We have been asked to provide definitions for the following field names for events produced by parsing Cisco switch logs with the Cisco IOS TA. I realize that some field names are self-explanatory but does anyone have a 'key' that defines what all or most of the field names below mean? Thanks.
NetAdapter
SwitchModule
SwitchPort
VMServer
_raw
_time
action
ap_mac
app
as_number
authenticator
bytes
cdp_local_interface
cdp_local_vlan
cdp_neighbor
cdp_remote_interface
cdp_remote_vlan
chaddr
change_type
config_source
correlation_tag
date_hour
date_mday
date_minute
date_month
date_second
date_wday
date_year
date_zone
dest
dest_int
dest_interface
dest_ip
dest_mac
dest_port
dest_vlan
detected_on_interface
device_time
direct_ap_mac
disable_cause
dvc
dvportID
enabled
event_id
eventtype
facility
filename
filename_line
host
icmp_code
icmp_code_id
icmp_type
ids_type
index
line
linecount
message_text
message_type
mnemonic
mode
neighbor
num_packets
object_category
packets
port_status
process_id
product
proto
protocol
proxy_action
punct
range
reason
reliable_time
reported_hostname
rule
severity
severity_description
severity_id
severity_id_and_name
severity_name
source
sourcetype
spanning_tree_instance
speed
splunk_server
splunk_server_group
src
src_int
src_int_prefix
src_int_prefix_long
src_int_suffix
src_interface
src_interface_description
src_ip
src_mac
src_port
src_vlan
state_to
status
subfacility
switch_id
tag
tag::app
tag::eventtype
time_of_day
timeendpos
timestartpos
transport
type
unit
user
user_type
vendor
vendor_action
vendor_category
vendor_explanation
vendor_message_text
vendor_recommended_action
vlan_id
↧