graylog2-server.4.3.4.source-code.netflow9.yml Maven / Gradle / Ivy
---
1:
- 4
- :in_bytes
2:
- 4
- :in_pkts
3:
- 4
- :flows
4:
- :uint8
- :protocol
5:
- :uint8
- :src_tos
6:
- :uint8
- :tcp_flags
7:
- :uint16
- :l4_src_port
8:
- :ip4_addr
- :ipv4_src_addr
9:
- :uint8
- :src_mask
10:
- 2
- :input_snmp
11:
- :uint16
- :l4_dst_port
12:
- :ip4_addr
- :ipv4_dst_addr
13:
- :uint8
- :dst_mask
14:
- 2
- :output_snmp
15:
- :ip4_addr
- :ipv4_next_hop
16:
- 2
- :src_as
17:
- 2
- :dst_as
18:
- :ip4_addr
- :bgp_ipv4_next_hop
19:
- 4
- :mul_dst_pkts
20:
- 4
- :mul_dst_bytes
21:
- :uint32
- :last_switched
22:
- :uint32
- :first_switched
23:
- 4
- :out_bytes
24:
- 4
- :out_pkts
25:
- :uint16
- :min_pkt_length
26:
- :uint16
- :max_pkt_length
27:
- :ip6_addr
- :ipv6_src_addr
28:
- :ip6_addr
- :ipv6_dst_addr
29:
- :uint8
- :ipv6_src_mask
30:
- :uint8
- :ipv6_dst_mask
31:
- :uint24
- :ipv6_flow_label
32:
- :uint16
- :icmp_type
33:
- :uint8
- :mul_igmp_type
34:
- :uint32
- :sampling_interval
35:
- :uint8
- :sampling_algorithm
36:
- :uint16
- :flow_active_timeout
37:
- :uint16
- :flow_inactive_timeout
38:
- :uint8
- :engine_type
39:
- :uint8
- :engine_id
40:
- 4
- :total_bytes_exp
41:
- 4
- :total_pkts_exp
42:
- 4
- :total_flows_exp
43:
- :skip
44:
- :ip4_addr
- :ipv4_src_prefix
45:
- :ip4_addr
- :ipv4_dst_prefix
46:
- :uint8
- :mpls_top_label_type
47:
- :uint32
- :mpls_top_label_ip_addr
48:
- 4
- :flow_sampler_id
49:
- :uint8
- :flow_sampler_mode
50:
- :uint32
- :flow_sampler_random_interval
51:
- :skip
52:
- :uint8
- :min_ttl
53:
- :uint8
- :max_ttl
54:
- :uint16
- :ipv4_ident
55:
- :uint8
- :dst_tos
56:
- :mac_addr
- :in_src_mac
57:
- :mac_addr
- :out_dst_mac
58:
- :uint16
- :src_vlan
59:
- :uint16
- :dst_vlan
60:
- :uint8
- :ip_protocol_version
61:
- :uint8
- :direction
62:
- :ip6_addr
- :ipv6_next_hop
63:
- :ip6_addr
- :bgp_ipv6_next_hop
64:
- :uint32
- :ipv6_option_headers
65:
- :skip
66:
- :skip
67:
- :skip
68:
- :skip
69:
- :skip
80:
- :mac_addr
- :in_dst_mac
81:
- :mac_addr
- :out_src_mac
82:
- :string
- :if_name
83:
- :string
- :if_desc
84:
- :string
- :sampler_name
85:
- :uint32
- :in_permanent_bytes
86:
- :uint32
- :in_permanent_pkts
89:
- :forwarding_status
- :forwarding_status
94:
- :string
- :application_description
95: # TODO: Add support for parsing application Ids
- :skip
96:
- :string
- :application_name
98:
- :uint8
- :postIpDiffServCodePoint
136:
- :uint8
- :flow_end_reason
147:
- :string
- :wlanSSID
148:
- :uint32
- :conn_id
150:
- 4
- :flow_start_seconds
151:
- 4
- :flow_end_seconds
152:
- 8
- :flow_start_msec
153:
- 8
- :flow_end_msec
154:
- 8
- :flow_start_micros
155:
- 8
- :flow_end_micros
161:
- :uint32
- :flow_duration_millis
162:
- :uint32
- :flow_duration_micros
176:
- :uint8
- :icmp_type
177:
- :uint8
- :icmp_code
178:
- :uint8
- :icmp_type_ipv6
179:
- :uint8
- :icmp_code_ipv6
180:
- :uint16
- :udp_src_port
181:
- :uint16
- :udp_dst_port
182:
- :uint16
- :tcp_src_port
183:
- :uint16
- :tcp_dst_port
194:
- :uint8
- :ip_tos
195:
- :uint8
- :ip_dscp
201:
- mpls_label_stack_octets
- mpls_label_stack_octets
225:
- :ip4_addr
- :xlate_src_addr_ipv4
226:
- :ip4_addr
- :xlate_dst_addr_ipv4
227:
- :uint16
- :xlate_src_port
228:
- :uint16
- :xlate_dst_port
231:
- :uint32
- :fwd_flow_delta_bytes
232:
- :uint32
- :rev_flow_delta_bytes
233:
- :uint8
- :fw_event
234:
- :uint32
- :ingressVRFID
235:
- :uint32
- :egressVRFID
236:
- :string
- :VRFname
281:
- :ip6_addr
- :xlate_src_addr_ipv6
282:
- :ip6_addr
- :xlate_dst_addr_ipv6
298:
- :uint64
- :initiatorPackets
299:
- :uint64
- :responderPackets
323:
- 8
- :event_time_msec
361:
- :uint16
- :postNATPortBlockStart
362:
- :uint16
- :postNATPortBlockEnd
365:
- :mac_addr
- :staMacAddress
366:
- :ip4_addr
- :staIPv4Address
367:
- :mac_addr
- :wtpMacAddress
372:
- :string
- :application_category_name
8192:
- :uint32
- :streamcore_wan_rtt
8193:
- :uint32
- :streamcore_net_app_resp_time
8194:
- :uint32
- :streamcore_total_app_resp_time
8195:
- :uint16
- :streamcore_tcp_retrans_rate
8196:
- :uint8
- :streamcore_call_direction
8256:
- :string
- :streamcore_hostname
8257:
- :string
- :streamcore_url
8258:
- :string
- :streamcore_ssl_cn
8259:
- :string
- :streamcore_ssl_org
8320:
- :uint16
- :streamcore_mos_lq
8321:
- :uint16
- :streamcore_net_delay
8322:
- :uint16
- :streamcore_net_loss
8323:
- :uint16
- :streamcore_net_jitter
8324:
- :uint16
- :streamcore_net_discard
8325:
- :uint8
- :streamcore_rtp_clockrate_in
8326:
- :uint8
- :streamcore_rtp_clockrate_out
8327:
- :uint8
- :streamcore_codec_in
8328:
- :uint8
- :streamcore_codec_out
8384:
- :uint32
- :streamcore_id_rule_1
8385:
- :uint32
- :streamcore_id_rule_2
8386:
- :uint32
- :streamcore_id_rule_3
8387:
- :uint32
- :streamcore_id_rule_4
8388:
- :uint32
- :streamcore_id_rule_5
8389:
- :uint32
- :streamcore_id_rule_6
8390:
- :uint32
- :streamcore_id_rule_7
8391:
- :uint32
- :streamcore_id_rule_8
8392:
- :uint32
- :streamcore_id_rule_9
8393:
- :uint32
- :streamcore_id_rule_10
33000: # TODO: Parse ASA ACL http://www.cisco.com/c/en/us/td/docs/security/asa/special/netflow/guide/asa_netflow.html#pgfId-1331620
- :skip
33001:
- :skip
33002:
- :uint16
- :fw_ext_event
40000:
- :string
- :username
40001:
- :ip4_addr
- :xlate_src_addr_ipv4
40002:
- :ip4_addr
- :xlate_dst_addr_ipv4
40003:
- :uint16
- :xlate_src_port
40004:
- :uint16
- :xlate_dst_port
40005:
- :uint8
- :fw_event