Log Type / Table | Description | Fields |
|---|
ACF2Log | Todo | DATE TIME SYSTEM TABLE USERNAME RESOURCE LOGTYPE EVENTID RETURN DATA
|
AgentHeartBeat | | DATE TIME SYSTEM TABLE AGENTTYPE VERSION ACTION STRINGS
|
AIXAudit | | DATE TIME SYSTEM TABLE EVENTID EVENTCOUNT RUID EUID PROCESS PID PPID RETURNCODE STRINGS TARGET
|
ApacheLog | | DATE TIME SYSTEM TABLE HOSTNAME USERNAME URL RETURNCODE BYTES REFERRER AGENT PROTOCOL LOGTYPE CATEGORY STRINGS
|
AppleBSM | | DATE TIME SYSTEM TABLE EVENTCOUNT EVENTID AUID EUID EGID RUID RGID PID RETURNCODE STRINGS TARGET
|
Browser | | DATE TIME SYSTEM TABLE SOURCE USERNAME EVENT MESSAGE REFERRER LENGTH RESPONSE
|
CarbonBlack | | DATE TIME SYSTEM TABLE TYPE STRINGS
|
CISCORouterLog | | DATE TIME SYSTEM TABLE CRITICALITY ACTION PROTO SRCADDR SRCPORT DSTADDR DSTPORT STRING
|
CuramAuthenticationLog | | DATE TIME SYSTEM TABLE USERNAME LOGINFAILURES LASTLOGIN LOGINSTATUS LOGID VERSIONNO LASTWRITTEN
|
CuramAuthorisationLog | | DATE TIME SYSTEM TABLE USERNAME LOGID IDENTIFIERNAME LASTWRITTEN
|
CuramOpAuditLog | | DATE TIME SYSTEM TABLE USERID PROGRAMNAME TRANTYPE LASTWRITTEN
|
CyberGuardFirewallLog | | DATE TIME SYSTEM TABLE ACTION PROTO SRCINT SRCADDR SRCPORT DSTINT DSTADDR DSTPORT
|
DhcpSrvLog | | DATE TIME SYSTEM TABLE TYPE ID MACADDR IPADDR HOSTNAME DESCRIPTION
|
Exch2008MTLog | | DATE TIME SYSTEM TABLE SOURCE EVENTID USER SOURCEADDR DESTADDR SOURCESYSTEM DESTSYSTEM MESSAGEID BYTES STATUS STRING
|
ExchMTLog | | DATE TIME SYSTEM TABLE SOURCE EVENTID USER SOURCEADDR DESTADDR SOURCESYSTEM DESTSYSTEM MESSAGEID BYTES STATUS STRING
|
F5Violations | | DATE TIME SYSTEM TABLE MANAGEMENTIPADDRESS HTTPCLASSNAME WEBAPPLICATIONNAME POLICYNAME POLICYAPPLYDATE VIOLATIONS SUPPORTID REQUESTSTATUS RESPONSECODE ROUTEDOMAIN METHOD HTTPPROTOCOL QUERYSTRING XFORWARDEDFORHEADERVALUE SIGIDS SIGNAMES SEVERITY ATTACKTYPE GEOLOCATION IPADDRESSINTELLIGENCE USERNAME SESSIONID SRCADDR SRCPORT DSTADDR DSTPORT PROTO SUBVIOLATIONS VIRUSNAME URI REQUEST STRINGS
|
Firewall1Log | | DATE TIME SYSTEM TABLE ACTION INTERFACE SRCADDR SRCPORT DSTADDR DSTPORT PROTO RULE MESSAGE
|
Fortigate | | DATE TIME SYSTEM TABLE VERSION ACTION CATEGORY TYPE SUBTYPE RULENAME PROTO USRNAME SERIALNUMBER NATSRCIP NATDSTIP SOURCEUSER DESTINATIONUSER APPLICATION VIRTUALSYSTEM SRCADDR SRCPORT DSTADDR DSTPORT SOURCEZONE DESTINATIONZONE INGRESSINTERFACE EGRESSINTERFACE LOGFORWARDINGPROFILE SESSIONID REPEATCOUNT NATSOURCEPORT NATDESTPORT FLAGS BYTES PACKETS ELAPSEDTIME URLCATEGORY BYTESIN BYTESOUT SEVERITY STRING
|
FWOBJActionsLog | | DATE TIME SYSTEM TABLE APPLICATION TRANSID RECTYPE FOLDERCODE USER COMMENT ACTION
|
FWOBJActionsRawLog | | DATE TIME SYSTEM TABLE SEQUENCE FILENUMBER CLIENTID CLIENTTYPE ACTIONMETHOD OFFICER OBJNAME OBJMETHOD COMMENTS OBJNAMEMETHOD
|
GauntletFirewallLog | | DATE TIME SYSTEM TABLE CRITICALITY PROXY ACTION SRCADDR SRCPORT DSTADDR DSTPORT PROTO STRING
|
GenericLog | | DATE TIME SYSTEM TABLE CRITICALITY SOURCE DETAILS
|
IISWebLog | | DATE TIME SYSTEM TABLE HOSTNAME USERNAME URL RETURNCODE BYTES REFERRER AGENT PROTOCOL LOGTYPE CATEGORY STRINGS
|
IPTablesFirewall | | DATE TIME SYSTEM TABLE ACTION INTERFACE SRCADDR SRCPORT DSTADDR DSTPORT PROTO STRINGS
|
IrixSAT | | DATE TIME SYSTEM TABLE EVENTID EVENTTYPE COMMAND AUID EUID EGID TARGET RETURNCODE EVENTCOUNT STRINGS
|
ISAFWSLog | | DATE TIME SYSTEM TABLE PROTO ACTION SRCADDR SRCPORT DSTADDR DSTPORT STATUS RULE APPLICATION STRINGS
|
ISAWebLogDVA | | DATE TIME SYSTEM TABLE HOSTNAME USERNAME URL RETURNCODE BYTES REFERRER AGENT PROTOCOL LOGTYPE CATEGORY STRINGS
|
ISAWebLog | | DATE TIME SYSTEM TABLE HOSTNAME USERNAME URL RETURNCODE BYTES REFERRER AGENT PROTOCOL LOGTYPE CATEGORY STRINGS
|
ISAWebLogImport | | DATE TIME SYSTEM TABLE HOSTNAME USERNAME URL RETURNCODE BYTES REFERRER AGENT PROTOCOL LOGTYPE CATEGORY STRINGS
|
LinuxAudit | | DATE TIME SYSTEM TABLE EVENTCOUNT EVENTID RUID RGID EUID EGID PROCESS RETURNCODE SUCCESS TARGET STRINGS
|
LinuxKAudit | | DATE TIME SYSTEM TABLE EVENTCOUNT EVENTID RUID RGID EUID EGID PROCESS RETURNCODE SUCCESS TARGET STRINGS
|
LotusNotesLog | | DATE TIME SYSTEM TABLE SOURCE EVENT
|
MailLog | | DATE TIME SYSTEM TABLE SOURCE EVENTID USER SOURCEADDR DESTADDR SOURCESYSTEM DESTSYSTEM MESSAGEID BYTES STATUS STRING
|
MSDNSServer | | DATE TIME SYSTEM TABLE STRING DNSNAME
|
MSProxySvr | | DATE TIME SYSTEM TABLE HOSTNAME USERNAME URL RETURNCODE BYTES REFERRER AGENT PROTOCOL LOGTYPE CATEGORY STRINGS
|
MSSQLLog | | DATE TIME SYSTEM TABLE EVENTID CLASS SPID DBNAME USERNAME OBJECTNAME ROLENAME TARGETUSERNAME DBUSERNAME TARGETLOGINNAME STRINGS
|
MSWinEventLog | | DATE TIME DATETIME SYSTEM TABLE EVENTCOUNT EVENTID SOURCE USER SOURCETYPE RETURN DATA STRINGS
|
MSWinEventLog | | DATE TIME SYSTEM TABLE EVENTCOUNT EVENTID SOURCE USER SOURCETYPE RETURN DATA STRINGS
|
NCRATMLog | | DATE TIME SYSTEM TABLE CRITICALITY EVENTID UID SEQNUM STRINGS
|
NetgearFirewallLog | | DATE TIME SYSTEM TABLE ACTION MODULE SRCADDR SRCPORT DSTADDR DSTPORT PROTO MESSAGE
|
NetgearRouterLog | | DATE TIME SYSTEM TABLE ACTION SRCADDR SRCPORT DSTADDR DSTPORT PROTO MESSAGE
|
NetscalerLog | | DATE TIME SYSTEM TABLE CRITICALITY SOURCE EVENTID USER CLIENTIP EVENTCOUNT EVENT
|
NetScreenFirewall | | DATE TIME SYSTEM TABLE ACTION PROTO SRCADDR SRCPORT DSTADDR DSTPORT DURATION SENT RECEIVED DIRECTION DETAILS
|
NortelVPNRouter | | DATE TIME SYSTEM TABLE CRITICALITY LOGSOURCE USERID CPU LOGTYPE DETAILS
|
ObjectAccess | | DATE TIME SYSTEM TABLE OBJECT OWNER OWNERTYPE ACCESS CAPABILITIES SOURCE
|
ObjectStarLog | | DATE TIME SYSTEM TABLE IDGEN_KEY USER USER_CLEARANCE OBJECT OBJECT_CLASSFCTN ACCESS_ALLOWED MESSAGE_NO PARAM1 PARAM2 ACTIVITY OBJECT_TYPE
|
OracleLog | | DATE TIME SYSTEM TABLE NODE INSTANCE SESSIONID ENTRYID STATEMENT USERID USERHOST TERMINAL ACTION RETURNCODE COMMENTS OSUSERID PRIV STRINGS
|
OS400Log | | DATE TIME SYSTEM TABLE JOURNALCODE JOURNALENTRYCODE JOBNAME JOBUSER JOBNUMBER PROGRAM OFNAME OFLIBRARY OFTYPE STRINGS
|
PIXLog | | DATE TIME SYSTEM TABLE CRITICALITY EVENTID ACTION PROTO SRCADDR SRCPORT DSTADDR DSTPORT STRING
|
QUASARSAudit | | DATE TIME SYSTEM TABLE IDENTITY ACTION IDTYPE IDVALUE AUDITTABLE FIELD OLDVALUE NEWVALUE
|
RACFLog | | DATE TIME SYSTEM TABLE EVENTID JOBNAME SOURCE RESOURCE ACTION USERID USERNAME USERFLAGS GROUPID RETURN RESULT DATA
|
SidewinderFirewallLog | | DATE TIME SYSTEM TABLE ACTION PROTO SRCINT SRCADDR SRCPORT DSTINT DSTADDR DSTPORT FAC AREA TYPE PRIORITY PID RUID EUID PGID LOGID COMMAND DOMAIN EDOMAIN CATEGORY ATTACKADDR ATTACKINT SERVICENAME USERNAME AUTHMETHOD ACLID CACHEHIT REASON
|
SidewinderLog | | DATE TIME SYSTEM TABLE USERNAME AUTHMETHOD SRCADDR SRCPORT DSTADDR DSTPORT PROTO EVENT TYPE REASON STRINGS
|
SMTPSvcLog | | DATE TIME SYSTEM TABLE SOURCE EVENTID USER SOURCEADDR DESTADDR SOURCESYSTEM DESTSYSTEM MESSAGEID BYTES STATUS STRING
|
SnareServerLog | | DATE TIME SYSTEM TABLE SOURCE USERNAME RESOURCE ACTION RETURN DETAILS
|
SNMPTrap | | DATE TIME SYSTEM TABLE STRINGS
|
Snort | | DATE TIME SYSTEM TABLE EVENTID PRIORITY CLASSIFICATION DESCRIPTION SRCADDR SRCPORT DSTADDR DSTPORT PROTO
|
SOCKSLog | | DATE TIME SYSTEM TABLE ACTION MESSAGE
|
SolarisBSM | | DATE TIME SYSTEM TABLE EVENTCOUNT EVENTID AUID EUID EGID RUID RGID PID RETURNCODE STRINGS TARGET
|
SonicWall | | DATE TIME SYSTEM TABLE EVENTID CATEGORY PRIORITY FWADDR PROTO SRCADDR SRCPORT DSTADDR DSTPORT MESSAGE STRINGS
|
SonicWallSSLVPN | | DATE TIME SYSTEM TABLE ACTION PRIORITY FWADDR SRCADDR DSTADDR PORTAL DOMAIN USER MESSAGE AGENT STRING
|
SophosDataControlLog | | DATE TIME SYSTEM TABLE USERNAME COMPUTER SOURCEPATH DESTINATIONPATH FILENAME DESTTYPE STRINGS
|
SophosWeb | | DATE TIME SYSTEM TABLE USERNAME CRITICALITY CATEGORY RULE REASON THREAT DOMAIN METHOD URL PROTOCOL SRCIP DESTIP AGENT OS BYTESIN BYTESOUT REFERRER STRINGS
|
SquidProxyLog | | DATE TIME SYSTEM TABLE HOSTNAME USERNAME URL RETURNCODE BYTES REFERRER AGENT PROTOCOL LOGTYPE CATEGORY STRINGS
|
TandemLog | | DATE TIME SYSTEM TABLE PSGUSER PSGUSERID PCGUSER POOBJECTTYPE POOPERATION POOWNUSER POOWNUSERID PSTERM PCTERM RETURN
|
TopicLog | | DATE TIME SYSTEM TABLE CLIENT USERNAME OPERATION QUERY TITLE COLLECTIONS SERIAL PATH RULE
|
TrendDSM | | DATE TIME SYSTEM TABLE CRITICALITY EVENTNUMBER TITLE TARGET ACTIONBY DESCRIPTION TAGS
|
Tru64Audit | | DATE TIME SYSTEM TABLE EVENTID USERID AUID RUID EUID PID PPID RETURNCODE STRINGS TARGET
|
VMSLog | | DATE TIME SYSTEM TABLE EVENTID EVENTTYPE USERNAME SYSTEMID PID TERMINALNAME PROCESSNAME PROCESSOWNER REMOTEUSERNAME REMOTENODENAME IMAGENAME COMMANDLINE OBJECTCLASSNAME AUDITINGFLAGS ALARMFLAGS STATUS DATA
|
VWActionsLog | | DATE TIME SYSTEM TABLE SEQUENCE CLIENTID METHODCODE OFFICERCODE FOLDERCODE CLIENTTYPE
|
WebLog | | DATE TIME SYSTEM TABLE HOSTNAME USERNAME URL RETURNCODE BYTES REFERRER AGENT PROTOCOL LOGTYPE CATEGORY STRINGS
|
WinDHCP | | DATE TIME SYSTEM TABLE EVENTID DESCRIPTION IPADDRESS HOSTNAME MACADDRESS
|