Canon Printers¶
About¶
Canon Printers audit log provide a detailed record of all user operations performed on the device, including information like the user's identity, date and time of the operation, the type of operation (print, copy, scan fax), and whether it was successful or not, essentially acting as a tracking system to monitor device usage and potential security concerns.
Product Details¶
Vendor URL: Canon Printers
Product Type: Audit
Product Tier: Tier II
Integration Method: Syslog
Log Guide: Audit Log Overview
Parser Details¶
Log Format: Syslog/CSV
Expected Normalization Rate: 100%
Data Label: CANON_PRINTERS
UDM Fields (list of all UDM fields leveraged in the Parser):
| Log File Field | UDM Field |
|---|---|
| column1 | target.asset.hardware.model |
| column10 | target.application |
| column11 | target.resource.name |
| column12 | target.process.pid |
| column13 | security_result.detection_fields |
| column14 | security_result.detection_fields |
| column15 | target.file.names |
| column2 | target.asset.hardware.serial_number |
| column21 | target.ip |
| column21 | target.user.email_addresses |
| column21 | target.user.user_display_name |
| column21 | network.email.mail_id |
| column3 | target.hostname |
| column3 | principal.hostname |
| column4 | network.session_id |
| column5 | principal.user.userid |
| column6 | principal.group.group_display_name |
| column7 | security_result.action |
| column8 | security_result.detection_fields |
| column9 | security_result.action_details |
| observer_ip | observer.ip |
| principal_ip | principal.ip |
| principal_pid | principal.process.pid |
| product_event | metadata.product_event_type |
Product Event Types¶
| Event | UDM Event Classification |
|---|---|
| 3001 | SETTING_MODIFICATION |
| 3001 | RESOURCE_READ |
| 3001 | RESOURCE_DELETION |
| 4098 | USER_LOGIN |
| 4098 | USER_LOGOUT |
| 1001, 8193 | STATUS_UPDATE |
Log Sample¶
<118>1 2025-02-18T17:39:38Z 10.18.100.10 - - 1741 - 1001,iR-ADV ABC123,2XK06123,iR-ADV ABC123,,JOHN.DOE,EXAMPLE123,OK,,Print,,,9209,02/18/2025 09:39:20,02/18/2025 09:39:38,Microsoft Word - ABC Checklist,,,,,,
Sample Parsing¶
metadata.description = "Print"
metadata.event_type = "STATUS_UPDATE"
metadata.log_type = "CANON_PRINTERS"
metadata.product_event_type = "1001"
metadata.product_name = "Canon Printers"
metadata.vendor_name = "Canon"
observer.ip = "10.18.100.10"
principal.group.group_display_name = "EXAMPLE123"
principal.hostname = "iR-ADV ABC123"
principal.ip = "10.18.100.10"
principal.process.pid = "1741"
principal.user.userid = "JOHN.DOE"
security_result.action_details = "Print"
security_result.action = "ALLOW"
security_result.detection_fields.key = "Start Time"
security_result.detection_fields.value = "02/18/2025 09:39:20"
security_result.detection_fields.key = "End Time"
security_result.detection_fields.value = "02/18/2025 09:39:38"
target.asset.hardware.model = "iR-ADV ABC123"
target.asset.hardware.serial_number = "2XK06123"
target.file.names = "Microsoft Word - ABC Checklist"
target.hostname = "iR-ADV ABC123"
target.process.pid = "9209"