OCI Parser Details
Following are the Oracle-defined parsers available in Oracle Logging Analytics to process the logs collected from Oracle Cloud Infrastructure services:
OCI Web Application Acceleration Log Format
Parser name: oci_waa_logtype
Example Content:
{
"data":{
"request":{
"id":"727b8fabcc23662a8ad3754d4a3573f2"
},
"response":{
"code":"200",
"size":"73805"
},
"timestamp":"2023-08-14T05:40:24+00:00"
},
"id":"6cf12c5a-846f-4394-b882-861c5b698032-waa-192433",
"oracle":{
"compartmentid":"ocid1.compartment.oc1.uniqueId",
"ingestedtime":"2023-08-14T05:40:33.086Z",
"loggroupid":"ocid1.loggroup.oc1.uniqueId",
"logid":"ocid1.log.oc1.uniqueId",
"resourceid":"ocid1.loadbalancer.oc1.uniqueId",
"tenantid":"ocid1.tenancy.oc1.uniqueId"
},
"source":"fortLB",
"specversion":"1.0",
"subject":"",
"time":"2023-08-14T05:40:24.526Z",
"type":"com.oraclecloud.loadbalancer.waa"
}
OKE Control Plane Log Format
Parser name: oci_oke_controlplane_logtype
Example Content:
{
"data": {
"level": "info",
"msg": "\"Event occurred\" object=\"oci-onm/oci-onm-discovery\" fieldPath=\"\" kind=\"CronJob\" apiVersion=\"batch/v1\" type=\"Normal\" reason=\"SuccessfulDelete\" message=\"Deleted job oci-onm-discovery-28283395\"",
"source": "event.go:294"
},
"id": "uniqueId",
"oracle": {
"compartmentid": "ocid1.compartment.oc1.uniqueId",
"ingestedtime": "2023-10-11T06:11:01.153Z",
"loggroupid": "ocid1.loggroup.oc1.uniqueId",
"logid": "ocid1.log.oc1.uniqueId",
"tenantid": "ocid1.tenancy.oc1.uniqueId"
},
"source": "kube-controller-manager",
"specversion": "1.0",
"time": "2023-10-11T06:10:08.813Z",
"type": "com.oraclecloud.kubernetes.cluster.controlplane"
}
OCI Service Connector Hub Log Format
Parser name: oci_service_connector_hub_logtype
Example Content:
{
"data": {
"level": "INFO",
"message": "Run succeeded - Read 2 messages from source and wrote 2 messages to target",
"messageType": "CONNECTOR_RUN_COMPLETED"
},
"id": "f83205ef-0bef-47d0-b6b2-362afc4a2e9a",
"oracle": {
"compartmentid": "ocid1.compartment.uniqueId",
"ingestedtime": "2023-08-02T00:10:28.990Z",
"loggroupid": "ocid1.loggroup.uniqueId",
"logid": "ocid1.log.uniqueId",
"resourceid": "ocid1.serviceconnector.uniqueId",
"tenantid": "ocid1.tenancy.uniqueId"
},
"source": "connectorName",
"specversion": "1.0",
"time": "2023-08-02T00:10:26.859Z",
"type": "com.oraclecloud.sch.serviceconnector.runlog"
}
OCI GoldenGate Log Format
Parser name: oci_golden_gate_logtype
Example Content:
[{
"time": "2023-05-25T09:21:05.192Z",
"source": "ocid1.goldengatedeployment.uniqueId",
"id": "uniqueId",
"oracle": {
"compartmentid": "ocid1.compartment.uniqueId",
"logid": "ocid1.log.uniqueId"
},
"specversion": "1.0",
"type": "com.oraclecloud.goldengate.deployment.process_logs",
"data": {
"message": "CSRFTokenProtection: ENABLED.\nCross-Site Request Forgery checks using CSRF-Tokens will be performed.",
"level": "INFO",
"resourceId": "ocid1.goldengatedeployment.uniqueId",
"processName": "distsrvr"
}
},
{
"ts": "2023-05-25T09:21:05.192Z",
"source": "ocid1.goldengatedeployment.uniqueId",
"id": "uniqueId",
"oracle": {
"compartmentid": "ocid1.compartment.uniqueId",
"logid": "ocid1.log.uniqueId"
},
"specversion": "1.0",
"type": "com.oraclecloud.goldengate.deployment.process_logs",
"data": {
"message": "CSRFTokenProtection: ENABLED.\nCross-Site Request Forgery checks using CSRF-Tokens will be performed.",
"level": "INFO",
"resourceId": "ocid1.goldengatedeployment.uniqueId",
"processName": "distsrvr"
}
}]
OCI Data Flow Spark Diagnostic Log Format
Parser name: oci_data_flow_spark_diagnostics_logtype
Example Content:
{
"data": {
"logLevel": "INFO",
"message": "Execution complete.",
"opcRequestId": "unique_ID",
"runId": "ocid1.dataflowrun.realm.region.unique_ID",
"thread": "shaded.dataflow.oracle.dfcs.spark.wrapper.DataflowWrapper"
},
"id": "unique_ID",
"oracle": {
"compartmentid": "ocid1.tenancy.oc1.unique_ID",
"ingestedtime": "2023-06-23T20:20:06.974Z",
"loggroupid": "ocid1.loggroup.realm.region.unique_ID",
"logid": "ocid1.log.realm.region.unique_ID",
"tenantid": "ocid1.tenancy.realm.region.unique_ID"
},
"source": "Sample CSV Processing App",
"specversion": "1.0",
"subject": "spark-driver",
"time": "2023-06-23T20:20:02.245Z",
"type": "com.oraclecloud.dataflow.run.driver"
}
OCI Application Performance Monitoring Log Format
Parser name: oci_application_performance_monitoring_logtype
Example Content:
{
"data": {
"arrivaltime": "2023-03-14T15:21:27.010Z",
"content": "{\\\"major-version\\\": 1, \\\"minor-version\\\": 0, \\\"payload-creation-ts-millis\\\": 1678807286000, \\\"resource\\\": {\\\"attributes\\\": [{\\\"key\\\": \\\"Component\\\", \\\"value\\\": \\\"BROWSER\\\"}, {\\\"key\\\": \\\"ServiceName\\\", \\\"value\\\": \\\"myService\\\"}, {\\\"key\\\": \\\"ApmrumLanguage\\\", \\\"value\\\": \\\"en-US\\\"}, {\\\"key\\\": \\\"ApmrumWindowId\\\", \\\"value\\\": \\\"\\\"}, {\\\"key\\\": \\\"SessionId\\\", \\\"value\\\": \\\"session-my1678807286000-3311688\\\"}, {\\\"key\\\": \\\"UserName\\\", \\\"value\\\": \\\"meUser\\\"}]}, \\\"spans\\\": [{\\\"id\\\": \\\"my1678807286000-3311688-2929311\\\", \\\"trace-id\\\": \\\"my1678807286000-3311688\\\", \\\"name\\\": \\\"Page Load myPage\\\", \\\"ts-micros\\\": 1678807284900000, \\\"td-micros\\\": 820619, \\\"kind\\\": \\\"PRODUCER\\\", \\\"attributes\\\": {\\\"ApmrumType\\\": \\\"Page\\\", \\\"WebApplicationName\\\": \\\"myWebapp\\\", \\\"PageInitTime\\\": 870, \\\"PageFirstByteTime\\\": 412, \\\"PageDownloadTime\\\": 17, \\\"PageRenderTime\\\": 994, \\\"PageInteractiveTime\\\": 341, \\\"ApmrumPageUpdateType\\\": \\\"Page Load\\\", \\\"HttpUrl\\\": \\\"http://www.example.com/myIndex.html\\\", \\\"HttpUrlHost\\\": \\\"http://www.example.com\\\", \\\"HttpUrlPath\\\": \\\"/myIndex.html\\\", \\\"HttpStatusCode\\\": 200, \\\"Error\\\": false}, \\\"links\\\": []}, {\\\"id\\\": 5797336, \\\"trace-id\\\": \\\"my1678807286000-3311688\\\", \\\"parent-id\\\": \\\"my1678807286000-3311688-2929311\\\", \\\"name\\\": \\\"Page Load page-0\\\", \\\"ts-micros\\\": 1678807284900000, \\\"td-micros\\\": 990000, \\\"kind\\\": \\\"PRODUCER\\\", \\\"attributes\\\": {\\\"ApmrumType\\\": \\\"Page\\\", \\\"WebApplicationName\\\": \\\"myWebapp\\\", \\\"PageInitTime\\\": 110, \\\"PageFirstByteTime\\\": 304, \\\"PageDownloadTime\\\": 5, \\\"PageRenderTime\\\": 732, \\\"PageInteractiveTime\\\": 401, \\\"ApmrumPageUpdateType\\\": \\\"Page Load\\\", \\\"HttpUrl\\\": \\\"http://www.example.com/myIndex.html\\\", \\\"HttpUrlHost\\\": \\\"http://www.example.com\\\", \\\"HttpUrlPath\\\": \\\"/myIndex.html\\\", \\\"HttpStatusCode\\\": 200, \\\"Error\\\": false}, \\\"links\\\": []}]}",
"contentlength": "1616",
"dataformat": "apm",
"dataformatversion": "1",
"message": "The request is rejected due to throttling limits.",
"obstype": "public-span",
"rejectioncause": "PAYLOAD_THROTTLED"
},
"id": "unique_ID",
"oracle": {
"compartmentid": "ocid1.compartment.oc1.unique_ID",
"ingestedtime": "2023-03-14T15:21:35.427Z",
"loggroupid": "ocid1.loggroup.oc1.phx.unique_ID",
"logid": "ocid1.log.oc1.phx.unique_ID",
"tenantid": "ocid1.tenancy.oc1.unique_ID"
},
"source": "ocid1.apmdomain.oc1.phx.unique_ID",
"specversion": "1.0",
"time": "2023-03-14T15:21:27.324Z",
"type": "com.oraclecloud.apm.domain.dropped-data"
}
OCI Media Flow service Log Format
Parser name: oci_media_flow_service_logtype
Example Content:
{
"data": {
"mediaWorkflowId": "ocid1.mediaworkflow.oc1.iad.UniqueID",
"mediaWorkflowJobId": "ocid1.mediaworkflowjob.oc1.iad.UniqueID",
"message": "Job execution SUCCEEDED",
"taskKey": "move",
"taskType": "getFiles"
},
"id": "e60adf8e-48be-4adc-83f4-315768905600",
"oracle": {
"compartmentid": "ocid1.compartment.oc1..UniqueID",
"ingestedtime": "2023-03-07T07:16:39.975Z",
"loggroupid": "ocid1.loggroup.oc1.iad.UniqueID",
"logid": "ocid1.log.oc1.iad.UniqueID",
"tenantid": "ocid1.tenancy.oc1..UniqueID"
},
"source": "ocid1.mediaworkflow.oc1.iad.UniqueID",
"specversion": "1.0",
"time": "2023-03-07T07:16:37.460Z",
"type": "com.oraclecloud.mediaservice.mediaworkflowjob.execution"
}
Oracle Operator Access Control Log Format
Parser name: oracle_operator_access_control_logtype
Example Content:
{
"data": {
"accessRequestId": "ocid1.opctlaccessrequest.oc1.ap-region.uniqueId",
"message": "type=PROCTITLE msg=audit(09/08/2021 09:01:24.335:34495595) : proctitle=ps -ef",
"status": "",
"systemOcid": "ocid1.exadatainfrastructure.oc1.region.uniqueId",
"target": "",
"timestamp": "2021-09-08T09:01:24.000Z"
},
"id": "b3b102aa-daee-4861-8e2c-123456789123",
"oracle": {
"compartmentid": "ocid1.tenancy.oc1.uniqueId",
"ingestedtime": "2021-09-08T16:02:26.182Z",
"loggroupid": "ocid1.loggroup.oc1.region.uniqueId",
"logid": "ocid1.log.oc1.region.uniqueId",
"tenantid": "ocid1.tenancy.oc1.uniqueId"
},
"source": "OperatorAccessControl",
"specversion": "1.0",
"time": "2021-09-08T16:01:52.989Z",
"type": "com.oraclecloud.opctl.audit"
}
OCI Load Balancer Access Log Format
Parser name: oci_loadbalancer_access_logtype
Example Content:
{
"data": {
"timestamp": "2020-09-28T17:10:39+00:00",
"clientAddr": "192.0.2.1:3427",
"host": "LB_VirtualAddress",
"backendAddr": "192.0.2.100:24443",
"requestProcessingTime": "0.003",
"backendConnectTime": "0.001",
"lbStatusCode": "200",
"receivedBytes": 100,
"sentBytes": 300,
"request": "GET /foo/abc",
"sslCipher": "ECDHE-RSA-AES256-GCM-SHA384",
"sslProtocol": "TLSv1.2",
"userAgent": "curl/7.29.0"
},
"id": "adbd63f2-0da7-4d9f-818b-308ee6-a-1849",
"oracle": {
"compartmentid": "ocid1.compartment.oc1..aaaaaaaaenufxomt",
"ingestedtime": "2020-09-28T17:10:47.369Z",
"loggroupid": "ocid1.loggroup.oc1.iad.amaaaaaamdyb6aia4c",
"logid": "ocid1.log.oc1.iad.amaaaaaamdyb6aiaqgflbcvgcfc",
"tenantid": "ocid1.tenancy.oc1..aaaaaaaau6w4ohcbz7otxxy"
},
"source": "logan-data-ingest-api-lb",
"specversion": "1.0",
"subject": "subject",
"time": "2020-09-28T17:10:39.266Z",
"type": "com.oraclecloud.loadbalancer.access"
}
OCI Load Balancer Error Log Format
Parser name: oci_loadbalancer_error_logtype
Example Content:
{
"data": {
"errorLog": {
"type": "healthChecker",
"errorDetails": {
"healthStatus": "Healthy to Unhealthy",
"backendSetName": "newtest",
"backend": "192.0.2.10:80",
"details": {
"date": 1596583722793,
"failures": 3,
"successes": 0,
"skips": 0,
"message": {
"statusCode": 200,
"expectedRegex": "^notexist$",
"msg": "response match result: failed",
"base641kData": "CjwhRE9DVFAAAAAAAAAAAAAAAAAAAAAABBBBBBBBBBBBBBBBBBBBBUwgMS4wIFRyYW5zaXRpb25hb++Q+CiAgICA8c3R5bGUgdHlwZT0i"
}
}
}
},
"timestamp": "2020-08-04T23:28:52+00:00"
},
"id": "7b06a283-140b-4870-8cda--e-0",
"oracle": {
"compartmentid": "ocid1.compartment.oc1..aaaaaaaaenufx",
"ingestedtime": "2020-10-07T06:02:40.433Z",
"loggroupid": "ocid1.loggroup.oc1.iad.amaaaaaamdyb6a",
"logid": "ocid1.log.oc1.iad.amaaaaaamdyb6aiadglsu6l",
"tenantid": "ocid1.tenancy.oc1..aaaaaaaau6w4ohcbz7o"
},
"source": "logan-scheduled-search-lb",
"specversion": "1.0",
"subject": "",
"time": "2020-10-07T06:02:34.564Z",
"type": "com.oraclecloud.loadbalancer.error"
}
OCI Function Log Format
Parser name: oci_function_logtype
Example Content:
{
"data": {
"applicationId": "ocid1.fnapp.oc1.region-1.abcdefg",
"containerId": "01EMNSA3300000000000000502",
"functionId": "ocid1.fnfunc.oci1.region-1.1112233abcdef",
"message": "2020-10-15 11:11:35,568 - root - INFO - Headers: {\"host\": [\"localhost\", \"abcdefg.apigateway.region-1.test\"], \"user-agent\": [\"lua-resty-http/0.14 (Lua) ngx_lua/10015\", \"curl/7.29.0\"], \"transfer-encoding\": \"chunked\", \"content-type\": [\"application/octet-stream\", \"application/octet-stream\"], \"date\": \"Thu, 15 Oct 2020 11:11:35 GMT\", \"fn-call-id\": \"01EMNZAH461BT0H4GZJ000VNEQ\", \"fn-deadline\": \"2020-10-15T11:12:05Z\", \"accept\": \"*/*\", \"cdn-loop\": \"v3pC1JgjsYAdqr6Qp6ZcMg\", \"forwarded\": \"for=192.168.0.21\", \"x-forwarded-for\": \"192.168.0.21\", \"x-myheader1\": \"headerValue\", \"x-real-ip\": \"192.168.0.21\", \"fn-http-method\": \"GET\", \"fn-http-request-url\": \"/V2/display-httprequest-info\", \"fn-intent\": \"httprequest\", \"fn-invoke-type\": \"sync\", \"oci-subject-id\": \"ocid1.apigateway.oc1.region-1.abcdef\", \"oci-subject-tenancy-id\": \"ocid1.tenancy.oc1..abcdef1234\", \"oci-subject-type\": \"resource\", \"opc-request-id\": \"/ABCDEF1122F08CD72BCDF9568DA7CC8B/01EMNZAH451BT0H4GZJ000VNEP\", \"x-content-sha256\": \"47DEQpj8HBSa+/TImW+123009abc=\", \"accept-encoding\": \"gzip\"}",
"requestId": "/ABCDEF1122F08CD72BCDF9568DA7CC8B/01EMNZAH451BT0H4GZJ000VNEP",
"src": "STDERR"
},
"id": "ceae7406-f7ba-43c4-ac12-1234",
"oracle": {
"compartmentid": "ocid1.compartment.oc1..12345abcdef",
"ingestedtime": "2020-10-15T11:11:35.802Z",
"loggroupid": "ocid1.loggroup.oci1.region-1.22222abcdef",
"logid": "ocid1.log.oci1.region-1.12345abcdef",
"tenantid": "ocid1.tenancy.oc1..abcdef1234"
},
"source": "HTTP-REQUEST",
"specversion": "1.0",
"subject": "http-request",
"time": "2020-10-15T11:11:35.000Z",
"type": "function message type"
}
OCI Events Log Format
Parser name: oci_events_logtype
Example Content:
{
"data": {
"eventId": "0d06215a-e51b-3616-93c6-123456789abc",
"message": "Event delivered successfully",
"ruleId": "ocid1.eventrule.oc1.abc.abcdef12345678901234567891234567812345678",
"target": "ocid1.stream.oc1.def.abcdef12345678901234567891234567812345698"
},
"id": "9c3cb4e7-e664-4bc7-a7c7-111223344",
"oracle": {
"compartmentid": "ocid1.compartment.abc.1111111111111111111111111111111111122222222222",
"ingestedtime": "2020-09-22T03:03:04.749Z",
"loggroupid": "ocid1.loggroup.oc1.iad.abcdef12345678901234567891234567812345677",
"logid": "ocid1.log.oc1.ghi.abcdef12345678901234567891234567812345678",
"tenantid": "ocid1.tenancy.oc1..aaaaaabcdef12345678901234567891234567812345666"
},
"source": "Stream Create Object events from log bucket to log stream",
"specversion": "1.0",
"time": "2020-09-22T03:02:54.000Z",
"type": "com.oraclecloud.eventsservice.eventrule.ruleexecutionlog"
}
OCI Object Storage Access Log Format
Parser name: oci_objectstorage_access_logtype
Example Content:
{
"data": {
"apiType": "native",
"authenticationType": "instance",
"bucketCreator": "Unknown",
"bucketId": "ocid1.bucket.oc1.abc.abcdef123456789",
"bucketName": "log",
"clientIpAddress": "192.0.2.1",
"compartmentId": "ocid1.compartment.oc1..abcdefg1234568888",
"compartmentName": "compartment_name",
"credentials": "abcdef123456789abcdef",
"eTag": "45385429-904b-4db1-866e-123",
"endTime": "2020-09-29T20:02:31.811Z",
"isPar": false,
"message": "Object retrieved.",
"namespaceName": "namespace_value",
"objectName": "object_name",
"opcRequestId": "iad-1:x-uGtXG5Wdk3abc",
"principalId": "ocid1.instance.oc1.12345",
"principalName": "UnknownPrincipal",
"region": "us-region-1",
"requestAction": "GET",
"requestResourcePath": "/n/namespace_value/b/log/o/object_name",
"startTime": "2020-09-29T20:02:31.787Z",
"statusCode": 200,
"tenantId": "ocid1.tenancy.oc1..6w4ohcbz7otxxy6kd",
"tenantName": "loganprod",
"userAgent": "Oracle-JavaSDK/1.19.3 (Linux/4.14.35-1902.305.4.el7uek.x86_64; Java/1.8.0_251; Java HotSpot(TM) 64-Bit GraalVM EE 19.3.2/25.251-b08-jvmci-20.1-b02-dev)",
"vcnId": "477016"
},
"id": "20919d7c-2d6d-401a-9858-123",
"oracle": {
"compartmentid": "ocid1.compartment.oc1..lxenat5opur",
"ingestedtime": "2020-09-29T20:02:37.678Z",
"loggroupid": "ocid1.loggroup.oc1.gmsmd5c7qmebnsyx7dm",
"logid": "ocid1.log.oc1.iz6lu3innhmdyb6aiamaaaaa",
"tenantid": "ocid1.tenancy.oc1..1234"
},
"source": "log",
"specversion": "1.0",
"subject": "subject value",
"time": "2020-09-29T20:02:31.811Z",
"type": "com.oraclecloud.objectstorage.getobject"
}
OCI API Gateway Access Log Format
Parser name: oci_api_gw_access_logtype
Example Content:
{
"data": {
"bodyBytesSent": 22,
"gatewayId": "ocid1.apigateway.oc1.region-1-ocidddddddd",
"httpUserAgent": "curl/7.29.0",
"message": "GET /V1/weather HTTP/1.1",
"opcRequestId": "/12345B88C07D061F8221193082B12345/12345801AEDEEF3BE80938595EEABCDE",
"remoteAddr": "192.0.2.1",
"requestDuration": 0.161,
"requestMethod": "GET",
"requestUri": "/V1/weather",
"serverProtocol": "HTTP/1.1",
"status": 200
},
"id": "571aab5c-f9a9-11ea-a9a1-ABC1234",
"oracle": {
"compartmentid": "ocid1.compartment.oc1..ABC1234OCID",
"ingestedtime": "2020-09-18T12:21:29.526Z",
"loggroupid": "ocid1.loggroup.oc1.region-1.12345ABC1234OCID",
"logid": "ocid1.log.oc1.region-1.AAAABBBB",
"tenantid": "ocid1.tenancy.oc1..AAA11223344"
},
"source": "Weather",
"specversion": "1.0",
"time": "2020-09-18T12:20:29.000Z",
"type": "com.oraclecloud.apigateway.apideployment.access"
}
OCI API Gateway Execution Log Format
Parser name: oci_api_gw_exec_logtype
Example Content:
{
"data": {
"code": "httpBackend.requestSent",
"functionId":"ocid1.fnfunc.oc1.region-1.123456",
"gatewayId": "ocid1.apigateway.oc1.region-1.AAA11223355",
"level": "INFO",
"message": "Sending request to upstream",
"opcRequestId": "/0431C52F31E68CE19AD638AAE1B05854/F6D390655FD11520B8566BF5046284CE"
},
"id": "cb851077-f9a8-11ea-a9a1-ABC1234",
"oracle": {
"compartmentid": "ocid1.compartment.oc1..ABC1234OCID",
"ingestedtime": "2020-09-18T12:17:28.699Z",
"loggroupid": "ocid1.loggroup.oc1.region-1.12345ABC1234OCID",
"logid": "ocid1.log.oc1.region-1.AAA11223356",
"tenantid": "ocid1.tenancy.oc1..AAA11223344"
},
"source": "Weather",
"specversion": "1.0",
"time": "2020-09-18T12:16:35.000Z",
"type": "com.oraclecloud.apigateway.apideployment.execution"
}
OCI Unified Schema Log Format
Parser name: oci_unifiedschema_logtype
Example Content:
{
"data": {
},
"id": "571aab5c-f9a9-11ea-a9a1-ABC1234",
"oracle": {
"compartmentid": "ocid1.compartment.oc1..ABC1234OCID",
"ingestedtime": "2020-09-18T12:21:29.526Z",
"loggroupid": "ocid1.loggroup.oc1.region-1.12345ABC1234OCID",
"logid": "ocid1.log.oc1.region-1.AAAABBBB",
"tenantid": "ocid1.tenancy.oc1..AAA11223344"
},
"source": "message source",
"specversion": "1.0",
"time": "2020-09-18T12:20:29.000Z",
"type": "message type"
}
OCI VCN Flow Unified Schema Format
Parser name: oci_vcn_flow_unifmt_logtype
Example Content:
{
"data": {
"action": "ACCEPT",
"bytesOut": 4843,
"destinationAddress": "192.0.2.11",
"destinationPort": 443,
"endTime": 1601204026,
"flowid": "27f8550a",
"packets": 15,
"protocol": 6,
"protocolName": "TCP",
"sourceAddress": "192.0.2.1",
"sourcePort": 46660,
"startTime": 1601204026,
"status": "OK",
"version": "2"
},
"id": "409971d6",
"oracle": {
"compartmentid": "ocid1.compartment.oc1..aaaaaaaaenufxomtrgajc",
"ingestedtime": "2020-09-27T10:54:41.449Z",
"loggroupid": "ocid1.loggroup.oc1.iad.amaaaaaamdyb6aia4clhgcw",
"logid": "ocid1.log.oc1.iad.amaaaaaamdyb6aiaon3xwya2hcrsdnn",
"tenantid": "ocid1.tenancy.oc1..aaaaaaaau6w4ohcbz7otxxy6kdtk",
"vniccompartmentocid": "ocid1.compartment.oc1..aaaaaaaaywgrjl",
"vnicocid": "ocid1.vnic.oc1.iad.abuwcljtw",
"vnicsubnetocid": "ocid1.subnet.oc1.iad.aaaaaaaaz"
},
"source": "ocid1.subnet.oc1.iad.aaaaaaaaz",
"specversion": "1.0",
"subject": "ocid1.vnic.oc1.iad.abuwcljtw",
"time": "2020-09-27T10:53:46.000Z",
"type": "com.oraclecloud.vcn.flowlogs.DataEvent"
}
OCI Audit Unified Schema Format
Parser name: oci_audit_unifmt_logtype
Example Content:
{
"data": {
"additionalDetails": {
"bucketName": "test",
"namespace": "testns"
},
"availabilityDomain": "PHX-AD-2",
"compartmentId": "ocid1.compartment.oc1..123",
"compartmentName": "comp_name",
"definedTags": {
"SE_Details": {
"SE_Name": "oracleidentitycloudservice/abc@xyz.com"
}
},
"eventGroupingId": "phx-1:lH2NMx2NqKIvfgVS-123",
"eventName": "GetBucket",
"freeformTags": {},
"identity": {
"authType": null,
"callerId": null,
"callerName": null,
"consoleSessionId": null,
"credentials": "ST$12345",
"ipAddress": "192.0.2.1",
"principalId": "objectstorage-region-1/11:22:33:44:55",
"principalName": "objectstorage-us-phoenix-1",
"tenantId": "ocid1.tenancy.oc1..123",
"userAgent": "Oracle-JavaSDK/1.19.0 (Linux/4.1.12-124.41.5.el7uek.x86_64; Java/1.8.0_262; OpenJDK 64-Bit Server VM/25.262-b10)"
},
"message": "Bucket details retrieved.",
"request": {
"action": "GET",
"headers": {
"Accept": [
"application/json"
],
"User-Agent": [
"Oracle-JavaSDK/1.19.0 (Linux/4.1.12-124.41.5.el7uek.x86_64; Java/1.8.0_262; OpenJDK 64-Bit Server VM/25.262-b10)"
],
"X-Forwarded-For": [
"192.0.2.1"
],
"X-Forwarded-Host": [
"casperv2.svc.ad2.r2:443"
],
"X-Forwarded-Port": [
"443"
],
"X-Forwarded-Proto": [
"https"
],
"X-Real-IP": [
"192.0.2.1"
],
"authorization": [
"Signature headers=abc"
],
"date": [
"Tue, 06 Oct 2020 19:39:42 UTC"
],
"opc-client-info": [
"Oracle-JavaSDK/1.19.0"
],
"opc-request-id": [
"1234"
]
},
"id": "phx-1:lH2NMx2NqKIvfgVS-123",
"parameters": {
"fields": [
"approximateCount,approximateSize"
],
"param0": [
"orasenatdoracledigital01"
],
"param1": [
"demo-videos-bucket"
]
},
"path": "/n/orasenatdoracledigital01/b/demo-videos-bucket?fields=approximateCount%2CapproximateSize"
},
"resourceId": "/n/orasenatdoracledigital01/b/demo-videos-bucket?fields=approximateCount%2CapproximateSize",
"response": {
"headers": {
"Content-Length": [
"886"
],
"Content-Type": [
"application/json"
],
"access-control-allow-credentials": [
"true"
],
"access-control-allow-methods": [
"POST,PUT,GET,HEAD,DELETE,OPTIONS"
],
"access-control-allow-origin": [
"*"
],
"access-control-expose-headers": [
"access-control-allow-credentials,access-control-allow-methods,access-control-allow-origin,cache-control,content-length,content-type,date,etag,opc-client-info,opc-request-id,x-api-id"
],
"cache-control": [
"no-store"
],
"date": [
"Tue, 06 Oct 2020 19:39:42 GMT"
],
"etag": [
"bf94b264-a671-41cd-bfde-4819ff0c5ede"
],
"opc-request-id": [
"phx-1:lH2NMx2NqKIvfgVS-123"
],
"x-api-id": [
"native"
]
},
"message": null,
"payload": {
"id": "/n/dd/b/demo-videos-bucket?fields=approximateCount%2CapproximateSize",
"resourceName": "/n/dd/b/demo-videos-bucket?fields=approximateCount%2CapproximateSize"
},
"responseTime": "2020-10-06T19:39:42.313Z",
"status": "200"
},
"stateChange": null
},
"dataschema": "2.0",
"id": "123-ebb2-6a52-d10c-123",
"oracle": {
"compartmentid": "ocid1.compartment.oc1..123",
"ingestedtime": "2020-10-06T19:39:42.521Z",
"loggroupid": "_Audit",
"tenantid": "ocid1.tenancy.oc1..123"
},
"source": "demo-videos-bucket",
"specversion": "1.0",
"time": "2020-10-06T19:39:42.313Z",
"type": "com.oraclecloud.objectstorage.getbucket"
}
OCI Audit Log Format
Parser name: omc_oci_audit_logtype
Example Content:
{
"tenantId":"ocid1.tenancy.oc1..aaaaaaaagABCDEFGHKUYGASDGADDGADAGADGDAGJDAGGDjiujvy2hjgxvabc",
"compartmentId":"ocid1.tenancy.oc1..aaaaaaaauAADBCISHGDKUHAFFFFFFFFFDDDDDDDDDDDDxjlcnunxo2hbsixyz",
"compartmentName":"mycompname",
"eventId":"762d978e-f995-4208-93cf-af0e97bca529",
"eventName":"GetCapabilities",
"eventSource":"Compartments",
"eventType":"ServiceAPI",
"eventTime":"2019-09-25T15:38:48.784Z",
"principalId":"ocid1.user.oc1..aaaaaaaaabcdefghiklm6hh2fv4szofhnz62nkzdvtalajs3nzvrmcdxyza",
"credentialId":"ST$ABCDEFGHIJKLM3dfb2MxXzIwMTktMDRABCDEFGHIJKLMOiJSUzI1NiJ9eyJzd-p-9SFwuT86c-M5QC8gDZfMJ6u2Wwuu6eb91U7J3xVZdxRIHiloz20wm3JoGww7Q0YwpwV4Zyrub0c0UrW_xyzKLJYBAADYLBD",
"requestAction":"GET",
"requestId":"34d8ed99-e62c-4425-96d3-118ea684/1232AD2DD02E066E005B4A35F8B931E8/17BB11E992A4D540996942C24175C3A1",
"requestAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.90 Safari/537.36",
"requestHeaders":{
"Origin":[
"https://console.us-ashburn-1.oraclecloud.com"
],
"Accept":[
"*/*"
],
"X-Forwarded-Proto":[
"http"
],
"X-Forwarded-Host":[
"identity.us-phoenix-1.oraclecloud.com:80"
],
"User-Agent":[
"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.90 Safari/537.36"
],
"Referer":[
"https://console.us-ashburn-1.oraclecloud.com/a/identity/users/ocid1.user.oc1..aaaaaaaabfABCDEFGHIJKLMN123456789nz62nkzdvtalajs3nzvrmcdqhvq"
],
"Sec-Fetch-Site":[
"same-site"
],
"Accept-Encoding":[
"gzip, deflate, br"
],
"X-Forwarded-Port":[
"80"
],
"x-date":[
"Wed, 25 Sep 2019 15:38:48 GMT"
],
"Sec-Fetch-Mode":[
"cors"
],
"Authorization":[
"Signature keyId=\"ST$eyJraWQiOiJhABNCDEFILUYADLBDUYDADjciLCJhbGciOiJIj.E-p-EE0FzMWBsv_sixzmzbxuasdKJFYKVBLjkPLzH-9SFwuT86c-M5QC8gDZfMJ6u2WwuuasdklhdanaABCDEFGHloz20wm3JoGww7Q0YwpwV4ajsfdkavkdgkbjdVVVVVVVaasdadw\",version=\"1\",algorithm=\"rsa-sha256\",headers=\"(request-target) host x-date\",signature=\"*****\""
],
"Opc-Request-Id":[
"34d8ed99-e62c-4425-96d3-118ea6844100"
],
"X-Forwarded-For":[
"192.0.2.19, 192.0.2.1"
],
"Accept-Language":[
"en-US,en;q=0.9,fr;q=0.8"
],
"Opc-Client-Info":[
"Oracle-HgConsole/0.0.1"
],
"X-Real-IP":[
"192.0.2.1"
],
"oci-original-url":[
"http://identity.us-phoenix-1.oraclecloud.com/20160918/compartments/ocid1.tenancy.oc1..aaaaaaaauj75yrhgABCJKFKALBSDYADTVKDA6e5c7nxlxjlcnAJDGDJAHGDA/capabilities"
]
},
"requestOrigin":"192.0.2.11",
"requestResource":"/20160918/compartments/ocid1.tenancy.oc1..aaaaaaaauj7JAHGDVKADUGashgajssJHGJKDKVSJYTDSVKUDTKSYTSKbs6ca/capabilities",
"responseHeaders":{
"Access-Control-Expose-Headers":[
"opc-previous-page,opc-next-page,opc-client-info,ETag,opc-total-items,opc-request-id,Location"
],
"Cache-Control":[
"no-cache, no-store, must-revalidate"
],
"Access-Control-Allow-Origin":[
"https://console.us-ashburn-1.oraclecloud.com"
],
"Access-Control-Allow-Credentials":[
"true"
],
"Vary":[
"Origin"
],
"Pragma":[
"no-cache"
],
"opc-request-id":[
"34d8ed99-e62c-4425-96d3-118ea684/1232ADABCJASHSDGAS234523234231E8/JADFVADTDATDAD40996942C24175C3A1"
],
"Date":[
"Wed, 25 Sep 2019 15:38:48 GMT"
],
"Content-Type":[
"application/json"
]
},
"responseStatus":"200",
"responseTime":"2019-09-25T15:38:48.851Z",
"responsePayload":{
"resourceName":"logandev",
"id":"ocid1.tenancy.oc1..aaaaaaaauj7RABCDEFGHxktbikwiqtywqdqbbbbbbaaaaaaaaanxo2hbs6ca"
},
"userName":"user100"
}
OCI Audit Log Format v2
Parser name: omc_oci_audit_logtype_v2
Example Content:
{
"eventType":"com.oraclecloud.virtualNetwork.CreateVcn",
"cloudEventsVersion":"0.1",
"eventTypeVersion":"2.0",
"source":"virtualNetwork",
"eventId":"1fd6329b-6e11-40a5-bb48-b4db04cce956",
"eventTime":"2019-12-08T03:08:53.799Z",
"contentType":"application/json",
"data":{
"eventGroupingId":"csid0234d20c41bcafe8ae4426aa5e56/6c9d69d339e8464598b2d7",
"eventName":"CreateVcn",
"compartmentId":"ocid1.compartment.oc1..aaaaaaaa2bhu3kzsu5jhmsstbf4olwmd",
"compartmentName":"storage",
"availabilityDomain":"AD",
"identity":{
"principalName":"user1",
"principalId":"ocid1.user.oc1..aaaaaaaa36xdrbtaqilj7zqdkfotn2u53kq5a",
"authType":"natf",
"tenantId":"ocid1.tenancy.oc1..aaaaaaaagkbzgg6lpzrf47xzy4rjoxg4de6n",
"credentials":"ABCDEF0123456789",
"userAgent":"Mozilla/5.0 (Windows NT 10.0; WOW64; rv:68.0) Gecko/20100101 Firefox/68.0",
"consoleSessionId":"ABCDEF34d20c41bcafe8ae4426aa5e56",
"ipAddress":"192.0.2.1"
},
"request":{
"id":"39e8464598b2d76e3dc9f256/E60985C6435ECBF85AAAABBBCCCCD020",
"path":"/20160918/vcns",
"action":"POST",
"parameters":{
},
"headers":{
"Origin":[
"https://compute.plugins.oci.dummy.com"
],
"Accept":[
"*/*"
],
"User-Agent":[
"Mozilla/5.0 (Windows NT 10.0; WOW64; rv:68.0) Gecko/20100101 Firefox/68.0"
],
"Referer":[
"https://compute.plugins.oci.dummy.com/compute/instances/create"
],
"Connection":[
"keep-alive"
],
"Accept-Encoding":[
"gzip, deflate, br"
],
"x-date":[
"Sun, 08 Dec 2019 03:08:53 GMT"
],
"Authorization":[
"Signature keyId=\"ABCDEF0123456789-SZOT-By3-kG5Jgfbu2Zyw4Xq8va6TymkuoPw\",version=\"1\",headers=\"(request-target) host content-length content-type opc-request-id x-date\",signature=\"*****\""
],
"Accept-Language":[
"en-US,en;q=0.5"
],
"Content-Length":[
"231"
],
"opc-request-id":[
"ABCDEF0123456789339e8464598b2d76e3dc9f256"
],
"Content-Type":[
"application/json"
]
}
},
"response":{
"status":"404",
"responseTime":"2019-12-08T03:08:53.799Z",
"headers":{
"Access-Control-Expose-Headers":[
"opc-previous-page,opc-next-page,opc-client-info,ETag,opc-work-request-id,opc-total-items,opc-request-id,Location"
],
"Access-Control-Allow-Origin":[
"https://compute.plugins.oci.oraclecloud.com"
],
"Access-Control-Allow-Credentials":[
"true"
],
"X-Content-Type-Options":[
"nosniff"
],
"Connection":[
"keep-alive"
],
"Content-Length":[
"111"
],
"opc-request-id":[
"ABCDEF0123456789b2d76e3dc9f256/E60985C64112233333B2BA2CB7A8D020"
],
"Date":[
"Sun, 08 Dec 2019 03:08:53 GMT"
],
"Content-Type":[
"application/json"
]
},
"message":"CreateVcn failed with response 'NotAuthorizedOrNotFound'"
},
"stateChange":{
"previous": "previous state",
"current": "current state"
},
"additionalDetails":{
},
"internalDetails":{
}
}
}
OCI DevOps Log Format
Parser name: oci_devopslog_logtype
Example Content:
{
"specversion": "1.0",
"type": "com.oraclecloud.devops.deployment",
"source": "Project name",
"subject": "ocid1.instance.oc1.region.uniqueID",
"id": "e3002eaa-d717-472e-8474-d024943a0f27",
"time": "2020-10-18T21:02:40.58Z",
"oracle": {
"logid": "ocid1.log.oc1.region.uniqueID",
"loggroupid": "ocid1.loggroup.oc1.region.uniqueID",
"tenantid": "ocid1.tenant.oc1.region.uniqueID",
"compartmentid": "ocid1.compartment.oc1.region.uniqueID",
"ingestedtime": "2020-10-18T21:02:40.58Z"
},
"data": {
"deploymentId": "ocid1.devopsdeployment.oc1.region.uniqueID",
"deployPipelineId": "ocid1.devopsdeploypipeline.oc1.region.uniqueID",
"deployStageId": "ocid1.devopsdeploystage.oc1.region.uniqueID",
"message": "Manual Approval stage: Waiting for required approvals",
"producer": "DEVOPS_SERVICE"
}
}
OCI DevOps Build Log Format
Parser name: oci_devopsbuild_logtype
Example Content:
{
"specversion": "1.0",
"type": "com.oraclecloud.devops.build",
"source": "project name",
"subject": "ocid1.devopsbuildrun.oc1.region.uniqueID",
"id": "27868e6f-b91d-4318-868e-6fb91d9318e9",
"time": "2020-10-18T21:02:40.58Z",
"oracle": {
"logid": "ocid1.log.oc1.region.uniqueID",
"loggroupid": "ocid1.loggroup.oc1.region.uniqueID",
"tenantid": "ocid1.tenancy.oc1.uniqueID",
"compartmentid": "ocid1.compartment.oc1.uniqueID",
"ingestedtime": "2020-10-18T21:02:40.58Z"
},
"data": {
"buildPipelineId": "ocid1.devopsbuildpipeline.oc1.region.uniqueID",
"buildRunId": "ocid1.devopsbuildrun.oc1.region.uniqueID",
"buildStageId": "ocid1.devopsbuildpipelinestage.oc1.region.uniqueID",
"message": "Starting BUILD_SPEC_EXECUTION",
"producer": "DEVOPS_SERVICE"
}
}
OCI Email Delivery Log Format
Parser name: oci_emaildelivery_logtype
Example Content:
{
"specversion": "1.0",
"type": "com.oraclecloud.emaildelivery.emaildomain.outboundrelayed",
"source": "example.com",
"time": "2021-02-20T09:01:40.000Z",
"id": "2eefd817-0a53-4be0-990c-224708aff337",
"oracle": {
"logid": "ocid1.log.oc1.region.uniqueID"
},
"data": {
"action": "relay",
"messageId": "12345",
"sender": "support@example.com",
"senderCompartmentId": "ocid1.compartment.oc1.region.uniqueID",
"senderId": "ocid1.emailsender.oc1.region.uniqueID",
"recipient": "user@example.com",
"receivingDomain": "example.com",
"sourceAddress": "192.0.2.10",
"dkimSelector": "selector1",
"messageSizeInKiB": 2,
"recipientMailServer": "bmta.email.region.oraclecloud.com (198.51.100.1)",
"internalProcessingDurationInMs": 20,
"tlsCipher": "TLS_AES_128_GCM_SHA256",
"sendingPoolName": "REGOCIVMTAs",
"bounceCategory": "bad-mailbox",
"bounceCode": "5.1.1",
"reportGeneratedTime": "2021-02-24T22:50:22.123Z",
"originalMessageAcceptedTime": "2021-02-23T22:50:22.123Z",
"headers": {
"X-Campaign-ID": "campaign1",
"Recipient-Group-ID": "group1",
"Sub-Account-ID": "account1"
},
"errorType": "Authorization failure",
"smtpStatus": "550 5.1.1 unknown or illegal alias: 974-4710-b440-52e9e1a70cb8-user@example.com",
"message": "Email approved Body From address: support@example.com is not authorized or not found"
}
}
OCI Site-to-Site VPN Log Format
Parser name: oci_site2sitevpn_logtype
Example Content:
{
"data":
{
"message":" \"2062988354_1\": terminating SAs using this connection",
"tunnelId":"ocid1.ipsectunnel.oc1.region.uniqueID"
},
"id":"e3002eaa-d717-472e-8474-d024943a0f27",
"oracle":
{
"compartmentid":"ocid1.compartment.oc1.region.uniqueID",
"ingestedtime":"2021-02-18T18:22:01.453Z",
"loggroupid":"ocid1.loggroup.oc1.region.uniqueID",
"logid":"ocid1.log.oc1.region.uniqueID",
"tenantid":"ocid1.tenancy.oc1.region..uniqueID"
},
"source":"ocid1.ipsecconnection.oc1.region.uniqueID",
"specversion":"1.0",
"time":"2021-02-18T18:21:52.024Z",
"type":"com.oraclecloud.vpn.ipseclog.read"
}
OCI WAF Log Format
Parser name: oci_waf_logtype
Example Content:
{
"data": {
"backendStatusCode": "200",
"clientAddr": "192.0.2.150",
"countryCode": "us",
"host": "hostnamefoo",
"listenerPort": "80",
"request": {
"httpVersion": "HTTP/1.1",
"id": "685e4e2015eb0ebeea93123456789",
"method": "GET",
"path": "/?tst=KztAAU"
},
"requestAccessControl": {
"matchedRules": "block_test_host_url"
},
"requestProtection": {
"matchedData": "Matched Data: KztAAU found within ARGS:tst",
"matchedIds": "944210_v001",
"matchedRules": "Java_Code_Injection"
},
"response": {
"code": "401",
"size": "303"
},
"responseAccessControl": {
"matchedRules": "1st_rule"
},
"responseProtection": {},
"responseProvider": "requestProtection/Java_Code_Injection",
"timestamp": "2021-09-29T15:52:47Z"
},
"id": "5c328018-f7d1-45ac-8d66-af0ad919bd85-waf-342734",
"oracle": {
"compartmentid": "ocid1.compartment.oc1.region.uniqueId",
"ingestedtime": "2021-09-29T15:52:53.764Z",
"loggroupid": "ocid1.loggroup.oc1.region.uniqueId",
"logid": "ocid1.log.oc1.region.uniqueId",
"resourceid": "ocid1.webappfirewall.oc1.region.uniqueId",
"tenantid": "ocid1.tenancy.oc1.region.uniqueId"
},
"source": "lbwaf_source",
"specversion": "1.0",
"subject": "",
"time": "2021-09-29T15:52:47.875Z",
"type": "com.oraclecloud.loadbalancer.waf"
}
OCI Web Application Acceleration Log Format
Parser name: oci_waa_logtype
Example Content:
{
"data":{
"request":{
"id":"727b8fabcc23662a8ad3754d4a3573f2"
},
"response":{
"code":"200",
"size":"73805"
},
"timestamp":"2023-08-14T05:40:24+00:00"
},
"id":"6cf12c5a-846f-4394-b882-861c5b698032-waa-192433",
"oracle":{
"compartmentid":"ocid1.compartment.oc1.uniqueId",
"ingestedtime":"2023-08-14T05:40:33.086Z",
"loggroupid":"ocid1.loggroup.oc1.uniqueId",
"logid":"ocid1.log.oc1.uniqueId",
"resourceid":"ocid1.loadbalancer.oc1.uniqueId",
"tenantid":"ocid1.tenancy.oc1.uniqueId"
},
"source":"fortLB",
"specversion":"1.0",
"subject":"",
"time":"2023-08-14T05:40:24.526Z",
"type":"com.oraclecloud.loadbalancer.waa"
}
OCI Integration Activity Stream Log Format
Parser name: oci_integration_actstream_logtype
Example Content:
{
"data": {
"actionName": "log2",
"actionType": "Logger",
"operationName": "execute",
"endpointName": "helloWorld",
"instanceId": "65202025",
"executionTimeInMillis":"1",
"integrationFlowIdentifier": "HELLO_WORLD!01.02.0000",
"message": "Length of parameter is 4",
"userId": "user@domain.com"
},
"id": "38c5cc58-f9f6-11eb-bee4-0200170046fa",
"oracle": {
"compartmentid": "ocid1.compartment.oc1.region.uniqueID",
"ingestedtime": "2021-07-10T16:16:01.527Z",
"loggroupid": "ocid1.loggroup.oc1.region.uniqueID",
"logid": "ocid1.log.oc1.region.uniqueID",
"tenantid": "ocid1.tenancy.oc1.region.uniqueID"
},
"source": "HelloWorld Integration Instance",
"specversion": "1.0",
"time": "2021-07-10T16:15:59.469Z",
"type": "com.oraclecloud.integration.integrationinstance.activitystream"
}
OCI Network Firewall Threat Log Format
Parser name: oci_network_firewall_threat_logtype
Example Content:
{
"data": {
"action": "alert",
"device_name": "PA-VM",
"direction": "server-to-client",
"dst": "192.0.2.250",
"dstloc": "192.0.2.1-192.0.2.254",
"dstuser": "no-value",
"firewall-id": "ocid1.networkfirewall.oc1.region.uniqueID",
"proto": "udp",
"receive_time": "2022/10/18 14:27:15",
"rule": "AllowAll",
"sessionid": "613924",
"severity": "informational",
"src": "203.0.113.1",
"srcloc": "United States",
"srcuser": "no-value",
"subtype": "vulnerability",
"thr_category": "protocol-anomaly",
"threatid": "Non-RFC Compliant DNS Traffic on Port 53/5353"
},
"id": "ab991b1b-286a-4968-b1a2-77b31bf0fa12",
"oracle": {
"compartmentid": "ocid1.tenancy.oc1.region.uniqueID",
"ingestedtime": "2022-10-18T14:27:37.295Z",
"loggroupid": "ocid1.loggroup.oc1.region.uniqueID",
"logid": "ocid1.log.oc1.region.uniqueID",
"tenantid": "ocid1.tenancy.oc1.region.uniqueID"
},
"source": "ocid1.networkfirewall.oc1.region.uniqueID",
"specversion": "1.0",
"time": "2022-10-18T14:27:15.000Z",
"type": "com.oraclecloud.networkfirewall.threat"
}
OCI Network Firewall Traffic Log Format
Parser name: oci_network_firewall_traffic_logtype
Example Content:
{
"data": {
"action": "allow",
"bytes": "588",
"bytes_received": "0",
"bytes_sent": "588",
"chunks": "0",
"chunks_received": "0",
"chunks_sent": "0",
"config_ver": "2561",
"device_name": "PA-VM",
"dport": "0",
"dst": "192.0.2.2",
"dstloc": "India",
"firewall-id": "ocid1.networkfirewall.oc1.region.uniqueID",
"packets": "6",
"pkts_received": "0",
"pkts_sent": "6",
"proto": "icmp",
"receive_time": "2022/08/27 08:00:52",
"rule": "AllowAll",
"rule_uuid": "ce6bc5b0-3ea8-4592-85f6-b470c4702e1f",
"serial": "192743405F7D70D",
"sessionid": "32114",
"sport": "0",
"src": "198.51.100.10",
"srcloc": "198.51.100.1-198.51.100.254",
"time_received": "2022/08/27 08:00:52"
},
"id": "5e905ffe-a528-420d-a9df-7b1b2c221cdf",
"oracle": {
"compartmentid": "ocid1.tenancy.oc1.region.uniqueID",
"ingestedtime": "2022-08-27T08:00:56.004Z",
"loggroupid": "ocid1.loggroup.oc1.region.uniqueID",
"logid": "ocid1.log.oc1.region.uniqueID",
"tenantid": "ocid1.tenancy.oc1.region.uniqueID"
},
"source": "ocid1.networkfirewall.oc1.region.uniqueID",
"specversion": "1.0",
"time": "2022-08-27T08:00:52.000Z",
"type": "com.oraclecloud.networkfirewall.traffic"
}