tibco loglogic® log management intelligence (lmi) · of log sources in your enterprise. this...

Two-Second Ad

TIBCO LogLogic®

Log Management Intelligence (LMI)

Log Source Report Mapping GuidebookSoftware Release 5.6.3January 2016

vantage®

Important Information

SOME TIBCO SOFTWARE EMBEDS OR BUNDLES OTHER TIBCO SOFTWARE. USE OF SUCH EMBEDDED OR BUNDLED TIBCO SOFTWARE IS SOLELY TO ENABLE THE FUNCTIONALITY (OR PROVIDE LIMITED ADD-ON FUNCTIONALITY) OF THE LICENSED TIBCO SOFTWARE. THE EMBEDDED OR BUNDLED SOFTWARE IS NOT LICENSED TO BE USED OR ACCESSED BY ANY OTHER TIBCO SOFTWARE OR FOR ANY OTHER PURPOSE.USE OF TIBCO SOFTWARE AND THIS DOCUMENT IS SUBJECT TO THE TERMS AND CONDITIONS OF A LICENSE AGREEMENT FOUND IN EITHER A SEPARATELY EXECUTED SOFTWARE LICENSE AGREEMENT, OR, IF THERE IS NO SUCH SEPARATE AGREEMENT, THE CLICKWRAP END USER LICENSE AGREEMENT WHICH IS DISPLAYED DURING DOWNLOAD OR INSTALLATION OF THE SOFTWARE (AND WHICH IS DUPLICATED IN THE LICENSE FILE) OR IF THERE IS NO SUCH SOFTWARE LICENSE AGREEMENT OR CLICKWRAP END USER LICENSE AGREEMENT, THE LICENSE(S) LOCATED IN THE “LICENSE” FILE(S) OF THE SOFTWARE. USE OF THIS DOCUMENT IS SUBJECT TO THOSE TERMS AND CONDITIONS, AND YOUR USE HEREOF SHALL CONSTITUTE ACCEPTANCE OF AND AN AGREEMENT TO BE BOUND BY THE SAME.This document contains confidential information that is subject to U.S. and international copyright laws and treaties. No part of this document may be reproduced in any form without the written authorization of TIBCO Software Inc.TIBCO, Two-Second Advantage, and LogLogic are either registered trademarks or trademarks of TIBCO Software Inc. in the United States and/or other countries.All other product and company names and marks mentioned in this document are the property of their respective owners and are mentioned for identification purposes only.THIS SOFTWARE MAY BE AVAILABLE ON MULTIPLE OPERATING SYSTEMS. HOWEVER, NOT ALL OPERATING SYSTEM PLATFORMS FOR A SPECIFIC SOFTWARE VERSION ARE RELEASED AT THE SAME TIME. SEE THE README FILE FOR THE AVAILABILITY OF THIS SOFTWARE VERSION ON A SPECIFIC OPERATING SYSTEM PLATFORM.THIS DOCUMENT IS PROVIDED “AS IS” WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT.THIS DOCUMENT COULD INCLUDE TECHNICAL INACCURACIES OR TYPOGRAPHICAL ERRORS. CHANGES ARE PERIODICALLY ADDED TO THE INFORMATION HEREIN; THESE CHANGES WILL BE INCORPORATED IN NEW EDITIONS OF THIS DOCUMENT. TIBCO SOFTWARE INC. MAY MAKE IMPROVEMENTS AND/OR CHANGES IN THE PRODUCT(S) AND/OR THE PROGRAM(S) DESCRIBED IN THIS DOCUMENT AT ANY TIME.THE CONTENTS OF THIS DOCUMENT MAY BE MODIFIED AND/OR QUALIFIED, DIRECTLY OR INDIRECTLY, BY OTHER DOCUMENTATION WHICH ACCOMPANIES THIS SOFTWARE, INCLUDING BUT NOT LIMITED TO ANY RELEASE NOTES AND "READ ME" FILES.Copyright © 2002-2016 TIBCO Software Inc. ALL RIGHTS RESERVED.TIBCO Software Inc. Confidential Information

Contents | 3

Contents

Preface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5

Technical Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

Typographical Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

Chapter 1 Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9

TIBCO LogLogic Log Source Report Mapping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

LogLogic Report Mapping Guide

4 | Contents

LogLogic Report Mapping Guide

| 5

Preface

TIBCO LogLogic® Appliances let you capture and manage log data from all types of log sources in your enterprise. This LogLogic Log Source Report Mapping Guidebook provides a set of tables listing Log Source Reports by Device Type, sorted by UI Category.

For more information on creating reports and alerts, see the LogLogic User Guide and LogLogic Online Help.

Topics

• Related Documents, page 6

• Technical Support, page 8

• Typographical Conventions, page 9

Log Source Report Mapping Guide

6 | Related Documents

Related Documents

The LogLogic documentation is available on the TIBCO Product Documentation website — https://docs.tibco.com/products/a_z_products.

The following documents contain information about the TIBCO LogLogic Appliances:

• LogLogic Release Notes—Provides information specific to the release including product information, new features and functionality, resolved issues, known issues and any late-breaking information. Check the LogLogic support web site periodically for possible further updates.

• LogLogic Hardware Installation Guide—Describes how to get started with your LogLogic Appliance. In addition, the guide includes details about the Appliance hardware for all models.

• LogLogic Upgrade Guide—Describes how to configure and upgrade the LogLogic Appliance software.

• LogLogic User Guide—Describes how to use the LogLogic solution, viewing dashboard, managing reports, managing alerts, and performing searches.

• LogLogic Administration Guide—Describes how to administer the LogLogic solution including all Management and Administration menu options.

• LogLogic Log Source Configuration Guide—Describe how to support log data from various log sources. There is a separate manual for each supported log source. These documents include documentation on LogLogic Collectors as well as documentation on how to configure log sources to work with the LogLogic solution.

• LogLogic Collector Guides—Describe how to implement support for using a LogLogic Collector for specific log sources such as IBM i5/OS and ISS Site Protector.

• LogLogic Web Services API Implementation Guide—Describes how to implement the LogLogic Web Services APIs to manage reports, manage alerts, perform searches, and administrate the system.

• LogLogic Syslog Alert Message Format Quick Reference Guide—Describes the LogLogic Syslog alert message format.

• LogLogic Enterprise Virtual Appliance Quick Start Guide— Provides instructions on how to quickly set up the TIBCO Enterprise Virtual Appliance.

• LogLogic Log Source Report Mapping Guide — Provides provides a set of tables listing Log Source Reports by Device Type, sorted by UI Category.


Preface | 7

• LogLogic Online Help—Describes the Appliance user interface, including descriptions for each screen, tab, and element in the Appliance.


8 | Technical Support

Technical Support

TIBCO LogLogic is committed to the success of our customers and to ensuring our products improve customers' ability to maintain secure, reliable networks. Although TIBCO LogLogic products are easy to use and maintain, occasional assistance might be necessary. TIBCO LogLogic provides timely and comprehensive customer support and technical assistance from highly knowledgeable, experienced engineers that can help you maximize the performance of your TIBCO LogLogic Appliances.

To reach TIBCO LogLogic Customer Support:

Telephone: Toll Free—1-800-957-LOGS

Local—1-408-834-7480

EMEA or APAC: + 44 (0) 207 1170075 or +44 (0) 8000 669970

Email: [email protected]

Support website: https://support.tibco.com

When contacting Customer Support, be prepared to provide:

• Your name, email address, phone number, and fax number

• Your company name and company address

• Your machine type and release version

• A description of the problem and the content of pertinent error messages (if any)


Preface | 9

Typographical Conventions

The following typographical conventions are used in this manual.

Table 1 General Typographical Conventions

Convention Use

ENV_NAME

TIBCO_HOME

<ProductAcronym>_HOME

TIBCO products are installed into an installation environment. A product installed into an installation environment does not access components in other installation environments. Incompatible products and multiple instances of the same product must be installed into different installation environments.

An installation environment consists of the following properties:

• Name Identifies the installation environment. This name is referenced in documentation as ENV_NAME. On Microsoft Windows, the name is appended to the name of Windows services created by the installer and is a component of the path to the product shortcut in the Windows Start > All Programs menu.

• Path The folder into which the product is installed. This folder is referenced in documentation as TIBCO_HOME.

TIBCO <ProductName> installs into a directory within a TIBCO_HOME. This directory is referenced in documentation as <ProductAcronym>_HOME. The default value of <ProductAcronym>_HOME depends on the operating system. For example on Windows systems, the default value is C:\tibco\<ProductAcronym>\<ReleaseNumber>.

code font Code font identifies commands, code examples, filenames, pathnames, and output displayed in a command window. For example:

Use MyCommand to start the foo process.

bold code font Bold code font is used in the following ways:

• In procedures, to indicate what a user types. For example: Type admin.

• In large code samples, to indicate the parts of the sample that are of particular interest.

• In command syntax, to indicate the default parameter for a command. For example, if no parameter is specified, MyCommand is enabled: MyCommand [enable | disable]


10 | Typographical Conventions

italic font Italic font is used in the following ways:

• To indicate a document title. For example: See TIBCO ActiveMatrix BusinessWorks Concepts.

• To introduce new terms For example: A portal page may contain several portlets. Portlets are mini-applications that run in a portal.

• To indicate a variable in a command or code syntax that you must replace. For example: MyCommand PathName

Key combinations

Key name separated by a plus sign indicate keys pressed simultaneously. For example: Ctrl+C.

Key names separated by a comma and space indicate keys pressed one after the other. For example: Esc, Ctrl+Q.

The note icon indicates information that is of special interest or importance, for example, an additional action required only in certain circumstances.

The tip icon indicates an idea that could be useful, for example, a way to apply the information provided in the current section to achieve a specific result.

The warning icon indicates the potential for a damaging situation, for example, data loss or corruption if certain steps are taken or not taken.

Table 1 General Typographical Conventions (Cont’d)

Convention Use


| 11

Chapter 1 Introduction

This guide provides a set of tables listing Log Source Reports by Device Type, sorted by the following UI Categories: Access Control, Database Activity, Enterprise Content Management, HP NonStop Audit, IBM i5/OS Activity, IBM z/OS Activity, Mail Activity, Network Activity, Operational, Policy Reports, Storage Systems Activity, Threat Management and Flow Activity.

For more information on Log Source Package (LSP) devices please see the Log Source Guide for that device.

Topics

• TIBCO LogLogic Log Source Report Mapping, page 12


12 | Chapter 1 Introduction

TIBCO LogLogic Log Source Report Mapping

Table 2 Log Source Report Mapping by Device Type - Access Control

Device Type Log Source Reports

Active Directory Permission Modification

Active Directory User Access

Active Directory User Created/Deleted

Active Directory User Last Activity

Active Directory Windows Events

BMC Remedy ARS User Access

BMC Remedy ARS User Authentication

BMC Remedy ARS User Last Activity

Check Point Interface User Access

Check Point Interface User Authentication

Check Point Interface User Created/Deleted

Check Point Interface User Last Activity

Cisco ASA User Access

Cisco ASA User Authentication

Cisco ASA User Last Activity

Cisco ESA User Access

Cisco ESA User Authentication

Cisco FWSM User Access

Cisco FWSM User Authentication

Cisco FWSM User Last Activity

Cisco IOS User Access

Cisco IOS User Authentication


TIBCO LogLogic Log Source Report Mapping | 13

Cisco IOS User Last Activity

Cisco ISE Permission Modification

Cisco ISE User Access

Cisco ISE User Authentication

Cisco ISE User Last Activity

Cisco NXOS Permission Modification

Cisco NXOS User Access

Cisco NXOS User Authentication

Cisco PIX User Access

Cisco PIX User Authentication

Cisco PIX User Last Activity

Cisco Secure ACS User Access

Cisco Secure ACS User Authentication

Cisco Secure ACS User Created/Deleted

Cisco Secure ACS User Last Activity

Cisco VPN 3000 User Access

Cisco VPN 3000 User Authentication

Cisco VPN 3000 User Last Activity

Cisco Win ACS User Access

Cisco Win ACS User Authentication

Cisco Win ACS User Last Activity

Decru Datafort Permission Modification

Decru Datafort User Access

Decru Datafort User Authentication

Table 2 Log Source Report Mapping by Device Type - Access Control (Cont’d)




Decru Datafort User Created/Deleted

Decru Datafort User Last Activity

F5 TMOS Permission Modification

F5 TMOS User Access

F5 TMOS User Authentication

F5 TMOS User Created/Deleted

F5 TMOS User Last Activity

HP/UX Permission Modification

HP/UX User Access

HP/UX User Authentication

HP/UX User Created/Deleted

HP/UX User Last Activity

HP-UX Audit Permission Modification

HP-UX Audit User Access

HP-UX Audit User Authentication

HP-UX Audit User Created/Deleted

HP-UX Audit User Last Activity

IBM AIX Permission Modification

IBM AIX User Access

IBM AIX User Authentication

IBM AIX User Created/Deleted

IBM AIX User Last Activity

IBM AIX Audit Permission Modification

IBM AIX Audit User Access





IBM AIX Audit User Authentication

IBM AIX Audit User Created/Deleted

IBM AIX Audit User Last Activity

IBM DB2 User Created/Deleted

Juniper Firewall User Access

Juniper Firewall User Authentication

Juniper Firewall User Last Activity

Juniper JunOS User Access

Juniper JunOS User Authentication

Juniper JunOS User Last Activity

Juniper SSL VPN User Access

Juniper SSL VPN User Authentication

Juniper SSL VPN User Last Activity

Juniper SSL VPN Secure Access User Access

Juniper SSL VPN Secure Access User Authentication

Juniper SSL VPN Secure Access User Last Activity

KondorPlus User Access

KondorPlus User Authentication

KondorPlus User Last Activity

Linux Permission Modification

Linux User Access

Linux User Authentication

Linux User Created/Deleted

Linux User Last Activity





LogLogic Appliance Permission Modification

LogLogic Appliance User Access

LogLogic Appliance User Authentication

LogLogic Appliance User Created/Deleted

LogLogic Appliance User Last Activity

Microsoft IAS User Access

Microsoft IAS User Authentication

Microsoft IAS User Last Activity

Microsoft MOM/SCOM Permission Modification

Microsoft MOM/SCOM User Access

Microsoft MOM/SCOM User Authentication

Microsoft MOM/SCOM User Created/Deleted

Microsoft MOM/SCOM User Last Activity

Microsoft MOM/SCOM Windows Events

Microsoft Windows Permission Modification

Microsoft Windows User Access

Microsoft Windows User Authentication

Microsoft Windows User Created/Deleted

Microsoft Windows User Last Activity

Microsoft Windows Windows Events

Microsoft Windows French Permission Modification

Microsoft Windows French User Access

Microsoft Windows French User Authentication

Microsoft Windows French User Created/Deleted





Microsoft Windows French User Last Activity

Microsoft Windows French Windows Events

Microsoft Windows German Permission Modification

Microsoft Windows German User Access

Microsoft Windows German User Authentication

Microsoft Windows German User Created/Deleted

Microsoft Windows German User Last Activity

Microsoft Windows German Windows Events

Microsoft Windows Japanese Permission Modification

Microsoft Windows Japanese User Access

Microsoft Windows Japanese User Authentication

Microsoft Windows Japanese User Created/Deleted

Microsoft Windows Japanese User Last Activity

Microsoft Windows Japanese Windows Events

NetApp Filer User Access

NetApp Filer User Authentication

NetApp Filer User Created/Deleted

NetApp Filer User Last Activity

NetApp Filer Audit User Access

NetApp Filer Audit User Authentication

NetApp Filer Audit User Created/Deleted

NetApp Filer Audit User Last Activity

Nortel Contivity User Access

Nortel Contivity User Authentication





Nortel Contivity User Last Activity

Novell eDirectory Permission Modification

Novell eDirectory User Access

Novell eDirectory User Authentication

Novell eDirectory User Last Activity

Other UNIX Permission Modification

Other UNIX User Access

Other UNIX User Authentication

Other UNIX User Created/Deleted

Other UNIX User Last Activity

RSA ACE Server User Access

RSA ACE Server User Authentication

RSA ACE Server User Last Activity

Sidewinder User Access

Sidewinder User Authentication

Sidewinder User Created/Deleted

Sidewinder User Last Activity

SiteMinder User Access

SiteMinder User Authentication

SiteMinder User Last Activity

Sun Solaris Permission Modification

Sun Solaris User Access

Sun Solaris User Authentication

Sun Solaris User Created/Deleted





Sun Solaris User Last Activity

Sun Solaris BSM Permission Modification

Sun Solaris BSM User Access

Sun Solaris BSM User Authentication

Sun Solaris BSM User Created/Deleted

Sun Solaris BSM User Last Activity

Symantec Endpoint Protection User Access

Symantec Endpoint Protection User Authentication

Symantec Endpoint Protection User Created/Deleted

Symantec Endpoint Protection User Last Activity

TIBCO ActiveMatrix Administrator User Access

TIBCO ActiveMatrix Administrator User Authentication

TIBCO ActiveMatrix Administrator User Last Activity

TIBCO Administrator User Access

TIBCO Administrator User Authentication

TIBCO Administrator User Last Activity

Tripwire Management Station User Access

VMware ESX Permission Modification

VMware ESX User Access

VMware ESX User Authentication

VMware ESX User Created/Deleted

VMware ESX User Last Activity

VMware Orchestrator User Access

VMware Orchestrator User Authentication





VMware Orchestrator User Last Activity

VMware vCenter User Access

VMware vCenter User Authentication

VMware vCenter User Last Activity

VMware vCloud Director User Access

VMware vCloud Director User Authentication

VMware vCloud Director User Created/Deleted

VMware vCloud Director User Last Activity

VMware vShield Edge User Access

VMware vShield Edge User Authentication

VMware vShield Edge User Last Activity



Table 3 Log Source Report Mapping by Device Type – Database Activity


IBM DB2 All Database Events

IBM DB2 Database Access

IBM DB2 Database Data Access

IBM DB2 Database Privilege Modifications

IBM DB2 Database System Modifications

Microsoft SQL Server All Database Events

Microsoft SQL Server Database Access

Microsoft SQL Server Database Data Access

Microsoft SQL Server Database Privilege Modifications



Microsoft SQL Server Database System Modifications

Oracle Database All Database Events

Oracle Database Database Access

Oracle Database Database Data Access

Oracle Database Database Privilege Modifications

Oracle Database Database System Modifications

Sybase ASE All Database Events

Sybase ASE Database Access

Sybase ASE Database Data Access

Sybase ASE Database Privilege Modifications

Sybase ASE Database System Modifications

Table 3 Log Source Report Mapping by Device Type – Database Activity


Table 4 Log Source Report Mapping by Device Type – Enterprise Content Management


All ECM Activity

Cisco ASA Content Management

Cisco ASA ECM Activity

Fortinet FortiOS ECM Activity

Juniper SSL VPN Secure Access ECM Activity

Microsoft SharePoint Content Management

Microsoft SharePoint ECM Activity

Microsoft SharePoint Expiration and Disposition

Microsoft SharePoint Security Settings

Palo Alto Networks PANOS ECM Activity



Table 5 Log Source Report Mapping by Device Type – HP NonStop Audit


HP NonStop Audit Configuration Changes

HP NonStop Audit Failed And Successful Logins

HP NonStop Audit HP NonStop Audit Activity

HP NonStop Audit Object Access

HP NonStop Audit Object Changes

HP NonStop Audit User Actions

Table 6 Log Source Report Mapping by Device Type – IBM i5/OS


IBM i5/OS All Log Entry Types

IBM i5/OS System Object Access

IBM i5/OS User Access by Connection

IBM i5/OS User Action

IBM i5/OS User Jobs

Table 7 Log Source Report Mapping by Device Type – IBM z/OS Activity


z/OS RACF Unix System Services

z/OS RACF Violation

z/OS RACF Login/Logout

z/OS RACF Resource Access

z/OS RACF Security Modifications



z/OS RACF System Access/Configuration

Table 7 Log Source Report Mapping by Device Type – IBM z/OS Activity


Table 8 Log Source Report Mapping by Device Type – Mail Activity


Cisco ESA Server Activity

Microsoft Exchange 2000/03 Exchange 2000/03 Activity

Microsoft Exchange 2000/03 Exchange 2000/03 Delay

Microsoft Exchange 2000/03 Exchange 2000/03 Size

Microsoft Exchange 2000/03 Exchange 2000/03 SMTP

Microsoft Exchange 2007/10 Message Tracking

Exchange 2007 Mail Size


Exchange 2007 Activity

Microsoft Exchange 2007 Pop/Imap Server Activity

Microsoft Exchange 2007 SMTP Receive Server Activity

Microsoft Exchange 2007 SMTP Send Server Activity

Table 9 Log Source Report Mapping by Device Type – Network Activity


All Denied Connections

All NAT64 Activity

All VPN Sessions

Apache WebServer Web Cache Activity

Apache WebServer Web Surfing Activity



Blue Coat ProxySG Web Cache Activity

Blue Coat Syslog Web Cache Activity

Check Point Interface Accepted Connections

Check Point Interface Active VPN Connections

Check Point Interface Application Distribution

Check Point Interface Denied Connections

Check Point Interface FTP Connections

Check Point Interface VPN Access

Check Point Interface VPN Sessions

Check Point Interface VPN Top Lists

Check Point Interface Web Surfing Activity

Cisco ASA Accepted Connections

Cisco ASA Active FW Connections

Cisco ASA Active VPN Connections

Cisco ASA Application Distribution

Cisco ASA Denied Connections

Cisco ASA FTP Connections

Cisco ASA VPN Access

Cisco ASA VPN Sessions

Cisco ASA VPN Top Lists

Cisco ASA Web Surfing Activity

Cisco Content Engine Web Cache Activity

Cisco Content Engine Web Surfing Activity

Cisco FWSM Accepted Connections

Table 9 Log Source Report Mapping by Device Type – Network Activity (Cont’d)




Cisco FWSM Active FW Connections

Cisco FWSM Active VPN Connections

Cisco FWSM Application Distribution

Cisco FWSM Denied Connections

Cisco FWSM FTP Connections

Cisco FWSM VPN Access

Cisco FWSM VPN Sessions

Cisco FWSM VPN Top Lists

Cisco FWSM Web Surfing Activity

Cisco IOS Accepted Connections

Cisco IOS Denied Connections

Cisco NetFlow NAT64 Activity

Cisco NXOS Accepted Connections

Cisco NXOS Denied Connections

Cisco PIX Accepted Connections

Cisco PIX Active FW Connections

Cisco PIX Active VPN Connections

Cisco PIX Application Distribution

Cisco PIX Denied Connections

Cisco PIX FTP Connections

Cisco PIX VPN Access

Cisco PIX VPN Sessions

Cisco PIX VPN Top Lists

Cisco PIX Web Surfing Activity





Cisco Router Denied Connections

Cisco WSA Web Cache Activity

Cisco WSA Web Surfing Activity

Cisco VPN 3000 Active VPN Connections

Cisco VPN 3000 VPN Access

Cisco VPN 3000 VPN Sessions

Cisco VPN 3000 VPN Top Lists

F5 TMOS Accepted Connections

F5 TMOS Denied Connections

F5 TMOS Web Cache Activity

F5 TMOS Web Surfing Activity

Fortinet FortiOS Accepted Connections

Fortinet FortiOS Application Distribution

Fortinet FortiOS Denied Connections

Generic W3C Web Cache Activity

Generic W3C Web Surfing Activity

Juniper Firewall Accepted Connections

Juniper Firewall Application Distribution

Juniper Firewall Denied Connections

Juniper JunOS Accepted Connections

Juniper JunOS Application Distribution

Juniper JunOS Denied Connections

Juniper RT_Flow Accepted Connections

Juniper RT_Flow Denied Connections





Juniper SSL VPN Web Cache Activity

Juniper SSL VPN Web Surfing Activity

Microsoft DHCP DHCP Denied Activity

Microsoft DHCP DHCP Granted/Renewed Activity

Microsoft DHCP DHCP Activity

Microsoft ISA Web Cache Activity

Microsoft IIS Web Cache Activity

Microsoft IIS Web Surfing Activity

Microsoft ISA Web Cache Activity

NetApp NetCache Web Cache Activity

Nortel Contivity Accepted Connections

Nortel Contivity Active VPN Connections

Nortel Contivity Application Distribution

Nortel Contivity Denied Connections

Nortel Contivity VPN Access

Nortel Contivity VPN Sessions

Nortel Contivity VPN Top Lists

Nortel Contivity Web Surfing Activity

Palo Alto Networks PANOS Accepted Connections

Palo Alto Networks PANOS Application Distribution

Palo Alto Networks PANOS Denied Connections

Palo Alto Networks PANOS Web Surfing Activity

RADIUS Acct Client Active VPN Connections

RADIUS Acct Client VPN Access





RADIUS Acct Client VPN Sessions

RADIUS Acct Client VPN Top Lists

Sidewinder Accepted Connections

Sidewinder Denied Connections

Squid Web Cache Activity

Symantec Endpoint Protection Accepted Connections

Symantec Endpoint Protection Application Distribution

Symantec Endpoint Protection Denied Connections

VMware vShield Edge Accepted Connections

VMware vShield Edge Denied Connections

VMware vShield Edge DHCP Activity

VMware vShield Edge DHCP Granted/Renewed Activity



Table 10 Log Source Report Mapping by Device Type – Operational


All All Unparsed Events

Active Directory All Unparsed Events

Active Directory Total Message Count

Apache WebServer All Unparsed Events

Apache WebServer Total Message Count

Blue Coat Proxy Syslog All Unparsed Events

Blue Coat Proxy Syslog Total Message Count

Blue Coat ProxySG All Unparsed Events



Blue Coat ProxySG Total Message Count

BMC Remedy ARS All Unparsed Events

BMC Remedy ARS Total Message Count

Check Point Interface All Unparsed Events

Check Point Interface Firewall Statistics

Check Point Interface Security Events

Check Point Interface System Events

Check Point Interface Total Message Count

Check Point Inerface VPN Events

Cisco ASA All Unparsed Events

Cisco ASA Firewall Statistics

Cisco ASA Security Events

Cisco ASA System Events

Cisco ASA Total Message Count

Cisco ASA VPN Events

Cisco Content Engine All Unparsed Events

Cisco Content Engine Total Message Count

Cisco ESA All Unparsed Events

Cisco ESA Total Message Count

Cisco FWSM All Unparsed Events

Cisco FWSM Firewall Statistics

Cisco FWSM Security Events

Cisco FWSM System Events

Cisco FWSM Total Message Count

Table 10 Log Source Report Mapping by Device Type – Operational (Cont’d)




Cisco FWSM VPN Events

Cisco IOS All Unparsed Events

Cisco IOS Total Message Count

Cisco IPS All Unparsed Events

Cisco IPS Total Message Count

Cisco ISE All Unparsed Events

Cisco ISE Total Message Count

Cisco NetFlow All Unparsed Events

Cisco NetFlow Total Message Count

Cisco NXOS All Unparsed Events

Cisco NXOS Total Message Count

Cisco PIX All Unparsed Events

Cisco PIX Firewall Statistics

Cisco PIX Security Events

Cisco PIX System Events

Cisco PIX Total Message Count

Cisco PIX VPN Events

Cisco Router All Unparsed Events

Cisco Router Firewall Statistics

Cisco Router Total Message Count

Cisco Secure ACS All Unparsed Events

Cisco Secure ACS Total Message Count

Cisco WSA All Unparsed Events

Cisco WSA Total Message Count





Cisco Switch All Unparsed Events

Cisco Switch Total Message Count

Cisco VPN 3000 All Unparsed Events

Cisco VPN 3000 Total Message Count

Cisco VPN 3000 VPN Events

Cisco Win ACS All Unparsed Events

Cisco Win ACS Total Message Count

Decru Datafort All Unparsed Events

Decru Datafort Total Message Count

F5 TMOS Total Message Count

Fortinet FortiOS All Unparsed Events

Fortinet FortiOS Total Message Count

General Syslog All Unparsed Events

General Syslog Total Message Count

General TIBCO All Unparsed Events

General TIBCO Total Message Count

Generic W3C All Unparsed Events

Generic W3C Total Message Count

Guardium SQL Guard All Unparsed Events

Guardium SQL Guard Total Message Count

Guardium SQLGuard Audit All Unparsed Events

Guardium SQLGuard Audit Total Message Count

Guardium SQLGuard Audit All Unparsed Events

Guardium SQLGuard Audit Total Message Count





HP NonStop Audit All Unparsed Events

HP NonStop Audit Total Message Count

HP/UX All Unparsed Events

HP/UX Total Message Count

HP-UX Audit All Unparsed Events

HP-UX Audit Total Message Count

IBM AIX All Unparsed Events

IBM AIX Total Message Count

IBM AIX Audit All Unparsed Events

IBM AIX Audit Total Message Count

IBM DB2 All Unparsed Events

IBM DB2 Total Message Count

IBM i5/OS All Unparsed Events

IBM i5/OS Total Message Count

ISS RealSecure NIDS All Unparsed Events

ISS RealSecure NIDS Total Message Count

ISS SiteProtector All Unparsed Events

ISS SiteProtector Total Message Count

Juniper Firewall All Unparsed Events

Juniper Firewall Firewall Statistics

Juniper Firewall Security Events

Juniper Firewall System Events

Juniper Firewall Total Message Count

Juniper IDP All Unparsed Events





Juniper IDP Total Message Count

Juniper JunOS All Unparsed Events

Junpier JunOS Firewall Statistics

Juniper JunOS Total Message Count

Juniper RT_Flow All Unparsed Events

Juniper RT_Flow Firewall Statistics

Juniper RT_Flow Total Message Count

Juniper SSL VPN All Unparsed Events

Juniper SSL VPN Total Message Count

Juniper SSL VPN Secure Access All Unparsed Events

Juniper SSL VPN Secure Access Total Message Count

KondorPlus All Unparsed Events

KondorPlus Total Message Count

Linux All Unparsed Events

Linux Total Message Count

LogLogic Appliance All Unparsed Events

LogLogic Appliance Total Message Count

LogLogic Database Security Manager All Unparsed Events

LogLogic Database Security Manager Total Message Count

LogLogic Management Center All Unparsed Events

LogLogic Management Center Total Message Count

LogLogic Universal Collector All Unparsed Events

LogLogic Universal Collector Total Message Count

McAfee ePolicy Orchestrator All Unparsed Events





McAfee ePolicy Orchestrator Total Message Count

Microsoft DHCP All Unparsed Events

Microsoft DHCP Total Message Count

Microsoft DNS All Unparsed Events

Microsoft Exchange 2000/03 All Unparsed Events

Microsoft Exchange 2000/03 Total Message Count

Microsoft Exchange 2007/10 Application logs All Unparsed Events

Microsoft Exchange 2007/10 Application logs Total Message Count


All Unparsed Events


Total Message Count

Microsoft Exchange 2007 Pop/Imap All Unparsed Events

Microsoft Exchange 2007 Pop/Imap Total Message Count

Microsoft Exchange 2007/10 SMTP Receive All Unparsed Events

Microsoft Exchange 2007/10 SMTP Receive Total Message Count

Microsoft Exchange 2007/10 SMTP Send All Unparsed Events

Microsoft Exchange 2007/10 SMTP Send Total Message Count

Microsoft IAS All Unparsed Events

Microsoft IAS Total Message Count

Microsoft IIS All Unparsed Events

Microsoft IIS Total Message Count

Microsoft ISA All Unparsed Events

Microsoft ISA Total Message Count

Microsoft MOM/SCOM All Unparsed Events





Microsoft MOM/SCOM Total Message Count

Microsoft SharePoint All Unparsed Events

Microsoft SharePoint Total Message Count

Microsoft SQL Server All Unparsed Events

Microsoft SQL Server Total Message Count

Microsoft SQL Server Application logs All Unparsed Events

Microsoft SQL Server Application logs Total Message Count

Microsoft SQL Server GDBC All Unparsed Events

Microsoft SQL Server GDBC Total Message Count

Microsoft Windows All Unparsed Events

Microsoft Windows Total Message Count

Microsoft Windows Chinese All Unparsed Events

Microsoft Windows Chinese Total Message Count

Microsoft Windows French All Unparsed Events

Microsoft Windows French Total Message Count

Microsoft Windows German All Unparsed Events

Microsoft Windows German Total Message Count

Microsoft Windows Japanese All Unparsed Events

Microsoft Windows Japanese Total Message Count

Microsoft Windows Korean All Unparsed Events

Microsoft Windows Korean Total Message Count

MySQL Server GDBC All Unparsed Events

MySQL Server GDBC Total Message Count

NetApp Filer All Unparsed Events





NetApp Filer Total Message Count

NetApp Filer Audit All Unparsed Events

NetApp Filer Audit Total Message Count

NetApp NetCache All Unparsed Events

NetApp NetCache Total Message Count

Nortel Contivity All Unparsed Events

Nortel Contivity System Events

Nortel Contivity Total Message Count

Nortel Contivity VPN Events

Novell eDirectory All Unparsed Events

Novell eDirectory Total Message Count

Oracle Database All Unparsed Events

Oracle Database Total Message Count

Oracle GDBC All Unparsed Events

Oracle GDBC Total Message Count

Other File Device All Unparsed Events

Other File Device Total Message Count

Other UNIX All Unparsed Events

Other UNIX Total Message Count

Palo Alto Networks PANOS All Unparsed Events

Palo Alto Networks PANOS Total Message Count

RADIUS Acct Client All Unparsed Events

RADIUS Acct Client Total Message Count

RADIUS Acct Client VPN Events





RSA ACE Server All Unparsed Events

RSA ACE Server Total Message Count

Sidewinder All Unparsed Events

Sidewinder Firewall Statistics

Sidewinder Total Message Count

SiteMinder All Unparsed Events

SiteMinder Total Message Count

SiteProtector All Unparsed Events

SiteProtector Total Message Count

Snort All Unparsed Events

Snort Total Message Count

Sourcefire All Unparsed Events

Sourcefire Total Message Count

Sourcefire Defense Center All Unparsed Events

Sourcefire Defense Center Total Message Count

Squid All Unparsed Events

Squid Total Message Count

Sun Solaris All Unparsed Events

Sun Solaris Total Message Count

Sun Solaris BSM All Unparsed Events

Sun Solaris BSM Total Message Count

Sybase ASE All Unparsed Events

Sybase ASE Total Message Count

Symantec AntiVirus All Unparsed Events





Symantec AntiVirus Total Message Count

Symantec Endpoint Protection All Unparsed Events

Symantec Endpoint Protection Total Message Count

TIBCO ActiveMatrix Administrator All Unparsed Events

TIBCO ActiveMatrix Administrator Total Message Count

TIBCO Administrator All Unparsed Events

TIBCO Administrator Total Message Count

TIBCO Business Works All Unparsed Events

TIBCO Business Works Total Message Count

TIBCO EMSC All Unparsed Events

TIBCO EMSC Total Message Count

TIBCO Hawk Agent All Unparsed Events

TIBCO Hawk Agent Total Message Count

TrendMicro Control Manager All Unparsed Events

TrendMicro Control Manager Total Message Count

TrendMicro OfficeScan All Unparsed Events

TrendMicro OfficeScan Total Message Count

Tripwire Management Station All Unparsed Events

Tripwire Management Station Total Message Count

VMware ESX All Unparsed Events

VMware ESX Total Message Count

VMware Orchestrator All Unparsed Events

VMware Orchestrator Total Message Count

VMware vCenter Total Message Count





VMware vCenter All Unparsed Events

VMware vCloud Director Total Message Count

VMware vShield Total Message Count

z/OS RACF All Unparsed Events

z/OS RACF Total Message Count



Table 11 Log Source Report Mapping by Device Type – Policy Reports


Check Point Interface Rules/Policies

Juniper Firewall Rules/Policies

LogLogic Appliance Network Policies

Microsoft SharePoint ECM Policy

Nortel Contivity Rules/Policies

Table 12 Log Source Report Mapping by Device Type – Storage Systems Activity


NetApp Filer Filer Access

NetApp Filer Audit Filer Access

Table 13 Log Source Report Mapping by Device Type – Threat Management


All IDS/IPS Activity

All HIPS Activity



Cisco ASA IDS/IPS Activity

Cisco ASA Security Summary

Cisco ESA Threat Activity

Cisco ESA Configuration Activity

Cisco ESA Scan Activity

Cisco ESA Security Summary

Cisco FWSM IDS/IPS Activity

Cisco IOS IDS/IPS Activity

Cisco IPS Security Summary

Cisco ISE Secuirty Summary

Cisco NXOS Security Summary

Cisco NXOS2 Security Summary

Cisco IPS IDS/IPS Activity

Cisco PIX IDS/IPS Activity

Cisco Secure ACS Security Summary

Cisco WSA Security Summary

F5 TMOS Security Summary

Fortinet FortiOS IDS/IPS Activity

Fortinet FortiOS Threat Activity

Guardium SQL Guard DB IPS Activity

Guardium SQLGuard Audit DB IPS Activity

ISS RealSecure NIDS IDS/IPS Activity

ISS SiteProtector IDS/IPS Activity

Juniper IDP IDS/IPS Activity

Table 13 Log Source Report Mapping by Device Type – Threat Management (Cont’d)




Juniper JunOS IDS/IPS Activity

McAfee ePolicy Orchestrator Configuration Activity

McAfee ePolicy Orchestrator HIPS Activity

McAfee ePolicy Orchestrator Scan Activity

McAfee ePolicy Orchestrator Threat Activity

Palo Alto Networks PANOS IDS/IPS Activity

Palo Alto Networks PANO Threat Activity

SiteProtector IDS/IPS Activity

Snort IDS/IPS Activity

Sourcefire IDS/IPS Activity

Sourcefire Defense Center IDS/IPS Activity

Symantec AntiVirus Configuration Activity

Symantec AntiVirus Scan Activity

Symantec AntiVirus Threat Activity

Symantec Endpoint Protection Threat Activity

Symantec Endpoint Protect Configuration Activity

Symantec Endpoint Protection HIPS Activity

Symantect Endpoint Protection Scan Activity

Symantect Endpoint Protection Security Summary

TrendMicro Control Manager Threat Activity

TrendMicro OfficeScan Threat Activity

Table 13 Log Source Report Mapping by Device Type – Threat Management (Cont’d)




Table 14: Log Source Report Mapping by Device Type – Flow Activity


All Application Usage

All User Browsing Statics

All Top Users

Cisco NetFlow Application Usage

Cisco NetFlow User Browsing Static

Cisco NetFlow Top Users
