V 2.0 : Firewall Events | LogRhythm Documentation

Vendor Documentation

Rule Name	Rule Type	Common Event	Classification
V 2.0 : Firewall Events	Base Rule	General Information	Information
V 2.0 : Firewall : Action Failed	Sub Rule	Action Failure	Error
V 2.0 : Firewall : Action Started	Sub Rule	Start Action	Information

Device Key in Log Message	LogRhythm Schema	Data Type	Schema Description
virtuallogsource	N/A	N/A	N/A
subproduct	N/A	N/A	N/A
product	<vmid>	Text/String	Product name
Originip	<dip>	IP Address	IP of the log origin
origin	N/A	N/A	Name of the first Security Gateway that reported this event
Action	N/A	N/A	N/A
SIP	N/A	N/A	Source IP
SPort	N/A	N/A	Source host port number
DIP	N/A	N/A	Destination IP
dport	N/A	N/A	N/A
protocol	N/A	N/A	Protocol detected on the connection
ifname	N/A	N/A	The name of the Security Gateway interface through which a connection traverses
ifdirection	N/A	N/A	N/A
reason	<reason>	Text/String	Information on the error
Rule	N/A	N/A	N/A
Info	N/A	N/A	N/A
XlateSIP	N/A	N/A	N/A
XlateSport	N/A	N/A	N/A
XlateDIP	N/A	N/A	N/A
XlateDPort	N/A	N/A	N/A
user	N/A	N/A	Source user name
alert	N/A	N/A	N/A
icmp-code	N/A	N/A	N/A
icmp-type	N/A	N/A	N/A
matched_category	N/A	N/A	N/A
rule_name	N/A	N/A	Access rule name
Url	N/A	N/A	N/A
time	N/A	N/A	The time stamp when the log was created
severity	N/A	N/A	N/A
description	N/A	N/A	N/A
status	<status> <tag1>	Text/String	N/A
flags	N/A	N/A	N/A
loguid	N/A	N/A	UUID of unified logs
originsicname	N/A	N/A	Machine SIC
sequencenum	N/A	N/A	Number added to order logs with the same Linux timestamp and origin
version	N/A	N/A	N/A
failure_impact	<result>	Text/String	N/A
comment	N/A	N/A	N/A
update_service	N/A	N/A	N/A
version	N/A	N/A	N/A