Log fields
| Name | Type | Description |
|---|---|---|
| additional_information | String | Additional information about the event |
| date | Date | Date when the event occurred (yyyy-mm-dd) |
| log_component | String | Component responsible for logging |
| log_subtype | String | Sub type of event |
| log_type | String | Type of event |
| message | String | Message displayed |
| message_id | Integer | Message ID |
| src_ip | String | Original source IP address of traffic |
| status | String | Ultimate state of traffic |
| time | Time | Time when the event occurred (hh:mm:ss) |
| user | String | User name |
| Name | Type | Description |
|---|---|---|
| date | Date | Date when the event occurred (yyyy-mm-dd) |
| domain | String | Sender’s domain name |
| dst_ip | String | Original destination IP address of traffic |
| dst_port | Integer | Original destination port of TCP and UDP traffic |
| endpoint_id | Integer | Endpoint ID |
| event_id | Integer | Event ID |
| execution_path | String | Path of executable file |
| host_login_user | String | Logged user name on endpoint device |
| host_process_user | String | Running process on endpoint device |
| log_component | String | Component responsible for logging |
| log_subtype | String | Sub type of event |
| log_type | String | Type of event |
| message_id | Integer | Message ID |
| protocol | Integer | Traffic protocol number |
| src_ip | String | Original source IP address of traffic |
| src_port | Integer | Original source port of TCP and UDP traffic |
| app_risk | Integer | Risk level assigned to the application |
| status | String | Ultimate state of traffic |
| threat | String | Threat identified |
| type | String | Type of event |
| time | Time | Time when the event occurred (hh:mm:ss) |
| user | String | User name |
| url | String | URL of the web page accessed |
| Name | Type | Description |
|---|---|---|
| app_category | String | Name of the category under which application falls |
| app_name | String | Application name |
| app_risk | Integer | Risk level assigned to the application |
| app_technology | String | Technology of the application |
| appfilter_policy_id | Integer | Application filter policy ID applied on the traffic |
| appresolvedby | String | Application is resolved by signature or synchronized application |
| bytes_received | Integer | Total number of bytes received |
| bytes_sent | Integer | Total number of bytes sent |
| category | String | Name of the category under which website falls |
| date | Date | Date when the event occurred (yyyy-mm-dd) |
| dst_country | Integer | Country code for destination IP address |
| dst_ip | String | Original destination IP address of traffic |
| dst_port | Integer | Original destination port of TCP and UDP traffic |
| fw_rule_id | Integer | Firewall rule ID which is applied on the traffic |
| log_component | String | Component responsible for logging |
| log_subtype | String | Sub type of event |
| log_type | String | Type of event |
| message | String | Message displayed |
| message_id | Integer | Message ID |
| protocol | Integer | Traffic protocol number |
| src_country | String | Country code for source IP address |
| src_ip | String | Original source IP address of traffic |
| src_port | Integer | Original source port of TCP and UDP traffic |
| status | String | Ultimate state of traffic |
| time | Time | Time when the event occurred (hh:mm:ss) |
| user_group | String | Group to which the user belongs |
| user | String | User name |
| Name | Type | Description |
|---|---|---|
| additional_information | String | Additional information about the event |
| log_component | String | Component responsible for logging |
| log_subtype | String | Sub type of event |
| log_type | String | Type of event |
| message | String | Message displayed |
| message_id | Integer | Message ID |
| Name | Type | Description |
|---|---|---|
| action | String | Action performed on the message |
| bytes_received | Integer | Total number of bytes received |
| bytes_sent | Integer | Total number of bytes sent |
| date | Date | Date when the event occurred (yyyy-mm-dd) |
| domain | String | Sender’s domain name |
| dst_country | Integer | Country code for destination IP address |
| dst_ip | String | Original destination IP address of traffic |
| dst_port | Integer | Original destination port of TCP and UDP traffic |
| email_size | Integer | Email size, in bytes |
| fw_rule_id | Integer | Firewall rule ID which is applied on the traffic |
| host | String | Host from which the traffic originated |
| log_component | String | Component responsible for logging |
| log_subtype | String | Sub type of event |
| log_type | String | Type of event |
| message_id | Integer | Message ID |
| policy_name | String | Name of the policy associated with the event |
| protocol | Integer | Traffic protocol number |
| quarantine_reason | String | Reason why the record was detected as spam/malicious |
| recipient | String | Recipient’s email address |
| sender | String | Sender email address |
| src_country | String | Country code for source IP address |
| src_ip | String | Original source IP address of traffic |
| src_port | Integer | Original source port of TCP and UDP traffic |
| status | String | Ultimate state of traffic |
| subject | String | Email subject |
| time | Time | Time when the event occurred (hh:mm:ss) |
| user | String | User name |
| Name | Type | Description |
|---|---|---|
| app_category | String | Name of the category under which application falls |
| app_name | String | Application name |
| app_risk | Integer | Risk level assigned to the application |
| app_technology | String | Technology of the application |
| appfilter_policy_id | Integer | Application filter policy ID applied on the traffic |
| appresolvedby | String | Application is resolved by signature or synchronized application |
| bytes_received | Integer | Total number of bytes received |
| bytes_sent | Integer | Total number of bytes sent |
| con_direction | String | Packet direction |
| con_duration | String | Durability of traffic (seconds) |
| con_id | Integer | Unique identifier of connection |
| date | Date | Date when the event occurred (yyyy-mm-dd) |
| dst_country | Integer | Country code for destination IP address |
| dst_ip | String | Original destination IP address of traffic |
| dst_port | Integer | Original destination port of TCP and UDP traffic |
| dst_trans_ip | String | Translated destination IP address for outgoing traffic (applicable in route mode only) |
| dst_trans_port | Integer | Translated destination port for outgoing traffic(applicable in route mode only) |
| dst_zone | String | Name of destination zone |
| dst_zone_type | String | Type of destination zone |
| fw_rule_id | Integer | Firewall rule ID which is applied on the traffic |
| hb_status | String | Heartbeat status |
| in_interface | String | Interface for incoming traffic |
| ips_policy_id | Integer | IPS policy ID applied on the traffic |
| log_component | String | Component responsible for logging |
| log_subtype | String | Sub type of event |
| log_type | String | Type of event |
| message | String | Message displayed |
| message_id | Integer | Message ID |
| out_interface | String | Interface for outgoing traffic |
| packets_received | Integer | Total number of packets received |
| packets_sent | Integer | Total number of packets sent |
| policy_type | String | Policy type applied to the traffic |
| protocol | Integer | Traffic protocol number |
| src_country | String | Country code for source IP address |
| src_ip | String | Original source IP address of traffic |
| src_mac | Integer | Original source MAC address of traffic |
| src_port | Integer | Original source port of TCP and UDP traffic |
| src_trans_ip | String | Translated source IP address for outgoing traffic (applicable in route mode only) |
| src_trans_port | Integer | Translated source port for outgoing traffic |
| src_zone | String | Name of source zone |
| src_zone_type | String | Type of source zone |
| status | String | Ultimate state of traffic |
| time | Time | Time when the event occurred (hh:mm:ss) |
| user_group | String | Group to which the user belongs |
| user | String | User name |
| virt_con_id | Integer | Connection ID of the master connection |
| web_policy_id | String | Web policy ID |
| Name | Type | Description |
|---|---|---|
| category | String | IPS signature category |
| classification | String | Signature classification |
| date | Date | Date when the event occurred (yyyy-mm-dd) |
| dst_country | Integer | Country code for destination IP address |
| dst_ip | String | Original destination IP address of traffic |
| fw_rule_id | Integer | Firewall rule ID which is applied on the traffic |
| icmp_code | Integer | ICMP code of ICMP traffic |
| icmp_type | Integer | ICMP type of ICMP traffic |
| ips_policy | Integer | IPS policy name which is applied on the traffic |
| ips_policy_id | Integer | IPS policy ID which is applied on the traffic |
| log_component | String | Component responsible for logging |
| log_subtype | String | Sub type of event |
| log_type | String | Type of event |
| message | String | Signature message |
| message_id | Integer | Message ID |
| OS | String | Operating system associated with the traffic |
| protocol | Integer | Traffic protocol number |
| rule_priority | String | Priority of IPS policy |
| sig_id | String | Signature ID |
| src_country | String | Country code for source IP address |
| src_ip | String | Original source IP address of traffic |
| time | Time | Time when the event occurred (hh:mm:ss) |
| user | String | User name |
| victim | String | Traffic target |
| Name | Type | Description |
|---|---|---|
| bytes_sent | Integer | Total number of bytes sent |
| bytes_received | Integer | Total number of bytes received |
| date | Date | Date when the event occurred (yyyy-mm-dd) |
| domain | String | Sender’s domain name |
| dst_country | Integer | Country code for destination IP address |
| dst_ip | String | Original destination IP address of traffic |
| dst_port | Integer | Original destination port of TCP and UDP traffic |
| fw_rule_id | Integer | Firewall rule ID which is applied on the traffic |
| log_component | String | Component responsible for logging |
| log_subtype | String | Sub type of event |
| log_type | String | Type of event |
| message_id | Integer | Message ID |
| policy_name | String | Name of the policy associated with the event |
| protocol | Integer | Traffic protocol number |
| src_country | String | Country code for source IP address |
| src_ip | String | Original source IP address of traffic |
| src_port | Integer | Original source port of TCP and UDP traffic |
| status | String | Ultimate state of traffic |
| status_code | Integer | Status code |
| time | Time | Time when the event occurred (hh:mm:ss) |
| url | String | URL of the web page accessed |
| user | String | User name |
| user_agent | String | User agent |
| virus | String | Name of the malware identified by the scan engine |
| web_policy_id | String | Web policy ID |
| Name | Type | Description |
|---|---|---|
| date | Date | Date when the event occurred (yyyy-mm-dd) |
| domain | String | Domain associated with the event |
| file_name | String | File name associated with the event |
| file_size | Integer | Size of file associated with the event |
| file_type | String | Type of file associated with the event |
| host | String | Host from which the traffic originated |
| log_component | String | Component responsible for logging |
| log_subtype | String | Sub type of event |
| log_type | String | Type of event |
| message_id | Integer | Message ID |
| reason | String | Reason why the record was detected as spam/malicious |
| src_ip | String | Original source IP address of traffic |
| sha1sum | Hexadecimal | SHA1 checksum of the item being analyzed |
| subject | String | Signature message |
| time | Time | Time when the event occurred (hh:mm:ss) |
| user | String | User name |
| Name | Type | Description |
|---|---|---|
| date | Date | Date when the event occurred (yyyy-mm-dd) |
| endpoint_id | Integer | Endpoint ID |
| endpoint_ip | String | Endpoint IP |
| event_time | Time | Time when the event occurred |
| log_component | String | Component responsible for logging |
| log_subtype | String | Sub type of event |
| log_type | String | Type of event |
| message_id | Integer | Message ID |
| name | String | Name associated with the event |
| status | String | Ultimate state of traffic |
| time | Time | Time when the event occurred (hh:mm:ss) |
| Name | Type | Description |
|---|---|---|
| additional_information | String | Additional information about the event |
| date | Date | Date when the event occurred (yyyy-mm-dd) |
| log_component | String | Component responsible for logging |
| log_subtype | String | Sub type of event |
| log_type | String | Type of event |
| message | String | Message displayed |
| message_id | Integer | Message ID |
| oldversion | String | Old version of the system component associated with the event |
| newversion | String | New version of the system component associated with the event |
| status | String | Ultimate state of traffic |
| time | Time | Time when the event occurred (hh:mm:ss) |
| Name | Type | Description |
|---|---|---|
| action | String | Action taken on the content based on the web policy rule |
| category | String | Name of the category under which website falls |
| content_filter_key | String | Content filter key |
| context_match | String | String (context) of the file that matches the word/word(s) defined in the filter |
| context_prefix | String | String (context) of the file that precedes the matched content |
| context_suffix | String | String (context) of the file that succeeds the matched content |
| date | Date | Date when the event occurred (yyyy-mm-dd) |
| direction | String | Direction of the content being scanned |
| file_name | String | Name of the file being downloaded or uploaded |
| log_component | String | Component responsible for logging |
| log_subtype | String | Sub type of event |
| log_type | String | Type of event |
| message_id | Integer | Message ID |
| site_category | String | Web category of the website accessed |
| src_ip | String | Original source IP address of traffic |
| time | Time | Time when the event occurred (hh:mm:ss) |
| transaction_id | String | Transaction ID of the AV scan. |
| user | String | User name |
| website | String | Website accessed |
| Name | Type | Description |
|---|---|---|
| activity_name | String | Web policy activity that matched and caused the policy result. (If the transaction matches multiple activities then only the first one that causes the policy decision will be recorded.) |
| app_name | String | Application name |
| bytes_received | Integer | Total number of bytes received |
| bytes_sent | Integer | Total number of bytes sent |
| category | String | Name of the category under which website falls |
| category_type | String | Type of category under which website falls |
| con_duration | String | Durability of traffic (seconds) |
| con_id | Integer | Unique identifier of connection |
| content_type | String | Type of the content |
| date | Date | Date when the event occurred (yyyy-mm-dd) |
| domain | String | Sender’s domain name |
| download_file_name | String | Download file name |
| download_file_type | String | Download file type |
| dst_ip | String | Original destination IP address of traffic |
| dst_port | Integer | Original destination port of TCP and UDP traffic |
| exception | String | List of the checks excluded by web exceptions. |
| fw_rule_id | Integer | Firewall rule ID which is applied on the traffic |
| log_component | String | Component responsible for logging |
| log_subtype | String | Sub type of event |
| log_type | String | Type of event |
| message_id | Integer | Message ID |
| override_token | String | Override token |
| protocol | Integer | Traffic protocol number |
| reason | String | Reason why the record was detected as spam/malicious |
| referer | String | Referer |
| response_code | Integer | Response code |
| src_ip | String | Original source IP address of traffic |
| src_port | Integer | Original source port of TCP and UDP traffic |
| status | String | Ultimate state of traffic |
| status_code | Integer | Status code |
| transaction_id | String | Transaction ID of the AV scan. |
| upload_file_name | String | Upload file name |
| upload_file_type | String | Upload file type |
| url | String | URL of the web page accessed |
| user | String | User name |
| user_group | String | Group to which the user belongs |
| web_policy | String | Web policy associated with the event |
| web_policy_id | String | Web policy ID |
Note XG Firewall always blocks web pages
categorized as highly objectionable criminal activity and hides the domain name in logs and
reports.
| Name | Type | Description |
|---|---|---|
| bytes_received | Integer | Total number of bytes received |
| bytes_sent | Integer | Total number of bytes sent |
| content_type | String | Type of the content |
| cookie | String | Name of the cookie |
| date | Date | Date when the event occurred (yyyy-mm-dd) |
| extra | String | More info on anti-virus |
| fw_rule_id | Integer | Firewall rule ID which is applied on the traffic |
| host | String | Host from which the traffic originated |
| log_component | String | Component responsible for logging |
| log_type | String | Type of event |
| message_id | Integer | Message ID |
| method | String | Name of HTTP request method |
| policy_name | String | Name of the policy associated with the event |
| protocol | Integer | Traffic protocol number |
| query_string | String | Query search |
| reason | String | Reason why the record was detected as spam/malicious |
| referer | String | Referer |
| response_code | Integer | Response code |
| response_time | Integer | Time to process the request |
| server | String | Server name |
| src_ip | String | Original source IP address of traffic |
| time | Time | Time when the event occurred (hh:mm:ss) |
| url | String | URL of the web page accessed |
| user | String | User name |
| user_agent | String | User agent |