Difference between revisions of "Database Schema"
From Edge Threat Management Wiki - Arista
Bcarmichael (talk | contribs) (→http_events) |
|||
Line 1: | Line 1: | ||
= Database Tables = | = Database Tables = | ||
− | == | + | == configuration_backup_events == |
− | <section begin=' | + | <section begin='configuration_backup_events' /> |
{| border="1" cellpadding="2" width="90%%" align="center" | {| border="1" cellpadding="2" width="90%%" align="center" | ||
Line 15: | Line 15: | ||
|The time of the event | |The time of the event | ||
|- | |- | ||
− | | | + | |success |
− | | | + | |Success |
+ | |boolean | ||
+ | |The result of the backup (true if the backup succeeded, false otherwise) | ||
+ | |- | ||
+ | |description | ||
+ | |Text detail of the event | ||
|text | |text | ||
− | | | + | |Text detail of the event |
|- | |- | ||
− | | | + | |destination |
− | | | + | |Destination |
− | | | + | |text |
− | | | + | |The location of the backup |
|- | |- | ||
− | | | + | |event_id |
− | | | + | |Event ID |
− | | | + | |bigint |
− | |The | + | |The unique event ID |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
|- | |- | ||
|} | |} | ||
− | <section end=' | + | <section end='configuration_backup_events' /> |
+ | () | ||
− | + | == http_events == | |
− | == | + | <section begin='http_events' /> |
− | <section begin=' | ||
{| border="1" cellpadding="2" width="90%%" align="center" | {| border="1" cellpadding="2" width="90%%" align="center" | ||
Line 53: | Line 48: | ||
!Description | !Description | ||
|- | |- | ||
− | | | + | |request_id |
− | | | + | |Request ID |
|bigint | |bigint | ||
− | |The | + | |The HTTP request ID |
|- | |- | ||
|time_stamp | |time_stamp | ||
Line 63: | Line 58: | ||
|The time of the event | |The time of the event | ||
|- | |- | ||
− | | | + | |session_id |
− | | | + | |Session ID |
− | | | + | |bigint |
− | |The | + | |The session |
|- | |- | ||
− | | | + | |client_intf |
− | | | + | |Client Interface |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
|smallint | |smallint | ||
− | |The | + | |The client interface |
|- | |- | ||
− | | | + | |server_intf |
− | | | + | |Server Interface |
|smallint | |smallint | ||
− | |The | + | |The server interface |
|- | |- | ||
− | | | + | |c_client_addr |
− | | | + | |Client-side Client Address |
− | | | + | |inet |
− | |The | + | |The client-side client IP address |
|- | |- | ||
− | | | + | |s_client_addr |
− | | | + | |Server-side Client Address |
− | + | |inet | |
− | + | |The server-side client IP address | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |inet | ||
− | |The | ||
|- | |- | ||
|c_server_addr | |c_server_addr | ||
Line 118: | Line 88: | ||
|The client-side server IP address | |The client-side server IP address | ||
|- | |- | ||
− | | | + | |s_server_addr |
− | | | + | |Server-side Server Address |
− | | | + | |inet |
− | |The | + | |The server-side server IP address |
|- | |- | ||
|c_client_port | |c_client_port | ||
Line 128: | Line 98: | ||
|The client-side client port | |The client-side client port | ||
|- | |- | ||
− | | | + | |s_client_port |
− | |Server-side Client | + | |Server-side Client Port |
− | | | + | |integer |
− | |The server-side client | + | |The server-side client port |
|- | |- | ||
− | | | + | |c_server_port |
− | | | + | |Client-side Server Port |
− | | | + | |integer |
− | |The | + | |The client-side server port |
|- | |- | ||
|s_server_port | |s_server_port | ||
Line 142: | Line 112: | ||
|integer | |integer | ||
|The server-side server port | |The server-side server port | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
|- | |- | ||
|client_country | |client_country | ||
Line 188: | Line 143: | ||
|The server Longitude | |The server Longitude | ||
|- | |- | ||
− | | | + | |policy_id |
− | | | + | |Policy ID |
− | | | + | |smallint |
− | |The | + | |The policy |
|- | |- | ||
− | | | + | |username |
− | | | + | |Username |
− | | | + | |text |
− | |The | + | |The username associated with this session |
|- | |- | ||
− | | | + | |hostname |
− | | | + | |Hostname |
− | | | + | |text |
− | |The | + | |The hostname of the local address |
|- | |- | ||
− | | | + | |method |
− | | | + | |Method |
− | | | + | |character(1) |
− | |The | + | |The HTTP method |
|- | |- | ||
− | | | + | |uri |
− | | | + | |URI |
|text | |text | ||
− | |The | + | |The HTTP URI |
|- | |- | ||
− | | | + | |host |
− | | | + | |Host |
− | | | + | |text |
− | | | + | |The HTTP host |
|- | |- | ||
− | | | + | |domain |
− | | | + | |Domain |
− | | | + | |text |
− | | | + | |The HTTP domain (shortened host) |
|- | |- | ||
− | | | + | |referer |
− | | | + | |Referer |
− | | | + | |text |
− | |The | + | |The Referer URL |
|- | |- | ||
− | | | + | |c2s_content_length |
− | | | + | |Client-to-server Content Length |
− | | | + | |bigint |
− | | | + | |The client-to-server content length |
|- | |- | ||
− | | | + | |s2c_content_length |
− | | | + | |Server-to-client Content Length |
− | | | + | |bigint |
− | | | + | |The server-to-client content length |
|- | |- | ||
− | | | + | |s2c_content_type |
− | | | + | |Server-to-client Content Type |
− | | | + | |text |
− | | | + | |The server-to-client content type |
+ | |- | ||
+ | |s2c_content_filename | ||
+ | |Server-to-client Content Disposition Filename | ||
+ | |text | ||
+ | |The server-to-client content disposition filename | ||
+ | |- | ||
+ | |ad_blocker_cookie_ident | ||
+ | |Ad Blocker Cookie | ||
+ | |text | ||
+ | |This name of cookie blocked by Ad Blocker | ||
+ | |- | ||
+ | |ad_blocker_action | ||
+ | |Ad Blocker Action | ||
+ | |character(1) | ||
+ | |This action of Ad Blocker on this request | ||
|- | |- | ||
− | | | + | |web_filter_reason |
− | | | + | |Web Filter Reason |
− | | | + | |character(1) |
− | | | + | |This reason Web Filter blocked/flagged this request |
|- | |- | ||
− | | | + | |web_filter_category_id |
− | | | + | |Web Filter Category Id |
|smallint | |smallint | ||
− | | | + | |This numeric category according to Web Filter |
− | |||
− | |||
− | |||
− | |||
− | |||
|- | |- | ||
− | | | + | |web_filter_rule_id |
− | | | + | |Web Filter Rule Id |
|smallint | |smallint | ||
− | | | + | |This numeric rule according to Web Filter |
|- | |- | ||
− | | | + | |web_filter_blocked |
− | | | + | |Web Filter Blocked |
− | | | + | |boolean |
− | | | + | |If Web Filter blocked this request |
|- | |- | ||
− | | | + | |web_filter_flagged |
− | | | + | |Web Filter Flagged |
− | |||
− | |||
− | |||
− | |||
− | |||
|boolean | |boolean | ||
− | | | + | |If Web Filter flagged this request |
|- | |- | ||
− | | | + | |virus_blocker_lite_clean |
− | | | + | |Virus Blocker Lite Clean |
|boolean | |boolean | ||
− | | | + | |The cleanliness of the file according to Virus Blocker Lite |
|- | |- | ||
− | | | + | |virus_blocker_lite_name |
− | | | + | |Virus Blocker Lite Name |
− | | | + | |text |
− | |The | + | |The name of the malware according to Virus Blocker Lite |
|- | |- | ||
− | | | + | |virus_blocker_clean |
− | | | + | |Virus Blocker Clean |
− | | | + | |boolean |
− | |The | + | |The cleanliness of the file according to Virus Blocker |
|- | |- | ||
− | | | + | |virus_blocker_name |
− | | | + | |Virus Blocker Name |
|text | |text | ||
− | |The | + | |The name of the malware according to Virus Blocker |
|- | |- | ||
− | | | + | |threat_prevention_blocked |
− | | | + | |Threat Prevention Blocked |
− | |||
− | |||
− | |||
− | |||
− | |||
|boolean | |boolean | ||
− | | | + | |If Threat Prevention blocked this request |
|- | |- | ||
− | | | + | |threat_prevention_flagged |
− | | | + | |Threat Prevention Flagged |
|boolean | |boolean | ||
− | | | + | |If Threat Prevention flagged this request |
|- | |- | ||
− | | | + | |threat_prevention_rule_id |
− | | | + | |Threat Prevention Rule Id |
|integer | |integer | ||
− | | | + | |This numeric rule according to Threat Prevention |
|- | |- | ||
− | | | + | |threat_prevention_reputation |
− | | | + | |Threat Prevention Reputation |
+ | |smallint | ||
+ | |This numeric threat reputation | ||
+ | |- | ||
+ | |threat_prevention_categories | ||
+ | |Threat Prevention Categories | ||
|integer | |integer | ||
− | | | + | |This bitmask of threat categories |
|- | |- | ||
− | | | + | |} |
− | | | + | <section end='http_events' /> |
− | + | () | |
− | + | ||
+ | == intrusion_prevention_events == | ||
+ | <section begin='intrusion_prevention_events' /> | ||
+ | |||
+ | {| border="1" cellpadding="2" width="90%%" align="center" | ||
+ | !Column Name | ||
+ | !Human Name | ||
+ | !Type | ||
+ | !Description | ||
|- | |- | ||
− | | | + | |time_stamp |
− | | | + | |Timestamp |
− | | | + | |timestamp without time zone |
− | |The | + | |The time of the event |
|- | |- | ||
− | | | + | |sig_id |
− | | | + | |Signature ID |
− | | | + | |bigint |
− | | | + | |This ID of the rule |
|- | |- | ||
− | | | + | |gen_id |
− | | | + | |Grouping ID |
− | | | + | |bigint |
− | |The | + | |The grouping ID for the rule, The gen_id + sig_id specify the rule's unique identifier |
|- | |- | ||
− | | | + | |class_id |
− | | | + | |Classtype ID |
− | | | + | |bigint |
− | |The | + | |The numeric ID for the classtype |
|- | |- | ||
− | | | + | |source_addr |
− | | | + | |Source Address |
− | | | + | |inet |
− | | | + | |The source IP address of the packet |
|- | |- | ||
− | | | + | |source_port |
− | | | + | |Source Port |
+ | |integer | ||
+ | |The source port of the packet (if applicable) | ||
+ | |- | ||
+ | |dest_addr | ||
+ | |Destination Address | ||
|inet | |inet | ||
− | |The IP address of the | + | |The destination IP address of the packet |
+ | |- | ||
+ | |dest_port | ||
+ | |Destination Port | ||
+ | |integer | ||
+ | |The destination port of the packet (if applicable) | ||
+ | |- | ||
+ | |protocol | ||
+ | |Protocol | ||
+ | |integer | ||
+ | |The protocol of the packet | ||
|- | |- | ||
− | | | + | |blocked |
− | | | + | |Blocked |
− | | | + | |boolean |
− | | | + | |If the packet was blocked/dropped |
|- | |- | ||
− | | | + | |category |
− | | | + | |Category |
|text | |text | ||
− | |The | + | |The application specific grouping for the signature |
+ | |- | ||
+ | |classtype | ||
+ | |Classtype | ||
+ | |text | ||
+ | |The generalized threat signature grouping (unrelated to gen_id) | ||
+ | |- | ||
+ | |msg | ||
+ | |Message | ||
+ | |text | ||
+ | |The "title" or "description" of the signature | ||
+ | |- | ||
+ | |rid | ||
+ | |Rule ID | ||
+ | |text | ||
+ | |The rule id | ||
+ | |- | ||
+ | |rule_id | ||
+ | |Rule ID | ||
+ | |text | ||
+ | |The rule id | ||
|- | |- | ||
|} | |} | ||
− | <section end=' | + | <section end='intrusion_prevention_events' /> |
+ | () | ||
− | == | + | == smtp_tarpit_events == |
− | <section begin=' | + | <section begin='smtp_tarpit_events' /> |
{| border="1" cellpadding="2" width="90%%" align="center" | {| border="1" cellpadding="2" width="90%%" align="center" | ||
Line 379: | Line 383: | ||
!Type | !Type | ||
!Description | !Description | ||
− | |||
− | |||
− | |||
− | |||
− | |||
|- | |- | ||
|time_stamp | |time_stamp | ||
Line 390: | Line 389: | ||
|The time of the event | |The time of the event | ||
|- | |- | ||
− | | | + | |ipaddr |
− | | | + | |Client Address |
− | | | + | |inet |
− | |The | + | |The client IP address |
|- | |- | ||
− | | | + | |hostname |
− | | | + | |Hostname |
+ | |text | ||
+ | |The hostname of the local address | ||
+ | |- | ||
+ | |policy_id | ||
+ | |Policy ID | ||
|bigint | |bigint | ||
− | |The | + | |The policy |
|- | |- | ||
− | | | + | |vendor_name |
− | | | + | |Vendor Name |
− | | | + | |character varying(255) |
− | |The | + | |The "vendor name" of the app that logged the event |
|- | |- | ||
− | | | + | |event_id |
− | | | + | |Event ID |
− | | | + | |bigint |
− | |The | + | |The unique event ID |
|- | |- | ||
− | | | + | |} |
− | | | + | <section end='smtp_tarpit_events' /> |
− | + | () | |
− | + | ||
+ | == ipsec_user_events == | ||
+ | <section begin='ipsec_user_events' /> | ||
+ | |||
+ | {| border="1" cellpadding="2" width="90%%" align="center" | ||
+ | !Column Name | ||
+ | !Human Name | ||
+ | !Type | ||
+ | !Description | ||
|- | |- | ||
− | | | + | |event_id |
− | | | + | |Event ID |
− | | | + | |bigint |
− | | | + | |The unique event ID |
|- | |- | ||
− | | | + | |time_stamp |
− | | | + | |Timestamp |
− | | | + | |timestamp without time zone |
− | |The | + | |The time of the event |
|- | |- | ||
− | | | + | |connect_stamp |
− | | | + | |Connect Time |
− | | | + | |timestamp without time zone |
− | |The | + | |The time the connection started |
|- | |- | ||
− | | | + | |goodbye_stamp |
− | | | + | |End Time |
+ | |timestamp without time zone | ||
+ | |The time the connection ended | ||
+ | |- | ||
+ | |client_address | ||
+ | |Client Address | ||
|text | |text | ||
− | |The | + | |The remote IP address of the client |
|- | |- | ||
− | | | + | |client_protocol |
− | | | + | |Client Protocol |
|text | |text | ||
− | |The | + | |The protocol the client used to connect |
|- | |- | ||
− | | | + | |client_username |
− | | | + | |Client Username |
− | | | + | |text |
− | |The | + | |The username of the client |
|- | |- | ||
− | | | + | |net_process |
− | | | + | |Net Process |
− | | | + | |text |
− | |The | + | |The PID of the PPP process for L2TP connections or the connection ID for Xauth connections |
|- | |- | ||
− | | | + | |net_interface |
− | | | + | |Net Interface |
− | | | + | |text |
− | |The client | + | |The PPP interface for L2TP connections or the client interface for Xauth connections |
|- | |- | ||
− | | | + | |elapsed_time |
− | | | + | |Elapsed Time |
− | | | + | |text |
− | |The client | + | |The total time the client was connected |
|- | |- | ||
− | | | + | |rx_bytes |
− | | | + | |Bytes Received |
− | | | + | |bigint |
− | |The client | + | |The number of bytes received from the client in this connection |
|- | |- | ||
− | | | + | |tx_bytes |
− | | | + | |Bytes Sent |
− | | | + | |bigint |
− | |The client | + | |The number of bytes sent to the client in this connection |
|- | |- | ||
− | | | + | |} |
− | | | + | <section end='ipsec_user_events' /> |
− | + | () | |
− | + | ||
+ | == ipsec_vpn_events == | ||
+ | <section begin='ipsec_vpn_events' /> | ||
+ | |||
+ | {| border="1" cellpadding="2" width="90%%" align="center" | ||
+ | !Column Name | ||
+ | !Human Name | ||
+ | !Type | ||
+ | !Description | ||
|- | |- | ||
− | | | + | |event_id |
− | | | + | |Event ID |
− | | | + | |bigint |
− | |The | + | |The unique event ID |
|- | |- | ||
− | | | + | |time_stamp |
− | | | + | |Timestamp |
− | | | + | |timestamp without time zone |
− | |The | + | |The time of the event |
|- | |- | ||
− | | | + | |local_address |
− | | | + | |Local Address |
− | | | + | |text |
− | |The | + | |The local address of the tunnel |
|- | |- | ||
− | | | + | |remote_address |
− | | | + | |Remote Address |
− | | | + | |text |
− | |The | + | |The remote address of the tunnel |
|- | |- | ||
− | | | + | |tunnel_description |
− | | | + | |Tunnel Description |
− | |||
− | |||
− | |||
− | |||
− | |||
|text | |text | ||
− | |The | + | |The description of the tunnel |
|- | |- | ||
− | | | + | |event_type |
− | | | + | |Event Type |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
|text | |text | ||
− | |The | + | |The type of the event (CONNECT,DISCONNECT) |
|- | |- | ||
− | | | + | |} |
− | | | + | <section end='ipsec_vpn_events' /> |
− | + | () | |
− | + | ||
+ | == ipsec_tunnel_stats == | ||
+ | <section begin='ipsec_tunnel_stats' /> | ||
+ | |||
+ | {| border="1" cellpadding="2" width="90%%" align="center" | ||
+ | !Column Name | ||
+ | !Human Name | ||
+ | !Type | ||
+ | !Description | ||
|- | |- | ||
− | | | + | |time_stamp |
− | | | + | |Timestamp |
− | | | + | |timestamp without time zone |
− | |The | + | |The time of the event |
|- | |- | ||
− | | | + | |tunnel_name |
− | | | + | |Tunnel Name |
|text | |text | ||
− | |The | + | |The name of the IPsec tunnel |
|- | |- | ||
− | | | + | |in_bytes |
− | | | + | |In Bytes |
− | | | + | |bigint |
− | | | + | |The number of bytes received during this time frame |
|- | |- | ||
− | | | + | |out_bytes |
− | | | + | |Out Bytes |
− | | | + | |bigint |
− | | | + | |The number of bytes transmitted during this time frame |
|- | |- | ||
− | | | + | |event_id |
− | | | + | |Event ID |
− | | | + | |bigint |
− | |The | + | |The unique event ID |
|- | |- | ||
− | | | + | |} |
− | | | + | <section end='ipsec_tunnel_stats' /> |
− | + | () | |
− | + | ||
+ | == http_query_events == | ||
+ | <section begin='http_query_events' /> | ||
+ | |||
+ | {| border="1" cellpadding="2" width="90%%" align="center" | ||
+ | !Column Name | ||
+ | !Human Name | ||
+ | !Type | ||
+ | !Description | ||
|- | |- | ||
− | | | + | |event_id |
− | | | + | |Event ID |
− | | | + | |bigint |
− | | | + | |The unique event ID |
|- | |- | ||
− | | | + | |time_stamp |
− | | | + | |Timestamp |
− | | | + | |timestamp without time zone |
− | | | + | |The time of the event |
|- | |- | ||
− | | | + | |session_id |
− | | | + | |Session ID |
− | | | + | |bigint |
− | |The | + | |The session |
|- | |- | ||
− | | | + | |client_intf |
− | | | + | |Client Interface |
− | | | + | |smallint |
− | |The | + | |The client interface |
|- | |- | ||
− | | | + | |server_intf |
− | | | + | |Server Interface |
− | | | + | |smallint |
− | |The | + | |The server interface |
|- | |- | ||
− | | | + | |c_client_addr |
− | | | + | |Client-side Client Address |
− | | | + | |inet |
− | |The | + | |The client-side client IP address |
|- | |- | ||
− | | | + | |s_client_addr |
− | | | + | |Server-side Client Address |
− | | | + | |inet |
− | | | + | |The server-side client IP address |
|- | |- | ||
− | | | + | |c_server_addr |
− | | | + | |Client-side Server Address |
− | | | + | |inet |
− | | | + | |The client-side server IP address |
|- | |- | ||
− | | | + | |s_server_addr |
− | | | + | |Server-side Server Address |
− | | | + | |inet |
− | | | + | |The server-side server IP address |
|- | |- | ||
− | | | + | |c_client_port |
− | | | + | |Client-side Client Port |
|integer | |integer | ||
− | |The | + | |The client-side client port |
|- | |- | ||
− | | | + | |s_client_port |
− | + | |Server-side Client Port | |
− | |||
− | |||
− | |- | ||
− | |||
− | |||
|integer | |integer | ||
− | |The | + | |The server-side client port |
|- | |- | ||
− | | | + | |c_server_port |
− | | | + | |Client-side Server Port |
|integer | |integer | ||
− | |The | + | |The client-side server port |
|- | |- | ||
− | | | + | |s_server_port |
− | | | + | |Server-side Server Port |
|integer | |integer | ||
− | |The | + | |The server-side server port |
|- | |- | ||
− | | | + | |policy_id |
− | | | + | |Policy ID |
+ | |bigint | ||
+ | |The policy | ||
+ | |- | ||
+ | |username | ||
+ | |Username | ||
|text | |text | ||
− | |The | + | |The username associated with this session |
|- | |- | ||
− | | | + | |hostname |
− | | | + | |Hostname |
|text | |text | ||
− | | | + | |The hostname of the local address |
|- | |- | ||
− | | | + | |request_id |
− | | | + | |Request ID |
− | | | + | |bigint |
− | |The | + | |The HTTP request ID |
|- | |- | ||
− | | | + | |method |
− | | | + | |Method |
− | | | + | |character(1) |
− | |The | + | |The HTTP method |
|- | |- | ||
− | | | + | |uri |
− | | | + | |URI |
|text | |text | ||
− | |The | + | |The HTTP URI |
|- | |- | ||
− | | | + | |term |
− | + | |Search Term | |
− | + | |text | |
− | + | |The search term | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
|- | |- | ||
− | | | + | |host |
− | | | + | |Host |
− | | | + | |text |
− | |The | + | |The HTTP host |
|- | |- | ||
− | | | + | |c2s_content_length |
− | | | + | |Client-to-server Content Length |
− | | | + | |bigint |
− | |The | + | |The client-to-server content length |
|- | |- | ||
− | | | + | |s2c_content_length |
− | | | + | |Server-to-client Content Length |
|bigint | |bigint | ||
− | |The | + | |The server-to-client content length |
|- | |- | ||
− | | | + | |s2c_content_type |
− | | | + | |Server-to-client Content Type |
|text | |text | ||
− | |The | + | |The server-to-client content type |
+ | |- | ||
+ | |blocked | ||
+ | |Blocked | ||
+ | |boolean | ||
+ | |If Web Filter blocked this search term | ||
|- | |- | ||
− | | | + | |flagged |
− | | | + | |Flagged |
− | | | + | |boolean |
− | | | + | |If Web Filter flagged this search term |
|- | |- | ||
|} | |} | ||
− | <section end=' | + | <section end='http_query_events' /> |
+ | () | ||
− | + | == admin_logins == | |
− | == | + | <section begin='admin_logins' /> |
− | <section begin=' | ||
{| border="1" cellpadding="2" width="90%%" align="center" | {| border="1" cellpadding="2" width="90%%" align="center" | ||
Line 701: | Line 724: | ||
!Description | !Description | ||
|- | |- | ||
− | + | |time_stamp | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |time_stamp | ||
|Timestamp | |Timestamp | ||
|timestamp without time zone | |timestamp without time zone | ||
|The time of the event | |The time of the event | ||
|- | |- | ||
− | | | + | |login |
− | | | + | |Login |
|text | |text | ||
− | |The | + | |The login name |
+ | |- | ||
+ | |local | ||
+ | |Local | ||
+ | |boolean | ||
+ | |True if it is a login attempt through a local process | ||
|- | |- | ||
− | |} | + | |client_addr |
− | <section end=' | + | |Client Address |
− | + | |inet | |
− | + | |The client IP address | |
− | == | + | |- |
− | <section begin=' | + | |succeeded |
+ | |Succeeded | ||
+ | |boolean | ||
+ | |True if the login succeeded, false otherwise | ||
+ | |- | ||
+ | |reason | ||
+ | |Reason | ||
+ | |character(1) | ||
+ | |The reason for the login (if applicable) | ||
+ | |- | ||
+ | |} | ||
+ | <section end='admin_logins' /> | ||
+ | () | ||
+ | |||
+ | == sessions == | ||
+ | <section begin='sessions' /> | ||
{| border="1" cellpadding="2" width="90%%" align="center" | {| border="1" cellpadding="2" width="90%%" align="center" | ||
Line 739: | Line 767: | ||
!Description | !Description | ||
|- | |- | ||
− | | | + | |session_id |
− | | | + | |Session ID |
− | | | + | |bigint |
− | |The | + | |The session |
|- | |- | ||
− | | | + | |time_stamp |
− | | | + | |Timestamp |
− | | | + | |timestamp without time zone |
− | |The | + | |The time of the event |
|- | |- | ||
− | | | + | |end_time |
− | | | + | |End Time |
− | | | + | |timestamp without time zone |
− | |The | + | |The time the session ended |
|- | |- | ||
− | | | + | |bypassed |
− | | | + | |Bypassed |
− | | | + | |boolean |
− | | | + | |True if the session was bypassed, false otherwise |
|- | |- | ||
− | | | + | |entitled |
− | | | + | |Entitled |
− | | | + | |boolean |
− | | | + | |True if the session is entitled to premium functionality |
|- | |- | ||
− | | | + | |protocol |
− | + | |Protocol | |
− | + | |smallint | |
− | + | |The IP protocol of session | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
|- | |- | ||
− | | | + | |icmp_type |
− | | | + | |ICMP Type |
− | | | + | |smallint |
− | |The | + | |The ICMP type of session if ICMP |
|- | |- | ||
− | | | + | |hostname |
− | | | + | |Hostname |
|text | |text | ||
− | |The | + | |The hostname of the local address |
|- | |- | ||
− | | | + | |username |
− | | | + | |Username |
|text | |text | ||
− | |The | + | |The username associated with this session |
|- | |- | ||
− | | | + | |policy_id |
− | | | + | |Policy ID |
− | | | + | |smallint |
− | |The | + | |The policy |
|- | |- | ||
− | | | + | |policy_rule_id |
− | + | |Policy Rule ID | |
− | + | |smallint | |
− | + | |The ID of the matching policy rule (0 means none) | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
|- | |- | ||
− | | | + | |local_addr |
− | | | + | |Local Address |
− | | | + | |inet |
− | |The | + | |The IP address of the local participant |
|- | |- | ||
− | | | + | |remote_addr |
− | | | + | |Remote Address |
− | | | + | |inet |
− | |The | + | |The IP address of the remote participant |
+ | |- | ||
+ | |c_client_addr | ||
+ | |Client-side Client Address | ||
+ | |inet | ||
+ | |The client-side client IP address | ||
|- | |- | ||
− | | | + | |c_server_addr |
− | | | + | |Client-side Server Address |
− | | | + | |inet |
− | |The | + | |The client-side server IP address |
|- | |- | ||
− | | | + | |c_server_port |
− | | | + | |Client-side Server Port |
− | | | + | |integer |
− | |The | + | |The client-side server port |
|- | |- | ||
− | | | + | |c_client_port |
− | + | |Client-side Client Port | |
− | + | |integer | |
− | + | |The client-side client port | |
− | + | |- | |
− | + | |s_client_addr | |
− | + | |Server-side Client Address | |
− | + | |inet | |
− | + | |The server-side client IP address | |
− | |||
− | |||
− | |||
|- | |- | ||
− | | | + | |s_server_addr |
− | | | + | |Server-side Server Address |
− | | | + | |inet |
− | |The | + | |The server-side server IP address |
|- | |- | ||
− | | | + | |s_server_port |
− | | | + | |Server-side Server Port |
|integer | |integer | ||
− | | | + | |The server-side server port |
|- | |- | ||
− | | | + | |s_client_port |
− | | | + | |Server-side Client Port |
− | | | + | |integer |
− | | | + | |The server-side client port |
− | |- | + | |- |
− | | | + | |client_intf |
− | | | + | |Client Interface |
− | | | + | |smallint |
− | |The | + | |The client interface |
|- | |- | ||
− | | | + | |server_intf |
− | | | + | |Server Interface |
− | | | + | |smallint |
− | |The | + | |The server interface |
|- | |- | ||
− | | | + | |client_country |
− | | | + | |Client Country |
− | | | + | |text |
− | |The | + | |The client Country |
|- | |- | ||
− | | | + | |client_latitude |
− | + | |Client Latitude | |
− | + | |real | |
− | + | |The client Latitude | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
|- | |- | ||
− | | | + | |client_longitude |
− | | | + | |Client Longitude |
− | | | + | |real |
− | |The | + | |The client Longitude |
|- | |- | ||
− | | | + | |server_country |
− | | | + | |Server Country |
− | |||
− | |||
− | |||
− | |||
− | |||
|text | |text | ||
− | | | + | |The server Country |
|- | |- | ||
− | | | + | |server_latitude |
− | | | + | |Server Latitude |
− | | | + | |real |
− | | | + | |The server Latitude |
+ | |- | ||
+ | |server_longitude | ||
+ | |Server Longitude | ||
+ | |real | ||
+ | |The server Longitude | ||
|- | |- | ||
− | | | + | |c2p_bytes |
− | | | + | |From-Client Bytes |
− | | | + | |bigint |
− | | | + | |The number of bytes the client sent to Untangle (client-to-pipeline) |
|- | |- | ||
− | | | + | |p2c_bytes |
− | | | + | |To-Client Bytes |
|bigint | |bigint | ||
− | |The | + | |The number of bytes Untangle sent to client (pipeline-to-client) |
|- | |- | ||
− | | | + | |s2p_bytes |
− | + | |From-Server Bytes | |
− | + | |bigint | |
− | + | |The number of bytes the server sent to Untangle (client-to-pipeline) | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
|- | |- | ||
− | | | + | |p2s_bytes |
− | + | |To-Server Bytes | |
− | |||
− | |||
− | |- | ||
− | |||
− | |||
|bigint | |bigint | ||
− | |The | + | |The number of bytes Untangle sent to server (pipeline-to-client) |
|- | |- | ||
− | | | + | |filter_prefix |
− | | | + | |Filter Block |
− | | | + | |text |
− | |The | + | |The network filter that blocked the connection (filter,shield,invalid) |
|- | |- | ||
− | | | + | |firewall_blocked |
− | | | + | |Firewall Blocked |
− | | | + | |boolean |
− | | | + | |True if Firewall blocked the session, false otherwise |
|- | |- | ||
− | | | + | |firewall_flagged |
− | | | + | |Firewall Flagged |
− | | | + | |boolean |
− | | | + | |True if Firewall flagged the session, false otherwise |
|- | |- | ||
− | | | + | |firewall_rule_index |
− | | | + | |Firewall Rule ID |
− | | | + | |integer |
− | |The | + | |The matching rule in Firewall (if any) |
|- | |- | ||
− | | | + | |threat_prevention_blocked |
− | | | + | |Threat Prevention Blocked |
− | | | + | |boolean |
− | | | + | |If Threat Prevention blocked |
|- | |- | ||
− | | | + | |threat_prevention_flagged |
− | | | + | |Threat Prevention Flagged |
− | | | + | |boolean |
− | | | + | |If Threat Prevention flagged |
|- | |- | ||
− | | | + | |threat_prevention_reason |
− | | | + | |Threat Prevention Reason |
+ | |character(1) | ||
+ | |Threat Prevention reason | ||
+ | |- | ||
+ | |threat_prevention_rule_id | ||
+ | |Threat Prevention Rule Id | ||
|integer | |integer | ||
− | | | + | |Numeric rule id of Threat Prevention |
+ | |- | ||
+ | |threat_prevention_client_reputation | ||
+ | |Threat Prevention Client Reputation | ||
+ | |smallint | ||
+ | |Numeric client reputation of Threat Prevention | ||
|- | |- | ||
− | | | + | |threat_prevention_client_categories |
− | | | + | |Threat Prevention Client Categories |
|integer | |integer | ||
− | | | + | |Bitmask client categories of Threat Prevention |
|- | |- | ||
− | | | + | |threat_prevention_server_reputation |
− | | | + | |Threat Prevention Server Reputation |
− | | | + | |smallint |
− | | | + | |Numeric server reputation of Threat Prevention |
|- | |- | ||
− | | | + | |threat_prevention_server_categories |
− | |Server | + | |Threat Prevention Server Categories |
|integer | |integer | ||
− | | | + | |Bitmask server categories of Threat Prevention |
|- | |- | ||
− | | | + | |application_control_lite_protocol |
− | | | + | |Application Control Lite Protocol |
− | |||
− | |||
− | |||
− | |||
− | |||
|text | |text | ||
− | |The | + | |The application protocol according to Application Control Lite |
+ | |- | ||
+ | |application_control_lite_blocked | ||
+ | |Application Control Lite Blocked | ||
+ | |boolean | ||
+ | |True if Application Control Lite blocked the session | ||
|- | |- | ||
− | | | + | |captive_portal_blocked |
− | | | + | |Captive Portal Blocked |
− | | | + | |boolean |
− | | | + | |True if Captive Portal blocked the session |
|- | |- | ||
− | | | + | |captive_portal_rule_index |
− | | | + | |Captive Portal Rule ID |
− | | | + | |integer |
− | |The | + | |The matching rule in Captive Portal (if any) |
|- | |- | ||
− | | | + | |application_control_application |
− | | | + | |Application Control Application |
|text | |text | ||
− | |The | + | |The application according to Application Control |
|- | |- | ||
− | | | + | |application_control_protochain |
− | | | + | |Application Control Protochain |
− | |||
− | |||
− | |||
− | |||
− | |||
|text | |text | ||
− | |The | + | |The protochain according to Application Control |
|- | |- | ||
− | | | + | |application_control_category |
− | | | + | |Application Control Category |
|text | |text | ||
− | |The | + | |The category according to Application Control |
|- | |- | ||
− | | | + | |application_control_blocked |
− | | | + | |Application Control Blocked |
|boolean | |boolean | ||
− | | | + | |True if Application Control blocked the session |
|- | |- | ||
− | | | + | |application_control_flagged |
− | | | + | |Application Control Flagged |
− | |||
− | |||
− | |||
− | |||
− | |||
|boolean | |boolean | ||
− | | | + | |True if Application Control flagged the session |
|- | |- | ||
− | | | + | |application_control_confidence |
− | | | + | |Application Control Confidence |
− | | | + | |integer |
− | | | + | |True if Application Control confidence of this session's identification |
|- | |- | ||
− | | | + | |application_control_ruleid |
− | | | + | |Application Control Rule ID |
− | | | + | |integer |
− | |The | + | |The matching rule in Application Control (if any) |
|- | |- | ||
− | | | + | |application_control_detail |
− | | | + | |Application Control Detail |
− | | | + | |text |
− | |The | + | |The text detail from the Application Control engine |
|- | |- | ||
− | | | + | |bandwidth_control_priority |
− | | | + | |Bandwidth Control Priority |
− | | | + | |integer |
− | |The | + | |The priority given to this session |
|- | |- | ||
− | | | + | |bandwidth_control_rule |
− | | | + | |Bandwidth Control Rule ID |
− | | | + | |integer |
− | |The | + | |The matching rule in Bandwidth Control rule (if any) |
|- | |- | ||
− | | | + | |ssl_inspector_ruleid |
− | | | + | |SSL Inspector Rule ID |
− | | | + | |integer |
− | |The | + | |The matching rule in SSL Inspector rule (if any) |
|- | |- | ||
− | | | + | |ssl_inspector_status |
− | | | + | |SSL Inspector Status |
− | | | + | |text |
− | |The | + | |The status/action of the SSL session (INSPECTED,IGNORED,BLOCKED,UNTRUSTED,ABANDONED) |
|- | |- | ||
− | | | + | |ssl_inspector_detail |
− | | | + | |SSL Inspector Detail |
|text | |text | ||
− | | | + | |Additional text detail about the SSL connection (SNI, IP Address) |
|- | |- | ||
− | | | + | |tags |
− | | | + | |Tags |
− | + | |text | |
− | + | |The tags on this session | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |text | ||
− | |The | ||
− | |||
− | |||
− | |||
− | |||
− | |||
|- | |- | ||
|} | |} | ||
− | <section end=' | + | <section end='sessions' /> |
+ | () | ||
− | + | == session_minutes == | |
− | == | + | <section begin='session_minutes' /> |
− | <section begin=' | ||
{| border="1" cellpadding="2" width="90%%" align="center" | {| border="1" cellpadding="2" width="90%%" align="center" | ||
Line 1,122: | Line 1,095: | ||
!Description | !Description | ||
|- | |- | ||
− | |time_stamp | + | |session_id |
+ | |Session ID | ||
+ | |bigint | ||
+ | |The session | ||
+ | |- | ||
+ | |time_stamp | ||
|Timestamp | |Timestamp | ||
|timestamp without time zone | |timestamp without time zone | ||
|The time of the event | |The time of the event | ||
|- | |- | ||
− | | | + | |c2s_bytes |
− | | | + | |From-Client Bytes |
|bigint | |bigint | ||
− | |The | + | |The number of bytes the client sent |
|- | |- | ||
− | | | + | |s2c_bytes |
− | | | + | |From-Server Bytes |
− | | | + | |bigint |
− | |The | + | |The number of bytes the server sent |
|- | |- | ||
− | | | + | |start_time |
− | | | + | |Start Time |
− | | | + | |timestamp without time zone |
− | |The | + | |The start time of the session |
|- | |- | ||
− | | | + | |end_time |
− | | | + | |End Time |
− | | | + | |timestamp without time zone |
− | |The | + | |The time the session ended |
|- | |- | ||
− | | | + | |bypassed |
− | | | + | |Bypassed |
− | | | + | |boolean |
− | | | + | |True if the session was bypassed, false otherwise |
|- | |- | ||
− | | | + | |entitled |
− | | | + | |Entitled |
− | | | + | |boolean |
− | | | + | |True if the session is entitled to premium functionality |
|- | |- | ||
− | | | + | |protocol |
− | | | + | |Protocol |
− | | | + | |smallint |
− | |The | + | |The IP protocol of session |
|- | |- | ||
− | | | + | |icmp_type |
− | | | + | |ICMP Type |
− | | | + | |smallint |
− | |The | + | |The ICMP type of session if ICMP |
|- | |- | ||
− | | | + | |hostname |
− | | | + | |Hostname |
− | | | + | |text |
− | |The | + | |The hostname of the local address |
|- | |- | ||
− | | | + | |username |
− | | | + | |Username |
− | | | + | |text |
− | |The | + | |The username associated with this session |
− | |||
− | |||
− | |||
− | |||
− | |||
|- | |- | ||
|policy_id | |policy_id | ||
|Policy ID | |Policy ID | ||
− | | | + | |smallint |
|The policy | |The policy | ||
|- | |- | ||
− | | | + | |policy_rule_id |
− | | | + | |Policy Rule ID |
− | | | + | |smallint |
− | |The | + | |The ID of the matching policy rule (0 means none) |
|- | |- | ||
− | | | + | |local_addr |
− | | | + | |Local Address |
− | | | + | |inet |
− | |The | + | |The IP address of the local participant |
|- | |- | ||
− | | | + | |remote_addr |
− | | | + | |Remote Address |
− | | | + | |inet |
− | |The | + | |The IP address of the remote participant |
|- | |- | ||
− | | | + | |c_client_addr |
− | |Address | + | |Client-side Client Address |
− | | | + | |inet |
− | |The address | + | |The client-side client IP address |
|- | |- | ||
− | | | + | |c_server_addr |
− | |Address | + | |Client-side Server Address |
− | | | + | |inet |
− | |The | + | |The client-side server IP address |
|- | |- | ||
− | | | + | |c_server_port |
− | | | + | |Client-side Server Port |
− | | | + | |integer |
− | |The | + | |The client-side server port |
|- | |- | ||
− | | | + | |c_client_port |
− | | | + | |Client-side Client Port |
− | | | + | |integer |
− | |The | + | |The client-side client port |
|- | |- | ||
− | | | + | |s_client_addr |
− | | | + | |Server-side Client Address |
− | | | + | |inet |
− | |The | + | |The server-side client IP address |
|- | |- | ||
− | | | + | |s_server_addr |
− | | | + | |Server-side Server Address |
− | | | + | |inet |
− | |The address | + | |The server-side server IP address |
|- | |- | ||
− | | | + | |s_server_port |
− | | | + | |Server-side Server Port |
− | | | + | |integer |
− | |The | + | |The server-side server port |
+ | |- | ||
+ | |s_client_port | ||
+ | |Server-side Client Port | ||
+ | |integer | ||
+ | |The server-side client port | ||
|- | |- | ||
− | | | + | |client_intf |
− | | | + | |Client Interface |
− | | | + | |smallint |
− | |The | + | |The client interface |
|- | |- | ||
− | | | + | |server_intf |
− | | | + | |Server Interface |
− | | | + | |smallint |
− | |The | + | |The server interface |
|- | |- | ||
− | | | + | |client_country |
− | | | + | |Client Country |
|text | |text | ||
− | |The | + | |The client Country |
|- | |- | ||
− | | | + | |client_latitude |
− | | | + | |Client Latitude |
|real | |real | ||
− | |The | + | |The client Latitude |
|- | |- | ||
− | | | + | |client_longitude |
− | | | + | |Client Longitude |
− | | | + | |real |
− | |The | + | |The client Longitude |
|- | |- | ||
− | | | + | |server_country |
− | | | + | |Server Country |
− | |||
− | |||
− | |||
− | |||
− | |||
|text | |text | ||
− | |The | + | |The server Country |
|- | |- | ||
− | | | + | |server_latitude |
− | | | + | |Server Latitude |
|real | |real | ||
− | |The | + | |The server Latitude |
|- | |- | ||
− | | | + | |server_longitude |
− | | | + | |Server Longitude |
− | | | + | |real |
− | |The | + | |The server Longitude |
|- | |- | ||
− | | | + | |filter_prefix |
− | | | + | |Filter Block |
− | |||
− | |||
− | |||
− | |||
− | |||
|text | |text | ||
− | |The | + | |The network filter that blocked the connection (filter,shield,invalid) |
|- | |- | ||
− | | | + | |firewall_blocked |
− | | | + | |Firewall Blocked |
− | | | + | |boolean |
− | | | + | |True if Firewall blocked the session, false otherwise |
|- | |- | ||
− | | | + | |firewall_flagged |
− | | | + | |Firewall Flagged |
|boolean | |boolean | ||
− | | | + | |True if Firewall flagged the session, false otherwise |
|- | |- | ||
− | | | + | |firewall_rule_index |
− | | | + | |Firewall Rule ID |
− | | | + | |integer |
− | |The | + | |The matching rule in Firewall (if any) |
+ | |- | ||
+ | |threat_prevention_blocked | ||
+ | |Threat Prevention Blocked | ||
+ | |boolean | ||
+ | |If Threat Prevention blocked | ||
+ | |- | ||
+ | |threat_prevention_flagged | ||
+ | |Threat Prevention Flagged | ||
+ | |boolean | ||
+ | |If Threat Prevention flagged | ||
|- | |- | ||
− | | | + | |threat_prevention_reason |
− | | | + | |Threat Prevention Reason |
|character(1) | |character(1) | ||
− | | | + | |Threat Prevention reason |
|- | |- | ||
− | | | + | |threat_prevention_rule_id |
− | + | |Threat Prevention Rule Id | |
− | + | |integer | |
− | + | |Numeric rule id of Threat Prevention | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
|- | |- | ||
− | | | + | |threat_prevention_client_reputation |
− | | | + | |Threat Prevention Client Reputation |
− | | | + | |smallint |
− | | | + | |Numeric client reputation of Threat Prevention |
+ | |- | ||
+ | |threat_prevention_client_categories | ||
+ | |Threat Prevention Client Categories | ||
+ | |integer | ||
+ | |Bitmask client categories of Threat Prevention | ||
+ | |- | ||
+ | |threat_prevention_server_reputation | ||
+ | |Threat Prevention Server Reputation | ||
+ | |smallint | ||
+ | |Numeric server reputation of Threat Prevention | ||
|- | |- | ||
− | | | + | |threat_prevention_server_categories |
− | | | + | |Threat Prevention Server Categories |
− | | | + | |integer |
− | | | + | |Bitmask server categories of Threat Prevention |
|- | |- | ||
− | | | + | |application_control_lite_protocol |
− | | | + | |Application Control Lite Protocol |
|text | |text | ||
− | |The | + | |The application protocol according to Application Control Lite |
|- | |- | ||
− | | | + | |application_control_lite_blocked |
− | | | + | |Application Control Lite Blocked |
− | | | + | |boolean |
− | | | + | |True if Application Control Lite blocked the session |
− | |||
− | |||
− | |||
− | |||
− | |||
|- | |- | ||
− | | | + | |captive_portal_blocked |
− | | | + | |Captive Portal Blocked |
− | | | + | |boolean |
− | | | + | |True if Captive Portal blocked the session |
|- | |- | ||
− | | | + | |captive_portal_rule_index |
− | + | |Captive Portal Rule ID | |
− | + | |integer | |
− | + | |The matching rule in Captive Portal (if any) | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
|- | |- | ||
− | | | + | |application_control_application |
− | | | + | |Application Control Application |
− | | | + | |text |
− | |The | + | |The application according to Application Control |
|- | |- | ||
− | | | + | |application_control_protochain |
− | | | + | |Application Control Protochain |
− | | | + | |text |
− | |The | + | |The protochain according to Application Control |
|- | |- | ||
− | | | + | |application_control_category |
− | | | + | |Application Control Category |
− | | | + | |text |
− | |The | + | |The category according to Application Control |
|- | |- | ||
− | | | + | |application_control_blocked |
− | | | + | |Application Control Blocked |
− | | | + | |boolean |
− | | | + | |True if Application Control blocked the session |
|- | |- | ||
− | | | + | |application_control_flagged |
− | | | + | |Application Control Flagged |
− | | | + | |boolean |
− | | | + | |True if Application Control flagged the session |
|- | |- | ||
− | | | + | |application_control_confidence |
− | | | + | |Application Control Confidence |
− | | | + | |integer |
− | | | + | |True if Application Control confidence of this session's identification |
|- | |- | ||
− | | | + | |application_control_ruleid |
− | | | + | |Application Control Rule ID |
− | | | + | |integer |
− | |The | + | |The matching rule in Application Control (if any) |
|- | |- | ||
− | | | + | |application_control_detail |
− | | | + | |Application Control Detail |
− | | | + | |text |
− | |The | + | |The text detail from the Application Control engine |
|- | |- | ||
− | | | + | |bandwidth_control_priority |
− | | | + | |Bandwidth Control Priority |
− | |||
− | |||
− | |||
− | |||
− | |||
|integer | |integer | ||
− | |The | + | |The priority given to this session |
|- | |- | ||
− | | | + | |bandwidth_control_rule |
− | | | + | |Bandwidth Control Rule ID |
|integer | |integer | ||
− | |The | + | |The matching rule in Bandwidth Control rule (if any) |
|- | |- | ||
− | | | + | |ssl_inspector_ruleid |
− | | | + | |SSL Inspector Rule ID |
|integer | |integer | ||
− | |The | + | |The matching rule in SSL Inspector rule (if any) |
|- | |- | ||
− | | | + | |ssl_inspector_status |
− | | | + | |SSL Inspector Status |
− | | | + | |text |
− | |The | + | |The status/action of the SSL session (INSPECTED,IGNORED,BLOCKED,UNTRUSTED,ABANDONED) |
|- | |- | ||
− | | | + | |ssl_inspector_detail |
− | | | + | |SSL Inspector Detail |
− | | | + | |text |
− | | | + | |Additional text detail about the SSL connection (SNI, IP Address) |
|- | |- | ||
− | | | + | |tags |
− | | | + | |Tags |
|text | |text | ||
− | |The | + | |The tags on this session |
+ | |- | ||
+ | |} | ||
+ | <section end='session_minutes' /> | ||
+ | () | ||
+ | |||
+ | == quotas == | ||
+ | <section begin='quotas' /> | ||
+ | |||
+ | {| border="1" cellpadding="2" width="90%%" align="center" | ||
+ | !Column Name | ||
+ | !Human Name | ||
+ | !Type | ||
+ | !Description | ||
+ | |- | ||
+ | |time_stamp | ||
+ | |Timestamp | ||
+ | |timestamp without time zone | ||
+ | |The time of the event | ||
|- | |- | ||
− | | | + | |entity |
− | | | + | |Entity |
|text | |text | ||
− | |The | + | |The IP entity given the quota (address/username) |
|- | |- | ||
− | | | + | |action |
− | | | + | |Action |
− | | | + | |integer |
− | + | |The action (1=Quota Given, 2=Quota Exceeded) | |
|- | |- | ||
− | | | + | |size |
− | | | + | |Size |
− | | | + | |bigint |
− | |The | + | |The size of the quota |
|- | |- | ||
− | | | + | |reason |
− | | | + | |Reason |
|text | |text | ||
− | |The | + | |The reason for the action |
|- | |- | ||
− | | | + | |} |
− | + | <section end='quotas' /> | |
− | + | () | |
− | + | ||
− | | | + | == host_table_updates == |
− | + | <section begin='host_table_updates' /> | |
− | + | ||
− | + | {| border="1" cellpadding="2" width="90%%" align="center" | |
− | + | !Column Name | |
+ | !Human Name | ||
+ | !Type | ||
+ | !Description | ||
|- | |- | ||
− | | | + | |address |
− | | | + | |Address |
− | | | + | |inet |
− | |The | + | |The IP address of the host |
|- | |- | ||
− | | | + | |key |
− | | | + | |Key |
− | |||
− | |||
− | |||
− | |||
− | |||
|text | |text | ||
− | |The | + | |The key being updated |
|- | |- | ||
− | | | + | |value |
− | | | + | |Value |
|text | |text | ||
− | | | + | |The new value for the key |
|- | |- | ||
− | | | + | |old_value |
− | | | + | |Old Value |
− | | | + | |text |
− | | | + | |The old value for the key |
|- | |- | ||
− | | | + | |time_stamp |
− | | | + | |Timestamp |
− | | | + | |timestamp without time zone |
− | | | + | |The time of the event |
|- | |- | ||
− | | | + | |} |
− | | | + | <section end='host_table_updates' /> |
− | + | () | |
− | + | ||
+ | == device_table_updates == | ||
+ | <section begin='device_table_updates' /> | ||
+ | |||
+ | {| border="1" cellpadding="2" width="90%%" align="center" | ||
+ | !Column Name | ||
+ | !Human Name | ||
+ | !Type | ||
+ | !Description | ||
|- | |- | ||
− | | | + | |mac_address |
− | | | + | |MAC Address |
− | | | + | |text |
− | | | + | |The MAC address of the device |
|- | |- | ||
− | | | + | |key |
− | | | + | |Key |
− | | | + | |text |
− | | | + | |The key being updated |
|- | |- | ||
− | | | + | |value |
− | | | + | |Value |
− | | | + | |text |
− | |The | + | |The new value for the key |
|- | |- | ||
− | | | + | |old_value |
− | | | + | |Old Value |
|text | |text | ||
− | |The | + | |The old value for the key |
|- | |- | ||
− | | | + | |time_stamp |
− | | | + | |Timestamp |
− | | | + | |timestamp without time zone |
− | |The | + | |The time of the event |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
|- | |- | ||
|} | |} | ||
− | <section end=' | + | <section end='device_table_updates' /> |
+ | () | ||
− | == | + | == user_table_updates == |
− | <section begin=' | + | <section begin='user_table_updates' /> |
{| border="1" cellpadding="2" width="90%%" align="center" | {| border="1" cellpadding="2" width="90%%" align="center" | ||
Line 1,575: | Line 1,532: | ||
!Description | !Description | ||
|- | |- | ||
− | | | + | |username |
− | | | + | |Username |
− | | | + | |text |
− | |The | + | |The username |
+ | |- | ||
+ | |key | ||
+ | |Key | ||
+ | |text | ||
+ | |The key being updated | ||
+ | |- | ||
+ | |value | ||
+ | |Value | ||
+ | |text | ||
+ | |The new value for the key | ||
+ | |- | ||
+ | |old_value | ||
+ | |Old Value | ||
+ | |text | ||
+ | |The old value for the key | ||
|- | |- | ||
|time_stamp | |time_stamp | ||
Line 1,585: | Line 1,557: | ||
|The time of the event | |The time of the event | ||
|- | |- | ||
− | | | + | |} |
− | + | <section end='user_table_updates' /> | |
− | + | () | |
− | + | ||
− | | | + | == alerts == |
− | + | <section begin='alerts' /> | |
− | + | ||
− | + | {| border="1" cellpadding="2" width="90%%" align="center" | |
− | + | !Column Name | |
+ | !Human Name | ||
+ | !Type | ||
+ | !Description | ||
|- | |- | ||
− | | | + | |time_stamp |
− | | | + | |Timestamp |
− | | | + | |timestamp without time zone |
− | |The | + | |The time of the event |
|- | |- | ||
− | | | + | |description |
− | | | + | |Text detail of the event |
− | | | + | |text |
− | |The | + | |The description from the alert rule. |
|- | |- | ||
− | | | + | |summary_text |
− | | | + | |Summary Text |
− | | | + | |text |
− | |The | + | |The summary text of the alert |
|- | |- | ||
− | | | + | |json |
− | | | + | |JSON Text |
− | | | + | |text |
− | |The | + | |The summary JSON representation of the event causing the alert |
|- | |- | ||
− | | | + | |} |
− | | | + | <section end='alerts' /> |
− | + | () | |
− | + | ||
+ | == settings_changes == | ||
+ | <section begin='settings_changes' /> | ||
+ | |||
+ | {| border="1" cellpadding="2" width="90%%" align="center" | ||
+ | !Column Name | ||
+ | !Human Name | ||
+ | !Type | ||
+ | !Description | ||
|- | |- | ||
− | | | + | |time_stamp |
− | | | + | |Timestamp |
− | | | + | |timestamp without time zone |
− | |The | + | |The time of the event |
|- | |- | ||
− | | | + | |settings_file |
− | | | + | |Settings File |
|text | |text | ||
− | |The username | + | |The name of the file changed |
+ | |- | ||
+ | |username | ||
+ | |Username | ||
+ | |text | ||
+ | |The username logged in at the time of the change | ||
|- | |- | ||
|hostname | |hostname | ||
|Hostname | |Hostname | ||
|text | |text | ||
− | |The hostname of the | + | |The remote hostname |
+ | |- | ||
+ | |} | ||
+ | <section end='settings_changes' /> | ||
+ | () | ||
+ | |||
+ | == web_cache_stats == | ||
+ | <section begin='web_cache_stats' /> | ||
+ | |||
+ | {| border="1" cellpadding="2" width="90%%" align="center" | ||
+ | !Column Name | ||
+ | !Human Name | ||
+ | !Type | ||
+ | !Description | ||
+ | |- | ||
+ | |time_stamp | ||
+ | |Timestamp | ||
+ | |timestamp without time zone | ||
+ | |The time of the event | ||
|- | |- | ||
− | | | + | |hits |
− | | | + | |Hits |
|bigint | |bigint | ||
− | |The | + | |The number of cache hits during this time frame |
|- | |- | ||
− | | | + | |misses |
− | | | + | |Misses |
− | | | + | |bigint |
− | |The | + | |The number of cache misses during this time frame |
|- | |- | ||
− | | | + | |bypasses |
− | | | + | |Bypasses |
− | | | + | |bigint |
− | |The | + | |The number of cache user bypasses during this time frame |
|- | |- | ||
− | | | + | |systems |
− | | | + | |System bypasses |
− | | | + | |bigint |
− | |The | + | |The number of cache system bypasses during this time frame |
|- | |- | ||
− | | | + | |hit_bytes |
− | | | + | |Hit Bytes |
− | | | + | |bigint |
− | |The | + | |The number of bytes saved from cache hits |
|- | |- | ||
− | | | + | |miss_bytes |
− | | | + | |Miss Bytes |
− | | | + | |bigint |
− | |The | + | |The number of bytes not saved from cache misses |
|- | |- | ||
− | | | + | |event_id |
− | | | + | |Event ID |
− | | | + | |bigint |
− | |The | + | |The unique event ID |
|- | |- | ||
|} | |} | ||
− | <section end=' | + | <section end='web_cache_stats' /> |
+ | () | ||
− | + | == server_events == | |
− | == | + | <section begin='server_events' /> |
− | <section begin=' | ||
{| border="1" cellpadding="2" width="90%%" align="center" | {| border="1" cellpadding="2" width="90%%" align="center" | ||
Line 1,682: | Line 1,688: | ||
!Type | !Type | ||
!Description | !Description | ||
− | |||
− | |||
− | |||
− | |||
− | |||
|- | |- | ||
|time_stamp | |time_stamp | ||
Line 1,693: | Line 1,694: | ||
|The time of the event | |The time of the event | ||
|- | |- | ||
− | | | + | |load_1 |
− | | | + | |CPU load (1-min) |
− | | | + | |numeric(6,2) |
− | |The | + | |The 1-minute CPU load |
|- | |- | ||
− | | | + | |load_5 |
− | | | + | |CPU load (5-min) |
− | | | + | |numeric(6,2) |
− | |The | + | |The 5-minute CPU load |
|- | |- | ||
− | | | + | |load_15 |
− | | | + | |CPU load (15-min) |
− | | | + | |numeric(6,2) |
− | |The | + | |The 15-minute CPU load |
|- | |- | ||
− | | | + | |cpu_user |
− | | | + | |CPU User Utilization |
− | | | + | |numeric(6,3) |
− | |The | + | |The user CPU percent utilization |
|- | |- | ||
− | | | + | |cpu_system |
− | | | + | |CPU System Utilization |
− | | | + | |numeric(6,3) |
− | |The | + | |The system CPU percent utilization |
|- | |- | ||
− | | | + | |mem_total |
− | | | + | |Total Memory |
− | | | + | |bigint |
− | |The | + | |The total bytes of memory |
|- | |- | ||
− | | | + | |mem_free |
− | | | + | |Memory Free |
− | | | + | |bigint |
− | |The | + | |The number of free bytes of memory |
|- | |- | ||
− | | | + | |disk_total |
− | | | + | |Disk Size |
− | |||
− | |||
− | |||
− | |||
− | |||
|bigint | |bigint | ||
− | |The | + | |The total disk size in bytes |
|- | |- | ||
− | | | + | |disk_free |
− | | | + | |Disk Free |
|bigint | |bigint | ||
− | |The number of | + | |The free disk space in bytes |
+ | |- | ||
+ | |swap_total | ||
+ | |Swap Size | ||
+ | |bigint | ||
+ | |The total swap size in bytes | ||
+ | |- | ||
+ | |swap_free | ||
+ | |Swap Free | ||
+ | |bigint | ||
+ | |The free disk swap in bytes | ||
+ | |- | ||
+ | |active_hosts | ||
+ | |Active Hosts | ||
+ | |integer | ||
+ | |The number of active hosts | ||
|- | |- | ||
|} | |} | ||
− | <section end=' | + | <section end='server_events' /> |
+ | () | ||
− | + | == interface_stat_events == | |
− | == | + | <section begin='interface_stat_events' /> |
− | <section begin=' | ||
{| border="1" cellpadding="2" width="90%%" align="center" | {| border="1" cellpadding="2" width="90%%" align="center" | ||
Line 1,761: | Line 1,772: | ||
|The time of the event | |The time of the event | ||
|- | |- | ||
− | | | + | |interface_id |
− | | | + | |Interface ID |
− | | | + | |integer |
− | |The | + | |The interface ID |
|- | |- | ||
− | | | + | |rx_rate |
− | | | + | |Rx Rate |
+ | |double precision | ||
+ | |The RX rate (bytes/s) | ||
+ | |- | ||
+ | |rx_bytes | ||
+ | |Bytes Received | ||
|bigint | |bigint | ||
− | |The number of bytes received | + | |The number of bytes received from the client in this connection |
|- | |- | ||
− | | | + | |tx_rate |
− | | | + | |Tx Rate |
− | | | + | |double precision |
− | |The | + | |The TX rate (bytes/s) |
|- | |- | ||
− | | | + | |tx_bytes |
− | | | + | |Bytes Sent |
|bigint | |bigint | ||
− | |The | + | |The number of bytes sent to the client in this connection |
|- | |- | ||
|} | |} | ||
− | <section end=' | + | <section end='interface_stat_events' /> |
+ | () | ||
− | + | == mail_msgs == | |
− | == | + | <section begin='mail_msgs' /> |
− | <section begin=' | ||
{| border="1" cellpadding="2" width="90%%" align="center" | {| border="1" cellpadding="2" width="90%%" align="center" | ||
Line 1,799: | Line 1,815: | ||
|The time of the event | |The time of the event | ||
|- | |- | ||
− | | | + | |session_id |
− | |Interface | + | |Session ID |
− | | | + | |bigint |
− | |The interface | + | |The session |
+ | |- | ||
+ | |client_intf | ||
+ | |Client Interface | ||
+ | |smallint | ||
+ | |The client interface | ||
|- | |- | ||
− | | | + | |server_intf |
− | | | + | |Server Interface |
− | | | + | |smallint |
− | |The | + | |The server interface |
|- | |- | ||
− | | | + | |c_client_addr |
− | | | + | |Client-side Client Address |
− | | | + | |inet |
− | |The | + | |The client-side client IP address |
|- | |- | ||
− | | | + | |s_client_addr |
− | + | |Server-side Client Address | |
− | + | |inet | |
− | + | |The server-side client IP address | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
|- | |- | ||
− | | | + | |c_server_addr |
− | | | + | |Client-side Server Address |
− | | | + | |inet |
− | |The | + | |The client-side server IP address |
|- | |- | ||
− | | | + | |s_server_addr |
− | | | + | |Server-side Server Address |
− | | | + | |inet |
− | |The | + | |The server-side server IP address |
|- | |- | ||
− | | | + | |c_client_port |
− | | | + | |Client-side Client Port |
− | | | + | |integer |
− | | | + | |The client-side client port |
|- | |- | ||
− | | | + | |s_client_port |
− | | | + | |Server-side Client Port |
+ | |integer | ||
+ | |The server-side client port | ||
+ | |- | ||
+ | |c_server_port | ||
+ | |Client-side Server Port | ||
+ | |integer | ||
+ | |The client-side server port | ||
+ | |- | ||
+ | |s_server_port | ||
+ | |Server-side Server Port | ||
+ | |integer | ||
+ | |The server-side server port | ||
+ | |- | ||
+ | |policy_id | ||
+ | |Policy ID | ||
+ | |bigint | ||
+ | |The policy | ||
+ | |- | ||
+ | |username | ||
+ | |Username | ||
|text | |text | ||
− | |The | + | |The username associated with this session |
|- | |- | ||
− | | | + | |msg_id |
− | | | + | |Message ID |
|bigint | |bigint | ||
− | |The | + | |The message ID |
|- | |- | ||
− | | | + | |subject |
− | + | |Subject | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | | | ||
|text | |text | ||
− | |The | + | |The email subject |
|- | |- | ||
− | | | + | |hostname |
− | | | + | |Hostname |
|text | |text | ||
− | |The | + | |The hostname of the local address |
|- | |- | ||
− | | | + | |event_id |
− | | | + | |Event ID |
+ | |bigint | ||
+ | |The unique event ID | ||
+ | |- | ||
+ | |sender | ||
+ | |Sender | ||
|text | |text | ||
− | |The | + | |The address of the sender |
|- | |- | ||
− | | | + | |receiver |
− | | | + | |Receiver |
− | | | + | |text |
− | |The | + | |The address of the receiver |
|- | |- | ||
− | | | + | |virus_blocker_lite_clean |
− | + | |Virus Blocker Lite Clean | |
− | + | |boolean | |
− | + | |The cleanliness of the file according to Virus Blocker Lite | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
|- | |- | ||
− | | | + | |virus_blocker_lite_name |
− | | | + | |Virus Blocker Lite Name |
− | | | + | |text |
− | |The | + | |The name of the malware according to Virus Blocker Lite |
|- | |- | ||
− | | | + | |virus_blocker_clean |
− | | | + | |Virus Blocker Clean |
− | | | + | |boolean |
− | |The | + | |The cleanliness of the file according to Virus Blocker |
|- | |- | ||
− | | | + | |virus_blocker_name |
− | | | + | |Virus Blocker Name |
− | | | + | |text |
− | |The | + | |The name of the malware according to Virus Blocker |
|- | |- | ||
− | | | + | |spam_blocker_lite_score |
− | | | + | |Spam Blocker Lite Score |
− | | | + | |real |
− | |The | + | |The score of the email according to Spam Blocker Lite |
|- | |- | ||
− | | | + | |spam_blocker_lite_is_spam |
− | | | + | |Spam Blocker Lite Spam |
− | | | + | |boolean |
− | |The | + | |The spam status of the email according to Spam Blocker Lite |
|- | |- | ||
− | | | + | |spam_blocker_lite_tests_string |
− | | | + | |Spam Blocker Lite Tests |
− | | | + | |text |
− | |The | + | |The tess results for Spam Blocker Lite |
|- | |- | ||
− | | | + | |spam_blocker_lite_action |
− | | | + | |Spam Blocker Lite Action |
− | | | + | |character(1) |
− | |The | + | |The action taken by Spam Blocker Lite |
|- | |- | ||
− | | | + | |spam_blocker_score |
− | | | + | |Spam Blocker Score |
− | | | + | |real |
− | |The | + | |The score of the email according to Spam Blocker |
|- | |- | ||
− | | | + | |spam_blocker_is_spam |
− | | | + | |Spam Blocker Spam |
− | | | + | |boolean |
− | |The | + | |The spam status of the email according to Spam Blocker |
|- | |- | ||
− | | | + | |spam_blocker_tests_string |
− | | | + | |Spam Blocker Tests |
− | | | + | |text |
− | |The | + | |The tess results for Spam Blocker |
|- | |- | ||
− | | | + | |spam_blocker_action |
− | | | + | |Spam Blocker Action |
− | | | + | |character(1) |
− | |The | + | |The action taken by Spam Blocker |
|- | |- | ||
− | | | + | |phish_blocker_score |
− | | | + | |Phish Blocker Score |
− | | | + | |real |
− | |The | + | |The score of the email according to Phish Blocker |
|- | |- | ||
− | | | + | |phish_blocker_is_spam |
− | | | + | |Phish Blocker Phish |
− | | | + | |boolean |
− | |The | + | |The phish status of the email according to Phish Blocker |
+ | |- | ||
+ | |phish_blocker_tests_string | ||
+ | |Phish Blocker Tests | ||
+ | |text | ||
+ | |The tess results for Phish Blocker | ||
+ | |- | ||
+ | |phish_blocker_action | ||
+ | |Phish Blocker Action | ||
+ | |character(1) | ||
+ | |The action taken by Phish Blocker | ||
|- | |- | ||
|} | |} | ||
− | <section end=' | + | <section end='mail_msgs' /> |
+ | () | ||
− | + | == mail_addrs == | |
− | == | + | <section begin='mail_addrs' /> |
− | <section begin=' | ||
{| border="1" cellpadding="2" width="90%%" align="center" | {| border="1" cellpadding="2" width="90%%" align="center" | ||
Line 1,986: | Line 2,008: | ||
|The time of the event | |The time of the event | ||
|- | |- | ||
− | | | + | |session_id |
− | | | + | |Session ID |
|bigint | |bigint | ||
− | |The | + | |The session |
|- | |- | ||
− | | | + | |client_intf |
− | | | + | |Client Interface |
− | | | + | |smallint |
− | |The | + | |The client interface |
|- | |- | ||
− | | | + | |server_intf |
− | | | + | |Server Interface |
− | | | + | |smallint |
− | |The | + | |The server interface |
|- | |- | ||
− | | | + | |c_client_addr |
− | | | + | |Client-side Client Address |
− | | | + | |inet |
− | |The | + | |The client-side client IP address |
|- | |- | ||
− | | | + | |s_client_addr |
− | | | + | |Server-side Client Address |
− | | | + | |inet |
− | |The | + | |The server-side client IP address |
|- | |- | ||
− | | | + | |c_server_addr |
− | | | + | |Client-side Server Address |
− | | | + | |inet |
− | |The | + | |The client-side server IP address |
|- | |- | ||
− | | | + | |s_server_addr |
− | | | + | |Server-side Server Address |
− | | | + | |inet |
− | |The | + | |The server-side server IP address |
|- | |- | ||
− | | | + | |c_client_port |
− | + | |Client-side Client Port | |
− | + | |integer | |
− | + | |The client-side client port | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
|- | |- | ||
− | | | + | |s_client_port |
− | | | + | |Server-side Client Port |
− | | | + | |integer |
− | |The | + | |The server-side client port |
|- | |- | ||
− | | | + | |c_server_port |
− | | | + | |Client-side Server Port |
− | | | + | |integer |
− | |The | + | |The client-side server port |
+ | |- | ||
+ | |s_server_port | ||
+ | |Server-side Server Port | ||
+ | |integer | ||
+ | |The server-side server port | ||
|- | |- | ||
− | | | + | |policy_id |
− | | | + | |Policy ID |
|bigint | |bigint | ||
− | |The | + | |The policy |
|- | |- | ||
− | | | + | |username |
− | | | + | |Username |
− | | | + | |text |
− | |The | + | |The username associated with this session |
|- | |- | ||
− | | | + | |msg_id |
− | | | + | |Message ID |
− | | | + | |bigint |
− | |The | + | |The message ID |
|- | |- | ||
− | | | + | |subject |
− | | | + | |Subject |
− | | | + | |text |
− | |The | + | |The email subject |
|- | |- | ||
− | | | + | |addr |
− | | | + | |Address |
− | | | + | |text |
− | |The | + | |The address of this event |
|- | |- | ||
− | | | + | |addr_name |
− | | | + | |Address Name |
− | | | + | |text |
− | |The | + | |The name for this address |
|- | |- | ||
− | | | + | |addr_kind |
− | | | + | |Address Kind |
− | | | + | |character(1) |
− | |The | + | |The type for this address (F=From, T=To, C=CC, G=Envelope From, B=Envelope To, X=Unknown) |
|- | |- | ||
− | | | + | |hostname |
− | | | + | |Hostname |
− | | | + | |text |
− | |The | + | |The hostname of the local address |
|- | |- | ||
− | | | + | |event_id |
− | | | + | |Event ID |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
|bigint | |bigint | ||
− | |The | + | |The unique event ID |
|- | |- | ||
− | | | + | |sender |
− | | | + | |Sender |
|text | |text | ||
− | |The | + | |The address of the sender |
+ | |- | ||
+ | |virus_blocker_lite_clean | ||
+ | |Virus Blocker Lite Clean | ||
+ | |boolean | ||
+ | |The cleanliness of the file according to Virus Blocker Lite | ||
|- | |- | ||
− | | | + | |virus_blocker_lite_name |
− | | | + | |Virus Blocker Lite Name |
|text | |text | ||
− | |The | + | |The name of the malware according to Virus Blocker Lite |
|- | |- | ||
− | | | + | |virus_blocker_clean |
− | | | + | |Virus Blocker Clean |
− | | | + | |boolean |
− | |The | + | |The cleanliness of the file according to Virus Blocker |
|- | |- | ||
− | | | + | |virus_blocker_name |
− | | | + | |Virus Blocker Name |
− | |||
− | |||
− | |||
− | |||
− | |||
|text | |text | ||
− | |The | + | |The name of the malware according to Virus Blocker |
|- | |- | ||
− | | | + | |spam_blocker_lite_score |
− | | | + | |Spam Blocker Lite Score |
− | | | + | |real |
− | |The | + | |The score of the email according to Spam Blocker Lite |
|- | |- | ||
− | | | + | |spam_blocker_lite_is_spam |
− | | | + | |Spam Blocker Lite Spam |
− | | | + | |boolean |
− | |The | + | |The spam status of the email according to Spam Blocker Lite |
|- | |- | ||
− | | | + | |spam_blocker_lite_action |
− | | | + | |Spam Blocker Lite Action |
− | | | + | |character(1) |
− | |The | + | |The action taken by Spam Blocker Lite |
|- | |- | ||
− | | | + | |spam_blocker_lite_tests_string |
− | | | + | |Spam Blocker Lite Tests |
− | |||
− | |||
− | |||
− | |||
− | |||
|text | |text | ||
− | |The | + | |The tess results for Spam Blocker Lite |
|- | |- | ||
− | | | + | |spam_blocker_score |
− | + | |Spam Blocker Score | |
− | + | |real | |
− | + | |The score of the email according to Spam Blocker | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
|- | |- | ||
− | | | + | |spam_blocker_is_spam |
− | | | + | |Spam Blocker Spam |
− | | | + | |boolean |
− | |The | + | |The spam status of the email according to Spam Blocker |
|- | |- | ||
− | | | + | |spam_blocker_action |
− | | | + | |Spam Blocker Action |
− | | | + | |character(1) |
− | |The | + | |The action taken by Spam Blocker |
|- | |- | ||
− | | | + | |spam_blocker_tests_string |
− | | | + | |Spam Blocker Tests |
− | |||
− | |||
− | |||
− | |||
− | |||
|text | |text | ||
− | |The | + | |The tess results for Spam Blocker |
|- | |- | ||
− | | | + | |phish_blocker_score |
− | | | + | |Phish Blocker Score |
− | | | + | |real |
− | |The | + | |The score of the email according to Phish Blocker |
|- | |- | ||
− | | | + | |phish_blocker_is_spam |
− | | | + | |Phish Blocker Phish |
− | | | + | |boolean |
− | |The | + | |The phish status of the email according to Phish Blocker |
|- | |- | ||
− | | | + | |phish_blocker_tests_string |
− | | | + | |Phish Blocker Tests |
|text | |text | ||
− | |The | + | |The tess results for Phish Blocker |
+ | |- | ||
+ | |phish_blocker_action | ||
+ | |Phish Blocker Action | ||
+ | |character(1) | ||
+ | |The action taken by Phish Blocker | ||
|- | |- | ||
|} | |} | ||
− | <section end=' | + | <section end='mail_addrs' /> |
+ | () | ||
− | + | == ftp_events == | |
− | == | + | <section begin='ftp_events' /> |
− | <section begin=' | ||
{| border="1" cellpadding="2" width="90%%" align="center" | {| border="1" cellpadding="2" width="90%%" align="center" | ||
Line 2,214: | Line 2,205: | ||
!Type | !Type | ||
!Description | !Description | ||
+ | |- | ||
+ | |event_id | ||
+ | |Event ID | ||
+ | |bigint | ||
+ | |The unique event ID | ||
|- | |- | ||
|time_stamp | |time_stamp | ||
Line 2,220: | Line 2,216: | ||
|The time of the event | |The time of the event | ||
|- | |- | ||
− | | | + | |session_id |
− | | | + | |Session ID |
− | | | + | |bigint |
− | |The | + | |The session |
|- | |- | ||
− | | | + | |client_intf |
− | | | + | |Client Interface |
− | | | + | |smallint |
− | |The | + | |The client interface |
|- | |- | ||
− | | | + | |server_intf |
− | | | + | |Server Interface |
− | | | + | |smallint |
− | |The | + | |The server interface |
|- | |- | ||
− | | | + | |c_client_addr |
− | | | + | |Client-side Client Address |
− | | | + | |inet |
− | |The | + | |The client-side client IP address |
|- | |- | ||
− | | | + | |s_client_addr |
− | | | + | |Server-side Client Address |
|inet | |inet | ||
− | |The | + | |The server-side client IP address |
|- | |- | ||
− | | | + | |c_server_addr |
− | | | + | |Client-side Server Address |
|inet | |inet | ||
− | |The | + | |The client-side server IP address |
|- | |- | ||
− | | | + | |s_server_addr |
− | | | + | |Server-side Server Address |
− | | | + | |inet |
− | |The | + | |The server-side server IP address |
+ | |- | ||
+ | |policy_id | ||
+ | |Policy ID | ||
+ | |bigint | ||
+ | |The policy | ||
+ | |- | ||
+ | |username | ||
+ | |Username | ||
+ | |text | ||
+ | |The username associated with this session | ||
|- | |- | ||
− | | | + | |hostname |
− | | | + | |Hostname |
|text | |text | ||
− | |The | + | |The hostname of the local address |
|- | |- | ||
− | | | + | |request_id |
− | | | + | |Request ID |
|bigint | |bigint | ||
− | |The | + | |The FTP request ID |
+ | |- | ||
+ | |method | ||
+ | |Method | ||
+ | |character(1) | ||
+ | |The FTP method | ||
|- | |- | ||
− | |} | + | |uri |
− | <section end=' | + | |URI |
− | + | |text | |
− | + | |The FTP URI | |
− | == | + | |- |
− | <section begin=' | + | |virus_blocker_lite_clean |
+ | |Virus Blocker Lite Clean | ||
+ | |boolean | ||
+ | |The cleanliness of the file according to Virus Blocker Lite | ||
+ | |- | ||
+ | |virus_blocker_lite_name | ||
+ | |Virus Blocker Lite Name | ||
+ | |text | ||
+ | |The name of the malware according to Virus Blocker Lite | ||
+ | |- | ||
+ | |virus_blocker_clean | ||
+ | |Virus Blocker Clean | ||
+ | |boolean | ||
+ | |The cleanliness of the file according to Virus Blocker | ||
+ | |- | ||
+ | |virus_blocker_name | ||
+ | |Virus Blocker Name | ||
+ | |text | ||
+ | |The name of the malware according to Virus Blocker | ||
+ | |- | ||
+ | |} | ||
+ | <section end='ftp_events' /> | ||
+ | () | ||
+ | |||
+ | == tunnel_vpn_events == | ||
+ | <section begin='tunnel_vpn_events' /> | ||
{| border="1" cellpadding="2" width="90%%" align="center" | {| border="1" cellpadding="2" width="90%%" align="center" | ||
Line 2,278: | Line 2,314: | ||
!Description | !Description | ||
|- | |- | ||
− | |time_stamp | + | |event_id |
+ | |Event ID | ||
+ | |bigint | ||
+ | |The unique event ID | ||
+ | |- | ||
+ | |time_stamp | ||
|Timestamp | |Timestamp | ||
|timestamp without time zone | |timestamp without time zone | ||
|The time of the event | |The time of the event | ||
|- | |- | ||
− | | | + | |tunnel_name |
− | | | + | |Tunnel Name |
− | | | + | |text |
− | |The | + | |The name the tunnel |
|- | |- | ||
− | | | + | |server_address |
− | | | + | |Server IP Address |
− | | | + | |text |
− | |The | + | |The address of the remote server |
|- | |- | ||
− | | | + | |local_address |
− | | | + | |Local Address |
|text | |text | ||
− | |The | + | |The local address assigned the client |
|- | |- | ||
− | | | + | |event_type |
− | |Type | + | |Event Type |
|text | |text | ||
|The type of the event (CONNECT,DISCONNECT) | |The type of the event (CONNECT,DISCONNECT) | ||
|- | |- | ||
|} | |} | ||
− | <section end=' | + | <section end='tunnel_vpn_events' /> |
− | + | () | |
− | == | + | == tunnel_vpn_stats == |
− | <section begin=' | + | <section begin='tunnel_vpn_stats' /> |
{| border="1" cellpadding="2" width="90%%" align="center" | {| border="1" cellpadding="2" width="90%%" align="center" | ||
Line 2,321: | Line 2,362: | ||
|The time of the event | |The time of the event | ||
|- | |- | ||
− | | | + | |tunnel_name |
− | | | + | |Tunnel Name |
− | | | + | |text |
− | | | + | |The name of the Tunnel VPN tunnel |
|- | |- | ||
− | | | + | |in_bytes |
− | | | + | |In Bytes |
|bigint | |bigint | ||
− | |The | + | |The number of bytes received during this time frame |
|- | |- | ||
− | | | + | |out_bytes |
− | | | + | |Out Bytes |
|bigint | |bigint | ||
− | |The | + | |The number of bytes transmitted during this time frame |
|- | |- | ||
− | | | + | |event_id |
− | | | + | |Event ID |
− | | | + | |bigint |
− | |The | + | |The unique event ID |
|- | |- | ||
− | | | + | |} |
− | + | <section end='tunnel_vpn_stats' /> | |
− | + | () | |
− | + | ||
− | | | + | == wan_failover_test_events == |
− | + | <section begin='wan_failover_test_events' /> | |
− | + | ||
− | + | {| border="1" cellpadding="2" width="90%%" align="center" | |
− | + | !Column Name | |
+ | !Human Name | ||
+ | !Type | ||
+ | !Description | ||
|- | |- | ||
− | | | + | |time_stamp |
− | | | + | |Timestamp |
− | | | + | |timestamp without time zone |
− | |The | + | |The time of the event |
|- | |- | ||
− | | | + | |interface_id |
− | | | + | |Interface ID |
|integer | |integer | ||
− | | | + | |This interface ID |
|- | |- | ||
− | | | + | |name |
− | | | + | |Interface Name |
− | |||
− | |||
− | |||
− | |||
− | |||
|text | |text | ||
− | | | + | |This name of the interface |
|- | |- | ||
− | | | + | |description |
− | | | + | |Text detail of the event |
|text | |text | ||
− | |The | + | |The description from the test rule |
|- | |- | ||
− | | | + | |success |
− | | | + | |Success |
− | | | + | |boolean |
− | |The | + | |The result of the test (true if the test succeeded, false otherwise) |
+ | |- | ||
+ | |event_id | ||
+ | |Event ID | ||
+ | |bigint | ||
+ | |The unique event ID | ||
|- | |- | ||
|} | |} | ||
− | <section end=' | + | <section end='wan_failover_test_events' /> |
+ | () | ||
− | + | == wan_failover_action_events == | |
− | == | + | <section begin='wan_failover_action_events' /> |
− | <section begin=' | ||
{| border="1" cellpadding="2" width="90%%" align="center" | {| border="1" cellpadding="2" width="90%%" align="center" | ||
Line 2,399: | Line 2,443: | ||
|The time of the event | |The time of the event | ||
|- | |- | ||
− | | | + | |interface_id |
− | | | + | |Interface ID |
+ | |integer | ||
+ | |This interface ID | ||
+ | |- | ||
+ | |action | ||
+ | |Action | ||
|text | |text | ||
− | | | + | |This action (CONNECTED,DISCONNECTED) |
|- | |- | ||
− | | | + | |os_name |
− | | | + | |Interface O/S Name |
|text | |text | ||
− | | | + | |This O/S name of the interface |
|- | |- | ||
− | | | + | |name |
− | | | + | |Interface Name |
|text | |text | ||
− | | | + | |This name of the interface |
+ | |- | ||
+ | |event_id | ||
+ | |Event ID | ||
+ | |bigint | ||
+ | |The unique event ID | ||
|- | |- | ||
|} | |} | ||
− | <section end=' | + | <section end='wan_failover_action_events' /> |
+ | () | ||
− | + | == directory_connector_login_events == | |
− | == | + | <section begin='directory_connector_login_events' /> |
− | <section begin=' | ||
{| border="1" cellpadding="2" width="90%%" align="center" | {| border="1" cellpadding="2" width="90%%" align="center" | ||
Line 2,427: | Line 2,481: | ||
!Description | !Description | ||
|- | |- | ||
− | | | + | |time_stamp |
− | | | + | |Timestamp |
+ | |timestamp without time zone | ||
+ | |The time of the event | ||
+ | |- | ||
+ | |login_name | ||
+ | |Login Name | ||
|text | |text | ||
− | |The | + | |The login name |
|- | |- | ||
− | | | + | |domain |
− | | | + | |Domain |
|text | |text | ||
− | |The | + | |The AD domain |
|- | |- | ||
− | | | + | |type |
− | | | + | |Type |
|text | |text | ||
− | |The | + | |The type of event (I=Login,U=Update,O=Logout) |
+ | |- | ||
+ | |client_addr | ||
+ | |Client Address | ||
+ | |inet | ||
+ | |The client IP address | ||
|- | |- | ||
− | | | + | |login_type |
− | | | + | |Login Type |
|text | |text | ||
− | |The | + | |The login type |
+ | |- | ||
+ | |} | ||
+ | <section end='directory_connector_login_events' /> | ||
+ | () | ||
+ | |||
+ | == captive_portal_user_events == | ||
+ | <section begin='captive_portal_user_events' /> | ||
+ | |||
+ | {| border="1" cellpadding="2" width="90%%" align="center" | ||
+ | !Column Name | ||
+ | !Human Name | ||
+ | !Type | ||
+ | !Description | ||
|- | |- | ||
|time_stamp | |time_stamp | ||
Line 2,452: | Line 2,529: | ||
|The time of the event | |The time of the event | ||
|- | |- | ||
− | |} | + | |policy_id |
− | <section end=' | + | |Policy ID |
+ | |bigint | ||
+ | |The policy | ||
+ | |- | ||
+ | |event_id | ||
+ | |Event ID | ||
+ | |bigint | ||
+ | |The unique event ID | ||
+ | |- | ||
+ | |login_name | ||
+ | |Login Name | ||
+ | |text | ||
+ | |The login username | ||
+ | |- | ||
+ | |event_info | ||
+ | |Event Type | ||
+ | |text | ||
+ | |The type of event (LOGIN, FAILED, TIMEOUT, INACTIVE, USER_LOGOUT, ADMIN_LOGOUT) | ||
+ | |- | ||
+ | |auth_type | ||
+ | |Authorization Type | ||
+ | |text | ||
+ | |The authorization type for this event | ||
+ | |- | ||
+ | |client_addr | ||
+ | |Client Address | ||
+ | |text | ||
+ | |The remote IP address of the client | ||
+ | |- | ||
+ | |} | ||
+ | <section end='captive_portal_user_events' /> | ||
+ | () | ||
+ | |||
+ | == openvpn_stats == | ||
+ | <section begin='openvpn_stats' /> | ||
+ | |||
+ | {| border="1" cellpadding="2" width="90%%" align="center" | ||
+ | !Column Name | ||
+ | !Human Name | ||
+ | !Type | ||
+ | !Description | ||
+ | |- | ||
+ | |time_stamp | ||
+ | |Timestamp | ||
+ | |timestamp without time zone | ||
+ | |The time of the event | ||
+ | |- | ||
+ | |start_time | ||
+ | |Start Time | ||
+ | |timestamp without time zone | ||
+ | |The time the OpenVPN session started | ||
+ | |- | ||
+ | |end_time | ||
+ | |End Time | ||
+ | |timestamp without time zone | ||
+ | |The time the OpenVPN session ended | ||
+ | |- | ||
+ | |rx_bytes | ||
+ | |Bytes Received | ||
+ | |bigint | ||
+ | |The total bytes received from the client during this session | ||
+ | |- | ||
+ | |tx_bytes | ||
+ | |Bytes Sent | ||
+ | |bigint | ||
+ | |The total bytes sent to the client during this session | ||
+ | |- | ||
+ | |remote_address | ||
+ | |Remote Address | ||
+ | |inet | ||
+ | |The remote IP address of the client | ||
+ | |- | ||
+ | |pool_address | ||
+ | |Pool Address | ||
+ | |inet | ||
+ | |The pool IP address of the client | ||
+ | |- | ||
+ | |remote_port | ||
+ | |Remote Port | ||
+ | |integer | ||
+ | |The remote port of the client | ||
+ | |- | ||
+ | |client_name | ||
+ | |Client Name | ||
+ | |text | ||
+ | |The name of the client | ||
+ | |- | ||
+ | |event_id | ||
+ | |Event ID | ||
+ | |bigint | ||
+ | |The unique event ID | ||
+ | |- | ||
+ | |} | ||
+ | <section end='openvpn_stats' /> | ||
+ | () | ||
+ | |||
+ | == openvpn_events == | ||
+ | <section begin='openvpn_events' /> | ||
+ | |||
+ | {| border="1" cellpadding="2" width="90%%" align="center" | ||
+ | !Column Name | ||
+ | !Human Name | ||
+ | !Type | ||
+ | !Description | ||
+ | |- | ||
+ | |time_stamp | ||
+ | |Timestamp | ||
+ | |timestamp without time zone | ||
+ | |The time of the event | ||
+ | |- | ||
+ | |remote_address | ||
+ | |Remote Address | ||
+ | |inet | ||
+ | |The remote IP address of the client | ||
+ | |- | ||
+ | |pool_address | ||
+ | |Pool Address | ||
+ | |inet | ||
+ | |The pool IP address of the client | ||
+ | |- | ||
+ | |client_name | ||
+ | |Client Name | ||
+ | |text | ||
+ | |The name of the client | ||
+ | |- | ||
+ | |type | ||
+ | |Type | ||
+ | |text | ||
+ | |The type of the event (CONNECT,DISCONNECT) | ||
+ | |- | ||
+ | |} | ||
+ | <section end='openvpn_events' /> | ||
+ | () |
Revision as of 14:44, 19 February 2020
Contents
- 1 Database Tables
- 1.1 configuration_backup_events
- 1.2 http_events
- 1.3 intrusion_prevention_events
- 1.4 smtp_tarpit_events
- 1.5 ipsec_user_events
- 1.6 ipsec_vpn_events
- 1.7 ipsec_tunnel_stats
- 1.8 http_query_events
- 1.9 admin_logins
- 1.10 sessions
- 1.11 session_minutes
- 1.12 quotas
- 1.13 host_table_updates
- 1.14 device_table_updates
- 1.15 user_table_updates
- 1.16 alerts
- 1.17 settings_changes
- 1.18 web_cache_stats
- 1.19 server_events
- 1.20 interface_stat_events
- 1.21 mail_msgs
- 1.22 mail_addrs
- 1.23 ftp_events
- 1.24 tunnel_vpn_events
- 1.25 tunnel_vpn_stats
- 1.26 wan_failover_test_events
- 1.27 wan_failover_action_events
- 1.28 directory_connector_login_events
- 1.29 captive_portal_user_events
- 1.30 openvpn_stats
- 1.31 openvpn_events
Database Tables
configuration_backup_events
Column Name | Human Name | Type | Description |
---|---|---|---|
time_stamp | Timestamp | timestamp without time zone | The time of the event |
success | Success | boolean | The result of the backup (true if the backup succeeded, false otherwise) |
description | Text detail of the event | text | Text detail of the event |
destination | Destination | text | The location of the backup |
event_id | Event ID | bigint | The unique event ID |
()
http_events
Column Name | Human Name | Type | Description |
---|---|---|---|
request_id | Request ID | bigint | The HTTP request ID |
time_stamp | Timestamp | timestamp without time zone | The time of the event |
session_id | Session ID | bigint | The session |
client_intf | Client Interface | smallint | The client interface |
server_intf | Server Interface | smallint | The server interface |
c_client_addr | Client-side Client Address | inet | The client-side client IP address |
s_client_addr | Server-side Client Address | inet | The server-side client IP address |
c_server_addr | Client-side Server Address | inet | The client-side server IP address |
s_server_addr | Server-side Server Address | inet | The server-side server IP address |
c_client_port | Client-side Client Port | integer | The client-side client port |
s_client_port | Server-side Client Port | integer | The server-side client port |
c_server_port | Client-side Server Port | integer | The client-side server port |
s_server_port | Server-side Server Port | integer | The server-side server port |
client_country | Client Country | text | The client Country |
client_latitude | Client Latitude | real | The client Latitude |
client_longitude | Client Longitude | real | The client Longitude |
server_country | Server Country | text | The server Country |
server_latitude | Server Latitude | real | The server Latitude |
server_longitude | Server Longitude | real | The server Longitude |
policy_id | Policy ID | smallint | The policy |
username | Username | text | The username associated with this session |
hostname | Hostname | text | The hostname of the local address |
method | Method | character(1) | The HTTP method |
uri | URI | text | The HTTP URI |
host | Host | text | The HTTP host |
domain | Domain | text | The HTTP domain (shortened host) |
referer | Referer | text | The Referer URL |
c2s_content_length | Client-to-server Content Length | bigint | The client-to-server content length |
s2c_content_length | Server-to-client Content Length | bigint | The server-to-client content length |
s2c_content_type | Server-to-client Content Type | text | The server-to-client content type |
s2c_content_filename | Server-to-client Content Disposition Filename | text | The server-to-client content disposition filename |
ad_blocker_cookie_ident | Ad Blocker Cookie | text | This name of cookie blocked by Ad Blocker |
ad_blocker_action | Ad Blocker Action | character(1) | This action of Ad Blocker on this request |
web_filter_reason | Web Filter Reason | character(1) | This reason Web Filter blocked/flagged this request |
web_filter_category_id | Web Filter Category Id | smallint | This numeric category according to Web Filter |
web_filter_rule_id | Web Filter Rule Id | smallint | This numeric rule according to Web Filter |
web_filter_blocked | Web Filter Blocked | boolean | If Web Filter blocked this request |
web_filter_flagged | Web Filter Flagged | boolean | If Web Filter flagged this request |
virus_blocker_lite_clean | Virus Blocker Lite Clean | boolean | The cleanliness of the file according to Virus Blocker Lite |
virus_blocker_lite_name | Virus Blocker Lite Name | text | The name of the malware according to Virus Blocker Lite |
virus_blocker_clean | Virus Blocker Clean | boolean | The cleanliness of the file according to Virus Blocker |
virus_blocker_name | Virus Blocker Name | text | The name of the malware according to Virus Blocker |
threat_prevention_blocked | Threat Prevention Blocked | boolean | If Threat Prevention blocked this request |
threat_prevention_flagged | Threat Prevention Flagged | boolean | If Threat Prevention flagged this request |
threat_prevention_rule_id | Threat Prevention Rule Id | integer | This numeric rule according to Threat Prevention |
threat_prevention_reputation | Threat Prevention Reputation | smallint | This numeric threat reputation |
threat_prevention_categories | Threat Prevention Categories | integer | This bitmask of threat categories |
()
intrusion_prevention_events
Column Name | Human Name | Type | Description |
---|---|---|---|
time_stamp | Timestamp | timestamp without time zone | The time of the event |
sig_id | Signature ID | bigint | This ID of the rule |
gen_id | Grouping ID | bigint | The grouping ID for the rule, The gen_id + sig_id specify the rule's unique identifier |
class_id | Classtype ID | bigint | The numeric ID for the classtype |
source_addr | Source Address | inet | The source IP address of the packet |
source_port | Source Port | integer | The source port of the packet (if applicable) |
dest_addr | Destination Address | inet | The destination IP address of the packet |
dest_port | Destination Port | integer | The destination port of the packet (if applicable) |
protocol | Protocol | integer | The protocol of the packet |
blocked | Blocked | boolean | If the packet was blocked/dropped |
category | Category | text | The application specific grouping for the signature |
classtype | Classtype | text | The generalized threat signature grouping (unrelated to gen_id) |
msg | Message | text | The "title" or "description" of the signature |
rid | Rule ID | text | The rule id |
rule_id | Rule ID | text | The rule id |
()
smtp_tarpit_events
Column Name | Human Name | Type | Description |
---|---|---|---|
time_stamp | Timestamp | timestamp without time zone | The time of the event |
ipaddr | Client Address | inet | The client IP address |
hostname | Hostname | text | The hostname of the local address |
policy_id | Policy ID | bigint | The policy |
vendor_name | Vendor Name | character varying(255) | The "vendor name" of the app that logged the event |
event_id | Event ID | bigint | The unique event ID |
()
ipsec_user_events
Column Name | Human Name | Type | Description |
---|---|---|---|
event_id | Event ID | bigint | The unique event ID |
time_stamp | Timestamp | timestamp without time zone | The time of the event |
connect_stamp | Connect Time | timestamp without time zone | The time the connection started |
goodbye_stamp | End Time | timestamp without time zone | The time the connection ended |
client_address | Client Address | text | The remote IP address of the client |
client_protocol | Client Protocol | text | The protocol the client used to connect |
client_username | Client Username | text | The username of the client |
net_process | Net Process | text | The PID of the PPP process for L2TP connections or the connection ID for Xauth connections |
net_interface | Net Interface | text | The PPP interface for L2TP connections or the client interface for Xauth connections |
elapsed_time | Elapsed Time | text | The total time the client was connected |
rx_bytes | Bytes Received | bigint | The number of bytes received from the client in this connection |
tx_bytes | Bytes Sent | bigint | The number of bytes sent to the client in this connection |
()
ipsec_vpn_events
Column Name | Human Name | Type | Description |
---|---|---|---|
event_id | Event ID | bigint | The unique event ID |
time_stamp | Timestamp | timestamp without time zone | The time of the event |
local_address | Local Address | text | The local address of the tunnel |
remote_address | Remote Address | text | The remote address of the tunnel |
tunnel_description | Tunnel Description | text | The description of the tunnel |
event_type | Event Type | text | The type of the event (CONNECT,DISCONNECT) |
()
ipsec_tunnel_stats
Column Name | Human Name | Type | Description |
---|---|---|---|
time_stamp | Timestamp | timestamp without time zone | The time of the event |
tunnel_name | Tunnel Name | text | The name of the IPsec tunnel |
in_bytes | In Bytes | bigint | The number of bytes received during this time frame |
out_bytes | Out Bytes | bigint | The number of bytes transmitted during this time frame |
event_id | Event ID | bigint | The unique event ID |
()
http_query_events
Column Name | Human Name | Type | Description |
---|---|---|---|
event_id | Event ID | bigint | The unique event ID |
time_stamp | Timestamp | timestamp without time zone | The time of the event |
session_id | Session ID | bigint | The session |
client_intf | Client Interface | smallint | The client interface |
server_intf | Server Interface | smallint | The server interface |
c_client_addr | Client-side Client Address | inet | The client-side client IP address |
s_client_addr | Server-side Client Address | inet | The server-side client IP address |
c_server_addr | Client-side Server Address | inet | The client-side server IP address |
s_server_addr | Server-side Server Address | inet | The server-side server IP address |
c_client_port | Client-side Client Port | integer | The client-side client port |
s_client_port | Server-side Client Port | integer | The server-side client port |
c_server_port | Client-side Server Port | integer | The client-side server port |
s_server_port | Server-side Server Port | integer | The server-side server port |
policy_id | Policy ID | bigint | The policy |
username | Username | text | The username associated with this session |
hostname | Hostname | text | The hostname of the local address |
request_id | Request ID | bigint | The HTTP request ID |
method | Method | character(1) | The HTTP method |
uri | URI | text | The HTTP URI |
term | Search Term | text | The search term |
host | Host | text | The HTTP host |
c2s_content_length | Client-to-server Content Length | bigint | The client-to-server content length |
s2c_content_length | Server-to-client Content Length | bigint | The server-to-client content length |
s2c_content_type | Server-to-client Content Type | text | The server-to-client content type |
blocked | Blocked | boolean | If Web Filter blocked this search term |
flagged | Flagged | boolean | If Web Filter flagged this search term |
()
admin_logins
Column Name | Human Name | Type | Description |
---|---|---|---|
time_stamp | Timestamp | timestamp without time zone | The time of the event |
login | Login | text | The login name |
local | Local | boolean | True if it is a login attempt through a local process |
client_addr | Client Address | inet | The client IP address |
succeeded | Succeeded | boolean | True if the login succeeded, false otherwise |
reason | Reason | character(1) | The reason for the login (if applicable) |
()
sessions
Column Name | Human Name | Type | Description |
---|---|---|---|
session_id | Session ID | bigint | The session |
time_stamp | Timestamp | timestamp without time zone | The time of the event |
end_time | End Time | timestamp without time zone | The time the session ended |
bypassed | Bypassed | boolean | True if the session was bypassed, false otherwise |
entitled | Entitled | boolean | True if the session is entitled to premium functionality |
protocol | Protocol | smallint | The IP protocol of session |
icmp_type | ICMP Type | smallint | The ICMP type of session if ICMP |
hostname | Hostname | text | The hostname of the local address |
username | Username | text | The username associated with this session |
policy_id | Policy ID | smallint | The policy |
policy_rule_id | Policy Rule ID | smallint | The ID of the matching policy rule (0 means none) |
local_addr | Local Address | inet | The IP address of the local participant |
remote_addr | Remote Address | inet | The IP address of the remote participant |
c_client_addr | Client-side Client Address | inet | The client-side client IP address |
c_server_addr | Client-side Server Address | inet | The client-side server IP address |
c_server_port | Client-side Server Port | integer | The client-side server port |
c_client_port | Client-side Client Port | integer | The client-side client port |
s_client_addr | Server-side Client Address | inet | The server-side client IP address |
s_server_addr | Server-side Server Address | inet | The server-side server IP address |
s_server_port | Server-side Server Port | integer | The server-side server port |
s_client_port | Server-side Client Port | integer | The server-side client port |
client_intf | Client Interface | smallint | The client interface |
server_intf | Server Interface | smallint | The server interface |
client_country | Client Country | text | The client Country |
client_latitude | Client Latitude | real | The client Latitude |
client_longitude | Client Longitude | real | The client Longitude |
server_country | Server Country | text | The server Country |
server_latitude | Server Latitude | real | The server Latitude |
server_longitude | Server Longitude | real | The server Longitude |
c2p_bytes | From-Client Bytes | bigint | The number of bytes the client sent to Untangle (client-to-pipeline) |
p2c_bytes | To-Client Bytes | bigint | The number of bytes Untangle sent to client (pipeline-to-client) |
s2p_bytes | From-Server Bytes | bigint | The number of bytes the server sent to Untangle (client-to-pipeline) |
p2s_bytes | To-Server Bytes | bigint | The number of bytes Untangle sent to server (pipeline-to-client) |
filter_prefix | Filter Block | text | The network filter that blocked the connection (filter,shield,invalid) |
firewall_blocked | Firewall Blocked | boolean | True if Firewall blocked the session, false otherwise |
firewall_flagged | Firewall Flagged | boolean | True if Firewall flagged the session, false otherwise |
firewall_rule_index | Firewall Rule ID | integer | The matching rule in Firewall (if any) |
threat_prevention_blocked | Threat Prevention Blocked | boolean | If Threat Prevention blocked |
threat_prevention_flagged | Threat Prevention Flagged | boolean | If Threat Prevention flagged |
threat_prevention_reason | Threat Prevention Reason | character(1) | Threat Prevention reason |
threat_prevention_rule_id | Threat Prevention Rule Id | integer | Numeric rule id of Threat Prevention |
threat_prevention_client_reputation | Threat Prevention Client Reputation | smallint | Numeric client reputation of Threat Prevention |
threat_prevention_client_categories | Threat Prevention Client Categories | integer | Bitmask client categories of Threat Prevention |
threat_prevention_server_reputation | Threat Prevention Server Reputation | smallint | Numeric server reputation of Threat Prevention |
threat_prevention_server_categories | Threat Prevention Server Categories | integer | Bitmask server categories of Threat Prevention |
application_control_lite_protocol | Application Control Lite Protocol | text | The application protocol according to Application Control Lite |
application_control_lite_blocked | Application Control Lite Blocked | boolean | True if Application Control Lite blocked the session |
captive_portal_blocked | Captive Portal Blocked | boolean | True if Captive Portal blocked the session |
captive_portal_rule_index | Captive Portal Rule ID | integer | The matching rule in Captive Portal (if any) |
application_control_application | Application Control Application | text | The application according to Application Control |
application_control_protochain | Application Control Protochain | text | The protochain according to Application Control |
application_control_category | Application Control Category | text | The category according to Application Control |
application_control_blocked | Application Control Blocked | boolean | True if Application Control blocked the session |
application_control_flagged | Application Control Flagged | boolean | True if Application Control flagged the session |
application_control_confidence | Application Control Confidence | integer | True if Application Control confidence of this session's identification |
application_control_ruleid | Application Control Rule ID | integer | The matching rule in Application Control (if any) |
application_control_detail | Application Control Detail | text | The text detail from the Application Control engine |
bandwidth_control_priority | Bandwidth Control Priority | integer | The priority given to this session |
bandwidth_control_rule | Bandwidth Control Rule ID | integer | The matching rule in Bandwidth Control rule (if any) |
ssl_inspector_ruleid | SSL Inspector Rule ID | integer | The matching rule in SSL Inspector rule (if any) |
ssl_inspector_status | SSL Inspector Status | text | The status/action of the SSL session (INSPECTED,IGNORED,BLOCKED,UNTRUSTED,ABANDONED) |
ssl_inspector_detail | SSL Inspector Detail | text | Additional text detail about the SSL connection (SNI, IP Address) |
tags | Tags | text | The tags on this session |
()
session_minutes
Column Name | Human Name | Type | Description |
---|---|---|---|
session_id | Session ID | bigint | The session |
time_stamp | Timestamp | timestamp without time zone | The time of the event |
c2s_bytes | From-Client Bytes | bigint | The number of bytes the client sent |
s2c_bytes | From-Server Bytes | bigint | The number of bytes the server sent |
start_time | Start Time | timestamp without time zone | The start time of the session |
end_time | End Time | timestamp without time zone | The time the session ended |
bypassed | Bypassed | boolean | True if the session was bypassed, false otherwise |
entitled | Entitled | boolean | True if the session is entitled to premium functionality |
protocol | Protocol | smallint | The IP protocol of session |
icmp_type | ICMP Type | smallint | The ICMP type of session if ICMP |
hostname | Hostname | text | The hostname of the local address |
username | Username | text | The username associated with this session |
policy_id | Policy ID | smallint | The policy |
policy_rule_id | Policy Rule ID | smallint | The ID of the matching policy rule (0 means none) |
local_addr | Local Address | inet | The IP address of the local participant |
remote_addr | Remote Address | inet | The IP address of the remote participant |
c_client_addr | Client-side Client Address | inet | The client-side client IP address |
c_server_addr | Client-side Server Address | inet | The client-side server IP address |
c_server_port | Client-side Server Port | integer | The client-side server port |
c_client_port | Client-side Client Port | integer | The client-side client port |
s_client_addr | Server-side Client Address | inet | The server-side client IP address |
s_server_addr | Server-side Server Address | inet | The server-side server IP address |
s_server_port | Server-side Server Port | integer | The server-side server port |
s_client_port | Server-side Client Port | integer | The server-side client port |
client_intf | Client Interface | smallint | The client interface |
server_intf | Server Interface | smallint | The server interface |
client_country | Client Country | text | The client Country |
client_latitude | Client Latitude | real | The client Latitude |
client_longitude | Client Longitude | real | The client Longitude |
server_country | Server Country | text | The server Country |
server_latitude | Server Latitude | real | The server Latitude |
server_longitude | Server Longitude | real | The server Longitude |
filter_prefix | Filter Block | text | The network filter that blocked the connection (filter,shield,invalid) |
firewall_blocked | Firewall Blocked | boolean | True if Firewall blocked the session, false otherwise |
firewall_flagged | Firewall Flagged | boolean | True if Firewall flagged the session, false otherwise |
firewall_rule_index | Firewall Rule ID | integer | The matching rule in Firewall (if any) |
threat_prevention_blocked | Threat Prevention Blocked | boolean | If Threat Prevention blocked |
threat_prevention_flagged | Threat Prevention Flagged | boolean | If Threat Prevention flagged |
threat_prevention_reason | Threat Prevention Reason | character(1) | Threat Prevention reason |
threat_prevention_rule_id | Threat Prevention Rule Id | integer | Numeric rule id of Threat Prevention |
threat_prevention_client_reputation | Threat Prevention Client Reputation | smallint | Numeric client reputation of Threat Prevention |
threat_prevention_client_categories | Threat Prevention Client Categories | integer | Bitmask client categories of Threat Prevention |
threat_prevention_server_reputation | Threat Prevention Server Reputation | smallint | Numeric server reputation of Threat Prevention |
threat_prevention_server_categories | Threat Prevention Server Categories | integer | Bitmask server categories of Threat Prevention |
application_control_lite_protocol | Application Control Lite Protocol | text | The application protocol according to Application Control Lite |
application_control_lite_blocked | Application Control Lite Blocked | boolean | True if Application Control Lite blocked the session |
captive_portal_blocked | Captive Portal Blocked | boolean | True if Captive Portal blocked the session |
captive_portal_rule_index | Captive Portal Rule ID | integer | The matching rule in Captive Portal (if any) |
application_control_application | Application Control Application | text | The application according to Application Control |
application_control_protochain | Application Control Protochain | text | The protochain according to Application Control |
application_control_category | Application Control Category | text | The category according to Application Control |
application_control_blocked | Application Control Blocked | boolean | True if Application Control blocked the session |
application_control_flagged | Application Control Flagged | boolean | True if Application Control flagged the session |
application_control_confidence | Application Control Confidence | integer | True if Application Control confidence of this session's identification |
application_control_ruleid | Application Control Rule ID | integer | The matching rule in Application Control (if any) |
application_control_detail | Application Control Detail | text | The text detail from the Application Control engine |
bandwidth_control_priority | Bandwidth Control Priority | integer | The priority given to this session |
bandwidth_control_rule | Bandwidth Control Rule ID | integer | The matching rule in Bandwidth Control rule (if any) |
ssl_inspector_ruleid | SSL Inspector Rule ID | integer | The matching rule in SSL Inspector rule (if any) |
ssl_inspector_status | SSL Inspector Status | text | The status/action of the SSL session (INSPECTED,IGNORED,BLOCKED,UNTRUSTED,ABANDONED) |
ssl_inspector_detail | SSL Inspector Detail | text | Additional text detail about the SSL connection (SNI, IP Address) |
tags | Tags | text | The tags on this session |
()
quotas
Column Name | Human Name | Type | Description |
---|---|---|---|
time_stamp | Timestamp | timestamp without time zone | The time of the event |
entity | Entity | text | The IP entity given the quota (address/username) |
action | Action | integer | The action (1=Quota Given, 2=Quota Exceeded) |
size | Size | bigint | The size of the quota |
reason | Reason | text | The reason for the action |
()
host_table_updates
Column Name | Human Name | Type | Description |
---|---|---|---|
address | Address | inet | The IP address of the host |
key | Key | text | The key being updated |
value | Value | text | The new value for the key |
old_value | Old Value | text | The old value for the key |
time_stamp | Timestamp | timestamp without time zone | The time of the event |
()
device_table_updates
Column Name | Human Name | Type | Description |
---|---|---|---|
mac_address | MAC Address | text | The MAC address of the device |
key | Key | text | The key being updated |
value | Value | text | The new value for the key |
old_value | Old Value | text | The old value for the key |
time_stamp | Timestamp | timestamp without time zone | The time of the event |
()
user_table_updates
Column Name | Human Name | Type | Description |
---|---|---|---|
username | Username | text | The username |
key | Key | text | The key being updated |
value | Value | text | The new value for the key |
old_value | Old Value | text | The old value for the key |
time_stamp | Timestamp | timestamp without time zone | The time of the event |
()
alerts
Column Name | Human Name | Type | Description |
---|---|---|---|
time_stamp | Timestamp | timestamp without time zone | The time of the event |
description | Text detail of the event | text | The description from the alert rule. |
summary_text | Summary Text | text | The summary text of the alert |
json | JSON Text | text | The summary JSON representation of the event causing the alert |
()
settings_changes
Column Name | Human Name | Type | Description |
---|---|---|---|
time_stamp | Timestamp | timestamp without time zone | The time of the event |
settings_file | Settings File | text | The name of the file changed |
username | Username | text | The username logged in at the time of the change |
hostname | Hostname | text | The remote hostname |
()
web_cache_stats
Column Name | Human Name | Type | Description |
---|---|---|---|
time_stamp | Timestamp | timestamp without time zone | The time of the event |
hits | Hits | bigint | The number of cache hits during this time frame |
misses | Misses | bigint | The number of cache misses during this time frame |
bypasses | Bypasses | bigint | The number of cache user bypasses during this time frame |
systems | System bypasses | bigint | The number of cache system bypasses during this time frame |
hit_bytes | Hit Bytes | bigint | The number of bytes saved from cache hits |
miss_bytes | Miss Bytes | bigint | The number of bytes not saved from cache misses |
event_id | Event ID | bigint | The unique event ID |
()
server_events
Column Name | Human Name | Type | Description |
---|---|---|---|
time_stamp | Timestamp | timestamp without time zone | The time of the event |
load_1 | CPU load (1-min) | numeric(6,2) | The 1-minute CPU load |
load_5 | CPU load (5-min) | numeric(6,2) | The 5-minute CPU load |
load_15 | CPU load (15-min) | numeric(6,2) | The 15-minute CPU load |
cpu_user | CPU User Utilization | numeric(6,3) | The user CPU percent utilization |
cpu_system | CPU System Utilization | numeric(6,3) | The system CPU percent utilization |
mem_total | Total Memory | bigint | The total bytes of memory |
mem_free | Memory Free | bigint | The number of free bytes of memory |
disk_total | Disk Size | bigint | The total disk size in bytes |
disk_free | Disk Free | bigint | The free disk space in bytes |
swap_total | Swap Size | bigint | The total swap size in bytes |
swap_free | Swap Free | bigint | The free disk swap in bytes |
active_hosts | Active Hosts | integer | The number of active hosts |
()
interface_stat_events
Column Name | Human Name | Type | Description |
---|---|---|---|
time_stamp | Timestamp | timestamp without time zone | The time of the event |
interface_id | Interface ID | integer | The interface ID |
rx_rate | Rx Rate | double precision | The RX rate (bytes/s) |
rx_bytes | Bytes Received | bigint | The number of bytes received from the client in this connection |
tx_rate | Tx Rate | double precision | The TX rate (bytes/s) |
tx_bytes | Bytes Sent | bigint | The number of bytes sent to the client in this connection |
()
mail_msgs
Column Name | Human Name | Type | Description |
---|---|---|---|
time_stamp | Timestamp | timestamp without time zone | The time of the event |
session_id | Session ID | bigint | The session |
client_intf | Client Interface | smallint | The client interface |
server_intf | Server Interface | smallint | The server interface |
c_client_addr | Client-side Client Address | inet | The client-side client IP address |
s_client_addr | Server-side Client Address | inet | The server-side client IP address |
c_server_addr | Client-side Server Address | inet | The client-side server IP address |
s_server_addr | Server-side Server Address | inet | The server-side server IP address |
c_client_port | Client-side Client Port | integer | The client-side client port |
s_client_port | Server-side Client Port | integer | The server-side client port |
c_server_port | Client-side Server Port | integer | The client-side server port |
s_server_port | Server-side Server Port | integer | The server-side server port |
policy_id | Policy ID | bigint | The policy |
username | Username | text | The username associated with this session |
msg_id | Message ID | bigint | The message ID |
subject | Subject | text | The email subject |
hostname | Hostname | text | The hostname of the local address |
event_id | Event ID | bigint | The unique event ID |
sender | Sender | text | The address of the sender |
receiver | Receiver | text | The address of the receiver |
virus_blocker_lite_clean | Virus Blocker Lite Clean | boolean | The cleanliness of the file according to Virus Blocker Lite |
virus_blocker_lite_name | Virus Blocker Lite Name | text | The name of the malware according to Virus Blocker Lite |
virus_blocker_clean | Virus Blocker Clean | boolean | The cleanliness of the file according to Virus Blocker |
virus_blocker_name | Virus Blocker Name | text | The name of the malware according to Virus Blocker |
spam_blocker_lite_score | Spam Blocker Lite Score | real | The score of the email according to Spam Blocker Lite |
spam_blocker_lite_is_spam | Spam Blocker Lite Spam | boolean | The spam status of the email according to Spam Blocker Lite |
spam_blocker_lite_tests_string | Spam Blocker Lite Tests | text | The tess results for Spam Blocker Lite |
spam_blocker_lite_action | Spam Blocker Lite Action | character(1) | The action taken by Spam Blocker Lite |
spam_blocker_score | Spam Blocker Score | real | The score of the email according to Spam Blocker |
spam_blocker_is_spam | Spam Blocker Spam | boolean | The spam status of the email according to Spam Blocker |
spam_blocker_tests_string | Spam Blocker Tests | text | The tess results for Spam Blocker |
spam_blocker_action | Spam Blocker Action | character(1) | The action taken by Spam Blocker |
phish_blocker_score | Phish Blocker Score | real | The score of the email according to Phish Blocker |
phish_blocker_is_spam | Phish Blocker Phish | boolean | The phish status of the email according to Phish Blocker |
phish_blocker_tests_string | Phish Blocker Tests | text | The tess results for Phish Blocker |
phish_blocker_action | Phish Blocker Action | character(1) | The action taken by Phish Blocker |
()
mail_addrs
Column Name | Human Name | Type | Description |
---|---|---|---|
time_stamp | Timestamp | timestamp without time zone | The time of the event |
session_id | Session ID | bigint | The session |
client_intf | Client Interface | smallint | The client interface |
server_intf | Server Interface | smallint | The server interface |
c_client_addr | Client-side Client Address | inet | The client-side client IP address |
s_client_addr | Server-side Client Address | inet | The server-side client IP address |
c_server_addr | Client-side Server Address | inet | The client-side server IP address |
s_server_addr | Server-side Server Address | inet | The server-side server IP address |
c_client_port | Client-side Client Port | integer | The client-side client port |
s_client_port | Server-side Client Port | integer | The server-side client port |
c_server_port | Client-side Server Port | integer | The client-side server port |
s_server_port | Server-side Server Port | integer | The server-side server port |
policy_id | Policy ID | bigint | The policy |
username | Username | text | The username associated with this session |
msg_id | Message ID | bigint | The message ID |
subject | Subject | text | The email subject |
addr | Address | text | The address of this event |
addr_name | Address Name | text | The name for this address |
addr_kind | Address Kind | character(1) | The type for this address (F=From, T=To, C=CC, G=Envelope From, B=Envelope To, X=Unknown) |
hostname | Hostname | text | The hostname of the local address |
event_id | Event ID | bigint | The unique event ID |
sender | Sender | text | The address of the sender |
virus_blocker_lite_clean | Virus Blocker Lite Clean | boolean | The cleanliness of the file according to Virus Blocker Lite |
virus_blocker_lite_name | Virus Blocker Lite Name | text | The name of the malware according to Virus Blocker Lite |
virus_blocker_clean | Virus Blocker Clean | boolean | The cleanliness of the file according to Virus Blocker |
virus_blocker_name | Virus Blocker Name | text | The name of the malware according to Virus Blocker |
spam_blocker_lite_score | Spam Blocker Lite Score | real | The score of the email according to Spam Blocker Lite |
spam_blocker_lite_is_spam | Spam Blocker Lite Spam | boolean | The spam status of the email according to Spam Blocker Lite |
spam_blocker_lite_action | Spam Blocker Lite Action | character(1) | The action taken by Spam Blocker Lite |
spam_blocker_lite_tests_string | Spam Blocker Lite Tests | text | The tess results for Spam Blocker Lite |
spam_blocker_score | Spam Blocker Score | real | The score of the email according to Spam Blocker |
spam_blocker_is_spam | Spam Blocker Spam | boolean | The spam status of the email according to Spam Blocker |
spam_blocker_action | Spam Blocker Action | character(1) | The action taken by Spam Blocker |
spam_blocker_tests_string | Spam Blocker Tests | text | The tess results for Spam Blocker |
phish_blocker_score | Phish Blocker Score | real | The score of the email according to Phish Blocker |
phish_blocker_is_spam | Phish Blocker Phish | boolean | The phish status of the email according to Phish Blocker |
phish_blocker_tests_string | Phish Blocker Tests | text | The tess results for Phish Blocker |
phish_blocker_action | Phish Blocker Action | character(1) | The action taken by Phish Blocker |
()
ftp_events
Column Name | Human Name | Type | Description |
---|---|---|---|
event_id | Event ID | bigint | The unique event ID |
time_stamp | Timestamp | timestamp without time zone | The time of the event |
session_id | Session ID | bigint | The session |
client_intf | Client Interface | smallint | The client interface |
server_intf | Server Interface | smallint | The server interface |
c_client_addr | Client-side Client Address | inet | The client-side client IP address |
s_client_addr | Server-side Client Address | inet | The server-side client IP address |
c_server_addr | Client-side Server Address | inet | The client-side server IP address |
s_server_addr | Server-side Server Address | inet | The server-side server IP address |
policy_id | Policy ID | bigint | The policy |
username | Username | text | The username associated with this session |
hostname | Hostname | text | The hostname of the local address |
request_id | Request ID | bigint | The FTP request ID |
method | Method | character(1) | The FTP method |
uri | URI | text | The FTP URI |
virus_blocker_lite_clean | Virus Blocker Lite Clean | boolean | The cleanliness of the file according to Virus Blocker Lite |
virus_blocker_lite_name | Virus Blocker Lite Name | text | The name of the malware according to Virus Blocker Lite |
virus_blocker_clean | Virus Blocker Clean | boolean | The cleanliness of the file according to Virus Blocker |
virus_blocker_name | Virus Blocker Name | text | The name of the malware according to Virus Blocker |
()
tunnel_vpn_events
Column Name | Human Name | Type | Description |
---|---|---|---|
event_id | Event ID | bigint | The unique event ID |
time_stamp | Timestamp | timestamp without time zone | The time of the event |
tunnel_name | Tunnel Name | text | The name the tunnel |
server_address | Server IP Address | text | The address of the remote server |
local_address | Local Address | text | The local address assigned the client |
event_type | Event Type | text | The type of the event (CONNECT,DISCONNECT) |
()
tunnel_vpn_stats
Column Name | Human Name | Type | Description |
---|---|---|---|
time_stamp | Timestamp | timestamp without time zone | The time of the event |
tunnel_name | Tunnel Name | text | The name of the Tunnel VPN tunnel |
in_bytes | In Bytes | bigint | The number of bytes received during this time frame |
out_bytes | Out Bytes | bigint | The number of bytes transmitted during this time frame |
event_id | Event ID | bigint | The unique event ID |
()
wan_failover_test_events
Column Name | Human Name | Type | Description |
---|---|---|---|
time_stamp | Timestamp | timestamp without time zone | The time of the event |
interface_id | Interface ID | integer | This interface ID |
name | Interface Name | text | This name of the interface |
description | Text detail of the event | text | The description from the test rule |
success | Success | boolean | The result of the test (true if the test succeeded, false otherwise) |
event_id | Event ID | bigint | The unique event ID |
()
wan_failover_action_events
Column Name | Human Name | Type | Description |
---|---|---|---|
time_stamp | Timestamp | timestamp without time zone | The time of the event |
interface_id | Interface ID | integer | This interface ID |
action | Action | text | This action (CONNECTED,DISCONNECTED) |
os_name | Interface O/S Name | text | This O/S name of the interface |
name | Interface Name | text | This name of the interface |
event_id | Event ID | bigint | The unique event ID |
()
directory_connector_login_events
Column Name | Human Name | Type | Description |
---|---|---|---|
time_stamp | Timestamp | timestamp without time zone | The time of the event |
login_name | Login Name | text | The login name |
domain | Domain | text | The AD domain |
type | Type | text | The type of event (I=Login,U=Update,O=Logout) |
client_addr | Client Address | inet | The client IP address |
login_type | Login Type | text | The login type |
()
captive_portal_user_events
Column Name | Human Name | Type | Description |
---|---|---|---|
time_stamp | Timestamp | timestamp without time zone | The time of the event |
policy_id | Policy ID | bigint | The policy |
event_id | Event ID | bigint | The unique event ID |
login_name | Login Name | text | The login username |
event_info | Event Type | text | The type of event (LOGIN, FAILED, TIMEOUT, INACTIVE, USER_LOGOUT, ADMIN_LOGOUT) |
auth_type | Authorization Type | text | The authorization type for this event |
client_addr | Client Address | text | The remote IP address of the client |
()
openvpn_stats
Column Name | Human Name | Type | Description |
---|---|---|---|
time_stamp | Timestamp | timestamp without time zone | The time of the event |
start_time | Start Time | timestamp without time zone | The time the OpenVPN session started |
end_time | End Time | timestamp without time zone | The time the OpenVPN session ended |
rx_bytes | Bytes Received | bigint | The total bytes received from the client during this session |
tx_bytes | Bytes Sent | bigint | The total bytes sent to the client during this session |
remote_address | Remote Address | inet | The remote IP address of the client |
pool_address | Pool Address | inet | The pool IP address of the client |
remote_port | Remote Port | integer | The remote port of the client |
client_name | Client Name | text | The name of the client |
event_id | Event ID | bigint | The unique event ID |
()
openvpn_events
Column Name | Human Name | Type | Description |
---|---|---|---|
time_stamp | Timestamp | timestamp without time zone | The time of the event |
remote_address | Remote Address | inet | The remote IP address of the client |
pool_address | Pool Address | inet | The pool IP address of the client |
client_name | Client Name | text | The name of the client |
type | Type | text | The type of the event (CONNECT,DISCONNECT) |
()