Skip to content

Sourcetypes

Below are a list of sourcetypes which this Add-on uses. It is not necessary to manually set the sourcetype to anything other than opnsense as this add-on will automatically transform the sourcetype to the appropriate value.

Source type Description CIM Mapping
opnsense:access deprecated v1.5.0 Access Events to OPNsense firewall. Authentication
opnsense:audit new v1.5.0 Audit Events to OPNsense firewall (logins/changes). Authentication
opnsense:cron Cron Events None
opnsense:dhcpd DHCP Events Network Sessions
opnsense:filterlog Filterlog Events Network Traffic
opnsense:lighttpd Events from the Web interface Web
opnsense:openvpn OpenVPN Events Authentication
opnsense:suricata opnsense:suricata:json IDS events from suricata Intrusion Detection Network Traffic
opnsense:squid Proxy events from Squid Proxy Web
opnsense:unbound DNS events from Unbound DNS Network Resolution
opnsense:syslog Events from Syslog-ng None