Fields specific to the “l_filter”,  “l_alarm”, “ l_connection” and “l_plugin” logs

The fields described below appear in the firewall's web administration interface in the Filtering, Alarms, Network connections and Application connections (plugin) alarms in the Audit logs > Logs menu and in the All logs, Network traffic, Filtering, Threats, Web, E-mails and System events views in the Audit logs > Views menu.

pri 

Represents the alarm level.

Values (cannot be customized): "" (emergency), "" (alert), "" (critical), "" (error), "" (warning), "" (notice), "" (information) or "" (debug).

Available from: SNS v1.0.0.

Priority

confid

Index of the security inspection profile used.

Value from “0” to “9”.

Available from: SNS v1.0.0.

Config

slotlevel 

Indicates the type of rule that activated logging.

Values: “0” (implicit), “1” (global), or “2” (local).

Available from: SNS v1.0.0.

Rule level

Values: “Implicit”, “Global” or “Local”.

ruleid 

Number of the filter rule applied.

Example: “1”, “2” …

Available from: SNS v1.0.0.

Rule

srcif 

Internal name of the interface at the source of the traffic.

String of characters in UTF-8 format. Example: “Ethernet0

Available from: SNS v1.0.0.

Source interf. (ID)

srcifname 

Name of the object representing the interface at the source of the traffic.

String of characters in UTF-8 format. Example: “out

Available from: SNS v1.0.0.

Source interf.

srcmac

MAC address of the source host.

May be displayed anonymously depending on the administrator's access privileges.

Available from: SNS v1.0.0.

Source MAC address

ipproto

Name of the protocol above IP (transport layer).

String of characters in UTF-8 format. Example: “tcp

Available from: SNS v1.0.0.

Internet Protocol

ipv

Version of the IP protocol used in the traffic

Values: “4”, “6”…

Available from: SNS v1.0.0.

IP version

proto

Name of the associated plugin. If this is not available, the name of the standard service corresponding to the destination port. String of characters in UTF-8 format. Example: “http”, “ssh

Available from: SNS v1.0.0.

Protocol

src

IP address of the source host.

Decimal format. Example: ”192.168.0.1

May be displayed anonymously depending on the administrator's access privileges.

Available from: SNS v1.0.0.

Source

srcport

Source TCP/UDP port number.

Example: "49753"

Available from: SNS v1.0.0.

Source port

srcportname

“Source” port name if it is known.

String of characters in UTF-8 format. Example: “http”, “ephemeral_fw_tcp”…

Available from: SNS v1.0.0.

Source port name

srcname

Name of the object corresponding to the source host.

String of characters in UTF-8 format. Example: “client_workstation

May be displayed anonymously depending on the administrator's access privileges.

Available from: SNS v1.0.0.

Source name

modsrc

Translated IP address of the source host.

May be displayed anonymously depending on the administrator's access privileges.

Decimal format. Example: ”192.168.0.1

Available from: SNS v1.0.0.

Translated source address

modsrcport

Translated TCP/UDP source port number. Example: "80"

Available from: SNS v1.0.0.

Translated source port

dst

IP address of the destination host

Decimal format. Example: ”192.168.0.2

Available from: SNS v1.0.0.

Destination

dstport

Destination TCP/UDP port number.

Example: "22"

Available from: SNS v1.0.0.

Destination port

dstportname

Name of the object corresponding to the destination port.

String of characters in UTF-8 format. Example: “ssh

Available from: SNS v1.0.0.

Dest. port name

dstname

Name of the object corresponding to the IP address of the destination host.

String of characters in UTF-8 format. Example: “intranet_server

Available from: SNS v1.0.0.

Destination name

origdst

Original IP address of the destination host (before translation or the application of a virtual connection).

Decimal format. Example: ”192.168.0.1

Available from: SNS v1.0.0.

Orig. destination

origdstport

Original port number of the destination TCP/UDP port (before translation or the application of a virtual connection). Example: "80"

Available from: SNS v1.0.0.

Orig. destination port

dstif

Name of the destination interface.

String of characters in UTF-8 format. Example: “Ethernet 1

Available from: SNS v1.0.0.

Dest. interf. (ID)

dstifname

Name of the object representing the traffic’s destination interface.

String of characters in UTF-8 format. Example: “dmz1

Available from: SNS v1.0.0.

Dest. interf.

user

User authenticated by the firewall.

String of characters in UTF-8 format. Example: “John.smith

May be displayed anonymously depending on the administrator's access privileges.

Available from: SNS v1.0.0.

User

dstcontinent

Continent to which the destination IP address of the connection belongs.

Value: continent's ISO code

Example: dstcontinent="eu"

Available from: SNS v3.0.0.

Destination continent
dstcountry

Country to which the destination IP address of the connection belongs.

Format: country's ISO code

Example: dstcountry="fr"

Available from: SNS v3.0.0.

Destination country
dsthostrep

Reputation of the connection's target hosts Available only if reputation management has been enabled for the relevant hosts.

Format: unrestricted integer.

Example: dsthostrep=506

Available from: SNS v3.0.0.

Destination host reputation
dstiprep

Reputation of the destination IP address. Available only if this IP address is public and listed in the IP address reputation base.

Value: "anonymizer", "botnet", "malware", "phishing", "tor", "scanner" or "spam".

Example: dstiprep="spam"

Available from: SNS v3.0.0.

Public reputation of the destination IP address
srccontinent

Continent to which the source IP address of the connection belongs.

Value: continent's ISO code

Example: srccontinent="eu"

Available from: SNS v3.0.0.

Source continent
srccountry

Country to which the source IP address of the connection belongs.

Format: country's ISO code

Example: srccountry="fr"

Available from: SNS v3.0.0.

Source country
srchostrep

Reputation of the connection's source hosts. Available only if reputation management has been enabled for the relevant hosts.

Format: unrestricted integer.

Example: srchostrep=26123

Available from: SNS v3.0.0.

Source host reputation
srciprep

Reputation of the source IP address. Available only if this IP address is public and listed in the IP address reputation base.

Value: "anonymizer", "botnet", "malware", "phishing", "tor", "scanner" or "spam".

Example: srciprep="anonymizer,tor"

Available from: SNS v3.0.0.

Public reputation of the source IP address