Traffic Log
Classification
Rule Name | Rule Type | Classification | Common Event |
|---|---|---|---|
| Traffic Log | Base Rule | Network Traffic | Network Traffic |
| HTTP - 100 - Transition Status - Continue | Sub Rule | Information | HTTP 100 : Transition Status - Continue |
| HTTP - 101 - Transition Status - Protocol Switch | Sub Rule | Information | HTTP 101 : Transition Status - Protocol Switch |
| HTTP - 200 - Success Reply - OK | Sub Rule | Information | HTTP 200 : Success Reply - OK |
| HTTP - 201 - Success Reply - Created | Sub Rule | Information | HTTP 201 : Success Reply - Created |
| HTTP - 202 - Success Reply - Accepted | Sub Rule | Information | HTTP 202 : Success Reply - Accepted |
| HTTP - 203 - Success Reply - Nonauthoritative Info | Sub Rule | Information | HTTP 203 : Success Reply - Nonauthoritative Info |
| HTTP - 204 - Success Reply - No Content | Sub Rule | Information | HTTP 204 : Success Reply - No Content |
| HTTP - 205 - Success Reply - Reset Content | Sub Rule | Information | HTTP 205 : Success Reply - Reset Content |
| HTTP - 206 - Success Reply - Partial Content | Sub Rule | Information | HTTP 206 : Success Reply - Partial Content |
| HTTP - 300 - Redirect - Multiple Choices | Sub Rule | Information | HTTP 300 : Redirect - Multiple Choices |
| HTTP - 301 - Redirect - Moved Permanently | Sub Rule | Information | HTTP 301 : Redirect - Moved Permanently |
| HTTP - 302 - Redirect - Moved Temporarily | Sub Rule | Information | HTTP 302 : Redirect - Moved Temporarily |
| HTTP - 303 - Redirect - See Other | Sub Rule | Information | HTTP 303 : Redirect - See Other |
| HTTP - 304 - Redirect - Not Modified | Sub Rule | Information | HTTP 304 : Redirect - Not Modified |
| HTTP - 305 - Redirect - Use Proxy | Sub Rule | Misuse | Unauthorized Proxy Activity |
| HTTP - 306 - Redirect - Unused | Sub Rule | Information | HTTP 306 : Redirect - Unused |
| HTTP - 307 - Redirect - Temporary Redirect | Sub Rule | Information | HTTP 307 : Redirect - Temporary Redirect |
| HTTP - 400 - Request Error - Bad Request | Sub Rule | Error | HTTP 400 : Request Error - Bad Request |
| HTTP - 401 - Request Error - Unauthorized | Sub Rule | Error | HTTP 401 : Request Error - Unauthorized |
| HTTP - 402 - Request Error - Payment Required | Sub Rule | Error | HTTP 402 : Request Error - Payment Required |
| HTTP - 403 - Request Error - Forbidden | Sub Rule | Error | HTTP 403 : Request Error - Forbidden |
| HTTP - 404 - Request Error - Not Found | Sub Rule | Error | HTTP 404 : Request Error - Not Found |
| HTTP - 405 - Request Error - Method Not Allowed | Sub Rule | Error | HTTP 405 : Request Error - Method Not Allowed |
| HTTP - 406 - Request Error - Not Acceptable | Sub Rule | Error | HTTP 406 : Request Error - Not Acceptable |
| HTTP - 407 - Request Error - Proxy Auth Required | Sub Rule | Error | HTTP 407 : Request Error - Proxy Auth Reqd |
| HTTP - 408 - Request Error - Request Time-out | Sub Rule | Error | HTTP 408 : Request Error - Request Time-Out |
| HTTP - 409 - Request Error - Conflict | Sub Rule | Error | HTTP 409 : Request Error - Conflict |
| HTTP - 410 - Request Error - Gone | Sub Rule | Error | HTTP 410 : Request Error - Gone |
| HTTP - 411 - Request Error - Length Required | Sub Rule | Error | HTTP 411 : Request Error - Length Required |
| HTTP - 412 - Request Error - Precondition Failed | Sub Rule | Error | HTTP 412 : Request Error - Precondition Failed |
| HTTP - 413 - Request Error - Request Item Too Big | Sub Rule | Error | HTTP 413 : Request Error - Request Item Too Big |
| HTTP - 414 - Request Error - Request-URL Too Large | Sub Rule | Error | HTTP 414 : Request Error - Request-URL Too Large |
| HTTP - 415 - Request Error - Unsupported Type | Sub Rule | Error | HTTP 415 : Request Error - Unsupported Type |
| HTTP - 416 - Request Error - Range Unfillable | Sub Rule | Error | HTTP 416 : Request Error - Range Unfillable |
| HTTP - 417 - Request Error - Expectation Failed | Sub Rule | Error | HTTP 417 : Request Error - Expectation Failed |
| HTTP - 500 - Server Error - Internal Server Error | Sub Rule | Error | HTTP 500 : Server Error - Internal Server Error |
| HTTP - 501 - Server Error - Not Implemented | Sub Rule | Error | HTTP 501 : Server Error - Not Implemented |
| HTTP - 502 - Server Error - Bad Gateway | Sub Rule | Error | HTTP 502 : Server Error - Bad Gateway |
| HTTP - 503 - Server Error - Service Unavailable | Sub Rule | Error | HTTP 503 : Server Error - Service Unavailable |
| HTTP - 504 - Server Error - Gateway Time-out | Sub Rule | Error | HTTP 504 : Server Error - Gateway Time-Out |
| HTTP - 505 - Server Error - HTTP Ver Unsupported | Sub Rule | Error | HTTP 505 : Server Error - HTTP Ver Unsupported |
Mapping with LogRhythm Schema
Device Key in Log Message | LogRhythm Schema | Data Type |
|---|---|---|
| LOC2 | <severity> | Text/String |
| Oct 25 00:10:37 | <dname> | Text/String |
| logger | <sip> | Number |
| N/A | <dip> | Number |
| N/A | <command> | Text/String |
| N/A | <object> | Text/String |
| N/A | <protname> | Text/String |
| N/A | <vmid> | Number |
| N/A | <responsecode> | Number |
| N/A | <bytesin> | Number |