Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Current »

Introduction

The tags beginning with av.fsecure identify events generated by antivirus services belonging to F-Secure.

Valid tags and data tables 

The full tag must have 4 levels. The first two are fixed as av.fsecure. The third level identifies the type of events sent. The fourth level indicates the event subtype.

These are the valid tags and corresponding data tables that will receive the parsers' data:

Product / Service

Tags

Data tables

F-Secure Internet Gatekeeper

av.fsecure.igk.access

av.fsecure.igk.access

For more information, read more About Devo tags.

Table structure

These are the fields displayed in this table:

Field

Type

Field transformation

Source field name

Extra fields

eventdate

timestamp

 

 

machine

str

 

vmachine

serverdate

timestamp

 

 

srcHost

str

 

 

srcIp

ip4

 

 

dstIp

ip4

 

 

service

str

 

 

detectResult

str

 

 

action

str

 

 

virus

str

 

 

method

str

 

 

url

str

 

 

user

str

 

 

requestStat

str

 

 

statusCode

int4

 

 

responseTime

int4

 

 

responseLength

int4

 

 

hierarchyStat

str

 

 

contentType

str

 

 

file

str

 

 

quarantine

str

 

 

intPid

int4

 

 

pid

int4

 

 

numFiles

int4

 

 

numChecks

int4

 

 

detectTime

int4

 

 

details

str

 

 

senderAddr

str

(service = "smtp") ? data1 : null("")

service

data1

msgId

str

(service = "smtp") ? data2 : null("")

service

data2

protoDetails

str

(service = "http") ? data2 : null("")

service

data2

xForwardedFor

str

(service = "http") ? data2 : null("")

service

data2

error

str

 

 

igk

str

 

 

hostchain

str

 

 

tag

str

 

 

  • No labels