9.5.1. bro-*
Field |
Description |
|---|---|
@timestamp |
Timestamp of the log |
@version |
Is a positive number between 1 and 2^63-1. When you index a document for the very first time, it gets the version 1 |
_id |
Unique ID for the document |
_index |
Allows matching on the index a document was indexed into |
_score |
Determine how relevant a match is to the query |
_type |
In order to make searching by type name fast |
agent.ephemeral_id |
Ephemeral identifier of this agent (if one exists) |
agent.hostname |
Hostname of the agent |
agent.id |
Unique identifier of this agent (if one exists) |
agent.type |
Type of the agent |
agent.version |
Version of the agent |
arp_dst_addr |
ARP destination IP |
arp_dst_mac |
ARP destination MAC |
arp_is_at |
MAC for the IP requested |
arp_no_resp |
Indicates if it is an ARP response |
arp_src_addr |
ARP source IP |
arp_src_mac |
ARP source MAC |
arp_unsolicited |
Indicates if it is an ARP response that is unsolicited |
arp_who_has |
The IP of which we want to know the MAC |
bacnet_abdu_type |
Data received within the BACnet network (APDU type) |
bacnet_bvlc_function |
Function being performed by the BVLC layer in a BACnet message |
bacnet_bvlc_len |
Length of the BACnet BVLC message |
bacnet_data |
Data being transmitted in a BACnet message |
bacnet_service_choice |
Specific service being requested or provided in the BACnet message |
block_version |
Version of the network block |
client_fqdn |
Identifier for each client device |
conn_conn_state |
Connection state |
conn_duration |
Connection length |
conn_history |
Connection state history |
conn_local_orig |
Is Orig in Site::local_nets? |
conn_local_resp |
Is Resp in Site::local_nets? |
conn_missed_bytes |
Number of bytes missing due to content gaps |
conn_orig_bytes |
Orig payload bytes; from sequence numbers if TCP |
conn_orig_ip_bytes |
Number of Orig IP bytes (via IP total_length header feld) |
conn_orig_l2_addr |
Link-layer address of the originator |
conn_orig_pkts |
Number of Orig packets |
conn_proto |
Transport layer protocol of connection |
conn_resp_bytes |
Resp payload bytes; from sequence numbers if TCP |
conn_resp_ip_bytes |
Number of Resp IP bytes (via IP total_length header feld) |
conn_resp_l2_addr |
Link-layer address of the responder |
conn_resp_pkts |
Number of Resp packets |
conn_service |
Detected application protocol, if any |
conn_state_full |
Connection full state |
conn_tunnel_parents |
If tunneled, connection UID of encapsulating parent(s) |
conn_vlan |
The outer VLAN for this connection |
connection_time |
Duration of the connection |
dcerpc_endpoint |
Endpoint name looked up from the uuid |
dcerpc_named_pipe |
Remote pipe name |
dcerpc_operation |
Operation seen in the call |
dcerpc_rtt |
Round trip time from the request to the response (if either the request or response wasn’t seen, this will be null) |
dhcp_assigned_addr |
IP address assigned by the server |
dhcp_client_addr |
IP address of client |
dhcp_domain |
Domain given by server |
dhcp_duration |
Duration of dhcp session |
dhcp_host_name |
Name given by client |
dhcp_lease_time |
IP address lease time |
dhcp_mac |
Client’s hardware address |
dhcp_msg_types |
DHCP message types |
dhcp_server_addr |
IP address of server handing out lease |
dnp3_fc_reply |
The name of the reply function message |
dnp3_fc_request |
The name of the request function message |
dnp3_iin |
The response’s “internal indication number” |
dns_AA |
Authoritative answer: T = server is authoritative for the query |
dns_RA |
Recursion available: T = server supports recursive queries |
dns_RD |
Recursion desired: T = recursive lookup of query requested |
dns_TC |
Truncation: T = the message was truncated |
dns_TTLs |
Caching intervals of the answers |
dns_Z |
Reserved feld, should be zero in all queries and responses |
dns_answers |
List of resource descriptions in answer to the query |
dns_proto |
Protocol of DNS transaction—TCP or UDP |
dns_qclass |
Value specifying the query class |
dns_qclass_name |
Descriptive name of the query class (e.g., C_INTERNET) |
dns_qtype |
Value specifying the query type |
dns_qtype_name |
Descriptive name of the query type (e.g., A, AAAA, PTR) |
dns_query |
Domain name subject of the query |
dns_rcode |
Response code value in the DNS response |
dns_rcode_name |
Descriptive name of response code (e.g., NXDOMAIN, NODATA) |
dns_rejected |
Whether DNS query was rejected by server |
dns_rtt |
Round trip time for the query and response |
dns_trans_id |
16 bit identifer assigned by DNS client; responses match |
dpd_analyzer |
The analyzer that generated the violation |
dpd_failure_reason |
The textual reason for the analysis failure |
dpd_proto |
The protocol detected |
dst_addr |
Destination address |
dst_ip |
Destination IP |
dst_port |
Destination port |
ecs.version |
When querying across multiple indices - which may conform to slightly different ECS versions - this field lets integrations adjust to the schema version of the events |
enip_command |
Ethernet/IP command name |
enip_length |
Length of ENIP data following header |
enip_options |
Options flags |
enip_sender_context |
Sender context |
enip_session_handle |
Session identifier |
enip_status |
Ethernet/IP status code |
files_analyzers |
Set of analyzers attached during file analysis |
files_conn_uids |
Connection UID(s) over which fle transferred |
files_depth |
Depth of fle related to source (e.g., HTTP request depth) |
files_duration |
The duration that the file was analyzed for |
files_filename |
If available, filename from source; frequently the “Content-Disposition” headers in network protocols |
files_is_orig |
If transferred via network, was file sent by the originator? |
files_local_orig |
If transferred via network, did data originate locally? |
files_md5 |
MD5 hash of file, if enabled |
files_mime_type |
Libmagic sniffed file type |
files_missing_bytes |
Number of bytes in the file stream missed; eg: dropped packets |
files_overflow_bytes |
Number of not all-in-sequence bytes in the file stream delivered to file analyzers due to reassembly buffer overflow |
files_seen_bytes |
Number of bytes provided to file analysis engine |
files_sha1 |
SHA1 hash of file, if enabled |
files_sha256 |
SHA256 hash of file, if enabled |
files_source |
An identification of the source of the file data |
files_timedout |
If the file analysis time out at least once per file |
files_total_bytes |
Total number of bytes that should comprise the file |
fuid |
Identifier for a single file |
host |
Hostname of the server that contain the log |
http_bro_tags |
Indicators of various attributes discovered |
http_host |
Value of the HOST header |
http_info_code |
Last seen 1xx info reply code by server |
http_info_msg |
Last seen 1xx info reply message by server |
http_method |
HTTP Request verb: GET, POST, HEAD… |
http_orig_fuids |
An ordered vector of file unique IDs from orig |
http_orig_mime_types |
An ordered vector of mime types from orig |
http_proxied |
Headers that might indicate a proxied request |
http_referrer |
Value of the “referer” header |
http_request_body_len |
Actual uncompressed content size of the data transferred from the server |
http_resp_fuids |
An ordered vector of file unique IDs from resp |
http_resp_mime_types |
An ordered vector of mime types from resp |
http_response_body_len |
Actual uncompressed content size of the data transferred from the server |
http_status_code |
Status code returned by the server |
http_status_msg |
Status message returned by the server |
http_trans_depth |
Pipelined depth into the connection |
http_uri |
URI used in the request |
http_user_agent |
Value of the User-Agent header |
http_user_agent_parsed.build |
Value of build in the User-Agent header |
http_user_agent_parsed.device |
Value of device in the User-Agent header |
http_user_agent_parsed.major |
Value of major in the User-Agent header |
http_user_agent_parsed.minor |
Value of minor in the User-Agent header |
http_user_agent_parsed.name |
Value of name in the User-Agent header |
http_user_agent_parsed.os |
Value of os in the User-Agent header |
http_user_agent_parsed.os_major |
Value of os_major in the User-Agent header |
http_user_agent_parsed.os_minor |
Value of os_minor in the User-Agent header |
http_user_agent_parsed.os_name |
Value of os_name in the User-Agent header |
http_user_agent_parsed.patch |
Value of patch in the User-Agent header |
http_username |
If basic-auth is performed for the request |
http_version |
HTTP version |
input.type |
Type of input |
ja3 |
Client fingerprint for the following fields in the Client Hello packet: SSL Version, Accepted Ciphers, List of Extensions, Elliptic Curves, and Elliptic Curve Formats |
ja3s |
Server fingerprint for the server side of SSL/TLS |
kerberos_cipher |
Ticket encryption type |
kerberos_client |
Client name |
kerberos_error_msg |
Error message |
kerberos_forwardable |
Forwardable ticket requested |
kerberos_from |
Ticket valid from |
kerberos_renewable |
Renewable ticket requested |
kerberos_request_type |
Request type - Authentication Service (AS) or Ticket Granting Service (TGS) |
kerberos_service |
Service name |
kerberos_success |
Request result |
kerberos_till |
Ticket valid till |
kerberos_user |
User for Kerberos |
log.file.path |
Path where the source log is located |
log.offset |
The file offset the reported line starts at |
modbus_exception |
Exception if there was a failure |
modbus_func |
Function message that was sent |
notice_actions |
Actions applied to this notice |
notice_dst |
Destination address |
notice_fuid |
File unique identifier |
notice_msg |
Human readable message for the notice |
notice_note |
The type of the notice |
notice_p |
Associated port, if any |
notice_proto |
Transport protocol |
notice_src |
Source address |
notice_sub |
Sub-message for the notice |
notice_suppress_for |
Length of time dupes should be suppressed |
ntlm_domainname |
Domainname given by the client |
ntlm_hostname |
Hostname given by the client |
ntlm_server_dns_computer_name |
DNS name given by the server in a CHALLENGE |
ntlm_server_nb_computer_name |
NetBIOS name given by the server in a CHALLENGE |
ntlm_server_tree_name |
Tree name given by the server in a CHALLENGE |
ntlm_success |
Indicate whether or not the authentication was successful. |
ntlm_username |
Username given by the client. |
opennac |
|
opennac_businessProfiles |
Business profiles associated with OpenNAC |
opennac_fullsource |
Full source of the log in OpenNAC |
opennac_hostname |
Hostname associated with OpenNAC |
opennac_id |
ID associated with OpenNAC |
opennac_ip |
IP address associated with OpenNAC |
opennac_mac |
MAC address associated with OpenNAC |
opennac_macxswitchport.macs |
MAC addresses associated with switch ports in OpenNAC |
opennac_macxswitchport.macs_old |
Previous MAC addresses associated with switch ports in OpenNAC |
opennac_macxswitchport.netdev |
Network devices associated with MAC addresses and switch ports in OpenNAC |
opennac_macxswitchport.netdevport |
Network device ports associated with MAC addresses and switch ports in OpenNAC |
opennac_macxswitchport.qty |
Quantity of MAC addresses associated with switch ports in OpenNAC |
opennac_macxswitchport.qtydiff |
Difference in MAC address quantity for switch ports in OpenNAC |
opennac_module |
Module associated with OpenNAC |
opennac_netdev |
Network device associated with OpenNAC |
opennac_netdevmac |
Network device MAC address associated with OpenNAC |
opennac_netdevport |
Network device port associated with OpenNAC |
opennac_netdevportdesc |
Description of the network device port in OpenNAC |
opennac_notified_ip |
Notified IP address in OpenNAC |
opennac_rule |
Rule associated with OpenNAC |
opennac_sessionid |
Session ID associated with OpenNAC |
opennac_source |
Source of the event in OpenNAC |
opennac_source_module |
Source module associated with OpenNAC |
opennac_ssid |
SSID (Service Set Identifier) associated with OpenNAC |
opennac_status |
Status of the event in OpenNAC |
opennac_statusmsg |
Status message associated with the event in OpenNAC |
opennac_statustxt |
Status text associated with the event in OpenNAC |
opennac_tags_on |
Tags associated with OpenNAC |
opennac_tagsnetdev_on |
Tags associated with network devices in OpenNAC |
opennac_time_poleval |
Time of policy evaluation in OpenNAC |
opennac_time_queued |
Time when the event was queued in OpenNAC |
opennac_time_worker |
Time when the event was processed by a worker in OpenNAC |
opennac_trackid |
User session track ID in OpenNAC |
opennac_trackidevent |
Event associated with the user session track ID in OpenNAC |
opennac_userid |
User ID in OpenNAC |
orig_geoip.city_name |
City Name of the origen IP |
orig_geoip.continent_code |
Continent code of the origin IP |
orig_geoip.country_code2 |
Country code of the origin IP |
orig_geoip.country_code3 |
Country code of the origin IP |
orig_geoip.country_name |
Country name of the origin IP |
orig_geoip.dma_code |
DMA code of the origin IP |
orig_geoip.ip |
IP address of the origin IP |
orig_geoip.latitude |
Latitude of the origin IP |
orig_geoip.location |
Location of the origin IP |
orig_geoip.longitude |
Longitude of the origin IP |
orig_geoip.postal_code |
Postal code of the origin IP |
orig_geoip.region_code |
Region code of the origin IP |
orig_geoip.region_name |
Region name of the origin IP |
orig_geoip.timezone |
Time zone of the origin IP |
origin |
Origin |
pe_compile_ts |
The time that the file was created at |
pe_has_cert_table |
Does the file have an import table? |
pe_has_debug_data |
Does the file have a debug table? |
pe_has_export_table |
Does the file have an export table? |
pe_has_import_table |
Does the file have an import table? |
pe_is_64bit |
Is the file a 64-bit executable? |
pe_is_exe |
Is the file an executable, or just an object file? |
pe_machine |
The target machine that the file was compiled for |
pe_os |
The required operating system |
pe_section_names |
The names of the sections, in order |
pe_subsystem |
The subsystem that is required to run this file |
pe_uses_aslr |
Does the file support Address Space Layout Randomization? |
pe_uses_code_integrity |
Does the file enforce code integrity checks? |
pe_uses_dep |
Does the file support Data Execution Prevention? |
pe_uses_seh |
Does the file use structured exception handing? |
profinet_index |
Unique device identifier in a PROFINET network |
profinet_operation_type |
Type of operation in PROFINET |
profinet_slot_number |
Slot number for communication resources |
profinet_subslot_number |
Subslot number for specific functionality |
rdp_cert_count |
The number of certs seen. X.509 can transfer an entire certificate chain |
rdp_result |
Status result for the connection. It’s a mix between RDP negotation failure messages and GCC server create response messages |
rdp_security_protocol |
Security protocol chosen by the server |
resp_geoip.city_name |
City name of the IP address in the response |
resp_geoip.continent_code |
Continent code of the IP address in the response |
resp_geoip.country_code2 |
Two-letter country code of the IP address in the response |
resp_geoip.country_code3 |
Three-letter country code of the IP address in the response |
resp_geoip.country_name |
Country name of the IP address in the response |
resp_geoip.dma_code |
DMA code of the IP address in the response |
resp_geoip.ip |
IP address associated with a response |
resp_geoip.latitude |
Latitude of the IP address in the response |
resp_geoip.location |
Location of the IP address in the response |
resp_geoip.longitude |
Longitude of the IP address in the response |
resp_geoip.postal_code |
Postal code of the IP address in the response |
resp_geoip.region_code |
Region code of the IP address in the response |
resp_geoip.region_name |
Region name of the IP address in the response |
resp_geoip.timezone |
Time zone of the IP address in the response |
rfb_auth |
Authentication method used in the RFB protocol for remote desktop access |
rfb_authentication_method |
Identifier of authentication method used |
rfb_client_major_version |
Major version of the client |
rfb_client_minor_version |
Minor version of the client |
rfb_desktop_name |
Name of the screen that is being shared |
rfb_height |
Height of the screen that is being shared |
rfb_server_major_version |
Major version of the server |
rfb_server_minor_version |
Minor version of the server |
rfb_share_flag |
Whether the client has an exclusive or a shared session |
rfb_width |
Width of the screen that is being shared |
s7comm_parameter |
Parameter for s7comm |
service |
Service |
sip_call_id |
Unique identifier for a SIP call |
sip_method |
Method used in a SIP request |
sip_request_body_len |
Length of the SIP request body |
sip_request_from |
Sender information in the SIP request |
sip_request_path |
Path or route specified in the SIP request |
sip_request_to |
Recipient information in the SIP request |
sip_response_body_len |
Length of the SIP response body |
sip_response_from |
Sender information in the SIP response |
sip_response_path |
Path or route specified in the SIP response |
sip_response_to |
Recipient information in the SIP response |
sip_seq |
Sequence number associated with SIP messages for tracking and ordering |
sip_status_code |
Status code indicating the outcome or status of a SIP transaction |
sip_status_msg |
Status message associated with the SIP status code |
sip_trans_depth |
Transaction depth or level within the SIP communication |
sip_uri |
URI associated with the SIP message or call |
sip_user_agent |
User agent identifier used in the SIP communication |
smbfiles_action |
Action performed on an SMB |
smbfiles_name |
Name of an SMB file |
smbfiles_path |
Path or location of an SMB file |
smbfiles_size |
Size of an SMB file |
smbfiles_times.accessed |
Access timestamp of an SMB file |
smbfiles_times.changed |
Change timestamp of an SMB file |
smbfiles_times.created |
Creation timestamp of an SMB file |
smbfiles_times.modified |
Modification timestamp of an SMB file |
smbmapping_path |
Path associated with an SMB mapping |
smbmapping_share_type |
Type of shared resource in an SMB mapping |
smtp_date |
Date of an SMTP message |
smtp_first_received |
Timestamp of the first reception of an SMTP message |
smtp_from |
Sender of an SMTP message |
smtp_fuids |
FUIDs associated with an SMTP message |
smtp_helo |
HELO/EHLO command used in an SMTP conversation |
smtp_is_webmail |
Indicates if an SMTP message is from a webmail service |
smtp_last_reply |
Last reply code received in an SMTP conversation |
smtp_mailfrom |
MAIL FROM address in an SMTP message |
smtp_msg_id |
Unique identifier for an SMTP message |
smtp_path |
Path or routing information for an SMTP message |
smtp_rcptto |
RCPT TO addresses in an SMTP message |
smtp_second_received |
Timestamp of the second reception of an SMTP message |
smtp_subject |
Subject of an SMTP message |
smtp_tls |
Indicates if TLS encryption is used in an SMTP conversation |
smtp_to |
Recipient of an SMTP message |
smtp_trans_depth |
Transaction depth or level within an SMTP communication |
snmp_community |
SNMP community string used for authentication |
snmp_display_string |
Display string associated with an SNMP message |
snmp_duration |
Duration of an SNMP operation |
snmp_get_bulk_requests |
Number of GETBULK requests in an SNMP operation |
snmp_get_requests |
Number of GET requests in an SNMP operation |
snmp_get_responses |
Number of GET responses in an SNMP operation |
snmp_set_requests |
Number of SET requests in an SNMP operation |
snmp_up_since |
Timestamp indicating when an SNMP device came up |
snmp_version |
Version of SNMP used in the communication |
src_ip |
Source IP address |
src_port |
Source port number |
ssh_auth_attempts |
Number of SSH authentication attempts |
ssh_auth_success |
Indicates if SSH authentication was successful |
ssh_cipher_alg |
Cipher algorithm used in SSH communication |
ssh_client |
Client software or identifier in SSH communication |
ssh_compression_alg |
Compression algorithm used in SSH communication |
ssh_host_key |
Host key used in SSH communication |
ssh_host_key_alg |
Host key algorithm used in SSH communication |
ssh_kex_alg |
Key exchange algorithm used in SSH communication |
ssh_mac_alg |
Message authentication code (MAC) algorithm used in SSH communication |
ssh_server |
Server software or identifier in SSH communication |
ssh_version |
Version of SSH protocol used |
ssl_cert_chain_fuids |
FUIDs associated with an SSL certificate chain |
ssl_cipher |
Cipher suite used in SSL/TLS communication |
ssl_curve |
Elliptic curve used in SSL/TLS communication |
ssl_established |
Indicates if an SSL/TLS connection is established |
ssl_issuer |
Issuer of an SSL certificate |
ssl_last_alert |
Last SSL alert received |
ssl_next_protocol |
Next protocol negotiated in SSL/TLS communication |
ssl_resumed |
Indicates if an SSL/TLS session is resumed |
ssl_server_name |
Server name indication (SNI) in SSL/TLS communication |
ssl_subject |
Subject of an SSL certificate |
ssl_validation_status |
Validation status of an SSL certificate |
ssl_version |
Version of SSL/TLS protocol used |
syslog_facility |
Facility level in a syslog message |
syslog_message |
Contents of a syslog message |
syslog_severity |
Severity level in a syslog message |
tags |
Tags associated with a log entry or event |
ts |
Timestamp of the event or log entry |
tunnel_action |
Action related to a tunnel |
tunnel_type |
Type of tunnel protocol used |
type |
Type or category of the log entry or event |
uid |
Unique identifier associated with the event or log entry |
uids |
Multiple unique identifiers associated with the event or log entry |
unixTimeMillis |
Unix timestamp in milliseconds |
x509_basic_constraints_ca |
Indicates if an X.509 certificate is a CA (Certificate Authority) certificate |
x509_certificate_curve |
Elliptic curve associated with an X.509 certificate |
x509_certificate_exponent |
Exponent value in an X.509 certificate |
x509_certificate_issuer |
Issuer of an X.509 certificate |
x509_certificate_key_alg |
Public key algorithm used in an X.509 certificate |
x509_certificate_key_length |
Key length in an X.509 certificate |
x509_certificate_key_type |
Key type in an X.509 certificate |
x509_certificate_not_valid_after |
Expiration date of an X.509 certificate |
x509_certificate_not_valid_before |
Start date of validity for an X.509 certificate |
x509_certificate_serial |
Serial number of an X.509 certificate |
x509_certificate_sig_alg |
Signature algorithm used in an X.509 certificate |
x509_certificate_subject |
Subject of an X.509 certificate |
x509_certificate_version |
Version of an X.509 certificate |
x509_san_dns |
DNS entries in the Subject Alternative Name (SAN) field of an X.509 certificate |
x509_san_ip |
IP addresses in the Subject Alternative Name (SAN) field of an X.509 certificate |
opennac_result.lasteval |
Last evaluation result in OpenNAC |
opennac_result.policy_rulename |
Name of the policy rule associated with the result in OpenNAC |
opennac_result.policy_rulenum |
Number of the policy rule associated with the result in OpenNAC |
opennac_result.policyid |
Identifier of the policy associated with the result in OpenNAC |
opennac_result.vlan |
VLAN associated with the result in OpenNAC |
opennac_result.vlanid |
VLAN ID associated with the result in OpenNAC |
opennac_result.vlanidpre |
VLAN ID prefix associated with the result in OpenNAC |
opennac_certdata.caCertCommonName |
Common name (CN) of the Certificate Authority (CA) certificate in OpenNAC |
opennac_certdata.caCertIssuer |
Issuer of the Certificate Authority (CA) certificate in OpenNAC |
opennac_certdata.caCertSubject |
Subject of the Certificate Authority (CA) certificate in OpenNAC |
opennac_certdata.clientCertCommonName |
Common name (CN) of the client certificate in OpenNAC |
opennac_certdata.clientCertIssuer |
Issuer of the client certificate in OpenNAC |
opennac_certdata.clientCertSubject |
Subject of the client certificate in OpenNAC |
opennac_sessiondata.TLS-Cert-Common-Name |
Common name (CN) associated with the TLS certificate in a session in OpenNAC |
opennac_sessiondata.TLS-Cert-Issuer |
Issuer of the TLS certificate in a session in OpenNAC |
opennac_sessiondata.TLS-Cert-Serial |
Serial number of the TLS certificate in a session in OpenNAC |
opennac_sessiondata.TLS-Cert-Subject |
Subject of the TLS certificate in a session in OpenNAC |
opennac_sessiondata.TLS-Client-Cert-Common-Name |
Common name of the TLS client certificate in OpenNAC session data |
opennac_sessiondata.TLS-Client-Cert-Issuer |
Issuer of the TLS client certificate in OpenNAC session data |
opennac_sessiondata.TLS-Client-Cert-Serial |
Serial number of the TLS client certificate in OpenNAC session data |
opennac_sessiondata.TLS-Client-Cert-Subject |
Subject of the TLS client certificate in OpenNAC session data |
opennac_sessiondata.TLS-Client-Cert-X509v3-Extended-Key-Usage |
Extended key usage of the TLS client certificate in OpenNAC session data |
opennac_sessiondata.TLS-Client-Cert-X509v3-Extended-Key-Usage-OID |
OID (Object Identifier) of the extended key usage of the TLS client certificate in OpenNAC session data |
opennac_sessiondata.TLS-Session-Cipher-Suite |
Cipher suite used in the TLS session in OpenNAC session data |
opennac_sessiondata.TLS-Cert-Expiration |
Expiration date of the TLS certificate in OpenNAC session data |
opennac_sessiondata.TLS-Client-Cert-Expiration |
Expiration date of the TLS client certificate in OpenNAC session data |
opennac_sessiondata.TLS-Session-Version |
Version of the TLS session in OpenNAC session data |
opennac_sessiondata.User-Name |
User name associated with the OpenNAC session |
opennac_sessiondata.FreeRADIUS-Proxied-To |
Destination of the FreeRADIUS proxy in OpenNAC session data |
opennac_sessiondata.EAP-Type |
EAP type used in the OpenNAC session |
opennac_sessiondata.Service-Type |
Service type of the OpenNAC session |
opennac_sessiondata.Acct-Session-Id |
Accounting session ID in OpenNAC session data |
opennac_sessiondata.Acct-Multi-Session-Id |
Multi-session ID for accounting in OpenNAC session data |
opennac_sessiondata.Acct-Unique-Session-Id |
Unique session ID for accounting in OpenNAC session data |
opennac_sessiondata.Framed-IP-Address |
IP address assigned to the framed network in OpenNAC session data |
opennac_sessiondata.Acct-Terminate-Cause |
Termination cause of the accounting session in OpenNAC session data |
opennac_sessiondata.Acct-Authentic |
Indicates if the session is authenticated in OpenNAC session data |
opennac_sessiondata.Acct-Status-Type |
Status type of the accounting session in OpenNAC session data |
opennac_sessiondata.Acct-Input-Packets |
Number of input packets for accounting in OpenNAC session data |
opennac_sessiondata.Acct-Output-Packets |
Number of output packets for accounting in OpenNAC session data |
opennac_sessiondata.Acct-Input-Octets |
Number of input octets for accounting in OpenNAC session data |
opennac_sessiondata.Acct-Output-Octets |
Number of output octets for accounting in OpenNAC session data |
opennac_sessiondata.Acct-Session-Time |
Duration of the accounting session in OpenNAC session data |
opennac_sessiondata.Proxy-State |
State of the proxy in OpenNAC session data |
opennac_result.hostname |
Hostname associated with the OpenNAC result |
opennac_result.timestamp |
Timestamp of the OpenNAC result |
opennac_certdata |
Certificate data in OpenNAC |
opennac_sessiondata.Event-Timestamp |
Timestamp of the event in OpenNAC session data |
opennac_sessiondata.Module-Failure-Message |
Failure message associated with a module in OpenNAC session data |
opennac_sessiondata.NAS-IP-Address |
IP address of the NAS (Network Access Server) in OpenNAC session data |
opennac_sessiondata.Post-Auth-Type |
Post-authentication type in OpenNAC session data |
log.file.path |
File path of the log entry |
log.offset |
Offset of the log entry |
anonymization |
Anonymization data |
tags |
Tags associated with the log entry |
opennac_result.trackid |
Track ID associated with the OpenNAC result |
opennac_sessiondata.Acct-Delay-Time |
Delay time for accounting in OpenNAC session data |
opennac_sessiondata.CHAP-Challenge |
CHAP (Challenge-Handshake Authentication Protocol) challenge in OpenNAC session data |
opennac_sessiondata.CHAP-Password |
CHAP password in OpenNAC session data |
opennac_sessiondata.Called-Station-Id |
Called station ID in OpenNAC session data |
opennac_sessiondata.Calling-Station-Id |
Calling station ID in OpenNAC session data |
opennac_sessiondata.Connect-Info |
Connection information in OpenNAC session data |
opennac_sessiondata.Event-Timestamp |
Timestamp for the event in OpenNAC session data |
opennac_sessiondata.Framed-MTU |
MTU (Maximum Transmission Unit) for the framed network in OpenNAC session data |
opennac_sessiondata.Framed-Protocol |
Protocol used for framing in OpenNAC session data |
opennac_sessiondata.HP-Capability-Advert |
Advertised HP (Hewlett Packard) capability in OpenNAC session data |
opennac_sessiondata.MS-RAS-Vendor |
Vendor for MS-RAS (Microsoft Remote Access Server) in OpenNAC session data |
opennac_sessiondata.NAS-Port |
Port number of the NAS (Network Access Server) in OpenNAC session data |
opennac_sessiondata.NAS-Port-Id |
Port ID of the NAS (Network Access Server) in OpenNAC session data |
opennac_sessiondata.NAS-Port-Type |
Port type of the NAS (Network Access Server) in OpenNAC session data |
opennac_sessiondata.NAS-IP-Address |
IP address of the NAS (Network Access Server) in OpenNAC session data |
opennac_sessiondata.Message-Authenticator |
Authenticator message in OpenNAC session data |
opennac_sessiondata.NAS-Identifier |
Identifier of the NAS (Network Access Server) in OpenNAC session data |
opennac_sessiondata.Tmp-String-9 |
Temporary string value in OpenNAC session data |
opennac_result.pluginparams.manageTags_delTagLogout |
Parameter for TagLogout in OpenNAC result |