Fields specific to the "l_ssl" log
The fields described below appear in the web administration interface of the firewall under the Monitoring > Logs - Audit logs module, in the views: All logs and Network traffic.
user |
ID of the user (when the authentication phase has ended). String of characters in UTF-8 format. Example: “John.smith” May be displayed anonymously depending on the administrator's access privileges. Available from: SNS v1.0.0. |
User |
|
msg |
Message associated with the action performed. String of characters in UTF-8 format. Example: "Connection not deciphered (rule matches: Nodecrypt)" |
Message | |
cat_site |
Category (URL filtering) of the website visited. String of characters in UTF-8 format. Example: “{bank}”, “{news}”, etc. Available from: SNS v1.0.0. |
Category | |
arg |
Additional information regarding the SSL negotiation Example: "Subject%... Issuer%... " |
Argument |
|
domain |
Authentication method used or LDAP directory of the user authenticated by the firewall. String of characters in UTF-8 format. Example: domain="documentation.stormshield.eu" Available from: SNS v3.0.0. |
Method or directory | |
dstcontinent |
Continent to which the destination IP address of the connection belongs. Value: continent's ISO code Example: dstcontinent="eu" Available from: SNS v3.0.0. |
Destination continent | |
dstcountry |
Country to which the destination IP address of the connection belongs. Format: country's ISO code Example: dstcountry="fr" Available from: SNS v3.0.0. |
Destination country | |
dsthostrep |
Reputation of the connection's target host. Available only if reputation management has been enabled for the relevant host. Format: unrestricted integer. Example: dsthostrep=506 Available from: SNS v3.0.0. |
Destination host reputation | |
dstiprep |
Reputation of the destination IP address. Available only if this IP address is public and listed in the IP address reputation base. Value: "anonymizer", "botnet", "malware", "phishing", "tor", "scanner" or "spam". Example: dstiprep="spam" Available from: SNS v3.0.0. |
Public reputation of the destination IP address | |
srccontinent |
Continent to which the source IP address of the connection belongs. Value: continent's ISO code Example: srccontinent="eu" Available from: SNS v3.0.0. |
Source continent | |
srccountry |
Country to which the source IP address of the connection belongs. Format: country's ISO code Example: srccountry="fr" Available from: SNS v3.0.0. |
Source country | |
srchostrep |
Reputation of the connection's source host. Available only if reputation management has been enabled for the relevant host. Format: unrestricted integer. Example: srchostrep=26123 Available from: SNS v3.0.0. |
Source host reputation | |
srciprep |
Reputation of the source IP address. Available only if this IP address is public and listed in the IP address reputation base. Value: "anonymizer", "botnet", "malware", "phishing", "tor", "scanner" or "spam". Example: srciprep="anonymizer,tor" Available from: SNS v3.0.0. |
Public reputation of the source IP address | |
cnruleid
|
Number of the SSL filter rule applied. Digital format. Example: cnruleid=3 Available from: SNS v3.2.0. |
Rule |