TIBCO LogLogic® Log Management Intelligence (LMI) Log Source Report Mapping Guide
Software Release 6.1.1 July 2017
Two-Second Advantage® Important Information SOME TIBCO SOFTWARE EMBEDS OR BUNDLES OTHER TIBCO SOFTWARE. USE OF SUCH EMBEDDED OR BUNDLED TIBCO SOFTWARE IS SOLELY TO ENABLE THE FUNCTIONALITY (OR PROVIDE LIMITED ADD-ON FUNCTIONALITY) OF THE LICENSED TIBCO SOFTWARE. THE EMBEDDED OR BUNDLED SOFTWARE IS NOT LICENSED TO BE USED OR ACCESSED BY ANY OTHER TIBCO SOFTWARE OR FOR ANY OTHER PURPOSE. USE OF TIBCO SOFTWARE AND THIS DOCUMENT IS SUBJECT TO THE TERMS AND CONDITIONS OF A LICENSE AGREEMENT FOUND IN EITHER A SEPARATELY EXECUTED SOFTWARE LICENSE AGREEMENT, OR, IF THERE IS NO SUCH SEPARATE AGREEMENT, THE CLICKWRAP END USER LICENSE AGREEMENT WHICH IS DISPLAYED DURING DOWNLOAD OR INSTALLATION OF THE SOFTWARE (AND WHICH IS DUPLICATED IN THE LICENSE FILE) OR IF THERE IS NO SUCH SOFTWARE LICENSE AGREEMENT OR CLICKWRAP END USER LICENSE AGREEMENT, THE LICENSE(S) LOCATED IN THE “LICENSE” FILE(S) OF THE SOFTWARE. USE OF THIS DOCUMENT IS SUBJECT TO THOSE TERMS AND CONDITIONS, AND YOUR USE HEREOF SHALL CONSTITUTE ACCEPTANCE OF AND AN AGREEMENT TO BE BOUND BY THE SAME. This document contains confidential information that is subject to U.S. and international copyright laws and treaties. No part of this document may be reproduced in any form without the written authorization of TIBCO Software Inc. TIBCO, Two-Second Advantage, and LogLogic are either registered trademarks or trademarks of TIBCO Software Inc. in the United States and/or other countries. All other product and company names and marks mentioned in this document are the property of their respective owners and are mentioned for identification purposes only. THIS SOFTWARE MAY BE AVAILABLE ON MULTIPLE OPERATING SYSTEMS. HOWEVER, NOT ALL OPERATING SYSTEM PLATFORMS FOR A SPECIFIC SOFTWARE VERSION ARE RELEASED AT THE SAME TIME. SEE THE README FILE FOR THE AVAILABILITY OF THIS SOFTWARE VERSION ON A SPECIFIC OPERATING SYSTEM PLATFORM. THIS DOCUMENT IS PROVIDED “AS IS” WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT. THIS DOCUMENT COULD INCLUDE TECHNICAL INACCURACIES OR TYPOGRAPHICAL ERRORS. CHANGES ARE PERIODICALLY ADDED TO THE INFORMATION HEREIN; THESE CHANGES WILL BE INCORPORATED IN NEW EDITIONS OF THIS DOCUMENT. TIBCO SOFTWARE INC. MAY MAKE IMPROVEMENTS AND/OR CHANGES IN THE PRODUCT(S) AND/OR THE PROGRAM(S) DESCRIBED IN THIS DOCUMENT AT ANY TIME. THE CONTENTS OF THIS DOCUMENT MAY BE MODIFIED AND/OR QUALIFIED, DIRECTLY OR INDIRECTLY, BY OTHER DOCUMENTATION WHICH ACCOMPANIES THIS SOFTWARE, INCLUDING BUT NOT LIMITED TO ANY RELEASE NOTES AND "READ ME" FILES. Copyright © 2002-2017 TIBCO Software Inc. All rights reserved. TIBCO Software Inc. Confidential Information | iii Contents
Preface ...... v Related Documents ...... vi Typographical Conventions ...... viii Connecting with TIBCO Resources ...... x How to Join TIBCO Community ...... x How to Access TIBCO Documentation...... x How to Contact TIBCO Support ...... x
Chapter 1 Introduction...... 1 TIBCO LogLogic® Log Source Report Mapping ...... 2
TIBCO LogLogic® Log Management Intelligence (LMI) Log Source Report Mapping Guide iv | Contents
TIBCO LogLogic® Log Management Intelligence (LMI) Log Source Report Mapping Guide | v Preface
TIBCO LogLogic® appliances let you capture and manage log data from all types of log sources in your enterprise. This guide provides a set of tables listing Log Source Reports by Device Type, sorted by UI Category. For more information on creating reports and alerts, see the TIBCO LogLogic® TIBCO LogLogic® Log Management Intelligence (LMI) User Guide.
Topics
• Related Documents, page vi • Typographical Conventions, page viii • Connecting with TIBCO Resources, page x
TIBCO LogLogic® Log Management Intelligence (LMI) Log Source Report Mapping Guide vi | Related Documents
Related Documents
The TIBCO LogLogic® documentation is available on the TIBCO LogLogic® documentation page. The following documents contain information about the LogLogic appliances: • TIBCO LogLogic® Log Management Intelligence (LMI) Release Notes — Provides information specific to the release including product information, new features and functionality, resolved issues, and known issues. Check the TIBCO Product Support site for notifications and product information that was not available at release time. • TIBCO LogLogic® Log Management Intelligence (LMI) Hardware Installation Guide — Describes how to get started with your LogLogic Appliance. In addition, the guide includes details about the Appliance hardware for all models. • TIBCO LogLogic® Log Management Intelligence (LMI) Configuration and Upgrade Guide — Describes how to install and upgrade the LogLogic Appliance software. • TIBCO LogLogic® Log Management Intelligence (LMI) User Guide — Describes how to use the LogLogic solution, viewing dashboard, managing reports, managing alerts, and performing searches. • TIBCO LogLogic® Log Management Intelligence (LMI) Administration Guide — Describes how to administer the LogLogic solution including all Management and Administration menu options. • TIBCO LogLogic® Log Source Packages Configuration Guides — Describe how to support log data from various log sources. There is a separate manual for each supported log source. These documents include documentation on LogLogic Collectors as well as documentation on how to configure log sources to work with the LogLogic solution. • TIBCO LogLogic® Log Source Packages Collector Guides — Describe how to implement support for using a LogLogic Collector for specific log sources such as IBM i5/OS and ISS Site Protector. • TIBCO LogLogic® Log Management Intelligence (LMI) Web Services API Implementation Guide — Describes how to implement the LogLogic Web Services APIs to manage reports, manage alerts, perform searches, and administrate the system. • TIBCO LogLogic® Log Management Intelligence (LMI) Syslog Alert Message Format Quick Reference Guide — Describes the LogLogic Syslog alert message format.
TIBCO LogLogic® Log Management Intelligence (LMI) Log Source Report Mapping Guide Preface | vii
•TIBCO LogLogic® Log Management Intelligence (LMI) Enterprise Virtual Appliance Quick Start Guide— Provides instructions on how to quickly set up the TIBCO Enterprise Virtual Appliance. • TIBCO LogLogic® Log Management Intelligence (LMI) Log Source Report Mapping Guide — Provides a set of tables listing Log Source Reports by Device Type, sorted by UI Category. • TIBCO LogLogic® Log Management Intelligence (LMI) XML Import/Export Entities Reference Guide—Describes how to manually import, export, and edit XML files into and from the appliance when not using the appliance UI.
TIBCO LogLogic® Log Management Intelligence (LMI) Log Source Report Mapping Guide viii | Typographical Conventions
Typographical Conventions
The following typographical conventions are used in this manual.
Table 1 General Typographical Conventions Convention Use
ENV_NAME TIBCO products are installed into an installation environment. A product installed into an installation environment does not access components in other TIBCO_HOME installation environments. Incompatible products and multiple instances of the
code font Code font identifies commands, code examples, filenames, pathnames, and output displayed in a command window. For example:
Use MyCommand to start the foo process.
bold code font Bold code font is used in the following ways:
• In procedures, to indicate what a user types. For example: Type admin. • In large code samples, to indicate the parts of the sample that are of particular interest. • In command syntax, to indicate the default parameter for a command. For example, if no parameter is specified, MyCommand is enabled: MyCommand [enable | disable]
TIBCO LogLogic® Log Management Intelligence (LMI) Log Source Report Mapping Guide Preface | ix
Table 1 General Typographical Conventions (Cont’d) Convention Use
italic font Italic font is used in the following ways: • To indicate a document title. For example: See TIBCO ActiveMatrix BusinessWorks Concepts. • To introduce new terms For example: A portal page may contain several portlets. Portlets are mini-applications that run in a portal. • To indicate a variable in a command or code syntax that you must replace. For example: MyCommand PathName
Key Key name separated by a plus sign indicate keys pressed simultaneously. For combinations example: Ctrl+C. Key names separated by a comma and space indicate keys pressed one after the other. For example: Esc, Ctrl+Q.
The note icon indicates information that is of special interest or importance, for example, an additional action required only in certain circumstances.
The tip icon indicates an idea that could be useful, for example, a way to apply the information provided in the current section to achieve a specific result.
The warning icon indicates the potential for a damaging situation, for example, data loss or corruption if certain steps are taken or not taken.
TIBCO LogLogic® Log Management Intelligence (LMI) Log Source Report Mapping Guide x | Connecting with TIBCO Resources
Connecting with TIBCO Resources
How to Join TIBCO Community TIBCO Community is an online destination for TIBCO customers, partners, and resident experts. It is a place to share and access the collective experience of the TIBCO Community. TIBCO Community offers forums, blogs, and access to a variety of resources. To register, go to the following web address: https://community.tibco.com
How to Access TIBCO Documentation The latest documentation for all TIBCO products is available on the TIBCO Documentation site (https://docs.tibco.com), which is updated more frequently than any documentation that might be included with the product. Documentation for TIBCO LogLogic® products is available on the TIBCO LogLogic documentation page.
How to Contact TIBCO Support For comments or problems with this manual or the software it addresses, contact TIBCO Support as follows: • For an overview of TIBCO Support, and information about getting started with TIBCO Support, visit this site: http://www.tibco.com/services/support • If you already have a valid maintenance or support contract, visit this site: https://support.tibco.com Entry to this site requires a user name and password. If you do not have a user name, you can request one.
TIBCO LogLogic® Log Management Intelligence (LMI) Log Source Report Mapping Guide | 1
Chapter 1 Introduction
This guide provides a set of tables listing Log Source Reports by Device Type, sorted by the following UI Categories: Access Control, Database Activity, Enterprise Content Management, HP NonStop Audit, IBM i5/OS Activity, IBM z/OS Activity, Mail Activity, Network Activity, Operational, Policy Reports, Storage Systems Activity, Threat Management and Flow Activity. For more information on Log Source Package (LSP) devices please see the TIBCO LogLogic® Log Source Packages Guide for that device.
Topics
• TIBCO LogLogic® Log Source Report Mapping, page 2
TIBCO LogLogic® Log Management Intelligence (LMI) Log Source Report Mapping Guide 2 | Chapter 1 Introduction
TIBCO LogLogic® Log Source Report Mapping
Table 2 Log Source Report Mapping by Device Type - Access Control Device Type Log Source Reports Active Directory Permission Modification
Active Directory User Access
Active Directory User Created/Deleted
Active Directory User Last Activity
Active Directory Windows Events
BMC Remedy ARS User Access
BMC Remedy ARS User Authentication
BMC Remedy ARS User Last Activity
Check Point Interface User Access
Check Point Interface User Authentication
Check Point Interface User Created/Deleted
Check Point Interface User Last Activity
Cisco ASA User Access
Cisco ASA User Authentication
Cisco ASA User Last Activity
Cisco ESA User Access
Cisco ESA User Authentication
Cisco FWSM User Access
Cisco FWSM User Authentication
Cisco FWSM User Last Activity
Cisco IOS User Access
Cisco IOS User Authentication
TIBCO LogLogic® Log Management Intelligence (LMI) Log Source Report Mapping Guide TIBCO LogLogic® Log Source Report Mapping | 3
Table 2 Log Source Report Mapping by Device Type - Access Control (Cont’d) Device Type Log Source Reports Cisco IOS User Last Activity
Cisco ISE Permission Modification
Cisco ISE User Access
Cisco ISE User Authentication
Cisco ISE User Last Activity
Cisco NXOS Permission Modification
Cisco NXOS User Access
Cisco NXOS User Authentication
Cisco PIX User Access
Cisco PIX User Authentication
Cisco PIX User Last Activity
Cisco Secure ACS User Access
Cisco Secure ACS User Authentication
Cisco Secure ACS User Created/Deleted
Cisco Secure ACS User Last Activity
Cisco VPN 3000 User Access
Cisco VPN 3000 User Authentication
Cisco VPN 3000 User Last Activity
Cisco Win ACS User Access
Cisco Win ACS User Authentication
Cisco Win ACS User Last Activity
Decru Datafort Permission Modification
Decru Datafort User Access
Decru Datafort User Authentication
TIBCO LogLogic® Log Management Intelligence (LMI) Log Source Report Mapping Guide 4 | Chapter 1 Introduction
Table 2 Log Source Report Mapping by Device Type - Access Control (Cont’d) Device Type Log Source Reports Decru Datafort User Created/Deleted
Decru Datafort User Last Activity
F5 TMOS Permission Modification
F5 TMOS User Access
F5 TMOS User Authentication
F5 TMOS User Created/Deleted
F5 TMOS User Last Activity
HP/UX Permission Modification
HP/UX User Access
HP/UX User Authentication
HP/UX User Created/Deleted
HP/UX User Last Activity
HP-UX Audit Permission Modification
HP-UX Audit User Access
HP-UX Audit User Authentication
HP-UX Audit User Created/Deleted
HP-UX Audit User Last Activity
IBM AIX Permission Modification
IBM AIX User Access
IBM AIX User Authentication
IBM AIX User Created/Deleted
IBM AIX User Last Activity
IBM AIX Audit Permission Modification
IBM AIX Audit User Access
TIBCO LogLogic® Log Management Intelligence (LMI) Log Source Report Mapping Guide TIBCO LogLogic® Log Source Report Mapping | 5
Table 2 Log Source Report Mapping by Device Type - Access Control (Cont’d) Device Type Log Source Reports IBM AIX Audit User Authentication
IBM AIX Audit User Created/Deleted
IBM AIX Audit User Last Activity
IBM DB2 User Created/Deleted
Juniper Firewall User Access
Juniper Firewall User Authentication
Juniper Firewall User Last Activity
Juniper JunOS User Access
Juniper JunOS User Authentication
Juniper JunOS User Last Activity
Juniper SSL VPN User Access
Juniper SSL VPN User Authentication
Juniper SSL VPN User Last Activity
Juniper SSL VPN Secure Access User Access
Juniper SSL VPN Secure Access User Authentication
Juniper SSL VPN Secure Access User Last Activity
KondorPlus User Access
KondorPlus User Authentication
KondorPlus User Last Activity
Linux Permission Modification
Linux User Access
Linux User Authentication
Linux User Created/Deleted
Linux User Last Activity
TIBCO LogLogic® Log Management Intelligence (LMI) Log Source Report Mapping Guide 6 | Chapter 1 Introduction
Table 2 Log Source Report Mapping by Device Type - Access Control (Cont’d) Device Type Log Source Reports LogLogic Appliance Permission Modification
LogLogic Appliance User Access
LogLogic Appliance User Authentication
LogLogic Appliance User Created/Deleted
LogLogic Appliance User Last Activity
Microsoft IAS User Access
Microsoft IAS User Authentication
Microsoft IAS User Last Activity
Microsoft MOM/SCOM Permission Modification
Microsoft MOM/SCOM User Access
Microsoft MOM/SCOM User Authentication
Microsoft MOM/SCOM User Created/Deleted
Microsoft MOM/SCOM User Last Activity
Microsoft MOM/SCOM Windows Events
Microsoft Windows Permission Modification
Microsoft Windows User Access
Microsoft Windows User Authentication
Microsoft Windows User Created/Deleted
Microsoft Windows User Last Activity
Microsoft Windows Windows Events
Microsoft Windows French Permission Modification
Microsoft Windows French User Access
Microsoft Windows French User Authentication
Microsoft Windows French User Created/Deleted
TIBCO LogLogic® Log Management Intelligence (LMI) Log Source Report Mapping Guide TIBCO LogLogic® Log Source Report Mapping | 7
Table 2 Log Source Report Mapping by Device Type - Access Control (Cont’d) Device Type Log Source Reports Microsoft Windows French User Last Activity
Microsoft Windows French Windows Events
Microsoft Windows German Permission Modification
Microsoft Windows German User Access
Microsoft Windows German User Authentication
Microsoft Windows German User Created/Deleted
Microsoft Windows German User Last Activity
Microsoft Windows German Windows Events
Microsoft Windows Japanese Permission Modification
Microsoft Windows Japanese User Access
Microsoft Windows Japanese User Authentication
Microsoft Windows Japanese User Created/Deleted
Microsoft Windows Japanese User Last Activity
Microsoft Windows Japanese Windows Events
NetApp Filer User Access
NetApp Filer User Authentication
NetApp Filer User Created/Deleted
NetApp Filer User Last Activity
NetApp Filer Audit User Access
NetApp Filer Audit User Authentication
NetApp Filer Audit User Created/Deleted
NetApp Filer Audit User Last Activity
Nortel Contivity User Access
Nortel Contivity User Authentication
TIBCO LogLogic® Log Management Intelligence (LMI) Log Source Report Mapping Guide 8 | Chapter 1 Introduction
Table 2 Log Source Report Mapping by Device Type - Access Control (Cont’d) Device Type Log Source Reports Nortel Contivity User Last Activity
Novell eDirectory Permission Modification
Novell eDirectory User Access
Novell eDirectory User Authentication
Novell eDirectory User Last Activity
Other UNIX Permission Modification
Other UNIX User Access
Other UNIX User Authentication
Other UNIX User Created/Deleted
Other UNIX User Last Activity
RSA ACE Server User Access
RSA ACE Server User Authentication
RSA ACE Server User Last Activity
Sidewinder User Access
Sidewinder User Authentication
Sidewinder User Created/Deleted
Sidewinder User Last Activity
SiteMinder User Access
SiteMinder User Authentication
SiteMinder User Last Activity
Sun Solaris Permission Modification
Sun Solaris User Access
Sun Solaris User Authentication
Sun Solaris User Created/Deleted
TIBCO LogLogic® Log Management Intelligence (LMI) Log Source Report Mapping Guide TIBCO LogLogic® Log Source Report Mapping | 9
Table 2 Log Source Report Mapping by Device Type - Access Control (Cont’d) Device Type Log Source Reports Sun Solaris User Last Activity
Sun Solaris BSM Permission Modification
Sun Solaris BSM User Access
Sun Solaris BSM User Authentication
Sun Solaris BSM User Created/Deleted
Sun Solaris BSM User Last Activity
Symantec Endpoint Protection User Access
Symantec Endpoint Protection User Authentication
Symantec Endpoint Protection User Created/Deleted
Symantec Endpoint Protection User Last Activity
TIBCO ActiveMatrix® Administrator User Access
TIBCO ActiveMatrix® Administrator User Authentication
TIBCO ActiveMatrix® Administrator User Last Activity
TIBCO Administrator™ User Access
TIBCO Administrator™ User Authentication
TIBCO Administrator™ User Last Activity
Tripwire Management Station User Access
VMware ESX Permission Modification
VMware ESX User Access
VMware ESX User Authentication
VMware ESX User Created/Deleted
VMware ESX User Last Activity
VMware Orchestrator User Access
VMware Orchestrator User Authentication
TIBCO LogLogic® Log Management Intelligence (LMI) Log Source Report Mapping Guide 10 | Chapter 1 Introduction
Table 2 Log Source Report Mapping by Device Type - Access Control (Cont’d) Device Type Log Source Reports VMware Orchestrator User Last Activity
VMware vCenter User Access
VMware vCenter User Authentication
VMware vCenter User Last Activity
VMware vCloud Director User Access
VMware vCloud Director User Authentication
VMware vCloud Director User Created/Deleted
VMware vCloud Director User Last Activity
VMware vShield Edge User Access
VMware vShield Edge User Authentication
VMware vShield Edge User Last Activity
Table 3 Log Source Report Mapping by Device Type – Database Activity Device Type Log Source Reports IBM DB2 All Database Events
IBM DB2 Database Access
IBM DB2 Database Data Access
IBM DB2 Database Privilege Modifications
IBM DB2 Database System Modifications
Microsoft SQL Server All Database Events
Microsoft SQL Server Database Access
Microsoft SQL Server Database Data Access
Microsoft SQL Server Database Privilege Modifications
Microsoft SQL Server Database System Modifications
TIBCO LogLogic® Log Management Intelligence (LMI) Log Source Report Mapping Guide TIBCO LogLogic® Log Source Report Mapping | 11
Table 3 Log Source Report Mapping by Device Type – Database Activity Device Type Log Source Reports Oracle Database All Database Events
Oracle Database Database Access
Oracle Database Database Data Access
Oracle Database Database Privilege Modifications
Oracle Database Database System Modifications
Sybase ASE All Database Events
Sybase ASE Database Access
Sybase ASE Database Data Access
Sybase ASE Database Privilege Modifications
Sybase ASE Database System Modifications
Table 4 Log Source Report Mapping by Device Type – Enterprise Content Management Device Type Log Source Reports All ECM Activity
Cisco ASA Content Management
Cisco ASA ECM Activity
Fortinet FortiOSECM Activity
Juniper SSL VPN Secure Access ECM Activity
Microsoft SharePoint Content Management
Microsoft SharePoint ECM Activity
Microsoft SharePoint Expiration and Disposition
Microsoft SharePoint Security Settings
Palo Alto Networks PANOS ECM Activity
TIBCO LogLogic® Log Management Intelligence (LMI) Log Source Report Mapping Guide 12 | Chapter 1 Introduction
Table 5 Log Source Report Mapping by Device Type – HP NonStop Audit Device Type Log Source Reports HP NonStop Audit Configuration Changes
HP NonStop Audit Failed And Successful Logins
HP NonStop Audit HP NonStop Audit Activity
HP NonStop Audit Object Access
HP NonStop Audit Object Changes
HP NonStop Audit User Actions
Table 6 Log Source Report Mapping by Device Type – IBM i5/OS Device Type Log Source Reports IBM i5/OS All Log Entry Types
IBM i5/OS System Object Access
IBM i5/OS User Access by Connection
IBM i5/OS User Action
IBM i5/OS User Jobs
Table 7 Log Source Report Mapping by Device Type – IBM z/OS Activity Device Type Log Source Reports z/OS RACF Unix System Services
z/OS RACF Violation
z/OS RACF Login/Logout
z/OS RACF Resource Access
z/OS RACF Security Modifications
z/OS RACF System Access/Configuration
TIBCO LogLogic® Log Management Intelligence (LMI) Log Source Report Mapping Guide TIBCO LogLogic® Log Source Report Mapping | 13
Table 8 Log Source Report Mapping by Device Type – Mail Activity Device Type Log Source Reports Cisco ESA Server Activity
Microsoft Exchange 2000/03 Exchange 2000/03 Activity
Microsoft Exchange 2000/03 Exchange 2000/03 Delay
Microsoft Exchange 2000/03 Exchange 2000/03 Size
Microsoft Exchange 2000/03 Exchange 2000/03 SMTP
Microsoft Exchange 2007/10 Message Exchange 2007 Mail Size Tracking
Microsoft Exchange 2007/10 Message Exchange 2007 Activity Tracking
Microsoft Exchange 2007 Pop/Imap Server Activity
Microsoft Exchange 2007 SMTP Receive Server Activity
Microsoft Exchange 2007 SMTP Send Server Activity
Table 9 Log Source Report Mapping by Device Type – Network Activity Device Type Log Source Reports All Denied Connections
All NAT64 Activity
All VPN Sessions
Apache WebServer Web Cache Activity
Apache WebServer Web Surfing Activity
Blue Coat ProxySG Web Cache Activity
Blue Coat Syslog Web Cache Activity
Check Point Interface Accepted Connections
TIBCO LogLogic® Log Management Intelligence (LMI) Log Source Report Mapping Guide 14 | Chapter 1 Introduction
Table 9 Log Source Report Mapping by Device Type – Network Activity (Cont’d) Device Type Log Source Reports Check Point Interface Active VPN Connections
Check Point Interface Application Distribution
Check Point Interface Denied Connections
Check Point Interface FTP Connections
Check Point Interface VPN Access
Check Point Interface VPN Sessions
Check Point Interface VPN Top Lists
Check Point Interface Web Surfing Activity
Cisco ASA Accepted Connections
Cisco ASA Active FW Connections
Cisco ASA Active VPN Connections
Cisco ASA Application Distribution
Cisco ASA Denied Connections
Cisco ASA FTP Connections
Cisco ASA VPN Access
Cisco ASA VPN Sessions
Cisco ASA VPN Top Lists
Cisco ASA Web Surfing Activity
Cisco Content Engine Web Cache Activity
Cisco Content Engine Web Surfing Activity
Cisco FWSM Accepted Connections
Cisco FWSM Active FW Connections
Cisco FWSM Active VPN Connections
Cisco FWSM Application Distribution
TIBCO LogLogic® Log Management Intelligence (LMI) Log Source Report Mapping Guide TIBCO LogLogic® Log Source Report Mapping | 15
Table 9 Log Source Report Mapping by Device Type – Network Activity (Cont’d) Device Type Log Source Reports Cisco FWSM Denied Connections
Cisco FWSM FTP Connections
Cisco FWSM VPN Access
Cisco FWSM VPN Sessions
Cisco FWSM VPN Top Lists
Cisco FWSM Web Surfing Activity
Cisco IOS Accepted Connections
Cisco IOS Denied Connections
Cisco NetFlow NAT64 Activity
Cisco NXOS Accepted Connections
Cisco NXOS Denied Connections
Cisco PIX Accepted Connections
Cisco PIX Active FW Connections
Cisco PIX Active VPN Connections
Cisco PIX Application Distribution
Cisco PIX Denied Connections
Cisco PIX FTP Connections
Cisco PIX VPN Access
Cisco PIX VPN Sessions
Cisco PIX VPN Top Lists
Cisco PIX Web Surfing Activity
Cisco Router Denied Connections
Cisco WSA Web Cache Activity
Cisco WSA Web Surfing Activity
TIBCO LogLogic® Log Management Intelligence (LMI) Log Source Report Mapping Guide 16 | Chapter 1 Introduction
Table 9 Log Source Report Mapping by Device Type – Network Activity (Cont’d) Device Type Log Source Reports Cisco VPN 3000 Active VPN Connections
Cisco VPN 3000 VPN Access
Cisco VPN 3000 VPN Sessions
Cisco VPN 3000 VPN Top Lists
F5 TMOS Accepted Connections
F5 TMOS Denied Connections
F5 TMOS Web Cache Activity
F5 TMOS Web Surfing Activity
Fortinet FortiOS Accepted Connections
Fortinet FortiOS Application Distribution
Fortinet FortiOS Denied Connections
Generic W3C Web Cache Activity
Generic W3C Web Surfing Activity
Juniper Firewall Accepted Connections
Juniper Firewall Application Distribution
Juniper Firewall Denied Connections
Juniper JunOS Accepted Connections
Juniper JunOS Application Distribution
Juniper JunOS Denied Connections
Juniper RT_Flow Accepted Connections
Juniper RT_Flow Denied Connections
Juniper SSL VPN Web Cache Activity
Juniper SSL VPN Web Surfing Activity
Microsoft DHCP DHCP Denied Activity
TIBCO LogLogic® Log Management Intelligence (LMI) Log Source Report Mapping Guide TIBCO LogLogic® Log Source Report Mapping | 17
Table 9 Log Source Report Mapping by Device Type – Network Activity (Cont’d) Device Type Log Source Reports Microsoft DHCP DHCP Granted/Renewed Activity
Microsoft DHCP DHCP Activity
Microsoft ISA Web Cache Activity
Microsoft IIS Web Cache Activity
Microsoft IIS Web Surfing Activity
Microsoft ISA Web Cache Activity
NetApp NetCache Web Cache Activity
Nortel Contivity Accepted Connections
Nortel Contivity Active VPN Connections
Nortel Contivity Application Distribution
Nortel Contivity Denied Connections
Nortel Contivity VPN Access
Nortel Contivity VPN Sessions
Nortel Contivity VPN Top Lists
Nortel Contivity Web Surfing Activity
Palo Alto Networks PANOS Accepted Connections
Palo Alto Networks PANOS Application Distribution
Palo Alto Networks PANOS Denied Connections
Palo Alto Networks PANOS Web Surfing Activity
RADIUS Acct Client Active VPN Connections
RADIUS Acct Client VPN Access
RADIUS Acct Client VPN Sessions
RADIUS Acct Client VPN Top Lists
Sidewinder Accepted Connections
TIBCO LogLogic® Log Management Intelligence (LMI) Log Source Report Mapping Guide 18 | Chapter 1 Introduction
Table 9 Log Source Report Mapping by Device Type – Network Activity (Cont’d) Device Type Log Source Reports Sidewinder Denied Connections
Squid Web Cache Activity
Symantec Endpoint Protection Accepted Connections
Symantec Endpoint Protection Application Distribution
Symantec Endpoint Protection Denied Connections
VMware vShield Edge Accepted Connections
VMware vShield Edge Denied Connections
VMware vShield Edge DHCP Activity
VMware vShield Edge DHCP Granted/Renewed Activity
Table 10 Log Source Report Mapping by Device Type – Operational Device Type Log Source Reports All All Unparsed Events
Active Directory All Unparsed Events
Active Directory Total Message Count
Apache WebServer All Unparsed Events
Apache WebServer Total Message Count
Blue Coat Proxy Syslog All Unparsed Events
Blue Coat Proxy Syslog Total Message Count
Blue Coat ProxySG All Unparsed Events
Blue Coat ProxySG Total Message Count
BMC Remedy ARS All Unparsed Events
BMC Remedy ARS Total Message Count
TIBCO LogLogic® Log Management Intelligence (LMI) Log Source Report Mapping Guide TIBCO LogLogic® Log Source Report Mapping | 19
Table 10 Log Source Report Mapping by Device Type – Operational (Cont’d) Device Type Log Source Reports Check Point Interface All Unparsed Events
Check Point Interface Firewall Statistics
Check Point Interface Security Events
Check Point Interface System Events
Check Point Interface Total Message Count
Check Point Inerface VPN Events
Cisco ASA All Unparsed Events
Cisco ASA Firewall Statistics
Cisco ASA Security Events
Cisco ASA System Events
Cisco ASA Total Message Count
Cisco ASA VPN Events
Cisco Content Engine All Unparsed Events
Cisco Content Engine Total Message Count
Cisco ESA All Unparsed Events
Cisco ESA Total Message Count
Cisco FWSM All Unparsed Events
Cisco FWSM Firewall Statistics
Cisco FWSM Security Events
Cisco FWSM System Events
Cisco FWSM Total Message Count
Cisco FWSM VPN Events
Cisco IOS All Unparsed Events
Cisco IOS Total Message Count
TIBCO LogLogic® Log Management Intelligence (LMI) Log Source Report Mapping Guide 20 | Chapter 1 Introduction
Table 10 Log Source Report Mapping by Device Type – Operational (Cont’d) Device Type Log Source Reports Cisco IPS All Unparsed Events
Cisco IPS Total Message Count
Cisco ISE All Unparsed Events
Cisco ISE Total Message Count
Cisco NetFlow All Unparsed Events
Cisco NetFlow Total Message Count
Cisco NXOS All Unparsed Events
Cisco NXOS Total Message Count
Cisco PIX All Unparsed Events
Cisco PIX Firewall Statistics
Cisco PIX Security Events
Cisco PIX System Events
Cisco PIX Total Message Count
Cisco PIX VPN Events
Cisco Router All Unparsed Events
Cisco Router Firewall Statistics
Cisco Router Total Message Count
Cisco Secure ACS All Unparsed Events
Cisco Secure ACS Total Message Count
Cisco WSA All Unparsed Events
Cisco WSA Total Message Count
Cisco Switch All Unparsed Events
Cisco Switch Total Message Count
Cisco VPN 3000 All Unparsed Events
TIBCO LogLogic® Log Management Intelligence (LMI) Log Source Report Mapping Guide TIBCO LogLogic® Log Source Report Mapping | 21
Table 10 Log Source Report Mapping by Device Type – Operational (Cont’d) Device Type Log Source Reports Cisco VPN 3000 Total Message Count
Cisco VPN 3000 VPN Events
Cisco Win ACS All Unparsed Events
Cisco Win ACS Total Message Count
Decru Datafort All Unparsed Events
Decru Datafort Total Message Count
F5 TMOS Total Message Count
Fortinet FortiOS All Unparsed Events
Fortinet FortiOS Total Message Count
General Syslog All Unparsed Events
General Syslog Total Message Count
General TIBCO All Unparsed Events
General TIBCO Total Message Count
Generic W3C All Unparsed Events
Generic W3C Total Message Count
Guardium SQL Guard All Unparsed Events
Guardium SQL Guard Total Message Count
Guardium SQLGuard Audit All Unparsed Events
Guardium SQLGuard Audit Total Message Count
Guardium SQLGuard Audit All Unparsed Events
Guardium SQLGuard Audit Total Message Count
HP NonStop Audit All Unparsed Events
HP NonStop Audit Total Message Count
HP/UX All Unparsed Events
TIBCO LogLogic® Log Management Intelligence (LMI) Log Source Report Mapping Guide 22 | Chapter 1 Introduction
Table 10 Log Source Report Mapping by Device Type – Operational (Cont’d) Device Type Log Source Reports HP/UX Total Message Count
HP-UX Audit All Unparsed Events
HP-UX Audit Total Message Count
IBM AIX All Unparsed Events
IBM AIX Total Message Count
IBM AIX Audit All Unparsed Events
IBM AIX Audit Total Message Count
IBM DB2 All Unparsed Events
IBM DB2 Total Message Count
IBM i5/OS All Unparsed Events
IBM i5/OS Total Message Count
ISS RealSecure NIDS All Unparsed Events
ISS RealSecure NIDS Total Message Count
ISS SiteProtector All Unparsed Events
ISS SiteProtector Total Message Count
Juniper Firewall All Unparsed Events
Juniper Firewall Firewall Statistics
Juniper Firewall Security Events
Juniper Firewall System Events
Juniper Firewall Total Message Count
Juniper IDP All Unparsed Events
Juniper IDP Total Message Count
Juniper JunOS All Unparsed Events
Junpier JunOS Firewall Statistics
TIBCO LogLogic® Log Management Intelligence (LMI) Log Source Report Mapping Guide TIBCO LogLogic® Log Source Report Mapping | 23
Table 10 Log Source Report Mapping by Device Type – Operational (Cont’d) Device Type Log Source Reports Juniper JunOS Total Message Count
Juniper RT_Flow All Unparsed Events
Juniper RT_Flow Firewall Statistics
Juniper RT_Flow Total Message Count
Juniper SSL VPN All Unparsed Events
Juniper SSL VPN Total Message Count
Juniper SSL VPN Secure Access All Unparsed Events
Juniper SSL VPN Secure Access Total Message Count
KondorPlus All Unparsed Events
KondorPlus Total Message Count
Linux All Unparsed Events
Linux Total Message Count
LogLogic Appliance All Unparsed Events
LogLogic Appliance Total Message Count
TIBCO LogLogic® Database Security Manager All Unparsed Events
TIBCO LogLogic® Database Security Manager Total Message Count
TIBCO LogLogic® Management Center All Unparsed Events
TIBCO LogLogic® Management Center Total Message Count
TIBCO LogLogic® Universal Collector All Unparsed Events
TIBCO LogLogic® Universal Collector Total Message Count
McAfee ePolicy Orchestrator All Unparsed Events
McAfee ePolicy Orchestrator Total Message Count
Microsoft DHCP All Unparsed Events
Microsoft DHCP Total Message Count
TIBCO LogLogic® Log Management Intelligence (LMI) Log Source Report Mapping Guide 24 | Chapter 1 Introduction
Table 10 Log Source Report Mapping by Device Type – Operational (Cont’d) Device Type Log Source Reports Microsoft DNS All Unparsed Events
Microsoft Exchange 2000/03 All Unparsed Events
Microsoft Exchange 2000/03 Total Message Count
Microsoft Exchange 2007/10 Application logs All Unparsed Events
Microsoft Exchange 2007/10 Application logs Total Message Count
Microsoft Exchange 2007/10 Message All Unparsed Events Tracking
Microsoft Exchange 2007/10 Message Total Message Count Tracking
Microsoft Exchange 2007 Pop/Imap All Unparsed Events
Microsoft Exchange 2007 Pop/Imap Total Message Count
Microsoft Exchange 2007/10 SMTP Receive All Unparsed Events
Microsoft Exchange 2007/10 SMTP Receive Total Message Count
Microsoft Exchange 2007/10 SMTP Send All Unparsed Events
Microsoft Exchange 2007/10 SMTP Send Total Message Count
Microsoft IAS All Unparsed Events
Microsoft IAS Total Message Count
Microsoft IIS All Unparsed Events
Microsoft IIS Total Message Count
Microsoft ISA All Unparsed Events
Microsoft ISA Total Message Count
Microsoft MOM/SCOM All Unparsed Events
Microsoft MOM/SCOM Total Message Count
Microsoft SharePoint All Unparsed Events
Microsoft SharePoint Total Message Count
TIBCO LogLogic® Log Management Intelligence (LMI) Log Source Report Mapping Guide TIBCO LogLogic® Log Source Report Mapping | 25
Table 10 Log Source Report Mapping by Device Type – Operational (Cont’d) Device Type Log Source Reports Microsoft SQL Server All Unparsed Events
Microsoft SQL Server Total Message Count
Microsoft SQL Server Application logs All Unparsed Events
Microsoft SQL Server Application logs Total Message Count
Microsoft SQL Server GDBC All Unparsed Events
Microsoft SQL Server GDBC Total Message Count
Microsoft Windows All Unparsed Events
Microsoft Windows Total Message Count
Microsoft Windows Chinese All Unparsed Events
Microsoft Windows Chinese Total Message Count
Microsoft Windows French All Unparsed Events
Microsoft Windows French Total Message Count
Microsoft Windows German All Unparsed Events
Microsoft Windows German Total Message Count
Microsoft Windows Japanese All Unparsed Events
Microsoft Windows Japanese Total Message Count
Microsoft Windows Korean All Unparsed Events
Microsoft Windows Korean Total Message Count
MySQL Server GDBC All Unparsed Events
MySQL Server GDBC Total Message Count
NetApp Filer All Unparsed Events
NetApp Filer Total Message Count
NetApp Filer Audit All Unparsed Events
NetApp Filer Audit Total Message Count
TIBCO LogLogic® Log Management Intelligence (LMI) Log Source Report Mapping Guide 26 | Chapter 1 Introduction
Table 10 Log Source Report Mapping by Device Type – Operational (Cont’d) Device Type Log Source Reports NetApp NetCache All Unparsed Events
NetApp NetCache Total Message Count
Nortel Contivity All Unparsed Events
Nortel Contivity System Events
Nortel Contivity Total Message Count
Nortel Contivity VPN Events
Novell eDirectory All Unparsed Events
Novell eDirectory Total Message Count
Oracle Database All Unparsed Events
Oracle Database Total Message Count
Oracle GDBC All Unparsed Events
Oracle GDBC Total Message Count
Other File Device All Unparsed Events
Other File Device Total Message Count
Other UNIX All Unparsed Events
Other UNIX Total Message Count
Palo Alto Networks PANOS All Unparsed Events
Palo Alto Networks PANOS Total Message Count
RADIUS Acct Client All Unparsed Events
RADIUS Acct Client Total Message Count
RADIUS Acct Client VPN Events
RSA ACE Server All Unparsed Events
RSA ACE Server Total Message Count
Sidewinder All Unparsed Events
TIBCO LogLogic® Log Management Intelligence (LMI) Log Source Report Mapping Guide TIBCO LogLogic® Log Source Report Mapping | 27
Table 10 Log Source Report Mapping by Device Type – Operational (Cont’d) Device Type Log Source Reports Sidewinder Firewall Statistics
Sidewinder Total Message Count
SiteMinder All Unparsed Events
SiteMinder Total Message Count
SiteProtector All Unparsed Events
SiteProtector Total Message Count
Snort All Unparsed Events
Snort Total Message Count
Sourcefire All Unparsed Events
Sourcefire Total Message Count
Sourcefire Defense Center All Unparsed Events
Sourcefire Defense Center Total Message Count
Squid All Unparsed Events
Squid Total Message Count
Sun Solaris All Unparsed Events
Sun Solaris Total Message Count
Sun Solaris BSM All Unparsed Events
Sun Solaris BSM Total Message Count
Sybase ASE All Unparsed Events
Sybase ASE Total Message Count
Symantec AntiVirus All Unparsed Events
Symantec AntiVirus Total Message Count
Symantec Endpoint Protection All Unparsed Events
Symantec Endpoint Protection Total Message Count
TIBCO LogLogic® Log Management Intelligence (LMI) Log Source Report Mapping Guide 28 | Chapter 1 Introduction
Table 10 Log Source Report Mapping by Device Type – Operational (Cont’d) Device Type Log Source Reports TIBCO ActiveMatrix® Administrator All Unparsed Events
TIBCO ActiveMatrix® Administrator Total Message Count
TIBCO AdministratorTM All Unparsed Events
TIBCO AdministratorTM Total Message Count
TIBCO BusinessWorksTM All Unparsed Events
TIBCO BusinessWorksTM Total Message Count
TIBCO EMSC All Unparsed Events
TIBCO EMSC Total Message Count
TIBCO Hawk® Agent All Unparsed Events
TIBCO Hawk® Agent Total Message Count
TrendMicro Control Manager All Unparsed Events
TrendMicro Control Manager Total Message Count
TrendMicro OfficeScan All Unparsed Events
TrendMicro OfficeScan Total Message Count
Tripwire Management Station All Unparsed Events
Tripwire Management Station Total Message Count
VMware ESX All Unparsed Events
VMware ESX Total Message Count
VMware Orchestrator All Unparsed Events
VMware Orchestrator Total Message Count
VMware vCenter Total Message Count
VMware vCenter All Unparsed Events
VMware vCloud Director Total Message Count
VMware vShield Total Message Count
TIBCO LogLogic® Log Management Intelligence (LMI) Log Source Report Mapping Guide TIBCO LogLogic® Log Source Report Mapping | 29
Table 10 Log Source Report Mapping by Device Type – Operational (Cont’d) Device Type Log Source Reports z/OS RACF All Unparsed Events
z/OS RACF Total Message Count
Table 11 Log Source Report Mapping by Device Type – Policy Reports Device Type Log Source Reports Check Point Interface Rules/Policies
Juniper Firewall Rules/Policies
LogLogic Appliance Network Policies
Microsoft SharePoint ECM Policy
Nortel Contivity Rules/Policies
Table 12 Log Source Report Mapping by Device Type – Storage Systems Activity Device Type Log Source Reports NetApp Filer Filer Access
NetApp Filer Audit Filer Access
Table 13 Log Source Report Mapping by Device Type – Threat Management Device Type Log Source Reports All IDS/IPS Activity
All HIPS Activity
Cisco ASA IDS/IPS Activity
Cisco ASA Security Summary
Cisco ESA Threat Activity
TIBCO LogLogic® Log Management Intelligence (LMI) Log Source Report Mapping Guide 30 | Chapter 1 Introduction
Table 13 Log Source Report Mapping by Device Type – Threat Management (Cont’d) Device Type Log Source Reports Cisco ESA Configuration Activity
Cisco ESA Scan Activity
Cisco ESA Security Summary
Cisco FWSM IDS/IPS Activity
Cisco IOS IDS/IPS Activity
Cisco IPS Security Summary
Cisco ISE Secuirty Summary
Cisco NXOS Security Summary
Cisco NXOS2 Security Summary
Cisco IPS IDS/IPS Activity
Cisco PIX IDS/IPS Activity
Cisco Secure ACS Security Summary
Cisco WSA Security Summary
F5 TMOS Security Summary
Fortinet FortiOS IDS/IPS Activity
Fortinet FortiOS Threat Activity
Guardium SQL Guard DB IPS Activity
Guardium SQLGuard Audit DB IPS Activity
ISS RealSecure NIDS IDS/IPS Activity
ISS SiteProtector IDS/IPS Activity
Juniper IDP IDS/IPS Activity
Juniper JunOS IDS/IPS Activity
McAfee ePolicy Orchestrator Configuration Activity
McAfee ePolicy Orchestrator HIPS Activity
TIBCO LogLogic® Log Management Intelligence (LMI) Log Source Report Mapping Guide TIBCO LogLogic® Log Source Report Mapping | 31
Table 13 Log Source Report Mapping by Device Type – Threat Management (Cont’d) Device Type Log Source Reports McAfee ePolicy Orchestrator Scan Activity
McAfee ePolicy Orchestrator Threat Activity
Palo Alto Networks PANOS IDS/IPS Activity
Palo Alto Networks PANO Threat Activity
SiteProtector IDS/IPS Activity
Snort IDS/IPS Activity
Sourcefire IDS/IPS Activity
Sourcefire Defense Center IDS/IPS Activity
Symantec AntiVirus Configuration Activity
Symantec AntiVirus Scan Activity
Symantec AntiVirus Threat Activity
Symantec Endpoint Protection Threat Activity
Symantec Endpoint Protect Configuration Activity
Symantec Endpoint Protection HIPS Activity
Symantect Endpoint Protection Scan Activity
Symantect Endpoint Protection Security Summary
TrendMicro Control Manager Threat Activity
TrendMicro OfficeScan Threat Activity
Table 14 Log Source Report Mapping by Device Type – Flow Activity Device Type Log Source Reports All Application Usage
All User Browsing Statics
TIBCO LogLogic® Log Management Intelligence (LMI) Log Source Report Mapping Guide 32 | Chapter 1 Introduction
Table 14 Log Source Report Mapping by Device Type – Flow Activity Device Type Log Source Reports All Top Users
Cisco NetFlow Application Usage
Cisco NetFlow User Browsing Static
Cisco NetFlow Top Users
TIBCO LogLogic® Log Management Intelligence (LMI) Log Source Report Mapping Guide