IDPS log format

Field type	Field name	Description	Example value
CEF header	CEF:Version	CEF version.	CEF:0
	Device Vendor	Product vendor.	UserGate
	Device Product	Product type.	NGFW
	Device Version	Product version.	7
	Source	Log type.	idps
	Signature	Name of the triggered IPS signature.	BlackSun Test
	Threat Level	Signature threat level.	Available values: from 2 to 10 (the set threat level multiplied by 2).
CEF [extension]	rt	Time when the event was received (in milliseconds since January 1, 1970).	1652344423822
	deviceExternalId	The unique name of the device that generated the event.	utmcore@ersthetatica
	suser	The username.	user_example (Unknown, if the user is unknown)
	act	Action taken by the device according to the configured policies.	accept
	cs1Label	Indicates that a rule was triggered.	Rule
	cs1	Name of the rule triggered to cause the event.	IDPS Rule Example
	msg	Signature threat level and name.	[2] BlackSun
	app	Application layer protocol	HTTP
	proto	Level 4 protocol used.	TCP or UDP
	src	Traffic source IPv4 address.	10.10.10.10
	spt	Source port	Values: 0-65535.
	cs2Label	Indicates the source zone.	Source Zone
	cs2	Source zone name.	Trusted
	cs3Label	Indicates the source country.	Source Country
	cs3	Source country name.	AE (a two-letter country code is displayed)
	dst	IPv4 address of the traffic destination.	194.226.127.130
	dpt	Destination port	Values: 0-65535.
	cs4Label	Indicates the destination zone.	Destination Zone
	cs4	Destination zone name.	Untrusted
	cs5Label	Indicates the destination country.	Destination Country
	cs5	Destination country name.	AE (a two-letter country code is displayed)
	in	Number of transmitted inbound bytes (data transferred from the source to the destination).	231
	out	Number of transmitted outbound bytes (data transferred from the destination to the source).	40

Вы здесь

Форма поиска

IDPS log format