vpn.soft_ether
Introduction
The tags beginning with vpn.soft_ether
identify events generated by SoftEther VPN.
Valid tags and data tablesÂ
The full tag must have 4 levels. The first two are fixed as vpn.soft_ether
. The third level identifies the type of events sent. The fourth level indicates the event subtype.
These are the valid tags and corresponding data tables that will receive the parsers' data:
Product / Service | Tags | Data tables |
---|---|---|
SoftEther VPN |
|
|
|
| |
|
|
For more information, read more About Devo tags.
How is the data sent to Devo?
Logs generated by SoftEther VPN must be sent to the Devo platform via the Devo Relay to secure communication. See the required relay rules below:
Rule for events of SoftEther VPN Packet log
Source port - Any available port.
Target tag -
vpn.soft_ether.packet_log.event
Sent without syslog tag - ✓
Stop processing - ✓
Rule for events of SoftEther VPN Security log
Source port - Any available port.
Target tag -
vpn.soft_ether.security_log.event
Sent without syslog tag - ✓
Stop processing - ✓
Rule for events of SoftEther VPN Server log
Source port - Any available port.
Target tag -
vpn.soft_ether.server_log.event
Sent without syslog tag - ✓
Stop processing - ✓
Table structure
These are the fields displayed in these tables:
vpn.soft_ether.packet_log.event
Field | Type | Field transformation | Source field name | Extra fields |
---|---|---|---|---|
eventdate |
| Â | Â | Â |
machine |
| Â | Â | Â |
sever_timestamp |
| parsedate(server_date, +" " + server_time, dateformat("YYYY-MM-DD HH:mm:ss.SSS")) | server_time server_date | Â |
source_session_id |
| Â | Â | Â |
destination_session_id |
| Â | Â | Â |
source_mac |
| Â | Â | Â |
destination_mac |
| Â | Â | Â |
protocol |
| Â | Â | Â |
packet_size |
| Â | Â | Â |
packet_type |
| Â | Â | Â |
packet_flags |
| Â | Â | Â |
source_ip |
| Â | Â | Â |
source_ipv4 |
| Â | Â | Â |
source_port |
| Â | Â | Â |
destination_ip |
| Â | Â | Â |
destination_ipv4 |
| Â | Â | Â |
destination_port |
| Â | Â | Â |
sequence_number |
| Â | Â | Â |
ack_number |
| Â | Â | Â |
protocol_information |
| Â | Â | Â |
packet_data |
| Â | Â | Â |
physical_source_ip |
| Â | Â | Â |
physical_source_ipv4 |
| Â | Â | Â |
physical_destination |
| Â | Â | Â |
physical_destination_ipv4 |
| Â | Â | Â |
hostchain |
|  |  | ✓ |
tag |
|  |  | ✓ |
rawMessage |
|  |  | ✓ |
vpn.soft_ether.security_log.event
Field | Type | Extra fields |
---|---|---|
eventdate |
| Â |
machine |
| Â |
protocol |
| Â |
session_id |
| Â |
action |
| Â |
source_ip |
| Â |
source_ipv4 |
| Â |
source_port |
| Â |
destination_ip |
| Â |
destination_ipv4 |
| Â |
destination_port |
| Â |
hostchain |
| ✓ |
tag |
| ✓ |
rawMessage |
| ✓ |
vpn.soft_ether.server_log.event
Field | Type | Extra fields |
---|---|---|
eventdate |
| Â |
machine |
| Â |
connection_id |
| Â |
protocol |
| Â |
encryption_algorithm_name |
| Â |
action |
| Â |
hostname |
| Â |
client_ip |
| Â |
client_ipv4 |
| Â |
client_port |
| Â |
hostchain |
| ✓ |
tag |
| ✓ |
rawMessage |
| ✓ |