UserID log format

Field type

Field name

Description

Example value

CEF header

CEF:Version

CEF version.

CEF:0

Device Vendor

Product vendor.

UserGate

Device Product

Product type.

NGFW

Device Version

Product version.

7

Source

Log name.

userid

Name

Source type.

log

Threat Level

Product version.

Available values: from 1 to 10 (the set threat level multiplied by 2).

CEF [extension]

rt

Time when the event was received (in milliseconds since January 1, 1970).

1701085036026

deviceExternalId

The name of the device that generated the event.

utmcore@ntoorereaeda

act

The action applied to the event.

login

reason

The reason why the event was created. For example, login to the system.

{"user_groups_sids":["S-1-5-21-3795870133-5220325-2125745684-513","S-1-5-21-3795870133-5220325-2125745684-512"],

"user_sid":"S-1-5-21-3795870133-5220325-2125745684-1103","login":"user1","domain":"DEP","event_id":4624}

suser

The username.

user1

cs1Label

Indicates that a rule was triggered.

Rule

cs1

Name of the rule triggered to cause the event.

dep.local

src

Traffic source IPv4 address.

10.10.0.11