LANCOM
LANCOM router, WLAN controller and AP logs: VPN sessions, RADIUS auth results and roaming events.
EnginsightGlobal Fields (4)
| Field | Type |
|---|---|
ngs.id Unique identifier for the log entry. | string |
ngs.createdAt Timestamp when the event was created locally. | pdate |
ngs.indexedAt Timestamp when the log was indexed into the SIEM. | pdate |
ngs.source Origin or source system of the log. | string |
Reference-Specific Fields (44)
| Field | Type |
|---|---|
lancom.ulogd.SRC Source IP address of the logged packet. | text_general |
lancom.ulogd.DST Destination IP address of the logged packet. | text_general |
lancom.ulogd.IN Name of the incoming interface on which the packet was received. | text_general |
lancom.ulogd.OUT Name of the outgoing interface on which the packet was sent. | text_general |
lancom.ulogd.PROTO Protocol of the logged packet (e.g., TCP, UDP, ICMP). | string |
lancom.ulogd.dropped Indicates whether the packet was dropped (yes/no). | string |
lancom.ulogd.action Firewall action taken on the packet (e.g., ACCEPT, DROP). | string |
lancom.ulogd.SPT Source port number of the packet. | plong |
lancom.ulogd.DPT Destination port number of the packet. | plong |
lancom.ulogd.SEQ TCP sequence number of the packet. | plong |
lancom.ulogd.PKTS Total number of packets in the connection/session. | plong |
lancom.ulogd.BYTES Total number of bytes in the connection/session. | plong |
lancom.ulogd.event Raw event message or log record details. | text_general |
lancom.ulogd.TYPE Numeric type code associated with the packet or event. | pint |
lancom.ulogd.WINDOW TCP window size advertised by the sender. | plong |
lancom.ulogd.ID IP identification field value of the packet. | plong |
lancom.ulogd.ACK TCP acknowledgment number in the packet. | plong |
lancom.ulogd.URGP TCP urgent pointer value, if any. | plong |
lancom.ulogd.CODE ICMP code value for ICMP packets. | pint |
lancom.ulogd.PREC Type of Service (ToS) precedence bits. | string |
lancom.gpFilter.action Action applied by the group policy filter (e.g., allow, block). | string |
lancom.gpFilter.profile Name of the group policy profile used. | text_general |
lancom.gpFilter.domain Domain or URL category filtered by the policy. | text_general |
lancom.gpFilter.address IP address or subnet filtered by the policy. | text_general |
lancom.gpFilter.category Content category filtered by the policy (e.g., social media). | text_general |
lancom.gpFilter.direction Traffic direction to which the policy applies (inbound/outbound). | string |
lancom.gpAppFilterd.Action Action taken by the application filter (e.g., allowed, blocked). | string |
lancom.gpAppFilterd.In Inbound policy or rule name applied. | string |
lancom.gpAppFilterd.Out Outbound policy or rule name applied. | string |
lancom.gpAppFilterd.Mark Firewall mark or tag assigned to the flow. | string |
lancom.gpAppFilterd.State Connection state as tracked by the application filter (e.g., NEW, ESTABLISHED). | string |
lancom.gpAppFilterd.ConnId Unique connection identifier assigned by the filter. | string |
lancom.gpAppFilterd.Protocolstack Full protocol stack description of the flow (e.g., TCP/IPv4). | text_general |
lancom.gpAppFilterd.Destination Destination endpoint (IP:port) as seen by the application filter. | text_general |
lancom.gpAppFilterd.Source Source endpoint (IP:port) as seen by the application filter. | text_general |
lancom.suricata.Classification Suricata intrusion detection classification of the event. | text_general |
lancom.suricata.Severity Severity level assigned by Suricata to the alert. | pint |
lancom.suricata.SignatureId Identifier of the Suricata signature triggered. | plong |
lancom.suricata.Action Action taken by Suricata (e.g., pass, drop). | string |
lancom.suricata.Source Source IP address detected by Suricata. | text_general |
lancom.suricata.Destination Destination IP address detected by Suricata. | text_general |
lancom.suricata.Name Name of the Suricata rule or alert. | text_general |
lancom.suricata.Ruleset Name of the Suricata ruleset applied. | string |
lancom.suricata.Category Category of the Suricata alert (e.g., trojan, policy). | string |
Sample Log Event
Below is a representative JSON log entry showing key fields as they’re emitted by the system. Depending on the context of the event, some fields may be omitted if they’re not applicable.