ips.toplayer
Introduction
The tags beginning with ips.toplayer
identify events generated by IBM Top Layer IPS.
Valid tags and data tablesÂ
The full tag must have 3 levels. The first two are fixed as ips.toplayer
. The third level identifies the type of events sent.
These are the valid tags and corresponding data tables that will receive the parsers' data:
Product / Service | Tags | Data tables |
---|---|---|
IBM Top Layer IPS |
|
|
For more information, read more About Devo tags.
Table structure
These are the fields displayed in this table:
ips.toplayer.common
Field | Type | Source field name | Extra fields |
---|---|---|---|
eventdate |
| Â | Â |
model |
| vmodel | Â |
sensor |
| vsensor | Â |
msgId |
| Â | Â |
pt |
| Â | Â |
prot |
| Â | Â |
cip |
| Â | Â |
cprt |
| Â | Â |
sip |
| Â | Â |
sprt |
| Â | Â |
atck |
| Â | Â |
disp |
| Â | Â |
ckt |
| Â | Â |
src |
| Â | Â |
msg |
| Â | Â |
code |
| Â | Â |
type |
| Â | Â |
host |
| Â | Â |
rule |
| Â | Â |
user |
| Â | Â |
acc |
| Â | Â |
adm |
| Â | Â |
app |
| Â | Â |
arg |
| Â | Â |
bld |
| Â | Â |
bw |
| Â | Â |
bd |
| Â | Â |
cause |
| Â | Â |
cbtx |
| Â | Â |
cc1 |
| Â | Â |
cc2 |
| Â | Â |
cc3 |
| Â | Â |
cc4 |
| Â | Â |
cmac |
| Â | Â |
cname |
| Â | Â |
cptx |
| Â | Â |
cfg |
| Â | Â |
cnt |
| Â | Â |
ctd |
| Â | Â |
dup |
| Â | Â |
dur |
| Â | Â |
et |
| Â | Â |
flags |
| Â | Â |
fwd |
| Â | Â |
mtu |
| Â | Â |
op |
| Â | Â |
oper |
| Â | Â |
path |
| Â | Â |
qos |
| Â | Â |
red |
| Â | Â |
ref |
| Â | Â |
rel |
| Â | Â |
res |
| Â | Â |
sbtx |
| Â | Â |
ser |
| Â | Â |
spd |
| Â | Â |
smac |
| Â | Â |
sname |
| Â | Â |
sptx |
| Â | Â |
spt |
| Â | Â |
term |
| Â | Â |
thret |
| Â | Â |
thrsh |
| Â | Â |
uri |
| Â | Â |
upt |
| Â | Â |
vlan |
| Â | Â |
cckt |
| Â | Â |
sckt |
| Â | Â |
unknown |
| Â | Â |
hostchain |
|  | ✓ |
tag |
|  | ✓ |