V 2.0 : IPS Events

Vendor Documentation

Rule Name	Rule Type	Common Event	Classification
V 2.0 : IPS Events	Base Rule	General Information	Information
V 2.0 : IPS : Action Failed	Sub Rule	Action Failure	Error
V 2.0 : IPS : Action Started	Sub Rule	Start Action	Information

Device Key in Log Message	LogRhythm Schema	Data Type	Schema Description
virtuallogsource	N/A	N/A	N/A
subproduct	N/A	N/A	N/A
product	<vmid>	Text/String	Product name
Originip	<dip>	IP Address	IP of the log origin
origin	N/A	N/A	Name of the first Security Gateway that reported this event
Action	N/A	N/A	N/A
SIP	N/A	N/A	Source IP
SPort	N/A	N/A	Source host port number
DIP	N/A	N/A	Destination IP
dport	N/A	N/A	N/A
protocol	N/A	N/A	Protocol detected on the connection
ifname	N/A	N/A	The name of the Security Gateway interface through which a connection traverses
ifdirection	N/A	N/A	N/A
reason	<reason>	Text/String	Information on the error occurred
Rule	N/A	N/A	N/A
Info	N/A	N/A	N/A
XlateSIP	N/A	N/A	N/A
XlateSport	N/A	N/A	N/A
XlateDIP	N/A	N/A	N/A
XlateDPort	N/A	N/A	N/A
user	N/A	N/A	Source user name
alert	N/A	N/A	N/A
icmp-code	N/A	N/A	N/A
icmp-type	N/A	N/A	N/A
matched_category	N/A	N/A	N/A
rule_name	N/A	N/A	Access rule name
Url	N/A	N/A	N/A
time	N/A	N/A	The time stamp when the log was created
severity	N/A	N/A	N/A
description	<vendorinfo>	Text/String	N/A
update_status	<status> <tag1>	Text/String	N/A
flags	N/A	N/A	N/A
loguid	N/A	N/A	UUID of unified logs
sequencenum	N/A	N/A	Number added to order logs with the same Linux timestamp and origin
version	N/A	N/A	N/A
db_ver	N/A	N/A	N/A
subs_exp	N/A	N/A	N/A