API tools faq
paste
Advertisement
Guest User

Graylog Palo Alto Networks PanOS 8.1 Traffic extractors

a guest
Sep 30th, 2020
272
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
JSON 15.72 KB | None | 0 0
raw download clone embed print report
  1. {
  2.   "extractors": [
  3.     {
  4.         "title": "System - Hostname",
  5.         "extractor_type": "SPLIT_AND_INDEX",
  6.         "cursor_strategy": "COPY",
  7.         "target_field": "hostname",
  8.         "source_field": "message",
  9.         "extractor_config": {
  10.           "index": 1,
  11.           "split_by": ","
  12.         },
  13.         "converters": [],
  14.         "condition_type": "NONE",
  15.         "condition_value": "",
  16.         "order": 0
  17.       },
  18.       {
  19.         "title": "System - Receive Date",
  20.         "extractor_type": "SPLIT_AND_INDEX",
  21.         "cursor_strategy": "COPY",
  22.         "target_field": "receive_date_time",
  23.         "source_field": "message",
  24.         "extractor_config": {
  25.           "index": 2,
  26.           "split_by": ","
  27.         },
  28.         "converters": [],
  29.         "condition_type": "NONE",
  30.         "condition_value": "",
  31.         "order": 0
  32.       },
  33.       {
  34.         "title": "System - Serial Number",
  35.         "extractor_type": "SPLIT_AND_INDEX",
  36.         "cursor_strategy": "COPY",
  37.         "target_field": "serial_number",
  38.         "source_field": "message",
  39.         "extractor_config": {
  40.           "index": 3,
  41.           "split_by": ","
  42.         },
  43.         "converters": [],
  44.         "condition_type": "NONE",
  45.         "condition_value": "",
  46.         "order": 0
  47.       },
  48.       {
  49.         "title": "System - Log Type",
  50.         "extractor_type": "SPLIT_AND_INDEX",
  51.         "cursor_strategy": "COPY",
  52.         "target_field": "log_type",
  53.         "source_field": "message",
  54.         "extractor_config": {
  55.           "index": 4,
  56.           "split_by": ","
  57.         },
  58.         "converters": [],
  59.         "condition_type": "NONE",
  60.         "condition_value": "",
  61.         "order": 0
  62.       },
  63.       {
  64.         "title": "System - Log Subtype",
  65.         "extractor_type": "SPLIT_AND_INDEX",
  66.         "cursor_strategy": "COPY",
  67.         "target_field": "log_subtype",
  68.         "source_field": "message",
  69.         "extractor_config": {
  70.           "index": 5,
  71.           "split_by": ","
  72.         },
  73.         "converters": [],
  74.         "condition_type": "NONE",
  75.         "condition_value": "",
  76.         "order": 0
  77.       },
  78.       {
  79.         "title": "System - Log Time Generated",
  80.         "extractor_type": "SPLIT_AND_INDEX",
  81.         "cursor_strategy": "COPY",
  82.         "target_field": "time_generated",
  83.         "source_field": "message",
  84.         "extractor_config": {
  85.           "index": 7,
  86.           "split_by": ","
  87.         },
  88.         "converters": [],
  89.         "condition_type": "NONE",
  90.         "condition_value": "",
  91.         "order": 0
  92.       },
  93.       {
  94.         "title": "Session - Destination IP",
  95.         "extractor_type": "SPLIT_AND_INDEX",
  96.         "cursor_strategy": "COPY",
  97.         "target_field": "session_dst_ip",
  98.         "source_field": "message",
  99.         "extractor_config": {
  100.           "index": 9,
  101.           "split_by": ","
  102.         },
  103.         "converters": [],
  104.         "condition_type": "NONE",
  105.         "condition_value": "",
  106.         "order": 0
  107.       },
  108.       {
  109.         "title": "Session - NAT Source IP",
  110.         "extractor_type": "SPLIT_AND_INDEX",
  111.         "cursor_strategy": "COPY",
  112.         "target_field": "session_nat_src_ip",
  113.         "source_field": "message",
  114.         "extractor_config": {
  115.           "index": 10,
  116.           "split_by": ","
  117.         },
  118.         "converters": [],
  119.         "condition_type": "NONE",
  120.         "condition_value": "",
  121.         "order": 0
  122.       },
  123.       {
  124.         "title": "Session - Source IP",
  125.         "extractor_type": "SPLIT_AND_INDEX",
  126.         "cursor_strategy": "COPY",
  127.         "target_field": "session_src_ip",
  128.         "source_field": "message",
  129.         "extractor_config": {
  130.           "index": 8,
  131.           "split_by": ","
  132.         },
  133.         "converters": [],
  134.         "condition_type": "NONE",
  135.         "condition_value": "",
  136.         "order": 0  
  137.       },
  138.       {
  139.         "title": "Session - FIrewall Rule",
  140.         "extractor_type": "SPLIT_AND_INDEX",
  141.         "cursor_strategy": "COPY",
  142.         "target_field": "firewall_rule",
  143.         "source_field": "message",
  144.         "extractor_config": {
  145.           "index": 12,
  146.           "split_by": ","
  147.         },
  148.         "converters": [],
  149.         "condition_type": "NONE",
  150.         "condition_value": "",
  151.         "order": 0
  152.       },
  153.       {
  154.         "title": "Session - Application",
  155.         "extractor_type": "SPLIT_AND_INDEX",
  156.         "cursor_strategy": "COPY",
  157.         "target_field": "application",
  158.         "source_field": "message",
  159.         "extractor_config": {
  160.           "index": 15,
  161.           "split_by": ","
  162.         },
  163.         "converters": [],
  164.         "condition_type": "NONE",
  165.         "condition_value": "",
  166.         "order": 0
  167.       },
  168.       {
  169.         "title": "Session - Source Zone",
  170.         "extractor_type": "SPLIT_AND_INDEX",
  171.         "cursor_strategy": "COPY",
  172.         "target_field": "session_src_zone",
  173.         "source_field": "message",
  174.         "extractor_config": {
  175.           "index": 17,
  176.           "split_by": ","
  177.         },
  178.         "converters": [],
  179.         "condition_type": "NONE",
  180.         "condition_value": "",
  181.         "order": 0
  182.       },
  183.       {
  184.         "title": "Session - Destination Zone",
  185.         "extractor_type": "SPLIT_AND_INDEX",
  186.         "cursor_strategy": "COPY",
  187.         "target_field": "session_dst_zone",
  188.         "source_field": "message",
  189.         "extractor_config": {
  190.           "index": 18,
  191.           "split_by": ","
  192.         },
  193.         "converters": [],
  194.         "condition_type": "NONE",
  195.         "condition_value": "",
  196.         "order": 0
  197.       },
  198.       {
  199.         "title": "Session - Ingress Interface",
  200.         "extractor_type": "SPLIT_AND_INDEX",
  201.         "cursor_strategy": "COPY",
  202.         "target_field": "ingress_interface",
  203.         "source_field": "message",
  204.         "extractor_config": {
  205.           "index": 19,
  206.           "split_by": ","
  207.         },
  208.         "converters": [],
  209.         "condition_type": "NONE",
  210.         "condition_value": "",
  211.         "order": 0
  212.       },
  213.       {
  214.         "title": "Session - Egress Interface",
  215.         "extractor_type": "SPLIT_AND_INDEX",
  216.         "cursor_strategy": "COPY",
  217.         "target_field": "egress_interface",
  218.         "source_field": "message",
  219.         "extractor_config": {
  220.           "index": 20,
  221.           "split_by": ","
  222.         },
  223.         "converters": [],
  224.         "condition_type": "NONE",
  225.         "condition_value": "",
  226.         "order": 0
  227.       },
  228.       {
  229.         "title": "Session - Session ID",
  230.         "extractor_type": "SPLIT_AND_INDEX",
  231.         "cursor_strategy": "COPY",
  232.         "target_field": "session_id",
  233.         "source_field": "message",
  234.         "extractor_config": {
  235.           "index": 23,
  236.           "split_by": ","
  237.         },
  238.         "converters": [],
  239.         "condition_type": "NONE",
  240.         "condition_value": "",
  241.         "order": 0
  242.       },
  243.       {
  244.         "title": "Session - Repeat Count (5 seconds)",
  245.         "extractor_type": "SPLIT_AND_INDEX",
  246.         "cursor_strategy": "COPY",
  247.         "target_field": "repeat_count",
  248.         "source_field": "message",
  249.         "extractor_config": {
  250.           "index": 24,
  251.           "split_by": ","
  252.         },
  253.         "converters": [],
  254.         "condition_type": "NONE",
  255.         "condition_value": "",
  256.         "order": 0
  257.       },
  258.       {
  259.         "title": "Session - Source Port",
  260.         "extractor_type": "SPLIT_AND_INDEX",
  261.         "cursor_strategy": "COPY",
  262.         "target_field": "session_src_port",
  263.         "source_field": "message",
  264.         "extractor_config": {
  265.           "index": 25,
  266.           "split_by": ","
  267.         },
  268.         "converters": [],
  269.         "condition_type": "NONE",
  270.         "condition_value": "",
  271.         "order": 0
  272.       },
  273.       {
  274.         "title": "Session - Destination Port",
  275.         "extractor_type": "SPLIT_AND_INDEX",
  276.         "cursor_strategy": "COPY",
  277.         "target_field": "session_dst_port",
  278.         "source_field": "message",
  279.         "extractor_config": {
  280.           "index": 26,
  281.           "split_by": ","
  282.         },
  283.         "converters": [],
  284.         "condition_type": "NONE",
  285.         "condition_value": "",
  286.         "order": 0
  287.       },
  288.       {
  289.         "title": "Session - NAT Source Port",
  290.         "extractor_type": "SPLIT_AND_INDEX",
  291.         "cursor_strategy": "COPY",
  292.         "target_field": "session_nat_src_port",
  293.         "source_field": "message",
  294.         "extractor_config": {
  295.           "index": 27,
  296.           "split_by": ","
  297.         },
  298.         "converters": [],
  299.         "condition_type": "NONE",
  300.         "condition_value": "",
  301.         "order": 0
  302.       },
  303.       {
  304.         "title": "Session - NAT Destination Port",
  305.         "extractor_type": "SPLIT_AND_INDEX",
  306.         "cursor_strategy": "COPY",
  307.         "target_field": "session_nat_dst_port",
  308.         "source_field": "message",
  309.         "extractor_config": {
  310.           "index": 28,
  311.           "split_by": ","
  312.         },
  313.         "converters": [],
  314.         "condition_type": "NONE",
  315.         "condition_value": "",
  316.         "order": 0
  317.       },
  318.       {
  319.         "title": "Session - Flags",
  320.         "extractor_type": "SPLIT_AND_INDEX",
  321.         "cursor_strategy": "COPY",
  322.         "target_field": "session_flags",
  323.         "source_field": "message",
  324.         "extractor_config": {
  325.           "index": 29,
  326.           "split_by": ","
  327.         },
  328.         "converters": [],
  329.         "condition_type": "NONE",
  330.         "condition_value": "",
  331.         "order": 0
  332.       },
  333.       {
  334.         "title": "Session - IP Protocol",
  335.         "extractor_type": "SPLIT_AND_INDEX",
  336.         "cursor_strategy": "COPY",
  337.         "target_field": "session_ip_proto",
  338.         "source_field": "message",
  339.         "extractor_config": {
  340.           "index": 30,
  341.           "split_by": ","
  342.         },
  343.         "converters": [],
  344.         "condition_type": "NONE",
  345.         "condition_value": "",
  346.         "order": 0
  347.       },
  348.       {
  349.         "title": "Session - Action",
  350.         "extractor_type": "SPLIT_AND_INDEX",
  351.         "cursor_strategy": "COPY",
  352.         "target_field": "action",
  353.         "source_field": "message",
  354.         "extractor_config": {
  355.           "index": 31,
  356.           "split_by": ","
  357.         },
  358.         "converters": [],
  359.         "condition_type": "NONE",
  360.         "condition_value": "",
  361.         "order": 0
  362.       },
  363.       {
  364.         "title": "Session - Total Bytes",
  365.         "extractor_type": "SPLIT_AND_INDEX",
  366.         "cursor_strategy": "COPY",
  367.         "target_field": "session_total_bytes",
  368.         "source_field": "message",
  369.         "extractor_config": {
  370.           "index": 32,
  371.           "split_by": ","
  372.         },
  373.         "converters": [],
  374.         "condition_type": "NONE",
  375.         "condition_value": "",
  376.         "order": 0
  377.       },
  378.       {
  379.         "title": "Session - Bytes Sent",
  380.         "extractor_type": "SPLIT_AND_INDEX",
  381.         "cursor_strategy": "COPY",
  382.         "target_field": "session_bytes_sent",
  383.         "source_field": "message",
  384.         "extractor_config": {
  385.           "index": 33,
  386.           "split_by": ","
  387.         },
  388.         "converters": [],
  389.         "condition_type": "NONE",
  390.         "condition_value": "",
  391.         "order": 0
  392.       },
  393.       {
  394.         "title": "Session - Bytes Received",
  395.         "extractor_type": "SPLIT_AND_INDEX",
  396.         "cursor_strategy": "COPY",
  397.         "target_field": "session_bytes_received",
  398.         "source_field": "message",
  399.         "extractor_config": {
  400.           "index": 34,
  401.           "split_by": ","
  402.         },
  403.         "converters": [],
  404.         "condition_type": "NONE",
  405.         "condition_value": "",
  406.         "order": 0
  407.       },
  408.       {
  409.         "title": "Session - Total Packets",
  410.         "extractor_type": "SPLIT_AND_INDEX",
  411.         "cursor_strategy": "COPY",
  412.         "target_field": "session_total_packets",
  413.         "source_field": "message",
  414.         "extractor_config": {
  415.           "index": 35,
  416.           "split_by": ","
  417.         },
  418.         "converters": [],
  419.         "condition_type": "NONE",
  420.         "condition_value": "",
  421.         "order": 0
  422.       },
  423.       {
  424.         "title": "Session - Start Time",
  425.         "extractor_type": "SPLIT_AND_INDEX",
  426.         "cursor_strategy": "COPY",
  427.         "target_field": "session_start_time",
  428.         "source_field": "message",
  429.         "extractor_config": {
  430.           "index": 36,
  431.           "split_by": ","
  432.         },
  433.         "converters": [],
  434.         "condition_type": "NONE",
  435.         "condition_value": "",
  436.         "order": 0
  437.       },
  438.       {
  439.         "title": "Session - Elapsed Time (Seconds)",
  440.         "extractor_type": "SPLIT_AND_INDEX",
  441.         "cursor_strategy": "COPY",
  442.         "target_field": "session_elapsed_time_sec",
  443.         "source_field": "message",
  444.         "extractor_config": {
  445.           "index": 37,
  446.           "split_by": ","
  447.         },
  448.         "converters": [],
  449.         "condition_type": "NONE",
  450.         "condition_value": "",
  451.         "order": 0
  452.       },
  453.       {
  454.         "title": "Session - URL Category",
  455.         "extractor_type": "SPLIT_AND_INDEX",
  456.         "cursor_strategy": "COPY",
  457.         "target_field": "url_category",
  458.         "source_field": "message",
  459.         "extractor_config": {
  460.           "index": 38,
  461.           "split_by": ","
  462.         },
  463.         "converters": [],
  464.         "condition_type": "NONE",
  465.         "condition_value": "",
  466.         "order": 0
  467.       },
  468.       {
  469.         "title": "Session - Source Country",
  470.         "extractor_type": "SPLIT_AND_INDEX",
  471.         "cursor_strategy": "COPY",
  472.         "target_field": "source_country",
  473.         "source_field": "message",
  474.         "extractor_config": {
  475.           "index": 42,
  476.           "split_by": ","
  477.         },
  478.         "converters": [],
  479.         "condition_type": "NONE",
  480.         "condition_value": "",
  481.         "order": 0
  482.       },
  483.       {
  484.         "title": "Session - Destination Country",
  485.         "extractor_type": "SPLIT_AND_INDEX",
  486.         "cursor_strategy": "COPY",
  487.         "target_field": "destination_country",
  488.         "source_field": "message",
  489.         "extractor_config": {
  490.           "index": 43,
  491.           "split_by": ","
  492.         },
  493.         "converters": [],
  494.         "condition_type": "NONE",
  495.         "condition_value": "",
  496.         "order": 0
  497.       },
  498.       {
  499.         "title": "Session - Packets Sent",
  500.         "extractor_type": "SPLIT_AND_INDEX",
  501.         "cursor_strategy": "COPY",
  502.         "target_field": "pkts_sent",
  503.         "source_field": "message",
  504.         "extractor_config": {
  505.           "index": 45,
  506.           "split_by": ","
  507.         },
  508.         "converters": [],
  509.         "condition_type": "NONE",
  510.         "condition_value": "",
  511.         "order": 0
  512.       },
  513.       {
  514.         "title": "Session - Packets Received",
  515.         "extractor_type": "SPLIT_AND_INDEX",
  516.         "cursor_strategy": "COPY",
  517.         "target_field": "pkts_received",
  518.         "source_field": "message",
  519.         "extractor_config": {
  520.           "index": 46,
  521.           "split_by": ","
  522.         },
  523.         "converters": [],
  524.         "condition_type": "NONE",
  525.         "condition_value": "",
  526.         "order": 0
  527.       },
  528.       {
  529.         "title": "Session - End Reason",
  530.         "extractor_type": "SPLIT_AND_INDEX",
  531.         "cursor_strategy": "COPY",
  532.         "target_field": "session_end_reason",
  533.         "source_field": "message",
  534.         "extractor_config": {
  535.           "index": 47,
  536.           "split_by": ","
  537.         },
  538.         "converters": [],
  539.         "condition_type": "NONE",
  540.         "condition_value": "",
  541.         "order": 0
  542.       },
  543.       {
  544.         "title": "Session - Action Source",
  545.         "extractor_type": "SPLIT_AND_INDEX",
  546.         "cursor_strategy": "COPY",
  547.         "target_field": "action_source",
  548.         "source_field": "message",
  549.         "extractor_config": {
  550.           "index": 54,
  551.           "split_by": ","
  552.         },
  553.         "converters": [],
  554.         "condition_type": "NONE",
  555.         "condition_value": "",
  556.         "order": 0
  557.       }
  558.   ],
  559.   "version": "3.2.1"
  560. }
  561.  
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!