Fields specific to the "l_smtp", "l_pop3", "l_ftp", "l_web", and "l_ssl" logs
The fields described below appear in the web administration interface of the firewall under the Monitoring > Logs - Audit logs module, in the views: All logs, Network traffic, Web and E-mails.
| contentpolicy |
Number of the SSL filter policy used. String of characters in UTF-8 format. Example: "3" Available from: SNS v1.0.0. |
| Policy ID | |
|
pri |
Set to “5” (“notice”) to ensure WELF compatibility. Available from: SNS v1.0.0. |
|
Priority |
|
|
proto |
Name of the standard service corresponding to the destination port. String of characters in UTF-8 format. Example: “smtp” Available from: SNS v1.0.0. |
|
Protocol |
|
|
src |
IP address of the source host. Decimal format. Example: ”192.168.0.1” May be displayed anonymously depending on the administrator's access privileges. Available from: SNS v1.0.0. |
|
Source |
|
|
srcport |
Source port number of the service. Example: "51166" Available from: SNS v1.0.0. |
|
Source port |
|
|
srcportname |
“Source” port name if it is known. String of characters in UTF-8 format. Example: “ephemeral_fw_tcp” Available from: SNS v1.0.0. |
|
Source port name |
|
|
srcname |
Name of the object corresponding to the source host. String of characters in UTF-8 format. Example: “client_workstation” May be displayed anonymously depending on the administrator's access privileges. Available from: SNS v1.0.0. |
|
Source name |
|
|
srcmac |
MAC address of the source host. May be displayed anonymously depending on the administrator's access privileges. |
|
Source MAC address |
|
|
modsrc |
Translated IP address of the source host. May be displayed anonymously depending on the administrator's access privileges. Decimal format. Example: ”192.168.15.1” Available from: SNS v1.0.0. |
|
Translated source address |
|
|
modsrcport |
Number of the translated TCP/UDP source port. Example: "49690" Available from: SNS v1.0.0. |
|
Translated source port |
|
|
dst |
IP address of the destination host Decimal format. Example: ”192.168.100.1” Available from: SNS v1.0.0. |
|
Destination |
|
|
dstport |
Service's destination port number. Example: "465" Available from: SNS v1.0.0. |
|
Destination port |
|
|
dstportname |
Name of the object corresponding to the destination port. String of characters in UTF-8 format. Example: "smtps " Available from: SNS v1.0.0. |
|
Dest. port name |
|
|
origdst |
Original IP address of the destination host (before translation or the application of a virtual connection). Decimal format. Example: ”192.168.200.1” Available from: SNS v1.0.0. |
|
Orig. destination |
|
|
origdstport |
Original port number of the destination TCP/UDP port (before translation or the application of a virtual connection). Example: "465" Available from: SNS v1.0.0. |
|
Orig. destination port |
|
|
sent |
Volume of application data sent (bytes). Example: "26657" Available from: SNS v1.0.0. |
|
Sent Example: "26 KB" |
|
|
rcvd |
Volume of application data received (bytes). Example: "26657" Available from: SNS v1.0.0. |
|
Received Example: "26 KB" |
|
|
duration |
Duration of the connection in seconds. Example: "0.5" |
|
Duration Example: “500 ms” |
|
|
action |
Behavior associated with the filter rule. Values: “pass” or “block” |
|
Action |
|
| risk |
Risk relating to the connection. This value contributes to the reputation score of the connection's source host. Value: between 1 (low risk) and 100 (very high risk). Example: risk=20 Available from: SNS v3.0.0. |
| Risk | |
|
slotlevel |
Indicates the type of rule that activated logging. Values: “0” (implicit), “1” (global), or “2” (local). Available from: SNS v1.0.0. |
|
Rule level Values: “Implicit”, “Global” or “Local”. |
|
| rulename |
Name of the filter rule applied Character string Example: rulename="myrule" Available from: SNS v3.2.0. |
| Rule name |