P

phase

 

Number of the IPSec VPN tunnel negotiation phase.

Values: “0” (no phase), “1” (phase 1) or “2” (phase 2).

Example: phase=1.

Affected logs: l_vpn.

Phase

pktdump

Network packet captured and encoded in hexadecimal for deeper analysis by a third-party tool.
Example: pktdump="450000321fd240008011c2f50a00007b0a3c033d0035c"

Affected logs: l_alarm.

Captured packet
pktdumplen

Size of the packet captured for deeper analysis by a third-party tool. This value may differ from the value of the “pktlen” field.
Example: pktdumplen=28.

Affected logs: l_alarm.

Size of the packet captured
pktlen

Size of the network packet that activated the alarm (in bytes).
Example: pktlen=33.

Affected logs: l_alarm.

Packet size

port

Port number (entered only if a vulnerability has been detected).

Example: port=22.

Affected logs: l_pvm.

Source port

portname

Standard service corresponding to the port number (entered only if a vulnerability has been detected).

String of characters in UTF-8 format.

Example: “ssh”.

Affected logs: l_pvm.

Source port name

ppkid

Identifier of the post-quantum pre-shared key (ppk) used to establish the IPsec tunnel.

String of characters in UTF-8 format.

Example: « identifier_of_the_ppk_used ».

Affected logs: l_vpn.

pri

Represents the alarm level.
Values (cannot be customized): "" (emergency), "" (alert), "" (critical), "" (error), "" (warning), "" (notice), "" (information) or"" (debug).

Set to “5” (“notice”) to ensure WELF compatibility in the following logs: l_smtp, l_pop3, l_ftp, l_web, l_ssl, l_system and l_vpn.

Possible values: "1" ("alert") or "4" ("warning") in the l_pvm log.

Example: pri=1.

Available from: SNS v1.0.0.

Affected logs: l_alarm, l_connection, l_filter, l_ftp, l_plugin, l_pvm, l_pop3, l_smtp, l_ssl, l_system, l_vpn and l_web, l_routing.

Priority

product

Product on which the vulnerability was detected.

String of characters in UTF-8 format.

Example: product="JRE_1.6.0_27".

Affected logs: l_pvm.

Product

proto

Name of the standard service corresponding to the destination port.

String of characters in UTF-8 format.

Example: proto=http.

Available from: SNS v1.0.0.

Affected logs: l_alarm, l_connection, l_filter, l_ftp, l_plugin, l_pvm, l_sandboxing, l_pop3, l_smtp, l_ssl and l_web, l_routing.

Protocol

Pvm

All indicators regarding vulnerability management:

  • Total number of vulnerabilities detected,
  • Number of vulnerabilities that can be exploited remotely,
  • Number of vulnerabilities requiring the installation of a server on the vulnerable host in order to be exploited,
  • Number of vulnerabilities classified as critical,
  • Number of vulnerabilities classified as minor,
  • Number of vulnerabilities classified as major,
  • Number of vulnerabilities that have a bug fix,
  • Total amount of information (all levels),
  • Amount of minor data,
  • Amount of major data,
  • Number of hosts for which PVM has gathered information,

Format: 11 numeric values separated by commas. Example: “0,0,0,0,0,0,0,2,0,0,2”.

Example: Pvm=1804,1588,1471,38,685,1119,1730,817,0,817,561.

Affected logs: l_monitor.

PvmFacts

Number of events sent by IPS to the vulnerability management process.

Example: PvmFacts=0.

Affected logs: l_filterstat.

PvmOverflow

Number of events intended for the vulnerability management process that were ignored by IPS.

Example: PvmOverflow=1.

Affected logs: l_filterstat.