Document toolboxDocument toolbox

network.versa

Introduction

The tags beginning with network.versa identify log events generated by the following Versa technologies.

Tag structure

The full network.versa tags have four levels. The first two are fixed as network.versa. The third level identifies the type of events sent.

Product / Service

Tags

Data tables

Product / Service

Tags

Data tables

Versa networks

network.versa.av.events

network.versa.av.events

network.versa.cgnat.events

network.versa.cgnat.events

network.versa.idp.events

network.versa.idp.events

network.versa.ngfw.access

network.versa.ngfw.access

network.versa.ngfw.identification

network.versa.ngfw.identification

network.versa.ngfw.urlfiltering

network.versa.ngfw.urlfiltering

network.versa.sdwan.b2bslam

network.versa.sdwan.b2bslam

network.versa.sdwan.slaviolation

network.versa.sdwan.slaviolation

network.versa.sdwan.traffic

network.versa.sdwan.traffic

For more information, read more about Devo tags.

Devo relay rules

You will need to define relay rules that can correctly identify the event type and apply the corresponding tag.

We'll use mostly type-2 relay rules that apply a fixed tag based upon specific data contained in the inbound event and all rules are defined on the same port. In this example, we're using port 13030, but you can use any free port on your relay.

These instructions cover all of the event types.

Rule 1: Versa NGFW Access

  • Source port → 13030

  • Source data (.*)accessLog, applianceName=(.*)

  • Target tag → network.versa.ngfw.access

  • Select the Stop processing and Sent without syslog tag checkboxes

Rule 2: Versa NGFW Identification

  • Source port → 13030

  • Source data → (.*)flowIdLog, applianceName=(.*)

  • Target tag → network.versa.ngfw.identification

  • Select the Stop processing and Sent without syslog tag checkboxes

Rule 3: Versa NGFW Url Filtering

  • Source port → 13030

  • Source data (.*)urlfLog, applianceName=(.*)

  • Target tag → network.versa.ngfw.urlfiltering

  • Select the Stop Processing and Sent without syslog tag checkboxes

Rule 4: Versa SDWAN Traffic

  • Source port → 13030

  • Source data → (.*)flowMonLog, applianceName=(.*)

  • Target tag → network.versa.sdwan.traffic

  • Select the Stop Processing and Sent without syslog tag checkboxes

Rule 5: Versa SDWAN Sla Violation

  • Source port → 13030

  • Source data → (.*)sdwanSlaPathViolLog, applianceName=(.*)

  • Target tag → network.versa.sdwan.slaviolation

  • Select the Stop processing and Sent without syslog tag checkboxes

Rule 6: Versa SDWAN B2B Slam

  • Source port → 13030

  • Source data → (.*)sdwanB2BSlamLog, applianceName=(.*)

  • Target tag → network.versa.sdwan.b2bslam

  • Select the Stop processing and Sent without syslog tag checkboxes

Rule 7: Versa CGNAT Events

  • Source port → 13030

  • Source data → (.*)cgnatLog, applianceName=(.*)

  • Target tag → network.versa.cgnat.events

  • Select the Stop processing and Sent without syslog tag checkboxes

Rule 8: Versa AV Events

  • Source port → 13030

  • Source data → (.*)avLog, applianceName=(.*)

  • Target tag → network.versa.av.events

  • Select the Stop processing and Sent without syslog tag checkboxes

Rule 9: Versa IDP Events

  • Source port → 13030

  • Source data → (.*)idpLog, applianceName=(.*)

  • Target tag → network.versa.idp.events

  • Select the Stop processing and Sent without syslog tag checkboxes

Table structure

These are the fields displayed in these tables: