Difference between revisions of "Database Schema"

From UntangleWiki
Jump to: navigation, search
(sessions)
 
(http_events)
 
(16 intermediate revisions by 4 users not shown)
Line 1: Line 1:
[[Category:Reports]]
+
= Database Tables =
The global DB schema shows the tables and columns used for tracking all logged events in Untangle. These can be used to add conditions to reports and event logs and in the reporting system to create or edit reports.
 
  
== sessions ==
+
== configuration_backup_events ==  
<section begin='sessions' />
+
<section begin='configuration_backup_events' />
  
 
{| border="1" cellpadding="2" width="90%%" align="center"
 
{| border="1" cellpadding="2" width="90%%" align="center"
!Report Condition [Column Name]
+
!Column Name
 +
!Human Name
 
!Type
 
!Type
 
!Description
 
!Description
 
|-
 
|-
|Session Id [session_id]
+
|time_stamp
|bigint
+
|Timestamp
|The session Unique session id. (Example: 95143416767254. This number can be referenced to other events/sessions with the same number.)
 
|-
 
|Timestamp [time_stamp]
 
 
|timestamp without time zone
 
|timestamp without time zone
|The time of the event (Example: 2016-01-13 2:22:08 pm)
+
|The time of the event
 
 
 
|-
 
|-
|End Timestamp [end_time]
+
|success
|timestamp without time zone
+
|Success
|The time the session ended (Example: 2016-01-13 2:22:08 pm)
 
|-
 
|Bypassed [bypassed]
 
 
|boolean
 
|boolean
|True if the session was bypassed, false otherwise
+
|The result of the backup (true if the backup succeeded, false otherwise)
 
|-
 
|-
|filter_prefix / Filter Prefix [filter_prefix]
+
|description
 +
|Text detail of the event
 
|text
 
|text
|The network filter that blocked the connection
+
|Text detail of the event
|-
 
|Protocol [protocol]
 
|smallint
 
|The IP protocol of session (Example: UDP (17), TCP (6), ICMP (1).)
 
 
|-
 
|-
|Hostname [hostname]
+
|destination
 +
|Destination
 
|text
 
|text
|The hostname (Internal Device name (my-pc, officecomputer, conferanceroompc))
+
|The location of the backup
 
|-
 
|-
|Username [username]
+
|event_id
|text
+
|Event ID
|The username (Username associated with the event Examples: Jason, Jben)
+
|bigint
 +
|The unique event ID
 
|-
 
|-
|Policy Id [policy_id]
+
|}
|smallint
+
<section end='configuration_backup_events' />
|The policy (Name of rack (Policy) along with the number. Example: Marketing (5) The number and name of the policy can be found in the Policy Manager application.)
+
()
|-
+
 
|Client [c_client_addr]
+
== http_events ==
|inet
+
<section begin='http_events' />
|The client-side client IP address (Internal devices IP address. Example: 192.168.3.1)
+
 
 +
{| border="1" cellpadding="2" width="90%%" align="center"
 +
!Column Name
 +
!Human Name
 +
!Type
 +
!Description
 +
|-
 +
|request_id
 +
|Request ID
 +
|bigint
 +
|The HTTP request ID
 
|-
 
|-
|Original Server [c_server_addr]
+
|time_stamp
|inet
+
|Timestamp
|The client-side server IP address (Server IP first used for connection. Example: 8.8.8.8)
+
|timestamp without time zone
 +
|The time of the event
 
|-
 
|-
|Original Server Port [c_server_port]
+
|session_id
|integer
+
|Session ID
|The client-side server port (Server port first used for connection. Example: 22,21,80,443)
+
|bigint
 +
|The session
 
|-
 
|-
|Client Port [c_client_port]
+
|client_intf
|integer
+
|Client Interface
|The client-side client port (Port used by the Client device for current session. Example: 22,21,80,443)
+
|smallint
 +
|The client interface
 
|-
 
|-
|New Client [s_client_addr]
+
|server_intf
|inet
+
|Server Interface
|The server-side client IP address (IP of the external interface used for connection)
+
|smallint
 +
|The server interface
 
|-
 
|-
|Server [s_server_addr]
+
|c_client_addr
 +
|Client-side Client Address
 
|inet
 
|inet
|The server-side server IP address (IP being used to connect to server. (Server can be defined as the device the connection is being made to. This can be a internal or external address.))
+
|The client-side client IP address
 
|-
 
|-
|Server Port [s_server_port]
+
|s_client_addr
 +
|Server-side Client Address
 +
|inet
 +
|The server-side client IP address
 +
|-
 +
|c_server_addr
 +
|Client-side Server Address
 +
|inet
 +
|The client-side server IP address
 +
|-
 +
|s_server_addr
 +
|Server-side Server Address
 +
|inet
 +
|The server-side server IP address
 +
|-
 +
|c_client_port
 +
|Client-side Client Port
 
|integer
 
|integer
|The server-side server port (Port being used to connect to server. (Server can be defined as the device the connection is being made to. This can be a internal or external address.) )
+
|The client-side client port
 
|-
 
|-
|New Client Port [s_client_port]
+
|s_client_port
 +
|Server-side Client Port
 
|integer
 
|integer
|The server-side client port (Port used for connection with Client [c_client_addr])
+
|The server-side client port
 
|-
 
|-
|Client Interface [client_intf]
+
|c_server_port
|smallint
+
|Client-side Server Port
|The client interface (Interface number used for connection to client device. Example:  1. This number can be found and correlated with the interface in the Config>Network> Interfaces section.)
+
|integer
 +
|The client-side server port
 
|-
 
|-
|Server Interface [server_intf]
+
|s_server_port
|smallint
+
|Server-side Server Port
|The server interface (Interface number used for connection to server. Example:  1.  This number can be found and correlated with the interface in the Config>Network> Interfaces section.)
+
|integer
 +
|The server-side server port
 
|-
 
|-
|From-Client Bytes [c2p_bytes]
+
|client_country
|bigint
+
|Client Country
|The number of bytes the client sent to Untangle (client-to-pipeline) (Example: 96120)
+
|text
 +
|The client Country
 
|-
 
|-
|To-Client Bytes [p2c_bytes]
+
|client_latitude
|bigint
+
|Client Latitude
|The number of bytes Untangle sent to client (pipeline-to-client) (Example: 96120)
+
|real
 +
|The client Latitude
 
|-
 
|-
|From-Server Bytes [s2p_bytes]
+
|client_longitude
|bigint
+
|Client Longitude
|The number of bytes the server sent to Untangle (client-to-pipeline) (Example: 96120)
+
|real
|-
+
|The client Longitude
|To-Server Bytes [p2s_bytes]
 
|bigint
 
|The number of bytes Untangle sent to server (pipeline-to-client)
 
|-
 
|Shield Blocked [shield_blocked]
 
|boolean
 
|True if the shield blocked the session, false otherwise
 
|-
 
|Blocked (Firewall) [firewall_blocked]
 
|boolean
 
|True if Firewall blocked the session, false otherwise
 
|-
 
|Flagged (Firewall) [firewall_flagged]
 
|boolean
 
|True if Firewall flagged the session, false otherwise
 
|-
 
|Rule Id (Firewall) [firewall_rule_index]
 
|integer
 
|The matching rule in Firewall (if any) (Example: 500004. ID can be correlated with rule in the Firewall Application. ID will be 0 if no match)
 
 
|-
 
|-
|Protocol (Application Control Lite)[application_control_lite_protocol]
+
|server_country
 +
|Server Country
 
|text
 
|text
|The application protocol according to Application Control Lite (Example: BITTORRE. Name can be correlated back to Applications in Application Control lite for more details. )
+
|The server Country
 
|-
 
|-
|Blocked (Application Control Lite) [application_control_lite_blocked]
+
|server_latitude
|boolean
+
|Server Latitude
|True if Application Control Lite blocked the session
+
|real
 +
|The server Latitude
 
|-
 
|-
|Captured (Captive Portal) [captive_portal_blocked]
+
|server_longitude
|boolean
+
|Server Longitude
|True if Captive Portal blocked the session
+
|real
 +
|The server Longitude
 
|-
 
|-
|Rule Id (Captive Portal) [captive_portal_rule_index]
+
|policy_id
|integer
+
|Policy ID
|The matching rule in Captive Portal (if any) (Example: 5000001. ID Can be correlated back to Capture rule in the Captive Portal application. )
+
|smallint
 +
|The policy
 
|-
 
|-
|Application (Application Control) [application_control_application]
+
|username
 +
|Username
 
|text
 
|text
|The application according to Application Control (Example: BITTORRE. Name can be correlated back to Applications in Application Control for more details. )
+
|The username associated with this session
 
|-
 
|-
|ProtoChain (Application Control) [application_control_protochain]
+
|hostname
 +
|Hostname
 
|text
 
|text
|The protochain according to Application Control ( Example: /UDP/BITTORRE)
+
|The hostname of the local address
 
|-
 
|-
|Blocked (Application Control) [application_control_blocked]
+
|method
|boolean
+
|Method
|True if Application Control blocked the session
+
|character(1)
 +
|The HTTP method
 
|-
 
|-
|Flagged (Application Control) [application_control_flagged]
+
|uri
|boolean
+
|URI
|True if Application Control flagged the session
+
|text
 +
|The HTTP URI
 
|-
 
|-
|Confidence (Application Control) [application_control_confidence]
+
|host
|integer
+
|Host
|100 if Application Control confidence of this session's identification 0 if not.
 
|-
 
|Rule Id (Application Control) [application_control_ruleid]
 
|integer
 
|The matching rule in Application Control (if any) (Example: 500001. ID Can be correlated back to Rule in the Application Control application.)
 
|-
 
|Detail (Application Control) [application_control_detail]
 
 
|text
 
|text
|The text detail from the Application Control engine (Example: *.google.com, i.ytimg.com)
+
|The HTTP host
 
|-
 
|-
|Priority (Bandwidth Control) [bandwidth_control_priority]
+
|domain
|integer
+
|Domain
|The priority given to this session (Example: Very High, High, Medium, Low, Limited, Limited More, Limited Severely)
 
|-
 
|Rule (Bandwidth Control) [bandwidth_control_rule])
 
|integer
 
|The matching rule in Bandwidth Control rule (if any) (Example: 500001. ID Can be correlated back to Rule in the Bandwidth Control application.)
 
|-
 
|Rule Id (HTTPS Inspector) [ssl_inspector_ruleid]
 
|integer
 
|The matching rule in HTTPS Inspector rule (if any) (Example: 500001. ID Can be correlated back to Rule in theHttps Inspector application.)
 
|-
 
|Status (HTTPS Inspector) [ssl_inspector_status]
 
 
|text
 
|text
|The status/action of the SSL session (INSPECTED/IGNORED/BLOCKED/UNTRUSTED/ABANDONED)
+
|The HTTP domain (shortened host)
 
|-
 
|-
|Detail (HTTPS Inspector) [ssl_inspector_detail]
+
|referer
 +
|Referer
 
|text
 
|text
|Additional text detail about the SSL connection (SNI, IP Address) (Example: clients4.google.com)
+
|The Referer URL
 
|-
 
|-
|ICMP Type [icmp_type]
+
|c2s_content_length
|smallint
+
|Client-to-server Content Length
|The ICMP type of session if ICMP (Example:ICMPV6)
+
|bigint
 +
|The client-to-server content length
 
|-
 
|-
|}
+
|s2c_content_length
<section end='sessions' />
+
|Server-to-client Content Length
 
+
|bigint
== openvpn_events ==
+
|The server-to-client content length
<section begin='openvpn_events' />
 
 
 
{| border="1" cellpadding="2" width="90%%" align="center"
 
!Column Name
 
!Type
 
!Description
 
 
|-
 
|-
|time_stamp
+
|s2c_content_type
|timestamp without time zone
+
|Server-to-client Content Type
|The time of the event
 
|-
 
|remote_address
 
|inet
 
|The remote IP address of the client
 
|-
 
|pool_address
 
|inet
 
|The pool IP address of the client
 
|-
 
|client_name
 
 
|text
 
|text
|The name of the client
+
|The server-to-client content type
 
|-
 
|-
|type
+
|s2c_content_filename
 +
|Server-to-client Content Disposition Filename
 
|text
 
|text
|The type of the event (CONNECT/DISCONNECT)
+
|The server-to-client content disposition filename
 
|-
 
|-
|}
+
|ad_blocker_cookie_ident
<section end='openvpn_events' />
+
|Ad Blocker Cookie
 
+
|text
 
+
|This name of cookie blocked by Ad Blocker
== openvpn_stats ==
+
|-
<section begin='openvpn_stats' />
+
|ad_blocker_action
 
+
|Ad Blocker Action
{| border="1" cellpadding="2" width="90%%" align="center"
+
|character(1)
!Column Name
+
|This action of Ad Blocker on this request
!Type
 
!Description
 
 
|-
 
|-
|time_stamp
+
|web_filter_reason
|timestamp without time zone
+
|Reason for action (Web Filter)
|The time of the event
+
|character(1)
 +
|This reason Web Filter blocked/flagged this request
 
|-
 
|-
|start_time
+
|web_filter_category_id
|timestamp without time zone
+
|Web Category (Web Filter)
|The time the OpenVPN session started
+
|smallint
 +
|This numeric category according to Web Filter
 
|-
 
|-
|end_time
+
|web_filter_rule_id
|timestamp without time zone
+
|Web Rule (Web Filter)
|The time the OpenVPN session ended
+
|smallint
 +
|This numeric rule according to Web Filter
 
|-
 
|-
|rx_bytes
+
|web_filter_blocked
|bigint
+
|Blocked (Web Filter)
|The total bytes received from the client during this session
+
|boolean
 +
|If Web Filter blocked this request
 
|-
 
|-
|tx_bytes
+
|web_filter_flagged
|bigint
+
|Flagged (Web Filter)
|The total bytes sent to the client during this session
+
|boolean
 +
|If Web Filter flagged this request
 
|-
 
|-
|remote_address
+
|virus_blocker_lite_clean
|inet
+
|Virus Blocker Lite Clean
|The remote IP address of the client
+
|boolean
 +
|The cleanliness of the file according to Virus Blocker Lite
 
|-
 
|-
|pool_address
+
|virus_blocker_lite_name
|inet
+
|Virus Blocker Lite Name
|The pool IP address of the client
+
|text
 +
|The name of the malware according to Virus Blocker Lite
 
|-
 
|-
|remote_port
+
|virus_blocker_clean
 +
|Virus Blocker Clean
 +
|boolean
 +
|The cleanliness of the file according to Virus Blocker
 +
|-
 +
|virus_blocker_name
 +
|Virus Blocker Name
 +
|text
 +
|The name of the malware according to Virus Blocker
 +
|-
 +
|threat_prevention_blocked
 +
|Threat Prevention Blocked
 +
|boolean
 +
|If Threat Prevention blocked this request
 +
|-
 +
|threat_prevention_flagged
 +
|Threat Prevention Flagged
 +
|boolean
 +
|If Threat Prevention flagged this request
 +
|-
 +
|threat_prevention_rule_id
 +
|Threat Prevention Rule Id
 
|integer
 
|integer
|The remote port of the client
+
|This numeric rule according to Threat Prevention
 
|-
 
|-
|client_name
+
|threat_prevention_reputation
|text
+
|Threat Prevention Reputation
|The name of the client
+
|smallint
 +
|This numeric threat reputation
 
|-
 
|-
|event_id
+
|threat_prevention_categories
|bigint
+
|Threat Prevention Categories
|The unique event ID
+
|integer
 +
|This bitmask of threat categories
 
|-
 
|-
 
|}
 
|}
<section end='openvpn_stats' />
+
<section end='http_events' />
 +
()
  
 
+
== intrusion_prevention_events ==  
== ipsec_user_events ==
+
<section begin='intrusion_prevention_events' />
<section begin='ipsec_user_events' />
 
  
 
{| border="1" cellpadding="2" width="90%%" align="center"
 
{| border="1" cellpadding="2" width="90%%" align="center"
 
!Column Name
 
!Column Name
 +
!Human Name
 
!Type
 
!Type
 
!Description
 
!Description
 
|-
 
|-
|event_id
+
|time_stamp
|bigint
+
|Timestamp
|The unique event ID
 
|-
 
|time_stamp
 
 
|timestamp without time zone
 
|timestamp without time zone
 
|The time of the event
 
|The time of the event
 
|-
 
|-
|connect_stamp
+
|sig_id
|timestamp without time zone
+
|Signature ID
|The time the connection started
+
|bigint
 +
|This ID of the rule
 
|-
 
|-
|goodbye_stamp
+
|gen_id
|timestamp without time zone
+
|Grouping ID
|The time the connection ended
+
|bigint
 +
|The grouping ID for the rule, The gen_id + sig_id specify the rule's unique identifier
 
|-
 
|-
|client_address
+
|class_id
|text
+
|Classtype ID
|The remote IP address of the client
+
|bigint
 +
|The numeric ID for the classtype
 
|-
 
|-
|client_protocol
+
|source_addr
|text
+
|Source Address
|The protocol the client used to connect
+
|inet
 +
|The source IP address of the packet
 
|-
 
|-
|client_username
+
|source_port
 +
|Source Port
 +
|integer
 +
|The source port of the packet (if applicable)
 +
|-
 +
|dest_addr
 +
|Destination Address
 +
|inet
 +
|The destination IP address of the packet
 +
|-
 +
|dest_port
 +
|Destination Port
 +
|integer
 +
|The destination port of the packet (if applicable)
 +
|-
 +
|protocol
 +
|Protocol
 +
|integer
 +
|The protocol of the packet
 +
|-
 +
|blocked
 +
|Blocked
 +
|boolean
 +
|If the packet was blocked/dropped
 +
|-
 +
|category
 +
|Category
 
|text
 
|text
|The username of the client
+
|The application specific grouping for the signature
 
|-
 
|-
|net_process
+
|classtype
 +
|Classtype
 
|text
 
|text
|The PID of the PPP process for L2TP connections or the connection ID for Xauth connections
+
|The generalized threat signature grouping (unrelated to gen_id)
 
|-
 
|-
|net_interface
+
|msg
 +
|Message
 
|text
 
|text
|The PPP interface for L2TP connections or the client interface for Xauth connections
+
|The "title" or "description" of the signature
 
|-
 
|-
|elapsed_time
+
|rid
 +
|Rule ID
 
|text
 
|text
|The total time the client was connected
+
|The rule id
 
|-
 
|-
|rx_bytes
+
|rule_id
|bigint
+
|Rule ID
|The number of bytes received from the client in this connection
+
|text
|-
+
|The rule id
|tx_bytes
 
|bigint
 
|The number of bytes sent to the client in this connection
 
 
|-
 
|-
 
|}
 
|}
<section end='ipsec_user_events' />
+
<section end='intrusion_prevention_events' />
 +
()
  
 
+
== smtp_tarpit_events ==  
== ipsec_tunnel_stats ==
+
<section begin='smtp_tarpit_events' />
<section begin='ipsec_tunnel_stats' />
 
  
 
{| border="1" cellpadding="2" width="90%%" align="center"
 
{| border="1" cellpadding="2" width="90%%" align="center"
 
!Column Name
 
!Column Name
 +
!Human Name
 
!Type
 
!Type
 
!Description
 
!Description
 
|-
 
|-
 
|time_stamp
 
|time_stamp
 +
|Timestamp
 
|timestamp without time zone
 
|timestamp without time zone
 
|The time of the event
 
|The time of the event
 
|-
 
|-
|tunnel_name
+
|ipaddr
 +
|Client Address
 +
|inet
 +
|The client IP address
 +
|-
 +
|hostname
 +
|Hostname
 
|text
 
|text
|The name of the IPsec tunnel
+
|The hostname of the local address
 
|-
 
|-
|in_bytes
+
|policy_id
 +
|Policy ID
 
|bigint
 
|bigint
|The number of bytes received during this time frame
+
|The policy
 
|-
 
|-
|out_bytes
+
|vendor_name
|bigint
+
|Vendor Name
|The number of bytes transmitted during this time frame
+
|character varying(255)
 +
|The "vendor name" of the app that logged the event
 
|-
 
|-
 
|event_id
 
|event_id
 +
|Event ID
 
|bigint
 
|bigint
 
|The unique event ID
 
|The unique event ID
 
|-
 
|-
 
|}
 
|}
<section end='ipsec_tunnel_stats' />
+
<section end='smtp_tarpit_events' />
 +
()
  
 
+
== ipsec_user_events ==  
== smtp_tarpit_events ==
+
<section begin='ipsec_user_events' />
<section begin='smtp_tarpit_events' />
 
  
 
{| border="1" cellpadding="2" width="90%%" align="center"
 
{| border="1" cellpadding="2" width="90%%" align="center"
 
!Column Name
 
!Column Name
 +
!Human Name
 
!Type
 
!Type
 
!Description
 
!Description
 +
|-
 +
|event_id
 +
|Event ID
 +
|bigint
 +
|The unique event ID
 
|-
 
|-
 
|time_stamp
 
|time_stamp
 +
|Timestamp
 
|timestamp without time zone
 
|timestamp without time zone
 
|The time of the event
 
|The time of the event
 
|-
 
|-
|ipaddr
+
|connect_stamp
|inet
+
|Connect Time
|The client IP address
+
|timestamp without time zone
 +
|The time the connection started
 +
|-
 +
|goodbye_stamp
 +
|End Time
 +
|timestamp without time zone
 +
|The time the connection ended
 
|-
 
|-
|hostname
+
|client_address
 +
|Client Address
 
|text
 
|text
|The hostname
+
|The remote IP address of the client
 
|-
 
|-
|policy_id
+
|client_protocol
|bigint
+
|Client Protocol
|The policy
+
|text
 +
|The protocol the client used to connect
 +
|-
 +
|client_username
 +
|Client Username
 +
|text
 +
|The username of the client
 +
|-
 +
|net_process
 +
|Net Process
 +
|text
 +
|The PID of the PPP process for L2TP connections or the connection ID for Xauth connections
 +
|-
 +
|net_interface
 +
|Net Interface
 +
|text
 +
|The PPP interface for L2TP connections or the client interface for Xauth connections
 
|-
 
|-
|vendor_name
+
|elapsed_time
|character varying(255)
+
|Elapsed Time
|The "vendor name" of the app that logged the event
+
|text
 +
|The total time the client was connected
 
|-
 
|-
|event_id
+
|rx_bytes
 +
|Bytes Received
 
|bigint
 
|bigint
|The unique event ID
+
|The number of bytes received from the client in this connection
 +
|-
 +
|tx_bytes
 +
|Bytes Sent
 +
|bigint
 +
|The number of bytes sent to the client in this connection
 
|-
 
|-
 
|}
 
|}
<section end='smtp_tarpit_events' />
+
<section end='ipsec_user_events' />
 +
()
  
 
+
== ipsec_vpn_events ==  
== server_events ==
+
<section begin='ipsec_vpn_events' />
<section begin='server_events' />
 
  
 
{| border="1" cellpadding="2" width="90%%" align="center"
 
{| border="1" cellpadding="2" width="90%%" align="center"
 
!Column Name
 
!Column Name
 +
!Human Name
 
!Type
 
!Type
 
!Description
 
!Description
 +
|-
 +
|event_id
 +
|Event ID
 +
|bigint
 +
|The unique event ID
 
|-
 
|-
 
|time_stamp
 
|time_stamp
 +
|Timestamp
 
|timestamp without time zone
 
|timestamp without time zone
 
|The time of the event
 
|The time of the event
 
|-
 
|-
|load_1
+
|local_address
|numeric(6,2)
+
|Local Address
|The 1-minute CPU load
+
|text
 +
|The local address of the tunnel
 
|-
 
|-
|load_5
+
|remote_address
|numeric(6,2)
+
|Remote Address
|The 5-minute CPU load
+
|text
 +
|The remote address of the tunnel
 
|-
 
|-
|load_15
+
|tunnel_description
|numeric(6,2)
+
|Tunnel Description
|The 15-minute CPU load
+
|text
 +
|The description of the tunnel
 
|-
 
|-
|cpu_user
+
|event_type
|numeric(6,3)
+
|Event Type
|The user CPU percent utilization
+
|text
 +
|The type of the event (CONNECT,DISCONNECT)
 
|-
 
|-
|cpu_system
+
|}
|numeric(6,3)
+
<section end='ipsec_vpn_events' />
|The system CPU percent utilization
+
()
 +
 
 +
== ipsec_tunnel_stats ==
 +
<section begin='ipsec_tunnel_stats' />
 +
 
 +
{| border="1" cellpadding="2" width="90%%" align="center"
 +
!Column Name
 +
!Human Name
 +
!Type
 +
!Description
 +
|-
 +
|time_stamp
 +
|Timestamp
 +
|timestamp without time zone
 +
|The time of the event
 
|-
 
|-
|mem_total
+
|tunnel_name
|bigint
+
|Tunnel Name
|The total bytes of memory
+
|text
 +
|The name of the IPsec tunnel
 
|-
 
|-
|mem_free
+
|in_bytes
 +
|In Bytes
 
|bigint
 
|bigint
|The number of free bytes of memory
+
|The number of bytes received during this time frame
 
|-
 
|-
|disk_total
+
|out_bytes
 +
|Out Bytes
 
|bigint
 
|bigint
|The total disk size in bytes
+
|The number of bytes transmitted during this time frame
 
|-
 
|-
|disk_free
+
|event_id
 +
|Event ID
 
|bigint
 
|bigint
|The free disk space in bytes
+
|The unique event ID
|-
 
|swap_total
 
|bigint
 
|The total swap size in bytes
 
|-
 
|swap_free
 
|bigint
 
|The free disk swap in bytes
 
 
|-
 
|-
 
|}
 
|}
<section end='server_events' />
+
<section end='ipsec_tunnel_stats' />
 +
()
  
 
+
== http_query_events ==  
== webcache_stats ==
+
<section begin='http_query_events' />
<section begin='webcache_stats' />
 
  
 
{| border="1" cellpadding="2" width="90%%" align="center"
 
{| border="1" cellpadding="2" width="90%%" align="center"
 
!Column Name
 
!Column Name
 +
!Human Name
 
!Type
 
!Type
 
!Description
 
!Description
 +
|-
 +
|event_id
 +
|Event ID
 +
|bigint
 +
|The unique event ID
 
|-
 
|-
 
|time_stamp
 
|time_stamp
 +
|Timestamp
 
|timestamp without time zone
 
|timestamp without time zone
 
|The time of the event
 
|The time of the event
 
|-
 
|-
|hits
+
|session_id
 +
|Session ID
 
|bigint
 
|bigint
|The number of cache hits during this time frame
+
|The session
 
|-
 
|-
|misses
+
|client_intf
|bigint
+
|Client Interface
|The number of cache misses during this time frame
+
|smallint
 +
|The client interface
 
|-
 
|-
|bypasses
+
|server_intf
|bigint
+
|Server Interface
|The number of cache user bypasses during this time frame
+
|smallint
 +
|The server interface
 
|-
 
|-
|systems
+
|c_client_addr
|bigint
+
|Client-side Client Address
|The number of cache system bypasses during this time frame
+
|inet
 +
|The client-side client IP address
 
|-
 
|-
|hit_bytes
+
|s_client_addr
|bigint
+
|Server-side Client Address
|The number of bytes saved from cache hits
+
|inet
 +
|The server-side client IP address
 
|-
 
|-
|miss_bytes
+
|c_server_addr
|bigint
+
|Client-side Server Address
|The number of bytes not saved from cache misses
+
|inet
 +
|The client-side server IP address
 
|-
 
|-
|event_id
+
|s_server_addr
|bigint
+
|Server-side Server Address
|The unique event ID
+
|inet
 +
|The server-side server IP address
 
|-
 
|-
|}
+
|c_client_port
<section end='webcache_stats' />
+
|Client-side Client Port
 
+
|integer
 
+
|The client-side client port
== http_query_events ==
 
<section begin='http_query_events' />
 
 
 
{| border="1" cellpadding="2" width="90%%" align="center"
 
!Column Name
 
!Type
 
!Description
 
 
|-
 
|-
|event_id
+
|s_client_port
|bigint
+
|Server-side Client Port
|The unique event ID
+
|integer
 +
|The server-side client port
 
|-
 
|-
|time_stamp
+
|c_server_port
|timestamp without time zone
+
|Client-side Server Port
|The time of the event
+
|integer
 +
|The client-side server port
 +
|-
 +
|s_server_port
 +
|Server-side Server Port
 +
|integer
 +
|The server-side server port
 
|-
 
|-
|session_id
+
|policy_id
 +
|Policy ID
 
|bigint
 
|bigint
|The session
+
|The policy
 
|-
 
|-
|client_intf
+
|username
|smallint
+
|Username
|The client interface
+
|text
 +
|The username associated with this session
 
|-
 
|-
|server_intf
+
|hostname
|smallint
+
|Hostname
|The server interface
+
|text
 +
|The hostname of the local address
 
|-
 
|-
|c_client_addr
+
|request_id
|inet
+
|Request ID
|The client-side client IP address
+
|bigint
 +
|The HTTP request ID
 
|-
 
|-
|s_client_addr
+
|method
|inet
+
|Method
|The server-side client IP address
+
|character(1)
 +
|The HTTP method
 
|-
 
|-
|c_server_addr
+
|uri
|inet
+
|URI
|The client-side server IP address
+
|text
 +
|The HTTP URI
 
|-
 
|-
|s_server_addr
+
|term
|inet
+
|Search Term
|The server-side server IP address
+
|text
 +
|The search term
 
|-
 
|-
|c_client_port
+
|host
|integer
+
|Host
|The client-side client port
+
|text
 +
|The HTTP host
 
|-
 
|-
|s_client_port
+
|c2s_content_length
|integer
+
|Client-to-server Content Length
|The server-side client port
+
|bigint
 +
|The client-to-server content length
 
|-
 
|-
|c_server_port
+
|s2c_content_length
|integer
+
|Server-to-client Content Length
|The client-side server port
 
|-
 
|s_server_port
 
|integer
 
|The server-side server port
 
|-
 
|policy_id
 
 
|bigint
 
|bigint
|The policy
+
|The server-to-client content length
 
|-
 
|-
|username
+
|s2c_content_type
 +
|Server-to-client Content Type
 
|text
 
|text
|The username
+
|The server-to-client content type
 
|-
 
|-
|hostname
+
|blocked
|text
+
|Blocked
|The hostname
+
|boolean
 +
|If Web Filter blocked this search term
 
|-
 
|-
|request_id
+
|flagged
|bigint
+
|Flagged
|The HTTP request ID
+
|boolean
 +
|If Web Filter flagged this search term
 
|-
 
|-
|method
+
|}
|character(1)
+
<section end='http_query_events' />
|The HTTP method
+
()
 +
 
 +
== admin_logins ==
 +
<section begin='admin_logins' />
 +
 
 +
{| border="1" cellpadding="2" width="90%%" align="center"
 +
!Column Name
 +
!Human Name
 +
!Type
 +
!Description
 
|-
 
|-
|uri
+
|time_stamp
|text
+
|Timestamp
|The HTTP URI
+
|timestamp without time zone
 +
|The time of the event
 
|-
 
|-
|term
+
|login
 +
|Login
 
|text
 
|text
|The search term
+
|The login name
 
|-
 
|-
|host
+
|local
|text
+
|Local
|The HTTP host
+
|boolean
 +
|True if it is a login attempt through a local process
 
|-
 
|-
|c2s_content_length
+
|client_addr
|bigint
+
|Client Address
|The client-to-server content length
+
|inet
 +
|The client IP address
 
|-
 
|-
|s2c_content_length
+
|succeeded
|bigint
+
|Succeeded
|The server-to-client content length
+
|boolean
 +
|True if the login succeeded, false otherwise
 
|-
 
|-
|s2c_content_type
+
|reason
|text
+
|Reason
|The server-to-client content type
+
|character(1)
 +
|The reason for the login (if applicable)
 
|-
 
|-
 
|}
 
|}
<section end='http_query_events' />
+
<section end='admin_logins' />
 +
()
  
 
+
== sessions ==  
== configuration_backup_events ==
+
<section begin='sessions' />
<section begin='configuration_backup_events' />
 
  
 
{| border="1" cellpadding="2" width="90%%" align="center"
 
{| border="1" cellpadding="2" width="90%%" align="center"
 
!Column Name
 
!Column Name
 +
!Human Name
 
!Type
 
!Type
 
!Description
 
!Description
 +
|-
 +
|session_id
 +
|Session ID
 +
|bigint
 +
|The session
 
|-
 
|-
 
|time_stamp
 
|time_stamp
 +
|Timestamp
 
|timestamp without time zone
 
|timestamp without time zone
 
|The time of the event
 
|The time of the event
 
|-
 
|-
|success
+
|end_time
 +
|End Time
 +
|timestamp without time zone
 +
|The time the session ended
 +
|-
 +
|bypassed
 +
|Bypassed
 
|boolean
 
|boolean
|The result of the backup (true if the backup succeeded, false otherwise)
+
|True if the session was bypassed, false otherwise
 
|-
 
|-
|description
+
|entitled
|text
+
|Entitled
|Text detail of the event
+
|boolean
 +
|True if the session is entitled to premium functionality
 +
|-
 +
|protocol
 +
|Protocol
 +
|smallint
 +
|The IP protocol of session
 
|-
 
|-
|event_id
+
|icmp_type
|bigint
+
|ICMP Type
|The unique event ID
+
|smallint
 +
|The ICMP type of session if ICMP
 
|-
 
|-
|}
+
|hostname
<section end='configuration_backup_events' />
+
|Hostname
 
+
|text
 
+
|The hostname of the local address
== capture_user_events ==
 
<section begin='capture_user_events' />
 
 
 
{| border="1" cellpadding="2" width="90%%" align="center"
 
!Column Name
 
!Type
 
!Description
 
 
|-
 
|-
|time_stamp
+
|username
|timestamp without time zone
+
|Username
|The time of the event
+
|text
 +
|The username associated with this session
 
|-
 
|-
 
|policy_id
 
|policy_id
|bigint
+
|Policy ID
 +
|smallint
 
|The policy
 
|The policy
 
|-
 
|-
|event_id
+
|policy_rule_id
|bigint
+
|Policy Rule ID
|The unique event ID
+
|smallint
 +
|The ID of the matching policy rule (0 means none)
 
|-
 
|-
|login_name
+
|local_addr
|text
+
|Local Address
|The login username
+
|inet
 +
|The IP address of the local participant
 
|-
 
|-
|event_info
+
|remote_addr
|text
+
|Remote Address
|The type of event (LOGIN, FAILED, TIMEOUT, INACTIVE, USER_LOGOUT, ADMIN_LOGOUT)
+
|inet
 +
|The IP address of the remote participant
 
|-
 
|-
|auth_type
+
|c_client_addr
|text
+
|Client-side Client Address
|The authorization type for this event
+
|inet
 +
|The client-side client IP address
 
|-
 
|-
|client_addr
+
|c_server_addr
|text
+
|Client-side Server Address
|The remote IP address of the client
+
|inet
 +
|The client-side server IP address
 
|-
 
|-
|}
+
|c_server_port
<section end='capture_user_events' />
+
|Client-side Server Port
 
+
|integer
 
+
|The client-side server port
== ftp_events ==
 
<section begin='ftp_events' />
 
 
 
{| border="1" cellpadding="2" width="90%%" align="center"
 
!Column Name
 
!Type
 
!Description
 
 
|-
 
|-
|event_id
+
|c_client_port
|bigint
+
|Client-side Client Port
|The unique event ID
+
|integer
 +
|The client-side client port
 
|-
 
|-
|time_stamp
+
|s_client_addr
|timestamp without time zone
+
|Server-side Client Address
|The time of the event
+
|inet
 +
|The server-side client IP address
 
|-
 
|-
|session_id
+
|s_server_addr
|bigint
+
|Server-side Server Address
|The session
+
|inet
 +
|The server-side server IP address
 +
|-
 +
|s_server_port
 +
|Server-side Server Port
 +
|integer
 +
|The server-side server port
 +
|-
 +
|s_client_port
 +
|Server-side Client Port
 +
|integer
 +
|The server-side client port
 
|-
 
|-
 
|client_intf
 
|client_intf
 +
|Client Interface
 
|smallint
 
|smallint
 
|The client interface
 
|The client interface
 
|-
 
|-
 
|server_intf
 
|server_intf
 +
|Server Interface
 
|smallint
 
|smallint
 
|The server interface
 
|The server interface
 
|-
 
|-
|c_client_addr
+
|client_country
|inet
+
|Client Country
|The client-side client IP address
+
|text
 +
|The client Country
 
|-
 
|-
|s_client_addr
+
|client_latitude
|inet
+
|Client Latitude
|The server-side client IP address
+
|real
 +
|The client Latitude
 
|-
 
|-
|c_server_addr
+
|client_longitude
|inet
+
|Client Longitude
|The client-side server IP address
+
|real
 +
|The client Longitude
 
|-
 
|-
|s_server_addr
+
|server_country
|inet
+
|Server Country
|The server-side server IP address
+
|text
 +
|The server Country
 
|-
 
|-
|policy_id
+
|server_latitude
|bigint
+
|Server Latitude
|The policy
+
|real
 +
|The server Latitude
 
|-
 
|-
|username
+
|server_longitude
|text
+
|Server Longitude
|The username
+
|real
 +
|The server Longitude
 +
|-
 +
|c2p_bytes
 +
|From-Client Bytes
 +
|bigint
 +
|The number of bytes the client sent to Untangle (client-to-pipeline)
 
|-
 
|-
|hostname
+
|p2c_bytes
|text
+
|To-Client Bytes
|The hostname
+
|bigint
 +
|The number of bytes Untangle sent to client (pipeline-to-client)
 
|-
 
|-
|request_id
+
|s2p_bytes
 +
|From-Server Bytes
 
|bigint
 
|bigint
|The FTP request ID
+
|The number of bytes the server sent to Untangle (client-to-pipeline)
 
|-
 
|-
|method
+
|p2s_bytes
|character(1)
+
|To-Server Bytes
|The FTP method
+
|bigint
 +
|The number of bytes Untangle sent to server (pipeline-to-client)
 
|-
 
|-
|uri
+
|filter_prefix
 +
|Filter Block
 
|text
 
|text
|The FTP URI
+
|The network filter that blocked the connection (filter,shield,invalid)
 
|-
 
|-
|virus_blocker_lite_clean
+
|firewall_blocked
 +
|Firewall Blocked
 
|boolean
 
|boolean
|The cleanliness of the file according to Virus Blocker Lite
+
|True if Firewall blocked the session, false otherwise
|-
 
|virus_blocker_lite_name
 
|text
 
|The name of the malware according to Virus Blocker Lite
 
 
|-
 
|-
|virus_blocker_clean
+
|firewall_flagged
 +
|Firewall Flagged
 
|boolean
 
|boolean
|The cleanliness of the file according to Virus Blocker
+
|True if Firewall flagged the session, false otherwise
 
|-
 
|-
|virus_blocker_name
+
|firewall_rule_index
|text
+
|Firewall Rule ID
|The name of the malware according to Virus Blocker
+
|integer
 +
|The matching rule in Firewall (if any)
 
|-
 
|-
|}
+
|threat_prevention_blocked
<section end='ftp_events' />
+
|Threat Prevention Blocked
 
+
|boolean
 
+
|If Threat Prevention blocked
== mail_addrs ==
 
<section begin='mail_addrs' />
 
 
 
{| border="1" cellpadding="2" width="90%%" align="center"
 
!Column Name
 
!Type
 
!Description
 
 
|-
 
|-
|time_stamp
+
|threat_prevention_flagged
|timestamp without time zone
+
|Threat Prevention Flagged
|The time of the event
+
|boolean
 +
|If Threat Prevention flagged
 
|-
 
|-
|session_id
+
|threat_prevention_reason
|bigint
+
|Threat Prevention Reason
|The session
+
|character(1)
 +
|Threat Prevention reason
 
|-
 
|-
|client_intf
+
|threat_prevention_rule_id
|smallint
+
|Threat Prevention Rule Id
|The client interface
+
|integer
 +
|Numeric rule id of Threat Prevention
 
|-
 
|-
|server_intf
+
|threat_prevention_client_reputation
 +
|Threat Prevention Client Reputation
 
|smallint
 
|smallint
|The server interface
+
|Numeric client reputation of Threat Prevention
 
|-
 
|-
|c_client_addr
+
|threat_prevention_client_categories
|inet
+
|Threat Prevention Client Categories
|The client-side client IP address
+
|integer
 +
|Bitmask client categories of Threat Prevention
 
|-
 
|-
|s_client_addr
+
|threat_prevention_server_reputation
|inet
+
|Threat Prevention Server Reputation
|The server-side client IP address
+
|smallint
 +
|Numeric server reputation of Threat Prevention
 
|-
 
|-
|c_server_addr
+
|threat_prevention_server_categories
|inet
+
|Threat Prevention Server Categories
|The client-side server IP address
+
|integer
 +
|Bitmask server categories of Threat Prevention
 
|-
 
|-
|s_server_addr
+
|application_control_lite_protocol
|inet
+
|Application Control Lite Protocol
|The server-side server IP address
+
|text
 +
|The application protocol according to Application Control Lite
 
|-
 
|-
|c_client_port
+
|application_control_lite_blocked
|integer
+
|Application Control Lite Blocked
|The client-side client port
+
|boolean
 +
|True if Application Control Lite blocked the session
 
|-
 
|-
|s_client_port
+
|captive_portal_blocked
|integer
+
|Captive Portal Blocked
|The server-side client port
+
|boolean
 +
|True if Captive Portal blocked the session
 
|-
 
|-
|c_server_port
+
|captive_portal_rule_index
 +
|Captive Portal Rule ID
 
|integer
 
|integer
|The client-side server port
+
|The matching rule in Captive Portal (if any)
 
|-
 
|-
|s_server_port
+
|application_control_application
|integer
+
|Application Control Application
|The server-side server port
+
|text
 +
|The application according to Application Control
 
|-
 
|-
|policy_id
+
|application_control_protochain
|bigint
+
|Application Control Protochain
|The policy
+
|text
 +
|The protochain according to Application Control
 
|-
 
|-
|username
+
|application_control_category
 +
|Application Control Category
 
|text
 
|text
|The username
+
|The category according to Application Control
 +
|-
 +
|application_control_blocked
 +
|Application Control Blocked
 +
|boolean
 +
|True if Application Control blocked the session
 
|-
 
|-
|msg_id
+
|application_control_flagged
|bigint
+
|Application Control Flagged
|The message ID
+
|boolean
 +
|True if Application Control flagged the session
 
|-
 
|-
|subject
+
|application_control_confidence
|text
+
|Application Control Confidence
|The email subject
+
|integer
 +
|True if Application Control confidence of this session's identification
 
|-
 
|-
|addr
+
|application_control_ruleid
|text
+
|Application Control Rule ID
|The address of this event
+
|integer
 +
|The matching rule in Application Control (if any)
 
|-
 
|-
|addr_name
+
|application_control_detail
 +
|Application Control Detail
 
|text
 
|text
|The name for this address
+
|The text detail from the Application Control engine
 
|-
 
|-
|addr_kind
+
|bandwidth_control_priority
|character(1)
+
|Bandwidth Control Priority
|The type for this address (F=From, T=To, C=CC, G=Envelope From, B=Envelope To, X=Unknown)
+
|integer
 +
|The priority given to this session
 
|-
 
|-
|hostname
+
|bandwidth_control_rule
|text
+
|Bandwidth Control Rule ID
|The hostname
+
|integer
 +
|The matching rule in Bandwidth Control rule (if any)
 
|-
 
|-
|event_id
+
|ssl_inspector_ruleid
|bigint
+
|SSL Inspector Rule ID
|The unique event ID
+
|integer
 +
|The matching rule in SSL Inspector rule (if any)
 
|-
 
|-
|sender
+
|ssl_inspector_status
 +
|SSL Inspector Status
 
|text
 
|text
|The address of the sender
+
|The status/action of the SSL session (INSPECTED,IGNORED,BLOCKED,UNTRUSTED,ABANDONED)
|-
 
|virus_blocker_lite_clean
 
|boolean
 
|The cleanliness of the file according to Virus Blocker Lite
 
 
|-
 
|-
|virus_blocker_lite_name
+
|ssl_inspector_detail
 +
|SSL Inspector Detail
 
|text
 
|text
|The name of the malware according to Virus Blocker Lite
+
|Additional text detail about the SSL connection (SNI, IP Address)
|-
 
|virus_blocker_clean
 
|boolean
 
|The cleanliness of the file according to Virus Blocker
 
 
|-
 
|-
|virus_blocker_name
+
|tags
 +
|Tags
 
|text
 
|text
|The name of the malware according to Virus Blocker
+
|The tags on this session
 
|-
 
|-
|spam_blocker_lite_score
+
|}
|real
+
<section end='sessions' />
|The score of the email according to Spam Blocker Lite
+
()
 +
 
 +
== session_minutes ==
 +
<section begin='session_minutes' />
 +
 
 +
{| border="1" cellpadding="2" width="90%%" align="center"
 +
!Column Name
 +
!Human Name
 +
!Type
 +
!Description
 
|-
 
|-
|spam_blocker_lite_is_spam
+
|session_id
|boolean
+
|Session ID
|The spam status of the email according to Spam Blocker Lite
+
|bigint
 +
|The session
 
|-
 
|-
|spam_blocker_lite_action
+
|time_stamp
|character(1)
+
|Timestamp
|The action taken by Spam Blocker Lite
+
|timestamp without time zone
 +
|The time of the event
 
|-
 
|-
|spam_blocker_lite_tests_string
+
|c2s_bytes
|text
+
|From-Client Bytes
|The tess results for Spam Blocker Lite
+
|bigint
 +
|The number of bytes the client sent
 
|-
 
|-
|spam_blocker_score
+
|s2c_bytes
|real
+
|From-Server Bytes
|The score of the email according to Spam Blocker
+
|bigint
 +
|The number of bytes the server sent
 
|-
 
|-
|spam_blocker_is_spam
+
|start_time
 +
|Start Time
 +
|timestamp without time zone
 +
|The start time of the session
 +
|-
 +
|end_time
 +
|End Time
 +
|timestamp without time zone
 +
|The time the session ended
 +
|-
 +
|bypassed
 +
|Bypassed
 
|boolean
 
|boolean
|The spam status of the email according to Spam Blocker
+
|True if the session was bypassed, false otherwise
 
|-
 
|-
|spam_blocker_action
+
|entitled
|character(1)
+
|Entitled
|The action taken by Spam Blocker
+
|boolean
 +
|True if the session is entitled to premium functionality
 
|-
 
|-
|spam_blocker_tests_string
+
|protocol
|text
+
|Protocol
|The tess results for Spam Blocker
+
|smallint
 +
|The IP protocol of session
 
|-
 
|-
|phish_blocker_score
+
|icmp_type
|real
+
|ICMP Type
|The score of the email according to Phish Blocker
+
|smallint
 +
|The ICMP type of session if ICMP
 
|-
 
|-
|phish_blocker_is_spam
+
|hostname
|boolean
+
|Hostname
|The phish status of the email according to Phish Blocker
+
|text
 +
|The hostname of the local address
 
|-
 
|-
|phish_blocker_tests_string
+
|username
 +
|Username
 
|text
 
|text
|The tess results for Phish Blocker
+
|The username associated with this session
 
|-
 
|-
|phish_blocker_action
+
|policy_id
|character(1)
+
|Policy ID
|The action taken by Phish Blocker
+
|smallint
 +
|The policy
 
|-
 
|-
|}
+
|policy_rule_id
<section end='mail_addrs' />
+
|Policy Rule ID
 
+
|smallint
 
+
|The ID of the matching policy rule (0 means none)
== mail_msgs ==
 
<section begin='mail_msgs' />
 
 
 
{| border="1" cellpadding="2" width="90%%" align="center"
 
!Column Name
 
!Type
 
!Description
 
 
|-
 
|-
|time_stamp
+
|local_addr
|timestamp without time zone
+
|Local Address
|The time of the event
+
|inet
 +
|The IP address of the local participant
 
|-
 
|-
|session_id
+
|remote_addr
|bigint
+
|Remote Address
|The session
+
|inet
 +
|The IP address of the remote participant
 
|-
 
|-
|client_intf
+
|c_client_addr
|smallint
+
|Client-side Client Address
|The client interface
 
|-
 
|server_intf
 
|smallint
 
|The server interface
 
|-
 
|c_client_addr
 
 
|inet
 
|inet
 
|The client-side client IP address
 
|The client-side client IP address
|-
 
|s_client_addr
 
|inet
 
|The server-side client IP address
 
 
|-
 
|-
 
|c_server_addr
 
|c_server_addr
 +
|Client-side Server Address
 
|inet
 
|inet
 
|The client-side server IP address
 
|The client-side server IP address
 
|-
 
|-
|s_server_addr
+
|c_server_port
|inet
+
|Client-side Server Port
|The server-side server IP address
+
|integer
 +
|The client-side server port
 
|-
 
|-
 
|c_client_port
 
|c_client_port
 +
|Client-side Client Port
 
|integer
 
|integer
 
|The client-side client port
 
|The client-side client port
 
|-
 
|-
|s_client_port
+
|s_client_addr
|integer
+
|Server-side Client Address
|The server-side client port
+
|inet
 +
|The server-side client IP address
 
|-
 
|-
|c_server_port
+
|s_server_addr
|integer
+
|Server-side Server Address
|The client-side server port
+
|inet
 +
|The server-side server IP address
 
|-
 
|-
 
|s_server_port
 
|s_server_port
 +
|Server-side Server Port
 
|integer
 
|integer
 
|The server-side server port
 
|The server-side server port
 
|-
 
|-
|policy_id
+
|s_client_port
|bigint
+
|Server-side Client Port
|The policy
+
|integer
 +
|The server-side client port
 +
|-
 +
|client_intf
 +
|Client Interface
 +
|smallint
 +
|The client interface
 +
|-
 +
|server_intf
 +
|Server Interface
 +
|smallint
 +
|The server interface
 
|-
 
|-
|username
+
|client_country
 +
|Client Country
 
|text
 
|text
|The username
+
|The client Country
 
|-
 
|-
|msg_id
+
|client_latitude
|bigint
+
|Client Latitude
|The message ID
+
|real
 +
|The client Latitude
 
|-
 
|-
|subject
+
|client_longitude
|text
+
|Client Longitude
|The email subject
+
|real
 +
|The client Longitude
 
|-
 
|-
|hostname
+
|server_country
 +
|Server Country
 
|text
 
|text
|The hostname
+
|The server Country
 
|-
 
|-
|event_id
+
|server_latitude
|bigint
+
|Server Latitude
|The unique event ID
+
|real
 +
|The server Latitude
 +
|-
 +
|server_longitude
 +
|Server Longitude
 +
|real
 +
|The server Longitude
 
|-
 
|-
|sender
+
|filter_prefix
 +
|Filter Block
 
|text
 
|text
|The address of the sender
+
|The network filter that blocked the connection (filter,shield,invalid)
 
|-
 
|-
|receiver
+
|firewall_blocked
|text
+
|Firewall Blocked
|The address of the receiver
+
|boolean
 +
|True if Firewall blocked the session, false otherwise
 
|-
 
|-
|virus_blocker_lite_clean
+
|firewall_flagged
 +
|Firewall Flagged
 
|boolean
 
|boolean
|The cleanliness of the file according to Virus Blocker Lite
+
|True if Firewall flagged the session, false otherwise
 
|-
 
|-
|virus_blocker_lite_name
+
|firewall_rule_index
|text
+
|Firewall Rule ID
|The name of the malware according to Virus Blocker Lite
+
|integer
 +
|The matching rule in Firewall (if any)
 
|-
 
|-
|virus_blocker_clean
+
|threat_prevention_blocked
 +
|Threat Prevention Blocked
 
|boolean
 
|boolean
|The cleanliness of the file according to Virus Blocker
+
|If Threat Prevention blocked
 
|-
 
|-
|virus_blocker_name
+
|threat_prevention_flagged
|text
+
|Threat Prevention Flagged
|The name of the malware according to Virus Blocker
+
|boolean
 +
|If Threat Prevention flagged
 
|-
 
|-
|spam_blocker_lite_score
+
|threat_prevention_reason
|real
+
|Threat Prevention Reason
|The score of the email according to Spam Blocker Lite
+
|character(1)
 +
|Threat Prevention reason
 
|-
 
|-
|spam_blocker_lite_is_spam
+
|threat_prevention_rule_id
|boolean
+
|Threat Prevention Rule Id
|The spam status of the email according to Spam Blocker Lite
+
|integer
 +
|Numeric rule id of Threat Prevention
 
|-
 
|-
|spam_blocker_lite_tests_string
+
|threat_prevention_client_reputation
|text
+
|Threat Prevention Client Reputation
|The tess results for Spam Blocker Lite
+
|smallint
 +
|Numeric client reputation of Threat Prevention
 
|-
 
|-
|spam_blocker_lite_action
+
|threat_prevention_client_categories
|character(1)
+
|Threat Prevention Client Categories
|The action taken by Spam Blocker Lite
+
|integer
 +
|Bitmask client categories of Threat Prevention
 
|-
 
|-
|spam_blocker_score
+
|threat_prevention_server_reputation
|real
+
|Threat Prevention Server Reputation
|The score of the email according to Spam Blocker
+
|smallint
 +
|Numeric server reputation of Threat Prevention
 
|-
 
|-
|spam_blocker_is_spam
+
|threat_prevention_server_categories
|boolean
+
|Threat Prevention Server Categories
|The spam status of the email according to Spam Blocker
+
|integer
 +
|Bitmask server categories of Threat Prevention
 
|-
 
|-
|spam_blocker_tests_string
+
|application_control_lite_protocol
 +
|Application Control Lite Protocol
 
|text
 
|text
|The tess results for Spam Blocker
+
|The application protocol according to Application Control Lite
 
|-
 
|-
|spam_blocker_action
+
|application_control_lite_blocked
|character(1)
+
|Application Control Lite Blocked
|The action taken by Spam Blocker
+
|boolean
 +
|True if Application Control Lite blocked the session
 
|-
 
|-
|phish_blocker_score
+
|captive_portal_blocked
|real
+
|Captive Portal Blocked
|The score of the email according to Phish Blocker
+
|boolean
 +
|True if Captive Portal blocked the session
 
|-
 
|-
|phish_blocker_is_spam
+
|captive_portal_rule_index
|boolean
+
|Captive Portal Rule ID
|The phish status of the email according to Phish Blocker
+
|integer
 +
|The matching rule in Captive Portal (if any)
 
|-
 
|-
|phish_blocker_tests_string
+
|application_control_application
 +
|Application Control Application
 
|text
 
|text
|The tess results for Phish Blocker
+
|The application according to Application Control
 
|-
 
|-
|phish_blocker_action
+
|application_control_protochain
|character(1)
+
|Application Control Protochain
|The action taken by Phish Blocker
+
|text
 +
|The protochain according to Application Control
 
|-
 
|-
|}
+
|application_control_category
<section end='mail_msgs' />
+
|Application Control Category
 
+
|text
 
+
|The category according to Application Control
== http_events ==
 
<section begin='http_events' />
 
 
 
{| border="1" cellpadding="2" width="90%%" align="center"
 
!Column Name
 
!Type
 
!Description
 
 
|-
 
|-
|request_id
+
|application_control_blocked
|bigint
+
|Application Control Blocked
|The HTTP request ID
+
|boolean
 +
|True if Application Control blocked the session
 +
|-
 +
|application_control_flagged
 +
|Application Control Flagged
 +
|boolean
 +
|True if Application Control flagged the session
 
|-
 
|-
|time_stamp
+
|application_control_confidence
|timestamp without time zone
+
|Application Control Confidence
|The time of the event
+
|integer
 +
|True if Application Control confidence of this session's identification
 
|-
 
|-
|session_id
+
|application_control_ruleid
|bigint
+
|Application Control Rule ID
|The session
+
|integer
 +
|The matching rule in Application Control (if any)
 
|-
 
|-
|client_intf
+
|application_control_detail
|smallint
+
|Application Control Detail
|The client interface
+
|text
 +
|The text detail from the Application Control engine
 
|-
 
|-
|server_intf
+
|bandwidth_control_priority
|smallint
+
|Bandwidth Control Priority
|The server interface
+
|integer
 +
|The priority given to this session
 
|-
 
|-
|c_client_addr
+
|bandwidth_control_rule
|inet
+
|Bandwidth Control Rule ID
|The client-side client IP address
+
|integer
 +
|The matching rule in Bandwidth Control rule (if any)
 
|-
 
|-
|s_client_addr
+
|ssl_inspector_ruleid
|inet
+
|SSL Inspector Rule ID
|The server-side client IP address
 
|-
 
|c_server_addr
 
|inet
 
|The client-side server IP address
 
|-
 
|s_server_addr
 
|inet
 
|The server-side server IP address
 
|-
 
|c_client_port
 
 
|integer
 
|integer
|The client-side client port
+
|The matching rule in SSL Inspector rule (if any)
 
|-
 
|-
|s_client_port
+
|ssl_inspector_status
|integer
+
|SSL Inspector Status
|The server-side client port
+
|text
 +
|The status/action of the SSL session (INSPECTED,IGNORED,BLOCKED,UNTRUSTED,ABANDONED)
 
|-
 
|-
|c_server_port
+
|ssl_inspector_detail
|integer
+
|SSL Inspector Detail
|The client-side server port
+
|text
 +
|Additional text detail about the SSL connection (SNI, IP Address)
 
|-
 
|-
|s_server_port
+
|tags
|integer
+
|Tags
|The server-side server port
+
|text
 +
|The tags on this session
 
|-
 
|-
|policy_id
+
|}
|smallint
+
<section end='session_minutes' />
|The policy
+
()
 +
 
 +
== quotas ==
 +
<section begin='quotas' />
 +
 
 +
{| border="1" cellpadding="2" width="90%%" align="center"
 +
!Column Name
 +
!Human Name
 +
!Type
 +
!Description
 +
|-
 +
|time_stamp
 +
|Timestamp
 +
|timestamp without time zone
 +
|The time of the event
 
|-
 
|-
|username
+
|entity
 +
|Entity
 
|text
 
|text
|The username
+
|The IP entity given the quota (address/username)
 
|-
 
|-
|hostname
+
|action
|text
+
|Action
|The hostname
+
|integer
 +
|The action (1=Quota Given, 2=Quota Exceeded)
 
|-
 
|-
|method
+
|size
|character(1)
+
|Size
|The HTTP method
+
|bigint
 +
|The size of the quota
 
|-
 
|-
|uri
+
|reason
 +
|Reason
 
|text
 
|text
|The HTTP URI
+
|The reason for the action
 +
|-
 +
|}
 +
<section end='quotas' />
 +
()
 +
 
 +
== host_table_updates ==
 +
<section begin='host_table_updates' />
 +
 
 +
{| border="1" cellpadding="2" width="90%%" align="center"
 +
!Column Name
 +
!Human Name
 +
!Type
 +
!Description
 +
|-
 +
|address
 +
|Address
 +
|inet
 +
|The IP address of the host
 
|-
 
|-
|host
+
|key
 +
|Key
 
|text
 
|text
|The HTTP host
+
|The key being updated
 
|-
 
|-
|domain
+
|value
 +
|Value
 
|text
 
|text
|The HTTP domain (shortened host)
+
|The new value for the key
 
|-
 
|-
|c2s_content_length
+
|old_value
|bigint
+
|Old Value
|The client-to-server content length
+
|text
 +
|The old value for the key
 
|-
 
|-
|s2c_content_length
+
|time_stamp
|bigint
+
|Timestamp
|The server-to-client content length
+
|timestamp without time zone
 +
|The time of the event
 +
|-
 +
|}
 +
<section end='host_table_updates' />
 +
()
 +
 
 +
== device_table_updates ==
 +
<section begin='device_table_updates' />
 +
 
 +
{| border="1" cellpadding="2" width="90%%" align="center"
 +
!Column Name
 +
!Human Name
 +
!Type
 +
!Description
 
|-
 
|-
|s2c_content_type
+
|mac_address
 +
|MAC Address
 
|text
 
|text
|The server-to-client content type
+
|The MAC address of the device
 
|-
 
|-
|ad_blocker_cookie_ident
+
|key
 +
|Key
 
|text
 
|text
|This name of cookie blocked by Ad Blocker
+
|The key being updated
 
|-
 
|-
|ad_blocker_action
+
|value
|character(1)
+
|Value
|This action of Ad Blocker on this request
+
|text
 +
|The new value for the key
 
|-
 
|-
|web_filter_lite_reason
+
|old_value
|character(1)
+
|Old Value
|This reason Web Filter Lite blocked/flagged this request
 
|-
 
|web_filter_lite_category
 
 
|text
 
|text
|This category according to Web Filter Lite
+
|The old value for the key
 
|-
 
|-
|web_filter_lite_blocked
+
|time_stamp
|boolean
+
|Timestamp
|If Web Filter Lite blocked this request
+
|timestamp without time zone
 +
|The time of the event
 
|-
 
|-
|web_filter_lite_flagged
+
|}
|boolean
+
<section end='device_table_updates' />
|If Web Filter Lite flagged this request
+
()
 +
 
 +
== user_table_updates ==
 +
<section begin='user_table_updates' />
 +
 
 +
{| border="1" cellpadding="2" width="90%%" align="center"
 +
!Column Name
 +
!Human Name
 +
!Type
 +
!Description
 
|-
 
|-
|web_filter_reason
+
|username
|character(1)
+
|Username
|This reason Web Filter blocked/flagged this request
+
|text
 +
|The username
 
|-
 
|-
|web_filter_category
+
|key
 +
|Key
 
|text
 
|text
|This category according to Web Filter
+
|The key being updated
 
|-
 
|-
|web_filter_blocked
+
|value
|boolean
+
|Value
|If Web Filter blocked this request
+
|text
 +
|The new value for the key
 
|-
 
|-
|web_filter_flagged
+
|old_value
|boolean
+
|Old Value
|If Web Filter flagged this request
+
|text
 +
|The old value for the key
 
|-
 
|-
|virus_blocker_lite_clean
+
|time_stamp
|boolean
+
|Timestamp
|The cleanliness of the file according to Virus Blocker Lite
+
|timestamp without time zone
|-
+
|The time of the event
|virus_blocker_lite_name
 
|text
 
|The name of the malware according to Virus Blocker Lite
 
|-
 
|virus_blocker_clean
 
|boolean
 
|The cleanliness of the file according to Virus Blocker
 
|-
 
|virus_blocker_name
 
|text
 
|The name of the malware according to Virus Blocker
 
 
|-
 
|-
 
|}
 
|}
<section end='http_events' />
+
<section end='user_table_updates' />
 +
()
  
 
+
== alerts ==  
== directory_connector_login_events ==
+
<section begin='alerts' />
<section begin='directory_connector_login_events' />
 
  
 
{| border="1" cellpadding="2" width="90%%" align="center"
 
{| border="1" cellpadding="2" width="90%%" align="center"
 
!Column Name
 
!Column Name
 +
!Human Name
 
!Type
 
!Type
 
!Description
 
!Description
 
|-
 
|-
 
|time_stamp
 
|time_stamp
 +
|Timestamp
 
|timestamp without time zone
 
|timestamp without time zone
 
|The time of the event
 
|The time of the event
 
|-
 
|-
|login_name
+
|description
 +
|Text detail of the event
 
|text
 
|text
|The login name
+
|The description from the alert rule.
 
|-
 
|-
|domain
+
|summary_text
 +
|Summary Text
 
|text
 
|text
|The AD domain
+
|The summary text of the alert
 
|-
 
|-
|type
+
|json
 +
|JSON Text
 
|text
 
|text
|The type of event (I=Login,U=Update,O=Logout)
+
|The summary JSON representation of the event causing the alert
|-
 
|client_addr
 
|inet
 
|The client IP address
 
 
|-
 
|-
 
|}
 
|}
<section end='directory_connector_login_events' />
+
<section end='alerts' />
 +
()
  
 
+
== settings_changes ==  
== wan_failover_action_events ==
+
<section begin='settings_changes' />
<section begin='wan_failover_action_events' />
 
  
 
{| border="1" cellpadding="2" width="90%%" align="center"
 
{| border="1" cellpadding="2" width="90%%" align="center"
 
!Column Name
 
!Column Name
 +
!Human Name
 
!Type
 
!Type
 
!Description
 
!Description
 
|-
 
|-
 
|time_stamp
 
|time_stamp
 +
|Timestamp
 
|timestamp without time zone
 
|timestamp without time zone
 
|The time of the event
 
|The time of the event
 
|-
 
|-
|interface_id
+
|settings_file
|integer
+
|Settings File
|This interface ID
+
|text
 +
|The name of the file changed
 
|-
 
|-
|action
+
|username
 +
|Username
 
|text
 
|text
|This action (CONNECTED/DISCONNECTED)
+
|The username logged in at the time of the change
 
|-
 
|-
|os_name
+
|hostname
 +
|Hostname
 
|text
 
|text
|This O/S name of the interface
+
|The remote hostname
|-
 
|name
 
|text
 
|This name of the interface
 
|-
 
|event_id
 
|bigint
 
|The unique event ID
 
 
|-
 
|-
 
|}
 
|}
<section end='wan_failover_action_events' />
+
<section end='settings_changes' />
 
+
()
  
== intrusion_prevention_events ==
+
== web_cache_stats ==  
<section begin='intrusion_prevention_events' />
+
<section begin='web_cache_stats' />
  
 
{| border="1" cellpadding="2" width="90%%" align="center"
 
{| border="1" cellpadding="2" width="90%%" align="center"
 
!Column Name
 
!Column Name
 +
!Human Name
 
!Type
 
!Type
 
!Description
 
!Description
 
|-
 
|-
 
|time_stamp
 
|time_stamp
 +
|Timestamp
 
|timestamp without time zone
 
|timestamp without time zone
 
|The time of the event
 
|The time of the event
 
|-
 
|-
|sig_id
+
|hits
 +
|Hits
 
|bigint
 
|bigint
|This ID of the rule
+
|The number of cache hits during this time frame
 
|-
 
|-
|gen_id
+
|misses
 +
|Misses
 
|bigint
 
|bigint
|The grouping ID for the rule, The gen_id + sig_id specify the rule's unique identifier
+
|The number of cache misses during this time frame
 
|-
 
|-
|class_id
+
|bypasses
 +
|Bypasses
 
|bigint
 
|bigint
|The numeric ID for the classtype
+
|The number of cache user bypasses during this time frame
 
|-
 
|-
|source_addr
+
|systems
|inet
+
|System bypasses
|The source IP address of the packet
+
|bigint
 +
|The number of cache system bypasses during this time frame
 
|-
 
|-
|source_port
+
|hit_bytes
|integer
+
|Hit Bytes
|The source port of the packet (if applicable)
+
|bigint
 +
|The number of bytes saved from cache hits
 
|-
 
|-
|dest_addr
+
|miss_bytes
|inet
+
|Miss Bytes
|The destination IP address of the packet
+
|bigint
 +
|The number of bytes not saved from cache misses
 
|-
 
|-
|dest_port
+
|event_id
|integer
+
|Event ID
|The destination port of the packet (if applicable)
+
|bigint
 +
|The unique event ID
 
|-
 
|-
|protocol
+
|}
|integer
+
<section end='web_cache_stats' />
|The protocol of the packet
+
()
|-
+
 
|blocked
+
== server_events ==  
|boolean
+
<section begin='server_events' />
|If the packet was blocked/dropped
 
|-
 
|category
 
|text
 
|The application specific grouping
 
|-
 
|classtype
 
|text
 
|The generalized threat rule grouping (unrelated to gen_id)
 
|-
 
|msg
 
|text
 
|The "title" or "description" of the rule
 
|-
 
|}
 
<section end='intrusion_prevention_events' />
 
 
 
 
 
== wan_failover_test_events ==
 
<section begin='wan_failover_test_events' />
 
  
 
{| border="1" cellpadding="2" width="90%%" align="center"
 
{| border="1" cellpadding="2" width="90%%" align="center"
 
!Column Name
 
!Column Name
 +
!Human Name
 
!Type
 
!Type
 
!Description
 
!Description
 
|-
 
|-
 
|time_stamp
 
|time_stamp
 +
|Timestamp
 
|timestamp without time zone
 
|timestamp without time zone
 
|The time of the event
 
|The time of the event
 
|-
 
|-
|interface_id
+
|load_1
|integer
+
|CPU load (1-min)
|This interface ID
+
|numeric(6,2)
 +
|The 1-minute CPU load
 
|-
 
|-
|name
+
|load_5
|text
+
|CPU load (5-min)
|This name of the interface
+
|numeric(6,2)
 +
|The 5-minute CPU load
 +
|-
 +
|load_15
 +
|CPU load (15-min)
 +
|numeric(6,2)
 +
|The 15-minute CPU load
 
|-
 
|-
|description
+
|cpu_user
|text
+
|CPU User Utilization
|The description from the test rule
+
|numeric(6,3)
 +
|The user CPU percent utilization
 
|-
 
|-
|success
+
|cpu_system
|boolean
+
|CPU System Utilization
|The result of the test (true if the test succeeded, false otherwise)
+
|numeric(6,3)
 +
|The system CPU percent utilization
 
|-
 
|-
|event_id
+
|mem_total
 +
|Total Memory
 
|bigint
 
|bigint
|The unique event ID
+
|The total bytes of memory
 
|-
 
|-
|}
+
|mem_free
<section end='wan_failover_test_events' />
+
|Memory Free
 
+
|bigint
 +
|The number of free bytes of memory
 +
|-
 +
|disk_total
 +
|Disk Size
 +
|bigint
 +
|The total disk size in bytes
 +
|-
 +
|disk_free
 +
|Disk Free
 +
|bigint
 +
|The free disk space in bytes
 +
|-
 +
|swap_total
 +
|Swap Size
 +
|bigint
 +
|The total swap size in bytes
 +
|-
 +
|swap_free
 +
|Swap Free
 +
|bigint
 +
|The free disk swap in bytes
 +
|-
 +
|active_hosts
 +
|Active Hosts
 +
|integer
 +
|The number of active hosts
 +
|-
 +
|}
 +
<section end='server_events' />
 +
()
  
== settings_changes ==
+
== interface_stat_events ==  
<section begin='settings_changes' />
+
<section begin='interface_stat_events' />
  
 
{| border="1" cellpadding="2" width="90%%" align="center"
 
{| border="1" cellpadding="2" width="90%%" align="center"
 
!Column Name
 
!Column Name
 +
!Human Name
 
!Type
 
!Type
 
!Description
 
!Description
 
|-
 
|-
 
|time_stamp
 
|time_stamp
 +
|Timestamp
 
|timestamp without time zone
 
|timestamp without time zone
 
|The time of the event
 
|The time of the event
 
|-
 
|-
|settings_file
+
|interface_id
|text
+
|Interface ID
|The name of the file changed
+
|integer
 +
|The interface ID
 +
|-
 +
|rx_rate
 +
|Rx Rate
 +
|double precision
 +
|The RX rate (bytes/s)
 +
|-
 +
|rx_bytes
 +
|Bytes Received
 +
|bigint
 +
|The number of bytes received from the client in this connection
 
|-
 
|-
|username
+
|tx_rate
|text
+
|Tx Rate
|The username logged in at the time of the change
+
|double precision
 +
|The TX rate (bytes/s)
 
|-
 
|-
|hostname
+
|tx_bytes
|text
+
|Bytes Sent
|The remote hostname
+
|bigint
 +
|The number of bytes sent to the client in this connection
 
|-
 
|-
 
|}
 
|}
<section end='settings_changes' />
+
<section end='interface_stat_events' />
 +
()
  
 
+
== mail_msgs ==  
== alerts ==
+
<section begin='mail_msgs' />
<section begin='alerts' />
 
  
 
{| border="1" cellpadding="2" width="90%%" align="center"
 
{| border="1" cellpadding="2" width="90%%" align="center"
 
!Column Name
 
!Column Name
 +
!Human Name
 
!Type
 
!Type
 
!Description
 
!Description
 
|-
 
|-
 
|time_stamp
 
|time_stamp
 +
|Timestamp
 
|timestamp without time zone
 
|timestamp without time zone
 
|The time of the event
 
|The time of the event
 
|-
 
|-
|description
+
|session_id
|text
+
|Session ID
|The description from the alert rule.
+
|bigint
 +
|The session
 
|-
 
|-
|summary_text
+
|client_intf
|text
+
|Client Interface
|The summary text of the alert
+
|smallint
 +
|The client interface
 
|-
 
|-
|json
+
|server_intf
|text
+
|Server Interface
|The summary JSON representation of the event causing the alert
+
|smallint
 +
|The server interface
 
|-
 
|-
|}
+
|c_client_addr
<section end='alerts' />
+
|Client-side Client Address
 
+
|inet
 
+
|The client-side client IP address
== host_table_updates ==
 
<section begin='host_table_updates' />
 
 
 
{| border="1" cellpadding="2" width="90%%" align="center"
 
!Column Name
 
!Type
 
!Description
 
 
|-
 
|-
|address
+
|s_client_addr
 +
|Server-side Client Address
 
|inet
 
|inet
|The IP address of the host
+
|The server-side client IP address
 
|-
 
|-
|key
+
|c_server_addr
|text
+
|Client-side Server Address
|The key being updated
+
|inet
 +
|The client-side server IP address
 +
|-
 +
|s_server_addr
 +
|Server-side Server Address
 +
|inet
 +
|The server-side server IP address
 
|-
 
|-
|value
+
|c_client_port
|text
+
|Client-side Client Port
|The new value for the key
+
|integer
 +
|The client-side client port
 
|-
 
|-
|time_stamp
+
|s_client_port
|timestamp without time zone
+
|Server-side Client Port
|The time of the event
+
|integer
 +
|The server-side client port
 
|-
 
|-
|}
+
|c_server_port
<section end='host_table_updates' />
+
|Client-side Server Port
 
+
|integer
 
+
|The client-side server port
== quotas ==
 
<section begin='quotas' />
 
 
 
{| border="1" cellpadding="2" width="90%%" align="center"
 
!Column Name
 
!Type
 
!Description
 
 
|-
 
|-
|time_stamp
+
|s_server_port
|timestamp without time zone
+
|Server-side Server Port
|The time of the event
 
|-
 
|address
 
|inet
 
|The IP address of the host
 
|-
 
|action
 
 
|integer
 
|integer
|The action (1=Quota Given, 2=Quota Exceeded)
+
|The server-side server port
 
|-
 
|-
|size
+
|policy_id
 +
|Policy ID
 
|bigint
 
|bigint
|The size of the quota
+
|The policy
 
|-
 
|-
|reason
+
|username
 +
|Username
 
|text
 
|text
|The reason for the action
+
|The username associated with this session
 
|-
 
|-
|}
+
|msg_id
<section end='quotas' />
+
|Message ID
 
+
|bigint
 
+
|The message ID
== penaltybox ==
 
<section begin='penaltybox' />
 
 
 
{| border="1" cellpadding="2" width="90%%" align="center"
 
!Column Name
 
!Type
 
!Description
 
 
|-
 
|-
|address
+
|subject
|inet
+
|Subject
|The IP address of the host
+
|text
 +
|The email subject
 
|-
 
|-
|reason
+
|hostname
 +
|Hostname
 
|text
 
|text
|The reason for the action
+
|The hostname of the local address
 
|-
 
|-
|start_time
+
|event_id
|timestamp without time zone
+
|Event ID
|The time the client entered the penalty box
+
|bigint
 +
|The unique event ID
 
|-
 
|-
|end_time
+
|sender
|timestamp without time zone
+
|Sender
|The time the client exited the penalty box
+
|text
 +
|The address of the sender
 
|-
 
|-
|time_stamp
+
|receiver
|timestamp without time zone
+
|Receiver
|The time of the event
+
|text
 +
|The address of the receiver
 
|-
 
|-
|}
+
|virus_blocker_lite_clean
<section end='penaltybox' />
+
|Virus Blocker Lite Clean
 
+
|boolean
 
+
|The cleanliness of the file according to Virus Blocker Lite
== admin_logins ==
 
<section begin='admin_logins' />
 
 
 
{| border="1" cellpadding="2" width="90%%" align="center"
 
!Column Name
 
!Type
 
!Description
 
 
|-
 
|-
|time_stamp
+
|virus_blocker_lite_name
|timestamp without time zone
+
|Virus Blocker Lite Name
|The time of the event
 
|-
 
|login
 
 
|text
 
|text
|The login name
+
|The name of the malware according to Virus Blocker Lite
 
|-
 
|-
|local
+
|virus_blocker_clean
 +
|Virus Blocker Clean
 
|boolean
 
|boolean
|True if it is a login attempt through a local process
+
|The cleanliness of the file according to Virus Blocker
 +
|-
 +
|virus_blocker_name
 +
|Virus Blocker Name
 +
|text
 +
|The name of the malware according to Virus Blocker
 
|-
 
|-
|client_addr
+
|spam_blocker_lite_score
|inet
+
|Spam Blocker Lite Score
|The client IP address
+
|real
 +
|The score of the email according to Spam Blocker Lite
 
|-
 
|-
|succeeded
+
|spam_blocker_lite_is_spam
 +
|Spam Blocker Lite Spam
 
|boolean
 
|boolean
|True if the login succeeded, false otherwise
+
|The spam status of the email according to Spam Blocker Lite
 +
|-
 +
|spam_blocker_lite_tests_string
 +
|Spam Blocker Lite Tests
 +
|text
 +
|The tess results for Spam Blocker Lite
 
|-
 
|-
|reason
+
|spam_blocker_lite_action
 +
|Spam Blocker Lite Action
 
|character(1)
 
|character(1)
|The reason for the login (if applicable)
+
|The action taken by Spam Blocker Lite
 +
|-
 +
|spam_blocker_score
 +
|Spam Blocker Score
 +
|real
 +
|The score of the email according to Spam Blocker
 
|-
 
|-
|}
+
|spam_blocker_is_spam
<section end='admin_logins' />
+
|Spam Blocker Spam
 +
|boolean
 +
|The spam status of the email according to Spam Blocker
 +
|-
 +
|spam_blocker_tests_string
 +
|Spam Blocker Tests
 +
|text
 +
|The tess results for Spam Blocker
 +
|-
 +
|spam_blocker_action
 +
|Spam Blocker Action
 +
|character(1)
 +
|The action taken by Spam Blocker
 +
|-
 +
|phish_blocker_score
 +
|Phish Blocker Score
 +
|real
 +
|The score of the email according to Phish Blocker
 +
|-
 +
|phish_blocker_is_spam
 +
|Phish Blocker Phish
 +
|boolean
 +
|The phish status of the email according to Phish Blocker
 +
|-
 +
|phish_blocker_tests_string
 +
|Phish Blocker Tests
 +
|text
 +
|The tess results for Phish Blocker
 +
|-
 +
|phish_blocker_action
 +
|Phish Blocker Action
 +
|character(1)
 +
|The action taken by Phish Blocker
 +
|-
 +
|}
 +
<section end='mail_msgs' />
 +
()
 +
 
 +
== mail_addrs ==
 +
<section begin='mail_addrs' />
 +
 
 +
{| border="1" cellpadding="2" width="90%%" align="center"
 +
!Column Name
 +
!Human Name
 +
!Type
 +
!Description
 +
|-
 +
|time_stamp
 +
|Timestamp
 +
|timestamp without time zone
 +
|The time of the event
 +
|-
 +
|session_id
 +
|Session ID
 +
|bigint
 +
|The session
 +
|-
 +
|client_intf
 +
|Client Interface
 +
|smallint
 +
|The client interface
 +
|-
 +
|server_intf
 +
|Server Interface
 +
|smallint
 +
|The server interface
 +
|-
 +
|c_client_addr
 +
|Client-side Client Address
 +
|inet
 +
|The client-side client IP address
 +
|-
 +
|s_client_addr
 +
|Server-side Client Address
 +
|inet
 +
|The server-side client IP address
 +
|-
 +
|c_server_addr
 +
|Client-side Server Address
 +
|inet
 +
|The client-side server IP address
 +
|-
 +
|s_server_addr
 +
|Server-side Server Address
 +
|inet
 +
|The server-side server IP address
 +
|-
 +
|c_client_port
 +
|Client-side Client Port
 +
|integer
 +
|The client-side client port
 +
|-
 +
|s_client_port
 +
|Server-side Client Port
 +
|integer
 +
|The server-side client port
 +
|-
 +
|c_server_port
 +
|Client-side Server Port
 +
|integer
 +
|The client-side server port
 +
|-
 +
|s_server_port
 +
|Server-side Server Port
 +
|integer
 +
|The server-side server port
 +
|-
 +
|policy_id
 +
|Policy ID
 +
|bigint
 +
|The policy
 +
|-
 +
|username
 +
|Username
 +
|text
 +
|The username associated with this session
 +
|-
 +
|msg_id
 +
|Message ID
 +
|bigint
 +
|The message ID
 +
|-
 +
|subject
 +
|Subject
 +
|text
 +
|The email subject
 +
|-
 +
|addr
 +
|Address
 +
|text
 +
|The address of this event
 +
|-
 +
|addr_name
 +
|Address Name
 +
|text
 +
|The name for this address
 +
|-
 +
|addr_kind
 +
|Address Kind
 +
|character(1)
 +
|The type for this address (F=From, T=To, C=CC, G=Envelope From, B=Envelope To, X=Unknown)
 +
|-
 +
|hostname
 +
|Hostname
 +
|text
 +
|The hostname of the local address
 +
|-
 +
|event_id
 +
|Event ID
 +
|bigint
 +
|The unique event ID
 +
|-
 +
|sender
 +
|Sender
 +
|text
 +
|The address of the sender
 +
|-
 +
|virus_blocker_lite_clean
 +
|Virus Blocker Lite Clean
 +
|boolean
 +
|The cleanliness of the file according to Virus Blocker Lite
 +
|-
 +
|virus_blocker_lite_name
 +
|Virus Blocker Lite Name
 +
|text
 +
|The name of the malware according to Virus Blocker Lite
 +
|-
 +
|virus_blocker_clean
 +
|Virus Blocker Clean
 +
|boolean
 +
|The cleanliness of the file according to Virus Blocker
 +
|-
 +
|virus_blocker_name
 +
|Virus Blocker Name
 +
|text
 +
|The name of the malware according to Virus Blocker
 +
|-
 +
|spam_blocker_lite_score
 +
|Spam Blocker Lite Score
 +
|real
 +
|The score of the email according to Spam Blocker Lite
 +
|-
 +
|spam_blocker_lite_is_spam
 +
|Spam Blocker Lite Spam
 +
|boolean
 +
|The spam status of the email according to Spam Blocker Lite
 +
|-
 +
|spam_blocker_lite_action
 +
|Spam Blocker Lite Action
 +
|character(1)
 +
|The action taken by Spam Blocker Lite
 +
|-
 +
|spam_blocker_lite_tests_string
 +
|Spam Blocker Lite Tests
 +
|text
 +
|The tess results for Spam Blocker Lite
 +
|-
 +
|spam_blocker_score
 +
|Spam Blocker Score
 +
|real
 +
|The score of the email according to Spam Blocker
 +
|-
 +
|spam_blocker_is_spam
 +
|Spam Blocker Spam
 +
|boolean
 +
|The spam status of the email according to Spam Blocker
 +
|-
 +
|spam_blocker_action
 +
|Spam Blocker Action
 +
|character(1)
 +
|The action taken by Spam Blocker
 +
|-
 +
|spam_blocker_tests_string
 +
|Spam Blocker Tests
 +
|text
 +
|The tess results for Spam Blocker
 +
|-
 +
|phish_blocker_score
 +
|Phish Blocker Score
 +
|real
 +
|The score of the email according to Phish Blocker
 +
|-
 +
|phish_blocker_is_spam
 +
|Phish Blocker Phish
 +
|boolean
 +
|The phish status of the email according to Phish Blocker
 +
|-
 +
|phish_blocker_tests_string
 +
|Phish Blocker Tests
 +
|text
 +
|The tess results for Phish Blocker
 +
|-
 +
|phish_blocker_action
 +
|Phish Blocker Action
 +
|character(1)
 +
|The action taken by Phish Blocker
 +
|-
 +
|}
 +
<section end='mail_addrs' />
 +
()
 +
 
 +
== ftp_events ==
 +
<section begin='ftp_events' />
 +
 
 +
{| border="1" cellpadding="2" width="90%%" align="center"
 +
!Column Name
 +
!Human Name
 +
!Type
 +
!Description
 +
|-
 +
|event_id
 +
|Event ID
 +
|bigint
 +
|The unique event ID
 +
|-
 +
|time_stamp
 +
|Timestamp
 +
|timestamp without time zone
 +
|The time of the event
 +
|-
 +
|session_id
 +
|Session ID
 +
|bigint
 +
|The session
 +
|-
 +
|client_intf
 +
|Client Interface
 +
|smallint
 +
|The client interface
 +
|-
 +
|server_intf
 +
|Server Interface
 +
|smallint
 +
|The server interface
 +
|-
 +
|c_client_addr
 +
|Client-side Client Address
 +
|inet
 +
|The client-side client IP address
 +
|-
 +
|s_client_addr
 +
|Server-side Client Address
 +
|inet
 +
|The server-side client IP address
 +
|-
 +
|c_server_addr
 +
|Client-side Server Address
 +
|inet
 +
|The client-side server IP address
 +
|-
 +
|s_server_addr
 +
|Server-side Server Address
 +
|inet
 +
|The server-side server IP address
 +
|-
 +
|policy_id
 +
|Policy ID
 +
|bigint
 +
|The policy
 +
|-
 +
|username
 +
|Username
 +
|text
 +
|The username associated with this session
 +
|-
 +
|hostname
 +
|Hostname
 +
|text
 +
|The hostname of the local address
 +
|-
 +
|request_id
 +
|Request ID
 +
|bigint
 +
|The FTP request ID
 +
|-
 +
|method
 +
|Method
 +
|character(1)
 +
|The FTP method
 +
|-
 +
|uri
 +
|URI
 +
|text
 +
|The FTP URI
 +
|-
 +
|virus_blocker_lite_clean
 +
|Virus Blocker Lite Clean
 +
|boolean
 +
|The cleanliness of the file according to Virus Blocker Lite
 +
|-
 +
|virus_blocker_lite_name
 +
|Virus Blocker Lite Name
 +
|text
 +
|The name of the malware according to Virus Blocker Lite
 +
|-
 +
|virus_blocker_clean
 +
|Virus Blocker Clean
 +
|boolean
 +
|The cleanliness of the file according to Virus Blocker
 +
|-
 +
|virus_blocker_name
 +
|Virus Blocker Name
 +
|text
 +
|The name of the malware according to Virus Blocker
 +
|-
 +
|}
 +
<section end='ftp_events' />
 +
()
 +
 
 +
== tunnel_vpn_events ==
 +
<section begin='tunnel_vpn_events' />
 +
 
 +
{| border="1" cellpadding="2" width="90%%" align="center"
 +
!Column Name
 +
!Human Name
 +
!Type
 +
!Description
 +
|-
 +
|event_id
 +
|Event ID
 +
|bigint
 +
|The unique event ID
 +
|-
 +
|time_stamp
 +
|Timestamp
 +
|timestamp without time zone
 +
|The time of the event
 +
|-
 +
|tunnel_name
 +
|Tunnel Name
 +
|text
 +
|The name the tunnel
 +
|-
 +
|server_address
 +
|Server IP Address
 +
|text
 +
|The address of the remote server
 +
|-
 +
|local_address
 +
|Local Address
 +
|text
 +
|The local address assigned the client
 +
|-
 +
|event_type
 +
|Event Type
 +
|text
 +
|The type of the event (CONNECT,DISCONNECT)
 +
|-
 +
|}
 +
<section end='tunnel_vpn_events' />
 +
()
 +
 
 +
== tunnel_vpn_stats ==
 +
<section begin='tunnel_vpn_stats' />
 +
 
 +
{| border="1" cellpadding="2" width="90%%" align="center"
 +
!Column Name
 +
!Human Name
 +
!Type
 +
!Description
 +
|-
 +
|time_stamp
 +
|Timestamp
 +
|timestamp without time zone
 +
|The time of the event
 +
|-
 +
|tunnel_name
 +
|Tunnel Name
 +
|text
 +
|The name of the Tunnel VPN tunnel
 +
|-
 +
|in_bytes
 +
|In Bytes
 +
|bigint
 +
|The number of bytes received during this time frame
 +
|-
 +
|out_bytes
 +
|Out Bytes
 +
|bigint
 +
|The number of bytes transmitted during this time frame
 +
|-
 +
|event_id
 +
|Event ID
 +
|bigint
 +
|The unique event ID
 +
|-
 +
|}
 +
<section end='tunnel_vpn_stats' />
 +
()
 +
 
 +
== wan_failover_test_events ==
 +
<section begin='wan_failover_test_events' />
 +
 
 +
{| border="1" cellpadding="2" width="90%%" align="center"
 +
!Column Name
 +
!Human Name
 +
!Type
 +
!Description
 +
|-
 +
|time_stamp
 +
|Timestamp
 +
|timestamp without time zone
 +
|The time of the event
 +
|-
 +
|interface_id
 +
|Interface ID
 +
|integer
 +
|This interface ID
 +
|-
 +
|name
 +
|Interface Name
 +
|text
 +
|This name of the interface
 +
|-
 +
|description
 +
|Text detail of the event
 +
|text
 +
|The description from the test rule
 +
|-
 +
|success
 +
|Success
 +
|boolean
 +
|The result of the test (true if the test succeeded, false otherwise)
 +
|-
 +
|event_id
 +
|Event ID
 +
|bigint
 +
|The unique event ID
 +
|-
 +
|}
 +
<section end='wan_failover_test_events' />
 +
()
 +
 
 +
== wan_failover_action_events ==
 +
<section begin='wan_failover_action_events' />
 +
 
 +
{| border="1" cellpadding="2" width="90%%" align="center"
 +
!Column Name
 +
!Human Name
 +
!Type
 +
!Description
 +
|-
 +
|time_stamp
 +
|Timestamp
 +
|timestamp without time zone
 +
|The time of the event
 +
|-
 +
|interface_id
 +
|Interface ID
 +
|integer
 +
|This interface ID
 +
|-
 +
|action
 +
|Action
 +
|text
 +
|This action (CONNECTED,DISCONNECTED)
 +
|-
 +
|os_name
 +
|Interface O/S Name
 +
|text
 +
|This O/S name of the interface
 +
|-
 +
|name
 +
|Interface Name
 +
|text
 +
|This name of the interface
 +
|-
 +
|event_id
 +
|Event ID
 +
|bigint
 +
|The unique event ID
 +
|-
 +
|}
 +
<section end='wan_failover_action_events' />
 +
()
 +
 
 +
== directory_connector_login_events ==
 +
<section begin='directory_connector_login_events' />
 +
 
 +
{| border="1" cellpadding="2" width="90%%" align="center"
 +
!Column Name
 +
!Human Name
 +
!Type
 +
!Description
 +
|-
 +
|time_stamp
 +
|Timestamp
 +
|timestamp without time zone
 +
|The time of the event
 +
|-
 +
|login_name
 +
|Login Name
 +
|text
 +
|The login name
 +
|-
 +
|domain
 +
|Domain
 +
|text
 +
|The AD domain
 +
|-
 +
|type
 +
|Type
 +
|text
 +
|The type of event (I=Login,U=Update,O=Logout)
 +
|-
 +
|client_addr
 +
|Client Address
 +
|inet
 +
|The client IP address
 +
|-
 +
|login_type
 +
|Login Type
 +
|text
 +
|The login type
 +
|-
 +
|}
 +
<section end='directory_connector_login_events' />
 +
()
 +
 
 +
== captive_portal_user_events ==
 +
<section begin='captive_portal_user_events' />
 +
 
 +
{| border="1" cellpadding="2" width="90%%" align="center"
 +
!Column Name
 +
!Human Name
 +
!Type
 +
!Description
 +
|-
 +
|time_stamp
 +
|Timestamp
 +
|timestamp without time zone
 +
|The time of the event
 +
|-
 +
|policy_id
 +
|Policy ID
 +
|bigint
 +
|The policy
 +
|-
 +
|event_id
 +
|Event ID
 +
|bigint
 +
|The unique event ID
 +
|-
 +
|login_name
 +
|Login Name
 +
|text
 +
|The login username
 +
|-
 +
|event_info
 +
|Event Type
 +
|text
 +
|The type of event (LOGIN, FAILED, TIMEOUT, INACTIVE, USER_LOGOUT, ADMIN_LOGOUT)
 +
|-
 +
|auth_type
 +
|Authorization Type
 +
|text
 +
|The authorization type for this event
 +
|-
 +
|client_addr
 +
|Client Address
 +
|text
 +
|The remote IP address of the client
 +
|-
 +
|}
 +
<section end='captive_portal_user_events' />
 +
()
 +
 
 +
== openvpn_stats ==
 +
<section begin='openvpn_stats' />
 +
 
 +
{| border="1" cellpadding="2" width="90%%" align="center"
 +
!Column Name
 +
!Human Name
 +
!Type
 +
!Description
 +
|-
 +
|time_stamp
 +
|Timestamp
 +
|timestamp without time zone
 +
|The time of the event
 +
|-
 +
|start_time
 +
|Start Time
 +
|timestamp without time zone
 +
|The time the OpenVPN session started
 +
|-
 +
|end_time
 +
|End Time
 +
|timestamp without time zone
 +
|The time the OpenVPN session ended
 +
|-
 +
|rx_bytes
 +
|Bytes Received
 +
|bigint
 +
|The total bytes received from the client during this session
 +
|-
 +
|tx_bytes
 +
|Bytes Sent
 +
|bigint
 +
|The total bytes sent to the client during this session
 +
|-
 +
|remote_address
 +
|Remote Address
 +
|inet
 +
|The remote IP address of the client
 +
|-
 +
|pool_address
 +
|Pool Address
 +
|inet
 +
|The pool IP address of the client
 +
|-
 +
|remote_port
 +
|Remote Port
 +
|integer
 +
|The remote port of the client
 +
|-
 +
|client_name
 +
|Client Name
 +
|text
 +
|The name of the client
 +
|-
 +
|event_id
 +
|Event ID
 +
|bigint
 +
|The unique event ID
 +
|-
 +
|}
 +
<section end='openvpn_stats' />
 +
()
 +
 
 +
== openvpn_events ==
 +
<section begin='openvpn_events' />
 +
 
 +
{| border="1" cellpadding="2" width="90%%" align="center"
 +
!Column Name
 +
!Human Name
 +
!Type
 +
!Description
 +
|-
 +
|time_stamp
 +
|Timestamp
 +
|timestamp without time zone
 +
|The time of the event
 +
|-
 +
|remote_address
 +
|Remote Address
 +
|inet
 +
|The remote IP address of the client
 +
|-
 +
|pool_address
 +
|Pool Address
 +
|inet
 +
|The pool IP address of the client
 +
|-
 +
|client_name
 +
|Client Name
 +
|text
 +
|The name of the client
 +
|-
 +
|type
 +
|Type
 +
|text
 +
|The type of the event (CONNECT,DISCONNECT)
 +
|-
 +
|}
 +
<section end='openvpn_events' />
 +
()

Latest revision as of 18:37, 8 September 2020

Database Tables

configuration_backup_events


Column Name Human Name Type Description
time_stamp Timestamp timestamp without time zone The time of the event
success Success boolean The result of the backup (true if the backup succeeded, false otherwise)
description Text detail of the event text Text detail of the event
destination Destination text The location of the backup
event_id Event ID bigint The unique event ID

()

http_events


Column Name Human Name Type Description
request_id Request ID bigint The HTTP request ID
time_stamp Timestamp timestamp without time zone The time of the event
session_id Session ID bigint The session
client_intf Client Interface smallint The client interface
server_intf Server Interface smallint The server interface
c_client_addr Client-side Client Address inet The client-side client IP address
s_client_addr Server-side Client Address inet The server-side client IP address
c_server_addr Client-side Server Address inet The client-side server IP address
s_server_addr Server-side Server Address inet The server-side server IP address
c_client_port Client-side Client Port integer The client-side client port
s_client_port Server-side Client Port integer The server-side client port
c_server_port Client-side Server Port integer The client-side server port
s_server_port Server-side Server Port integer The server-side server port
client_country Client Country text The client Country
client_latitude Client Latitude real The client Latitude
client_longitude Client Longitude real The client Longitude
server_country Server Country text The server Country
server_latitude Server Latitude real The server Latitude
server_longitude Server Longitude real The server Longitude
policy_id Policy ID smallint The policy
username Username text The username associated with this session
hostname Hostname text The hostname of the local address
method Method character(1) The HTTP method
uri URI text The HTTP URI
host Host text The HTTP host
domain Domain text The HTTP domain (shortened host)
referer Referer text The Referer URL
c2s_content_length Client-to-server Content Length bigint The client-to-server content length
s2c_content_length Server-to-client Content Length bigint The server-to-client content length
s2c_content_type Server-to-client Content Type text The server-to-client content type
s2c_content_filename Server-to-client Content Disposition Filename text The server-to-client content disposition filename
ad_blocker_cookie_ident Ad Blocker Cookie text This name of cookie blocked by Ad Blocker
ad_blocker_action Ad Blocker Action character(1) This action of Ad Blocker on this request
web_filter_reason Reason for action (Web Filter) character(1) This reason Web Filter blocked/flagged this request
web_filter_category_id Web Category (Web Filter) smallint This numeric category according to Web Filter
web_filter_rule_id Web Rule (Web Filter) smallint This numeric rule according to Web Filter
web_filter_blocked Blocked (Web Filter) boolean If Web Filter blocked this request
web_filter_flagged Flagged (Web Filter) boolean If Web Filter flagged this request
virus_blocker_lite_clean Virus Blocker Lite Clean boolean The cleanliness of the file according to Virus Blocker Lite
virus_blocker_lite_name Virus Blocker Lite Name text The name of the malware according to Virus Blocker Lite
virus_blocker_clean Virus Blocker Clean boolean The cleanliness of the file according to Virus Blocker
virus_blocker_name Virus Blocker Name text The name of the malware according to Virus Blocker
threat_prevention_blocked Threat Prevention Blocked boolean If Threat Prevention blocked this request
threat_prevention_flagged Threat Prevention Flagged boolean If Threat Prevention flagged this request
threat_prevention_rule_id Threat Prevention Rule Id integer This numeric rule according to Threat Prevention
threat_prevention_reputation Threat Prevention Reputation smallint This numeric threat reputation
threat_prevention_categories Threat Prevention Categories integer This bitmask of threat categories

()

intrusion_prevention_events


Column Name Human Name Type Description
time_stamp Timestamp timestamp without time zone The time of the event
sig_id Signature ID bigint This ID of the rule
gen_id Grouping ID bigint The grouping ID for the rule, The gen_id + sig_id specify the rule's unique identifier
class_id Classtype ID bigint The numeric ID for the classtype
source_addr Source Address inet The source IP address of the packet
source_port Source Port integer The source port of the packet (if applicable)
dest_addr Destination Address inet The destination IP address of the packet
dest_port Destination Port integer The destination port of the packet (if applicable)
protocol Protocol integer The protocol of the packet
blocked Blocked boolean If the packet was blocked/dropped
category Category text The application specific grouping for the signature
classtype Classtype text The generalized threat signature grouping (unrelated to gen_id)
msg Message text The "title" or "description" of the signature
rid Rule ID text The rule id
rule_id Rule ID text The rule id

()

smtp_tarpit_events


Column Name Human Name Type Description
time_stamp Timestamp timestamp without time zone The time of the event
ipaddr Client Address inet The client IP address
hostname Hostname text The hostname of the local address
policy_id Policy ID bigint The policy
vendor_name Vendor Name character varying(255) The "vendor name" of the app that logged the event
event_id Event ID bigint The unique event ID

()

ipsec_user_events


Column Name Human Name Type Description
event_id Event ID bigint The unique event ID
time_stamp Timestamp timestamp without time zone The time of the event
connect_stamp Connect Time timestamp without time zone The time the connection started
goodbye_stamp End Time timestamp without time zone The time the connection ended
client_address Client Address text The remote IP address of the client
client_protocol Client Protocol text The protocol the client used to connect
client_username Client Username text The username of the client
net_process Net Process text The PID of the PPP process for L2TP connections or the connection ID for Xauth connections
net_interface Net Interface text The PPP interface for L2TP connections or the client interface for Xauth connections
elapsed_time Elapsed Time text The total time the client was connected
rx_bytes Bytes Received bigint The number of bytes received from the client in this connection
tx_bytes Bytes Sent bigint The number of bytes sent to the client in this connection

()

ipsec_vpn_events


Column Name Human Name Type Description
event_id Event ID bigint The unique event ID
time_stamp Timestamp timestamp without time zone The time of the event
local_address Local Address text The local address of the tunnel
remote_address Remote Address text The remote address of the tunnel
tunnel_description Tunnel Description text The description of the tunnel
event_type Event Type text The type of the event (CONNECT,DISCONNECT)

()

ipsec_tunnel_stats


Column Name Human Name Type Description
time_stamp Timestamp timestamp without time zone The time of the event
tunnel_name Tunnel Name text The name of the IPsec tunnel
in_bytes In Bytes bigint The number of bytes received during this time frame
out_bytes Out Bytes bigint The number of bytes transmitted during this time frame
event_id Event ID bigint The unique event ID

()

http_query_events


Column Name Human Name Type Description
event_id Event ID bigint The unique event ID
time_stamp Timestamp timestamp without time zone The time of the event
session_id Session ID bigint The session
client_intf Client Interface smallint The client interface
server_intf Server Interface smallint The server interface
c_client_addr Client-side Client Address inet The client-side client IP address
s_client_addr Server-side Client Address inet The server-side client IP address
c_server_addr Client-side Server Address inet The client-side server IP address
s_server_addr Server-side Server Address inet The server-side server IP address
c_client_port Client-side Client Port integer The client-side client port
s_client_port Server-side Client Port integer The server-side client port
c_server_port Client-side Server Port integer The client-side server port
s_server_port Server-side Server Port integer The server-side server port
policy_id Policy ID bigint The policy
username Username text The username associated with this session
hostname Hostname text The hostname of the local address
request_id Request ID bigint The HTTP request ID
method Method character(1) The HTTP method
uri URI text The HTTP URI
term Search Term text The search term
host Host text The HTTP host
c2s_content_length Client-to-server Content Length bigint The client-to-server content length
s2c_content_length Server-to-client Content Length bigint The server-to-client content length
s2c_content_type Server-to-client Content Type text The server-to-client content type
blocked Blocked boolean If Web Filter blocked this search term
flagged Flagged boolean If Web Filter flagged this search term

()

admin_logins


Column Name Human Name Type Description
time_stamp Timestamp timestamp without time zone The time of the event
login Login text The login name
local Local boolean True if it is a login attempt through a local process
client_addr Client Address inet The client IP address
succeeded Succeeded boolean True if the login succeeded, false otherwise
reason Reason character(1) The reason for the login (if applicable)

()

sessions


Column Name Human Name Type Description
session_id Session ID bigint The session
time_stamp Timestamp timestamp without time zone The time of the event
end_time End Time timestamp without time zone The time the session ended
bypassed Bypassed boolean True if the session was bypassed, false otherwise
entitled Entitled boolean True if the session is entitled to premium functionality
protocol Protocol smallint The IP protocol of session
icmp_type ICMP Type smallint The ICMP type of session if ICMP
hostname Hostname text The hostname of the local address
username Username text The username associated with this session
policy_id Policy ID smallint The policy
policy_rule_id Policy Rule ID smallint The ID of the matching policy rule (0 means none)
local_addr Local Address inet The IP address of the local participant
remote_addr Remote Address inet The IP address of the remote participant
c_client_addr Client-side Client Address inet The client-side client IP address
c_server_addr Client-side Server Address inet The client-side server IP address
c_server_port Client-side Server Port integer The client-side server port
c_client_port Client-side Client Port integer The client-side client port
s_client_addr Server-side Client Address inet The server-side client IP address
s_server_addr Server-side Server Address inet The server-side server IP address
s_server_port Server-side Server Port integer The server-side server port
s_client_port Server-side Client Port integer The server-side client port
client_intf Client Interface smallint The client interface
server_intf Server Interface smallint The server interface
client_country Client Country text The client Country
client_latitude Client Latitude real The client Latitude
client_longitude Client Longitude real The client Longitude
server_country Server Country text The server Country
server_latitude Server Latitude real The server Latitude
server_longitude Server Longitude real The server Longitude
c2p_bytes From-Client Bytes bigint The number of bytes the client sent to Untangle (client-to-pipeline)
p2c_bytes To-Client Bytes bigint The number of bytes Untangle sent to client (pipeline-to-client)
s2p_bytes From-Server Bytes bigint The number of bytes the server sent to Untangle (client-to-pipeline)
p2s_bytes To-Server Bytes bigint The number of bytes Untangle sent to server (pipeline-to-client)
filter_prefix Filter Block text The network filter that blocked the connection (filter,shield,invalid)
firewall_blocked Firewall Blocked boolean True if Firewall blocked the session, false otherwise
firewall_flagged Firewall Flagged boolean True if Firewall flagged the session, false otherwise
firewall_rule_index Firewall Rule ID integer The matching rule in Firewall (if any)
threat_prevention_blocked Threat Prevention Blocked boolean If Threat Prevention blocked
threat_prevention_flagged Threat Prevention Flagged boolean If Threat Prevention flagged
threat_prevention_reason Threat Prevention Reason character(1) Threat Prevention reason
threat_prevention_rule_id Threat Prevention Rule Id integer Numeric rule id of Threat Prevention
threat_prevention_client_reputation Threat Prevention Client Reputation smallint Numeric client reputation of Threat Prevention
threat_prevention_client_categories Threat Prevention Client Categories integer Bitmask client categories of Threat Prevention
threat_prevention_server_reputation Threat Prevention Server Reputation smallint Numeric server reputation of Threat Prevention
threat_prevention_server_categories Threat Prevention Server Categories integer Bitmask server categories of Threat Prevention
application_control_lite_protocol Application Control Lite Protocol text The application protocol according to Application Control Lite
application_control_lite_blocked Application Control Lite Blocked boolean True if Application Control Lite blocked the session
captive_portal_blocked Captive Portal Blocked boolean True if Captive Portal blocked the session
captive_portal_rule_index Captive Portal Rule ID integer The matching rule in Captive Portal (if any)
application_control_application Application Control Application text The application according to Application Control
application_control_protochain Application Control Protochain text The protochain according to Application Control
application_control_category Application Control Category text The category according to Application Control
application_control_blocked Application Control Blocked boolean True if Application Control blocked the session
application_control_flagged Application Control Flagged boolean True if Application Control flagged the session
application_control_confidence Application Control Confidence integer True if Application Control confidence of this session's identification
application_control_ruleid Application Control Rule ID integer The matching rule in Application Control (if any)
application_control_detail Application Control Detail text The text detail from the Application Control engine
bandwidth_control_priority Bandwidth Control Priority integer The priority given to this session
bandwidth_control_rule Bandwidth Control Rule ID integer The matching rule in Bandwidth Control rule (if any)
ssl_inspector_ruleid SSL Inspector Rule ID integer The matching rule in SSL Inspector rule (if any)
ssl_inspector_status SSL Inspector Status text The status/action of the SSL session (INSPECTED,IGNORED,BLOCKED,UNTRUSTED,ABANDONED)
ssl_inspector_detail SSL Inspector Detail text Additional text detail about the SSL connection (SNI, IP Address)
tags Tags text The tags on this session

()

session_minutes


Column Name Human Name Type Description
session_id Session ID bigint The session
time_stamp Timestamp timestamp without time zone The time of the event
c2s_bytes From-Client Bytes bigint The number of bytes the client sent
s2c_bytes From-Server Bytes bigint The number of bytes the server sent
start_time Start Time timestamp without time zone The start time of the session
end_time End Time timestamp without time zone The time the session ended
bypassed Bypassed boolean True if the session was bypassed, false otherwise
entitled Entitled boolean True if the session is entitled to premium functionality
protocol Protocol smallint The IP protocol of session
icmp_type ICMP Type smallint The ICMP type of session if ICMP
hostname Hostname text The hostname of the local address
username Username text The username associated with this session
policy_id Policy ID smallint The policy
policy_rule_id Policy Rule ID smallint The ID of the matching policy rule (0 means none)
local_addr Local Address inet The IP address of the local participant
remote_addr Remote Address inet The IP address of the remote participant
c_client_addr Client-side Client Address inet The client-side client IP address
c_server_addr Client-side Server Address inet The client-side server IP address
c_server_port Client-side Server Port integer The client-side server port
c_client_port Client-side Client Port integer The client-side client port
s_client_addr Server-side Client Address inet The server-side client IP address
s_server_addr Server-side Server Address inet The server-side server IP address
s_server_port Server-side Server Port integer The server-side server port
s_client_port Server-side Client Port integer The server-side client port
client_intf Client Interface smallint The client interface
server_intf Server Interface smallint The server interface
client_country Client Country text The client Country
client_latitude Client Latitude real The client Latitude
client_longitude Client Longitude real The client Longitude
server_country Server Country text The server Country
server_latitude Server Latitude real The server Latitude
server_longitude Server Longitude real The server Longitude
filter_prefix Filter Block text The network filter that blocked the connection (filter,shield,invalid)
firewall_blocked Firewall Blocked boolean True if Firewall blocked the session, false otherwise
firewall_flagged Firewall Flagged boolean True if Firewall flagged the session, false otherwise
firewall_rule_index Firewall Rule ID integer The matching rule in Firewall (if any)
threat_prevention_blocked Threat Prevention Blocked boolean If Threat Prevention blocked
threat_prevention_flagged Threat Prevention Flagged boolean If Threat Prevention flagged
threat_prevention_reason Threat Prevention Reason character(1) Threat Prevention reason
threat_prevention_rule_id Threat Prevention Rule Id integer Numeric rule id of Threat Prevention
threat_prevention_client_reputation Threat Prevention Client Reputation smallint Numeric client reputation of Threat Prevention
threat_prevention_client_categories Threat Prevention Client Categories integer Bitmask client categories of Threat Prevention
threat_prevention_server_reputation Threat Prevention Server Reputation smallint Numeric server reputation of Threat Prevention
threat_prevention_server_categories Threat Prevention Server Categories integer Bitmask server categories of Threat Prevention
application_control_lite_protocol Application Control Lite Protocol text The application protocol according to Application Control Lite
application_control_lite_blocked Application Control Lite Blocked boolean True if Application Control Lite blocked the session
captive_portal_blocked Captive Portal Blocked boolean True if Captive Portal blocked the session
captive_portal_rule_index Captive Portal Rule ID integer The matching rule in Captive Portal (if any)
application_control_application Application Control Application text The application according to Application Control
application_control_protochain Application Control Protochain text The protochain according to Application Control
application_control_category Application Control Category text The category according to Application Control
application_control_blocked Application Control Blocked boolean True if Application Control blocked the session
application_control_flagged Application Control Flagged boolean True if Application Control flagged the session
application_control_confidence Application Control Confidence integer True if Application Control confidence of this session's identification
application_control_ruleid Application Control Rule ID integer The matching rule in Application Control (if any)
application_control_detail Application Control Detail text The text detail from the Application Control engine
bandwidth_control_priority Bandwidth Control Priority integer The priority given to this session
bandwidth_control_rule Bandwidth Control Rule ID integer The matching rule in Bandwidth Control rule (if any)
ssl_inspector_ruleid SSL Inspector Rule ID integer The matching rule in SSL Inspector rule (if any)
ssl_inspector_status SSL Inspector Status text The status/action of the SSL session (INSPECTED,IGNORED,BLOCKED,UNTRUSTED,ABANDONED)
ssl_inspector_detail SSL Inspector Detail text Additional text detail about the SSL connection (SNI, IP Address)
tags Tags text The tags on this session

()

quotas


Column Name Human Name Type Description
time_stamp Timestamp timestamp without time zone The time of the event
entity Entity text The IP entity given the quota (address/username)
action Action integer The action (1=Quota Given, 2=Quota Exceeded)
size Size bigint The size of the quota
reason Reason text The reason for the action

()

host_table_updates


Column Name Human Name Type Description
address Address inet The IP address of the host
key Key text The key being updated
value Value text The new value for the key
old_value Old Value text The old value for the key
time_stamp Timestamp timestamp without time zone The time of the event

()

device_table_updates


Column Name Human Name Type Description
mac_address MAC Address text The MAC address of the device
key Key text The key being updated
value Value text The new value for the key
old_value Old Value text The old value for the key
time_stamp Timestamp timestamp without time zone The time of the event

()

user_table_updates


Column Name Human Name Type Description
username Username text The username
key Key text The key being updated
value Value text The new value for the key
old_value Old Value text The old value for the key
time_stamp Timestamp timestamp without time zone The time of the event

()

alerts


Column Name Human Name Type Description
time_stamp Timestamp timestamp without time zone The time of the event
description Text detail of the event text The description from the alert rule.
summary_text Summary Text text The summary text of the alert
json JSON Text text The summary JSON representation of the event causing the alert

()

settings_changes


Column Name Human Name Type Description
time_stamp Timestamp timestamp without time zone The time of the event
settings_file Settings File text The name of the file changed
username Username text The username logged in at the time of the change
hostname Hostname text The remote hostname

()

web_cache_stats


Column Name Human Name Type Description
time_stamp Timestamp timestamp without time zone The time of the event
hits Hits bigint The number of cache hits during this time frame
misses Misses bigint The number of cache misses during this time frame
bypasses Bypasses bigint The number of cache user bypasses during this time frame
systems System bypasses bigint The number of cache system bypasses during this time frame
hit_bytes Hit Bytes bigint The number of bytes saved from cache hits
miss_bytes Miss Bytes bigint The number of bytes not saved from cache misses
event_id Event ID bigint The unique event ID

()

server_events


Column Name Human Name Type Description
time_stamp Timestamp timestamp without time zone The time of the event
load_1 CPU load (1-min) numeric(6,2) The 1-minute CPU load
load_5 CPU load (5-min) numeric(6,2) The 5-minute CPU load
load_15 CPU load (15-min) numeric(6,2) The 15-minute CPU load
cpu_user CPU User Utilization numeric(6,3) The user CPU percent utilization
cpu_system CPU System Utilization numeric(6,3) The system CPU percent utilization
mem_total Total Memory bigint The total bytes of memory
mem_free Memory Free bigint The number of free bytes of memory
disk_total Disk Size bigint The total disk size in bytes
disk_free Disk Free bigint The free disk space in bytes
swap_total Swap Size bigint The total swap size in bytes
swap_free Swap Free bigint The free disk swap in bytes
active_hosts Active Hosts integer The number of active hosts

()

interface_stat_events


Column Name Human Name Type Description
time_stamp Timestamp timestamp without time zone The time of the event
interface_id Interface ID integer The interface ID
rx_rate Rx Rate double precision The RX rate (bytes/s)
rx_bytes Bytes Received bigint The number of bytes received from the client in this connection
tx_rate Tx Rate double precision The TX rate (bytes/s)
tx_bytes Bytes Sent bigint The number of bytes sent to the client in this connection

()

mail_msgs


Column Name Human Name Type Description
time_stamp Timestamp timestamp without time zone The time of the event
session_id Session ID bigint The session
client_intf Client Interface smallint The client interface
server_intf Server Interface smallint The server interface
c_client_addr Client-side Client Address inet The client-side client IP address
s_client_addr Server-side Client Address inet The server-side client IP address
c_server_addr Client-side Server Address inet The client-side server IP address
s_server_addr Server-side Server Address inet The server-side server IP address
c_client_port Client-side Client Port integer The client-side client port
s_client_port Server-side Client Port integer The server-side client port
c_server_port Client-side Server Port integer The client-side server port
s_server_port Server-side Server Port integer The server-side server port
policy_id Policy ID bigint The policy
username Username text The username associated with this session
msg_id Message ID bigint The message ID
subject Subject text The email subject
hostname Hostname text The hostname of the local address
event_id Event ID bigint The unique event ID
sender Sender text The address of the sender
receiver Receiver text The address of the receiver
virus_blocker_lite_clean Virus Blocker Lite Clean boolean The cleanliness of the file according to Virus Blocker Lite
virus_blocker_lite_name Virus Blocker Lite Name text The name of the malware according to Virus Blocker Lite
virus_blocker_clean Virus Blocker Clean boolean The cleanliness of the file according to Virus Blocker
virus_blocker_name Virus Blocker Name text The name of the malware according to Virus Blocker
spam_blocker_lite_score Spam Blocker Lite Score real The score of the email according to Spam Blocker Lite
spam_blocker_lite_is_spam Spam Blocker Lite Spam boolean The spam status of the email according to Spam Blocker Lite
spam_blocker_lite_tests_string Spam Blocker Lite Tests text The tess results for Spam Blocker Lite
spam_blocker_lite_action Spam Blocker Lite Action character(1) The action taken by Spam Blocker Lite
spam_blocker_score Spam Blocker Score real The score of the email according to Spam Blocker
spam_blocker_is_spam Spam Blocker Spam boolean The spam status of the email according to Spam Blocker
spam_blocker_tests_string Spam Blocker Tests text The tess results for Spam Blocker
spam_blocker_action Spam Blocker Action character(1) The action taken by Spam Blocker
phish_blocker_score Phish Blocker Score real The score of the email according to Phish Blocker
phish_blocker_is_spam Phish Blocker Phish boolean The phish status of the email according to Phish Blocker
phish_blocker_tests_string Phish Blocker Tests text The tess results for Phish Blocker
phish_blocker_action Phish Blocker Action character(1) The action taken by Phish Blocker

()

mail_addrs


Column Name Human Name Type Description
time_stamp Timestamp timestamp without time zone The time of the event
session_id Session ID bigint The session
client_intf Client Interface smallint The client interface
server_intf Server Interface smallint The server interface
c_client_addr Client-side Client Address inet The client-side client IP address
s_client_addr Server-side Client Address inet The server-side client IP address
c_server_addr Client-side Server Address inet The client-side server IP address
s_server_addr Server-side Server Address inet The server-side server IP address
c_client_port Client-side Client Port integer The client-side client port
s_client_port Server-side Client Port integer The server-side client port
c_server_port Client-side Server Port integer The client-side server port
s_server_port Server-side Server Port integer The server-side server port
policy_id Policy ID bigint The policy
username Username text The username associated with this session
msg_id Message ID bigint The message ID
subject Subject text The email subject
addr Address text The address of this event
addr_name Address Name text The name for this address
addr_kind Address Kind character(1) The type for this address (F=From, T=To, C=CC, G=Envelope From, B=Envelope To, X=Unknown)
hostname Hostname text The hostname of the local address
event_id Event ID bigint The unique event ID
sender Sender text The address of the sender
virus_blocker_lite_clean Virus Blocker Lite Clean boolean The cleanliness of the file according to Virus Blocker Lite
virus_blocker_lite_name Virus Blocker Lite Name text The name of the malware according to Virus Blocker Lite
virus_blocker_clean Virus Blocker Clean boolean The cleanliness of the file according to Virus Blocker
virus_blocker_name Virus Blocker Name text The name of the malware according to Virus Blocker
spam_blocker_lite_score Spam Blocker Lite Score real The score of the email according to Spam Blocker Lite
spam_blocker_lite_is_spam Spam Blocker Lite Spam boolean The spam status of the email according to Spam Blocker Lite
spam_blocker_lite_action Spam Blocker Lite Action character(1) The action taken by Spam Blocker Lite
spam_blocker_lite_tests_string Spam Blocker Lite Tests text The tess results for Spam Blocker Lite
spam_blocker_score Spam Blocker Score real The score of the email according to Spam Blocker
spam_blocker_is_spam Spam Blocker Spam boolean The spam status of the email according to Spam Blocker
spam_blocker_action Spam Blocker Action character(1) The action taken by Spam Blocker
spam_blocker_tests_string Spam Blocker Tests text The tess results for Spam Blocker
phish_blocker_score Phish Blocker Score real The score of the email according to Phish Blocker
phish_blocker_is_spam Phish Blocker Phish boolean The phish status of the email according to Phish Blocker
phish_blocker_tests_string Phish Blocker Tests text The tess results for Phish Blocker
phish_blocker_action Phish Blocker Action character(1) The action taken by Phish Blocker

()

ftp_events


Column Name Human Name Type Description
event_id Event ID bigint The unique event ID
time_stamp Timestamp timestamp without time zone The time of the event
session_id Session ID bigint The session
client_intf Client Interface smallint The client interface
server_intf Server Interface smallint The server interface
c_client_addr Client-side Client Address inet The client-side client IP address
s_client_addr Server-side Client Address inet The server-side client IP address
c_server_addr Client-side Server Address inet The client-side server IP address
s_server_addr Server-side Server Address inet The server-side server IP address
policy_id Policy ID bigint The policy
username Username text The username associated with this session
hostname Hostname text The hostname of the local address
request_id Request ID bigint The FTP request ID
method Method character(1) The FTP method
uri URI text The FTP URI
virus_blocker_lite_clean Virus Blocker Lite Clean boolean The cleanliness of the file according to Virus Blocker Lite
virus_blocker_lite_name Virus Blocker Lite Name text The name of the malware according to Virus Blocker Lite
virus_blocker_clean Virus Blocker Clean boolean The cleanliness of the file according to Virus Blocker
virus_blocker_name Virus Blocker Name text The name of the malware according to Virus Blocker

()

tunnel_vpn_events


Column Name Human Name Type Description
event_id Event ID bigint The unique event ID
time_stamp Timestamp timestamp without time zone The time of the event
tunnel_name Tunnel Name text The name the tunnel
server_address Server IP Address text The address of the remote server
local_address Local Address text The local address assigned the client
event_type Event Type text The type of the event (CONNECT,DISCONNECT)

()

tunnel_vpn_stats


Column Name Human Name Type Description
time_stamp Timestamp timestamp without time zone The time of the event
tunnel_name Tunnel Name text The name of the Tunnel VPN tunnel
in_bytes In Bytes bigint The number of bytes received during this time frame
out_bytes Out Bytes bigint The number of bytes transmitted during this time frame
event_id Event ID bigint The unique event ID

()

wan_failover_test_events


Column Name Human Name Type Description
time_stamp Timestamp timestamp without time zone The time of the event
interface_id Interface ID integer This interface ID
name Interface Name text This name of the interface
description Text detail of the event text The description from the test rule
success Success boolean The result of the test (true if the test succeeded, false otherwise)
event_id Event ID bigint The unique event ID

()

wan_failover_action_events


Column Name Human Name Type Description
time_stamp Timestamp timestamp without time zone The time of the event
interface_id Interface ID integer This interface ID
action Action text This action (CONNECTED,DISCONNECTED)
os_name Interface O/S Name text This O/S name of the interface
name Interface Name text This name of the interface
event_id Event ID bigint The unique event ID

()

directory_connector_login_events


Column Name Human Name Type Description
time_stamp Timestamp timestamp without time zone The time of the event
login_name Login Name text The login name
domain Domain text The AD domain
type Type text The type of event (I=Login,U=Update,O=Logout)
client_addr Client Address inet The client IP address
login_type Login Type text The login type

()

captive_portal_user_events


Column Name Human Name Type Description
time_stamp Timestamp timestamp without time zone The time of the event
policy_id Policy ID bigint The policy
event_id Event ID bigint The unique event ID
login_name Login Name text The login username
event_info Event Type text The type of event (LOGIN, FAILED, TIMEOUT, INACTIVE, USER_LOGOUT, ADMIN_LOGOUT)
auth_type Authorization Type text The authorization type for this event
client_addr Client Address text The remote IP address of the client

()

openvpn_stats


Column Name Human Name Type Description
time_stamp Timestamp timestamp without time zone The time of the event
start_time Start Time timestamp without time zone The time the OpenVPN session started
end_time End Time timestamp without time zone The time the OpenVPN session ended
rx_bytes Bytes Received bigint The total bytes received from the client during this session
tx_bytes Bytes Sent bigint The total bytes sent to the client during this session
remote_address Remote Address inet The remote IP address of the client
pool_address Pool Address inet The pool IP address of the client
remote_port Remote Port integer The remote port of the client
client_name Client Name text The name of the client
event_id Event ID bigint The unique event ID

()

openvpn_events


Column Name Human Name Type Description
time_stamp Timestamp timestamp without time zone The time of the event
remote_address Remote Address inet The remote IP address of the client
pool_address Pool Address inet The pool IP address of the client
client_name Client Name text The name of the client
type Type text The type of the event (CONNECT,DISCONNECT)

()