Difference between revisions of "Event Definitions"

From UntangleWiki
Jump to: navigation, search
(SystemStatEvent)
 
Line 4: Line 4:
 
The list below shows the classes used in the event logging and the column fields available within each event. These can be used to add Alert Events or for other event handling within Untangle.  
 
The list below shows the classes used in the event logging and the column fields available within each event. These can be used to add Alert Events or for other event handling within Untangle.  
  
== LoginEvent ==  
+
== HostTableEvent ==
<section begin='LoginEvent' />
+
<section begin='HostTableEvent' />
Events in this class are created by Directory Connector and inserted to the [[Global_DB_schema#directory_connector_login_events|directory_connector_login_events]] table.
+
 
{| border="1" cellpadding="2" width="90%%" align="center"
+
These events are created by the base system and inserted to the [[Global_DB_schema#host_table_updates|host_table_updates]] table when the host table is modified.
!Column Name
+
 
!Type
+
{| border="1" cellpadding="2" width="90%" align="center"
!Description
+
! Attribute Name
 +
! Type
 +
! Description
 +
|-
 +
|address
 +
|InetAddress
 +
|The address
 +
|-
 +
|class
 +
|Class
 +
|The class name
 +
|-
 +
|key
 +
|String
 +
|The key
 +
|-
 +
|timeStamp
 +
|Timestamp
 +
|The timestamp
 +
|-
 +
|value
 +
|String
 +
|The value
 +
|}
 +
<section end='HostTableEvent' />
 +
 
 +
 
 +
== DeviceTableEvent ==
 +
<section begin='DeviceTableEvent' />
 +
 
 +
These events are created by the base system and inserted to the [[Global_DB_schema#device_table_updates|device_table_updates]] table when the device list is modified.
 +
 
 +
{| border="1" cellpadding="2" width="90%" align="center"
 +
! Attribute Name
 +
! Type
 +
! Description
 +
|-
 +
|class
 +
|Class
 +
|The class name
 +
|-
 +
|device
 +
|DeviceTableEntry
 +
|The Device
 
|-
 
|-
|clientAddr
+
|key
|inet
+
|String
|The client IP address
+
|The key
 
|-
 
|-
|loginName
+
|macAddress
|text
+
|String
|The login name
+
|The MAC address
 
|-
 
|-
|domain
+
|timeStamp
|text
+
|Timestamp
|The AD domain
+
|The timestamp
 
|-
 
|-
|event
+
|value
|text
+
|String
|The type of event (I=Login,U=Update,O=Logout)
+
|The value
 
|}
 
|}
<section end='LoginEvent' />
+
<section end='DeviceTableEvent' />
 +
 
 +
 
 +
== PenaltyBoxEvent ==
 +
<section begin='PenaltyBoxEvent' />
  
 +
These events are created by the [[Bandwidth Control]] and inserted to the [[Global_DB_schema#penaltybox|penaltybox]] table.
  
== PrioritizeEvent ==
+
{| border="1" cellpadding="2" width="90%" align="center"
<section begin='PrioritizeEvent' />
+
! Attribute Name
Events in this class are created by Bandwidth Control and updated to the [[Global_DB_schema#sessions|sessions]] table.
+
! Type
{| border="1" cellpadding="2" width="90%%" align="center"
+
! Description
!Column Name
 
!Type
 
!Description
 
 
|-
 
|-
|priority
+
|action
 
|int
 
|int
|The priority given to this session
+
|The action
 +
|-
 +
|address
 +
|InetAddress
 +
|The address
 +
|-
 +
|class
 +
|Class
 +
|The class name
 
|-
 
|-
|ruleid
+
|entryTime
|integer
+
|Timestamp
|The matching rule in Bandwidth Control rule
+
|The entry time
 
|-
 
|-
 +
|exitTime
 +
|Timestamp
 +
|The exit time
 +
|-
 +
|timeStamp
 +
|Timestamp
 +
|The timestamp
 
|}
 
|}
<section end='PrioritizeEvent' />
+
<section end='PenaltyBoxEvent' />
 +
 
 +
 
 +
== SessionStatsEvent ==
 +
<section begin='SessionStatsEvent' />
  
 +
These events are created by the base system and update the [[Global_DB_schema#sessions|sessions]] table when a session ends with the updated stats.
  
== BoxBackupEvent ==
+
{| border="1" cellpadding="2" width="90%" align="center"
<section begin='BoxBackupEvent' />
+
! Attribute Name
Events in this class are created by Configuration Backup and inserted to the [[Global_DB_schema#configuration_backup_events|configuration_backup_events]] table.
+
! Type
{| border="1" cellpadding="2" width="90%%" align="center"
+
! Description
!Column Name
 
!Type
 
!Description
 
 
|-
 
|-
|success
+
|c2pBytes
|boolean
+
|long
|The result of the backup (true if the backup succeeded, false otherwise)
+
|The number of bytes sent from the client to Untangle
 +
|-
 +
|c2pChunks
 +
|long
 +
|The number of chunks/packets sent from the client to Untangle
 +
|-
 +
|class
 +
|Class
 +
|The class name
 +
|-
 +
|p2cBytes
 +
|long
 +
|The number of bytes sent to the client from Untangle
 +
|-
 +
|p2cChunks
 +
|long
 +
|The number of chunks/packets sent to the client from Untangle
 +
|-
 +
|p2sBytes
 +
|long
 +
|The number of bytes sent to the server from Untangle
 +
|-
 +
|p2sChunks
 +
|long
 +
|The number of chunks/packets sent to the server from Untangle
 +
|-
 +
|s2pBytes
 +
|long
 +
|The number of bytes sent from the server to Untangle
 +
|-
 +
|s2pChunks
 +
|long
 +
|The number of chunks/packets sent from the server to Untangle
 
|-
 
|-
|detail
+
|sessionId
|text
+
|Long
|Text detail of the event
+
|The session ID
 
|-
 
|-
 +
|timeStamp
 +
|Timestamp
 +
|The timestamp
 
|}
 
|}
<section end='BoxBackupEvent' />
+
<section end='SessionStatsEvent' />
 +
 
 +
 
 +
== SessionEvent ==
 +
<section begin='SessionEvent' />
  
 +
These events are created by the base system and update the [[Global_DB_schema#sessions|sessions]] table each time a session is created.
  
== ClassDLogEvent ==
+
{| border="1" cellpadding="2" width="90%" align="center"
<section begin='ClassDLogEvent' />
+
! Attribute Name
Events in this class are created by Application Control and inserted to the [[Global_DB_schema#sessions|sessions]] table.
+
! Type
{| border="1" cellpadding="2" width="90%%" align="center"
+
! Description
!Column Name
 
!Type
 
!Description
 
 
|-
 
|-
|application
+
|cClientAddr
|text
+
|InetAddress
|The application according to Application Control
+
|The client-side (pre-NAT) client address
 
|-
 
|-
|protochain
+
|cClientPort
|text
+
|Integer
|The protochain according to Application Control
+
|The client-side (pre-NAT) client port
 +
|-
 +
|cServerAddr
 +
|InetAddress
 +
|The client-side (pre-NAT) server address
 +
|-
 +
|cServerPort
 +
|Integer
 +
|The client-side (pre-NAT) server port
 +
|-
 +
|sClientAddr
 +
|InetAddress
 +
|The server-side (post-NAT) client address
 
|-
 
|-
|detail
+
|sClientPort
|text
+
|Integer
|The text detail from the Application Control engine
+
|The server-side (post-NAT) client port
 
|-
 
|-
|confidence
+
|sServerAddr
|integer
+
|InetAddress
|Application Control confidence of this session's identification
+
|The server-side (post-NAT) server address
 
|-
 
|-
|ruleid
+
|sServerPort
|integer
+
|Integer
|The matching rule in Application Control
+
|The server-side (post-NAT) server port
 
|-
 
|-
|flagged
+
|bypassed
 
|boolean
 
|boolean
|True if Application Control flagged the session
+
|True if bypassed, false otherwise
 
|-
 
|-
|blocked
+
|class
 +
|Class
 +
|The class name
 +
|-
 +
|clientIntf
 +
|Integer
 +
|The client interface ID
 +
|-
 +
|entitled
 
|boolean
 
|boolean
|True if Application Control blocked the session
+
|The entitled status
 +
|-
 +
|filterPrefix
 +
|String
 +
|The filter prefix if blocked by the filter rules
 +
|-
 +
|hostname
 +
|String
 +
|The hostname
 +
|-
 +
|icmpType
 +
|Short
 +
|The ICMP type
 +
|-
 +
|policyId
 +
|Long
 +
|The policy ID
 +
|-
 +
|protocol
 +
|Short
 +
|The protocol
 +
|-
 +
|protocolName
 +
|String
 +
|The protocol name
 +
|-
 +
|serverIntf
 +
|Integer
 +
|The server interface ID
 
|-
 
|-
 +
|sessionId
 +
|Long
 +
|The session ID
 +
|-
 +
|timeStamp
 +
|Timestamp
 +
|The timestamp
 +
|-
 +
|username
 +
|String
 +
|The username
 
|}
 
|}
<section end='ClassDLogEvent' />
+
<section end='SessionEvent' />
 +
 
  
== FailDEvent ==  
+
== SessionNatEvent ==
<section begin='FailDEvent' />
+
<section begin='SessionNatEvent' />
Events in this class are created by WAN Failover and inserted to the [[Global_DB_schema#wan_failover_action_events|wan_failover_action_events]] table.
+
 
{| border="1" cellpadding="2" width="90%%" align="center"
+
These events are created by the base system and update the [[Global_DB_schema#sessions|sessions]] table each time a session is NATd with the post-NAT information.
!Column Name
+
 
!Type
+
{| border="1" cellpadding="2" width="90%" align="center"
!Description
+
! Attribute Name
 +
! Type
 +
! Description
 +
|-
 +
|sClientAddr
 +
|InetAddress
 +
|The server-side (post-NAT) client address
 +
|-
 +
|sClientPort
 +
|Integer
 +
|The server-side (post-NAT) client port
 +
|-
 +
|sServerAddr
 +
|InetAddress
 +
|The server-side (post-NAT) server address
 +
|-
 +
|sServerPort
 +
|Integer
 +
|The server-side (post-NAT) server port
 +
|-
 +
|class
 +
|Class
 +
|The class name
 +
|-
 +
|serverIntf
 +
|Integer
 +
|The server interface ID
 +
|-
 +
|timeStamp
 +
|Timestamp
 +
|The timestamp
 +
|}
 +
<section end='SessionNatEvent' />
 +
 
 +
 
 +
== QuotaEvent ==
 +
<section begin='QuotaEvent' />
 +
 
 +
These events are created by the [[Bandwidth Control]] and inserted or update the [[Global_DB_schema#quotas|quotas]] table when quotas are given or exceeded.
 +
 
 +
{| border="1" cellpadding="2" width="90%" align="center"
 +
! Attribute Name
 +
! Type
 +
! Description
 
|-
 
|-
 
|action
 
|action
|Action
+
|int
|The action (CONNECTED/DISCONNECTED)
+
|The action (1=Quota Given, 2=Quota Exceeded)
 +
|-
 +
|address
 +
|InetAddress
 +
|The address
 +
|-
 +
|class
 +
|Class
 +
|The class name
 +
|-
 +
|quotaSize
 +
|long
 +
|The quota size
 +
|-
 +
|reason
 +
|String
 +
|The reason
 +
|-
 +
|timeStamp
 +
|Timestamp
 +
|The timestamp
 +
|}
 +
<section end='QuotaEvent' />
 +
 
 +
 
 +
== SettingsChangesEvent ==
 +
<section begin='SettingsChangesEvent' />
 +
 
 +
These events are created by the base system and inserted to the [[Global_DB_schema#settings_changes|settings_changes]] table when settings are changed.
 +
 
 +
{| border="1" cellpadding="2" width="90%" align="center"
 +
! Attribute Name
 +
! Type
 +
! Description
 +
|-
 +
|class
 +
|Class
 +
|The class name
 +
|-
 +
|timeStamp
 +
|Timestamp
 +
|The timestamp
 +
|}
 +
<section end='SettingsChangesEvent' />
 +
 
 +
 
 +
== LogEvent ==
 +
<section begin='LogEvent' />
 +
 
 +
These base class for all events.
 +
 
 +
{| border="1" cellpadding="2" width="90%" align="center"
 +
! Attribute Name
 +
! Type
 +
! Description
 +
|-
 +
|class
 +
|Class
 +
|The class name
 +
|-
 +
|timeStamp
 +
|Timestamp
 +
|The timestamp
 +
|}
 +
<section end='LogEvent' />
 +
 
 +
 
 +
== InterfaceStatEvent ==
 +
<section begin='InterfaceStatEvent' />
 +
 
 +
These events are created by the base system and inserted to the [[Global_DB_schema#settings_changes|interface_stat_events]] table periodically with interface stats.
 +
 
 +
{| border="1" cellpadding="2" width="90%" align="center"
 +
! Attribute Name
 +
! Type
 +
! Description
 +
|-
 +
|class
 +
|Class
 +
|The class name
 
|-
 
|-
 
|interfaceId
 
|interfaceId
|integer
+
|int
 
|The interface ID
 
|The interface ID
 
|-
 
|-
|name
+
|rxRate
|text
+
|double
|This name of the interface
+
|The RX rate in byte/s
 
|-
 
|-
|osName
+
|timeStamp
|text
+
|Timestamp
|The O/S name of the interface
+
|The timestamp
 
|-
 
|-
 +
|txRate
 +
|double
 +
|The TX rate in byte/s
 
|}
 
|}
<section end='FailDEvent' />
+
<section end='InterfaceStatEvent' />
 +
 
 +
 
 +
== SystemStatEvent ==
 +
<section begin='SystemStatEvent' />
 +
 
 +
These events are created by the base system and inserted to the [[Global_DB_schema#server_events|server_events]] table periodically.
  
== FailDTestEvent ==
+
{| border="1" cellpadding="2" width="90%" align="center"
<section begin='FailDTestEvent' />
+
! Attribute Name
Events in this class are created by WAN Failover and inserted to the [[Global_DB_schema#wan_failover_test_events|wan_failover_test_events]] table.
+
! Type
{| border="1" cellpadding="2" width="90%%" align="center"
+
! Description
!Column Name
+
|-
!Type
+
|activeHosts
!Description
+
|int
 +
|The active host count
 
|-
 
|-
|interfaceId
+
|class
|integer
+
|Class
|The interface ID
+
|The class name
 +
|-
 +
|cpuSystem
 +
|float
 +
|The system CPU utilization
 +
|-
 +
|cpuUser
 +
|float
 +
|The user CPU utilization
 +
|-
 +
|diskFree
 +
|long
 +
|The amount of disk free
 +
|-
 +
|diskFreePercent
 +
|float
 +
|The percentage of disk free
 +
|-
 +
|diskTotal
 +
|long
 +
|The total size of the disk
 +
|-
 +
|load1
 +
|float
 +
|The 1-minute CPU load
 +
|-
 +
|load15
 +
|float
 +
|The 15-minute CPU load
 
|-
 
|-
|name
+
|load5
|text
+
|float
|The name of the interface
+
|The 5-minute CPU load
 
|-
 
|-
|osName
+
|memBuffers
|text
+
|long
|The O/S name of the interface
+
|The amount of memory used by buffers
 
|-
 
|-
|description
+
|memCache
|text
+
|long
|The description from the test rule
+
|The amount of memory used by cache
 
|-
 
|-
|success
+
|memFree
|boolean
+
|long
|The result of the test (true if the test succeeded, false otherwise)
+
|The amount of free memory
 
|-
 
|-
|}
+
|memFreePercent
<section end='FailDTestEvent' />
+
|float
 
+
|The percentage of total memory that is free
== HttpsLogEvent ==
 
<section begin='HttpsLogEvent' />
 
Events in this class are created by HTTPS Inspector and updated to the [[Global_DB_schema#sessions|sessions]] table.
 
{| border="1" cellpadding="2" width="90%%" align="center"
 
!Column Name
 
!Type
 
!Description
 
 
|-
 
|-
|ruleid
+
|memTotal
|integer
+
|long
|The matching rule in HTTPS Inspector rule
+
|The total amount of memory
 
|-
 
|-
|status
+
|swapFree
|text
+
|long
|The status/action of the SSL session (INSPECTED/IGNORED/BLOCKED/UNTRUSTED/ABANDONED)
+
|The amount of free swap
 
|-
 
|-
|detail
+
|swapTotal
|text
+
|long
|Additional text detail about the SSL connection (SNI, IP Address)
+
|The total size of swap
 
|-
 
|-
 +
|timeStamp
 +
|Timestamp
 +
|The timestamp
 
|}
 
|}
<section end='HttpsLogEvent' />
+
<section end='SystemStatEvent' />
 +
 
  
== TunnelStatusEvent ==  
+
== TunnelStatusEvent ==
 
<section begin='TunnelStatusEvent' />
 
<section begin='TunnelStatusEvent' />
Events in this class are created by IPsec VPN and inserted to the [[Global_DB_schema#ipsec_tunnel_stats|ipsec_tunnel_stats]] table.
+
 
{| border="1" cellpadding="2" width="90%%" align="center"
+
These events are created by [[IPsec VPN]] and inserted to the [[Global_DB_schema#ipsec_tunnel_stats|ipsec_tunnel_stats]] table periodically.
!Column Name
+
 
!Type
+
{| border="1" cellpadding="2" width="90%" align="center"
!Description
+
! Attribute Name
 +
! Type
 +
! Description
 
|-
 
|-
|tunnelName
+
|class
|text
+
|Class
|The name of the IPsec tunnel
+
|The class name
 
|-
 
|-
 
|inBytes
 
|inBytes
|bigint
+
|long
|The number of bytes received during this time frame
+
|The number of bytes received from this tunnel
 
|-
 
|-
 
|outBytes
 
|outBytes
|bigint
+
|long
|The number of bytes transmitted during this time frame
+
|The number of bytes sent in this tunnel
 
|-
 
|-
 +
|timeStamp
 +
|Timestamp
 +
|The timestamp
 +
|-
 +
|tunnelName
 +
|String
 +
|The name of this tunnel
 
|}
 
|}
 
<section end='TunnelStatusEvent' />
 
<section end='TunnelStatusEvent' />
  
== VirtualUserEvent ==  
+
 
 +
== VirtualUserEvent ==
 
<section begin='VirtualUserEvent' />
 
<section begin='VirtualUserEvent' />
Events in this class are created by IPsec VPN and inserted to the [[Global_DB_schema#ipsec_user_events|ipsec_user_events]] table.
+
 
{| border="1" cellpadding="2" width="90%%" align="center"
+
These events are created by [[IPsec VPN]] and inserted to the [[Global_DB_schema#ipsec_user_events|ipsec_user_events]] table when a user event occurs.
!Column Name
+
 
!Type
+
{| border="1" cellpadding="2" width="90%" align="center"
!Description
+
! Attribute Name
 +
! Type
 +
! Description
 +
|-
 +
|class
 +
|Class
 +
|The class name
 
|-
 
|-
 
|clientAddress
 
|clientAddress
|inet
+
|InetAddress
|The remote IP address of the client
+
|The client address
 
|-
 
|-
 
|clientProtocol
 
|clientProtocol
|text
+
|String
|The protocol the client used to connect
+
|The client protocol
 
|-
 
|-
 
|clientUsername
 
|clientUsername
|text
+
|String
|The username of the client
+
|The client username
 +
|-
 +
|elapsedTime
 +
|String
 +
|The elapsed time
 +
|-
 +
|eventId
 +
|Long
 +
|The event ID
 
|-
 
|-
 
|netInterface
 
|netInterface
|text
+
|String
|The PPP interface for L2TP connections or the client interface for Xauth connections
+
|The net interface
 
|-
 
|-
 
|netProcess
 
|netProcess
|text
+
|String
|The PID of the PPP process for L2TP connections or the connection ID for Xauth connections
+
|The net process
|-
 
|elapsedTime
 
|text
 
|The total time the client was connected
 
 
|-
 
|-
 
|netRXbytes
 
|netRXbytes
|bigint
+
|Long
|The number of bytes received from the client in this connection
+
|The number of RX (received) bytes
 
|-
 
|-
 
|netTXbytes
 
|netTXbytes
|bigint
+
|Long
|The number of bytes sent to the client in this connection
+
|The number of TX (transmitted) bytes
|-
 
|eventId
 
|bigint
 
|The unique event ID
 
 
|-
 
|-
 +
|timeStamp
 +
|Timestamp
 +
|The timestamp
 
|}
 
|}
 
<section end='VirtualUserEvent' />
 
<section end='VirtualUserEvent' />
  
== WebFilterQueryEvent ==  
+
 
<section begin='WebFilterQueryEvent' />
+
== AlertEvent ==
Events in this class are created by Web Filter and inserted to the [[Global_DB_schema#http_query_events|http_query_events]] table.
+
<section begin='AlertEvent' />
{| border="1" cellpadding="2" width="90%%" align="center"
+
 
!Column Name
+
These events are created by [[Reports]] and inserted to the [[Global_DB_schema#alerts|alerts]] table when an alert fires.
!Type
+
 
!Description
+
{| border="1" cellpadding="2" width="90%" align="center"
 +
! Attribute Name
 +
! Type
 +
! Description
 +
|-
 +
|cause
 +
|LogEvent
 +
|The cause
 +
|-
 +
|class
 +
|Class
 +
|The class name
 +
|-
 +
|description
 +
|String
 +
|The description
 
|-
 
|-
|requestId
+
|json
|bigint
+
|JSONObject
|The HTTP request ID
+
|The JSON string
 
|-
 
|-
|method
+
|summaryText
|HttpMethod
+
|String
|The HTTP method
+
|The summary text
 
|-
 
|-
|term
+
|timeStamp
|text
+
|Timestamp
|The search term
+
|The timestamp
 +
|}
 +
<section end='AlertEvent' />
 +
 
 +
 
 +
== ConfigurationBackupEvent ==
 +
<section begin='ConfigurationBackupEvent' />
 +
 
 +
These events are created by [[Configuration Backup]] and inserted to the [[Global_DB_schema#configuratio_backup_events|configuratio_backup_events]] table when a backup occurs.
 +
 
 +
{| border="1" cellpadding="2" width="90%" align="center"
 +
! Attribute Name
 +
! Type
 +
! Description
 
|-
 
|-
 +
|class
 +
|Class
 +
|The class name
 
|-
 
|-
|requestUri
+
|destination
|URI
+
|String
|The HTTP URI
+
|The destination
 
|-
 
|-
|host
+
|detail
|text
+
|String
|The HTTP host
+
|The details
 
|-
 
|-
|contentLength
+
|success
|bigint
+
|boolean
|The client-to-server content length
+
|True if successful, false otherwise
 
|-
 
|-
 +
|timeStamp
 +
|Timestamp
 +
|The timestamp
 
|}
 
|}
<section end='WebFilterQueryEvent' />
+
<section end='ConfigurationBackupEvent' />
 +
 
  
== WebCacheEvent ==  
+
== WebCacheEvent ==
 
<section begin='WebCacheEvent' />
 
<section begin='WebCacheEvent' />
Events in this class are created by Web Cache and inserted to the [[Global_DB_schema#webcache_stats|webcache_stats]] table.
+
 
{| border="1" cellpadding="2" width="90%%" align="center"
+
These events are created by [[Web Cache]] and inserted to the [[Global_DB_schema#web_cache_stats|web_cache_stats]] table periodically.
!Column Name
+
 
!Type
+
{| border="1" cellpadding="2" width="90%" align="center"
!Description
+
! Attribute Name
 +
! Type
 +
! Description
 +
|-
 +
|bypassCount
 +
|long
 +
|The number of bypasses
 +
|-
 +
|class
 +
|Class
 +
|The class name
 +
|-
 +
|hitBytes
 +
|long
 +
|The number of bytes worth of hits
 
|-
 
|-
 
|hitCount
 
|hitCount
|bigint
+
|long
|The number of cache hits during this time frame
+
|The number of hits
 +
|-
 +
|missBytes
 +
|long
 +
|The number of bytes worth of misses
 
|-
 
|-
 
|missCount
 
|missCount
|bigint
+
|long
|The number of cache misses during this time frame
+
|The number of misses
 
|-
 
|-
|bypassCount
+
|policyId
|bigint
+
|Long
|The number of cache user bypasses during this time frame
+
|The policy ID
 
|-
 
|-
 
|systemCount
 
|systemCount
|bigint
+
|long
|The number of cache system bypasses during this time frame
+
|The number of system bypasses
|-
 
|hitBytes
 
|bigint
 
|The number of bytes saved from cache hits
 
|-
 
|missBytes
 
|bigint
 
|The number of bytes not saved from cache misses
 
 
|-
 
|-
 +
|timeStamp
 +
|Timestamp
 +
|The timestamp
 
|}
 
|}
 
<section end='WebCacheEvent' />
 
<section end='WebCacheEvent' />
  
== AdBlockerEvent ==  
+
 
<section begin='AdBlockerEvent' />
+
== PrioritizeEvent ==
Events in this class are created by Ad Blocker and updated to the [[Global_DB_schema#http_events]] table.
+
<section begin='PrioritizeEvent' />
{| border="1" cellpadding="2" width="90%%" align="center"
+
 
!Column Name
+
These events are created by the [[Bandwidth Control]] and update the [[Global_DB_schema#sessions|session]] table when a session is prioritized.
!Type
+
 
!Description
+
{| border="1" cellpadding="2" width="90%" align="center"
 +
! Attribute Name
 +
! Type
 +
! Description
 +
|-
 +
|class
 +
|Class
 +
|The class name
 +
|-
 +
|priority
 +
|int
 +
|The priority
 
|-
 
|-
|requestId
+
|ruleId
|bigint
+
|int
|The HTTP request ID
+
|The rule ID
 
|-
 
|-
|action
+
|sessionEvent
|Action
+
|SessionEvent
|This action of Ad Blocker on this request
+
|The session event
 
|-
 
|-
 +
|timeStamp
 +
|Timestamp
 +
|The timestamp
 
|}
 
|}
<section end='AdBlockerEvent' />
+
<section end='PrioritizeEvent' />
 +
 
 +
 
 +
== HttpResponseEvent ==
 +
<section begin='HttpResponseEvent' />
 +
 
 +
These events are created by HTTP subsystem and update the [[Global_DB_schema#http_events|http_events]] table when a web response happens.
  
== CookieEvent ==
+
{| border="1" cellpadding="2" width="90%" align="center"
<section begin='CookieEvent' />
+
! Attribute Name
Events in this class are created by Ad Blocker and updated to the [[Global_DB_schema#http_events]] table.
+
! Type
{| border="1" cellpadding="2" width="90%%" align="center"
+
! Description
!Column Name
+
|-
!Type
+
|class
!Description
+
|Class
 +
|The class name
 +
|-
 +
|contentLength
 +
|long
 +
|The content length
 
|-
 
|-
|requestId
+
|contentType
|bigint
+
|String
|The HTTP request ID
+
|The content type
 
|-
 
|-
|identification
+
|requestLine
|text
+
|RequestLine
|This name of cookie blocked by Ad Blocker
+
|The request line
 
|-
 
|-
 +
|timeStamp
 +
|Timestamp
 +
|The timestamp
 
|}
 
|}
<section end='CookieEvent' />
+
<section end='HttpResponseEvent' />
 +
 
 +
 
 +
== HttpRequestEvent ==
 +
<section begin='HttpRequestEvent' />
  
 +
These events are created by HTTP subsystem and inserted to the [[Global_DB_schema#http_events|http_events]] table when a web request happens.
  
== CaptureRuleEvent ==
+
{| border="1" cellpadding="2" width="90%" align="center"
<section begin='CaptureRuleEvent' />
+
! Attribute Name
Events in this class are created by Captive Portal and updated to the [[Global_DB_schema#sessions|sessions]] table.
+
! Type
{| border="1" cellpadding="2" width="90%%" align="center"
+
! Description
!Column Name
+
|-
!Type
+
|class
!Description
+
|Class
 +
|The class name
 +
|-
 +
|contentLength
 +
|long
 +
|The content length
 +
|-
 +
|domain
 +
|String
 +
|The domain
 +
|-
 +
|host
 +
|String
 +
|The host
 +
|-
 +
|method
 +
|HttpMethod
 +
|The HTTP method
 +
|-
 +
|referer
 +
|String
 +
|The referer
 +
|-
 +
|requestId
 +
|Long
 +
|The request ID
 +
|-
 +
|requestUri
 +
|URI
 +
|The request URI
 
|-
 
|-
|ruleid
+
|sessionEvent
|integer
+
|SessionEvent
|The matching rule in Captive Portal
+
|The session event
 
|-
 
|-
|captured
+
|sessionId
|boolean
+
|Long
|True if Captive Portal captured the session
+
|The session ID
 
|-
 
|-
 +
|timeStamp
 +
|Timestamp
 +
|The timestamp
 
|}
 
|}
<section end='CaptureRuleEvent' />
+
<section end='HttpRequestEvent' />
 +
 
 +
 
 +
== ApplicationControlLiteEvent ==
 +
<section begin='ApplicationControlLiteEvent' />
 +
 
 +
These events are created by [[Application Control Lite]] and update the [[Global_DB_schema#sessions|sessions]] table when application control lite identifies a session.
  
== CaptureUserEvent ==
+
{| border="1" cellpadding="2" width="90%" align="center"
<section begin='CaptureUserEvent' />
+
! Attribute Name
Events in this class are created by Captive Portal and updated to the [[Global_DB_schema#capture_user_events|capture_user_events]] table.
+
! Type
{| border="1" cellpadding="2" width="90%%" align="center"
+
! Description
!Column Name
 
!Type
 
!Description
 
 
|-
 
|-
|clientAddr
+
|blocked
|inet
+
|boolean
|The remote IP address of the client
+
|True if blocked, false otherwise
 
|-
 
|-
|loginName
+
|class
|text
+
|Class
|The login username
+
|The class name
 
|-
 
|-
|authenticationTypeValue
+
|protocol
|text
+
|String
|The authorization type for this event
+
|The protocol
 
|-
 
|-
|eventValue
+
|sessionId
|text
+
|Long
|The type of event (LOGIN, FAILED, TIMEOUT, INACTIVE, USER_LOGOUT, ADMIN_LOGOUT)
+
|The session ID
 
|-
 
|-
|policyId
+
|timeStamp
|bigint
+
|Timestamp
|The policy ID
+
|The timestamp
 
|}
 
|}
<section end='CaptureUserEvent' />
+
<section end='ApplicationControlLiteEvent' />
 +
 
 +
 
 +
== FirewallEvent ==
 +
<section begin='FirewallEvent' />
  
== FirewallEvent ==
+
These events are created by [[Firewall]] and update the [[Global_DB_schema#sessions|sessions]] table when a firewall rule matches a session.
<section begin=FirewallEvent' />
+
 
Events in this class are created by the Firewall App and updated to the [[Global_DB_schema#sessions|sessions]] table.
+
{| border="1" cellpadding="2" width="90%" align="center"
{| border="1" cellpadding="2" width="90%%" align="center"
+
! Attribute Name
!Column Name
+
! Type
!Type
+
! Description
!Description
 
|-
 
|ruleId
 
|bigint
 
|The matching rule in Firewall
 
 
|-
 
|-
 
|blocked
 
|blocked
 
|boolean
 
|boolean
|True if Firewall blocked the session, false otherwise
+
|True if blocked, false otherwise
 +
|-
 +
|class
 +
|Class
 +
|The class name
 
|-
 
|-
 
|flagged
 
|flagged
 
|boolean
 
|boolean
|True if Firewall flagged the session, false otherwise
+
|True if flagged, false otherwise
 
|-
 
|-
 +
|ruleId
 +
|long
 +
|The rule ID
 +
|-
 +
|sessionId
 +
|Long
 +
|The session ID
 +
|-
 +
|timeStamp
 +
|Timestamp
 +
|The timestamp
 
|}
 
|}
 
<section end='FirewallEvent' />
 
<section end='FirewallEvent' />
  
== HttpRequestEvent ==  
+
 
<section begin='HttpRequestEvent' />
+
== WebFilterEvent ==
Events in this class are created by http-casing and inserted to the [[Global_DB_schema#http_events|http_events]] table.
+
<section begin='WebFilterEvent' />
{| border="1" cellpadding="2" width="90%%" align="center"
+
 
!Column Name
+
These events are created by [[Web Filter]] and update the [[Global_DB_schema#http_events|http_events]] table when web filter processes a web request.
!Type
+
 
!Description
+
{| border="1" cellpadding="2" width="90%" align="center"
 +
! Attribute Name
 +
! Type
 +
! Description
 
|-
 
|-
|requestId
+
|blocked
|bigint
+
|Boolean
|The HTTP request ID
+
|True if blocked, false otherwise
 
|-
 
|-
|method
+
|category
|HttpMethod
+
|String
|The HTTP method
+
|The category
 
|-
 
|-
|requestUri
+
|class
|URI
+
|Class
|The HTTP URI
+
|The class name
 
|-
 
|-
|host
+
|flagged
|text
+
|Boolean
|The HTTP host
+
|True if flagged, false otherwise
 
|-
 
|-
|domain
+
|nodeName
|text
+
|String
|The HTTP domain (shortened host)
+
|The name of the application
 
|-
 
|-
|contentLength
+
|reason
|bigint
+
|Reason
|The client-to-server content length
+
|The reason
 
|-
 
|-
 +
|timeStamp
 +
|Timestamp
 +
|The timestamp
 
|}
 
|}
<section end='HttpRequestEvent' />
+
<section end='WebFilterEvent' />
 +
 
 +
 
 +
== ApplicationControlLogEvent ==
 +
<section begin='ApplicationControlLogEvent' />
 +
 
 +
These events are created by [[Application Control]] and update the [[Global_DB_schema#sessions|sessions]] table when application control identifies a session.
  
== HttpResponseEvent ==
+
{| border="1" cellpadding="2" width="90%" align="center"
<section begin='HttpResponseEvent' />
+
! Attribute Name
Events in this class are created by http-casing and updated to the [[Global_DB_schema#http_events|http_events]] table.
+
! Type
{| border="1" cellpadding="2" width="90%%" align="center"
+
! Description
!Column Name
+
|-
!Type
+
|application
!Description
+
|String
 +
|The application
 +
|-
 +
|blocked
 +
|boolean
 +
|True if blocked, false otherwise
 
|-
 
|-
|contentType
+
|category
|text
+
|String
|The server-to-client content type
+
|The category
 
|-
 
|-
|contentLength
+
|class
|bigint
+
|Class
|The server-to-client content length
+
|The class name
 
|-
 
|-
|}
+
|confidence
<section end='HttpResponseEvent' />
+
|Integer
 
+
|The confidence (0-100)
== IdpsLogEvent ==
 
<section begin='IdpsLogEvent' />
 
Events in this class are created by Intrusion Prevention and inserted to the [[Global_DB_schema#intrusion_prevention_events|intrusion_prevention_events]] table.
 
{| border="1" cellpadding="2" width="90%%" align="center"
 
!Column Name
 
!Type
 
!Description
 
 
|-
 
|-
|signatureId
+
|detail
|bigint
+
|String
|This ID of the rule
+
|The details
 
|-
 
|-
|classificationId
+
|flagged
|bigint
+
|boolean
|The numeric ID for the classtype
+
|True if flagged, false otherwise
 
|-
 
|-
|ipSource
+
|protochain
|inet
+
|String
|The source IP address of the packet
+
|The protochain
 
|-
 
|-
|ipDestination
+
|ruleId
|inet
+
|Integer
|The destination IP address of the packet
+
|The rule ID
 
|-
 
|-
|sportltype
+
|sessionEvent
|integer
+
|SessionEvent
|The source port of the packet (if applicable)
+
|The session event
 
|-
 
|-
|dportlcode
+
|state
|integer
+
|Integer
|The destination port of the packet (if applicable)
+
|The state
 
|-
 
|-
|protocol
+
|timeStamp
|smallint
+
|Timestamp
|The protocol of the packet
+
|The timestamp
 +
|}
 +
<section end='ApplicationControlLogEvent' />
 +
 
 +
 
 +
== ShieldEvent ==
 +
<section begin='ShieldEvent' />
 +
 
 +
These events are created by base system and update the [[Global_DB_schema#sessions|sessions]] table when the shield blocks a session.
 +
 
 +
{| border="1" cellpadding="2" width="90%" align="center"
 +
! Attribute Name
 +
! Type
 +
! Description
 
|-
 
|-
 
|blocked
 
|blocked
|smallint
+
|boolean
|If the packet was blocked/dropped
+
|True if blocked, false otherwise
 
|-
 
|-
|msg
+
|class
|text
+
|Class
|The "title" or "description" of the rule
+
|The class name
 
|-
 
|-
|classtype
+
|sessionId
|text
+
|Long
|The generalized threat rule grouping (unrelated to gen_id)
+
|The session ID
|-
 
|category
 
|text
 
|The application specific grouping
 
 
|-
 
|-
 +
|timeStamp
 +
|Timestamp
 +
|The timestamp
 
|}
 
|}
<section end='IdpsLogEvent' />
+
<section end='ShieldEvent' />
  
  
== OpenVPNEvent ==  
+
== SslInspectorLogEvent ==
<section begin='OpenVPNEvent' />
+
<section begin='SslInspectorLogEvent' />
Events in this class are created by OpenVPN and inserted to the [[Global_DB_schema#openvpn_events|openvpn_events]] table.
+
 
{| border="1" cellpadding="2" width="90%%" align="center"
+
These events are created by [[SSL Inspector]] and update the [[Global_DB_schema#sessions|sessions]] table when a session is processed by SSL Inspector.
!Column Name
+
 
!Type
+
{| border="1" cellpadding="2" width="90%" align="center"
!Description
+
! Attribute Name
 +
! Type
 +
! Description
 
|-
 
|-
|address
+
|class
|inet
+
|Class
|The remote IP address of the client
+
|The class name
 +
|-
 +
|detail
 +
|String
 +
|The details
 
|-
 
|-
|poolAddress
+
|ruleId
|inet
+
|Integer
|The pool IP address of the client
+
|The rule ID
 
|-
 
|-
|clientName
+
|sessionEvent
|text
+
|SessionEvent
|The name of the client
+
|The session event
 
|-
 
|-
|type
+
|status
|EventType
+
|String
|The type of the event (CONNECT/DISCONNECT)
+
|The status
 
|-
 
|-
 +
|timeStamp
 +
|Timestamp
 +
|The timestamp
 
|}
 
|}
<section end='OpenVPNEvent' />
+
<section end='SslInspectorLogEvent' />
 +
 
 +
 
 +
== SpamSmtpTarpitEvent ==
 +
<section begin='SpamSmtpTarpitEvent' />
  
== OpenVPNStatusEvent ==
+
These events are created by [[Spam Blocker]] and inserted to the [[Global_DB_schema#smtp_tarpit_events|smtp_tarpit_events]] table when a session is tarpitted.
<section begin='OpenVPNStatusEvent' />
 
Events in this class are created by OpenVPN and inserted to the [[Global_DB_schema#openvpn_stats|openvpn_stats]] table.
 
  
{| border="1" cellpadding="2" width="90%%" align="center"
+
{| border="1" cellpadding="2" width="90%" align="center"
!Column Name
+
! Attribute Name
!Type
+
! Type
!Description
+
! Description
 
|-
 
|-
|address
+
|iPAddr
|inet
+
|InetAddress
|The remote IP address of the client
+
|The IP address
 
|-
 
|-
|poolAddress
+
|class
|inet
+
|Class
|The pool IP address of the client
+
|The class name
 
|-
 
|-
|port
+
|hostname
|integer
+
|String
|The remote port of the client
+
|The hostname
 
|-
 
|-
|clientName
+
|sessionEvent
|text
+
|SessionEvent
|The name of the client
+
|The session event
 
|-
 
|-
|start
+
|sessionId
|timestamp
+
|Long
|Start of the session.
+
|The session ID
 
|-
 
|-
|end
+
|timeStamp
|timestamp
+
|Timestamp
|End of the session.
+
|The timestamp
 
|-
 
|-
|bytesRxTotal
+
|vendorName
|bigint
+
|String
|Total bytes received.
+
|The application name
 +
|}
 +
<section end='SpamSmtpTarpitEvent' />
 +
 
 +
 
 +
== SpamLogEvent ==
 +
<section begin='SpamLogEvent' />
 +
 
 +
These events are created by [[Spam Blocker]] and update the [[Global_DB_schema#mail_msgs|mail_msgs]] table when an email is scanned.
 +
 
 +
{| border="1" cellpadding="2" width="90%" align="center"
 +
! Attribute Name
 +
! Type
 +
! Description
 
|-
 
|-
|bytesTxTotal
+
|action
|bigint
+
|SpamMessageAction
|Total bytes transmitted.
+
|The action
 
|-
 
|-
|bytesRxDelta
+
|class
|bigint
+
|Class
|Bytes received since last event.
+
|The class name
 
|-
 
|-
|bytesTxDelta
+
|clientAddr
|bigint
+
|InetAddress
|Bytes transmitted since last event.
+
|The client address
 
|-
 
|-
|}
+
|clientPort
<section end='OpenVPNStatusEvent' />
+
|int
 
+
|The client port
== ProtoFilterEvent ==
 
<section begin='ProtoFilterEvent' />
 
Events in this class are created by Application Control Lite and updated to the [[Global_DB_schema#sessions|sessions]] table.
 
{| border="1" cellpadding="2" width="90%%" align="center"
 
!Column Name
 
!Type
 
!Description
 
 
|-
 
|-
|protocol
+
|messageId
|text
+
|Long
|The application protocol according to Application Control Lite
+
|The message ID
 
|-
 
|-
|blocked
+
|receiver
|boolean
+
|String
|True if Application Control Lite blocked the session
+
|The receiver
 
|-
 
|-
|}
+
|score
<section end='ProtoFilterEvent' />
+
|float
 
+
|The score
== AlertEvent ==
 
<section begin='AlertEvent' />
 
Events in this class are created by Captive Portal and inserted to the [[Global_DB_schema#alerts|alerts]] table.
 
{| border="1" cellpadding="2" width="90%%" align="center"
 
!Column Name
 
!Type
 
!Description
 
 
|-
 
|-
|description
+
|sender
|text
+
|String
|The description from the alert rule.
+
|The sender
 
|-
 
|-
|summaryText
+
|serverAddr
|text
+
|InetAddress
|The summary text of the alert
+
|The server address
 
|-
 
|-
|json
+
|serverPort
|JSONObject
+
|int
|The summary JSON representation of the event causing the alert
+
|The server port
 
|-
 
|-
|}
+
|smtpMessageEvent
<section end='AlertEvent' />
+
|SmtpMessageEvent
 
+
|The parent SMTP message event
== ShieldEvent ==
 
<section begin='ShieldEvent' />
 
Events in this class are created by Shield and updated to the [[Global_DB_schema#sessions|sessions]] table.
 
{| border="1" cellpadding="2" width="90%%" align="center"
 
!Column Name
 
!Type
 
!Description
 
 
|-
 
|-
|blocked
+
|isSpam
 
|boolean
 
|boolean
|True if the shield blocked the session, false otherwise
+
|True if spam, false otherwise
 
|-
 
|-
 +
|subject
 +
|String
 +
|The subject
 +
|-
 +
|testsString
 +
|String
 +
|The tests string from the spam engine
 +
|-
 +
|timeStamp
 +
|Timestamp
 +
|The timestamp
 +
|-
 +
|vendorName
 +
|String
 +
|The application name
 
|}
 
|}
<section end='ShieldEvent' />
+
<section end='SpamLogEvent' />
 +
 
 +
 
 +
== SpamSmtpTarpitEvent ==
 +
<section begin='SpamSmtpTarpitEvent' />
 +
 
 +
These events are created by [[Spam Blocker]] and inserted to the [[Global_DB_schema#smtp_tarpit_events|smtp_tarpit_events]] table when a session is tarpitted.
  
== SmtpMessageAddressEvent ==
+
{| border="1" cellpadding="2" width="90%" align="center"
<section begin='SmtpMessageAddressEvent' />
+
! Attribute Name
Events in this class are created by smtp-casing and updated to the [[Global_DB_schema#mail_addrs|mail_addrs]] table.
+
! Type
{| border="1" cellpadding="2" width="90%%" align="center"
+
! Description
!Column Name
 
!Type
 
!Description
 
 
|-
 
|-
|messageId
+
|iPAddr
|bigint
+
|InetAddress
|The message ID
+
|The IP address
 
|-
 
|-
|kind
+
|class
|AddressKind
+
|Class
|The type for this address (F=From, T=To, C=CC, G=Envelope From, B=Envelope To, X=Unknown)
+
|The class name
 
|-
 
|-
|addr
+
|hostname
|text
+
|String
|The address of this event
+
|The hostname
 
|-
 
|-
|}
+
|sessionEvent
<section end='SmtpMessageAddressEvent' />
+
|SessionEvent
 
+
|The session event
== SmtpMessageEvent ==
 
<section begin='SmtpMessageEvent' />
 
Events in this class are created by smtp-casing and updated to the [[Global_DB_schema#mail_msgs|mail_msgs]] table.
 
{| border="1" cellpadding="2" width="90%%" align="center"
 
!Column Name
 
!Type
 
!Description
 
 
|-
 
|-
|subject
+
|sessionId
|text
+
|Long
|The email subject
+
|The session ID
 
|-
 
|-
|messageId
+
|timeStamp
|bigint
+
|Timestamp
|The message ID
+
|The timestamp
 
|-
 
|-
 +
|vendorName
 +
|String
 +
|The application name
 
|}
 
|}
<section end='SmtpMessageEvent' />
+
<section end='SpamSmtpTarpitEvent' />
 +
 
  
== SpamLogEvent ==  
+
== SpamLogEvent ==
 
<section begin='SpamLogEvent' />
 
<section begin='SpamLogEvent' />
Events in this class are created by Spam Blocker or Spam Blocker Lite and updated to the [[Global_DB_schema#mail_msgs|mail_msgs]] and [[Global_DB_schema#mail_addrs|mail_addrs]] schemas.
+
 
{| border="1" cellpadding="2" width="90%%" align="center"
+
These events are created by [[Spam Blocker]] and update the [[Global_DB_schema#mail_msgs|mail_msgs]] table when an email is scanned.
!Column Name
+
 
!Type
+
{| border="1" cellpadding="2" width="90%" align="center"
!Description
+
! Attribute Name
 +
! Type
 +
! Description
 +
|-
 +
|action
 +
|SpamMessageAction
 +
|The action
 +
|-
 +
|class
 +
|Class
 +
|The class name
 +
|-
 +
|clientAddr
 +
|InetAddress
 +
|The client address
 +
|-
 +
|clientPort
 +
|int
 +
|The client port
 
|-
 
|-
 
|messageId
 
|messageId
|bigint
+
|Long
 
|The message ID
 
|The message ID
 +
|-
 +
|receiver
 +
|String
 +
|The receiver
 
|-
 
|-
 
|score
 
|score
 
|float
 
|float
|The score of the email according to Spam Blocker
+
|The score
 +
|-
 +
|sender
 +
|String
 +
|The sender
 +
|-
 +
|serverAddr
 +
|InetAddress
 +
|The server address
 +
|-
 +
|serverPort
 +
|int
 +
|The server port
 +
|-
 +
|smtpMessageEvent
 +
|SmtpMessageEvent
 +
|The parent SMTP message event
 
|-
 
|-
 
|isSpam
 
|isSpam
 
|boolean
 
|boolean
|The spam status of the email according to Spam Blocker
+
|True if spam, false otherwise
 
|-
 
|-
|action
+
|subject
|SpamMessageAction
+
|String
|The action taken by Spam Blocker
+
|The subject
 +
|-
 +
|testsString
 +
|String
 +
|The tests string from the spam engine
 +
|-
 +
|timeStamp
 +
|Timestamp
 +
|The timestamp
 
|-
 
|-
 
|vendorName
 
|vendorName
|text
+
|String
|The "vendor name" of the app that logged the event
+
|The application name
|-
 
 
|}
 
|}
 
<section end='SpamLogEvent' />
 
<section end='SpamLogEvent' />
  
== SpamSmtpTarpitEvent ==  
+
 
<section begin='SpamSmtpTarpitEvent' />
+
== CookieEvent ==
Events in this class are created by Spam Blocker and inserted to the [[Global_DB_schema#smtp_tarpit_events|smtp_tarpit_events]] table.
+
<section begin='CookieEvent' />
{| border="1" cellpadding="2" width="90%%" align="center"
+
 
!Column Name
+
These events are created by [[Ad Blocker]] and update the [[Global_DB_schema#http_events|http_events]] table when a cookie is blocked.
!Type
+
 
!Description
+
{| border="1" cellpadding="2" width="90%" align="center"
 +
! Attribute Name
 +
! Type
 +
! Description
 +
|-
 +
|class
 +
|Class
 +
|The class name
 
|-
 
|-
|hostname
+
|identification
|text
+
|String
|The hostname
+
|The identification string
 
|-
 
|-
|ipAddr
+
|requestId
|inet
+
|Long
|The client IP address
+
|The request ID
 
|-
 
|-
|vendorName
+
|sessionEvent
|text
+
|SessionEvent
|The "vendor name" of the app that logged the event
+
|The session event
 
|-
 
|-
 +
|timeStamp
 +
|Timestamp
 +
|The timestamp
 
|}
 
|}
<section end='SpamSmtpTarpitEvent' />
+
<section end='CookieEvent' />
 +
 
 +
 
 +
== AdBlockerEvent ==
 +
<section begin='AdBlockerEvent' />
  
 +
These events are created by [[Ad Blocker]] and update the [[Global_DB_schema#http_events|http_events]] table when an ad is blocked.
  
== HostTableEvent ==
+
{| border="1" cellpadding="2" width="90%" align="center"
<section begin='HostTableEvent' />
+
! Attribute Name
Events in this class are created by the base system and inserted to the [[Global_DB_schema#host_table_updates|host_table_updates]] table.
+
! Type
{| border="1" cellpadding="2" width="90%%" align="center"
+
! Description
!Column Name
+
|-
!Type
+
|action
!Description
+
|Action
 +
|The action
 
|-
 
|-
|address
+
|class
|inet
+
|Class
|The host IP address
+
|The class name
 
|-
 
|-
|key
+
|reason
|text
+
|String
|DB column that has been updated
+
|The reason
 
|-
 
|-
|value
+
|requestId
|text
+
|Long
|Value the DB column was updated to
+
|The request ID
 
|-
 
|-
 +
|timeStamp
 +
|Timestamp
 +
|The timestamp
 
|}
 
|}
<section end='HostTableEvent' />
+
<section end='AdBlockerEvent' />
 +
 
 +
 
 +
== IntrusionPreventionLogEvent ==
 +
<section begin='IntrusionPreventionLogEvent' />
 +
 
 +
These events are created by [[Intrusion Prevention]] and inserted to the [[Global_DB_schema#intrusion_prevention_events|intrusion_prevention_events]] table when a rule matches.
  
== SystemStatEvent ==
+
{| border="1" cellpadding="2" width="90%" align="center"
<section begin='SystemStatEvent' />
+
! Attribute Name
Events in this class are created by the base system and inserted to the [[Global_DB_schema#server_events|server_events]] table.
+
! Type
{| border="1" cellpadding="2" width="90%%" align="center"
+
! Description
!Column Name
 
!Type
 
!Description
 
 
|-
 
|-
|memTotal
+
|blocked
|bigint
+
|short
|The total bytes of memory
+
|True if blocked, false otherwise
 
|-
 
|-
|memFree
+
|category
|bigint
+
|String
|The number of free bytes of memory
+
|The category
 
|-
 
|-
|memFreePercent
+
|class
|float
+
|Class
|The amount of free memory by percent.
+
|The class name
 
|-
 
|-
|memCache
+
|classificationId
|bigint
+
|long
|The number of bytes of memory used for disk cache
+
|The classification ID
 
|-
 
|-
|memBuffers
+
|classtype
|bigint
+
|String
|The number of bytes of memory used for buffers
+
|The classtype
 
|-
 
|-
|load1
+
|dportIcode
|float
+
|int
|The 1-minute CPU load
+
|The dportIcode
 
|-
 
|-
|load5
+
|eventId
|float
+
|long
|The 5-minute CPU load
+
|The event ID
 
|-
 
|-
|load15
+
|eventMicrosecond
|float
+
|long
|The 15-minute CPU load
+
|The event microsecond
 
|-
 
|-
|cpuUser
+
|eventSecond
|float
+
|long
|The user CPU percent utilization
+
|The event second
 
|-
 
|-
|cpuSystem
+
|eventType
|float
+
|long
|The system CPU percent utilization
+
|The event type
 
|-
 
|-
|diskTotal
+
|generatorId
|bigint
+
|long
|The total disk size in bytes
+
|The generator ID
 
|-
 
|-
|diskFree
+
|impact
|bigint
+
|short
|The free disk space in bytes
+
|The impact
 
|-
 
|-
|diskFreePercent
+
|impactFlag
|float
+
|short
|The free disk space by percent
+
|The impact flag
 
|-
 
|-
|swapFree
+
|ipDestination
|bigint
+
|InetAddress
|The free disk swap in bytes
+
|The IP address destination
 
|-
 
|-
|swapTotal
+
|ipSource
|bigint
+
|InetAddress
|The total swap size in bytes
+
|The IP address source
 
|-
 
|-
|}
+
|mplsLabel
<section end='SystemStatEvent' />
+
|long
 
+
|The mplsLabel
== PenaltyBoxEvent ==
 
<section begin='PenaltyBoxEvent' />
 
Events in this class are created by the Bandwidth Control and inserted or updated to the [[Global_DB_schema#penaltybox|penaltybox]] table.
 
{| border="1" cellpadding="2" width="90%%" align="center"
 
!Column Name
 
!Type
 
!Description
 
 
|-
 
|-
|address
+
|msg
|inet
+
|String
|The IP address of the host
+
|The msg
 
|-
 
|-
|entryTime
+
|padding
|timestamp
+
|int
|The time the client entered the penalty box
+
|The padding
 
|-
 
|-
|exitTime
+
|priorityId
|timestamp
+
|long
|The time the client exited the penalty box
+
|The priority ID
 
|-
 
|-
|reason
+
|protocol
|text
+
|short
|The reason for the action
+
|The protocol
 
|-
 
|-
|}
+
|sensorId
<section end='PenaltyBoxEvent' />
+
|long
 
+
|The sensor ID
== QuotaEvent ==
 
<section begin='QuotaEvent' />
 
Events in this class are created by the Bandwidth Control and inserted or updated to the [[Global_DB_schema#quotas|quotas]] table.
 
{| border="1" cellpadding="2" width="90%%" align="center"
 
!Column Name
 
!Type
 
!Description
 
 
|-
 
|-
|action
+
|signatureId
|integer
+
|long
|The action (1=Quota Given, 2=Quota Exceeded)
+
|The signature ID
 
|-
 
|-
|address
+
|signatureRevision
|inet
+
|long
|The IP address of the host
+
|The signature revision
 
|-
 
|-
|reason
+
|sportItype
|text
+
|int
|The reason for the action
+
|The sportItype
 
|-
 
|-
|quotaSize
+
|timeStamp
|bigint
+
|Timestamp
|The size of the quota
+
|The timestamp
 
|-
 
|-
 +
|vlanId
 +
|int
 +
|The VLAN Id
 
|}
 
|}
<section end='QuotaEvent' />
+
<section end='IntrusionPreventionLogEvent' />
 +
 
 +
 
 +
== WebFilterQueryEvent ==
 +
<section begin='WebFilterQueryEvent' />
 +
 
 +
These events are created by [[Web Filter]] and inserted to the [[Global_DB_schema#http_query_events|http_query_events]] table when web filter processes a search engine search.
  
== SessionEvent ==
+
{| border="1" cellpadding="2" width="90%" align="center"
<section begin='SessionEvent' />
+
! Attribute Name
Events in this class are created by the base system and inserted to the [[Global_DB_schema#sessions|sessions]] table.
+
! Type
{| border="1" cellpadding="2" width="90%%" align="center"
+
! Description
!Column Name
+
|-
!Type
+
|class
!Description
+
|Class
 +
|The class name
 
|-
 
|-
|sessionId
+
|contentLength
|bigint
+
|long
|The session
+
|The content length
 
|-
 
|-
|bypassed
+
|host
|boolean
+
|String
|True if the session was bypassed, false otherwise
+
|The host
 
|-
 
|-
|protocol
+
|method
|smallint
+
|HttpMethod
|The IP protocol of session
+
|The method
 
|-
 
|-
|clientIntf
+
|nodeName
|integer
+
|String
|The client interface
+
|The name of the application
 
|-
 
|-
|serverIntf
+
|requestId
|integer
+
|Long
|The server interface
+
|The request ID
 
|-
 
|-
|cClientAddr
+
|requestUri
|inet
+
|URI
|The client-side client IP address
+
|The request URI
 
|-
 
|-
|sClientAddr
+
|sessionEvent
|inet
+
|SessionEvent
|The server-side client IP address
+
|The session event
 
|-
 
|-
|cServerAddr
+
|term
|inet
+
|String
|The client-side server IP address
+
|The search term/phrase
 
|-
 
|-
|sServerAddr
+
|timeStamp
|inet
+
|Timestamp
|The server-side server IP address
+
|The timestamp
 +
|}
 +
<section end='WebFilterQueryEvent' />
 +
 
 +
 
 +
== WanFailoverTestEvent ==
 +
<section begin='WanFailoverTestEvent' />
 +
 
 +
These events are created by [[WAN Failover]] and inserted to the [[Global_DB_schema#wan_failover_test_events|wan_failover_test_events]] table when a test is run.
 +
 
 +
{| border="1" cellpadding="2" width="90%" align="center"
 +
! Attribute Name
 +
! Type
 +
! Description
 
|-
 
|-
|cClientPort
+
|class
|integer
+
|Class
|The client-side client port
+
|The class name
 
|-
 
|-
|sClientPort
+
|description
|integer
+
|String
|The server-side client port
+
|The description
 
|-
 
|-
|cServerPort
+
|interfaceId
|integer
+
|int
|The client-side server port
+
|The interface ID
 
|-
 
|-
|sServerPort
+
|name
|integer
+
|String
|The server-side server port
+
|The test name
 
|-
 
|-
|username
+
|osName
|text
+
|String
|The username
+
|The O/S interface name
 
|-
 
|-
|hostname
+
|success
|text
+
|Boolean
|The hostname
+
|True if successful, false otherwise
 
|-
 
|-
 +
|timeStamp
 +
|Timestamp
 +
|The timestamp
 
|}
 
|}
<section end='SessionEvent' />
+
<section end='WanFailoverTestEvent' />
 +
 
 +
 
 +
== WanFailoverEvent ==
 +
<section begin='WanFailoverEvent' />
 +
 
 +
These events are created by [[WAN Failover]] and inserted to the [[Global_DB_schema#wan_failover_action_events|wan_failover_action_events]] table when WAN Failover takes an action.
  
== SessionNatEvent ==
+
{| border="1" cellpadding="2" width="90%" align="center"
<section begin='SessionNatEvent' />
+
! Attribute Name
Events in this class are created by the base system and updated to the [[Global_DB_schema#sessions|sessions]] table.
+
! Type
{| border="1" cellpadding="2" width="90%%" align="center"
+
! Description
!Column Name
 
!Type
 
!Description
 
 
|-
 
|-
|serverIntf
+
|action
|integer
+
|WanFailoverEvent$Action
|The server interface
+
|The action
 
|-
 
|-
|sClientAddr
+
|class
|inet
+
|Class
|The server-side client IP address
+
|The class name
 
|-
 
|-
|sServerAddr
+
|interfaceId
|inet
+
|int
|The server-side server IP address
+
|The interface ID
 
|-
 
|-
|sClientPort
+
|name
|integer
+
|String
|The server-side client port
+
|The name
 
|-
 
|-
|sServerPort
+
|osName
|integer
+
|String
|The server-side server port
+
|The O/S interface name
 
|-
 
|-
 +
|timeStamp
 +
|Timestamp
 +
|The timestamp
 
|}
 
|}
<section end='SessionNatEvent' />
+
<section end='WanFailoverEvent' />
 +
 
 +
 
 +
== CaptivePortalUserEvent ==
 +
<section begin='CaptivePortalUserEvent' />
 +
 
 +
These events are created by [[Captive Portal]] and inserted to the [[Global_DB_schema#captive_portal_user_events|captive_portal_user_events]] table when Captive Portal user takes an action.
  
== SessionStatsEvent ==
+
{| border="1" cellpadding="2" width="90%" align="center"
<section begin='SessionStatsEvent' />
+
! Attribute Name
Events in this class are created by the base system and updated to the [[Global_DB_schema#sessions|sessions]] table.
+
! Type
{| border="1" cellpadding="2" width="90%%" align="center"
+
! Description
!Column Name
+
|-
!Type
+
|authenticationType
!Description
+
|CaptivePortalSettings$AuthenticationType
 +
|The authentication type
 +
|-
 +
|authenticationTypeValue
 +
|String
 +
|The authentication type as a string
 +
|-
 +
|class
 +
|Class
 +
|The class name
 +
|-
 +
|clientAddr
 +
|InetAddress
 +
|The client address
 +
|-
 +
|event
 +
|CaptivePortalUserEvent$EventType
 +
|The event (LOGIN, FAILED, TIMEOUT, INACTIVE, USER_LOGOUT, ADMIN_LOGOUT)
 +
|-
 +
|eventValue
 +
|String
 +
|The event value as a string (LOGIN, FAILED, TIMEOUT, INACTIVE, USER_LOGOUT, ADMIN_LOGOUT)
 +
|-
 +
|loginName
 +
|String
 +
|The login name
 +
|-
 +
|policyId
 +
|Long
 +
|The policy ID
 
|-
 
|-
|sessionId
+
|timeStamp
|bigint
+
|Timestamp
|The session
+
|The timestamp
 +
|}
 +
<section end='CaptivePortalUserEvent' />
 +
 
 +
 
 +
== CaptureRuleEvent ==
 +
<section begin='CaptureRuleEvent' />
 +
 
 +
These events are created by [[Captive Portal]] and update the [[Global_DB_schema#sessions|sessions]] table when Captive Portal processes a session.
 +
 
 +
{| border="1" cellpadding="2" width="90%" align="center"
 +
! Attribute Name
 +
! Type
 +
! Description
 
|-
 
|-
|c2pBytes
+
|captured
|bigint
+
|boolean
|The number of bytes the client sent to Untangle (client-to-pipeline)
+
|True if captured, false otherwise
 
|-
 
|-
|p2sBytes
+
|class
|bigint
+
|Class
|The number of bytes Untangle sent to server (pipeline-to-client)
+
|The class name
 
|-
 
|-
|s2pBytes
+
|ruleId
|bigint
+
|Integer
|The number of bytes the server sent to Untangle (client-to-pipeline)
+
|The rule ID
 
|-
 
|-
|p2cBytes
+
|sessionEvent
|bigint
+
|SessionEvent
|The number of bytes Untangle sent to client (pipeline-to-client)
+
|The session event
 
|-
 
|-
 +
|timeStamp
 +
|Timestamp
 +
|The timestamp
 
|}
 
|}
<section end='SessionStatsEvent' />
+
<section end='CaptureRuleEvent' />
 +
 
 +
 
 +
== VirusSmtpEvent ==
 +
<section begin='VirusSmtpEvent' />
 +
 
 +
These events are created by [[Virus Blocker]] and update the [[Global_DB_schema#mail_msgs|mail_msgs]] table when Virus Blocker scans an email.
  
== SettingsChangesEvent ==
+
{| border="1" cellpadding="2" width="90%" align="center"
<section begin='SettingsChangesEvent' />
+
! Attribute Name
Events in this class are created by the base system and updated to the [[Global_DB_schema#settings_changes|settings_changes]] table.
+
! Type
{| border="1" cellpadding="2" width="90%%" align="center"
+
! Description
!Column Name
+
|-
!Type
+
|action
!Description
+
|String
 +
|The action
 +
|-
 +
|class
 +
|Class
 +
|The class name
 +
|-
 +
|clean
 +
|boolean
 +
|True if clean, false otherwise
 
|-
 
|-
|settings_file
+
|messageId
|text
+
|Long
|The name of the file changed
+
|The message ID
 
|-
 
|-
|username
+
|nodeName
|text
+
|String
|The username logged in at the time of the change
+
|The name of the application
 
|-
 
|-
|hostname
+
|timeStamp
|text
+
|Timestamp
|The remote hostname of the username logged in at the time of the change
+
|The timestamp
 
|-
 
|-
 +
|virusName
 +
|String
 +
|The virus name, if not clean
 
|}
 
|}
<section end='SettingsChangesEvent' />
+
<section end='VirusSmtpEvent' />
 +
 
  
== VirusFtpEvent ==  
+
== VirusFtpEvent ==
 
<section begin='VirusFtpEvent' />
 
<section begin='VirusFtpEvent' />
Events in this class are created by Virus Blocker or Virus Blocker Lite and updated to the [[Global_DB_schema#ftp_events|ftp_events]] table.
+
 
{| border="1" cellpadding="2" width="90%%" align="center"
+
These events are created by [[Virus Blocker]] and update the [[Global_DB_schema#ftp_events|ftp_events]] table when Virus Blocker scans an FTP transfer.
!Column Name
+
 
!Type
+
{| border="1" cellpadding="2" width="90%" align="center"
!Description
+
! Attribute Name
 +
! Type
 +
! Description
 +
|-
 +
|class
 +
|Class
 +
|The class name
 
|-
 
|-
 
|clean
 
|clean
 
|boolean
 
|boolean
|The cleanliness of the file according to Virus Blocker
+
|True if clean, false otherwise
 
|-
 
|-
|virusName
+
|nodeName
|text
+
|String
|The name of the malware according to Virus Blocker
+
|The name of the application
 +
|-
 +
|sessionEvent
 +
|SessionEvent
 +
|The session event
 +
|-
 +
|timeStamp
 +
|Timestamp
 +
|The timestamp
 
|-
 
|-
 
|uri
 
|uri
|text
+
|String
|The FTP URI
+
|The URI
 
|-
 
|-
 +
|virusName
 +
|String
 +
|The virus name, if not clean
 
|}
 
|}
 
<section end='VirusFtpEvent' />
 
<section end='VirusFtpEvent' />
  
== VirusHttpEvent ==  
+
 
 +
== VirusHttpEvent ==
 
<section begin='VirusHttpEvent' />
 
<section begin='VirusHttpEvent' />
Events in this class are created by Virus Blocker or Virus Blocker Lite and updated to the [[Global_DB_schema#http_events|http_events]] table.
 
  
{| border="1" cellpadding="2" width="90%%" align="center"
+
These events are created by [[Virus Blocker]] and update the [[Global_DB_schema#http_events|http_events]] table when Virus Blocker scans an HTTP transfer.
!Column Name
+
 
!Type
+
{| border="1" cellpadding="2" width="90%" align="center"
!Description
+
! Attribute Name
 +
! Type
 +
! Description
 
|-
 
|-
|requestId
+
|class
|bigint
+
|Class
|The HTTP request ID
+
|The class name
 
|-
 
|-
 
|clean
 
|clean
 
|boolean
 
|boolean
|The cleanliness of the file according to Virus Blocker
+
|True if clean, false otherwise
 +
|-
 +
|nodeName
 +
|String
 +
|The name of the application
 +
|-
 +
|requestId
 +
|Long
 +
|The request ID
 +
|-
 +
|timeStamp
 +
|Timestamp
 +
|The timestamp
 
|-
 
|-
 
|virusName
 
|virusName
|text
+
|String
|The name of the malware according to Virus Blocker
+
|The virus name, if not clean
 +
|}
 +
<section end='VirusHttpEvent' />
 +
 
 +
 
 +
== OpenVpnEvent ==
 +
<section begin='OpenVpnEvent' />
 +
 
 +
These events are created by [[OpenVPN]] and update the [[Global_DB_schema#openvpn_events|openvpn_events]] table when OpenVPN processes a client action.
 +
 
 +
{| border="1" cellpadding="2" width="90%" align="center"
 +
! Attribute Name
 +
! Type
 +
! Description
 +
|-
 +
|address
 +
|InetAddress
 +
|The address
 +
|-
 +
|class
 +
|Class
 +
|The class name
 +
|-
 +
|clientName
 +
|String
 +
|The client name
 +
|-
 +
|poolAddress
 +
|InetAddress
 +
|The pool address
 +
|-
 +
|timeStamp
 +
|Timestamp
 +
|The timestamp
 +
|-
 +
|type
 +
|OpenVpnEvent$EventType
 +
|The type
 +
|}
 +
<section end='OpenVpnEvent' />
 +
 
 +
 
 +
== OpenVpnStatusEvent ==
 +
<section begin='OpenVpnStatusEvent' />
 +
 
 +
These events are created by [[OpenVPN]] and update the [[Global_DB_schema#openvpn_stats|openvpn_stats]] table periodically.
 +
 
 +
{| border="1" cellpadding="2" width="90%" align="center"
 +
! Attribute Name
 +
! Type
 +
! Description
 +
|-
 +
|address
 +
|InetAddress
 +
|The address
 +
|-
 +
|bytesRxDelta
 +
|long
 +
|The delta number of RX (received) bytes from the previous event
 +
|-
 +
|bytesRxTotal
 +
|long
 +
|The total number of RX (received) bytes
 +
|-
 +
|bytesTxDelta
 +
|long
 +
|The delta number of TX (transmitted) bytes from the previous event
 +
|-
 +
|bytesTxTotal
 +
|long
 +
|The total number of TX (transmitted) bytes
 +
|-
 +
|class
 +
|Class
 +
|The class name
 +
|-
 +
|clientName
 +
|String
 +
|The client name
 +
|-
 +
|end
 +
|Timestamp
 +
|The end
 +
|-
 +
|poolAddress
 +
|InetAddress
 +
|The pool address
 +
|-
 +
|port
 +
|int
 +
|The port
 +
|-
 +
|start
 +
|Timestamp
 +
|The start
 +
|-
 +
|timeStamp
 +
|Timestamp
 +
|The timestamp
 +
|}
 +
<section end='OpenVpnStatusEvent' />
 +
 
 +
 
 +
== SmtpMessageAddressEvent ==
 +
<section begin='SmtpMessageAddressEvent' />
 +
 
 +
These events are created by SMTP subsystem and inserted to the [[Global_DB_schema#mail_addrs|mail_addrs]] table for each address on each email.
 +
 
 +
{| border="1" cellpadding="2" width="90%" align="center"
 +
! Attribute Name
 +
! Type
 +
! Description
 +
|-
 +
|addr
 +
|String
 +
|The address
 +
|-
 +
|class
 +
|Class
 +
|The class name
 +
|-
 +
|kind
 +
|AddressKind
 +
|The type for this address (F=From, T=To, C=CC, G=Envelope From, B=Envelope To, X=Unknown)
 +
|-
 +
|messageId
 +
|Long
 +
|The message ID
 
|-
 
|-
 +
|personal
 +
|String
 +
|personal
 +
|-
 +
|timeStamp
 +
|Timestamp
 +
|The timestamp
 
|}
 
|}
<section end='VirusHttpEvent' />
+
<section end='SmtpMessageAddressEvent' />
 +
 
 +
 
 +
== SmtpMessageEvent ==
 +
<section begin='SmtpMessageEvent' />
  
== VirusSmtpEvent ==
+
These events are created by SMTP subsystem and inserted to the [[Global_DB_schema#mail_msgs|mail_msgs]] table for each email.
<section begin='VirusSmtpEvent' />
 
Events in this class are created by Virus Blocker or Virus Blocker Lite and updated to the [[Global_DB_schema#mail_msgs|mail_msgs]] table.
 
  
{| border="1" cellpadding="2" width="90%%" align="center"
+
{| border="1" cellpadding="2" width="90%" align="center"
!Column Name
+
! Attribute Name
!Type
+
! Type
!Description
+
! Description
 +
|-
 +
|addresses
 +
|Set
 +
|The addresses
 +
|-
 +
|class
 +
|Class
 +
|The class name
 +
|-
 +
|envelopeFromAddress
 +
|String
 +
|The envelop FROM address
 +
|-
 +
|envelopeToAddress
 +
|String
 +
|The envelope TO address
 
|-
 
|-
 
|messageId
 
|messageId
|bigint
+
|Long
 
|The message ID
 
|The message ID
 
|-
 
|-
|clean
+
|receiver
|boolean
+
|String
|The cleanliness of the file according to Virus Blocker
+
|The receiver
 +
|-
 +
|sender
 +
|String
 +
|The sender
 +
|-
 +
|sessionEvent
 +
|SessionEvent
 +
|The session event
 +
|-
 +
|sessionId
 +
|Long
 +
|The session ID
 
|-
 
|-
|virusName
+
|subject
|text
+
|String
|The name of the malware according to Virus Blocker
+
|The subject
 
|-
 
|-
|action
+
|timeStamp
|text
+
|Timestamp
|The action taken by Virus Blocker
+
|The timestamp
 
|-
 
|-
 +
|tmpFile
 +
|File
 +
|The /tmp file
 
|}
 
|}
<section end='VirusSmtpEvent' />
+
<section end='SmtpMessageEvent' />
 +
 
 +
 
 +
== LoginEvent ==
 +
<section begin='LoginEvent' />
 +
 
 +
These events are created by [[Directory Connector]] and inserted to the [[Global_DB_schema#directory_connector_login_events|directory_connector_login_events]] table for each login.
  
== WebFilterEvent ==
+
{| border="1" cellpadding="2" width="90%" align="center"
<section begin='WebFilterEvent' />
+
! Attribute Name
Events in this class are created by Web Filter or Web Filter Lite and updated to the [[Global_DB_schema#http_events|http_events]] table.
+
! Type
{| border="1" cellpadding="2" width="90%%" align="center"
+
! Description
!Column Name
+
|-
!Type
+
|class
!Description
+
|Class
 +
|The class name
 
|-
 
|-
|blocked
+
|clientAddr
|boolean
+
|InetAddress
|If Web Filter blocked this request
+
|The client address
 
|-
 
|-
|flagged
+
|domain
|boolean
+
|String
|If Web Filter flagged this request
+
|The domain
 
|-
 
|-
|reason
+
|event
|Reason
+
|String
|The reason Web Filter blocked/flagged this request
+
|The event
 
|-
 
|-
|category
+
|loginName
|text
+
|String
|The category according to Web Filter
+
|The login name
 
|-
 
|-
 +
|timeStamp
 +
|Timestamp
 +
|The timestamp
 
|}
 
|}
<section end='WebFilterEvent' />
+
<section end='LoginEvent' />

Revision as of 04:16, 26 February 2016

All event data is stored in the Global DB Schema in a relational database. As Untangle and applications process traffic they create Event objects that add and modify content in the database. Each event has it's own class/object with certain fields that modify the database in a certain way.

The list below shows the classes used in the event logging and the column fields available within each event. These can be used to add Alert Events or for other event handling within Untangle.

HostTableEvent


These events are created by the base system and inserted to the host_table_updates table when the host table is modified.

Attribute Name Type Description
address InetAddress The address
class Class The class name
key String The key
timeStamp Timestamp The timestamp
value String The value


DeviceTableEvent


These events are created by the base system and inserted to the device_table_updates table when the device list is modified.

Attribute Name Type Description
class Class The class name
device DeviceTableEntry The Device
key String The key
macAddress String The MAC address
timeStamp Timestamp The timestamp
value String The value


PenaltyBoxEvent


These events are created by the Bandwidth Control and inserted to the penaltybox table.

Attribute Name Type Description
action int The action
address InetAddress The address
class Class The class name
entryTime Timestamp The entry time
exitTime Timestamp The exit time
timeStamp Timestamp The timestamp


SessionStatsEvent


These events are created by the base system and update the sessions table when a session ends with the updated stats.

Attribute Name Type Description
c2pBytes long The number of bytes sent from the client to Untangle
c2pChunks long The number of chunks/packets sent from the client to Untangle
class Class The class name
p2cBytes long The number of bytes sent to the client from Untangle
p2cChunks long The number of chunks/packets sent to the client from Untangle
p2sBytes long The number of bytes sent to the server from Untangle
p2sChunks long The number of chunks/packets sent to the server from Untangle
s2pBytes long The number of bytes sent from the server to Untangle
s2pChunks long The number of chunks/packets sent from the server to Untangle
sessionId Long The session ID
timeStamp Timestamp The timestamp


SessionEvent


These events are created by the base system and update the sessions table each time a session is created.

Attribute Name Type Description
cClientAddr InetAddress The client-side (pre-NAT) client address
cClientPort Integer The client-side (pre-NAT) client port
cServerAddr InetAddress The client-side (pre-NAT) server address
cServerPort Integer The client-side (pre-NAT) server port
sClientAddr InetAddress The server-side (post-NAT) client address
sClientPort Integer The server-side (post-NAT) client port
sServerAddr InetAddress The server-side (post-NAT) server address
sServerPort Integer The server-side (post-NAT) server port
bypassed boolean True if bypassed, false otherwise
class Class The class name
clientIntf Integer The client interface ID
entitled boolean The entitled status
filterPrefix String The filter prefix if blocked by the filter rules
hostname String The hostname
icmpType Short The ICMP type
policyId Long The policy ID
protocol Short The protocol
protocolName String The protocol name
serverIntf Integer The server interface ID
sessionId Long The session ID
timeStamp Timestamp The timestamp
username String The username


SessionNatEvent


These events are created by the base system and update the sessions table each time a session is NATd with the post-NAT information.

Attribute Name Type Description
sClientAddr InetAddress The server-side (post-NAT) client address
sClientPort Integer The server-side (post-NAT) client port
sServerAddr InetAddress The server-side (post-NAT) server address
sServerPort Integer The server-side (post-NAT) server port
class Class The class name
serverIntf Integer The server interface ID
timeStamp Timestamp The timestamp


QuotaEvent


These events are created by the Bandwidth Control and inserted or update the quotas table when quotas are given or exceeded.

Attribute Name Type Description
action int The action (1=Quota Given, 2=Quota Exceeded)
address InetAddress The address
class Class The class name
quotaSize long The quota size
reason String The reason
timeStamp Timestamp The timestamp


SettingsChangesEvent


These events are created by the base system and inserted to the settings_changes table when settings are changed.

Attribute Name Type Description
class Class The class name
timeStamp Timestamp The timestamp


LogEvent


These base class for all events.

Attribute Name Type Description
class Class The class name
timeStamp Timestamp The timestamp


InterfaceStatEvent


These events are created by the base system and inserted to the interface_stat_events table periodically with interface stats.

Attribute Name Type Description
class Class The class name
interfaceId int The interface ID
rxRate double The RX rate in byte/s
timeStamp Timestamp The timestamp
txRate double The TX rate in byte/s


SystemStatEvent


These events are created by the base system and inserted to the server_events table periodically.

Attribute Name Type Description
activeHosts int The active host count
class Class The class name
cpuSystem float The system CPU utilization
cpuUser float The user CPU utilization
diskFree long The amount of disk free
diskFreePercent float The percentage of disk free
diskTotal long The total size of the disk
load1 float The 1-minute CPU load
load15 float The 15-minute CPU load
load5 float The 5-minute CPU load
memBuffers long The amount of memory used by buffers
memCache long The amount of memory used by cache
memFree long The amount of free memory
memFreePercent float The percentage of total memory that is free
memTotal long The total amount of memory
swapFree long The amount of free swap
swapTotal long The total size of swap
timeStamp Timestamp The timestamp


TunnelStatusEvent


These events are created by IPsec VPN and inserted to the ipsec_tunnel_stats table periodically.

Attribute Name Type Description
class Class The class name
inBytes long The number of bytes received from this tunnel
outBytes long The number of bytes sent in this tunnel
timeStamp Timestamp The timestamp
tunnelName String The name of this tunnel


VirtualUserEvent


These events are created by IPsec VPN and inserted to the ipsec_user_events table when a user event occurs.

Attribute Name Type Description
class Class The class name
clientAddress InetAddress The client address
clientProtocol String The client protocol
clientUsername String The client username
elapsedTime String The elapsed time
eventId Long The event ID
netInterface String The net interface
netProcess String The net process
netRXbytes Long The number of RX (received) bytes
netTXbytes Long The number of TX (transmitted) bytes
timeStamp Timestamp The timestamp


AlertEvent


These events are created by Reports and inserted to the alerts table when an alert fires.

Attribute Name Type Description
cause LogEvent The cause
class Class The class name
description String The description
json JSONObject The JSON string
summaryText String The summary text
timeStamp Timestamp The timestamp


ConfigurationBackupEvent


These events are created by Configuration Backup and inserted to the configuratio_backup_events table when a backup occurs.

Attribute Name Type Description
class Class The class name
destination String The destination
detail String The details
success boolean True if successful, false otherwise
timeStamp Timestamp The timestamp


WebCacheEvent


These events are created by Web Cache and inserted to the web_cache_stats table periodically.

Attribute Name Type Description
bypassCount long The number of bypasses
class Class The class name
hitBytes long The number of bytes worth of hits
hitCount long The number of hits
missBytes long The number of bytes worth of misses
missCount long The number of misses
policyId Long The policy ID
systemCount long The number of system bypasses
timeStamp Timestamp The timestamp


PrioritizeEvent


These events are created by the Bandwidth Control and update the session table when a session is prioritized.

Attribute Name Type Description
class Class The class name
priority int The priority
ruleId int The rule ID
sessionEvent SessionEvent The session event
timeStamp Timestamp The timestamp


HttpResponseEvent


These events are created by HTTP subsystem and update the http_events table when a web response happens.

Attribute Name Type Description
class Class The class name
contentLength long The content length
contentType String The content type
requestLine RequestLine The request line
timeStamp Timestamp The timestamp


HttpRequestEvent


These events are created by HTTP subsystem and inserted to the http_events table when a web request happens.

Attribute Name Type Description
class Class The class name
contentLength long The content length
domain String The domain
host String The host
method HttpMethod The HTTP method
referer String The referer
requestId Long The request ID
requestUri URI The request URI
sessionEvent SessionEvent The session event
sessionId Long The session ID
timeStamp Timestamp The timestamp


ApplicationControlLiteEvent


These events are created by Application Control Lite and update the sessions table when application control lite identifies a session.

Attribute Name Type Description
blocked boolean True if blocked, false otherwise
class Class The class name
protocol String The protocol
sessionId Long The session ID
timeStamp Timestamp The timestamp


FirewallEvent


These events are created by Firewall and update the sessions table when a firewall rule matches a session.

Attribute Name Type Description
blocked boolean True if blocked, false otherwise
class Class The class name
flagged boolean True if flagged, false otherwise
ruleId long The rule ID
sessionId Long The session ID
timeStamp Timestamp The timestamp


WebFilterEvent


These events are created by Web Filter and update the http_events table when web filter processes a web request.

Attribute Name Type Description
blocked Boolean True if blocked, false otherwise
category String The category
class Class The class name
flagged Boolean True if flagged, false otherwise
nodeName String The name of the application
reason Reason The reason
timeStamp Timestamp The timestamp


ApplicationControlLogEvent


These events are created by Application Control and update the sessions table when application control identifies a session.

Attribute Name Type Description
application String The application
blocked boolean True if blocked, false otherwise
category String The category
class Class The class name
confidence Integer The confidence (0-100)
detail String The details
flagged boolean True if flagged, false otherwise
protochain String The protochain
ruleId Integer The rule ID
sessionEvent SessionEvent The session event
state Integer The state
timeStamp Timestamp The timestamp


ShieldEvent


These events are created by base system and update the sessions table when the shield blocks a session.

Attribute Name Type Description
blocked boolean True if blocked, false otherwise
class Class The class name
sessionId Long The session ID
timeStamp Timestamp The timestamp


SslInspectorLogEvent


These events are created by SSL Inspector and update the sessions table when a session is processed by SSL Inspector.

Attribute Name Type Description
class Class The class name
detail String The details
ruleId Integer The rule ID
sessionEvent SessionEvent The session event
status String The status
timeStamp Timestamp The timestamp


SpamSmtpTarpitEvent


These events are created by Spam Blocker and inserted to the smtp_tarpit_events table when a session is tarpitted.

Attribute Name Type Description
iPAddr InetAddress The IP address
class Class The class name
hostname String The hostname
sessionEvent SessionEvent The session event
sessionId Long The session ID
timeStamp Timestamp The timestamp
vendorName String The application name


SpamLogEvent


These events are created by Spam Blocker and update the mail_msgs table when an email is scanned.

Attribute Name Type Description
action SpamMessageAction The action
class Class The class name
clientAddr InetAddress The client address
clientPort int The client port
messageId Long The message ID
receiver String The receiver
score float The score
sender String The sender
serverAddr InetAddress The server address
serverPort int The server port
smtpMessageEvent SmtpMessageEvent The parent SMTP message event
isSpam boolean True if spam, false otherwise
subject String The subject
testsString String The tests string from the spam engine
timeStamp Timestamp The timestamp
vendorName String The application name


SpamSmtpTarpitEvent


These events are created by Spam Blocker and inserted to the smtp_tarpit_events table when a session is tarpitted.

Attribute Name Type Description
iPAddr InetAddress The IP address
class Class The class name
hostname String The hostname
sessionEvent SessionEvent The session event
sessionId Long The session ID
timeStamp Timestamp The timestamp
vendorName String The application name


SpamLogEvent


These events are created by Spam Blocker and update the mail_msgs table when an email is scanned.

Attribute Name Type Description
action SpamMessageAction The action
class Class The class name
clientAddr InetAddress The client address
clientPort int The client port
messageId Long The message ID
receiver String The receiver
score float The score
sender String The sender
serverAddr InetAddress The server address
serverPort int The server port
smtpMessageEvent SmtpMessageEvent The parent SMTP message event
isSpam boolean True if spam, false otherwise
subject String The subject
testsString String The tests string from the spam engine
timeStamp Timestamp The timestamp
vendorName String The application name


CookieEvent


These events are created by Ad Blocker and update the http_events table when a cookie is blocked.

Attribute Name Type Description
class Class The class name
identification String The identification string
requestId Long The request ID
sessionEvent SessionEvent The session event
timeStamp Timestamp The timestamp


AdBlockerEvent


These events are created by Ad Blocker and update the http_events table when an ad is blocked.

Attribute Name Type Description
action Action The action
class Class The class name
reason String The reason
requestId Long The request ID
timeStamp Timestamp The timestamp


IntrusionPreventionLogEvent


These events are created by Intrusion Prevention and inserted to the intrusion_prevention_events table when a rule matches.

Attribute Name Type Description
blocked short True if blocked, false otherwise
category String The category
class Class The class name
classificationId long The classification ID
classtype String The classtype
dportIcode int The dportIcode
eventId long The event ID
eventMicrosecond long The event microsecond
eventSecond long The event second
eventType long The event type
generatorId long The generator ID
impact short The impact
impactFlag short The impact flag
ipDestination InetAddress The IP address destination
ipSource InetAddress The IP address source
mplsLabel long The mplsLabel
msg String The msg
padding int The padding
priorityId long The priority ID
protocol short The protocol
sensorId long The sensor ID
signatureId long The signature ID
signatureRevision long The signature revision
sportItype int The sportItype
timeStamp Timestamp The timestamp
vlanId int The VLAN Id


WebFilterQueryEvent


These events are created by Web Filter and inserted to the http_query_events table when web filter processes a search engine search.

Attribute Name Type Description
class Class The class name
contentLength long The content length
host String The host
method HttpMethod The method
nodeName String The name of the application
requestId Long The request ID
requestUri URI The request URI
sessionEvent SessionEvent The session event
term String The search term/phrase
timeStamp Timestamp The timestamp


WanFailoverTestEvent


These events are created by WAN Failover and inserted to the wan_failover_test_events table when a test is run.

Attribute Name Type Description
class Class The class name
description String The description
interfaceId int The interface ID
name String The test name
osName String The O/S interface name
success Boolean True if successful, false otherwise
timeStamp Timestamp The timestamp


WanFailoverEvent


These events are created by WAN Failover and inserted to the wan_failover_action_events table when WAN Failover takes an action.

Attribute Name Type Description
action WanFailoverEvent$Action The action
class Class The class name
interfaceId int The interface ID
name String The name
osName String The O/S interface name
timeStamp Timestamp The timestamp


CaptivePortalUserEvent


These events are created by Captive Portal and inserted to the captive_portal_user_events table when Captive Portal user takes an action.

Attribute Name Type Description
authenticationType CaptivePortalSettings$AuthenticationType The authentication type
authenticationTypeValue String The authentication type as a string
class Class The class name
clientAddr InetAddress The client address
event CaptivePortalUserEvent$EventType The event (LOGIN, FAILED, TIMEOUT, INACTIVE, USER_LOGOUT, ADMIN_LOGOUT)
eventValue String The event value as a string (LOGIN, FAILED, TIMEOUT, INACTIVE, USER_LOGOUT, ADMIN_LOGOUT)
loginName String The login name
policyId Long The policy ID
timeStamp Timestamp The timestamp


CaptureRuleEvent


These events are created by Captive Portal and update the sessions table when Captive Portal processes a session.

Attribute Name Type Description
captured boolean True if captured, false otherwise
class Class The class name
ruleId Integer The rule ID
sessionEvent SessionEvent The session event
timeStamp Timestamp The timestamp


VirusSmtpEvent


These events are created by Virus Blocker and update the mail_msgs table when Virus Blocker scans an email.

Attribute Name Type Description
action String The action
class Class The class name
clean boolean True if clean, false otherwise
messageId Long The message ID
nodeName String The name of the application
timeStamp Timestamp The timestamp
virusName String The virus name, if not clean


VirusFtpEvent


These events are created by Virus Blocker and update the ftp_events table when Virus Blocker scans an FTP transfer.

Attribute Name Type Description
class Class The class name
clean boolean True if clean, false otherwise
nodeName String The name of the application
sessionEvent SessionEvent The session event
timeStamp Timestamp The timestamp
uri String The URI
virusName String The virus name, if not clean


VirusHttpEvent


These events are created by Virus Blocker and update the http_events table when Virus Blocker scans an HTTP transfer.

Attribute Name Type Description
class Class The class name
clean boolean True if clean, false otherwise
nodeName String The name of the application
requestId Long The request ID
timeStamp Timestamp The timestamp
virusName String The virus name, if not clean


OpenVpnEvent


These events are created by OpenVPN and update the openvpn_events table when OpenVPN processes a client action.

Attribute Name Type Description
address InetAddress The address
class Class The class name
clientName String The client name
poolAddress InetAddress The pool address
timeStamp Timestamp The timestamp
type OpenVpnEvent$EventType The type


OpenVpnStatusEvent


These events are created by OpenVPN and update the openvpn_stats table periodically.

Attribute Name Type Description
address InetAddress The address
bytesRxDelta long The delta number of RX (received) bytes from the previous event
bytesRxTotal long The total number of RX (received) bytes
bytesTxDelta long The delta number of TX (transmitted) bytes from the previous event
bytesTxTotal long The total number of TX (transmitted) bytes
class Class The class name
clientName String The client name
end Timestamp The end
poolAddress InetAddress The pool address
port int The port
start Timestamp The start
timeStamp Timestamp The timestamp


SmtpMessageAddressEvent


These events are created by SMTP subsystem and inserted to the mail_addrs table for each address on each email.

Attribute Name Type Description
addr String The address
class Class The class name
kind AddressKind The type for this address (F=From, T=To, C=CC, G=Envelope From, B=Envelope To, X=Unknown)
messageId Long The message ID
personal String personal
timeStamp Timestamp The timestamp


SmtpMessageEvent


These events are created by SMTP subsystem and inserted to the mail_msgs table for each email.

Attribute Name Type Description
addresses Set The addresses
class Class The class name
envelopeFromAddress String The envelop FROM address
envelopeToAddress String The envelope TO address
messageId Long The message ID
receiver String The receiver
sender String The sender
sessionEvent SessionEvent The session event
sessionId Long The session ID
subject String The subject
timeStamp Timestamp The timestamp
tmpFile File The /tmp file


LoginEvent


These events are created by Directory Connector and inserted to the directory_connector_login_events table for each login.

Attribute Name Type Description
class Class The class name
clientAddr InetAddress The client address
domain String The domain
event String The event
loginName String The login name
timeStamp Timestamp The timestamp