-
Notifications
You must be signed in to change notification settings - Fork 15
/
GRAYLOG_EXTRACTOR_FIELDS.txt
45 lines (44 loc) · 1.45 KB
/
GRAYLOG_EXTRACTOR_FIELDS.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
List of Parsing Fields and Tags Used in Extractors
SIP Source IP (v4/6)
SNATIP Source Nat IP (v4/6)
DIP Destination IP (v4/6)
DNATIP Destination Nat IP (v4/6)
SPORT Source Port
SNATPORT Source Nat Port
DPORT Destination Port
DNATPORT Destination Nat Port
SMAC Source MAC Address
DMAC Destination MAC Address
SINTERFACE Source Interface
DINTERFACE Destination Interface
PROTOCOL Protocol
PROTNUM Protocol Number/ID
PROTNAME Protocol Name
LOGIN User associated with activity
ACCOUNT User account impacted by activity
GROUP Group/Role
DOMAIN Windows/DNS Domain
OBJECT Resource (file, etc)
URL Referenced URL
VMID Vendor Message ID
SENDER Email SENDER
RECIPIENT Email Recipient
SUBJECT Email SUBJECT
SESSION User, System, Application Session
PROCESS System of Application Process
SEVERITY Logging Level
VERSION Software/Hardware VERSION
COMMAND Command, Script, etc Executed
BYTESIN Bytes Inbound
BYTESOUT Bytes Outbound
DURATION Duration of a Session, Job, Activity, etc
SIZE The Size of Something
QUANTITY The Quantity of Something
AMOUNT The Amount of Something
RATE The Rate/Interval of Something
LOGSTAMP FreeForm Timestamp Field found in Message
DIRECTION Some FWs include directionality of Data (inbound, outbound, etc)
JUNK Junk Information / Not Necessary Information
PAYLOAD Used for Truncated Messages - capture remaining data in 1 field
POLICY Policy ID#
POLICYRULE Policy Rule or Policy Rule ID#