Log fields
Name | Type | Description |
---|---|---|
additional_information | String | Additional information about the event |
date | Date | Date when the event occurred (yyyy-mm-dd) |
log_component | String | Component responsible for logging |
log_subtype | String | Sub type of event |
log_type | String | Type of event |
message | String | Message displayed |
message_id | Integer | Message ID |
src_ip | String | Original source IP address of traffic |
status | String | Ultimate state of traffic |
time | Time | Time when the event occurred (hh:mm:ss) |
user | String | User name |
Name | Type | Description |
---|---|---|
date | Date | Date when the event occurred (yyyy-mm-dd) |
domain | String | Sender’s domain name |
dst_ip | String | Original destination IP address of traffic |
dst_port | Integer | Original destination port of TCP and UDP traffic |
endpoint_id | Integer | Endpoint ID |
event_id | Integer | Event ID |
execution_path | String | Path of executable file |
host_login_user | String | Logged user name on endpoint device |
host_process_user | String | Running process on endpoint device |
log_component | String | Component responsible for logging |
log_subtype | String | Sub type of event |
log_type | String | Type of event |
message_id | Integer | Message ID |
protocol | Integer | Traffic protocol number |
src_ip | String | Original source IP address of traffic |
src_port | Integer | Original source port of TCP and UDP traffic |
app_risk | Integer | Risk level assigned to the application |
status | String | Ultimate state of traffic |
threat | String | Threat identified |
type | String | Type of event |
time | Time | Time when the event occurred (hh:mm:ss) |
user | String | User name |
url | String | URL of the web page accessed |
Name | Type | Description |
---|---|---|
app_category | String | Name of the category under which application falls |
app_name | String | Application name |
app_risk | Integer | Risk level assigned to the application |
app_technology | String | Technology of the application |
appfilter_policy_id | Integer | Application filter policy ID applied on the traffic |
appresolvedby | String | Application is resolved by signature or synchronized application |
bytes_received | Integer | Total number of bytes received |
bytes_sent | Integer | Total number of bytes sent |
category | String | Name of the category under which website falls |
date | Date | Date when the event occurred (yyyy-mm-dd) |
dst_country | Integer | Country code for destination IP address |
dst_ip | String | Original destination IP address of traffic |
dst_port | Integer | Original destination port of TCP and UDP traffic |
fw_rule_id | Integer | Firewall rule ID which is applied on the traffic |
log_component | String | Component responsible for logging |
log_subtype | String | Sub type of event |
log_type | String | Type of event |
message | String | Message displayed |
message_id | Integer | Message ID |
protocol | Integer | Traffic protocol number |
src_country | String | Country code for source IP address |
src_ip | String | Original source IP address of traffic |
src_port | Integer | Original source port of TCP and UDP traffic |
status | String | Ultimate state of traffic |
time | Time | Time when the event occurred (hh:mm:ss) |
user_group | String | Group to which the user belongs |
user | String | User name |
Name | Type | Description |
---|---|---|
additional_information | String | Additional information about the event |
log_component | String | Component responsible for logging |
log_subtype | String | Sub type of event |
log_type | String | Type of event |
message | String | Message displayed |
message_id | Integer | Message ID |
Name | Type | Description |
---|---|---|
action | String | Action performed on the message |
bytes_received | Integer | Total number of bytes received |
bytes_sent | Integer | Total number of bytes sent |
date | Date | Date when the event occurred (yyyy-mm-dd) |
domain | String | Sender’s domain name |
dst_country | Integer | Country code for destination IP address |
dst_ip | String | Original destination IP address of traffic |
dst_port | Integer | Original destination port of TCP and UDP traffic |
email_size | Integer | Email size, in bytes |
fw_rule_id | Integer | Firewall rule ID which is applied on the traffic |
host | String | Host from which the traffic originated |
log_component | String | Component responsible for logging |
log_subtype | String | Sub type of event |
log_type | String | Type of event |
message_id | Integer | Message ID |
policy_name | String | Name of the policy associated with the event |
protocol | Integer | Traffic protocol number |
quarantine_reason | String | Reason why the record was detected as spam/malicious |
recipient | String | Recipient’s email address |
sender | String | Sender email address |
src_country | String | Country code for source IP address |
src_ip | String | Original source IP address of traffic |
src_port | Integer | Original source port of TCP and UDP traffic |
status | String | Ultimate state of traffic |
subject | String | Email subject |
time | Time | Time when the event occurred (hh:mm:ss) |
user | String | User name |
Name | Type | Description |
---|---|---|
app_category | String | Name of the category under which application falls |
app_name | String | Application name |
app_risk | Integer | Risk level assigned to the application |
app_technology | String | Technology of the application |
appfilter_policy_id | Integer | Application filter policy ID applied on the traffic |
appresolvedby | String | Application is resolved by signature or synchronized application |
bytes_received | Integer | Total number of bytes received |
bytes_sent | Integer | Total number of bytes sent |
con_direction | String | Packet direction |
con_duration | String | Durability of traffic (seconds) |
con_id | Integer | Unique identifier of connection |
date | Date | Date when the event occurred (yyyy-mm-dd) |
dst_country | Integer | Country code for destination IP address |
dst_ip | String | Original destination IP address of traffic |
dst_port | Integer | Original destination port of TCP and UDP traffic |
dst_trans_ip | String | Translated destination IP address for outgoing traffic (applicable in route mode only) |
dst_trans_port | Integer | Translated destination port for outgoing traffic(applicable in route mode only) |
dst_zone | String | Name of destination zone |
dst_zone_type | String | Type of destination zone |
fw_rule_id | Integer | Firewall rule ID which is applied on the traffic |
hb_status | String | Heartbeat status |
in_interface | String | Interface for incoming traffic |
ips_policy_id | Integer | IPS policy ID applied on the traffic |
log_component | String | Component responsible for logging |
log_subtype | String | Sub type of event |
log_type | String | Type of event |
message | String | Message displayed |
message_id | Integer | Message ID |
out_interface | String | Interface for outgoing traffic |
packets_received | Integer | Total number of packets received |
packets_sent | Integer | Total number of packets sent |
policy_type | String | Policy type applied to the traffic |
protocol | Integer | Traffic protocol number |
src_country | String | Country code for source IP address |
src_ip | String | Original source IP address of traffic |
src_mac | Integer | Original source MAC address of traffic |
src_port | Integer | Original source port of TCP and UDP traffic |
src_trans_ip | String | Translated source IP address for outgoing traffic (applicable in route mode only) |
src_trans_port | Integer | Translated source port for outgoing traffic |
src_zone | String | Name of source zone |
src_zone_type | String | Type of source zone |
status | String | Ultimate state of traffic |
time | Time | Time when the event occurred (hh:mm:ss) |
user_group | String | Group to which the user belongs |
user | String | User name |
virt_con_id | Integer | Connection ID of the master connection |
web_policy_id | String | Web policy ID |
Name | Type | Description |
---|---|---|
category | String | IPS signature category |
classification | String | Signature classification |
date | Date | Date when the event occurred (yyyy-mm-dd) |
dst_country | Integer | Country code for destination IP address |
dst_ip | String | Original destination IP address of traffic |
fw_rule_id | Integer | Firewall rule ID which is applied on the traffic |
icmp_code | Integer | ICMP code of ICMP traffic |
icmp_type | Integer | ICMP type of ICMP traffic |
ips_policy | Integer | IPS policy name which is applied on the traffic |
ips_policy_id | Integer | IPS policy ID which is applied on the traffic |
log_component | String | Component responsible for logging |
log_subtype | String | Sub type of event |
log_type | String | Type of event |
message | String | Signature message |
message_id | Integer | Message ID |
OS | String | Operating system associated with the traffic |
protocol | Integer | Traffic protocol number |
rule_priority | String | Priority of IPS policy |
sig_id | String | Signature ID |
src_country | String | Country code for source IP address |
src_ip | String | Original source IP address of traffic |
time | Time | Time when the event occurred (hh:mm:ss) |
user | String | User name |
victim | String | Traffic target |
Name | Type | Description |
---|---|---|
bytes_sent | Integer | Total number of bytes sent |
bytes_received | Integer | Total number of bytes received |
date | Date | Date when the event occurred (yyyy-mm-dd) |
domain | String | Sender’s domain name |
dst_country | Integer | Country code for destination IP address |
dst_ip | String | Original destination IP address of traffic |
dst_port | Integer | Original destination port of TCP and UDP traffic |
fw_rule_id | Integer | Firewall rule ID which is applied on the traffic |
log_component | String | Component responsible for logging |
log_subtype | String | Sub type of event |
log_type | String | Type of event |
message_id | Integer | Message ID |
policy_name | String | Name of the policy associated with the event |
protocol | Integer | Traffic protocol number |
src_country | String | Country code for source IP address |
src_ip | String | Original source IP address of traffic |
src_port | Integer | Original source port of TCP and UDP traffic |
status | String | Ultimate state of traffic |
status_code | Integer | Status code |
time | Time | Time when the event occurred (hh:mm:ss) |
url | String | URL of the web page accessed |
user | String | User name |
user_agent | String | User agent |
virus | String | Name of the malware identified by the scan engine |
web_policy_id | String | Web policy ID |
Name | Type | Description |
---|---|---|
date | Date | Date when the event occurred (yyyy-mm-dd) |
domain | String | Domain associated with the event |
file_name | String | File name associated with the event |
file_size | Integer | Size of file associated with the event |
file_type | String | Type of file associated with the event |
host | String | Host from which the traffic originated |
log_component | String | Component responsible for logging |
log_subtype | String | Sub type of event |
log_type | String | Type of event |
message_id | Integer | Message ID |
reason | String | Reason why the record was detected as spam/malicious |
src_ip | String | Original source IP address of traffic |
sha1sum | Hexadecimal | SHA1 checksum of the item being analyzed |
subject | String | Signature message |
time | Time | Time when the event occurred (hh:mm:ss) |
user | String | User name |
Name | Type | Description |
---|---|---|
date | Date | Date when the event occurred (yyyy-mm-dd) |
endpoint_id | Integer | Endpoint ID |
endpoint_ip | String | Endpoint IP |
event_time | Time | Time when the event occurred |
log_component | String | Component responsible for logging |
log_subtype | String | Sub type of event |
log_type | String | Type of event |
message_id | Integer | Message ID |
name | String | Name associated with the event |
status | String | Ultimate state of traffic |
time | Time | Time when the event occurred (hh:mm:ss) |
Name | Type | Description |
---|---|---|
additional_information | String | Additional information about the event |
date | Date | Date when the event occurred (yyyy-mm-dd) |
log_component | String | Component responsible for logging |
log_subtype | String | Sub type of event |
log_type | String | Type of event |
message | String | Message displayed |
message_id | Integer | Message ID |
oldversion | String | Old version of the system component associated with the event |
newversion | String | New version of the system component associated with the event |
status | String | Ultimate state of traffic |
time | Time | Time when the event occurred (hh:mm:ss) |
Name | Type | Description |
---|---|---|
action | String | Action taken on the content based on the web policy rule |
category | String | Name of the category under which website falls |
content_filter_key | String | Content filter key |
context_match | String | String (context) of the file that matches the word/word(s) defined in the filter |
context_prefix | String | String (context) of the file that precedes the matched content |
context_suffix | String | String (context) of the file that succeeds the matched content |
date | Date | Date when the event occurred (yyyy-mm-dd) |
direction | String | Direction of the content being scanned |
file_name | String | Name of the file being downloaded or uploaded |
log_component | String | Component responsible for logging |
log_subtype | String | Sub type of event |
log_type | String | Type of event |
message_id | Integer | Message ID |
site_category | String | Web category of the website accessed |
src_ip | String | Original source IP address of traffic |
time | Time | Time when the event occurred (hh:mm:ss) |
transaction_id | String | Transaction ID of the AV scan. |
user | String | User name |
website | String | Website accessed |
Name | Type | Description |
---|---|---|
activity_name | String | Web policy activity that matched and caused the policy result. (If the transaction matches multiple activities then only the first one that causes the policy decision will be recorded.) |
app_name | String | Application name |
bytes_received | Integer | Total number of bytes received |
bytes_sent | Integer | Total number of bytes sent |
category | String | Name of the category under which website falls |
category_type | String | Type of category under which website falls |
con_duration | String | Durability of traffic (seconds) |
con_id | Integer | Unique identifier of connection |
content_type | String | Type of the content |
date | Date | Date when the event occurred (yyyy-mm-dd) |
domain | String | Sender’s domain name |
download_file_name | String | Download file name |
download_file_type | String | Download file type |
dst_ip | String | Original destination IP address of traffic |
dst_port | Integer | Original destination port of TCP and UDP traffic |
exception | String | List of the checks excluded by web exceptions. |
fw_rule_id | Integer | Firewall rule ID which is applied on the traffic |
log_component | String | Component responsible for logging |
log_subtype | String | Sub type of event |
log_type | String | Type of event |
message_id | Integer | Message ID |
override_token | String | Override token |
protocol | Integer | Traffic protocol number |
reason | String | Reason why the record was detected as spam/malicious |
referer | String | Referer |
response_code | Integer | Response code |
src_ip | String | Original source IP address of traffic |
src_port | Integer | Original source port of TCP and UDP traffic |
status | String | Ultimate state of traffic |
status_code | Integer | Status code |
transaction_id | String | Transaction ID of the AV scan. |
upload_file_name | String | Upload file name |
upload_file_type | String | Upload file type |
url | String | URL of the web page accessed |
user | String | User name |
user_group | String | Group to which the user belongs |
web_policy | String | Web policy associated with the event |
web_policy_id | String | Web policy ID |
Name | Type | Description |
---|---|---|
bytes_received | Integer | Total number of bytes received |
bytes_sent | Integer | Total number of bytes sent |
content_type | String | Type of the content |
cookie | String | Name of the cookie |
date | Date | Date when the event occurred (yyyy-mm-dd) |
extra | String | More info on anti-virus |
fw_rule_id | Integer | Firewall rule ID which is applied on the traffic |
host | String | Host from which the traffic originated |
log_component | String | Component responsible for logging |
log_type | String | Type of event |
message_id | Integer | Message ID |
method | String | Name of HTTP request method |
policy_name | String | Name of the policy associated with the event |
protocol | Integer | Traffic protocol number |
query_string | String | Query search |
reason | String | Reason why the record was detected as spam/malicious |
referer | String | Referer |
response_code | Integer | Response code |
response_time | Integer | Time to process the request |
server | String | Server name |
src_ip | String | Original source IP address of traffic |
time | Time | Time when the event occurred (hh:mm:ss) |
url | String | URL of the web page accessed |
user | String | User name |
user_agent | String | User agent |