Device Details
|
Vendor |
Netgate |
|---|---|
|
Device Type |
Firewall |
|
Supported Model Name/Number |
pfSense |
|
Supported Software Version(s) |
N/A |
|
Collection Method |
Syslog |
|
Configurable Log Output? |
No |
|
Log Source Type |
Syslog - pfSense Firewall |
|
Log Processing Policy |
LogRhythm Default |
|
Exceptions |
N/A |
|
Additional Information |
N/A |
Prerequisites
Deployment of application and its credentials.
Currently Supported Log Types
|
Type |
Product Version |
Supported Schema Fields
|
|---|---|---|
|
V4 TCP Pass/Block |
N/A |
<rule-number>, <sub-rule-number>, <anchor>, <tracker>, <real-interface>, <reason>, <action>, <direction>, <ip-version>, <tos>, <ecn>, <ttl>, <id>, <offset>, <flags>, <protocol-id>, <protocol-text>, <length>, <source-address>, <destination-address>, <source-port>, <destination-port>, <data-length>, <tcp-flags>, <sequence-number>, <ack-number>, <tcp-window>, <urg>, <tcp-options> |
|
V4 UDP Pass/Block |
N/A |
<rule-number>, <sub-rule-number>, <anchor>, <tracker>, <real-interface>, <reason>, <action>, <direction>, <ip-version>, <tos>, <ecn>, <ttl>, <id>, <offset>, <flags>, <protocol-id>, <protocol-text>, <length>, <source-address>, <destination-address>, <source-port>, <destination-port>, <data-length> |
|
V6 TCP Pass/Block |
N/A |
<rule-number>, <sub-rule-number>, <anchor>, <tracker>, <real-interface>, <reason>, <action>, <direction>, <ip-version>, <class>, <flow-label>, <hop-limit>, <protocol-text>, <protocol-id>, <length>, <source-address>, <destination-address>, <source-port>, <destination-port>, <data-length>, <tcp-flags>, <sequence-number>, <ack-number>, <tcp-window>, <urg>, <tcp-options> |
|
V6 UDP Pass/Block |
N/A |
<rule-number>, <sub-rule-number>, <anchor>, <tracker>, <real-interface>, <reason>, <action>, <direction>, <ip-version>, <class>, <flow-label>, <hop-limit>, <protocol-text>, <protocol-id>, <length>, <source-address>, <destination-address>, <source-port>, <destination-port>, <data-length> |
Parsed Metadata Fields
|
Product Field Name |
LogRhythm Metadata Field |
Value/Data Type |
|---|---|---|
|
<action> |
<action> |
Pass or Block |
|
<data-length> |
<bytesin> |
Number |
|
<destination-address> |
<dip> |
IP Address |
|
<destination-port> |
<dport> |
Number |
|
<protocol-id> |
<protnum> |
Number |
|
<protocol-text> |
<protname> |
"tcp" or "udp" or "icmp" or <text> |
|
<real-interface> |
<dinterface> |
Interface Value |
|
<reason> |
<reason> |
Text |
|
<sequence-number> |
<session> |
Number |
|
<source-address> |
<sip> |
IP Address |
|
<source-port> |
<sport> |
Number |