-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
56be5ca
commit abdefc2
Showing
1 changed file
with
75 additions
and
75 deletions.
There are no files selected for viewing
150 changes: 75 additions & 75 deletions
150
ngwaf-terraform-edge-deploy/ngwaf_splunk_logging_format.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,76 +1,76 @@ | ||
| { | ||
| "time":%{time.start.sec}V, | ||
| "host":"%{Fastly-Orig-Host}i", | ||
| "event": { | ||
| "service_id":"%{req.service_id}V", | ||
| "time_start":"%{begin:%Y-%m-%dT%H:%M:%S%Z}t", | ||
| "time_end":"%{end:%Y-%m-%dT%H:%M:%S%Z}t", | ||
| "time_elapsed":%D, | ||
| "client_ip":"%h", | ||
| "client_as_name":"%{client.as.name}V", | ||
| "client_as_number":"%{client.as.number}V", | ||
| "client_connection_speed":"%{client.geo.conn_speed}V", | ||
| "request":"%m", | ||
| "protocol":"%H", | ||
| "origin_host":"%v", | ||
| "url":"%{cstr_escape(req.url)}V", | ||
| "is_ipv6":%{if(req.is_ipv6, "true", "false")}V, | ||
| "is_tls":%{if(req.is_ssl, "true", "false")}V, | ||
| "tls_client_protocol":"%{cstr_escape(tls.client.protocol)}V", | ||
| "tls_client_servername":"%{cstr_escape(tls.client.servername)}V", | ||
| "tls_client_cipher":"%{cstr_escape(tls.client.cipher)}V", | ||
| "tls_client_cipher_sha":"%{cstr_escape(tls.client.ciphers_sha )}V", | ||
| "tls_client_tlsexts_sha":"%{cstr_escape(tls.client.tlsexts_sha)}V", | ||
| "is_h2":%{if(fastly_info.is_h2, "true", "false")}V, | ||
| "is_h2_push":%{if(fastly_info.h2.is_push, "true", "false")}V, | ||
| "h2_stream_id":"%{fastly_info.h2.stream_id}V", | ||
| "request_referer":"%{Referer}i", | ||
| "request_user_agent":"%{User-Agent}i", | ||
| "request_accept_content":"%{Accept}i", | ||
| "request_accept_language":"%{Accept-Language}i", | ||
| "request_accept_encoding":"%{Accept-Encoding}i", | ||
| "request_accept_charset":"%{Accept-Charset}i", | ||
| "request_connection":"%{Connection}i", | ||
| "request_dnt":"%{DNT}i", | ||
| "request_forwarded":"%{Forwarded}i", | ||
| "request_via":"%{Via}i", | ||
| "request_cache_control":"%{Cache-Control}i", | ||
| "request_x_requested_with":"%{X-Requested-With}i", | ||
| "request_x_att_device_id":"%{X-ATT-Device-Id}i", | ||
| "request_x_forwarded_for":"%{X-Forwarded-For}i", | ||
| "status":"%s", | ||
| "content_type":"%{Content-Type}o", | ||
| "cache_status":"%{fastly_info.state}V", | ||
| "is_cacheable":%{if(fastly_info.state ~"^(HIT|MISS)$", "true", "false")}V, | ||
| "response_age":"%{Age}o", | ||
| "response_cache_control":"%{Cache-Control}o", | ||
| "response_expires":"%{Expires}o", | ||
| "response_last_modified":"%{Last-Modified}o", | ||
| "response_tsv":"%{TSV}o", | ||
| "server_datacenter":"%{server.datacenter}V", | ||
| "server_ip":"%A", | ||
| "geo_city":"%{client.geo.city.utf8}V", | ||
| "geo_country_code":"%{client.geo.country_code}V", | ||
| "geo_continent_code":"%{client.geo.continent_code}V", | ||
| "geo_region":"%{client.geo.region}V", | ||
| "req_header_size":%{req.header_bytes_read}V, | ||
| "req_body_size":%{req.body_bytes_read}V, | ||
| "resp_header_size":%{resp.header_bytes_written}V, | ||
| "resp_body_size":%B, | ||
| "socket_cwnd":%{client.socket.cwnd}V, | ||
| "socket_nexthop":"%{client.socket.nexthop}V", | ||
| "socket_tcpi_rcv_mss":%{client.socket.tcpi_rcv_mss}V, | ||
| "socket_tcpi_snd_mss":%{client.socket.tcpi_snd_mss}V, | ||
| "socket_tcpi_rtt":%{client.socket.tcpi_rtt}V, | ||
| "socket_tcpi_rttvar":%{client.socket.tcpi_rttvar}V, | ||
| "socket_tcpi_rcv_rtt":%{client.socket.tcpi_rcv_rtt}V, | ||
| "socket_tcpi_rcv_space":%{client.socket.tcpi_rcv_space}V, | ||
| "socket_tcpi_last_data_sent":%{client.socket.tcpi_last_data_sent}V, | ||
| "socket_tcpi_total_retrans":%{client.socket.tcpi_total_retrans}V, | ||
| "socket_tcpi_delta_retrans":%{client.socket.tcpi_delta_retrans}V, | ||
| "socket_ploss":%{client.socket.ploss}V, | ||
| "sigsci-agentresponse":%{req.http.x-sigsci-agentresponse}V, | ||
| "sigsci-decision-ms":%{req.http.x-sigsci-decision-ms}V, | ||
| "sigsci-tags":"%{req.http.x-sigsci-tags}V" | ||
| } | ||
| } | ||
| "time":%{time.start.sec}V, | ||
| "host":"%{Fastly-Orig-Host}i", | ||
| "event": { | ||
| "service_id":"%{req.service_id}V", | ||
| "time_start":"%{begin:%Y-%m-%dT%H:%M:%S%Z}t", | ||
| "time_end":"%{end:%Y-%m-%dT%H:%M:%S%Z}t", | ||
| "time_elapsed":%D, | ||
| "client_ip":"%h", | ||
| "client_as_name":"%{client.as.name}V", | ||
| "client_as_number":"%{client.as.number}V", | ||
| "client_connection_speed":"%{client.geo.conn_speed}V", | ||
| "request":"%m", | ||
| "protocol":"%H", | ||
| "origin_host":"%v", | ||
| "url":"%{cstr_escape(req.url)}V", | ||
| "is_ipv6":%{if(req.is_ipv6, "true", "false")}V, | ||
| "is_tls":%{if(req.is_ssl, "true", "false")}V, | ||
| "tls_client_protocol":"%{cstr_escape(tls.client.protocol)}V", | ||
| "tls_client_servername":"%{cstr_escape(tls.client.servername)}V", | ||
| "tls_client_cipher":"%{cstr_escape(tls.client.cipher)}V", | ||
| "tls_client_cipher_sha":"%{cstr_escape(tls.client.ciphers_sha )}V", | ||
| "tls_client_tlsexts_sha":"%{cstr_escape(tls.client.tlsexts_sha)}V", | ||
| "is_h2":%{if(fastly_info.is_h2, "true", "false")}V, | ||
| "is_h2_push":%{if(fastly_info.h2.is_push, "true", "false")}V, | ||
| "h2_stream_id":"%{fastly_info.h2.stream_id}V", | ||
| "request_referer":"%{Referer}i", | ||
| "request_user_agent":"%{User-Agent}i", | ||
| "request_accept_content":"%{Accept}i", | ||
| "request_accept_language":"%{Accept-Language}i", | ||
| "request_accept_encoding":"%{Accept-Encoding}i", | ||
| "request_accept_charset":"%{Accept-Charset}i", | ||
| "request_connection":"%{Connection}i", | ||
| "request_dnt":"%{DNT}i", | ||
| "request_forwarded":"%{Forwarded}i", | ||
| "request_via":"%{Via}i", | ||
| "request_cache_control":"%{Cache-Control}i", | ||
| "request_x_requested_with":"%{X-Requested-With}i", | ||
| "request_x_att_device_id":"%{X-ATT-Device-Id}i", | ||
| "request_x_forwarded_for":"%{X-Forwarded-For}i", | ||
| "status":"%s", | ||
| "content_type":"%{Content-Type}o", | ||
| "cache_status":"%{fastly_info.state}V", | ||
| "is_cacheable":%{if(fastly_info.state ~"^(HIT|MISS)$", "true", "false")}V, | ||
| "response_age":"%{Age}o", | ||
| "response_cache_control":"%{Cache-Control}o", | ||
| "response_expires":"%{Expires}o", | ||
| "response_last_modified":"%{Last-Modified}o", | ||
| "response_tsv":"%{TSV}o", | ||
| "server_datacenter":"%{server.datacenter}V", | ||
| "server_ip":"%A", | ||
| "geo_city":"%{client.geo.city.utf8}V", | ||
| "geo_country_code":"%{client.geo.country_code}V", | ||
| "geo_continent_code":"%{client.geo.continent_code}V", | ||
| "geo_region":"%{client.geo.region}V", | ||
| "req_header_size":%{req.header_bytes_read}V, | ||
| "req_body_size":%{req.body_bytes_read}V, | ||
| "resp_header_size":%{resp.header_bytes_written}V, | ||
| "resp_body_size":%B, | ||
| "socket_cwnd":%{client.socket.cwnd}V, | ||
| "socket_nexthop":"%{client.socket.nexthop}V", | ||
| "socket_tcpi_rcv_mss":%{client.socket.tcpi_rcv_mss}V, | ||
| "socket_tcpi_snd_mss":%{client.socket.tcpi_snd_mss}V, | ||
| "socket_tcpi_rtt":%{client.socket.tcpi_rtt}V, | ||
| "socket_tcpi_rttvar":%{client.socket.tcpi_rttvar}V, | ||
| "socket_tcpi_rcv_rtt":%{client.socket.tcpi_rcv_rtt}V, | ||
| "socket_tcpi_rcv_space":%{client.socket.tcpi_rcv_space}V, | ||
| "socket_tcpi_last_data_sent":%{client.socket.tcpi_last_data_sent}V, | ||
| "socket_tcpi_total_retrans":%{client.socket.tcpi_total_retrans}V, | ||
| "socket_tcpi_delta_retrans":%{client.socket.tcpi_delta_retrans}V, | ||
| "socket_ploss":%{client.socket.ploss}V, | ||
| "sigsci_agentresponse":"%{req.http.x-sigsci-agentresponse}V", | ||
| "sigsci_decision_ms":"%{req.http.x-sigsci-decision-ms}V", | ||
| "sigsci_tags":"%{req.http.x-sigsci-tags}V" | ||
| } | ||
| } |