A Configuration of Security Log Sources
Log source specifications and configuration support for log collection.
Database Sources
Vendor | Log Type | Log Location/Name | Supported Versionss | Supported Platform |
---|---|---|---|---|
IBM |
IBM DB2 Audit |
{inst_home}/sqllib/db2dump/db2diag*.log |
- |
Linux, AIX, Windows |
Microsoft |
Microsoft SQL Server Audit |
Object Explorer > Security > Audits folder |
- |
- |
MySQL |
MySQL Audit Log |
/var/lib/mysql/audit*.log |
5.5 |
- |
Oracle |
Oracle Database Alert |
{diagnostic_dest}/diag/rdbms/<db_unique_name>/<instance_name>/trace |
12.1 |
AIX, HPUX, Linux, Solaris, Windows |
Oracle |
Oracle Database Listener |
{log_dir_path}/*.xml |
12.1 |
AIX, HPUX, Linux, Solaris, Windows |
Oracle |
11g - .AUD, XML File Audit, Oracle Audit 12c and 18c - .AUD, XML, Unified Audit Trail, Audit Records |
{audit_dest}/*.aud |
11.2 & 12.1 |
Linux, Solaris, Windows |
Oracle |
Oracle TNS Trace |
{trace_dir_path}/*.log |
12.1 |
AIX, HPUX, Linux, Solaris, Windows |
Host Sources
Vendor | Log Type | File Name/Location | Supported Versions | Supported Platform |
---|---|---|---|---|
IBM |
AIX Audit |
/audit/*.out |
6.1 |
AIX |
Oracle |
Linux Audit |
/var/log/audit/audit* |
- |
Linux |
Oracle |
Linux DHCP |
<Configured to write to Syslog> |
- |
Linux |
Oracle |
Linux DNS (BIND) |
<Configured to write to Syslog> |
- |
Linux |
Oracle |
Linux Maillog |
/var/log/maillog* |
- |
Linux |
Oracle |
Linux Syslog |
/var/log/messages* |
- |
Linux |
Oracle |
Linux SUDO |
/var/log/sudo.log* |
- |
Linux |
CentOS |
Linux YUM |
/var/log/yum.log* |
- |
Linux |
Microsoft |
Microsoft DHCP |
%windir%\System32\Dhcp |
- |
Windows Server |
Microsoft | Microsoft Active Directory Audit | 208, 2008 R2 | ||
Oracle |
Solaris Audit |
/var/audit/audit* |
12.1 |
Linux, Solaris, Windows |
Oracle |
Solaris Syslog |
<Configured to write to Syslog> |
- |
Linux |
Ubuntu |
Ubuntu Secure |
/var/log/secure |
- |
Ubuntu |
Ubuntu |
Ubuntu Syslog |
/var/log/syslog |
- |
Ubuntu |
Security Device Sources
Vendor | Log Type | User | Supported Versions | Supported Platform |
---|---|---|---|---|
Blue Coat |
Bluecoat Proxy |
/var/log/bluecoat/w3c* & c:\bluecoatLog\w3c* |
SGOS 6.5 and later |
AIX, HPUX, Linux, Solaris, Windows |
Cisco |
Cisco ASA Firewall |
<Configured to write to Syslog> |
9.5 |
N/A |
Cisco |
Cisco ASA VPN |
<Configured to write to Syslog> |
9.5 |
N/A |
Check Point | Check Point Firewall LEA Log Format | - | R77.30 | AIX, Linux, Solaris, Windows |
F5 Networks | - | /var/log | 11 | HO-UX, AIX, Linux, Solaris |
Fortinet |
Configured to write to Syslog: /var/log/Fortinet.* |
FortiGate 5.6.0 - 5.2 |
VMware ESXi v4.0 and newer, Microsoft Hyper-V 2008R2 and newer, Fortinet FortiHypervisor v1.0 and newer |
|
IBM |
Qradar Leef |
/var/log/qradar.log |
- |
AIX, Linux, Solaris, Windows |
netfilter |
ipTables |
/var/log/iptables* |
- |
Linux |
Open Source |
ipTraffic |
/var/log/iptraf/ip_traffic.log |
1.3 and later |
Linux |
Palo Alto Networks |
- |
PAN - OS 7.1 |
PA-200, PA-500, PA-2000 Series, PA-3020, PA-3050, PA-3060, PA-4000 Series, PA-5000 Series, PA-7050, PA-7080, and all the Virtual Appliances. |
Web Application Server Sources
Vendor | Log Type | Log Location/Name | Supported Versions | Supported Platform |
---|---|---|---|---|
Oracle |
FMW Oracle Access Manager (OAM) Audit |
{oracle_instance}/auditlogs/OAM/{ias_internal_name}/audit*.log |
12.1 |
Linux, Solaris, Windows |
Oracle |
FMW Oracle HTTP Server (OHS) Access |
{ohs_home}/servers/{component_name}/logs/access_log* |
11.2 |
Linux, Solaris, Windows |
Oracle |
FMW Oracle HTTP Server (OHS) Admin |
{ohs_home}/servers/{component_name}/logs/admin_log* |
11.2 |
Linux, Solaris, Windows |
Oracle |
FMW Oracle Internet Directory (OID) Audit |
{oracle_instance}/auditlogs/OID/{ias_internal_name}/audit-pid*.log |
12.1 |
Linux, Solaris, Windows |
Oracle |
FMW WLS Server Access |
{ohs_home}/diagnostics/logs/OHS/{component_name}/access_log* |
12.1 |
Linux, Solaris, Windows |
Apache |
Tomcat Access |
/var/log/<tomcat_version>/access.log |
- |
Linux, Windows |
Apache |
Tomcat Catalina V8.5 |
${catalina_base}/logs/catalina |
- |
Linux, Windows |
Apache |
Tomcat Host |
/var/log/tomcat7/*.log |
- |
Linux, Windows |
Apache |
Tomcat Manager V9 |
/var/log/<tomcat_version>/manager.log |
- |
Linux, Windows |