Log Samples¶

<6> 2021-10-27T04:41:43Z ip-100.internal ESS91785[1]: {"message_id":"1633444894-105481-5298-10428-1","src_ip":"192.168.97.25","hdr_from":"\"Logpoint Publications\" \u003c[email protected]\u003e","account_id":"abc123","domain_id":"189043","ptr_record":"s1.asa1.acem.com","attachments":null,"recipients":[{"action":"allowed","reason":"m","reason_extra":"m","delivered":"delivered","delivery_detail":"logpoint-edu.mail.protection.outlook.com:25:250 2.6.0 \u003c20211005141738.8382.232815220.swift@Logpointpublications.activehosted.com\u003e [InternalId=14306536080363, Hostname=BL3P223MB0161.NAMP223.PROD.OUTLOOK.COM] 116795 bytes in 0.273, 417.467 KB/sec Queued mail for delivery","email":"[email protected]","taxonomy":"none"}],"hdr_to":"\"Leon Pedraza\" \u003c[email protected]\u003e","recipient_count":1,"dst_domain":"logpoint.edu","size":97272,"subject":"Develop deep knowledge of faculty development","env_from":"bounce-529093-2847-29700-lpedraza=logpoint.edu@s1.csa1.acemsa3.com","timestamp":"2021-10-05T14:41:40+0000","geoip":"USA","tls":true}

<12>Jul 06 07:40:54 xxxxxxx 1/sssss/ssss/box_Firewall_threat: Warning host firewall: [Request] Allow: IPS ALLIP(0) 1.1.1.1 -> 0.0.0.0:0 |[ID: 5000002 TCPIP Port or IP Address Scan]||2|Probing

2014-04-11 10:50:30.411 +0530 wafbox1 WF ALER PRE_1_0_REQUEST xx.xx.x.xxx 34006 xx.xx.xxx.x 80 global GLOBAL LOG NONE [POST /index.cgi] POST xx.xx.xxx.x /index.cgi HTTP REQ-0+RES-0 "Mozilla/5.0 (X11; Linux i686; rv:12.0) Gecko/20100101 Firefox/12.0" xx.xx.xxx.x 34005 ABC http://xx.xx.xxx.x /index.cgi

<134>2020-11-12 06:37:42.791 -0400 WAF1 TR 1.1.1.1 443 24.2.252.238 43662 "-" "-" GET TLSv1.3 www.abc.com HTTP/1.1 200 1643 1968 0 592 1.1.1.1 443 591 "-" SERVER PROFILED PROTECTED VALID /load/rave/ "-" https://www.abc.com _ga=GA1.2.757211401.1575902461; hubspotutk=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx; __hssrc=1; _gcl_au=1.1.1890078026.1600961 263; nmstat=1600961274952; _fbp=fb.1.1600961263367.958342315; __hstc=211988107.b036aa4d75c35f4baae31bd05bb6da9d.1575902465900.15759024659 "Mozilla/5.0 (X11; CrOS x86_64 xxxxx.xx.x) AppleWebKit/537.36 (KHTML , like Gecko) Chrome/xx.x.xxxx.xx Safari/537.36" 24.2.252.238 43662 "-" "-" "-" "-" xxxxxxxxxx-xxxxxxxx

2016-02-02 21:08:53.861 -0800 wafbox1 AUDIT User3 GUI 192.0.0.0 0 CONFIG 17 - SET web_firewall_policy default url_protection_max_upload_files "5" "6" "[]"

afbox1 2016-05-21 03:28:23.494 -0700 NF INFO TCP 192.0.0.0 52236 1.1.1.1 8000 DENY testacl MGMT/LAN/WAN interface traffic:deny policy TCPFeb 3 15:09:02 wsf STM: LB 5 00141 LookupServerCtx = 0xab0bb6xx

2010-02-03 01:49:09.077 -0800 logpointbox WF ALER SQL_INJECTION_IN_PARAM 1.1.1.7 361 1.1.1.20 webapp1:deny_ban GLOBAL LOG NONE "[type=""sql-injection-medium"" pattern=""sql-quote"" token=""' or "" Parameter=""address"" value=""hi' or 1=1--""]" POST 1.1.1.2/xxx-bin/process.xxx HTTP REQ-0+RES-0 "Mozilla/5.0 (X11; U; Linux i686 (x86_64); en-US; rv:1.8.1.20) Gecko/20081217 Firefox/2.0.0.20" 1.1.1.7 39661 Bob http://1.1.1.2/xxx-bin/1.pl 11956 ATTACK_CATEGORY_INJECTION

<161>CEF:0|Barracuda|WAF|910|2002|GeoIP-Pool:WPA_Rep_Pool|1|cat=NF src=xxx.xxx.xx.xx spt=57169 dst=xx.x.x.xx dpt=443 act=DENY dvchost=ABC proto=TCP rt=1531388610159  cs1=MGMT/LAN/WAN interface traffic:deny  cs1Label=Details

<14>Jun 15 07:52:08 LOGPOINT 1/DEBUxxx/LOGPOINT2/box_Firewall_Activity: Info LOGPOINT2 Allow: type=FWD|proto=TCP|srcIF=p2.1|srcIP=xxx.xx.xxx.x|srcPort=49609|srcMAC=xx:xx:xx:xx:xx:xx|dstIP=xxx.xx.x.xxx|dstPort=49155|dstService=|dstIF=p1|rule=INSIDELYNCAUDIOWAN|info=TF-Sync|srcNAT=xxx.xx.xxx.x|dstNAT=xxx.xx.x.xxx|duration=0|count=1|receivedBytes=0|sentBytes=0|receivedPackets=0|sentPackets=0|user=|protocol=|application=|target=|content=|urlcat=

<14>Oct 20 11:02:51 bru02 1/GroupIT/logpoint/box_Firewall: Info logpoint firewall: [Request] Allow: type=FWD rule=Exchangeclients (00:00:00:00:00:44)TCP 1.1.1.1:50531 (port1) -> 1.1.1.2:8034-vanxxxxxx-mgmt port3.10

<164>http_scan[15983]: 1418826306 1 1.1.1.1 1.1.1.2 application/javascript 1.1.1.3 http://1.1.1.4/lp/logpoint.com/warn.xx.10918xxxxxx/lp.ab.0328.0397/lp.cd.0329.0424? &tag=0&time=&eventid=&callback=PushStreamManager_0_onmessage_1418826313069&_=1418826313069 584 BYF ALLOWED CLEAN 2 1 0 5 3 (-) 1 - 0 - 0 - - [ldap0:pp.op] http://www.abc.com/push/

<23>scan[2716]: mail2.abc.com[192.xxx.x.xx] 1425999233-06bc853d9ab85d40001-9xRH8n 1425999233 1425999273 SCAN - xxx@uvw.yz ppp@qrs.com 0.002 0 0 - SZ:135913 SUBJ:ppo nrm-ul la acest aviz cat mai repede posibil

1140 <6> 2022-05-09T14:41:23Z ip-1.1.1.1.us-east-2.compute.internal ESSxxxxx[1]: {"message_id":"1633444868-102973-5408-2198-1","src_ip":"1.1.1.1","hdr_from":"\"ABC\" \u003logpoint.com\u003e","account_id":"ess91785","domain_id":"189043","ptr_record":"target.com","attachments":null,"recipients":[{"action":"allowed","reason":"","reason_extra":"","delivered":"delivered","delivery_detail":"mail.protection.outlook.com:25:250 2.6.0 \[email protected]\u003e [InternalId=14328010914404, Hostname=PROD.OUTLOOK.COM] 13108 bytes in 0.050, 251.395 KB/sec Queued mail for delivery","email":"[email protected]","taxonomy":"none"}],"hdr_to":"\u003chrxxxx","size":2517,"subject":"Scale Ranks #1 on CRN‚Äôs 2021 Annual Report Card for Edge Computing infrastructure","env_from":"[email protected]","timestamp":"2022-05-09T14:41:21+0000","geoip":"Nepal","tls":true}