The tags begin with sase.appgate identify events generated by Appgate products.
Valid tags and data tables
The full tag must have 4 levels. The first two are fixed as sase.appgate. The third level identifies the type of events sent, and the fourth level indicates the event subtype.
Technology | Brand | Type | Subtype |
|---|---|---|---|
sase | appgate |
|
|
These are the valid tags and corresponding data tables that will receive the parsers' data:
Tag | Data table |
|---|---|
sase.appgate.sdp.events | sase.appgate.sdp.events |
Table structure
This is the set displayed by this table.
Field | Type | Extra Label |
|---|---|---|
eventdate |
| - |
hostname |
| - |
version |
| - |
timestamp |
| - |
hostname2 |
| - |
daemon |
| - |
log__action |
| - |
log__action_id |
| - |
log__client_ip |
| - |
log__client_port |
| - |
log__collective_id |
| - |
log__connection_type |
| - |
log__destination_ip |
| - |
log__destination_port |
| - |
log__direction |
| - |
log__distinguished_name |
| - |
log__distinguished_name_device_id |
| - |
log__distinguished_name_ou |
| - |
log__distinguished_name_user |
| - |
log__entitlement_token_id |
| - |
log__event_type |
| - |
log__geoip__ip |
| - |
log__geoip__time_zone |
| - |
log__geoip__continent_code |
| - |
log__geoip__city_name |
| - |
log__geoip__country_name |
| - |
log__geoip__country_code2 |
| - |
log__geoip__dma_code |
| - |
log__geoip__country_code3 |
| - |
log__geoip__region_code |
| - |
log__geoip__region_name |
| - |
log__geoip__postal_code |
| - |
log__geoip__location__lon |
| - |
log__geoip__location__lat |
| - |
log__geoip__latitude |
| - |
log__geoip__longitude |
| - |
log__geoip__cordinates |
| - |
log__id |
| - |
log__packet_size |
| - |
log__protocol |
| - |
log__rule_name |
| - |
log__source_ip |
| - |
log__source_port |
| - |
log__timestamp |
| - |
log__version |
| - |
hostchain |
| ✓ |
tag |
| ✓ |
rawMessage |
| ✓ |