netconfcentral logo

ietf-i2nsf-monitoring-information

HTML

ietf-i2nsf-monitoring-information@2017-07-19



  module ietf-i2nsf-monitoring-information {

    yang-version 1;

    namespace
      "urn:ietf:params:xml:ns:yang:ietf-i2nsf-nsf-monitoring-data-model";

    prefix monitoring-information;

    import ietf-inet-types {
      prefix inet;
    }
    import ietf-yang-types {
      prefix yang;
    }

    organization
      "IETF I2NSF (Interface to Network Security Functions)
   Working Group";

    contact
      "WG Web: <http://tools.ietf.org/wg/i2nsf>
   WG List: <mailto:i2nsf@ietf.org>

   WG Chair: Linda Dunbar
   <mailto:Linda.duhbar@huawei.com>

   Editor: Dongjin Hong
   <mailto:dong.jin@skku.edu>

   Editor: Jaehoon Paul Jeong
   <mailto:pauljeong@skku.edu>";

    description
      "This module defines a YANG data module for monitoring NSFs.";

    revision "2017-07-19" {
      description "Initial revision";
      reference
        "draft-zhang-i2nsf-info-model-monitoring-04";

    }


    typedef severity {
      type enumeration {
        enum "high" {
          value 0;
          description "high-level";
        }
        enum "middle" {
          value 1;
          description "middle-level";
        }
        enum "low" {
          value 2;
          description "low-level";
        }
      }
      description
        "This is used for indicating the severity";
    }

    typedef all-action {
      type enumeration {
        enum "allow" {
          value 0;
          description "TBD";
        }
        enum "alert" {
          value 1;
          description "TBD";
        }
        enum "block" {
          value 2;
          description "TBD";
        }
        enum "discard" {
          value 3;
          description "TBD";
        }
        enum "declare" {
          value 4;
          description "TBD";
        }
        enum "block-ip" {
          value 5;
          description "TBD";
        }
        enum "block-service" {
          value 6;
          description "TBD";
        }
      }
      description
        "This is used for protocol";
    }

    typedef dpi-type {
      type enumeration {
        enum "file-blocking" {
          value 0;
          description "TBD";
        }
        enum "data-filtering" {
          value 1;
          description "TBD";
        }
        enum "application-behavior-control" {
          value 2;
          description "TBD";
        }
      }
      description
        "This is used for dpi type";
    }

    typedef operation-type {
      type enumeration {
        enum "login" {
          value 0;
          description "TBD";
        }
        enum "logout" {
          value 1;
          description "TBD";
        }
        enum "configuration" {
          value 2;
          description "TBD";
        }
      }
      description
        "This is used for operation type";
    }

    typedef login-mode {
      type enumeration {
        enum "root" {
          value 0;
          description "TBD";
        }
        enum "user" {
          value 1;
          description "TBD";
        }
        enum "guest" {
          value 2;
          description "TBD";
        }
      }
      description
        "This is used for login mode";
    }

    grouping protocol {
      description "A set of protocols";
      container protocol {
        description
          "Protocol types:
     TCP, UDP, ICMP, ICMPv6, IP, HTTP, FTP and etc.";
        leaf tcp {
          type boolean;
          description "TCP protocol type.";
        }

        leaf udp {
          type boolean;
          description "UDP protocol type.";
        }

        leaf icmp {
          type boolean;
          description "ICMP protocol type.";
        }

        leaf icmpv6 {
          type boolean;
          description
            "ICMPv6 protocol type.";
        }

        leaf ip {
          type boolean;
          description "IP protocol type.";
        }

        leaf http {
          type boolean;
          description "HTTP protocol type.";
        }

        leaf ftp {
          type boolean;
          description "ftp protocol type.";
        }
      }  // container protocol
    }  // grouping protocol

    grouping traffic-rates {
      description
        "A set of traffic rates
    for statistics data";
      leaf total-traffic {
        type uint32;
        description "Total traffic";
      }

      leaf in-traffic-ave-rate {
        type uint32;
        description
          "Inbound traffic average rate in pps";
      }

      leaf in-traffic-peak-rate {
        type uint32;
        description
          "Inbound traffic peak rate in pps";
      }

      leaf in-traffic-ave-speed {
        type uint32;
        description
          "Inbound traffic average speed in bps";
      }

      leaf in-traffic-peak-speed {
        type uint32;
        description
          "Inbound traffic peak speed in bps";
      }

      leaf out-traffic-ave-rate {
        type uint32;
        description
          "Outbound traffic average rate in pps";
      }

      leaf out-traffic-peak-rate {
        type uint32;
        description
          "Outbound traffic peak rate in pps";
      }

      leaf out-traffic-ave-speed {
        type uint32;
        description
          "Outbound traffic average speed in bps";
      }

      leaf out-traffic-peak-speed {
        type uint32;
        description
          "Outbound traffic peak speed in bps";
      }
    }  // grouping traffic-rates

    grouping i2nsf-system-alarm-type-content {
      description
        "A set of system alarm type contents";
      leaf event-name {
        type string;
        mandatory true;
        description
          "This is used to distinguish event type";
      }

      leaf usage {
        type uint8;
        description
          "specifies the amount of usage";
      }

      leaf threshold {
        type uint8;
        description
          "The threshold triggering the alarm or the event";
      }

      leaf message {
        type string;
        mandatory true;
        description
          "The usage exceeded the threshold";
      }
    }  // grouping i2nsf-system-alarm-type-content

    grouping i2nsf-system-event-type-content {
      description
        "A set of system event type contents";
      leaf event-name {
        type string;
        mandatory true;
        description
          "ACCESS_DENIED, CONFIG_CHANGE and so on.";
      }

      leaf user-name {
        type string;
        mandatory true;
        description "Name of a user";
      }

      leaf group {
        type string;
        mandatory true;
        description
          "Group to which a user belongs.";
      }

      leaf login-ip {
        type inet:ipv4-address;
        mandatory true;
        description
          "Login IP address of a user.";
      }

      container authentication-mode {
        description
          "User authentication mode. e.g., Local Authentication,
      Third-Party Server Authentication,
      Authentication Exemption, SSO Authentication.";
        leaf local-authentication {
          type boolean;
          mandatory true;
          description
            "Authentication-mode : local authentication.";
        }

        leaf third-part-server-authentication {
          type boolean;
          mandatory true;
          description "TBD";
        }

        leaf exemption-authentication {
          type boolean;
          mandatory true;
          description "TBD";
        }

        leaf sso-authentication {
          type boolean;
          mandatory true;
          description "TBD";
        }
      }  // container authentication-mode

      leaf message {
        type string;
        mandatory true;
        description
          "The message for system events";
      }
    }  // grouping i2nsf-system-event-type-content

    grouping i2nsf-nsf-event-type-content {
      description
        "A set of nsf event type contents";
      leaf event-name {
        type string;
        mandatory true;
        description
          "This is used to distinguish event type";
      }

      leaf user-name {
        type string;
        description
          "User name who generates traffic";
      }

      leaf message {
        type string;
        description
          "The message for nsf events";
      }

      leaf src-ip {
        type inet:ipv4-address;
        description
          "The source IP address of the packet";
      }

      leaf dst-ip {
        type inet:ipv4-address;
        description
          "The destination IP address of the packet";
      }

      leaf src-port {
        type inet:port-number;
        description
          "The source port of the packet";
      }

      leaf dst-port {
        type inet:port-number;
        description
          "The destination port of the packet";
      }

      leaf src-zone {
        type string;
        description
          "The source security zone of the packet";
      }

      leaf dst-zone {
        type string;
        description
          "The destination security zone of the packet";
      }

      leaf rule-id {
        type uint8;
        mandatory true;
        description
          "The ID of the rule being triggered";
      }

      leaf rule-name {
        type string;
        mandatory true;
        description
          "The name of the rule being triggered";
      }

      leaf profile {
        type string;
        description
          "Security profile that traffic matches.";
      }

      leaf raw-info {
        type string;
        description
          "The information describing the packet
      triggering the event.";
      }
    }  // grouping i2nsf-nsf-event-type-content

    grouping i2nsf-system-counter-type-content {
      description
        "A set of system counter type contents";
      leaf interface-name {
        type string;
        description
          "Network interface name configured in NSF";
      }

      leaf in-total-traffic-pkts {
        type uint32;
        description "Total inbound packets";
      }

      leaf out-total-traffic-pkts {
        type uint32;
        description "Total outbound packets";
      }

      leaf in-total-traffic-bytes {
        type uint32;
        description "Total inbound bytes";
      }

      leaf out-total-traffic-bytes {
        type uint32;
        description "Total outbound bytes";
      }

      leaf in-drop-traffic-pkts {
        type uint32;
        description
          "Total inbound drop packets";
      }

      leaf out-drop-traffic-pkts {
        type uint32;
        description
          "Total outbound drop packets";
      }

      leaf in-drop-traffic-bytes {
        type uint32;
        description
          "Total inbound drop bytes";
      }

      leaf out-drop-traffic-bytes {
        type uint32;
        description
          "Total outbound drop bytes";
      }

      uses traffic-rates;
    }  // grouping i2nsf-system-counter-type-content

    grouping i2nsf-nsf-counters-type-content {
      description
        "A set of nsf counters type contents";
      leaf src-ip {
        type inet:ipv4-address;
        description
          "The source IP address of the packet";
      }

      leaf dst-ip {
        type inet:ipv4-address;
        description
          "The destination IP address of the packet";
      }

      leaf src-port {
        type inet:port-number;
        description
          "The source port of the packet";
      }

      leaf dst-port {
        type inet:port-number;
        description
          "The destination port of the packet";
      }

      leaf src-zone {
        type string;
        description
          "The source security zone of the packet";
      }

      leaf dst-zone {
        type string;
        description
          "The destination security zone of the packet";
      }

      leaf src-region {
        type string;
        description
          "Source region of the traffic";
      }

      leaf dst-region {
        type string;
        description
          "Destination region of the traffic";
      }

      leaf policy-id {
        type uint8;
        mandatory true;
        description
          "The ID of the policy being triggered";
      }

      leaf policy-name {
        type string;
        mandatory true;
        description
          "The name of the policy being triggered";
      }

      leaf src-user {
        type string;
        description
          "User who generates traffic";
      }

      uses protocol;

      uses traffic-rates;
    }  // grouping i2nsf-nsf-counters-type-content

    container monitoring-message {
      description
        "The message for monitoring information";
      list monitoring-messages {
        key "message-id";
        description
          "The messages according to monitoring information";
        leaf message-id {
          type uint8;
          mandatory true;
          description
            "This is message ID
         This is key for monitoring messages";
        }

        leaf message-version {
          type uint8;
          mandatory true;
          description
            "The version of message";
        }

        choice message-type {
          description "The type of message";
          case alarm {
            description
              "If the message type is alarm";
            choice alarm-type {
              description
                "This is alarm type such as system alarm";
              case system-alarm {
                description
                  "If the alarm type is system alarm";
                container memory-alarm {
                  description
                    "This is memory alarm in
                system alarm";
                  uses i2nsf-system-alarm-type-content;

                  leaf module-name {
                    type string;
                    mandatory true;
                    description
                      "Indicate the NSF module
                  responsible for generating
                  this alarm";
                  }
                }  // container memory-alarm

                container cpu-alarm {
                  description
                    "This is cpu alarm in system alarm";
                  uses i2nsf-system-alarm-type-content;
                }  // container cpu-alarm

                container disk-alarm {
                  description
                    "This is disk alarm in system alarm";
                  uses i2nsf-system-alarm-type-content;
                }  // container disk-alarm

                container hardware-alarm {
                  description
                    "This is hardware alarm
                in system alarm";
                  uses i2nsf-system-alarm-type-content;

                  leaf component-name {
                    type string;
                    description
                      "Indicate the HW component
                  responsible for generating
                  this alarm.";
                  }
                }  // container hardware-alarm

                container interface-alarm {
                  description
                    "This is interface alarm
                in system alarm";
                  uses i2nsf-system-alarm-type-content;

                  leaf interface-name {
                    type string;
                    description
                      "The name of interface.";
                  }

                  container interface-state {
                    description
                      "This is isnteface state
                  in interface-alarm";
                    leaf up {
                      type boolean;
                      mandatory true;
                      description
                        "The state of interface is up";
                    }

                    leaf down {
                      type boolean;
                      mandatory true;
                      description
                        "The state of interface is down";
                    }

                    leaf congested {
                      type boolean;
                      mandatory true;
                      description
                        "The state of interface is
                   congested";
                    }
                  }  // container interface-state
                }  // container interface-alarm
              }  // case system-alarm
            }  // choice alarm-type
          }  // case alarm

          case event {
            description
              "If the message type is event";
            choice event-type {
              description
                "This is event type such as system event
            and nsf event.";
              case system-event {
                description
                  "If the event type is system event";
                container access-violation {
                  description
                    "If the system event is
                access violation";
                  uses i2nsf-system-event-type-content;
                }  // container access-violation

                container config-change {
                  description
                    "If the system event is
                config change violation";
                  uses i2nsf-system-event-type-content;
                }  // container config-change
              }  // case system-event

              case nsf-event {
                description
                  "If the event type is nsf event";
                container ddos-event {
                  description
                    "If the event type is DDoS event";
                  uses i2nsf-nsf-event-type-content;

                  container ddos-attack-type {
                    description
                      "Type of DDoS attack";
                    leaf syn-flood {
                      type boolean;
                      description
                        "If the DDoS attack is
                    syn flood";
                    }

                    leaf ack-flood {
                      type boolean;
                      description
                        "If the DDoS attack is
                    ack flood";
                    }

                    leaf syn-ack-flood {
                      type boolean;
                      description
                        "If the DDoS attack is
                    syn ack flood";
                    }

                    leaf fin-rst-flood {
                      type boolean;
                      description
                        "If the DDoS attack is
                    fin rst flood";
                    }

                    leaf tcp-connection-flood {
                      type boolean;
                      description
                        "If the DDoS attack is
                    tcp connection flood";
                    }

                    leaf udp-flood {
                      type boolean;
                      description
                        "If the DDoS attack is
                    udp flood";
                    }

                    leaf icmp-flood {
                      type boolean;
                      description
                        "If the DDoS attack is
                    icmp flood";
                    }

                    leaf https-flood {
                      type boolean;
                      description
                        "If the DDoS attack is
                    https flood";
                    }

                    leaf http-flood {
                      type boolean;
                      description
                        "If the DDoS attack is
                    http flood";
                    }

                    leaf dns-reply-flood {
                      type boolean;
                      description
                        "If the DDoS attack is
                    dns reply flood";
                    }

                    leaf dns-query-flood {
                      type boolean;
                      description
                        "If the DDoS attack is
                    dns query flood";
                    }

                    leaf sip-flood {
                      type boolean;
                      description
                        "If the DDoS attack is
                    sip flood";
                    }
                  }  // container ddos-attack-type

                  leaf start-time {
                    type yang:date-and-time;
                    mandatory true;
                    description
                      "The time stamp indicating
                  when the attack started";
                  }

                  leaf end-time {
                    type yang:date-and-time;
                    mandatory true;
                    description
                      "The time stamp indicating
                  when the attack ended";
                  }

                  leaf attack-rate {
                    type uint32;
                    description
                      "The PPS of attack traffic";
                  }

                  leaf attack-speed {
                    type uint32;
                    description
                      "the bps of attack traffic";
                  }
                }  // container ddos-event

                container session-table-event {
                  description
                    "If the event type is session
                table event";
                  leaf event-name {
                    type string;
                    description
                      "The event name for
                    session table event";
                  }

                  leaf current-session {
                    type uint8;
                    description
                      "The number of concurrent
                   sessions";
                  }

                  leaf maximum-session {
                    type uint8;
                    description
                      "The maximum number of sessions
                   that the session table can
                   support";
                  }

                  leaf threshold {
                    type uint8;
                    description
                      "The threshold triggering
                   the event";
                  }

                  leaf message {
                    type string;
                    description
                      "The number of session table
                    exceeded the threshold";
                  }
                }  // container session-table-event

                container virus-event {
                  description
                    "If the event type is virus event";
                  uses i2nsf-nsf-event-type-content;

                  container virus-type {
                    description
                      "The type of virus";
                    leaf trajan {
                      type boolean;
                      description
                        "If the virus type is trajan";
                    }

                    leaf worm {
                      type boolean;
                      description
                        "If the virus type is worm";
                    }

                    leaf macro {
                      type boolean;
                      description
                        "If the virus type is macro";
                    }
                  }  // container virus-type

                  leaf virus-name {
                    type string;
                    description
                      "The name of virus";
                  }

                  leaf file-type {
                    type string;
                    description
                      "The type of file";
                  }

                  leaf file-name {
                    type string;
                    description
                      "The name of file";
                  }
                }  // container virus-event

                container intrusion-event {
                  description
                    "If the event type is intrusion event";
                  uses i2nsf-nsf-event-type-content;

                  uses protocol;

                  container intrusion-attack-type {
                    description
                      "The attack type of intrusion";
                    leaf brutal-force {
                      type boolean;
                      description
                        "The intrusion type is
                    brutal force";
                    }

                    leaf buffer-overflow {
                      type boolean;
                      description
                        "The intrusion type is
                    buffer overflow";
                    }
                  }  // container intrusion-attack-type
                }  // container intrusion-event

                container botnet-event {
                  description
                    "If the event type is botnet event";
                  uses i2nsf-nsf-event-type-content;

                  uses protocol;

                  leaf botnet-name {
                    type string;
                    description
                      "The name of the detected botnet";
                  }

                  leaf role {
                    type string;
                    description
                      "The role of the communicating
                  parties within the botnet";
                  }
                }  // container botnet-event

                container web-attack-event {
                  description
                    "If the event type is web
                attack event";
                  uses i2nsf-nsf-event-type-content;

                  container web-attack-type {
                    description
                      "To determine the attack
                  type";
                    leaf sql-injection {
                      type boolean;
                      description
                        "If the web attack type is
                    sql injection";
                    }

                    leaf command-injection {
                      type boolean;
                      description
                        "If the web attack type is
                    command injection";
                    }

                    leaf xss {
                      type boolean;
                      description
                        "If the web attack type is
                    xss injection";
                    }

                    leaf csrf {
                      type boolean;
                      description
                        "If the web attack type is
                    csrf injection";
                    }
                  }  // container web-attack-type

                  container req-method {
                    description
                      "The method of requirement.
                  For instance, PUT or GET
                  in HTTP";
                    leaf put {
                      type boolean;
                      description
                        "If req method is PUT";
                    }

                    leaf get {
                      type boolean;
                      description
                        "If req method is GET";
                    }
                  }  // container req-method

                  leaf req-url {
                    type string;
                    description
                      "Requested URL";
                  }

                  leaf url-category {
                    type string;
                    description
                      "Matched URL category";
                  }

                  container filtering-type {
                    description
                      "URL filtering type,
                  e.g., Blacklist, Whitelist,
                  User-Defined, Predefined,
                  Malicious Category, Unknown";
                    leaf blacklist {
                      type boolean;
                      description
                        "The filtering type is
                    blacklist";
                    }

                    leaf whitelist {
                      type boolean;
                      description
                        "The filtering type is
                    whitelist";
                    }

                    leaf user-defined {
                      type boolean;
                      description
                        "The filtering type is
                    user defined";
                    }

                    leaf balicious-category {
                      type boolean;
                      description
                        "The filtering type is
                    balicious category";
                    }

                    leaf unknown {
                      type boolean;
                      description
                        "The filtering type is
                    unknown";
                    }
                  }  // container filtering-type
                }  // container web-attack-event
              }  // case nsf-event
            }  // choice event-type
          }  // case event

          case log {
            description
              "If the message type is log";
            choice log-type {
              description "The type of log";
              case system-log {
                description
                  "If the log type is system log";
                container access-logs {
                  description
                    "If the log is access logs
                in system log";
                  leaf login-ip {
                    type inet:ipv4-address;
                    mandatory true;
                    description
                      "Login IP address of a user.";
                  }

                  leaf administartor {
                    type string;
                    description
                      "Administrator that
                  operates on the device";
                  }

                  leaf login-mode {
                    type login-mode;
                    description
                      "Specifies the
                  administrator logs in mode";
                  }

                  leaf operation-type {
                    type operation-type;
                    description
                      "The operation type that
                  the administrator execute";
                  }

                  leaf result {
                    type string;
                    description
                      "Command execution result";
                  }

                  leaf content {
                    type string;
                    description
                      "Operation performed by
                  an administrator after login.";
                  }
                }  // container access-logs

                container resource-utiliz-logs {
                  description
                    "If the log is resource utilize
                logs in system log";
                  leaf system-status {
                    type string;
                    description "TBD";
                  }

                  leaf cpu-usage {
                    type uint8;
                    description
                      "specifies the amount of
                  cpu usage";
                  }

                  leaf memory-usage {
                    type uint8;
                    description
                      "specifies the amount of
                  memory usage";
                  }

                  leaf disk-usage {
                    type uint8;
                    description
                      "specifies the amount of
                  disk usage";
                  }

                  leaf disk-left {
                    type uint8;
                    description
                      "specifies the amount of
                  disk left";
                  }

                  leaf session-num {
                    type uint8;
                    description
                      "The total number of
                  sessions";
                  }

                  leaf process-num {
                    type uint8;
                    description
                      "The total number of
                  process";
                  }

                  leaf in-traffic-rate {
                    type uint32;
                    description
                      "The total inbound
                  traffic rate in pps";
                  }

                  leaf out-traffic-rate {
                    type uint32;
                    description
                      "The total outbound
                  traffic rate in pps";
                  }

                  leaf in-traffic-speed {
                    type uint32;
                    description
                      "The total inbound
                  traffic speed in bps";
                  }

                  leaf out-traffic-speed {
                    type uint32;
                    description
                      "The total outbound
                  traffic speed in bps";
                  }
                }  // container resource-utiliz-logs

                container user-activity-logs {
                  description
                    "If the log is user activity
                logs in system log";
                  leaf user {
                    type string;
                    mandatory true;
                    description
                      "Name of a user";
                  }

                  leaf group {
                    type string;
                    mandatory true;
                    description
                      "Group to which a user belongs.";
                  }

                  leaf login-ip {
                    type inet:ipv4-address;
                    mandatory true;
                    description
                      "Login IP address of a user.";
                  }

                  container authentication-mode {
                    description
                      "User authentication mode. e.g.,
                  Local Authentication,
                  Third-Party Server Authentication,
                  Authentication Exemption, SSO Authentication.";
                    leaf local-authentication {
                      type boolean;
                      mandatory true;
                      description
                        "Authentication-mode : local authentication.";
                    }

                    leaf third-part-server-authentication {
                      type boolean;
                      mandatory true;
                      description "TBD";
                    }

                    leaf exemption-authentication {
                      type boolean;
                      mandatory true;
                      description "TBD";
                    }

                    leaf sso-authentication {
                      type boolean;
                      mandatory true;
                      description "TBD";
                    }
                  }  // container authentication-mode

                  container access-mode {
                    description "TBD";
                    leaf ppp {
                      type boolean;
                      description "TBD";
                    }

                    leaf svn {
                      type boolean;
                      description "TBD";
                    }

                    leaf local {
                      type boolean;
                      description "TBD";
                    }
                  }  // container access-mode

                  leaf online-duration {
                    type string;
                    description "TBD";
                  }

                  leaf logout-duration {
                    type string;
                    description "TBD";
                  }

                  leaf addtional-info {
                    type string;
                    description "TBD";
                  }
                }  // container user-activity-logs
              }  // case system-log

              case nsf-log {
                description
                  "If the log type is nsf log";
                container ddos-logs {
                  description
                    "If the log is DDoS logs
                in nsf log";
                  leaf attack-type {
                    type string;
                    description "DDoS";
                  }

                  leaf attack-ave-rate {
                    type uint32;
                    description
                      "The ave PPS of
                  attack traffic";
                  }

                  leaf attack-ave-speed {
                    type uint32;
                    description
                      "the ave bps of
                  attack traffic";
                  }

                  leaf attack-pkt-num {
                    type uint32;
                    description
                      "the number of
                  attack packets";
                  }

                  leaf attack-src-ip {
                    type inet:ipv4-address;
                    description "TBD";
                  }

                  leaf action {
                    type all-action;
                    description "TBD";
                  }

                  leaf os {
                    type string;
                    description
                      "simple os information";
                  }
                }  // container ddos-logs

                container virus-logs {
                  description
                    "If the log is virus logs
                in nsf log";
                  uses protocol;

                  leaf attack-type {
                    type string;
                    description "Virus";
                  }

                  leaf action {
                    type all-action;
                    description "TBD";
                  }

                  leaf os {
                    type string;
                    description
                      "simple os information";
                  }

                  leaf time {
                    type yang:date-and-time;
                    mandatory true;
                    description
                      "Indicate the time when the
                  message is generated";
                  }
                }  // container virus-logs

                container intrusion-logs {
                  description
                    "If the log is intrusion logs
                in nsf log";
                  leaf attack-type {
                    type string;
                    description "Intrusion";
                  }

                  leaf action {
                    type all-action;
                    description "TBD";
                  }

                  leaf time {
                    type yang:date-and-time;
                    mandatory true;
                    description
                      "Indicate the time when the
                  message is generated";
                  }

                  leaf attack-rate {
                    type uint32;
                    description
                      "The PPS of attack traffic";
                  }

                  leaf attack-speed {
                    type uint32;
                    description
                      "the bps of attack traffic";
                  }
                }  // container intrusion-logs

                container botnet-logs {
                  description
                    "If the log is botnet logs
                in nsf log";
                  leaf attack-type {
                    type string;
                    description "Botnet";
                  }

                  leaf botnet-pkt-num {
                    type uint8;
                    description
                      "The number of the packets
                  sent to or from the
                  detected botnet";
                  }

                  leaf action {
                    type all-action;
                    description "TBD";
                  }

                  leaf os {
                    type string;
                    description
                      "simple os information";
                  }
                }  // container botnet-logs

                container dpi-logs {
                  description
                    "If the log is dpi logs
                in nsf log";
                  leaf dpi-type {
                    type dpi-type;
                    description
                      "The type of dpi";
                  }

                  leaf src-ip {
                    type inet:ipv4-address;
                    description
                      "The source IP address of the packet";
                  }

                  leaf dst-ip {
                    type inet:ipv4-address;
                    description
                      "The destination IP address of the packet";
                  }

                  leaf src-port {
                    type inet:port-number;
                    description
                      "The source port of the packet";
                  }

                  leaf dst-port {
                    type inet:port-number;
                    description
                      "The destination port of the packet";
                  }

                  leaf src-zone {
                    type string;
                    description
                      "The source security zone of the packet";
                  }

                  leaf dst-zone {
                    type string;
                    description
                      "The destination security zone of the packet";
                  }

                  leaf src-region {
                    type string;
                    description
                      "Source region of the traffic";
                  }

                  leaf dst-region {
                    type string;
                    description
                      "Destination region of the traffic";
                  }

                  leaf policy-id {
                    type uint8;
                    mandatory true;
                    description
                      "The ID of the policy being triggered";
                  }

                  leaf policy-name {
                    type string;
                    mandatory true;
                    description
                      "The name of the policy being triggered";
                  }

                  leaf src-user {
                    type string;
                    description
                      "User who generates traffic";
                  }

                  uses protocol;

                  leaf file-type {
                    type string;
                    description
                      "The type of file";
                  }

                  leaf file-name {
                    type string;
                    description
                      "The name of file";
                  }
                }  // container dpi-logs

                list vulnerability-scanning-logs {
                  key "vulnerability-id";
                  description
                    "If the log is vulnerability
                scanning logs in nsf log";
                  leaf vulnerability-id {
                    type uint8;
                    description
                      "The vulnerability id";
                  }

                  leaf victim-ip {
                    type inet:ipv4-address;
                    description
                      "IP address of the victim
                  host which has vulnerabilities";
                  }

                  uses protocol;

                  leaf port-num {
                    type inet:port-number;
                    description
                      "The port number";
                  }

                  leaf level {
                    type severity;
                    description
                      "The vulnerability severity";
                  }

                  leaf os {
                    type string;
                    description
                      "simple os information";
                  }

                  leaf addtional-info {
                    type string;
                    description "TBD";
                  }
                }  // list vulnerability-scanning-logs

                container web-attack-logs {
                  description
                    "If the log is web attack
                logs in nsf log";
                  leaf attack-type {
                    type string;
                    description "Web Attack";
                  }

                  leaf rsp-code {
                    type string;
                    description
                      "Response code";
                  }

                  leaf req-clientapp {
                    type string;
                    description
                      "The client application";
                  }

                  leaf req-cookies {
                    type string;
                    description "Cookies";
                  }

                  leaf req-host {
                    type string;
                    description
                      "The domain name of the
                  requested host";
                  }

                  leaf raw-info {
                    type string;
                    description
                      "The information describing
                  the packet triggering the
                  event.";
                  }
                }  // container web-attack-logs
              }  // case nsf-log
            }  // choice log-type
          }  // case log

          case counters {
            description
              "If the message type is counters";
            choice counter-type {
              description
                "The type of counter";
              container interface-counters {
                description
                  "The system counter type is
                interface counter";
                uses i2nsf-system-counter-type-content;
              }  // container interface-counters

              case nsf-counter {
                container firewall-counters {
                  description
                    "The nsf counter type is
                firewall counter";
                  uses i2nsf-nsf-counters-type-content;

                  container bound {
                    description
                      "Inbound or Outbound";
                    leaf in-interface {
                      type boolean;
                      description
                        "If the bound is inbound";
                    }

                    leaf out-interface {
                      type boolean;
                      description
                        "If the bound is outbound";
                    }
                  }  // container bound
                }  // container firewall-counters

                container policy-hit-counters {
                  description
                    "The counters of policy hit";
                  uses i2nsf-nsf-counters-type-content;

                  leaf hit-times {
                    type uint32;
                    description
                      "The hit times for policy";
                  }
                }  // container policy-hit-counters
              }  // case nsf-counter
            }  // choice counter-type
          }  // case counters
        }  // choice message-type

        leaf time-stamp {
          type yang:date-and-time;
          mandatory true;
          description
            "Indicate the time when the message is generated";
        }

        leaf severity {
          type severity;
          mandatory true;
          description
            "The severity of the alarm such as
        critical, high, middle, low.";
        }

        leaf vendor-name {
          type string;
          description
            "The name of the NSF vendor";
        }
      }  // list monitoring-messages
    }  // container monitoring-message
  }  // module ietf-i2nsf-monitoring-information

Summary

  
  
Organization IETF I2NSF (Interface to Network Security Functions) Working Group
  
Module ietf-i2nsf-monitoring-information
Version 2017-07-19
File ietf-i2nsf-monitoring-information@2017-07-19.yang
  
Prefix monitoring-information
Namespace urn:ietf:params:xml:ns:yang:ietf-i2nsf-nsf-monitoring-data-model
  
Cooked /cookedmodules/ietf-i2nsf-monitoring-information/2017-07-19
YANG /src/ietf-i2nsf-monitoring-information@2017-07-19.yang
XSD /xsd/ietf-i2nsf-monitoring-information@2017-07-19.xsd
  
Abstract This module defines a YANG data module for monitoring NSFs.
  
Contact
WG Web: <http://tools.ietf.org/wg/i2nsf>
WG List: <mailto:i2nsf@ietf.org>

WG Chair: Linda Dunbar
<mailto:Linda.duhbar@huawei.com>

Editor: Dongjin Hong
<mailto:dong.jin@skku.edu>

Editor: Jaehoon Paul Jeong
<mailto:pauljeong@skku.edu>

Description

 
This module defines a YANG data module for monitoring NSFs.

Typedefs

Typedef Base type Abstract
all-action enumeration This is used for protocol
dpi-type enumeration This is used for dpi type
login-mode enumeration This is used for login mode
operation-type enumeration This is used for operation type
severity enumeration This is used for indicating the severity

Groupings

Grouping Objects Abstract
i2nsf-nsf-counters-type-content src-ip dst-ip src-port dst-port src-zone dst-zone src-region dst-region policy-id policy-name src-user protocoltotal-traffic in-traffic-ave-rate in-traffic-peak-rate in-traffic-ave-speed in-traffic-peak-speed out-traffic-ave-rate out-traffic-peak-rate out-traffic-ave-speed out-traffic-peak-speed A set of nsf counters type contents
i2nsf-nsf-event-type-content event-name user-name message src-ip dst-ip src-port dst-port src-zone dst-zone rule-id rule-name profile raw-info A set of nsf event type contents
i2nsf-system-alarm-type-content event-name usage threshold message A set of system alarm type contents
i2nsf-system-counter-type-content interface-name in-total-traffic-pkts out-total-traffic-pkts in-total-traffic-bytes out-total-traffic-bytes in-drop-traffic-pkts out-drop-traffic-pkts in-drop-traffic-bytes out-drop-traffic-bytes total-traffic in-traffic-ave-rate in-traffic-peak-rate in-traffic-ave-speed in-traffic-peak-speed out-traffic-ave-rate out-traffic-peak-rate out-traffic-ave-speed out-traffic-peak-speed A set of system counter type contents
i2nsf-system-event-type-content event-name user-name group login-ip authentication-mode message A set of system event type contents
protocol protocol A set of protocols
traffic-rates total-traffic in-traffic-ave-rate in-traffic-peak-rate in-traffic-ave-speed in-traffic-peak-speed out-traffic-ave-rate out-traffic-peak-rate out-traffic-ave-speed out-traffic-peak-speed A set of traffic rates for statistics data

Objects

Type Key
Mandatory config
Optional config
Not config
Object Type Abstract
monitoring-message container The message for monitoring information
   monitoring-messages list The messages according to monitoring information
      message-id leaf This is message ID This is key for monitoring messages
      message-type choice The type of message
         alarm case If the message type is alarm
            alarm-type choice This is alarm type such as system alarm
               system-alarm case If the alarm type is system alarm
                  cpu-alarm container This is cpu alarm in system alarm
                     event-name leaf This is used to distinguish event type
                     message leaf The usage exceeded the threshold
                     threshold leaf The threshold triggering the alarm or the event
                     usage leaf specifies the amount of usage
                  disk-alarm container This is disk alarm in system alarm
                     event-name leaf This is used to distinguish event type
                     message leaf The usage exceeded the threshold
                     threshold leaf The threshold triggering the alarm or the event
                     usage leaf specifies the amount of usage
                  hardware-alarm container This is hardware alarm in system alarm
                     component-name leaf Indicate the HW component responsible for generating this alarm.
                     event-name leaf This is used to distinguish event type
                     message leaf The usage exceeded the threshold
                     threshold leaf The threshold triggering the alarm or the event
                     usage leaf specifies the amount of usage
                  interface-alarm container This is interface alarm in system alarm
                     event-name leaf This is used to distinguish event type
                     interface-name leaf The name of interface.
                     interface-state container This is isnteface state in interface-alarm
                        congested leaf The state of interface is congested
                        down leaf The state of interface is down
                        up leaf The state of interface is up
                     message leaf The usage exceeded the threshold
                     threshold leaf The threshold triggering the alarm or the event
                     usage leaf specifies the amount of usage
                  memory-alarm container This is memory alarm in system alarm
                     event-name leaf This is used to distinguish event type
                     message leaf The usage exceeded the threshold
                     module-name leaf Indicate the NSF module responsible for generating this alarm
                     threshold leaf The threshold triggering the alarm or the event
                     usage leaf specifies the amount of usage
         counters case If the message type is counters
            counter-type choice The type of counter
               nsf-counter case firewall-counters policy-hit-counters
                  firewall-counters container The nsf counter type is firewall counter
                     bound container Inbound or Outbound
                        in-interface leaf If the bound is inbound
                        out-interface leaf If the bound is outbound
                     dst-ip leaf The destination IP address of the packet
                     dst-port leaf The destination port of the packet
                     dst-region leaf Destination region of the traffic
                     dst-zone leaf The destination security zone of the packet
                     in-traffic-ave-rate leaf Inbound traffic average rate in pps
                     in-traffic-ave-speed leaf Inbound traffic average speed in bps
                     in-traffic-peak-rate leaf Inbound traffic peak rate in pps
                     in-traffic-peak-speed leaf Inbound traffic peak speed in bps
                     out-traffic-ave-rate leaf Outbound traffic average rate in pps
                     out-traffic-ave-speed leaf Outbound traffic average speed in bps
                     out-traffic-peak-rate leaf Outbound traffic peak rate in pps
                     out-traffic-peak-speed leaf Outbound traffic peak speed in bps
                     policy-id leaf The ID of the policy being triggered
                     policy-name leaf The name of the policy being triggered
                     protocol container Protocol types: TCP, UDP, ICMP, ICMPv6, IP, HTTP, FTP and etc.
                        ftp leaf ftp protocol type.
                        http leaf HTTP protocol type.
                        icmp leaf ICMP protocol type.
                        icmpv6 leaf ICMPv6 protocol type.
                        ip leaf IP protocol type.
                        tcp leaf TCP protocol type.
                        udp leaf UDP protocol type.
                     src-ip leaf The source IP address of the packet
                     src-port leaf The source port of the packet
                     src-region leaf Source region of the traffic
                     src-user leaf User who generates traffic
                     src-zone leaf The source security zone of the packet
                     total-traffic leaf Total traffic
                  policy-hit-counters container The counters of policy hit
                     dst-ip leaf The destination IP address of the packet
                     dst-port leaf The destination port of the packet
                     dst-region leaf Destination region of the traffic
                     dst-zone leaf The destination security zone of the packet
                     hit-times leaf The hit times for policy
                     in-traffic-ave-rate leaf Inbound traffic average rate in pps
                     in-traffic-ave-speed leaf Inbound traffic average speed in bps
                     in-traffic-peak-rate leaf Inbound traffic peak rate in pps
                     in-traffic-peak-speed leaf Inbound traffic peak speed in bps
                     out-traffic-ave-rate leaf Outbound traffic average rate in pps
                     out-traffic-ave-speed leaf Outbound traffic average speed in bps
                     out-traffic-peak-rate leaf Outbound traffic peak rate in pps
                     out-traffic-peak-speed leaf Outbound traffic peak speed in bps
                     policy-id leaf The ID of the policy being triggered
                     policy-name leaf The name of the policy being triggered
                     protocol container Protocol types: TCP, UDP, ICMP, ICMPv6, IP, HTTP, FTP and etc.
                        ftp leaf ftp protocol type.
                        http leaf HTTP protocol type.
                        icmp leaf ICMP protocol type.
                        icmpv6 leaf ICMPv6 protocol type.
                        ip leaf IP protocol type.
                        tcp leaf TCP protocol type.
                        udp leaf UDP protocol type.
                     src-ip leaf The source IP address of the packet
                     src-port leaf The source port of the packet
                     src-region leaf Source region of the traffic
                     src-user leaf User who generates traffic
                     src-zone leaf The source security zone of the packet
                     total-traffic leaf Total traffic
               system-counter case interface-counters
                  interface-counters container The system counter type is interface counter
                     in-drop-traffic-bytes leaf Total inbound drop bytes
                     in-drop-traffic-pkts leaf Total inbound drop packets
                     in-total-traffic-bytes leaf Total inbound bytes
                     in-total-traffic-pkts leaf Total inbound packets
                     in-traffic-ave-rate leaf Inbound traffic average rate in pps
                     in-traffic-ave-speed leaf Inbound traffic average speed in bps
                     in-traffic-peak-rate leaf Inbound traffic peak rate in pps
                     in-traffic-peak-speed leaf Inbound traffic peak speed in bps
                     interface-name leaf Network interface name configured in NSF
                     out-drop-traffic-bytes leaf Total outbound drop bytes
                     out-drop-traffic-pkts leaf Total outbound drop packets
                     out-total-traffic-bytes leaf Total outbound bytes
                     out-total-traffic-pkts leaf Total outbound packets
                     out-traffic-ave-rate leaf Outbound traffic average rate in pps
                     out-traffic-ave-speed leaf Outbound traffic average speed in bps
                     out-traffic-peak-rate leaf Outbound traffic peak rate in pps
                     out-traffic-peak-speed leaf Outbound traffic peak speed in bps
                     total-traffic leaf Total traffic
         event case If the message type is event
            event-type choice This is event type such as system event and nsf event.
               nsf-event case If the event type is nsf event
                  botnet-event container If the event type is botnet event
                     botnet-name leaf The name of the detected botnet
                     dst-ip leaf The destination IP address of the packet
                     dst-port leaf The destination port of the packet
                     dst-zone leaf The destination security zone of the packet
                     event-name leaf This is used to distinguish event type
                     message leaf The message for nsf events
                     profile leaf Security profile that traffic matches.
                     protocol container Protocol types: TCP, UDP, ICMP, ICMPv6, IP, HTTP, FTP and etc.
                        ftp leaf ftp protocol type.
                        http leaf HTTP protocol type.
                        icmp leaf ICMP protocol type.
                        icmpv6 leaf ICMPv6 protocol type.
                        ip leaf IP protocol type.
                        tcp leaf TCP protocol type.
                        udp leaf UDP protocol type.
                     raw-info leaf The information describing the packet triggering the event.
                     role leaf The role of the communicating parties within the botnet
                     rule-id leaf The ID of the rule being triggered
                     rule-name leaf The name of the rule being triggered
                     src-ip leaf The source IP address of the packet
                     src-port leaf The source port of the packet
                     src-zone leaf The source security zone of the packet
                     user-name leaf User name who generates traffic
                  ddos-event container If the event type is DDoS event
                     attack-rate leaf The PPS of attack traffic
                     attack-speed leaf the bps of attack traffic
                     ddos-attack-type container Type of DDoS attack
                        ack-flood leaf If the DDoS attack is ack flood
                        dns-query-flood leaf If the DDoS attack is dns query flood
                        dns-reply-flood leaf If the DDoS attack is dns reply flood
                        fin-rst-flood leaf If the DDoS attack is fin rst flood
                        http-flood leaf If the DDoS attack is http flood
                        https-flood leaf If the DDoS attack is https flood
                        icmp-flood leaf If the DDoS attack is icmp flood
                        sip-flood leaf If the DDoS attack is sip flood
                        syn-ack-flood leaf If the DDoS attack is syn ack flood
                        syn-flood leaf If the DDoS attack is syn flood
                        tcp-connection-flood leaf If the DDoS attack is tcp connection flood
                        udp-flood leaf If the DDoS attack is udp flood
                     dst-ip leaf The destination IP address of the packet
                     dst-port leaf The destination port of the packet
                     dst-zone leaf The destination security zone of the packet
                     end-time leaf The time stamp indicating when the attack ended
                     event-name leaf This is used to distinguish event type
                     message leaf The message for nsf events
                     profile leaf Security profile that traffic matches.
                     raw-info leaf The information describing the packet triggering the event.
                     rule-id leaf The ID of the rule being triggered
                     rule-name leaf The name of the rule being triggered
                     src-ip leaf The source IP address of the packet
                     src-port leaf The source port of the packet
                     src-zone leaf The source security zone of the packet
                     start-time leaf The time stamp indicating when the attack started
                     user-name leaf User name who generates traffic
                  intrusion-event container If the event type is intrusion event
                     dst-ip leaf The destination IP address of the packet
                     dst-port leaf The destination port of the packet
                     dst-zone leaf The destination security zone of the packet
                     event-name leaf This is used to distinguish event type
                     intrusion-attack-type container The attack type of intrusion
                        brutal-force leaf The intrusion type is brutal force
                        buffer-overflow leaf The intrusion type is buffer overflow
                     message leaf The message for nsf events
                     profile leaf Security profile that traffic matches.
                     protocol container Protocol types: TCP, UDP, ICMP, ICMPv6, IP, HTTP, FTP and etc.
                        ftp leaf ftp protocol type.
                        http leaf HTTP protocol type.
                        icmp leaf ICMP protocol type.
                        icmpv6 leaf ICMPv6 protocol type.
                        ip leaf IP protocol type.
                        tcp leaf TCP protocol type.
                        udp leaf UDP protocol type.
                     raw-info leaf The information describing the packet triggering the event.
                     rule-id leaf The ID of the rule being triggered
                     rule-name leaf The name of the rule being triggered
                     src-ip leaf The source IP address of the packet
                     src-port leaf The source port of the packet
                     src-zone leaf The source security zone of the packet
                     user-name leaf User name who generates traffic
                  session-table-event container If the event type is session table event
                     current-session leaf The number of concurrent sessions
                     event-name leaf The event name for session table event
                     maximum-session leaf The maximum number of sessions that the session table can support
                     message leaf The number of session table exceeded the threshold
                     threshold leaf The threshold triggering the event
                  virus-event container If the event type is virus event
                     dst-ip leaf The destination IP address of the packet
                     dst-port leaf The destination port of the packet
                     dst-zone leaf The destination security zone of the packet
                     event-name leaf This is used to distinguish event type
                     file-name leaf The name of file
                     file-type leaf The type of file
                     message leaf The message for nsf events
                     profile leaf Security profile that traffic matches.
                     raw-info leaf The information describing the packet triggering the event.
                     rule-id leaf The ID of the rule being triggered
                     rule-name leaf The name of the rule being triggered
                     src-ip leaf The source IP address of the packet
                     src-port leaf The source port of the packet
                     src-zone leaf The source security zone of the packet
                     user-name leaf User name who generates traffic
                     virus-name leaf The name of virus
                     virus-type container The type of virus
                        macro leaf If the virus type is macro
                        trajan leaf If the virus type is trajan
                        worm leaf If the virus type is worm
                  web-attack-event container If the event type is web attack event
                     dst-ip leaf The destination IP address of the packet
                     dst-port leaf The destination port of the packet
                     dst-zone leaf The destination security zone of the packet
                     event-name leaf This is used to distinguish event type
                     filtering-type container URL filtering type, e.g., Blacklist, Whitelist, User-Defined, Predefined, Malicious Category, Unknown
                        balicious-category leaf The filtering type is balicious category
                        blacklist leaf The filtering type is blacklist
                        unknown leaf The filtering type is unknown
                        user-defined leaf The filtering type is user defined
                        whitelist leaf The filtering type is whitelist
                     message leaf The message for nsf events
                     profile leaf Security profile that traffic matches.
                     raw-info leaf The information describing the packet triggering the event.
                     req-method container The method of requirement. For instance, PUT or GET in HTTP
                        get leaf If req method is GET
                        put leaf If req method is PUT
                     req-url leaf Requested URL
                     rule-id leaf The ID of the rule being triggered
                     rule-name leaf The name of the rule being triggered
                     src-ip leaf The source IP address of the packet
                     src-port leaf The source port of the packet
                     src-zone leaf The source security zone of the packet
                     url-category leaf Matched URL category
                     user-name leaf User name who generates traffic
                     web-attack-type container To determine the attack type
                        command-injection leaf If the web attack type is command injection
                        csrf leaf If the web attack type is csrf injection
                        sql-injection leaf If the web attack type is sql injection
                        xss leaf If the web attack type is xss injection
               system-event case If the event type is system event
                  access-violation container If the system event is access violation
                     authentication-mode container User authentication mode. e.g., Local Authentication, Third-Party Server Authentication, Authentication Exemption, SSO Authentication.
                        exemption-authentication leaf TBD
                        local-authentication leaf Authentication-mode : local authentication.
                        sso-authentication leaf TBD
                        third-part-server-authentication leaf TBD
                     event-name leaf ACCESS_DENIED, CONFIG_CHANGE and so on.
                     group leaf Group to which a user belongs.
                     login-ip leaf Login IP address of a user.
                     message leaf The message for system events
                     user-name leaf Name of a user
                  config-change container If the system event is config change violation
                     authentication-mode container User authentication mode. e.g., Local Authentication, Third-Party Server Authentication, Authentication Exemption, SSO Authentication.
                        exemption-authentication leaf TBD
                        local-authentication leaf Authentication-mode : local authentication.
                        sso-authentication leaf TBD
                        third-part-server-authentication leaf TBD
                     event-name leaf ACCESS_DENIED, CONFIG_CHANGE and so on.
                     group leaf Group to which a user belongs.
                     login-ip leaf Login IP address of a user.
                     message leaf The message for system events
                     user-name leaf Name of a user
         log case If the message type is log
            log-type choice The type of log
               nsf-log case If the log type is nsf log
                  botnet-logs container If the log is botnet logs in nsf log
                     action leaf TBD
                     attack-type leaf Botnet
                     botnet-pkt-num leaf The number of the packets sent to or from the detected botnet
                     os leaf simple os information
                  ddos-logs container If the log is DDoS logs in nsf log
                     action leaf TBD
                     attack-ave-rate leaf The ave PPS of attack traffic
                     attack-ave-speed leaf the ave bps of attack traffic
                     attack-pkt-num leaf the number of attack packets
                     attack-src-ip leaf TBD
                     attack-type leaf DDoS
                     os leaf simple os information
                  dpi-logs container If the log is dpi logs in nsf log
                     dpi-type leaf The type of dpi
                     dst-ip leaf The destination IP address of the packet
                     dst-port leaf The destination port of the packet
                     dst-region leaf Destination region of the traffic
                     dst-zone leaf The destination security zone of the packet
                     file-name leaf The name of file
                     file-type leaf The type of file
                     policy-id leaf The ID of the policy being triggered
                     policy-name leaf The name of the policy being triggered
                     protocol container Protocol types: TCP, UDP, ICMP, ICMPv6, IP, HTTP, FTP and etc.
                        ftp leaf ftp protocol type.
                        http leaf HTTP protocol type.
                        icmp leaf ICMP protocol type.
                        icmpv6 leaf ICMPv6 protocol type.
                        ip leaf IP protocol type.
                        tcp leaf TCP protocol type.
                        udp leaf UDP protocol type.
                     src-ip leaf The source IP address of the packet
                     src-port leaf The source port of the packet
                     src-region leaf Source region of the traffic
                     src-user leaf User who generates traffic
                     src-zone leaf The source security zone of the packet
                  intrusion-logs container If the log is intrusion logs in nsf log
                     action leaf TBD
                     attack-rate leaf The PPS of attack traffic
                     attack-speed leaf the bps of attack traffic
                     attack-type leaf Intrusion
                     time leaf Indicate the time when the message is generated
                  virus-logs container If the log is virus logs in nsf log
                     action leaf TBD
                     attack-type leaf Virus
                     os leaf simple os information
                     protocol container Protocol types: TCP, UDP, ICMP, ICMPv6, IP, HTTP, FTP and etc.
                        ftp leaf ftp protocol type.
                        http leaf HTTP protocol type.
                        icmp leaf ICMP protocol type.
                        icmpv6 leaf ICMPv6 protocol type.
                        ip leaf IP protocol type.
                        tcp leaf TCP protocol type.
                        udp leaf UDP protocol type.
                     time leaf Indicate the time when the message is generated
                  vulnerability-scanning-logs list If the log is vulnerability scanning logs in nsf log
                     addtional-info leaf TBD
                     level leaf The vulnerability severity
                     os leaf simple os information
                     port-num leaf The port number
                     protocol container Protocol types: TCP, UDP, ICMP, ICMPv6, IP, HTTP, FTP and etc.
                        ftp leaf ftp protocol type.
                        http leaf HTTP protocol type.
                        icmp leaf ICMP protocol type.
                        icmpv6 leaf ICMPv6 protocol type.
                        ip leaf IP protocol type.
                        tcp leaf TCP protocol type.
                        udp leaf UDP protocol type.
                     victim-ip leaf IP address of the victim host which has vulnerabilities
                     vulnerability-id leaf The vulnerability id
                  web-attack-logs container If the log is web attack logs in nsf log
                     attack-type leaf Web Attack
                     raw-info leaf The information describing the packet triggering the event.
                     req-clientapp leaf The client application
                     req-cookies leaf Cookies
                     req-host leaf The domain name of the requested host
                     rsp-code leaf Response code
               system-log case If the log type is system log
                  access-logs container If the log is access logs in system log
                     administartor leaf Administrator that operates on the device
                     content leaf Operation performed by an administrator after login.
                     login-ip leaf Login IP address of a user.
                     login-mode leaf Specifies the administrator logs in mode
                     operation-type leaf The operation type that the administrator execute
                     result leaf Command execution result
                  resource-utiliz-logs container If the log is resource utilize logs in system log
                     cpu-usage leaf specifies the amount of cpu usage
                     disk-left leaf specifies the amount of disk left
                     disk-usage leaf specifies the amount of disk usage
                     in-traffic-rate leaf The total inbound traffic rate in pps
                     in-traffic-speed leaf The total inbound traffic speed in bps
                     memory-usage leaf specifies the amount of memory usage
                     out-traffic-rate leaf The total outbound traffic rate in pps
                     out-traffic-speed leaf The total outbound traffic speed in bps
                     process-num leaf The total number of process
                     session-num leaf The total number of sessions
                     system-status leaf TBD
                  user-activity-logs container If the log is user activity logs in system log
                     access-mode container TBD
                        local leaf TBD
                        ppp leaf TBD
                        svn leaf TBD
                     addtional-info leaf TBD
                     authentication-mode container User authentication mode. e.g., Local Authentication, Third-Party Server Authentication, Authentication Exemption, SSO Authentication.
                        exemption-authentication leaf TBD
                        local-authentication leaf Authentication-mode : local authentication.
                        sso-authentication leaf TBD
                        third-part-server-authentication leaf TBD
                     group leaf Group to which a user belongs.
                     login-ip leaf Login IP address of a user.
                     logout-duration leaf TBD
                     online-duration leaf TBD
                     user leaf Name of a user
      message-version leaf The version of message
      severity leaf The severity of the alarm such as critical, high, middle, low.
      time-stamp leaf Indicate the time when the message is generated
      vendor-name leaf The name of the NSF vendor