Flow-Established Log Event JSON Format
This document describes the JSON log event fields of the Log Streaming Flow-Established log event and provides an example.
The flow-established log event is generated when an OpenVPN client (including Connectors) disconnects from CloudConnexa.
The log event JSON contains the Header fields and a log JSON object. The fields in the log JSON object for when the eventName in the Header is set to flow-established are described in the table below. For more information on the Header, refer to Log Event Header Fields.
Field Name | Type | Description |
|---|---|---|
sourceEntityType | String | The entity type of traffic flow source. |
sourceEntityId | String | The unique identifier of the traffic flow source. |
sourceParentType | String | The type of entity that is the parent of the traffic source. |
sourceParentId | String | The unique identifier of the parent entity. |
sourceGatewayRegion | String | The identifier of the CloudConnexa Region from which the traffic flow originated. |
sourceGatewayRegionName | String | The name of the CloudConnexa Region from which the traffic flow originated. |
sourceIp | String | The IP address of the traffic source. |
destinationEntityType | String | The entity type of the traffic flow destination. |
destinationEntityId | String | The unique identifier of the traffic flow destination. |
destinationParentId | String | The identifier of the entity that is the parent of the traffic destination. |
destinationParentType | String | The type of entity that is the parent of the traffic destination. |
destinationEntityIp | String | The IP address of the traffic destination. |
destinationGatewayRegion | String | The identifier of the destination CloudConnexa Region. |
destinationGatewayRegionName | String | The name of the destination CloudConnexa Region. |
allowed | Boolean | Is set to 'True' if the traffic flow was allowed and 'False' if it was blocked. |
clientSessionId | String | The unique identifier of the tunnel which can be used to correlate all related events. |
protocolName | String | The name of the traffic flow's protocol. |
protocol | Integer | The traffic flow's protocol number according to IANA. |
destinationPort | Integer | The traffic flow's destination port. |
sourceParentName | String | The name of the source parent. |
sourceEntityName | String | The name of the source. |
destinationEntityName | String | The name of the destination. |
destinationParentName | String | The name of the destination parent. |
{
"CloudConnexaLogVersion": 1,
"timestamp": "2023-12-20T11:21:41.000000Z",
"cloudId": "test",
"service": "CloudConnexa",
"traceId": "f09df4d0-cf27-4fda-ae24-3d0dbf0332b6",
"publicIp": "178.136.162.32",
"initiator": "new",
"initiatorType": "User",
"initiatorName": "My User",
"parentEntity": "e2184d09-2441-4b58-8e63-224ede0e7203",
"parentEntityType": "Group",
"parentEntityName": "Default",
"category": "Activity.AV",
"eventName": "flow-established",
"log": {
"clientSessionId": "6582cc9d4203d502df225933",
"sourceParentId": "new",
"sourceParentType": "User",
"sourceEntityId": "5d34eabe-f88d-4570-9954-818c03b90b4b",
"sourceEntityType": "Device",
"sourceIp": "100.96.1.34",
"sourceGatewayRegion": "us-dev-1",
"destinationParentId": "db133159-7d87-4ed4-be3b-02cba18861e6",
"destinationParentType": "Internet Gateway",
"destinationEntityId": "ef9711c1-8011-4d0b-be03-92f83994ed44",
"destinationEntityType": "Connector",
"destinationEntityIp": "18.221.229.81",
"destinationPort": 443,
"destinationGatewayRegion": "us-dev-1",
"allowed": true,
"protocolName": "tcp",
"protocol": "6",
"sourceGatewayRegionName": "San Jose (CA)",
"destinationGatewayRegionName": "San Jose (CA)",
"sourceParentName": "Gp2ren",
"sourceEntityName": "device_2",
"destinationEntityName": "connector01",
"destinationParentName": "StableNetwork"
}
}