/
vpn.aws
Document toolboxDocument toolbox

vpn.aws

Owned by Former user (Deleted), created
Last updated: Feb 07, 2025 by Laszlo FrazerVersion comment
1 min read
[ 1 Introduction ] [ 2 Valid tags and data tables ] [ 3 Table structure ]

Introduction

Devo recommends using the CloudTrail Audit SQS Collector for monitoring AWS VPN. The vpn.aws tables are deprecated.

The tags beginning with vpn.aws identified events generated by Amazon Web Services belonging to aws.

Valid tags and data tables

The full tag must have 3 levels. The first two are fixed as vpn.aws. The third level identifies the type of events sent.

These are the valid tags and corresponding data tables that will receive the parsers' data:

Product / Service

Tags

Data tables

Product / Service

Tags

Data tables

Amazon Web Services

vpn.aws.client

vpn.aws.client

For more information, read more About Devo tags.

Table structure

These are the fields displayed in this table:

Field

Type

Extra fields

Field

Type

Extra fields

eventdate

timestamp

 

hostname

str

 

connection_log_type

str

 

connection_attempt_status

str

 

connection_attempt_failure_reason

str

 

connection_id

str

 

client_vpn_endpoint_id

str

 

transport_protocol

str

 

connection_start_time

timestamp

 

connection_last_update_time

timestamp

 

client_ip

ip4

 

username

str

 

device_type

str

 

device_ip

ip4

 

port

str

 

ingress_bytes

str

 

egress_bytes

str

 

ingress_packets

str

 

egress_packets

str

 

connection_end_time

timestamp

 

connection_reset_status

str

 

connection_duration_seconds

str

 

hostchain

str

tag

str

rawMessage

str

Related content

vpn.cisco
vpn.cisco
Devo latest
More like this
vpn - Virtual Private Network
vpn - Virtual Private Network
Devo latest
More like this
vpn.pulsesecure
vpn.pulsesecure
Devo latest
More like this
vcs.gitlab
vcs.gitlab
Devo latest
Read with this
vpn.openvpn
vpn.openvpn
Devo latest
More like this
firewall.cisco
firewall.cisco
Devo latest
Read with this