Fields specific to the "l_smtp", "l_pop3", "l_ftp", "l_web", and "l_ssl" logs
The fields described below appear in the web administration interface of the firewall under the Monitoring > Logs - Audit logs module, in the views: All logs, Network traffic, Web and E-mails.
contentpolicy |
Number of the SSL filter policy used. String of characters in UTF-8 format. Example: "3" Available from: SNS v1.0.0. |
Policy ID | |
pri |
Set to “5” (“notice”) to ensure WELF compatibility. Available from: SNS v1.0.0. |
Priority |
|
proto |
Name of the standard service corresponding to the destination port. String of characters in UTF-8 format. Example: “smtp” Available from: SNS v1.0.0. |
Protocol |
|
src |
IP address of the source host. Decimal format. Example: ”192.168.0.1” May be displayed anonymously depending on the administrator's access privileges. Available from: SNS v1.0.0. |
Source |
|
srcport |
Source port number of the service. Example: "51166" Available from: SNS v1.0.0. |
Source port |
|
srcportname |
“Source” port name if it is known. String of characters in UTF-8 format. Example: “ephemeral_fw_tcp” Available from: SNS v1.0.0. |
Source port name |
|
srcname |
Name of the object corresponding to the source host. String of characters in UTF-8 format. Example: “client_workstation” May be displayed anonymously depending on the administrator's access privileges. Available from: SNS v1.0.0. |
Source name |
|
srcmac |
MAC address of the source host. May be displayed anonymously depending on the administrator's access privileges. |
Source MAC address |
|
modsrc |
Translated IP address of the source host. May be displayed anonymously depending on the administrator's access privileges. Decimal format. Example: ”192.168.15.1” Available from: SNS v1.0.0. |
Translated source address |
|
modsrcport |
Number of the translated TCP/UDP source port. Example: "49690" Available from: SNS v1.0.0. |
Translated source port |
|
dst |
IP address of the destination host Decimal format. Example: ”192.168.100.1” Available from: SNS v1.0.0. |
Destination |
|
dstport |
Service's destination port number. Example: "465" Available from: SNS v1.0.0. |
Destination port |
|
dstportname |
Name of the object corresponding to the destination port. String of characters in UTF-8 format. Example: "smtps " Available from: SNS v1.0.0. |
Dest. port name |
|
origdst |
Original IP address of the destination host (before translation or the application of a virtual connection). Decimal format. Example: ”192.168.200.1” Available from: SNS v1.0.0. |
Orig. destination |
|
origdstport |
Original port number of the destination TCP/UDP port (before translation or the application of a virtual connection). Example: "465" Available from: SNS v1.0.0. |
Orig. destination port |
|
sent |
Volume of application data sent (bytes). Example: "26657" Available from: SNS v1.0.0. |
Sent Example: "26 KB" |
|
rcvd |
Volume of application data received (bytes). Example: "26657" Available from: SNS v1.0.0. |
Received Example: "26 KB" |
|
duration |
Duration of the connection in seconds. Example: "0.5" |
Duration Example: “500 ms” |
|
action |
Behavior associated with the filter rule. Values: “pass” or “block” |
Action |
|
risk |
Risk relating to the connection. This value contributes to the reputation score of the connection's source host. Value: between 1 (low risk) and 100 (very high risk). Example: risk=20 Available from: SNS v3.0.0. |
Risk | |
slotlevel |
Indicates the type of rule that activated logging. Values: “0” (implicit), “1” (global), or “2” (local). Available from: SNS v1.0.0. |
Rule level Values: “Implicit”, “Global” or “Local”. |
|
rulename |
Name of the filter rule applied Character string Example: rulename="myrule" Available from: SNS v3.2.0. |
Rule name |