Fields specific to the “l_filter”, “l_alarm”, “ l_connection” and “l_plugin” logs
The fields described below appear in the web administration interface of the firewall under the Monitoring > Logs - Audit logs module, in the views: All logs, Network traffic, Filtering, Alarms, Web, E-mails and System events.
|
pri |
Represents the alarm level. Values (cannot be customized): "0 " (emergency), "1 " (alert), "2 " (critical), "3 " (error), "4 " (warning), "5 " (notice), "6 " (information) or "7 " (debug). Available from: SNS v1.0.0. |
|
Priority |
|
|
confid |
Index of the security inspection profile used. Value from “0” to “9”. Available from: SNS v1.0.0. |
|
Config |
|
|
slotlevel |
Indicates the type of rule that activated logging. Values: “0” (implicit), “1” (global), or “2” (local). Available from: SNS v1.0.0. |
|
Rule level Values: “Implicit”, “Global” or “Local”. |
|
|
ruleid |
Number of the filter rule applied. Example: “1”, “2” … Available from: SNS v1.0.0. |
|
Rule |
|
|
srcif |
Internal name of the interface at the source of the traffic. String of characters in UTF-8 format. Example: “Ethernet0” Available from: SNS v1.0.0. |
|
Source interf. (ID) |
|
|
srcifname |
Name of the object representing the interface at the source of the traffic. String of characters in UTF-8 format. Example: “out” Available from: SNS v1.0.0. |
|
Source interf. |
|
|
srcmac |
MAC address of the source host. May be displayed anonymously depending on the administrator's access privileges. Available from: SNS v1.0.0. |
|
Source MAC address |
|
|
ipproto |
Name of the protocol above IP (transport layer). String of characters in UTF-8 format. Example: “tcp” Available from: SNS v1.0.0. |
|
Internet Protocol |
|
|
ipv |
Version of the IP protocol used in the traffic Values: “4”, “6”… Available from: SNS v1.0.0. |
|
IP version |
|
|
proto |
Name of the associated plugin. If this is not available, the name of the standard service corresponding to the destination port. String of characters in UTF-8 format. Example: “http”, “ssh” Available from: SNS v1.0.0. |
|
Protocol |
|
|
src |
IP address of the source host. Decimal format. Example: ”192.168.0.1” May be displayed anonymously depending on the administrator's access privileges. Available from: SNS v1.0.0. |
|
Source |
|
|
srcport |
Source TCP/UDP port number. Example: "49753" Available from: SNS v1.0.0. |
|
Source port |
|
|
srcportname |
“Source” port name if it is known. String of characters in UTF-8 format. Example: “http”, “ephemeral_fw_tcp”… Available from: SNS v1.0.0. |
|
Source port name |
|
|
srcname |
Name of the object corresponding to the source host. String of characters in UTF-8 format. Example: “client_workstation” May be displayed anonymously depending on the administrator's access privileges. Available from: SNS v1.0.0. |
|
Source name |
|
|
modsrc |
Translated IP address of the source host. May be displayed anonymously depending on the administrator's access privileges. Decimal format. Example: ”192.168.0.1” Available from: SNS v1.0.0. |
|
Translated source address |
|
|
modsrcport |
Translated TCP/UDP source port number. Example: "80" Available from: SNS v1.0.0. |
|
Translated source port |
|
|
dst |
IP address of the destination host Decimal format. Example: ”192.168.0.2” Available from: SNS v1.0.0. |
|
Destination |
|
|
dstport |
Destination TCP/UDP port number. Example: "22" Available from: SNS v1.0.0. |
|
Destination port |
|
|
dstportname |
Name of the object corresponding to the destination port. String of characters in UTF-8 format. Example: “ssh” Available from: SNS v1.0.0. |
|
Dest. port name |
|
|
dstname |
Name of the object corresponding to the IP address of the destination host. String of characters in UTF-8 format. Example: “intranet_server” Available from: SNS v1.0.0. |
|
Destination name |
|
|
origdst |
Original IP address of the destination host (before translation or the application of a virtual connection). Decimal format. Example: ”192.168.0.1” Available from: SNS v1.0.0. |
|
Orig. destination |
|
|
origdstport |
Original port number of the destination TCP/UDP port (before translation or the application of a virtual connection). Example: "80" Available from: SNS v1.0.0. |
|
Orig. destination port |
|
|
dstif |
Name of the destination interface. String of characters in UTF-8 format. Example: “Ethernet 1” Available from: SNS v1.0.0. |
|
Dest. interf. (ID) |
|
|
dstifname |
Name of the object representing the traffic’s destination interface. String of characters in UTF-8 format. Example: “dmz1” Available from: SNS v1.0.0. |
|
Dest. interf. |
|
|
user |
User authenticated by the firewall. String of characters in UTF-8 format. Example: “John.smith” May be displayed anonymously depending on the administrator's access privileges. Available from: SNS v1.0.0. |
|
User |
|
| dstcontinent |
Continent to which the destination IP address of the connection belongs. Value: continent's ISO code Example: dstcontinent="eu" Available from: SNS v3.0.0. |
| Destination continent | |
| dstcountry |
Country to which the destination IP address of the connection belongs. Format: country's ISO code Example: dstcountry="fr" Available from: SNS v3.0.0. |
| Destination country | |
| dsthostrep |
Reputation of the connection's target hosts Available only if reputation management has been enabled for the relevant hosts. Format: unrestricted integer. Example: dsthostrep=506 Available from: SNS v3.0.0. |
| Destination host reputation | |
| dstiprep |
Reputation of the destination IP address. Available only if this IP address is public and listed in the IP address reputation base. Value: "anonymizer", "botnet", "malware", "phishing", "tor", "scanner" or "spam". Example: dstiprep="spam" Available from: SNS v3.0.0. |
| Public reputation of the destination IP address | |
| srccontinent |
Continent to which the source IP address of the connection belongs. Value: continent's ISO code Example: srccontinent="eu" Available from: SNS v3.0.0. |
| Source continent | |
| srccountry |
Country to which the source IP address of the connection belongs. Format: country's ISO code Example: srccountry="fr" Available from: SNS v3.0.0. |
| Source country | |
| srchostrep |
Reputation of the connection's source hosts. Available only if reputation management has been enabled for the relevant hosts. Format: unrestricted integer. Example: srchostrep=26123 Available from: SNS v3.0.0. |
| Source host reputation | |
| srciprep |
Reputation of the source IP address. Available only if this IP address is public and listed in the IP address reputation base. Value: "anonymizer", "botnet", "malware", "phishing", "tor", "scanner" or "spam". Example: srciprep="anonymizer,tor" Available from: SNS v3.0.0. |
| Public reputation of the source IP address | |
| dstmac |
MAC address of the destination host. Format: Hexadecimal values separated by ":". Example: dstmac=00:25:90:01:ce:e7 Available from: SNS v4.0.0. |
| Destination MAC address | |
| etherproto |
Type of Ethernet protocol. Format: String of characters in UTF-8 format. Example: etherproto="profinet-rt" Available from: SNS v4.0.0. |
| Ethernet protocol | |
| rt |
Name of the gateway used for the connection. Present only if the gateway does not match the default route. String of characters in UTF-8 format. Example: "my_gateway" |
| rtname |
Name of the router object used for the connection. Present only if the router does not match the default route. String of characters in UTF-8 format. Example: "my_gateway" |