References

Access and error logs from Apache HTTP Server: every client IP, URI, status code plus runtime warnings or faults from worker processes.

Audit and access logs for Confluence: page views, edits, permission changes, user management and configuration updates.

Barracuda CloudGen Firewall logs covering rule hits, IPS verdicts, VPN sessions, policy enforcement and device health messages.

Barracuda Email Security Gateway logs: inbound/outbound flow, spam verdicts, malware hits, policy actions and quarantine decisions.

Barracuda WAF attack, access and config logs showing OWASP rule hits, SSL handshakes, load-balancing outcomes and admin changes.

GravityZone endpoint logs reporting malware, exploit blocks, policy updates and agent health across Windows, macOS and Linux.

Vendor-neutral events in ArcSight Common Event Format: key-value pairs easily parsed and ingested by any SIEM.

Cisco ASA syslog: stateful connection builds/teardowns, ACL hits, NAT, VPN handshakes, IPS verdicts, failover and hardware alerts.

Meraki dashboard logs from MX/MR/MS: client joins, traffic analytics, content filter actions, WIPS alerts, config pushes, link health.

NetScaler ADC/Gateway logs: SSL VPN sessions, load-balancer decisions, authentication events and policy matches.

Consistec Caplon: Real-time monitoring for networks, services and security with deep packet inspection, anomaly, port scan and C&C detection as well as SLA/KPI monitoring and flexible alarms.

ESET PROTECT server logs: malware detections, firewall alerts, agent status changes and administrator console logins.

Enginsight APT detection logs highlighting suspected advanced threat behaviors, including anomalous process chains, lateral movement attempts and flagged indicators of compromise.

Enginsight FIM events capturing file system changes: creation, modification and deletion of critical files and configuration objects across monitored servers.

Enginsight Intrusion Detection System (IDS) logs capture intrusion detection events from host sensors, monitoring network and system activity for malicious behavior or policy violations :contentReference[oaicite:2]{index=2}. They include both signature-based alerts and anomaly-based detections, with details on rule identifiers, threat severity levels, source and destination IPs and ports, timestamps and underlying detection engine metadata for SIEM correlation :contentReference[oaicite:3]{index=3} :contentReference[oaicite:4]{index=4}. These logs are ingested into the SIEM to provide real-time visibility and historical forensic analysis of detected threats :contentReference[oaicite:5]{index=5} :contentReference[oaicite:6]{index=6} :contentReference[oaicite:7]{index=7} :contentReference[oaicite:8]{index=8}

Enginsight Loggernaut logs showing ingestion status, parsing errors, throughput metrics and retention policies applied to collected logs.

Enginsight SIEM incident records summarizing correlated alerts, incident severity, assigned tickets and remediation status for security events.

Enginsight Shield intrusion prevention logs recording blocked exploits, signature matches, anomaly detections and rule enforcement actions in network traffic.

Extreme Networks switch and WLAN syslog: port security, spanning tree events, firmware changes and device health traps.

F5 BIG-IP ASM violation logs: signature matches, session tracking, and mitigation actions enforced by the WAF policy engine.

Plain-text log files ingested from local or network storage, e.g., debug output, custom audit or legacy application logs.

FortiSIEM normalized events after parsing many feeds; includes correlation results, rule triggers and incident IDs.

FortiGate logs for traffic, threat, VPN and system: App-ID, IPS, web filter, antivirus detections and HA state changes.

G DATA endpoint logs report detections, cleanup actions and audit events across managed Windows, macOS and Linux hosts.

Catch-all reference for custom or unclassified events that still need to be searchable inside the SIEM.

ISC dhcpd lease logs list discover, offer, request, renew and release actions for every DHCP client transaction.

LANCOM router, WLAN controller and AP logs: VPN sessions, RADIUS auth results and roaming events.

LANCOM Management Cloud logs covering device telemetry, firmware orchestration and central policy deployment.

Reference records linking events or rules to MITRE ATT&CK tactics and techniques for threat correlation.

Unified audit logs from Exchange, SharePoint, Teams and Entra ID: user actions, admin changes and compliance events.

Defender Antivirus/Endpoint logs: malware detections, remediation steps, cloud intel updates and tamper alerts.

NGINX access/error logs record request URIs, client IPs, response times, upstream status and worker-process errors.

OpenSSH server logs documenting auth success/fail, key exchange, session open/close and port-forward activity.

Palo Alto firewall logs: traffic, threats, URL filtering, WildFire verdicts, GlobalProtect VPN and system status.

Postfix SMTP logs show connection handshakes, queue IDs, delivery attempts, status codes and relay decisions.

Generic syslog relay or log-forwarder messages without product-specific structure.

SentinelOne EDR logs reporting ransomware blocks, behavioral AI alerts, remediation steps and agent health.

SonicWall firewall logs covering traffic flows, threat prevention events, user auth and hardware status.

Sophos endpoint and firewall logs: malware detections, exploit blocks, policy enforcement and quarantine actions.

Squid access/cache logs list client requests, HTTP status, caching decisions, bytes transferred and timings.

Default reference for generic system or application logs that follow the SIEM base schema.

Raw syslog messages (RFC 3164/5424) from any device or Unix-like system, unparsed but time-stamped and tagged.

Microsoft Sysmon events capture process starts, network connects, registry edits and other low-level Windows activity.

Apex One endpoint logs: behavior monitoring hits, vulnerability protection, policy updates and audit records.

Unbound resolver logs include client queries, cache lookups, DNSSEC validation and protocol errors.

WatchGuard Firebox logs detail policy matches, IPS results, interface stats and authentication events.

Windows Event Log channels covering system, security, application and custom provider events for each host.

Logs from genua genuscreen/pf: firewall rule hits, connection tracking entries and IPSec VPN negotiations.

macOS Unified Logging and legacy system logs: subsystem debug, kernel alerts and application crash reports.

pfSense logs for firewall rules, packet filter states, NAT translations, service daemons and system events.

strongSwan IPsec VPN logs showing IKE negotiations, tunnel setup, rekey events and SA lifecycle changes.