <severity>, <sport>, <login>, <dip>, <subject>, <url>, <session>, <command>, <sinterface>, <dinterface>, <protnum>, <dport>, <sip>
Catch All : Level 1	All	<severity>
Catch All : Level 2	All	<severity>, <version>, <vmid>, <command>, <subject>, <sport>, <sname>, <dname>, <dip>
Firewall Messages	All	<version>, <vmid>, <objectname>, <severity>, <sport>, <dip>, <object>, <session>, <command>, <sinterface>, <dinterface>, <protnum>, <dport>, <bytesin>, <bytesout>, <sip>
Firewall Messages - v6.2.X	All	<version>, <vmid>, <command>, <severity>, <packetsin>, <packetsout>, <url>, <tag1>, <object>, <objectname>, <subject>, <dport>, <sport>, <dnatip>, <snatip>, <action>, <sinterface>, <protnum>, <dip>, <sip>, <dname>
Firewall Messages - v6.3.X	All	<severity>, <version>, <vmid>, <command>, <url>, <packetsin>, <packetsout>, <object>, <objectname>, <subject>, <dnatip>, <snatip>, <action>, <sinterface>, <protnum>, <dport>, <sport>, <dip>, <sip>, <dname>
Firewall Messages - V6.4/6.5/6.6/6.7	All	<severity>, <version>, <vmid>, <command>, <login>, <objecttype>, <packetsin>, <packetsout>, <object>, <protname>, <objectname>, <dnatip>, <snatip>, <subject>, <dnatport>, <snatport>, <object>, <action>, <dinterface>, <dport>, <sport>, <dip>, <sip>, <dname>
Firewall Messages - V6.5.8	All	<severity>, <version>, <vmid>, <command>, <dname>, <sip>, <dip>, <sport>,<dport>, <protnum>, <sinterface>, <dinterface>, <action>, <objectname>, <object>, <subject>
IPS Messages	All	<version>, <vmid>, <objectname>, <severity>, <sport>, <login>, <dmac>, <dip>, <subject>, <object>, <url>, <session>, <command>, <sinterface>, <dinterface>, <protnum>, <dport>, <bytesin>, <bytesout>, <sip>, <smac>

Revision History

KB Version	Log Type	Change Type	Details
KB 7.1.598.0	N/A	Documentation	Updated documentation