Vendor Documentation
Classification
|
Rule Name |
Rule Type |
Common Event |
Classification |
|---|---|---|---|
|
V 2.0: Event: VPN |
Base Rule |
VPN Session Information |
Information |
|
V 2.0: VPN Neg I P1 Error |
Sub Rule |
General IPSec Error |
Error |
|
V 2.0: VPN Neg Progress P1 Error |
Sub Rule |
IPSec Progress Error |
Error |
|
V 2.0: VPN Neg Progress P2 Error |
Sub Rule |
IPSec Progress Error |
Error |
|
V 2.0: VPN Conn Stats |
Sub Rule |
General IPSec Information |
Information |
|
V 2.0: VPN Neg Generic P2 Notif IKEV2 |
Sub Rule |
Notification Of An IPSec Negotiation |
Information |
|
V 2.0: VPN Neg I P1 Error IKEV2 |
Sub Rule |
IPSec Negotiation Error |
Error |
|
V 2.0: VPN Neg Progress P1 Notif IKEV2 |
Sub Rule |
IPSec Information Message |
Information |
|
V 2.0: VPN Neg Progress P1 Error IKEV2 |
Sub Rule |
IPSec Progress Error |
Error |
|
V 2.0: VPN Neg Progress P2 Notif IKEV2 |
Sub Rule |
IPSec Information Message |
Information |
|
V 2.0: VPN Install SA IKEV2 |
Sub Rule |
Installed IPSec Security Association |
Information |
|
V 2.0: VPN Conn Stats IKEV2 |
Sub Rule |
IPSec Information Message |
Information |
|
V 2.0: VPN Event SSL VPN User Tunnel UP |
Sub Rule |
General TUNNEL Message |
Information |
|
V 2.0: VPN Event SSL VPN User Tunnel DOWN |
Sub Rule |
VPN Tunnel Failure |
Warning |
|
V 2.0: VPN Event SSL VPN User SSL Login Fail |
Sub Rule |
Authentication Failure Activity |
Authentication Failure |
|
V 2.0: VPN Event SSL VPN Session Cert Ok |
Sub Rule |
Certificate Valid |
Information |
|
V 2.0: VPN Event SSL VPN Session New Con |
Sub Rule |
VPN Session Started |
Network Traffic |
|
V 2.0: VPN Event SSL VPN Session Tunnel Up |
Sub Rule |
VPN Session Started |
Network Traffic |
|
V 2.0: VPN Event SSL VPN Session Tunnel Down |
Sub Rule |
VPN Tunnel Failure |
Warning |
|
V 2.0: VPN Event SSL VPN Session Tunnel Stats |
Sub Rule |
VPN Session Information |
Information |
|
V 2.0: VPN Event VPN Cert Regen |
Sub Rule |
Certificate Renewal Request |
Activity |
|
V 2.0 : VPN Event NEG GENERIC P1 NOTIF |
Sub Rule |
Notification Of An IPSec Negotiation |
Information |
|
V 2.0 : VPN Event NEG GENERIC P1 ERROR |
Sub Rule |
IPSec Negotiation Error |
Error |
|
V 2.0 : VPN Event NEG GENERIC P2 NOTIF |
Sub Rule |
Notification Of An IPSec Negotiation |
Information |
|
V 2.0 : VPN Event NEG PROGRESS P1 NOTIF |
Sub Rule |
Notification Of An IPSec Negotiation |
Information |
|
V 2.0 : VPN Event NEG PROGRESS P2 NOTIF |
Sub Rule |
Notification Of An IPSec Negotiation |
Information |
|
V 2.0 : VPN Event ESP ERROR |
Sub Rule |
IPSec ESP Error |
Error |
|
V 2.0 : VPN Event INSTALL SA |
Sub Rule |
Installed IPSec Security Association |
Information |
|
V 2.0 : VPN Event DELETE P1 SA |
Sub Rule |
IPSEC SA Delete Request Received |
Network Traffic |
|
V 2.0 : VPN Event DELETE P2 SA |
Sub Rule |
IPSEC SA Delete Request Received |
Network Traffic |
|
V 2.0 : VPN Event DPD FAILURE |
Sub Rule |
IPSec DPD Failure |
Error |
|
V 2.0 : VPN Event CONN UPDOWN |
Sub Rule |
IPSec Status Changed |
Information |
|
V 2.0 : VPN Event P2 UPDOWN |
Sub Rule |
IPSec Status Changed |
Information |
|
V 2.0 : VPN Event SSL VPN SESSION ALERT |
Sub Rule |
General SSLVPN Session Alert |
Critical |
|
V 2.0 : VPN Event SSL VPN SESSION EXIT ERR |
Sub Rule |
General SSLVPN Session Error |
Error |
|
V 2.0 : VPN Event VPN CERT UPDATE FAILED |
Sub Rule |
Update Failed |
Error |
Mapping with LogRhythm Schema
|
Device Key in Log Message |
LogRhythm Schema |
Data Type |
Schema Description |
|---|---|---|---|
|
date |
N/A |
N/A |
The date of the log event. |
|
time |
N/A |
N/A |
The time of the log event. |
|
logid |
<vmid> |
Number |
A unique identifier for the log event. |
|
type |
<vendorinfo> |
Text/String |
The type of log event. In this case, it is an event. |
|
subtype |
N/A |
N/A |
The subtype of the log event. In this case, it is a VPN event. |
|
level |
<severity> |
Text/String |
The severity level of the log event. In this case, it is a notice. |
|
vd |
<sessiontype> |
Text/String |
The vdom in which the log event occurred. |
|
eventtime |
N/A |
N/A |
The time at which the log event occurred. |
|
logdesc |
N/A |
N/A |
The description of the log event. |
|
msg |
<subject> |
Text/String |
The message associated with the log event. |
|
action |
<action> |
Text/String |
The action that was taken. In this case, it was a negotiate. |
|
remip |
<sip> |
IP Address |
The remote IP address of the VPN tunnel. |
|
locip |
<dip> |
IP Address |
The local IP address of the VPN tunnel. |
|
remport |
<sport> |
Number |
The remote port of the VPN tunnel. |
|
locport |
<dport> |
Number |
The local port of the VPN tunnel. |
|
outintf |
N/A |
N/A |
The outbound interface of the VPN tunnel. |
|
cookies |
N/A |
N/A |
The cookies used for the VPN tunnel. |
|
user |
<login> |
Text/String |
The user associated with the VPN tunnel. |
|
group |
<group> |
Text/String |
The group associated with the VPN tunnel. |
|
xauthuser |
<login> |
N/A |
The xauth user associated with the VPN tunnel. |
|
xauthgroup |
N/A |
N/A |
The xauth group associated with the VPN tunnel. |
|
assignip |
N/A |
N/A |
The assigned IP address for the VPN tunnel. |
|
vpntunnel |
<object> |
Text/String |
The name of the VPN tunnel. |
|
status |
<status> |
Text/String |
The status of the VPN tunnel. |
|
init |
N/A |
N/A |
The initiator of the VPN tunnel. |
|
mode |
N/A |
N/A |
The mode of the VPN tunnel. |
|
dir |
N/A |
N/A |
The direction of the VPN tunnel. |
|
stage |
N/A |
N/A |
The stage of the VPN tunnel. |
|
role |
N/A |
N/A |
The role of the VPN tunnel. |
|
result |
<result> |
Text/String |
The result of the VPN tunnel. |
|
tunneltype |
<objecttype> |
Text/String |
IPsec VPN tunnel type |
|
tunnelid |
N/A |
N/A |
IPsec VPN tunnel ID |
|
tunnelip |
N/A |
N/A |
IPsec VPN tunnel IP address |
|
dst_host |
<dname> |
Text/String |
Destination Host |
|
duration |
<seconds> |
Number |
Duration |
|
rcvdbyte |
<bytesin> |
Number |
Received Bytes |
|
nextstat |
N/A |
N/A |
Time interval in seconds for the next statistics |
|
reason |
<reason> |
Text/String |
The reason for the log event. |