Fields specific to the "l_vpn" log

The fields described below are shown in the firewall's web administration interface in the IPSec VPN module in the Audit logs > Logs menu and in the All logs and VPN views in the Audit logs > Views menu.

pri

Set to “5” (“notice”) to ensure WELF compatibility.

Available from: SNS v1.0.0.

Priority

error

 

Error level of the log.

Values: “0” (Information), “1” (Warning) or “2” (Error).

Result

Example: “Info

phase

 

Number of the IPSec VPN tunnel negotiation phase.

Values: “0” (no phase), “1” (phase 1) or “2” (phase 2).

Phase

src

IP address of the VPN tunnel’s local endpoint.

Decimal format. Example: ”192.168.0.1

Available from: SNS v1.0.0.

Source

srcname

Name of the object corresponding to the VPN tunnel’s local endpoint.

String of characters in UTF-8 format.

Example: “Pub_FW

Available from: SNS v1.0.0.

Source name

dst

IP address of the VPN tunnel’s remote endpoint.

Decimal format.

Example: ”192.168.1.1

Available from: SNS v1.0.0.

Destination

dstname

Name of the object corresponding to the VPN tunnel’s remote endpoint.

String of characters in UTF-8 format.

Example: “fw_remote

Available from: SNS v1.0.0.

Destination name

user

ID of the remote user used for the negotiation.

String of characters in UTF-8 format.

Example: “john.smith

May be displayed anonymously depending on the administrator's access privileges.

Available from: SNS v1.0.0.

User

usergroup

The user that set up a tunnel belongs this group, defined in the VPN access privileges.

String of characters in UTF-8 format.

Example: usergroup="ipsec-group"

Available from: SNS v3.3.0.

Group

msg

Description of the operation performed.

String of characters in UTF-8 format. Example: “Phase established

Message

side

Role of the Firewall in the negotiation of the tunnel.

Values: “initiator” or “responder”.

Role

cookie_i

Temporary identity marker of the initiator of the negotiation.

Character string in hexadecimal. Example: “0xae34785945ae3cbf

Initiating cookie

cookie_r

Temporary identity marker of the peer of the negotiation.

Character string in hexadecimal. Example: "0x56201508549a6526".

Receiving cookie

localnet

Local network negotiated in phase2.

Decimal format. Example: ”192.168.0.1

Local network

remotenet

Remote network negotiated in phase2.

Decimal format. Example: ”192.168.1.1

Remote network

spi_in

SPI (Security Parameter Index) number of the negotiated incoming SA (Security Association). Character string in hexadecimal. Example: “0x01ae58af

Incoming spi

spi_out

SPI number of the negotiated outgoing SA.

Character string in hexadecimal. Example: “0x003d098c

Outgoing spi

ike

Version of the IKE protocol used

Values: “1”, “2”…

IKE version

remoteid

ID of the peer used during the negotiation of the IKE SA.

This may be an e-mail address or IP address.

Remote identifier