iptables fields
Module for handling the iptables logs.
Fields from the iptables logs.
iptables.ether_type- Value of the ethernet type field identifying the network layer protocol.
type: long
iptables.flow_label- IPv6 flow label.
type: integer
iptables.fragment_flags- IP fragment flags. A combination of CE, DF and MF.
type: keyword
iptables.fragment_offset- Offset of the current IP fragment.
type: long
ICMP fields.
iptables.icmp.code- ICMP code.
type: long
iptables.icmp.id- ICMP ID.
type: long
iptables.icmp.parameter- ICMP parameter.
type: long
iptables.icmp.redirect- ICMP redirect address.
type: ip
iptables.icmp.seq- ICMP sequence number.
type: long
iptables.icmp.type- ICMP type.
type: long
iptables.id- Packet identifier.
type: long
iptables.incomplete_bytes- Number of incomplete bytes.
type: long
iptables.input_device- Device that received the packet.
type: keyword
iptables.precedence_bits- IP precedence bits.
type: short
iptables.tos- IP Type of Service field.
type: long
iptables.length- Packet length.
type: long
iptables.output_device- Device that output the packet.
type: keyword
TCP fields.
iptables.tcp.flags- TCP flags.
type: keyword
iptables.tcp.reserved_bits- TCP reserved bits.
type: short
iptables.tcp.seq- TCP sequence number.
type: long
iptables.tcp.ack- TCP Acknowledgment number.
type: long
iptables.tcp.window- Advertised TCP window size.
type: long
iptables.ttl- Time To Live field.
type: integer
UDP fields.
iptables.udp.length- Length of the UDP header and payload.
type: long
Fields for Ubiquiti network devices.
iptables.ubiquiti.input_zone- Input zone.
type: keyword
iptables.ubiquiti.output_zone- Output zone.
type: keyword
iptables.ubiquiti.rule_number- The rule number within the rule set.
type: keyword
iptables.ubiquiti.rule_set- The rule set name.
type: keyword