Vendor Documentation

Log Fields and Parsing

This section details the log fields available in this log message type, along with values parsed for both LogRhythm Default and LogRhythm Default v2.0 policies. A value of "N/A" (not applicable) means that there is no value parsed for a specified log field.

Log FieldLogRhythm DefaultLogRhythm Default v2.0
Product<version><vmid>
Origin<sender>N/A
Action<action><action>
Action<tag1><tag1>
SIP<sip><sip>
SPort<sport><sport>
DIP<dip><dip>
DPort<dport><dport>
Protocol<protname><protnum>
IFName<sinterface><sinterface>
IFDirection<tag2>N/A
Reason<reason><reason>
policyname<policy>N/A
Info<vendorinfo>N/A
XlateSIP<snatip><snatip>
XlateSport<snatport><snatport>
XlateDIP<dnatip><dnatip>
XlateDPort<dnatport><dnatport>
URL<url><url>
User<login>N/A
matched_category<subject><subject>
app_rule_name<command>N/A
web_client_type<useragent>N/A
app_risk<severity>N/A
appi_name<process>N/A
src_machine_name<sname><sname>
src_user_name<login><login>
received_bytes<bytesin><bytesout>
sent_bytes<bytesout><bytesin>

Log Processing Settings

This section details log processing changes made from the LogRhythm Default policy to LogRhythm Default v2.0. In some cases, base rules are broken down into sub-rules to appropriately parse log message types by their event types.

LogRhythm Default

Rule ID

Rule Name

Rule Type

Common Event

Classification

1010515URL FilteringBase RuleGeneral Firewall LogNetwork Traffic
URL Filtering : Traffic AcceptedSub RuleTraffic Allowed by Network FirewallNetwork Allow
URL Filtering : Traffic AllowedSub RuleTraffic Allowed by Network FirewallNetwork Allow
URL Filtering : Traffic DeniedSub RuleTraffic Denied by Network FirewallNetwork Deny
URL Filtering : Traffic DroppedSub RuleTraffic Denied by Network FirewallNetwork Deny
URL Filtering : Traffic BlockedSub RuleTraffic Denied by Network FirewallNetwork Deny
URL Filtering : Control TrafficSub RuleGeneral Firewall LogNetwork Traffic
URL Filtering : Traffic RedirectedSub RuleTraffic Redirected

Network Traffic

LogRhythm Default v2.0

Rule IDRule NameRule TypeCommon EventClassification
1012014V 2.0 : URL Filtering EventsBase RuleGeneral Network TrafficNetwork Traffic
V 2.0 : URL Filtering : AcceptSub RuleTraffic Allowed by ProxyNetwork Allow
V 2.0 : URL Filtering : AllowSub RuleTraffic Allowed by ProxyNetwork Allow
V 2.0 : URL Filtering : RejectSub RuleTraffic Denied by ProxyNetwork Deny