Document toolboxDocument toolbox

firewall.iptables

Introduction

The tags beginning with firewall.iptables identify events generated by Linux iptables.

Valid tags and data tables 

The full tag must have 3 levels. The first two are fixed as firewall.iptables. The third level identifies the type of events sent.

These are the valid tags and corresponding data tables that will receive the parsers' data:

Product / Service

Tags

Data tables

Product / Service

Tags

Data tables

Linux kernel firewall - iptables

firewall.iptables.std.kernel

firewall.iptables.std

For more information, read more About Devo tags.

Table structure

These are the fields displayed in this table:

firewall.iptables.std

Field

Type

Source field name

Extra fields

Field

Type

Source field name

Extra fields

eventdate

timestamp

 

 

host

str

vhost

 

application

str

 

 

stamp

float8

 

 

logtype

str

 

 

srcIp

ip4

 

 

dstIp

ip4

 

 

srcPort

int4

 

 

dstPort

int4

 

 

ifaceIn

str

 

 

ifaceOut

str

 

 

srcMac

str

 

 

dstMac

str

 

 

etherType

str

 

 

proto

str

 

 

len

int4

 

 

window

int4

 

 

tos

int4

 

 

prec

int4

 

 

ttl

int4

 

 

id

int8

 

 

frag

int4

 

 

opt

str

 

 

ceFlag

bool

 

 

dfFlag

bool

 

 

mfFlag

bool

 

 

seq

int8

 

 

ack

int8

 

 

res

int4

 

 

urgp

int4

 

 

urgFlag

bool

 

 

ackFlag

bool

 

 

pshFlag

bool

 

 

rstFlag

bool

 

 

synFlag

bool

 

 

finFlag

bool

 

 

protoOpt

str

 

 

protoLen

int4

 

 

icmpType

int4

 

 

icmpCode

int4

 

 

icmpId

int4

 

 

hostchain

str

 

✓

tag

str

 

✓

rawMessage

str

rawSource

✓

Â