Constituent element of <sip> for only IPv6 parsing (not generally used).
Data Type
IP
Aliases
|
Use |
Alias |
|---|---|
|
Client Console Full Name |
Host (Origin) |
|
Client Console Short Name |
Not applicable |
|
Web Console Tab/Name |
Host (Origin) |
|
Elasticsearch Field Name |
originIpV6 |
|
Rule Builder Column Name |
SIP |
|
Regex Pattern |
<sipv6> |
|
NetMon Name |
Not applicable |
Field Relationships
-
Nested element of <sip> default regex
-
Can not be used with <sipv4>
Common Applications
IPv6 only network equipment.
Use Case
For more information, see IP Address (Origin).
MPE/Data Masking Manipulations
Polyfield – Origin Host
Usage Standards
-
This is rarely used.
-
Is redundant to <sip>.
-
If you are 100% certain an IPv6 address will always appear.
-
Use if you need an extremely minute performance improvement.
Examples
-
Trend Micro Deep Security
11 19 2014 08:21:12 10.100.6.64 <LOC0:INFO> Nov 19 03:25:07 USABLDRRECFLOW01 dsa_mpnp: REASON=IPv6_Packet HOSTID=230078 ACT=Deny IN=0C:0B:05:07:B0:05 OUT= MAC=00:00:00:00:00:00:00:BE:00:00:00:0D:00:0d SRC=fe80:0:0:0:0cd0:000f:bd2f:000b DST=ff01:0:0:0:0:0:0:1 LEN=86 PROTO=ICMPv6 SPT=0 DPT=0 CNT=1
SRC= shows origin IPv6 Address.