sase.appgate
Introduction
The tags begin with sase.appgate
identify events generated by Appgate SDP belonging to Appgate.
Valid tags and data tables
The full tag must have 4 levels. The first two are fixed as sase.appgate
. The third level indicates the product and the fourth identifies the type of events sent.
These are the valid tags and corresponding data tables that will receive the parsers' data:
Product / Service | Tags | Data tables |
---|---|---|
Appgate SDP |
|
|
For more information, read more About Devo tags.
Table structure
These are the fields displayed in this table:
sase.appgate.sdp.events
Field | Type | Extra fields |
---|---|---|
eventdate |
| Â |
hostname |
| Â |
version |
| Â |
timestamp |
| Â |
hostname2 |
| Â |
daemon |
| Â |
log__action |
| Â |
log__action_id |
| Â |
log__client_ip |
| Â |
log__client_port |
| Â |
log__collective_id |
| Â |
log__connection_type |
| Â |
log__destination_ip |
| Â |
log__destination_port |
| Â |
log__direction |
| Â |
log__distinguished_name |
| Â |
log__distinguished_name_device_id |
| Â |
log__distinguished_name_ou |
| Â |
log__distinguished_name_user |
| Â |
log__entitlement_token_id |
| Â |
log__event_type |
| Â |
log__geoip__ip |
| Â |
log__geoip__time_zone |
| Â |
log__geoip__continent_code |
| Â |
log__geoip__city_name |
| Â |
log__geoip__country_name |
| Â |
log__geoip__country_code2 |
| Â |
log__geoip__dma_code |
| Â |
log__geoip__country_code3 |
| Â |
log__geoip__region_code |
| Â |
log__geoip__region_name |
| Â |
log__geoip__postal_code |
| Â |
log__geoip__location__lon |
| Â |
log__geoip__location__lat |
| Â |
log__geoip__latitude |
| Â |
log__geoip__longitude |
| Â |
log__geoip__cordinates |
| Â |
log__id |
| Â |
log__packet_size |
| Â |
log__protocol |
| Â |
log__rule_name |
| Â |
log__source_ip |
| Â |
log__source_port |
| Â |
log__timestamp |
| Â |
log__version |
| Â |
hostchain |
| ✓ |
tag |
| ✓ |
rawMessage |
| ✓ |