This topic contains information about supported fields in DHCP log messages for BloxOne Universal DDI. It also contains corresponding field elements in CEF and LEEF formats via the syslog protocol and Splunk CIM via Splunk forwarder.
...
The following table contains supported fields in DHCP logs for BloxOne Universal DDI and their corresponding field elements for other supported message formats.
...
Internal field | Product | CEF | LEEF | Splunk CIM | Description |
---|---|---|---|---|---|
Cltt | B1DDI | timestamp* | timestamp* | timestamp* | Date/Time |
B1DDI | cat | cat | DHCP Lease $LeaseOp | ||
B1DDI | app | app | DHCP | ||
Host (based on HostID) | B1DDI | InfobloxHost | InfobloxHost | infoblox_host | Hostname of the DHCP server (host) |
HostIP (based on HostID) | B1DDI | dst | dst | infoblox_ip | IP of the DHCP Server (host) |
IPSpace (based on subnet uuid or lease uuid) | B1DDI | InfobloxIPSpace | InfobloxIPSpace | dhcp_ip_space | IP Space name |
Subnet | B1DDI | InfobloxSubnet | InfobloxSubnet | dhcp_subnet | Subnet in CIDR format |
RangeStart | B1DDI | InfobloxRangeStart | InfobloxRangeStart | dhcp_range_start | DHCP range start |
RangeEnd | B1DDI | InfobloxRangeEnd | InfobloxRangeEnd | dhcp_range_end | DHCP range end |
LeaseOp | B1DDI | InfobloxLeaseOp | InfobloxLeaseOp | action | Create, Update, Delete, Abandon |
Address | B1DDI | src | src identSrc | dest dest_ip | IP address |
HWAddr | B1DDI | smac | srcMAC | dest_mac | MAC address, colon separated hexadecimal |
ClientID | B1DDI | InfobloxClientID | InfobloxClientID | client_id | ClientID, colon separated hexadecimal |
DUID | B1DDI | InfobloxDUID | InfobloxDUID | dest_duid | IPv6 DUID. Future releases. |
Hostname | B1DDI | shost | identHostName | dest_nt_host | Hostname used by client |
Lifetime | B1DDI | InfobloxLifetime | InfobloxLifetime | lease_duration | The lifetime of the lease allocated by server |
LeaseUUID | B1DDI | InfobloxLeaseUUID | InfobloxLeaseUUID | dhcp_lease_uuid | Lease UUID |
FingerprintProcessed | B1DDI | InfobloxFingerprintPr | InfobloxFingerprintPr | dhcp_fingerprinted | true/false |
Fingerprint | B1DDI | InfobloxFingerprint | InfobloxFingerprint | dhcp_fingerprint | DHCP Fingerprint |
Options | InfobloxDHCPOptions | InfobloxDHCPOptions | dhcp_options | "Option_Code1=Option_Value1;Option_Code2=Option_Value2;...;Option_CodeN=Option_ValueN" | |
- | B1DDI | vendor_product | For CIM: Infoblox BloxOne Universal DDI | ||
B1DDI | signature | "DHCP lease" |
...
This topic contains information about supported fields in DHCP log messages for BloxOne Universal DDI. It also contains corresponding field elements in CEF and LEEF formats via the syslog protocol and Splunk CIM via Splunk forwarder.
...
The following table contains supported fields in DHCP logs for BloxOne Universal DDI and their corresponding field elements for other supported message formats.
...
Internal field | Product | CEF | LEEF | Splunk CIM | Description |
---|---|---|---|---|---|
Cltt | B1DDI | timestamp* | timestamp* | timestamp* | Date/Time |
B1DDI | cat | cat | DHCP Lease $LeaseOp | ||
B1DDI | app | app | DHCP | ||
Host (based on HostID) | B1DDI | InfobloxHost | InfobloxHost | infoblox_host | Hostname of the DHCP server (host) |
HostIP (based on HostID) | B1DDI | dst | dst | infoblox_ip | IP of the DHCP Server (host) |
IPSpace (based on subnet uuid or lease uuid) | B1DDI | InfobloxIPSpace | InfobloxIPSpace | dhcp_ip_space | IP Space name |
Subnet | B1DDI | InfobloxSubnet | InfobloxSubnet | dhcp_subnet | Subnet in CIDR format |
RangeStart | B1DDI | InfobloxRangeStart | InfobloxRangeStart | dhcp_range_start | DHCP range start |
RangeEnd | B1DDI | InfobloxRangeEnd | InfobloxRangeEnd | dhcp_range_end | DHCP range end |
LeaseOp | B1DDI | InfobloxLeaseOp | InfobloxLeaseOp | action | Create, Update, Delete, Abandon |
Address | B1DDI | src | src identSrc | dest dest_ip | IP address |
HWAddr | B1DDI | smac | srcMAC | dest_mac | MAC address, colon separated hexadecimal |
ClientID | B1DDI | InfobloxClientID | InfobloxClientID | client_id | ClientID, colon separated hexadecimal |
DUID | B1DDI | InfobloxDUID | InfobloxDUID | dest_duid | IPv6 DUID. Future releases. |
Hostname | B1DDI | shost | identHostName | dest_nt_host | Hostname used by client |
Lifetime | B1DDI | InfobloxLifetime | InfobloxLifetime | lease_duration | The lifetime of the lease allocated by server |
LeaseUUID | B1DDI | InfobloxLeaseUUID | InfobloxLeaseUUID | dhcp_lease_uuid | Lease UUID |
FingerprintProcessed | B1DDI | InfobloxFingerprintPr | InfobloxFingerprintPr | dhcp_fingerprinted | true/false |
Fingerprint | B1DDI | InfobloxFingerprint | InfobloxFingerprint | dhcp_fingerprint | DHCP Fingerprint |
Options | InfobloxDHCPOptions | InfobloxDHCPOptions | dhcp_options | "Option_Code1=Option_Value1;Option_Code2=Option_Value2;...;Option_CodeN=Option_ValueN" | |
- | B1DDI | vendor_product | For CIM: Infoblox BloxOne Universal DDI | ||
B1DDI | signature | "DHCP lease" |
...