cwpp.colortokens
Introduction
The tags beginning with cwpp.colortokens
identify events generated by ColorTokens products.
Valid tags and data tables
The full tag must have 4 levels. The first two are fixed as cwpp.colortokens
. The third level identifies the type of events sent. The fourth level indicates the event subtype.
These are the valid tags and corresponding data tables that will receive the parsers' data:
Product / Service | Tags | Data tables |
---|---|---|
ColorTokens Xshield |
|
|
|
|
For more information, read more About Devo tags.
How is the data sent to Devo?
Logs generated by ColorTokens Xshield are forwarded to Devo using a dedicated collector. Learn more about it in this article.
Table structure
These are the fields displayed in these tables:
cwpp.colortokens.xshield.alert
Field | Type | Extra fields |
---|---|---|
eventdate |
| Â |
hostname |
| Â |
id |
| Â |
status |
| Â |
description |
| Â |
category |
| Â |
severity |
| Â |
rule_id |
| Â |
monitoring_type |
| Â |
updated_date |
| Â |
created_date |
| Â |
mail_sent |
| Â |
event |
| Â |
hostchain |
|  ✓ |
tag |
|  ✓ |
rawMessage |
|  ✓ |
cwpp.colortokens.xshield.audit
Field | Type | Extra fields |
---|---|---|
eventdate |
| Â |
hostname |
| Â |
id |
| Â |
timestamp |
| Â |
message |
| Â |
meta_action |
| Â |
meta_roles |
| Â |
hostchain |
| ✓ |
tag |
| ✓ |
rawMessage |
| ✓ |
Â