Document toolboxDocument toolbox

ips.toplayer

Introduction

The tags beginning with ips.toplayer identify events generated by IBM Top Layer IPS.

Valid tags and data tables 

The full tag must have 3 levels. The first two are fixed as ips.toplayer. The third level identifies the type of events sent.

These are the valid tags and corresponding data tables that will receive the parsers' data:

Product / Service

Tags

Data tables

Product / Service

Tags

Data tables

IBM Top Layer IPS

ips.toplayer.common

ips.toplayer.common

For more information, read more About Devo tags.

Table structure

These are the fields displayed in this table:

ips.toplayer.common

Field

Type

Source field name

Extra fields

Field

Type

Source field name

Extra fields

eventdate

timestamp

 

 

model

str

vmodel

 

sensor

str

vsensor

 

msgId

int4

 

 

pt

str

 

 

prot

str

 

 

cip

ip4

 

 

cprt

int4

 

 

sip

ip4

 

 

sprt

int4

 

 

atck

str

 

 

disp

str

 

 

ckt

int4

 

 

src

str

 

 

msg

str

 

 

code

str

 

 

type

str

 

 

host

str

 

 

rule

str

 

 

user

str

 

 

acc

str

 

 

adm

str

 

 

app

str

 

 

arg

str

 

 

bld

str

 

 

bw

int4

 

 

bd

int8

 

 

cause

int4

 

 

cbtx

int8

 

 

cc1

int4

 

 

cc2

int4

 

 

cc3

int4

 

 

cc4

int4

 

 

cmac

str

 

 

cname

str

 

 

cptx

int8

 

 

cfg

str

 

 

cnt

int8

 

 

ctd

timestamp

 

 

dup

str

 

 

dur

str

 

 

et

str

 

 

flags

str

 

 

fwd

str

 

 

mtu

int4

 

 

op

str

 

 

oper

str

 

 

path

str

 

 

qos

str

 

 

red

str

 

 

ref

str

 

 

rel

str

 

 

res

int4

 

 

sbtx

int8

 

 

ser

str

 

 

spd

str

 

 

smac

str

 

 

sname

str

 

 

sptx

int8

 

 

spt

str

 

 

term

int4

 

 

thret

str

 

 

thrsh

int4

 

 

uri

str

 

 

upt

str

 

 

vlan

int4

 

 

cckt

int4

 

 

sckt

int4

 

 

unknown

str

 

 

hostchain

str

 

✓

tag

str

 

✓