SEM connectors

Updated: October 16, 2024

SEM connectors intercept events sent from a specific product in your network and convert these events into normalized messages that SEM can understand.

See Collect and normalize event data using SEM connectors for details on how to apply a SEM connector update package and set up the SEM connectors.

SEM connector categories

Listed below are the categories of network security products that can connect to SEM. Click a category to review all current connectors available for the selected category. See SEM connector categories for a description of each category.

Anti-Virus	<return to top>
AMaViS	Collects syslog events from AMaViS. This product is a mail virus scanner that filters spam. Typically used in conjunction with the ClamAV connector.
AVG 7.5 Network
AVG DataCenter 7.5
AVG DataCenter 8.0
Bromium virtualization-based security catches	Bromium virtualization-based security catches.
ClamAV	Collects events from devices where the Clam AV application has been deployed.
Command Antivirus for Windows
Command for Exchange Server
Cylance-Next Generation Anti-Virus	Cylance-Next Generation Anti-Virus.
ESET NOD32 syslog	Collects syslog events from ESET NOD32 Server.
Enhanced Mitigation Experience Toolkit (EMET)	The Enhanced Mitigation Experience Toolkit (EMET) is a utility that helps prevent vulnerabilities in software from being successfully exploited. EMET achieves this goal by using security mitigation technologies. These technologies function as special protections and obstacles that an author must defeat to exploit software vulnerabilities. These security mitigation technologies do not guarantee that the vulnerabilities cannot be exploited. However, they work to make exploitation as difficult as possible to perform.
Eset Remote Administrator	Connector for Eset Remote Administrator.
F-Secure Anti-Virus 7
F-Secure Policy Manager Server 10	Collects F-Secure events from the Policy Manager Server H2 embedded database.
F-Secure syslog	Collects events from the F-Secure syslog.
Forefront Endpoint Protection - AV
Forefront Security Application Log (Client Security, Exchange and Sharepoint)
Forefront Security SQL Database
Forefront Security System Log (Client Security)
FreshClam	Collects events from devices using FreshClam to updated ClamAV. It is recommended that this connector is used in conjunction with the ClamAV connector.
Group Shield/Outbreak for Exchange Server
InoculateIT 6.0
InoculateIT 7.0+
Kaspersky Administration Kit 8
Kaspersky Administration Kit 8 - Extended version
Kaspersky Anti-Virus 10
Kaspersky Anti-Virus 6
Kaspersky Endpoint Security 11
Kaspersky Security Center
Kaspersky Security Center - Extended
Kaspersky events via Windows EventLog
Malware Bytes Management Console	Malware Bytes Management Console.
Malware Bytes non-syslog	Malware Bytes connector non-syslog, protection-log-yyyy-mm-dd, protection-log-yyyy-mm-dd.xml.
Malware bytes syslog	Malwarebytes protects you against malware, ransomware, and other advanced online threats.
McAfee Access Protection
McAfee Activity Log (4.5 DAT file update)
McAfee Mail Scan
McAfee NetShield
McAfee On Access Scan v7.0
McAfee Total Protection
McAfee Update v7.0
McAfee VSC
McAfee VSH 5.0/7.0
McAfee VSH 80i
McAfee VSH 85i
McAfee VSH Home
McAfee Web Email Scan
Microsoft Security Essentials
Microsoft Windows Defender-Operational	Microsoft Windows Defender is an anti-malware application that identifies and removes viruses, spyware, and other malicious software. To enable, a new key called Microsoft-Windows-Windows Defender/Operational needs to be added to the following registry entry: `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog` See this KB article for an example implemented on a different connector.
Microsoft Windows Defender-Windows Health Center	Microsoft Windows Defender is an anti-malware application that identifies and removes viruses, spyware, and other malicious software. To enable, a new key by the name of Microsoft-Windows-Windows%20Defender/WHC must be added to the following registry entry: `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog` See this KB article for an example implemented on a different connector. If there are issues, delete '`%20'` from the registry key name and Log File field. Make sure that both strings match.
NOD32 Antivirus 4 Access Event
NOD32 Antivirus 4 Access Scan
NOD32 Antivirus 4 Access Threat
NOD32 Antivirus 4 SQL Event
NOD32 Antivirus 4 SQL Scan
NOD32 Antivirus 4 SQL Threat
NOD32 Antivirus 5 Access Event	Collects NOD32 5 Event events from the ESET Remote Administrator MS Access database.
NOD32 Antivirus 5 Access Firewall	Collects NOD32 5 Firewall events from the ESET Remote Administrator MS Access database.
NOD32 Antivirus 5 Access Scan	Collects NOD32 5 Scan events from the ESET Remote Administrator MS Access database.
NOD32 Antivirus 5 Access Threat	Collects NOD32 5 Threat events from the ESET Remote Administrator MS Access database.
NOD32 Antivirus 5 SQL Event	Collects NOD32 5 Event events from the ESET Remote Administrator SQL database.
NOD32 Antivirus 5 SQL Firewall	Collects NOD32 5 Firewall events from the ESET Remote Administrator SQL database.
NOD32 Antivirus 5 SQL Scan	Collects NOD32 5 Scan events from the ESET Remote Administrator SQL database.
NOD32 Antivirus 5 SQL Threat	Collects NOD32 5 Threat events from the ESET Remote Administrator SQL database.
Palo Alto Traps	Palo Alto ESM Endpoint Security Manager, Anti-Virus.
Panda Security for Desktops 4.02
Sophos Anti-Virus SNMP
Sophos Anti-Virus for Win2k
Sophos Enterprise 2.0 Database
Sophos Enterprise 3.0 Database
Sybari's Antigen 7.0 for Exchange Server 2000
Symantec Corp Antivirus
Symantec Endpoint Protection 11	Collects events from Symantec Endpoint Protection versions 11 and later.
Symantec Endpoint Protection Small Business Edition - Application logs	Symantec Endpoint Protection Small Business Edition - Application logs.
Symantec Endpoint Protection Small Business Edition - own logs	To enable, a new key called 'Symantec Endpoint Protection Client must be added to the following registry entry: `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog` See this KB article for an example implemented on a different connector.
Symantec Protection Engine	Symantec Protection Engine.
Trend IMSS
Trend IMSS Policy
Trend IMSS Virus
Trend InterScan
Trend Micro Control Manager	Covers logs from Trend Micro Control Manager and Trend Micro Apex Central (including Apex One).
Trend Office Scan
Trend ScanMail
Trend Server Protect
VIPRE 5.0
VIPRE Business - System Events 4.0
VIPRE Business 4.0
VIPRE Enterprise 3.1
Webroot Antispyware Corporate Edition 3.5
eEye Blink Professional Endpoint Protection
Application	<return to top>
.Net Syslog Client	Net Syslog client. Supports both RFC 3164 and RFC 5424 Syslog standards, as well as UDP and encrypted TCP transports.
Application and Services Logs - CertificateServicesClient-Lifecycle-System	Application and Services Logs - CertificateServicesClient-Lifecycle-System. To enable, a new key called Microsoft-Windows-CertificateServicesClient-Lifecycle-System/Operational must be added to the following registry entry: `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog` See this KB article for an example implemented on a different connector.
Application and Services Logs - CertificateServicesClient-Lifecycle-User	Application and Services Logs - CertificateServicesClient-Lifecycle-User. To enable, a new key called Microsoft-Windows-CertificateServicesClient-Lifecycle-User/Operational must be added to the following registry entry: `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog` See this KB article for an example implemented on a different connector.
Atlassian JIRA
BST Enterprise	Collects events from BST Enterprise.
BST Enterprises	BST Enterprises - Business software solution for Accounting.
BlueEye	Blue Eye Video management system. To enable, a new key called Raytheon Blue Eye must be added to the following registry entry: `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog` See this KB article for an example implemented on a different connector.
Bomgar Appliance	Collects events from Bomgar remote support appliance.
Bunyan Admin/DS Logging	Bunyan logging system for our NODE.JS application.
Call Copy	Records the calls and screen of the call center agents.
Cimcor CimTrak via syslog	Cimcor CimTrak is a file integrity monitoring solution.
Citrix StoreFront Delivery Services	Manages the delivery of desktops and applications from XenApp and XenDesktop servers and XenMobile servers in the data center to user devices.
Cron Service	Gathers messages from the Cron daemon service.
DAXMonitor- Demand AnalytX monitor	Logs to the windowsappliance logs.
Dell AppAssure	Dell AppAssure reliably backs up, replicates, verifies and restores data.
Dell Quest Rapid Recovery (AppAssure Logs)	Dell Quest Rapid Recovery (AppAssure Logs) - Rapid Recovery backup and restore appliance. To enable, a new key called AppAssure needs to be added to the following registry entry: `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog` See this KB article for an example implemented on a different connector.
Dell Quest Rapid Recovery (Dell Logs)	Dell Quest Rapid Recovery (Dell Logs) - Rapid Recovery backup and restore appliance. To enable, a new key called Dell needs to be added to the following registry entry: `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog` See this KB article for an example implemented on a different connector.
Dell Quest Rapid Recovery (Quest Logs)	Dell Quest Rapid Recovery (Quest Logs) - Rapid Recovery backup and restore appliance. To enable, a new key called Quest needs to be added to the following registry entry: `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog` See this KB article for an example implemented on a different connector.
Denyhosts	Gathers events from the Sourceforge Denyhosts script.
Directory Synchronization
Epic	Electronic Health Records System.
FactoryTalk View	A versatile HMI application that provides a dedicated and powerful solution for machine-level operator interface devices.
Flex Teller
Hitachi JP1 Job Management Partner 1 / Automatic Job Management System	Collects Hitachi JP1 Job Management Partner 1 / Automatic Job Management System 3 messages.
Hitachi JP1 Job Management Partner 1/Base	Collects Hitachi JP1 Job Management Partner 1/Base messages.
Honeyd Virtual Honeypot	Gathers messages from the Honeyd daemon.
HuaweiNCE	Collects events from Huawei NCE devices.
Hyland Workflow Timer Service	Hyland Workflow Timer Service Administration is administrative interface for managing core based workflow timers. To enable, a new key by the name of Hyland must be added to the following registry entry: `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog` See this KB article for an example implemented on a different connector.
HyperV-Hypervisor-Operational	To enable, a new key called Microsoft-Windows-Hyper-V-Hypervisor-Operational must be added to the following registry entry: `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog` See this KB article for an example implemented on a different connector.
HyperV-Integration-Admin	To enable, a new key called Microsoft-Windows-Hyper-V-Integration-Admin must be added to the following registry entry: `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog` See this KB article for an example implemented on a different connector.
HyperV-SynthNic-Admin	To enable, a new key called Microsoft-Windows-Hyper-V-SynthNic-Admin must be added to the following registry entry: `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog` See this KB article for an example implemented on a different connector.
HyperV-VMMS-Admin	To enable, a new key called Microsoft-Windows-Hyper-V-VMMS-Admin must be added to the following registry entry: `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog` See this KB article for an example implemented on a different connector.
HyperV-VMMS-Networking logs	Hyper-V-VMMS-Networking windows event log coverage To enable, a new key called Microsoft-Windows-Hyper-V-VMMS-Networking must be added to the following registry entry: `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog` See this KB article for an example implemented on a different connector.
HyperV-VMMS-Operational	HyperV-VMMS-Operational. To enable, a new key called Microsoft-Windows-Hyper-V-VMMS-Operational must be added to the following registry entry: `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog` See this KB article for an example implemented on a different connector.
HyperV-Worker-Admin	To enable, a new key called Microsoft-Windows-Hyper-V-Worker-Admin must be added to the following registry entry: `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog` See this KB article for an example implemented on a different connector.
IBM RACF and DB2 Syslog	Collects syslog events from devices running RACF and DB2.
IBM RACF messages	Collects events from devices running RACF.
JBoss Logging (MM/dd/yyyy HH:mm:ss)	JBoss is a module for Java that performs website programming. This connector covers logs that have the following date/time format: MM/dd/yyyy HH:mm:ss
JBoss Logging ISO8601 (yyyy-MM-dd HH:mm:ss)	JBoss is a module for Java that performs website programming. This connector covers logs that have the following date/time format: ISO8601 yyyy-MM-dd HH:mm:ss
Linux YUM
Log4Net
Log4j	Collects Events from Log4j Applications.
Luminis Access	Web Servers (portals).
Luminis cp	Web Servers (portals).
Made2Manage
ManageEngine Password Manager Pro	Stores and manages sensitive information.
Meditech	Collects application access, configuration and user monitoring events from devices running Meditech software.
Meditech EMR Access Log
Microsoft Lync	Microsoft Lync is an enterprise-ready unified communications platform. To enable, a new key called Lync%20Server must be added to the following registry entry: `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog` See this KB article for an example implemented on a different connector.
Microsoft Windows AppLocker- EXE and DLL	To enable, a new key called Microsoft-Windows-AppLocker/EXEandDLL must be added to the following registry entry: `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog` See this KB article for an example implemented on a different connector.
Microsoft Windows AppLocker- MSI and Script	To enable, a new keycalled Microsoft-Windows-AppLocker/MSIandScript must be added to the following registry entry: `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog` See this KB article for an example implemented on a different connector.
Microsoft Windows Failover Clustering (HyperV Cluster) logs	Microsoft Windows Failover Clustering (HyperV Cluster) log coverage To enable, a new key called Microsoft-Windows-FailoverClustering/Operational must be added to the following registry entry: `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog` See this KB article for an example implemented on a different connector.
NetwrixAuditor	Covers Netwrix Auditor Integration API logs in Microsoft Windows Event format.
OnBase enterprise information platform	OnBase enterprise content services platform managing content, processes, and cases. To enable, a new key called OnBase%20Log must be added to the following registry entry: `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog` See this KB article for an example implemented on a different connector.
Oracle Hyperion FM log	Collects Windows Events from the Oracle Hyperion Financial Management Application.
Oracle Linux messages log	Oracle Linux messages log.
Oracle WebLogic Server 12c	Oracle WebLogic Server 12c is a Java EE application server. The logLocation is dependent on Server Name. It must be changed when creating a new connector.
PowerShell	An automation platform and scripting language for Windows and Windows Server operating systems.
PowerShell 5.0	Extra logging for PowerShell 5.0. To enable, a new key called Microsoft-Windows-PowerShell/Operational must be added to the following registry entry: `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog` See this KB article for an example implemented on a different connector.
Print Services for Windows 7/2008(Admin)	Print Services help to share printers on a network and centralize print server and network printer management tasks. To enable, a new key called Microsoft-Windows-PrintService/Admin must be added to the following registry entry: `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog` See this KB article for an example implemented on a different connector.
Print Services for Windows 7/2008(Operational)	Print Services helps to share printers on a network and centralize print server and network printer management tasks. To enable, a new key called Microsoft-Windows-PrintService/Operational must be added to the following registry entry: `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog` See this KB article for an example implemented on a different connector.
QCSI Application Log data
QCSI Data Logs
QCSI System Logs
Rohde and Schwarz CyberSecurity	Covers Rohde and Schwarz Cyber Security logs. Supports RFC 5424 standard.
Salient Commercial Solutions	Provides agile solutions and security for IBM, Insurance, and Mortgage domains.
Savant Protection	Collects application-specific events from devices with Savant Protection installed on them.
Shibboleth IDP warn logs	Shibboleth IDP warn logs.
Subnet POWER SYSTEM - AccessServer, ApplicationServer, DataServerSQL, ApplicationServerSharePoint
Syslog-ng	A separate connector for syslog-ng internal events.
Toshiba devices	Collects events from Toshiba printer and multifunction digital imaging systems.
Verint	Provides software and hardware products for customer engagement management, security, surveillance, and business intelligence.
Wescom Resources Group's Host Gateway Windows Log
Windows Active Directory Federation Services	Windows ADFS logs to different locations. To enable, logLocation should be changed to match Log Name in the Event Viewer. A new key with the name same as logLocation must be added to the following registry entry: `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog` See this KB article for an example implemented on a different connector.
Windows Active Directory Federation Services, Auditing
Windows DHCP Server 2000/2003/2008 event Log(Admin)
Windows DHCP Server 2000/2003/2008 event Log(Operational)	To enable, a new key called Microsoft-Windows-Dhcp-Server/Operational must be added to the following registry entry: `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog` See this KB article for an example implemented on a different connector.
Windows Secure Envoy Log	Windows Secure Envoy log - authentication
Windows Setup Log	To enable, a new key called Setup must be added to the following registry entry: `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog` See this KB article for an example implemented on a different connector.
db2diag local file non-syslog	db2diag local file non-syslog
vCenter vpxd 6.0 logs	A piece of software, for software, hardware and applications for visualization Platform.
Application Switch	<return to top>
Cisco Content Services Switch	Collects events from Cisco Content Services Switches.
Citrix Secure Access Gateway Enterprise Appliance / Netscaler	Collects events about application access, configuration, and user monitoring from Netscalers.
ConSentry Controller	Collects events from ConSentry switches.
Coyote Point Equalizer	Collects events from the Coyote Point Equalizer server load balancing appliance.
F5 BigIP BSD daemon messages	Collects events about services running on F5 appliances.
F5 BigIP HTTPD specific	Collects web traffic events (primarily HTTP errors and warnings) from F5 appliances.
F5 BigIP messages	Collects authentication and service-related events on the F5 appliances.
F5 General BIG-IP specific messages	Collects events specific to local traffic manager(LTM) and Application Security Manager(ASM) on the F5 appliances.
FireProof	Collects events from FireProof application switches.
LinkProof	Collects device information and connection events from LinkProof switches.
Nortel Alteon	Collects events from Nortel Alteon application switches.
Radware AppDirector
Data Loss Prevention	<return to top>
Bit9 Parity v5+ Syslog	Collects events generated by the Bit9 Parity application control suite.
CodeGreen Content Inspection	Collects content-related events generated from devices where Code Green is deployed. Should also enable the Code Green Content Inspection User connector.
CodeGreen Content Inspection user	Collects events about creating and deleting users, connecting to LDAP, and settings changes from devices where Code Green is deployed. Should also enable the Code Green Content Inspection connector.
DeviceLock Audit
DeviceLock Events
EMC RecoverPoint	Collects authentication and device management events from RecoverPoint and RecoverPointSE appliances.
FileSure
Forcepoint TRITON AP-DATA	Collects events from Forcepoint/Websense TRITON AP-DATA and Forcepoint DLP.
Microsoft Backup Operational logs	To enable, a new key called Microsoft-Windows-Backup/Operational must be added to the following registry entry: `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog` See this KB article for an example implemented on a different connector.
Microsoft Data Protection Backup manager	To enable, a new key called DPM Backup Events must be added to the following registry entry: `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog` See this KB article for an example implemented on a different connector.
Microsoft Data Protection Manager	To enable, a new key called DPM Alertsmust be added to the following registry entry: `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog` See this KB article for an example implemented on a different connector.
NuBridges Protect Key Manager	Collects events from NuBridges Protect Key Manager software. Should be used in conjuction with NuBridges Protect Resource Service and NuBridges Protect Token Manager Engine.
NuBridges Protect Resource Service	Collects events from NuBridges Protect Key Manager software. Should be used in conjuction with NuBridges Protect Resource Service and NuBridges Protect Token Manager Engine.
NuBridges Protect Token Manager Engine	Collects events from NuBridges Protect Key Manager software. Should be used in conjuction with NuBridges Protect Resource Service and NuBridges Protect Token Manager Engine.
Rubrik	Backs up VMs and physical machines.
SecureSphere	Collects events from Imperva SecureSphere Database, Web, and File security products.
SecureSphere Database Gateway 6.0	Collects events from Imperva SecureSphere Database Gateways using firmware version 6.0+.
SecureSphere System and Firewall Events 6.0	Collects events from Imperva Firewalls using firmware version 6.0+.
SecureSphere Web Application Firewall 6.0	Collects events from Imperva SecureSphere Web Application Firewall 6.0 using firmware version 6.0+.
SecureSphere v10	Collects events from Imperva SecureSphere v10.
Veeam backup and availability	Veeam Backup provides backup and recovery of virtualized applications and data.
Veeam endpoint backup and availability	Veeam endpoint Backup provides backup and recovery of virtualized applications and data.
Vericept Monitor	Collects communication events from devices running Vericept Monitor software.
Websense Data Security	Collects device/software events from Websense gateways.
Database	<return to top>
Collects events from Postgres Database log file	Collects events from the Postgres Database log file.
IBM DB2 messages	Collects events from DB2.
LOGbinder SQL	Connects the SQL Server audit log to SIEM.
LOGbinder SQL Security	Connects the SQL Server audit log to SIEM.
MS SQL Audit Events	Collects Microsoft SQL Server Audit events written into Windows Application/Security Log. For more information about SQL Auditing, see SQL Server Audit (Database Engine) on Microsoft SQL doumentation.
MSSQL Application Log
MySQL Database log	Monitors MySQL uptime, connections, and Error logs.
MySQL database tools on Windows err log	MySQL provides a suite of tools for developing and managing business critical applications on Windows. This one covers the err log. You will need to choose the correct .err file
OpenEdge Audit
Oracle Alert Log	Oracle Alert gives an immediate view of the critical activity in a database.
Oracle Auditor - Buffer - Extended version	Collects Oracle Audit events via log, including the table actions SELECT, INSERT, UPDATE, and DELETE.
Oracle Auditor - Database
Oracle Auditor - Database - Extended	Collects events from Oracle Database, including Select, Insert, Update, and Delete.
Oracle Auditor - Syslog	Collects Oracle Audit events via Syslog.
Oracle Auditor - Syslog - Extended version	Collects Oracle Audit events via Syslog, including the table actions SELECT, INSERT, UPDATE, and DELETE.
Oracle Auditor - Windows
Oracle Auditor - Windows - Extended version	Collects Oracle Audit events through WindowsLog, including the table actions SELECT, BEGIN, INSERT, UPDATE, and DELETE.
Oracle Unified Auditing system.	Oracle Unified Auditing system starts with version 12c and must be set manually.
SolarWinds Log and Event Manager MSSQL Auditor	MSSQL Auditor supports only SQL Server versions up to 2016. SolarWinds recommends using the 'MS SQL Audit Events' connector since it supports the newest MS SQL Server versions.
E-Mail	<return to top>
IBM Domino (AIX)	IBM Domino (Lotus) for AIX.
LOGbinder for Exchange
Lotus Notes Webmail
Lotus Notes and Domino Server 8
Microsoft Exchange Application Log
Microsoft Exchange Event Log
Microsoft Exchange Management Log	Microsoft Exchange Management Log
Microsoft Exchange Message Tracking	Tracks all mail and message activity on the Microsoft Exchange server.
File Transfer and Sharing	<return to top>
Accellion Secure File Transfer using https and SFTP	Accellion is an content collaboration platform that enables to seamlessly access content, and centralized access to multiple on-premises and cloud-based content systems.
Axway Secure Client	Collects events from the Axway Secure Client.
Cerberus FTP Server
CrushFTP	CrushFTP is a robust file transfer server that makes it easy to setup secure connections with your users.
DFS Replication	Gathers Distributed File System Replication events from the DFS Replication Windows Event Log.
EFT Server Enterprise Windows Application Log
FileZilla
GENE6 Secure FTP Server Security	Gene6 FTP Server is a professional Windows FTP Server used to transfer important files over the Internet.
GENE6 Secure FTP Server Transfer	Gene6 FTP Server is a professional Windows FTP Server used to transfer important files over the Internet.
Globalscape EFT client
Globalscape Secure FTP (W3C Extended file format)
GoAnywhere Services	A secure FTP server (and optional web server) that allows trading partners and employees to connect to your system and exchange files in a secure environment.
HP StorageWorks Modular Smart Array SNMP	HP StorageWorks Modular Smart Array SNMP.
LOGbinder for Sharepoint: LOGbinder SP log
LOGbinder for Sharepoint: LOGbndSP log
LOGbinder for Sharepoint: Security Log
MOVEit Log
MOVEit Windows Application Log
Microsoft IIS FTP Server 5+ (W3C Extended file format)
Microsoft IIS FTP Server 7.0 (W3C Extended file format)
Microsoft Offline Files Operational	Microsoft Offline Files logs issues with Sync centre/offline file sync. To enable, a new key called Microsoft-Windows-OfflineFiles%4Operational must be added to the following registry entry: `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog` See this KB article for an example implemented on a different connector.
OpenBSD FTPd	Collects FTP-related events from devices running OpenBSD FTPd.
Panzura Distributed File Services	The Panzura Global File System transforms cloud storage, public or private, into a high-performance, globally distributed file system.
ProFTPD Access
ProFTPD Auth
Pure Storage Purity	Pure Storage Purity software-defined storage and flash management purpose-built to power Pure’s shared accelerated storage.
Pure-FTPd
QNAP NAS/File Server
Samba	Collects file and print sharing related events from devices running Samba.
Serv-U FTP Server
Serv-U FTP Server (Never Rotate)
SmartFile Secure File Sharing and Transfer Solutions	SmartFile Secure File Sharing and Transfer Solutions.
Solarwinds SFTP/SCP Server	Solarwinds SFTP/SCP Server is a free SFTP server for reliable and secure network file transfers.
Varonis DatAdvantage File Monitoring	Varonis DatAdvantage monitors Network File Shares Directory services for suspicious behavior. You can monitor file activity and user behavior, prevent data breaches, and make permissions management and auditing.
WS_FTP Server Corporate	Collects FTP traffic analysis events, by user, source, destination, configuration, and authentication, from devices running WS_FTP.
secRMM	Security Removable Media Manager.
vsftpd xferlog
Firewalls	<return to top>
A10 Load Balancer and Web Application Firewall	Gathers events from A10 Load Balancer and A10 Web Application Firewall devices.
AhnLab TrusGuard	Collects events from an AhnLab TrusGuard device.
AppWall	AppWall - Web Application Firewall (WAF).
Applicure dotDefender	Applicure dotDefender web application firewall.
Barracuda NG Firewall (Phion Netfence)
Barracuda NG Firewall (Phion Netfence) Extended
Barracuda Web Application Firewall	Collects events from Barracuda Web Application Firewall devices. Recommend using this connector along with the BarracudaAdmin and BarracudaWeb connectors. System, Web Firewall, Access, Audit and Network Firewall logs have a new connector (BarracudaADC),. Please try if it does work for your case,. If not, use this connector.
BLUEMAX NGF Firewall	Collects events from a BLUEMAX NGF Firewall device.
Borderware Firewall	Collects events from Borderware (now Watchguard XCS) appliances.
Check Point Firewalls 5000 series	Gathers logs from Check Point Firewalls 5000 series.
CheckPoint 600 Appliances (optional) daemon.log	Collects events from CheckPoint 600 Appliances. May possibly work for 700 Appliances, but SolarWinds could use some verification. It sends to auth.log, user.log and daemon.log.
CheckPoint 600 Appliances (optional) user.log	Collects events from CheckPoint 600 Appliances. May possibly work for 700 Appliances, but SolarWinds could use some verification. It sends to auth.log, user.log and daemon.log.
CheckPoint 600 Appliances (required) auth.log	Collects events from CheckPoint 600 Appliances. May possibly work for 700 Appliances, but SolarWinds could use some verification. It sends to auth.log, user.log and daemon.log.
CheckPoint2200	CheckPoint2200 - A security gateway providing an all-in-one security solution.
CheckPoint2200Kern	CheckPoint2200 kern log - A security gateway providing an all-in-one security solution.
CheckPointR80	Gathers logs from Check Point R80.20.
Checkpoint Edge X Firewall	Collects events from CheckPoint appliances that are running EdgeX firmware.
Checkpoint Safe@Office Firewall	Collects events from CheckPoint appliances that are running the safe@office firmware.
Cisco ASA and IOS	Collects events from Cisco ASA, PIX, FWSM, and ACE firewalls, as well as IOS based routers/switches.
Cisco Firesight	Cisco FireSIGHT Management Center: Centralized Policy, Event, and Device Management.
Cisco SA500 Series Security Appliances	Collects events from the 540 series of Cisco SA500 Security Appliances.
Clavister firewall	Clavister E80 and W20 Devices are next generation firewall.
Cyberguard
D-Link DFL firewall	Collects events from D-Link DFL Firewalls.
EndianUTM	Endian Unified Threat Management (UTM) is a set of security features integrated into an all-in-one solution.
Firewall Blockbit	Collects logs from Blockbit Firewall.
FortiClient	Provides automated endpoint threat prevention.
FortiGate 5.0+	Collects events from Fortigate UTM appliances that use firmware version 5.0 and later.
GNAT Box System Software v.3.3	Collects events from the GNAT Box UTM software firewalls OR hardware running GNAT Box v3.3 or higher.
HP Firewall	Collects events from the HP Firewall Appliance.
Hirschmann EAGLE System Industrial Firewall	Collects events specific to Hirschmann EAGLE System Industrial Firewall/VPN-router appliances.
IBM DataPower	An XML Gateway appliance that supports security/Web services and Enterprise Service Bus aspects.
IP Filter	Collects events from devices running IPFilter firewall software.
IPFire OpenSource Firewall Distribution	A hardened Linux appliance distribution designed for use as a firewall.
Incapsula Web Application Firewall via syslog	Incapsula Web Application Firewall through syslog.
Ingate Firewall	Collects events for the Ingate Firewall 1190.
Juniper Virtual Gateway	Collects events from Juniper virtual gateway devices.
Juniper/NetScreen 5	Collects events from Juniper firewalls running ScreenOS version 5.0 or later.
Kerio Control Firewall	Network firewall, router and leading-edge IPS.
McAfee Firewall v5.8 CEF	Collects events from McAfee Firewall/VPN appliances and Virtual Firewall/VPNs running software/firmware version 5.8 or later.
McAfee ForcePoint Firewall	Collects events from Forcepoint Firewall/VPN appliances and Virtual Firewall/VPNs running software/firmware.
Microsoft Forefront Threat Management Gateway 2010 Firewall (W3C Server file format)	Collects Microsoft Forefront Threat Management Gateway log messages from files in the W3C format.
Microsoft ISA 2000 Firewall (ISA Server file format)
Microsoft ISA 2004 Web Proxy (ISA Server file format)
Microsoft ISA 2004 Web Proxy (W3C Server file format)
Microsoft ISA 2004/2006 Firewall (ISA Server file format)
Microsoft ISA 2004/2006 Firewall (W3C Server file format)
Microsoft ISA 2006 Web Proxy (ISA Server file format)
Microsoft ISA 2006 Web Proxy (W3C Server file format)
Microsoft ISA Firewall (W3C Extended file format)
Microsoft ISA Packet Filter (ISA Server file format)
Microsoft ISA Packet Filter (W3C Extended file format)
Microsoft ISA Server Application Log
Microsoft ISA Web Proxy (ISA Server file format)
Microsoft ISA Web Proxy (W3C Extended file format)
Microsoft Windows Firewall Advanced Security Events	Microsoft Windows Firewall with Advanced Security/Firewall events. To enable, a new key called Microsoft-Windows-Windows Firewall With Advanced Security/Firewall must be added to the following registry entry: `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog` See this KB article for an example implemented on a different connector.
Netgear FV Series	Collects events from Netgear FV series firewall appliances.
Netscreen(Juniper SRX firewall)	Collects events from Juniper Netscreen firewall appliances running firmware version 4.x.
Network Box RM300 and ITPE1000	Collects events from Network Box firewall devices.
OPSEC(TM) / Check Point(TM) NG LEA Client
OPSWAT Metadefender	OPSWAT Metadefender - Data sanitization (CDR), vulnerability assessment, multiple anti-malware engines, and customized security policies.
OSSEC Active Response log	Add and Delete events from OSSEC active response log.
Palo Alto Networks Firewalls	Collects events from Palo Alto firewalls running PanOS. To enable this connector, set Log Format as BSD. Also, set all fields in Custom Log Format to Default. See this KB article to set up logging.
SECUI MF2	Collects events from a SECUI MF2 Firewall device.
Sidewinder 6.1+ Firewall	Collects events form the McAfee Sidewinder Firewall (Versions 6.1+).
Sidewinder Firewall	Collects events form the McAfee Sidewinder Firewall (Versions pre 6.1).
SonicWall	Collects events from Dell SonicWall Firewall devices.
SonicWall GMS
Sophos (Astaro) Security Gateway	Collects events from the following Sophos (Astaro) Security Gateways: 110, 120, 220, 320, 425, 525, 625.
SophosXG Firewall	SophosXG Firewall
StoneGate Firewall v5.3 CEF	Collects events from StoneGate Firewall/VPN appliances and Virtual Firewall/VPNs running software/firmware version 5.3 or later.
Storm Shield Netasq Firewall	Storm Shield Netasq Firewall
Symantec Velociraptor 1.5	Collects events from the Symantec Velociraptor Firewall version 1.5.
Symantec Velociraptor 2.0	Collects events from the Symantec Velociraptor Firewall version 2.0.
Symantec Velociraptor 3.0	Collects events from the Symantec Velociraptor Firewall version 3.0+.
Tippingpoint X505	Collects Firewall, VPN, and Web events from the Tippingpoint X-series.
Titanium Mirror Firewall	Collects events for Titanium Mirror firewalls (TM0100, TM0300, TM0310, and TM1100).
Tofino Firewall LSM for Industrial Networks	Collects events specific to Industrial Network and takes control of network traffic.
Trend Deep Security	Collects events from devices running Trend Deep Security software.
Trend Deep Security LEEF logs format	Collects events from devices running Trend Deep Security software.
Untangle NG Firewall	Untangle NG Firewall provides network management software.
VMWare vShield Edge Firewall	Gathers events from VMWare's vShield Edge Firewall.
VisNetic Firewall
WatchGuard firewalls	Collects events from Watchguard firewalls.
Windows Firewall
ZyXEL ZyWALL CEF Format	Gathers events from ZyXEL ZyWALL CEF Format.
eSoft	Collects events from the following InstaGate devices: Firewall models 404, 404e, 604, 806, and ThreatWall models 250, 450, and 650.
iptables / netfilter	Collects events from devices running iptables or netfilter.
pfSense Firewall/Router	pfSense is an open source firewall/router computer software distribution based on FreeBSD.
IAM	<return to top>
BioPassword
Cisco (NAC) Network Access Control Appliance with Clean Access Manager (CAM) or Server (CAS) Software	Collects events from Cisco NAC (clean access) appliances.
Cisco ACS Admin Audit
Cisco ACS Admin Audit 4.1+
Cisco ACS Backup and Restore
Cisco ACS Database Replication
Cisco ACS Database Sync
Cisco ACS Express
Cisco ACS Failed Attempts
Cisco ACS Passed Authentications
Cisco ACS RADIUS Accounting
Cisco ACS Service Monitoring
Cisco ACS TACACS+ Accounting
Cisco ACS TACACS+ Administration
Cisco ACS User Password Changes
Cisco ACS VoIP
Cisco Customer Voice Portal Application Activity Date Rotating Log	Activity taken by callers when they visit an application.
Cisco Customer Voice Portal Application Activity Log	Activity taken by callers when they visit an application.
Cisco Customer Voice Portal Application Admin Date Rotating Log	Shows admin events for the app.
Cisco Customer Voice Portal Application Admin Log	Shows admin events for the app.
Cisco Customer Voice Portal Application Error Date Rotating Log	Shows system-error events for the app. Some events result in the failure of the call.
Cisco Customer Voice Portal Application Error Log	Shows system-error events for the app. Some events result in the failure of the call.
Cisco Customer Voice Portal Global Admin Date Rotating Log	Logs admin events that affect the server as a whole.
Cisco Customer Voice Portal Global Admin Log	Logs admin events that affect the server as a whole.
Cisco Customer Voice Portal Global Error Date Rotating Log	Logs errors that are outside the scope of one app.
Cisco Customer Voice Portal Global Error Log	Logs errors that are outside the scope of one app.
Cisco Customer Voice Portal Global call Date Rotating Log	Logs one row for each session (visit to one app by one call).
Cisco Customer Voice Portal Global call Log	Logs one row for each session (visit to one app by one call).
Cisco Customer Voice Portal Server Startup Error Date Rotating Log	Shows Global log.
Cisco Customer Voice Portal Server Startup Error Log	Shows Global log.
Cisco Identity Services Engine (ISE)	Automates and enforces context-aware security access to network resources.
Cisco Secure ACS 4.1 Syslog	Collects events from Cisco ACS (versions 4.1 up to 5).
Cisco Secure ACS 5+ Syslog	Collects events from Cisco ACS (versions 5 and up).
ClearBox Enterprise RADIUS server	Collects authentication packet events from ClearBox Enterprise RADIUS Server 5.7.
Cyber-Ark Vault	Collects events from the Cyber-Ark Vault Privileged Identity Management Suite, Privileged Session Management Suite, and Sensitive Information Management Suite.
Dell Defender	Manages 2 factor and multi-factor authentication for identity storage and management.
DigitalPersona Pro
Entrust Identity Guard (IDG)	Entrust Identity Guard (IDG) Identity-based security software.
Extreme Sentriant	Collects identity and access management events from Sentriant appliances.
FreeRADIUS
FutureX Excrypt	Gathers events from the FutureX Excrypt SSP9000 hardware security module.
IAS RADIUS Non-Rotating File
IAS RADIUS Rotating File
IBM Tivoli Access Manager for Operating Systems	Gathers events from IBM Tivoli Access Manager for Operating Systems.
Imprivata Appliance	Manages single-sign-on behavior, multi-factor authentication, and related authentication behavior for applications.
Juniper SBR authentication accepts report log
Juniper SBR authentication accepts report log
Juniper SBR authentication rejects report log
Juniper SBR authentication rejects report log
KEMP Kern Log	KEMP load balancer kernel log.
ManageEngine Password Manager Pro SNMP
Microsoft Azure AD Password Protection DC Agent Admin	To enable, a new key called Microsoft-AzureADPasswordProtection-DCAgent/Admin must be added to the following registry entry: `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog` See this KB article for an example implemented on a different connector. Microsoft Azure AD Password Protection DC Agent Admin allows custom banned password lists and prevents users from setting passwords to known compromised passwords or passwords defined in the custom banned list.
Microsoft RRAS
Microsoft RRAS Extended NPS Log Format
Microsoft Windows Group Policy Operational	To enable, a new key called Microsoft-Windows-GroupPolicy/Operational must be added to the following registry entry: `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog` See this KB article for an example implemented on a different connector. Microsoft Windows Group Policy Operational provides centralized management and configuration of operating systems, applications and users settings in an Active Directory environment.
Microsoft Windows Terminal Services Gateway	To enable, a new key called Microsoft-Windows-TerminalServices-Gateway/Operational must be added to the following registry entry: `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog` See this KB article for an example implemented on a different connector.
Microsoft Windows Terminal Services Gateway Admin	To enable, a new key called Microsoft-Windows-TerminalServices-Gateway/Admin must be added to the following registry entry: `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog` See this KB article for an example implemented on a different connector.
Microsoft Windows Terminal Services Remote Connection Manager	To enable, a new key called Microsoft-Windows-TerminalServices-RemoteConnectionManager/Operational must be added to the following registry entry: `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog` See this KB article for an example implemented on a different connector.
Net Access
NetIQ Directory and Resource Administrator
Novell Identity Audit DB
OneSpan	Collects events from OneSpan Authentication Server
Pleasant Password Server	Pleasant Password Server is a multi-user password management tool.
PointSec PC
RSA Authentication Manager 7.1	Collects authentication events from the RSA Authentication Manager 7.1 or higher.
SafeNet Authentication Service (SAS) Windows Events	Collects SafeNet Authentication Service (SAS) Windows Events. SafeNet Authentication Service is an on-premises authentication solution.
SafeNet SafeWord
Safenet Authentication service	SafeNet's Authentication Service is a multifactor authentication (MFA) software product that adds supplementary security measures to standard user name/password logins for a variety of servers and services.
SanDisk CMC
SecurID
SecurID Syslog	Collects syslog events from RSA RSA ACE servers.
SecureAuth idP	Provides infrastructure for multi-factor authentication and single sign on.
Shibboleth Identity Provider	Shibboleth SAML/CAS Identity management system, audit logging.
SolarWinds Access Rights Manager	Gathers messages from SolarWinds Access Rights Manager.
Thycotic Secret Server
TriCipher	Collects events from devices running the TriCipher software.
Two-Factor Authentication For Active Directory	To enable, a new key called AuthLite Security must be added to the following registry entry: `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog` See this KB article for an example implemented on a different connector.
Vormetric	Collects file access related events, administrative activity, service activity (problems with agents, etc) from devices running Vormetric software or appliances.
Windows IAS and NPS System Log	Collects messages from Windows Internet Authentication Service (IAS) and Windows Network Policy Server (NPS) through the Windows System log.
Windows server netlogon debug log	Netlogon is a Windows Server process that authenticates users and other services within a domain.
eDMZ Password Auto Repository	Collects events from eDMZ appliances (also called Quest Privileged Password Manager).
entrust	Provides identity-based security solutions for secure governments, enterprises. and financial institutions.
IDS and IPS	<return to top>
ActiveScout	Gathers events from ForeScout's ActiveScout (CounterAct Edge) Intrusion Prevention System (IPS) device.
Cisco FirePOWER Module (Sourcefire 3D system)	Cisco FirePOWER Module (Sourcefire 3D Network Defence System).
Cisco IDS/IPS v4/5.x
Cisco IPS 5+ (SDEE)
Core Network Insight	Core Network Insight (formerly Damballa Failsafe) is an advanced threat detection system.
Darktrace - threat detection and classification	Darktrace is threat detection and classification solution.
Dragon IDS	Collects events from Enterasys Dragon IDS/IPS appliances.
FortiSnort
GFI LANguard System Integrity Monitor 3
IBM IPS XGS	Collects events from IBM Security Network Protection XGS solutions.
IBM XGS	IBM XGS Intrusion Prevention System.
ISS Proventia IPS
ISS RealSecure IDS
Juniper IDP 250 v5.0	Collects events from Juniper IDP 250 appliances running firmware version 5.0+.
Juniper IDP 3.x	Collects events from Juniper IDP appliances running firmware version 3.x.
Juniper IDP 4.0+	Collects events from Juniper IDP appliances running firmware version 4.0+.
McAfee Network Security Manager	Collects events from McAfee IPS devices.
Microsoft ATA (Advanced Threat Analytics)	Microsoft ATA (Advanced Threat Analytics) - Microsoft Cloud based SIEM.
NitroGuard IPS - Snort Format	Collects Snort-format events from Nitroguard IPS appliances.
NitroSecurity IPS	Collects Nitro-format events from Nitroguard IPS appliances.
Osiris Host Integrity Monitoring System
Radware DefensePro	A real-time, behavioral based attack mitigation device.
Reflex IMC	Collects Intrusion events from the Reflex Security IPS.
Secure Auth (Syslog)	Secure Auth collects audit events from SecureAuth IdP Appliance in syslog format.
SecureAuth Error logs	Collects error and warning events from SecureAuth IDP appliances.
SecureAuth Logging Audit logs	Collects audit events from SecureAuth IDP appliances.
SecureAuth Logging Audit logs_Rotating	Collects audit events from SecureAuth IDP appliances.
SecureNet IDS
Sentinel IPS	Collects events from Sentinel Intrusion Protection System.
Snort
Sophos Central Cloud	Sophos Central Cloud Endpoint Protection.
Symantec Gateway IDS	Collects events from the Symantec Gateway IDS.
SyslogSnort
TippingPoint Audit and System	Collects audit and system events from Tippingpoint devices.
Tippingpoint IPS 1.4	Collects IPS events from Tipingpoint SMS, as well as IPS versions 1.4 and 2.1+.
Tippingpoint IPS 2.1	Collects IPS events from Tipingpoint SMS, as well as IPS versions 1.4 and 2.1+.
Tippingpoint SMS	Collects IPS events from Tipingpoint SMS, as well as IPS versions 1.4 and 2.1+.
TopLayer Attack Mitigator	Collects DOS/DDOS events from TopLayer IPS 5500 EC-Series and TopLayer IPS 5500 ES-Series appliances.
Trend Micro Deep Discovery Inspector	Detects targeted attacks and targeted ransomware.
Trend Micro HIDS - ossec syslog	Trend Micro HIDS - Integrate OSSEC alerts of suspicious activities via syslog
Trend Micro Interscan Gateway Security Appliance	Collects events from Trend Micros Interscan Gateway Security appliances.
Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) - Email Gateway	Collects logs from email messages, network traffic, and system events.
Tripwire Enterprise	Collects host and file integrity monitoring events from devices running Tripwire software.
Manager	<return to top>
Debian DPKG	Debian DPKG package manager log.
Manager Monitor
Micro Focus Content Manager (DB Rotating)	Normalizes rotating DB log data from Micro Focus Content Manager (Formerly HPE Content Manager / TRIM / Records Manager). Micro Focus Content Manager is a certified integrated records and document management toolset that attaches retention, access control, other bureau-specified rules and attributes to electronic documents.
Micro Focus Content Manager (TALF)	Normalizes TALF data from Micro Focus Content Manager (Formerly HPE Content Manager / TRIM / Records Manager). Micro Focus Content Manager is a certified integrated records and document management toolset that attaches retention, access control, other bureau-specified rules and attributes to electronic documents.
MicrosoftWindowsRemoteManagement-Operational	Windows Remote Management (WinRM) is protocol that allows hardware and OS from different vendors to interoperate. To enable, a new key called Microsoft-Windows-WinRM%4Operational must be added to the following registry entry: `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog` See this KB article for an example implemented on a different connector.
SWLEM Reports	Collects reports events from Solarwinds Log and Event Manager.
nDepth Log Storage Message
Network Access Control	<return to top>
Aruba ClearPass Policy Manager	The ClearPass Policy Manager simplifies network access security by optimizing policies and AAA for mobile enterprises.
Cisco Prime Security Manager	Centralized tool to manage Cisco ASA 5500-X Series Next-Generation Firewalls.
Network Management	<return to top>
Airwatch	Airwatch Mobile Device Management.
Arbor Pravail APS 2104	Used for DDOS attack detection and mitigation.
Aruba Airwave Management Platform	Detects and remediates rogues, attacks, and identifies their location. Aruba Airwave Management Platform manages and monitors wireless environments, controllers.
Axcient Unified Management Console (UMC)
Barracuda Load Balancer ADC	Collects Load Balancer ADC events. Also collects System, Web Firewall, Access, Audit and Network Firewall Logs.
Barracuda Web Security Gateway	A spyware, malware, and virus protection for web security.
Blue Coat PacketShaper	Helps enterprises control bandwidth cost, deliver a superior user experience, and align network resources with business priorities.
Carbon Black Enterprise Response	Carbon Black Enterprise Response - Real-time EDR and incident response.
Cimcor CimTrak	Cimcor CimTrak WTLogs.
Cisco Wireless Acccess Point	Collects events for Cisco Wireless Access Point.
Cisco Wireless Control System	Collects events for Cisco Wireless Control System.
Cisco Wireless LAN Controller snmp trap logs	Wireless Access Point for Businesses.
Citrix XenMobile, Mobile management MDM, system and audit sys log.	Citrix XenMobile, Mobile management MDM, system and audit sys log.
DNA OASyS	This connector covers logs from multiple files: archive.log, cleanup.log, cmxrepsvr.log, collectLog.log, DPdirect_*.log, oasErrLog.log. DNA OASyS 7.5 by Schneider. This is a SCADA Control System.
DNA OASyS xosErrLog	This connector covers xosErrLog.log logs. DNA OASyS 7.5 by Schneider. This is a SCADA Control System.
Dameware Remote Administration
ExtraHop Reveal(x)	Configures the ExtraHop system to send stored audit log data to a remote syslog server.
Fujitsu iRMC	Fujitsu integrated Remote Management Controller.
Gemalto High Availability (HA) Log Messages	Gemalto Network HSM HA-related events including HA errors, add-member and delete-member events.
HPE Intelligent Management Center (IMC)	HPE Intelligent Management Center (IMC), Network Management.
Juniper NSM	Collects events aggregated from Juniper devices.
Lancope StealthWatch	Collects network events from StealthWatch appliances.
Lantronix SLC 8000	Collects events from Lantronix SLC devices.
MS Forefront Endpoint Protection	MS Forefront SCCM discovers servers, desktops, tablets etc connected to a network through Active Directory to ensure security of data stored on those devices.
Microsoft Exchange High Availability Logs	To enable, a new key called Microsoft-Exchange-HighAvailability/Operational must be added to the following registry entry: `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog` See this KB article for an example implemented on a different connector.
MicrosoftNetworkProfileOperational	Network profiles define the attributes for the connection operation to a basic service network To enable, a new key called Microsoft-Windows-NetworkProfile/Operational must be added to the following registry entry: `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog` See this KB article for an example implemented on a different connector.
NGINX Plus web delivery platform error logs	NGINX adds enterprise-ready features for HTTP, TCP, and UDP load balancing, such as session persistence, health checks, advanced monitoring, and management. This gives you the freedom to innovate without being constrained by infrastructure
Nagios
Radius server bundled with Windows Server 2008 and later	Network Policy Server (NPS) allows you to create and enforce organization-wide network access policies for connection request authentication and authorization.
SecureLink Device	Gateway Vendor 2FA authentication Remote Access appliance.
SolarWinds Orion and Virtualization Manager
SolarWinds Platform events auditing	Collects auditing events from the SolarWinds Platform.
Survalent ADMS Software automation solution	Survalent ADMS is a software automation solution that provides real-time supervisory control and data acquisition for utilities.
TACACS	Provides centralized authentication, authorization and accounting (AAA) services for network devices.
Titus Enterprise Information Protection	Protects enterprise information.
Ubiquiti Wireless Acccess Point	Collects events for the Ubiquiti Wireless Access Point.
ePolicy Orchestrator (ePO)
ePolicy Orchestrator (ePO) 4.5+
vCenter Server is the centralized management utility for VMware.	vCenter Server is the centralized management utility for VMware.
Network Services	<return to top>
Array APV 1600	Array APV 1600: Application delivery controller - SSL/TLS accelerator.
AudioCodes Mediant SBC	Collects logs from AudioCodes Mediant Session Border Controllers (SBC).
Avaya SBC	Gathers logs from Avaya SBC.
Barracuda Admin	Collects admin events, such as changes and updates, from all Barracuda devices. Recommend using this connector along with the BarracudaWebAppFW and BarracudaWeb connectors.
Barracuda Mail Archiver	Cloud-Connected Message Archiving for Efficiency and eDiscovery.
Barracuda Spam Firewall	Barracuda Spam and Virus Firewall manages all inbound and outbound email traffic.
Bind	Collects application-specific events generated in the application log. Used for firewalls and routers were Bind is deployed. Covers logs from Infoblox together with connector linuxdhcpd.xml.
CA's BrightStor v11.5
Calix Telecommunications	Calix is a supplier of telecommunications access equipment for service providers.
Cisco Network Registrar for Windows
Cisco Unified Communications Manager (CallManager)	Provides services such as session management, voice, video, messaging, mobility, and web conferencing.
Dell PowerProtect DD	Collects events from the Dell EMC PowerProtect DD.
DHCPd	Collects DHCP daemon lease grant, renewal, and location events from dhcp enabled devices. Covers logs from Infoblox together with connector bind.xml.
DNS Bind	Collects application-specific events generated in application log. Used for firewalls and routers were Bind is deployed.
Distil Networks	Distil Networks provides bot detection and mitigation.
Eaton Cooper Power Systems	Power system operators with a complete suite of software applications to remotely manage all installed intelligent IEDs
Gemalto Luna	Gemalto Luna.
HuaweiNCE	Collects events from Huawei Network Connection Endpoint (NCE) devices.
IIS Configuration	To enable, a new key called Microsoft-Windows-IIS-Configuration-Operational must be added to the following registry entry: `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog` See this KB article for an example implemented on a different connector.
IceWarp Mail Server (Merak)	IceWarp Mail Server (Merak) is a mail server.
Infoblox NIOS	This connector is a combination of connector bind.xml and linuxdhcpd.xml. There is nothing specific to Infoblox.
KEMP User Log	KEMP load balancer user authentication log.
Kemp LoadMaster	Kemp LoadMaster (CEF format).
Kerio Connect	Collects events from Kerio Connect mail server.
Linux Sendmail	Collects mail-related events from devices running Sendmail software.
LinuxLDAP Access	Gathers access messages from the LinuxLDAP server.
LinuxLDAP Error	Gathers error messages from the LinuxLDAP server.
Load Balancer	Collects Load Balancer administration logs and Apache logs.
Locum RealTime Monitor	Collects events from Locum RealTime Monitor.
Microsoft Cloud App Security	Collects events from Microsoft Cloud App Security (CASB) SIEM agent through syslog. See this KB article for more information.
Microsoft Exchange Server in W3C format without Fields value	Microsoft Exchange Server in W3C format without Fields value.
Microsoft Windows WAS, Microsoft Sharepoint Services, vmStatsProvider, Manager Reporter 2012 services Logs
NetIQ eDirectory	Collects Authentication/Creation/Deletion events from the Novell NetIQ eDirectory services.
Netskope CASB	Netskope Security Cloud CASB (Cloud Access Security Broker) is a cloud-based software solution that is installed between cloud service users and cloud applications. The software monitors all activity and enforces security policies. This connector covers syslog logs in CEF format.
Nimble SAN	Collects events from Nimble SAN.
Nozomi Guardian	Collects events from the Nozomi Guardian.
Nutanix	Covers logs from all Nutanix products.
OpenLDAP	Collects LDAP-related events from devices running OpenLDAP.
Oracle Communications Subscriber-Aware Load Balancer and Session Border Controller (SBC) parts of Oracle ACME	Oracle Communications Subscriber-Aware Load Balancer (SLB) enables scaling of capacity from SIP or IP address. Oracle Communications Session Border Controller for fixed line, mobile and over-the-top services
Oracle SD-WAN	Gathers logs from Oracle SD-WAN.
Postfix	Collects events from Postfix Mail Server.
Quest VMWare vRanger	Detects errors and information from Quest Software's vRanger Pro and Standard Edition.
Redline	Covers logs from Redline devices including RDL-3000.
Riverbed/Brocade Stingray	It's a traffic manager/load balancer. It logs to syslog traffic rule violation, system amendments and so on.
SafeNet DataSecure Certificate Server	Collects events from the SafeNet DataSecure i450 appliance.
Semafone
SolarWinds Web Help Desk	IT Services and Asset management software.
Symantec Backup Exec System Recovery
Symmetricom SyncServer	Collects events from Symmetricon SyncServer series (including S100, S200, S250, S300, S350, and S350 SAASM) devices.
Synology cloud software	Synology creates network-attached storage (NAS), IP surveillance solutions, and network equipment.
TACACS+ server based on Cisco engineering release	Terminal Access Controller Access-Control System Plus (TACACS+) is a protocol developed by Cisco. Although derived from TACACS, TACACS+ is a separate protocol that handles authentication, authorization, and accounting (AAA) services.
VMware NSX	Collects events from VMware NSX.
WatchGuard Extensible Content Security (XCS) auth log	Collects authorization events from WatchGuard devices. Requires the configuration of OpenSSH and PAM to watch the same logfile and capture everything.
WatchGuard Extensible Content Security (XCS) syslog	Collects syslog events from WatchGuard devices.
Windows DHCP Server 2000
Windows DHCP Server 2000/2003/2008 System Log
Windows DHCP Server 2003 and 2008
Windows DNS-Server-Analytical	Analytical log from Windows DNS Servers. To enable, a new key called Microsoft-Windows-DNSServer-Analytical must be added to the following registry entry: `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog` See this KB article for an example implemented on a different connector.
Windows Server 2008 Log
named bind	Collects application-specific events generated in application log. Used for firewalls and routers were Bind is deployed.
smnpd daemon messages	Collects events from various applications running the snmp daemon.
Operating Systems	<return to top>
AIX Audit
AIX Syslog	Gathers syslog events on OS access, configuration, user monitoring, and VM monitoring from devices running the IBM AIX operating system.
Debian 8.8 kern logs	Debian 8.8 kern logs
Debian v8.8	Debian v8.8 logs
FireEye Operating System	Collects events from FireEye Operating System.
FreeBSD Authentication	Collects authentication events from devices running FreeBSD. This also requires the configuration of OpenSSH and PAM to watch the same logfile to capture everything
HP OpenVMS 8+	Collects OS events for devices running OpenVMS 8 or later.
HP-ux Syslog	Collects OS access, configuration, user monitoring, and VM monitoring events from devices running HP-UX.
Legacy TriGeo Agent AS400 Tool	Collects auditing events from IBM AS400 appliances running Trigeo AS400 software.
Linux Auditd	Linux Auditd (non-syslog).
Linux PAM	Collects authentication events from devices running PAM software.
Linux PAM command	Collects authentication events from devices running PAM software.
Linux command line logging
Linux syslog events	Gathers syslog events on OS access, configuration, user monitoring, and VM monitoring from devices running RedHat and other Linux distributions.
LogAgent for OS400 (Patrick Townsend Security Solutions)	Collects OS auditing information from IBM OS400 appliances (now called System I).
Mac OS X (crashreporter)
Mac OS X (install)	Collects software installation events from devices running Mac OSX.
Mac OS X (mail)	Collects mail traffic events from devices running Mac OSX.
Mac OS X (ppp)
Mac OS X (secure)	Collects authentication, account, and group information events from devices running Mac OSX.
Mac OS X (system)	Collects system-level events from devices running Mac OSX.
Microsoft Cluster Services events	To enable, a new key called Microsoft-Windows-FailoverClustering/Operational must be added to the following registry entry: `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog` See this KB article for an example implemented on a different connector.
Microsoft Sysmon	Microsoft Sysmon product is used to log and monitor processes. To enable, a new key called Microsoft-Windows-Sysmon/Operational must be added to the following registry entry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog See this KB article for an example used for a different connector.
Microsoft Windows NTLM	To enable, a new key called Microsoft-Windows-NTLM/Operational must be added to the following registry entry: `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog` See this KB article for an example implemented on a different connector.
Microsoft Windows Task Scheduler	Microsoft Windows Task Scheduler for Vista/7/2008 and beyond. To enable, a new key called Microsoft-Windows-TaskScheduler/Operational must be added to the following registry entry: `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog` See this KB article for an example implemented on a different connector.
Microsoft Windows Terminal Services Local Session Manager	The Microsoft-Windows-TerminalServices-LocalSessionManager component is responsible for starting the computer and implementing Windows Fast User Switching (FUS). To enable, a new key called Microsoft-Windows-TerminalServices-LocalSessionManager/Operational must be added to the following registry entry: `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog` See this KB article for an example implemented on a different connector.
MobileIron Assemble	Mobile Data Security and Device Management for Enterprises.
MobileIron VSP	Mobile Data Security and Device Management for Enterprises.
Novell Netware 4.1 - 5.3
Novell Netware 6.5
Novell Netware 6.5 (Database)
Novell Netware 6.5 File
Open SSH	Collects authentication events from devices running Open SSH.
Oracle Linux secure logs	Oracle Linux secure logs.
PowerTech Interact	Collects OS auditing information from IBM OS400 appliances (now called System I).
SELinux	Collects events from devices running SELinux.
SMB Server Audit	Collects audit events from Windows SMB Server.
Solaris 10 BSM Auditing	Collects events from Solaris 10 servers running the Basic Security Module.
Solaris 10 Snare Auditing
Solaris 11	Collects events from Solaris 11 operating system.
Solaris 8 and 9 Snare Auditing
VMware ESX esxcfg-firewall log
VMware ESX hostd log
VMware ESX messages log	Collects events from VMWare ESX, to be run in conjunction with Messages, Secure, vmkernel and vmkwarning connectors.
VMware ESX secure log	Collects events from VMWare ESX, to be run in conjunction with Messages, Secure, vmkernel and vmkwarning connectors.
VMware ESX vmkernel log	Collects events from VMWare ESX, to be run in conjunction with Messages, Secure, vmkernel and vmkwarning connectors.
VMware ESX vmkwarning log	Collects events from VMWare ESX, to be run in conjunction with Messages, Secure, vmkernel and vmkwarning connectors.
VMware ESXi Hostd log	Collects events from VMWare ESXi, to be run in conjunction with ESXi Messages, ESXi Hostd, and ESXi vmkernel connectors.
VMware ESXi messages log	Collects events from VMWare ESX, to be run in conjunction with Messages, Secure, vmkernel and vmkwarning connectors.
VMware ESXi vmkernel log	Collects events from VMWare ESX, to be run in conjunction with Messages, Secure, vmkernel and vmkwarning connectors.
VMware Unified Access Gateway	Collects syslog events from VMware UAG-ESManager, Audit and Admin events.
Windows Application - Syslog	Windows Application logs through Syslog.
Windows Application Log
Windows DNS Server Audit Log	To enable, a new key called Microsoft-Windows-DNSServer/Audit must be added to the following registry entry: `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog` See this KB article for an example implemented on a different connector.
Windows DNS Server Log
Windows DNS Traffic Log
Windows Directory Service Log
Windows File Integrity Monitoring (FIM) File and Directory	Windows File Integrity Monitor (FIM) provides configurable real-time change tracking for files and directories on Windows servers and workstations. Configure files and directories or dynamic patterns of files and directories to monitor and types of changes to monitor for each configured file/directory. To learn how to configure FIM on Linux, access the following link:https://thwack.solarwinds.com/docs/DOC-190279
Windows File Integrity Monitoring (FIM) Registry	Windows File Integrity Monitor (FIM) provides configurable real-time change tracking for registry keys and folders on Windows servers and workstations. Configure registry keys and folders or dynamic patterns of registry keys and folders to monitor and types of changes to monitor for each configured key/folder. To learn how to configure FIM on Linux, access the following link:https://thwack.solarwinds.com/docs/DOC-190279
Windows File Replication Service
Windows Filtering Platform Events
Windows NT/2000/XP Security Log
Windows Security - Syslog	Windows Security logs through Syslog.
Windows Security Log	Windows Security logs (Windows 2008 and newer).
Windows System - Syslog	Windows System logs through Syslog.
Windows System Log
iSecurity CEF	Collects audit logs from iSecurity developed by RazLee.
iSecurity for OS400 (Raz-Lee)
linuxauditd (syslog)	Normalizes Linux audit logs from syslog format into SEM.
sudo	Collects events from various applications running the sudo.
sudo syslog	Collects events from various applications running the sudo.
Physical Infrastructure	<return to top>
APC InfraStruXure	Gathers power monitoring events from InfraStuXure racks and UPS Network Management Cards. Also covers syslog events from Netbotz devices.
APC Netbotz	Gathers non-syslog events from APC Netbotz devices.
Dell DRAC	Dell Access Card for Remote Administration.
Dell Server Administrator	Gathers Storage Management and System Events for Dell Server Administrator from the Windows Application Event Log.
EMCUnity	Dell EMC Unity Storage array.
Fujitsu Blade Servers	Fujitsu Blade Servers.
Fujitsu Storage ETERNUS	Fujitsu Storage ETERNUS consolidates data for server virtualization, e-mail, databases and business applications, as well as centralized file services.
Grandstream Gateway	Grandstream Analog VoIP Gateway integrates traditional phone systems into a VoIP network and manage communication.
HP BladeSystem Enclosure auth log	Collects authorization events from HP BladeSystem enclosures.
HP BladeSystem Enclosure local log	Collects authorization events from HP BladeSystem enclosures.
HP Printer	Collects events from HP Color LaserJet Enterprise M750 Printer series.
HP Proliant iLO 4	HP Proliant iLO 4 and later - Light-out blade management.
HPE 3PAR StoreServ	Hawlett Packard Enterprise 3PAR StoreServ.
Hitachi AMS	Collects events from Hitachi Adaptable Modular Storage devices.
JACO CartCare
Tripp Lite SNMPWEBCARD	Collects events from Tripp Lite SNMPWEBCARD.
TrippLitePDU	TrippLitePDU is network power distribution unit distributing power supplied to the rack.
Proxies/Content Filters	<return to top>
Actiance Unified Security Gateway	Collects events from Unified Security Gateway appliances.
Barracuda Web Filter	Collects Web traffic analysis events, by user, source, destination, configuration, and authentication, from Barracuda devices. Recommend using this connector along with the BarracudaAdmin and BarracudaWebAppFV connectors.
Blue Coat Proxy SG web access	Collects Web Proxy Access events from the following series of Blue Coat ProxySG appliances: 210, 300, 510, 600, 810, 8100, and 9000.
Blue Coat ProxySG	Collects events from the following series of Blue Coat ProxySG appliances: 210, 300, 510, 600, 810, 8100, and 9000.
Cisco AsyncOS Access Log	Cisco AsyncOS Access Log (Squid Format).
Cisco Content Security and Control Security Services Module 6.1-6.2	Collects events from Cisco Content Security and Control Security Services Module 6.1-6.2.
Cisco Content Security and Control Security Services Module 6.3+	Collects events from Cisco Content Security and Control Security Services Module 6.3.
ClearSwift Secure Email Gateway	Inspection and filtering of e-mails content.
Forcepoint TRITON AP-WEB	Collects events from Forcepoint TRITON AP-WEB.
FortiWeb Web Application Firewall	Collects web-related events and device information from FortiWeb Web Application Firewall appliances.
IronPort Email Security Appliance	Collects mail-related events and device information from IronPort Email Security appliances.
IronPort Web Security	Collects web-related events and device information from IronPort Web Security appliances.
Mail Assure	Collects events from Mail Assure email security.
McAfee Email Gateway	Collects mail-related events and device information from McAfee Email Gateway appliances.
McAfee Web Gateway v6.x	Collects web-related events and device information from McAfee Web Gateway v6.x and higher appliances.
McAfee Web Gateway v7.x	Collects web-related events and device information from McAfee Web Gateway v7.x and higher appliances.
Sonicwall Email Security
Sophos ES appliance	Collects events from the Sophos Email Security appliance. It should be run in conjunction with the auth connector.
Sophos ES appliance auth	Collects events from the Sophos Email Security appliance. It should be run in conjunction with the auth connector.
Sophos WS appliance	Collects events from the Sophos Web Security appliance.
Squid Access Log
SquidGuard Access Block Log
St. Bernard iPrism	Collects events from iPrism Internet Filtering Appliances.
Symantec Secure Web Gateway: ProxySG and ASG (Bluecoat) Access	Collects Symantec Secure Web Gateway: ProxySG and ASG (Bluecoat) Access events from SG600 and maybe for other Access running SGOS. The connector requires the following fields to be set: #Fields: date time time-taken c-ip cs-username cs-auth-group s-supplier-name s-supplier-ip s-supplier-country s-supplier-failures x-exception-id sc-filter-result cs-categories cs(Referer) sc-status s-action cs-method rs(Content-Type) cs-uri-scheme cs-host cs-uri-port cs-uri-path cs-uri-query cs-uri-extension cs(User-Agent) s-ip sc-bytes cs-bytes x-virus-id x-bluecoat-application-name x-bluecoat-application-operation cs-threat-risk x-bluecoat-transaction-uuid x-icap-reqmod-header(X-ICAP-Metadata) x-icap-respmod-header(X-ICAP-Metadata)
Symantec Secure Web Gateway: ProxySG and ASG (Bluecoat) SSL	Collects Symantec Secure Web Gateway: ProxySG and ASG (Bluecoat) SSL events from SG600 and maybe for other SSL running SGOS. The connector requires the following fields to be set: #Fields: date time time-taken c-ip cs-username cs-auth-group s-supplier-name s-supplier-ip s-supplier-country s-supplier-failures x-exception-id sc-filter-result cs-categories sc-status s-action cs-method rs(Content-Type) cs-uri-scheme cs-host cs-uri-port cs-uri-extension cs(User-Agent) s-ip sc-bytes cs-bytes x-virus-id x-rs-certificate-observed-errors x-cs-ocsp-error x-rs-ocsp-error x-rs-connection-negotiated-cipher-strength x-rs-certificate-hostname x-rs-certificate-hostname-category cs-threat-risk x-rs-certificate-hostname-threat-risk
Symantec Web Security for Windows
SymantecWebGateway	Symantec Web Gateway Malware and content filtering screening device.
Trend IWSVA Audit Log
Trend IWSVA URL Access Log
Trend IWSVA URL Block Log
Trend IWSVA Update Log
Trend IWSVA Virus Log
Trend-Micro IWSVA URL log
Websense Security Gateway Anywhere	Collects device/software events from Websense Security Gateway Anywhere appliances.
Websense Web Filter and Websense Web Security	Collects device/software events from Websense gateways.
Websense Web Filter and Websense Web Security Database	Collects device/software events from Websense gateways.
Webtitan	Webtitan - Web Content Filter.
eSafe	Collects web security and email security events from the eSafe application.
Routers/Switches	<return to top>
3Com Switch	Gathers events from the following 3com switches: 4400, 4500, 4500G, 4800G, 5500, 5500G, 7750, 8800, S7900E.
AXIA Ethernet Switch	The modular broadcast control surface from Axia Audio.
Adtran Atlas Switch	Gathers events from Adtran Atlas switches.
Adtran NetVanta Router	Gathers events from the following series of Adtran NetVanta routers: 1300, 1500, 2000, 3100, 3200, 3300, 3400 (Modular Access and Multiservice Access), 4000, 5000, and 7100.
Aerohive log	Aerohive SR2024 SR2024P SR2148P CVG log
Alcatel-Lucent OmniSwitch	Collects events from Alcatel-Lucent OmniSwitch.
Allied Telesis Routers and Switches	Collects syslog data from Allied Telesis 8600 Series Fast Ethernet Layer 3 switches, and AT-41x routers.
Arista switches	Collects events from arista switches.
Aruba CX switch	Collects events from Arubx CX switches.
Aruba Wireless Access Point	Collects events from Aruba wireless access points with firmware version 2.x.
Aruba Wireless Access Point 3x	Collects events from Aruba wireless access points with firmware version 3.0 and later.
Aruba2930	Aruba 2930M-24G switch.
Aruba CX Switch	Collects events from Aruba CX switches.
Avaya/Nortel VSP 7000 Ethernet Routing Switch	Collects events from the following Avaya/Nortel Ethernet Routing Switches: 5510, 5520, 5530-24TFD, 8600, VSP 7000.
Blade RackSwitch	Collects events from Blade RackSwitch G8100 and G8124 10G Low Latency Switches, as well as the RackSwitch G8000 1-10G Aggregation Switch.
Bluesocket vWLAN	Bluesocket devices Virtual Wireless LAN.
Brocade Iron Series	Collects events from Brocade Iron Series switches and routers.
Brocade VDX Switches	Collects events from Brocade VDX switches.
Brocade Vyatta Router	Gathers events from Brocade Vyatta Router.
Cisco 4000 Series Integrated Services Routers (ISRs), Intelligent WAN platform	Cisco 4000 Series Integrated Services Routers (ISRs), Intelligent WAN platform.
Cisco CatOS	Collects events from Cisco Catalyst devices running IOS 12.2+, or CatOS 6.2+.
Cisco Nexus NX-OS	Collects events from Cisco Nexus Switches (running NX-OS).
Cisco Small Business 300 Series Managed Switch	Collects events from the series of Cisco Sx300 Security Appliances.
Cisco Wireless LAN Controller and IOS-XE Software	Collects events for Cisco Wireless LAN Controllers, as well as for IOS-XE based routers/switches.
DrayTek Vigor Series	Collects logs from DrayTek Vigor series routers.
Dell Force10 Switch	Collects events from Dell Force10 Switch.
Dell N Series Switches	Dell Networking N2000 Series 1GbE Layer 3 Switches.
Dell PowerConnect Switches	Collects events from Dell J-EX4200 and J-EX8200 Ethernet switches.
DrayTek Vigor Series	Collects logs from DrayTek Vigor series routers.
Enterasys C-Series and N-Series Switches	Collects events from Enterasys C-Series and N-Series switches.
Enterasys IdentiFi Wireless Controller	Collects events for Enterasys IdentiFi Wireless Controller.
Extreme Networks VSP	Extreme Networks VSP collects events from Virtual Services Platform devices.
Extreme Switch	Collects events from the following Extreme Networks Alpine, BlackDiamond, and Summit switches.
Foundry	Collects events from the following Brocade FastIron switches: 1500, 400, 800, and Edge Switches 2402, 4802, and 9604.
FreeWave
HP MSM700 Series Controller	Collects network traffic events, changes to the device, device issues, and authentication events from MSM wireless controller devices.
HP ProCurve 1910-24G-PoE Switch and H3C	Collects Events for HP Procurve 1910-24G-PoE Switch, H3C and FlexFabric Switch series.
HP ProCurve Switches Firmware F.05.65+ Zl Series	Collects events for HP ProCurve switches running Firmware version F.05.65+.
HP Router	Gathers events from the HP 930 MSR Router.
Hirschmann OpenRail System Compact Switch	Collects events specific to Hirschmann OpenRail System Compact Switch appliances.
Huawei Switches	Collects events from Huawei switches.
Juniper JUNOS	Collects events from Juniper routers and switches running JUNOS.
Junos Pulse Gateway	Junos Pulse Gateway provides SSL/VPN, network access control, and application acceleration.
Meru Wireless	Meru MC3200 Meru Wireless Controller.
MetaSwitch Universal Media Gateway	Collects events from MetaSwitch Universal Media Gateway MG6050. The connector should work for other versions as well.
Mikrotik Routers	Provides wireless ISP systems for Internet connectivity around the world.
Motorola WLAN Controller	Collects events from Motorolla WLAN controller 4000 series appliances.
Motorola WS2000 snmp	Gathers events from the Motorola WS2000 series switches through SNMP.
Moxa Ethernet Switches	Collects events from Moxa ICS-67528A and EDS-G516E series Ethernet switches.
NEC IX Router	Collects events from NEC IX Series routers.
Netgear Switch	Collects events from Netgear switches.
Nokia Switch	Collects events from Nokia 7750 and 7210 switches.
Nortel Baystack	Collects events from Nortel Baystack switches.
Nortel Contivity 200 Series	Collects events from Nortel Contivity secure IP gateways (200 series).
Nortel Ethernet Routing Switch 4500 Series	Collects events from the Nortel Ethernet 4500 Series Routing Switches, which are now subsidiaries of Avaya.
Nortel WLAN Security Switch	Collects events from the following Nortel WLAN Security Switches: WLAN Access Point 2330, 2330A, 2330B, 2332, 2350, 2360/2361, 2380, and 2382.
Proxim Orinoco WAP	Collects events from the proxim Orinoco Wireless Access Point.
QLogic Fibre Channel Switch	Collects events from QLogic Fibre Channel Switches.
Raritan Dominion Switch	Collects events from the Raritan Dominion KVM-over-IP switches.
Ruckus ZoneDirector Wireless LAN Controller	Collects events for Ruckus ZoneDirector Wireless LAN controllers.
RuggedCom Switch	Collects events from the RuggedCom Switches: M2100, RST2228, and RX1500 switches.
SilverPeak WAN Acceleration and Optimization	SilverPeak WAN Acceleration and Optimization.
Telco Switch	Layer2 switch by Telco Systems.
Velocloud	Collects events from the VMWare Velocloud firewall.
Xirrus WiFi Array	Collects events from Xirrus wireless arrays.
ZyXEL P-660HW-T	Gathers events from ZyXEL's P-660HW-T 802.11g Wireless ADSL 2+ 4-port Gateway.
ZyXEL XGS4528F	Gathers events from ZyXEL's XGS4528F.
Security and UTM	<return to top>
Cyberoam UTM	Collects events from Cyberoam UTM appliances.
Enforcive Enterprise Security	Enforcive/Enterprise Security for IBM i: access control, security, compliance and log management.
FireEye Malware Protection System	Collects events from FireEye MPS appliance.
FortiAuthenticator	Collects FortiAuthenticator events.
FortiGate 2.5	Collects events from Fortigate UTM appliances that use firmware version 2.5.
FortiGate 2.8+	Collects events from Fortigate UTM appliances that use firmware version 2.8 and later.
FortiGate 300C	Collects events from Fortigate UTM appliances that use firmware version 300C.
FortiMail Email Security Appliances	FortiMail is a complete Secure Email Gateway platform suitable for any size organization.
McAfee Network and Security Platform (IntruShield) - deprecated	Collects events from McAfee Network and Security Platform (IntruShield). This connector is deprecated. As an alternative, use the McAfee Network Security Manager.
Meraki MX	Collects events from Meraki MX Security Appliance.
Proofpoint Enterprise Protection	Protects business from email threats and other forms of objectionable or dangerous content.
SmoothWall Unified Threat Manager	Collects events from SmoothWall UTM appliances and software.
Sophos UTM 9	Collects events from Sophos UTM 9
Sophos UTM 9 (non unix syslog timestamp)	Collects events from Sophos UTM 9 that start with date-time (format YYYY:MM:DD-HH:MM:SS) instead of unix syslog timestamp.
WatchGuard Firebox	Outdated. Use WatchguardFirewalls.xml.
WatchGuard Firebox X Edge E-Series	Outdated. Use WatchguardFirewalls.xml
WatchGuard SOHO
WatchGuard Xcore	Outdated. Use WatchguardFirewalls.xml.
Zscaler Web Security / Advanced Security	Zscaler protects from malware, viruses, advanced persistent threats, and other risks. It can also stop inadvertent or malicious leaks of a company's sensitive data.
cyphort threat protection	Network-based Next Generation APT Defense.
fireEye HX	fireEye HX
Storage	<return to top>
Dell Compellent storage	Collects logs from Dell Compellent Storage Area Network (SAN) controllers.
Dell Equallogic storage area network systems	EqualLogic products are iSCSI-based storage area network systems marketed by Dell.
HP StorageWorks Modular Smart Array	Collects device information events for StorageWorks arrays.
IBM NetApp ONTAP	Collects device information events for NetApp appliances.
NetApp	Gathers events from NetApp.
NetApp ONTAP OnCommand	Collects events for ONTAP Cluster Management using OnCommand System Manager.
Qumulo	Covers logs from Qumulo Core.
System Scan Reporters	<return to top>
ForeScout CounterACT NAC
Nessus Message
Nessus Report
Nessus Security Scanner NBE Report
Nessus XML Report
PatchLink Vulnerability
QualysGuard Scan Report
Rapid7 NeXpose Vulnerability Scanner
Retina
VPN and Remote Access	<return to top>
Array Networks SPX	Collects events from Array Networks Secure Access Gateways.
Azure Multi-Factor Authentication Server	Multi-Factor authentication for hybrid environments.
Barracuda SSL VPN Connector	Collects events from Barracuda SSL VPN appliance.
Cisco VPN	Collects events for Cisco VPN concentrators.
Citrix Secure Access Gateway	Collects events about application access, configuration, and user monitoring from Citrix secure access gateways.
Citrix Secure Gateway Access - XenApp Server
Citrix XenDesktop
Citrix XenServer auth log	Collects authorization events from Citrix devices.
Citrix XenServer daemon log	Collects daemon log events from Citrix devices.
Corente AWB	Collects events from the Corente AWB application.
FirePass SSL VPN	Collects SSL VPN authentication and VPN access events on F5 FirePass appliances.
Neo Accel SSL VPN	Collects SSL VPN authentication and VPN access events on Neo Accel SSL VPN appliances.
Neoteris VPN/Juniper SA series	Collects SSL VPN authentication and VPN access events on Juniper SA series SSL VPN appliances.
Netgear SSL VPN Concentrator SSL312	Collects SSL VPN authentication and VPN access events on Netgear SSL VPN Concentrator appliances.
Netilla VPN	Collects SSL VPN authentication and VPN access events on Netilla VPN appliances.
Nortel Contivity	Collects events from the following Nortel Contivity secure IP gateways: 1000, 1750, 2700, 500, and 600.
OpenVPN	Collects VPN-related events from devices running OpenVPN.
Permeo VPN	Collects events from Permeo VPN appliances.
PulseSecure	Collects logs from Pulse Connect Secure and Pulse Policy Secure. There should be two instances of this connector. One points to the user.log facility and one to the localX.log facility.
RemotelyAnywhere / LogMeIn
Riverbed Steelhead WAN Optimization	Collects events from the Riverbed Steelhead WAN Optimization appliance.
SonicWALL Aventail SSL VPN E-Class and SMA	Collects events from Dell Aventail SSL VPN E-series and SMA (Secure Mobile Access) appliances.
SonicWALL SSL VPN	Collects events from Dell Aventail SSL VPN appliances (NOT E-class).
SonicWall E-Class SRA	Collects events from Dell SonicWALL E-Class Secure Remote Access appliances.
TeamViewer	Collects TeamViewer connection logs.
Ultra VNC
VMware Horizon 7	VMware Horizon 7
WatchGuard Vclass
WatchGuard Vclass (Alarm)
WatchGuard Vclass (VPN)
pcAnywhere
WebServer	<return to top>
AnyEvent
Apache (syslog)	Covers Apache-style logs sent through syslog (starting with the Apache Common Log format), including Fastly apache-style logs.
Apache Access
Apache Access Rotating
Apache Error
Apache Error Rotating
Apache Tomcat isapi_redirect
Atlassian BitBucket Server	Atlassian BitBucket is a web-based version control repository hosting service
EscalationAssignmentAbortedEvent
Guidewire	Guidewire captures Tomcat log from Guidewire. Apache Tomcat is an open source web server/Java Servlet Container
IIS error connector	IIS error connector.
Incapsula Web Application Firewall
LanguageAssignmentEvent
Localhost Apache Access
Microsoft Forefront Threat Management Gateway 2010 Web Proxy(W3C Server file format)	Collects Microsoft Forefront Threat Management Gateway log messages from files in W3C format.
Microsoft IIS Advanced Logging
Microsoft IIS Web Server 10.0 (W3C Extended file format)
Microsoft IIS Web Server 5.0 (W3C Extended file format)
Microsoft IIS Web Server 6.0 (W3C Extended file format)
Microsoft IIS Web Server 7.0 (W3C Extended file format)
Microsoft IIS Web Server 8.5 (W3C Extended file format)
Microsoft IIS Web Server 8.5 (W3C Extended file format) Enhanced Logging
MicrosoftIISLogging via Windows Event Log	Internet Information Services logging thorugh Windows Event Log. To enable, a new key called Microsoft-IIS-Logging/Logs must be added to the following registry entry: `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog` See this KB article for an example implemented on a different connector.
MilestoneXProtect_C
MilestoneXProtect_Configuration
MilestoneXProtect_audit
NGINX Error
NetMotion Mobility Server_mobility events
NetMotion Mobility Server_nmact events
NetMotion Mobility Warehouse_Access events
NetMotion Mobility Warehouse_Error events
SignonEvents
SingleSignonEvents
Syncplify.Me (W3C Extended File Format)	Gathers logs from Syncplify.me (a secure sftp server) in W3C format stored locally in a flatfile.
Tomcat ASC Config Change event	Tomcat ASC Config Change event.
Tomcat Cluster Event	Tomcat Cluster Event.
Tomcat Common daemon	Tomcat Common daemon.
Webdefend-Trustwave	Web application firewall that logs events based on actions taken on web traffic to prevent attacks.
Websphere 7 SystemOut Log

Search SolarWinds Support

SEM connectors

SEM connector categories