Document toolboxDocument toolbox

network.versa

Owned by Juan Tomás Alonso Nieto (Deactivated)
May 08, 2023
3 min read
[ 1 Tag structure ] [ 2 Devo relay rules ]

The tags beginning with network.versa identify log events generated by the following Versa technologies:

  • Versa SD-WAN

  • Versa NGFW

  • Versa IDP

  • Versa CGNAT

  • Versa AV

Tag structure

The full network.versa tags have four levels. The first two are fixed as network.versa. The third level identifies the technology type and must be one of ngfw, sdwan, cgnat, av or idp. 

Technology

Brand

Type

Group

Technology

Brand

Type

Group

network

versa

ngfw

  • access

  • identification

  • urlfiltering

-

-

sdwan

  • traffic

  • slaviolation

  • b2bslam

-

-

cgnat

events

-

-

av

events

-

-

idp

events

Therefore, the valid tags include:

  • network.versa.ngfw.access

  • network.versa.ngfw.identification

  • network.versa.ngfw.urlfiltering

  • network.versa.sdwan.traffic

  • network.versa.sdwan.slaviolation

  • network.versa.sdwan.b2bslam

  • network.versa.cgnat.events

  • network.versa.av.events

  • network.versa.idp.events

For more information, read more about Devo tags.

Devo relay rules

You will need to define relay rules that can correctly identify the event type and apply the corresponding tag.

We'll use mostly type-2 relay rules that apply a fixed tag based upon specific data contained in the inbound event and all rules are defined on the same port. In this example, we're using port 13030, but you can use any free port on your relay.

These instructions cover all of the event types.

Rule 1: Versa NGFW Access

  • Source Port → 13030

  • Source Data → (.*)accessLog, applianceName=(.*)

  • Target Tag → network.versa.ngfw.access

  • Select the Stop Processing and Sent without syslog tag checkboxes

Rule 2: Versa NGFW Identification

  • Source Port → 13030

  • Source Data → (.*)flowIdLog, applianceName=(.*)

  • Target Tag → network.versa.ngfw.identification

  • Select the Stop Processing and Sent without syslog tag checkboxes

Rule 3: Versa NGFW Url Filtering

  • Source Port → 13030

  • Source Data → (.*)urlfLog, applianceName=(.*)

  • Target Tag → network.versa.ngfw.urlfiltering

  • Select the Stop Processing and Sent without syslog tag checkboxes

Rule 4: Versa SDWAN Traffic

  • Source Port → 13030

  • Source Data → (.*)flowMonLog, applianceName=(.*)

  • Target Tag → network.versa.sdwan.traffic

  • Select the Stop Processing and Sent without syslog tag checkboxes

Rule 5: Versa SDWAN Sla Violation

  • Source Port → 13030

  • Source Data → (.*)sdwanSlaPathViolLog, applianceName=(.*)

  • Target Tag → network.versa.sdwan.slaviolation

  • Select the Stop Processing and Sent without syslog tag checkboxes

Rule 6: Versa SDWAN B2B Slam

  • Source Port → 13030

  • Source Data → (.*)sdwanB2BSlamLog, applianceName=(.*)

  • Target Tag → network.versa.sdwan.b2bslam

  • Select the Stop Processing and Sent without syslog tag checkboxes

Rule 7: Versa CGNAT Events

  • Source Port → 13030

  • Source Data → (.*)cgnatLog, applianceName=(.*)

  • Target Tag → network.versa.cgnat.events

  • Select the Stop Processing and Sent without syslog tag checkboxes

Rule 8: Versa AV Events

  • Source Port → 13030

  • Source Data → (.*)avLog, applianceName=(.*)

  • Target Tag → network.versa.av.events

  • Select the Stop Processing and Sent without syslog tag checkboxes

Rule 9: Versa IDP Events

  • Source Port → 13030

  • Source Data → (.*)idpLog, applianceName=(.*)

  • Target Tag → network.versa.idp.events

  • Select the Stop Processing and Sent without syslog tag checkboxes

Â