Fields specific to the “l_filterstat” log
|
SavedEvaluation |
Number of rule evaluations that did not use intrusion prevention technology. |
|
DynamicMem |
Percentage of the ASQ’s dynamic memory in use. Value from “0” to “100”. |
|
HostMem |
Percentage of memory allocated to a host processed by the Firewall. Value from “0” to “100”. |
|
FragMem |
Percentage of memory allocated to the treatment of fragmented packets. Value from “0” to “100”. |
|
ICMPMem |
Percentage of memory allocated to ICMP. Value from “0” to “100”. |
|
ConnMem |
Percentage of memory allocated to connections. Value from “0” to “100”. |
|
DtrackMem |
Percentage of memory used for data tracking (TCP/UDP packets). Value from “0” to “100”. |
| IPStateMem | Percentage of memory allocated to processing pseudo-connections relating to protocols other than TCP, UDP or ICMP (e.g.: GRE) that have passed through the firewall. |
| IPStateConn | Number of active pseudo-connections relating to protocols other than TCP, UDP or ICMP (e.g.: GRE). |
| IPStateConnNatDst | Number of active pseudo-connections with address translation on the destination. |
| IPStateConnNatSrc | Number of active pseudo-connections with address translation on the source. |
| IPStateConnNoNatDst | Number of active pseudo-connections that explicitly include "No NAT" instructions on the destination. |
| IPStateConnNoNatSrc | Number of active pseudo-connections that explicitly include "No NAT" instructions on the source. |
| IPStatePacket | Number of network packets originating from protocols other than TCP, UDP or ICMP (e.g.: GRE) that have passed through the firewall. |
| IPStateByte | Number of bytes exchanged for pseudo-connections. This value includes incoming and outgoing bytes. |
|
Logged |
Number of log lines generated by the intrusion prevention engine. |
|
LogOverflow |
Number of log lines that could not be generated by the intrusion prevention engine. |
|
PvmFacts |
Number of events sent by ASQ to the vulnerability management process. |
|
PvmOverflow |
Number of events intended for the vulnerability management process that were ignored by ASQ. |
|
Accepted |
Number of packets corresponding to the application of “Pass” rules. Example: Accepted=2430. |
|
Blocked |
Number of packets corresponding to the application of “Block” rules. Example: Blocked=1254. |
|
Byte(i/o) |
Number of bytes (incoming/outgoing) that have passed through the Firewall. Example: Byte (i/o)=527894/528486. |
|
Fragmented |
Number of fragmented packets that have passed through the Firewall. |
|
TCPPacket |
Number of TCP packets that have passed through the Firewall. |
|
TCPByte(i/o) |
Number of TCP bytes (incoming/outgoing) that have passed through the firewall. Example: TCPByte (i/o)=527894/528486. |
|
TCPConn |
Number of TCP connections that have passed through the Firewall. |
|
TCPConnNatSrc |
Number of TCP connections with a translated source. |
|
TCPConnNatDst |
Number of TCP connections with a translated destination. |
|
UDPPacket |
Number of UDP packets that have passed through the Firewall. |
|
UDPByte(i/o) |
Number of UDP bytes (incoming/outgoing) that have passed through the Firewall. Example: “527894/528486” |
|
UDPConn |
Number of UDP connections that have passed through the Firewall. |
|
UDPConnNatSrc |
Number of UDP connections with a translated source. |
|
UDPConnNatDst |
Number of UDP connections with a translated destination. |
|
ICMPPacket |
Number of ICMP packets that have passed through the Firewall. |
|
ICMPByte(i/o) |
Number of ICMP bytes (incoming/outgoing) that have passed through the Firewall. Example: ICMPByte(i/o) =527894/528486 |
| HostrepScore |
Average reputation score of monitored hosts. Value: decimal integer between 0 and 65535. Example: HostrepScore=1234 Available from: SNS v3.0.0. |
| HostrepMax |
Highest reputation score of monitored hosts. Value: decimal integer between 0 and 65535. Example: HostrepMax=6540 Available from: SNS v3.0.0. |
| HostrepRequests |
Number of reputation score requests submitted. Value: unrestricted decimal integer. Example: HostrepRequests=445 Available from: SNS v3.0.0. |
| SCTPAssocPacket |
Number of packets exchanged for an SCTP association. Digital format. Example: SCTPAssocPacket=128 Available from: SNS v3.9.0. |
| SCTPAssocByte(i/o) |
Number of bytes (incoming/outgoing) that have passed through the firewall for an SCTP association. Digital format. Example: SCTPAssocByte(i/o)=9728/9576. Available from: SNS v3.9.0. |
| SCTPAssoc |
Number of SCTP associations. Digital format. Example: SCTPAssoc=2. Available from: SNS v3.9.0. |
| EtherStatePacket |
Number of packets for Ethernet traffic without IP layer. Digital format. Example: EtherStatePacket=128 Available from: SNS v4.0.0. |
| EtherStateByte(i/o) |
Number of bytes (incoming/outgoing) for Ethernet traffic without IP layer. Digital format. Example: EtherStateByte(i/o)=9728/9576 Available from: SNS v4.0.0. |
| EtherStateConn |
Number of stateful statuses for Ethernet exchanges without IP layer. Digital format. Example: EtherStateConn=0 Available from: SNS v4.0.0. |
| TLSCertCacheEntriesNb |
Number of entries currently in the TLS certificate cache. Digital format. Example: TLSCertCacheEntriesNb=3456 Available from: SNS v4.3.0 |
| TLSCertCacheLookup(miss/total) |
Number of lookups missed/performed in the TLS certificate cache. Digital format. Example: TLSCertCacheLookup(miss/total)=128/136 Available from: SNS v4.3.0 |
| TLSCertCacheInsert |
Number of entries inserted in the TLS certificate cache. Digital format. Example: TLSCertCacheInsert=789 Available from: SNS v4.3.0 |
| TLSCertCacheFlushOp |
Number of "flush" operations (manual deletion of entries, or after reloading signatures) performed on the TLS certificate cache. Digital format. Example: TLSCertCacheFlushOp=7 Available from: SNS v4.3.0 |
| TLSCertCachePurgeOp |
Number of "purge" operations (automatic deletion of a percentage of entries when the cache reaches full capacity) performed on the TLS certificate cache. Digital format. Example: TLSCertCachePurgeOp=4 Available from: SNS v4.3.0 |
| TLSCertCacheFlushedNb |
Number of entries deleted from the TLS certificate cache after a "flush” operation. Digital format. Example: TLSCertCacheFlushedNb=123 Available from: SNS v4.3.0 |
| TLSCertCachePurgedNb |
Number of entries deleted from the TLS certificate cache after a "purge” operation. Digital format. Example: TLSCertCachePurgedNb=456 Available from: SNS v4.3.0 |
| TLSCertCacheExpiredNb |
Number of entries deleted from the TLS certificate cache after a TTL expired. Digital format. Example: TLSCertCacheExpiredNb=789 Available from: SNS v4.3.0 |