TIBCO LogLogic® Log Management Intelligence (LMI) Log Source Report Mapping Guidebook Software Release 5.5.0 May 2014 Two-Second Advantage ®
Two-Second Ad
TIBCO LogLogic®
Log Management Intelligence (LMI)
Log Source Report Mapping GuidebookSoftware Release 5.5.0May 2014
vantage®
Important Information
SOME TIBCO SOFTWARE EMBEDS OR BUNDLES OTHER TIBCO SOFTWARE. USE OF SUCH EMBEDDED OR BUNDLED TIBCO SOFTWARE IS SOLELY TO ENABLE THE FUNCTIONALITY (OR PROVIDE LIMITED ADD-ON FUNCTIONALITY) OF THE LICENSED TIBCO SOFTWARE. THE EMBEDDED OR BUNDLED SOFTWARE IS NOT LICENSED TO BE USED OR ACCESSED BY ANY OTHER TIBCO SOFTWARE OR FOR ANY OTHER PURPOSE.USE OF TIBCO SOFTWARE AND THIS DOCUMENT IS SUBJECT TO THE TERMS AND CONDITIONS OF A LICENSE AGREEMENT FOUND IN EITHER A SEPARATELY EXECUTED SOFTWARE LICENSE AGREEMENT, OR, IF THERE IS NO SUCH SEPARATE AGREEMENT, THE CLICKWRAP END USER LICENSE AGREEMENT WHICH IS DISPLAYED DURING DOWNLOAD OR INSTALLATION OF THE SOFTWARE (AND WHICH IS DUPLICATED IN THE LICENSE FILE) OR IF THERE IS NO SUCH SOFTWARE LICENSE AGREEMENT OR CLICKWRAP END USER LICENSE AGREEMENT, THE LICENSE(S) LOCATED IN THE “LICENSE” FILE(S) OF THE SOFTWARE. USE OF THIS DOCUMENT IS SUBJECT TO THOSE TERMS AND CONDITIONS, AND YOUR USE HEREOF SHALL CONSTITUTE ACCEPTANCE OF AND AN AGREEMENT TO BE BOUND BY THE SAME.This document contains confidential information that is subject to U.S. and international copyright laws and treaties. No part of this document may be reproduced in any form without the written authorization of TIBCO Software Inc.TIBCO, Two-Second Advantage, and LogLogic are either registered trademarks or trademarks of TIBCO Software Inc. in the United States and/or other countries.All other product and company names and marks mentioned in this document are the property of their respective owners and are mentioned for identification purposes only.THIS SOFTWARE MAY BE AVAILABLE ON MULTIPLE OPERATING SYSTEMS. HOWEVER, NOT ALL OPERATING SYSTEM PLATFORMS FOR A SPECIFIC SOFTWARE VERSION ARE RELEASED AT THE SAME TIME. SEE THE README FILE FOR THE AVAILABILITY OF THIS SOFTWARE VERSION ON A SPECIFIC OPERATING SYSTEM PLATFORM.THIS DOCUMENT IS PROVIDED “AS IS” WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT.THIS DOCUMENT COULD INCLUDE TECHNICAL INACCURACIES OR TYPOGRAPHICAL ERRORS. CHANGES ARE PERIODICALLY ADDED TO THE INFORMATION HEREIN; THESE CHANGES WILL BE INCORPORATED IN NEW EDITIONS OF THIS DOCUMENT. TIBCO SOFTWARE INC. MAY MAKE IMPROVEMENTS AND/OR CHANGES IN THE PRODUCT(S) AND/OR THE PROGRAM(S) DESCRIBED IN THIS DOCUMENT AT ANY TIME.THE CONTENTS OF THIS DOCUMENT MAY BE MODIFIED AND/OR QUALIFIED, DIRECTLY OR INDIRECTLY, BY OTHER DOCUMENTATION WHICH ACCOMPANIES THIS SOFTWARE, INCLUDING BUT NOT LIMITED TO ANY RELEASE NOTES AND "READ ME" FILES.Copyright © 2002-2014 TIBCO Software Inc. ALL RIGHTS RESERVED.TIBCO Software Inc. Confidential Information
Contents | 3
Contents
Preface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5
Related Documents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Technical Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Typographical Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Chapter 1 Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11
TIBCO LogLogic Log Source Report Mapping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Log Source Report Mapping Guide
4 | Contents
Log Source Report Mapping Guide
| 5
Preface
TIBCO LogLogic® Appliances let you capture and manage log data from all types of log sources in your enterprise. This LogLogic Log Source Report Mapping Guidebook provides a set of tables listing Log Source Reports by Device Type, sorted by UI Category.
For more information on creating reports and alerts, see the LogLogic User Guide and LogLogic Online Help.
Topics
• Related Documents, page 6
• Technical Support, page 7
• Typographical Conventions, page 8
Log Source Report Mapping Guide
6 | Related Documents
Related Documents
The LogLogic documentation is available on the TIBCO Product Documentation website — https://docs.tibco.com/products/a_z_products.
The following documents contain information about the TIBCO LogLogic Appliances:
• LogLogic Release Notes—Provides information specific to the release including product information, new features and functionality, resolved issues, known issues and any late-breaking information. Check the LogLogic support web site periodically for possible further updates.
• LogLogic Hardware Installation Guide—Describes how to get started with your LogLogic Appliance. In addition, the guide includes details about the Appliance hardware for all models.
• LogLogic Upgrade Guide—Describes how to configure and upgrade the LogLogic Appliance software.
• LogLogic User Guide—Describes how to use the LogLogic solution, viewing dashboard, managing reports, managing alerts, and performing searches.
• LogLogic Administration Guide—Describes how to administer the LogLogic solution including all Management and Administration menu options.
• LogLogic Log Source Configuration Guide—Describe how to support log data from various log sources. There is a separate manual for each supported log source. These documents include documentation on LogLogic Collectors as well as documentation on how to configure log sources to work with the LogLogic solution.
• LogLogic Collector Guides—Describe how to implement support for using a LogLogic Collector for specific log sources such as IBM i5/OS and ISS Site Protector.
• LogLogic Web Services API Implementation Guide—Describes how to implement the LogLogic Web Services APIs to manage reports, manage alerts, perform searches, and administrate the system.
• LogLogic Syslog Alert Message Format Quick Reference Guide—Describes the LogLogic Syslog alert message format.
• LogLogic Online Help—Describes the Appliance user interface, including descriptions for each screen, tab, and element in the Appliance.
Log Source Report Mapping Guide
Preface | 7
Technical Support
TIBCO LogLogic is committed to the success of our customers and to ensuring our products improve customers' ability to maintain secure, reliable networks. Although TIBCO LogLogic products are easy to use and maintain, occasional assistance might be necessary. TIBCO LogLogic provides timely and comprehensive customer support and technical assistance from highly knowledgeable, experienced engineers that can help you maximize the performance of your TIBCO LogLogic Appliances.
To reach TIBCO LogLogic Customer Support:
Telephone: Toll Free—1-800-957-LOGS
Local—1-408-834-7480
EMEA or APAC: + 44 (0) 207 1170075 or +44 (0) 8000 669970
Email: [email protected]
Support website: https://support.tibco.com/loglogic.htm.
When contacting Customer Support, be prepared to provide:
• Your name, email address, phone number, and fax number
• Your company name and company address
• Your machine type and release version
• A description of the problem and the content of pertinent error messages (if any)
Log Source Report Mapping Guide
8 | Typographical Conventions
Typographical Conventions
The following typographical conventions are used in this manual.
Table 1 General Typographical Conventions
Convention Use
ENV_NAME
TIBCO_HOME
<ProductAcronym>_HOME
TIBCO products are installed into an installation environment. A product installed into an installation environment does not access components in other installation environments. Incompatible products and multiple instances of the same product must be installed into different installation environments.
An installation environment consists of the following properties:
• Name Identifies the installation environment. This name is referenced in documentation as ENV_NAME. On Microsoft Windows, the name is appended to the name of Windows services created by the installer and is a component of the path to the product shortcut in the Windows Start > All Programs menu.
• Path The folder into which the product is installed. This folder is referenced in documentation as TIBCO_HOME.
TIBCO <ProductName> installs into a directory within a TIBCO_HOME. This directory is referenced in documentation as <ProductAcronym>_HOME. The default value of <ProductAcronym>_HOME depends on the operating system. For example on Windows systems, the default value is C:\tibco\<ProductAcronym>\<ReleaseNumber>.
code font Code font identifies commands, code examples, filenames, pathnames, and output displayed in a command window. For example:
Use MyCommand to start the foo process.
bold code font Bold code font is used in the following ways:
• In procedures, to indicate what a user types. For example: Type admin.
• In large code samples, to indicate the parts of the sample that are of particular interest.
• In command syntax, to indicate the default parameter for a command. For example, if no parameter is specified, MyCommand is enabled: MyCommand [enable | disable]
Log Source Report Mapping Guide
Preface | 9
italic font Italic font is used in the following ways:
• To indicate a document title. For example: See TIBCO ActiveMatrix BusinessWorks Concepts.
• To introduce new terms For example: A portal page may contain several portlets. Portlets are mini-applications that run in a portal.
• To indicate a variable in a command or code syntax that you must replace. For example: MyCommand PathName
Key combinations
Key name separated by a plus sign indicate keys pressed simultaneously. For example: Ctrl+C.
Key names separated by a comma and space indicate keys pressed one after the other. For example: Esc, Ctrl+Q.
The note icon indicates information that is of special interest or importance, for example, an additional action required only in certain circumstances.
The tip icon indicates an idea that could be useful, for example, a way to apply the information provided in the current section to achieve a specific result.
The warning icon indicates the potential for a damaging situation, for example, data loss or corruption if certain steps are taken or not taken.
Table 1 General Typographical Conventions (Cont’d)
Convention Use
Log Source Report Mapping Guide
10 | Typographical Conventions
Log Source Report Mapping Guide
| 11
Chapter 1 Introduction
This guide provides a set of tables listing Log Source Reports by Device Type, sorted by the following UI Categories: Access Control, Database Activity, Enterprise Content Management, HP NonStop Audit, IBM i5/OS Activity, IBM z/OS Activity, Mail Activity, Network Activity, Operational, Policy Reports, Storage Systems Activity, and Threat Management.
For more information on Log Source Package (LSP) devices please see the Log Source Guide for that device.
Topics
• TIBCO LogLogic Log Source Report Mapping, page 12
Log Source Report Mapping Guide
12 | Chapter 1 Introduction
TIBCO LogLogic Log Source Report Mapping
Table 2 Log Source Report Mapping by Service Type - Access Control
Device Type Log Source Reports
Active Directory User Created/Deleted
Active Directory Windows Events
Active Directory User Access
Active Directory Permission Modification
BMC Remedy ARS User Access
BMC Remedy ARS User Authentication
Check Point Interface User Access
Check Point Interface User Authentication
Cisco ASA User Access
Cisco ASA User Authentication
Cisco FWSM User Access
Cisco FWSM User Authentication
Cisco PIX User Access
Cisco PIX User Authentication
Cisco Secure ACS User Access
Cisco Secure ACS User Authentication
Cisco VPN 3000 User Access
Cisco VPN 3000 User Authentication
Cisco Win ACS User Access
Cisco Win ACS User Authentication
HP/UX User Access
HP/UX User Authentication
Log Source Report Mapping Guide
TIBCO LogLogic Log Source Report Mapping | 13
HP/UX Permission Modification
HP/UX User Created/Deleted
HP/UX Audit User Access
HP/UX Audit User Authentication
HP/UX Audit Permission Modification
HP/UX Audit User Created/Deleted
Juniper Firewall User Access
Juniper Firewall User Authentication
Juniper SSL VPN User Access
Juniper SSL VPN User Authentication
KondorPlus User Access
KondorPlus User Authentication
Linux User Access
Linux User Authentication
Linux User Created/Deleted
Linux Permission Modification
Microsoft Operation Manager User Access
Microsoft Operation Manager User Authentication
Microsoft Operation Manager Permission Modification
Microsoft Operation Manager User Created/Deleted
Microsoft Operation Manager Windows Events
Microsoft SQL Server User Access
Microsoft SQL Server User Authentication
Microsoft SQL Server Permission Modification
Table 2 Log Source Report Mapping by Service Type - Access Control
Device Type Log Source Reports
Log Source Report Mapping Guide
14 | Chapter 1 Introduction
Microsoft Windows User Access
Microsoft Windows User Authentication
Microsoft Windows Permission Modification
Microsoft Windows User Created/Deleted
Microsoft Windows Windows Events
NetApp Filer User Access
NetApp Filer User Authentication
NetApp Filer User Created/Deleted
NetApp Filer Audit User Access
NetApp Filer Audit User Authentication
Nortel Contivity User Access
Nortel Contivity User Authentication
Novell eDirectory User Access
Novell eDirectory User Authentication
Novell eDirectory Permission Modification
Other UNIX User Access
Other UNIX User Authentication
Other UNIX User Created/Deleted
Other UNIX Permission Modification
RSA ACE Server User Access
RSA ACE Server User Authentication
Sidewinder User Access
Sidewinder User Authentication
Sidewinder User Created/Deleted
Table 2 Log Source Report Mapping by Service Type - Access Control
Device Type Log Source Reports
Log Source Report Mapping Guide
TIBCO LogLogic Log Source Report Mapping | 15
SiteMinder User Access
SiteMinder User Authentication
Sun Solaris User Access
Sun Solaris User Authentication
Sun Solaris User Created/Deleted
Sun Solaris Permission Modification
Sun Solaris BSM User Access
Sun Solaris BSM User Authentication
Sun Solaris BSM User Created/Deleted
Sun Solaris BSM Permission Modification
VMWare ESX User Access
VMWare ESX User Authentication
VMWare ESX User Created/Deleted
VMWare ESX Permission Modification
VMWare vCenter User Access
VMWare vCenter User Authentication
VMWare vCloud Director User Access
VMWare vCloud Director User Authentication
Table 2 Log Source Report Mapping by Service Type - Access Control
Device Type Log Source Reports
Table 3 Log Source Report Mapping by Device Type – Database Activity
Device Type Log Source Reports
IBM DB2 Database Access
IBM DB2 Database Data Access
Log Source Report Mapping Guide
16 | Chapter 1 Introduction
IBM DB2 Database Privilege Modifications
IBM DB2 Database System Modifications
IBM DB2 Permission Modification
Microsoft SQL Server All Database Events
Microsoft SQL Server Database Access
Microsoft SQL Server Database Data Access
Microsoft SQL Server Database Privilege Modifications
Microsoft SQL Server Database System Modifications
Oracle Database All Database Events
Oracle Database Database Access
Oracle Database Database Data Access
Oracle Database Database Privilege Modifications
Oracle Database Database System Modifications
Sybase ASE All Database Events
Sybase ASE Database Access
Sybase ASE Database Data Access
Sybase ASE Database Privilege Modifications
Sybase ASE Database System Modifications
Table 3 Log Source Report Mapping by Device Type – Database Activity
Device Type Log Source Reports
Table 4 Log Source Report Mapping by Device Type – Enterprise Content Management
Device Type Log Source Reports
Cisco ASA Content Management
Cisco ASA ECM Activity
Fortinet FortiOS ECM Activity
Log Source Report Mapping Guide
TIBCO LogLogic Log Source Report Mapping | 17
Microsoft SharePoint Content Management
Microsoft SharePoint ECM Activity
Microsoft SharePoint Expiration and Disposition
Microsoft SharePoint Security Settings
Table 4 Log Source Report Mapping by Device Type – Enterprise Content Management
Device Type Log Source Reports
Table 5 Log Source Report Mapping by Device Type – HP NonStop Audit
Device Type Log Source Reports
HP NonStop Audit Configuration Changes
HP NonStop Audit Failed And Successful Logins
HP NonStop Audit HP NonStop Audit Activity
HP NonStop Audit Object Access
HP NonStop Audit Object Changes
HP NonStop Audit User Actions
Table 6 Log Source Report Mapping by Device Type – IBM i5/OS
Device Type Log Source Reports
IBM i5/OS All Log Entry Types
IBM i5/OS System Object Access
IBM i5/OS User Access by Connection
IBM i5/OS User Action
IBM i5/OS User Jobs
Log Source Report Mapping Guide
18 | Chapter 1 Introduction
Table 7 Log Source Report Mapping by Device Type – IBM z/OS Activity
Device Type Log Source Reports
z/OS RACF Unix System Services
z/OS RACF Violation
z/OS RACF Login/Logout
z/OS RACF Resource Access
z/OS RACF Security Modifications
z/OS RACF System Access/Configuration
Table 8 Log Source Report Mapping by Device Type – Mail Activity
Device Type Log Source Reports
Microsoft Exchange 2000/03 Exchange 2000/03 Activity
Microsoft Exchange 2000/03 Exchange 2000/03 Delay
Microsoft Exchange 2000/03 Exchange 2000/03 Delay
Microsoft Exchange 2000/03 Exchange 2000/03 Size
Microsoft Exchange 2000/03 Exchange 2000/03 SMTP
Microsoft Exchange 2007 Message Tracking Exchange 2007 Mail Size
Microsoft Exchange 2007 Message Tracking Exchange 2007 Activity
Microsoft Exchange 2007 Pop/Imap Server Activity
Microsoft Exchange 2007 SMTP Receive Server Activity
Microsoft Exchange 2007 SMTP Send Server Activity
Log Source Report Mapping Guide
TIBCO LogLogic Log Source Report Mapping | 19
Table 9 Log Source Report Mapping by Device Type – Network Activity
Device Type Log Source Reports
Apache WebServer Web Cache Activity
Apache WebServer Web Surfing Activity
Blue Coat ProxySG Web Cache Activity
Check Point Interface Accepted Connections
Check Point Interface Active VPN Connections
Check Point Interface Application Distributions
Check Point Interface Denied Connections
Check Point Interface FTP Connections
Check Point Interface VPN Access
Check Point Interface VPN Sessions
Check Point Interface VPN Top Lists
Check Point Interface Web Surfing Activity
Cisco ASA Accepted Connections
Cisco ASA Active VPN Connections
Cisco ASA Application Distributions
Cisco ASA Denied Connections
Cisco ASA FTP Connections
Cisco ASA VPN Access
Cisco ASA VPN Sessions
Cisco ASA VPN Top Lists
Cisco ASA Web Surfing Activity
Cisco Content Engine Web Cache Activity
Cisco Content Engine Web Surfing Activity
Log Source Report Mapping Guide
20 | Chapter 1 Introduction
Cisco FWSM Accepted Connections
Cisco FWSM Active VPN Connections
Cisco FWSM Application Distributions
Cisco FWSM Denied Connections
Cisco FWSM FTP Connections
Cisco FWSM VPN Access
Cisco FWSM VPN Session
Cisco FWSM VPN Top List
Cisco FWSM Web Surfing Activity
Cisco PIX Accepted Connections
Cisco PIX Active VPN Connections
Cisco PIX Application Distributions
Cisco PIX Denied Connections
Cisco PIX FTP Connections
Cisco PIX VPN Access
Cisco PIX VPN Session
Cisco PIX VPN Top List
Cisco PIX Web Surfing Activity
Cisco Router Denied Connections
Cisco WSA Web Cache Activity
Cisco WSA Web Surfing Activity
Cisco VPN 3000 Active VPN Connections
Cisco VPN 3000 VPN Access
Cisco VPN 3000 VPN Session
Table 9 Log Source Report Mapping by Device Type – Network Activity
Device Type Log Source Reports
Log Source Report Mapping Guide
TIBCO LogLogic Log Source Report Mapping | 21
Cisco VPN 3000 VPN Top List
Fortinet FortiOS Accepted Connections
Fortinet FortiOS Application Distributions
Fortinet FortiOS Denied Connections
Generic W3C Web Cache Activity
Generic W3C Web Surfing Activity
Juniper Firewall Accepted Connections
Juniper Firewall Application Distributions
Juniper Firewall Denied Connections
Juniper RT_Flow Accepted Connections
Juniper RT_Flow Denied Connections
Juniper SSL VPN Web Cache Activity
Juniper SSL VPN Web Surfing Activity
Microsoft DHCP DHCP Denied Activity
Microsoft DHCP DHCP Granted/Renewed Activity
Microsoft DHCP DHCP Activity
Microsoft IAS Web Cache Activity
Microsoft IAS Web Surfing Activity
Microsoft IIS Web Cache Activity
Microsoft IIS Web Surfing Activity
Microsoft ISA Web Cache Activity
NetApp NetCache Web Cache Activity
Nortel Contivity Accepted Connections
Nortel Contivity Active VPN Connections
Table 9 Log Source Report Mapping by Device Type – Network Activity
Device Type Log Source Reports
Log Source Report Mapping Guide
22 | Chapter 1 Introduction
Nortel Contivity Application Distributions
Nortel Contivity Denied Connections
Nortel Contivity VPN Access
Nortel Contivity VPN Sessions
Nortel Contivity VPN Top Lists
Nortel Contivity Web Surfing Activity
Palo Alto Networks PANOS Accepted Connections
Palo Alto Networks PANOS Application Distributions
Palo Alto Networks PANOS Denied Connections
RADIUS Acct Client Active VPN Connections
RADIUS Acct Client VPN Access
RADIUS Acct Client VPN Sessions
RADIUS Acct Client VPN Top Lists
Sidewinder Accepted Connections
Sidewinder Denied Connections
Squid Web Cache Activity
Table 9 Log Source Report Mapping by Device Type – Network Activity
Device Type Log Source Reports
Table 10 Log Source Report Mapping by Device Type – Operational
Device Type Log Source Reports
Active Directory All Unparsed Events
Active Directory Total Message Count
Apache WebServer All Unparsed Events
Apache WebServer Total Message Count
Log Source Report Mapping Guide
TIBCO LogLogic Log Source Report Mapping | 23
Blue Coat Proxy Syslog All Unparsed Events
Blue Coat Proxy Syslog Total Message Count
Blue Coat ProxySG All Unparsed Events
Blue Coat ProxySG Total Message Count
Blue Coat ProxySG All Unparsed Events
BMC Remedy ARS All Unparsed Events
BMC Remedy ARS Total Message Count
Check Point Interface All Unparsed Events
Check Point Interface Firewall Statistics
Check Point Interface Security Events
Check Point Interface System Events
Check Point Interface Total Message Count
Cisco ASA All Unparsed Events
Cisco ASA Firewall Statistics
Cisco ASA Security Events
Cisco ASA System Events
Cisco ASA Total Message Count
Cisco Content Engine All Unparsed Events
Cisco Content Engine Total Message Count
Cisco FWSM All Unparsed Events
Cisco FWSM Firewall Statistics
Cisco FWSM Security Events
Cisco FWSM System Events
Cisco FWSM Total Message Count
Table 10 Log Source Report Mapping by Device Type – Operational
Device Type Log Source Reports
Log Source Report Mapping Guide
24 | Chapter 1 Introduction
Cisco IPS All Unparsed Events
Cisco IPS Total Message Count
Cisco NetFlow All Unparsed Events
Cisco NetFlow Total Message Count
Cisco PIX All Unparsed Events
Cisco PIX Firewall Statistics
Cisco PIX Security Events
Cisco PIX System Events
Cisco PIX Total Message Count
Cisco Router All Unparsed Events
Cisco Router Firewall Statistics
Cisco Router Total Message Count
Cisco Secure ACS All Unparsed Events
Cisco Secure ACS Total Message Count
Cisco WSA All Unparsed Events
Cisco WSA Total Message Count
Cisco Switch All Unparsed Events
Cisco Switch Total Message Count
Cisco VPN 3000 All Unparsed Events
Cisco VPN 3000 Total Message Count
Cisco Win ACS All Unparsed Events
Cisco Win ACS Total Message Count
Decru Datafort All Unparsed Events
Decru Datafort Total Message Count
Table 10 Log Source Report Mapping by Device Type – Operational
Device Type Log Source Reports
Log Source Report Mapping Guide
TIBCO LogLogic Log Source Report Mapping | 25
Fortinet FortiOS All Unparsed Events
Fortinet FortiOS Total Message Count
General Syslog All Unparsed Events
General Syslog Total Message Count
Generic W3C All Unparsed Events
Generic W3C Total Message Count
Guardium SQL Guard All Unparsed Events
Guardium SQL Guard Total Message Count
Guardium SQLGuard Audit All Unparsed Events
Guardium SQLGuard Audit Total Message Count
Guardium SQLGuard Audit All Unparsed Events
Guardium SQLGuard Audit Total Message Count
HP NonStop Audit All Unparsed Events
HP NonStop Audit Total Message Count
HP/UX All Unparsed Events
HP/UX Total Message Count
IBM DB2 All Unparsed Events
IBM DB2 Total Message Count
IBM i5/OS All Unparsed Events
IBM i5/OS Total Message Count
ISS RealSecure NIDS All Unparsed Events
ISS RealSecure NIDS Total Message Count
ISS SiteProtector All Unparsed Events
ISS SiteProtector Total Message Count
Table 10 Log Source Report Mapping by Device Type – Operational
Device Type Log Source Reports
Log Source Report Mapping Guide
26 | Chapter 1 Introduction
Juniper Firewall Firewall Statistics
Juniper Firewall Security Events
Juniper Firewall System Events
Juniper Firewall Total Message Count
Juniper IDP All Unparsed Events
Juniper IDP Total Message Count
Juniper RT_Flow All Unparsed Events
Juniper RT_Flow Firewall Statistics
Juniper RT_Flow Total Message Count
Juniper SSL VPN All Unparsed Events
Juniper SSL VPN Total Message Count
Juniper SSL VPN Secure Access All Unparsed Events
Juniper SSL VPN Secure Access Total Message Count
KondorPlus All Unparsed Events
KondorPlus Total Message Count
Linux All Unparsed Events
Linux Total Message Count
LogLogic Appliance All Unparsed Events
LogLogic Appliance Total Message Count
LogLogic Database Security Manager All Unparsed Events
LogLogic Database Security Manager Total Message Count
McAfee ePolicy Orchestrator All Unparsed Events
McAfee ePolicy Orchestrator Total Message Count
Microsoft DHCP All Unparsed Events
Table 10 Log Source Report Mapping by Device Type – Operational
Device Type Log Source Reports
Log Source Report Mapping Guide
TIBCO LogLogic Log Source Report Mapping | 27
Microsoft DHCP Total Message Count
Microsoft Exchange 2000/03 All Unparsed Events
Microsoft Exchange 2000/03 Total Message Count
Microsoft Exchange 2007 Application logs All Unparsed Events
Microsoft Exchange 2007 Application logs Total Message Count
Microsoft Exchange 2007 Message Tracking All Unparsed Events
Microsoft Exchange 2007 Message Tracking Total Message Count
Microsoft Exchange 2007 Pop/Imap All Unparsed Events
Microsoft Exchange 2007 Pop/Imap Total Message Count
Microsoft Exchange 2007 SMTP Receive All Unparsed Events
Microsoft Exchange 2007 SMTP Receive Total Message Count
Microsoft Exchange 2007 SMTP Send All Unparsed Events
Microsoft Exchange 2007 SMTP Send Total Message Count
Microsoft IAS All Unparsed Events
Microsoft IAS Total Message Count
Microsoft IIS All Unparsed Events
Microsoft IIS Total Message Count
Microsoft ISA All Unparsed Events
Microsoft ISA Total Message Count
Microsoft Operation Manager All Unparsed Events
Microsoft Operation Manager Total Message Count
Microsoft SharePoint All Unparsed Events
Microsoft SharePoint Total Message Count
Microsoft SQL Server All Unparsed Events
Table 10 Log Source Report Mapping by Device Type – Operational
Device Type Log Source Reports
Log Source Report Mapping Guide
28 | Chapter 1 Introduction
Microsoft SQL Server Total Message Count
Microsoft SQL Server Application logs All Unparsed Events
Microsoft SQL Server Application logs Total Message Count
Microsoft SQL Server GDBC All Unparsed Events
Microsoft SQL Server GDBC Total Message Count
Microsoft Windows All Unparsed Events
Microsoft Windows Total Message Count
NetApp Filer All Unparsed Events
NetApp Filer Total Message Count
NetApp Filer Audit All Unparsed Events
NetApp Filer Audit Total Message Count
NetApp NetCache All Unparsed Events
NetApp NetCache Total Message Count
Nortel Contivity All Unparsed Events
Nortel Contivity System Events
Nortel Contivity Total Message Count
Novell eDirectory All Unparsed Events
Novell eDirectory Total Message Count
Oracle Database All Unparsed Events
Oracle Database Total Message Count
Oracle GDBC All Unparsed Events
Oracle GDBC Total Message Count
Other File Device All Unparsed Events
Other File Device Total Message Count
Table 10 Log Source Report Mapping by Device Type – Operational
Device Type Log Source Reports
Log Source Report Mapping Guide
TIBCO LogLogic Log Source Report Mapping | 29
Other UNIX All Unparsed Events
Other UNIX Total Message Count
Palo Alto Networks PANOS All Unparsed Events
Palo Alto Networks PANOS Total Message Count
RADIUS Acct Client All Unparsed Events
RADIUS Acct Client Total Message Count
RSA ACE Server All Unparsed Events
RSA ACE Server Total Message Count
Sidewinder All Unparsed Events
Sidewinder Firewall Statistics
Sidewinder Total Message Count
Snort All Unparsed Events
Snort Total Message Count
Sourcefire All Unparsed Events
Sourcefire Total Message Count
Squid All Unparsed Events
Squid Total Message Count
Sun Solaris All Unparsed Events
Sun Solaris Total Message Count
Sun Solaris BSM All Unparsed Events
Sun Solaris BSM Total Message Count
Sybase ASE All Unparsed Events
Sybase ASE Total Message Count
Symantec AntiVirus All Unparsed Events
Table 10 Log Source Report Mapping by Device Type – Operational
Device Type Log Source Reports
Log Source Report Mapping Guide
30 | Chapter 1 Introduction
Symantec AntiVirus Total Message Count
TrendMicro Control Manager All Unparsed Events
TrendMicro Control Manager Total Message Count
TrendMicro OfficeScan All Unparsed Events
TrendMicro OfficeScan Total Message Count
Tripwire Management Station All Unparsed Events
Tripwire Management Station Total Message Count
VMWare ESX All Unparsed Events
VMWare ESX Total Message Count
VMWare vCenter All Unparsed Events
VMWare vCenter Total Message Count
z/OS RACF All Unparsed Events
z/OS RACF Total Message Count
Table 10 Log Source Report Mapping by Device Type – Operational
Device Type Log Source Reports
Table 11 Log Source Report Mapping by Device Type – Policy Reports
Device Type Log Source Reports
Check Point Interface Rules/Policies
Juniper Firewall Rules/Policies
LogLogic Appliance Network Policies
Microsoft SharePoint ECM Policy
Nortel Contivity Rules/Policies
Log Source Report Mapping Guide
TIBCO LogLogic Log Source Report Mapping | 31
Table 12 Log Source Report Mapping by Device Type – Storage Systems Activity
Device Type Log Source Reports
NetApp Filer Filer Access
NetApp Filer Audit Filer Access
Table 13 Log Source Report Mapping by Device Type – Threat Management
Device Type Log Source Reports
Cisco ASA IDS/IPS Activity
Cisco FWSM IDS/IPS Activity
Cisco IPS IDS/IPS Activity
Cisco PIX IDS/IPS Activity
Fortinet FortiOS IDS/IPS Activity
Fortinet FortiOS Threat Activity
Guardium SQL Guard DB IPS Activity
Guardium SQLGuard Audit DB IPS Activity
ISS RealSecure NIDS IDS/IPS Activity
ISS SiteProtector IDS/IPS Activity
Juniper IDP IDS/IPS Activity
LogLogic Database Security Manager IDS/IPS Activity
McAfee ePolicy Orchestrator Configuration Activity
McAfee ePolicy Orchestrator HIPS Activity
McAfee ePolicy Orchestrator Scan Activity
McAfee ePolicy Orchestrator Threat Activity
Snort IDS/IPS Activity
Sourcefire IDS/IPS Activity
Log Source Report Mapping Guide
32 | Chapter 1 Introduction
Symantec AntiVirus Configuration Activity
Symantec AntiVirus Scan Activity
Symantec AntiVirus Threat Activity
TrendMicro Control Manager Threat Activity
TrendMicro OfficeScan Threat Activity
Table 13 Log Source Report Mapping by Device Type – Threat Management
Device Type Log Source Reports
Log Source Report Mapping Guide