Skip to main content
Skip table of contents

Traffic : Sniffer

Vendor Documentation

Classification

Rule Name

Rule Type

Classification

Common Event

Traffic: SnifferBase RuleNetwork TrafficGeneral Network Traffic Log Message
VMID 00017: Sniffer Traffic AcceptSub RuleNetwork AllowTraffic Allowed by Network Firewall
VMID 00021: Sniffer Traffic AcceptSub RuleNetwork AllowTraffic Allowed by Network Firewall

Mapping with LogRhythm Schema  

Device Key in Log MessageLogRhythm SchemaData TypeSchema Description
devname<subject>Text/StringN/A
logid

<vmid>

<tag1>

NumberN/A
level<severity>Number/TextN/A
vd<domain>Text/StringN/A
srcip<sip>IP AddressIP Address
srcport<sport>NumberN/A
srcintf<sinterface>Text/String/NumberN/A
dstip<dip>IP AddressIP Address
dstport<dport>NumberN/A
dstintf<dinterface>Text/String/NumberN/A
sessionid<session>Number/Text/StringN/A
proto<protnum>NumberN/A
action

<action>

<tag2>

Text/StringN/A
policyid<policy>NumberN/A
service<protname>Text/StringN/A
tranSip<snatip>IP AddressIP Address
sentbyte<bytesout>NumberN/A
rcvdbyte<bytesin>NumberN/A
sentpkt<itemsout>NumberN/A
rcvdpkt<itemsin>NumberN/A
app<object>Text/StringN/A
appcat<objectname>Text/StringN/A
utmaction

<tag3>

Text/StringN/A
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.