Log Formats

Table C–4: Firewall Session Log Format (Continued)

 

 

Field Name

Description

 

 

 

 

DstIP

The destination IP address and port for the session. This represents

 

the “target’ of the session. Format is ddd.ddd.ddd.ddd:port.

 

 

Protocol Number

 

 

 

Protocol

<protocol name>(<protocol number>)

Source Zone UUID

The UUID for the zone on which the source IP address appears.

 

 

Source Zone Name

The zone on which the source IP address appears.

 

 

Destination Zone UUID

The UUID for the zone on which the destination IP address appears.

 

 

Destination Zone Name

The zone on which the destination IP address appears.

 

 

Firewall Rule ID

The firewall rule id that matched (allowed) the session to go through.

 

By definition this is a Permit rule.

 

 

Category

For Web requests that were filtered by the Web Filter Subscription

 

Service: the category to which the URL field was matched.

 

 

URL

For Web requests: the target URL. This field is populated regardless of

 

whether the request was filtered by the Web Filter Subscription

 

Service.

 

 

Session Duration(s)

For Session End Events only: this field contains the duration of the

 

session from its start time in DD:HH:MM.SS format.

 

 

Bytes

For Session End Events only: this field contains the number of bytes

 

transferred during the session.

 

 

Message

The message text associated with the event.

 

 

VPN Log Format

An example of a comma-delimited VPN Log entry follows:

17,2006-10-05 17:12:31,INFO,VPN,"152.67.137.49:500 10.171.2.254:500 Responder started IKE phase 1, main mode"

The following table describes the downloadable format of the VPN Log:

Table C–5: VPN Log Format

Field Name

Description

 

 

 

 

Seq

Unique sequence number for this log file.

 

 

Entry_time

Date and time of event. YYYY-MM-DD 24H:MI:SS

 

 

X Family LSM User’s Guide V 2.5.1

299