Syslog - pfSense Firewall
Device Details
Vendor | Netgate |
|---|---|
Device Type | Firewall |
Supported Model Name/Number | pfSense |
Supported Software Version(s) | N/A |
Collection Method | Syslog |
Configurable Log Output? | No |
Log Source Type | Syslog - pfSense Firewall |
Log Processing Policy | LogRhythm Default |
Exceptions | N/A |
Additional Information | N/A |
Prerequisites
Deployment of application and its credentials.
Currently Supported Log Types
| Type | Product Version | Supported Schema Fields |
|---|---|---|
V4 TCP Pass/Block | N/A | <rule-number>, <sub-rule-number>, <anchor>, <tracker>, <real-interface>, <reason>, <action>, <direction>, <ip-version>, <tos>, <ecn>, <ttl>, <id>, <offset>, <flags>, <protocol-id>, <protocol-text>, <length>, <source-address>, <destination-address>, <source-port>, <destination-port>, <data-length>, <tcp-flags>, <sequence-number>, <ack-number>, <tcp-window>, <urg>, <tcp-options> |
V4 UDP Pass/Block | N/A | <rule-number>, <sub-rule-number>, <anchor>, <tracker>, <real-interface>, <reason>, <action>, <direction>, <ip-version>, <tos>, <ecn>, <ttl>, <id>, <offset>, <flags>, <protocol-id>, <protocol-text>, <length>, <source-address>, <destination-address>, <source-port>, <destination-port>, <data-length> |
V6 TCP Pass/Block | N/A | <rule-number>, <sub-rule-number>, <anchor>, <tracker>, <real-interface>, <reason>, <action>, <direction>, <ip-version>, <class>, <flow-label>, <hop-limit>, <protocol-text>, <protocol-id>, <length>, <source-address>, <destination-address>, <source-port>, <destination-port>, <data-length>, <tcp-flags>, <sequence-number>, <ack-number>, <tcp-window>, <urg>, <tcp-options> |
V6 UDP Pass/Block | N/A | <rule-number>, <sub-rule-number>, <anchor>, <tracker>, <real-interface>, <reason>, <action>, <direction>, <ip-version>, <class>, <flow-label>, <hop-limit>, <protocol-text>, <protocol-id>, <length>, <source-address>, <destination-address>, <source-port>, <destination-port>, <data-length> |
Parsed Metadata Fields
| Product Field Name | LogRhythm Metadata Field | Value/Data Type |
|---|---|---|
<action> | <action> | Pass or Block |
<data-length> | <bytesin> | Number |
<destination-address> | <dip> | IP Address |
<destination-port> | <dport> | Number |
<protocol-id> | <protnum> | Number |
<protocol-text> | <protname> | "tcp" or "udp" or "icmp" or <text> |
<real-interface> | <dinterface> | Interface Value |
<reason> | <reason> | Text |
<sequence-number> | <session> | Number |
<source-address> | <sip> | IP Address |
<source-port> | <sport> | Number |