Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

Introduction

The tags beginning with gateway.forum identify events generated by Gateway.

Valid tags and data tables 

The full tag must have four levels. The first two are fixed as gateway.forum. The third level identifies the type of events sent, and the fourth level indicates the event subtype. 

These are the valid tags and corresponding data tables that will receive the parsers' data:

Product / Service

Tags

Data tables

Gateway

gateway.forum.system

gateway.forum.system

For more information, read more about Devo tags.

Table structure

These are the fields displayed in this table:

Field

Type

Extra field

Field transformation

Source field name

eventdate

timestamp

machine

str

vmachine

forum_eventid

str

forum_sessionid

str

forum_eventcode

str

forum_loglevel

str

forum_message

str

sourceIP

ip4

ip4(split(sourceSocket, ":", 0))

sourceSocket

sourcePort

str

split(sourceSocket, ":", 1)

sourceSocket

destinationIP

ip4

ip4(split(destinationSocket, ":", 0))

destinationSocket

destinationPort

str

split(destinationSocket, ":", 1)

destinationSocket

bytes_read

str

ifthenelse(forum_message -> "bytes", peek(forum_message, re("(\\d+),"), 1), +peek(forum_message, re(",?(\\d+) bytes"), 1), "0")

forum_message

hostchain

str

tag

str

  • No labels