Versions Compared

Old Version 1

changes.mady.by.user Former user

Saved on

compared with

New Version Current

changes.mady.by.user Juan Tomás Alonso Nieto

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Introduction

Tags beginning with firewall.velocloudidentify events generated by VMware VeloCloud.

Tag structure

The full tag must have 4 3 levels. The first two are fixed as authfirewall.rsavelocloud. The third level identifies the type of events sent, and the fourth level indicates the event subtype. 

Product / Service

Tags

Data tables

VeloCloud Firewall

firewall.velocloud.traffic

firewall.velocloud.traffic

Table structure

These are the fields displayed in this table:[

firewall.velocloud.traffic

...

...

Field

Type

Extra Field

Field

Type

Field transformation

Source field name

Extra fields

eventdate

timestamp

 

-

 

host

str

-

 

vhost

sid

str

 

 

sessionID

int8

 

-

id

segmentObjectId

int8

 

-

 

ruleLogicalId

str

 

-

 

interface

str

 

-

 

protocol

str

 

-

 

srcIp

ip4

 

-

sourceIp

srcPort

int4

 

-

sourcePort

dstIp

ip4

 

-

destIp

dstPort

int4

 

-

destPort

dest_name

str

 

-

sdwanDestination

action

str

 

-

 

application

str

-

 

 

durationSecs

int8

 

-

 

bytesSent

int8

-

 

 

bytesReceived

int8

-

 

 

reason

str

-

 

 

nat_src

ip4

 

-

 

nat_spt

int4

 

-

 

svlan

str

 

-

 

dvlan

str

 

 

dstDomain

str

 

 

fwPolicyName

str

 

-

 

eventName

str

-

Code Block
(isnull(action) ? "null" : action) + "_" + (isnull(protocol) ? "null" : protocol) + "_" + (isnull(reason) ? "null" : reason)

reason

protocol

action

hostchain

str

 

 

tag

str

 

 

rawMessage

str

-