Device Details

Device NameForcepoint Stonesoft NGFW
VendorForcepoint
Device TypeNext Generation Firewall
Supported Model Name/NumberN/A
Supported Software VersionAll
Collection MethodSyslog
Configurable Log OutputN/A
Log Source TypeSyslog - Forcepoint Stonesoft NGFW
Log Processing PolicyLogRhythm Default
ExceptionsN/A
Additional Information

https://www.forcepoint.com/product/ngfw-next-generation-firewall
https://help.stonesoft.com/onlinehelp/StoneGate/SMC/6.5.0/GUID-71291199-8540-496C-A4DF-52A69E8FE227.html
https://support.forcepoint.com/KBArticle?id=000015002
https://www.websense.com/content/support/library/ngfw/v64/mgmt/ngfw_640_pg_a_en-us.pdf

Supported Log Messages

(List of LR Tags used to parse the log information for each message type)

Type

Product Version

Supported Schema Fields

Alert MessagesAll<version>, <vmid>, <objectname>, <cve>, <severity>, <sport>, <login>, <dip>, <subject>, <url>, <session>, <command>, <sinterface>, <dinterface>, <protnum>, <dport>, <sip>
Catch All : Level 1All<severity>
Catch All : Level 2All<severity>, <version>, <vmid>, <command>, <subject>, <sport>, <sname>, <dname>, <dip>

Firewall Messages

All<version>, <vmid>, <objectname>, <severity>, <sport>, <dip>, <object>, <session>, <command>, <sinterface>, <dinterface>, <protnum>, <dport>, <bytesin>, <bytesout>, <sip>
Firewall Messages - v6.2.XAll<version>, <vmid>, <command>, <severity>, <packetsin>, <packetsout>, <url>, <tag1>, <object>, <objectname>, <subject>, <dport>, <sport>, <dnatip>, <snatip>, <action>, <sinterface>, <protnum>, <dip>, <sip>, <dname>
Firewall Messages - v6.3.XAll<severity>, <version>, <vmid>, <command>, <url>, <packetsin>, <packetsout>, <object>, <objectname>, <subject>, <dnatip>, <snatip>, <action>, <sinterface>, <protnum>, <dport>, <sport>, <dip>, <sip>, <dname>
Firewall Messages - V6.4/6.5/6.6/6.7All<severity>, <version>, <vmid>, <command>, <login>, <objecttype>, <packetsin>, <packetsout>, <object>, <protname>, <objectname>, <dnatip>, <snatip>, <subject>, <dnatport>, <snatport>, <object>, <action>, <dinterface>, <dport>, <sport>, <dip>, <sip>, <dname>

Firewall Messages - V6.5.8

All<severity>, <version>, <vmid>, <command>, <dname>, <sip>, <dip>, <sport>,<dport>, <protnum>, <sinterface>, <dinterface>, <action>, <objectname>, <object>, <subject>
IPS MessagesAll<version>, <vmid>, <objectname>, <severity>, <sport>, <login>, <dmac>, <dip>, <subject>, <object>, <url>, <session>, <command>, <sinterface>, <dinterface>, <protnum>, <dport>, <bytesin>, <bytesout>, <sip>, <smac>

Revision History

KB Version

Log Type

Change Type

Details

KB 7.1.598.0N/ADocumentationUpdated documentation