Fields specific to the "l_filterstat" log

 

SavedEvaluation

Number of rule evaluations that did not use intrusion prevention technology.

DynamicMem

Percentage of the ASQ’s dynamic memory in use.

Value from “0” to “100”.

HostMem

Percentage of memory allocated to a host processed by the Firewall.

Value from “0” to “100”.

FragMem

Percentage of memory allocated to the treatment of fragmented packets.

Value from “0” to “100”.

ICMPMem

Percentage of memory allocated to ICMP.

Value from “0” to “100”.

ConnMem

Percentage of memory allocated to connections.

Value from “0” to “100”.

DtrackMem

Percentage of memory used for data tracking (TCP/UDP packets).

Value from “0” to “100”.

IPStateMem Percentage of memory allocated to processing pseudo-connections relating to protocols other than TCP, UDP or ICMP (e.g.: GRE) that have passed through the firewall.
IPStateConn Number of active pseudo-connections relating to protocols other than TCP, UDP or ICMP (e.g.: GRE).
IPStateConnNatDst Number of active pseudo-connections with address translation on the destination.
IPStateConnNatSrc Number of active pseudo-connections with address translation on the source.
IPStateConnNoNatDst Number of active pseudo-connections that explicitly include "No NAT" instructions on the destination.
IPStateConnNoNatSrc Number of active pseudo-connections that explicitly include "No NAT" instructions on the source.
IPStatePacket Number of network packets originating from protocols other than TCP, UDP or ICMP (e.g.: GRE) that have passed through the firewall.
IPStateByte Number of bytes exchanged for pseudo-connections. This value includes incoming and outgoing bytes.

Logged

Number of log lines generated by the intrusion prevention engine.

LogOverflow

Number of log lines that could not be generated by the intrusion prevention engine.

PvmFacts

Number of events sent by ASQ to the vulnerability management process.

PvmOverflow

Number of events intended for the vulnerability management process that were ignored by ASQ.

Accepted

Number of packets corresponding to the application of “Pass” rules.

Example: Accepted=2430.

Blocked

Number of packets corresponding to the application of “Block” rules.

Example: Blocked=1254.

Byte(i/o)

Number of bytes (incoming/outgoing) that have passed through the Firewall.

Example: Byte (i/o)=527894/528486.

Fragmented

Number of fragmented packets that have passed through the Firewall.

TCPPacket

Number of TCP packets that have passed through the Firewall.

TCPByte(i/o)

Number of TCP bytes (incoming/outgoing) that have passed through the firewall.

Example: TCPByte (i/o)=527894/528486.

TCPConn

Number of TCP connections that have passed through the Firewall.

TCPConnNatSrc

Number of TCP connections with a translated source.

TCPConnNatDst

Number of TCP connections with a translated destination.

UDPPacket

Number of UDP packets that have passed through the Firewall.

UDPByte(i/o)

Number of UDP bytes (incoming/outgoing) that have passed through the Firewall.

Example: “527894/528486

UDPConn

Number of UDP connections that have passed through the Firewall.

UDPConnNatSrc

Number of UDP connections with a translated source.

UDPConnNatDst

Number of UDP connections with a translated destination.

ICMPPacket

Number of ICMP packets that have passed through the Firewall.

ICMPByte(i/o)

Number of ICMP bytes (incoming/outgoing) that have passed through the Firewall.

Example: ICMPByte(i/o) =527894/528486

HostrepScore

Average reputation score of monitored hosts.

Value: decimal integer between 0 and 65535.

Example: HostrepScore=1234

Available from: SNS v3.0.0.

HostrepMax

Highest reputation score of monitored hosts.

Value: decimal integer between 0 and 65535.

Example: HostrepMax=6540

Available from: SNS v3.0.0.

HostrepRequests

Number of reputation score requests submitted.

Value: unrestricted decimal integer.

Example: HostrepRequests=445

Available from: SNS v3.0.0.