Sawmill 対 応 ログフォーマット 一 覧 2015/3/30

Transcription

1 Sawmill 対 応 ログフォーマット 一 覧 No Log Format 1 3Com 3CRGPOE10075 WAP 2 3Com NBX Com OfficeConnect/WinSyslog 4 3COM TippingPoint 5 3COM TippingPoint IPS Com TippingPoint SMS 7 4D WebSTAR Common Access 8 4ipnet WHG 9 8e6 Technologies X-Stop 10 A10 Networks AX Series ADC and Server Load Balancer 11 A10 Networks AX Series Authentication 12 AboCom Systems, Inc. VPN Firewall 13 Adiscon EventReporter (v.7) 14 Adiscon EventReporter v.6 15 Adiscon MonitorWare 16 Adiscon MonitorWare (Alternative) 17 Adiscon WinSyslog 18 Adobe ColdFusion Application Server 19 Adobe ColdFusion Application Server (CSV) 20 Adobe ColdFusion Web Server 21 Adobe Flash Media Server 22 Advanced Network Software Host monitor 23 AEP Netilla 24 Akamai HTTP Streaming (W3C) 25 Akamai Web Server Log (W3C) 26 Aladdin esafe Gateway 27 Aladdin esafe Sessions 28 Aladdin esafe Sessions (with URL category) 29 Aladdin esafe Sessions v5/v6 30 Aladdin Mail Security Gateway 31 Alcatel-Lucent Brick Firewall 32 Alcatel-Lucent VPN Firewall Brick 33 Alt-N Technologies MDaemon 7 34 Alt-N Technologies MDaemon 7 (All) 35 Alt-N Technologies MDaemon Alt-N Technologies MDaemon Routing 37 Amavis Mail Virus Scanner 38 Amazon Cloudfront Download 39 Amazon Cloudfront Streaming 40 Amazon S3 41 Amazon Web Services Elasic Load Balancer 42 Apache Custom (Use with your format string) 43 Apache Error 44 Apache Error (syslog required) 45 Apache Mod Gzip 46 Apache NCSA Combined 47 Apache NCSA Combined (NetTracker) 48 Apache NCSA Combined With Cookie Last 49 Apache NCSA Combined With Cookie Last (with JSESSIONID) 50 Apache NCSA Combined With Server Domain After Agent 51 Apache NCSA Combined With Server Domain After Date 52 Apache NCSA Combined With Server Domain After Host 53 Apache NCSA Combined With Server Domain After Size 54 Apache NCSA Combined With Server Domain Before Host 55 Apache NCSA Combined with Syslog 56 Apache NCSA Combined With Visitor Cookie 57 Apache NCSA Combined With WebTrends Cookie (1/19) 2015/3/30

2 58 Apache SpamAssassin 59 Apache SSL Request 60 Apache Tomcat 61 Apache Tomcat (using Access Log Valve pattern) 62 Apache Tomcat Alt 63 Apple AppleShare IP Manager 64 Apple File Service 65 Apple MacOS X FTP 66 Apple Quicktime Streaming Error 67 Apple Quicktime/Darwin Streaming Server 68 Applied Identity WELF 69 ARBOR Networks eseries Broadband Traffic Management 70 ArGo Software Design Mail Server 71 ArGo Software Design Mail Server (ddmmyyyy) 72 Argsoft Mail Server 73 Argus Firewall 74 Arm Research Labs Message Sniffer 75 Array Networks APV Application Delivery Controller 76 Array Networks Integrated Web Traffic Manager 500/ Array Networks SPX 3000 VPN 78 Array Networks SPX 3000 WELF/Squid combined 79 Aruba Networks Aruba Mobility Controllers 80 Aruba Networks Aruba Wireless LAN Switch 81 Ascend Communications 82 ASDS AutoAdmin 83 ASSP Anti-spam SMTP Proxy 84 Astaro Mail Security 85 Astaro Security Gateway 86 Atlassian Confluence 87 Atlassian JIRA 88 Atom Error Log 89 Aurea Savvion BPM 90 Autodesk Network License Manager (Ehanced Reports) 91 Autodesk Network License Manager (FlexLM) 92 Avaya Identify Engines 93 Aventail SSL VPN 94 Aventail Web Access SSL VPN [AAR plug-in 1.6] 95 Balabit IT Security Syslog NG (tab separated) 96 BalaBit IT Security Syslog NG Log (no date in log data; yyyymmdd date in filename) 97 BalaBit IT Security Syslog NG Messages 98 BalaBit IT Security Syslog-NG 99 BalaBit IT Security Syslog-NG (No Time Zone) 100 BalaBit IT Security Syslog-NG (No Year) 101 Barracuda Networks, Inc. Spam Firewall Barracuda Networks, Inc. Spam Firewall Barracuda Networks, Inc. Spam Firewall Barracuda Spyware Filter 105 Barracuda Web Application Firewall 106 Barracuda Web Application Firewall (Access with extended info) 107 Barracuda Web Application Firewall (Access) 108 Barracuda Web Application Firewall (Access) (With Field Header) 109 Barracuda Web Application Firewall (Audit) 110 Barrier Group Firewall 111 Bay Networks Annex Terminal Server 112 BEA Systems WebLogic (diagnostic) 113 BEA Systems WebLogic Bea Systems WebLogic Application Server 115 BEA Systems WebLogic non-extended 116 BEA WebLogic 117 BindView EMS Reporting 118 BindView User Logins (2/19)

3 119 Bindview Windows Event Log 120 Biodata BigFire Firewall 121 Biscom Delivery Server (BDS FTP) 122 Bitblock Systems HTTP Access 123 Bitvise WinSSHD 124 Bitvise Winsshd 125 BlackStratus LogStorm Syslog 126 Blue Coat Winproxy 5.1 (yyyy-mm-dd dates) 127 Blue Coat WinProxy Alternate 128 Blue-Canoe MTS Professional 129 Bluecoat Instant Messenger 130 BlueCoat NetCache 131 BlueCoat NetCache Bluecoat ProxySG (Alt) 133 Bluecoat ProxySG (Custom) 134 Bluecoat ProxySG Bluecoat RealMedia 136 Bluecoat Squid 137 Bluecoat W3C (ELFF) 138 Bluecoat Windows Media 139 Bluesocket Wireless LAN 140 Bomgar Box 141 Borderware Runstats 142 Borderware Security Device 143 BPF BPFT Traflog 144 BPF BPFT4 (with interface) 145 BPF Traffic Daemon (BPFT v.4) 146 BroadVision Error 147 BroadVision Observation 148 BroadWeb BandKeeper* 149 BroadWeb BEMS* 150 BroadWeb Eulen* 151 Broadweb NetKeeper NK BroadWeb NetKeeper* 153 BroadWeb NH6* 154 BroadWeb UTM* 155 BroadWeb XKeeper* 156 Brocade BigIron Switch 157 Brocade ServerIron Switch 158 BSD NVDCMS 159 BSD tcpdump 160 BSD tcpdump (-tt) 161 BSD tcpdump (-tt, with interface) 162 BSD tcpdump (-tt, with interface) Alternate 163 Bulletproof FTP Server (dd/mm/yy, 24-hour) 164 Bulletproof FTP Server (dd/mm/yyyy) 165 Bulletproof FTP Server (dd/mm/yyyy, 24 hour) 166 Bulletproof FTP Server (mm/dd/yy) 167 Bulletproof FTP Server (mm/dd/yyyy) 168 Bulletproof FTP Server (yyyy/mm/dd) 169 Bulletproof FTP Sessions 170 CA Technologies SiteMinder Apache WebAgent 171 CA Technologies SiteMinder Policy Server 172 CA Technologies SiteMinder Web Acccess Manager 173 CA Technologies SiteMinder WebAgent 174 Canto Cumulus Digital Asset Management 175 CCMedia Webnibbler 176 Cell Technology IPS 177 Cellopoint CelloOS 178 Cellopoint CelloOS crond 179 Cellopoint CelloOS Daemon Syslog Messages (3/19)

4 180 Cellopoint Firewalll 181 Centricity FirstClass 182 Centricity FirstClass (mmddyyyy) 183 CFT Account 184 Check Point SNMP 185 Check Point Software Technologies Zone Alarm 186 Checkpoint Firewall-1 (fw log export) 187 Checkpoint Firewall-1 (fw log -ftn export) 188 Checkpoint Firewall-1 (logexport) 189 Checkpoint Firewall-1 (loggrabber with syslog) 190 Checkpoint Firewall-1 (loggrabber) 191 Checkpoint Firewall-1 (text export) 192 Checkpoint Firewall-1 Log Viewer Checkpoint Firewall-1 NG (text export) 194 Checkpoint Firewall-1 NG Full 195 Checkpoint Firewall-1 NG General (text export) 196 Checkpoint Firewall-1 via Syslog 197 Chenziyi Catcher 198 CiperTrust Ironmail AV (Sophos) 199 CiperTrust Ironmail CSV 200 CiperTrust Ironmail SMTP Proxy 201 CiperTrust Ironmail SMTPO 202 CiperTrust Ironmail Sophosq 203 CiperTrust Ironmail Spam 204 Cisco ecds 205 Cisco IOS Debug IP Packet Detailed (Using Syslog Server) 206 Cisco IPS 207 Cisco IronPort IronPort S-Series Access Logs HR Profile for Extended Squid Format 208 Cisco IronPort IronPort S-Series Access Logs Sec Ops Profile for Extended Squid Format 209 Cisco IronPort IronPort S-Series Traffic Monitor Logs v for WSA v Cisco IronPort IronPort S-Series Traffic Monitor Logs v for WSA v Cisco IronPort Web Services Appliance (WSA S-Series) (pseudo-w3c with pattern header) 212 Cisco IronPort Web Services Appliance (WSA S-Series) (W3C) 213 Cisco Linksys Router 214 Cisco LinkSys VPN Router 215 Cisco PIX Firewall Syslog Server 216 Cisco PortSentry 217 Cisco Systems 3750 Switch 218 Cisco Systems 827 Router (Kiwi, Full Dates, Tabs) 219 Cisco Systems Access Control Server 220 Cisco Systems Access Register 221 Cisco Systems ACNS with SmartFilter 222 Cisco Systems AS5300 Access Server 223 Cisco Systems CE (Content Engine) 224 Cisco Systems CE Common (Content Engine) 225 Cisco Systems Ciscoworks Syslog Server 226 Cisco Systems EMBLEM 227 Cisco Systems IDS/NetRanger 228 Cisco Systems IOS DHCP Server 229 Cisco Systems NetFlow 230 Cisco Systems NetFlow (flow-export) 231 Cisco Systems NetFlow (FlowTools ASCII Export) 232 Cisco Systems NetFlow (nfdump -o long) 233 Cisco Systems NetFlow (no dates) 234 Cisco Systems NetFlow (version 1) 235 Cisco Systems PIX/ASA Security Appliance 236 Cisco Systems Router 237 Cisco Systems Router (No Syslog) 238 Cisco Systems SCA 239 Cisco Systems Secure Server (RAS) 240 Cisco Systems SOHO77 (4/19)

5 241 Cisco Systems TACACS+ Accounting 242 Cisco Systems Voice Router 243 Cisco Systems VPN Concentrator (Alt) 244 Cisco Systems VPN Concentrator (Comma delimited) 245 Cisco Systems VPN Concentrator (mmddyyyy) 246 Cisco Systems VPN Concentrator Date/Time Header 247 Cisco VPN Concentrator 248 Cisco WAAS TCP Proxy 249 Cisco WAAS TCP Proxy Cisco/IronPort Bounce 251 Cisco/IronPort C Series Secure 252 Citrix Firewall Manager Syslog 253 Citrix NetScaler 254 Claranet Common Access 255 Clavister Firewall (CSV) 256 Clavister Firewall (with syslog) 257 Clavister SG 258 Clavister SG Series (comma-separated) 259 Clearswift MAILsweeper (24 Hour) 260 Clearswift MAILsweeper (AM/PM) 261 Clearswift MAILSweeper (long) 262 Clearswift MIMEsweeper 263 Clearswift Technologies Websweeper 264 Clickcadence Beatbox Hits 265 Cognos PowerPlay Enterprise Server 266 Cognos Ticket Server 267 CommuniGate Systems Communigate Mail Server 268 CommuniGate Systems CommuniGate Pro 269 Computer Associates ARCserve NT 270 Coradiant Object Tracking 271 Coradiant TrueSight v Courier POP3/IMAP Mail Server 273 CP Secure Content Security Gateway 274 Critical Path Mail Server (POP/IMAP) 275 Critical Path Mail Server (SMTP) 276 CyberGuard Firewall 277 CyberGuard Firewall (WELF) 278 CyberGuard Firewall Audit(non-WELF) 279 Dade Behring User 280 Dade Behring User Account (With Duration) 281 DansGuardian Content Filter DansGuardian Content Filter DansGuardian Content Filter Dartware InterMapper Event 285 Dartware InterMapper Outages 286 Dartware InterMapper Outages (ddmmyyyy 24 hr time) 287 Dartware Intermapper Outages (mmmddyyyy, AM/PM) 288 DataEnter XWall 289 Datagram SyslogServer 290 Declude Spam Filter 291 Declude Virus Filter 292 DeepMail IMAP/POP3/SMTP Server 293 Digital Insight Magnet 294 D-link DI-804HV Router 295 Dorian Event Archiver 296 Dovecot Secure IMAP server 297 Edgecast Networks Media server 298 EDM Web Services Identity 299 eeye Digital Security SecureIIS 300 Enterasys Networks Dragon IDS 301 Eridani MailStripper (5/19)

6 302 esafe Mail Security Gateway 303 esoft Instagate Firewall/VPN 304 Ethereal Packet Analyzer 305 Eutron Planet-Share InterFax 306 Evidian PortalXPert 307 Evostream Media Server 308 Exim Internet Mailer 309 Exim Internet Mailer F5 FirePass 4100 SSL VPN 311 F5 FirePass SSL VPN (with syslog) 312 F5 Load Balancer 313 F5 Networks Application Security Manager 314 F5 SSL VPN 315 FastHost HTTP Access 316 FedEx Tracking 317 FileMaker FileMaker FileMaker FileMaker Access Log 319 FileMaker Web Server 320 FileZilla FTP Server 321 FileZilla FTP Server (m/d/yyyy) 322 FIS CEB Failed Logins 323 FIS Metavante 324 Fiserv Easy Lender Login Audit 325 Fiserv Easy Lender Login Audit (comma separated) 326 Flowerfire Sawmill Messages 327 Flowerfire Sawmill Tagging Server 328 Fortech, Ltd Proxy Plus 329 Fortinet Firewall (syslog required) 330 Fortinet Fortigate 300 Series 331 Fortinet Fortigate Firewall 332 Fortinet FortiGate Firewall (comma separated) 333 Fortinet Fortigate Firewall (space separated) 334 Fortinet Fortigate Traffic 335 Fortinet FortiMail 336 Fortinet FortiMail 337 Forum Systems XWall 338 Foundry Networks BigIron Switch 339 Foundry Networks ServerIron Switch 340 Franz Krainer SL4NT 341 Franz Krainer SL4NT (dd.mm.yyyy, commas without spaces) 342 Franz Krainer SL4NT (dd/mm/yyyy) 343 Franz Krainer slnt4 344 FreeBSD IPFW 345 FreeBSD Minirsyslogd 346 FreeBSD praudit 347 F-Secure HTTP Access 348 Fujitsu Si-R 349 Funkwerk Bintec VPN Access 350 Gene6 G6 FTP Server (dd/mm/yy, 24-hour) 351 Gene6 G6 FTP Server (dd/mm/yyyy) 352 Gene6 G6 FTP Server (dd/mm/yyyy, 24 hour) 353 Gene6 G6 FTP Server (mm/dd/yy) 354 Gene6 G6 FTP Server (mm/dd/yyyy) 355 Gene6 G6 FTP Server (yyyy/mm/dd) 356 Gene6 G6 FTP Sessions 357 Gene6 SARL FTP Server 358 Gene6 SARL FTP Server (W3C) 359 Generex UPS WEB/SNMP Manager 360 Generic Complete Syslog Messages (report full syslog message in one field) 361 Generic CSV (Comma-Separated Values) 362 Generic MM/DD-HH:MM:SS Timestamp Syslog Server (6/19)

7 363 Generic Network Syslog 364 Generic Seconds since Jan Timestamp Syslog 365 Generic SNMP Manager 366 Generic Socks Generic Timestamp (mm dd hh:mm:ss) 368 Generic User Activity Tracking 369 Generic W3C Web Server 370 Generic WAP Error 371 GFI MailEssentials 372 GFI MailEssentials Spam Filter 373 GFI MailSecurity Attachment & Content Filter 374 Global Technology Associates GNAT Box (sylog required) 375 Global Technology Associates GNAT Box Syslogger 376 Globalscape EFT 377 GNU Event Log to Syslog 378 GNU FreeRADIUS 379 GNU General Public License NTsyslog 380 GNU IP Traffic LAN Statistics 381 GNU ipchains 382 GNU IPTraf 383 GNU IPTraf TCP/UDP Services 384 GNU Mailer Daemon 385 GNU Mailman Post 386 GNU Mailman Subscribe 387 GNU Passlogd 388 GNU Passlogd Syslog (Full Messages) 389 GNU Privoxy 390 GNU ProFTP 391 GNU PureFTP 392 GNU PureFTP (Syslog) 393 GNU Samba 394 GNU Shorewall 395 GNU SmoothWall 396 GNU Squid Common 397 GNU Squid Common - Syslog Required 398 GNU Squid Event 399 GNU Squid With Full Headers 400 GNU Squid with ncsa_auth Package 401 GNU XMail SMTP Server 402 GNU XMail Spam 403 GNU/Linux Netstat 404 Google HTTP Access 405 Gordano Messaging Suite POP 406 Gordano Messaging System Post 407 Gordano Messaging System SMTP 408 Greatstone activepdf 409 GTA Gnatbox GB-Ware 410 GTB Inspector 411 Hand-Crafted Software FreeProxy 412 HCTech Guardix 413 Help/Systems InterMapper Chart 414 Hewlett Packard Audit Log 415 hmailserver - SMTP Mail Server 416 Hosting.com Access 417 HP Netstat 418 HP TippingPoint 419 HP TippingPoint IPS HP TippingPoint SMS 421 Hyperion Essbase 422 IBM AIX 423 IBM AIX CPU Utilization (7/19)

8 424 IBM Cognos PowerPlay Enterprise Server 425 IBM Cognos Ticket Server 426 IBM Domino Access 427 IBM Domino Agent 428 IBM Domino Error 429 IBM Domino Referrer 430 IBM HTTP Server 431 IBM HTTP Server Common 432 IBM Internet Security Systems Network Sensors 433 IBM RACF Security 434 IBM Tivoli Access Manager 435 IBM Tivoli Access Manager WebSEAL 436 IBM Tivoli NetView 437 IBM Tivoli Storage Manager TDP for SQL Server 438 IBM WebSEAL Audit 439 IBM WebSEAL Authorization (XML) 440 IBM WebSEAL CDAS 441 IBM WebSEAL Error 442 IBM WebSEAL Request 443 IBM WebSEAL Security Manager 444 IBM WebSEAL Wand Audit 445 IBM WebSEAL Warning 446 IBM WebSphere Message Broker 447 ICAP Internet Content Adaptation Protocol 448 Icecast Playlist 449 Imperva WAF 450 InfiNet Firewall 451 Infoblox DNSone DHCP 452 Ingate Firewall 453 INN News 454 INN News (Alternate) 455 Instagate Sys* 456 Intel NetStructure VPN Gateway 457 Internet Security Systems Firewall 458 Internet Systems Consortium BIND (Berkeley Internet Name Domain) 459 InterSafe HTTP Content Filter 460 InterScan VirusWall 461 Intersect Alliance Snare 462 InterSect Alliance SNARE Epilog Collected Oracle Listener 463 InterSect Alliance Snare for AIX 464 IPCop IDS Snort (multiline) 465 IPCop Syslog Server 466 iplanet Netscape Directory Server 467 ipolicy Networks ipenforcer 468 Ipswitch IMail 469 Ipswitch IMail Server 470 Ipswitch Imail Server Alternate 471 Ipswitch Imail Syslog Header 472 Ipswitch MOVEit DMZ 473 Ipswitch MOVEit DMZ SSH 474 Ipswitch Whatsup Syslog 475 Ipswitch WS_FTP 476 Ipswitch WS_FTP (XML) 477 IronMail IronMail (showevents export) 478 IronPort Bounce 479 IronPort C Series Secure 480 IronPort Web Security Appliance (WSA S-Series) (CSV Export) 481 ISC Bind Query DNS Server 482 ISC Bind Query DNS Server (with timestamp) 483 ISC Bind Response Checks 484 ISC Bind Security (8/19)

9 485 ISC Bind9 Query DNS Server 486 ISC Bind9 Query DNS Server (with timestamp) 487 ISC Bind9 Update (with timestamp) 488 ISC DHCP 489 ISC DHCP Leases 490 IWI CWAT 491 Jarle Aase War FTP Daemon 492 Jarle Aase War FTP Daemon (Alternate) 493 Jataayu Carrier WAP Server 494 JBoss (Red Hat) Application Server 495 JH Software Simple DNS 496 Jive Software OpenFire IM 497 JP-Secure SiteGuard 498 JTC esafe Sessions (with URL category) 499 Juniper IDP 500 Juniper Media Flow Controller (Access Logs) (NCSA) 501 Juniper Media Flow Controller (Access Logs) (W3C) 502 Juniper Media Flow Controller Access (2_0_9_Apple_MFC variant, ) 503 Juniper Media Flow Controller Access (Apple variant, ) 504 Juniper NetScreen SSG 505 Juniper Networks Neoteris 506 Juniper Networks NetScreen IDP 507 Juniper Networks Netscreen SSL Gateway 508 Juniper Networks NetScreen Traffic 509 Juniper Networks NetScreen Traffic (get log traffic) 510 Juniper Networks Netscreen Web Client Export 511 Juniper Networks NetScreen Juniper Networks Netscreen Juniper Networks Secure Access Juniper Networks Secure Access Juniper Networks Steel Belted Radius ACT 516 Juniper SA Juniper SRX Juniper SRX Juniper SSL VPN 520 Kaspersky Labs AVP Client (Spanish) 521 Kaspersky Labs AVP Server (Spanish) 522 Kaspersky Labs Mail Server 523 Kaspersky Labs Mail Server for Linux 524 KEIKO PLAN-N Access Control Software 525 Kerio Connect 526 Kerio Control (Security) 527 Kerio Control Firewall 528 Kerio Mail Server 529 Kerio Network Monitor 530 Kerio Network Monitor HTTP 531 Kerio WebSTAR 532 Kerio WebSTAR Common Access 533 Kerio WebSTAR FTP 534 Kerio WebSTAR Proxy 535 Kerio WebSTAR W3C Web Server 536 Kerio WinRoute Connection 537 Kerio Winroute Firewall 538 Kerio WinRoute Mail 539 Kerio WinRoute Web 540 Kernun DNS Proxy 541 Kernun HTTP Proxy 542 Kernun Proxy 543 Kernun SMTP Proxy 544 Kingdon, Inc. Kingdon Firewall 545 Kiwi (mm-dd-yy dates, with type and protocol) (9/19)

10 546 Kiwi (mmm/dd dates, hh:hh:ss.mmm UTC times) 547 Kiwi CatTools CatOS Port Usage 548 Kiwi Syslog (dd-mm-yyyy dates) 549 Kiwi Syslog (ISO/Sawmill) 550 Kiwi Syslog (Logged to Access MDB, then exported tab-separated)* 551 Kiwi Syslog (Space-separated YYYY/MM/DD) 552 Kiwi Syslog (UTC) 553 Kiwi Syslog (yyyy/m/d hh:mm, tab separated) 554 Kiwi Syslog (YYYYMMDD Comma) 555 Kiwi Syslog Daemon (mm-dd-yyyy dates) 556 KS-Soft Host Monitor 557 Lancom Systems Router 558 Lava Soft Lava2 Firewall 559 Limelight Networks Flash Media Server 560 Limelight SHOUTcast Service 561 Livingston Radius Accounting 562 Livingston Radius Accounting II 563 Livingston Radius ACT 564 Logika FusionBot 565 LogSat Spam Filter 566 Lotus Notes 567 Lotus Notes Domino Access 568 Lotus Notes Domino Agent 569 Lotus Notes Domino Error 570 Lotus Notes Domino Referrer 571 LRS VPSX Accounting 572 L-Soft LISTSERV 573 L-Soft LSMTP 574 L-Soft LSMTP Access 575 LUNA Insight Media Manager Service 576 Lyris MailShield 577 M86 Security 8e6 Web filter 578 M86 Security X-Stop 579 Macromedia Flash Media Server 580 Macromedia Flex/JRun 581 MailEnable W3C Mail Server 582 MailScanner 583 MailScanner Syslog Required 584 MailScanner Virus 585 Marshal8e6 8e6 Web Filter 586 Maxum Development Rumpus FTP 587 Maxum Development Rumpus HTTP 588 McAfee E1000 Mail Scanner 589 McAfee Gateway 590 McAfee Security Appliance 591 McAfee Gauntlet Firewall 592 McAfee Gauntlet Firewall (yyyymmdd) 593 McAfee IntruShield Alert 594 McAfee Ironmail AV (Sophos) 595 McAfee Ironmail CSV 596 McAfee Ironmail SMTP Proxy 597 McAfee Ironmail SMTPO 598 McAfee Ironmail Sophosq 599 McAfee Ironmail Spam 600 McAfee Secure Messaging Gateway (SMG) VPN Firewall 601 McAfee Web Gateway 602 McAfee Webshield 603 McAfee Webshield XML 604 McAfee WebWasher 605 Merak POP/IMAP Server 606 Merak SMTP Server (10/19)

11 607 Metavante 608 Metavante CEB Failed Logins 609 Microsoft DNS Server 610 Microsoft dumpel.exe 611 Microsoft Elogdmp (CSV) 612 Microsoft Event Log Query 613 Microsoft Exchange 2007 (via syslog) 614 Microsoft Exchange Internet Mail 615 Microsoft Exchange Server 616 Microsoft Exchange Server (W3C) 617 Microsoft Exchange Server 2000 (CSV) 618 Microsoft Exchange Server 2000/ Microsoft Exchange Server 2000/ Microsoft Exchange Server 2007/ Microsoft Forefront Threat Management Gateway 622 Microsoft Forefront Threat Management Gateway (Tab-separated) 623 Microsoft IAS (XML) 624 Microsoft IAS Alternate 625 Microsoft IAS Comma-Separated 626 Microsoft IAS/NPS 627 Microsoft ICF (Internet Connection Firewall) 628 Microsoft IIS 629 Microsoft IIS (dd/mm/yy) 630 Microsoft IIS (dd/mm/yyyy) 631 Microsoft IIS (mm/dd/yyyy dates) 632 Microsoft IIS (ODBC log source) 633 Microsoft IIS (with syslog) 634 Microsoft IIS (yy/mm/dd) 635 Microsoft IIS Advanced Logging Module 636 Microsoft IIS Extended 637 Microsoft IIS Extended (W3C) 638 Microsoft IIS FTP Server 639 Microsoft IIS SMTP (Comma Separated) 640 Microsoft IIS SMTP Common 641 Microsoft IIS SMTP W3C 642 Microsoft ISA 2004 CSV 643 Microsoft ISA Server 644 Microsoft ISA Server Packet 645 Microsoft ISA WebProxy (CSV) 646 Microsoft ISA WebProxy (ODBC log source) 647 Microsoft Media Server 648 Microsoft MPS 649 Microsoft Netstat 650 Microsoft Performance Monitor 651 Microsoft Port Reporter 652 Microsoft Provisioning System 653 Microsoft Proxy 654 Microsoft Proxy (Bytes Received Field Before Bytes Sent) 655 Microsoft Proxy (d/m/yy) 656 Microsoft Proxy (d/m/yyyy) 657 Microsoft Proxy (m/d/yyyy) 658 Microsoft Proxy Packet Filtering 659 Microsoft PSLogList 660 Microsoft Server NPS SQL (ODBC Log Source) 661 Microsoft SharePoint Server 662 Microsoft SQL Profiler 2005 Export with DB/Host 663 Microsoft SQL Profiler Export 664 Microsoft TFS MailReport Extended 665 Microsoft URLScan 666 Microsoft URL-Scan (W3C) 667 Microsoft Window Azure (11/19)

12 668 Microsoft Windows (Server 2008/Vista) Event Log (CSV Export, m/d/yyyy dates) 669 Microsoft Windows 2000/XP Event (export list-csv) ddmmyyyy 670 Microsoft Windows 2000/XP Event (save as-csv) dd/mm/yyyy 671 Microsoft Windows 2000/XP/2003 Eventlog via Syslog 672 Microsoft Windows 7/2008 Eventlog via Syslog 673 Microsoft Windows DHCP Server 674 Microsoft Windows DHCP Server 675 Microsoft Windows Event (24 hour times, d/m/yyyy dates) 676 Microsoft Windows Event (ALTools export) 677 Microsoft Windows Event (Comma Delimited, m/d/yyyy days, h:mm:ss AM/PM times) 678 Microsoft Windows Event (comma or tab delimited, no am/pm, 24h & ddmmyyyy) 679 Microsoft Windows Event (dumpevt.exe export) 680 Microsoft Windows Event Log 681 Microsoft Windows Event Log (CSV export dd/mm/yyyy) 682 Microsoft Windows Event Log (CSV) 683 Microsoft Windows Event Log (dumpeventlogs.vbs export) 684 Microsoft Windows Event Log (Tab Delimited) 685 Microsoft Windows Event Log (XML) 686 Microsoft Windows Event Logs (Powershell ETVX to CSV) 687 Microsoft Windows Firewall 688 Microsoft Windows NT Scheduler 689 Microsoft Windows NT Syslog 690 Microsoft Windows NT4 Event (save as CSV) 691 Microsoft Windows Performance Monitor 692 Microsoft Windows Syslog 693 Microsoft Windows XP Event Log (LogParser CSV Export) 694 Microtech ImageMaker 695 Microtech ImageMaker 696 MikroTik Router 697 MikroTik The Dude 698 MikroTik Web Proxy 699 Mirapoint Message Server 700 Mirapoint SMTP 701 Mitsubishi msieser HTTP 702 Mitsubishi msieser SMTP 703 Miva Merchant Access 704 Miva Merchant Combined Access 705 Motorola Netopia N2H2 707 N2H2 Novell Border Manager 708 N2H2 Sentian 709 N2H2 SmartFilter (Bess Edition) 710 Nagios 711 NcFTP (Alternate) 712 NcFTP Xfer Server 713 NCR Netkey 714 NCSA Combined Proxy 715 NCSA Common Access 716 NCSA Common Access with full URLs 717 NCSA Common Agent 718 NCSA Common Error 719 NCSA Common Proxy 720 NCSA Common Referrer 721 NEMX PowerTools for Exchange 722 Netal SL4NT (yyyy mmm dd) 723 NetApp Filers Audit 724 NetApp NetCache 725 NetApp NetCache NetContinuum Application Security Gateway 727 Netegrity SiteMinder Access 728 Netegrity SiteMinder Event (12/19)

13 729 Netfilter IPtables 730 Netfilter IPtables Configuration 731 NetForensics Syslog 732 Netgear DG834G 733 Netgear Firewall 734 Netgear FR328S 735 Netgear FVL328 (logging to syslog) 736 NetGear FVL328 (logging to syslog)* 737 Netgear FVS Netgear FVS318 With Syslog 739 NETGEAR ProSecure 740 Netgear RAIDiator Error 741 Netgear Security 742 Netgear Security (logging to syslog) 743 Netkey 744 NetSafe esafe Sessions v5/v6 745 Netscape iplanet 746 Netscape Messenger Netscape Netscape Directory Server 748 Netscape Netscape Extended 749 Netscreen Neoteris SSL Web Client Export 750 NetScreen Traffic 751 Net-Wall 752 Neustar Webmetrics 753 Nginx Nginx (using log_format) 754 Nmap Security Scanner 755 nnsoft nnbackup 756 No Syslog Header (use today's date, or use date/time from message) 757 Nokia IP350/Checkpoint NG 758 Norstar PRELUDE and CINPHONY ADC 759 Nortel Annex Terminal Server 760 Nortel Contivity (VPN Router/Firewall) 761 Nortel Meridian 1 Automatic Call Distribution (ACD) 762 Nortel Networks Instant Internet 763 Nortel SSL VPN 764 Novell Border Manager (W3C) 765 Novell Border Manager Novell GroupWise Internet Agent Accounting (2-digit years) 767 Novell GroupWise Internet Agent Accounting (4-digit years) 768 Novell GroupWise Post Office Agent 769 Novell GroupWise Web Access (dd/mm/yy) 770 Novell Groupwise Web Access (mm/dd/yy) 771 Novell GW Guardian Anti-Spam 772 Novell GW Guardian Antivirus 773 Novell ichain (W3C Extended) 774 Novell ichain (W3C) 775 Novell NetMail 776 NovellNetMail NPR Digital Services IceCast Reporting 778 Nullsoft SHOUTcast Media Server / DNAS (Distributed Network Audio Server) 779 Nullsoft SHOUTcast Media Server / DNAS (Distributed Network Audio Server) (W3C) 780 NuSpectra SiteCAM 781 O2 Micro Succendo SSL VPN 782 OCLC EZproxy 783 OCLC EZproxy Custom (Use with your LogFormat string) 784 Office Efficiencies SafeSquid 785 Office Efficiencies SafeSquid (Extended Logging) 786 Office Efficiencies SafeSquid (Orange) 787 Office Efficiencies SafeSquid Standalone 788 Open Door Networks ShareWay IP 789 Open Source UNIX FTP (13/19)

14 790 Open Source Unix Syslog 791 Open Source Unix Syslog With Year 792 Open Text FirstClass server 793 Open WebMail 794 OpenBSD Packet Filter Firewall (tcpdump -neqttr) 795 OpenBSD spamd (SpamAssassin Daemon) 796 Openfind Mail OpenSight Software FlashFXP 798 OpenVPN technologies OpenVPN 799 OpenVPN technologies OpenVPN Header 800 Openwave Systems Intermail 801 Optima Transaction Log 802 Oracle Application Server (Java Exceptions) 803 Oracle BEA WebLogic Oracle Database Audit 805 Oracle Essbase 806 Oracle Express Authentication 807 Oracle Failed Login Attempts 808 Oracle iplanet Error 809 Oracle iplanet Messaging Server 810 Oracle Java Administration MBEAN 811 Oracle Java Bean Application Serve 812 Oracle Listener 813 Oracle Policy Directory Audit 814 Oracle Policy Directory Security Audit Trail 815 Oracle Sun ONE Directory Server 816 Oracle Sun ONE Directory Server Audit 817 Oracle Sun ONE Directory Server Error 818 Oracle WebLogic 819 Oracle WebLogic (diagnostic) 820 Oracle WebLogic (W3C) 821 O'Reilly Web Access 822 Ositis Winproxy 823 Ositis Winproxy (2-digit years) 824 Ositis Winproxy Common 825 OSSEC Alert Log 826 Packet Dynamics W3C Log Export 827 Palo Alto Networks Firewall (Integrated Threat & Traffic) 828 Palo Alto Networks Firewall (Threat) 829 Palo Alto Networks Firewall (Traffic) 830 Paloalto Firewall(CEF) 831 Parallels Plesk Server Administrator 832 PeopleSoft AppServer 833 Persits Software Asp 834 PHP Error 835 Piolink Network Loadbalance 836 Postfix mail server 837 PostWorks IMAP Server 838 PostWorks POP3 Server 839 PostWorks SMTP Server 840 PROVISIO GmbH SiteKiosk 841 Provisio SiteKiosk 842 Provos honeyd 843 Prrdeikes Welcome 844 Psionic Technologies PortSentry 845 QBIK WinGate 846 Qbik WinGate Proxy (no Traffic lines, dd/mm/yy dates) 847 Qbik WinGate Proxy (no Traffic lines, mm/dd/yy dates) 848 Qbik WinGate Proxy (with Traffic lines) 849 Qmail Scanner 850 Qmail Scanner (Syslog Required) (14/19)

15 851 Qmail Scanner (TAI64N dates) 852 Qualcomm EIMS Error 853 Qualcomm EIMS SMTP (12 hour) 854 Qualcomm Internet Mail Server Radvision Click to Meet 856 Radware DefensePro 857 Radware Linkproof OnDemand Switch 858 Radware Load Balancing (Using Syslog Server) 859 Raiden FTP Server 860 Raiden MAILD 861 Real Networks Helix Server 862 Real Networks Helix Server Style Real Networks Helix Session Manager 864 RealNetworks RealProxy 865 RealNetworks RealServer 866 RealNetworks RealServer Alternate 867 RealNetworks RealServer Error 868 Redcreek System Message Viewer 869 RedHat Linux Auth 870 RedHat Linux crond 871 RedHat Netstat 872 RedHat RedHat Linux Daemon Syslog Messages 873 RedHat syslogd 874 RedHat syslogd (dd/mm/yyyy:hh:mm:ss prefix) 875 Retrospect 876 Rhino Software Serv-U FTP Server 877 RSA SecurID Audit Admin 878 RSA SecurID Audit Runtime 879 Ruby 880 SafeNet esafe Gateway 881 SafeNet esafe Sessions 882 SafeNet esafe Sessions (with URL category) 883 SafeNet esafe Sessions (with URL category) 884 Sambar Server 885 SAS Firewall 886 Sawmill Analytics WU-FTP 887 Sawmill Task Log 888 Sawmill Unified Media 889 SchedMD SLURM 890 SDSU htdig 891 Secure Computing Corporation Secure Firewall (Sidewinder) 892 Secure Computing Ironmail AV (Sophos) 893 Secure Computing Ironmail CSV 894 Secure Computing Ironmail SMTP Proxy 895 Secure Computing Ironmail SMTPO 896 Secure Computing Ironmail Sophosq 897 Secure Computing Ironmail Spam 898 Secure Computing Sidewinder 899 Secure Computing Sidewinder Syslog 900 Secure Computing SmartFilter (Bess Edition) 901 Secure Computing WebWasher 902 Sendmail (Syslog Required) 903 Sendmail For NT 904 Sendmail No Syslog 905 Sentman WhistleBlower 906 Sentman WhistleBlower Performance Metrics 907 Separ URL Filter 908 Shalla Secure Services squidguard 909 Sharetech / Abocom Firewall 910 SmarterTools SmarterMail 911 Smartmax MailMax SE Mail (15/19)

16 912 SmartMax MailMax SE SMTP 913 SmartMax POP 914 SmartMax SMTP 915 Smoothwall Network Guardian and Advanced Firewall 916 SmoothWall SmoothGuardian SnmpSoft Syslog Watcher 918 SocketLabs Hurricane MTA 919 SoftArc FirstClass server 920 Software SolarWinds (mmm/dd dates, hh:hh:ss.mmm UTC times) 922 SolarWinds IPMon (Using Syslog Server) 923 Solarwinds Kiwi (mm-dd-yy dates, with type and protocol) 924 SolarWinds Kiwi CatTools CatOS Port Usage 925 Solarwinds Kiwi Syslog (dd-mm-yyyy dates) 926 Solarwinds Kiwi Syslog (ISO/Sawmill) 927 SolarWinds Syslog (Space-separated YYYY/MM/DD) 928 SolarWinds Syslog (UTC) 929 SolarWinds Syslog (yyyy/m/d hh:mm, tab separated) 930 SolarWinds Syslog (YYYYMMDD Comma) 931 SolarWinds Syslog Daemon (mm-dd-yyyy dates) 932 SolarWinds Syslog Server 933 SonicWALL Aventail Client/server Access 934 SonicWall Aventail SSL VPN 935 SonicWALL Aventail XML Report 936 SonicWall NSA (Network Security Appliance) 937 SonicWall SonicWall or 3COM Firewall 938 SonicWall TZ 170 Firewall 939 SonicWall Version SonicWall Web Access SSL VPN [AAR plug-in 1.6] 941 Sophos Antispam Message 942 Sophos Antispam PMX 943 Sophos Mail Monitor for SMTP 944 Sophos UTM Web Application Firewall 945 Sophos Web Appliance 946 Sourcefire ClamAV 947 Sourcefire Defense Center 948 Sourcefire IDS 949 Sourcefire Snort (standalone, mm/dd dates) 950 Sourcefire Snort (standalone, mm/dd/yy dates) 951 Sourcefire Snort (syslog required) 952 Sourcefire Snort 2 (syslog required) 953 Sourcefire SNORT Portscan 954 Squarespace 955 SquareSpace Tomcat Tomsquare 956 Squid Proxy server 957 Squid Web cache daemon 958 SquidGuard Plugin for Squid 959 St. Bernard Software iprism (with syslog) 960 St. Bernard Software iprism Monitor 961 St. Bernard Software iprism-rt 962 Stairways NetPresenz 963 Stairways NetPresenz (24-hour times, d/m/y dates) 964 Stairways NetPresenz (d/m/y dates) 965 Steven Young and Robert James Kaes tinyproxy 966 Stonesoft StoneGate Firewall 967 Sun Microsystems Java Bean Application Serve 968 Sun Microsystems log4j (with your format string) 969 Sun Microsystems SIMS (Sun Internet Mail Server) 970 Sun Microsystems Sun ONE Directory Server 971 Sun Microsystems Sun ONE Directory Server Audit 972 Sun Microsystems Sun ONE Directory Server Error (16/19)

17 973 Sun Solaris Auth 974 Sun Solaris Daemon Syslog Messages 975 Sun-Netscape iplanet Messenger Server SuperLumin Networks Nemesis 977 Sybase Error Log 978 Symantec Antivirus 979 Symantec AntiVirus Corporate Edition 980 Symantec AntiVirus Corporate Edition (VHIST Exporter) 981 Symantec Backup Exec 982 Symantec Brightmail Gateway 983 Symantec Brightmail Gateway (via syslog) 984 Symantec Enterprise Firewall 985 Symantec Enterprise Firewall Symantec Gateway Security 987 Symantec Gateway Security (via syslog) 988 Symantec Gateway Security 2 (CSV) 989 Symantec Gateway Security 400 Series 990 Symantec Mail Security 991 Symantec Mail Security Syslog 992 Symantec Norton Personal Firewall 2003 Connection 993 Symantec Raptor (Exception Reporting) 994 Symantec Raptor Firewall 995 Symantec System Console 996 Symantec Web Security 997 Symantec Web Security CSV 998 SyrReset Mirc 999 Sysgenic Group Proxy-Pro GateKeeper 1000 Syslog Syslog (yyyymmdd hhmmss) 1001 Tellique 1002 Tenable Nessus 1003 Tenon Intersystems Post Office Mail Server 1004 TerraPlay Accounting 1005 The Fedora Project Fedora Linux Daemon Syslog Messages 1006 The Fedora Project Linux 1007 The Fedora Project Linux crond 1008 Tinline Know-how 1009 Tiny Software Personal Firewall 1010 TippingPoint 1011 TippingPoint Technologies TippingPoint IPS TippingPoint Technologies TippingPoint SMS 1013 Trend Micro Control Manager 1014 Trend Micro emanager Spam Filter 1015 Trend Micro InterScan Viruswall 1016 Trend Micro Interscan VirusWall 1017 Trend Micro InterScan Web Security Suite Access 1018 Trend Micro Interscan WebManager 1019 Trend Micro ScanMail For Exchange 1020 Trend Micro ServerProtect CSV Admin 1021 Trend Micro Trend Micro InterScan Messaging Security Suite (IMSS) emanager 1022 TrendMicro Interscan TrendMicro Interscan VirusWall 1024 TrendMicro Interscan Messaging Security Suite 1025 TrendMicro Interscan Messaging Security Suite (emanager) 1026 TrendMicro Interscan Messaging Security Suite (Integrated) 1027 TrendMicro Interscan Messaging Security Suite (virus) 1028 TrendMicro Interscan Proxy (dd/mm/yyyy) 1029 TrendMicro Interscan Proxy (mm/dd/yyyy) 1030 TrendMicro Interscan Web Security Suite 1031 TrendMicro ScanMail for Exchange 1032 Ulrich Callmeier Network log daemon 1033 Unicomp Guinevere (17/19)

18 1034 Unicomp Guinevere Virus 1035 University of Wisconsin UW-IMAP 1036 Unix du Disk Tracking 1037 UNIX sudo 1038 Unknown Publisher IST 1039 Unknown Publisher Rapid Firewall 1040 Unreal Streaming Technologies Unreal Media Server 1041 Useful Utilities EZproxy 1042 UTM Firewall 1043 UUDynamics SSL VPN 1044 Vamsoft Open Relay Filter Enterprise Edition 1045 Vasco ikey Server 1046 VBrick EtherneTV Portal Server 1047 Veritas Backup Exec 1048 Vicomsoft Gateway 1049 Vicomsoft Internet Gateway 1050 Vircom Mail Server 1051 Visonys Airlock 1052 vsftpd 1053 WallWatcher Firewall 1054 Washington University WU-FTP 1055 Washington University WU-FTP (yyyy-mm-dd Dates, Server Domain) 1056 WatchGuard Borderware Security Device 1057 WatchGuard Firebox 1058 Watchguard Firebox 1059 Watchguard Firebox (Cluster Traffic) 1060 Watchguard Firebox Export 1061 Watchguard Firebox Export (m/d/y) 1062 Watchguard Firebox Export Header 1063 Watchguard Firebox Export Header (dd/mm/yy dates) 1064 Watchguard Firebox Export Header (mm/dd/yy dates) 1065 Watchguard Firebox v Watchguard Firebox V60 Syslog required 1067 Watchguard Firebox X Core e-series 1068 Watchguard Firebox XML 1069 Watchguard Firebox XTM 1070 Watchguard Historical Reports Export 1071 Watchguard SOHO 1072 Watchguard WELF 1073 Watchguard WSEP Text Exports (Firebox II & III & X) 1074 Websense 1075 Websense 1076 Websense Vidius Combined 1077 Websense Websense Server 1078 WebSTAR Proxy 1079 Webtrends Extended 1080 Webtrends firewall 1081 Webtrends Syslog for Firewalls and VPNs 1082 Webtrends WELF date/time extraction (no syslog header) 1083 WebTrends WELF Stand-alone (no syslog) 1084 Who's Clicking Who 1085 Wipro Websecure Audit 1086 Wipro Websecure Auth 1087 Wipro Websecure Auth (Alternate Dates) 1088 Wipro Websecure Debug 1089 Wireshark Packet Analyzer 1090 Woodstone Servers Alive 1091 Woodstone Servers Alive (Statistics) 1092 Wowza Media Systems Wowza Media Server 1093 Wowza Media Systems Wowza Streaming Engine 1094 Xiph Foundation Icecast (18/19)

19 1095 Xiph Foundation Icecast (Alternate) 1096 Xtera AscenLink 1097 Xylogics Annex Terminal Server 1098 Yamaha RTX 1099 Youngzsoft CCProxy 1100 Zeus Technologies Zeus Web Server Extended 1101 Zeus Technology Zeus Web Server (Alternate Dates) 1102 Zimbra Collaboration Mail Server 1103 ZyXEL Communications 1104 Zyxel Communications Zywall Firewall WELF 1105 Zyxel Communications Zyxel Firewall (Syslog Required) (19/19)