firewall.stormshield

[ 1 Introduction ] [ 2 Valid tags and data tables ] [ 3 How is the data sent to Devo? ] [ 4 Table structure ]

Introduction

The tags beginning with firewall.stormshield identify events generated by Stormshield.

Valid tags and data tables

The full tag must have 3 levels. The first two are fixed as firewall.stormshield. The third level identifies the type of events sent.

These are the valid tags and corresponding data tables that will receive the parsers' data:

Product / Service	Tags	Data tables

Product / Service	Tags	Data tables
Stormshield Network Security	`firewall.stormshield.alarm`	`firewall.stormshield.alarm`
	`firewall.stormshield.auth`	`firewall.stormshield.auth`
	`firewall.stormshield.connection`	`firewall.stormshield.connection`
	`firewall.stormshield.filterstat`	`firewall.stormshield.filterstat`
	`firewall.stormshield.monitor`	`firewall.stormshield.monitor`
	`firewall.stormshield.plugin`	`firewall.stormshield.plugin`
	`firewall.stormshield.pop3`	`firewall.stormshield.pop3`
	`firewall.stormshield.pvm`	`firewall.stormshield.pvm`
	`firewall.stormshield.sandboxing`	`firewall.stormshield.sandboxing`
	`firewall.stormshield.server`	`firewall.stormshield.server`
	`firewall.stormshield.smtp`	`firewall.stormshield.smtp`
	`firewall.stormshield.ssl`	`firewall.stormshield.ssl`
	`firewall.stormshield.system`	`firewall.stormshield.system`
	`firewall.stormshield.vpn`	`firewall.stormshield.vpn`
	`firewall.stormshield.web`	`firewall.stormshield.web`
	`firewall.stormshield.xvpn`	`firewall.stormshield.xvpn`

For more information, read more About Devo tags.

How is the data sent to Devo?

In order to send logs to these Devo tables, go to the Syslog tab and use the Syslog sending configuration provided by the vendor. You can read more information in this article.

In the Format field, you must choose LEGACY.

Table structure

These are the fields displayed in these tables: