Stonesoft¶
Constructor : Stonesoft¶
Device : Firewall & IDS¶
Log format : structured¶
Sample messages :
CEF:0Firewall700180|spt=48524 deviceExternalId=stonesoftfw node 2 dst=192.168.0.43 app=SNMP (UDP) rt=Jan 08 2016 09:50:05 deviceFacility=Packet filter destinationTranslatedPort=161 sourceTranslatedPort=61430 destinationTranslatedAddress=192.168.0.43 sourceTranslatedAddress=192.168.0.44 act=Allow deviceOutboundInterface=Interface #12 deviceInboundInterface=Interface #129 proto=17 dpt=161 src=192.168.0.45 dvc=192.168.0.11 dvchost=192.168.0.11 cs2Label=NatRuleId cs2=510.12 cs1Label=RuleId cs1=301.8
| Constructor field | LMC field |
|---|---|
| [rt] | [obs][ts] |
| [src] | [init][host][ip] |
| [spt] | [init][host][port] |
| [dst] | [target][host][ip] |
| [dpt] | [target][host][port] |
| [proto] | [app][proto][num] |
| [dvc] | [obs][host][ip] |
| [dvchost] | [obs][host][name] |
| [sourceTranslatedAddress] | [init][host][nat][ip] |
| [sourceTranslatedPort] | [init][host][nat][port] |
| [destinationTranslatedAddress] | [target][host][nat][ip] |
| [destinationTranslatedPort] | [target][host][nat][port] |
| [deviceInboundInterface] | [init][host][if] |
| [deviceOutboundInterface] | [target][host][if] |
| [smac] | [init][host][mac] |
| [dmac] | [target][host][mac] |
| [app] | [stonesoft][app][name] |
| [act] | [stonesoft][action] |
| [cat] | [stonesoft][alarm][cat] |
Test Unit List¶
unit_cef_content_fw_1.json unit_cef_enrich_geo_2.json unit_cef_norm_action_2.json unit_cef_norm_nf_1.json unit_cef_content_fw_2.json unit_cef_header_fw_1.json unit_cef_norm_action_3.json unit_cef_norm_nf_2.json unit_cef_content_ips_1.json unit_cef_header_fw_2.json unit_cef_norm_action_4.json unit_cef_content_ips_2.json unit_cef_header_ips_1.json unit_cef_norm_action_5.json unit_cef_enrich_geo_1.json unit_cef_norm_action_1.json unit_cef_norm_action_6.json