You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Is it possible to not pad the logs or remove the padding before ingest or writing to data? It makes the logs 3 times the size of normal firewall logs cause a very large increase to the license requirements on SIEMs such as Splunk.
There is really no need for 9 x "N/A"'s or 9 x "unknown" and definitely no need for 310 x "0 Zeros"
Is it possible to not pad the logs or remove the padding before ingest or writing to data? It makes the logs 3 times the size of normal firewall logs cause a very large increase to the license requirements on SIEMs such as Splunk.
There is really no need for 9 x "N/A"'s or 9 x "unknown" and definitely no need for 310 x "0 Zeros"
rec_type=71 event_sec=1680866509 ssl_url_category=0 ip_layer=0 netflow_src=00000000-0000-0000-0000-000000000000 ssl_flow_flags=0 dest_pkts=50 ssl_version=Unknown rec_type_simple=RNA src_ip=127.0.0.1 iface_ingress=Inside.3 connection_id=12345 http__response=0 ssl_ticket_id=0000000000000000000000000000000000000000 dest_ip_country=_unknown sec_intel_event=No ssl_server_name="" has_ipv6=1 tcp_flags=0 src_autonomous_system=0 url_reputation=Unknown** user_agent="" src_port=54321 fw_rule_reason=N/A file_count=0 ssl_session_id=0000000000000000000000000000000000000000000000000000000000000000 mac_address=00:00:00:00:00:00 dns_resp_id=0 instance_id=2 ssl_expected_action=Unknown event_desc="Flow Statistics" snmp_out=0 dns_rec_id=0 last_pkt_sec=1680866508 ssl_policy_id=00000000000000000000000000000000 ssl_actual_action=Unknown sensor=Cisco-FTD web_app=Unknown url_category=Unknown event_type=1003 dest_autonomous_system=0 ips_count=0 app_proto=TCP event_subtype=1 dns_query="" sec_zone_ingress=Inside fw_policy=00000000-0000-0000-0000-000063ddd620 fw_rule_action=Block dest_tos=0 ssl_cert_fingerprint=0000000000000000000000000000000000000000 referenced_host="" ip_proto=UDP client_app="TCP client" src_mask=0 sec_intel_ip=N/A src_tos=0 vlan_id=0 netbios_domain="" dest_bytes=8665 security_context=00000000000000000000000000000000 user="No Authentication Required" ssl_flow_status=Unknown ssl_server_cert_status="Not Checked" dest_ip=127.0.0.2 ssl_rule_id=0 ssl_flow_messages=0 sec_zone_egress=Zone1 rec_type_desc="Connection Statistics" monitor_rule_7=N/A monitor_rule_6=N/A monitor_rule_5=N/A monitor_rule_4=N/A monitor_rule_3=N/A client_version="" monitor_rule_1=N/A first_pkt_sec=1680866386 monitor_rule_8=0 dest_port=213 url="" sinkhole_uuid=00000000-0000-0000-0000-000000000000 iface_egress=iface1 http_referrer="" num_ioc=0 ssl_flow_error=0 dns_ttl=0 src_ip_country=unknown event_usec=0 fw_rule=268434666 src_bytes=5192 ssl_cipher_suite=TLS_NULL_WITH_NULL_NULL dest_mask=0 src_pkts=50 snmp_in=0 monitor_rule_2=N/A
Thank you for your time and assistance
The text was updated successfully, but these errors were encountered: