Classification
|
Rule Name |
Rule Type |
Classification |
Common Event |
|---|---|---|---|
|
Traffic Log |
Base Rule |
Network Traffic |
Network Traffic |
|
HTTP - 100 - Transition Status - Continue |
Sub Rule |
Information |
HTTP 100 : Transition Status - Continue |
|
HTTP - 101 - Transition Status - Protocol Switch |
Sub Rule |
Information |
HTTP 101 : Transition Status - Protocol Switch |
|
HTTP - 200 - Success Reply - OK |
Sub Rule |
Information |
HTTP 200 : Success Reply - OK |
|
HTTP - 201 - Success Reply - Created |
Sub Rule |
Information |
HTTP 201 : Success Reply - Created |
|
HTTP - 202 - Success Reply - Accepted |
Sub Rule |
Information |
HTTP 202 : Success Reply - Accepted |
|
HTTP - 203 - Success Reply - Nonauthoritative Info |
Sub Rule |
Information |
HTTP 203 : Success Reply - Nonauthoritative Info |
|
HTTP - 204 - Success Reply - No Content |
Sub Rule |
Information |
HTTP 204 : Success Reply - No Content |
|
HTTP - 205 - Success Reply - Reset Content |
Sub Rule |
Information |
HTTP 205 : Success Reply - Reset Content |
|
HTTP - 206 - Success Reply - Partial Content |
Sub Rule |
Information |
HTTP 206 : Success Reply - Partial Content |
|
HTTP - 300 - Redirect - Multiple Choices |
Sub Rule |
Information |
HTTP 300 : Redirect - Multiple Choices |
|
HTTP - 301 - Redirect - Moved Permanently |
Sub Rule |
Information |
HTTP 301 : Redirect - Moved Permanently |
|
HTTP - 302 - Redirect - Moved Temporarily |
Sub Rule |
Information |
HTTP 302 : Redirect - Moved Temporarily |
|
HTTP - 303 - Redirect - See Other |
Sub Rule |
Information |
HTTP 303 : Redirect - See Other |
|
HTTP - 304 - Redirect - Not Modified |
Sub Rule |
Information |
HTTP 304 : Redirect - Not Modified |
|
HTTP - 305 - Redirect - Use Proxy |
Sub Rule |
Misuse |
Unauthorized Proxy Activity |
|
HTTP - 306 - Redirect - Unused |
Sub Rule |
Information |
HTTP 306 : Redirect - Unused |
|
HTTP - 307 - Redirect - Temporary Redirect |
Sub Rule |
Information |
HTTP 307 : Redirect - Temporary Redirect |
|
HTTP - 400 - Request Error - Bad Request |
Sub Rule |
Error |
HTTP 400 : Request Error - Bad Request |
|
HTTP - 401 - Request Error - Unauthorized |
Sub Rule |
Error |
HTTP 401 : Request Error - Unauthorized |
|
HTTP - 402 - Request Error - Payment Required |
Sub Rule |
Error |
HTTP 402 : Request Error - Payment Required |
|
HTTP - 403 - Request Error - Forbidden |
Sub Rule |
Error |
HTTP 403 : Request Error - Forbidden |
|
HTTP - 404 - Request Error - Not Found |
Sub Rule |
Error |
HTTP 404 : Request Error - Not Found |
|
HTTP - 405 - Request Error - Method Not Allowed |
Sub Rule |
Error |
HTTP 405 : Request Error - Method Not Allowed |
|
HTTP - 406 - Request Error - Not Acceptable |
Sub Rule |
Error |
HTTP 406 : Request Error - Not Acceptable |
|
HTTP - 407 - Request Error - Proxy Auth Required |
Sub Rule |
Error |
HTTP 407 : Request Error - Proxy Auth Reqd |
|
HTTP - 408 - Request Error - Request Time-out |
Sub Rule |
Error |
HTTP 408 : Request Error - Request Time-Out |
|
HTTP - 409 - Request Error - Conflict |
Sub Rule |
Error |
HTTP 409 : Request Error - Conflict |
|
HTTP - 410 - Request Error - Gone |
Sub Rule |
Error |
HTTP 410 : Request Error - Gone |
|
HTTP - 411 - Request Error - Length Required |
Sub Rule |
Error |
HTTP 411 : Request Error - Length Required |
|
HTTP - 412 - Request Error - Precondition Failed |
Sub Rule |
Error |
HTTP 412 : Request Error - Precondition Failed |
|
HTTP - 413 - Request Error - Request Item Too Big |
Sub Rule |
Error |
HTTP 413 : Request Error - Request Item Too Big |
|
HTTP - 414 - Request Error - Request-URL Too Large |
Sub Rule |
Error |
HTTP 414 : Request Error - Request-URL Too Large |
|
HTTP - 415 - Request Error - Unsupported Type |
Sub Rule |
Error |
HTTP 415 : Request Error - Unsupported Type |
|
HTTP - 416 - Request Error - Range Unfillable |
Sub Rule |
Error |
HTTP 416 : Request Error - Range Unfillable |
|
HTTP - 417 - Request Error - Expectation Failed |
Sub Rule |
Error |
HTTP 417 : Request Error - Expectation Failed |
|
HTTP - 500 - Server Error - Internal Server Error |
Sub Rule |
Error |
HTTP 500 : Server Error - Internal Server Error |
|
HTTP - 501 - Server Error - Not Implemented |
Sub Rule |
Error |
HTTP 501 : Server Error - Not Implemented |
|
HTTP - 502 - Server Error - Bad Gateway |
Sub Rule |
Error |
HTTP 502 : Server Error - Bad Gateway |
|
HTTP - 503 - Server Error - Service Unavailable |
Sub Rule |
Error |
HTTP 503 : Server Error - Service Unavailable |
|
HTTP - 504 - Server Error - Gateway Time-out |
Sub Rule |
Error |
HTTP 504 : Server Error - Gateway Time-Out |
|
HTTP - 505 - Server Error - HTTP Ver Unsupported |
Sub Rule |
Error |
HTTP 505 : Server Error - HTTP Ver Unsupported |
Mapping with LogRhythm Schema
|
Device Key in Log Message |
LogRhythm Schema |
Data Type |
|---|---|---|
|
LOC2 |
<severity> |
Text/String |
|
Oct 25 00:10:37 |
<dname> |
Text/String |
|
logger |
<sip> |
Number |
|
N/A |
<dip> |
Number |
|
N/A |
<command> |
Text/String |
|
N/A |
<object> |
Text/String |
|
N/A |
<protname> |
Text/String |
|
N/A |
<vmid> |
Number |
|
N/A |
<responsecode> |
Number |
|
N/A |
<bytesin> |
Number |