TIBCO LogLogic® Log Management Intelligence
TIBCO LogLogic® Enterprise Virtual Appliance
Log Source Report Mapping Guide
Software Release 6.2.1 August 2018
Two-Second Advantage® 2
Important Information
SOME TIBCO SOFTWARE EMBEDS OR BUNDLES OTHER TIBCO SOFTWARE. USE OF SUCH EMBEDDED OR BUNDLED TIBCO SOFTWARE IS SOLELY TO ENABLE THE FUNCTIONALITY (OR PROVIDE LIMITED ADD-ON FUNCTIONALITY) OF THE LICENSED TIBCO SOFTWARE. THE EMBEDDED OR BUNDLED SOFTWARE IS NOT LICENSED TO BE USED OR ACCESSED BY ANY OTHER TIBCO SOFTWARE OR FOR ANY OTHER PURPOSE. USE OF TIBCO SOFTWARE AND THIS DOCUMENT IS SUBJECT TO THE TERMS AND CONDITIONS OF A LICENSE AGREEMENT FOUND IN EITHER A SEPARATELY EXECUTED SOFTWARE LICENSE AGREEMENT, OR, IF THERE IS NO SUCH SEPARATE AGREEMENT, THE CLICKWRAP END USER LICENSE AGREEMENT WHICH IS DISPLAYED DURING DOWNLOAD OR INSTALLATION OF THE SOFTWARE (AND WHICH IS DUPLICATED IN THE LICENSE FILE) OR IF THERE IS NO SUCH SOFTWARE LICENSE AGREEMENT OR CLICKWRAP END USER LICENSE AGREEMENT, THE LICENSE(S) LOCATED IN THE “LICENSE” FILE(S) OF THE SOFTWARE. USE OF THIS DOCUMENT IS SUBJECT TO THOSE TERMS AND CONDITIONS, AND YOUR USE HEREOF SHALL CONSTITUTE ACCEPTANCE OF AND AN AGREEMENT TO BE BOUND BY THE SAME. ANY SOFTWARE ITEM IDENTIFIED AS THIRD PARTY LIBRARY IS AVAILABLE UNDER SEPARATE SOFTWARE LICENSE TERMS AND IS NOT PART OF A TIBCO PRODUCT. AS SUCH, THESE SOFTWARE ITEMS ARE NOT COVERED BY THE TERMS OF YOUR AGREEMENT WITH TIBCO, INCLUDING ANY TERMS CONCERNING SUPPORT, MAINTENANCE, WARRANTIES, AND INDEMNITIES. DOWNLOAD AND USE THESE ITEMS IS SOLELY AT YOUR OWN DISCRETION AND SUBJECT TO THE LICENSE TERMS APPLICABLE TO THEM. BY PROCEEDING TO DOWNLOAD, INSTALL OR USE ANY OF THESE ITEMS, YOU ACKNOWLEDGE THE FOREGOING DISTINCTIONS BETWEEN THESE ITEMS AND TIBCO PRODUCTS. This document contains confidential information that is subject to U.S. and international copyright laws and treaties. No part of this document may be reproduced in any form without the written authorization of TIBCO Software Inc. TIBCO, the TIBCO logo, Two-Second Advantage, TIB, Information Bus, Rendezvous, and TIBCO Rendezvous are either registered trademarks or trademarks of TIBCO Software Inc. in the United States and/or other countries. All other product and company names and marks mentioned in this document are the property of their respective owners and are mentioned for identification purposes only. THIS SOFTWARE MAY BE AVAILABLE ON MULTIPLE OPERATING SYSTEMS. HOWEVER, NOT ALL OPERATING SYSTEM PLATFORMS FOR A SPECIFIC SOFTWARE VERSION ARE RELEASED AT THE SAME TIME. SEE THE README FILE FOR THE AVAILABILITY OF THIS SOFTWARE VERSION ON A SPECIFIC OPERATING SYSTEM PLATFORM. THIS DOCUMENT IS PROVIDED “AS IS” WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT. THIS DOCUMENT COULD INCLUDE TECHNICAL INACCURACIES OR TYPOGRAPHICAL ERRORS. CHANGES ARE PERIODICALLY ADDED TO THE INFORMATION HEREIN; THESE CHANGES WILL BE INCORPORATED IN NEW EDITIONS OF THIS DOCUMENT. TIBCO SOFTWARE INC. MAY MAKE IMPROVEMENTS AND/OR CHANGES IN THE PRODUCT(S) AND/OR THE PROGRAM(S) DESCRIBED IN THIS DOCUMENT AT ANY TIME. THE CONTENTS OF THIS DOCUMENT MAY BE MODIFIED AND/OR QUALIFIED, DIRECTLY OR INDIRECTLY, BY OTHER DOCUMENTATION WHICH ACCOMPANIES THIS SOFTWARE, INCLUDING BUT NOT LIMITED TO ANY RELEASE NOTES AND "READ ME" FILES. Copyright © 2002-2018 TIBCO Software Inc. All rights reserved.
TIBCO LogLogic® Log Management Intelligence Log Source Report Mapping Guide 3
Contents
TIBCO Documentation and Support Services ...... 4 Overview ...... 5 Log Source Report Mapping for Access Control ...... 6 Log Source Report Mapping for Database Activity ...... 15 Log Source Report Mapping for Enterprise Content Management ...... 16 Log Source Report Mapping for HP NonStop Audit ...... 17 Log Source Report Mapping for IBM i5/OS ...... 18 Log Source Report Mapping for IBM z/OS Activity ...... 19 Log Source Report Mapping for Mail Activity ...... 20 Log Source Report Mapping for Network Activity ...... 21 Log Source Report Mapping for Operational ...... 26 Log Source Report Mapping for Policy Reports ...... 36 Log Source Report Mapping for Storage Systems Activity ...... 37 Log Source Report Mapping for Threat Management ...... 38 Log Source Report Mapping for Flow Activity ...... 40
TIBCO LogLogic® Log Management Intelligence Log Source Report Mapping Guide 4
TIBCO Documentation and Support Services
How to Access TIBCO Documentation
Documentation for TIBCO products is available on the TIBCO Product Documentation website, mainly in HTML and PDF formats. The TIBCO Product Documentation website is updated frequently and is more current than any other documentation included with the product. To access the latest documentation, visit https:// docs.tibco.com.
Product-Specific Documentation
The following documents for this product can be found on the TIBCO Documentation site on the ® TIBCO LogLogic documentation page:
® ● TIBCO LogLogic Log Management Intelligence Release Notes ® ● TIBCO LogLogic Log Management Intelligence Administration Guide ® ● TIBCO LogLogic Log Management Intelligence Configuration and Upgrade Guide ® ● TIBCO LogLogic Log Management Intelligence Enterprise Virtual Appliance Quick Start Guide ® ● TIBCO LogLogic Log Management Intelligence Hardware Installation Guide ® ● TIBCO LogLogic Log Management Intelligence Log Source Report Mapping Guide ® ● TIBCO LogLogic Log Management Intelligence SSD Hardware Field Installation Guide ® ● TIBCO LogLogic Log Management Intelligence Syslog Alert Message Format Quick Reference Guide ® ● TIBCO LogLogic Log Management Intelligence User Guide ® ● TIBCO LogLogic Log Management Intelligence Web Services API Implementation Guide ® ● TIBCO LogLogic Log Management Intelligence XML Import/Export Entities Reference Guide
How to Contact TIBCO Support
You can contact TIBCO Support in the following ways:
● For an overview of TIBCO Support, visit http://www.tibco.com/services/support.
● For accessing the Support Knowledge Base and getting personalized content about products you are interested in, visit the TIBCO Support portal at https://support.tibco.com.
● For creating a Support case, you must have a valid maintenance or support contract with TIBCO. You also need a user name and password to log in to https://support.tibco.com. If you do not have a user name, you can request one by clicking Register on the website.
How to Join TIBCO Community
TIBCO Community is the official channel for TIBCO customers, partners, and employee subject matter experts to share and access their collective experience. TIBCO Community offers access to Q&A forums, product wikis, and best practices. It also offers access to extensions, adapters, solution accelerators, and tools that extend and enable customers to gain full value from TIBCO products. In addition, users can submit and vote on feature requests from within the TIBCO Ideas Portal. For a free registration, go to https://community.tibco.com.
TIBCO LogLogic® Log Management Intelligence Log Source Report Mapping Guide 5
Overview
This guide provides a set of tables listing the log source reports by device type, sorted by UI categories: ® ® For more information on TIBCO LogLogic Log Source Packages devices, see the TIBCO LogLogic Log Source Packages guide for that device. Log source reports are sorted by the following GUI categories:
● Access Control
● Database Activity
● Enterprise Content Management
● HP NonStop Audit
● IBM i5/OS Activity
● IBM z/OS Activity
● Mail Activity
● Network Activity
● Operational
● Policy Reports
● Storage Systems Activity
● Threat Management
● Flow Activity
TIBCO LogLogic® Log Management Intelligence Log Source Report Mapping Guide 6
Log Source Report Mapping for Access Control
Log Source Report Mapping by Device Type - Access Control
Device Type Log Source Reports
Active Directory Permission Modification
Active Directory User Access
Active Directory User Authentication
Active Directory User Created/Deleted
Active Directory User Last Activity
Active Directory Windows Events
BMC Remedy ARS User Access
BMC Remedy ARS User Authentication
BMC Remedy ARS User Last Activity
Check Point Interface User Access
Check Point Interface User Authentication
Check Point Interface User Created/Deleted
Check Point Interface User Last Activity
Cisco ASA User Access
Cisco ASA User Authentication
Cisco ASA User Created/Deleted
Cisco ASA User Last Activity
Cisco ESA User Access
Cisco ESA User Authentication
Cisco FWSM User Access
Cisco FWSM User Authentication
Cisco FWSM User Last Activity
Cisco IOS User Access
TIBCO LogLogic® Log Management Intelligence Log Source Report Mapping Guide 7
Device Type Log Source Reports
Cisco IOS User Authentication
Cisco IOS User Last Activity
Cisco ISE Permission Modification
Cisco ISE User Access
Cisco ISE User Authentication
Cisco ISE User Last Activity
Cisco NXOS Permission Modification
Cisco NXOS User Access
Cisco NXOS User Authentication
Cisco PIX User Access
Cisco PIX User Authentication
Cisco PIX User Last Activity
Cisco Secure ACS Permission Modification
Cisco Secure ACS User Access
Cisco Secure ACS User Authentication
Cisco Secure ACS User Created/Deleted
Cisco Secure ACS User Last Activity
Cisco VPN 3000 User Access
Cisco VPN 3000 User Authentication
Cisco VPN 3000 User Last Activity
Cisco Win ACS User Access
Cisco Win ACS User Authentication
Cisco Win ACS User Last Activity
Decru Datafort Permission Modification
Decru Datafort User Access
Decru Datafort User Authentication
TIBCO LogLogic® Log Management Intelligence Log Source Report Mapping Guide 8
Device Type Log Source Reports
Decru Datafort User Created/Deleted
Decru Datafort User Last Activity
F5 TMOS Permission Modification
F5 TMOS User Access
F5 TMOS User Authentication
F5 TMOS User Created/Deleted
F5 TMOS User Last Activity
HP/UX Permission Modification
HP/UX User Access
HP/UX User Authentication
HP/UX User Created/Deleted
HP/UX User Last Activity
HP-UX Audit Permission Modification
HP-UX Audit User Access
HP-UX Audit User Authentication
HP-UX Audit User Created/Deleted
HP-UX Audit User Last Activity
IBM AIX Permission Modification
IBM AIX User Access
IBM AIX User Authentication
IBM AIX User Created/Deleted
IBM AIX User Last Activity
IBM AIX Audit Permission Modification
IBM AIX Audit User Access
IBM AIX Audit User Authentication
IBM AIX Audit User Created/Deleted
TIBCO LogLogic® Log Management Intelligence Log Source Report Mapping Guide 9
Device Type Log Source Reports
IBM AIX Audit User Last Activity
IBM DB2 User Created/Deleted
Juniper Firewall User Access
Juniper Firewall User Authentication
Juniper Firewall User Last Activity
Juniper JunOS User Access
Juniper JunOS User Authentication
Juniper JunOS User Last Activity
Juniper SSL VPN User Access
Juniper SSL VPN User Authentication
Juniper SSL VPN User Last Activity
Juniper SSL VPN Secure Access User Access
Juniper SSL VPN Secure Access User Authentication
Juniper SSL VPN Secure Access User Last Activity
KondorPlus User Access
KondorPlus User Authentication
KondorPlus User Last Activity
Linux Permission Modification
Linux User Access
Linux User Authentication
Linux User Created/Deleted
Linux User Last Activity
LogLogic Appliance Permission Modification
LogLogic Appliance User Access
LogLogic Appliance User Authentication
LogLogic Appliance User Created/Deleted
TIBCO LogLogic® Log Management Intelligence Log Source Report Mapping Guide 10
Device Type Log Source Reports
LogLogic Appliance User Last Activity
Microsoft IAS User Access
Microsoft IAS User Authentication
Microsoft IAS User Last Activity
Microsoft MOM/SCOM Permission Modification
Microsoft MOM/SCOM User Access
Microsoft MOM/SCOM User Authentication
Microsoft MOM/SCOM User Created/Deleted
Microsoft MOM/SCOM User Last Activity
Microsoft MOM/SCOM Windows Events
Microsoft Windows Permission Modification
Microsoft Windows User Access
Microsoft Windows User Authentication
Microsoft Windows User Created/Deleted
Microsoft Windows User Last Activity
Microsoft Windows Windows Events
Microsoft Windows French Permission Modification
Microsoft Windows French User Access
Microsoft Windows French User Authentication
Microsoft Windows French User Created/Deleted
Microsoft Windows French User Last Activity
Microsoft Windows French Windows Events
Microsoft Windows German Permission Modification
Microsoft Windows German User Access
Microsoft Windows German User Authentication
Microsoft Windows German User Created/Deleted
TIBCO LogLogic® Log Management Intelligence Log Source Report Mapping Guide 11
Device Type Log Source Reports
Microsoft Windows German User Last Activity
Microsoft Windows German Windows Events
Microsoft Windows Japanese Permission Modification
Microsoft Windows Japanese User Access
Microsoft Windows Japanese User Authentication
Microsoft Windows Japanese User Created/Deleted
Microsoft Windows Japanese User Last Activity
Microsoft Windows Japanese Windows Events
NetApp Filer Permission Modification
NetApp Filer User Access
NetApp Filer User Authentication
NetApp Filer User Created/Deleted
NetApp Filer User Last Activity
NetApp Filer Audit User Access
NetApp Filer Audit User Authentication
NetApp Filer Audit User Created/Deleted
NetApp Filer Audit User Last Activity
Nortel Contivity User Access
Nortel Contivity User Authentication
Nortel Contivity User Last Activity
Novell eDirectory Permission Modification
Novell eDirectory User Access
Novell eDirectory User Authentication
Novell eDirectory User Last Activity
Other UNIX Permission Modification
Other UNIX User Access
TIBCO LogLogic® Log Management Intelligence Log Source Report Mapping Guide 12
Device Type Log Source Reports
Other UNIX User Authentication
Other UNIX User Created/Deleted
Other UNIX User Last Activity
RSA ACE Server User Access
RSA ACE Server User Authentication
RSA ACE Server User Last Activity
Sidewinder User Access
Sidewinder User Authentication
Sidewinder User Created/Deleted
Sidewinder User Last Activity
SiteMinder User Access
SiteMinder User Authentication
SiteMinder User Last Activity
Sun Solaris Permission Modification
Sun Solaris User Access
Sun Solaris User Authentication
Sun Solaris User Created/Deleted
Sun Solaris User Last Activity
Sun Solaris BSM Permission Modification
Sun Solaris BSM User Access
Sun Solaris BSM User Authentication
Sun Solaris BSM User Created/Deleted
Sun Solaris BSM User Last Activity
Symantec Endpoint Protection User Access
Symantec Endpoint Protection User Authentication
Symantec Endpoint Protection User Created/Deleted
TIBCO LogLogic® Log Management Intelligence Log Source Report Mapping Guide 13
Device Type Log Source Reports
Symantec Endpoint Protection User Last Activity
TIBCO ActiveMatrix Administrator Permission Modification
TIBCO ActiveMatrix Administrator User Created/Deleted
TIBCO ActiveMatrix Administrator User Access
TIBCO ActiveMatrix Administrator User Authentication
TIBCO ActiveMatrix Administrator User Last Activity
TIBCO Administrator Permission Modification
TIBCO Administrator User Created/Deleted
TIBCO Administrator User Access
TIBCO Administrator User Authentication
TIBCO Administrator User Last Activity
Tripwire Management Station User Access
VMware ESX Permission Modification
VMware ESX User Access
VMware ESX User Authentication
VMware ESX User Created/Deleted
VMware ESX User Last Activity
VMware Orchestrator User Access
VMware Orchestrator User Authentication
VMware Orchestrator User Last Activity
VMware vCenter Permission Modification
VMware vCenter User Created/Deleted
VMware vCenter User Access
VMware vCenter User Authentication
VMware vCenter User Last Activity
VMware vCloud Director User Access
TIBCO LogLogic® Log Management Intelligence Log Source Report Mapping Guide 14
Device Type Log Source Reports
VMware vCloud Director User Authentication
VMware vCloud Director User Created/Deleted
VMware vCloud Director User Last Activity
VMware vShield Edge User Access
VMware vShield Edge User Authentication
VMware vShield Edge User Last Activity
TIBCO LogLogic® Log Management Intelligence Log Source Report Mapping Guide 15
Log Source Report Mapping for Database Activity
Log Source Report Mapping by Device Type – Database Activity
Device Type Log Source Reports
IBM DB2 All Database Events
IBM DB2 Database Access
IBM DB2 Database Data Access
IBM DB2 Database Privilege Modifications
IBM DB2 Database System Modifications
Microsoft SQL Server All Database Events
Microsoft SQL Server Database Access
Microsoft SQL Server Database Data Access
Microsoft SQL Server Database Privilege Modifications
Microsoft SQL Server Database System Modifications
Oracle Database All Database Events
Oracle Database Database Access
Oracle Database Database Data Access
Oracle Database Database Privilege Modifications
Oracle Database Database System Modifications
Sybase ASE All Database Events
Sybase ASE Database Access
Sybase ASE Database Data Access
Sybase ASE Database Privilege Modifications
Sybase ASE Database System Modifications
TIBCO LogLogic® Log Management Intelligence Log Source Report Mapping Guide 16
Log Source Report Mapping for Enterprise Content Management
Log Source Report Mapping by Device Type – Enterprise Content Management
Device Type Log Source Reports
All ECM Activity
Cisco ASA Content Management
Cisco ASA ECM Activity
Fortinet FortiOS ECM Activity
Juniper SSL VPN Secure Access ECM Activity
Microsoft SharePoint Content Management
Microsoft SharePoint ECM Activity
Microsoft SharePoint Expiration and Disposition
Microsoft SharePoint Security Settings
Palo Alto Networks PANOS ECM Activity
Pulse Connect Secure ECM Activity
TIBCO LogLogic® Log Management Intelligence Log Source Report Mapping Guide 17
Log Source Report Mapping for HP NonStop Audit
Log Source Report Mapping by Device Type – HP NonStop Audit
Device Type Log Source Reports
HP NonStop Audit Configuration Changes
HP NonStop Audit Failed And Successful Logins
HP NonStop Audit HP NonStop Audit Activity
HP NonStop Audit Object Access
HP NonStop Audit Object Changes
HP NonStop Audit User Actions
TIBCO LogLogic® Log Management Intelligence Log Source Report Mapping Guide 18
Log Source Report Mapping for IBM i5/OS
Log Source Report Mapping by Device Type – IBM i5/OS
Device Type Log Source Reports
IBM i5/OS All Log Entry Types
IBM i5/OS System Object Access
IBM i5/OS User Access by Connection
IBM i5/OS User Action
IBM i5/OS User Jobs
TIBCO LogLogic® Log Management Intelligence Log Source Report Mapping Guide 19
Log Source Report Mapping for IBM z/OS Activity
Log Source Report Mapping by Device Type – IBM z/OS Activity
Device Type Log Source Reports
z/OS RACF Unix System Services
z/OS RACF Violation
z/OS RACF Login/Logout
z/OS RACF Resource Access
z/OS RACF Security Modifications
z/OS RACF System Access/Configuration
TIBCO LogLogic® Log Management Intelligence Log Source Report Mapping Guide 20
Log Source Report Mapping for Mail Activity
Log Source Report Mapping by Device Type – Mail Activity
Device Type Log Source Reports
Cisco ESA Server Activity
Microsoft Exchange 2000/03 Exchange 2000/03 Activity
Microsoft Exchange 2000/03 Exchange 2000/03 Delay
Microsoft Exchange 2000/03 Exchange 2000/03 Size
Microsoft Exchange 2000/03 Exchange 2000/03 SMTP
Microsoft Exchange 2007/10 Message Tracking Exchange 2007 Mail Size
Microsoft Exchange 2007/10 Message Tracking Exchange 2007 Activity
Microsoft Exchange 2007 Pop/Imap Server Activity
Microsoft Exchange 2007 SMTP Receive Server Activity
Microsoft Exchange 2007 SMTP Send Server Activity
TIBCO LogLogic® Log Management Intelligence Log Source Report Mapping Guide 21
Log Source Report Mapping for Network Activity
Log Source Report Mapping by Device Type – Network Activity
Device Type Log Source Reports
All Denied Connections
All NAT64 Activity
All VPN Sessions
Apache WebServer Web Cache Activity
Apache WebServer Web Surfing Activity
Blue Coat ProxySG Web Cache Activity
Blue Coat Syslog Web Cache Activity
Check Point Interface Accepted Connections
Check Point Interface Active VPN Connections
Check Point Interface Application Distribution
Check Point Interface Denied Connections
Check Point Interface FTP Connections
Check Point Interface VPN Access
Check Point Interface VPN Sessions
Check Point Interface VPN Top Lists
Check Point Interface Web Surfing Activity
Cisco ASA Accepted Connections
Cisco ASA Active FW Connections
Cisco ASA Active VPN Connections
Cisco ASA Application Distribution
Cisco ASA Denied Connections
Cisco ASA FTP Connections
Cisco ASA VPN Access
TIBCO LogLogic® Log Management Intelligence Log Source Report Mapping Guide 22
Device Type Log Source Reports
Cisco ASA VPN Sessions
Cisco ASA VPN Top Lists
Cisco ASA Web Surfing Activity
Cisco Content Engine Web Cache Activity
Cisco Content Engine Web Surfing Activity
Cisco FWSM Accepted Connections
Cisco FWSM Active FW Connections
Cisco FWSM Active VPN Connections
Cisco FWSM Application Distribution
Cisco FWSM Denied Connections
Cisco FWSM FTP Connections
Cisco FWSM VPN Access
Cisco FWSM VPN Sessions
Cisco FWSM VPN Top Lists
Cisco FWSM Web Surfing Activity
Cisco IOS Accepted Connections
Cisco IOS Denied Connections
Cisco NetFlow NAT64 Activity
Cisco NXOS Accepted Connections
Cisco NXOS Denied Connections
Cisco PIX Accepted Connections
Cisco PIX Active FW Connections
Cisco PIX Active VPN Connections
Cisco PIX Application Distribution
Cisco PIX Denied Connections
Cisco PIX FTP Connections
TIBCO LogLogic® Log Management Intelligence Log Source Report Mapping Guide 23
Device Type Log Source Reports
Cisco PIX VPN Access
Cisco PIX VPN Sessions
Cisco PIX VPN Top Lists
Cisco PIX Web Surfing Activity
Cisco Router Denied Connections
Cisco WSA Web Cache Activity
Cisco WSA Web Surfing Activity
Cisco VPN 3000 Active VPN Connections
Cisco VPN 3000 VPN Access
Cisco VPN 3000 VPN Sessions
Cisco VPN 3000 VPN Top Lists
F5 TMOS Accepted Connections
F5 TMOS Denied Connections
F5 TMOS Web Cache Activity
F5 TMOS Web Surfing Activity
Fortinet FortiOS Accepted Connections
Fortinet FortiOS Application Distribution
Fortinet FortiOS Denied Connections
Fortinet FortiOS Web Surfing Activity
Generic W3C Web Cache Activity
Generic W3C Web Surfing Activity
Juniper Firewall Accepted Connections
Juniper Firewall Application Distribution
Juniper Firewall Denied Connections
Juniper JunOS Accepted Connections
Juniper JunOS Application Distribution
TIBCO LogLogic® Log Management Intelligence Log Source Report Mapping Guide 24
Device Type Log Source Reports
Juniper JunOS Denied Connections
Juniper JunOS Web Cache Activity
Juniper RT_Flow Accepted Connections
Juniper RT_Flow Denied Connections
Juniper SSL VPN Web Cache Activity
Juniper SSL VPN Web Surfing Activity
Microsoft DHCP DHCP Denied Activity
Microsoft DHCP DHCP Granted/Renewed Activity
Microsoft DHCP DHCP Activity
Microsoft ISA Web Cache Activity
Microsoft IIS Web Cache Activity
Microsoft IIS Web Surfing Activity
NetApp NetCache Web Cache Activity
Nortel Contivity Accepted Connections
Nortel Contivity Active VPN Connections
Nortel Contivity Application Distribution
Nortel Contivity Denied Connections
Nortel Contivity VPN Access
Nortel Contivity VPN Sessions
Nortel Contivity VPN Top Lists
Nortel Contivity Web Surfing Activity
Palo Alto Networks PANOS Accepted Connections
Palo Alto Networks PANOS Application Distribution
Palo Alto Networks PANOS Denied Connections
Palo Alto Networks PANOS Web Surfing Activity
RADIUS Acct Client Active VPN Connections
TIBCO LogLogic® Log Management Intelligence Log Source Report Mapping Guide 25
Device Type Log Source Reports
RADIUS Acct Client VPN Access
RADIUS Acct Client VPN Sessions
RADIUS Acct Client VPN Top Lists
Sidewinder Accepted Connections
Sidewinder Denied Connections
Squid Web Cache Activity
Symantec Endpoint Protection Accepted Connections
Symantec Endpoint Protection Application Distribution
Symantec Endpoint Protection Denied Connections
VMware vShield Edge Accepted Connections
VMware vShield Edge Denied Connections
VMware vShield Edge DHCP Activity
VMware vShield Edge DHCP Granted/Renewed Activity
TIBCO LogLogic® Log Management Intelligence Log Source Report Mapping Guide 26
Log Source Report Mapping for Operational
Log Source Report Mapping by Device Type – Operational
Device Type Log Source Reports
All All Unparsed Events
Active Directory All Unparsed Events
Active Directory Total Message Count
Apache WebServer All Unparsed Events
Apache WebServer Total Message Count
Blue Coat Proxy Syslog All Unparsed Events
Blue Coat Proxy Syslog Total Message Count
Blue Coat ProxySG All Unparsed Events
Blue Coat ProxySG Total Message Count
BMC Remedy ARS All Unparsed Events
BMC Remedy ARS Total Message Count
Check Point Interface All Unparsed Events
Check Point Interface Firewall Statistics
Check Point Interface Security Events
Check Point Interface System Events
Check Point Interface Total Message Count
Check Point Inerface VPN Events
Cisco ASA All Unparsed Events
Cisco ASA Firewall Statistics
Cisco ASA Security Events
Cisco ASA System Events
Cisco ASA Total Message Count
Cisco ASA VPN Events
TIBCO LogLogic® Log Management Intelligence Log Source Report Mapping Guide 27
Device Type Log Source Reports
Cisco Content Engine All Unparsed Events
Cisco Content Engine Total Message Count
Cisco ESA All Unparsed Events
Cisco ESA Total Message Count
Cisco FWSM All Unparsed Events
Cisco FWSM Firewall Statistics
Cisco FWSM Security Events
Cisco FWSM System Events
Cisco FWSM Total Message Count
Cisco FWSM VPN Events
Cisco IOS All Unparsed Events
Cisco IOS Total Message Count
Cisco IPS All Unparsed Events
Cisco IPS Total Message Count
Cisco ISE All Unparsed Events
Cisco ISE Total Message Count
Cisco NetFlow All Unparsed Events
Cisco NetFlow Total Message Count
Cisco NXOS All Unparsed Events
Cisco NXOS Total Message Count
Cisco PIX All Unparsed Events
Cisco PIX Firewall Statistics
Cisco PIX Security Events
Cisco PIX System Events
Cisco PIX Total Message Count
Cisco PIX VPN Events
TIBCO LogLogic® Log Management Intelligence Log Source Report Mapping Guide 28
Device Type Log Source Reports
Cisco Router All Unparsed Events
Cisco Router Firewall Statistics
Cisco Router Total Message Count
Cisco Secure ACS All Unparsed Events
Cisco Secure ACS Total Message Count
Cisco WSA All Unparsed Events
Cisco WSA Total Message Count
Cisco Switch All Unparsed Events
Cisco Switch Total Message Count
Cisco VPN 3000 All Unparsed Events
Cisco VPN 3000 Total Message Count
Cisco VPN 3000 VPN Events
Cisco Win ACS All Unparsed Events
Cisco Win ACS Total Message Count
Decru Datafort All Unparsed Events
Decru Datafort Total Message Count
F5 TMOS Total Message Count
Fortinet FortiOS All Unparsed Events
Fortinet FortiOS Total Message Count
General Syslog All Unparsed Events
General Syslog Total Message Count
General TIBCO All Unparsed Events
General TIBCO Total Message Count
Generic W3C All Unparsed Events
Generic W3C Total Message Count
Guardium SQL Guard All Unparsed Events
TIBCO LogLogic® Log Management Intelligence Log Source Report Mapping Guide 29
Device Type Log Source Reports
Guardium SQL Guard Total Message Count
Guardium SQLGuard Audit All Unparsed Events
Guardium SQLGuard Audit Total Message Count
HP NonStop Audit All Unparsed Events
HP NonStop Audit Total Message Count
HP/UX All Unparsed Events
HP/UX Total Message Count
HP-UX Audit All Unparsed Events
HP-UX Audit Total Message Count
IBM AIX All Unparsed Events
IBM AIX Total Message Count
IBM AIX Audit All Unparsed Events
IBM AIX Audit Total Message Count
IBM DB2 All Unparsed Events
IBM DB2 Total Message Count
IBM i5/OS All Unparsed Events
IBM i5/OS Total Message Count
ISS RealSecure NIDS All Unparsed Events
ISS RealSecure NIDS Total Message Count
ISS SiteProtector All Unparsed Events
ISS SiteProtector Total Message Count
Juniper Firewall All Unparsed Events
Juniper Firewall Firewall Statistics
Juniper Firewall Security Events
Juniper Firewall System Events
Juniper Firewall Total Message Count
TIBCO LogLogic® Log Management Intelligence Log Source Report Mapping Guide 30
Device Type Log Source Reports
Juniper IDP All Unparsed Events
Juniper IDP Total Message Count
Juniper JunOS All Unparsed Events
Junpier JunOS Firewall Statistics
Juniper JunOS Total Message Count
Juniper RT_Flow All Unparsed Events
Juniper RT_Flow Firewall Statistics
Juniper RT_Flow Total Message Count
Juniper SSL VPN All Unparsed Events
Juniper SSL VPN Total Message Count
Juniper SSL VPN Secure Access All Unparsed Events
Juniper SSL VPN Secure Access Total Message Count
KondorPlus All Unparsed Events
KondorPlus Total Message Count
Linux All Unparsed Events
Linux Total Message Count
LogLogic Appliance All Unparsed Events
LogLogic Appliance Total Message Count
LogLogic Database Security Manager All Unparsed Events
LogLogic Database Security Manager Total Message Count
LogLogic Management Center All Unparsed Events
LogLogic Management Center Total Message Count
LogLogic Universal Collector All Unparsed Events
LogLogic Universal Collector Total Message Count
McAfee ePolicy Orchestrator All Unparsed Events
McAfee ePolicy Orchestrator Total Message Count
TIBCO LogLogic® Log Management Intelligence Log Source Report Mapping Guide 31
Device Type Log Source Reports
Microsoft DHCP All Unparsed Events
Microsoft DHCP Total Message Count
Microsoft DNS All Unparsed Events
Microsoft DNS Total Message Count
Microsoft Exchange 2000/03 All Unparsed Events
Microsoft Exchange 2000/03 Total Message Count
Microsoft Exchange 2007/10 Application logs All Unparsed Events
Microsoft Exchange 2007/10 Application logs Total Message Count
Microsoft Exchange 2007/10 Message Tracking All Unparsed Events
Microsoft Exchange 2007/10 Message Tracking Total Message Count
Microsoft Exchange 2007 Pop/Imap All Unparsed Events
Microsoft Exchange 2007 Pop/Imap Total Message Count
Microsoft Exchange 2007/10 SMTP Receive All Unparsed Events
Microsoft Exchange 2007/10 SMTP Receive Total Message Count
Microsoft Exchange 2007/10 SMTP Send All Unparsed Events
Microsoft Exchange 2007/10 SMTP Send Total Message Count
Microsoft IAS All Unparsed Events
Microsoft IAS Total Message Count
Microsoft IIS All Unparsed Events
Microsoft IIS Total Message Count
Microsoft ISA All Unparsed Events
Microsoft ISA Total Message Count
Microsoft MOM/SCOM All Unparsed Events
Microsoft MOM/SCOM Total Message Count
Microsoft SharePoint All Unparsed Events
Microsoft SharePoint Total Message Count
TIBCO LogLogic® Log Management Intelligence Log Source Report Mapping Guide 32
Device Type Log Source Reports
Microsoft SQL Server All Unparsed Events
Microsoft SQL Server Total Message Count
Microsoft SQL Server Application logs All Unparsed Events
Microsoft SQL Server Application logs Total Message Count
Microsoft SQL Server GDBC All Unparsed Events
Microsoft SQL Server GDBC Total Message Count
Microsoft Windows All Unparsed Events
Microsoft Windows Total Message Count
Microsoft Windows Chinese All Unparsed Events
Microsoft Windows Chinese Total Message Count
Microsoft Windows French All Unparsed Events
Microsoft Windows French Total Message Count
Microsoft Windows German All Unparsed Events
Microsoft Windows German Total Message Count
Microsoft Windows Japanese All Unparsed Events
Microsoft Windows Japanese Total Message Count
Microsoft Windows Korean All Unparsed Events
Microsoft Windows Korean Total Message Count
MySQL Server GDBC All Unparsed Events
MySQL Server GDBC Total Message Count
NetApp Filer All Unparsed Events
NetApp Filer Total Message Count
NetApp Filer Audit All Unparsed Events
NetApp Filer Audit Total Message Count
NetApp NetCache All Unparsed Events
NetApp NetCache Total Message Count
TIBCO LogLogic® Log Management Intelligence Log Source Report Mapping Guide 33
Device Type Log Source Reports
Nortel Contivity All Unparsed Events
Nortel Contivity System Events
Nortel Contivity Total Message Count
Nortel Contivity VPN Events
Novell eDirectory All Unparsed Events
Novell eDirectory Total Message Count
Oracle Database All Unparsed Events
Oracle Database Total Message Count
Oracle GDBC All Unparsed Events
Oracle GDBC Total Message Count
Other File Device All Unparsed Events
Other File Device Total Message Count
Other UNIX All Unparsed Events
Other UNIX Total Message Count
Palo Alto Networks PANOS All Unparsed Events
Palo Alto Networks PANOS Total Message Count
RADIUS Acct Client All Unparsed Events
RADIUS Acct Client Total Message Count
RADIUS Acct Client VPN Events
RSA ACE Server All Unparsed Events
RSA ACE Server Total Message Count
Sidewinder All Unparsed Events
Sidewinder Firewall Statistics
Sidewinder Total Message Count
SiteMinder All Unparsed Events
SiteMinder Total Message Count
TIBCO LogLogic® Log Management Intelligence Log Source Report Mapping Guide 34
Device Type Log Source Reports
SiteProtector All Unparsed Events
SiteProtector Total Message Count
Snort All Unparsed Events
Snort Total Message Count
Sourcefire All Unparsed Events
Sourcefire Total Message Count
Sourcefire Defense Center All Unparsed Events
Sourcefire Defense Center Total Message Count
Squid All Unparsed Events
Squid Total Message Count
Sun Solaris All Unparsed Events
Sun Solaris Total Message Count
Sun Solaris BSM All Unparsed Events
Sun Solaris BSM Total Message Count
Sybase ASE All Unparsed Events
Sybase ASE Total Message Count
Symantec AntiVirus All Unparsed Events
Symantec AntiVirus Total Message Count
Symantec Endpoint Protection All Unparsed Events
Symantec Endpoint Protection Total Message Count
TIBCO ActiveMatrix Administrator All Unparsed Events
TIBCO ActiveMatrix Administrator Total Message Count
TIBCO Administrator All Unparsed Events
TIBCO Administrator Total Message Count
TIBCO Business Works All Unparsed Events
TIBCO Business Works Total Message Count
TIBCO LogLogic® Log Management Intelligence Log Source Report Mapping Guide 35
Device Type Log Source Reports
TIBCO EMSC All Unparsed Events
TIBCO EMSC Total Message Count
TIBCO Hawk Agent All Unparsed Events
TIBCO Hawk Agent Total Message Count
TrendMicro Control Manager All Unparsed Events
TrendMicro Control Manager Total Message Count
TrendMicro OfficeScan All Unparsed Events
TrendMicro OfficeScan Total Message Count
Tripwire Management Station All Unparsed Events
Tripwire Management Station Total Message Count
VMware ESX All Unparsed Events
VMware ESX Total Message Count
VMware Orchestrator All Unparsed Events
VMware Orchestrator Total Message Count
VMware vCenter Total Message Count
VMware vCenter All Unparsed Events
VMware vCloud Director Total Message Count
VMware vShield Total Message Count z/OS RACF All Unparsed Events z/OS RACF Total Message Count
TIBCO LogLogic® Log Management Intelligence Log Source Report Mapping Guide 36
Log Source Report Mapping for Policy Reports
Log Source Report Mapping by Device Type – Policy Reports
Device Type Log Source Reports
Check Point Interface Rules/Policies
Juniper Firewall Rules/Policies
® TIBCO LogLogic Appliance Network Policies
Microsoft SharePoint ECM Policy
Nortel Contivity Rules/Policies
TIBCO LogLogic® Log Management Intelligence Log Source Report Mapping Guide 37
Log Source Report Mapping for Storage Systems Activity
Log Source Report Mapping by Device Type – Storage Systems Activity
Device Type Log Source Reports
NetApp Filer Filer Access
NetApp Filer Audit Filer Access
TIBCO LogLogic® Log Management Intelligence Log Source Report Mapping Guide 38
Log Source Report Mapping for Threat Management
Log Source Report Mapping by Device Type – Threat Management
Device Type Log Source Reports
All IDS/IPS Activity
All HIPS Activity
Cisco ASA IDS/IPS Activity
Cisco ASA Security Summary
Cisco ESA Threat Activity
Cisco ESA Configuration Activity
Cisco ESA Scan Activity
Cisco ESA Security Summary
Cisco FWSM IDS/IPS Activity
Cisco IOS IDS/IPS Activity
Cisco IPS Security Summary
Cisco ISE Secuirty Summary
Cisco NXOS Security Summary
Cisco NXOS2 Security Summary
Cisco IPS IDS/IPS Activity
Cisco PIX IDS/IPS Activity
Cisco Secure ACS Security Summary
Cisco WSA Security Summary
F5 TMOS Security Summary
Fortinet FortiOS IDS/IPS Activity
Fortinet FortiOS Threat Activity
Guardium SQL Guard DB IPS Activity
Guardium SQLGuard Audit DB IPS Activity
TIBCO LogLogic® Log Management Intelligence Log Source Report Mapping Guide 39
Device Type Log Source Reports
ISS RealSecure NIDS IDS/IPS Activity
ISS SiteProtector IDS/IPS Activity
Juniper IDP IDS/IPS Activity
Juniper JunOS IDS/IPS Activity
Juniper JunOS Security Summary
McAfee ePolicy Orchestrator Configuration Activity
McAfee ePolicy Orchestrator HIPS Activity
McAfee ePolicy Orchestrator Scan Activity
McAfee ePolicy Orchestrator Threat Activity
Palo Alto Networks PANOS IDS/IPS Activity
Palo Alto Networks PANO Threat Activity
SiteProtector IDS/IPS Activity
Snort IDS/IPS Activity
Sourcefire IDS/IPS Activity
Sourcefire Defense Center IDS/IPS Activity
Symantec AntiVirus Configuration Activity
Symantec AntiVirus Scan Activity
Symantec AntiVirus Threat Activity
Symantec Endpoint Protection Threat Activity
Symantec Endpoint Protect Configuration Activity
Symantec Endpoint Protection HIPS Activity
Symantect Endpoint Protection Scan Activity
Symantect Endpoint Protection Security Summary
TrendMicro Control Manager Threat Activity
TrendMicro OfficeScan Threat Activity
TIBCO LogLogic® Log Management Intelligence Log Source Report Mapping Guide 40
Log Source Report Mapping for Flow Activity
Log Source Report Mapping by Device Type – Flow Activity
Device Type Log Source Reports
All Application Usage
All User Browsing Statics
All Top Users
Cisco NetFlow Application Usage
Cisco NetFlow User Browsing Static
Cisco NetFlow Top Users
TIBCO LogLogic® Log Management Intelligence Log Source Report Mapping Guide