Skip to main content
Skip table of contents

Response Code [7.2]

The explicit and well-defined response code for an action or command in a log. Response Code differs from Result in that response code should be well structured and easily identifiable as a code.

This field is not available in LogRhythm versions earlier than 7.2.1.

Data Type

String

Aliases

UseAlias

Client Console Full Name

Response Code

Client Console Short Name

Response Code

Web Console Tab/Name

Response Code

Elasticsearch Field Name

responseCode

Rule Builder Column Name

ResponseCode

Regex Pattern

<responsecode>

NetMon Name

Not applicable

Field Relationships

  • Status
  • Result
  • Action
  • Command
  • VMID

Common Applications

  • Web server
  • Proxy
  • Mail server

Use Case

Anything that captures HTTP or SMTP traffic.

MPE/Data Masking Manipulations

Not applicable.

Usage Standards

  • Response Code should be industry standard. If it is a vendor standard, use VMID.
  • If the value is unstructured text, use Result instead.
  • This supplants VMID completely for parsing HTTP and SMTP response codes. In other words, VMID should be tied to a vendor while HTTP codes are an independent standard.
  • This field can be extended to non-IT industry response codes. For example, credit card response codes if ATM or POS logs are parsed, and ICS/SCADA-specific protocols. 

Examples

  • IBM WebSphere DataPower Integration

03 23 2014 13:14:32 1.1.1.1 <USER:INFO> Mar 23 13:14:26USABLDRRECFLOW01 [Service_Router][mpgw][info] mpgw(Routing_Int_MPG): trans(1954389697)[1.1.1.1]: HTTP response code 200 for 'https://1.1.1.1:54010/legacy/eg/aggregate'

200 parsed into Response code.

  • Microsoft IIS

::1, Host1st@Host2, 8/25/2015, 15:25:43, W3SVC2, USABLDRRECFLOW01, ::1, 171, 327, 512, 500, 0, GET, /, |88|800a0009|Subscript_out_of_range:_'[number:_1]',

HTTP response code.

  • Microsoft ActiveSync 2010

2012-08-26 00:07:52 1.1.1.1 GET /owa/1.1.1.1/scripts/premium/flogon.js - 443 - 1.1.1.1 Mozilla/5.0+(Windows+NT+6.1;+WOW64)+AppleWebKit/537.1+(KHTML,+like+Gecko)+Chrome/21.0.1180.83+Safari/537.1 304 0 0 281

HTTP response code from ActiveSync.

  • Microsoft IIS SMTP

2012-03-29 07:30:50 1.1.1.1 USABLDRRECFLOW01SMTPSVC1 CDESMTP 1.1.1.1 0 HELO - +CDENETMON 250 0 55 14 0 SMTP - - - -

SMTP response code.

  • Bluecoat Proxy

06 29 2015 14:26:18 1.1.1.1 <USER:NOTE> date=2015-06-29 time=19:25:57 time-taken=65 c-ip=1.1.1.1 cs-username=- cs-auth-group=- x-exception-id=- sc-filter-result=OBSERVED cs-categories="Technology/Internet" cs(Referer)=http://www.amazon.com/Travel-Mattress-Healing-Magnetic-Cover/dp/B0029OMC6A cs-status=500 s-action=TCP_NC_MISS cs-method=GET rs(Content-Type)=text/xml cs-uri-scheme=http cs-host=fls-na.amazon.com cs-uri-port=80 cs-uri-path=/1/amazon-clicks/1/OP cs-uri-query=?requestId=1J6GGDGMDB10asdvasehQ2&childRequestId=152CJ96fgnfhjkjTW28Z5AP&widgetName=variant_ads_below_fold&searchResultNumber=1&impressionRankOnAsin=3 cs-uri-extension=- cs(User-Agent)=Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko s-ip=1.1.1.1 cs-bytes=1217 rs-bytes=293

Despite Status being the key, the value is an HTTP response code.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close