I am using logstash to parse my firewall logs, and some logs contain these information :
src=x.x.x.x srcport=YYY dst=x.x.x.x modsrc=x.x.x.x origdst=x.x.x.x dst= x.x.x.x srcport=YY modsrcport= YY origdstport= YY
src = IP address of the source host
dst = IP address of the destination host
modsrc = Translated IP address of the source host.
origdst = Original IP address of the destination host (before translation or the application of a virtual connection).
srcport = source TCP/UDP port number
modesrcport = Translated TCP/UDP source port number
dstport = Destination TCP/UDP port number
origdstport = Original port number of the destination TCP/UDP port (before translation or the application of a virtual connection).
I wanna know how can I name these fields to respect ECS !
Thanks for your help