Device Details

Device NameBroadcomm ProxySG

Vendor

Broadcomm

Device Type

Broadcomm

Supported Model Name/Number

N/A

Supported Software Version(s)

N/A

Collection Method

Syslog

Configurable Log Output?

Yes

Log Source Type

Syslog - Broadcomm ProxySG

Log Processing Policy

LogRhythm Default

Exceptions

N/A

Additional Information

https://techdocs.broadcom.com/content/dam/broadcom/techdocs/symantec-security-software/web-and-network-security/proxysg/common/LogFieldsSubs.pdf

Supported Log Messages

(List of LR Tags used to parse the log information for each message type)

Type

Product Version

Supported Schema Fields

Access Log CustomAll<severity>, <vmid>, <objectname>, <subject>, <sip>, <sport>, <object>, <quantity>
Access Logs (Key Value Pair)All<vmid>, <severity>, <sip>, <dip>, <dname>, <dport>, <protname>, <login>, <domainorigin>, <object>, <objectname>, <objecttype>, <subject>, <useragent>, <url>, <group>, <command>, <action>, <result>, <responsecode>, <bytesin>, <bytesout>, <duration>, <tag2>
Access Logs - No Sub Rules Do NOT useAll<vmid>, <tag1>, <sip>, <dport>, <process>, <object>, <bytesin>, <bytesout>, <tag2>


Access Logs (Space Delimited)
All<vmid>, <severity>, <sip>, <dip>, <dport>, <login>, <domainorigin>, <object>, <objectname>, <objecttype>, <subject>, <useragent>, <url>, <group>, command>, <action>, <responsecode>, <bytesin>, <bytesout>, <duration>, <tag2>
Action DiscardedAll<vmid>, <policy>, <object>, <tag1>
Administrative Configuration EventAll<vmid>, <sip>, <login>, <tag1>, <domain>, <object>
Administrator ConfigurationAll<vmid>, <dip>, <domain>, <login>, <object>, <tag1>
Administrator LoginAll<severity>, <sessiontype>, <vmid>, <sip>, <domain>, <login>, <subject>, <object>
Administrator LogonAll<severity>, <vmid>, <command>, <domain>, <login>, <dname>, <sip>, <session>, <object>
Authentication Failed All

<vmid>, <severity>, <login>, <domainorigin>, <object>, <subject>, <reason>, <status>, <responsecode>

Catch All : Level 1All<severity>, <tag1>
Catch All : Level 3All <vmid>, <tag1>
Configuration Mode ChangeAll<vmid>, <sip>, <login>, <object>, <tag1>


Connection Information


All<vmid>, <severity> , <tag1>, <object>, <sip>, <sport>
Connection StatusAll<vmid> ,<tag1>, <domain>, <dip>, <dport>, <tag2>, <object>
Console Password Authentication FailAll<severity>, <vmid>, <sip>, <login>, <object>
Content Observed/DeniedAll<vmid>, <sip>, <dport>, <dnatip>, <dinterface>, <protname>, <login>, <sessiontype>, <session>, <object>, <objectname>, <objecttype>, <subject>, <version>, <useragent>, <url>, <group>, <command>, <responsecode>, <status>, <bytesin>, <bytesout>, <tag1>, <tag2>
Did Not Receive Identification StringAll<severity>, <vmid>, <sip>, <object>
Disconnecting : Authentication FailuresAll<vmid>, <severity>, <login>, <object>
DNS Service RestoredAll<vmid>, <tag1>, <tag2>, <tag3>, <tag4>
Dynamic Categorization ErrorAll<severity>, <vmid>, <subject>, <object>, <objectname>
Failed AuthenticationAll<severity>, <vmid>, <sip>, <domain>, <login>, <group>, <dname>, <process>
Failed EventAll<severity>, <vmid>, <tag1>, <login>, <sip>, <sport>, <protname>, <object>
FTP Access LogAll<vmid>, <tag3>, <responsecode>, <domain>, <dname>, <dport>, <login>, <subject>, <tag1>, <command>, <tag2>, <dip>
General Connection MessagesAll<vmid>, <sip>, <dip>, <dport>, <sport>, <snatip>, <dnatip>, <protname>, <login>, <parentprocesspath>, <object>, <useragent>, <url>, <group>, <action>, <result>, <status>, <bytesin>, <bytesout>
Grace Period TimeoutAll<severity>, <vmid>, <tag1>, <object>
Header InformationAll<severity>, <objectname>, <version>, <object>
HTTP RequestsAll

<vmid>, <severity>, <sip>, <sname>, <dip>, <dname>, <sport>, <protname>, <session>, <object>, <subject>, <objectname>, <useragent>, <url>, <tag1>

Last Message RepeatedAll<severity>, <dname>, <subject>, <quantity>, <url>, <protname>, <responsecode>
Network Connection MessagesAll

<vmid>, <severity>, <sip>, <dip>, <dname>, <sport>, <protname>, <useragent>, <url>, <group>, <command>, <duration>

NTP Time ComparisonAll<vmid>, <severity>, <protname>, <dname>, <tag1>, <duration>, <object>
No Gateway ConfiguredAll<severity>, <vmid>, <protname>, <object>
Null Character Found In Request LineAll<vmid>, <severity> , <sip>, <object>
Process ReturnedAll<severity> , <vmid>, <process>, <objectname>, <object>
Proxy Realm InformationAll<severity>, <dname>, <sip>, <sinterface>, <object>, <vmid>, <objectname>, <dip>, <command>, <dinterface>, <dport>
Severe Error InformationAll<severity>, <vmid>, <object>, <subject>
Snapshot FetchedAll<vmid>, <severity>, <objectname>, <object>, <subject>
State ChangedAll<vmid>, <tag1>, <tag2>, <sip>, <tag3>
TCP ErrorAll<severity>, <sip>, <vmid>, <domain>, <account>, <command>, <url>, <processid>, <responsecode>, <process>, <object>, <useragent>, <dip>
Unavailable Web TrafficAll<tag1>, <url>, <vmid>, <process>, <protname>, <sip>, <bytesout>, <bytesin>
Web TrafficAll<severity>, <milliseconds>, <sip>, <login>, <account>, <domain>, <group>, <tag1>, <subject>, <url>, <responsecode>, <vmid>, <action>, <process>, <objecttype>, <protname>, <dip>, <dname>, <dport>, <object>, <useragent>, <bytesout>, <bytesin>, <tag2>
WebURL AccessAll<severity>, <sip>, <dip>, <snatip>, <protnum>, <protname>, <login>, <session>, <object>, <objectname>, <subject>, <useragent>, <url>, <command>, <responsecode>, <tag1>
Write Connection ClosedAll<severity>, <vmid>, <object>

Revision History

KB Version

Log Type

Change Type

Details

KB 7.1.638.0Syslog - Broadcom ProxySGPolicy: LogRhythm DefaultLog processing policy for Syslog - Broadcom ProxySG