P
phase
|
Number of the IPSec VPN tunnel negotiation phase. Values: “0” (no phase), “1” (phase 1) or “2” (phase 2). Example: phase=1. Affected logs: l_vpn. |
Phase |
|
pktdump |
Network packet captured and encoded in hexadecimal for deeper analysis by a third-party tool. Affected logs: l_alarm. |
Captured packet | |
pktdumplen |
Size of the packet captured for deeper analysis by a third-party tool. This value may differ from the value of the “pktlen” field. Affected logs: l_alarm. |
Size of the packet captured | |
pktlen |
Size of the network packet that activated the alarm (in bytes). Affected logs: l_alarm. |
Packet size | |
port |
Port number (entered only if a vulnerability has been detected). Example: port=22. Affected logs: l_pvm. |
Source port |
|
portname |
Standard service corresponding to the port number (entered only if a vulnerability has been detected). String of characters in UTF-8 format. Example: “ssh”. Affected logs: l_pvm. |
Source port name |
|
ppkid |
Identifier of the post-quantum pre-shared key (ppk) used to establish the IPsec tunnel. String of characters in UTF-8 format. Example: « identifier_of_the_ppk_used ». Affected logs: l_vpn. |
pri |
Represents the alarm level. Set to “5” (“notice”) to ensure WELF compatibility in the following logs: l_smtp, l_pop3, l_ftp, l_web, l_ssl, l_system and l_vpn. Possible values: "1" ("alert") or "4" ("warning") in the l_pvm log. Example: pri=1. Available from: SNS v1.0.0. Affected logs: l_alarm, l_connection, l_filter, l_ftp, l_plugin, l_pvm, l_pop3, l_smtp, l_ssl, l_system, l_vpn and l_web, l_routing. |
Priority |
|
product |
Product on which the vulnerability was detected. String of characters in UTF-8 format. Example: product="JRE_1.6.0_27". Affected logs: l_pvm. |
Product |
|
proto |
Name of the standard service corresponding to the destination port. String of characters in UTF-8 format. Example: proto=http. Available from: SNS v1.0.0. Affected logs: l_alarm, l_connection, l_filter, l_ftp, l_plugin, l_pvm, l_sandboxing, l_pop3, l_smtp, l_ssl and l_web, l_routing. |
Protocol |
|
Pvm |
All indicators regarding vulnerability management:
Format: 11 numeric values separated by commas. Example: “0,0,0,0,0,0,0,2,0,0,2”. Example: Pvm=1804,1588,1471,38,685,1119,1730,817,0,817,561. Affected logs: l_monitor. |
PvmFacts |
Number of events sent by IPS to the vulnerability management process. Example: PvmFacts=0. Affected logs: l_filterstat. |
PvmOverflow |
Number of events intended for the vulnerability management process that were ignored by IPS. Example: PvmOverflow=1. Affected logs: l_filterstat. |