17.1.3. Traffic log format

Field type

Field name

Description

Example value

CEF header

CEF:Version

CEF version.

CEF:0

Device Vendor

Product vendor.

UserGate

Device Product

Product type.

NGFW

Device Version

Product version.

7

Source

Log type.

traffic

Rule Type

Type of the rule triggered to cause the event.

firewall

Threat Level

Application threat level.

Available values: from 1 (if no application) to 10 (the set threat level multiplied by 2).

CEF [extension]

rt

Time when the event was received (in milliseconds since January 1, 1970).

1652344423822

deviceExternalId

A unique name of the device which generated the event.

utmcore@ersthetatica

suser

User name.

user_example (Unknown, if the user is unknown)

act

Action taken by the device according to the configured policies.

accept

cs1Label

Indicates that a rule was triggered.

Rule

cs1

Name of the rule triggered to cause the event.

Allow trusted to untrusted

src

Traffic source IPv4 address.

10.10.10.10

spt

Source port.

Values: 0-65535.

cs2Label

Indicates the source zone.

Source Zone

cs2

Source zone name.

Trusted

cs3Label

Indicates the source country.

Source Country

cs3

Source country name.

AE (a two-letter country code is displayed)

proto

Level 4 protocol used.

TCP or UDP

dst

IPv4 address of the traffic destination.

194.226.127.130

dpt

Destination port.

Values: 0-65535.

cs4Label

Indicates the destination zone.

Destination Zone

cs4

Destination zone name.

Untrusted

cs5Label

Indicates the destination country.

Destination Country

cs5

Destination country name.

AE (a two-letter country code is displayed)

sourceTranslatedAddress

Source address after reassignment (if NAT rules are configured).

192.168.174.134 (0.0.0.0 if not)

sourceTranslatedPort

Source port after reassignment (if NAT rules are configured).

Values: 0-65535 (0 if not)

destinationTranslatedAddress

Destination address after reassignment (if NAT rules are configured).

192.226.127.130 (0.0.0.0 if not)

destinationTranslatedPort

Destination port after reassignment (if NAT rules are configured).

Values: 0-65535 (0 if not)

in

Number of transmitted inbound bytes (data transferred from the source to the destination).

231

out

Number of transmitted outbound bytes (data transferred from the destination to the source).

40

cn1Label

Indicates the number of packets transmitted from the source to the destination.

Packets sent

cn1

Number of packets transmitted from the source to the destination.

3

cn2Label

Indicates the number of packets transmitted from the destination to the source.

Packets received

cn2

Number of packets transmitted from the destination to the source.

1