Add schema fields #72
Comments
|
Edit: It appears that the Graylog GeoIP City database adapter shows the traits fields even though the City database itself does not contain it. Still interested in how the data would preferably be mapped. @miwent , I'm looking at adding the MaxMind GeoIP City database is_ fields. Would that make sense to add under source_as_, source_geo_, or add a source_is field? And of course the corresponding destination fields. Example information from the city database: |
|
@theherodied |
Please describe what you are requesting
See field requests below. Two notes, I see the dev branch has policy_uid but no policy_uuid. With uuid being universally unique across devices this field would be a beneficial addition. For the session_duration I see that network_connection_duration was recently added. So this might not be needed anymore.
Describe what change you are proposing
policy.csv:
"policy_type", "default, policy, local-in-policy, local-in-policy-6", "keyword", " "
"policy_uuid", " ", "keyword", " "
network.csv
"network_interface_in_role","lan, wan","keyword/loweronly",
"network_interface_out_role","lan, wan","keyword/loweronly",
"network_service","ftp, ssh, smtp","keyword/loweronly","From service name field https://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xhtml"
"network_translation_type","dnat, snat, noop","keyword","NAT translation performed"
session.csv
"session_duration", " ", "Keyword", "Duration of a session in seconds such as a Firewall connection, TCP connection, user session,etc."
Describe the log source
Fortinet Fortigates, but this could apply to any firewall or router.
The text was updated successfully, but these errors were encountered: