sniffing – What data can be sniffed in a LoRaWAN network at various points?

What data or metadata can be sniffed in a LoRaWAN network at various points like the end-device (node), the gateway, the network server and the application server? Is there exists a standardized data format for transmitting the messages since I need to sniff the data for any anomalous activity on every point on the network?

I am an outsider to the network so I shall just have access to the metadata or header data of the message. And the application is an machine learning based intrusion detection system which analyzes the metadata info at various points in the network, viz the end-nodes, gateways, network server and the application servers to detect any anomalous activity.

I referred this this article, however it doesn’t clearly specify the points from where the data has been collected. It may be possible that some data has been scrapped at the gateway or at the network server.

So I want to know if there exists a standard and distinct format for transmitting the data from end-node to gateway, from gateway to network server and network server to application server and what all data can be sniffed in these transmissions as an outsider?