Fields specific to the "l_web" log

The fields described below are shown in the firewall's web administration interface in the HTTP proxy module in the Audit logs > Logs menu and in the All logs, Network traffic and Web views in the Audit logs > Views menu.

arg

Argument of the HTTP command.

String of characters in UTF-8 format. Example: “/”, “/mapage.htm”…

Argument

op

Operation on the http server.

Example: “GET”, “PUT” ...

Operation

result

Return code of the HTTP server.

Example: “403”, “404”…

Result

virus

Message indicating whether a virus has been detected (the antivirus has to be enabled)

Example: “clean

Virus

Example: “clean

cat_site

Category (URL filtering) of the website visited.

String of characters in UTF-8 format.

Example: “{bank}”, “{news}”, etc.

Available from: SNS v1.0.0.

Category of contact

user

Name of the user (when authentication is enabled).

String of characters in UTF-8 format. Example: “John.smith

May be displayed anonymously depending on the administrator's access privileges.

Available from: SNS v1.0.0.

User

ruleid

Number of the filter rule applied.

Example: "4"

Available from: SNS v1.0.0.

Rule

dstname

Name of the target website.

String of characters in UTF-8 format. Example: “webserver.company.com

Available from: SNS v1.0.0.

Destination name

msg

Additional message about the action performed.

String of characters in UTF-8 format. Example: “Blocked url

Message

domain

Authentication method used or LDAP directory of the user authenticated by the firewall.

String of characters in UTF-8 format.

Example: domain="documentation.stormshield.eu"

Available from: SNS v3.0.0.

Method or directory
dstcontinent

Continent to which the destination IP address of the connection belongs.

Value: continent's ISO code

Example: dstcontinent="eu"

Available from: SNS v3.0.0.

Destination continent
dstcountry

Country to which the destination IP address of the connection belongs.

Format: country's ISO code

Example: dstcountry="fr"

Available from: SNS v3.0.0.

Destination country
dsthostrep

Reputation of the connection's target host. Available only if reputation management has been enabled for the relevant host.

Format: unrestricted integer.

Example: dsthostrep=506

Available from: SNS v3.0.0.

  Destination host reputation
dstiprep

Reputation of the destination IP address. Available only if this IP address is public and listed in the IP address reputation base.

Value: "anonymizer", "botnet", "malware", "phishing", "tor", "scanner" or "spam".

Example: dstiprep="spam"

Available from: SNS v3.0.0.

Public reputation of the destination IP address
srccontinent

Continent to which the source IP address of the connection belongs.

Value: continent's ISO code

Example: srccontinent="eu"

Available from: SNS v3.0.0.

Source continent
srccountry

Country to which the source IP address of the connection belongs.

Format: country's ISO code

Example: srccountry="fr"

Available from: SNS v3.0.0.

Source country
srchostrep

Reputation of the connection's source host. Available only if reputation management has been enabled for the relevant host.

Format: unrestricted integer.

Example: srchostrep=26123

Available from: SNS v3.0.0.

Source host reputation
srciprep

Reputation of the source IP address. Available only if this IP address is public and listed in the IP address reputation base.

Value: "anonymizer", "botnet", "malware", "phishing", "tor", "scanner" or "spam".

Example: srciprep="anonymizer,tor"

Available from: SNS v3.0.0.

Public reputation of the source IP address
urlruleid

Number of the URL filter rule applied.

Digital format.

Example: urlruleid=12

Available from: SNS v3.2.0.