Parsers and Generated Fields
Tag Fields Created by Parser aruba-clearpass
#Cps.version
#Vendor
#ecs.version
#event.dataset
#event.kind
#event.module
#event.outcome
#observer.type
Fields Identified by Parser aruba-clearpass
| Vendor Field | CPS Field | Description |
|---|---|---|
| Vendor.Endpoint.IP-Address | client.ip | Direct mapping |
| Vendor.Endpoint.MAC-Address | client.mac | Direct mapping |
| Vendor.eventId | event.id | Direct mapping |
| Vendor.eventId | event.id | |
| Vendor.RADIUS.Acct-NAS-IP-Address | observer.ip | Direct mapping |
| Vendor.RADIUS.Acct-NAS-Port | observer.port | Direct mapping |
| Vendor.swVersion | observer.version | Direct mapping |
| Vendor.CppmNode.CPPM-Node | server.ip | Direct mapping |
| Vendor.RADIUS.Acct-Framed-IP-Address | source.ip | Direct mapping |
| Vendor.Common.Username; | user.name | |
| Vendor.Endpoint.Username | user.name | When Endpoint.Username exists |
| Vendor.RADIUS.Acct-Username | user.name | When RADIUS.Acct-Username exists |
| Vendor.Endpoint.Username | user.name | |
| Vendor.Common.Username | user.name, user.domain | Extracts domain and username when in format domain/username |
Tag Fields Created by Parser clearpass-syslog
#Cps.version
#Vendor
#ecs.version
#event.dataset
#event.kind
#event.module
#event.outcome
#observer.type
Fields Identified by Parser clearpass-syslog
| Vendor Field | CPS Field | Description |
|---|---|---|
| Vendor.eventId | event.id | |
| Vendor.Endpoint.Username; | user.name |