|
Field type |
Field name |
Description |
Example value |
|---|---|---|---|
|
CEF header |
CEF:Version |
CEF version. |
CEF:0 |
|
Device Vendor |
Product vendor. |
UserGate |
|
|
Device Product |
Product type. |
NGFW |
|
|
Device Version |
Product version. |
7 |
|
|
Source |
Log name. |
webaccess |
|
|
Name |
Source type. |
log |
|
|
Threat Level |
Threat level for the URL category. |
Available values: 2, 4, 6, 8, 10 (the set threat level multiplied by 2); Unknown, if no category is defined. |
|
|
CEF [extension] |
rt |
Time when the event was received (in milliseconds since January 1, 1970). |
1652344423822 |
|
deviceExternalId |
The unique name of the device that generated the event. |
utmcore@ersthetatica |
|
|
act |
Action taken by the device according to the configured policies. |
captive |
|
|
reason |
The reason why the event was created, e.g. the reason for the site block. |
{"id":39,"name":"Social Networking","threat_level":3} |
|
|
suser |
The username. |
user_example (Unknown, if the user is unknown) |
|
|
cs1Label |
Indicates that a rule was triggered. |
Rule |
|
|
cs1 |
Name of the rule triggered to cause the event. |
Default Allow |
|
|
src |
Traffic source IPv4 address. |
10.10.10.10 |
|
|
spt |
Source port |
Values: 0-65535. |
|
|
cs2Label |
Indicates the source zone. |
Source Zone |
|
|
cs2 |
Source zone name. |
Trusted |
|
|
cs3Label |
Indicates the source country. |
Source Country |
|
|
cs3 |
Source country name. |
AE (a two-letter country code is displayed) |
|
|
dst |
IPv4 address of the traffic destination. |
194.226.127.130 |
|
|
dpt |
Destination port |
Values: 0-65535. |
|
|
cs4Label |
Indicates the destination zone. |
Destination Zone |
|
|
cs4 |
Destination zone name. |
Untrusted |
|
|
cs5Label |
Indicates the destination country. |
Destination Country |
|
|
cs5 |
Destination country name. |
AE (a two-letter country code is displayed) |
|
|
cs6Label |
Indicates if the content was decrypted. |
Decrypted |
|
|
cs6 |
Decrypted or not. |
true, false |
|
|
app |
Application layer protocol and its version. |
HTTP/1.1 |
|
|
requestMethod |
Method used to access the URL address (POST, GET, etc.). |
GET |
|
|
request |
In the case of an HTTP request, the field contains the URL of the requested resource and the protocol used. |
||
|
requestContext |
Request source URL (HTTP referer). |
||
|
requestClientApplication |
Browser useragent. |
Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 |
|
|
cn3Label |
Specifies the server's original response. |
Response |
|
|
cn3 |
Status code. |
302 |
|
|
flexString1Label |
Refers to the content type. |
Media type |
|
|
flexString1 |
The type of the content. |
text/html |
|
|
flexString2Label |
Indicates the category of the requested URL. |
URL Categories |
|
|
flexString2 |
URL category. |
Computers & Technology |
|
|
in |
Number of transmitted inbound bytes (data transferred from the source to the destination). |
231 |
|
|
out |
Number of transmitted outbound bytes (data transferred from the destination to the source). |
40 |
|
|
cn1Label |
Indicates the number of packets transmitted from the source to the destination. |
Packets sent |
|
|
cn1 |
Number of packets transmitted from the source to the destination. |
3 |
|
|
cn2Label |
Indicates the number of packets transmitted from the destination to the source. |
Packets received |
|
|
cn2 |
Number of packets transmitted from the destination to the source. |
1 |