Syslog - Symantec Messaging Gateway
Device Details
Vendor | Symantec |
|---|---|
Device Type | Messaging Gateway |
Supported Model Name/Number | N/A |
Supported Software Version(s) | N/A |
Collection Method | Syslog |
Configurable Log Output? | N/A |
Log Source Type | Syslog – Symantec Messaging Gateway |
Log Processing Policy | N/A |
Exceptions | N/A |
Additional Information | N/A |
Currently Supported Log Types
| Type | Product Version | Supported Schema Fields |
|---|---|---|
| Catch All: Level 1 | All | <severity>, <tag1> |
| Connection From UDP | All | <severity>, <processid>, <action>, <sip>, <sport>, <process>, <dip> |
| General Action Messages | All | <severity>, <protname>, <process>, <processid>, <parentprocesspath>, <vmid>, <action>, <object> |
| Crond Logs | All | <severity>, <parentprocesspath>, <object>, <command>, <process>, <processid> |
| Terminal Activity Logs | All | <severity>, <process>, <processid>, <parentprocesspath>, <command>, <sessiontype>, <account> |
| Secure Tunnel Messages | All | <severity>, <process>, <action>, <packetsout>, <bytesout>, <object> |
| Action Performed Logs | All | <severity>, <process>, <processid>, <session>, <tag1>, <action>, <login>, <subject>, <sip>, <sport> |
| Misc. Connection Messages | All | <severity>, <protname>, <process>, <processid>, <sname>, <sip>, <subject>, <sender>, <recipient> |
| Status Logs | All | <severity>, <process>, <processid>, <subject>, <session>, <tag1>, <status>, <sport>, <login>, <size> |
Parsed Metadata Fields
| Device Field Name | LogRhythm Metadata Field | Value/Data Type |
|---|---|---|
| Action / Act | Action | Text/String |
| Agent | UserAgent | Text/String |
| Alert / Info / Note / Err | Severity | Text/String |
| Cve | CVE | CVE ID |
| Dstintf | DInterface | Numeric/Text/String |
| Dstip | DIP | IP Address |
| Dstport | DPort | Numeric |
| Event Id | VendorMsgID | Numeric |
| Group | Group | Text/String |
| Key | SMAC | MAC Address |
| Msg | Subject | Text/String |
| Msg / Desc | VendorInfo | Text/String |
| N/A | Account | Text/String |
| N/A | BytesIn | Numeric |
| N/A | BytesOut | Numeric |
| N/A | Command | Text/String |
| N/A | DName | Text/String |
| N/A | DName | Text/String |
| N/A | DNATIP | IP Address |
| N/A | Domain | Text/String |
| N/A | DomainImpacted | Text/String |
| N/A | DomainOrigin | Text/String |
| N/A | ObjectType | String |
| N/A | ParentProcessName | Text/String |
| N/A | Policy | Text/String |
| N/A | Process | Text/String |
| N/A | ProtNum | Numeric |
| N/A | Reason | Text/String |
| N/A | ResponseCode | Numeric |
| N/A | Seconds | Duration |
| N/A | SerialNumber | String |
| N/A | SName | Text/String |
| N/A | ThreatName | Text/String |
| Object Name / Devname | ObjectName | Text/String |
| Proto | ProtName | Text/String |
| Rcvdbyte | BytesIn | Numeric/Fraction |
| Sentbyte | BytesOut | Numeric/Fraction |
| Service | SessionType | Text/String |
| Session Id | Session | Text/ String |
| Srcintf / Intf | SInterface | Numeric/Text/String |
| Srcip / Ip | SIP | IP Address |
| Srcport | SPort | Numeric |
| type | ObjectType | Text/String |
| Url | URL | URL |
| User | Login | Text/String |
| version | Version | Text/String |