DIPv4
Constituent element of <dip> for only IPv4 parsing (not generally used).
Data Type
IP
Aliases
| Use | Alias |
|---|---|
Client Console Full Name | Host (Impacted) |
Client Console Short Name | Not applicable |
Web Console Tab/Name | Host (Impacted) |
Elasticsearch Field Name | impactedIpV4 |
Rule Builder Column Name | DIP |
Regex Pattern | <dipv4> |
NetMon Name | Not applicable |
Field Relationships
- Nested element of <dip> default regex
- Cannot be used with <dipv6>
Common Applications
IPv4 only network equipment
Use Case
Use when parsing a log that only contains IPv4 addresses where the very small performance gain over the standard DIP parsing field is necessary.
MPE/Data Masking Manipulations
Polyfield – Impacted Host
Usage Standards
- This field is rarely used.
- Is redundant to <dip>.
- If you are 100% certain an IPv4 address will always appear.
- Only use if you need an extremely minute performance improvement.
Examples
- Trend Micro Deep Security
11 19 2014 08:21:12 10.100.6.64 <LOC0:INFO> Nov 19 03:25:07 USABLDRRECFLOW01 dsa_mpnp: REASON=IPv4_Packet HOSTID=230078 ACT=Deny IN=0C:0B:05:07:B0:05 OUT= MAC=00:00:00:00:00:00:00:BE:00:00:00:0D:00:0d SRC=2.2.2.2 DST=1.1.1.1 LEN=86 PROTO=ICMP SPT=0 DPT=0 CNT=1