ips.f5
Introduction
The tags beginning with ips.f5
identify events generated by F5 BIG-IP.
Valid tags and data tablesÂ
The full tag must have 3 levels. The first two are fixed as ips.f5
. The third level identifies the type of events sent.
These are the valid tags and corresponding data tables that will receive the parsers' data:
Product / Service | Tags | Data tables |
---|---|---|
F5 BIG-IP Intrusion Prevention System |
|
|
For more information, read more About Devo tags.
Table structure
These are the fields displayed in this table:
ips.f5.bigip
Field | Type | Field transformation | Source field name | Extra fields |
---|---|---|---|---|
eventdate |
| Â | Â | Â |
host |
| Â | vhost | Â |
serverdate |
| Â | Â | Â |
rule |
| Â | Â | Â |
message |
| Â | Â | Â |
clientIp |
| Â | Â | Â |
clientPort |
| Â | Â | Â |
vIp |
| Â | Â | Â |
vIpPort |
| Â | Â | Â |
nodeIp |
| Â | Â | Â |
nodePort |
| Â | Â | Â |
URL |
| Â | Â | Â |
severity |
| Â | Â | Â |
process |
| process1 -> '[' ? split(process1, '[', 0) : process1 | process1 | Â |
user |
| Â | Â | Â |
command |
| Â | Â | Â |
sslSrcIP |
| Â | Â | Â |
sslSrcIdentd |
| Â | Â | Â |
sslUser |
| Â | Â | Â |
sslServerdate |
| Â | Â | Â |
sslUrl |
| Â | Â | Â |
sslStatusCode |
| Â | Â | Â |
sslResponseLength |
| Â | Â | Â |
rawMessage |
|  |  | ✓ |
hostchain |
|  |  | ✓ |
tag |
|  |  | ✓ |