Syslog - Pulse Secure
Device Details
| Device Name | Pulse Secure |
|---|---|
Vendor | Pulse Secure |
Device Type | Pulse Secure |
Supported Model Name/Number | N/A |
Supported Software Version(s) | N/A |
Collection Method | Syslog |
Configurable Log Output | No |
Log Source Type | Syslog - Pulse Secure |
Log Processing Policy | LogRhythm Default v2.0 |
Exceptions | N/A |
Additional Information |
Supported Log Messages
(List of LR Tags used to parse the log information for each message type)
Type | Product Version | Supported Schema Fields |
|---|---|---|
| Certificate/License Operational Messages | N/A | <group>, <login>, <object>, <severity>, <sip>, <tag1>, <vmid> |
| Misc Messages | N/A | <command>, <group>, <login>, <object>, <responsecode>, <session>, <severity>, <sip>, <smac>, <subject>, <tag1>, <vmid> |
| Policy Operational Messages | N/A | <group>, <login>, <policy>, <severity>, <sip>, <tag1>, <tag2>, <vmid> |
Role/Group Operational Messages | N/A | <severity>, <sip>, <login>, <group>, <vmid>, <tag1>, <tag2> |
User Authentication And Session Message | N/A | <group>, <login>, <reason>, <session>, <severity>, <sip>, <tag1>, <tag2>, <useragent>, <vmid> |
| Radius Authentication Logs | N/A | <severity>, <sname>, <group>, <status>, <tag1>, <domainorigin>, <login>, <snatip> |
| Access : Agent Authentication Succeeded | N/A | <severity>, <sname>, <group>, <domainorigin>, <login>, <session>, <sip>, <smac> |
| Admin: Host Policy Passed | N/A | <severity>, <sname>, <group>, <policy>, <sip>, <domainorigin>, <login> |
| Admin: Agent Session Bridge | N/A | <severity>, <sname>, <group>, <domainorigin>, <login>, <smac> |
| Admin: Scan Failed | N/A | <severity>, <sname>, <group>, <action>, <object>, <dmac> |
| Access: Session Deletion Message | N/A | <severity>, <sname>, <group>, <dname>, <dmac>, <result>, <responsecode>, <reason> |
| Access: RADIUS Invalid Message Authenticator | N/A | <severity>, <sname>, <group>, <action>, <dip> |
| Admin: TLS Handshake | N/A | <severity>, <sname>, <group>, <action>, <result>, <reason> |
| Access: Enforcer Message | N/A | <severity>, <sname>, <group>, <sip>, <serialnumber> |
| Access: Active Directory Authentication Server | N/A | <severity>, <sname>, <group>, <status>, <subject> ,<reason>, <result> |
Revision History
KB Version | Log Type | Change Type | Details |
|---|---|---|---|
KB 7.1.614.0 | Syslog - Pulse Secure | New Log Source Type | New Device support for Syslog - Pulse Secure |