Predefined elements for Sidewinder log reception
The .zip file contains several predefined elements for Sidewinder log reception.
A Logging Profile parses the data in a syslog message to the corresponding SMC log fields when the syslog entry is converted to an SMC log entry. The .zip file contains the Sidewinder v8 Logging Profile element. The Sidewinder v8 Logging Profile parses the following information from the header of the syslog packet:
- The date and time when the Sidewinder log was created
- The name of the Sidewinder firewall
- The auditing facility that generated the message
Field Resolvers convert values in incoming syslog fields to different values in SMC logs. The .zip file contains the following Field Resolver elements that are used in the Logging Profile:
- Sidewinder v8 Area Mappings
- Sidewinder v8 Event Mappings
- Sidewinder v8 Alert Type Mappings
- Sidewinder v8 URL Request Mappings
- Sidewinder v8 Facility Mappings
- Sidewinder v8 Type Mappings
Key-value pairs in the Logging Profile define how the Log Server parses each received syslog entry data. The Sidewinder v8 Logging Profile contains the following key-value pairs:
| Key | Field |
|---|---|
| hostname | Sender address |
| srcip | Src Addr |
| srcport | Src Port |
| dstip | Dst Addr |
| sdtport | Destination port |
| bytes_written_to_client | Bytes Rcvd |
| bytes_written_to_server | Bytes Sent |
| application | Application Detail |
| app_categories | Resource |
| protocol | IP Protocol |
| area | Sidewinder v8 Area Mappings |
| event | Sidewinder v8 Event Mappings |
| alert_type | Sidewinder v8 Alert Type Mappings |
| request_command | Sidewinder v8 URL Request Mappings |
| fac | Sidewinder v8 Facility Mappings |
| type | Sidewinder v8 Type Mappings |