Logs

Logs include analyses of network activity that let you identify security issues and reduce malicious use of your network. You can send logs to a syslog server or view them through the log viewer. Using data anonymization, you can encrypt identities in logs and reports.

Find detailed information about all the log IDs, types, messages, and their meaning in the Logfile guide.

Examples of logs:

device="SFW" date=2018-02-27 time=18:13:29 timezone="IST" device_name="XG125w" device_id=S1601E1F9FCB7EE log_id=054402617051 log_type="Content Filtering" log_component="Application" log_subtype="Denied" priority=Information fw_rule_id=1 user_name="" user_gp="" application_filter_policy=8 category="Mobile Applications" application_name="Gtalk Android" application_risk=4 application_technology="Client Server" application_category="Mobile Applications" src_ip=192.0.0.1 src_country_code=DEU dst_ip=192.0.2.1 dst_country_code=USA protocol="TCP" src_port=49128 dst_port=5228 sent_bytes=0 recv_bytes=0 status="Deny" message="" appresolvedby="Signature"
device="SFW" date=2018-03-06 time=01:50:48 timezone="IST" device_name="XG125w" device_id=S1601E1F9FCB7EE log_id=050901616001 log_type="Content Filtering" log_component="HTTP" log_subtype="Allowed" status="" priority=Information fw_rule_id=2 user_name="" user_gp="" iap=1 category="None" category_type="" url="http://http.example.com/" contenttype="" override_token="" httpresponsecode="" src_ip=192.0.0.1 dst_ip=192.0.2.1 protocol="TCP" src_port=53816 dst_port=80 sent_bytes=195 recv_bytes=40 domain=http.example.com exceptions= activityname="" reason="" user_agent="SXL/3.1" status_code="200" transactionid= referer="" app_is_cloud=0 app_parent=1 upload_filename="" download_filename="" upload_filetype="" download_filetype="" classification=""

Log ID

The log ID is a twelve-character code in the following format:

c1c2c3c4c5c6c7c8c9c10c11c12
Composition:
  • c1c2: Log type ID
  • c3c4: Log component ID
  • c5c6: Log subtype ID
  • c7: Priority
  • c8c9c10c11c12: Message ID
Example
010101600001

c1c2: 01 (Security policy)

c3c4: 01 (Firewall rule)

c5c6: 01 (Allowed)

c7: 6 (Information)

c8c9c10c11c12: 00001 (Firewall traffic allowed)