Skip to main content
Skip table of contents

Web Server Access 1

Vendor Documentation

Log Fields and Parsing

This section details the log fields available in this log message type, along with values parsed for both LogRhythm Default and LogRhythm Default v2.0 policies. A value of "N/A" (not applicable) means that there is no value parsed for a specified log field.

Log Field

LogRhythm Default

LogRhythm Default v2.0

N/A<bytesin><bytesin>
N/A<bytesout><bytesout>
N/A<command><command>
N/A<dip><dip>
N/A<domain>N/A
N/AN/A<dname>
N/A<dport><dport>
N/A<group>N/A
N/A<login><login>
N/A<milliseconds><milliseconds>
N/A<object><object>
N/A<responsecode>N/A
N/AN/A<process>
N/AN/A

<responsecode>

N/A<sender>N/A
N/A<sinterface>N/A
N/A<sip><sip>
N/A<snatip>N/A
N/A<tag1><tag1>
N/AN/A<tag2>
N/A<url><url>
N/A<subject>N/A
N/A<useragent><useragent>
N/AN/A<version>
N/A<vmid>N/A

Log Processing Settings

This section details log processing changes made from the LogRhythm Default policy to LogRhythm Default v2.0. In some cases, base rules are broken down into sub-rules to appropriately parse log message types by their event types.

LogRhythm Default

Regex ID

Rule Name

Rule Type

Common Event

Classification

1001460Web Server AccessBase RuleObject AccessedAccess Success
File DownloadSub RuleObject DownloadedAccess Success
File PostSub RuleObject AddedAccess Success
PROPFIND MethodSub RuleObject AccessedAccess Success
HEAD MethodSub RuleObject AccessedAccess Success
Remote Procedure Call Over HTTP: OUTSub RuleRemote Procedure Call AttemptNetwork Traffic
Remote Procedure Call Over HTTP: INSub RuleRemote Procedure Call AttemptNetwork Traffic
HTTP GET - 401 - Req Error - UnauthorizedSub RuleHTTP 401: Request Error - UnauthorizedError
HTTP GET - 400 - Req Error - Bad RequestSub RuleHTTP 400: Request Error - Bad RequestError
HTTP GET - 403 - Req Error - ForbiddenSub RuleHTTP 403: Request Error - ForbiddenError
HTTP GET - 404 - Req Error - Not FoundSub RuleHTTP 404: Request Error - Not FoundError
HTTP GET - 500 - Svr Error - Internal Server ErrorSub RuleHTTP 500: Server Error - Internal Server ErrorError
HTTP GET - 503 - Svr Error - Service UnavailableSub RuleHTTP 503: Server Error - Service UnavailableError
HTTP POST - 401 - Req Error - UnauthorizedSub RuleHTTP 401: Request Error - UnauthorizedError
HTTP POST - 400 - Req Error - Bad RequestSub RuleHTTP 400: Request Error - Bad RequestError
HTTP POST - 403 - Req Error - ForbiddenSub RuleHTTP 403: Request Error - ForbiddenError
HTTP POST - 404 - Req Error - Not FoundSub RuleHTTP 404: Request Error - Not FoundError
HTTP POST- 500 - Svr Error - Internal Server ErrorSub RuleHTTP 500: Server Error - Internal Server ErrorError
HTTP POST - 503 - Svr Error - Service UnavailableSub RuleHTTP 503: Server Error - Service UnavailableError
HTTP POST - 405 - Req Error - Method Not AllowedSub RuleHTTP 405: Request Error - Method Not AllowedError
HTTP - 502 - Svr Error - Bad GatewaySub RuleHTTP 502: Server Error - Bad GatewayError
HTTP - 400 - Req Error - Bad RequestSub RuleHTTP 400: Request Error - Bad RequestError
HTTP - 401 - Req Error - UnauthorizedSub RuleHTTP 401: Request Error - UnauthorizedError
HTTP - 402 - Req Error - Payment RequiredSub RuleHTTP 402: Request Error - Payment RequiredError
HTTP - 403 - Req Error - ForbiddenSub RuleHTTP 403: Request Error - ForbiddenError
HTTP - 404 - Req Error - Not FoundSub RuleHTTP 404: Request Error - Not FoundError
HTTP - 405 - Req Error - Method Not AllowedSub RuleHTTP 405: Request Error - Method Not AllowedError
HTTP - 500 - Svr Error - Internal Server ErrorSub RuleHTTP 500: Server Error - Internal Server ErrorError
HTTP - 502 - Svr Error - Bad GatewaySub RuleHTTP 502: Server Error - Bad GatewayError
HTTP - 503 - Svr Error - Service UnavailableSub RuleHTTP 503: Server Error - Service UnavailableError
HTTP - GET - 200: Success Reply - OKSub RuleHTTP 200: Success Reply - OKInformation
HTTP GET - 304 Redirect - Not ModifiedSub RuleHTTP 304: Redirect - Not ModifiedInformation

LogRhythm Default v2.0

Regex ID

Rule Name

Rule Type

Common Event

Classification

1013065V 2.0: IIS W3C EventsBase RuleGeneral IIS ActivityInformation
V 2.0: HTTP POST 400: Bad RequestSub RuleHTTP 400: Bad RequestError
V 2.0: HTTP POST 401: UnauthorizedSub RuleHTTP 401: UnauthorizedError
V 2.0: HTTP POST 402: Request Err - Payment ReqSub RuleHTTP 402: Request Error - Payment RequiredError
V 2.0: HTTP POST 403: ForbiddenSub RuleHTTP 403: ForbiddenError
V 2.0: HTTP POST 404: Not FoundSub RuleHTTP 404: Not FoundError
V 2.0: HTTP POST 405: Method Not AllowedSub RuleHTTP 405: Method Not AllowedError
V 2.0: HTTP POST 406: Not AcceptableSub RuleHTTP 406: Not AcceptableError
V 2.0: HTTP POST 407: Proxy Authentication ReqSub RuleHTTP 407: Proxy Authentication RequiredError
V 2.0: HTTP POST 408: Request TimeoutSub RuleHTTP 408: Request TimeoutError
V 2.0: HTTP POST 409: ConflictSub RuleHTTP 409: ConflictError
V 2.0: HTTP POST 410: GoneSub RuleHTTP 410: GoneError
V 2.0: HTTP POST 411: Length RequiredSub RuleHTTP 411: Length RequiredError
V 2.0: HTTP POST 412: Precondition FailedSub RuleHTTP 412: Precondition FailedError
V 2.0: HTTP POST 413: Request Entity Too LargeSub RuleHTTP 413: Request Entity Too LargeError
V 2.0: HTTP POST 414: Request-URI Too LongSub RuleHTTP 414: Request-URI Too LongError
V 2.0: HTTP POST 415: Unsupported Media TypeSub RuleHTTP 415: Unsupported Media TypeError
V 2.0: HTTP POST 416: Requested Range Not SatisfySub RuleHTTP 416: Requested Range Not SatisfiableError
V 2.0: HTTP POST 417: Expectation FailedSub RuleHTTP 417: Expectation FailedError
V 2.0: HTTP POST 440: Req Error - Login TimeoutSub RuleHTTP 440: Request Error - Login TimeoutError
V 2.0: HTTP POST 500: Server Err - Int Server ErrSub RuleHTTP 500: Server Error - Internal Server ErrorError
V 2.0: HTTP POST 501: Server Err - Not ImplementSub RuleHTTP 501: Server Error - Not ImplementedError
V 2.0: HTTP POST 502: Server Error - Bad GatewaySub RuleHTTP 502: Server Error - Bad GatewayError
V 2.0: HTTP POST 503: Service UnavailableSub RuleHTTP 503: Service UnavailableError
V 2.0: HTTP POST 504: Server Err -Gateway TimeoutSub RuleHTTP 504: Server Error - Gateway Time-OutError
V 2.0: HTTP POST 505: Server Err -HTTP Ver UnsuppSub RuleHTTP 505: Server Error - HTTP Ver UnsupportedError
V 2.0: HTTP POST 995: SSL Operation AbortedSub RuleHTTP 995: Request Error - SSL Operation AbortedError
V 2.0: HTTP POST 100: ContinueSub RuleHTTP 100: ContinueInformation
V 2.0: HTTP POST 101: Transition Status- ProtocolSub RuleHTTP 101: Transition Status - Protocol SwitchInformation
V 2.0: HTTP POST 200: Success Reply - OKSub RuleHTTP 200: Success Reply - OKInformation
V 2.0: HTTP POST 201: Success Reply - CreatedSub RuleHTTP 201: Success Reply - CreatedInformation
V 2.0: HTTP POST 202: Success Reply - AcceptedSub RuleHTTP 202: Success Reply - AcceptedInformation
V 2.0: HTTP POST 203: Success Reply - Non-authSub RuleHTTP 203: Success Reply - Nonauthoritative InfoInformation
V 2.0: HTTP POST 204: Success Reply - No ContentSub RuleHTTP 204: Success Reply - No ContentInformation
V 2.0: HTTP POST 205: Success Reply-Reset ContentSub RuleHTTP 205: Success Reply - Reset ContentInformation
V 2.0:HTTP POST 206: Success Rep -Partial ContentSub RuleHTTP 206: Success Reply - Partial ContentInformation
V 2.0: HTTP POST 207: Success - Multistatus RespSub RuleHTTP 207: Success - Multistatus ResponseInformation
V 2.0: HTTP POST 300: Redirect - Multiple ChoiceSub RuleHTTP 300: Redirect - Multiple ChoicesInformation
V 2.0: HTTP POST 301: Redirect - Moved PermanentSub RuleHTTP 301: Redirect - Moved PermanentlyInformation
V 2.0: HTTP POST 302: Redirect - Moved TemporarySub RuleHTTP 302: Redirect - Moved TemporarilyInformation
V 2.0: HTTP POST 303: Redirect - See OtherSub RuleHTTP 303: Redirect - See OtherInformation
V 2.0: HTTP POST 304: Redirect - Not ModifiedSub RuleHTTP 304: Redirect - Not ModifiedInformation
V 2.0: HTTP POST 305: Redirect - Use ProxySub RuleHTTP 305: Redirect - Use ProxyInformation
V 2.0: HTTP POST 306: Redirect - UnusedSub RuleHTTP 306: Redirect - UnusedInformation
V 2.0:HTTP POST 307: Redirect -Temporary RedirectSub RuleHTTP 307: Redirect - Temporary RedirectInformation
V 2.0: HTTP GET 100: Transitional - ContinueSub RuleHTTP 100: ContinueInformation
V 2.0: HTTP GET 101: Transitional - Proto SwitchSub RuleHTTP 101: Transition Status - Protocol SwitchInformation
V 2.0: HTTP GET 200: Success - OKSub RuleHTTP 200: Success Reply - OKInformation
V 2.0: HTTP GET 201: Success - CreatedSub RuleHTTP 201: Success Reply - CreatedInformation
V 2.0: HTTP GET 202: Success - AcceptedSub RuleHTTP 202: Success Reply - AcceptedInformation
V 2.0: HTTP GET 203: Success - NonauthoritativeSub RuleHTTP 203: Success Reply - Nonauthoritative InfoInformation
V 2.0: HTTP GET 204: Success - No ContentSub RuleHTTP 204: Success Reply - No ContentInformation
V 2.0: HTTP GET 205: Success - Reset ContentSub RuleHTTP 205: Success Reply - Reset ContentInformation
V 2.0: HTTP GET 206: Success - Partial ContentSub RuleHTTP 206: Success Reply - Partial ContentInformation
V 2.0: HTTP GET 207: Success - Mult ResponseSub RuleHTTP 207: Success - Multistatus ResponseInformation
V 2.0: HTTP GET 300: Redirect - Multiple ChoicesSub RuleHTTP 300: Redirect - Multiple ChoicesInformation
V 2.0: HTTP GET 301: Redirect - Moved PermanentlySub RuleHTTP 301: Redirect - Moved PermanentlyInformation
V 2.0: HTTP GET 302: Redirect- Moved TemporarilySub RuleHTTP 302: Redirect - Moved TemporarilyInformation
V 2.0: HTTP GET 303: Redirect - See OtherSub RuleHTTP 303: Redirect - See OtherInformation
V 2.0: HTTP GET 304: Redirect - Not ModifiedSub RuleHTTP 304: Redirect - Not ModifiedInformation
V 2.0: HTTP GET 305: Redirect - Use ProxySub RuleHTTP 305: Redirect - Use ProxyInformation
V 2.0: HTTP GET 306: Redirect - UnusedSub RuleHTTP 306: Redirect - UnusedInformation
V 2.0: HTTP GET 307: Redirect-Temporary RedirectSub RuleHTTP 307: Redirect - Temporary RedirectInformation
V 2.0: HTTP GET 400: Req Error - Bad RequestSub RuleHTTP 400: Bad RequestError
V 2.0: HTTP GET 401: Req Error - UnauthorizedSub RuleHTTP 401: UnauthorizedError
V 2.0: HTTP GET 402: Req Error-Payment RequiredSub RuleHTTP 402: Request Error - Payment RequiredError
V 2.0: HTTP GET 403: Req Error - ForbiddenSub RuleHTTP 403: ForbiddenError
V 2.0: HTTP GET 404: Req Error - Not FoundSub RuleHTTP 404: Not FoundError
V 2.0: HTTP GET 405: Req Error-Method Not AllowedSub RuleHTTP 405: Request Error - Method Not AllowedError
V 2.0: HTTP GET 406: Req Error - Not AcceptableSub RuleHTTP 406: Not AcceptableError
V 2.0: HTTP GET 407: Req Error-Proxy Auth RequestSub RuleHTTP 407: Request Error - Proxy Auth RequiredError
V 2.0: HTTP GET 408: Req Error -Request Time OutSub RuleHTTP 408: Request Error - Request Time-OutError
V 2.0: HTTP GET 409: Req Error - ConflictSub RuleHTTP 409: Request Error - ConflictError
V 2.0: HTTP GET 410: Req Error - GoneSub RuleHTTP 410: Request Error - GoneError
V 2.0: HTTP GET 411: Req Error - Length RequiredSub RuleHTTP 411: Request Error - Length RequiredError
V 2.0:HTTP GET 412: Req Error-Precondition FailedSub RuleHTTP 412: Request Error - Precondition FailedError
V 2.0: HTTP GET 413: Req Error-Req Item Too BigSub RuleHTTP 413: Request Error - Request Item Too BigError
V 2.0: HTTP GET 414: Req Error-Req URL Too LargeSub RuleHTTP 414: Request-URI Too LongError
V 2.0: HTTP GET 415: Req Error -Unsupported TypeSub RuleHTTP 415: Request Error - Unsupported TypeError
V 2.0:HTTP GET 416: Req Error-Req Rng UnfillableSub RuleHTTP 416: Request Error - Range UnfillableError
V 2.0: HTTP GET 417: Req Error -Expectation FailedSub RuleHTTP 417: Request Error - Expectation FailedError
V 2.0: HTTP GET 440: Client Error -Login TimeoutSub RuleHTTP 440: Request Error - Login TimeoutError
V 2.0: HTTP GET 500: Svr Err -Internal Server ErrSub RuleHTTP 500: Server Error - Internal Server ErrorError
V 2.0: HTTP GET 501: Svr Error - Not ImplementedSub RuleHTTP 501: Server Error - Not ImplementedError
V 2.0: HTTP GET 502: Svr Error - Bad GatewaySub RuleHTTP 502: Server Error - Bad GatewayError
V 2.0: HTTP GET 503: Svr Err-Service UnavailableSub RuleHTTP 503: Server Error - Service UnavailableError
V 2.0: HTTP GET 504: Svr Error -Gateway Time OutSub RuleHTTP 504: Server Error - Gateway Time-OutError
V 2.0:HTTP GET 505: Svr Error-HTTP Ver UnsupportedSub RuleHTTP 505: Server Error - HTTP Ver UnsupportedError
V 2.0: GET RequestSub RuleHTTP GET Method EventInformation
V 2.0: POST RequestSub RuleHTTP POST Method EventInformation
V 2.0: RPC_OUT_DATA: 200 - OKSub RuleHTTP 200: Success Reply - OKInformation
V 2.0: RPC_IN_DATA: 404 - Not FoundSub RuleHTTP 404: Not FoundError
V 2.0: RPC_OUT_DATA: 404 - Not FoundSub RuleHTTP 404: Not FoundError
V 2.0: RPC_IN_DATA: 200 - OKSub RuleHTTP 200: Success Reply - OKInformation
V 2.0: PROPFIND RequestSub RuleWebdav Protocol PROPFIND MethodActivity
V 2.0: HEAD RequestSub RuleHTTP HeadActivity
V 2.0: HTTP 440: Client Error - Login TimeoutSub RuleHTTP 440: Request Error - Login TimeoutError
V 2.0: HTTP 207: Success - Multistatus ResponseSub RuleHTTP 207: Success - Multistatus ResponseInformation
V 2.0: HTTP 100: Transitional - ContinueSub RuleHTTP 100: Transition Status - ContinueInformation
V 2.0: HTTP 101: Transitional - Protocol SwitchSub RuleHTTP 101: Transition Status - Protocol SwitchInformation
V 2.0: HTTP 200: Success - OKSub RuleHTTP 200: Success Reply - OKInformation
V 2.0: HTTP 201: Success - CreatedSub RuleHTTP 201: Success Reply - CreatedInformation
V 2.0: HTTP 202: Success - AcceptedSub RuleHTTP 202: Success Reply - AcceptedInformation
V 2.0: HTTP 203: Success - Nonauthoritative InfoSub RuleHTTP 203: Success Reply - Nonauthoritative InfoInformation
V 2.0: HTTP 204: Success - No ContentSub RuleHTTP 204: Success Reply - No ContentInformation
V 2.0: HTTP 205: Success - Reset ContentSub RuleHTTP 205: Success Reply - Reset ContentInformation
V 2.0: HTTP 206: Success - Partial ContentSub RuleHTTP 206: Success Reply - Partial ContentInformation
V 2.0: HTTP 300: Redirect - Multiple ChoicesSub RuleHTTP 300: Redirect - Multiple ChoicesInformation
V 2.0: HTTP 301: Redirect - Moved PermanentlySub RuleHTTP 301: Redirect - Moved PermanentlyInformation
V 2.0: HTTP 302: Redirect - Moved TemporarilySub RuleHTTP 302: Redirect - Moved TemporarilyInformation
V 2.0: HTTP 303: Redirect - See OtherSub RuleHTTP 303: Redirect - See OtherInformation
V 2.0: HTTP 304: Redirect - Not ModifiedSub RuleHTTP 304: Redirect - Not ModifiedInformation
V 2.0: HTTP 305: Redirect - Use ProxySub RuleHTTP 305: Redirect - Use ProxyInformation
V 2.0: HTTP 306: Redirect - UnusedSub RuleHTTP 306: Redirect - UnusedInformation
V 2.0: HTTP 307: Redirect - Temporary RedirectSub RuleHTTP 307: Redirect - Temporary RedirectInformation
V 2.0: HTTP 400: Req Error - Bad RequestSub RuleHTTP 400: Request Error - Bad RequestError
V 2.0: HTTP 401: Req Error - UnauthorizedSub RuleHTTP 401: Request Error - UnauthorizedError
V 2.0: HTTP 402: Req Error - Payment RequiredSub RuleHTTP 402: Request Error - Payment RequiredError
V 2.0: HTTP 403: Req Error - ForbiddenSub RuleHTTP 403: Request Error - ForbiddenError
V 2.0: HTTP 404: Req Error - Not FoundSub RuleHTTP 404: Request Error - Not FoundError
V 2.0: HTTP 405: Req Error - Method Not AllowedSub RuleHTTP 405: Request Error - Method Not AllowedError
V 2.0: HTTP 406: Req Error - Not AcceptableSub RuleHTTP 406: Request Error - Not AcceptableError
V 2.0: HTTP 407: Req Error -Proxy Auth RequestedSub RuleHTTP 407: Request Error - Proxy Auth RequiredError
V 2.0: HTTP 408: Req Error - Request Time OutSub RuleHTTP 408: Request Error - Request Time-OutError
V 2.0: HTTP 409: Req Error - ConflictSub RuleHTTP 409: Request Error - ConflictError
V 2.0: HTTP 410: Req Error - GoneSub RuleHTTP 410: Request Error - GoneError
V 2.0: HTTP 411: Req Error - Length RequiredSub RuleHTTP 411: Request Error - Length RequiredError
V 2.0: HTTP 412: Req Error - Precondition FailedSub RuleHTTP 412: Request Error - Precondition FailedError
V 2.0: HTTP 413: Req Error - Req Item Too BigSub RuleHTTP 413: Request Error - Request Item Too BigError
V 2.0: HTTP 414: Req Error - Req URL Too LargeSub RuleHTTP 414: Request Error - Request-URL Too LargeError
V 2.0: HTTP 415: Req Error - Unsupported TypeSub RuleHTTP 415: Request Error - Unsupported TypeError
V 2.0: HTTP 416: Req Error - Req Rng UnfillableSub RuleHTTP 416: Request Error - Range UnfillableError
V 2.0: HTTP 417: Req Error - Expectation FailedSub RuleHTTP 417: Request Error - Expectation FailedError
V 2.0: HTTP 500: Svr Error - Internal Server ErrSub RuleHTTP 500: Server Error - Internal Server ErrorError
V 2.0: HTTP 501: Svr Error - Not ImplementedSub RuleHTTP 501: Server Error - Not ImplementedError
V 2.0: HTTP 502: Svr Error - Bad GatewaySub RuleHTTP 502: Server Error - Bad GatewayError
V 2.0: HTTP 503: Svr Error - Service UnavailableSub RuleHTTP 503: Server Error - Service UnavailableError
V 2.0: HTTP 504: Svr Error - Gateway Time OutSub RuleHTTP 504: Server Error - Gateway Time-OutError
V 2.0: HTTP 505: Svr Error - HTTP Ver UnsupportedSub RuleHTTP 505: Server Error - HTTP Ver UnsupportedError
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.