Supported Log Source

LogPoint parses and analyzes the logs from over hundreds of integrations. The Supported Log Source guide lists the integrations supported by the LogPoint.

Note

We are continuously adding more SIEM log sources based on customer needs. Please contact the LogPoint Support team if you don’t see what you need in the list below.

List of Supported Log Source

The following table lists the applications, devices, and versions supported by application with LogPoint:

Application

Supported Devices/Supported Versions

A10 Networks

  • A10 Thunder Server 2.7.2

  • A10 Thunder Series and AX Series

  • A10 Web Application Firewall

Activtrak

Activtrak 4.3.x.x

AgileSI

AgileSI v2.x.x

Airlock

Airlock WAF v6.0

AIX

AIX 7.x

Apache HTTP Server

Apache HTTP Server v2.x (Common Log Format) Apache Tomcat v7, v8 Apache Web Servers

Arbor Networks

  • Arbor Pravail APS

  • Arbor Network APS Version 5.9

ARP Guard

ARP Guard

Aruba

  • ArubaOS

  • Aruba ClearPass

Ascom UCM

Ascom Unite Connectivity Manager (Unite CM)

Asterisk

Asterisk v1.8.7

Atrica Proxy

Artica Proxy version 3.x

Avaya NAC

Avaya NAC

AzureLogAnalytics

Azure Log Analytics Workspaces

Balabit

Balabit Shell Control Box 5.0.2

Barracuda

  • Barracuda Web Application Firewall v7.x, v8.x

  • Barracuda Web Application Firewall CEF

  • Barracuda Spam & Virus Firewall v4.x

  • Barracuda NG Firewall v6.x, v7.x

  • Barracuda Web Security Gateway v6.x

Beyond Trust

  • Bomgar Remote Support v16.2.1

  • Privileged Access Management

  • PowerBroker Insight Version v6.4.7.118

BIG-IP

  • BIG-IP v11.x.x

  • BIG-IP v12.x.x

  • BIG-IP v13.x.x

BitDefender

  • BitDefender GravityZone 5.1.21-460

  • BitDefender Endpoint Security 5.3.20-6642

Bintec Router

Router RS353JV

Blue Coat

Access Logs for BlueCoat SG/BlueCoat SG Proxy - SGOS 6.5.2.1

Bomgar

Bomgar Remote Support v16.2.1

BoxAudit

Boxaudit

Broadcom

CA Privileged Access Manager v2.8

Brocade

  • Fabric OS v8.x, v7.x, 7.4.1b.

  • Brocade 300

  • Brocade 5100

  • Brocade 5480

  • Brocade 6510 (HPE SN6000B)

  • Brocade SAN FC Platforms

Carbon Black

Bit9 Security System v6.x

CAS Server

CAS-server v3.51

CEF Compiled Normalizer

  • Trend Micro Deep Security CEF

  • Rhebo CEF

  • Malwarebytes CEF

  • Trend Micro Deep Discovery CEF

  • FireEye CEF

  • ForeScout CEF

  • PaloAlto CEF

  • SentinelOne CEF

  • RedSocks CEF

  • Any device with CEF format

Centrify

Centrify Server Suite 2017

CIFS Fetcher

Windows

CheckPoint Firewall

Check Point Firewall version r80.10 and later

CiscoAMP

Cisco Advanced Malware Protection (AMP) for Endpoints.

Cisco

  • Cisco 2500 Series Wireless Controller

  • Cisco VPN 3000 Concentrator

  • Cisco 5500 Series Wireless Controller

  • Cisco 6506 E Switch

  • Cisco Nexus 5548 - Cisco Nexus 5548 DC switch, NX OS Software Release 5.0(3)N2(1)

  • Cisco Catalyst 35XX series – Cisco Catalyst 35XX, 29XX series

  • Cisco Iron Port Email Security-II - Cisco Iron Port Email Security

  • Cisco IronPort Email Security - Cisco Iron Port Email Security

  • Cisco ACS - Cisco ACS Version acs-5.4.0.46-B.221

  • Cisco MSE - Cisco Mobility Services Engine

  • Cisco ISE - Cisco ISE 1.2.0.899

  • Cisco Iron Port Email Security-II - Cisco Iron Port Email Security

  • Cisco Prime - Cisco Prime Infrastructure version 1.3

  • Cisco ACE - Cisco ACE 4700 Series Application Control Engine Appliance

  • Cisco TACACS

  • Cisco FWSM - Cisco Catalyst 65XX series

  • Cisco TACACS

  • Cisco Meraki MR18

  • Cisco VSG CEF, Cisco VSG 4.2(1)VSG2(1.1)

  • Cisco PIX/ASA

  • Cisco IOS/CatOS

  • Cisco VSG

  • Cisco FirePower

  • Cisco SourceFire IDS/IPS

Cisco Umbrella

Cisco Umbrella AWS S3 buckets

Citrix

  • NetScaler v12.x, v11.x, v10.x

  • Citrix Access Gateway

Clavister CorePlus

Clavister Coreplus v9.x

ClearSwift

Clearswift SEG v4.x, 3.x

CloudTrail

AWS Cloudtrail

CloudWatch

AWS CloudWatch

Couchbase

Couchbase Enterprise Edition 5.5.3

CSV Enrichment Source

  • CSV files that are uploaded by the customer.

  • CSV source hosted in different websites which can be downloaded through CSV enrichment.

CSVNormalizer

CSVNormalizer for any valid CSV logs.

CyberArk

  • Cyberark v8.x & v9.x

  • CyberArk EPV (CEF)

  • CyberArk PTA (CEF)

  • CyberArk EPM

Cyberlytics

Cyberlytics CTP all version

Cyberoam

Cyberoam v10.x

Cylance

  • All versions of CylancePROTECT

  • Cylance Optics v2.0

  • Cylance EPO

DarkTrace

DarkTrace

Dell

  • Dell OpenManage v7.x, v8.x

  • Dell Power Connect 6224,6248 Switches

  • Dell Force 10 Series Switches

  • Dell OpenManage v7.x, v8.x

Deny All WAF

DenyAll Web Application Firewall v6.x

DirectAccess

Microsoft DirectAccess

DNS Analytics

  • CSIS Secure DNS

  • SecureDNS

  • DNS BIND

Dovecot

Dovecot

Draytek Vigor 3300V Firewall

Draytek Vigor 3300V Firewall

Dropbear

Dropbear Server and Client

EMCCollector

Storage Servers

Endpoint Protector

Endpoint Protector

EnGenius

Engenius Wireless Access Points

ESET

ESET Server

EventHubs

Azure Event Hubs activity logs, Network Security Group (NSG) flow logs, and Microsoft Intune logs.

Exim

Exim 4.89

Extreme Network

  • ExtremeXOS version 12.5.4.5

  • Extreme Networks Management Center v7.x, v8.x

EZ Proxy

EZproxy v5.x, v6.x

F5 ASM

F5 ASM

F5 Loadbalancer

F5 Loadbalancer

Fail2ban

Fail2ban v0.8

Faxmaker

GFI Faxmaker 6.x

Filezilla

Filezilla v3.x

FireEye

  • FireEye

  • FireEye CEF

  • FireEye CMS CEF

  • FireEye Web

First Class

OpenText FirstClass Server 16.0

ForeScout

  • ForeScout CounterACT v7.1

  • ForeScout Network Access Control

  • Generic package for ForeScout v7

FortiGate

FortiGate v4.x, v5.x, v6.x Fortinet Fortigate NGFW & UTM

Free IPA

FreeIPA 3.3

Free Radius

Free Radius VPN, Server and WLAN

FSecure

  • Microsoft FSecure Gatekeeper v5.x

  • F-Secure v11 Web Access

  • FSecure Gatekeeper v5.x

  • F-Secure v11

FTP Package

Linux/Unix FTP

Genua Firewall

Genua Firewalls (Genugate)

GEOIP

Maxmind

HA Proxy

HA-Proxy v1.5.14

Halon Mail Security and Firewall Appliance

  • Halon Mail Security and Firewall Appliance

  • Halon Security Router

Hitachi NAS

Hitachi NAS 3090-G2 v12.2.3753.08

Honeyd

Honeyd v1.5

HP

  • HP Switch Procurve

  • HP Switch 5820 Series v5.20

  • HP Switch Generic - Hp Switch generic

  • HP Nonstop

  • HP Switch 5700 and 5900 Series - HP Flex Fabric Switch 5700 and 5900

  • HP ProCurve Switch, HP 5820X-24XG-SFP+

IBM

  • Generic IBM IMM log format

  • IBM Iseries

  • IBM Z/OS Communications Server v2.01

  • IBM DB2 on z/OS

  • IBM DB2 on Linux, Unix, Windows

  • IBM Integrated Management Module (IMM) firmware version: 4.31

  • IBM RACF

  • IBM AS400 & IBM iSeries Platform Logs

IBoss

iBoss URL Filtering Appliance

Incapsula

Incapsula

IncMan

IncMan

InfoBlox

  • InfoBlox - Enterprise Network Infrastructure Automation Software and Hardware Provider

  • Infoblox DNS/DHCP Management

Integrity Scanner

Integrity Scanner

IP Switch

WS_FTP Server v7.6

JSON Normalizer

JSON Normalizer for any valid JSON logs

Juniper Firewall

  • JunOS

  • Juniper Secure Access

  • Juniper VGW

  • Juniper SSG140

  • Juniper Netscreen IDP

  • Juniper Secure Access WELF

  • JunOS SRX Firewall

  • Juniper MAG-2600: 8.0R7

  • Juniper ISG

Kaspersky

  • Kaspersky Antivirus

  • Kaspersky DB

  • Kaspersky Endpoint Security 10

  • Kaspersky LEEF

  • Kaspersky Security Center (KSC)

Kemp Technologies

KEMP LM-2400 LoadMaster Version 7.1-32-84.20151217-1347

Kiteworks

Accellion Kiteworks v6.0.0

LDAPEnrichmentSource

Lightweight Directory Access Protocol (LDAP) server

LEEFNormalizer

LEEFNormalizer for any valid LEEF logs

Lenovo

Lenovo Storage V3700 V2/V5030 Series

LogBinder

  • MSExchange

  • SharePoint

LogPoint Agent for Windows

64-bit version of Windows

LogPoint Agent

LogPoint Agent

LogPoint

  • Webserver Common

  • Kernel

  • LogPoint Audit

Malwarebytes

  • CEF logs for Malwarebytes Breach Remediation

  • CEF logs for Malwarebytes Endpoint Security

  • CEF logs for Malwarebytes Timeliner

McAfee EPO

  • McAfee EPO Antivirus

  • McAfee ePolicy Orchestration Server

Meru

  • Meru System Director v5.x, v6.x, 7.x, v8.x

  • Meru WLAN Controller

Microsoft ATA

Microsoft ATA v1.x

Microsoft Defender APT

Microsoft Defender ATP

  • Microsoft DNS Servers

  • Microsoft DHCP Servers

Microsoft Dynamic NAV

Microsoft Dynamics

Microsoft Exchange

  • Microsoft Exchange Message Tracking 2010, 2013, 2016

  • Microsoft Exchange 2010, 2013, 2016

  • Exchange HTTP Proxy

Microsoft IIS

Microsoft IIS 7.5, IIS 7.0, IIS6.0, IIS 5.0, IIS 4.0, IIS 8.0, IIS 8.5, IIS 10

Microsoft ISA Server

Microsoft ISA Server

Microsoft Outlook Web Access

Microsoft Outlook Web Access

Microsoft TMG

  • Acceleration Server 2006

  • ForeFont-Threat Management Gateway 2010

  • Microsoft TMG 2010

Mideye

Mideye Server v4.x

Mimecast

Mimecast v3.x

Mitel Fetcher

Mitel server

MobileIron

  • MobileIron

  • Mobile Iron Alerts version v7.5

Mobility Guard

MobilityGuard OneGate v16

Mod Security

Mod Security v2.24

MSSQL

MS-SQL Server 2005, 2008, 2012, 2014, 2016

Multi Modem iSMS

The MultiModem iSMS Intelligent SMS server

MySqlRDS

AWS MssqllRDS

NCSCross

NCS Cross v5, v4

Netapp Filer FAS3240

  • Data ONTAP v7.x, v8.x

  • Netapp Filer FAS 3240

NetFlow Collector

Cisco routers and switches

Netgear Firewall

NetGear Firewall (FWG114P)

NetScreen Firewall

NetScreen Firewall - ScreenOS v5.4.0.

NginX

NginX v1.x

Nortel Contivity Secure

Nortel Contivity Secure IP Services Gateway

Nozomi

Nozomi Networks

Nutanix

Nutanix NOS v4.1

ODBCEnrichmentSource

PostgreSQL, MSSQL, and MySQL ODBC databases.

ODBC Fetcher

MySQL, MSSQL, and PostgreSQL database servers. (Not required)

Office 365

Office 365

Onapsis Security

Onapsis Security v1.9.8

OpenDJ

OpenDJ 2.x

OpenLDAP

OpenLDAP v2.4.42

OpenVPN

OpenVPN v2.x

OpenVMS

OpenVMS v7.x, 8.x

Oracle

  • Oracle WebLogic Server 12c

  • Oracle Financials

  • Oracle 10g, 11g, 10.xg

  • Oracle Database 10g

  • Oracle on Windows

OracleEnrichmentSource

Oracle Database

PaloAlto Network Firewall

  • CEF logs of all versions of PAN-OS

  • CSV logs of PAN-OS 6.1, 7.1, 8.0, 8.1, 9.0, 9.1, 10.0

  • PaloAlto Next-Generation Firewalls

  • PaloAlto Networks Panorama

Passwordstate

Passwordstate v8.4

Pega

Pega PRPC v7.22

Peplink

Peplink 580 Firmware 7.x

Perago

Perago

PfSense Firewall

PfSense Firewall v2.x

Ping Identity

PingFederate Server v8.x

PointSharp

PointSharp

PortWise

PortWise Authentication Server v4.x

PostFix

PostFix Mail Server on Unix environment

Protective DNS

Protective DNS

PRTG Network Monitor

PRTG

Qmail

Qmail v1.x

Qualys

QualysGuard Vulnerability Management

Radware DefensePro

Radware DefensePro v3.6

RecordedFuture

Recorded Future

RedSocks

Redsocks v3.7.0 alpha1

Regulatory Compliance

  • GDPR

  • GPG 13

  • PCI DSS

  • ISO

  • NERC-CIP

  • SANS 6

  • NIST

  • GLBA

  • HIPPA

  • SOX

Rhebo

Rhebo

RSA SecurID

  • RSA Authentication Manager 7.x and 8.x

  • RSA SecurID Appliance 130

  • RSA SecurID Appliance 250

Rubrik

Rubrik

Ruckus Networks

  • Ruckus Wireless Access Points

  • Ucopia v5.0

Safenet

  • SafeNet KeySecure v 7.1

  • Safenet 2FA (Two Factor Authentication)

Salesforce

Salesforce

Samba

  • Samba 3.x, 4.x

  • Samba Server

SAP Business Intelligence

Business Objects

SAP

  • SAP Financial Planning

  • SAP HR

  • SAP PLM

  • SAP SRM

  • SAP CRM

  • SAP ABAP and HANA Platforms

SCP Fetcher Lite

Files in the remote host

Sendmail

  • Sendmail v8.x

  • Sendmail SMTP

SentinelOne

All versions of SentinelOne with CEF log format

Shavlik Protect

Shavlik Protect V9.2

Shibboleth

Shibboleth v2.x, v3.x

Sidewinder Firewall

Forcepoint Sidewinder 8.x

Sitecore

Sitecore 8.x

Smoothwall Webproxy

Smoothwall Webproxy

SMS Passcode

SMS Passcode v6.x, v7.x, v8.x

SnapGear Firewall

SnapGear (McAfee) Firewall

Snapt Haproxy

Snapt Haproxy

Snort

  • Snort v2.x

  • Snort IDS

SonicWall Firewall

  • STOSonicWall Firewall version 6.x and above

  • Secure Mobile Access SonicWALL SRA EX7000 Version:11.4.0-468

Sophos

  • Sophos Unified Threat Management v8

  • Sophos UTM WAF XG310

  • Sophos Endpoint Antivirus version 5.2.1 R2

  • Sophos XG Firewall v15.x

Spectrum Protect

Tivoli Storage Manager v6.x, v7.x

Squid

  • Squid v1.x, v2.5

  • Squid Cache v2.6 and above

  • SQUID Proxy

Stix Taxii

Logs with Cyber Threat Intelligence (CTI) written in STIX format

Stonesoft

  • StoneSoft Audit, Alert, FW, IPS, L2FW, SSLVPN log

  • StoneGate Management Center v5.x.x

  • StoneGate Firewall v5.x.x

Stormshield

  • Stormshield Network Security

  • Stormshield Manager

Suricata IDS

Suricata IDS

SuSE Linux Enterprise

SuSE Linux Enterprise Server

Sybase Adaptive Server Enterprise 15.x

Symantec Security

  • Mail Security for Microsoft Exchange

  • Symantec MessageLabs

  • Symantec Messaging Gateway

  • Symantec Endpoint Protection Version 12.1 RU6

  • Symantec AntiVirus Corporate Edition

  • Symantec VIP

SymantecCloudSecurity

Symantec Web Security Service

Syslog Forwarder File Fetcher

Syslog Forwarder

Teamcenter

Teamcenter by Siemens Version v10.1.2.1

Threat Intelligence

  • Emerging ThreatCritical StackCSISs

  • Critical Stack

  • Emerging Threats

  • CSIS

  • Custom CSV

  • MISP

  • Blueliv

  • Recorded Future

  • StixTaxii

TinyProxy

TinyProxy

Trapeze WLAN Controller

Trapeze WLAN Controller

Trend Micro

  • Trend Micro Control Manager v3.x, v5.x, v6.x

  • Trend Micro Office Scan v10.x, 11.x

  • Trend Micro DB

  • Trend Micro Deep Discovery Inspector v2.x, v3.x

  • Trend Micro IMSVA SMTP Relay v9

  • Trend Micro IWSVA v6.5

  • Trend Micro Deep Security Agent v6.x and above

  • Trend Micro Apex Central

Trustwave SEG

  • Trustwave SEG

  • Trustwave SEG, previously known as MailMarshal SEG or MailMarshal SMTP

UEBA Analytics

UEBA Analytics

Unix

  • Unix Syscall

  • Unix Ftpd

  • Unix Zookeeper

  • Unix Vasd

  • Unix Iptables

  • Unix Logger

  • Unix Ftp

  • Unix Xntpd

  • Unix Redis Server

  • Unix Chkpwd

  • Unix IPsec

  • Unix Kubelet

  • Unix Generic

  • Unix adcli

  • Unix Dockerd

  • Unix Chef Client

  • Unix SNMP Traps

  • Unix Auditd

  • Unix Crond

  • Unix Pure Ftpd

  • Unix Inetd

  • Unix SNMP

  • Unix Dhclient

  • Unix Cron

  • Unix Infinity

  • Unix Vparmodify

  • Unix VS Ftpd

  • Unix Rsandbox

  • Unix Runuser

  • Unix Devd

  • Unix Proftpd

  • Solaris OS

  • Unix SSL Proxy

  • Unix SCC

  • Unix Audispd

  • UNIX NFS

  • Unix nslcd

  • Unix Httpd

  • Unix Mountd

  • Unix dnsmasq

  • Unix Run-parts

  • Unix Kafka

  • Unix Ipmserver

  • Unix check nrpe

  • Unix Anacron

  • Unix php

  • Unix Xpand

  • Unix Routed

  • Unix Bash

  • UNIX Nscd

Unix

  • Unix Lvm

  • Unix Pengine

  • Unix Stonith NG

  • Unix Goferd

  • Unix Nagios

  • Unix IPMIEVD

  • Unix SAP

  • Unix Vmunix

  • Unix Savd

  • Unix Winbindd

  • Unix Syslog NG

  • Unix SU

  • Unix l4d

  • Unix Rsyslogd

  • Unix Rhnsd

  • Unix puppet-agent

  • Unix Suhosin

  • Unix Sudo

  • Unix ptymonitor

  • Unix Sfd

  • Unix Smbd

  • Unix passwd

  • Unix sssd

  • Unix Lrmd

  • Unix InotifyWait

  • Unix UCARP

  • Red Hat Linux

  • Unix rear

  • Unix NTPD

  • Unix RpcMountd

  • Unix Lighttpd

  • Unix Cimserver

  • Unix Cmclconfd

  • Unix Lvmpud

  • Unix NS

  • Unix ndo2db

  • Kernel

  • Unix Agetty

  • Unix Sudoscriptd

  • Docker

  • Unix Rshd

  • Unix xinetd

  • Unix SSHD

  • Unix Cifs Upcall

  • Unix Auditlog

  • Unix Sftp Server

  • Unix rgmanager

  • Unix PAM Tally

  • Unix subscription-manager

Unix

  • Unix Syslogd

  • Common Unix System

  • Unix Systemd

  • Unix Yum

  • Unix Snmpd

  • Unix Named

  • Unix Newrelic Infra

  • Unix Crmd

Vade Retro AntiSpam

Vade Retro AntiSpam

Varonis

Varonis

Vectra AI

Vectra AI

VeriSecFreja

Verisec Freja Version R2.4.0.11860-1367

Veritas

  • Veritas Backup Exec

  • Veritas NetBackup

VeritasSaaS Backup

VeritasSaaS Backup

VirusTotal

VirusTotal

Vmware ESX/ESXi

  • Vmware ESX/ESXi v4.x, v5.x, and v6.x

  • VMware vCenter v5.5.0, v6.0.0 and v6.5.0

  • VMware Horizon View v6.2.0

  • Vmware ESX/ESXi Vpxd

  • Vmware ESX/ESXi Vpxd Generic

  • Vmware ESX/ESXi Stats

  • Vmware ESX/ESXi LS

  • Vmware ESX/ESXi Vpxd-profiler

  • Vmware ESX/ESXi Access

  • Vmware ESX/ESXi Jointool

  • Vmware ESX/ESXi Vpxd_cfg

  • Vmware ESX/ESXi Kernel

  • Vmware ESX/ESXi Vpxa

  • Vmware ESX/ESXi Hostd

  • Vmware ESX/ESXi Syslog

  • Vmware ESX/ESXi hostd-probe

  • Vmware ESX/ESXi vmkwarning

  • Vmware ESX/ESXi Rhttpproxy

  • Vmware ESX/ESXi CROND

  • Vmware ESX/ESXi SFCBD

  • Vmware ESX/ESXi VOBD

  • Vmware ESX/ESXi CIMSLP

  • Vmware ESX/ESXi Heartbeat

  • Vmware ESX/ESXi TmpWatch

  • Vmware ESX/ESXi sshd

  • Vmware ESX/ESXi smbiosDump

  • Vmware ESX/ESXi vmauthd

  • Vmware ESX/ESXi Fdm

  • Vmware ESX/ESXi smartd

  • Vmware ESX/ESXi vmkernel

  • Vmware ESX/ESXi root

  • Vmware ESX/ESXi localcli

  • Vmware ESX/ESXi lwsmd

VPCFlowLog

AWS VPCFlowLog

vShield Edge LoadBalancer

vShield Edge LoadBalancer

VulnerabilityManagement

  • Tenable.sc

  • Nessus

  • Qualys

  • Rapid7 InsightVM

Wallix

  • Wallix v10.x

  • Wallix AdminBastion v4.2.3 build 24048 (wab-4.2.3.0-wallix1)

  • Wallix Proxy WPA R50 4.2.1

WatchGuard Firewall

  • Watchguard Firewall v11.x

  • Watchguard NGFW

  • Watchguard UTM

Web Analytics

  • Apache HTTP Server 2.2 (Specific to Common Log Format)

  • WebServer Common Log Format or Generic WebServer

  • NginX HTTP/Proxy Serve

Websense

  • Forcepoint Websense v8.X

  • Forcepoint (Websense) V10000 G3 – Software v8.2

WhoIsLookup

WHOIS database

Windows

  • Windows Server 2008, 2008 R2, 2012, 2012 R2, 2016, 2019

  • Windows Vista, 7, 8, 8.1, 10

  • Windows DNS Server

  • Windows DHCP Server

  • Windows Server HyperV

  • Windows Server R2 HyperV

XMLCompiledNormalizer

XML Compiled Normalizer for any valid  XML logs

Zeek

Zeek

Zertificon

Zertificon Z1

Zscalar

Zscaler NSS with the provided feed format.


Helpful?

We are glad this guide helped.


Please don't include any personal information in your comment

Contact Support