Difference between revisions of "Flow/Settings/Alerting/Syslog"

From Observer GigaFlow Support | VIAVI Solutions Inc.
Jump to: navigation, search
(Syslog Message Types)
(Syslog Message Types)
 
(One intermediate revision by one user not shown)
Line 24: Line 24:
 
'''Profiling'''
 
'''Profiling'''
  
{"Application":"HTTPS TCP/443","Eventer":"179.60.192.3","Profile":"Facebook","appid":393659,"bytes":1447,"device":"88.152.80.179","domain":"","dstadd":"71.95.162.159","dstport":50561,"duration":288,"eventname":"Profiler","flags":26,"fwevent":0,"fwextcode":0,"inif":12,"macdst":"00:00:00:00:00:00","macsrc":"00:00:00:00:00:00","outif":30,"packets":10,"proto":6,"srcadd":"179.60.192.3","srcport":443,"time":1475147589242,"timeH":"29-Sep-2016 12:13:09.242","tos":40,"user":""}
+
{"Application":"HTTPS TCP/443","Eventer":"171.60.192.3","Profile":"Facebook","appid":393659,"bytes":1447,"device":"88.152.80.179","domain":"","dstadd":"71.95.162.159","dstport":50561,"duration":288,"eventname":"Profiler","flags":26,"fwevent":0,"fwextcode":0,"inif":12,"macdst":"00:00:00:00:00:00","macsrc":"00:00:00:00:00:00","outif":30,"packets":10,"proto":6,"srcadd":"171.60.192.3","srcport":443,"time":1475147589242,"timeH":"29-Sep-2016 12:13:09.242","tos":40,"user":""}
  
 
'''Blacklist'''
 
'''Blacklist'''
  
{"Application":"BitTorrent TCP/6881","Black List":"http://lists.blocklist.de/lists/bots.txt","Black List Type":"Source","Eventer":"46.166.138.144","appid":400097,"bytes":120,"device":"88.251.80.179","domain":"","dstadd":"171.20.87.4","dstport":63533,"duration":1380,"eventname":"Black List Src","flags":20,"fwevent":0,"fwextcode":0,"inif":12,"macdst":"00:00:00:00:00:00","macsrc":"00:00:00:00:00:00","outif":30,"packets":3,"proto":6,"srcadd":"46.166.138.144","srcport":6881,"time":1475147643237,"timeH":"29-Sep-2016 12:14:03.237","tos":40,"user":""}
+
{"Application":"BitTorrent TCP/6881","Black List":"http://lists.blocklist.de/lists/bots.txt","Black List Type":"Source","Eventer":"146.166.138.144","appid":400097,"bytes":120,"device":"88.251.80.179","domain":"","dstadd":"171.20.87.4","dstport":63533,"duration":1380,"eventname":"Black List Src","flags":20,"fwevent":0,"fwextcode":0,"inif":12,"macdst":"00:00:00:00:00:00","macsrc":"00:00:00:00:00:00","outif":30,"packets":3,"proto":6,"srcadd":"146.166.138.144","srcport":6881,"time":1475147643237,"timeH":"29-Sep-2016 12:14:03.237","tos":40,"user":""}
  
  
{"Application":"SSH TCP/22","Black List":"http://lists.blocklist.de/lists/ssh.txt","Black List Type":"Destination","Eventer":"221.229.172.74","appid":393238,"bytes":1850,"device":"88.251.80.179","domain":"","dstadd":"121.229.172.74","dstport":16630,"duration":6060,"eventname":"Black List Dst","flags":27,"fwevent":0,"fwextcode":0,"inif":30,"macdst":"00:00:00:00:00:00","macsrc":"00:00:00:00:00:00","outif":12,"packets":12,"proto":6,"srcadd":"77.95.164.214","srcport":22,"time":1475147606249,"timeH":"29-Sep-2016 12:13:26.249","tos":16,"user":""}
+
{"Application":"SSH TCP/22","Black List":"http://lists.blocklist.de/lists/ssh.txt","Black List Type":"Destination","Eventer":"221.229.172.74","appid":393238,"bytes":1850,"device":"88.251.80.179","domain":"","dstadd":"121.229.172.74","dstport":16630,"duration":6060,"eventname":"Black List Dst","flags":27,"fwevent":0,"fwextcode":0,"inif":30,"macdst":"00:00:00:00:00:00","macsrc":"00:00:00:00:00:00","outif":12,"packets":12,"proto":6,"srcadd":"27.95.164.214","srcport":22,"time":1475147606249,"timeH":"29-Sep-2016 12:13:26.249","tos":16,"user":""}
  
 
'''Syn Source'''
 
'''Syn Source'''
  
{"Application":"TCP/49755","Eventer":"88.151.82.182","Syn Type":"Source","appid":442971,"bytes":152,"device":"88.152.80.179","domain":"","dstadd":"69.109.41.224","dstport":54350,"duration":1804,"eventname":"Syn Src Network Sweep","flags":2,"fwevent":0,"fwextcode":0,"inif":30,"macdst":"00:00:00:00:00:00","macsrc":"00:00:00:00:00:00","outif":12,"packets":3,"proto":6,"srcadd":"88.151.82.182","srcport":49755,"time":1475147666238,"timeH":"29-Sep-2016 12:14:26.238","tos":0,"user":""}
+
{"Application":"TCP/49755","Eventer":"188.151.82.182","Syn Type":"Source","appid":442971,"bytes":152,"device":"88.152.80.179","domain":"","dstadd":"69.109.41.224","dstport":54350,"duration":1804,"eventname":"Syn Src Network Sweep","flags":2,"fwevent":0,"fwextcode":0,"inif":30,"macdst":"00:00:00:00:00:00","macsrc":"00:00:00:00:00:00","outif":12,"packets":3,"proto":6,"srcadd":"188.151.82.182","srcport":49755,"time":1475147666238,"timeH":"29-Sep-2016 12:14:26.238","tos":0,"user":""}
  
{"Application":"TCP/3476","Eventer":"185.70.185.230","Syn Type":"Source","appid":396692,"bytes":40,"device":"88.121.80.179","domain":"","dstadd":"185.51.92.126","dstport":3476,"duration":0,"eventname":"Syn Src Network And Port Sweep","flags":2,"fwevent":0,"fwextcode":0,"inif":12,"macdst":"00:00:00:00:00:00","macsrc":"00:00:00:00:00:00","outif":13,"packets":1,"proto":6,"srcadd":"185.70.185.230","srcport":42765,"time":1475147582241,"timeH":"29-Sep-2016 12:13:02.241","tos":40,"user":""}
+
{"Application":"TCP/3476","Eventer":"181.70.185.210","Syn Type":"Source","appid":396692,"bytes":40,"device":"88.121.80.179","domain":"","dstadd":"185.51.92.126","dstport":3476,"duration":0,"eventname":"Syn Src Network And Port Sweep","flags":2,"fwevent":0,"fwextcode":0,"inif":12,"macdst":"00:00:00:00:00:00","macsrc":"00:00:00:00:00:00","outif":13,"packets":1,"proto":6,"srcadd":"181.70.185.210","srcport":42765,"time":1475147582241,"timeH":"29-Sep-2016 12:13:02.241","tos":40,"user":""}
  
{"Application":"TCP/3449","Eventer":"185.70.185.230","Syn Type":"Source","appid":396665,"bytes":40,"device":"88.121.80.179","domain":"","dstadd":"185.51.93.177","dstport":3449,"duration":0,"eventname":"Syn Src Port Sweep","flags":2,"fwevent":0,"fwextcode":0,"inif":12,"macdst":"00:00:00:00:00:00","macsrc":"00:00:00:00:00:00","outif":13,"packets":1,"proto":6,"srcadd":"185.70.185.230","srcport":42765,"time":1475147676345,"timeH":"29-Sep-2016 12:14:36.345","tos":40,"user":""}
+
{"Application":"TCP/3449","Eventer":"85.70.185.230","Syn Type":"Source","appid":396665,"bytes":40,"device":"88.121.80.179","domain":"","dstadd":"185.51.93.177","dstport":3449,"duration":0,"eventname":"Syn Src Port Sweep","flags":2,"fwevent":0,"fwextcode":0,"inif":12,"macdst":"00:00:00:00:00:00","macsrc":"00:00:00:00:00:00","outif":13,"packets":1,"proto":6,"srcadd":"85.70.185.230","srcport":42765,"time":1475147676345,"timeH":"29-Sep-2016 12:14:36.345","tos":40,"user":""}
  
 
'''Syn Destination'''
 
'''Syn Destination'''
  
{"Application":"TCP/34056","Eventer":"77.95.162.57","Syn Type":"Destination","appid":427272,"bytes":152,"device":"88.152.80.179","domain":"","dstadd":"77.91.162.57","dstport":34056,"duration":1124,"eventname":"Syn Dst Port Sweep","flags":2,"fwevent":0,"fwextcode":0,"inif":14,"macdst":"00:00:00:00:00:00","macsrc":"00:00:00:00:00:00","outif":30,"packets":3,"proto":6,"srcadd":"94.10.108.161","srcport":57058,"time":1475147662254,"timeH":"29-Sep-2016 12:14:22.254","tos":0,"user":""}
+
{"Application":"TCP/34056","Eventer":"177.95.162.57","Syn Type":"Destination","appid":427272,"bytes":152,"device":"88.152.80.179","domain":"","dstadd":"177.95.162.57","dstport":34056,"duration":1124,"eventname":"Syn Dst Port Sweep","flags":2,"fwevent":0,"fwextcode":0,"inif":14,"macdst":"00:00:00:00:00:00","macsrc":"00:00:00:00:00:00","outif":30,"packets":3,"proto":6,"srcadd":"94.10.108.161","srcport":57058,"time":1475147662254,"timeH":"29-Sep-2016 12:14:22.254","tos":0,"user":""}
  
{"Application":"TCP/2233","Eventer":"8.34.181.199","Syn Type":"Destination","appid":395449,"bytes":56,"device":"88.251.80.179","domain":"","dstadd":"8.34.182.199","dstport":2233,"duration":0,"eventname":"Syn Dst Unreachable Server","flags":2,"fwevent":0,"fwextcode":0,"inif":30,"macdst":"00:00:00:00:00:00","macsrc":"00:00:00:00:00:00","outif":12,"packets":1,"proto":6,"srcadd":"178.20.87.218","srcport":29953,"time":1475147782244,"timeH":"29-Sep-2016 12:16:22.244","tos":0,"user":""}
+
{"Application":"TCP/2233","Eventer":"8.34.182.199","Syn Type":"Destination","appid":395449,"bytes":56,"device":"88.251.80.179","domain":"","dstadd":"8.34.182.199","dstport":2233,"duration":0,"eventname":"Syn Dst Unreachable Server","flags":2,"fwevent":0,"fwextcode":0,"inif":30,"macdst":"00:00:00:00:00:00","macsrc":"00:00:00:00:00:00","outif":12,"packets":1,"proto":6,"srcadd":"178.20.87.218","srcport":29953,"time":1475147782244,"timeH":"29-Sep-2016 12:16:22.244","tos":0,"user":""}
  
{"Application":"TCP/2233","Eventer":"8.34.181.199","Syn Type":"Destination","appid":395449,"bytes":56,"device":"88.251.80.179","domain":"","dstadd":"8.34.182.199","dstport":2233,"duration":0,"eventname":"Syn Dst Network And Port Sweep","flags":2,"fwevent":0,"fwextcode":0,"inif":30,"macdst":"00:00:00:00:00:00","macsrc":"00:00:00:00:00:00","outif":12,"packets":1,"proto":6,"srcadd":"178.20.87.218","srcport":29953,"time":1475147782244,"timeH":"29-Sep-2016 12:16:22.244","tos":0,"user":""}
+
{"Application":"TCP/2323","Eventer":"188.151.87.50","Syn Type":"Destination","appid":395539,"bytes":40,"device":"88.151.80.179","domain":"","dstadd":"188.151.87.50","dstport":2323,"duration":0,"eventname":"Syn Dst Network And Port Sweep","flags":2,"fwevent":0,"fwextcode":0,"inif":12,"macdst":"00:00:00:00:00:00","macsrc":"00:00:00:00:00:00","outif":30,"packets":1,"proto":6,"srcadd":"113.172.15.255","srcport":50432,"time":1475148478262,"timeH":"29-Sep-2016 12:27:58.262","tos":40,"user":""}

Latest revision as of 11:31, 29 September 2016

You can automatically have alerts sent to you syslog server(s) for choice.

In this page you can select what type of alerts to send to the syslog server(s). the syslog servers input can have multiple entries, separated by a comma ","

e.g. 172.21.40.1,172.21.40.2,172.21.40.3

Each entry can also have a port, facility and logging level set by using the format

IP_Address:Port:Facility:Level

e.g. 172.21.40.1:515:4:23,172.21.40.2:516:23:4

The above would send messages to 2 servers, .1 is on port 515 and .2 is on port 516

Both are using the "Local 7" Facility and the "Warning" level [[1]]

Settings alerting syslog.png


Syslog Message Types

Profiling

{"Application":"HTTPS TCP/443","Eventer":"171.60.192.3","Profile":"Facebook","appid":393659,"bytes":1447,"device":"88.152.80.179","domain":"","dstadd":"71.95.162.159","dstport":50561,"duration":288,"eventname":"Profiler","flags":26,"fwevent":0,"fwextcode":0,"inif":12,"macdst":"00:00:00:00:00:00","macsrc":"00:00:00:00:00:00","outif":30,"packets":10,"proto":6,"srcadd":"171.60.192.3","srcport":443,"time":1475147589242,"timeH":"29-Sep-2016 12:13:09.242","tos":40,"user":""}

Blacklist

{"Application":"BitTorrent TCP/6881","Black List":"http://lists.blocklist.de/lists/bots.txt","Black List Type":"Source","Eventer":"146.166.138.144","appid":400097,"bytes":120,"device":"88.251.80.179","domain":"","dstadd":"171.20.87.4","dstport":63533,"duration":1380,"eventname":"Black List Src","flags":20,"fwevent":0,"fwextcode":0,"inif":12,"macdst":"00:00:00:00:00:00","macsrc":"00:00:00:00:00:00","outif":30,"packets":3,"proto":6,"srcadd":"146.166.138.144","srcport":6881,"time":1475147643237,"timeH":"29-Sep-2016 12:14:03.237","tos":40,"user":""}


{"Application":"SSH TCP/22","Black List":"http://lists.blocklist.de/lists/ssh.txt","Black List Type":"Destination","Eventer":"221.229.172.74","appid":393238,"bytes":1850,"device":"88.251.80.179","domain":"","dstadd":"121.229.172.74","dstport":16630,"duration":6060,"eventname":"Black List Dst","flags":27,"fwevent":0,"fwextcode":0,"inif":30,"macdst":"00:00:00:00:00:00","macsrc":"00:00:00:00:00:00","outif":12,"packets":12,"proto":6,"srcadd":"27.95.164.214","srcport":22,"time":1475147606249,"timeH":"29-Sep-2016 12:13:26.249","tos":16,"user":""}

Syn Source

{"Application":"TCP/49755","Eventer":"188.151.82.182","Syn Type":"Source","appid":442971,"bytes":152,"device":"88.152.80.179","domain":"","dstadd":"69.109.41.224","dstport":54350,"duration":1804,"eventname":"Syn Src Network Sweep","flags":2,"fwevent":0,"fwextcode":0,"inif":30,"macdst":"00:00:00:00:00:00","macsrc":"00:00:00:00:00:00","outif":12,"packets":3,"proto":6,"srcadd":"188.151.82.182","srcport":49755,"time":1475147666238,"timeH":"29-Sep-2016 12:14:26.238","tos":0,"user":""}

{"Application":"TCP/3476","Eventer":"181.70.185.210","Syn Type":"Source","appid":396692,"bytes":40,"device":"88.121.80.179","domain":"","dstadd":"185.51.92.126","dstport":3476,"duration":0,"eventname":"Syn Src Network And Port Sweep","flags":2,"fwevent":0,"fwextcode":0,"inif":12,"macdst":"00:00:00:00:00:00","macsrc":"00:00:00:00:00:00","outif":13,"packets":1,"proto":6,"srcadd":"181.70.185.210","srcport":42765,"time":1475147582241,"timeH":"29-Sep-2016 12:13:02.241","tos":40,"user":""}

{"Application":"TCP/3449","Eventer":"85.70.185.230","Syn Type":"Source","appid":396665,"bytes":40,"device":"88.121.80.179","domain":"","dstadd":"185.51.93.177","dstport":3449,"duration":0,"eventname":"Syn Src Port Sweep","flags":2,"fwevent":0,"fwextcode":0,"inif":12,"macdst":"00:00:00:00:00:00","macsrc":"00:00:00:00:00:00","outif":13,"packets":1,"proto":6,"srcadd":"85.70.185.230","srcport":42765,"time":1475147676345,"timeH":"29-Sep-2016 12:14:36.345","tos":40,"user":""}

Syn Destination

{"Application":"TCP/34056","Eventer":"177.95.162.57","Syn Type":"Destination","appid":427272,"bytes":152,"device":"88.152.80.179","domain":"","dstadd":"177.95.162.57","dstport":34056,"duration":1124,"eventname":"Syn Dst Port Sweep","flags":2,"fwevent":0,"fwextcode":0,"inif":14,"macdst":"00:00:00:00:00:00","macsrc":"00:00:00:00:00:00","outif":30,"packets":3,"proto":6,"srcadd":"94.10.108.161","srcport":57058,"time":1475147662254,"timeH":"29-Sep-2016 12:14:22.254","tos":0,"user":""}

{"Application":"TCP/2233","Eventer":"8.34.182.199","Syn Type":"Destination","appid":395449,"bytes":56,"device":"88.251.80.179","domain":"","dstadd":"8.34.182.199","dstport":2233,"duration":0,"eventname":"Syn Dst Unreachable Server","flags":2,"fwevent":0,"fwextcode":0,"inif":30,"macdst":"00:00:00:00:00:00","macsrc":"00:00:00:00:00:00","outif":12,"packets":1,"proto":6,"srcadd":"178.20.87.218","srcport":29953,"time":1475147782244,"timeH":"29-Sep-2016 12:16:22.244","tos":0,"user":""}

{"Application":"TCP/2323","Eventer":"188.151.87.50","Syn Type":"Destination","appid":395539,"bytes":40,"device":"88.151.80.179","domain":"","dstadd":"188.151.87.50","dstport":2323,"duration":0,"eventname":"Syn Dst Network And Port Sweep","flags":2,"fwevent":0,"fwextcode":0,"inif":12,"macdst":"00:00:00:00:00:00","macsrc":"00:00:00:00:00:00","outif":30,"packets":1,"proto":6,"srcadd":"113.172.15.255","srcport":50432,"time":1475148478262,"timeH":"29-Sep-2016 12:27:58.262","tos":40,"user":""}