Application-Aware and Protocol-Aware Syslogs
The Advanced Logging option enables you to generate logs that include application-specific and protocol-specific traffic data and provides enhanced network visibility through comprehensive data collection. The Firewall Threat Defense device generates these logs alongside existing connection, intrusion, file, and malware events. As syslogs, you can send these logs to external event management solutions for analysis. When enabled, advanced logging uses the Snort 3 engine's deep packet inspection capabilities to extract protocol data. It provides a configurable solution for sending these logs from the Firewall Threat Defense device to destination such as Splunk or a syslog alert server.
Advanced Logging Protocols
Advanced logging supports these protocols.
|
Protocol |
Description |
|---|---|
|
CONN |
Logs the data collected from end-of-connection events, including the transport protocol, service protocol, and session duration. |
|
DNS |
Logs the data collected from responses to TCP and UDP DNS sessions, including commands, their arguments, response codes, and response messages. |
|
FTP |
Logs the commands and data exchanged during an FTP session, including the command and its arguments, response codes, and response messages. |
|
HTTP |
Logs the data collected from the HTTP responses, including the HTTP method, header, and status code. |
|
NOTICE |
Logs the data collected for intrusion events, including the GID:SID pair, rule messages, and associated references. |
|
WEIRD |
Logs the data about anomalies detected in traffic flow. |
For more information about application log fields, see Advanced Logging Syslog Fields.