Fields specific to the "l_ssl" log
The fields described below appear in the web administration interface of the firewall under the Monitoring > Logs - Audit logs module, in the views: All logs and Network traffic.
| user |
ID of the user (when the authentication phase has ended). String of characters in UTF-8 format. Example: “John.smith” May be displayed anonymously depending on the administrator's access privileges. Available from: SNS v1.0.0. |
|
User |
|
| msg |
Message associated with the action performed. String of characters in UTF-8 format. Example: "Connection not deciphered (rule matches: Nodecrypt)" |
| Message | |
|
cat_site |
Category (URL filtering) of the website visited. String of characters in UTF-8 format. Example: “{bank}”, “{news}”, etc. Available from: SNS v1.0.0. |
| Category | |
| arg |
Additional information regarding the SSL negotiation Example: "Subject%... Issuer%... " |
|
Argument |
|
| domain |
Authentication method used or LDAP directory of the user authenticated by the firewall. String of characters in UTF-8 format. Example: domain="documentation.stormshield.eu" Available from: SNS v3.0.0. |
| Method or directory | |
| dstcontinent |
Continent to which the destination IP address of the connection belongs. Value: continent's ISO code Example: dstcontinent="eu" Available from: SNS v3.0.0. |
| Destination continent | |
| dstcountry |
Country to which the destination IP address of the connection belongs. Format: country's ISO code Example: dstcountry="fr" Available from: SNS v3.0.0. |
| Destination country | |
| dsthostrep |
Reputation of the connection's target host. Available only if reputation management has been enabled for the relevant host. Format: unrestricted integer. Example: dsthostrep=506 Available from: SNS v3.0.0. |
| Destination host reputation | |
| dstiprep |
Reputation of the destination IP address. Available only if this IP address is public and listed in the IP address reputation base. Value: "anonymizer", "botnet", "malware", "phishing", "tor", "scanner" or "spam". Example: dstiprep="spam" Available from: SNS v3.0.0. |
| Public reputation of the destination IP address | |
| srccontinent |
Continent to which the source IP address of the connection belongs. Value: continent's ISO code Example: srccontinent="eu" Available from: SNS v3.0.0. |
| Source continent | |
| srccountry |
Country to which the source IP address of the connection belongs. Format: country's ISO code Example: srccountry="fr" Available from: SNS v3.0.0. |
| Source country | |
| srchostrep |
Reputation of the connection's source host. Available only if reputation management has been enabled for the relevant host. Format: unrestricted integer. Example: srchostrep=26123 Available from: SNS v3.0.0. |
| Source host reputation | |
| srciprep |
Reputation of the source IP address. Available only if this IP address is public and listed in the IP address reputation base. Value: "anonymizer", "botnet", "malware", "phishing", "tor", "scanner" or "spam". Example: srciprep="anonymizer,tor" Available from: SNS v3.0.0. |
| Public reputation of the source IP address | |
| cnruleid
|
Number of the SSL filter rule applied. Digital format. Example: cnruleid=3 Available from: SNS v3.2.0. |
| Rule |