Revision as of 14:44, 19 February 2020

Database Tables

configuration_backup_events

Column Name	Human Name	Type	Description
time_stamp	Timestamp	timestamp without time zone	The time of the event
success	Success	boolean	The result of the backup (true if the backup succeeded, false otherwise)
description	Text detail of the event	text	Text detail of the event
destination	Destination	text	The location of the backup
event_id	Event ID	bigint	The unique event ID

()

http_events

Column Name	Human Name	Type	Description
request_id	Request ID	bigint	The HTTP request ID
time_stamp	Timestamp	timestamp without time zone	The time of the event
session_id	Session ID	bigint	The session
client_intf	Client Interface	smallint	The client interface
server_intf	Server Interface	smallint	The server interface
c_client_addr	Client-side Client Address	inet	The client-side client IP address
s_client_addr	Server-side Client Address	inet	The server-side client IP address
c_server_addr	Client-side Server Address	inet	The client-side server IP address
s_server_addr	Server-side Server Address	inet	The server-side server IP address
c_client_port	Client-side Client Port	integer	The client-side client port
s_client_port	Server-side Client Port	integer	The server-side client port
c_server_port	Client-side Server Port	integer	The client-side server port
s_server_port	Server-side Server Port	integer	The server-side server port
client_country	Client Country	text	The client Country
client_latitude	Client Latitude	real	The client Latitude
client_longitude	Client Longitude	real	The client Longitude
server_country	Server Country	text	The server Country
server_latitude	Server Latitude	real	The server Latitude
server_longitude	Server Longitude	real	The server Longitude
policy_id	Policy ID	smallint	The policy
username	Username	text	The username associated with this session
hostname	Hostname	text	The hostname of the local address
method	Method	character(1)	The HTTP method
uri	URI	text	The HTTP URI
host	Host	text	The HTTP host
domain	Domain	text	The HTTP domain (shortened host)
referer	Referer	text	The Referer URL
c2s_content_length	Client-to-server Content Length	bigint	The client-to-server content length
s2c_content_length	Server-to-client Content Length	bigint	The server-to-client content length
s2c_content_type	Server-to-client Content Type	text	The server-to-client content type
s2c_content_filename	Server-to-client Content Disposition Filename	text	The server-to-client content disposition filename
ad_blocker_cookie_ident	Ad Blocker Cookie	text	This name of cookie blocked by Ad Blocker
ad_blocker_action	Ad Blocker Action	character(1)	This action of Ad Blocker on this request
web_filter_reason	Web Filter Reason	character(1)	This reason Web Filter blocked/flagged this request
web_filter_category_id	Web Filter Category Id	smallint	This numeric category according to Web Filter
web_filter_rule_id	Web Filter Rule Id	smallint	This numeric rule according to Web Filter
web_filter_blocked	Web Filter Blocked	boolean	If Web Filter blocked this request
web_filter_flagged	Web Filter Flagged	boolean	If Web Filter flagged this request
virus_blocker_lite_clean	Virus Blocker Lite Clean	boolean	The cleanliness of the file according to Virus Blocker Lite
virus_blocker_lite_name	Virus Blocker Lite Name	text	The name of the malware according to Virus Blocker Lite
virus_blocker_clean	Virus Blocker Clean	boolean	The cleanliness of the file according to Virus Blocker
virus_blocker_name	Virus Blocker Name	text	The name of the malware according to Virus Blocker
threat_prevention_blocked	Threat Prevention Blocked	boolean	If Threat Prevention blocked this request
threat_prevention_flagged	Threat Prevention Flagged	boolean	If Threat Prevention flagged this request
threat_prevention_rule_id	Threat Prevention Rule Id	integer	This numeric rule according to Threat Prevention
threat_prevention_reputation	Threat Prevention Reputation	smallint	This numeric threat reputation
threat_prevention_categories	Threat Prevention Categories	integer	This bitmask of threat categories

()

intrusion_prevention_events

Column Name	Human Name	Type	Description
time_stamp	Timestamp	timestamp without time zone	The time of the event
sig_id	Signature ID	bigint	This ID of the rule
gen_id	Grouping ID	bigint	The grouping ID for the rule, The gen_id + sig_id specify the rule's unique identifier
class_id	Classtype ID	bigint	The numeric ID for the classtype
source_addr	Source Address	inet	The source IP address of the packet
source_port	Source Port	integer	The source port of the packet (if applicable)
dest_addr	Destination Address	inet	The destination IP address of the packet
dest_port	Destination Port	integer	The destination port of the packet (if applicable)
protocol	Protocol	integer	The protocol of the packet
blocked	Blocked	boolean	If the packet was blocked/dropped
category	Category	text	The application specific grouping for the signature
classtype	Classtype	text	The generalized threat signature grouping (unrelated to gen_id)
msg	Message	text	The "title" or "description" of the signature
rid	Rule ID	text	The rule id
rule_id	Rule ID	text	The rule id

()

smtp_tarpit_events

Column Name	Human Name	Type	Description
time_stamp	Timestamp	timestamp without time zone	The time of the event
ipaddr	Client Address	inet	The client IP address
hostname	Hostname	text	The hostname of the local address
policy_id	Policy ID	bigint	The policy
vendor_name	Vendor Name	character varying(255)	The "vendor name" of the app that logged the event
event_id	Event ID	bigint	The unique event ID

()

ipsec_user_events

Column Name	Human Name	Type	Description
event_id	Event ID	bigint	The unique event ID
time_stamp	Timestamp	timestamp without time zone	The time of the event
connect_stamp	Connect Time	timestamp without time zone	The time the connection started
goodbye_stamp	End Time	timestamp without time zone	The time the connection ended
client_address	Client Address	text	The remote IP address of the client
client_protocol	Client Protocol	text	The protocol the client used to connect
client_username	Client Username	text	The username of the client
net_process	Net Process	text	The PID of the PPP process for L2TP connections or the connection ID for Xauth connections
net_interface	Net Interface	text	The PPP interface for L2TP connections or the client interface for Xauth connections
elapsed_time	Elapsed Time	text	The total time the client was connected
rx_bytes	Bytes Received	bigint	The number of bytes received from the client in this connection
tx_bytes	Bytes Sent	bigint	The number of bytes sent to the client in this connection

()

ipsec_vpn_events

Column Name	Human Name	Type	Description
event_id	Event ID	bigint	The unique event ID
time_stamp	Timestamp	timestamp without time zone	The time of the event
local_address	Local Address	text	The local address of the tunnel
remote_address	Remote Address	text	The remote address of the tunnel
tunnel_description	Tunnel Description	text	The description of the tunnel
event_type	Event Type	text	The type of the event (CONNECT,DISCONNECT)

()

ipsec_tunnel_stats

Column Name	Human Name	Type	Description
time_stamp	Timestamp	timestamp without time zone	The time of the event
tunnel_name	Tunnel Name	text	The name of the IPsec tunnel
in_bytes	In Bytes	bigint	The number of bytes received during this time frame
out_bytes	Out Bytes	bigint	The number of bytes transmitted during this time frame
event_id	Event ID	bigint	The unique event ID

()

http_query_events

Column Name	Human Name	Type	Description
event_id	Event ID	bigint	The unique event ID
time_stamp	Timestamp	timestamp without time zone	The time of the event
session_id	Session ID	bigint	The session
client_intf	Client Interface	smallint	The client interface
server_intf	Server Interface	smallint	The server interface
c_client_addr	Client-side Client Address	inet	The client-side client IP address
s_client_addr	Server-side Client Address	inet	The server-side client IP address
c_server_addr	Client-side Server Address	inet	The client-side server IP address
s_server_addr	Server-side Server Address	inet	The server-side server IP address
c_client_port	Client-side Client Port	integer	The client-side client port
s_client_port	Server-side Client Port	integer	The server-side client port
c_server_port	Client-side Server Port	integer	The client-side server port
s_server_port	Server-side Server Port	integer	The server-side server port
policy_id	Policy ID	bigint	The policy
username	Username	text	The username associated with this session
hostname	Hostname	text	The hostname of the local address
request_id	Request ID	bigint	The HTTP request ID
method	Method	character(1)	The HTTP method
uri	URI	text	The HTTP URI
term	Search Term	text	The search term
host	Host	text	The HTTP host
c2s_content_length	Client-to-server Content Length	bigint	The client-to-server content length
s2c_content_length	Server-to-client Content Length	bigint	The server-to-client content length
s2c_content_type	Server-to-client Content Type	text	The server-to-client content type
blocked	Blocked	boolean	If Web Filter blocked this search term
flagged	Flagged	boolean	If Web Filter flagged this search term

()

admin_logins

Column Name	Human Name	Type	Description
time_stamp	Timestamp	timestamp without time zone	The time of the event
login	Login	text	The login name
local	Local	boolean	True if it is a login attempt through a local process
client_addr	Client Address	inet	The client IP address
succeeded	Succeeded	boolean	True if the login succeeded, false otherwise
reason	Reason	character(1)	The reason for the login (if applicable)

()

sessions

Column Name	Human Name	Type	Description
session_id	Session ID	bigint	The session
time_stamp	Timestamp	timestamp without time zone	The time of the event
end_time	End Time	timestamp without time zone	The time the session ended
bypassed	Bypassed	boolean	True if the session was bypassed, false otherwise
entitled	Entitled	boolean	True if the session is entitled to premium functionality
protocol	Protocol	smallint	The IP protocol of session
icmp_type	ICMP Type	smallint	The ICMP type of session if ICMP
hostname	Hostname	text	The hostname of the local address
username	Username	text	The username associated with this session
policy_id	Policy ID	smallint	The policy
policy_rule_id	Policy Rule ID	smallint	The ID of the matching policy rule (0 means none)
local_addr	Local Address	inet	The IP address of the local participant
remote_addr	Remote Address	inet	The IP address of the remote participant
c_client_addr	Client-side Client Address	inet	The client-side client IP address
c_server_addr	Client-side Server Address	inet	The client-side server IP address
c_server_port	Client-side Server Port	integer	The client-side server port
c_client_port	Client-side Client Port	integer	The client-side client port
s_client_addr	Server-side Client Address	inet	The server-side client IP address
s_server_addr	Server-side Server Address	inet	The server-side server IP address
s_server_port	Server-side Server Port	integer	The server-side server port
s_client_port	Server-side Client Port	integer	The server-side client port
client_intf	Client Interface	smallint	The client interface
server_intf	Server Interface	smallint	The server interface
client_country	Client Country	text	The client Country
client_latitude	Client Latitude	real	The client Latitude
client_longitude	Client Longitude	real	The client Longitude
server_country	Server Country	text	The server Country
server_latitude	Server Latitude	real	The server Latitude
server_longitude	Server Longitude	real	The server Longitude
c2p_bytes	From-Client Bytes	bigint	The number of bytes the client sent to Untangle (client-to-pipeline)
p2c_bytes	To-Client Bytes	bigint	The number of bytes Untangle sent to client (pipeline-to-client)
s2p_bytes	From-Server Bytes	bigint	The number of bytes the server sent to Untangle (client-to-pipeline)
p2s_bytes	To-Server Bytes	bigint	The number of bytes Untangle sent to server (pipeline-to-client)
filter_prefix	Filter Block	text	The network filter that blocked the connection (filter,shield,invalid)
firewall_blocked	Firewall Blocked	boolean	True if Firewall blocked the session, false otherwise
firewall_flagged	Firewall Flagged	boolean	True if Firewall flagged the session, false otherwise
firewall_rule_index	Firewall Rule ID	integer	The matching rule in Firewall (if any)
threat_prevention_blocked	Threat Prevention Blocked	boolean	If Threat Prevention blocked
threat_prevention_flagged	Threat Prevention Flagged	boolean	If Threat Prevention flagged
threat_prevention_reason	Threat Prevention Reason	character(1)	Threat Prevention reason
threat_prevention_rule_id	Threat Prevention Rule Id	integer	Numeric rule id of Threat Prevention
threat_prevention_client_reputation	Threat Prevention Client Reputation	smallint	Numeric client reputation of Threat Prevention
threat_prevention_client_categories	Threat Prevention Client Categories	integer	Bitmask client categories of Threat Prevention
threat_prevention_server_reputation	Threat Prevention Server Reputation	smallint	Numeric server reputation of Threat Prevention
threat_prevention_server_categories	Threat Prevention Server Categories	integer	Bitmask server categories of Threat Prevention
application_control_lite_protocol	Application Control Lite Protocol	text	The application protocol according to Application Control Lite
application_control_lite_blocked	Application Control Lite Blocked	boolean	True if Application Control Lite blocked the session
captive_portal_blocked	Captive Portal Blocked	boolean	True if Captive Portal blocked the session
captive_portal_rule_index	Captive Portal Rule ID	integer	The matching rule in Captive Portal (if any)
application_control_application	Application Control Application	text	The application according to Application Control
application_control_protochain	Application Control Protochain	text	The protochain according to Application Control
application_control_category	Application Control Category	text	The category according to Application Control
application_control_blocked	Application Control Blocked	boolean	True if Application Control blocked the session
application_control_flagged	Application Control Flagged	boolean	True if Application Control flagged the session
application_control_confidence	Application Control Confidence	integer	True if Application Control confidence of this session's identification
application_control_ruleid	Application Control Rule ID	integer	The matching rule in Application Control (if any)
application_control_detail	Application Control Detail	text	The text detail from the Application Control engine
bandwidth_control_priority	Bandwidth Control Priority	integer	The priority given to this session
bandwidth_control_rule	Bandwidth Control Rule ID	integer	The matching rule in Bandwidth Control rule (if any)
ssl_inspector_ruleid	SSL Inspector Rule ID	integer	The matching rule in SSL Inspector rule (if any)
ssl_inspector_status	SSL Inspector Status	text	The status/action of the SSL session (INSPECTED,IGNORED,BLOCKED,UNTRUSTED,ABANDONED)
ssl_inspector_detail	SSL Inspector Detail	text	Additional text detail about the SSL connection (SNI, IP Address)
tags	Tags	text	The tags on this session

()

session_minutes

Column Name	Human Name	Type	Description
session_id	Session ID	bigint	The session
time_stamp	Timestamp	timestamp without time zone	The time of the event
c2s_bytes	From-Client Bytes	bigint	The number of bytes the client sent
s2c_bytes	From-Server Bytes	bigint	The number of bytes the server sent
start_time	Start Time	timestamp without time zone	The start time of the session
end_time	End Time	timestamp without time zone	The time the session ended
bypassed	Bypassed	boolean	True if the session was bypassed, false otherwise
entitled	Entitled	boolean	True if the session is entitled to premium functionality
protocol	Protocol	smallint	The IP protocol of session
icmp_type	ICMP Type	smallint	The ICMP type of session if ICMP
hostname	Hostname	text	The hostname of the local address
username	Username	text	The username associated with this session
policy_id	Policy ID	smallint	The policy
policy_rule_id	Policy Rule ID	smallint	The ID of the matching policy rule (0 means none)
local_addr	Local Address	inet	The IP address of the local participant
remote_addr	Remote Address	inet	The IP address of the remote participant
c_client_addr	Client-side Client Address	inet	The client-side client IP address
c_server_addr	Client-side Server Address	inet	The client-side server IP address
c_server_port	Client-side Server Port	integer	The client-side server port
c_client_port	Client-side Client Port	integer	The client-side client port
s_client_addr	Server-side Client Address	inet	The server-side client IP address
s_server_addr	Server-side Server Address	inet	The server-side server IP address
s_server_port	Server-side Server Port	integer	The server-side server port
s_client_port	Server-side Client Port	integer	The server-side client port
client_intf	Client Interface	smallint	The client interface
server_intf	Server Interface	smallint	The server interface
client_country	Client Country	text	The client Country
client_latitude	Client Latitude	real	The client Latitude
client_longitude	Client Longitude	real	The client Longitude
server_country	Server Country	text	The server Country
server_latitude	Server Latitude	real	The server Latitude
server_longitude	Server Longitude	real	The server Longitude
filter_prefix	Filter Block	text	The network filter that blocked the connection (filter,shield,invalid)
firewall_blocked	Firewall Blocked	boolean	True if Firewall blocked the session, false otherwise
firewall_flagged	Firewall Flagged	boolean	True if Firewall flagged the session, false otherwise
firewall_rule_index	Firewall Rule ID	integer	The matching rule in Firewall (if any)
threat_prevention_blocked	Threat Prevention Blocked	boolean	If Threat Prevention blocked
threat_prevention_flagged	Threat Prevention Flagged	boolean	If Threat Prevention flagged
threat_prevention_reason	Threat Prevention Reason	character(1)	Threat Prevention reason
threat_prevention_rule_id	Threat Prevention Rule Id	integer	Numeric rule id of Threat Prevention
threat_prevention_client_reputation	Threat Prevention Client Reputation	smallint	Numeric client reputation of Threat Prevention
threat_prevention_client_categories	Threat Prevention Client Categories	integer	Bitmask client categories of Threat Prevention
threat_prevention_server_reputation	Threat Prevention Server Reputation	smallint	Numeric server reputation of Threat Prevention
threat_prevention_server_categories	Threat Prevention Server Categories	integer	Bitmask server categories of Threat Prevention
application_control_lite_protocol	Application Control Lite Protocol	text	The application protocol according to Application Control Lite
application_control_lite_blocked	Application Control Lite Blocked	boolean	True if Application Control Lite blocked the session
captive_portal_blocked	Captive Portal Blocked	boolean	True if Captive Portal blocked the session
captive_portal_rule_index	Captive Portal Rule ID	integer	The matching rule in Captive Portal (if any)
application_control_application	Application Control Application	text	The application according to Application Control
application_control_protochain	Application Control Protochain	text	The protochain according to Application Control
application_control_category	Application Control Category	text	The category according to Application Control
application_control_blocked	Application Control Blocked	boolean	True if Application Control blocked the session
application_control_flagged	Application Control Flagged	boolean	True if Application Control flagged the session
application_control_confidence	Application Control Confidence	integer	True if Application Control confidence of this session's identification
application_control_ruleid	Application Control Rule ID	integer	The matching rule in Application Control (if any)
application_control_detail	Application Control Detail	text	The text detail from the Application Control engine
bandwidth_control_priority	Bandwidth Control Priority	integer	The priority given to this session
bandwidth_control_rule	Bandwidth Control Rule ID	integer	The matching rule in Bandwidth Control rule (if any)
ssl_inspector_ruleid	SSL Inspector Rule ID	integer	The matching rule in SSL Inspector rule (if any)
ssl_inspector_status	SSL Inspector Status	text	The status/action of the SSL session (INSPECTED,IGNORED,BLOCKED,UNTRUSTED,ABANDONED)
ssl_inspector_detail	SSL Inspector Detail	text	Additional text detail about the SSL connection (SNI, IP Address)
tags	Tags	text	The tags on this session

()

quotas

Column Name	Human Name	Type	Description
time_stamp	Timestamp	timestamp without time zone	The time of the event
entity	Entity	text	The IP entity given the quota (address/username)
action	Action	integer	The action (1=Quota Given, 2=Quota Exceeded)
size	Size	bigint	The size of the quota
reason	Reason	text	The reason for the action

()

host_table_updates

Column Name	Human Name	Type	Description
address	Address	inet	The IP address of the host
key	Key	text	The key being updated
value	Value	text	The new value for the key
old_value	Old Value	text	The old value for the key
time_stamp	Timestamp	timestamp without time zone	The time of the event

()

device_table_updates

Column Name	Human Name	Type	Description
mac_address	MAC Address	text	The MAC address of the device
key	Key	text	The key being updated
value	Value	text	The new value for the key
old_value	Old Value	text	The old value for the key
time_stamp	Timestamp	timestamp without time zone	The time of the event

()

user_table_updates

Column Name	Human Name	Type	Description
username	Username	text	The username
key	Key	text	The key being updated
value	Value	text	The new value for the key
old_value	Old Value	text	The old value for the key
time_stamp	Timestamp	timestamp without time zone	The time of the event

()

alerts

Column Name	Human Name	Type	Description
time_stamp	Timestamp	timestamp without time zone	The time of the event
description	Text detail of the event	text	The description from the alert rule.
summary_text	Summary Text	text	The summary text of the alert
json	JSON Text	text	The summary JSON representation of the event causing the alert

()

settings_changes

Column Name	Human Name	Type	Description
time_stamp	Timestamp	timestamp without time zone	The time of the event
settings_file	Settings File	text	The name of the file changed
username	Username	text	The username logged in at the time of the change
hostname	Hostname	text	The remote hostname

()

web_cache_stats

Column Name	Human Name	Type	Description
time_stamp	Timestamp	timestamp without time zone	The time of the event
hits	Hits	bigint	The number of cache hits during this time frame
misses	Misses	bigint	The number of cache misses during this time frame
bypasses	Bypasses	bigint	The number of cache user bypasses during this time frame
systems	System bypasses	bigint	The number of cache system bypasses during this time frame
hit_bytes	Hit Bytes	bigint	The number of bytes saved from cache hits
miss_bytes	Miss Bytes	bigint	The number of bytes not saved from cache misses
event_id	Event ID	bigint	The unique event ID

()

server_events

Column Name	Human Name	Type	Description
time_stamp	Timestamp	timestamp without time zone	The time of the event
load_1	CPU load (1-min)	numeric(6,2)	The 1-minute CPU load
load_5	CPU load (5-min)	numeric(6,2)	The 5-minute CPU load
load_15	CPU load (15-min)	numeric(6,2)	The 15-minute CPU load
cpu_user	CPU User Utilization	numeric(6,3)	The user CPU percent utilization
cpu_system	CPU System Utilization	numeric(6,3)	The system CPU percent utilization
mem_total	Total Memory	bigint	The total bytes of memory
mem_free	Memory Free	bigint	The number of free bytes of memory
disk_total	Disk Size	bigint	The total disk size in bytes
disk_free	Disk Free	bigint	The free disk space in bytes
swap_total	Swap Size	bigint	The total swap size in bytes
swap_free	Swap Free	bigint	The free disk swap in bytes
active_hosts	Active Hosts	integer	The number of active hosts

()

interface_stat_events

Column Name	Human Name	Type	Description
time_stamp	Timestamp	timestamp without time zone	The time of the event
interface_id	Interface ID	integer	The interface ID
rx_rate	Rx Rate	double precision	The RX rate (bytes/s)
rx_bytes	Bytes Received	bigint	The number of bytes received from the client in this connection
tx_rate	Tx Rate	double precision	The TX rate (bytes/s)
tx_bytes	Bytes Sent	bigint	The number of bytes sent to the client in this connection

()

mail_msgs

Column Name	Human Name	Type	Description
time_stamp	Timestamp	timestamp without time zone	The time of the event
session_id	Session ID	bigint	The session
client_intf	Client Interface	smallint	The client interface
server_intf	Server Interface	smallint	The server interface
c_client_addr	Client-side Client Address	inet	The client-side client IP address
s_client_addr	Server-side Client Address	inet	The server-side client IP address
c_server_addr	Client-side Server Address	inet	The client-side server IP address
s_server_addr	Server-side Server Address	inet	The server-side server IP address
c_client_port	Client-side Client Port	integer	The client-side client port
s_client_port	Server-side Client Port	integer	The server-side client port
c_server_port	Client-side Server Port	integer	The client-side server port
s_server_port	Server-side Server Port	integer	The server-side server port
policy_id	Policy ID	bigint	The policy
username	Username	text	The username associated with this session
msg_id	Message ID	bigint	The message ID
subject	Subject	text	The email subject
hostname	Hostname	text	The hostname of the local address
event_id	Event ID	bigint	The unique event ID
sender	Sender	text	The address of the sender
receiver	Receiver	text	The address of the receiver
virus_blocker_lite_clean	Virus Blocker Lite Clean	boolean	The cleanliness of the file according to Virus Blocker Lite
virus_blocker_lite_name	Virus Blocker Lite Name	text	The name of the malware according to Virus Blocker Lite
virus_blocker_clean	Virus Blocker Clean	boolean	The cleanliness of the file according to Virus Blocker
virus_blocker_name	Virus Blocker Name	text	The name of the malware according to Virus Blocker
spam_blocker_lite_score	Spam Blocker Lite Score	real	The score of the email according to Spam Blocker Lite
spam_blocker_lite_is_spam	Spam Blocker Lite Spam	boolean	The spam status of the email according to Spam Blocker Lite
spam_blocker_lite_tests_string	Spam Blocker Lite Tests	text	The tess results for Spam Blocker Lite
spam_blocker_lite_action	Spam Blocker Lite Action	character(1)	The action taken by Spam Blocker Lite
spam_blocker_score	Spam Blocker Score	real	The score of the email according to Spam Blocker
spam_blocker_is_spam	Spam Blocker Spam	boolean	The spam status of the email according to Spam Blocker
spam_blocker_tests_string	Spam Blocker Tests	text	The tess results for Spam Blocker
spam_blocker_action	Spam Blocker Action	character(1)	The action taken by Spam Blocker
phish_blocker_score	Phish Blocker Score	real	The score of the email according to Phish Blocker
phish_blocker_is_spam	Phish Blocker Phish	boolean	The phish status of the email according to Phish Blocker
phish_blocker_tests_string	Phish Blocker Tests	text	The tess results for Phish Blocker
phish_blocker_action	Phish Blocker Action	character(1)	The action taken by Phish Blocker

()

mail_addrs

Column Name	Human Name	Type	Description
time_stamp	Timestamp	timestamp without time zone	The time of the event
session_id	Session ID	bigint	The session
client_intf	Client Interface	smallint	The client interface
server_intf	Server Interface	smallint	The server interface
c_client_addr	Client-side Client Address	inet	The client-side client IP address
s_client_addr	Server-side Client Address	inet	The server-side client IP address
c_server_addr	Client-side Server Address	inet	The client-side server IP address
s_server_addr	Server-side Server Address	inet	The server-side server IP address
c_client_port	Client-side Client Port	integer	The client-side client port
s_client_port	Server-side Client Port	integer	The server-side client port
c_server_port	Client-side Server Port	integer	The client-side server port
s_server_port	Server-side Server Port	integer	The server-side server port
policy_id	Policy ID	bigint	The policy
username	Username	text	The username associated with this session
msg_id	Message ID	bigint	The message ID
subject	Subject	text	The email subject
addr	Address	text	The address of this event
addr_name	Address Name	text	The name for this address
addr_kind	Address Kind	character(1)	The type for this address (F=From, T=To, C=CC, G=Envelope From, B=Envelope To, X=Unknown)
hostname	Hostname	text	The hostname of the local address
event_id	Event ID	bigint	The unique event ID
sender	Sender	text	The address of the sender
virus_blocker_lite_clean	Virus Blocker Lite Clean	boolean	The cleanliness of the file according to Virus Blocker Lite
virus_blocker_lite_name	Virus Blocker Lite Name	text	The name of the malware according to Virus Blocker Lite
virus_blocker_clean	Virus Blocker Clean	boolean	The cleanliness of the file according to Virus Blocker
virus_blocker_name	Virus Blocker Name	text	The name of the malware according to Virus Blocker
spam_blocker_lite_score	Spam Blocker Lite Score	real	The score of the email according to Spam Blocker Lite
spam_blocker_lite_is_spam	Spam Blocker Lite Spam	boolean	The spam status of the email according to Spam Blocker Lite
spam_blocker_lite_action	Spam Blocker Lite Action	character(1)	The action taken by Spam Blocker Lite
spam_blocker_lite_tests_string	Spam Blocker Lite Tests	text	The tess results for Spam Blocker Lite
spam_blocker_score	Spam Blocker Score	real	The score of the email according to Spam Blocker
spam_blocker_is_spam	Spam Blocker Spam	boolean	The spam status of the email according to Spam Blocker
spam_blocker_action	Spam Blocker Action	character(1)	The action taken by Spam Blocker
spam_blocker_tests_string	Spam Blocker Tests	text	The tess results for Spam Blocker
phish_blocker_score	Phish Blocker Score	real	The score of the email according to Phish Blocker
phish_blocker_is_spam	Phish Blocker Phish	boolean	The phish status of the email according to Phish Blocker
phish_blocker_tests_string	Phish Blocker Tests	text	The tess results for Phish Blocker
phish_blocker_action	Phish Blocker Action	character(1)	The action taken by Phish Blocker

()

ftp_events

Column Name	Human Name	Type	Description
event_id	Event ID	bigint	The unique event ID
time_stamp	Timestamp	timestamp without time zone	The time of the event
session_id	Session ID	bigint	The session
client_intf	Client Interface	smallint	The client interface
server_intf	Server Interface	smallint	The server interface
c_client_addr	Client-side Client Address	inet	The client-side client IP address
s_client_addr	Server-side Client Address	inet	The server-side client IP address
c_server_addr	Client-side Server Address	inet	The client-side server IP address
s_server_addr	Server-side Server Address	inet	The server-side server IP address
policy_id	Policy ID	bigint	The policy
username	Username	text	The username associated with this session
hostname	Hostname	text	The hostname of the local address
request_id	Request ID	bigint	The FTP request ID
method	Method	character(1)	The FTP method
uri	URI	text	The FTP URI
virus_blocker_lite_clean	Virus Blocker Lite Clean	boolean	The cleanliness of the file according to Virus Blocker Lite
virus_blocker_lite_name	Virus Blocker Lite Name	text	The name of the malware according to Virus Blocker Lite
virus_blocker_clean	Virus Blocker Clean	boolean	The cleanliness of the file according to Virus Blocker
virus_blocker_name	Virus Blocker Name	text	The name of the malware according to Virus Blocker

()

tunnel_vpn_events

Column Name	Human Name	Type	Description
event_id	Event ID	bigint	The unique event ID
time_stamp	Timestamp	timestamp without time zone	The time of the event
tunnel_name	Tunnel Name	text	The name the tunnel
server_address	Server IP Address	text	The address of the remote server
local_address	Local Address	text	The local address assigned the client
event_type	Event Type	text	The type of the event (CONNECT,DISCONNECT)

()

tunnel_vpn_stats

Column Name	Human Name	Type	Description
time_stamp	Timestamp	timestamp without time zone	The time of the event
tunnel_name	Tunnel Name	text	The name of the Tunnel VPN tunnel
in_bytes	In Bytes	bigint	The number of bytes received during this time frame
out_bytes	Out Bytes	bigint	The number of bytes transmitted during this time frame
event_id	Event ID	bigint	The unique event ID

()

wan_failover_test_events

Column Name	Human Name	Type	Description
time_stamp	Timestamp	timestamp without time zone	The time of the event
interface_id	Interface ID	integer	This interface ID
name	Interface Name	text	This name of the interface
description	Text detail of the event	text	The description from the test rule
success	Success	boolean	The result of the test (true if the test succeeded, false otherwise)
event_id	Event ID	bigint	The unique event ID

()

wan_failover_action_events

Column Name	Human Name	Type	Description
time_stamp	Timestamp	timestamp without time zone	The time of the event
interface_id	Interface ID	integer	This interface ID
action	Action	text	This action (CONNECTED,DISCONNECTED)
os_name	Interface O/S Name	text	This O/S name of the interface
name	Interface Name	text	This name of the interface
event_id	Event ID	bigint	The unique event ID

()

directory_connector_login_events

Column Name	Human Name	Type	Description
time_stamp	Timestamp	timestamp without time zone	The time of the event
login_name	Login Name	text	The login name
domain	Domain	text	The AD domain
type	Type	text	The type of event (I=Login,U=Update,O=Logout)
client_addr	Client Address	inet	The client IP address
login_type	Login Type	text	The login type

()

captive_portal_user_events

Column Name	Human Name	Type	Description
time_stamp	Timestamp	timestamp without time zone	The time of the event
policy_id	Policy ID	bigint	The policy
event_id	Event ID	bigint	The unique event ID
login_name	Login Name	text	The login username
event_info	Event Type	text	The type of event (LOGIN, FAILED, TIMEOUT, INACTIVE, USER_LOGOUT, ADMIN_LOGOUT)
auth_type	Authorization Type	text	The authorization type for this event
client_addr	Client Address	text	The remote IP address of the client

()

openvpn_stats

Column Name	Human Name	Type	Description
time_stamp	Timestamp	timestamp without time zone	The time of the event
start_time	Start Time	timestamp without time zone	The time the OpenVPN session started
end_time	End Time	timestamp without time zone	The time the OpenVPN session ended
rx_bytes	Bytes Received	bigint	The total bytes received from the client during this session
tx_bytes	Bytes Sent	bigint	The total bytes sent to the client during this session
remote_address	Remote Address	inet	The remote IP address of the client
pool_address	Pool Address	inet	The pool IP address of the client
remote_port	Remote Port	integer	The remote port of the client
client_name	Client Name	text	The name of the client
event_id	Event ID	bigint	The unique event ID

()

openvpn_events

Column Name	Human Name	Type	Description
time_stamp	Timestamp	timestamp without time zone	The time of the event
remote_address	Remote Address	inet	The remote IP address of the client
pool_address	Pool Address	inet	The pool IP address of the client
client_name	Client Name	text	The name of the client
type	Type	text	The type of the event (CONNECT,DISCONNECT)

()

@@ Line 1: / Line 1: @@
 = Database Tables =
-== admin_logins ==
+== configuration_backup_events ==
-<section begin='admin_logins' />
+<section begin='configuration_backup_events' />
 {| border="1" cellpadding="2" width="90%%" align="center"
@@ Line 15: / Line 15: @@
 |The time of the event
 |-
-|login
+|success
-|Login
+|Success
+|boolean
+|The result of the backup (true if the backup succeeded, false otherwise)
+|-
+|description
+|Text detail of the event
 |text
-|The login name
+|Text detail of the event
 |-
-|local
+|destination
-|Local
+|Destination
-|boolean
+|text
-|True if it is a login attempt through a local process
+|The location of the backup
 |-
-|client_addr
+|event_id
-|Client Address
+|Event ID
-|inet
+|bigint
-|The client IP address
+|The unique event ID
-|-
-|succeeded
-|Succeeded
-|boolean
-|True if the login succeeded, false otherwise
-|-
-|reason
-|Reason
-|character(1)
-|The reason for the login (if applicable)
 |-
 |}
-<section end='admin_logins' />
+<section end='configuration_backup_events' />
+()
+== http_events ==
-== sessions ==
+<section begin='http_events' />
-<section begin='sessions' />
 {| border="1" cellpadding="2" width="90%%" align="center"
@@ Line 53: / Line 48: @@
 !Description
 |-
-|session_id
+|request_id
-|Session ID
+|Request ID
 |bigint
-|The session
+|The HTTP request ID
 |-
 |time_stamp
@@ Line 63: / Line 58: @@
 |The time of the event
 |-
-|end_time
+|session_id
-|End Time
+|Session ID
-|timestamp without time zone
+|bigint
-|The time the session ended
+|The session
 |-
-|bypassed
+|client_intf
-|Bypassed
+|Client Interface
-|boolean
-|True if the session was bypassed, false otherwise
-|-
-|entitled
-|Entitled
-|boolean
-|True if the session is entitled to premium functionality
-|-
-|protocol
-|Protocol
 |smallint
-|The IP protocol of session
+|The client interface
 |-
-|icmp_type
+|server_intf
-|ICMP Type
+|Server Interface
 |smallint
-|The ICMP type of session if ICMP
+|The server interface
 |-
-|hostname
+|c_client_addr
-|Hostname
+|Client-side Client Address
-|text
+|inet
-|The hostname of the local address
+|The client-side client IP address
 |-
-|username
+|s_client_addr
-|Username
+|Server-side Client Address
-|text
+|inet
-|The username associated with this session
+|The server-side client IP address
-|-
-|policy_id
-|Policy ID
-|smallint
-|The policy
-|-
-|policy_rule_id
-|Policy Rule ID
-|smallint
-|The ID of the matching policy rule (0 means none)
-|-
-|c_client_addr
-|Client-side Client Address
-|inet
-|The client-side client IP address
 |-
 |c_server_addr
@@ Line 118: / Line 88: @@
 |The client-side server IP address
 |-
-|c_server_port
+|s_server_addr
-|Client-side Server Port
+|Server-side Server Address
-|integer
+|inet
-|The client-side server port
+|The server-side server IP address
 |-
 |c_client_port
@@ Line 128: / Line 98: @@
 |The client-side client port
 |-
-|s_client_addr
+|s_client_port
-|Server-side Client Address
+|Server-side Client Port
-|inet
+|integer
-|The server-side client IP address
+|The server-side client port
 |-
-|s_server_addr
+|c_server_port
-|Server-side Server Address
+|Client-side Server Port
-|inet
+|integer
-|The server-side server IP address
+|The client-side server port
 |-
 |s_server_port
@@ Line 142: / Line 112: @@
 |integer
 |The server-side server port
-|-
-|s_client_port
-|Server-side Client Port
-|integer
-|The server-side client port
-|-
-|client_intf
-|Client Interface
-|smallint
-|The client interface
-|-
-|server_intf
-|Server Interface
-|smallint
-|The server interface
 |-
 |client_country
@@ Line 188: / Line 143: @@
 |The server Longitude
 |-
-|c2p_bytes
+|policy_id
-|From-Client Bytes
+|Policy ID
-|bigint
+|smallint
-|The number of bytes the client sent to Untangle (client-to-pipeline)
+|The policy
 |-
-|p2c_bytes
+|username
-|To-Client Bytes
+|Username
-|bigint
+|text
-|The number of bytes Untangle sent to client (pipeline-to-client)
+|The username associated with this session
 |-
-|s2p_bytes
+|hostname
-|From-Server Bytes
+|Hostname
-|bigint
+|text
-|The number of bytes the server sent to Untangle (client-to-pipeline)
+|The hostname of the local address
 |-
-|p2s_bytes
+|method
-|To-Server Bytes
+|Method
-|bigint
+|character(1)
-|The number of bytes Untangle sent to server (pipeline-to-client)
+|The HTTP method
 |-
-|filter_prefix
+|uri
-|Filter Block
+|URI
 |text
-|The network filter that blocked the connection (filter,shield,invalid)
+|The HTTP URI
 |-
-|firewall_blocked
+|host
-|Firewall Blocked
+|Host
-|boolean
+|text
-|True if Firewall blocked the session, false otherwise
+|The HTTP host
 |-
-|firewall_flagged
+|domain
-|Firewall Flagged
+|Domain
-|boolean
+|text
-|True if Firewall flagged the session, false otherwise
+|The HTTP domain (shortened host)
 |-
-|firewall_rule_index
+|referer
-|Firewall Rule ID
+|Referer
-|integer
+|text
-|The matching rule in Firewall (if any)
+|The Referer URL
 |-
-|threat_prevention_blocked
+|c2s_content_length
-|Threat Prevention Blocked
+|Client-to-server Content Length
-|boolean
+|bigint
-|True if Threat Prevention blocked the session, false otherwise
+|The client-to-server content length
 |-
-|threat_prevention_flagged
+|s2c_content_length
-|Threat Prevention Flagged
+|Server-to-client Content Length
-|boolean
+|bigint
-|True if Threat Prevention flagged the session, false otherwise
+|The server-to-client content length
 |-
-|threat_prevention_reason
+|s2c_content_type
-|Threat Prevention Reason
+|Server-to-client Content Type
-|Character(1)
+|text
-|The text detail from the Threat Prevention engine
+|The server-to-client content type
+|-
+|s2c_content_filename
+|Server-to-client Content Disposition Filename
+|text
+|The server-to-client content disposition filename
+|-
+|ad_blocker_cookie_ident
+|Ad Blocker Cookie
+|text
+|This name of cookie blocked by Ad Blocker
+|-
+|ad_blocker_action
+|Ad Blocker Action
+|character(1)
+|This action of Ad Blocker on this request
 |-
-|threat_prevention_rule_id
+|web_filter_reason
-|Threat Prevention Rule ID
+|Web Filter Reason
-|integer
+|character(1)
-|The matching rule in Threat Prevention (if any)
+|This reason Web Filter blocked/flagged this request
 |-
-|threat_prevention_client_reputation
+|web_filter_category_id
-|Threat Prevention Client Reputation
+|Web Filter Category Id
 |smallint
-|The client address reputation value
+|This numeric category according to Web Filter
-|-
-|threat_prevention_client_categories
-|Threat Prevention Client Categories
-|integer
-|The client address reputation categories
 |-
-|threat_prevention_server_reputation
+|web_filter_rule_id
-|Threat Prevention Server Reputation
+|Web Filter Rule Id
 |smallint
-|The server address reputation value
+|This numeric rule according to Web Filter
 |-
-|threat_prevention_server_categories
+|web_filter_blocked
-|Threat Prevention Server Categories
+|Web Filter Blocked
-|integer
+|boolean
-|The server address reputation categories
+|If Web Filter blocked this request
 |-
-|application_control_lite_protocol
+|web_filter_flagged
-|Application Control Lite Protocol
+|Web Filter Flagged
-|text
-|The application protocol according to Application Control Lite
-|-
-|application_control_lite_blocked
-|Application Control Lite Blocked
 |boolean
-|True if Application Control Lite blocked the session
+|If Web Filter flagged this request
 |-
-|captive_portal_blocked
+|virus_blocker_lite_clean
-|Captive Portal Blocked
+|Virus Blocker Lite Clean
 |boolean
-|True if Captive Portal blocked the session
+|The cleanliness of the file according to Virus Blocker Lite
 |-
-|captive_portal_rule_index
+|virus_blocker_lite_name
-|Captive Portal Rule ID
+|Virus Blocker Lite Name
-|integer
+|text
-|The matching rule in Captive Portal (if any)
+|The name of the malware according to Virus Blocker Lite
 |-
-|application_control_application
+|virus_blocker_clean
-|Application Control Application
+|Virus Blocker Clean
-|text
+|boolean
-|The application according to Application Control
+|The cleanliness of the file according to Virus Blocker
 |-
-|application_control_protochain
+|virus_blocker_name
-|Application Control Protochain
+|Virus Blocker Name
 |text
-|The protochain according to Application Control
+|The name of the malware according to Virus Blocker
 |-
-|application_control_category
+|threat_prevention_blocked
-|Application Control Category
+|Threat Prevention Blocked
-|text
-|The category according to Application Control
-|-
-|application_control_blocked
-|Application Control Blocked
 |boolean
-|True if Application Control blocked the session
+|If Threat Prevention blocked this request
 |-
-|application_control_flagged
+|threat_prevention_flagged
-|Application Control Flagged
+|Threat Prevention Flagged
 |boolean
-|True if Application Control flagged the session
+|If Threat Prevention flagged this request
 |-
-|application_control_confidence
+|threat_prevention_rule_id
-|Application Control Confidence
+|Threat Prevention Rule Id
 |integer
-|True if Application Control confidence of this session's identification
+|This numeric rule according to Threat Prevention
 |-
-|application_control_ruleid
+|threat_prevention_reputation
-|Application Control Rule ID
+|Threat Prevention Reputation
+|smallint
+|This numeric threat reputation
+|-
+|threat_prevention_categories
+|Threat Prevention Categories
 |integer
-|The matching rule in Application Control (if any)
+|This bitmask of threat categories
 |-
-|application_control_detail
+|}
-|Application Control Detail
+<section end='http_events' />
-|text
+()
-|The text detail from the Application Control engine
+== intrusion_prevention_events ==
+<section begin='intrusion_prevention_events' />
+{| border="1" cellpadding="2" width="90%%" align="center"
+!Column Name
+!Human Name
+!Type
+!Description
 |-
-|bandwidth_control_priority
+|time_stamp
-|Bandwidth Control Priority
+|Timestamp
-|integer
+|timestamp without time zone
-|The priority given to this session
+|The time of the event
 |-
-|bandwidth_control_rule
+|sig_id
-|Bandwidth Control Rule ID
+|Signature ID
-|integer
+|bigint
-|The matching rule in Bandwidth Control rule (if any)
+|This ID of the rule
 |-
-|ssl_inspector_ruleid
+|gen_id
-|SSL Inspector Rule ID
+|Grouping ID
-|integer
+|bigint
-|The matching rule in SSL Inspector rule (if any)
+|The grouping ID for the rule, The gen_id + sig_id specify the rule's unique identifier
 |-
-|ssl_inspector_status
+|class_id
-|SSL Inspector Status
+|Classtype ID
-|text
+|bigint
-|The status/action of the SSL session (INSPECTED,IGNORED,BLOCKED,UNTRUSTED,ABANDONED)
+|The numeric ID for the classtype
 |-
-|ssl_inspector_detail
+|source_addr
-|SSL Inspector Detail
+|Source Address
-|text
+|inet
-|Additional text detail about the SSL connection (SNI, IP Address)
+|The source IP address of the packet
 |-
-|local_addr
+|source_port
-|Local Address
+|Source Port
+|integer
+|The source port of the packet (if applicable)
+|-
+|dest_addr
+|Destination Address
 |inet
-|The IP address of the local participant
+|The destination IP address of the packet
+|-
+|dest_port
+|Destination Port
+|integer
+|The destination port of the packet (if applicable)
+|-
+|protocol
+|Protocol
+|integer
+|The protocol of the packet
 |-
-|remote_addr
+|blocked
-|Remote Address
+|Blocked
-|inet
+|boolean
-|The IP address of the remote participant
+|If the packet was blocked/dropped
 |-
-|tags
+|category
-|Tags
+|Category
 |text
-|The tags on this session
+|The application specific grouping for the signature
+|-
+|classtype
+|Classtype
+|text
+|The generalized threat signature grouping (unrelated to gen_id)
+|-
+|msg
+|Message
+|text
+|The "title" or "description" of the signature
+|-
+|rid
+|Rule ID
+|text
+|The rule id
+|-
+|rule_id
+|Rule ID
+|text
+|The rule id
 |-
 |}
-<section end='sessions' />
+<section end='intrusion_prevention_events' />
+()
-== session_minutes ==
+== smtp_tarpit_events ==
-<section begin='session_minutes' />
+<section begin='smtp_tarpit_events' />
 {| border="1" cellpadding="2" width="90%%" align="center"
@@ Line 379: / Line 383: @@
 !Type
 !Description
-|-
-|session_id
-|Session ID
-|bigint
-|The session
 |-
 |time_stamp
@@ Line 390: / Line 389: @@
 |The time of the event
 |-
-|c2s_bytes
+|ipaddr
-|From-Client Bytes
+|Client Address
-|bigint
+|inet
-|The number of bytes the client sent
+|The client IP address
 |-
-|s2c_bytes
+|hostname
-|From-Server Bytes
+|Hostname
+|text
+|The hostname of the local address
+|-
+|policy_id
+|Policy ID
 |bigint
-|The number of bytes the server sent
+|The policy
 |-
-|start_time
+|vendor_name
-|Start Time
+|Vendor Name
-|timestamp without time zone
+|character varying(255)
-|The start time of the session
+|The "vendor name" of the app that logged the event
 |-
-|end_time
+|event_id
-|End Time
+|Event ID
-|timestamp without time zone
+|bigint
-|The time the session ended
+|The unique event ID
 |-
-|bypassed
+|}
-|Bypassed
+<section end='smtp_tarpit_events' />
-|boolean
+()
-|True if the session was bypassed, false otherwise
+== ipsec_user_events ==
+<section begin='ipsec_user_events' />
+{| border="1" cellpadding="2" width="90%%" align="center"
+!Column Name
+!Human Name
+!Type
+!Description
 |-
-|entitled
+|event_id
-|Entitled
+|Event ID
-|boolean
+|bigint
-|True if the session is entitled to premium functionality
+|The unique event ID
 |-
-|protocol
+|time_stamp
-|Protocol
+|Timestamp
-|smallint
+|timestamp without time zone
-|The IP protocol of session
+|The time of the event
 |-
-|icmp_type
+|connect_stamp
-|ICMP Type
+|Connect Time
-|smallint
+|timestamp without time zone
-|The ICMP type of session if ICMP
+|The time the connection started
 |-
-|hostname
+|goodbye_stamp
-|Hostname
+|End Time
+|timestamp without time zone
+|The time the connection ended
+|-
+|client_address
+|Client Address
 |text
-|The hostname of the local address
+|The remote IP address of the client
 |-
-|username
+|client_protocol
-|Username
+|Client Protocol
 |text
-|The username associated with this session
+|The protocol the client used to connect
 |-
-|policy_id
+|client_username
-|Policy ID
+|Client Username
-|smallint
+|text
-|The policy
+|The username of the client
 |-
-|policy_rule_id
+|net_process
-|Policy Rule ID
+|Net Process
-|smallint
+|text
-|The ID of the matching policy rule (0 means none)
+|The PID of the PPP process for L2TP connections or the connection ID for Xauth connections
 |-
-|c_client_addr
+|net_interface
-|Client-side Client Address
+|Net Interface
-|inet
+|text
-|The client-side client IP address
+|The PPP interface for L2TP connections or the client interface for Xauth connections
 |-
-|c_server_addr
+|elapsed_time
-|Client-side Server Address
+|Elapsed Time
-|inet
+|text
-|The client-side server IP address
+|The total time the client was connected
 |-
-|c_server_port
+|rx_bytes
-|Client-side Server Port
+|Bytes Received
-|integer
+|bigint
-|The client-side server port
+|The number of bytes received from the client in this connection
 |-
-|c_client_port
+|tx_bytes
-|Client-side Client Port
+|Bytes Sent
-|integer
+|bigint
-|The client-side client port
+|The number of bytes sent to the client in this connection
 |-
-|s_client_addr
+|}
-|Server-side Client Address
+<section end='ipsec_user_events' />
-|inet
+()
-|The server-side client IP address
+== ipsec_vpn_events ==
+<section begin='ipsec_vpn_events' />
+{| border="1" cellpadding="2" width="90%%" align="center"
+!Column Name
+!Human Name
+!Type
+!Description
 |-
-|s_server_addr
+|event_id
-|Server-side Server Address
+|Event ID
-|inet
+|bigint
-|The server-side server IP address
+|The unique event ID
 |-
-|s_server_port
+|time_stamp
-|Server-side Server Port
+|Timestamp
-|integer
+|timestamp without time zone
-|The server-side server port
+|The time of the event
 |-
-|s_client_port
+|local_address
-|Server-side Client Port
+|Local Address
-|integer
+|text
-|The server-side client port
+|The local address of the tunnel
 |-
-|client_intf
+|remote_address
-|Client Interface
+|Remote Address
-|smallint
+|text
-|The client interface
+|The remote address of the tunnel
 |-
-|server_intf
+|tunnel_description
-|Server Interface
+|Tunnel Description
-|smallint
-|The server interface
-|-
-|client_country
-|Client Country
 |text
-|The client Country
+|The description of the tunnel
 |-
-|client_latitude
+|event_type
-|Client Latitude
+|Event Type
-|real
-|The client Latitude
-|-
-|client_longitude
-|Client Longitude
-|real
-|The client Longitude
-|-
-|server_country
-|Server Country
 |text
-|The server Country
+|The type of the event (CONNECT,DISCONNECT)
 |-
-|server_latitude
+|}
-|Server Latitude
+<section end='ipsec_vpn_events' />
-|real
+()
-|The server Latitude
+== ipsec_tunnel_stats ==
+<section begin='ipsec_tunnel_stats' />
+{| border="1" cellpadding="2" width="90%%" align="center"
+!Column Name
+!Human Name
+!Type
+!Description
 |-
-|server_longitude
+|time_stamp
-|Server Longitude
+|Timestamp
-|real
+|timestamp without time zone
-|The server Longitude
+|The time of the event
 |-
-|filter_prefix
+|tunnel_name
-|Filter Block
+|Tunnel Name
 |text
-|The network filter that blocked the connection (filter,shield,invalid)
+|The name of the IPsec tunnel
 |-
-|firewall_blocked
+|in_bytes
-|Firewall Blocked
+|In Bytes
-|boolean
+|bigint
-|True if Firewall blocked the session, false otherwise
+|The number of bytes received during this time frame
 |-
-|firewall_flagged
+|out_bytes
-|Firewall Flagged
+|Out Bytes
-|boolean
+|bigint
-|True if Firewall flagged the session, false otherwise
+|The number of bytes transmitted during this time frame
 |-
-|firewall_rule_index
+|event_id
-|Firewall Rule ID
+|Event ID
-|integer
+|bigint
-|The matching rule in Firewall (if any)
+|The unique event ID
 |-
-|application_control_lite_protocol
+|}
-|Application Control Lite Protocol
+<section end='ipsec_tunnel_stats' />
-|text
+()
-|The application protocol according to Application Control Lite
+== http_query_events ==
+<section begin='http_query_events' />
+{| border="1" cellpadding="2" width="90%%" align="center"
+!Column Name
+!Human Name
+!Type
+!Description
 |-
-|application_control_lite_blocked
+|event_id
-|Application Control Lite Blocked
+|Event ID
-|boolean
+|bigint
-|True if Application Control Lite blocked the session
+|The unique event ID
 |-
-|captive_portal_blocked
+|time_stamp
-|Captive Portal Blocked
+|Timestamp
-|boolean
+|timestamp without time zone
-|True if Captive Portal blocked the session
+|The time of the event
 |-
-|captive_portal_rule_index
+|session_id
-|Captive Portal Rule ID
+|Session ID
-|integer
+|bigint
-|The matching rule in Captive Portal (if any)
+|The session
 |-
-|application_control_application
+|client_intf
-|Application Control Application
+|Client Interface
-|text
+|smallint
-|The application according to Application Control
+|The client interface
 |-
-|application_control_protochain
+|server_intf
-|Application Control Protochain
+|Server Interface
-|text
+|smallint
-|The protochain according to Application Control
+|The server interface
 |-
-|application_control_category
+|c_client_addr
-|Application Control Category
+|Client-side Client Address
-|text
+|inet
-|The category according to Application Control
+|The client-side client IP address
 |-
-|application_control_blocked
+|s_client_addr
-|Application Control Blocked
+|Server-side Client Address
-|boolean
+|inet
-|True if Application Control blocked the session
+|The server-side client IP address
 |-
-|application_control_flagged
+|c_server_addr
-|Application Control Flagged
+|Client-side Server Address
-|boolean
+|inet
-|True if Application Control flagged the session
+|The client-side server IP address
 |-
-|application_control_confidence
+|s_server_addr
-|Application Control Confidence
+|Server-side Server Address
-|integer
+|inet
-|True if Application Control confidence of this session's identification
+|The server-side server IP address
 |-
-|application_control_ruleid
+|c_client_port
-|Application Control Rule ID
+|Client-side Client Port
 |integer
-|The matching rule in Application Control (if any)
+|The client-side client port
 |-
-|application_control_detail
+|s_client_port
-|Application Control Detail
+|Server-side Client Port
-|text
-|The text detail from the Application Control engine
-|-
-|bandwidth_control_priority
-|Bandwidth Control Priority
 |integer
-|The priority given to this session
+|The server-side client port
 |-
-|bandwidth_control_rule
+|c_server_port
-|Bandwidth Control Rule ID
+|Client-side Server Port
 |integer
-|The matching rule in Bandwidth Control rule (if any)
+|The client-side server port
 |-
-|ssl_inspector_ruleid
+|s_server_port
-|SSL Inspector Rule ID
+|Server-side Server Port
 |integer
-|The matching rule in SSL Inspector rule (if any)
+|The server-side server port
 |-
-|ssl_inspector_status
+|policy_id
-|SSL Inspector Status
+|Policy ID
+|bigint
+|The policy
+|-
+|username
+|Username
 |text
-|The status/action of the SSL session (INSPECTED,IGNORED,BLOCKED,UNTRUSTED,ABANDONED)
+|The username associated with this session
 |-
-|ssl_inspector_detail
+|hostname
-|SSL Inspector Detail
+|Hostname
 |text
-|Additional text detail about the SSL connection (SNI, IP Address)
+|The hostname of the local address
 |-
-|local_addr
+|request_id
-|Local Address
+|Request ID
-|inet
+|bigint
-|The IP address of the local participant
+|The HTTP request ID
 |-
-|remote_addr
+|method
-|Remote Address
+|Method
-|inet
+|character(1)
-|The IP address of the remote participant
+|The HTTP method
 |-
-|tags
+|uri
-|Tags
+|URI
 |text
-|The tags on this session
+|The HTTP URI
 |-
-|}
+|term
-<section end='session_minutes' />
+|Search Term
+|text
+|The search term
-== quotas ==
-<section begin='quotas' />
-{| border="1" cellpadding="2" width="90%%" align="center"
-!Column Name
-!Human Name
-!Type
-!Description
 |-
-|time_stamp
+|host
-|Timestamp
+|Host
-|timestamp without time zone
+|text
-|The time of the event
+|The HTTP host
 |-
-|action
+|c2s_content_length
-|Action
+|Client-to-server Content Length
-|integer
+|bigint
-|The action (1=Quota Given, 2=Quota Exceeded)
+|The client-to-server content length
 |-
-|size
+|s2c_content_length
-|Size
+|Server-to-client Content Length
 |bigint
-|The size of the quota
+|The server-to-client content length
 |-
-|reason
+|s2c_content_type
-|Reason
+|Server-to-client Content Type
 |text
-|The reason for the action
+|The server-to-client content type
+|-
+|blocked
+|Blocked
+|boolean
+|If Web Filter blocked this search term
 |-
-|entity
+|flagged
-|Entity
+|Flagged
-|text
+|boolean
-|The IP entity given the quota (address/username)
+|If Web Filter flagged this search term
 |-
 |}
-<section end='quotas' />
+<section end='http_query_events' />
+()
+== admin_logins ==
-== host_table_updates ==
+<section begin='admin_logins' />
-<section begin='host_table_updates' />
 {| border="1" cellpadding="2" width="90%%" align="center"
@@ Line 701: / Line 724: @@
 !Description
 |-
-|address
+|time_stamp
-|Address
-|inet
-|The IP address of the host
-|-
-|key
-|Key
-|text
-|The key being updated
-|-
-|value
-|Value
-|text
-|The new value for the key
-|-
-|time_stamp
 |Timestamp
 |timestamp without time zone
 |The time of the event
 |-
-|old_value
+|login
-|Old Value
+|Login
 |text
-|The old value for the key
+|The login name
+|-
+|local
+|Local
+|boolean
+|True if it is a login attempt through a local process
 |-
-|}
+|client_addr
-<section end='host_table_updates' />
+|Client Address
+|inet
+|The client IP address
-== device_table_updates ==
+|-
-<section begin='device_table_updates' />
+|succeeded
+|Succeeded
+|boolean
+|True if the login succeeded, false otherwise
+|-
+|reason
+|Reason
+|character(1)
+|The reason for the login (if applicable)
+|-
+|}
+<section end='admin_logins' />
+()
+== sessions ==
+<section begin='sessions' />
 {| border="1" cellpadding="2" width="90%%" align="center"
@@ Line 739: / Line 767: @@
 !Description
 |-
-|mac_address
+|session_id
-|MAC Address
+|Session ID
-|text
+|bigint
-|The MAC address of the device
+|The session
 |-
-|key
+|time_stamp
-|Key
+|Timestamp
-|text
+|timestamp without time zone
-|The key being updated
+|The time of the event
 |-
-|value
+|end_time
-|Value
+|End Time
-|text
+|timestamp without time zone
-|The new value for the key
+|The time the session ended
 |-
-|time_stamp
+|bypassed
-|Timestamp
+|Bypassed
-|timestamp without time zone
+|boolean
-|The time of the event
+|True if the session was bypassed, false otherwise
 |-
-|old_value
+|entitled
-|Old Value
+|Entitled
-|text
+|boolean
-|The old value for the key
+|True if the session is entitled to premium functionality
 |-
-|}
+|protocol
-<section end='device_table_updates' />
+|Protocol
+|smallint
+|The IP protocol of session
-== alerts ==
-<section begin='alerts' />
-{| border="1" cellpadding="2" width="90%%" align="center"
-!Column Name
-!Human Name
-!Type
-!Description
 |-
-|time_stamp
+|icmp_type
-|Timestamp
+|ICMP Type
-|timestamp without time zone
+|smallint
-|The time of the event
+|The ICMP type of session if ICMP
 |-
-|description
+|hostname
-|Text detail of the event
+|Hostname
 |text
-|The description from the alert rule.
+|The hostname of the local address
 |-
-|summary_text
+|username
-|Summary Text
+|Username
 |text
-|The summary text of the alert
+|The username associated with this session
 |-
-|json
+|policy_id
-|JSON Text
+|Policy ID
-|text
+|smallint
-|The summary JSON representation of the event causing the alert
+|The policy
 |-
-|}
+|policy_rule_id
-<section end='alerts' />
+|Policy Rule ID
+|smallint
+|The ID of the matching policy rule (0 means none)
-== settings_changes ==
-<section begin='settings_changes' />
-{| border="1" cellpadding="2" width="90%%" align="center"
-!Column Name
-!Human Name
-!Type
-!Description
 |-
-|time_stamp
+|local_addr
-|Timestamp
+|Local Address
-|timestamp without time zone
+|inet
-|The time of the event
+|The IP address of the local participant
 |-
-|settings_file
+|remote_addr
-|Settings File
+|Remote Address
-|text
+|inet
-|The name of the file changed
+|The IP address of the remote participant
+|-
+|c_client_addr
+|Client-side Client Address
+|inet
+|The client-side client IP address
 |-
-|username
+|c_server_addr
-|Username
+|Client-side Server Address
-|text
+|inet
-|The username logged in at the time of the change
+|The client-side server IP address
 |-
-|hostname
+|c_server_port
-|Hostname
+|Client-side Server Port
-|text
+|integer
-|The remote hostname
+|The client-side server port
 |-
-|}
+|c_client_port
-<section end='settings_changes' />
+|Client-side Client Port
+|integer
+|The client-side client port
-== wan_failover_test_events ==
+|-
-<section begin='wan_failover_test_events' />
+|s_client_addr
+|Server-side Client Address
-{| border="1" cellpadding="2" width="90%%" align="center"
+|inet
-!Column Name
+|The server-side client IP address
-!Human Name
-!Type
-!Description
 |-
-|time_stamp
+|s_server_addr
-|Timestamp
+|Server-side Server Address
-|timestamp without time zone
+|inet
-|The time of the event
+|The server-side server IP address
 |-
-|interface_id
+|s_server_port
-|Interface ID
+|Server-side Server Port
 |integer
-|This interface ID
+|The server-side server port
 |-
-|name
+|s_client_port
-|Interface Name
+|Server-side Client Port
-|text
+|integer
-|This name of the interface
+|The server-side client port
 |-
-|description
+|client_intf
-|Text detail of the event
+|Client Interface
-|text
+|smallint
-|The description from the test rule
+|The client interface
 |-
-|success
+|server_intf
-|Success
+|Server Interface
-|boolean
+|smallint
-|The result of the test (true if the test succeeded, false otherwise)
+|The server interface
 |-
-|event_id
+|client_country
-|Event ID
+|Client Country
-|bigint
+|text
-|The unique event ID
+|The client Country
 |-
-|}
+|client_latitude
-<section end='wan_failover_test_events' />
+|Client Latitude
+|real
+|The client Latitude
-== wan_failover_action_events ==
-<section begin='wan_failover_action_events' />
-{| border="1" cellpadding="2" width="90%%" align="center"
-!Column Name
-!Human Name
-!Type
-!Description
 |-
-|time_stamp
+|client_longitude
-|Timestamp
+|Client Longitude
-|timestamp without time zone
+|real
-|The time of the event
+|The client Longitude
 |-
-|interface_id
+|server_country
-|Interface ID
+|Server Country
-|integer
-|This interface ID
-|-
-|action
-|Action
 |text
-|This action (CONNECTED,DISCONNECTED)
+|The server Country
 |-
-|os_name
+|server_latitude
-|Interface O/S Name
+|Server Latitude
-|text
+|real
-|This O/S name of the interface
+|The server Latitude
+|-
+|server_longitude
+|Server Longitude
+|real
+|The server Longitude
 |-
-|name
+|c2p_bytes
-|Interface Name
+|From-Client Bytes
-|text
+|bigint
-|This name of the interface
+|The number of bytes the client sent to Untangle (client-to-pipeline)
 |-
-|event_id
+|p2c_bytes
-|Event ID
+|To-Client Bytes
 |bigint
-|The unique event ID
+|The number of bytes Untangle sent to client (pipeline-to-client)
 |-
-|}
+|s2p_bytes
-<section end='wan_failover_action_events' />
+|From-Server Bytes
+|bigint
+|The number of bytes the server sent to Untangle (client-to-pipeline)
-== mail_msgs ==
-<section begin='mail_msgs' />
-{| border="1" cellpadding="2" width="90%%" align="center"
-!Column Name
-!Human Name
-!Type
-!Description
 |-
-|time_stamp
+|p2s_bytes
-|Timestamp
+|To-Server Bytes
-|timestamp without time zone
-|The time of the event
-|-
-|session_id
-|Session ID
 |bigint
-|The session
+|The number of bytes Untangle sent to server (pipeline-to-client)
 |-
-|client_intf
+|filter_prefix
-|Client Interface
+|Filter Block
-|smallint
+|text
-|The client interface
+|The network filter that blocked the connection (filter,shield,invalid)
 |-
-|server_intf
+|firewall_blocked
-|Server Interface
+|Firewall Blocked
-|smallint
+|boolean
-|The server interface
+|True if Firewall blocked the session, false otherwise
 |-
-|c_client_addr
+|firewall_flagged
-|Client-side Client Address
+|Firewall Flagged
-|inet
+|boolean
-|The client-side client IP address
+|True if Firewall flagged the session, false otherwise
 |-
-|s_client_addr
+|firewall_rule_index
-|Server-side Client Address
+|Firewall Rule ID
-|inet
+|integer
-|The server-side client IP address
+|The matching rule in Firewall (if any)
 |-
-|c_server_addr
+|threat_prevention_blocked
-|Client-side Server Address
+|Threat Prevention Blocked
-|inet
+|boolean
-|The client-side server IP address
+|If Threat Prevention blocked
 |-
-|s_server_addr
+|threat_prevention_flagged
-|Server-side Server Address
+|Threat Prevention Flagged
-|inet
+|boolean
-|The server-side server IP address
+|If Threat Prevention flagged
 |-
-|c_client_port
+|threat_prevention_reason
-|Client-side Client Port
+|Threat Prevention Reason
+|character(1)
+|Threat Prevention reason
+|-
+|threat_prevention_rule_id
+|Threat Prevention Rule Id
 |integer
-|The client-side client port
+|Numeric rule id of Threat Prevention
+|-
+|threat_prevention_client_reputation
+|Threat Prevention Client Reputation
+|smallint
+|Numeric client reputation of Threat Prevention
 |-
-|s_client_port
+|threat_prevention_client_categories
-|Server-side Client Port
+|Threat Prevention Client Categories
 |integer
-|The server-side client port
+|Bitmask client categories of Threat Prevention
 |-
-|c_server_port
+|threat_prevention_server_reputation
-|Client-side Server Port
+|Threat Prevention Server Reputation
-|integer
+|smallint
-|The client-side server port
+|Numeric server reputation of Threat Prevention
 |-
-|s_server_port
+|threat_prevention_server_categories
-|Server-side Server Port
+|Threat Prevention Server Categories
 |integer
-|The server-side server port
+|Bitmask server categories of Threat Prevention
 |-
-|policy_id
+|application_control_lite_protocol
-|Policy ID
+|Application Control Lite Protocol
-|bigint
-|The policy
-|-
-|username
-|Username
 |text
-|The username associated with this session
+|The application protocol according to Application Control Lite
+|-
+|application_control_lite_blocked
+|Application Control Lite Blocked
+|boolean
+|True if Application Control Lite blocked the session
 |-
-|msg_id
+|captive_portal_blocked
-|Message ID
+|Captive Portal Blocked
-|bigint
+|boolean
-|The message ID
+|True if Captive Portal blocked the session
 |-
-|subject
+|captive_portal_rule_index
-|Subject
+|Captive Portal Rule ID
-|text
+|integer
-|The email subject
+|The matching rule in Captive Portal (if any)
 |-
-|hostname
+|application_control_application
-|Hostname
+|Application Control Application
 |text
-|The hostname of the local address
+|The application according to Application Control
 |-
-|event_id
+|application_control_protochain
-|Event ID
+|Application Control Protochain
-|bigint
-|The unique event ID
-|-
-|sender
-|Sender
 |text
-|The address of the sender
+|The protochain according to Application Control
 |-
-|receiver
+|application_control_category
-|Receiver
+|Application Control Category
 |text
-|The address of the receiver
+|The category according to Application Control
 |-
-|virus_blocker_lite_clean
+|application_control_blocked
-|Virus Blocker Lite Clean
+|Application Control Blocked
 |boolean
-|The cleanliness of the file according to Virus Blocker Lite
+|True if Application Control blocked the session
 |-
-|virus_blocker_lite_name
+|application_control_flagged
-|Virus Blocker Lite Name
+|Application Control Flagged
-|text
-|The name of the malware according to Virus Blocker Lite
-|-
-|virus_blocker_clean
-|Virus Blocker Clean
 |boolean
-|The cleanliness of the file according to Virus Blocker
+|True if Application Control flagged the session
 |-
-|virus_blocker_name
+|application_control_confidence
-|Virus Blocker Name
+|Application Control Confidence
-|text
+|integer
-|The name of the malware according to Virus Blocker
+|True if Application Control confidence of this session's identification
 |-
-|spam_blocker_lite_score
+|application_control_ruleid
-|Spam Blocker Lite Score
+|Application Control Rule ID
-|real
+|integer
-|The score of the email according to Spam Blocker Lite
+|The matching rule in Application Control (if any)
 |-
-|spam_blocker_lite_is_spam
+|application_control_detail
-|Spam Blocker Lite Spam
+|Application Control Detail
-|boolean
+|text
-|The spam status of the email according to Spam Blocker Lite
+|The text detail from the Application Control engine
 |-
-|spam_blocker_lite_tests_string
+|bandwidth_control_priority
-|Spam Blocker Lite Tests
+|Bandwidth Control Priority
-|text
+|integer
-|The tess results for Spam Blocker Lite
+|The priority given to this session
 |-
-|spam_blocker_lite_action
+|bandwidth_control_rule
-|Spam Blocker Lite Action
+|Bandwidth Control Rule ID
-|character(1)
+|integer
-|The action taken by Spam Blocker Lite
+|The matching rule in Bandwidth Control rule (if any)
 |-
-|spam_blocker_score
+|ssl_inspector_ruleid
-|Spam Blocker Score
+|SSL Inspector Rule ID
-|real
+|integer
-|The score of the email according to Spam Blocker
+|The matching rule in SSL Inspector rule (if any)
 |-
-|spam_blocker_is_spam
+|ssl_inspector_status
-|Spam Blocker Spam
+|SSL Inspector Status
-|boolean
+|text
-|The spam status of the email according to Spam Blocker
+|The status/action of the SSL session (INSPECTED,IGNORED,BLOCKED,UNTRUSTED,ABANDONED)
 |-
-|spam_blocker_tests_string
+|ssl_inspector_detail
-|Spam Blocker Tests
+|SSL Inspector Detail
 |text
-|The tess results for Spam Blocker
+|Additional text detail about the SSL connection (SNI, IP Address)
 |-
-|spam_blocker_action
+|tags
-|Spam Blocker Action
+|Tags
-|character(1)
+|text
-|The action taken by Spam Blocker
+|The tags on this session
-|-
-|phish_blocker_score
-|Phish Blocker Score
-|real
-|The score of the email according to Phish Blocker
-|-
-|phish_blocker_is_spam
-|Phish Blocker Phish
-|boolean
-|The phish status of the email according to Phish Blocker
-|-
-|phish_blocker_tests_string
-|Phish Blocker Tests
-|text
-|The tess results for Phish Blocker
-|-
-|phish_blocker_action
-|Phish Blocker Action
-|character(1)
-|The action taken by Phish Blocker
 |-
 |}
-<section end='mail_msgs' />
+<section end='sessions' />
+()
+== session_minutes ==
-== mail_addrs ==
+<section begin='session_minutes' />
-<section begin='mail_addrs' />
 {| border="1" cellpadding="2" width="90%%" align="center"
@@ Line 1,122: / Line 1,095: @@
 !Description
 |-
-|time_stamp
+|session_id
+|Session ID
+|bigint
+|The session
+|-
+|time_stamp
 |Timestamp
 |timestamp without time zone
 |The time of the event
 |-
-|session_id
+|c2s_bytes
-|Session ID
+|From-Client Bytes
 |bigint
-|The session
+|The number of bytes the client sent
 |-
-|client_intf
+|s2c_bytes
-|Client Interface
+|From-Server Bytes
-|smallint
+|bigint
-|The client interface
+|The number of bytes the server sent
 |-
-|server_intf
+|start_time
-|Server Interface
+|Start Time
-|smallint
+|timestamp without time zone
-|The server interface
+|The start time of the session
 |-
-|c_client_addr
+|end_time
-|Client-side Client Address
+|End Time
-|inet
+|timestamp without time zone
-|The client-side client IP address
+|The time the session ended
 |-
-|s_client_addr
+|bypassed
-|Server-side Client Address
+|Bypassed
-|inet
+|boolean
-|The server-side client IP address
+|True if the session was bypassed, false otherwise
 |-
-|c_server_addr
+|entitled
-|Client-side Server Address
+|Entitled
-|inet
+|boolean
-|The client-side server IP address
+|True if the session is entitled to premium functionality
 |-
-|s_server_addr
+|protocol
-|Server-side Server Address
+|Protocol
-|inet
+|smallint
-|The server-side server IP address
+|The IP protocol of session
 |-
-|c_client_port
+|icmp_type
-|Client-side Client Port
+|ICMP Type
-|integer
+|smallint
-|The client-side client port
+|The ICMP type of session if ICMP
 |-
-|s_client_port
+|hostname
-|Server-side Client Port
+|Hostname
-|integer
+|text
-|The server-side client port
+|The hostname of the local address
 |-
-|c_server_port
+|username
-|Client-side Server Port
+|Username
-|integer
+|text
-|The client-side server port
+|The username associated with this session
-|-
-|s_server_port
-|Server-side Server Port
-|integer
-|The server-side server port
 |-
 |policy_id
 |Policy ID
-|bigint
+|smallint
 |The policy
 |-
-|username
+|policy_rule_id
-|Username
+|Policy Rule ID
-|text
+|smallint
-|The username associated with this session
+|The ID of the matching policy rule (0 means none)
 |-
-|msg_id
+|local_addr
-|Message ID
+|Local Address
-|bigint
+|inet
-|The message ID
+|The IP address of the local participant
 |-
-|subject
+|remote_addr
-|Subject
+|Remote Address
-|text
+|inet
-|The email subject
+|The IP address of the remote participant
 |-
-|addr
+|c_client_addr
-|Address
+|Client-side Client Address
-|text
+|inet
-|The address of this event
+|The client-side client IP address
 |-
-|addr_name
+|c_server_addr
-|Address Name
+|Client-side Server Address
-|text
+|inet
-|The name for this address
+|The client-side server IP address
 |-
-|addr_kind
+|c_server_port
-|Address Kind
+|Client-side Server Port
-|character(1)
+|integer
-|The type for this address (F=From, T=To, C=CC, G=Envelope From, B=Envelope To, X=Unknown)
+|The client-side server port
 |-
-|hostname
+|c_client_port
-|Hostname
+|Client-side Client Port
-|text
+|integer
-|The hostname of the local address
+|The client-side client port
 |-
-|event_id
+|s_client_addr
-|Event ID
+|Server-side Client Address
-|bigint
+|inet
-|The unique event ID
+|The server-side client IP address
 |-
-|sender
+|s_server_addr
-|Sender
+|Server-side Server Address
-|text
+|inet
-|The address of the sender
+|The server-side server IP address
 |-
-|virus_blocker_lite_clean
+|s_server_port
-|Virus Blocker Lite Clean
+|Server-side Server Port
-|boolean
+|integer
-|The cleanliness of the file according to Virus Blocker Lite
+|The server-side server port
+|-
+|s_client_port
+|Server-side Client Port
+|integer
+|The server-side client port
 |-
-|virus_blocker_lite_name
+|client_intf
-|Virus Blocker Lite Name
+|Client Interface
-|text
+|smallint
-|The name of the malware according to Virus Blocker Lite
+|The client interface
 |-
-|virus_blocker_clean
+|server_intf
-|Virus Blocker Clean
+|Server Interface
-|boolean
+|smallint
-|The cleanliness of the file according to Virus Blocker
+|The server interface
 |-
-|virus_blocker_name
+|client_country
-|Virus Blocker Name
+|Client Country
 |text
-|The name of the malware according to Virus Blocker
+|The client Country
 |-
-|spam_blocker_lite_score
+|client_latitude
-|Spam Blocker Lite Score
+|Client Latitude
 |real
-|The score of the email according to Spam Blocker Lite
+|The client Latitude
 |-
-|spam_blocker_lite_is_spam
+|client_longitude
-|Spam Blocker Lite Spam
+|Client Longitude
-|boolean
+|real
-|The spam status of the email according to Spam Blocker Lite
+|The client Longitude
 |-
-|spam_blocker_lite_action
+|server_country
-|Spam Blocker Lite Action
+|Server Country
-|character(1)
-|The action taken by Spam Blocker Lite
-|-
-|spam_blocker_lite_tests_string
-|Spam Blocker Lite Tests
 |text
-|The tess results for Spam Blocker Lite
+|The server Country
 |-
-|spam_blocker_score
+|server_latitude
-|Spam Blocker Score
+|Server Latitude
 |real
-|The score of the email according to Spam Blocker
+|The server Latitude
 |-
-|spam_blocker_is_spam
+|server_longitude
-|Spam Blocker Spam
+|Server Longitude
-|boolean
+|real
-|The spam status of the email according to Spam Blocker
+|The server Longitude
 |-
-|spam_blocker_action
+|filter_prefix
-|Spam Blocker Action
+|Filter Block
-|character(1)
-|The action taken by Spam Blocker
-|-
-|spam_blocker_tests_string
-|Spam Blocker Tests
 |text
-|The tess results for Spam Blocker
+|The network filter that blocked the connection (filter,shield,invalid)
 |-
-|phish_blocker_score
+|firewall_blocked
-|Phish Blocker Score
+|Firewall Blocked
-|real
+|boolean
-|The score of the email according to Phish Blocker
+|True if Firewall blocked the session, false otherwise
 |-
-|phish_blocker_is_spam
+|firewall_flagged
-|Phish Blocker Phish
+|Firewall Flagged
 |boolean
-|The phish status of the email according to Phish Blocker
+|True if Firewall flagged the session, false otherwise
 |-
-|phish_blocker_tests_string
+|firewall_rule_index
-|Phish Blocker Tests
+|Firewall Rule ID
-|text
+|integer
-|The tess results for Phish Blocker
+|The matching rule in Firewall (if any)
+|-
+|threat_prevention_blocked
+|Threat Prevention Blocked
+|boolean
+|If Threat Prevention blocked
+|-
+|threat_prevention_flagged
+|Threat Prevention Flagged
+|boolean
+|If Threat Prevention flagged
 |-
-|phish_blocker_action
+|threat_prevention_reason
-|Phish Blocker Action
+|Threat Prevention Reason
 |character(1)
-|The action taken by Phish Blocker
+|Threat Prevention reason
 |-
-|}
+|threat_prevention_rule_id
-<section end='mail_addrs' />
+|Threat Prevention Rule Id
+|integer
+|Numeric rule id of Threat Prevention
-== smtp_tarpit_events ==
-<section begin='smtp_tarpit_events' />
-{| border="1" cellpadding="2" width="90%%" align="center"
-!Column Name
-!Human Name
-!Type
-!Description
 |-
-|time_stamp
+|threat_prevention_client_reputation
-|Timestamp
+|Threat Prevention Client Reputation
-|timestamp without time zone
+|smallint
-|The time of the event
+|Numeric client reputation of Threat Prevention
+|-
+|threat_prevention_client_categories
+|Threat Prevention Client Categories
+|integer
+|Bitmask client categories of Threat Prevention
+|-
+|threat_prevention_server_reputation
+|Threat Prevention Server Reputation
+|smallint
+|Numeric server reputation of Threat Prevention
 |-
-|ipaddr
+|threat_prevention_server_categories
-|Client Address
+|Threat Prevention Server Categories
-|inet
+|integer
-|The client IP address
+|Bitmask server categories of Threat Prevention
 |-
-|hostname
+|application_control_lite_protocol
-|Hostname
+|Application Control Lite Protocol
 |text
-|The hostname of the local address
+|The application protocol according to Application Control Lite
 |-
-|policy_id
+|application_control_lite_blocked
-|Policy ID
+|Application Control Lite Blocked
-|bigint
+|boolean
-|The policy
+|True if Application Control Lite blocked the session
-|-
-|vendor_name
-|Vendor Name
-|character varying(255)
-|The "vendor name" of the app that logged the event
 |-
-|event_id
+|captive_portal_blocked
-|Event ID
+|Captive Portal Blocked
-|bigint
+|boolean
-|The unique event ID
+|True if Captive Portal blocked the session
 |-
-|}
+|captive_portal_rule_index
-<section end='smtp_tarpit_events' />
+|Captive Portal Rule ID
+|integer
+|The matching rule in Captive Portal (if any)
-== http_events ==
-<section begin='http_events' />
-{| border="1" cellpadding="2" width="90%%" align="center"
-!Column Name
-!Human Name
-!Type
-!Description
 |-
-|request_id
+|application_control_application
-|Request ID
+|Application Control Application
-|bigint
+|text
-|The HTTP request ID
+|The application according to Application Control
 |-
-|time_stamp
+|application_control_protochain
-|Timestamp
+|Application Control Protochain
-|timestamp without time zone
+|text
-|The time of the event
+|The protochain according to Application Control
 |-
-|session_id
+|application_control_category
-|Session ID
+|Application Control Category
-|bigint
+|text
-|The session
+|The category according to Application Control
 |-
-|client_intf
+|application_control_blocked
-|Client Interface
+|Application Control Blocked
-|smallint
+|boolean
-|The client interface
+|True if Application Control blocked the session
 |-
-|server_intf
+|application_control_flagged
-|Server Interface
+|Application Control Flagged
-|smallint
+|boolean
-|The server interface
+|True if Application Control flagged the session
 |-
-|c_client_addr
+|application_control_confidence
-|Client-side Client Address
+|Application Control Confidence
-|inet
+|integer
-|The client-side client IP address
+|True if Application Control confidence of this session's identification
 |-
-|s_client_addr
+|application_control_ruleid
-|Server-side Client Address
+|Application Control Rule ID
-|inet
+|integer
-|The server-side client IP address
+|The matching rule in Application Control (if any)
 |-
-|c_server_addr
+|application_control_detail
-|Client-side Server Address
+|Application Control Detail
-|inet
+|text
-|The client-side server IP address
+|The text detail from the Application Control engine
 |-
-|s_server_addr
+|bandwidth_control_priority
-|Server-side Server Address
+|Bandwidth Control Priority
-|inet
-|The server-side server IP address
-|-
-|c_client_port
-|Client-side Client Port
 |integer
-|The client-side client port
+|The priority given to this session
 |-
-|s_client_port
+|bandwidth_control_rule
-|Server-side Client Port
+|Bandwidth Control Rule ID
 |integer
-|The server-side client port
+|The matching rule in Bandwidth Control rule (if any)
 |-
-|c_server_port
+|ssl_inspector_ruleid
-|Client-side Server Port
+|SSL Inspector Rule ID
 |integer
-|The client-side server port
+|The matching rule in SSL Inspector rule (if any)
 |-
-|s_server_port
+|ssl_inspector_status
-|Server-side Server Port
+|SSL Inspector Status
-|integer
+|text
-|The server-side server port
+|The status/action of the SSL session (INSPECTED,IGNORED,BLOCKED,UNTRUSTED,ABANDONED)
 |-
-|policy_id
+|ssl_inspector_detail
-|Policy ID
+|SSL Inspector Detail
-|smallint
+|text
-|The policy
+|Additional text detail about the SSL connection (SNI, IP Address)
 |-
-|username
+|tags
-|Username
+|Tags
 |text
-|The username associated with this session
+|The tags on this session
+|-
+|}
+<section end='session_minutes' />
+()
+== quotas ==
+<section begin='quotas' />
+{| border="1" cellpadding="2" width="90%%" align="center"
+!Column Name
+!Human Name
+!Type
+!Description
+|-
+|time_stamp
+|Timestamp
+|timestamp without time zone
+|The time of the event
 |-
-|hostname
+|entity
-|Hostname
+|Entity
 |text
-|The hostname of the local address
+|The IP entity given the quota (address/username)
 |-
-|method
+|action
-|Method
+|Action
-|character(1)
+|integer
-|The HTTP method
+|The action (1=Quota Given, 2=Quota Exceeded)
 |-
-|uri
+|size
-|URI
+|Size
-|text
+|bigint
-|The HTTP URI
+|The size of the quota
 |-
-|host
+|reason
-|Host
+|Reason
 |text
-|The HTTP host
+|The reason for the action
 |-
-|domain
+|}
-|Domain
+<section end='quotas' />
-|text
+()
-|The HTTP domain (shortened host)
-|-
+== host_table_updates ==
-|referer
+<section begin='host_table_updates' />
-|Referer
-|text
+{| border="1" cellpadding="2" width="90%%" align="center"
-|The Referer URL
+!Column Name
+!Human Name
+!Type
+!Description
 |-
-|c2s_content_length
+|address
-|Client-to-server Content Length
+|Address
-|bigint
+|inet
-|The client-to-server content length
+|The IP address of the host
 |-
-|s2c_content_length
+|key
-|Server-to-client Content Length
+|Key
-|bigint
-|The server-to-client content length
-|-
-|s2c_content_type
-|Server-to-client Content Type
 |text
-|The server-to-client content type
+|The key being updated
 |-
-|ad_blocker_cookie_ident
+|value
-|Ad Blocker Cookie
+|Value
 |text
-|This name of cookie blocked by Ad Blocker
+|The new value for the key
 |-
-|ad_blocker_action
+|old_value
-|Ad Blocker Action
+|Old Value
-|character(1)
+|text
-|This action of Ad Blocker on this request
+|The old value for the key
 |-
-|web_filter_reason
+|time_stamp
-|Web Filter Reason
+|Timestamp
-|character(1)
+|timestamp without time zone
-|This reason Web Filter blocked/flagged this request
+|The time of the event
 |-
-|web_filter_category_id
+|}
-|Web Filter Category ID
+<section end='host_table_updates' />
-|int
+()
-|This category ID according to Web Filter
+== device_table_updates ==
+<section begin='device_table_updates' />
+{| border="1" cellpadding="2" width="90%%" align="center"
+!Column Name
+!Human Name
+!Type
+!Description
 |-
-|web_filter_blocked
+|mac_address
-|Web Filter Blocked
+|MAC Address
-|boolean
+|text
-|If Web Filter blocked this request
+|The MAC address of the device
 |-
-|web_filter_flagged
+|key
-|Web Filter Flagged
+|Key
-|boolean
+|text
-|If Web Filter flagged this request
+|The key being updated
 |-
-|virus_blocker_lite_clean
+|value
-|Virus Blocker Lite Clean
+|Value
-|boolean
+|text
-|The cleanliness of the file according to Virus Blocker Lite
+|The new value for the key
 |-
-|virus_blocker_lite_name
+|old_value
-|Virus Blocker Lite Name
+|Old Value
 |text
-|The name of the malware according to Virus Blocker Lite
+|The old value for the key
 |-
-|virus_blocker_clean
+|time_stamp
-|Virus Blocker Clean
+|Timestamp
-|boolean
+|timestamp without time zone
-|The cleanliness of the file according to Virus Blocker
+|The time of the event
-|-
-|virus_blocker_name
-|Virus Blocker Name
-|text
-|The name of the malware according to Virus Blocker
-|-
-|threat_prevention_blocked
-|Threat Prevention Blocked
-|boolean
-|If Threat Prevention blocked this request
-|-
-|threat_prevention_flagged
-|Threat Prevention Flagged
-|boolean
-|If Threat Prevention flagged this request
-|-
-|threat_prevention_rule_id
-|Threat Prevention Rule ID
-|integer
-|The matching rule in Threat Prevention (if any)
-|-
-|threat_prevention_reputation
-|Threat Prevention Reputation
-|smallint
-|The Threat Prevention reputation value
-|-
-|threat_prevention_categories
-|Threat Prevention Categories
-|integer
-|The Threat Prevention categories
 |-
 |}
-<section end='http_events' />
+<section end='device_table_updates' />
+()
-== ftp_events ==
+== user_table_updates ==
-<section begin='ftp_events' />
+<section begin='user_table_updates' />
 {| border="1" cellpadding="2" width="90%%" align="center"
@@ Line 1,575: / Line 1,532: @@
 !Description
 |-
-|event_id
+|username
-|Event ID
+|Username
-|bigint
+|text
-|The unique event ID
+|The username
+|-
+|key
+|Key
+|text
+|The key being updated
+|-
+|value
+|Value
+|text
+|The new value for the key
+|-
+|old_value
+|Old Value
+|text
+|The old value for the key
 |-
 |time_stamp
@@ Line 1,585: / Line 1,557: @@
 |The time of the event
 |-
-|session_id
+|}
-|Session ID
+<section end='user_table_updates' />
-|bigint
+()
-|The session
-|-
+== alerts ==
-|client_intf
+<section begin='alerts' />
-|Client Interface
-|smallint
+{| border="1" cellpadding="2" width="90%%" align="center"
-|The client interface
+!Column Name
+!Human Name
+!Type
+!Description
 |-
-|server_intf
+|time_stamp
-|Server Interface
+|Timestamp
-|smallint
+|timestamp without time zone
-|The server interface
+|The time of the event
 |-
-|c_client_addr
+|description
-|Client-side Client Address
+|Text detail of the event
-|inet
+|text
-|The client-side client IP address
+|The description from the alert rule.
 |-
-|s_client_addr
+|summary_text
-|Server-side Client Address
+|Summary Text
-|inet
+|text
-|The server-side client IP address
+|The summary text of the alert
 |-
-|c_server_addr
+|json
-|Client-side Server Address
+|JSON Text
-|inet
+|text
-|The client-side server IP address
+|The summary JSON representation of the event causing the alert
 |-
-|s_server_addr
+|}
-|Server-side Server Address
+<section end='alerts' />
-|inet
+()
-|The server-side server IP address
+== settings_changes ==
+<section begin='settings_changes' />
+{| border="1" cellpadding="2" width="90%%" align="center"
+!Column Name
+!Human Name
+!Type
+!Description
 |-
-|policy_id
+|time_stamp
-|Policy ID
+|Timestamp
-|bigint
+|timestamp without time zone
-|The policy
+|The time of the event
 |-
-|username
+|settings_file
-|Username
+|Settings File
 |text
-|The username associated with this session
+|The name of the file changed
+|-
+|username
+|Username
+|text
+|The username logged in at the time of the change
 |-
 |hostname
 |Hostname
 |text
-|The hostname of the local address
+|The remote hostname
+|-
+|}
+<section end='settings_changes' />
+()
+== web_cache_stats ==
+<section begin='web_cache_stats' />
+{| border="1" cellpadding="2" width="90%%" align="center"
+!Column Name
+!Human Name
+!Type
+!Description
+|-
+|time_stamp
+|Timestamp
+|timestamp without time zone
+|The time of the event
 |-
-|request_id
+|hits
-|Request ID
+|Hits
 |bigint
-|The FTP request ID
+|The number of cache hits during this time frame
 |-
-|method
+|misses
-|Method
+|Misses
-|character(1)
+|bigint
-|The FTP method
+|The number of cache misses during this time frame
 |-
-|uri
+|bypasses
-|URI
+|Bypasses
-|text
+|bigint
-|The FTP URI
+|The number of cache user bypasses during this time frame
 |-
-|virus_blocker_lite_clean
+|systems
-|Virus Blocker Lite Clean
+|System bypasses
-|boolean
+|bigint
-|The cleanliness of the file according to Virus Blocker Lite
+|The number of cache system bypasses during this time frame
 |-
-|virus_blocker_lite_name
+|hit_bytes
-|Virus Blocker Lite Name
+|Hit Bytes
-|text
+|bigint
-|The name of the malware according to Virus Blocker Lite
+|The number of bytes saved from cache hits
 |-
-|virus_blocker_clean
+|miss_bytes
-|Virus Blocker Clean
+|Miss Bytes
-|boolean
+|bigint
-|The cleanliness of the file according to Virus Blocker
+|The number of bytes not saved from cache misses
 |-
-|virus_blocker_name
+|event_id
-|Virus Blocker Name
+|Event ID
-|text
+|bigint
-|The name of the malware according to Virus Blocker
+|The unique event ID
 |-
 |}
-<section end='ftp_events' />
+<section end='web_cache_stats' />
+()
+== server_events ==
-== ipsec_user_events ==
+<section begin='server_events' />
-<section begin='ipsec_user_events' />
 {| border="1" cellpadding="2" width="90%%" align="center"
@@ Line 1,682: / Line 1,688: @@
 !Type
 !Description
-|-
-|event_id
-|Event ID
-|bigint
-|The unique event ID
 |-
 |time_stamp
@@ Line 1,693: / Line 1,694: @@
 |The time of the event
 |-
-|connect_stamp
+|load_1
-|Connect Time
+|CPU load (1-min)
-|timestamp without time zone
+|numeric(6,2)
-|The time the connection started
+|The 1-minute CPU load
 |-
-|goodbye_stamp
+|load_5
-|End Time
+|CPU load (5-min)
-|timestamp without time zone
+|numeric(6,2)
-|The time the connection ended
+|The 5-minute CPU load
 |-
-|client_address
+|load_15
-|Client Address
+|CPU load (15-min)
-|text
+|numeric(6,2)
-|The remote IP address of the client
+|The 15-minute CPU load
 |-
-|client_protocol
+|cpu_user
-|Client Protocol
+|CPU User Utilization
-|text
+|numeric(6,3)
-|The protocol the client used to connect
+|The user CPU percent utilization
 |-
-|client_username
+|cpu_system
-|Client Username
+|CPU System Utilization
-|text
+|numeric(6,3)
-|The username of the client
+|The system CPU percent utilization
 |-
-|net_process
+|mem_total
-|Net Process
+|Total Memory
-|text
+|bigint
-|The PID of the PPP process for L2TP connections or the connection ID for Xauth connections
+|The total bytes of memory
 |-
-|net_interface
+|mem_free
-|Net Interface
+|Memory Free
-|text
+|bigint
-|The PPP interface for L2TP connections or the client interface for Xauth connections
+|The number of free bytes of memory
 |-
-|elapsed_time
+|disk_total
-|Elapsed Time
+|Disk Size
-|text
-|The total time the client was connected
-|-
-|rx_bytes
-|Bytes Received
 |bigint
-|The number of bytes received from the client in this connection
+|The total disk size in bytes
 |-
-|tx_bytes
+|disk_free
-|Bytes Sent
+|Disk Free
 |bigint
-|The number of bytes sent to the client in this connection
+|The free disk space in bytes
+|-
+|swap_total
+|Swap Size
+|bigint
+|The total swap size in bytes
+|-
+|swap_free
+|Swap Free
+|bigint
+|The free disk swap in bytes
+|-
+|active_hosts
+|Active Hosts
+|integer
+|The number of active hosts
 |-
 |}
-<section end='ipsec_user_events' />
+<section end='server_events' />
+()
+== interface_stat_events ==
-== ipsec_tunnel_stats ==
+<section begin='interface_stat_events' />
-<section begin='ipsec_tunnel_stats' />
 {| border="1" cellpadding="2" width="90%%" align="center"
@@ Line 1,761: / Line 1,772: @@
 |The time of the event
 |-
-|tunnel_name
+|interface_id
-|Tunnel Name
+|Interface ID
-|text
+|integer
-|The name of the IPsec tunnel
+|The interface ID
 |-
-|in_bytes
+|rx_rate
-|In Bytes
+|Rx Rate
+|double precision
+|The RX rate (bytes/s)
+|-
+|rx_bytes
+|Bytes Received
 |bigint
-|The number of bytes received during this time frame
+|The number of bytes received from the client in this connection
 |-
-|out_bytes
+|tx_rate
-|Out Bytes
+|Tx Rate
-|bigint
+|double precision
-|The number of bytes transmitted during this time frame
+|The TX rate (bytes/s)
 |-
-|event_id
+|tx_bytes
-|Event ID
+|Bytes Sent
 |bigint
-|The unique event ID
+|The number of bytes sent to the client in this connection
 |-
 |}
-<section end='ipsec_tunnel_stats' />
+<section end='interface_stat_events' />
+()
+== mail_msgs ==
-== interface_stat_events ==
+<section begin='mail_msgs' />
-<section begin='interface_stat_events' />
 {| border="1" cellpadding="2" width="90%%" align="center"
@@ Line 1,799: / Line 1,815: @@
 |The time of the event
 |-
-|interface_id
+|session_id
-|Interface ID
+|Session ID
-|integer
+|bigint
-|The interface ID
+|The session
+|-
+|client_intf
+|Client Interface
+|smallint
+|The client interface
 |-
-|rx_rate
+|server_intf
-|Rx Rate
+|Server Interface
-|double precision
+|smallint
-|The RX rate (bytes/s)
+|The server interface
 |-
-|tx_rate
+|c_client_addr
-|Tx Rate
+|Client-side Client Address
-|double precision
+|inet
-|The TX rate (bytes/s)
+|The client-side client IP address
 |-
-|}
+|s_client_addr
-<section end='interface_stat_events' />
+|Server-side Client Address
+|inet
+|The server-side client IP address
-== configuration_backup_events ==
-<section begin='configuration_backup_events' />
-{| border="1" cellpadding="2" width="90%%" align="center"
-!Column Name
-!Human Name
-!Type
-!Description
 |-
-|time_stamp
+|c_server_addr
-|Timestamp
+|Client-side Server Address
-|timestamp without time zone
+|inet
-|The time of the event
+|The client-side server IP address
 |-
-|success
+|s_server_addr
-|Success
+|Server-side Server Address
-|boolean
+|inet
-|The result of the backup (true if the backup succeeded, false otherwise)
+|The server-side server IP address
 |-
-|description
+|c_client_port
-|Text detail of the event
+|Client-side Client Port
-|text
+|integer
-|Text detail of the event
+|The client-side client port
 |-
-|destination
+|s_client_port
-|Destination
+|Server-side Client Port
+|integer
+|The server-side client port
+|-
+|c_server_port
+|Client-side Server Port
+|integer
+|The client-side server port
+|-
+|s_server_port
+|Server-side Server Port
+|integer
+|The server-side server port
+|-
+|policy_id
+|Policy ID
+|bigint
+|The policy
+|-
+|username
+|Username
 |text
-|The location of the backup
+|The username associated with this session
 |-
-|event_id
+|msg_id
-|Event ID
+|Message ID
 |bigint
-|The unique event ID
+|The message ID
 |-
-|}
+|subject
-<section end='configuration_backup_events' />
+|Subject
-== directory_connector_login_events ==
-<section begin='directory_connector_login_events' />
-{| border="1" cellpadding="2" width="90%%" align="center"
-!Column Name
-!Human Name
-!Type
-!Description
-|-
-|time_stamp
-|Timestamp
-|timestamp without time zone
-|The time of the event
-|-
-|login_name
-|Login Name
 |text
-|The login name
+|The email subject
 |-
-|domain
+|hostname
-|Domain
+|Hostname
 |text
-|The AD domain
+|The hostname of the local address
 |-
-|type
+|event_id
-|Type
+|Event ID
+|bigint
+|The unique event ID
+|-
+|sender
+|Sender
 |text
-|The type of event (I=Login,U=Update,O=Logout)
+|The address of the sender
 |-
-|client_addr
+|receiver
-|Client Address
+|Receiver
-|inet
+|text
-|The client IP address
+|The address of the receiver
 |-
-|}
+|virus_blocker_lite_clean
-<section end='directory_connector_login_events' />
+|Virus Blocker Lite Clean
+|boolean
+|The cleanliness of the file according to Virus Blocker Lite
-== server_events ==
-<section begin='server_events' />
-{| border="1" cellpadding="2" width="90%%" align="center"
-!Column Name
-!Human Name
-!Type
-!Description
 |-
-|time_stamp
+|virus_blocker_lite_name
-|Timestamp
+|Virus Blocker Lite Name
-|timestamp without time zone
+|text
-|The time of the event
+|The name of the malware according to Virus Blocker Lite
 |-
-|load_1
+|virus_blocker_clean
-|CPU load (1-min)
+|Virus Blocker Clean
-|numeric(6,2)
+|boolean
-|The 1-minute CPU load
+|The cleanliness of the file according to Virus Blocker
 |-
-|load_5
+|virus_blocker_name
-|CPU load (5-min)
+|Virus Blocker Name
-|numeric(6,2)
+|text
-|The 5-minute CPU load
+|The name of the malware according to Virus Blocker
 |-
-|load_15
+|spam_blocker_lite_score
-|CPU load (15-min)
+|Spam Blocker Lite Score
-|numeric(6,2)
+|real
-|The 15-minute CPU load
+|The score of the email according to Spam Blocker Lite
 |-
-|cpu_user
+|spam_blocker_lite_is_spam
-|CPU User Utilization
+|Spam Blocker Lite Spam
-|numeric(6,3)
+|boolean
-|The user CPU percent utilization
+|The spam status of the email according to Spam Blocker Lite
 |-
-|cpu_system
+|spam_blocker_lite_tests_string
-|CPU System Utilization
+|Spam Blocker Lite Tests
-|numeric(6,3)
+|text
-|The system CPU percent utilization
+|The tess results for Spam Blocker Lite
 |-
-|mem_total
+|spam_blocker_lite_action
-|Total Memory
+|Spam Blocker Lite Action
-|bigint
+|character(1)
-|The total bytes of memory
+|The action taken by Spam Blocker Lite
 |-
-|mem_free
+|spam_blocker_score
-|Memory Free
+|Spam Blocker Score
-|bigint
+|real
-|The number of free bytes of memory
+|The score of the email according to Spam Blocker
 |-
-|disk_total
+|spam_blocker_is_spam
-|Disk Size
+|Spam Blocker Spam
-|bigint
+|boolean
-|The total disk size in bytes
+|The spam status of the email according to Spam Blocker
 |-
-|disk_free
+|spam_blocker_tests_string
-|Disk Free
+|Spam Blocker Tests
-|bigint
+|text
-|The free disk space in bytes
+|The tess results for Spam Blocker
 |-
-|swap_total
+|spam_blocker_action
-|Swap Size
+|Spam Blocker Action
-|bigint
+|character(1)
-|The total swap size in bytes
+|The action taken by Spam Blocker
 |-
-|swap_free
+|phish_blocker_score
-|Swap Free
+|Phish Blocker Score
-|bigint
+|real
-|The free disk swap in bytes
+|The score of the email according to Phish Blocker
 |-
-|active_hosts
+|phish_blocker_is_spam
-|Active Hosts
+|Phish Blocker Phish
-|integer
+|boolean
-|The number of active hosts
+|The phish status of the email according to Phish Blocker
+|-
+|phish_blocker_tests_string
+|Phish Blocker Tests
+|text
+|The tess results for Phish Blocker
+|-
+|phish_blocker_action
+|Phish Blocker Action
+|character(1)
+|The action taken by Phish Blocker
 |-
 |}
-<section end='server_events' />
+<section end='mail_msgs' />
+()
+== mail_addrs ==
-== web_cache_stats ==
+<section begin='mail_addrs' />
-<section begin='web_cache_stats' />
 {| border="1" cellpadding="2" width="90%%" align="center"
@@ Line 1,986: / Line 2,008: @@
 |The time of the event
 |-
-|hits
+|session_id
-|Hits
+|Session ID
 |bigint
-|The number of cache hits during this time frame
+|The session
 |-
-|misses
+|client_intf
-|Misses
+|Client Interface
-|bigint
+|smallint
-|The number of cache misses during this time frame
+|The client interface
 |-
-|bypasses
+|server_intf
-|Bypasses
+|Server Interface
-|bigint
+|smallint
-|The number of cache user bypasses during this time frame
+|The server interface
 |-
-|systems
+|c_client_addr
-|System bypasses
+|Client-side Client Address
-|bigint
+|inet
-|The number of cache system bypasses during this time frame
+|The client-side client IP address
 |-
-|hit_bytes
+|s_client_addr
-|Hit Bytes
+|Server-side Client Address
-|bigint
+|inet
-|The number of bytes saved from cache hits
+|The server-side client IP address
 |-
-|miss_bytes
+|c_server_addr
-|Miss Bytes
+|Client-side Server Address
-|bigint
+|inet
-|The number of bytes not saved from cache misses
+|The client-side server IP address
 |-
-|event_id
+|s_server_addr
-|Event ID
+|Server-side Server Address
-|bigint
+|inet
-|The unique event ID
+|The server-side server IP address
 |-
-|}
+|c_client_port
-<section end='web_cache_stats' />
+|Client-side Client Port
+|integer
+|The client-side client port
-== http_query_events ==
-<section begin='http_query_events' />
-{| border="1" cellpadding="2" width="90%%" align="center"
-!Column Name
-!Human Name
-!Type
-!Description
 |-
-|event_id
+|s_client_port
-|Event ID
+|Server-side Client Port
-|bigint
+|integer
-|The unique event ID
+|The server-side client port
 |-
-|time_stamp
+|c_server_port
-|Timestamp
+|Client-side Server Port
-|timestamp without time zone
+|integer
-|The time of the event
+|The client-side server port
+|-
+|s_server_port
+|Server-side Server Port
+|integer
+|The server-side server port
 |-
-|session_id
+|policy_id
-|Session ID
+|Policy ID
 |bigint
-|The session
+|The policy
 |-
-|client_intf
+|username
-|Client Interface
+|Username
-|smallint
+|text
-|The client interface
+|The username associated with this session
 |-
-|server_intf
+|msg_id
-|Server Interface
+|Message ID
-|smallint
+|bigint
-|The server interface
+|The message ID
 |-
-|c_client_addr
+|subject
-|Client-side Client Address
+|Subject
-|inet
+|text
-|The client-side client IP address
+|The email subject
 |-
-|s_client_addr
+|addr
-|Server-side Client Address
+|Address
-|inet
+|text
-|The server-side client IP address
+|The address of this event
 |-
-|c_server_addr
+|addr_name
-|Client-side Server Address
+|Address Name
-|inet
+|text
-|The client-side server IP address
+|The name for this address
 |-
-|s_server_addr
+|addr_kind
-|Server-side Server Address
+|Address Kind
-|inet
+|character(1)
-|The server-side server IP address
+|The type for this address (F=From, T=To, C=CC, G=Envelope From, B=Envelope To, X=Unknown)
 |-
-|c_client_port
+|hostname
-|Client-side Client Port
+|Hostname
-|integer
+|text
-|The client-side client port
+|The hostname of the local address
 |-
-|s_client_port
+|event_id
-|Server-side Client Port
+|Event ID
-|integer
-|The server-side client port
-|-
-|c_server_port
-|Client-side Server Port
-|integer
-|The client-side server port
-|-
-|s_server_port
-|Server-side Server Port
-|integer
-|The server-side server port
-|-
-|policy_id
-|Policy ID
 |bigint
-|The policy
+|The unique event ID
 |-
-|username
+|sender
-|Username
+|Sender
 |text
-|The username associated with this session
+|The address of the sender
+|-
+|virus_blocker_lite_clean
+|Virus Blocker Lite Clean
+|boolean
+|The cleanliness of the file according to Virus Blocker Lite
 |-
-|hostname
+|virus_blocker_lite_name
-|Hostname
+|Virus Blocker Lite Name
 |text
-|The hostname of the local address
+|The name of the malware according to Virus Blocker Lite
 |-
-|request_id
+|virus_blocker_clean
-|Request ID
+|Virus Blocker Clean
-|bigint
+|boolean
-|The HTTP request ID
+|The cleanliness of the file according to Virus Blocker
 |-
-|method
+|virus_blocker_name
-|Method
+|Virus Blocker Name
-|character(1)
-|The HTTP method
-|-
-|uri
-|URI
 |text
-|The HTTP URI
+|The name of the malware according to Virus Blocker
 |-
-|term
+|spam_blocker_lite_score
-|Search Term
+|Spam Blocker Lite Score
-|text
+|real
-|The search term
+|The score of the email according to Spam Blocker Lite
 |-
-|host
+|spam_blocker_lite_is_spam
-|Host
+|Spam Blocker Lite Spam
-|text
+|boolean
-|The HTTP host
+|The spam status of the email according to Spam Blocker Lite
 |-
-|c2s_content_length
+|spam_blocker_lite_action
-|Client-to-server Content Length
+|Spam Blocker Lite Action
-|bigint
+|character(1)
-|The client-to-server content length
+|The action taken by Spam Blocker Lite
 |-
-|s2c_content_length
+|spam_blocker_lite_tests_string
-|Server-to-client Content Length
+|Spam Blocker Lite Tests
-|bigint
-|The server-to-client content length
-|-
-|s2c_content_type
-|Server-to-client Content Type
 |text
-|The server-to-client content type
+|The tess results for Spam Blocker Lite
 |-
-|}
+|spam_blocker_score
-<section end='http_query_events' />
+|Spam Blocker Score
+|real
+|The score of the email according to Spam Blocker
-== captive_portal_user_events ==
-<section begin='captive_portal_user_events' />
-{| border="1" cellpadding="2" width="90%%" align="center"
-!Column Name
-!Human Name
-!Type
-!Description
 |-
-|time_stamp
+|spam_blocker_is_spam
-|Timestamp
+|Spam Blocker Spam
-|timestamp without time zone
+|boolean
-|The time of the event
+|The spam status of the email according to Spam Blocker
 |-
-|policy_id
+|spam_blocker_action
-|Policy ID
+|Spam Blocker Action
-|bigint
+|character(1)
-|The policy
+|The action taken by Spam Blocker
 |-
-|event_id
+|spam_blocker_tests_string
-|Event ID
+|Spam Blocker Tests
-|bigint
-|The unique event ID
-|-
-|login_name
-|Login Name
 |text
-|The login username
+|The tess results for Spam Blocker
 |-
-|event_info
+|phish_blocker_score
-|Event Type
+|Phish Blocker Score
-|text
+|real
-|The type of event (LOGIN, FAILED, TIMEOUT, INACTIVE, USER_LOGOUT, ADMIN_LOGOUT)
+|The score of the email according to Phish Blocker
 |-
-|auth_type
+|phish_blocker_is_spam
-|Authorization Type
+|Phish Blocker Phish
-|text
+|boolean
-|The authorization type for this event
+|The phish status of the email according to Phish Blocker
 |-
-|client_addr
+|phish_blocker_tests_string
-|Client Address
+|Phish Blocker Tests
 |text
-|The remote IP address of the client
+|The tess results for Phish Blocker
+|-
+|phish_blocker_action
+|Phish Blocker Action
+|character(1)
+|The action taken by Phish Blocker
 |-
 |}
-<section end='captive_portal_user_events' />
+<section end='mail_addrs' />
+()
+== ftp_events ==
-== openvpn_stats ==
+<section begin='ftp_events' />
-<section begin='openvpn_stats' />
 {| border="1" cellpadding="2" width="90%%" align="center"
@@ Line 2,214: / Line 2,205: @@
 !Type
 !Description
+|-
+|event_id
+|Event ID
+|bigint
+|The unique event ID
 |-
 |time_stamp
@@ Line 2,220: / Line 2,216: @@
 |The time of the event
 |-
-|start_time
+|session_id
-|Start Time
+|Session ID
-|timestamp without time zone
+|bigint
-|The time the OpenVPN session started
+|The session
 |-
-|end_time
+|client_intf
-|End Time
+|Client Interface
-|timestamp without time zone
+|smallint
-|The time the OpenVPN session ended
+|The client interface
 |-
-|rx_bytes
+|server_intf
-|Bytes Received
+|Server Interface
-|bigint
+|smallint
-|The total bytes received from the client during this session
+|The server interface
 |-
-|tx_bytes
+|c_client_addr
-|Bytes Sent
+|Client-side Client Address
-|bigint
+|inet
-|The total bytes sent to the client during this session
+|The client-side client IP address
 |-
-|remote_address
+|s_client_addr
-|Remote Address
+|Server-side Client Address
 |inet
-|The remote IP address of the client
+|The server-side client IP address
 |-
-|pool_address
+|c_server_addr
-|Pool Address
+|Client-side Server Address
 |inet
-|The pool IP address of the client
+|The client-side server IP address
 |-
-|remote_port
+|s_server_addr
-|Remote Port
+|Server-side Server Address
-|integer
+|inet
-|The remote port of the client
+|The server-side server IP address
+|-
+|policy_id
+|Policy ID
+|bigint
+|The policy
+|-
+|username
+|Username
+|text
+|The username associated with this session
 |-
-|client_name
+|hostname
-|Client Name
+|Hostname
 |text
-|The name of the client
+|The hostname of the local address
 |-
-|event_id
+|request_id
-|Event ID
+|Request ID
 |bigint
-|The unique event ID
+|The FTP request ID
+|-
+|method
+|Method
+|character(1)
+|The FTP method
 |-
-|}
+|uri
-<section end='openvpn_stats' />
+|URI
+|text
+|The FTP URI
-== openvpn_events ==
+|-
-<section begin='openvpn_events' />
+|virus_blocker_lite_clean
+|Virus Blocker Lite Clean
+|boolean
+|The cleanliness of the file according to Virus Blocker Lite
+|-
+|virus_blocker_lite_name
+|Virus Blocker Lite Name
+|text
+|The name of the malware according to Virus Blocker Lite
+|-
+|virus_blocker_clean
+|Virus Blocker Clean
+|boolean
+|The cleanliness of the file according to Virus Blocker
+|-
+|virus_blocker_name
+|Virus Blocker Name
+|text
+|The name of the malware according to Virus Blocker
+|-
+|}
+<section end='ftp_events' />
+()
+== tunnel_vpn_events ==
+<section begin='tunnel_vpn_events' />
 {| border="1" cellpadding="2" width="90%%" align="center"
@@ Line 2,278: / Line 2,314: @@
 !Description
 |-
-|time_stamp
+|event_id
+|Event ID
+|bigint
+|The unique event ID
+|-
+|time_stamp
 |Timestamp
 |timestamp without time zone
 |The time of the event
 |-
-|remote_address
+|tunnel_name
-|Remote Address
+|Tunnel Name
-|inet
+|text
-|The remote IP address of the client
+|The name the tunnel
 |-
-|pool_address
+|server_address
-|Pool Address
+|Server IP Address
-|inet
+|text
-|The pool IP address of the client
+|The address of the remote server
 |-
-|client_name
+|local_address
-|Client Name
+|Local Address
 |text
-|The name of the client
+|The local address assigned the client
 |-
-|type
+|event_type
-|Type
+|Event Type
 |text
 |The type of the event (CONNECT,DISCONNECT)
 |-
 |}
-<section end='openvpn_events' />
+<section end='tunnel_vpn_events' />
+()
-== intrusion_prevention_events ==
+== tunnel_vpn_stats ==
-<section begin='intrusion_prevention_events' />
+<section begin='tunnel_vpn_stats' />
 {| border="1" cellpadding="2" width="90%%" align="center"
@@ Line 2,321: / Line 2,362: @@
 |The time of the event
 |-
-|sig_id
+|tunnel_name
-|Signature ID
+|Tunnel Name
-|bigint
+|text
-|This ID of the rule
+|The name of the Tunnel VPN tunnel
 |-
-|gen_id
+|in_bytes
-|Grouping ID
+|In Bytes
 |bigint
-|The grouping ID for the rule, The gen_id + sig_id specify the rule's unique identifier
+|The number of bytes received during this time frame
 |-
-|class_id
+|out_bytes
-|Classtype ID
+|Out Bytes
 |bigint
-|The numeric ID for the classtype
+|The number of bytes transmitted during this time frame
 |-
-|source_addr
+|event_id
-|Source Address
+|Event ID
-|inet
+|bigint
-|The source IP address of the packet
+|The unique event ID
 |-
-|source_port
+|}
-|Source Port
+<section end='tunnel_vpn_stats' />
-|integer
+()
-|The source port of the packet (if applicable)
-|-
+== wan_failover_test_events ==
-|dest_addr
+<section begin='wan_failover_test_events' />
-|Destination Address
-|inet
+{| border="1" cellpadding="2" width="90%%" align="center"
-|The destination IP address of the packet
+!Column Name
+!Human Name
+!Type
+!Description
 |-
-|dest_port
+|time_stamp
-|Destination Port
+|Timestamp
-|integer
+|timestamp without time zone
-|The destination port of the packet (if applicable)
+|The time of the event
 |-
-|protocol
+|interface_id
-|Protocol
+|Interface ID
 |integer
-|The protocol of the packet
+|This interface ID
 |-
-|blocked
+|name
-|Blocked
+|Interface Name
-|boolean
-|If the packet was blocked/dropped
-|-
-|category
-|Category
 |text
-|The application specific grouping
+|This name of the interface
 |-
-|classtype
+|description
-|Classtype
+|Text detail of the event
 |text
-|The generalized threat rule grouping (unrelated to gen_id)
+|The description from the test rule
 |-
-|msg
+|success
-|Message
+|Success
-|text
+|boolean
-|The "title" or "description" of the rule
+|The result of the test (true if the test succeeded, false otherwise)
+|-
+|event_id
+|Event ID
+|bigint
+|The unique event ID
 |-
 |}
-<section end='intrusion_prevention_events' />
+<section end='wan_failover_test_events' />
+()
+== wan_failover_action_events ==
-== syslog ==
+<section begin='wan_failover_action_events' />
-<section begin='syslog' />
 {| border="1" cellpadding="2" width="90%%" align="center"
@@ Line 2,399: / Line 2,443: @@
 |The time of the event
 |-
-|description
+|interface_id
-|Text detail of the event
+|Interface ID
+|integer
+|This interface ID
+|-
+|action
+|Action
 |text
-|The description from the alert rule.
+|This action (CONNECTED,DISCONNECTED)
 |-
-|summary_text
+|os_name
-|Summary Text
+|Interface O/S Name
 |text
-|The summary text of the alert
+|This O/S name of the interface
 |-
-|json
+|name
-|JSON Text
+|Interface Name
 |text
-|The summary JSON representation of the event causing the alert
+|This name of the interface
+|-
+|event_id
+|Event ID
+|bigint
+|The unique event ID
 |-
 |}
-<section end='syslog' />
+<section end='wan_failover_action_events' />
+()
+== directory_connector_login_events ==
-== user_table_updates ==
+<section begin='directory_connector_login_events' />
-<section begin='user_table_updates' />
 {| border="1" cellpadding="2" width="90%%" align="center"
@@ Line 2,427: / Line 2,481: @@
 !Description
 |-
-|username
+|time_stamp
-|Username
+|Timestamp
+|timestamp without time zone
+|The time of the event
+|-
+|login_name
+|Login Name
 |text
-|The username
+|The login name
 |-
-|key
+|domain
-|Key
+|Domain
 |text
-|The key being updated
+|The AD domain
 |-
-|value
+|type
-|Value
+|Type
 |text
-|The new value for the key
+|The type of event (I=Login,U=Update,O=Logout)
+|-
+|client_addr
+|Client Address
+|inet
+|The client IP address
 |-
-|old_value
+|login_type
-|Old Value
+|Login Type
 |text
-|The old value for the key
+|The login type
+|-
+|}
+<section end='directory_connector_login_events' />
+()
+== captive_portal_user_events ==
+<section begin='captive_portal_user_events' />
+{| border="1" cellpadding="2" width="90%%" align="center"
+!Column Name
+!Human Name
+!Type
+!Description
 |-
 |time_stamp
@@ Line 2,452: / Line 2,529: @@
 |The time of the event
 |-
-|}
+|policy_id
-<section end='user_table_updates' />
+|Policy ID
+|bigint
+|The policy
+|-
+|event_id
+|Event ID
+|bigint
+|The unique event ID
+|-
+|login_name
+|Login Name
+|text
+|The login username
+|-
+|event_info
+|Event Type
+|text
+|The type of event (LOGIN, FAILED, TIMEOUT, INACTIVE, USER_LOGOUT, ADMIN_LOGOUT)
+|-
+|auth_type
+|Authorization Type
+|text
+|The authorization type for this event
+|-
+|client_addr
+|Client Address
+|text
+|The remote IP address of the client
+|-
+|}
+<section end='captive_portal_user_events' />
+()
+== openvpn_stats ==
+<section begin='openvpn_stats' />
+{| border="1" cellpadding="2" width="90%%" align="center"
+!Column Name
+!Human Name
+!Type
+!Description
+|-
+|time_stamp
+|Timestamp
+|timestamp without time zone
+|The time of the event
+|-
+|start_time
+|Start Time
+|timestamp without time zone
+|The time the OpenVPN session started
+|-
+|end_time
+|End Time
+|timestamp without time zone
+|The time the OpenVPN session ended
+|-
+|rx_bytes
+|Bytes Received
+|bigint
+|The total bytes received from the client during this session
+|-
+|tx_bytes
+|Bytes Sent
+|bigint
+|The total bytes sent to the client during this session
+|-
+|remote_address
+|Remote Address
+|inet
+|The remote IP address of the client
+|-
+|pool_address
+|Pool Address
+|inet
+|The pool IP address of the client
+|-
+|remote_port
+|Remote Port
+|integer
+|The remote port of the client
+|-
+|client_name
+|Client Name
+|text
+|The name of the client
+|-
+|event_id
+|Event ID
+|bigint
+|The unique event ID
+|-
+|}
+<section end='openvpn_stats' />
+()
+== openvpn_events ==
+<section begin='openvpn_events' />
+{| border="1" cellpadding="2" width="90%%" align="center"
+!Column Name
+!Human Name
+!Type
+!Description
+|-
+|time_stamp
+|Timestamp
+|timestamp without time zone
+|The time of the event
+|-
+|remote_address
+|Remote Address
+|inet
+|The remote IP address of the client
+|-
+|pool_address
+|Pool Address
+|inet
+|The pool IP address of the client
+|-
+|client_name
+|Client Name
+|text
+|The name of the client
+|-
+|type
+|Type
+|text
+|The type of the event (CONNECT,DISCONNECT)
+|-
+|}
+<section end='openvpn_events' />
+()

Edge Threat Management

Difference between revisions of "Database Schema"

Revision as of 14:44, 19 February 2020

Contents

Database Tables

configuration_backup_events

http_events

intrusion_prevention_events

smtp_tarpit_events

ipsec_user_events

ipsec_vpn_events

ipsec_tunnel_stats

http_query_events

admin_logins

sessions

session_minutes

quotas

host_table_updates

device_table_updates

user_table_updates

alerts

settings_changes

web_cache_stats

server_events

interface_stat_events

mail_msgs

mail_addrs

ftp_events

tunnel_vpn_events

tunnel_vpn_stats

wan_failover_test_events

wan_failover_action_events

directory_connector_login_events

captive_portal_user_events

openvpn_stats

openvpn_events

Navigation menu

Search