R

rcvd

Number of bytes received.
Decimal format.
Example: rcvd=23631.
Available from: v1.0.0 SNS

Affected logs: l_connection, l_filter, l_ftp, l_plugin, l_pop3, l_smtp, l_ssl and l_web.
Received
Example: "23 KB"

remote

Indicates whether the vulnerability can be exploited remotely

Values: “0” (false) or “1” (true).

Example: remote=1.

Affected logs: l_pvm.

Exploit

Values: “Local” or “Remote”.

remoteid

ID of the peer used during the negotiation of the IKE SA.
This may be an e-mail address or IP address.

Example: remoteid=10.3.0.202.

Affected logs: l_vpn.
Remote identifier

remotenet

Peer's network address.

Decimal format. Example: "192.168.53.3".

Affected logs: l_vpn and l_xvpn.
Remote network
repeat

Number of occurrences of the alarm over a given period.
Decimal format.
Example: repeat=4.
Available from: SNS v1.0.0.

Affected logs: l_alarm.
Repeat
requestmode

Value of the "Mode" field for an NTP request.
String of characters in UTF-8 format.
Example: requestmode=client.
Available from: SNS v3.8.0.

Affected logs: l_plugin.
responsemode

Value of the "Mode" field for an NTP response.
String of characters in UTF-8 format.
Example: responsemode=server.
Available from: SNS v3.8.0.

Affected logs: l_plugin.

result

Return code of the server or of a function (example: Modbus protocol).

Example: result=403.

Affected logs:

Result
risk

Risk relating to the connection. This value contributes to the reputation score of the connection's source host.
Value: between 1 (low risk) and 100 (very high risk).
Example: risk=20.
Available from: SNS v3.0.0.

Affected logs: l_alarm, l_ftp, l_pop3, l_sandboxing, l_smtp, l_ssl and l_web.
Risk
router

Name of the monitored router.
String of characters in UTF-8 format.
Example: router=routerICMP.
Available from: SNS v4.3.0.

Affected logs: l_routerstat.
rt

Name of the gateway used for the connection. Appears only if the gateway does not match the default route.
String of characters in UTF-8 format.
Example: rt="my_gateway".
Available from: SNS v4.3.0.

Affected logs: l_alarm, l_connection, l_filter and l_plugin.
rtname

Name of the router object used for the connection. Appears only if the router does not match the default route.
String of characters in UTF-8 format.
Example: rtname="my_router".
Available from: SNS v4.3.0.

Affected logs: l_alarm, l_connection, l_filter and l_plugin.

RuleX:Y

Indicates the number of bytes that have passed through the designated rule.

  • X: corresponds to a category
  • "0": implicit filter rule.
  • "1": global filter rule.
  • "2": local filter rule.
  • "3": implicit NAT rule.
  • "4": global NAT rule.
  • "5": local NAT rule.
  • Y: corresponds to the number of the rule in the active policy.

Example: "Rule2:8=1612e means that 1612 bytes have passed through the 8th local filter rule in the active policy.

Affected logs: l_count.

ruleid

Number of the filter rule or authentication rule (l_auth log) applied.

Example: ruleid=4.

Available from: SNS v1.0.0.

Affected logs: l_alarm, l_auth, l_connection, l_filter, l_plugin, l_pop3, l_smtp, l_ssl and l_web.

Rule
rulename

Name of the filter rule applied.

Character string.

Example: rulename="myrule".

Available from: SNS v3.2.0.

Affected logs: l_pop3, l_smtp, l_ssl, l_web and l_ftp.
Rule name
ruletype

Type of IPsec rule used.
Character string.
Values: "mobile", "gateway".
Example: ruletype=mobile.
Available from: SNS v4.2.

Affected logs: l_vpn.