Vendor Documentation
Classification
|
Rule Name |
Rule Type |
Common Event |
Classification |
|---|---|---|---|
|
V 2.0 : Event : Switch-Controller |
Base Rule |
General Firewall Event |
Information |
|
V 2.0 : LOG_ID_FGT_SWITCH_LOG_DISCOVER |
Sub Rule |
Switch Information |
Information |
|
V 2.0 : LOG_ID_FGT_SWITCH_LOG_AUTH |
Sub Rule |
Authentication Activity |
Authentication Success |
|
V 2.0 : LOG_ID_FGT_SWITCH_LOG_DEAUTH |
Sub Rule |
Privilege Revoked |
Access Revoked |
|
V 2.0 : LOG_ID_FGT_SWITCH_LOG_DELETE |
Sub Rule |
Object Deleted/Removed |
Access Success |
|
V 2.0 : LOG_ID_FGT_SWITCH_LOG_TUNNEL_UP |
Sub Rule |
General TUNNEL Message |
Information |
|
V 2.0 : LOG_ID_FGT_SWITCH_LOG_TUNNEL_DOWN |
Sub Rule |
Connection Is Down |
Error |
|
V 2.0 : LOG_ID_FGT_SWITCH_PUSH_IMAGE |
Sub Rule |
Switch Information |
Information |
|
V 2.0 : LOG_ID_FGT_SWITCH_STAGE_IMAGE |
Sub Rule |
Switch Information |
Information |
|
V 2.0 : LOG_ID_FGT_SWITCH_DISABLE_DISCOVERY |
Sub Rule |
Feature Disabled |
Information |
|
V 2.0 : LOG_ID_FGT_SWITCH_LOG_WARNING |
Sub Rule |
General Warning |
Warning |
|
V 2.0 : LOG_ID_FGT_SWITCH_EXPORT_POOL |
Sub Rule |
Switch Information |
Information |
|
V 2.0 : LOG_ID_FGT_SWITCH_EXPORT_VDOM |
Sub Rule |
Switch Information |
Information |
|
V 2.0 : LOG_ID_FGT_SWITCH_REQUEST_PORT |
Sub Rule |
Switch Information |
Information |
|
V 2.0 : LOG_ID_FGT_SWITCH_RETURN_PORT |
Sub Rule |
Switch Information |
Information |
|
V 2.0 : LOG_ID_FGT_SWITCH_MAC_ADD |
Sub Rule |
Object Added |
Access Success |
|
V 2.0 : LOG_ID_FGT_SWITCH_MAC_DEL |
Sub Rule |
Object Deleted/Removed |
Access Success |
|
V 2.0 : LOG_ID_FGT_SWITCH_MAC_MOVE |
Sub Rule |
MAC Move Notification Feature Info Msg |
Information |
|
V 2.0 : LOG_ID_FGT_SWITCH_GROUP_SWC |
Sub Rule |
Switch Information |
Information |
|
V 2.0 : LOG_ID_FGT_SWITCH_GROUP_POE |
Sub Rule |
General Critical |
Critical |
|
V 2.0 : LOG_ID_FGT_SWITCH_GROUP_LINK |
Sub Rule |
General Critical |
Critical |
|
V 2.0 : LOG_ID_FGT_SWITCH_GROUP_STP |
Sub Rule |
Spanning Tree Alert |
Critical |
|
V 2.0 : LOG_ID_FGT_SWITCH_GROUP_SWITCH |
Sub Rule |
General Critical |
Critical |
|
V 2.0 : LOG_ID_FGT_SWITCH_GROUP_ROUTER |
Sub Rule |
General Critical |
Critical |
|
V 2.0 : LOG_ID_FGT_SWITCH_GROUP_SYSTEM |
Sub Rule |
General Critical |
Critical |
Mapping with LogRhythm Schema
|
Device Key in Log Message |
LogRhythm Schema |
Data Type |
Schema Description |
|---|---|---|---|
|
date |
N/A |
N/A |
The date of the log entry. |
|
time |
N/A |
N/A |
The time of the log entry. |
|
eventtime |
N/A |
N/A |
The timestamp of the event. |
|
tz |
N/A |
N/A |
Timezone offset. |
|
logid |
<vmid> |
Number |
The unique identifier for the log entry. |
|
type |
<vendorinfo> |
Text/String |
The type of log event. |
|
subtype |
N/A |
N/A |
The subtype of the log event. |
|
level |
<severity> |
Text/String |
The severity level of the log event. |
|
vd |
<sessiontype> |
Text/String |
The virtual domain associated with the log event. |
|
logdesc |
N/A |
N/A |
Description of the log event. |
|
user |
<login> |
Text/String |
User associated with the log event. |
|
sn |
<serialnumber> |
Text/String |
Serial number or identifier. |
|
name |
N/A |
N/A |
Name associated with the log event. |
|
msg |
<subject> |
Text/String |
Additional message or details of the log event. |
|
ui |
<sinterface> |
Text/String |
User interface associated with the log event. |