sase.appgate

[ 1 Valid tags and data tables ] [ 2 Table structure ]

The tags begin with sase.appgate identify events generated by Appgate products.

Valid tags and data tables

The full tag must have 4 levels. The first two are fixed as sase.appgate. The third level identifies the type of events sent, and the fourth level indicates the event subtype.

Technology	Brand	Type	Subtype

Technology	Brand	Type	Subtype
sase	appgate	sdp	events

These are the valid tags and corresponding data tables that will receive the parsers' data:

Tag	Data table

Tag	Data table
sase.appgate.sdp.events	sase.appgate.sdp.events

Table structure

This is the set displayed by this table.

Field	Type	Extra Label

Field	Type	Extra Label
eventdate	`timestamp`	-
hostname	`str`	-
version	`int4`	-
timestamp	`timestamp`	-
hostname2	`str`	-
daemon	`str`	-
log__action	`str`	-
log__action_id	`str`	-
log__client_ip	`ip4`	-
log__client_port	`int4`	-
log__collective_id	`str`	-
log__connection_type	`str`	-
log__destination_ip	`ip4`	-
log__destination_port	`int4`	-
log__direction	`str`	-
log__distinguished_name	`str`	-
log__distinguished_name_device_id	`str`	-
log__distinguished_name_ou	`str`	-
log__distinguished_name_user	`str`	-
log__entitlement_token_id	`str`	-
log__event_type	`str`	-
log__geoip__ip	`ip4`	-
log__geoip__time_zone	`str`	-
log__geoip__continent_code	`str`	-
log__geoip__city_name	`str`	-
log__geoip__country_name	`str`	-
log__geoip__country_code2	`str`	-
log__geoip__dma_code	`int4`	-
log__geoip__country_code3	`str`	-
log__geoip__region_code	`str`	-
log__geoip__region_name	`str`	-
log__geoip__postal_code	`str`	-
log__geoip__location__lon	`float8`	-
log__geoip__location__lat	`float8`	-
log__geoip__latitude	`float8`	-
log__geoip__longitude	`float8`	-
log__geoip__cordinates	`str`	-
log__id	`str`	-
log__packet_size	`int4`	-
log__protocol	`str`	-
log__rule_name	`str`	-
log__source_ip	`ip4`	-
log__source_port	`int4`	-
log__timestamp	`timestamp`	-
log__version	`int4`	-
hostchain	`str`	✓
tag	`str`	✓
rawMessage	`str`	✓