Skip to main content
Skip table of contents

V 2.0 : Connectra Events

Vendor Documentation

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk122323

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk144192

Classification

Rule Name
Rule Type
Common Event
Classification
V 2.0 : Connectra EventsBase RuleGeneral VPN InformationOther Operations
V 2.0 : Connectra : Remote User Logged OnSub RuleUser LogonAuthentication Success
V 2.0 : Connectra : Remote User Logged OffSub RuleUser LogoffAuthentication Success
V 2.0 : Connectra : Remote Logon FailureSub RuleUser Logon FailureAuthentication Failure
V 2.0 : Connectra : Host IP ChangedSub RuleIP Address ChangedInformation

Mapping with LogRhythm Schema

Device Key in Log Message
LogRhythm Schema
Data Type
Schema Description
virtuallogsourceN/AN/AN/A
subproductN/AN/ASub Product
Product<vmid>Text/StringProduct name
OriginipN/AN/AIP of the log origin 
OriginN/AN/AName of the first Security Gateway that reported this event
Action<action>
<tag1>		Text/StringN/A
SIP<sip>IP AddressSource IP
Sport<sport>NumberSource host port number
DIP<dip>IP AddressDestination IP
dport<dport>NumberDestination host port number
protocol<protnum>NumberProtocol detected on the connection
ifnameN/AN/AThe name of the Security Gateway interface, through which a connection traverses
ifdirectionN/AN/AConnection direction
Reason<reason>Text/StringDescription of log's reason
RuleN/AN/A
InfoN/AN/ASpecial log message
XlateSIPN/AN/ASource ipv4 after applying NAT
XlateSportN/AN/ASource host port number after applying NAT
XlateDIPN/AN/ADestination ipv4 after applying NAT
XlateDPortN/AN/ADestination host port number after applying NAT
User<login>Text/StringSource user name
alertN/AN/AAlert level of matched rule (for connection logs)
icmp-codeN/AN/AIn case a connection is ICMP, ICMP code info will be added to the log
icmp-typeN/AN/AIn case a connection is ICMP, type info will be added to the log
matched_categoryN/AN/AName of matched category
rule_nameN/AN/AAccess rule name
UrlN/AN/AMatched URL
timeN/AN/AThe time stamp when the log was created.
proxy_src<snatip>IP AddressSender source IP (even when using proxy)
auth_methodN/AN/APassword authentication protocol used
client_nameN/AN/AClient Application or Software Blade that detected the event
status<result>Text/StringOk, Warning, Error
flagsN/AN/AN/A
loguidN/AN/AUUID  of unified logs 
originsicnameN/AN/AMachine SIC 
sequencenumN/AN/ANumber added to order logs with the same linux timestamp and origin
versionN/AN/AN/A
auth_method2N/AN/APassword authentication protocol used
auth_method3N/AN/APassword authentication protocol used
browserN/AN/AN/A
certificate_issueN/AN/AN/A
certificate_serial_numberN/AN/AN/A
client_buildN/AN/AN/A
client_versionN/AN/ABuild version of SandBlast Agent client installed on the computer
cvpn_categoryN/AN/AMobile Access application type
device_identificationN/AN/AN/A
event_typeN/AN/AN/A
failed_login_factorN/AN/AN/A
failed_login_factor_numN/AN/AN/A
fingerprintN/AN/AN/A
hardware_modelN/AN/AN/A
host_ipN/AN/AN/A
host_typeN/AN/AN/A
latitudeN/AN/AN/A
licenseN/AN/AN/A
login_optionN/AN/AN/A
login_timestampN/AN/AN/A
longitudeN/AN/AN/A
methodsN/AN/AIPSEc methods
office_mode_ipN/AN/AN/A
os_bitsN/AN/AN/A
os_buildN/AN/AN/A
os_editionN/AN/AN/A
os_nameN/AN/AName of the OS installed on the source endpoint computer
os_service_packN/AN/AN/A
os-versionN/AN/ABuild version of the OS installed on the source endpoint computer
session_timeoutN/AN/AN/A
session_uidN/AN/AMobile Access session identification
suppressed_logsN/AN/AAggregated connections for five minutes on the same source, destination and port
tunnel_protocolN/AN/AN/A
user_dnN/AN/AUser distinguished name connected to source IP
user_group<group>Text/StringThe group which the user belongs to, upon login
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close