Skip to content

Stonesoft

Constructor : Stonesoft

Device : Firewall & IDS

Log format : structured

Sample messages :

CEF:0Firewall700180|spt=48524 deviceExternalId=stonesoftfw node 2 dst=192.168.0.43 app=SNMP (UDP) rt=Jan 08 2016 09:50:05 deviceFacility=Packet filter destinationTranslatedPort=161 sourceTranslatedPort=61430 destinationTranslatedAddress=192.168.0.43 sourceTranslatedAddress=192.168.0.44 act=Allow deviceOutboundInterface=Interface #12 deviceInboundInterface=Interface #129 proto=17 dpt=161 src=192.168.0.45 dvc=192.168.0.11 dvchost=192.168.0.11 cs2Label=NatRuleId cs2=510.12 cs1Label=RuleId cs1=301.8

Constructor field LMC field
[rt] [obs][ts]
[src] [init][host][ip]
[spt] [init][host][port]
[dst] [target][host][ip]
[dpt] [target][host][port]
[proto] [app][proto][num]
[dvc] [obs][host][ip]
[dvchost] [obs][host][name]
[sourceTranslatedAddress] [init][host][nat][ip]
[sourceTranslatedPort] [init][host][nat][port]
[destinationTranslatedAddress] [target][host][nat][ip]
[destinationTranslatedPort] [target][host][nat][port]
[deviceInboundInterface] [init][host][if]
[deviceOutboundInterface] [target][host][if]
[smac] [init][host][mac]
[dmac] [target][host][mac]
[app] [stonesoft][app][name]
[act] [stonesoft][action]
[cat] [stonesoft][alarm][cat]

Test Unit List

unit_cef_content_fw_1.json unit_cef_enrich_geo_2.json unit_cef_norm_action_2.json unit_cef_norm_nf_1.json unit_cef_content_fw_2.json unit_cef_header_fw_1.json unit_cef_norm_action_3.json unit_cef_norm_nf_2.json unit_cef_content_ips_1.json unit_cef_header_fw_2.json unit_cef_norm_action_4.json unit_cef_content_ips_2.json unit_cef_header_ips_1.json unit_cef_norm_action_5.json unit_cef_enrich_geo_1.json unit_cef_norm_action_1.json unit_cef_norm_action_6.json