Hi all and happy new year!
I'm playing around with my network logs and was puzzled to find we don't have any
Hi @Chris_B ,
Happy New Year! Your network logs might be parsed as NETWORK_CONNECTION. The network telemetry can be categorized as NETWORK_CONNECTION, NETWORK_DNS. For a full list, you can see our documentation.
Hi @Chris_B ,
Happy New Year! Your network logs might be parsed as NETWORK_CONNECTION. The network telemetry can be categorized as NETWORK_CONNECTION, NETWORK_DNS. For a full list, you can see our documentation.
I should have said - I was looking at NETWORK_CONNECTION, NETWORK_DNS like you said and I was wondering why I didn't see any NETWORK_FLOW or netflow logs .
In this context I'm understanding netflow logs as logs from routers, devices, the network fabric within my external firewalls.
This is prolly a simple matter that we're not onboarding device logs in the manner I want to yet.
I should have said - I was looking at NETWORK_CONNECTION, NETWORK_DNS like you said and I was wondering why I didn't see any NETWORK_FLOW or netflow logs .
In this context I'm understanding netflow logs as logs from routers, devices, the network fabric within my external firewalls.
This is prolly a simple matter that we're not onboarding device logs in the manner I want to yet.
Hi @Chris_B, correct. Different parsers do different mapping according to the logs that come in. Internally, I can see parsers such as CISCO_ISE, CISCO_VPN, CISCO_MERAKI and a few others create UDM events of NETWORK_FLOW type.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.