Extreme Networks ExtremeCloud IQ
Extreme Networks switch and WLAN syslog: port security, spanning tree events, firmware changes and device health traps.
EnginsightGlobal Fields (4)
| Field | Type |
|---|---|
ngs.id Unique identifier for the log entry. | string |
ngs.createdAt Timestamp when the event was created locally. | pdate |
ngs.indexedAt Timestamp when the log was indexed into the SIEM. | pdate |
ngs.source Origin or source system of the log. | string |
Reference-Specific Fields (54)
| Field | Type |
|---|---|
extremenetworks.extremeCloudIq.id Unique internal identifier for the ExtremeCloud IQ record. | plong |
extremenetworks.extremeCloudIq.org_id Identifier of the organization within ExtremeCloud IQ. | plong |
extremenetworks.extremeCloudIq.username Username of the authenticated user in the session. | string |
extremenetworks.extremeCloudIq.vhm_id Virtual Host Manager ID associated with the session. | string |
extremenetworks.extremeCloudIq.device_serial_number Serial number of the client device connecting to the network. | string |
extremenetworks.extremeCloudIq.acct_session_id Unique accounting session identifier to match start and stop records in logs. | string |
extremenetworks.extremeCloudIq.acct_multi_id Identifier linking multiple related accounting sessions together. | string |
extremenetworks.extremeCloudIq.group_name Name of the user group to which the session belongs. | string |
extremenetworks.extremeCloudIq.nas_ip_address IP address of the Network Access Server first handling the request. | string |
extremenetworks.extremeCloudIq.nas_port Port number on the NAS that received the session. | string |
extremenetworks.extremeCloudIq.nas_port_type Type of NAS port (e.g., Ethernet, Wireless) used for the connection. | string |
extremenetworks.extremeCloudIq.acct_start_time Timestamp when the accounting session started. | pdate |
extremenetworks.extremeCloudIq.acct_stop_time Timestamp when the accounting session ended. | pdate |
extremenetworks.extremeCloudIq.acct_session_time Duration of the session in seconds. | pdate |
extremenetworks.extremeCloudIq.acct_authentic Indicates how the session was authenticated (e.g., RADIUS). | string |
extremenetworks.extremeCloudIq.connect_info Details about the connection type or protocol. | string |
extremenetworks.extremeCloudIq.acct_input_octets Number of octets received from the user during the session. | plong |
extremenetworks.extremeCloudIq.acct_output_octets Number of octets sent to the user during the session. | plong |
extremenetworks.extremeCloudIq.called_station_id Identifier of the station the user called (e.g., NAS port). | string |
extremenetworks.extremeCloudIq.calling_station_id Identifier of the user's station (e.g., client MAC or port). | string |
extremenetworks.extremeCloudIq.acct_terminate_cause Reason why the session was terminated (e.g., user logout, idle timeout). | string |
extremenetworks.extremeCloudIq.service_type Type of service provided (e.g., Login, Framed). | string |
extremenetworks.extremeCloudIq.framed_ip_address IP address assigned to the user's session. | string |
extremenetworks.extremeCloudIq.acct_start_delay Delay in seconds before the accounting server received the start packet. | plong |
extremenetworks.extremeCloudIq.acct_stop_delay Delay in seconds before the accounting server received the stop packet. | plong |
extremenetworks.extremeCloudIq.ssid Wireless network SSID for the session, if applicable. | string |
extremenetworks.extremeCloudIq.identity User identity string (e.g., UPN or email). | string |
extremenetworks.extremeCloudIq.nas_identifier Human-readable identifier of the NAS device. | string |
extremenetworks.extremeCloudIq.mgmt_mac_address MAC address of the NAS management interface. | string |
extremenetworks.extremeCloudIq.attribute_num Number of vendor-specific attributes present in the packet. | plong |
extremenetworks.extremeCloudIq.event_time Timestamp when the event was logged by ExtremeCloud IQ. | pdate |
extremenetworks.extremeCloudIq.timestamp Generic timestamp field, duplicate of event_time for indexing. | pdate |
extremenetworks.extremeCloudIq.usage Usage metric (e.g., data or time) tracked during the session. | plong |
extremenetworks.extremeCloudIq.category Category of the log event (e.g., authentication, accounting). | string |
extremenetworks.extremeCloudIq.user_id Numeric ID of the user in ExtremeCloud IQ. | plong |
extremenetworks.extremeCloudIq.code Response or status code associated with the event. | plong |
extremenetworks.extremeCloudIq.parameters Additional parameters or flags related to the event. | string |
extremenetworks.extremeCloudIq.vhm_name Name of the Virtual Host Manager. | string |
extremenetworks.extremeCloudIq.description Textual description of the event or record. | text_general |
extremenetworks.extremeCloudIq.full_description_id Reference ID linking to a more detailed description resource. | plong |
extremenetworks.extremeCloudIq.auth_date Timestamp when the user was authenticated. | pdate |
extremenetworks.extremeCloudIq.sn Serial number of the access device or session. | string |
extremenetworks.extremeCloudIq.reject_reason Reason for authentication or accounting rejection. | text_general |
extremenetworks.extremeCloudIq.reply Reply message or code returned by RADIUS. | text_general |
extremenetworks.extremeCloudIq.auth_type Type of authentication used (e.g., PAP, CHAP). | string |
extremenetworks.extremeCloudIq.approver_email Email address of the approver in manual authentication flows. | string |
extremenetworks.extremeCloudIq.customer_id Customer identifier for multi-tenant scenarios. | string |
extremenetworks.extremeCloudIq.status Current status of the session or record (e.g., Active, Stopped). | string |
extremenetworks.extremeCloudIq.tel Telephone number used for dial-in sessions, if applicable. | string |
extremenetworks.extremeCloudIq.profile_name Name of the user profile applied to the session. | string |
extremenetworks.extremeCloudIq.message_id Identifier for the RADIUS message exchange. | string |
extremenetworks.extremeCloudIq.status_from_provider Status code returned by the upstream provider. | string |
extremenetworks.extremeCloudIq.provider_type Type of upstream provider (e.g., ISP, corporate). | string |
extremenetworks.extremeCloudIq.log_endpoint Endpoint URL where detailed logs can be retrieved. | string |
Sample Log Event
Below is a representative JSON log entry showing key fields as they’re emitted by the system. Depending on the context of the event, some fields may be omitted if they’re not applicable.