Page Comparison

Table of Contents

maxLevel	2
type	flat

...

Valid tags and data tables

The full tag can have 4 or 5 levels. In some cases, there can be an optional level containing the process name and the process ID, which would occupy the fifth or the sixth level. The first two are fixed asadn.f5. The third level identifies the type of events sent, and the fourth, fifth, and sixth levels indicate the event subtypes.

* Required or optional if it is a process name and ID.

** Optional. It is a process name and ID.

These are the valid tags and corresponding data tables that will receive the parsers' data:

...

For more information, read more About Devo tags.

How is the data sent to Devo?

The F5 BigIp platform has two different mechanisms for sending data and/or management plane logs to remote syslog servers or a pool of them:

...

adn.f5.bigip.pktfilter
protocol

Rw ui tabs macro

Rw tab

title	1-4

Anchor
adn.f5.bigip.afm
adn.f5.bigip.afm
adn.f5.bigip.afm

Field	Type	Extra fields
eventdate	`timestamp`
hostName	`str`
facility	`str`
logLevel	`str`
processName	`str`
processId	`str`
eventType	`str`
aclPolicyName	`str`
aclPolicyType	`str`
aclRuleName	`str`
aclRuleUuid	`str`
action	`str`
bigipHostname	`str`
bigipMgmtIp	`ip4`
contextName	`str`
contextType	`str`
dateTime	`timestamp`
destFqdn	`str`
destGeo	`str`
destIp	`str`
destIpIntCategories	`str`
destPort	`str`
deviceProduct	`str`
deviceVendor	`str`
deviceVersion	`str`
dropReason	`str`
errdefsMsgno	`str`
errdefsMsgName	`str`
flowId	`str`
ipProtocol	`str`
partitionName	`str`
protocol	`str`
routeDomain	`str`
saTranslationPool	`str`
saTranslationType	`str`
severity	`str`
srcFqdn	`str`
srcIp	`str`
srcPort	`str`
srcIpIntCategories	`str`
srcUser	`str`
srcUserGroup	`str`
srcGeo	`str`
translatedDestIp	`ip4`
translatedDestPort	`str`
translatedIpProtocol	`str`
translatedRouteDomain	`str`
translatedSrcIp	`ip4`
translatedSrcPort	`str`
translatedVlan	`str`
vlan	`str`
rawMessage	`str`	✓
hostchain	`str`	✓
tag	`str`	✓

Anchor
adn.f5.bigip.apm
adn.f5.bigip.apm
adn.f5.bigip.apm

Field	Type	Extra fields
eventdate	`timestamp`
hostName	`str`
facility	`str`
logLevel	`str`
processName	`str`
processId	`str`
logId	`str`
eventType	`str`
partition	`str`
message	`str`
sessionId	`str`
bytesIn	`int4`
bytesOut	`int4`
rawMessage	`str`	✓
hostchain	`str`	✓
tag	`str`	✓

Anchor
adn.f5.bigip.asm
adn.f5.bigip.asm
adn.f5.bigip.asm

Field	Type	Extra fields
eventdate	`timestamp`
hostName	`str`
facility	`str`
logLevel	`str`
processName	`str`
processId	`str`
logId	`str`
eventType	`str`
message	`str`
reportingProcess	`str`
reportingFunction	`str`
reportedError	`str`
rawMessage	`str`	✓
hostchain	`str`	✓
tag	`str`	✓

Anchor
adn.f5.bigip.audit
adn.f5.bigip.audit
adn.f5.bigip.audit

Anchor

adn.f5.bigip.pktfilter adn.f5.bigip.pktfilter

Field

Type

Extra fields

eventdate

timestamp

hostName

str

facility

str

logLevel

str

processName

str

processId

str

logId

str

message

str

accessProfile

str

partition

str

sessionId

str

packet

ip4

filter

str

action

str

vlan

str

len

int4

srcIp

ip4

srcPort

str

dstIp

ip4

dstPort

str

Field	Type	Extra fields
eventdate	`timestamp`
hostName	`str`
facility	`str`
logLevel	`str`
processName	`str`
processId	`str`
logId	`str`
message	`str`
user	`str`
folder	`str`
module	`str`
status	`str`
cmdData	`str`
rawMessage	`str`	✓
hostchain	`str`	✓
tag	`str`	✓

Versions Compared

Old Version 23

New Version Current

Key

Valid tags and data tables

How is the data sent to Devo?

Anchor
adn.f5.bigip.afm
adn.f5.bigip.afm
adn.f5.bigip.afm

Anchor
adn.f5.bigip.apm
adn.f5.bigip.apm
adn.f5.bigip.apm

Anchor
adn.f5.bigip.asm
adn.f5.bigip.asm
adn.f5.bigip.asm

Anchor
adn.f5.bigip.audit
adn.f5.bigip.audit
adn.f5.bigip.audit

Anchor
adn.f5.bigip.dns
adn.f5.bigip.dns
adn.f5.bigip.dns

Anchor
adn.f5.bigip.ltm
adn.f5.bigip.ltm
adn.f5.bigip.ltm

Anchor
adn.f5.bigip.pktfilter
adn.f5.bigip.pktfilter
adn.f5.bigip.pktfilter

Field	Type	Source field name	Extra fields
eventdate	`timestamp`
machine	`str`
facility	`str`
log_level	`str`	logLevel
process_name	`str`	processName
process_id	`str`	processId
log_id	`str`	logId
event_type	`str`	eventType
message	`str`
query_ts	`str`	queryTs
client_ip	`str`
client_ipv4	`ip4`	clientIp
client_port	`str`	clientPort
view	`str`
query_name	`str`	queryName
query_class	`str`	queryClass
query_type	`str`	queryType
query_flags	`str`	queryFlags
response_status	`str`	responseStatus
response_flags	`str`	responseFlags
response_ttl	`str`	responseTtl
response_record	`str`	responseRecord
dns_server_ip	`str`
dns_server_ipv4	`ip4`	dnsServerIp
server	`str`
virtual_server	`str`
virtual_ip	`str`
virtual_ipv4	`ip4`
virtual_port	`str`
iquery_peer	`str`
iquery_peer_ipv4	`ip4`	iqueryPeer
iquery_peer_port	`str`
server_status	`str`	serverStatus
rule	`str`
rule_type	`str`	ruleType
rule_message	`str`	ruleMessage
pool	`str`
pool_member	`str`
instance	`str`
error_code	`str`
error_description	`str`
rawMessage	`str`		✓
hostchain	`str`		✓
tag	`str`		✓

Page Comparison

Versions Compared

Old Version 23

New Version Current

Key

Valid tags and data tables

How is the data sent to Devo?

Anchoradn.f5.bigip.afmadn.f5.bigip.afmadn.f5.bigip.afm

Anchoradn.f5.bigip.apmadn.f5.bigip.apmadn.f5.bigip.apm

Anchoradn.f5.bigip.asmadn.f5.bigip.asmadn.f5.bigip.asm

Anchoradn.f5.bigip.auditadn.f5.bigip.auditadn.f5.bigip.audit

Anchoradn.f5.bigip.dnsadn.f5.bigip.dnsadn.f5.bigip.dns

Anchoradn.f5.bigip.ltmadn.f5.bigip.ltmadn.f5.bigip.ltm

Anchoradn.f5.bigip.pktfilteradn.f5.bigip.pktfilteradn.f5.bigip.pktfilter

Anchor
adn.f5.bigip.afm
adn.f5.bigip.afm
adn.f5.bigip.afm

Anchor
adn.f5.bigip.apm
adn.f5.bigip.apm
adn.f5.bigip.apm

Anchor
adn.f5.bigip.asm
adn.f5.bigip.asm
adn.f5.bigip.asm

Anchor
adn.f5.bigip.audit
adn.f5.bigip.audit
adn.f5.bigip.audit

Anchor
adn.f5.bigip.dns
adn.f5.bigip.dns
adn.f5.bigip.dns

Anchor
adn.f5.bigip.ltm
adn.f5.bigip.ltm
adn.f5.bigip.ltm

Anchor
adn.f5.bigip.pktfilter
adn.f5.bigip.pktfilter
adn.f5.bigip.pktfilter