Breadcrumbs

Syslog - Symantec Messaging Gateway

Device Details

Vendor

Symantec

Device Type

Messaging Gateway

Supported Model Name/Number

N/A

Supported Software Version(s)

N/A

Collection Method

Syslog

Configurable Log Output?

N/A

Log Source Type

Syslog – Symantec Messaging Gateway

Log Processing Policy

N/A

Exceptions

N/A

Additional Information

N/A

Currently Supported Log Types

Type

Product Version

Supported Schema Fields

Catch All: Level 1

All

<severity>, <tag1>

Connection From UDP

All

<severity>, <processid>, <action>, <sip>, <sport>, <process>, <dip>

General Action Messages

All

<severity>, <protname>, <process>, <processid>, <parentprocesspath>, <vmid>, <action>, <object>

Crond Logs

All

<severity>, <parentprocesspath>, <object>, <command>, <process>, <processid>

Terminal Activity Logs

All

<severity>, <process>, <processid>, <parentprocesspath>, <command>, <sessiontype>, <account>

Secure Tunnel Messages

All

<severity>, <process>, <action>, <packetsout>, <bytesout>, <object>

Action Performed Logs

All

<severity>, <process>, <processid>, <session>, <tag1>, <action>, <login>, <subject>, <sip>, <sport>

Misc. Connection Messages

All

<severity>, <protname>, <process>, <processid>, <sname>, <sip>, <subject>, <sender>, <recipient>

Status Logs

All

<severity>, <process>, <processid>, <subject>, <session>, <tag1>, <status>, <sport>, <login>, <size>

Parsed Metadata Fields

Device Field Name

LogRhythm Metadata Field

Value/Data Type

Action / Act

Action

Text/String

Agent

UserAgent

Text/String

Alert / Info / Note / Err

Severity

Text/String

Cve

CVE

CVE ID

Dstintf

DInterface

Numeric/Text/String

Dstip

DIP

IP Address

Dstport

DPort

Numeric

Event Id

VendorMsgID

Numeric

Group

Group

Text/String

Key

SMAC

MAC Address

Msg

Subject

Text/String

Msg / Desc

VendorInfo

Text/String

N/A

Account

Text/String

N/A

BytesIn

Numeric

N/A

BytesOut

Numeric

N/A

Command

Text/String

N/A

DName

Text/String

N/A

DName

Text/String

N/A

DNATIP

IP Address

N/A

Domain

Text/String

N/A

DomainImpacted

Text/String

N/A

DomainOrigin

Text/String

N/A

ObjectType

String

N/A

ParentProcessName

Text/String

N/A

Policy

Text/String

N/A

Process

Text/String

N/A

ProtNum

Numeric

N/A

Reason

Text/String

N/A

ResponseCode

Numeric

N/A

Seconds

Duration

N/A

SerialNumber

String

N/A

SName

Text/String

N/A

ThreatName

Text/String

Object Name / Devname

ObjectName

Text/String

Proto

ProtName

Text/String

Rcvdbyte

BytesIn

Numeric/Fraction

Sentbyte

BytesOut

Numeric/Fraction

Service

SessionType

Text/String

Session Id

Session

Text/ String

Srcintf / Intf

SInterface

Numeric/Text/String

Srcip / Ip

SIP

IP Address

Srcport

SPort

Numeric

type

ObjectType

Text/String

Url

URL

URL

User

Login

Text/String

version

Version

Text/String