loglogic log source report mapping guidebook · pdf filelog source report mapping guide 3 ......

TIBCO LogLogic®

Log Management Intelligence (LMI)

Log Source Report Mapping Guidebook

Software Release: 5.3.1

August 2012

Important Information

SOME TIBCO SOFTWARE EMBEDS OR BUNDLES OTHER TIBCO SOFTWARE. USE OF SUCH EMBEDDED OR BUNDLED TIBCO SOFTWARE IS SOLELY TO ENABLE THE FUNCTIONALITY (OR PROVIDE LIMITED ADD-ON FUNCTIONALITY) OF THE LICENSED TIBCO SOFTWARE. THE EMBEDDED OR BUNDLED SOFTWARE IS NOT LICENSED TO BE USED OR ACCESSED BY ANY OTHER TIBCO SOFTWARE OR FOR ANY OTHER PURPOSE.

USE OF TIBCO SOFTWARE AND THIS DOCUMENT IS SUBJECT TO THE TERMS AND CONDITIONS OF A LICENSE AGREEMENT FOUND IN EITHER A SEPARATELY EXECUTED SOFTWARE LICENSE AGREEMENT, OR, IF THERE IS NO SUCH SEPARATE AGREEMENT, THE CLICKWRAP END USER LICENSE AGREEMENT WHICH IS DISPLAYED DURING DOWNLOAD OR INSTALLATION OF THE SOFTWARE (AND WHICH IS DUPLICATED IN THE LICENSE FILE) OR IF THERE IS NO SUCH SOFTWARE LICENSE AGREEMENT OR CLICKWRAP END USER LICENSE AGREEMENT, THE LICENSE(S) LOCATED IN THE “LICENSE” FILE(S) OF THE SOFTWARE. USE OF THIS DOCUMENT IS SUBJECT TO THOSE TERMS AND CONDITIONS, AND YOUR USE HEREOF SHALL CONSTITUTE ACCEPTANCE OF AND AN AGREEMENT TO BE BOUND BY THE SAME.

This document contains confidential information that is subject to U.S. and international copyright laws and treaties. No part of this document may be reproduced in any form without the written authorization of TIBCO Software Inc.

TIBCO and LogLogic are either registered trademarks or trademarks of TIBCO Software Inc. and/or subsidiaries of TIBCO Software Inc. in the United States and/or other countries.

All other product and company names and marks mentioned in this document are the property of their respective owners and are mentioned for identification purposes only.

THIS SOFTWARE MAY BE AVAILABLE ON MULTIPLE OPERATING SYSTEMS. HOWEVER, NOT ALL OPERATING SYSTEM PLATFORMS FOR A SPECIFIC SOFTWARE VERSION ARE RELEASED AT THE SAME TIME. PLEASE SEE THE README.TXT FILE FOR THE AVAILABILITY OF THIS SOFTWARE VERSION ON A SPECIFIC OPERATING SYSTEM PLATFORM.

THIS DOCUMENT IS PROVIDED “AS IS” WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT. THIS DOCUMENT COULD INCLUDE TECHNICAL INACCURACIES OR TYPOGRAPHICAL ERRORS. CHANGES ARE PERIODICALLY ADDED TO THE INFORMATION HEREIN; THESE CHANGES WILL BE INCORPORATED IN NEW EDITIONS OF THIS DOCUMENT. TIBCO SOFTWARE INC. MAY MAKE IMPROVEMENTS AND/OR CHANGES IN THE PRODUCT(S) AND/OR THE PROGRAM(S) DESCRIBED IN THIS DOCUMENT AT ANY TIME.

THE CONTENTS OF THIS DOCUMENT MAY BE MODIFIED AND/OR QUALIFIED, DIRECTLY OR INDIRECTLY, BY OTHER DOCUMENTATION WHICH ACCOMPANIES THIS SOFTWARE, INCLUDING BUT NOT LIMITED TO ANY RELEASE NOTES AND "READ ME" FILES.

Copyright © 2002-2012 TIBCO Software Inc. ALL RIGHTS RESERVED.

TIBCO Software Inc. Confidential Information

Contents

Preface

About This Guide. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

Technical Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

Documentation Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

Conventions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

Introduction

LogLogic Log Source Report Mapping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

Table 1 Log Source Report Mapping by Device Type – Access Control . . . . . . . . . 7

Table 2 Log Source Report Mapping by Device Type – Database Activity . . . . . . . 10

Table 3 Log Source Report Mapping by Device Type – Enterprise Content Management 10

Table 4 Log Source Report Mapping by Device Type – HP NonStop Audit . . . . . . 11

Table 5 Log Source Report Mapping by Device Type – IBM i5/OS. . . . . . . . . . . . . 11

Table 6 Log Source Report Mapping by Device Type – IBM z/OS Activity . . . . . . . 11

Table 7 Log Source Report Mapping by Device Type – Mail Activity . . . . . . . . . . . 11

Table 8 Log Source Report Mapping by Device Type – Network Activity . . . . . . . . 12

Table 9 Log Source Report Mapping by Device Type – Operational. . . . . . . . . . . . 14

Table 10 Log Source Report Mapping by Device Type – Policy Reports . . . . . . . . . 20

Table 11 Log Source Report Mapping by Device Type – Storage Systems Activity . 20

Table 12 Log Source Report Mapping by Device Type – Threat Management . . . . 20

Log Source Report Mapping Guide 3

4 Log Source Report Mapping Guide

Preface

About This GuideLogLogic® Appliances let you capture and manage log data from all types of log sources in your enterprise. This LogLogic Log Source Report Mapping Guidebook provides a set of tables listing Log Source Reports by Device Type, sorted by UI Category.

For more information on creating reports and alerts, see the LogLogic User Guide and LogLogic Online Help.

Technical SupportLogLogic is committed to the success of our customers and to ensuring our products improve customers' ability to maintain secure, reliable networks. Although LogLogic products are easy to use and maintain, occasional assistance might be necessary. LogLogic provides timely and comprehensive customer support and technical assistance from highly knowledgeable, experienced engineers that can help you maximize the performance of your LogLogic Appliances.

To reach LogLogic Customer Support:

Telephone: Toll Free—1-800-957-LOGSLocal—1-408-834-7480 EMEA or APAC: + 44 (0) 207 1170075 or +44 (0) 8000 669970

Email: [email protected]

You can also visit the LogLogic Support website at: http://www.loglogic.com/services/support. When contacting Customer Support, be prepared to provide:

Your name, email address, phone number, and fax number

Your company name and company address

Your machine type and release version

A description of the problem and the content of pertinent error messages (if any)

Documentation SupportYour feedback on LogLogic documentation is important to us. Send e-mail to [email protected] if you have questions or comments. Your comments will be reviewed and addressed by the LogLogic technical writing team.

In your e-mail message, please indicate the software name and version you are using, as well as the title and document date of your documentation.


mailto:[email protected]

http://www.loglogic.com/services/support/

mailto:[email protected]

ConventionsLogLogic documentation uses the following conventions to highlight code and command-line elements:

A monospace font is used for programming elements (such as code fragments, objects, methods, parameters, and HTML tags) and system elements (such as filenames, directories, paths, and URLs).

A monospace bold font is used to distinguish system prompts or screen output from user responses, as in this example:username: systemhome directory: home\app

A monospace italic font is used for placeholders, which are general names that you replace with names specific to your site, as in this example: LogLogic_home_directory\upgrade\

Straight brackets signal options in command-line syntax. For example:ls [-AabCcdFfgiLlmnopqRrstux1] [-X attr] [path ...]


Introduction

This guide provides a set of tables listing Log Source Reports by Device Type, sorted by the following UI Categories: Access Control, Database Activity, Enterprise Content Management, HP NonStop Audit, IBM i5/OS Activity, IBM z/OS Activity, Mail Activity, Network Activity, Operational, Policy Reports, Storage Systems Activity, and Threat Management.

For more information on Log Source Package (LSP) devices please see the Log Source Guide for that device.

LogLogic Log Source Report Mapping

Table 1 Log Source Report Mapping by Device Type – Access Control

Device Type Log Source Reports

Active Directory User Created/Deleted

Active Directory Windows Events

Active Directory User Access

Active Directory Permission Modification

BMC Remedy ARS User Access

BMC Remedy ARS User Authentication

Check Point Interface User Access

Check Point Interface User Authentication

Cisco ASA User Access

Cisco ASA User Authentication

Cisco FWSM User Access

Cisco FWSM User Authentication

Cisco PIX User Access

Cisco PIX User Authentication

Cisco Secure ACS User Access

Cisco Secure ACS User Authentication

Cisco VPN 3000 User Access

Cisco VPN 3000 User Authentication

Cisco Win ACS User Access

Cisco Win ACS User Authentication

HP/UX User Access

HP/UX User Authentication

HP/UX Permission Modification

HP/UX User Created/Deleted


HP/UX Audit User Access

HP/UX Audit User Authentication

HP/UX Audit Permission Modification

HP/UX Audit User Created/Deleted

Juniper Firewall User Access

Juniper Firewall User Authentication

Juniper SSL VPN User Access

Juniper SSL VPN User Authentication

KondorPlus User Access

KondorPlus User Authentication

Linux User Access

Linux User Authentication

Linux User Created/Deleted

Linux Permission Modification

Microsoft Operation Manager User Access

Microsoft Operation Manager User Authentication

Microsoft Operation Manager Permission Modification

Microsoft Operation Manager User Created/Deleted

Microsoft Operation Manager Windows Events

Microsoft SQL Server User Access

Microsoft SQL Server User Authentication

Microsoft SQL Server Permission Modification

Microsoft Windows User Access

Microsoft Windows User Authentication

Microsoft Windows Permission Modification

Microsoft Windows User Created/Deleted

Microsoft Windows Windows Events

NetApp Filer User Access

NetApp Filer User Authentication

NetApp Filer User Created/Deleted

NetApp Filer Audit User Access

NetApp Filer Audit User Authentication

Nortel Contivity User Access

Nortel Contivity User Authentication




Novell eDirectory User Access

Novell eDirectory User Authentication

Novell eDirectory Permission Modification

Other UNIX User Access

Other UNIX User Authentication

Other UNIX User Created/Deleted

Other UNIX Permission Modification

RSA ACE Server User Access

RSA ACE Server User Authentication

Sidewinder User Access

Sidewinder User Authentication

Sidewinder User Created/Deleted

SiteMinder User Access

SiteMinder User Authentication

Sun Solaris User Access

Sun Solaris User Authentication

Sun Solaris User Created/Deleted

Sun Solaris Permission Modification

Sun Solaris BSM User Access

Sun Solaris BSM User Authentication

Sun Solaris BSM User Created/Deleted

Sun Solaris BSM Permission Modification

VMWare ESX User Access

VMWare ESX User Authentication

VMWare ESX User Created/Deleted

VMWare ESX Permission Modification

VMWare vCenter User Access

VMWare vCenter User Authentication

VMWare vCloud Director User Access

VMWare vCloud Director User Authentication




Table 2 Log Source Report Mapping by Device Type – Database Activity


IBM DB2 Database Access

IBM DB2 Database Data Access

IBM DB2 Database Privilege Modifications

IBM DB2 Database System Modifications

IBM DB2 Permission Modification

Microsoft SQL Server All Database Events

Microsoft SQL Server Database Access

Microsoft SQL Server Database Data Access

Microsoft SQL Server Database Privilege Modifications

Microsoft SQL Server Database System Modifications

Oracle Database All Database Events

Oracle Database Database Access

Oracle Database Database Data Access

Oracle Database Database Privilege Modifications

Oracle Database Database System Modifications

Sybase ASE All Database Events

Sybase ASE Database Access

Sybase ASE Database Data Access

Sybase ASE Database Privilege Modifications

Sybase ASE Database System Modifications

Table 3 Log Source Report Mapping by Device Type – Enterprise Content Management


Cisco ASA Content Management

Cisco ASA ECM Activity

Fortinet FortiOS ECM Activity

Microsoft SharePoint Content Management

Microsoft SharePoint ECM Activity

Microsoft SharePoint Expiration and Disposition

Microsoft SharePoint Security Settings


Table 4 Log Source Report Mapping by Device Type – HP NonStop Audit


HP NonStop Audit Configuration Changes

HP NonStop Audit Failed And Successful Logins

HP NonStop Audit HP NonStop Audit Activity

HP NonStop Audit Object Access

HP NonStop Audit Object Changes

HP NonStop Audit User Actions

Table 5 Log Source Report Mapping by Device Type – IBM i5/OS


IBM i5/OS All Log Entry Types

IBM i5/OS System Object Access

IBM i5/OS User Access by Connection

IBM i5/OS User Action

IBM i5/OS User Jobs

Table 6 Log Source Report Mapping by Device Type – IBM z/OS Activity


z/OS RACF Unix System Services

z/OS RACF Violation

z/OS RACF Login/Logout

z/OS RACF Resource Access

z/OS RACF Security Modifications

z/OS RACF System Access/Configuration

Table 7 Log Source Report Mapping by Device Type – Mail Activity


Microsoft Exchange 2000/03 Exchange 2000/03 Activity

Microsoft Exchange 2000/03 Exchange 2000/03 Delay

Microsoft Exchange 2000/03 Exchange 2000/03 Delay

Microsoft Exchange 2000/03 Exchange 2000/03 Size

Microsoft Exchange 2000/03 Exchange 2000/03 SMTP

Microsoft Exchange 2007 Message Tracking Exchange 2007 Mail Size


Microsoft Exchange 2007 Message Tracking Exchange 2007 Activity

Microsoft Exchange 2007 Pop/Imap Server Activity

Microsoft Exchange 2007 SMTP Receive Server Activity

Microsoft Exchange 2007 SMTP Send Server Activity

Table 8 Log Source Report Mapping by Device Type – Network Activity


Apache WebServer Web Cache Activity

Apache WebServer Web Surfing Activity

Blue Coat ProxySG Web Cache Activity

Check Point Interface Accepted Connections

Check Point Interface Active VPN Connections

Check Point Interface Application Distributions

Check Point Interface Denied Connections

Check Point Interface FTP Connections

Check Point Interface VPN Access

Check Point Interface VPN Sessions

Check Point Interface VPN Top Lists

Check Point Interface Web Surfing Activity

Cisco ASA Accepted Connections

Cisco ASA Active VPN Connections

Cisco ASA Application Distributions

Cisco ASA Denied Connections

Cisco ASA FTP Connections

Cisco ASA VPN Access

Cisco ASA VPN Sessions

Cisco ASA VPN Top Lists

Cisco ASA Web Surfing Activity

Cisco Content Engine Web Cache Activity

Cisco Content Engine Web Surfing Activity

Cisco FWSM Accepted Connections

Cisco FWSM Active VPN Connections

Cisco FWSM Application Distributions

Cisco FWSM Denied Connections

Table 7 Log Source Report Mapping by Device Type – Mail Activity



Cisco FWSM FTP Connections

Cisco FWSM VPN Access

Cisco FWSM VPN Session

Cisco FWSM VPN Top List

Cisco FWSM Web Surfing Activity

Cisco PIX Accepted Connections

Cisco PIX Active VPN Connections

Cisco PIX Application Distributions

Cisco PIX Denied Connections

Cisco PIX FTP Connections

Cisco PIX VPN Access

Cisco PIX VPN Session

Cisco PIX VPN Top List

Cisco PIX Web Surfing Activity

Cisco Router Denied Connections

Cisco WSA Web Cache Activity

Cisco WSA Web Surfing Activity

Cisco VPN 3000 Active VPN Connections

Cisco VPN 3000 VPN Access

Cisco VPN 3000 VPN Session

Cisco VPN 3000 VPN Top List

Fortinet FortiOS Accepted Connections

Fortinet FortiOS Application Distributions

Fortinet FortiOS Denied Connections

Generic W3C Web Cache Activity

Generic W3C Web Surfing Activity

Juniper Firewall Accepted Connections

Juniper Firewall Application Distributions

Juniper Firewall Denied Connections

Juniper RT_Flow Accepted Connections

Juniper RT_Flow Denied Connections

Juniper SSL VPN Web Cache Activity

Juniper SSL VPN Web Surfing Activity

Microsoft DHCP DHCP Denied Activity

Microsoft DHCP DHCP Granted/Renewed Activity




Microsoft DHCP DHCP Activity

Microsoft IAS Web Cache Activity

Microsoft IAS Web Surfing Activity

Microsoft IIS Web Cache Activity

Microsoft IIS Web Surfing Activity

Microsoft ISA Web Cache Activity

NetApp NetCache Web Cache Activity

Nortel Contivity Accepted Connections

Nortel Contivity Active VPN Connections

Nortel Contivity Application Distributions

Nortel Contivity Denied Connections

Nortel Contivity VPN Access

Nortel Contivity VPN Sessions

Nortel Contivity VPN Top Lists

Nortel Contivity Web Surfing Activity

Palo Alto Networks PANOS Accepted Connections

Palo Alto Networks PANOS Application Distributions

Palo Alto Networks PANOS Denied Connections

RADIUS Acct Client Active VPN Connections

RADIUS Acct Client VPN Access

RADIUS Acct Client VPN Sessions

RADIUS Acct Client VPN Top Lists

Sidewinder Accepted Connections

Sidewinder Denied Connections

Squid Web Cache Activity

Table 9 Log Source Report Mapping by Device Type – Operational


Active Directory All Unparsed Events

Active Directory Total Message Count

Apache WebServer All Unparsed Events

Apache WebServer Total Message Count

Blue Coat Proxy Syslog All Unparsed Events

Blue Coat Proxy Syslog Total Message Count




Blue Coat ProxySG All Unparsed Events

Blue Coat ProxySG Total Message Count

Blue Coat ProxySG All Unparsed Events

BMC Remedy ARS All Unparsed Events

BMC Remedy ARS Total Message Count

Check Point Interface All Unparsed Events

Check Point Interface Firewall Statistics

Check Point Interface Security Events

Check Point Interface System Events

Check Point Interface Total Message Count

Cisco ASA All Unparsed Events

Cisco ASA Firewall Statistics

Cisco ASA Security Events

Cisco ASA System Events

Cisco ASA Total Message Count

Cisco Content Engine All Unparsed Events

Cisco Content Engine Total Message Count

Cisco FWSM All Unparsed Events

Cisco FWSM Firewall Statistics

Cisco FWSM Security Events

Cisco FWSM System Events

Cisco FWSM Total Message Count

Cisco IPS All Unparsed Events

Cisco IPS Total Message Count

Cisco NetFlow All Unparsed Events

Cisco NetFlow Total Message Count

Cisco PIX All Unparsed Events

Cisco PIX Firewall Statistics

Cisco PIX Security Events

Cisco PIX System Events

Cisco PIX Total Message Count

Cisco Router All Unparsed Events

Cisco Router Firewall Statistics

Cisco Router Total Message Count

Cisco Secure ACS All Unparsed Events




Cisco Secure ACS Total Message Count

Cisco WSA All Unparsed Events

Cisco WSA Total Message Count

Cisco Switch All Unparsed Events

Cisco Switch Total Message Count

Cisco VPN 3000 All Unparsed Events

Cisco VPN 3000 Total Message Count

Cisco Win ACS All Unparsed Events

Cisco Win ACS Total Message Count

Decru Datafort All Unparsed Events

Decru Datafort Total Message Count

Fortinet FortiOS All Unparsed Events

Fortinet FortiOS Total Message Count

General Syslog All Unparsed Events

General Syslog Total Message Count

Generic W3C All Unparsed Events

Generic W3C Total Message Count

Guardium SQL Guard All Unparsed Events

Guardium SQL Guard Total Message Count

Guardium SQLGuard Audit All Unparsed Events

Guardium SQLGuard Audit Total Message Count

Guardium SQLGuard Audit All Unparsed Events

Guardium SQLGuard Audit Total Message Count

HP NonStop Audit All Unparsed Events

HP NonStop Audit Total Message Count

HP/UX All Unparsed Events

HP/UX Total Message Count

IBM DB2 All Unparsed Events

IBM DB2 Total Message Count

IBM i5/OS All Unparsed Events

IBM i5/OS Total Message Count

ISS RealSecure NIDS All Unparsed Events

ISS RealSecure NIDS Total Message Count

ISS SiteProtector All Unparsed Events

ISS SiteProtector Total Message Count




Juniper Firewall Firewall Statistics

Juniper Firewall Security Events

Juniper Firewall System Events

Juniper Firewall Total Message Count

Juniper IDP All Unparsed Events

Juniper IDP Total Message Count

Juniper RT_Flow All Unparsed Events

Juniper RT_Flow Firewall Statistics

Juniper RT_Flow Total Message Count

Juniper SSL VPN All Unparsed Events

Juniper SSL VPN Total Message Count

Juniper SSL VPN Secure Access All Unparsed Events

Juniper SSL VPN Secure Access Total Message Count

KondorPlus All Unparsed Events

KondorPlus Total Message Count

Linux All Unparsed Events

Linux Total Message Count

LogLogic Appliance All Unparsed Events

LogLogic Appliance Total Message Count

LogLogic Database Security Manager All Unparsed Events

LogLogic Database Security Manager Total Message Count

McAfee ePolicy Orchestrator All Unparsed Events

McAfee ePolicy Orchestrator Total Message Count

Microsoft DHCP All Unparsed Events

Microsoft DHCP Total Message Count

Microsoft Exchange 2000/03 All Unparsed Events

Microsoft Exchange 2000/03 Total Message Count

Microsoft Exchange 2007 Application logs All Unparsed Events

Microsoft Exchange 2007 Application logs Total Message Count

Microsoft Exchange 2007 Message Tracking All Unparsed Events

Microsoft Exchange 2007 Message Tracking Total Message Count

Microsoft Exchange 2007 Pop/Imap All Unparsed Events

Microsoft Exchange 2007 Pop/Imap Total Message Count

Microsoft Exchange 2007 SMTP Receive All Unparsed Events

Microsoft Exchange 2007 SMTP Receive Total Message Count




Microsoft Exchange 2007 SMTP Send All Unparsed Events

Microsoft Exchange 2007 SMTP Send Total Message Count

Microsoft IAS All Unparsed Events

Microsoft IAS Total Message Count

Microsoft IIS All Unparsed Events

Microsoft IIS Total Message Count

Microsoft ISA All Unparsed Events

Microsoft ISA Total Message Count

Microsoft Operation Manager All Unparsed Events

Microsoft Operation Manager Total Message Count

Microsoft SharePoint All Unparsed Events

Microsoft SharePoint Total Message Count

Microsoft SQL Server All Unparsed Events

Microsoft SQL Server Total Message Count

Microsoft SQL Server Application logs All Unparsed Events

Microsoft SQL Server Application logs Total Message Count

Microsoft SQL Server GDBC All Unparsed Events

Microsoft SQL Server GDBC Total Message Count

Microsoft Windows All Unparsed Events

Microsoft Windows Total Message Count

NetApp Filer All Unparsed Events

NetApp Filer Total Message Count

NetApp Filer Audit All Unparsed Events

NetApp Filer Audit Total Message Count

NetApp NetCache All Unparsed Events

NetApp NetCache Total Message Count

Nortel Contivity All Unparsed Events

Nortel Contivity System Events

Nortel Contivity Total Message Count

Novell eDirectory All Unparsed Events

Novell eDirectory Total Message Count

Oracle Database All Unparsed Events

Oracle Database Total Message Count

Oracle GDBC All Unparsed Events

Oracle GDBC Total Message Count




Other File Device All Unparsed Events

Other File Device Total Message Count

Other UNIX All Unparsed Events

Other UNIX Total Message Count

Palo Alto Networks PANOS All Unparsed Events

Palo Alto Networks PANOS Total Message Count

RADIUS Acct Client All Unparsed Events

RADIUS Acct Client Total Message Count

RSA ACE Server All Unparsed Events

RSA ACE Server Total Message Count

Sidewinder All Unparsed Events

Sidewinder Firewall Statistics

Sidewinder Total Message Count

Snort All Unparsed Events

Snort Total Message Count

Sourcefire All Unparsed Events

Sourcefire Total Message Count

Squid All Unparsed Events

Squid Total Message Count

Sun Solaris All Unparsed Events

Sun Solaris Total Message Count

Sun Solaris BSM All Unparsed Events

Sun Solaris BSM Total Message Count

Sybase ASE All Unparsed Events

Sybase ASE Total Message Count

Symantec AntiVirus All Unparsed Events

Symantec AntiVirus Total Message Count

TrendMicro Control Manager All Unparsed Events

TrendMicro Control Manager Total Message Count

TrendMicro OfficeScan All Unparsed Events

TrendMicro OfficeScan Total Message Count

Tripwire Management Station All Unparsed Events

Tripwire Management Station Total Message Count

VMWare ESX All Unparsed Events

VMWare ESX Total Message Count




VMWare vCenter All Unparsed Events

VMWare vCenter Total Message Count

z/OS RACF All Unparsed Events

z/OS RACF Total Message Count

Table 10 Log Source Report Mapping by Device Type – Policy Reports


Check Point Interface Rules/Policies

Juniper Firewall Rules/Policies

LogLogic Appliance Network Policies

Microsoft SharePoint ECM Policy

Nortel Contivity Rules/Policies

Table 11 Log Source Report Mapping by Device Type – Storage Systems Activity


NetApp Filer Filer Access

NetApp Filer Audit Filer Access

Table 12 Log Source Report Mapping by Device Type – Threat Management


Cisco ASA IDS/IPS Activity

Cisco FWSM IDS/IPS Activity

Cisco IPS IDS/IPS Activity

Cisco PIX IDS/IPS Activity

Fortinet FortiOS IDS/IPS Activity

Fortinet FortiOS Threat Activity

Guardium SQL Guard DB IPS Activity

Guardium SQLGuard Audit DB IPS Activity

ISS RealSecure NIDS IDS/IPS Activity

ISS SiteProtector IDS/IPS Activity

Juniper IDP IDS/IPS Activity

LogLogic Database Security Manager IDS/IPS Activity

McAfee ePolicy Orchestrator Configuration Activity

McAfee ePolicy Orchestrator HIPS Activity




McAfee ePolicy Orchestrator Scan Activity

McAfee ePolicy Orchestrator Threat Activity

Snort IDS/IPS Activity

Sourcefire IDS/IPS Activity

Symantec AntiVirus Configuration Activity

Symantec AntiVirus Scan Activity

Symantec AntiVirus Threat Activity

TrendMicro Control Manager Threat Activity

TrendMicro OfficeScan Threat Activity

Table 12 Log Source Report Mapping by Device Type – Threat Management



loglogic log source report mapping guidebook · pdf filelog source report mapping guide 3 ......

Documents