Log Formats

Table C–3: Firewall Block Log Format (Continued)

 

 

 

Field Name

Sub-Field Name

Description

 

 

 

 

 

 

Message

Destination IP

The destination IP address and port for the session.

(cont.)

 

This represents the “target” of the session. Format is

 

 

ddd.ddd.ddd.ddd:port.

 

 

 

 

Packets Delta

Not used.

 

 

 

 

Mphy

Ingress Port Number.

 

 

 

 

Vlan

Ingress VLAN. Normally used to identify the Security

 

 

Zone.

 

 

 

 

Source Zone UUID

The UUID for the zone on which the source IP address

 

 

appears.

 

 

 

 

Source Zone Name

The zone on which the source IP address appears.

 

 

 

 

Destination Zone UUID

The UUID for the zone on which the destination IP

 

 

address appears.

 

 

 

 

Destination Zone Name

The zone on which the destination IP address appears.

 

 

 

 

Start time Secs

Unused by Firewall. UDM Log Aggregation.

 

 

 

 

Start time Nanosecs

Unused by Firewall. UDM Log Aggregation.

 

 

 

 

Period

Unused by Firewall. UDM Log Aggregation.

 

 

 

 

Message Params

The Message Params are further delimited as using the

 

 

‘’ character as follows:

 

 

FirewallRuleId: The customer visible firewall rule id

 

 

that matched (allowed) the session to go through. By

 

 

definition this is a Permit rule. This should match the

 

 

Policy UUID.

 

 

Category: For web requests that were filtered by the

 

 

Web Filter Subscription Service, the category that the

 

 

URL field was matched to.

 

 

URLInfo: For web requests, this is the extra

 

 

information from web filter engine for block

 

 

decision.

 

 

URL For web requests, the target URL. This field is

 

 

filled in regardless of whether the request was filtered

 

 

by the Web Filter Subscription Service.

 

 

When the Log is being saved through the LSM, the

 

 

fields in Message Params are exported with tab

 

 

separation (blanks for unused fields) to allow easy

 

 

import into Excel.

 

 

 

 

Packet trace flag

Packet trace not supported by Firewall.

 

 

 

X Family LSM User’s Guide V 2.5.1

297