TIBCO LogLogic® Log Management Intelligence (LMI) · † LogLogic Online Help—Describes the...

Two-Second Ad

TIBCO LogLogic®

Log Management Intelligence (LMI)

Log Source Report Mapping GuidebookSoftware Release 5.5.0May 2014

vantage®

Important Information

SOME TIBCO SOFTWARE EMBEDS OR BUNDLES OTHER TIBCO SOFTWARE. USE OF SUCH EMBEDDED OR BUNDLED TIBCO SOFTWARE IS SOLELY TO ENABLE THE FUNCTIONALITY (OR PROVIDE LIMITED ADD-ON FUNCTIONALITY) OF THE LICENSED TIBCO SOFTWARE. THE EMBEDDED OR BUNDLED SOFTWARE IS NOT LICENSED TO BE USED OR ACCESSED BY ANY OTHER TIBCO SOFTWARE OR FOR ANY OTHER PURPOSE.USE OF TIBCO SOFTWARE AND THIS DOCUMENT IS SUBJECT TO THE TERMS AND CONDITIONS OF A LICENSE AGREEMENT FOUND IN EITHER A SEPARATELY EXECUTED SOFTWARE LICENSE AGREEMENT, OR, IF THERE IS NO SUCH SEPARATE AGREEMENT, THE CLICKWRAP END USER LICENSE AGREEMENT WHICH IS DISPLAYED DURING DOWNLOAD OR INSTALLATION OF THE SOFTWARE (AND WHICH IS DUPLICATED IN THE LICENSE FILE) OR IF THERE IS NO SUCH SOFTWARE LICENSE AGREEMENT OR CLICKWRAP END USER LICENSE AGREEMENT, THE LICENSE(S) LOCATED IN THE “LICENSE” FILE(S) OF THE SOFTWARE. USE OF THIS DOCUMENT IS SUBJECT TO THOSE TERMS AND CONDITIONS, AND YOUR USE HEREOF SHALL CONSTITUTE ACCEPTANCE OF AND AN AGREEMENT TO BE BOUND BY THE SAME.This document contains confidential information that is subject to U.S. and international copyright laws and treaties. No part of this document may be reproduced in any form without the written authorization of TIBCO Software Inc.TIBCO, Two-Second Advantage, and LogLogic are either registered trademarks or trademarks of TIBCO Software Inc. in the United States and/or other countries.All other product and company names and marks mentioned in this document are the property of their respective owners and are mentioned for identification purposes only.THIS SOFTWARE MAY BE AVAILABLE ON MULTIPLE OPERATING SYSTEMS. HOWEVER, NOT ALL OPERATING SYSTEM PLATFORMS FOR A SPECIFIC SOFTWARE VERSION ARE RELEASED AT THE SAME TIME. SEE THE README FILE FOR THE AVAILABILITY OF THIS SOFTWARE VERSION ON A SPECIFIC OPERATING SYSTEM PLATFORM.THIS DOCUMENT IS PROVIDED “AS IS” WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT.THIS DOCUMENT COULD INCLUDE TECHNICAL INACCURACIES OR TYPOGRAPHICAL ERRORS. CHANGES ARE PERIODICALLY ADDED TO THE INFORMATION HEREIN; THESE CHANGES WILL BE INCORPORATED IN NEW EDITIONS OF THIS DOCUMENT. TIBCO SOFTWARE INC. MAY MAKE IMPROVEMENTS AND/OR CHANGES IN THE PRODUCT(S) AND/OR THE PROGRAM(S) DESCRIBED IN THIS DOCUMENT AT ANY TIME.THE CONTENTS OF THIS DOCUMENT MAY BE MODIFIED AND/OR QUALIFIED, DIRECTLY OR INDIRECTLY, BY OTHER DOCUMENTATION WHICH ACCOMPANIES THIS SOFTWARE, INCLUDING BUT NOT LIMITED TO ANY RELEASE NOTES AND "READ ME" FILES.Copyright © 2002-2014 TIBCO Software Inc. ALL RIGHTS RESERVED.TIBCO Software Inc. Confidential Information

Contents | 3

Contents

Preface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5

Related Documents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

Technical Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

Typographical Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

Chapter 1 Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11

TIBCO LogLogic Log Source Report Mapping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

Log Source Report Mapping Guide

4 | Contents


| 5

Preface

TIBCO LogLogic® Appliances let you capture and manage log data from all types of log sources in your enterprise. This LogLogic Log Source Report Mapping Guidebook provides a set of tables listing Log Source Reports by Device Type, sorted by UI Category.

For more information on creating reports and alerts, see the LogLogic User Guide and LogLogic Online Help.

Topics

• Related Documents, page 6

• Technical Support, page 7

• Typographical Conventions, page 8


6 | Related Documents

Related Documents

The LogLogic documentation is available on the TIBCO Product Documentation website — https://docs.tibco.com/products/a_z_products.

The following documents contain information about the TIBCO LogLogic Appliances:

• LogLogic Release Notes—Provides information specific to the release including product information, new features and functionality, resolved issues, known issues and any late-breaking information. Check the LogLogic support web site periodically for possible further updates.

• LogLogic Hardware Installation Guide—Describes how to get started with your LogLogic Appliance. In addition, the guide includes details about the Appliance hardware for all models.

• LogLogic Upgrade Guide—Describes how to configure and upgrade the LogLogic Appliance software.

• LogLogic User Guide—Describes how to use the LogLogic solution, viewing dashboard, managing reports, managing alerts, and performing searches.

• LogLogic Administration Guide—Describes how to administer the LogLogic solution including all Management and Administration menu options.

• LogLogic Log Source Configuration Guide—Describe how to support log data from various log sources. There is a separate manual for each supported log source. These documents include documentation on LogLogic Collectors as well as documentation on how to configure log sources to work with the LogLogic solution.

• LogLogic Collector Guides—Describe how to implement support for using a LogLogic Collector for specific log sources such as IBM i5/OS and ISS Site Protector.

• LogLogic Web Services API Implementation Guide—Describes how to implement the LogLogic Web Services APIs to manage reports, manage alerts, perform searches, and administrate the system.

• LogLogic Syslog Alert Message Format Quick Reference Guide—Describes the LogLogic Syslog alert message format.

• LogLogic Online Help—Describes the Appliance user interface, including descriptions for each screen, tab, and element in the Appliance.


Preface | 7

Technical Support

TIBCO LogLogic is committed to the success of our customers and to ensuring our products improve customers' ability to maintain secure, reliable networks. Although TIBCO LogLogic products are easy to use and maintain, occasional assistance might be necessary. TIBCO LogLogic provides timely and comprehensive customer support and technical assistance from highly knowledgeable, experienced engineers that can help you maximize the performance of your TIBCO LogLogic Appliances.

To reach TIBCO LogLogic Customer Support:

Telephone: Toll Free—1-800-957-LOGS

Local—1-408-834-7480

EMEA or APAC: + 44 (0) 207 1170075 or +44 (0) 8000 669970

Email: [email protected]

Support website: https://support.tibco.com/loglogic.htm.

When contacting Customer Support, be prepared to provide:

• Your name, email address, phone number, and fax number

• Your company name and company address

• Your machine type and release version

• A description of the problem and the content of pertinent error messages (if any)


8 | Typographical Conventions

Typographical Conventions

The following typographical conventions are used in this manual.

Table 1 General Typographical Conventions

Convention Use

ENV_NAME

TIBCO_HOME

<ProductAcronym>_HOME

TIBCO products are installed into an installation environment. A product installed into an installation environment does not access components in other installation environments. Incompatible products and multiple instances of the same product must be installed into different installation environments.

An installation environment consists of the following properties:

• Name Identifies the installation environment. This name is referenced in documentation as ENV_NAME. On Microsoft Windows, the name is appended to the name of Windows services created by the installer and is a component of the path to the product shortcut in the Windows Start > All Programs menu.

• Path The folder into which the product is installed. This folder is referenced in documentation as TIBCO_HOME.

TIBCO <ProductName> installs into a directory within a TIBCO_HOME. This directory is referenced in documentation as <ProductAcronym>_HOME. The default value of <ProductAcronym>_HOME depends on the operating system. For example on Windows systems, the default value is C:\tibco\<ProductAcronym>\<ReleaseNumber>.

code font Code font identifies commands, code examples, filenames, pathnames, and output displayed in a command window. For example:

Use MyCommand to start the foo process.

bold code font Bold code font is used in the following ways:

• In procedures, to indicate what a user types. For example: Type admin.

• In large code samples, to indicate the parts of the sample that are of particular interest.

• In command syntax, to indicate the default parameter for a command. For example, if no parameter is specified, MyCommand is enabled: MyCommand [enable | disable]


Preface | 9

italic font Italic font is used in the following ways:

• To indicate a document title. For example: See TIBCO ActiveMatrix BusinessWorks Concepts.

• To introduce new terms For example: A portal page may contain several portlets. Portlets are mini-applications that run in a portal.

• To indicate a variable in a command or code syntax that you must replace. For example: MyCommand PathName

Key combinations

Key name separated by a plus sign indicate keys pressed simultaneously. For example: Ctrl+C.

Key names separated by a comma and space indicate keys pressed one after the other. For example: Esc, Ctrl+Q.

The note icon indicates information that is of special interest or importance, for example, an additional action required only in certain circumstances.

The tip icon indicates an idea that could be useful, for example, a way to apply the information provided in the current section to achieve a specific result.

The warning icon indicates the potential for a damaging situation, for example, data loss or corruption if certain steps are taken or not taken.

Table 1 General Typographical Conventions (Cont’d)

Convention Use


10 | Typographical Conventions


| 11

Chapter 1 Introduction

This guide provides a set of tables listing Log Source Reports by Device Type, sorted by the following UI Categories: Access Control, Database Activity, Enterprise Content Management, HP NonStop Audit, IBM i5/OS Activity, IBM z/OS Activity, Mail Activity, Network Activity, Operational, Policy Reports, Storage Systems Activity, and Threat Management.

For more information on Log Source Package (LSP) devices please see the Log Source Guide for that device.

Topics

• TIBCO LogLogic Log Source Report Mapping, page 12


12 | Chapter 1 Introduction

TIBCO LogLogic Log Source Report Mapping

Table 2 Log Source Report Mapping by Service Type - Access Control

Device Type Log Source Reports

Active Directory User Created/Deleted

Active Directory Windows Events

Active Directory User Access

Active Directory Permission Modification

BMC Remedy ARS User Access

BMC Remedy ARS User Authentication

Check Point Interface User Access

Check Point Interface User Authentication

Cisco ASA User Access

Cisco ASA User Authentication

Cisco FWSM User Access

Cisco FWSM User Authentication

Cisco PIX User Access

Cisco PIX User Authentication

Cisco Secure ACS User Access

Cisco Secure ACS User Authentication

Cisco VPN 3000 User Access

Cisco VPN 3000 User Authentication

Cisco Win ACS User Access

Cisco Win ACS User Authentication

HP/UX User Access

HP/UX User Authentication


TIBCO LogLogic Log Source Report Mapping | 13

HP/UX Permission Modification

HP/UX User Created/Deleted

HP/UX Audit User Access

HP/UX Audit User Authentication

HP/UX Audit Permission Modification

HP/UX Audit User Created/Deleted

Juniper Firewall User Access

Juniper Firewall User Authentication

Juniper SSL VPN User Access

Juniper SSL VPN User Authentication

KondorPlus User Access

KondorPlus User Authentication

Linux User Access

Linux User Authentication

Linux User Created/Deleted

Linux Permission Modification

Microsoft Operation Manager User Access

Microsoft Operation Manager User Authentication

Microsoft Operation Manager Permission Modification

Microsoft Operation Manager User Created/Deleted

Microsoft Operation Manager Windows Events

Microsoft SQL Server User Access

Microsoft SQL Server User Authentication

Microsoft SQL Server Permission Modification





Microsoft Windows User Access

Microsoft Windows User Authentication

Microsoft Windows Permission Modification

Microsoft Windows User Created/Deleted

Microsoft Windows Windows Events

NetApp Filer User Access

NetApp Filer User Authentication

NetApp Filer User Created/Deleted

NetApp Filer Audit User Access

NetApp Filer Audit User Authentication

Nortel Contivity User Access

Nortel Contivity User Authentication

Novell eDirectory User Access

Novell eDirectory User Authentication

Novell eDirectory Permission Modification

Other UNIX User Access

Other UNIX User Authentication

Other UNIX User Created/Deleted

Other UNIX Permission Modification

RSA ACE Server User Access

RSA ACE Server User Authentication

Sidewinder User Access

Sidewinder User Authentication

Sidewinder User Created/Deleted





SiteMinder User Access

SiteMinder User Authentication

Sun Solaris User Access

Sun Solaris User Authentication

Sun Solaris User Created/Deleted

Sun Solaris Permission Modification

Sun Solaris BSM User Access

Sun Solaris BSM User Authentication

Sun Solaris BSM User Created/Deleted

Sun Solaris BSM Permission Modification

VMWare ESX User Access

VMWare ESX User Authentication

VMWare ESX User Created/Deleted

VMWare ESX Permission Modification

VMWare vCenter User Access

VMWare vCenter User Authentication

VMWare vCloud Director User Access

VMWare vCloud Director User Authentication



Table 3 Log Source Report Mapping by Device Type – Database Activity


IBM DB2 Database Access

IBM DB2 Database Data Access



IBM DB2 Database Privilege Modifications

IBM DB2 Database System Modifications

IBM DB2 Permission Modification

Microsoft SQL Server All Database Events

Microsoft SQL Server Database Access

Microsoft SQL Server Database Data Access

Microsoft SQL Server Database Privilege Modifications

Microsoft SQL Server Database System Modifications

Oracle Database All Database Events

Oracle Database Database Access

Oracle Database Database Data Access

Oracle Database Database Privilege Modifications

Oracle Database Database System Modifications

Sybase ASE All Database Events

Sybase ASE Database Access

Sybase ASE Database Data Access

Sybase ASE Database Privilege Modifications

Sybase ASE Database System Modifications

Table 3 Log Source Report Mapping by Device Type – Database Activity


Table 4 Log Source Report Mapping by Device Type – Enterprise Content Management


Cisco ASA Content Management

Cisco ASA ECM Activity

Fortinet FortiOS ECM Activity



Microsoft SharePoint Content Management

Microsoft SharePoint ECM Activity

Microsoft SharePoint Expiration and Disposition

Microsoft SharePoint Security Settings

Table 4 Log Source Report Mapping by Device Type – Enterprise Content Management


Table 5 Log Source Report Mapping by Device Type – HP NonStop Audit


HP NonStop Audit Configuration Changes

HP NonStop Audit Failed And Successful Logins

HP NonStop Audit HP NonStop Audit Activity

HP NonStop Audit Object Access

HP NonStop Audit Object Changes

HP NonStop Audit User Actions

Table 6 Log Source Report Mapping by Device Type – IBM i5/OS


IBM i5/OS All Log Entry Types

IBM i5/OS System Object Access

IBM i5/OS User Access by Connection

IBM i5/OS User Action

IBM i5/OS User Jobs



Table 7 Log Source Report Mapping by Device Type – IBM z/OS Activity


z/OS RACF Unix System Services

z/OS RACF Violation

z/OS RACF Login/Logout

z/OS RACF Resource Access

z/OS RACF Security Modifications

z/OS RACF System Access/Configuration

Table 8 Log Source Report Mapping by Device Type – Mail Activity


Microsoft Exchange 2000/03 Exchange 2000/03 Activity

Microsoft Exchange 2000/03 Exchange 2000/03 Delay

Microsoft Exchange 2000/03 Exchange 2000/03 Delay

Microsoft Exchange 2000/03 Exchange 2000/03 Size

Microsoft Exchange 2000/03 Exchange 2000/03 SMTP

Microsoft Exchange 2007 Message Tracking Exchange 2007 Mail Size

Microsoft Exchange 2007 Message Tracking Exchange 2007 Activity

Microsoft Exchange 2007 Pop/Imap Server Activity

Microsoft Exchange 2007 SMTP Receive Server Activity

Microsoft Exchange 2007 SMTP Send Server Activity



Table 9 Log Source Report Mapping by Device Type – Network Activity


Apache WebServer Web Cache Activity

Apache WebServer Web Surfing Activity

Blue Coat ProxySG Web Cache Activity

Check Point Interface Accepted Connections

Check Point Interface Active VPN Connections

Check Point Interface Application Distributions

Check Point Interface Denied Connections

Check Point Interface FTP Connections

Check Point Interface VPN Access

Check Point Interface VPN Sessions

Check Point Interface VPN Top Lists

Check Point Interface Web Surfing Activity

Cisco ASA Accepted Connections

Cisco ASA Active VPN Connections

Cisco ASA Application Distributions

Cisco ASA Denied Connections

Cisco ASA FTP Connections

Cisco ASA VPN Access

Cisco ASA VPN Sessions

Cisco ASA VPN Top Lists

Cisco ASA Web Surfing Activity

Cisco Content Engine Web Cache Activity

Cisco Content Engine Web Surfing Activity



Cisco FWSM Accepted Connections

Cisco FWSM Active VPN Connections

Cisco FWSM Application Distributions

Cisco FWSM Denied Connections

Cisco FWSM FTP Connections

Cisco FWSM VPN Access

Cisco FWSM VPN Session

Cisco FWSM VPN Top List

Cisco FWSM Web Surfing Activity

Cisco PIX Accepted Connections

Cisco PIX Active VPN Connections

Cisco PIX Application Distributions

Cisco PIX Denied Connections

Cisco PIX FTP Connections

Cisco PIX VPN Access

Cisco PIX VPN Session

Cisco PIX VPN Top List

Cisco PIX Web Surfing Activity

Cisco Router Denied Connections

Cisco WSA Web Cache Activity

Cisco WSA Web Surfing Activity

Cisco VPN 3000 Active VPN Connections

Cisco VPN 3000 VPN Access

Cisco VPN 3000 VPN Session





Cisco VPN 3000 VPN Top List

Fortinet FortiOS Accepted Connections

Fortinet FortiOS Application Distributions

Fortinet FortiOS Denied Connections

Generic W3C Web Cache Activity

Generic W3C Web Surfing Activity

Juniper Firewall Accepted Connections

Juniper Firewall Application Distributions

Juniper Firewall Denied Connections

Juniper RT_Flow Accepted Connections

Juniper RT_Flow Denied Connections

Juniper SSL VPN Web Cache Activity

Juniper SSL VPN Web Surfing Activity

Microsoft DHCP DHCP Denied Activity

Microsoft DHCP DHCP Granted/Renewed Activity

Microsoft DHCP DHCP Activity

Microsoft IAS Web Cache Activity

Microsoft IAS Web Surfing Activity

Microsoft IIS Web Cache Activity

Microsoft IIS Web Surfing Activity

Microsoft ISA Web Cache Activity

NetApp NetCache Web Cache Activity

Nortel Contivity Accepted Connections

Nortel Contivity Active VPN Connections





Nortel Contivity Application Distributions

Nortel Contivity Denied Connections

Nortel Contivity VPN Access

Nortel Contivity VPN Sessions

Nortel Contivity VPN Top Lists

Nortel Contivity Web Surfing Activity

Palo Alto Networks PANOS Accepted Connections

Palo Alto Networks PANOS Application Distributions

Palo Alto Networks PANOS Denied Connections

RADIUS Acct Client Active VPN Connections

RADIUS Acct Client VPN Access

RADIUS Acct Client VPN Sessions

RADIUS Acct Client VPN Top Lists

Sidewinder Accepted Connections

Sidewinder Denied Connections

Squid Web Cache Activity



Table 10 Log Source Report Mapping by Device Type – Operational


Active Directory All Unparsed Events

Active Directory Total Message Count

Apache WebServer All Unparsed Events

Apache WebServer Total Message Count



Blue Coat Proxy Syslog All Unparsed Events

Blue Coat Proxy Syslog Total Message Count

Blue Coat ProxySG All Unparsed Events

Blue Coat ProxySG Total Message Count

Blue Coat ProxySG All Unparsed Events

BMC Remedy ARS All Unparsed Events

BMC Remedy ARS Total Message Count

Check Point Interface All Unparsed Events

Check Point Interface Firewall Statistics

Check Point Interface Security Events

Check Point Interface System Events

Check Point Interface Total Message Count

Cisco ASA All Unparsed Events

Cisco ASA Firewall Statistics

Cisco ASA Security Events

Cisco ASA System Events

Cisco ASA Total Message Count

Cisco Content Engine All Unparsed Events

Cisco Content Engine Total Message Count

Cisco FWSM All Unparsed Events

Cisco FWSM Firewall Statistics

Cisco FWSM Security Events

Cisco FWSM System Events

Cisco FWSM Total Message Count





Cisco IPS All Unparsed Events

Cisco IPS Total Message Count

Cisco NetFlow All Unparsed Events

Cisco NetFlow Total Message Count

Cisco PIX All Unparsed Events

Cisco PIX Firewall Statistics

Cisco PIX Security Events

Cisco PIX System Events

Cisco PIX Total Message Count

Cisco Router All Unparsed Events

Cisco Router Firewall Statistics

Cisco Router Total Message Count

Cisco Secure ACS All Unparsed Events

Cisco Secure ACS Total Message Count

Cisco WSA All Unparsed Events

Cisco WSA Total Message Count

Cisco Switch All Unparsed Events

Cisco Switch Total Message Count

Cisco VPN 3000 All Unparsed Events

Cisco VPN 3000 Total Message Count

Cisco Win ACS All Unparsed Events

Cisco Win ACS Total Message Count

Decru Datafort All Unparsed Events

Decru Datafort Total Message Count





Fortinet FortiOS All Unparsed Events

Fortinet FortiOS Total Message Count

General Syslog All Unparsed Events

General Syslog Total Message Count

Generic W3C All Unparsed Events

Generic W3C Total Message Count

Guardium SQL Guard All Unparsed Events

Guardium SQL Guard Total Message Count

Guardium SQLGuard Audit All Unparsed Events

Guardium SQLGuard Audit Total Message Count

Guardium SQLGuard Audit All Unparsed Events

Guardium SQLGuard Audit Total Message Count

HP NonStop Audit All Unparsed Events

HP NonStop Audit Total Message Count

HP/UX All Unparsed Events

HP/UX Total Message Count

IBM DB2 All Unparsed Events

IBM DB2 Total Message Count

IBM i5/OS All Unparsed Events

IBM i5/OS Total Message Count

ISS RealSecure NIDS All Unparsed Events

ISS RealSecure NIDS Total Message Count

ISS SiteProtector All Unparsed Events

ISS SiteProtector Total Message Count





Juniper Firewall Firewall Statistics

Juniper Firewall Security Events

Juniper Firewall System Events

Juniper Firewall Total Message Count

Juniper IDP All Unparsed Events

Juniper IDP Total Message Count

Juniper RT_Flow All Unparsed Events

Juniper RT_Flow Firewall Statistics

Juniper RT_Flow Total Message Count

Juniper SSL VPN All Unparsed Events

Juniper SSL VPN Total Message Count

Juniper SSL VPN Secure Access All Unparsed Events

Juniper SSL VPN Secure Access Total Message Count

KondorPlus All Unparsed Events

KondorPlus Total Message Count

Linux All Unparsed Events

Linux Total Message Count

LogLogic Appliance All Unparsed Events

LogLogic Appliance Total Message Count

LogLogic Database Security Manager All Unparsed Events

LogLogic Database Security Manager Total Message Count

McAfee ePolicy Orchestrator All Unparsed Events

McAfee ePolicy Orchestrator Total Message Count

Microsoft DHCP All Unparsed Events





Microsoft DHCP Total Message Count

Microsoft Exchange 2000/03 All Unparsed Events

Microsoft Exchange 2000/03 Total Message Count

Microsoft Exchange 2007 Application logs All Unparsed Events

Microsoft Exchange 2007 Application logs Total Message Count

Microsoft Exchange 2007 Message Tracking All Unparsed Events

Microsoft Exchange 2007 Message Tracking Total Message Count

Microsoft Exchange 2007 Pop/Imap All Unparsed Events

Microsoft Exchange 2007 Pop/Imap Total Message Count

Microsoft Exchange 2007 SMTP Receive All Unparsed Events

Microsoft Exchange 2007 SMTP Receive Total Message Count

Microsoft Exchange 2007 SMTP Send All Unparsed Events

Microsoft Exchange 2007 SMTP Send Total Message Count

Microsoft IAS All Unparsed Events

Microsoft IAS Total Message Count

Microsoft IIS All Unparsed Events

Microsoft IIS Total Message Count

Microsoft ISA All Unparsed Events

Microsoft ISA Total Message Count

Microsoft Operation Manager All Unparsed Events

Microsoft Operation Manager Total Message Count

Microsoft SharePoint All Unparsed Events

Microsoft SharePoint Total Message Count

Microsoft SQL Server All Unparsed Events





Microsoft SQL Server Total Message Count

Microsoft SQL Server Application logs All Unparsed Events

Microsoft SQL Server Application logs Total Message Count

Microsoft SQL Server GDBC All Unparsed Events

Microsoft SQL Server GDBC Total Message Count

Microsoft Windows All Unparsed Events

Microsoft Windows Total Message Count

NetApp Filer All Unparsed Events

NetApp Filer Total Message Count

NetApp Filer Audit All Unparsed Events

NetApp Filer Audit Total Message Count

NetApp NetCache All Unparsed Events

NetApp NetCache Total Message Count

Nortel Contivity All Unparsed Events

Nortel Contivity System Events

Nortel Contivity Total Message Count

Novell eDirectory All Unparsed Events

Novell eDirectory Total Message Count

Oracle Database All Unparsed Events

Oracle Database Total Message Count

Oracle GDBC All Unparsed Events

Oracle GDBC Total Message Count

Other File Device All Unparsed Events

Other File Device Total Message Count





Other UNIX All Unparsed Events

Other UNIX Total Message Count

Palo Alto Networks PANOS All Unparsed Events

Palo Alto Networks PANOS Total Message Count

RADIUS Acct Client All Unparsed Events

RADIUS Acct Client Total Message Count

RSA ACE Server All Unparsed Events

RSA ACE Server Total Message Count

Sidewinder All Unparsed Events

Sidewinder Firewall Statistics

Sidewinder Total Message Count

Snort All Unparsed Events

Snort Total Message Count

Sourcefire All Unparsed Events

Sourcefire Total Message Count

Squid All Unparsed Events

Squid Total Message Count

Sun Solaris All Unparsed Events

Sun Solaris Total Message Count

Sun Solaris BSM All Unparsed Events

Sun Solaris BSM Total Message Count

Sybase ASE All Unparsed Events

Sybase ASE Total Message Count

Symantec AntiVirus All Unparsed Events





Symantec AntiVirus Total Message Count

TrendMicro Control Manager All Unparsed Events

TrendMicro Control Manager Total Message Count

TrendMicro OfficeScan All Unparsed Events

TrendMicro OfficeScan Total Message Count

Tripwire Management Station All Unparsed Events

Tripwire Management Station Total Message Count

VMWare ESX All Unparsed Events

VMWare ESX Total Message Count

VMWare vCenter All Unparsed Events

VMWare vCenter Total Message Count

z/OS RACF All Unparsed Events

z/OS RACF Total Message Count



Table 11 Log Source Report Mapping by Device Type – Policy Reports


Check Point Interface Rules/Policies

Juniper Firewall Rules/Policies

LogLogic Appliance Network Policies

Microsoft SharePoint ECM Policy

Nortel Contivity Rules/Policies



Table 12 Log Source Report Mapping by Device Type – Storage Systems Activity


NetApp Filer Filer Access

NetApp Filer Audit Filer Access

Table 13 Log Source Report Mapping by Device Type – Threat Management


Cisco ASA IDS/IPS Activity

Cisco FWSM IDS/IPS Activity

Cisco IPS IDS/IPS Activity

Cisco PIX IDS/IPS Activity

Fortinet FortiOS IDS/IPS Activity

Fortinet FortiOS Threat Activity

Guardium SQL Guard DB IPS Activity

Guardium SQLGuard Audit DB IPS Activity

ISS RealSecure NIDS IDS/IPS Activity

ISS SiteProtector IDS/IPS Activity

Juniper IDP IDS/IPS Activity

LogLogic Database Security Manager IDS/IPS Activity

McAfee ePolicy Orchestrator Configuration Activity

McAfee ePolicy Orchestrator HIPS Activity

McAfee ePolicy Orchestrator Scan Activity

McAfee ePolicy Orchestrator Threat Activity

Snort IDS/IPS Activity

Sourcefire IDS/IPS Activity



Symantec AntiVirus Configuration Activity

Symantec AntiVirus Scan Activity

Symantec AntiVirus Threat Activity

TrendMicro Control Manager Threat Activity

TrendMicro OfficeScan Threat Activity

Table 13 Log Source Report Mapping by Device Type – Threat Management



TIBCO LogLogic® Log Management Intelligence (LMI) · † LogLogic Online Help—Describes the...

Documents

Transcript of TIBCO LogLogic® Log Management Intelligence (LMI) · † LogLogic Online Help—Describes the...