|
|
TIPPINGPOINT Syslog Events Record Format
Column | Definition | Description |
1 | Defined Syslog facility, and Action Type : | [YEAR]-[MONTH]-[DAY] [HOUR]:[MIN]:[SES] [TP or SMS Device IP] [ACTION] |
2 | Severity : | [SEVERITY] |
3 | Policy UUID | === |
4 | Signature UUID | === |
5 | Signature Friendly Name | [SIG] |
6 | Signature Number | |
7 | Signature Protocol, IP, UDP, TCP, HTTP, and so on | [PROTO] |
8 | Source Address | [SADDR] |
9 | Source Port | [SPORT] |
10 | Destination Address | [DADDR] |
11 | Destination Port | [DPORT] |
12 | Hit Count | === |
13 | Device Slot, must be 3,5,7 or 8 | [ETHER] |
14 | Device Segment | [ETHER] |
15 | Device Friendly Name of the device event was received | [HOST] |
16 | Category ID assigned to Signature | === |
17 | Event timestamp in milliseconds | === |
| TIPPINGPOIINT Syslog Events Record Example |
Log 1: 2010-12-20 10:36:42 Local0.Notice 7,1,00000002-0002-0002-0002-000000000164,00000001-0001-0001-0001-000000000164,0164: ICMP: Echo Request (Ping),164,icmp,AAA.BBB.CCC.DDD,0,AAA.BBB.CCC.DDD,0,10,3,2,HOST_TippingPoint,84151549,1269132481073,4
Log 2: 2010-12-20 10:36:42 Local0.Notice 7,1,00000002-0002-0002-0002-000000001221,00000001-0001-0001-0001-000000001221,1221: SNMP: 'public' Access,1221,snmp,AAA.BBB.CCC.DDD,35473,AAA.BBB.CCC.DDD,161,1,3,2,HOST_TippingPoint,67446269,1269132481073,5
Log 3: 2010-12-20 10:36:42 Local0.Notice 7,1,00000002-0002-0002-0002-000000006899,00000001-0001-0001-0001-000000006899,6899: SSL: Certificate Using MD5 With RSA,6899,tcp,AAA.BBB.CCC.DDD,443,AAA.BBB.CCC.DDD,57653,1,3,2,HOST_TippingPoint,67447037,1269132527095,8
Log 4: 2010-12-20 10:36:42 Local0.Notice 7,1,00000002-0002-0002-0002-000000006924,00000001-0001-0001-0001-000000006924,6924: DNS: NXDOMAIN Response,6924,udp,AAA.BBB.CCC.DDD,1117,AAA.BBB.CCC.DDD,53,1,3,2,HOST_TippingPoint,67438588,1269132614060,24
Log 5: 2010-12-20 10:36:43 Local0.Warning 7,2,d1cc4780-0206-11e0-40f5-0329cfa0e502,00000001-0001-0001-0001-000000000819,0819: HTTP: admin.pl Access,819,http,AAA.BBB.CCC.DDD,53408,AAA.BBB.CCC.DDD,80,1,3,1,HOST_TippingPoint,84085757,1291910083056,18456
Log 6: 2010-12-20 10:36:43 Local0.Notice 7,1,d1cdce24-0206-11e0-40f5-0329cfa0e502,00000001-0001-0001-0001-000000004691,4691: HTTP: Adobe Macromedia Flash Download,4691,tcp,AAA.BBB.CCC.DDD,80,AAA.BBB.CCC.DDD,49393,6,3,1,HOST_TippingPoint,67308289,1291910096028,18457
Log 7: 2010-12-20 10:36:43 Local0.Notice 7,1,d1cf7bf5-0206-11e0-40f5-0329cfa0e502,00000001-0001-0001-0001-000000008061,8061: HTTP: HTTP Proxy Connect Attempt,8061,http,AAA.BBB.CCC.DDD,51365,AAA.BBB.CCC.DDD,8080,18,3,1,HOST_TippingPoint,67439612,1291910118000,18459
Log 8: 2010-12-20 10:36:43 Local0.Error 8,3,00000002-0002-0002-0002-000000001328,00000001-0001-0001-0001-000000001328,1328: HTTP: viewcode.jse Exploit,1328,http,AAA.BBB.CCC.DDD,17104,AAA.BBB.CCC.DDD,80,1,3,1,HOST_TippingPoint,17107965,1291996675019,19737
Log 9: 2010-12-20 16:37:27 Local0.Warning 8,2,00000002-0002-0002-0002-000000001079,00000001-0001-0001-0001-000000001079,1079: HTTP: IIS .htw Exploit,1079,http,AAA.BBB.CCC.DDD,23537,AAA.BBB.CCC.DDD,80,3,3,1,HOST_TippingPoint,17107787,1292859421033,25434
Log 10: 2010-12-20 16:39:29 Local0.Notice 7,1,d1cc6eb7-0206-11e0-40f5-0329cfa0e502,00000001-0001-0001-0001-000000001064,1064: HTTP: IIS msadcs.dll Access,1064,http,AAA.BBB.CCC.DDD,23641,AAA.BBB.CCC.DDD,80,1,3,1,HOST_TippingPoint,84085579,1292859450053,25435
|
|
| |
|