DIPv6
Constituent element of <sip> for only IPv6 parsing (not generally used).
Data Type
IP
Aliases
| Use | Alias |
|---|---|
Client Console Full Name | Host (Impacted) |
Client Console Short Name | Not applicable |
Web Console Tab/Name | Host (Impacted) |
Elasticsearch Field Name | impactedIpV6 |
Rule Builder Column Name | DIP |
Regex Pattern | <dipv6> |
NetMon Name | Not applicable |
Field Relationships
<dipv6> is a nested element of <dip>
Common Applications
IPv6 only network equipment
Use Case
Use when parsing a log that only contains IPv6 addresses where the very small performance gain over the standard DIP parsing field is necessary.
MPE/Data Masking Manipulations
Polyfield – Impacted Host
Usage Standards
- This is rarely used.
- Is redundant to <dip>.
- If you are 100% certain an IPv4 address will always appear.
- Use if you need an extremely minute performance improvement.
Examples
- Trend Micro Deep Security
11 19 2014 08:21:12 10.100.6.64 <LOC0:INFO> Nov 19 03:25:07 USABLDRRECFLOW01 dsa_mpnp: REASON=IPv6_Packet HOSTID=230078 ACT=Deny IN=0C:0B:05:07:B0:05 OUT= MAC=00:00:00:00:00:00:00:BE:00:00:00:0D:00:0d SRC=fe80:0:0:0:0cd0:000f:bd2f:000b DST=ff01:0:0:0:0:0:0:1 LEN=86 PROTO=ICMPv6 SPT=0 DPT=0 CNT=1
DST= shows impacted IPv6 Address.