Fields specific to the “l_filterstat” log
SavedEvaluation |
Number of rule evaluations that did not use intrusion prevention technology. |
DynamicMem |
Percentage of the ASQ’s dynamic memory in use. Value from “0” to “100”. |
HostMem |
Percentage of memory allocated to a host processed by the Firewall. Value from “0” to “100”. |
FragMem |
Percentage of memory allocated to the treatment of fragmented packets. Value from “0” to “100”. |
ICMPMem |
Percentage of memory allocated to ICMP. Value from “0” to “100”. |
ConnMem |
Percentage of memory allocated to connections. Value from “0” to “100”. |
DtrackMem |
Percentage of memory used for data tracking (TCP/UDP packets). Value from “0” to “100”. |
IPStateMem | Percentage of memory allocated to processing pseudo-connections relating to protocols other than TCP, UDP or ICMP (e.g.: GRE) that have passed through the firewall. |
IPStateConn | Number of active pseudo-connections relating to protocols other than TCP, UDP or ICMP (e.g.: GRE). |
IPStateConnNatDst | Number of active pseudo-connections with address translation on the destination. |
IPStateConnNatSrc | Number of active pseudo-connections with address translation on the source. |
IPStateConnNoNatDst | Number of active pseudo-connections that explicitly include "No NAT" instructions on the destination. |
IPStateConnNoNatSrc | Number of active pseudo-connections that explicitly include "No NAT" instructions on the source. |
IPStatePacket | Number of network packets originating from protocols other than TCP, UDP or ICMP (e.g.: GRE) that have passed through the firewall. |
IPStateByte | Number of bytes exchanged for pseudo-connections. This value includes incoming and outgoing bytes. |
Logged |
Number of log lines generated by the intrusion prevention engine. |
LogOverflow |
Number of log lines that could not be generated by the intrusion prevention engine. |
PvmFacts |
Number of events sent by ASQ to the vulnerability management process. |
PvmOverflow |
Number of events intended for the vulnerability management process that were ignored by ASQ. |
Accepted |
Number of packets corresponding to the application of “Pass” rules. Example: Accepted=2430. |
Blocked |
Number of packets corresponding to the application of “Block” rules. Example: Blocked=1254. |
Byte(i/o) |
Number of bytes (incoming/outgoing) that have passed through the Firewall. Example: Byte (i/o)=527894/528486. |
Fragmented |
Number of fragmented packets that have passed through the Firewall. |
TCPPacket |
Number of TCP packets that have passed through the Firewall. |
TCPByte(i/o) |
Number of TCP bytes (incoming/outgoing) that have passed through the firewall. Example: TCPByte (i/o)=527894/528486. |
TCPConn |
Number of TCP connections that have passed through the Firewall. |
TCPConnNatSrc |
Number of TCP connections with a translated source. |
TCPConnNatDst |
Number of TCP connections with a translated destination. |
UDPPacket |
Number of UDP packets that have passed through the Firewall. |
UDPByte(i/o) |
Number of UDP bytes (incoming/outgoing) that have passed through the Firewall. Example: “527894/528486” |
UDPConn |
Number of UDP connections that have passed through the Firewall. |
UDPConnNatSrc |
Number of UDP connections with a translated source. |
UDPConnNatDst |
Number of UDP connections with a translated destination. |
ICMPPacket |
Number of ICMP packets that have passed through the Firewall. |
ICMPByte(i/o) |
Number of ICMP bytes (incoming/outgoing) that have passed through the Firewall. Example: ICMPByte(i/o) =527894/528486 |
HostrepScore |
Average reputation score of monitored hosts. Value: decimal integer between 0 and 65535. Example: HostrepScore=1234 Available from: SNS v3.0.0. |
HostrepMax |
Highest reputation score of monitored hosts. Value: decimal integer between 0 and 65535. Example: HostrepMax=6540 Available from: SNS v3.0.0. |
HostrepRequests |
Number of reputation score requests submitted. Value: unrestricted decimal integer. Example: HostrepRequests=445 Available from: SNS v3.0.0. |
SCTPAssocPacket |
Number of packets exchanged for an SCTP association. Digital format. Example: SCTPAssocPacket=128 Available from: SNS v3.9.0. |
SCTPAssocByte(i/o) |
Number of bytes (incoming/outgoing) that have passed through the firewall for an SCTP association. Digital format. Example: SCTPAssocByte(i/o)=9728/9576. Available from: SNS v3.9.0. |
SCTPAssoc |
Number of SCTP associations. Digital format. Example: SCTPAssoc=2. Available from: SNS v3.9.0. |
EtherStatePacket |
Number of packets for Ethernet traffic without IP layer. Digital format. Example: EtherStatePacket=128 Available from: SNS v4.0.0. |
EtherStateByte(i/o) |
Number of bytes (incoming/outgoing) for Ethernet traffic without IP layer. Digital format. Example: EtherStateByte(i/o)=9728/9576 Available from: SNS v4.0.0. |
EtherStateConn |
Number of stateful statuses for Ethernet exchanges without IP layer. Digital format. Example: EtherStateConn=0 Available from: SNS v4.0.0. |
TLSCertCacheEntriesNb |
Number of entries currently in the TLS certificate cache. Digital format. Example: TLSCertCacheEntriesNb=3456 Available from: SNS v4.3.0 |
TLSCertCacheLookup(miss/total) |
Number of lookups missed/performed in the TLS certificate cache. Digital format. Example: TLSCertCacheLookup(miss/total)=128/136 Available from: SNS v4.3.0 |
TLSCertCacheInsert |
Number of entries inserted in the TLS certificate cache. Digital format. Example: TLSCertCacheInsert=789 Available from: SNS v4.3.0 |
TLSCertCacheFlushOp |
Number of "flush" operations (manual deletion of entries, or after reloading signatures) performed on the TLS certificate cache. Digital format. Example: TLSCertCacheFlushOp=7 Available from: SNS v4.3.0 |
TLSCertCachePurgeOp |
Number of "purge" operations (automatic deletion of a percentage of entries when the cache reaches full capacity) performed on the TLS certificate cache. Digital format. Example: TLSCertCachePurgeOp=4 Available from: SNS v4.3.0 |
TLSCertCacheFlushedNb |
Number of entries deleted from the TLS certificate cache after a "flush” operation. Digital format. Example: TLSCertCacheFlushedNb=123 Available from: SNS v4.3.0 |
TLSCertCachePurgedNb |
Number of entries deleted from the TLS certificate cache after a "purge” operation. Digital format. Example: TLSCertCachePurgedNb=456 Available from: SNS v4.3.0 |
TLSCertCacheExpiredNb |
Number of entries deleted from the TLS certificate cache after a TTL expired. Digital format. Example: TLSCertCacheExpiredNb=789 Available from: SNS v4.3.0 |