23.2.2. Web access log description

Field name

Description

Example value

timestamp

Time when the event was received. Format: yyyy-mm-ddThh:mm:ssZ.

2022-05-12T08:11:46.15869Z

url_categories

id

ID of the category to which the URL belongs.

39

threat_level

Threat level for the URL category.

Available values:

  • 1: very low;

  • 2: low;

  • 3: medium;.

  • 4: high;

  • 5: very high.

name

Name of the category to which the URL belongs.

Social Networking

bytes_sent

Number of bytes transmitted from the source to the destination.

52

node

A unique name of the device which generated the event.

utmcore@ersthetatica

packets_recv

Number of bytes transmitted from the destination to the source.

5

request_method

Method used to access the URL address (POST, GET, etc.).

GET

url

Contains the URL of the requested resource and the protocol used.

http://www.secure.com

packets_sent

Number of packets transmitted from the source to the destination.

2

action

Action taken by the device according to the configured policies.

block

media_type

Content type.

application/json

host

Hostname.

www.google.com

session

Session ID.

a7a3cd49-8232-4f1a-962a-3659af89e96f (if System: 00000000-0000-0000-0000-000000000000)

app_protocol

Application layer protocol and its version.

HTTP/1.1

status_code

HTTP status code.

302

bytes_recv

Number of packets transmitted from the destination to the source.

100

http_referer

Request source URL (HTTP referrer).

https://www.google.com/

decrypted

Indicates if the content was decrypted.

true, false

reasons

The reason why the event was created, e.g., the reason for the site block.

"url_cats":[{"id":39,"name":"Social Networking","threat_level":3}]

useragent

Browser useragent.

Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0

source

zone

guid

Unique ID of the traffic source zone.

d0038912-0d8a-4583-a525-e63950b1da47

name

Source zone name.

Trusted

country

Traffic source country.

AE (a two-letter country code is displayed)

ip

Source IPv4 address.

10.10.10.10

port

Source port.

Values: 0-65535.

destination

zone

guid

Unique ID of the traffic destination zone.

3c0b1253-f069-4060-903b-5fec4f465db0

name

Traffic destination zone name.

Untrusted

country

Destination country.

AE (a two-letter country code is displayed)

ip

Destination IPv4 address.

192.168.174.134

port

Destination port.

Values: 0-65535.

rule

guid

Unique ID of the rule triggered to cause the event.

f93da24d-74f9-4f8c-9e9b-8e6d02346fb4

name

The name of the rule.

Default allow

user

guid

Unique ID of the user.

a7a3cd49-8232-4f1a-962a-3659af89e96f

name

User name.

user_name

groups

guid

Unique ID of the group the user is a member of.

919878b2-e882-49ed-3331-8ec72c3c79cb

name

Name of the group the user is a member of.

Default Group