V 2.0 : IIS W3C Events
Vendor Documentation
Classification
Rule Name | Rule Type | Common Event | Classification |
---|---|---|---|
V 2.0 : IIS W3C Events | Base Rule | General IIS Activity | Information |
V 2.0 : HTTP POST 400 : Bad Request | Sub Rule | HTTP 400 : Bad Request | Error |
V 2.0 : HTTP POST 401 : Unauthorized | Sub Rule | HTTP 401 : Unauthorized | Error |
V 2.0 : HTTP POST 402 : Request Err - Payment Req | Sub Rule | HTTP 402 : Request Error - Payment Required | Error |
V 2.0 : HTTP POST 403 : Forbidden | Sub Rule | HTTP 403 : Forbidden | Error |
V 2.0 : HTTP POST 404 : Not Found | Sub Rule | HTTP 404 : Not Found | Error |
V 2.0 : HTTP POST 405 : Method Not Allowed | Sub Rule | HTTP 405 : Method Not Allowed | Error |
V 2.0 : HTTP POST 406 : Not Acceptable | Sub Rule | HTTP 406 : Not Acceptable | Error |
V 2.0 : HTTP POST 407 : Proxy Authentication Req | Sub Rule | HTTP 407 : Proxy Authentication Required | Error |
V 2.0 : HTTP POST 408 : Request Timeout | Sub Rule | HTTP 408 : Request Timeout | Error |
V 2.0 : HTTP POST 409 : Conflict | Sub Rule | HTTP 409 : Conflict | Error |
V 2.0 : HTTP POST 410 : Gone | Sub Rule | HTTP 410 : Gone | Error |
V 2.0 : HTTP POST 411 : Length Required | Sub Rule | HTTP 411 : Length Required | Error |
V 2.0 : HTTP POST 412 : Precondition Failed | Sub Rule | HTTP 412 : Precondition Failed | Error |
V 2.0 : HTTP POST 413 : Request Entity Too Large | Sub Rule | HTTP 413 : Request Entity Too Large | Error |
V 2.0 : HTTP POST 414 : Request-URI Too Long | Sub Rule | HTTP 414 : Request-URI Too Long | Error |
V 2.0 : HTTP POST 415 : Unsupported Media Type | Sub Rule | HTTP 415 : Unsupported Media Type | Error |
V 2.0 : HTTP POST 416 : Requested Range Not Satisf | Sub Rule | HTTP 416 : Requested Range Not Satisfiable | Error |
V 2.0 : HTTP POST 417 : Expectation Failed | Sub Rule | HTTP 417 : Expectation Failed | Error |
V 2.0 : HTTP POST 440 : Req Error - Login Timeout | Sub Rule | HTTP 440 : Request Error - Login Timeout | Error |
V 2.0 : HTTP POST 500 :Server Err - Int Server Err | Sub Rule | HTTP 500 : Server Error - Internal Server Error | Error |
V 2.0 : HTTP POST 501 : Server Err - Not Implement | Sub Rule | HTTP 501 : Server Error - Not Implemented | Error |
V 2.0 : HTTP POST 502 : Server Error - Bad Gateway | Sub Rule | HTTP 502 : Server Error - Bad Gateway | Error |
V 2.0 : HTTP POST 503 : Service Unavailable | Sub Rule | HTTP 503 : Service Unavailable | Error |
V 2.0 : HTTP POST 504 : Server Err -Gateway Timeout | Sub Rule | HTTP 504 : Server Error - Gateway Time-Out | Error |
V 2.0 : HTTP POST 505 : Server Err -HTTP Ver Unsupp | Sub Rule | HTTP 505 : Server Error - HTTP Ver Unsupported | Error |
V 2.0 : HTTP POST 995 : SSL Operation Aborted | Sub Rule | HTTP 995 : Request Error - SSL Operation Aborted | Error |
V 2.0 : HTTP POST 100 : Continue | Sub Rule | HTTP 100 : Continue | Information |
V 2.0 : HTTP POST 101 : Transition Status- Protocol | Sub Rule | HTTP 101 : Transition Status - Protocol Switch | Information |
V 2.0 : HTTP POST 200 : Success Reply - OK | Sub Rule | HTTP 200 : Success Reply - OK | Information |
V 2.0 : HTTP POST 201 : Success Reply - Created | Sub Rule | HTTP 201 : Success Reply - Created | Information |
V 2.0 : HTTP POST 202 : Success Reply - Accepted | Sub Rule | HTTP 202 : Success Reply - Accepted | Information |
V 2.0 : HTTP POST 203 : Success Reply - Non-auth | Sub Rule | HTTP 203 : Success Reply - Nonauthoritative Info | Information |
V 2.0 : HTTP POST 204 : Success Reply - No Content | Sub Rule | HTTP 204 : Success Reply - No Content | Information |
V 2.0 : HTTP POST 205 : Success Reply-Reset Content | Sub Rule | HTTP 205 : Success Reply - Reset Content | Information |
V 2.0 :HTTP POST 206 : Success Rep -Partial Content | Sub Rule | HTTP 206 : Success Reply - Partial Content | Information |
V 2.0 : HTTP POST 207 : Success - Multistatus Resp | Sub Rule | HTTP 207 : Success - Multistatus Response | Information |
V 2.0 : HTTP POST 300 : Redirect - Multiple Choice | Sub Rule | HTTP 300 : Redirect - Multiple Choices | Information |
V 2.0 : HTTP POST 301 : Redirect - Moved Permanent | Sub Rule | HTTP 301 : Redirect - Moved Permanently | Information |
V 2.0 : HTTP POST 302 : Redirect - Moved Temporary | Sub Rule | HTTP 302 : Redirect - Moved Temporarily | Information |
V 2.0 : HTTP POST 303 : Redirect - See Other | Sub Rule | HTTP 303 : Redirect - See Other | Information |
V 2.0 : HTTP POST 304 : Redirect - Not Modified | Sub Rule | HTTP 304 : Redirect - Not Modified | Information |
V 2.0 : HTTP POST 305 : Redirect - Use Proxy | Sub Rule | HTTP 305 : Redirect - Use Proxy | Information |
V 2.0 : HTTP POST 306 : Redirect - Unused | Sub Rule | HTTP 306 : Redirect - Unused | Information |
V 2.0 :HTTP POST 307 : Redirect -Temporary Redirect | Sub Rule | HTTP 307 : Redirect - Temporary Redirect | Information |
V 2.0 : HTTP GET 100 : Transitional - Continue | Sub Rule | HTTP 100 : Continue | Information |
V 2.0 : HTTP GET 101 : Transitional - Proto Switch | Sub Rule | HTTP 101 : Transition Status - Protocol Switch | Information |
V 2.0 : HTTP GET 200 : Success - OK | Sub Rule | HTTP 200 : Success Reply - OK | Information |
V 2.0 : HTTP GET 201 : Success - Created | Sub Rule | HTTP 201 : Success Reply - Created | Information |
V 2.0 : HTTP GET 202 : Success - Accepted | Sub Rule | HTTP 202 : Success Reply - Accepted | Information |
V 2.0 : HTTP GET 203 : Success - Nonauthoritative | Sub Rule | HTTP 203 : Success Reply - Nonauthoritative Info | Information |
V 2.0 : HTTP GET 204 : Success - No Content | Sub Rule | HTTP 204 : Success Reply - No Content | Information |
V 2.0 : HTTP GET 205 : Success - Reset Content | Sub Rule | HTTP 205 : Success Reply - Reset Content | Information |
V 2.0 : HTTP GET 206 : Success - Partial Content | Sub Rule | HTTP 206 : Success Reply - Partial Content | Information |
V 2.0 : HTTP GET 207 : Success - Mult Response | Sub Rule | HTTP 207 : Success - Multistatus Response | Information |
V 2.0 : HTTP GET 300 : Redirect - Multiple Choices | Sub Rule | HTTP 300 : Redirect - Multiple Choices | Information |
V 2.0 : HTTP GET 301 : Redirect - Moved Permanentl | Sub Rule | HTTP 301 : Redirect - Moved Permanently | Information |
V 2.0 : HTTP GET 302 : Redirect- Moved Temporarily | Sub Rule | HTTP 302 : Redirect - Moved Temporarily | Information |
V 2.0 : HTTP GET 303 : Redirect - See Other | Sub Rule | HTTP 303 : Redirect - See Other | Information |
V 2.0 : HTTP GET 304 : Redirect - Not Modified | Sub Rule | HTTP 304 : Redirect - Not Modified | Information |
V 2.0 : HTTP GET 305 : Redirect - Use Proxy | Sub Rule | HTTP 305 : Redirect - Use Proxy | Information |
V 2.0 : HTTP GET 306 : Redirect - Unused | Sub Rule | HTTP 306 : Redirect - Unused | Information |
V 2.0 : HTTP GET 307 : Redirect-Temporary Redirect | Sub Rule | HTTP 307 : Redirect - Temporary Redirect | Information |
V 2.0 : HTTP GET 400 : Req Error - Bad Request | Sub Rule | HTTP 400 : Bad Request | Error |
V 2.0 : HTTP GET 401 : Req Error - Unauthorized | Sub Rule | HTTP 401 : Unauthorized | Error |
V 2.0 : HTTP GET 402 : Req Error-Payment Required | Sub Rule | HTTP 402 : Request Error - Payment Required | Error |
V 2.0 : HTTP GET 403 : Req Error - Forbidden | Sub Rule | HTTP 403 : Forbidden | Error |
V 2.0 : HTTP GET 404 : Req Error - Not Found | Sub Rule | HTTP 404 : Not Found | Error |
V 2.0 : HTTP GET 405 : Req Error-Method Not Allowed | Sub Rule | HTTP 405 : Request Error - Method Not Allowed | Error |
V 2.0 : HTTP GET 406 : Req Error - Not Acceptable | Sub Rule | HTTP 406 : Not Acceptable | Error |
V 2.0 : HTTP GET 407 : Req Error-Proxy Auth Request | Sub Rule | HTTP 407 : Request Error - Proxy Auth Required | Error |
V 2.0 : HTTP GET 408 : Req Error -Request Time Out | Sub Rule | HTTP 408 : Request Error - Request Time-Out | Error |
V 2.0 : HTTP GET 409 : Req Error - Conflict | Sub Rule | HTTP 409 : Request Error - Conflict | Error |
V 2.0 : HTTP GET 410 : Req Error - Gone | Sub Rule | HTTP 410 : Request Error - Gone | Error |
V 2.0 : HTTP GET 411 : Req Error - Length Required | Sub Rule | HTTP 411 : Request Error - Length Required | Error |
V 2.0 :HTTP GET 412 : Req Error-Precondition Failed | Sub Rule | HTTP 412 : Request Error - Precondition Failed | Error |
V 2.0 : HTTP GET 413 : Req Error-Req Item Too Big | Sub Rule | HTTP 413 : Request Error - Request Item Too Big | Error |
V 2.0 : HTTP GET 414 : Req Error-Req URL Too Large | Sub Rule | HTTP 414 : Request-URI Too Long | Error |
V 2.0 : HTTP GET 415 : Req Error -Unsupported Type | Sub Rule | HTTP 415 : Request Error - Unsupported Type | Error |
V 2.0 :HTTP GET 416 : Req Error-Req Rng Unfillable | Sub Rule | HTTP 416 : Request Error - Range Unfillable | Error |
V 2.0 : HTTP GET 417 : Req Error -Expectation Failed | Sub Rule | HTTP 417 : Request Error - Expectation Failed | Error |
V 2.0 : HTTP GET 440 : Client Error -Login Timeout | Sub Rule | HTTP 440 : Request Error - Login Timeout | Error |
V 2.0 : HTTP GET 500 : Svr Err -Internal Server Err | Sub Rule | HTTP 500 : Server Error - Internal Server Error | Error |
V 2.0 : HTTP GET 501 : Svr Error - Not Implemented | Sub Rule | HTTP 501 : Server Error - Not Implemented | Error |
V 2.0 : HTTP GET 502 : Svr Error - Bad Gateway | Sub Rule | HTTP 502 : Server Error - Bad Gateway | Error |
V 2.0 : HTTP GET 503 : Svr Err-Service Unavailable | Sub Rule | HTTP 503 : Server Error - Service Unavailable | Error |
V 2.0 : HTTP GET 504 : Svr Error -Gateway Time Out | Sub Rule | HTTP 504 : Server Error - Gateway Time-Out | Error |
V 2.0 :HTTP GET 505 : Svr Error-HTTP Ver Unsupported | Sub Rule | HTTP 505 : Server Error - HTTP Ver Unsupported | Error |
V 2.0 : GET Request | Sub Rule | HTTP GET Method Event | Information |
V 2.0 : POST Request | Sub Rule | HTTP POST Method Event | Information |
V 2.0 : RPC_OUT_DATA: 200 - OK | Sub Rule | HTTP 200 : Success Reply - OK | Information |
V 2.0 : RPC_IN_DATA: 404 - Not Found | Sub Rule | HTTP 404 : Not Found | Error |
V 2.0 : RPC_OUT_DATA: 404 - Not Found | Sub Rule | HTTP 404 : Not Found | Error |
V 2.0 : RPC_IN_DATA: 200 - OK | Sub Rule | HTTP 200 : Success Reply - OK | Information |
V 2.0 : PROPFIND Request | Sub Rule | Webdav Protocol PROPFIND Method | Activity |
V 2.0 : HEAD Request | Sub Rule | HTTP Head | Activity |
V 2.0 : HTTP 440 : Client Error - Login Timeout | Sub Rule | HTTP 440 : Request Error - Login Timeout | Error |
V 2.0 : HTTP 207 : Success - Multistatus Response | Sub Rule | HTTP 207 : Success - Multistatus Response | Information |
V 2.0 : HTTP 100 : Transitional - Continue | Sub Rule | HTTP 100 : Transition Status - Continue | Information |
V 2.0 : HTTP 101 : Transitional - Protocol Switch | Sub Rule | HTTP 101 : Transition Status - Protocol Switch | Information |
V 2.0 : HTTP 200 : Success - OK | Sub Rule | HTTP 200 : Success Reply - OK | Information |
V 2.0 : HTTP 201 : Success - Created | Sub Rule | HTTP 201 : Success Reply - Created | Information |
V 2.0 : HTTP 202 : Success - Accepted | Sub Rule | HTTP 202 : Success Reply - Accepted | Information |
V 2.0 : HTTP 203 : Success - Nonauthoritative Info | Sub Rule | HTTP 203 : Success Reply - Nonauthoritative Info | Information |
V 2.0 : HTTP 204 : Success - No Content | Sub Rule | HTTP 204 : Success Reply - No Content | Information |
V 2.0 : HTTP 205 : Success - Reset Content | Sub Rule | HTTP 205 : Success Reply - Reset Content | Information |
V 2.0 : HTTP 206 : Success - Partial Content | Sub Rule | HTTP 206 : Success Reply - Partial Content | Information |
V 2.0 : HTTP 300 : Redirect - Multiple Choices | Sub Rule | HTTP 300 : Redirect - Multiple Choices | Information |
V 2.0 : HTTP 301 : Redirect - Moved Permanently | Sub Rule | HTTP 301 : Redirect - Moved Permanently | Information |
V 2.0 : HTTP 302 : Redirect - Moved Temporarily | Sub Rule | HTTP 302 : Redirect - Moved Temporarily | Information |
V 2.0 : HTTP 303 : Redirect - See Other | Sub Rule | HTTP 303 : Redirect - See Other | Information |
V 2.0 : HTTP 304 : Redirect - Not Modified | Sub Rule | HTTP 304 : Redirect - Not Modified | Information |
V 2.0 : HTTP 305 : Redirect - Use Proxy | Sub Rule | HTTP 305 : Redirect - Use Proxy | Information |
V 2.0 : HTTP 306 : Redirect - Unused | Sub Rule | HTTP 306 : Redirect - Unused | Information |
V 2.0 : HTTP 307 : Redirect - Temporary Redirect | Sub Rule | HTTP 307 : Redirect - Temporary Redirect | Information |
V 2.0 : HTTP 400 : Req Error - Bad Request | Sub Rule | HTTP 400 : Request Error - Bad Request | Error |
V 2.0 : HTTP 401 : Req Error - Unauthorized | Sub Rule | HTTP 401 : Request Error - Unauthorized | Error |
V 2.0 : HTTP 402 : Req Error - Payment Required | Sub Rule | HTTP 402 : Request Error - Payment Required | Error |
V 2.0 : HTTP 403 : Req Error - Forbidden | Sub Rule | HTTP 403 : Request Error - Forbidden | Error |
V 2.0 : HTTP 404 : Req Error - Not Found | Sub Rule | HTTP 404 : Request Error - Not Found | Error |
V 2.0 : HTTP 405 : Req Error - Method Not Allowed | Sub Rule | HTTP 405 : Request Error - Method Not Allowed | Error |
V 2.0 : HTTP 406 : Req Error - Not Acceptable | Sub Rule | HTTP 406 : Request Error - Not Acceptable | Error |
V 2.0 : HTTP 407 : Req Error -Proxy Auth Requested | Sub Rule | HTTP 407 : Request Error - Proxy Auth Required | Error |
V 2.0 : HTTP 408 : Req Error - Request Time Out | Sub Rule | HTTP 408 : Request Error - Request Time-Out | Error |
V 2.0 : HTTP 409 : Req Error - Conflict | Sub Rule | HTTP 409 : Request Error - Conflict | Error |
V 2.0 : HTTP 410 : Req Error - Gone | Sub Rule | HTTP 410 : Request Error - Gone | Error |
V 2.0 : HTTP 411 : Req Error - Length Required | Sub Rule | HTTP 411 : Request Error - Length Required | Error |
V 2.0 : HTTP 412 : Req Error - Precondition Failed | Sub Rule | HTTP 412 : Request Error - Precondition Failed | Error |
V 2.0 : HTTP 413 : Req Error - Req Item Too Big | Sub Rule | HTTP 413 : Request Error - Request Item Too Big | Error |
V 2.0 : HTTP 414 : Req Error - Req URL Too Large | Sub Rule | HTTP 414 : Request Error - Request-URL Too Large | Error |
V 2.0 : HTTP 415 : Req Error - Unsupported Type | Sub Rule | HTTP 415 : Request Error - Unsupported Type | Error |
V 2.0 : HTTP 416 : Req Error - Req Rng Unfillable | Sub Rule | HTTP 416 : Request Error - Range Unfillable | Error |
V 2.0 : HTTP 417 : Req Error - Expectation Failed | Sub Rule | HTTP 417 : Request Error - Expectation Failed | Error |
V 2.0 : HTTP 500 : Svr Error - Internal Server Err | Sub Rule | HTTP 500 : Server Error - Internal Server Error | Error |
V 2.0 : HTTP 501 : Svr Error - Not Implemented | Sub Rule | HTTP 501 : Server Error - Not Implemented | Error |
V 2.0 : HTTP 502 : Svr Error - Bad Gateway | Sub Rule | HTTP 502 : Server Error - Bad Gateway | Error |
V 2.0 : HTTP 503 : Svr Error - Service Unavailable | Sub Rule | HTTP 503 : Server Error - Service Unavailable | Error |
V 2.0 : HTTP 504 : Svr Error - Gateway Time Out | Sub Rule | HTTP 504 : Server Error - Gateway Time-Out | Error |
V 2.0 : HTTP 505 : Svr Error - HTTP Ver Unsupporte | Sub Rule | HTTP 505 : Server Error - HTTP Ver Unsupported | Error |
Mapping with LogRhythm Schema
Device Key in Log Message | LogRhythm Schema | Data Type | Schema Description |
---|---|---|---|
N/A | N/A | N/A | date - The date on which the activity occurred. |
N/A | N/A | N/A | time - The time, in coordinated universal time (UTC), at which the activity occurred. |
N/A | <process> | Text/String | s-sitename - The Internet service name and instance number that was running on the client. |
N/A | <dname> | Text/String | s-computername - The name of the server on which the log file entry was generated. |
N/A | <dip> | Text/String/Number | s-ip - The IP address of the server on which the log file entry was generated. |
N/A | <command> <tag1> | Text/String | cs-method - The requested verb; for example, a GET method. |
N/A | <url> | Text/String/Number | cs-uri-stem - The target of the verb; for example, Default.htm. |
N/A | <object> | Text/String/Number | cs-uri-query - The query, if any, that the client was trying to perform. A Universal Resource Identifier (URI) query is necessary only for dynamic pages. |
N/A | <dport> | Numeric | s-port - The server port number that is configured for the service. |
N/A | <login> | Text/String/Number | cs-username - The name of the authenticated user that accessed the server. Anonymous users are indicated by a hyphen. |
N/A | <sip> | Text/String/Number | c-ip - The IP address of the client that made the request. |
N/A | <version> | Text/String/Number | cs-version - The HTTP protocol version that the client used. |
N/A | <useragent> | Text/String | cs(User-Agent) - The browser type that the client used. |
N/A | N/A | N/A | cs(Cookie) - The content of the cookie sent or received, if any. |
N/A | N/A | N/A | cs(Referer) - The site that the user last visited. This site provided a link to the current site. |
N/A | N/A | N/A | cs-host - The host header name, if any. |
N/A | <responsecode> <tag2> | Numeric | sc-status - The HTTP status code. |
N/A | N/A | N/A | sc-substatus - The substatus error code. |
N/A | N/A | N/A | sc-win32-status - The Windows status code. |
N/A | <bytesin> | Numeric | sc-bytes - The number of bytes sent by the server. |
N/A | <bytesout> | Numeric | cs-bytes - The number of bytes received and processed by the server. |
N/A | N/A | N/A | time-taken - The length of time that the action took, in milliseconds. |