Versions Compared

Old Version 12

changes.mady.by.user Juan Tomás Alonso Nieto

Saved on

compared with

New Version Current

changes.mady.by.user Juan Tomás Alonso Nieto

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The full tag must have at least three levels. The first two are fixed as firewall.juniper. The third level identifies the technology type and must be one of isgnsmsrxssgsystem or traffic. The fourth element is usually required and you are free to define it as you like. 

technology

brand

type

subtype

junos release

firewall

juniper

  • is

  • nsm

  • srx

  • ssg

  • system

  • traffic

usually required and fixed depending on type

appended to firewall.juniper.srx.traffic tag and must be one of:

  • v12 (Junos releases between 12.3 and 14)

  • v14 (Junos 14.x )

  • v15 (Junos releases between 14 and 15.1X49)

  • v16 (Junos 15.1X49-D80 and later)

Therefore, the valid tags include:

Tags

Data tables

firewall.juniper.isg.system

firewall.juniper.isg.system

firewall.juniper.isg.traffic

firewall.juniper.isg.traffic

firewall.juniper.nsm.traffic

firewall.juniper.nsm.traffic

firewall.juniper.srx.idp

firewall.juniper.srx.idp

firewall.juniper.srx.probe

firewall.juniper.srx.probe

firewall.juniper.srx.system

firewall.juniper.srx.system

firewall.juniper.srx.traffic

firewall.juniper.srx.traffic

firewall.juniper.srx.utm

firewall.juniper.srx.utm

firewall.juniper.ssg.system

firewall.juniper.ssg.system

firewall.juniper.ssg.traffic

firewall.juniper.ssg.traffic

firewall.juniper.system

firewall.juniper.system

firewall.juniper.traffic

firewall.juniper.traffic

For more information, read more about Devo tags.

...

Rw ui tabs macro
Rw tab
title1-6

Anchor
tag1
tag1
firewall.juniper.isg.system

Field

Type

Source field name

Extra fields

eventdate

timestamp

 

machine

str

 

product

str

vproduct

devId0

str

 

severity

str

 

type

int4

 

message

str

 

hostchain

str

 

tag

str

 

rawMessage

str

message

Anchor
tag2
tag2
firewall.juniper.isg.traffic

Field

Type

Field transformation

Source field name

Extra fields

eventdate

timestamp

 

 

machine

str

 

 

product

str

 

vproduct

devId

str

 

 

severity

str

 

 

type

int4

 

 

startTime

timestamp

 

 

duration

int4

Code Block
isnotnull(duration_tmp) ? duration_tmp : duration_aux

duration_aux

duration_tmp

policyId

int8

 

 

service

str

Code Block
isnotnull(service_tmp) ? service_tmp : service_aux

service_aux

service_tmp

protocol

int4

Code Block
isnotnull(proto_tmp) ? proto_tmp : proto_aux

proto_aux

proto_tmp

protoStr

str

Code Block
(protocol = 6) ? "TCP" : (protocol = 17) ? "UDP" : (protocol = 1) ? "ICMP" : null("")

protocol

srcZone

str

Code Block
isnotnull(srcZone_tmp) ? srcZone_tmp : srcZone_aux

srcZone_tmp

srcZone_aux

dstZone

str

Code Block
isnotnull(dstZone_tmp) ? dstZone_tmp : dstZone_aux

dstZone_aux

dstZone_tmp

action

str

 

 

bytesSend

int8

Code Block
isnotnull(cliBytes_tmp) ? cliBytes_tmp : cliBytes_aux

cliBytes_aux

cliBytes_tmp

bytesRecv

int8

Code Block
isnotnull(srvBytes_tmp) ? srvBytes_tmp : srvBytes_aux

srvBytes_tmp

srvBytes_aux

srcIp

ip4

Code Block
isnotnull(srcIp_tmp) ? srcIp_tmp : srcIp_aux

srcIp_aux

srcIp_tmp

srcIp_str

str

Code Block
isnotnull(srcIp_tmp_str) ? srcIp_tmp_str : srcIp_aux_str

srcIp_tmp_str

srcIp_aux_str

dstIp

ip4

Code Block
isnotnull(dstIp_tmp) ? dstIp_tmp : dstIp_aux

dstIp_aux

dstIp_tmp

dstIp_str

str

Code Block
isnotnull(dstIp_tmp_str) ? dstIp_tmp_str : dstIp_aux_str

dstIp_aux_str

dstIp_tmp_str

srcPort

int4

Code Block
isnotnull(srcPort_tmp) ? srcPort_tmp : srcPort_aux

srcPort_tmp

srcPort_aux

dstPort

int4

Code Block
isnotnull(dstPort_tmp) ? dstPort_tmp : dstPort_aux

dstPort_tmp

dstPort_aux

icmpType

int4

Code Block
isnotnull(icmpType_tmp) ? icmpType_tmp : icmpType_aux

icmpType_tmp

icmpType_aux

icmpCode

int4

 

 

sessionId

int8

Code Block
isnotnull(session_tmp) ? session_tmp : session_aux

session_tmp

session_aux

srcXIp

ip4

 

 

srcXPort

int4

 

 

dstXIp

ip4

 

 

dstXPort

int4

 

 

reason

str

Code Block
isnotnull(reason_tmp) ? reason_tmp : reason_aux

reason_aux

reason_tmp

unknown

str

 

 

hostchain

str

 

 

tag

str

 

 

rawMessage

str

 

rawSource

Anchor
tag3
tag3
firewall.juniper.nsm.traffic

Field

Type

Source field name

Extra fields

eventdate

timestamp

 

machine

str

 

logDayId

str

 

logRecordId

str

 

timeReceived

timestamp

 

timeGenerated

timestamp

 

deviceDomain

str

 

deviceDomainVer

str

 

deviceName

str

 

deviceIp

ip4

 

category

str

 

subCategory

str

 

srcZone

str

 

srcIface

str

 

srcIp

ip4

 

srcIp_str

str

 

srcPort

int4

 

srcXIp

ip4

 

srcXPort

int4

 

dstZone

str

 

dstIface

str

 

dstIp

ip4

 

dstIp_str

str

 

dstPort

int4

 

dstXIp

ip4

 

dstXPort

int4

 

proto

str

 

policyDomain

str

 

policyDomainVer

str

 

policyName

str

 

rulebase

str

 

ruleNumber

str

 

ruleNumber2

str

 

action

str

 

severity

str

 

isAlert

str

 

details

str

 

user

str

 

app

str

 

uri

str

 

elapsedSecs

int4

 

bytesIn

int8

 

bytesOut

int8

 

bytesTotal

int8

 

pktsIn

int4

 

pktsOut

int4

 

pktsTotal

int4

 

repeatCount

int4

 

hasData

str

 

data

str

 

appliService

str

 

deviceFamily

str

 

hostchain

str

 

tag

str

 

rawMessage

str

rawSource

Anchor
tag4
tag4
firewall.juniper.srx.idp

Field

Type

Source field name

Extra fields

eventdate

timestamp

 

machine

str

 

type

str

 

attack_name

str

 

source_address

ip4

 

source_port

int4

 

destination_address

ip4

 

destination_port

int4

 

protocol_id

str

 

source_zone_name

str

 

interface_name

str

 

action

str

 

hostchain

str

 

tag

str

 

rawMessage

str

rawSource

Anchor
tag5
tag5
firewall.juniper.srx.probe

Field

Type

Source field name

Extra fields

eventdate

timestamp

 

machine

str

 

type

str

 

interfaceName

str

 

snmpInterfaceIndex

str

 

adminStatus

str

 

operationalStatus

str

 

testName

str

 

testOwner

str

 

name

str

 

message

str

 

rawMessage

str

rawSource

hostchain

str

 

tag

str

 

Anchor
tag6
tag6
firewall.juniper.srx.system

Field

Type

Source field name

Extra fields

eventdate

timestamp

 

machine

str

rawHostName

serverdate

str

 

hostname

str

 

process_name

str

 

pid

str

 

log_type

str

 

platform

str

 

username

str

 

authentication_level

str

 

client_ip

ip4

 

client_port

str

 

destination_ip

ip4

 

destination_port

str

 

message

str

 

hostchain

str

 

tag

str

 

rawMessage

str

 

Rw tab
title7-12

Anchor
tag7
tag7
firewall.juniper.srx.traffic

Field

Type

Field transformation

Source field name

Extra fields

eventdate

timestamp

 

 

machine

str

 

 

tag

str

 

 

version

str

 

 

server_date

str

message_source

str

action_name

str

Code Block
action_prefix + action

action_prefix

action

action

str

 

 

srcIp

ip4

Code Block
isnotnull(srcIp_tmp) ? srcIp_tmp : srcIp_aux

srcIp_aux

srcIp_tmp

srcIp_str

str

Code Block
isnotnull(srcIp_tmp_str) ? srcIp_tmp_str : srcIp_aux_str

srcIp_tmp_str

srcIp_aux_str

srcPort

int4

Code Block
isnotnull(srcPort_tmp) ? srcPort_tmp : srcPort_aux

srcPort_tmp

srcPort_aux

dstIp

ip4

Code Block
isnotnull(dstIp_tmp) ? dstIp_tmp : dstIp_aux

dstIp_aux

dstIp_tmp

dstIp_str

str

Code Block
isnotnull(dstIp_tmp_str) ? dstIp_tmp_str : dstIp_aux_str

dstIp_aux_str

dstIp_tmp_str

dstPort

int4

Code Block
isnotnull(dstPort_tmp) ? dstPort_tmp : dstPort_aux

dstPort_tmp

dstPort_aux

service

str

Code Block
isnotnull(service_tmp) ? service_tmp : service_aux

service_aux

service_tmp

srcXIp

ip4

 

 

srcXPort

int4

 

 

dstXIp

ip4

 

 

dstXPort

int4

 

 

natConnetionTag

str

 

 

srcNatRuleType

str

Code Block
isnotnull(srcNatRuleType_tmp) ? srcNatRuleType_tmp : srcNatRuleType_aux

srcNatRuleType_aux

srcNatRuleType_tmp

srcNatRule

str

Code Block
isnotnull(srcNatRule_tmp) ? srcNatRule_tmp : srcNatRule_aux

srcNatRule_aux

srcNatRule_tmp

dstNatRuleType

str

Code Block
isnotnull(dstNatRuleType_tmp) ? dstNatRuleType_tmp : dstNatRuleType_aux

dstNatRuleType_tmp

dstNatRuleType_aux

dstNatRule

str

Code Block
isnotnull(dstNatRule_tmp) ? dstNatRule_tmp : dstNatRule_aux

dstNatRule_tmp

dstNatRule_aux

srcNatIp

ip4

 

 

dstNatIp

ip4

 

 

proto

int4

Code Block
isnotnull(proto_tmp) ? proto_tmp : proto_aux

proto_aux

proto_tmp

protoStr

str

Code Block
(proto = 6) ? "TCP" : (proto = 17) ? "UDP" : (proto = 1) ? "ICMP" : null("")

proto

policy

str

Code Block
isnotnull(policy_tmp) ? policy_tmp : policy_aux

policy_aux

policy_tmp

srcZone

str

Code Block
isnotnull(srcZone_tmp) ? srcZone_tmp : srcZone_aux

srcZone_tmp

srcZone_aux

dstZone

str

Code Block
isnotnull(dstZone_tmp) ? dstZone_tmp : dstZone_aux

dstZone_aux

dstZone_tmp

session

int4

Code Block
isnotnull(session_tmp) ? session_tmp : session_aux

session_tmp

session_aux

reason

str

Code Block
isnotnull(reason_tmp) ? reason_tmp : reason_aux

reason_aux

reason_tmp

cliPkts

int4

Code Block
isnotnull(cliPkts_tmp) ? cliPkts_tmp : cliPkts_aux

cliPkts_tmp

cliPkts_aux

cliBytes

int8

Code Block
isnotnull(cliBytes_tmp) ? cliBytes_tmp : cliBytes_aux

cliBytes_aux

cliBytes_tmp

srvPkts

int4

Code Block
isnotnull(srvPkts_tmp) ? srvPkts_tmp : srvPkts_aux

srvPkts_tmp

srvPkts_aux

srvBytes

int8

Code Block
isnotnull(srvBytes_tmp) ? srvBytes_tmp : srvBytes_aux

srvBytes_tmp

srvBytes_aux

duration

int4

Code Block
isnotnull(duration_tmp) ? duration_tmp : duration_aux

duration_aux

duration_tmp

app

str

Code Block
isnotnull(app_tmp) ? app_tmp : app_aux

app_aux

app_tmp

app2

str

Code Block
isnotnull(app2_tmp) ? app2_tmp : app2_aux

app2_aux

app2_tmp

user

str

Code Block
isnotnull(user_tmp) ? user_tmp : user_aux

user_tmp

user_aux

roles

str

Code Block
isnotnull(roles_tmp) ? roles_tmp : roles_aux

roles_aux

roles_tmp

iface

str

Code Block
isnotnull(iface_tmp) ? iface_tmp : iface_aux

iface_aux

iface_tmp

icmpType

int4

Code Block
isnotnull(icmpType_tmp) ? icmpType_tmp : icmpType_aux

icmpType_tmp

icmpType_aux

structuredData

str

 

 

encrypted

str

Code Block
isnotnull(encrypted_tmp) ? encrypted_tmp : encrypted_aux

encrypted_tmp

encrypted_aux

connectionTag

str

 

 

unknown

str

 

 

rawMessage

str

 

 

hostchain

str

 

 

Anchor
tag8
tag8
firewall.juniper.srx.utm

Field

Type

Source field name

Extra fields

eventdate

timestamp

 

machine

str

 

server_date

str

 

message_source

str

 

event_category

str

 

srcIp

ip4

 

srcIp_str

str

 

srcPort

int4

 

dstIp

ip4

 

dstIp_str

str

 

dstPort

int4

 

srcZone

str

 

dstZone

str

 

application

str

 

nested_application

str

 

application_sub_category

str

 

urlcategory_risk

str

 

name

str

 

error_message

str

 

profile_name

str

 

object_name

str

 

pathname

str

 

username

str

 

roles

str

 

session_id

str

 

category

str

 

reason

str

 

profile

str

 

url

str

 

obj

str

 

hostchain

str

 

tag

str

 

rawMessage

str

rawSource

Anchor
tag9
tag9
firewall.juniper.ssg.system

Field

Type

Source field name

Extra fields

eventdate

timestamp

 

machine

str

 

product

str

vproduct

devModel

str

 

devId0

str

 

severity

str

 

type

int4

 

message

str

 

hostchain

str

 

tag

str

 

rawMessage

str

message

Anchor
tag10
tag10
firewall.juniper.ssg.traffic

Field

Type

Field transformation

Source field name

Extra fields

eventdate

timestamp

 

 

machine

str

 

 

product

str

Code Block
"ssg"

 

devModel

str

 

 

devId

str

 

 

severity

str

 

 

type

int4

 

 

startTime

timestamp

 

 

duration

int4

Code Block
isnotnull(duration_tmp) ? duration_tmp : duration_aux

duration_aux

duration_tmp

policyId

int8

 

 

service

str

Code Block
isnotnull(service_tmp) ? service_tmp : service_aux

service_aux

service_tmp

protocol

int4

Code Block
isnotnull(proto_tmp) ? proto_tmp : proto_aux

proto_aux

proto_tmp

protoStr

str

Code Block
(protocol = 6) ? "TCP" : (protocol = 17) ? "UDP" : (protocol = 1) ? "ICMP" : null("")

protocol

srcZone

str

Code Block
isnotnull(srcZone_tmp) ? srcZone_tmp : srcZone_aux

srcZone_tmp

srcZone_aux

dstZone

str

Code Block
isnotnull(dstZone_tmp) ? dstZone_tmp : dstZone_aux

dstZone_aux

dstZone_tmp

action

str

 

 

bytesSend

int8

Code Block
isnotnull(cliBytes_tmp) ? cliBytes_tmp : cliBytes_aux

cliBytes_aux

cliBytes_tmp

bytesRecv

int8

Code Block
isnotnull(srvBytes_tmp) ? srvBytes_tmp : srvBytes_aux

srvBytes_tmp

srvBytes_aux

srcIp

ip4

Code Block
isnotnull(srcIp_tmp) ? srcIp_tmp : srcIp_aux

srcIp_aux

srcIp_tmp

srcIp_str

str

Code Block
isnotnull(srcIp_tmp_str) ? srcIp_tmp_str : srcIp_aux_str

srcIp_tmp_str

srcIp_aux_str

dstIp

ip4

Code Block
isnotnull(dstIp_tmp) ? dstIp_tmp : dstIp_aux

dstIp_aux

dstIp_tmp

dstIp_str

str

Code Block
isnotnull(dstIp_tmp_str) ? dstIp_tmp_str : dstIp_aux_str

dstIp_aux_str

dstIp_tmp_str

srcPort

int4

Code Block
isnotnull(srcPort_tmp) ? srcPort_tmp : srcPort_aux

srcPort_tmp

srcPort_aux

dstPort

int4

Code Block
isnotnull(dstPort_tmp) ? dstPort_tmp : dstPort_aux

dstPort_tmp

dstPort_aux

icmpType

int4

Code Block
isnotnull(icmpType_tmp) ? icmpType_tmp : icmpType_aux

icmpType_tmp

icmpType_aux

icmpCode

int4

 

 

sessionId

int8

Code Block
isnotnull(session_tmp) ? session_tmp : session_aux

session_tmp

session_aux

srcXIp

ip4

 

 

srcXPort

int4

 

 

dstXIp

ip4

 

 

dstXPort

int4

 

 

reason

str

Code Block
isnotnull(reason_tmp) ? reason_tmp : reason_aux

reason_aux

reason_tmp

unknown

str

 

 

rawMessage

str

 

rawSource

hostchain

str

 

 

tag

str

 

 

Anchor
tag11
tag11
firewall.juniper.system

Field

Type

Source field name

Extra fields

eventdate

timestamp

 

machine

str

 

product

str

vproduct

devModel

str

 

devId0

str

 

severity

str

 

type

int4

 

message

str

 

hostchain

str

 

tag

str

 

rawMessage

str

message

Anchor
tag12
tag12
firewall.juniper.traffic

Field

Type

Field transformation

Source field name

Extra fields

eventdate

timestamp

machine

str

product

str

vproduct

devModel

str

devId

str

severity

str

type

int4

startTime

timestamp

duration

int4

Code Block
isnotnull(duration_tmp) ? duration_tmp : duration_aux

duration_aux

duration_tmp

policyId

int8

service

str

Code Block
isnotnull(service_tmp) ? service_tmp : service_aux

service_aux

service_tmp

protocol

int4

Code Block
isnotnull(proto_tmp) ? proto_tmp : proto_aux

proto_aux

proto_tmp

protoStr

str

Code Block
isnotnull(proto) ? proto : ((protocol = 6) ? "TCP" : (protocol = 17) ? "UDP" : (protocol = 1) ? "ICMP" : null(""))

proto

protocol

srcZone

str

Code Block
isnotnull(srcZone_tmp) ? srcZone_tmp : srcZone_aux

srcZone_tmp

srcZone_aux

dstZone

str

Code Block
isnotnull(dstZone_tmp) ? dstZone_tmp : dstZone_aux

dstZone_aux

dstZone_tmp

action

str

cliPkts

int4

Code Block
isnotnull(cliPkts_tmp) ? cliPkts_tmp : cliPkts_aux

cliPkts_tmp

cliPkts_aux

bytesSend

int8

Code Block
isnotnull(cliBytes_tmp) ? cliBytes_tmp : cliBytes_aux

cliBytes_aux

cliBytes_tmp

srvPkts

int4

Code Block
isnotnull(srvPkts_tmp) ? srvPkts_tmp : srvPkts_aux

srvPkts_tmp

srvPkts_aux

bytesRecv

int8

Code Block
isnotnull(srvBytes_tmp) ? srvBytes_tmp : srvBytes_aux

srvBytes_tmp

srvBytes_aux

srcIp

ip4

Code Block
isnotnull(srcIp_tmp) ? srcIp_tmp : srcIp_aux

srcIp_aux

srcIp_tmp

srcIp_str

str

Code Block
isnotnull(srcIp_tmp_str) ? srcIp_tmp_str : srcIp_aux_str

srcIp_tmp_str

srcIp_aux_str

dstIp

ip4

Code Block
isnotnull(dstIp_tmp) ? dstIp_tmp : dstIp_aux

dstIp_aux

dstIp_tmp

dstIp_str

str

Code Block
isnotnull(dstIp_tmp_str) ? dstIp_tmp_str : dstIp_aux_str

dstIp_aux_str

dstIp_tmp_str

srcPort

int4

Code Block
isnotnull(srcPort_tmp) ? srcPort_tmp : srcPort_aux

srcPort_tmp

srcPort_aux

dstPort

int4

Code Block
isnotnull(dstPort_tmp) ? dstPort_tmp : dstPort_aux

dstPort_tmp

dstPort_aux

icmpType

int4

Code Block
isnotnull(icmpType_tmp) ? icmpType_tmp : icmpType_aux

icmpType_tmp

icmpType_aux

icmpCode

int4

sessionId

int8

Code Block
isnotnull(session_tmp) ? session_tmp : session_aux

session_tmp

session_aux

srcXIp

ip4

srcXPort

int4

dstXIp

ip4

dstXPort

int4

reason

str

Code Block
isnotnull(reason_tmp) ? reason_tmp : reason_aux

reason_aux

reason_tmp

version

str

pid

str

natConnetionTag

str

srcNatRuleType

str

Code Block
isnotnull(srcNatRuleType_tmp) ? srcNatRuleType_tmp : srcNatRuleType_aux

srcNatRuleType_aux

srcNatRuleType_tmp

srcNatRule

str

Code Block
isnotnull(srcNatRule_tmp) ? srcNatRule_tmp : srcNatRule_aux

srcNatRule_aux

srcNatRule_tmp

dstNatRuleType

str

Code Block
isnotnull(dstNatRuleType_tmp) ? dstNatRuleType_tmp : dstNatRuleType_aux

dstNatRuleType_tmp

dstNatRuleType_aux

dstNatRule

str

Code Block
isnotnull(dstNatRule_tmp) ? dstNatRule_tmp : dstNatRule_aux

dstNatRule_tmp

dstNatRule_aux

srcNatIp

ip4

dstNatIp

ip4

policy

str

Code Block
isnotnull(policy_tmp) ? policy_tmp : policy_aux

policy_aux

policy_tmp

user

str

Code Block
isnotnull(user_tmp) ? user_tmp : user_aux

user_tmp

user_aux

roles

str

Code Block
isnotnull(roles_tmp) ? roles_tmp : roles_aux

roles_aux

roles_tmp

iface

str

Code Block
isnotnull(iface_tmp) ? iface_tmp : iface_aux

iface_aux

iface_tmp

app

str

Code Block
isnotnull(app_tmp) ? app_tmp : app_aux

app_aux

app_tmp

app2

str

Code Block
isnotnull(app2_tmp) ? app2_tmp : app2_aux

app2_aux

app2_tmp

encrypted

str

Code Block
isnotnull(encrypted_tmp) ? encrypted_tmp : encrypted_aux

encrypted_tmp

encrypted_aux

structuredData

str

unknown

str

rawMessage

str

rawSource

hostchain

str

tag

str

...