sase.appgate
Introduction
The tags begin with sase.appgate
identify events generated by Appgate SDP belonging to Appgate.
Valid tags and data tables
The full tag must have 4 levels. The first two are fixed as sase.appgate
. The third level indicates the product and the fourth identifies the type of events sent.
These are the valid tags and corresponding data tables that will receive the parsers' data:
Product / Service | Tags | Data tables |
---|---|---|
Appgate SDP |
|
|
For more information, read more About Devo tags.
Table structure
These are the fields displayed in this table:
sase.appgate.sdp.events
Field | Type | Extra fields |
---|---|---|
eventdate |
|
|
hostname |
|
|
version |
|
|
timestamp |
|
|
hostname2 |
|
|
daemon |
|
|
log__action |
|
|
log__action_id |
|
|
log__client_ip |
|
|
log__client_port |
|
|
log__collective_id |
|
|
log__connection_type |
|
|
log__destination_ip |
|
|
log__destination_port |
|
|
log__direction |
|
|
log__distinguished_name |
|
|
log__distinguished_name_device_id |
|
|
log__distinguished_name_ou |
|
|
log__distinguished_name_user |
|
|
log__entitlement_token_id |
|
|
log__event_type |
|
|
log__geoip__ip |
|
|
log__geoip__time_zone |
|
|
log__geoip__continent_code |
|
|
log__geoip__city_name |
|
|
log__geoip__country_name |
|
|
log__geoip__country_code2 |
|
|
log__geoip__dma_code |
|
|
log__geoip__country_code3 |
|
|
log__geoip__region_code |
|
|
log__geoip__region_name |
|
|
log__geoip__postal_code |
|
|
log__geoip__location__lon |
|
|
log__geoip__location__lat |
|
|
log__geoip__latitude |
|
|
log__geoip__longitude |
|
|
log__geoip__cordinates |
|
|
log__id |
|
|
log__packet_size |
|
|
log__protocol |
|
|
log__rule_name |
|
|
log__source_ip |
|
|
log__source_port |
|
|
log__timestamp |
|
|
log__version |
|
|
hostchain |
| ✓ |
tag |
| ✓ |
rawMessage |
| ✓ |