Database Schema: Difference between revisions

From Edge Threat Management Wiki - Arista
Jump to navigationJump to search
No edit summary
 
(12 intermediate revisions by 4 users not shown)
Line 1: Line 1:
[[Category:Reports]]
= Database Tables =
The global DB schema shows the tables and columns used for tracking all logged events in Untangle. These can be used to add conditions to reports and event logs and in the reporting system to create or edit reports.


== ipsec_tunnel_stats ==  
== configuration_backup_events ==  
<section begin='ipsec_tunnel_stats' />
<section begin='configuration_backup_events' />


{| border="1" cellpadding="2" width="90%%" align="center"
{| border="1" cellpadding="2" width="90%%" align="center"
Line 16: Line 15:
|The time of the event
|The time of the event
|-
|-
|tunnel_name
|success
|Tunnel Name
|Success
|boolean
|The result of the backup (true if the backup succeeded, false otherwise)
|-
|description
|Text detail of the event
|text
|text
|The name of the IPsec tunnel
|Text detail of the event
|-
|-
|in_bytes
|destination
|In Bytes
|Destination
|bigint
|text
|The number of bytes received during this time frame
|The location of the backup
|-
|out_bytes
|Out Bytes
|bigint
|The number of bytes transmitted during this time frame
|-
|-
|event_id
|event_id
Line 37: Line 36:
|-
|-
|}
|}
<section end='ipsec_tunnel_stats' />
<section end='configuration_backup_events' />
()


== http_events ==
<section begin='http_events' />


== ipsec_user_events ==
{| border="1" cellpadding="2" width="90%%" align="center"
<section begin='ipsec_user_events' />
 
{| border="1" cellpadding="2" width="90%%" align="center"
!Column Name
!Column Name
!Human Name
!Human Name
Line 49: Line 48:
!Description
!Description
|-
|-
|event_id
|request_id
|Event ID
|Request ID
|bigint
|bigint
|The unique event ID
|The HTTP request ID
|-
|-
|time_stamp
|time_stamp
Line 59: Line 58:
|The time of the event
|The time of the event
|-
|-
|connect_stamp
|session_id
|Connect Time
|Session ID
|timestamp without time zone
|bigint
|The time the connection started
|The session
|-
|-
|goodbye_stamp
|client_intf
|End Time
|Client Interface
|timestamp without time zone
|smallint
|The time the connection ended
|The client interface
|-
|-
|client_address
|server_intf
|Client Address
|Server Interface
|text
|smallint
|The remote IP address of the client
|The server interface
|-
|-
|client_protocol
|c_client_addr
|Client Protocol
|Client-side Client Address
|text
|inet
|The protocol the client used to connect
|The client-side client IP address
|-
|-
|client_username
|s_client_addr
|Client Username
|Server-side Client Address
|text
|inet
|The username of the client
|The server-side client IP address
|-
|-
|net_process
|c_server_addr
|Net Process
|Client-side Server Address
|text
|inet
|The PID of the PPP process for L2TP connections or the connection ID for Xauth connections
|The client-side server IP address
|-
|-
|net_interface
|s_server_addr
|Net Interface
|Server-side Server Address
|text
|inet
|The PPP interface for L2TP connections or the client interface for Xauth connections
|The server-side server IP address
|-
|-
|elapsed_time
|c_client_port
|Elapsed Time
|Client-side Client Port
|text
|integer
|The total time the client was connected
|The client-side client port
|-
|s_client_port
|Server-side Client Port
|integer
|The server-side client port
|-
|-
|rx_bytes
|c_server_port
|Bytes Received
|Client-side Server Port
|bigint
|integer
|The number of bytes received from the client in this connection
|The client-side server port
|-
|-
|tx_bytes
|s_server_port
|Bytes Sent
|Server-side Server Port
|bigint
|integer
|The number of bytes sent to the client in this connection
|The server-side server port
|-
|-
|}
|client_country
<section end='ipsec_user_events' />
|Client Country
 
|text
 
|The client Country
== http_events ==
<section begin='http_events' />
 
{| border="1" cellpadding="2" width="90%%" align="center"
!Column Name
!Human Name
!Type
!Description
|-
|-
|request_id
|client_latitude
|Request ID
|Client Latitude
|bigint
|real
|The HTTP request ID
|The client Latitude
|-
|-
|time_stamp
|client_longitude
|Timestamp
|Client Longitude
|timestamp without time zone
|real
|The time of the event
|The client Longitude
|-
|-
|session_id
|server_country
|Session ID
|Server Country
|bigint
|text
|The session
|The server Country
|-
|server_latitude
|Server Latitude
|real
|The server Latitude
|-
|-
|client_intf
|server_longitude
|Client Interface
|Server Longitude
|smallint
|real
|The client interface
|The server Longitude
|-
|-
|server_intf
|policy_id
|Server Interface
|Policy ID
|smallint
|smallint
|The server interface
|The policy
|-
|-
|c_client_addr
|username
|Client-side Client Address
|Username
|inet
|text
|The client-side client IP address
|The username associated with this session
|-
|-
|s_client_addr
|hostname
|Server-side Client Address
|Hostname
|inet
|text
|The server-side client IP address
|The hostname of the local address
|-
|-
|c_server_addr
|method
|Client-side Server Address
|Method
|inet
|character(1)
|The client-side server IP address
|The HTTP method
|-
|-
|s_server_addr
|uri
|Server-side Server Address
|URI
|inet
|text
|The server-side server IP address
|The HTTP URI
|-
|-
|c_client_port
|host
|Client-side Client Port
|Host
|integer
|text
|The client-side client port
|The HTTP host
|-
|-
|s_client_port
|domain
|Server-side Client Port
|Domain
|integer
|text
|The server-side client port
|The HTTP domain (shortened host)
|-
|-
|c_server_port
|referer
|Client-side Server Port
|Referer
|integer
|text
|The client-side server port
|The Referer URL
|-
|-
|s_server_port
|c2s_content_length
|Server-side Server Port
|Client-to-server Content Length
|integer
|bigint
|The server-side server port
|The client-to-server content length
|-
|-
|policy_id
|s2c_content_length
|Policy ID
|Server-to-client Content Length
|smallint
|bigint
|The policy
|The server-to-client content length
|-
|-
|username
|s2c_content_type
|Username
|Server-to-client Content Type
|text
|text
|The username associated with this session
|The server-to-client content type
|-
|s2c_content_filename
|Server-to-client Content Disposition Filename
|text
|The server-to-client content disposition filename
|-
|-
|hostname
|ad_blocker_cookie_ident
|Hostname
|Ad Blocker Cookie
|text
|text
|The hostname of the local address
|This name of cookie blocked by Ad Blocker
|-
|-
|method
|ad_blocker_action
|Method
|Ad Blocker Action
|character(1)
|character(1)
|The HTTP method
|This action of Ad Blocker on this request
|-
|-
|uri
|web_filter_reason
|URI
|Reason for action (Web Filter)
|text
|character(1)
|The HTTP URI
|This reason Web Filter blocked/flagged this request
|-
|-
|host
|web_filter_category_id
|Host
|Web Category (Web Filter)
|text
|smallint
|The HTTP host
|This numeric category according to Web Filter
|-
|-
|domain
|web_filter_rule_id
|Domain
|Web Rule (Web Filter)
|text
|smallint
|The HTTP domain (shortened host)
|This numeric rule according to Web Filter
|-
|-
|referer
|web_filter_blocked
|Referer
|Blocked (Web Filter)
|text
|boolean
|The Referer URL
|If Web Filter blocked this request
|-
|-
|c2s_content_length
|web_filter_flagged
|Client-to-server Content Length
|Flagged (Web Filter)
|bigint
|boolean
|The client-to-server content length
|If Web Filter flagged this request
|-
|-
|s2c_content_length
|virus_blocker_lite_clean
|Server-to-client Content Length
|Virus Blocker Lite Clean
|bigint
|boolean
|The server-to-client content length
|The cleanliness of the file according to Virus Blocker Lite
|-
|-
|s2c_content_type
|virus_blocker_lite_name
|Server-to-client Content Type
|Virus Blocker Lite Name
|text
|text
|The server-to-client content type
|The name of the malware according to Virus Blocker Lite
|-
|-
|ad_blocker_cookie_ident
|virus_blocker_clean
|Ad Blocker Cookie
|Virus Blocker Clean
|text
|boolean
|This name of cookie blocked by Ad Blocker
|The cleanliness of the file according to Virus Blocker
|-
|-
|ad_blocker_action
|virus_blocker_name
|Ad Blocker Action
|Virus Blocker Name
|character(1)
|This action of Ad Blocker on this request
|-
|web_filter_lite_reason
|Web Filter Lite Reason
|character(1)
|This reason Web Filter Lite blocked/flagged this request
|-
|web_filter_lite_category
|Web Filter Lite Category
|text
|text
|This category according to Web Filter Lite
|The name of the malware according to Virus Blocker
|-
|-
|web_filter_lite_blocked
|threat_prevention_blocked
|Web Filter Lite Blocked
|Threat Prevention Blocked
|boolean
|boolean
|If Web Filter Lite blocked this request
|If Threat Prevention blocked this request
|-
|-
|web_filter_lite_flagged
|threat_prevention_flagged
|Web Filter Lite Flagged
|Threat Prevention Flagged
|boolean
|boolean
|If Web Filter Lite flagged this request
|If Threat Prevention flagged this request
|-
|-
|web_filter_reason
|threat_prevention_rule_id
|Web Filter Reason
|Threat Prevention Rule Id
|character(1)
|integer
|This reason Web Filter blocked/flagged this request
|This numeric rule according to Threat Prevention
|-
|-
|web_filter_category
|threat_prevention_reputation
|Web Filter Category
|Threat Prevention Reputation
|text
|smallint
|This category according to Web Filter
|This numeric threat reputation
|-
|-
|web_filter_blocked
|threat_prevention_categories
|Web Filter Blocked
|Threat Prevention Categories
|boolean
|integer
|If Web Filter blocked this request
|This bitmask of threat categories
|-
|-
|web_filter_flagged
|}
|Web Filter Flagged
<section end='http_events' />
|boolean
()
|If Web Filter flagged this request
 
|-
== intrusion_prevention_events ==  
|virus_blocker_lite_clean
<section begin='intrusion_prevention_events' />
|Virus Blocker Lite Clean
 
|boolean
|The cleanliness of the file according to Virus Blocker Lite
|-
|virus_blocker_lite_name
|Virus Blocker Lite Name
|text
|The name of the malware according to Virus Blocker Lite
|-
|virus_blocker_clean
|Virus Blocker Clean
|boolean
|The cleanliness of the file according to Virus Blocker
|-
|virus_blocker_name
|Virus Blocker Name
|text
|The name of the malware according to Virus Blocker
|-
|}
<section end='http_events' />
 
 
== captive_portal_user_events ==  
<section begin='captive_portal_user_events' />
 
{| border="1" cellpadding="2" width="90%%" align="center"
{| border="1" cellpadding="2" width="90%%" align="center"
!Column Name
!Column Name
Line 330: Line 301:
|The time of the event
|The time of the event
|-
|-
|policy_id
|sig_id
|Policy ID
|Signature ID
|bigint
|bigint
|The policy
|This ID of the rule
|-
|-
|event_id
|gen_id
|Event ID
|Grouping ID
|bigint
|bigint
|The unique event ID
|The grouping ID for the rule, The gen_id + sig_id specify the rule's unique identifier
|-
|-
|login_name
|class_id
|Login Name
|Classtype ID
|text
|bigint
|The login username
|The numeric ID for the classtype
|-
|-
|event_info
|source_addr
|Event Type
|Source Address
|text
|inet
|The type of event (LOGIN, FAILED, TIMEOUT, INACTIVE, USER_LOGOUT, ADMIN_LOGOUT)
|The source IP address of the packet
|-
|-
|auth_type
|source_port
|Authorization Type
|Source Port
|text
|integer
|The authorization type for this event
|The source port of the packet (if applicable)
|-
|-
|client_addr
|dest_addr
|Client Address
|Destination Address
|text
|inet
|The remote IP address of the client
|The destination IP address of the packet
|-
|-
|}
|dest_port
<section end='captive_portal_user_events' />
|Destination Port
 
|integer
 
|The destination port of the packet (if applicable)
== server_events ==
<section begin='server_events' />
 
{| border="1" cellpadding="2" width="90%%" align="center"
!Column Name
!Human Name
!Type
!Description
|-
|-
|time_stamp
|protocol
|Timestamp
|Protocol
|timestamp without time zone
|integer
|The time of the event
|The protocol of the packet
|-
|-
|load_1
|blocked
|CPU load (1-min)
|Blocked
|numeric(6,2)
|boolean
|The 1-minute CPU load
|If the packet was blocked/dropped
|-
|category
|Category
|text
|The application specific grouping for the signature
|-
|-
|load_5
|classtype
|CPU load (5-min)
|Classtype
|numeric(6,2)
|text
|The 5-minute CPU load
|The generalized threat signature grouping (unrelated to gen_id)
|-
|-
|load_15
|msg
|CPU load (15-min)
|Message
|numeric(6,2)
|text
|The 15-minute CPU load
|The "title" or "description" of the signature
|-
|-
|cpu_user
|rid
|CPU User Utilization
|Rule ID
|numeric(6,3)
|text
|The user CPU percent utilization
|The rule id
|-
|-
|cpu_system
|rule_id
|CPU System Utilization
|Rule ID
|numeric(6,3)
|text
|The system CPU percent utilization
|The rule id
|-
|-
|mem_total
|}
|Total Memory
<section end='intrusion_prevention_events' />
|bigint
()
|The total bytes of memory
 
== smtp_tarpit_events ==
<section begin='smtp_tarpit_events' />
 
{| border="1" cellpadding="2" width="90%%" align="center"
!Column Name
!Human Name
!Type
!Description
|-
|-
|mem_free
|time_stamp
|Memory Free
|Timestamp
|bigint
|timestamp without time zone
|The number of free bytes of memory
|The time of the event
|-
|-
|disk_total
|ipaddr
|Disk Size
|Client Address
|bigint
|inet
|The total disk size in bytes
|The client IP address
|-
|-
|disk_free
|hostname
|Disk Free
|Hostname
|text
|The hostname of the local address
|-
|policy_id
|Policy ID
|bigint
|bigint
|The free disk space in bytes
|The policy
|-
|-
|swap_total
|vendor_name
|Swap Size
|Vendor Name
|bigint
|character varying(255)
|The total swap size in bytes
|The "vendor name" of the app that logged the event
|-
|-
|swap_free
|event_id
|Swap Free
|Event ID
|bigint
|bigint
|The free disk swap in bytes
|The unique event ID
|-
|active_hosts
|Active Hosts
|integer
|The number of active hosts
|-
|-
|}
|}
<section end='server_events' />
<section end='smtp_tarpit_events' />
()


 
== ipsec_user_events ==  
== interface_stat_events ==  
<section begin='ipsec_user_events' />
<section begin='interface_stat_events' />


{| border="1" cellpadding="2" width="90%%" align="center"
{| border="1" cellpadding="2" width="90%%" align="center"
Line 450: Line 426:
!Type
!Type
!Description
!Description
|-
|event_id
|Event ID
|bigint
|The unique event ID
|-
|-
|time_stamp
|time_stamp
Line 456: Line 437:
|The time of the event
|The time of the event
|-
|-
|interface_id
|connect_stamp
|Interface ID
|Connect Time
|integer
|timestamp without time zone
|The interface ID
|The time the connection started
|-
|-
|rx_rate
|goodbye_stamp
|Rx Rate
|End Time
|double precision
|timestamp without time zone
|The RX rate (bytes/s)
|The time the connection ended
|-
|-
|tx_rate
|client_address
|Tx Rate
|Client Address
|double precision
|text
|The TX rate (bytes/s)
|The remote IP address of the client
|-
|-
|}
|client_protocol
<section end='interface_stat_events' />
|Client Protocol
 
|text
 
|The protocol the client used to connect
== openvpn_stats ==
<section begin='openvpn_stats' />
 
{| border="1" cellpadding="2" width="90%%" align="center"
!Column Name
!Human Name
!Type
!Description
|-
|-
|time_stamp
|client_username
|Timestamp
|Client Username
|timestamp without time zone
|text
|The time of the event
|The username of the client
|-
|-
|start_time
|net_process
|Start Time
|Net Process
|timestamp without time zone
|text
|The time the OpenVPN session started
|The PID of the PPP process for L2TP connections or the connection ID for Xauth connections
|-
|-
|end_time
|net_interface
|End Time
|Net Interface
|timestamp without time zone
|text
|The time the OpenVPN session ended
|The PPP interface for L2TP connections or the client interface for Xauth connections
|-
|elapsed_time
|Elapsed Time
|text
|The total time the client was connected
|-
|-
|rx_bytes
|rx_bytes
|Bytes Received
|Bytes Received
|bigint
|bigint
|The total bytes received from the client during this session
|The number of bytes received from the client in this connection
|-
|-
|tx_bytes
|tx_bytes
|Bytes Sent
|Bytes Sent
|bigint
|bigint
|The total bytes sent to the client during this session
|The number of bytes sent to the client in this connection
|-
|-
|remote_address
|}
|Remote Address
<section end='ipsec_user_events' />
|inet
()
|The remote IP address of the client
 
== ipsec_vpn_events ==
<section begin='ipsec_vpn_events' />
 
{| border="1" cellpadding="2" width="90%%" align="center"
!Column Name
!Human Name
!Type
!Description
|-
|-
|pool_address
|event_id
|Pool Address
|Event ID
|inet
|bigint
|The pool IP address of the client
|The unique event ID
|-
|-
|remote_port
|time_stamp
|Remote Port
|Timestamp
|integer
|timestamp without time zone
|The remote port of the client
|The time of the event
|-
|local_address
|Local Address
|text
|The local address of the tunnel
|-
|remote_address
|Remote Address
|text
|The remote address of the tunnel
|-
|-
|client_name
|tunnel_description
|Client Name
|Tunnel Description
|text
|text
|The name of the client
|The description of the tunnel
|-
|-
|event_id
|event_type
|Event ID
|Event Type
|bigint
|text
|The unique event ID
|The type of the event (CONNECT,DISCONNECT)
|-
|-
|}
|}
<section end='openvpn_stats' />
<section end='ipsec_vpn_events' />
()


 
== ipsec_tunnel_stats ==  
== openvpn_events ==  
<section begin='ipsec_tunnel_stats' />
<section begin='openvpn_events' />


{| border="1" cellpadding="2" width="90%%" align="center"
{| border="1" cellpadding="2" width="90%%" align="center"
Line 552: Line 548:
|The time of the event
|The time of the event
|-
|-
|remote_address
|tunnel_name
|Remote Address
|Tunnel Name
|inet
|text
|The remote IP address of the client
|The name of the IPsec tunnel
|-
|-
|pool_address
|in_bytes
|Pool Address
|In Bytes
|inet
|bigint
|The pool IP address of the client
|The number of bytes received during this time frame
|-
|-
|client_name
|out_bytes
|Client Name
|Out Bytes
|text
|bigint
|The name of the client
|The number of bytes transmitted during this time frame
|-
|-
|type
|event_id
|Type
|Event ID
|text
|bigint
|The type of the event (CONNECT/DISCONNECT)
|The unique event ID
|-
|-
|}
|}
<section end='openvpn_events' />
<section end='ipsec_tunnel_stats' />
()


== http_query_events ==
<section begin='http_query_events' />


== mail_msgs ==
{| border="1" cellpadding="2" width="90%%" align="center"
<section begin='mail_msgs' />
 
{| border="1" cellpadding="2" width="90%%" align="center"
!Column Name
!Column Name
!Human Name
!Human Name
!Type
!Type
!Description
!Description
|-
|event_id
|Event ID
|bigint
|The unique event ID
|-
|-
|time_stamp
|time_stamp
Line 654: Line 655:
|text
|text
|The username associated with this session
|The username associated with this session
|-
|msg_id
|Message ID
|bigint
|The message ID
|-
|subject
|Subject
|text
|The email subject
|-
|-
|hostname
|hostname
Line 670: Line 661:
|The hostname of the local address
|The hostname of the local address
|-
|-
|event_id
|request_id
|Event ID
|Request ID
|bigint
|bigint
|The unique event ID
|The HTTP request ID
|-
|-
|sender
|method
|Sender
|Method
|text
|character(1)
|The address of the sender
|The HTTP method
|-
|-
|receiver
|uri
|Receiver
|URI
|text
|text
|The address of the receiver
|The HTTP URI
|-
|-
|virus_blocker_lite_clean
|term
|Virus Blocker Lite Clean
|Search Term
|boolean
|text
|The cleanliness of the file according to Virus Blocker Lite
|The search term
|-
|-
|virus_blocker_lite_name
|host
|Virus Blocker Lite Name
|Host
|text
|text
|The name of the malware according to Virus Blocker Lite
|The HTTP host
|-
|-
|virus_blocker_clean
|c2s_content_length
|Virus Blocker Clean
|Client-to-server Content Length
|boolean
|bigint
|The cleanliness of the file according to Virus Blocker
|The client-to-server content length
|-
|virus_blocker_name
|Virus Blocker Name
|text
|The name of the malware according to Virus Blocker
|-
|-
|spam_blocker_lite_score
|s2c_content_length
|Spam Blocker Lite Score
|Server-to-client Content Length
|real
|bigint
|The score of the email according to Spam Blocker Lite
|The server-to-client content length
|-
|-
|spam_blocker_lite_is_spam
|s2c_content_type
|Spam Blocker Lite Spam
|Server-to-client Content Type
|boolean
|The spam status of the email according to Spam Blocker Lite
|-
|spam_blocker_lite_tests_string
|Spam Blocker Lite Tests
|text
|text
|The tess results for Spam Blocker Lite
|The server-to-client content type
|-
|-
|spam_blocker_lite_action
|blocked
|Spam Blocker Lite Action
|Blocked
|character(1)
|boolean
|The action taken by Spam Blocker Lite
|If Web Filter blocked this search term
|-
|-
|spam_blocker_score
|flagged
|Spam Blocker Score
|Flagged
|real
|boolean
|The score of the email according to Spam Blocker
|If Web Filter flagged this search term
|-
|-
|spam_blocker_is_spam
|}
|Spam Blocker Spam
<section end='http_query_events' />
|boolean
()
|The spam status of the email according to Spam Blocker
 
== admin_logins ==
<section begin='admin_logins' />
 
{| border="1" cellpadding="2" width="90%%" align="center"
!Column Name
!Human Name
!Type
!Description
|-
|time_stamp
|Timestamp
|timestamp without time zone
|The time of the event
|-
|-
|spam_blocker_tests_string
|login
|Spam Blocker Tests
|Login
|text
|text
|The tess results for Spam Blocker
|The login name
|-
|-
|spam_blocker_action
|local
|Spam Blocker Action
|Local
|character(1)
|boolean
|The action taken by Spam Blocker
|True if it is a login attempt through a local process
|-
|-
|phish_blocker_score
|client_addr
|Phish Blocker Score
|Client Address
|real
|inet
|The score of the email according to Phish Blocker
|The client IP address
|-
|-
|phish_blocker_is_spam
|succeeded
|Phish Blocker Phish
|Succeeded
|boolean
|boolean
|The phish status of the email according to Phish Blocker
|True if the login succeeded, false otherwise
|-
|-
|phish_blocker_tests_string
|reason
|Phish Blocker Tests
|Reason
|text
|The tess results for Phish Blocker
|-
|phish_blocker_action
|Phish Blocker Action
|character(1)
|character(1)
|The action taken by Phish Blocker
|The reason for the login (if applicable)
|-
|-
|}
|}
<section end='mail_msgs' />
<section end='admin_logins' />
()


 
== sessions ==  
== mail_addrs ==  
<section begin='sessions' />
<section begin='mail_addrs' />


{| border="1" cellpadding="2" width="90%%" align="center"
{| border="1" cellpadding="2" width="90%%" align="center"
Line 778: Line 767:
!Description
!Description
|-
|-
|time_stamp
|session_id
|Session ID
|bigint
|The session
|-
|time_stamp
|Timestamp
|Timestamp
|timestamp without time zone
|timestamp without time zone
|The time of the event
|The time of the event
|-
|-
|session_id
|end_time
|Session ID
|End Time
|bigint
|timestamp without time zone
|The session
|The time the session ended
|-
|bypassed
|Bypassed
|boolean
|True if the session was bypassed, false otherwise
|-
|-
|client_intf
|entitled
|Client Interface
|Entitled
|smallint
|boolean
|The client interface
|True if the session is entitled to premium functionality
|-
|-
|server_intf
|protocol
|Server Interface
|Protocol
|smallint
|smallint
|The server interface
|The IP protocol of session
|-
|-
|c_client_addr
|icmp_type
|Client-side Client Address
|ICMP Type
|inet
|smallint
|The client-side client IP address
|The ICMP type of session if ICMP
|-
|-
|s_client_addr
|hostname
|Server-side Client Address
|Hostname
|inet
|text
|The server-side client IP address
|The hostname of the local address
|-
|-
|c_server_addr
|username
|Client-side Server Address
|Username
|inet
|text
|The client-side server IP address
|The username associated with this session
|-
|-
|s_server_addr
|policy_id
|Server-side Server Address
|Policy ID
|inet
|smallint
|The server-side server IP address
|The policy
|-
|-
|c_client_port
|policy_rule_id
|Client-side Client Port
|Policy Rule ID
|integer
|smallint
|The client-side client port
|The ID of the matching policy rule (0 means none)
|-
|local_addr
|Local Address
|inet
|The IP address of the local participant
|-
|remote_addr
|Remote Address
|inet
|The IP address of the remote participant
|-
|c_client_addr
|Client-side Client Address
|inet
|The client-side client IP address
|-
|-
|s_client_port
|c_server_addr
|Server-side Client Port
|Client-side Server Address
|integer
|inet
|The server-side client port
|The client-side server IP address
|-
|-
|c_server_port
|c_server_port
Line 833: Line 847:
|The client-side server port
|The client-side server port
|-
|-
|s_server_port
|c_client_port
|Server-side Server Port
|Client-side Client Port
|integer
|integer
|The server-side server port
|The client-side client port
|-
|s_client_addr
|Server-side Client Address
|inet
|The server-side client IP address
|-
|-
|policy_id
|s_server_addr
|Policy ID
|Server-side Server Address
|bigint
|inet
|The policy
|The server-side server IP address
|-
|-
|username
|s_server_port
|Username
|Server-side Server Port
|text
|integer
|The username associated with this session
|The server-side server port
|-
|-
|msg_id
|s_client_port
|Message ID
|Server-side Client Port
|bigint
|integer
|The message ID
|The server-side client port
|-
|-
|subject
|client_intf
|Subject
|Client Interface
|text
|smallint
|The email subject
|The client interface
|-
|-
|addr
|server_intf
|Address
|Server Interface
|text
|smallint
|The address of this event
|The server interface
|-
|-
|addr_name
|client_country
|Address Name
|Client Country
|text
|text
|The name for this address
|The client Country
|-
|-
|addr_kind
|client_latitude
|Address Kind
|Client Latitude
|character(1)
|real
|The type for this address (F=From, T=To, C=CC, G=Envelope From, B=Envelope To, X=Unknown)
|The client Latitude
|-
|-
|hostname
|client_longitude
|Hostname
|Client Longitude
|real
|The client Longitude
|-
|server_country
|Server Country
|text
|text
|The hostname of the local address
|The server Country
|-
|-
|event_id
|server_latitude
|Event ID
|Server Latitude
|bigint
|real
|The unique event ID
|The server Latitude
|-
|-
|sender
|server_longitude
|Sender
|Server Longitude
|text
|real
|The address of the sender
|The server Longitude
|-
|-
|virus_blocker_lite_clean
|c2p_bytes
|Virus Blocker Lite Clean
|From-Client Bytes
|boolean
|bigint
|The cleanliness of the file according to Virus Blocker Lite
|The number of bytes the client sent to Untangle (client-to-pipeline)
|-
|-
|virus_blocker_lite_name
|p2c_bytes
|Virus Blocker Lite Name
|To-Client Bytes
|text
|bigint
|The name of the malware according to Virus Blocker Lite
|The number of bytes Untangle sent to client (pipeline-to-client)
|-
|s2p_bytes
|From-Server Bytes
|bigint
|The number of bytes the server sent to Untangle (client-to-pipeline)
|-
|-
|virus_blocker_clean
|p2s_bytes
|Virus Blocker Clean
|To-Server Bytes
|boolean
|bigint
|The cleanliness of the file according to Virus Blocker
|The number of bytes Untangle sent to server (pipeline-to-client)
|-
|-
|virus_blocker_name
|filter_prefix
|Virus Blocker Name
|Filter Block
|text
|text
|The name of the malware according to Virus Blocker
|The network filter that blocked the connection (filter,shield,invalid)
|-
|-
|spam_blocker_lite_score
|firewall_blocked
|Spam Blocker Lite Score
|Firewall Blocked
|real
|boolean
|The score of the email according to Spam Blocker Lite
|True if Firewall blocked the session, false otherwise
|-
|-
|spam_blocker_lite_is_spam
|firewall_flagged
|Spam Blocker Lite Spam
|Firewall Flagged
|boolean
|boolean
|The spam status of the email according to Spam Blocker Lite
|True if Firewall flagged the session, false otherwise
|-
|-
|spam_blocker_lite_action
|firewall_rule_index
|Spam Blocker Lite Action
|Firewall Rule ID
|character(1)
|integer
|The action taken by Spam Blocker Lite
|The matching rule in Firewall (if any)
|-
|-
|spam_blocker_lite_tests_string
|threat_prevention_blocked
|Spam Blocker Lite Tests
|Threat Prevention Blocked
|text
|boolean
|The tess results for Spam Blocker Lite
|If Threat Prevention blocked
|-
|-
|spam_blocker_score
|threat_prevention_flagged
|Spam Blocker Score
|Threat Prevention Flagged
|real
|The score of the email according to Spam Blocker
|-
|spam_blocker_is_spam
|Spam Blocker Spam
|boolean
|boolean
|The spam status of the email according to Spam Blocker
|If Threat Prevention flagged
|-
|-
|spam_blocker_action
|threat_prevention_reason
|Spam Blocker Action
|Threat Prevention Reason
|character(1)
|character(1)
|The action taken by Spam Blocker
|Threat Prevention reason
|-
|-
|spam_blocker_tests_string
|threat_prevention_rule_id
|Spam Blocker Tests
|Threat Prevention Rule Id
|text
|integer
|The tess results for Spam Blocker
|Numeric rule id of Threat Prevention
|-
|-
|phish_blocker_score
|threat_prevention_client_reputation
|Phish Blocker Score
|Threat Prevention Client Reputation
|real
|smallint
|The score of the email according to Phish Blocker
|Numeric client reputation of Threat Prevention
|-
|threat_prevention_client_categories
|Threat Prevention Client Categories
|integer
|Bitmask client categories of Threat Prevention
|-
|threat_prevention_server_reputation
|Threat Prevention Server Reputation
|smallint
|Numeric server reputation of Threat Prevention
|-
|-
|phish_blocker_is_spam
|threat_prevention_server_categories
|Phish Blocker Phish
|Threat Prevention Server Categories
|boolean
|integer
|The phish status of the email according to Phish Blocker
|Bitmask server categories of Threat Prevention
|-
|-
|phish_blocker_tests_string
|application_control_lite_protocol
|Phish Blocker Tests
|Application Control Lite Protocol
|text
|text
|The tess results for Phish Blocker
|The application protocol according to Application Control Lite
|-
|-
|phish_blocker_action
|application_control_lite_blocked
|Phish Blocker Action
|Application Control Lite Blocked
|character(1)
|boolean
|The action taken by Phish Blocker
|True if Application Control Lite blocked the session
|-
|-
|}
|captive_portal_blocked
<section end='mail_addrs' />
|Captive Portal Blocked
 
|boolean
 
|True if Captive Portal blocked the session
== smtp_tarpit_events ==
<section begin='smtp_tarpit_events' />
 
{| border="1" cellpadding="2" width="90%%" align="center"
!Column Name
!Human Name
!Type
!Description
|-
|-
|time_stamp
|captive_portal_rule_index
|Timestamp
|Captive Portal Rule ID
|timestamp without time zone
|integer
|The time of the event
|The matching rule in Captive Portal (if any)
|-
|-
|ipaddr
|application_control_application
|Client Address
|Application Control Application
|inet
|text
|The client IP address
|The application according to Application Control
|-
|-
|hostname
|application_control_protochain
|Hostname
|Application Control Protochain
|text
|text
|The hostname of the local address
|The protochain according to Application Control
|-
|-
|policy_id
|application_control_category
|Policy ID
|Application Control Category
|bigint
|text
|The policy
|The category according to Application Control
|-
|application_control_blocked
|Application Control Blocked
|boolean
|True if Application Control blocked the session
|-
|-
|vendor_name
|application_control_flagged
|Vendor Name
|Application Control Flagged
|character varying(255)
|boolean
|The "vendor name" of the app that logged the event
|True if Application Control flagged the session
|-
|-
|event_id
|application_control_confidence
|Event ID
|Application Control Confidence
|bigint
|integer
|The unique event ID
|True if Application Control confidence of this session's identification
|-
|-
|}
|application_control_ruleid
<section end='smtp_tarpit_events' />
|Application Control Rule ID
 
|integer
 
|The matching rule in Application Control (if any)
== ftp_events ==
<section begin='ftp_events' />
 
{| border="1" cellpadding="2" width="90%%" align="center"
!Column Name
!Human Name
!Type
!Description
|-
|-
|event_id
|application_control_detail
|Event ID
|Application Control Detail
|bigint
|text
|The unique event ID
|The text detail from the Application Control engine
|-
|-
|time_stamp
|bandwidth_control_priority
|Timestamp
|Bandwidth Control Priority
|timestamp without time zone
|integer
|The time of the event
|The priority given to this session
|-
|-
|session_id
|bandwidth_control_rule
|Session ID
|Bandwidth Control Rule ID
|bigint
|integer
|The session
|The matching rule in Bandwidth Control rule (if any)
|-
|-
|client_intf
|ssl_inspector_ruleid
|Client Interface
|SSL Inspector Rule ID
|smallint
|integer
|The client interface
|The matching rule in SSL Inspector rule (if any)
|-
|-
|server_intf
|ssl_inspector_status
|Server Interface
|SSL Inspector Status
|smallint
|text
|The server interface
|The status/action of the SSL session (INSPECTED,IGNORED,BLOCKED,UNTRUSTED,ABANDONED)
|-
|-
|c_client_addr
|ssl_inspector_detail
|Client-side Client Address
|SSL Inspector Detail
|inet
|text
|The client-side client IP address
|Additional text detail about the SSL connection (SNI, IP Address)
|-
|-
|s_client_addr
|tags
|Server-side Client Address
|Tags
|inet
|text
|The server-side client IP address
|The tags on this session
|-
|-
|c_server_addr
|}
|Client-side Server Address
<section end='sessions' />
|inet
()
|The client-side server IP address
 
== session_minutes ==
<section begin='session_minutes' />
 
{| border="1" cellpadding="2" width="90%%" align="center"
!Column Name
!Human Name
!Type
!Description
|-
|session_id
|Session ID
|bigint
|The session
|-
|-
|s_server_addr
|time_stamp
|Server-side Server Address
|Timestamp
|inet
|timestamp without time zone
|The server-side server IP address
|The time of the event
|-
|-
|policy_id
|c2s_bytes
|Policy ID
|From-Client Bytes
|bigint
|bigint
|The policy
|The number of bytes the client sent
|-
|-
|username
|s2c_bytes
|Username
|From-Server Bytes
|text
|bigint
|The username associated with this session
|The number of bytes the server sent
|-
|-
|hostname
|start_time
|Hostname
|Start Time
|text
|timestamp without time zone
|The hostname of the local address
|The start time of the session
|-
|-
|request_id
|end_time
|Request ID
|End Time
|bigint
|timestamp without time zone
|The FTP request ID
|The time the session ended
|-
|-
|method
|bypassed
|Method
|Bypassed
|character(1)
|boolean
|The FTP method
|True if the session was bypassed, false otherwise
|-
|-
|uri
|entitled
|URI
|Entitled
|text
|The FTP URI
|-
|virus_blocker_lite_clean
|Virus Blocker Lite Clean
|boolean
|boolean
|The cleanliness of the file according to Virus Blocker Lite
|True if the session is entitled to premium functionality
|-
|-
|virus_blocker_lite_name
|protocol
|Virus Blocker Lite Name
|Protocol
|text
|smallint
|The name of the malware according to Virus Blocker Lite
|The IP protocol of session
|-
|-
|virus_blocker_clean
|icmp_type
|Virus Blocker Clean
|ICMP Type
|boolean
|smallint
|The cleanliness of the file according to Virus Blocker
|The ICMP type of session if ICMP
|-
|-
|virus_blocker_name
|hostname
|Virus Blocker Name
|Hostname
|text
|text
|The name of the malware according to Virus Blocker
|The hostname of the local address
|-
|-
|}
|username
<section end='ftp_events' />
|Username
 
|text
 
|The username associated with this session
== wan_failover_test_events ==
<section begin='wan_failover_test_events' />
 
{| border="1" cellpadding="2" width="90%%" align="center"
!Column Name
!Human Name
!Type
!Description
|-
|-
|time_stamp
|policy_id
|Timestamp
|Policy ID
|timestamp without time zone
|smallint
|The time of the event
|The policy
|-
|-
|interface_id
|policy_rule_id
|Interface ID
|Policy Rule ID
|integer
|smallint
|This interface ID
|The ID of the matching policy rule (0 means none)
|-
|-
|name
|local_addr
|Interface Name
|Local Address
|text
|inet
|This name of the interface
|The IP address of the local participant
|-
|-
|description
|remote_addr
|Text detail of the event
|Remote Address
|text
|inet
|The description from the test rule
|The IP address of the remote participant
|-
|-
|success
|c_client_addr
|Success
|Client-side Client Address
|boolean
|inet
|The result of the test (true if the test succeeded, false otherwise)
|The client-side client IP address
|-
|-
|event_id
|c_server_addr
|Event ID
|Client-side Server Address
|bigint
|inet
|The unique event ID
|The client-side server IP address
|-
|-
|}
|c_server_port
<section end='wan_failover_test_events' />
|Client-side Server Port
 
|integer
 
|The client-side server port
== wan_failover_action_events ==
<section begin='wan_failover_action_events' />
 
{| border="1" cellpadding="2" width="90%%" align="center"
!Column Name
!Human Name
!Type
!Description
|-
|-
|time_stamp
|c_client_port
|Timestamp
|Client-side Client Port
|timestamp without time zone
|The time of the event
|-
|interface_id
|Interface ID
|integer
|integer
|This interface ID
|The client-side client port
|-
|-
|action
|s_client_addr
|Action
|Server-side Client Address
|text
|inet
|This action (CONNECTED/DISCONNECTED)
|The server-side client IP address
|-
|-
|os_name
|s_server_addr
|Interface O/S Name
|Server-side Server Address
|text
|inet
|This O/S name of the interface
|The server-side server IP address
|-
|s_server_port
|Server-side Server Port
|integer
|The server-side server port
|-
|-
|name
|s_client_port
|Interface Name
|Server-side Client Port
|text
|integer
|This name of the interface
|The server-side client port
|-
|-
|event_id
|client_intf
|Event ID
|Client Interface
|bigint
|smallint
|The unique event ID
|The client interface
|-
|-
|}
|server_intf
<section end='wan_failover_action_events' />
|Server Interface
 
|smallint
 
|The server interface
== intrusion_prevention_events ==
<section begin='intrusion_prevention_events' />
 
{| border="1" cellpadding="2" width="90%%" align="center"
!Column Name
!Human Name
!Type
!Description
|-
|-
|time_stamp
|client_country
|Timestamp
|Client Country
|timestamp without time zone
|text
|The time of the event
|The client Country
|-
|-
|sig_id
|client_latitude
|Signature ID
|Client Latitude
|bigint
|real
|This ID of the rule
|The client Latitude
|-
|-
|gen_id
|client_longitude
|Grouping ID
|Client Longitude
|bigint
|real
|The grouping ID for the rule, The gen_id + sig_id specify the rule's unique identifier
|The client Longitude
|-
|-
|class_id
|server_country
|Classtype ID
|Server Country
|bigint
|text
|The numeric ID for the classtype
|The server Country
|-
|-
|source_addr
|server_latitude
|Source Address
|Server Latitude
|inet
|real
|The source IP address of the packet
|The server Latitude
|-
|-
|source_port
|server_longitude
|Source Port
|Server Longitude
|integer
|real
|The source port of the packet (if applicable)
|The server Longitude
|-
|-
|dest_addr
|filter_prefix
|Destination Address
|Filter Block
|inet
|text
|The destination IP address of the packet
|The network filter that blocked the connection (filter,shield,invalid)
|-
|-
|dest_port
|firewall_blocked
|Destination Port
|Firewall Blocked
|integer
|boolean
|The destination port of the packet (if applicable)
|True if Firewall blocked the session, false otherwise
|-
|firewall_flagged
|Firewall Flagged
|boolean
|True if Firewall flagged the session, false otherwise
|-
|-
|protocol
|firewall_rule_index
|Protocol
|Firewall Rule ID
|integer
|integer
|The protocol of the packet
|The matching rule in Firewall (if any)
|-
|-
|blocked
|threat_prevention_blocked
|Blocked
|Threat Prevention Blocked
|boolean
|boolean
|If the packet was blocked/dropped
|If Threat Prevention blocked
|-
|-
|category
|threat_prevention_flagged
|Category
|Threat Prevention Flagged
|text
|boolean
|The application specific grouping
|If Threat Prevention flagged
|-
|-
|classtype
|threat_prevention_reason
|Classtype
|Threat Prevention Reason
|text
|character(1)
|The generalized threat rule grouping (unrelated to gen_id)
|Threat Prevention reason
|-
|-
|msg
|threat_prevention_rule_id
|Message
|Threat Prevention Rule Id
|text
|integer
|The "title" or "description" of the rule
|Numeric rule id of Threat Prevention
|-
|-
|}
|threat_prevention_client_reputation
<section end='intrusion_prevention_events' />
|Threat Prevention Client Reputation
 
|smallint
 
|Numeric client reputation of Threat Prevention
== web_cache_stats ==
<section begin='web_cache_stats' />
 
{| border="1" cellpadding="2" width="90%%" align="center"
!Column Name
!Human Name
!Type
!Description
|-
|-
|time_stamp
|threat_prevention_client_categories
|Timestamp
|Threat Prevention Client Categories
|timestamp without time zone
|integer
|The time of the event
|Bitmask client categories of Threat Prevention
|-
|-
|hits
|threat_prevention_server_reputation
|Hits
|Threat Prevention Server Reputation
|bigint
|smallint
|The number of cache hits during this time frame
|Numeric server reputation of Threat Prevention
|-
|-
|misses
|threat_prevention_server_categories
|Misses
|Threat Prevention Server Categories
|bigint
|integer
|The number of cache misses during this time frame
|Bitmask server categories of Threat Prevention
|-
|-
|bypasses
|application_control_lite_protocol
|Bypasses
|Application Control Lite Protocol
|bigint
|text
|The number of cache user bypasses during this time frame
|The application protocol according to Application Control Lite
|-
|-
|systems
|application_control_lite_blocked
|System bypasses
|Application Control Lite Blocked
|bigint
|boolean
|The number of cache system bypasses during this time frame
|True if Application Control Lite blocked the session
|-
|-
|hit_bytes
|captive_portal_blocked
|Hit Bytes
|Captive Portal Blocked
|bigint
|boolean
|The number of bytes saved from cache hits
|True if Captive Portal blocked the session
|-
|-
|miss_bytes
|captive_portal_rule_index
|Miss Bytes
|Captive Portal Rule ID
|bigint
|integer
|The number of bytes not saved from cache misses
|The matching rule in Captive Portal (if any)
|-
|-
|event_id
|application_control_application
|Event ID
|Application Control Application
|bigint
|text
|The unique event ID
|The application according to Application Control
|-
|-
|}
|application_control_protochain
<section end='web_cache_stats' />
|Application Control Protochain
 
|text
 
|The protochain according to Application Control
== http_query_events ==
<section begin='http_query_events' />
 
{| border="1" cellpadding="2" width="90%%" align="center"
!Column Name
!Human Name
!Type
!Description
|-
|-
|event_id
|application_control_category
|Event ID
|Application Control Category
|bigint
|text
|The unique event ID
|The category according to Application Control
|-
|-
|time_stamp
|application_control_blocked
|Timestamp
|Application Control Blocked
|timestamp without time zone
|boolean
|The time of the event
|True if Application Control blocked the session
|-
|-
|session_id
|application_control_flagged
|Session ID
|Application Control Flagged
|bigint
|boolean
|The session
|True if Application Control flagged the session
|-
|-
|client_intf
|application_control_confidence
|Client Interface
|Application Control Confidence
|smallint
|integer
|The client interface
|True if Application Control confidence of this session's identification
|-
|-
|server_intf
|application_control_ruleid
|Server Interface
|Application Control Rule ID
|smallint
|integer
|The server interface
|The matching rule in Application Control (if any)
|-
|-
|c_client_addr
|application_control_detail
|Client-side Client Address
|Application Control Detail
|inet
|text
|The client-side client IP address
|The text detail from the Application Control engine
|-
|-
|s_client_addr
|bandwidth_control_priority
|Server-side Client Address
|Bandwidth Control Priority
|inet
|The server-side client IP address
|-
|c_server_addr
|Client-side Server Address
|inet
|The client-side server IP address
|-
|s_server_addr
|Server-side Server Address
|inet
|The server-side server IP address
|-
|c_client_port
|Client-side Client Port
|integer
|integer
|The client-side client port
|The priority given to this session
|-
|-
|s_client_port
|bandwidth_control_rule
|Server-side Client Port
|Bandwidth Control Rule ID
|integer
|integer
|The server-side client port
|The matching rule in Bandwidth Control rule (if any)
|-
|-
|c_server_port
|ssl_inspector_ruleid
|Client-side Server Port
|SSL Inspector Rule ID
|integer
|integer
|The client-side server port
|The matching rule in SSL Inspector rule (if any)
|-
|-
|s_server_port
|ssl_inspector_status
|Server-side Server Port
|SSL Inspector Status
|integer
|The server-side server port
|-
|policy_id
|Policy ID
|bigint
|The policy
|-
|username
|Username
|text
|text
|The username associated with this session
|The status/action of the SSL session (INSPECTED,IGNORED,BLOCKED,UNTRUSTED,ABANDONED)
|-
|-
|hostname
|ssl_inspector_detail
|Hostname
|SSL Inspector Detail
|text
|text
|The hostname of the local address
|Additional text detail about the SSL connection (SNI, IP Address)
|-
|request_id
|Request ID
|bigint
|The HTTP request ID
|-
|method
|Method
|character(1)
|The HTTP method
|-
|-
|uri
|tags
|URI
|Tags
|text
|text
|The HTTP URI
|The tags on this session
|-
|term
|Search Term
|text
|The search term
|-
|host
|Host
|text
|The HTTP host
|-
|c2s_content_length
|Client-to-server Content Length
|bigint
|The client-to-server content length
|-
|s2c_content_length
|Server-to-client Content Length
|bigint
|The server-to-client content length
|-
|s2c_content_type
|Server-to-client Content Type
|text
|The server-to-client content type
|-
|-
|}
|}
<section end='http_query_events' />
<section end='session_minutes' />
()


 
== quotas ==  
== directory_connector_login_events ==  
<section begin='quotas' />
<section begin='directory_connector_login_events' />


{| border="1" cellpadding="2" width="90%%" align="center"
{| border="1" cellpadding="2" width="90%%" align="center"
Line 1,487: Line 1,423:
|The time of the event
|The time of the event
|-
|-
|login_name
|entity
|Login Name
|Entity
|text
|text
|The login name
|The IP entity given the quota (address/username)
|-
|action
|Action
|integer
|The action (1=Quota Given, 2=Quota Exceeded)
|-
|-
|domain
|size
|Domain
|Size
|text
|bigint
|The AD domain
|The size of the quota
|-
|-
|type
|reason
|Type
|Reason
|text
|text
|The type of event (I=Login,U=Update,O=Logout)
|The reason for the action
|-
|client_addr
|Client Address
|inet
|The client IP address
|-
|-
|}
|}
<section end='directory_connector_login_events' />
<section end='quotas' />
()


== host_table_updates ==
<section begin='host_table_updates' />


== admin_logins ==
{| border="1" cellpadding="2" width="90%%" align="center"
<section begin='admin_logins' />
 
{| border="1" cellpadding="2" width="90%%" align="center"
!Column Name
!Column Name
!Human Name
!Human Name
!Type
!Type
!Description
!Description
|-
|address
|Address
|inet
|The IP address of the host
|-
|key
|Key
|text
|The key being updated
|-
|value
|Value
|text
|The new value for the key
|-
|old_value
|Old Value
|text
|The old value for the key
|-
|-
|time_stamp
|time_stamp
Line 1,525: Line 1,481:
|The time of the event
|The time of the event
|-
|-
|login
|}
|Login
<section end='host_table_updates' />
|text
()
|The login name
 
|-
== device_table_updates ==  
|local
<section begin='device_table_updates' />
|Local
|boolean
|True if it is a login attempt through a local process
|-
|client_addr
|Client Address
|inet
|The client IP address
|-
|succeeded
|Succeeded
|boolean
|True if the login succeeded, false otherwise
|-
|reason
|Reason
|character(1)
|The reason for the login (if applicable)
|-
|}
<section end='admin_logins' />
 
 
== sessions ==  
<section begin='sessions' />


{| border="1" cellpadding="2" width="90%%" align="center"
{| border="1" cellpadding="2" width="90%%" align="center"
Line 1,563: Line 1,494:
!Description
!Description
|-
|-
|session_id
|mac_address
|Session ID
|MAC Address
|bigint
|text
|The session
|The MAC address of the device
|-
|key
|Key
|text
|The key being updated
|-
|value
|Value
|text
|The new value for the key
|-
|old_value
|Old Value
|text
|The old value for the key
|-
|-
|time_stamp
|time_stamp
Line 1,573: Line 1,519:
|The time of the event
|The time of the event
|-
|-
|end_time
|}
|End Time
<section end='device_table_updates' />
|timestamp without time zone
()
|The time the session ended
 
== user_table_updates ==
<section begin='user_table_updates' />
 
{| border="1" cellpadding="2" width="90%%" align="center"
!Column Name
!Human Name
!Type
!Description
|-
|-
|bypassed
|username
|Bypassed
|Username
|boolean
|text
|True if the session was bypassed, false otherwise
|The username
|-
|-
|entitled
|key
|Entitled
|Key
|boolean
|text
|True if the session is entitled to premium functionality
|The key being updated
|-
|-
|protocol
|value
|Protocol
|Value
|smallint
|The IP protocol of session
|-
|icmp_type
|ICMP Type
|smallint
|The ICMP type of session if ICMP
|-
|hostname
|Hostname
|text
|text
|The hostname of the local address
|The new value for the key
|-
|-
|username
|old_value
|Username
|Old Value
|text
|text
|The username associated with this session
|The old value for the key
|-
|-
|policy_id
|time_stamp
|Policy ID
|Timestamp
|smallint
|timestamp without time zone
|The policy
|The time of the event
|-
|-
|policy_rule_id
|}
|Policy Rule ID
<section end='user_table_updates' />
|smallint
()
|The ID of the matching policy rule (0 means none)
 
== alerts ==
<section begin='alerts' />
 
{| border="1" cellpadding="2" width="90%%" align="center"
!Column Name
!Human Name
!Type
!Description
|-
|-
|local_addr
|time_stamp
|Local Address
|Timestamp
|inet
|timestamp without time zone
|The IP address of the local participant
|The time of the event
|-
|-
|remote_addr
|description
|Remote Address
|Text detail of the event
|inet
|text
|The IP address of the remote participant
|The description from the alert rule.
|-
|-
|c_client_addr
|summary_text
|Client-side Client Address
|Summary Text
|inet
|text
|The client-side client IP address
|The summary text of the alert
|-
|-
|c_server_addr
|json
|Client-side Server Address
|JSON Text
|inet
|text
|The client-side server IP address
|The summary JSON representation of the event causing the alert
|-
|-
|c_server_port
|}
|Client-side Server Port
<section end='alerts' />
|integer
()
|The client-side server port
 
== settings_changes ==
<section begin='settings_changes' />
 
{| border="1" cellpadding="2" width="90%%" align="center"
!Column Name
!Human Name
!Type
!Description
|-
|-
|c_client_port
|time_stamp
|Client-side Client Port
|Timestamp
|integer
|timestamp without time zone
|The client-side client port
|The time of the event
|-
|-
|s_client_addr
|settings_file
|Server-side Client Address
|Settings File
|inet
|text
|The server-side client IP address
|The name of the file changed
|-
|-
|s_server_addr
|username
|Server-side Server Address
|Username
|inet
|text
|The server-side server IP address
|The username logged in at the time of the change
|-
|-
|s_server_port
|hostname
|Server-side Server Port
|Hostname
|integer
|text
|The server-side server port
|The remote hostname
|-
|-
|s_client_port
|}
|Server-side Client Port
<section end='settings_changes' />
|integer
()
|The server-side client port
 
== web_cache_stats ==
<section begin='web_cache_stats' />
 
{| border="1" cellpadding="2" width="90%%" align="center"
!Column Name
!Human Name
!Type
!Description
|-
|-
|client_intf
|time_stamp
|Client Interface
|Timestamp
|smallint
|timestamp without time zone
|The client interface
|The time of the event
|-
|-
|server_intf
|hits
|Server Interface
|Hits
|smallint
|bigint
|The server interface
|The number of cache hits during this time frame
|-
|-
|client_country
|misses
|Client Country
|Misses
|text
|bigint
|The client Country
|The number of cache misses during this time frame
|-
|-
|client_latitude
|bypasses
|Client Latitude
|Bypasses
|real
|bigint
|The client Latitude
|The number of cache user bypasses during this time frame
|-
|-
|client_longitude
|systems
|Client Longitude
|System bypasses
|real
|bigint
|The client Longitude
|The number of cache system bypasses during this time frame
|-
|-
|server_country
|hit_bytes
|Server Country
|Hit Bytes
|text
|bigint
|The server Country
|The number of bytes saved from cache hits
|-
|-
|server_latitude
|miss_bytes
|Server Latitude
|Miss Bytes
|real
|bigint
|The server Latitude
|The number of bytes not saved from cache misses
|-
|-
|server_longitude
|event_id
|Server Longitude
|Event ID
|real
|The server Longitude
|-
|c2p_bytes
|From-Client Bytes
|bigint
|bigint
|The number of bytes the client sent to Untangle (client-to-pipeline)
|The unique event ID
|-
|-
|p2c_bytes
|}
|To-Client Bytes
<section end='web_cache_stats' />
|bigint
()
|The number of bytes Untangle sent to client (pipeline-to-client)
 
== server_events ==
<section begin='server_events' />
 
{| border="1" cellpadding="2" width="90%%" align="center"
!Column Name
!Human Name
!Type
!Description
|-
|-
|s2p_bytes
|time_stamp
|From-Server Bytes
|Timestamp
|bigint
|timestamp without time zone
|The number of bytes the server sent to Untangle (client-to-pipeline)
|The time of the event
|-
|-
|p2s_bytes
|load_1
|To-Server Bytes
|CPU load (1-min)
|bigint
|numeric(6,2)
|The number of bytes Untangle sent to server (pipeline-to-client)
|The 1-minute CPU load
|-
|-
|filter_prefix
|load_5
|Filter Block
|CPU load (5-min)
|text
|numeric(6,2)
|The network filter that blocked the connection
|The 5-minute CPU load
|-
|-
|firewall_blocked
|load_15
|Firewall Blocked
|CPU load (15-min)
|boolean
|numeric(6,2)
|True if Firewall blocked the session, false otherwise
|The 15-minute CPU load
|-
|-
|firewall_flagged
|cpu_user
|Firewall Flagged
|CPU User Utilization
|boolean
|numeric(6,3)
|True if Firewall flagged the session, false otherwise
|The user CPU percent utilization
|-
|-
|firewall_rule_index
|cpu_system
|Firewall Rule ID
|CPU System Utilization
|integer
|numeric(6,3)
|The matching rule in Firewall (if any)
|The system CPU percent utilization
|-
|-
|application_control_lite_protocol
|mem_total
|Application Control Lite Protocol
|Total Memory
|text
|bigint
|The application protocol according to Application Control Lite
|The total bytes of memory
|-
|-
|application_control_lite_blocked
|mem_free
|Application Control Lite Blocked
|Memory Free
|boolean
|bigint
|True if Application Control Lite blocked the session
|The number of free bytes of memory
|-
|-
|captive_portal_blocked
|disk_total
|Captive Portal Blocked
|Disk Size
|boolean
|bigint
|True if Captive Portal blocked the session
|The total disk size in bytes
|-
|-
|captive_portal_rule_index
|disk_free
|Captive Portal Rule ID
|Disk Free
|integer
|bigint
|The matching rule in Captive Portal (if any)
|The free disk space in bytes
|-
|-
|application_control_application
|swap_total
|Application Control Application
|Swap Size
|text
|bigint
|The application according to Application Control
|The total swap size in bytes
|-
|-
|application_control_protochain
|swap_free
|Application Control Protochain
|Swap Free
|text
|bigint
|The protochain according to Application Control
|The free disk swap in bytes
|-
|-
|application_control_category
|active_hosts
|Application Control Category
|Active Hosts
|text
|integer
|The category according to Application Control
|The number of active hosts
|-
|-
|application_control_blocked
|}
|Application Control Blocked
<section end='server_events' />
|boolean
()
|True if Application Control blocked the session
 
== interface_stat_events ==
<section begin='interface_stat_events' />
 
{| border="1" cellpadding="2" width="90%%" align="center"
!Column Name
!Human Name
!Type
!Description
|-
|-
|application_control_flagged
|time_stamp
|Application Control Flagged
|Timestamp
|boolean
|timestamp without time zone
|True if Application Control flagged the session
|The time of the event
|-
|-
|application_control_confidence
|interface_id
|Application Control Confidence
|Interface ID
|integer
|integer
|True if Application Control confidence of this session's identification
|The interface ID
|-
|-
|application_control_ruleid
|rx_rate
|Application Control Rule ID
|Rx Rate
|integer
|double precision
|The matching rule in Application Control (if any)
|The RX rate (bytes/s)
|-
|-
|application_control_detail
|rx_bytes
|Application Control Detail
|Bytes Received
|text
|bigint
|The text detail from the Application Control engine
|The number of bytes received from the client in this connection
|-
|-
|bandwidth_control_priority
|tx_rate
|Bandwidth Control Priority
|Tx Rate
|integer
|double precision
|The priority given to this session
|The TX rate (bytes/s)
|-
|-
|bandwidth_control_rule
|tx_bytes
|Bandwidth Control Rule ID
|Bytes Sent
|integer
|bigint
|The matching rule in Bandwidth Control rule (if any)
|The number of bytes sent to the client in this connection
|-
|-
|ssl_inspector_ruleid
|}
|SSL Inspector Rule ID
<section end='interface_stat_events' />
|integer
()
|The matching rule in SSL Inspector rule (if any)
 
|-
== mail_msgs ==  
|ssl_inspector_status
<section begin='mail_msgs' />
|SSL Inspector Status
|text
|The status/action of the SSL session (INSPECTED/IGNORED/BLOCKED/UNTRUSTED/ABANDONED)
|-
|ssl_inspector_detail
|SSL Inspector Detail
|text
|Additional text detail about the SSL connection (SNI, IP Address)
|-
|}
<section end='sessions' />
 
 
== session_minutes ==  
<section begin='session_minutes' />


{| border="1" cellpadding="2" width="90%%" align="center"
{| border="1" cellpadding="2" width="90%%" align="center"
Line 1,845: Line 1,809:
!Type
!Type
!Description
!Description
|-
|session_id
|Session ID
|bigint
|The session
|-
|-
|time_stamp
|time_stamp
Line 1,856: Line 1,815:
|The time of the event
|The time of the event
|-
|-
|c2s_bytes
|session_id
|From-Client Bytes
|Session ID
|bigint
|bigint
|The number of bytes the client sent
|The session
|-
|-
|s2c_bytes
|client_intf
|From-Server Bytes
|Client Interface
|bigint
|smallint
|The number of bytes the server sent
|The client interface
|-
|-
|start_time
|server_intf
|Start Time
|Server Interface
|timestamp without time zone
|smallint
|The start time of the session
|The server interface
|-
|-
|end_time
|c_client_addr
|End Time
|Client-side Client Address
|timestamp without time zone
|inet
|The time the session ended
|The client-side client IP address
|-
|-
|bypassed
|s_client_addr
|Bypassed
|Server-side Client Address
|boolean
|inet
|True if the session was bypassed, false otherwise
|The server-side client IP address
|-
|-
|entitled
|c_server_addr
|Entitled
|Client-side Server Address
|boolean
|inet
|True if the session is entitled to premium functionality
|The client-side server IP address
|-
|-
|protocol
|s_server_addr
|Protocol
|Server-side Server Address
|smallint
|inet
|The IP protocol of session
|The server-side server IP address
|-
|-
|icmp_type
|c_client_port
|ICMP Type
|Client-side Client Port
|smallint
|integer
|The ICMP type of session if ICMP
|The client-side client port
|-
|-
|hostname
|s_client_port
|Hostname
|Server-side Client Port
|text
|integer
|The hostname of the local address
|The server-side client port
|-
|-
|username
|c_server_port
|Username
|Client-side Server Port
|text
|integer
|The username associated with this session
|The client-side server port
|-
|s_server_port
|Server-side Server Port
|integer
|The server-side server port
|-
|-
|policy_id
|policy_id
|Policy ID
|Policy ID
|smallint
|bigint
|The policy
|The policy
|-
|-
|policy_rule_id
|username
|Policy Rule ID
|Username
|smallint
|text
|The ID of the matching policy rule (0 means none)
|The username associated with this session
|-
|-
|local_addr
|msg_id
|Local Address
|Message ID
|inet
|bigint
|The IP address of the local participant
|The message ID
|-
|-
|remote_addr
|subject
|Remote Address
|Subject
|inet
|text
|The IP address of the remote participant
|The email subject
|-
|-
|c_client_addr
|hostname
|Client-side Client Address
|Hostname
|inet
|text
|The client-side client IP address
|The hostname of the local address
|-
|-
|c_server_addr
|event_id
|Client-side Server Address
|Event ID
|inet
|bigint
|The client-side server IP address
|The unique event ID
|-
|-
|c_server_port
|sender
|Client-side Server Port
|Sender
|integer
|text
|The client-side server port
|The address of the sender
|-
|-
|c_client_port
|receiver
|Client-side Client Port
|Receiver
|integer
|text
|The client-side client port
|The address of the receiver
|-
|-
|s_client_addr
|virus_blocker_lite_clean
|Server-side Client Address
|Virus Blocker Lite Clean
|inet
|boolean
|The server-side client IP address
|The cleanliness of the file according to Virus Blocker Lite
|-
|-
|s_server_addr
|virus_blocker_lite_name
|Server-side Server Address
|Virus Blocker Lite Name
|inet
|text
|The server-side server IP address
|The name of the malware according to Virus Blocker Lite
|-
|-
|s_server_port
|virus_blocker_clean
|Server-side Server Port
|Virus Blocker Clean
|integer
|boolean
|The server-side server port
|The cleanliness of the file according to Virus Blocker
|-
|-
|s_client_port
|virus_blocker_name
|Server-side Client Port
|Virus Blocker Name
|integer
|text
|The server-side client port
|The name of the malware according to Virus Blocker
|-
|-
|client_intf
|spam_blocker_lite_score
|Client Interface
|Spam Blocker Lite Score
|smallint
|real
|The client interface
|The score of the email according to Spam Blocker Lite
|-
|-
|server_intf
|spam_blocker_lite_is_spam
|Server Interface
|Spam Blocker Lite Spam
|smallint
|boolean
|The server interface
|The spam status of the email according to Spam Blocker Lite
|-
|-
|client_country
|spam_blocker_lite_tests_string
|Client Country
|Spam Blocker Lite Tests
|text
|text
|The client Country
|The tess results for Spam Blocker Lite
|-
|-
|client_latitude
|spam_blocker_lite_action
|Client Latitude
|Spam Blocker Lite Action
|real
|character(1)
|The client Latitude
|The action taken by Spam Blocker Lite
|-
|-
|client_longitude
|spam_blocker_score
|Client Longitude
|Spam Blocker Score
|real
|real
|The client Longitude
|The score of the email according to Spam Blocker
|-
|-
|server_country
|spam_blocker_is_spam
|Server Country
|Spam Blocker Spam
|boolean
|The spam status of the email according to Spam Blocker
|-
|spam_blocker_tests_string
|Spam Blocker Tests
|text
|text
|The server Country
|The tess results for Spam Blocker
|-
|-
|server_latitude
|spam_blocker_action
|Server Latitude
|Spam Blocker Action
|real
|character(1)
|The server Latitude
|The action taken by Spam Blocker
|-
|-
|server_longitude
|phish_blocker_score
|Server Longitude
|Phish Blocker Score
|real
|real
|The server Longitude
|The score of the email according to Phish Blocker
|-
|-
|filter_prefix
|phish_blocker_is_spam
|Filter Block
|Phish Blocker Phish
|text
|boolean
|The network filter that blocked the connection
|The phish status of the email according to Phish Blocker
|-
|-
|firewall_blocked
|phish_blocker_tests_string
|Firewall Blocked
|Phish Blocker Tests
|boolean
|True if Firewall blocked the session, false otherwise
|-
|firewall_flagged
|Firewall Flagged
|boolean
|True if Firewall flagged the session, false otherwise
|-
|firewall_rule_index
|Firewall Rule ID
|integer
|The matching rule in Firewall (if any)
|-
|application_control_lite_protocol
|Application Control Lite Protocol
|text
|text
|The application protocol according to Application Control Lite
|The tess results for Phish Blocker
|-
|-
|application_control_lite_blocked
|phish_blocker_action
|Application Control Lite Blocked
|Phish Blocker Action
|boolean
|character(1)
|True if Application Control Lite blocked the session
|The action taken by Phish Blocker
|-
|-
|captive_portal_blocked
|}
|Captive Portal Blocked
<section end='mail_msgs' />
|boolean
()
|True if Captive Portal blocked the session
 
== mail_addrs ==
<section begin='mail_addrs' />
 
{| border="1" cellpadding="2" width="90%%" align="center"
!Column Name
!Human Name
!Type
!Description
|-
|-
|captive_portal_rule_index
|time_stamp
|Captive Portal Rule ID
|Timestamp
|integer
|timestamp without time zone
|The matching rule in Captive Portal (if any)
|The time of the event
|-
|-
|application_control_application
|session_id
|Application Control Application
|Session ID
|text
|bigint
|The application according to Application Control
|The session
|-
|-
|application_control_protochain
|client_intf
|Application Control Protochain
|Client Interface
|text
|smallint
|The protochain according to Application Control
|The client interface
|-
|-
|application_control_category
|server_intf
|Application Control Category
|Server Interface
|text
|smallint
|The category according to Application Control
|The server interface
|-
|-
|application_control_blocked
|c_client_addr
|Application Control Blocked
|Client-side Client Address
|boolean
|inet
|True if Application Control blocked the session
|The client-side client IP address
|-
|-
|application_control_flagged
|s_client_addr
|Application Control Flagged
|Server-side Client Address
|boolean
|inet
|True if Application Control flagged the session
|The server-side client IP address
|-
|-
|application_control_confidence
|c_server_addr
|Application Control Confidence
|Client-side Server Address
|integer
|inet
|True if Application Control confidence of this session's identification
|The client-side server IP address
|-
|-
|application_control_ruleid
|s_server_addr
|Application Control Rule ID
|Server-side Server Address
|inet
|The server-side server IP address
|-
|c_client_port
|Client-side Client Port
|integer
|integer
|The matching rule in Application Control (if any)
|The client-side client port
|-
|-
|application_control_detail
|s_client_port
|Application Control Detail
|Server-side Client Port
|text
|The text detail from the Application Control engine
|-
|bandwidth_control_priority
|Bandwidth Control Priority
|integer
|integer
|The priority given to this session
|The server-side client port
|-
|-
|bandwidth_control_rule
|c_server_port
|Bandwidth Control Rule ID
|Client-side Server Port
|integer
|integer
|The matching rule in Bandwidth Control rule (if any)
|The client-side server port
|-
|-
|ssl_inspector_ruleid
|s_server_port
|SSL Inspector Rule ID
|Server-side Server Port
|integer
|integer
|The matching rule in SSL Inspector rule (if any)
|The server-side server port
|-
|-
|ssl_inspector_status
|policy_id
|SSL Inspector Status
|Policy ID
|bigint
|The policy
|-
|username
|Username
|text
|text
|The status/action of the SSL session (INSPECTED/IGNORED/BLOCKED/UNTRUSTED/ABANDONED)
|The username associated with this session
|-
|msg_id
|Message ID
|bigint
|The message ID
|-
|-
|ssl_inspector_detail
|subject
|SSL Inspector Detail
|Subject
|text
|text
|Additional text detail about the SSL connection (SNI, IP Address)
|The email subject
|-
|-
|}
|addr
<section end='session_minutes' />
|Address
 
|text
 
|The address of this event
== penaltybox ==
|-
<section begin='penaltybox' />
|addr_name
 
|Address Name
{| border="1" cellpadding="2" width="90%%" align="center"
|text
!Column Name
|The name for this address
!Human Name
!Type
!Description
|-
|-
|address
|addr_kind
|Address
|Address Kind
|inet
|character(1)
|The IP address of the host
|The type for this address (F=From, T=To, C=CC, G=Envelope From, B=Envelope To, X=Unknown)
|-
|-
|reason
|hostname
|Reason
|Hostname
|text
|text
|The reason for the action
|The hostname of the local address
|-
|-
|start_time
|event_id
|Start Time
|Event ID
|timestamp without time zone
|bigint
|The time the client entered the penalty box
|The unique event ID
|-
|end_time
|End Time
|timestamp without time zone
|The time the client exited the penalty box
|-
|-
|time_stamp
|sender
|Timestamp
|Sender
|timestamp without time zone
|text
|The time of the event
|The address of the sender
|-
|-
|}
|virus_blocker_lite_clean
<section end='penaltybox' />
|Virus Blocker Lite Clean
 
|boolean
 
|The cleanliness of the file according to Virus Blocker Lite
== quotas ==
<section begin='quotas' />
 
{| border="1" cellpadding="2" width="90%%" align="center"
!Column Name
!Human Name
!Type
!Description
|-
|-
|time_stamp
|virus_blocker_lite_name
|Timestamp
|Virus Blocker Lite Name
|timestamp without time zone
|text
|The time of the event
|The name of the malware according to Virus Blocker Lite
|-
|-
|address
|virus_blocker_clean
|Address
|Virus Blocker Clean
|inet
|boolean
|The IP address of the host
|The cleanliness of the file according to Virus Blocker
|-
|-
|action
|virus_blocker_name
|Action
|Virus Blocker Name
|integer
|text
|The action (1=Quota Given, 2=Quota Exceeded)
|The name of the malware according to Virus Blocker
|-
|-
|size
|spam_blocker_lite_score
|Size
|Spam Blocker Lite Score
|bigint
|real
|The size of the quota
|The score of the email according to Spam Blocker Lite
|-
|-
|reason
|spam_blocker_lite_is_spam
|Reason
|Spam Blocker Lite Spam
|text
|boolean
|The reason for the action
|The spam status of the email according to Spam Blocker Lite
|-
|-
|}
|spam_blocker_lite_action
<section end='quotas' />
|Spam Blocker Lite Action
 
|character(1)
 
|The action taken by Spam Blocker Lite
== host_table_updates ==
<section begin='host_table_updates' />
 
{| border="1" cellpadding="2" width="90%%" align="center"
!Column Name
!Human Name
!Type
!Description
|-
|-
|address
|spam_blocker_lite_tests_string
|Address
|Spam Blocker Lite Tests
|inet
|The IP address of the host
|-
|key
|Key
|text
|text
|The key being updated
|The tess results for Spam Blocker Lite
|-
|-
|value
|spam_blocker_score
|Value
|Spam Blocker Score
|text
|real
|The new value for the key
|The score of the email according to Spam Blocker
|-
|-
|time_stamp
|spam_blocker_is_spam
|Timestamp
|Spam Blocker Spam
|timestamp without time zone
|boolean
|The time of the event
|The spam status of the email according to Spam Blocker
|-
|-
|}
|spam_blocker_action
<section end='host_table_updates' />
|Spam Blocker Action
 
|character(1)
 
|The action taken by Spam Blocker
== device_table_updates ==
<section begin='device_table_updates' />
 
{| border="1" cellpadding="2" width="90%%" align="center"
!Column Name
!Human Name
!Type
!Description
|-
|-
|mac_address
|spam_blocker_tests_string
|MAC Address
|Spam Blocker Tests
|text
|text
|The MAC address of the device
|The tess results for Spam Blocker
|-
|-
|key
|phish_blocker_score
|Key
|Phish Blocker Score
|text
|real
|The key being updated
|The score of the email according to Phish Blocker
|-
|phish_blocker_is_spam
|Phish Blocker Phish
|boolean
|The phish status of the email according to Phish Blocker
|-
|-
|value
|phish_blocker_tests_string
|Value
|Phish Blocker Tests
|text
|text
|The new value for the key
|The tess results for Phish Blocker
|-
|-
|time_stamp
|phish_blocker_action
|Timestamp
|Phish Blocker Action
|timestamp without time zone
|character(1)
|The time of the event
|The action taken by Phish Blocker
|-
|-
|}
|}
<section end='device_table_updates' />
<section end='mail_addrs' />
()


 
== ftp_events ==  
== alerts ==  
<section begin='ftp_events' />
<section begin='alerts' />


{| border="1" cellpadding="2" width="90%%" align="center"
{| border="1" cellpadding="2" width="90%%" align="center"
Line 2,266: Line 2,206:
!Description
!Description
|-
|-
|time_stamp
|event_id
|Timestamp
|Event ID
|bigint
|The unique event ID
|-
|time_stamp
|Timestamp
|timestamp without time zone
|timestamp without time zone
|The time of the event
|The time of the event
|-
|-
|description
|session_id
|Text detail of the event
|Session ID
|text
|bigint
|The description from the alert rule.
|The session
|-
|-
|summary_text
|client_intf
|Summary Text
|Client Interface
|text
|smallint
|The summary text of the alert
|The client interface
|-
|-
|json
|server_intf
|JSON Text
|Server Interface
|text
|smallint
|The summary JSON representation of the event causing the alert
|The server interface
|-
|-
|}
|c_client_addr
<section end='alerts' />
|Client-side Client Address
 
|inet
 
|The client-side client IP address
== configuration_backup_events ==
<section begin='configuration_backup_events' />
 
{| border="1" cellpadding="2" width="90%%" align="center"
!Column Name
!Human Name
!Type
!Description
|-
|-
|time_stamp
|s_client_addr
|Timestamp
|Server-side Client Address
|timestamp without time zone
|inet
|The time of the event
|The server-side client IP address
|-
|-
|success
|c_server_addr
|Success
|Client-side Server Address
|boolean
|inet
|The result of the backup (true if the backup succeeded, false otherwise)
|The client-side server IP address
|-
|-
|description
|s_server_addr
|Text detail of the event
|Server-side Server Address
|inet
|The server-side server IP address
|-
|policy_id
|Policy ID
|bigint
|The policy
|-
|username
|Username
|text
|text
|Text detail of the event
|The username associated with this session
|-
|-
|destination
|hostname
|Destination
|Hostname
|text
|text
|The location of the backup
|The hostname of the local address
|-
|-
|event_id
|request_id
|Event ID
|Request ID
|bigint
|bigint
|The unique event ID
|The FTP request ID
|-
|method
|Method
|character(1)
|The FTP method
|-
|-
|}
|uri
<section end='configuration_backup_events' />
|URI
 
|text
 
|The FTP URI
== settings_changes ==  
|-
<section begin='settings_changes' />
|virus_blocker_lite_clean
|Virus Blocker Lite Clean
|boolean
|The cleanliness of the file according to Virus Blocker Lite
|-
|virus_blocker_lite_name
|Virus Blocker Lite Name
|text
|The name of the malware according to Virus Blocker Lite
|-
|virus_blocker_clean
|Virus Blocker Clean
|boolean
|The cleanliness of the file according to Virus Blocker
|-
|virus_blocker_name
|Virus Blocker Name
|text
|The name of the malware according to Virus Blocker
|-
|}
<section end='ftp_events' />
()
 
== tunnel_vpn_events ==  
<section begin='tunnel_vpn_events' />


{| border="1" cellpadding="2" width="90%%" align="center"
{| border="1" cellpadding="2" width="90%%" align="center"
Line 2,337: Line 2,314:
!Description
!Description
|-
|-
|time_stamp
|event_id
|Timestamp
|Event ID
|bigint
|The unique event ID
|-
|time_stamp
|Timestamp
|timestamp without time zone
|timestamp without time zone
|The time of the event
|The time of the event
|-
|-
|settings_file
|tunnel_name
|Settings File
|Tunnel Name
|text
|The name the tunnel
|-
|server_address
|Server IP Address
|text
|text
|The name of the file changed
|The address of the remote server
|-
|-
|username
|local_address
|Username
|Local Address
|text
|text
|The username logged in at the time of the change
|The local address assigned the client
|-
|-
|hostname
|event_type
|Hostname
|Event Type
|text
|text
|The remote hostname
|The type of the event (CONNECT,DISCONNECT)
|-
|-
|}
|}
<section end='settings_changes' />
<section end='tunnel_vpn_events' />
()
 
== tunnel_vpn_stats ==
<section begin='tunnel_vpn_stats' />
 
{| border="1" cellpadding="2" width="90%%" align="center"
!Column Name
!Human Name
!Type
!Description
|-
|time_stamp
|Timestamp
|timestamp without time zone
|The time of the event
|-
|tunnel_name
|Tunnel Name
|text
|The name of the Tunnel VPN tunnel
|-
|in_bytes
|In Bytes
|bigint
|The number of bytes received during this time frame
|-
|out_bytes
|Out Bytes
|bigint
|The number of bytes transmitted during this time frame
|-
|event_id
|Event ID
|bigint
|The unique event ID
|-
|}
<section end='tunnel_vpn_stats' />
()
 
== wan_failover_test_events ==
<section begin='wan_failover_test_events' />
 
{| border="1" cellpadding="2" width="90%%" align="center"
!Column Name
!Human Name
!Type
!Description
|-
|time_stamp
|Timestamp
|timestamp without time zone
|The time of the event
|-
|interface_id
|Interface ID
|integer
|This interface ID
|-
|name
|Interface Name
|text
|This name of the interface
|-
|description
|Text detail of the event
|text
|The description from the test rule
|-
|success
|Success
|boolean
|The result of the test (true if the test succeeded, false otherwise)
|-
|event_id
|Event ID
|bigint
|The unique event ID
|-
|}
<section end='wan_failover_test_events' />
()
 
== wan_failover_action_events ==
<section begin='wan_failover_action_events' />
 
{| border="1" cellpadding="2" width="90%%" align="center"
!Column Name
!Human Name
!Type
!Description
|-
|time_stamp
|Timestamp
|timestamp without time zone
|The time of the event
|-
|interface_id
|Interface ID
|integer
|This interface ID
|-
|action
|Action
|text
|This action (CONNECTED,DISCONNECTED)
|-
|os_name
|Interface O/S Name
|text
|This O/S name of the interface
|-
|name
|Interface Name
|text
|This name of the interface
|-
|event_id
|Event ID
|bigint
|The unique event ID
|-
|}
<section end='wan_failover_action_events' />
()
 
== directory_connector_login_events ==
<section begin='directory_connector_login_events' />
 
{| border="1" cellpadding="2" width="90%%" align="center"
!Column Name
!Human Name
!Type
!Description
|-
|time_stamp
|Timestamp
|timestamp without time zone
|The time of the event
|-
|login_name
|Login Name
|text
|The login name
|-
|domain
|Domain
|text
|The AD domain
|-
|type
|Type
|text
|The type of event (I=Login,U=Update,O=Logout)
|-
|client_addr
|Client Address
|inet
|The client IP address
|-
|login_type
|Login Type
|text
|The login type
|-
|}
<section end='directory_connector_login_events' />
()
 
== captive_portal_user_events ==
<section begin='captive_portal_user_events' />
 
{| border="1" cellpadding="2" width="90%%" align="center"
!Column Name
!Human Name
!Type
!Description
|-
|time_stamp
|Timestamp
|timestamp without time zone
|The time of the event
|-
|policy_id
|Policy ID
|bigint
|The policy
|-
|event_id
|Event ID
|bigint
|The unique event ID
|-
|login_name
|Login Name
|text
|The login username
|-
|event_info
|Event Type
|text
|The type of event (LOGIN, FAILED, TIMEOUT, INACTIVE, USER_LOGOUT, ADMIN_LOGOUT)
|-
|auth_type
|Authorization Type
|text
|The authorization type for this event
|-
|client_addr
|Client Address
|text
|The remote IP address of the client
|-
|}
<section end='captive_portal_user_events' />
()
 
== openvpn_stats ==
<section begin='openvpn_stats' />
 
{| border="1" cellpadding="2" width="90%%" align="center"
!Column Name
!Human Name
!Type
!Description
|-
|time_stamp
|Timestamp
|timestamp without time zone
|The time of the event
|-
|start_time
|Start Time
|timestamp without time zone
|The time the OpenVPN session started
|-
|end_time
|End Time
|timestamp without time zone
|The time the OpenVPN session ended
|-
|rx_bytes
|Bytes Received
|bigint
|The total bytes received from the client during this session
|-
|tx_bytes
|Bytes Sent
|bigint
|The total bytes sent to the client during this session
|-
|remote_address
|Remote Address
|inet
|The remote IP address of the client
|-
|pool_address
|Pool Address
|inet
|The pool IP address of the client
|-
|remote_port
|Remote Port
|integer
|The remote port of the client
|-
|client_name
|Client Name
|text
|The name of the client
|-
|event_id
|Event ID
|bigint
|The unique event ID
|-
|}
<section end='openvpn_stats' />
()
 
== openvpn_events ==
<section begin='openvpn_events' />
 
{| border="1" cellpadding="2" width="90%%" align="center"
!Column Name
!Human Name
!Type
!Description
|-
|time_stamp
|Timestamp
|timestamp without time zone
|The time of the event
|-
|remote_address
|Remote Address
|inet
|The remote IP address of the client
|-
|pool_address
|Pool Address
|inet
|The pool IP address of the client
|-
|client_name
|Client Name
|text
|The name of the client
|-
|type
|Type
|text
|The type of the event (CONNECT,DISCONNECT)
|-
|}
<section end='openvpn_events' />
()

Latest revision as of 18:37, 8 September 2020

Database Tables

configuration_backup_events

<section begin='configuration_backup_events' />

Column Name Human Name Type Description
time_stamp Timestamp timestamp without time zone The time of the event
success Success boolean The result of the backup (true if the backup succeeded, false otherwise)
description Text detail of the event text Text detail of the event
destination Destination text The location of the backup
event_id Event ID bigint The unique event ID

<section end='configuration_backup_events' /> ()

http_events

<section begin='http_events' />

Column Name Human Name Type Description
request_id Request ID bigint The HTTP request ID
time_stamp Timestamp timestamp without time zone The time of the event
session_id Session ID bigint The session
client_intf Client Interface smallint The client interface
server_intf Server Interface smallint The server interface
c_client_addr Client-side Client Address inet The client-side client IP address
s_client_addr Server-side Client Address inet The server-side client IP address
c_server_addr Client-side Server Address inet The client-side server IP address
s_server_addr Server-side Server Address inet The server-side server IP address
c_client_port Client-side Client Port integer The client-side client port
s_client_port Server-side Client Port integer The server-side client port
c_server_port Client-side Server Port integer The client-side server port
s_server_port Server-side Server Port integer The server-side server port
client_country Client Country text The client Country
client_latitude Client Latitude real The client Latitude
client_longitude Client Longitude real The client Longitude
server_country Server Country text The server Country
server_latitude Server Latitude real The server Latitude
server_longitude Server Longitude real The server Longitude
policy_id Policy ID smallint The policy
username Username text The username associated with this session
hostname Hostname text The hostname of the local address
method Method character(1) The HTTP method
uri URI text The HTTP URI
host Host text The HTTP host
domain Domain text The HTTP domain (shortened host)
referer Referer text The Referer URL
c2s_content_length Client-to-server Content Length bigint The client-to-server content length
s2c_content_length Server-to-client Content Length bigint The server-to-client content length
s2c_content_type Server-to-client Content Type text The server-to-client content type
s2c_content_filename Server-to-client Content Disposition Filename text The server-to-client content disposition filename
ad_blocker_cookie_ident Ad Blocker Cookie text This name of cookie blocked by Ad Blocker
ad_blocker_action Ad Blocker Action character(1) This action of Ad Blocker on this request
web_filter_reason Reason for action (Web Filter) character(1) This reason Web Filter blocked/flagged this request
web_filter_category_id Web Category (Web Filter) smallint This numeric category according to Web Filter
web_filter_rule_id Web Rule (Web Filter) smallint This numeric rule according to Web Filter
web_filter_blocked Blocked (Web Filter) boolean If Web Filter blocked this request
web_filter_flagged Flagged (Web Filter) boolean If Web Filter flagged this request
virus_blocker_lite_clean Virus Blocker Lite Clean boolean The cleanliness of the file according to Virus Blocker Lite
virus_blocker_lite_name Virus Blocker Lite Name text The name of the malware according to Virus Blocker Lite
virus_blocker_clean Virus Blocker Clean boolean The cleanliness of the file according to Virus Blocker
virus_blocker_name Virus Blocker Name text The name of the malware according to Virus Blocker
threat_prevention_blocked Threat Prevention Blocked boolean If Threat Prevention blocked this request
threat_prevention_flagged Threat Prevention Flagged boolean If Threat Prevention flagged this request
threat_prevention_rule_id Threat Prevention Rule Id integer This numeric rule according to Threat Prevention
threat_prevention_reputation Threat Prevention Reputation smallint This numeric threat reputation
threat_prevention_categories Threat Prevention Categories integer This bitmask of threat categories

<section end='http_events' /> ()

intrusion_prevention_events

<section begin='intrusion_prevention_events' />

Column Name Human Name Type Description
time_stamp Timestamp timestamp without time zone The time of the event
sig_id Signature ID bigint This ID of the rule
gen_id Grouping ID bigint The grouping ID for the rule, The gen_id + sig_id specify the rule's unique identifier
class_id Classtype ID bigint The numeric ID for the classtype
source_addr Source Address inet The source IP address of the packet
source_port Source Port integer The source port of the packet (if applicable)
dest_addr Destination Address inet The destination IP address of the packet
dest_port Destination Port integer The destination port of the packet (if applicable)
protocol Protocol integer The protocol of the packet
blocked Blocked boolean If the packet was blocked/dropped
category Category text The application specific grouping for the signature
classtype Classtype text The generalized threat signature grouping (unrelated to gen_id)
msg Message text The "title" or "description" of the signature
rid Rule ID text The rule id
rule_id Rule ID text The rule id

<section end='intrusion_prevention_events' /> ()

smtp_tarpit_events

<section begin='smtp_tarpit_events' />

Column Name Human Name Type Description
time_stamp Timestamp timestamp without time zone The time of the event
ipaddr Client Address inet The client IP address
hostname Hostname text The hostname of the local address
policy_id Policy ID bigint The policy
vendor_name Vendor Name character varying(255) The "vendor name" of the app that logged the event
event_id Event ID bigint The unique event ID

<section end='smtp_tarpit_events' /> ()

ipsec_user_events

<section begin='ipsec_user_events' />

Column Name Human Name Type Description
event_id Event ID bigint The unique event ID
time_stamp Timestamp timestamp without time zone The time of the event
connect_stamp Connect Time timestamp without time zone The time the connection started
goodbye_stamp End Time timestamp without time zone The time the connection ended
client_address Client Address text The remote IP address of the client
client_protocol Client Protocol text The protocol the client used to connect
client_username Client Username text The username of the client
net_process Net Process text The PID of the PPP process for L2TP connections or the connection ID for Xauth connections
net_interface Net Interface text The PPP interface for L2TP connections or the client interface for Xauth connections
elapsed_time Elapsed Time text The total time the client was connected
rx_bytes Bytes Received bigint The number of bytes received from the client in this connection
tx_bytes Bytes Sent bigint The number of bytes sent to the client in this connection

<section end='ipsec_user_events' /> ()

ipsec_vpn_events

<section begin='ipsec_vpn_events' />

Column Name Human Name Type Description
event_id Event ID bigint The unique event ID
time_stamp Timestamp timestamp without time zone The time of the event
local_address Local Address text The local address of the tunnel
remote_address Remote Address text The remote address of the tunnel
tunnel_description Tunnel Description text The description of the tunnel
event_type Event Type text The type of the event (CONNECT,DISCONNECT)

<section end='ipsec_vpn_events' /> ()

ipsec_tunnel_stats

<section begin='ipsec_tunnel_stats' />

Column Name Human Name Type Description
time_stamp Timestamp timestamp without time zone The time of the event
tunnel_name Tunnel Name text The name of the IPsec tunnel
in_bytes In Bytes bigint The number of bytes received during this time frame
out_bytes Out Bytes bigint The number of bytes transmitted during this time frame
event_id Event ID bigint The unique event ID

<section end='ipsec_tunnel_stats' /> ()

http_query_events

<section begin='http_query_events' />

Column Name Human Name Type Description
event_id Event ID bigint The unique event ID
time_stamp Timestamp timestamp without time zone The time of the event
session_id Session ID bigint The session
client_intf Client Interface smallint The client interface
server_intf Server Interface smallint The server interface
c_client_addr Client-side Client Address inet The client-side client IP address
s_client_addr Server-side Client Address inet The server-side client IP address
c_server_addr Client-side Server Address inet The client-side server IP address
s_server_addr Server-side Server Address inet The server-side server IP address
c_client_port Client-side Client Port integer The client-side client port
s_client_port Server-side Client Port integer The server-side client port
c_server_port Client-side Server Port integer The client-side server port
s_server_port Server-side Server Port integer The server-side server port
policy_id Policy ID bigint The policy
username Username text The username associated with this session
hostname Hostname text The hostname of the local address
request_id Request ID bigint The HTTP request ID
method Method character(1) The HTTP method
uri URI text The HTTP URI
term Search Term text The search term
host Host text The HTTP host
c2s_content_length Client-to-server Content Length bigint The client-to-server content length
s2c_content_length Server-to-client Content Length bigint The server-to-client content length
s2c_content_type Server-to-client Content Type text The server-to-client content type
blocked Blocked boolean If Web Filter blocked this search term
flagged Flagged boolean If Web Filter flagged this search term

<section end='http_query_events' /> ()

admin_logins

<section begin='admin_logins' />

Column Name Human Name Type Description
time_stamp Timestamp timestamp without time zone The time of the event
login Login text The login name
local Local boolean True if it is a login attempt through a local process
client_addr Client Address inet The client IP address
succeeded Succeeded boolean True if the login succeeded, false otherwise
reason Reason character(1) The reason for the login (if applicable)

<section end='admin_logins' /> ()

sessions

<section begin='sessions' />

Column Name Human Name Type Description
session_id Session ID bigint The session
time_stamp Timestamp timestamp without time zone The time of the event
end_time End Time timestamp without time zone The time the session ended
bypassed Bypassed boolean True if the session was bypassed, false otherwise
entitled Entitled boolean True if the session is entitled to premium functionality
protocol Protocol smallint The IP protocol of session
icmp_type ICMP Type smallint The ICMP type of session if ICMP
hostname Hostname text The hostname of the local address
username Username text The username associated with this session
policy_id Policy ID smallint The policy
policy_rule_id Policy Rule ID smallint The ID of the matching policy rule (0 means none)
local_addr Local Address inet The IP address of the local participant
remote_addr Remote Address inet The IP address of the remote participant
c_client_addr Client-side Client Address inet The client-side client IP address
c_server_addr Client-side Server Address inet The client-side server IP address
c_server_port Client-side Server Port integer The client-side server port
c_client_port Client-side Client Port integer The client-side client port
s_client_addr Server-side Client Address inet The server-side client IP address
s_server_addr Server-side Server Address inet The server-side server IP address
s_server_port Server-side Server Port integer The server-side server port
s_client_port Server-side Client Port integer The server-side client port
client_intf Client Interface smallint The client interface
server_intf Server Interface smallint The server interface
client_country Client Country text The client Country
client_latitude Client Latitude real The client Latitude
client_longitude Client Longitude real The client Longitude
server_country Server Country text The server Country
server_latitude Server Latitude real The server Latitude
server_longitude Server Longitude real The server Longitude
c2p_bytes From-Client Bytes bigint The number of bytes the client sent to Untangle (client-to-pipeline)
p2c_bytes To-Client Bytes bigint The number of bytes Untangle sent to client (pipeline-to-client)
s2p_bytes From-Server Bytes bigint The number of bytes the server sent to Untangle (client-to-pipeline)
p2s_bytes To-Server Bytes bigint The number of bytes Untangle sent to server (pipeline-to-client)
filter_prefix Filter Block text The network filter that blocked the connection (filter,shield,invalid)
firewall_blocked Firewall Blocked boolean True if Firewall blocked the session, false otherwise
firewall_flagged Firewall Flagged boolean True if Firewall flagged the session, false otherwise
firewall_rule_index Firewall Rule ID integer The matching rule in Firewall (if any)
threat_prevention_blocked Threat Prevention Blocked boolean If Threat Prevention blocked
threat_prevention_flagged Threat Prevention Flagged boolean If Threat Prevention flagged
threat_prevention_reason Threat Prevention Reason character(1) Threat Prevention reason
threat_prevention_rule_id Threat Prevention Rule Id integer Numeric rule id of Threat Prevention
threat_prevention_client_reputation Threat Prevention Client Reputation smallint Numeric client reputation of Threat Prevention
threat_prevention_client_categories Threat Prevention Client Categories integer Bitmask client categories of Threat Prevention
threat_prevention_server_reputation Threat Prevention Server Reputation smallint Numeric server reputation of Threat Prevention
threat_prevention_server_categories Threat Prevention Server Categories integer Bitmask server categories of Threat Prevention
application_control_lite_protocol Application Control Lite Protocol text The application protocol according to Application Control Lite
application_control_lite_blocked Application Control Lite Blocked boolean True if Application Control Lite blocked the session
captive_portal_blocked Captive Portal Blocked boolean True if Captive Portal blocked the session
captive_portal_rule_index Captive Portal Rule ID integer The matching rule in Captive Portal (if any)
application_control_application Application Control Application text The application according to Application Control
application_control_protochain Application Control Protochain text The protochain according to Application Control
application_control_category Application Control Category text The category according to Application Control
application_control_blocked Application Control Blocked boolean True if Application Control blocked the session
application_control_flagged Application Control Flagged boolean True if Application Control flagged the session
application_control_confidence Application Control Confidence integer True if Application Control confidence of this session's identification
application_control_ruleid Application Control Rule ID integer The matching rule in Application Control (if any)
application_control_detail Application Control Detail text The text detail from the Application Control engine
bandwidth_control_priority Bandwidth Control Priority integer The priority given to this session
bandwidth_control_rule Bandwidth Control Rule ID integer The matching rule in Bandwidth Control rule (if any)
ssl_inspector_ruleid SSL Inspector Rule ID integer The matching rule in SSL Inspector rule (if any)
ssl_inspector_status SSL Inspector Status text The status/action of the SSL session (INSPECTED,IGNORED,BLOCKED,UNTRUSTED,ABANDONED)
ssl_inspector_detail SSL Inspector Detail text Additional text detail about the SSL connection (SNI, IP Address)
tags Tags text The tags on this session

<section end='sessions' /> ()

session_minutes

<section begin='session_minutes' />

Column Name Human Name Type Description
session_id Session ID bigint The session
time_stamp Timestamp timestamp without time zone The time of the event
c2s_bytes From-Client Bytes bigint The number of bytes the client sent
s2c_bytes From-Server Bytes bigint The number of bytes the server sent
start_time Start Time timestamp without time zone The start time of the session
end_time End Time timestamp without time zone The time the session ended
bypassed Bypassed boolean True if the session was bypassed, false otherwise
entitled Entitled boolean True if the session is entitled to premium functionality
protocol Protocol smallint The IP protocol of session
icmp_type ICMP Type smallint The ICMP type of session if ICMP
hostname Hostname text The hostname of the local address
username Username text The username associated with this session
policy_id Policy ID smallint The policy
policy_rule_id Policy Rule ID smallint The ID of the matching policy rule (0 means none)
local_addr Local Address inet The IP address of the local participant
remote_addr Remote Address inet The IP address of the remote participant
c_client_addr Client-side Client Address inet The client-side client IP address
c_server_addr Client-side Server Address inet The client-side server IP address
c_server_port Client-side Server Port integer The client-side server port
c_client_port Client-side Client Port integer The client-side client port
s_client_addr Server-side Client Address inet The server-side client IP address
s_server_addr Server-side Server Address inet The server-side server IP address
s_server_port Server-side Server Port integer The server-side server port
s_client_port Server-side Client Port integer The server-side client port
client_intf Client Interface smallint The client interface
server_intf Server Interface smallint The server interface
client_country Client Country text The client Country
client_latitude Client Latitude real The client Latitude
client_longitude Client Longitude real The client Longitude
server_country Server Country text The server Country
server_latitude Server Latitude real The server Latitude
server_longitude Server Longitude real The server Longitude
filter_prefix Filter Block text The network filter that blocked the connection (filter,shield,invalid)
firewall_blocked Firewall Blocked boolean True if Firewall blocked the session, false otherwise
firewall_flagged Firewall Flagged boolean True if Firewall flagged the session, false otherwise
firewall_rule_index Firewall Rule ID integer The matching rule in Firewall (if any)
threat_prevention_blocked Threat Prevention Blocked boolean If Threat Prevention blocked
threat_prevention_flagged Threat Prevention Flagged boolean If Threat Prevention flagged
threat_prevention_reason Threat Prevention Reason character(1) Threat Prevention reason
threat_prevention_rule_id Threat Prevention Rule Id integer Numeric rule id of Threat Prevention
threat_prevention_client_reputation Threat Prevention Client Reputation smallint Numeric client reputation of Threat Prevention
threat_prevention_client_categories Threat Prevention Client Categories integer Bitmask client categories of Threat Prevention
threat_prevention_server_reputation Threat Prevention Server Reputation smallint Numeric server reputation of Threat Prevention
threat_prevention_server_categories Threat Prevention Server Categories integer Bitmask server categories of Threat Prevention
application_control_lite_protocol Application Control Lite Protocol text The application protocol according to Application Control Lite
application_control_lite_blocked Application Control Lite Blocked boolean True if Application Control Lite blocked the session
captive_portal_blocked Captive Portal Blocked boolean True if Captive Portal blocked the session
captive_portal_rule_index Captive Portal Rule ID integer The matching rule in Captive Portal (if any)
application_control_application Application Control Application text The application according to Application Control
application_control_protochain Application Control Protochain text The protochain according to Application Control
application_control_category Application Control Category text The category according to Application Control
application_control_blocked Application Control Blocked boolean True if Application Control blocked the session
application_control_flagged Application Control Flagged boolean True if Application Control flagged the session
application_control_confidence Application Control Confidence integer True if Application Control confidence of this session's identification
application_control_ruleid Application Control Rule ID integer The matching rule in Application Control (if any)
application_control_detail Application Control Detail text The text detail from the Application Control engine
bandwidth_control_priority Bandwidth Control Priority integer The priority given to this session
bandwidth_control_rule Bandwidth Control Rule ID integer The matching rule in Bandwidth Control rule (if any)
ssl_inspector_ruleid SSL Inspector Rule ID integer The matching rule in SSL Inspector rule (if any)
ssl_inspector_status SSL Inspector Status text The status/action of the SSL session (INSPECTED,IGNORED,BLOCKED,UNTRUSTED,ABANDONED)
ssl_inspector_detail SSL Inspector Detail text Additional text detail about the SSL connection (SNI, IP Address)
tags Tags text The tags on this session

<section end='session_minutes' /> ()

quotas

<section begin='quotas' />

Column Name Human Name Type Description
time_stamp Timestamp timestamp without time zone The time of the event
entity Entity text The IP entity given the quota (address/username)
action Action integer The action (1=Quota Given, 2=Quota Exceeded)
size Size bigint The size of the quota
reason Reason text The reason for the action

<section end='quotas' /> ()

host_table_updates

<section begin='host_table_updates' />

Column Name Human Name Type Description
address Address inet The IP address of the host
key Key text The key being updated
value Value text The new value for the key
old_value Old Value text The old value for the key
time_stamp Timestamp timestamp without time zone The time of the event

<section end='host_table_updates' /> ()

device_table_updates

<section begin='device_table_updates' />

Column Name Human Name Type Description
mac_address MAC Address text The MAC address of the device
key Key text The key being updated
value Value text The new value for the key
old_value Old Value text The old value for the key
time_stamp Timestamp timestamp without time zone The time of the event

<section end='device_table_updates' /> ()

user_table_updates

<section begin='user_table_updates' />

Column Name Human Name Type Description
username Username text The username
key Key text The key being updated
value Value text The new value for the key
old_value Old Value text The old value for the key
time_stamp Timestamp timestamp without time zone The time of the event

<section end='user_table_updates' /> ()

alerts

<section begin='alerts' />

Column Name Human Name Type Description
time_stamp Timestamp timestamp without time zone The time of the event
description Text detail of the event text The description from the alert rule.
summary_text Summary Text text The summary text of the alert
json JSON Text text The summary JSON representation of the event causing the alert

<section end='alerts' /> ()

settings_changes

<section begin='settings_changes' />

Column Name Human Name Type Description
time_stamp Timestamp timestamp without time zone The time of the event
settings_file Settings File text The name of the file changed
username Username text The username logged in at the time of the change
hostname Hostname text The remote hostname

<section end='settings_changes' /> ()

web_cache_stats

<section begin='web_cache_stats' />

Column Name Human Name Type Description
time_stamp Timestamp timestamp without time zone The time of the event
hits Hits bigint The number of cache hits during this time frame
misses Misses bigint The number of cache misses during this time frame
bypasses Bypasses bigint The number of cache user bypasses during this time frame
systems System bypasses bigint The number of cache system bypasses during this time frame
hit_bytes Hit Bytes bigint The number of bytes saved from cache hits
miss_bytes Miss Bytes bigint The number of bytes not saved from cache misses
event_id Event ID bigint The unique event ID

<section end='web_cache_stats' /> ()

server_events

<section begin='server_events' />

Column Name Human Name Type Description
time_stamp Timestamp timestamp without time zone The time of the event
load_1 CPU load (1-min) numeric(6,2) The 1-minute CPU load
load_5 CPU load (5-min) numeric(6,2) The 5-minute CPU load
load_15 CPU load (15-min) numeric(6,2) The 15-minute CPU load
cpu_user CPU User Utilization numeric(6,3) The user CPU percent utilization
cpu_system CPU System Utilization numeric(6,3) The system CPU percent utilization
mem_total Total Memory bigint The total bytes of memory
mem_free Memory Free bigint The number of free bytes of memory
disk_total Disk Size bigint The total disk size in bytes
disk_free Disk Free bigint The free disk space in bytes
swap_total Swap Size bigint The total swap size in bytes
swap_free Swap Free bigint The free disk swap in bytes
active_hosts Active Hosts integer The number of active hosts

<section end='server_events' /> ()

interface_stat_events

<section begin='interface_stat_events' />

Column Name Human Name Type Description
time_stamp Timestamp timestamp without time zone The time of the event
interface_id Interface ID integer The interface ID
rx_rate Rx Rate double precision The RX rate (bytes/s)
rx_bytes Bytes Received bigint The number of bytes received from the client in this connection
tx_rate Tx Rate double precision The TX rate (bytes/s)
tx_bytes Bytes Sent bigint The number of bytes sent to the client in this connection

<section end='interface_stat_events' /> ()

mail_msgs

<section begin='mail_msgs' />

Column Name Human Name Type Description
time_stamp Timestamp timestamp without time zone The time of the event
session_id Session ID bigint The session
client_intf Client Interface smallint The client interface
server_intf Server Interface smallint The server interface
c_client_addr Client-side Client Address inet The client-side client IP address
s_client_addr Server-side Client Address inet The server-side client IP address
c_server_addr Client-side Server Address inet The client-side server IP address
s_server_addr Server-side Server Address inet The server-side server IP address
c_client_port Client-side Client Port integer The client-side client port
s_client_port Server-side Client Port integer The server-side client port
c_server_port Client-side Server Port integer The client-side server port
s_server_port Server-side Server Port integer The server-side server port
policy_id Policy ID bigint The policy
username Username text The username associated with this session
msg_id Message ID bigint The message ID
subject Subject text The email subject
hostname Hostname text The hostname of the local address
event_id Event ID bigint The unique event ID
sender Sender text The address of the sender
receiver Receiver text The address of the receiver
virus_blocker_lite_clean Virus Blocker Lite Clean boolean The cleanliness of the file according to Virus Blocker Lite
virus_blocker_lite_name Virus Blocker Lite Name text The name of the malware according to Virus Blocker Lite
virus_blocker_clean Virus Blocker Clean boolean The cleanliness of the file according to Virus Blocker
virus_blocker_name Virus Blocker Name text The name of the malware according to Virus Blocker
spam_blocker_lite_score Spam Blocker Lite Score real The score of the email according to Spam Blocker Lite
spam_blocker_lite_is_spam Spam Blocker Lite Spam boolean The spam status of the email according to Spam Blocker Lite
spam_blocker_lite_tests_string Spam Blocker Lite Tests text The tess results for Spam Blocker Lite
spam_blocker_lite_action Spam Blocker Lite Action character(1) The action taken by Spam Blocker Lite
spam_blocker_score Spam Blocker Score real The score of the email according to Spam Blocker
spam_blocker_is_spam Spam Blocker Spam boolean The spam status of the email according to Spam Blocker
spam_blocker_tests_string Spam Blocker Tests text The tess results for Spam Blocker
spam_blocker_action Spam Blocker Action character(1) The action taken by Spam Blocker
phish_blocker_score Phish Blocker Score real The score of the email according to Phish Blocker
phish_blocker_is_spam Phish Blocker Phish boolean The phish status of the email according to Phish Blocker
phish_blocker_tests_string Phish Blocker Tests text The tess results for Phish Blocker
phish_blocker_action Phish Blocker Action character(1) The action taken by Phish Blocker

<section end='mail_msgs' /> ()

mail_addrs

<section begin='mail_addrs' />

Column Name Human Name Type Description
time_stamp Timestamp timestamp without time zone The time of the event
session_id Session ID bigint The session
client_intf Client Interface smallint The client interface
server_intf Server Interface smallint The server interface
c_client_addr Client-side Client Address inet The client-side client IP address
s_client_addr Server-side Client Address inet The server-side client IP address
c_server_addr Client-side Server Address inet The client-side server IP address
s_server_addr Server-side Server Address inet The server-side server IP address
c_client_port Client-side Client Port integer The client-side client port
s_client_port Server-side Client Port integer The server-side client port
c_server_port Client-side Server Port integer The client-side server port
s_server_port Server-side Server Port integer The server-side server port
policy_id Policy ID bigint The policy
username Username text The username associated with this session
msg_id Message ID bigint The message ID
subject Subject text The email subject
addr Address text The address of this event
addr_name Address Name text The name for this address
addr_kind Address Kind character(1) The type for this address (F=From, T=To, C=CC, G=Envelope From, B=Envelope To, X=Unknown)
hostname Hostname text The hostname of the local address
event_id Event ID bigint The unique event ID
sender Sender text The address of the sender
virus_blocker_lite_clean Virus Blocker Lite Clean boolean The cleanliness of the file according to Virus Blocker Lite
virus_blocker_lite_name Virus Blocker Lite Name text The name of the malware according to Virus Blocker Lite
virus_blocker_clean Virus Blocker Clean boolean The cleanliness of the file according to Virus Blocker
virus_blocker_name Virus Blocker Name text The name of the malware according to Virus Blocker
spam_blocker_lite_score Spam Blocker Lite Score real The score of the email according to Spam Blocker Lite
spam_blocker_lite_is_spam Spam Blocker Lite Spam boolean The spam status of the email according to Spam Blocker Lite
spam_blocker_lite_action Spam Blocker Lite Action character(1) The action taken by Spam Blocker Lite
spam_blocker_lite_tests_string Spam Blocker Lite Tests text The tess results for Spam Blocker Lite
spam_blocker_score Spam Blocker Score real The score of the email according to Spam Blocker
spam_blocker_is_spam Spam Blocker Spam boolean The spam status of the email according to Spam Blocker
spam_blocker_action Spam Blocker Action character(1) The action taken by Spam Blocker
spam_blocker_tests_string Spam Blocker Tests text The tess results for Spam Blocker
phish_blocker_score Phish Blocker Score real The score of the email according to Phish Blocker
phish_blocker_is_spam Phish Blocker Phish boolean The phish status of the email according to Phish Blocker
phish_blocker_tests_string Phish Blocker Tests text The tess results for Phish Blocker
phish_blocker_action Phish Blocker Action character(1) The action taken by Phish Blocker

<section end='mail_addrs' /> ()

ftp_events

<section begin='ftp_events' />

Column Name Human Name Type Description
event_id Event ID bigint The unique event ID
time_stamp Timestamp timestamp without time zone The time of the event
session_id Session ID bigint The session
client_intf Client Interface smallint The client interface
server_intf Server Interface smallint The server interface
c_client_addr Client-side Client Address inet The client-side client IP address
s_client_addr Server-side Client Address inet The server-side client IP address
c_server_addr Client-side Server Address inet The client-side server IP address
s_server_addr Server-side Server Address inet The server-side server IP address
policy_id Policy ID bigint The policy
username Username text The username associated with this session
hostname Hostname text The hostname of the local address
request_id Request ID bigint The FTP request ID
method Method character(1) The FTP method
uri URI text The FTP URI
virus_blocker_lite_clean Virus Blocker Lite Clean boolean The cleanliness of the file according to Virus Blocker Lite
virus_blocker_lite_name Virus Blocker Lite Name text The name of the malware according to Virus Blocker Lite
virus_blocker_clean Virus Blocker Clean boolean The cleanliness of the file according to Virus Blocker
virus_blocker_name Virus Blocker Name text The name of the malware according to Virus Blocker

<section end='ftp_events' /> ()

tunnel_vpn_events

<section begin='tunnel_vpn_events' />

Column Name Human Name Type Description
event_id Event ID bigint The unique event ID
time_stamp Timestamp timestamp without time zone The time of the event
tunnel_name Tunnel Name text The name the tunnel
server_address Server IP Address text The address of the remote server
local_address Local Address text The local address assigned the client
event_type Event Type text The type of the event (CONNECT,DISCONNECT)

<section end='tunnel_vpn_events' /> ()

tunnel_vpn_stats

<section begin='tunnel_vpn_stats' />

Column Name Human Name Type Description
time_stamp Timestamp timestamp without time zone The time of the event
tunnel_name Tunnel Name text The name of the Tunnel VPN tunnel
in_bytes In Bytes bigint The number of bytes received during this time frame
out_bytes Out Bytes bigint The number of bytes transmitted during this time frame
event_id Event ID bigint The unique event ID

<section end='tunnel_vpn_stats' /> ()

wan_failover_test_events

<section begin='wan_failover_test_events' />

Column Name Human Name Type Description
time_stamp Timestamp timestamp without time zone The time of the event
interface_id Interface ID integer This interface ID
name Interface Name text This name of the interface
description Text detail of the event text The description from the test rule
success Success boolean The result of the test (true if the test succeeded, false otherwise)
event_id Event ID bigint The unique event ID

<section end='wan_failover_test_events' /> ()

wan_failover_action_events

<section begin='wan_failover_action_events' />

Column Name Human Name Type Description
time_stamp Timestamp timestamp without time zone The time of the event
interface_id Interface ID integer This interface ID
action Action text This action (CONNECTED,DISCONNECTED)
os_name Interface O/S Name text This O/S name of the interface
name Interface Name text This name of the interface
event_id Event ID bigint The unique event ID

<section end='wan_failover_action_events' /> ()

directory_connector_login_events

<section begin='directory_connector_login_events' />

Column Name Human Name Type Description
time_stamp Timestamp timestamp without time zone The time of the event
login_name Login Name text The login name
domain Domain text The AD domain
type Type text The type of event (I=Login,U=Update,O=Logout)
client_addr Client Address inet The client IP address
login_type Login Type text The login type

<section end='directory_connector_login_events' /> ()

captive_portal_user_events

<section begin='captive_portal_user_events' />

Column Name Human Name Type Description
time_stamp Timestamp timestamp without time zone The time of the event
policy_id Policy ID bigint The policy
event_id Event ID bigint The unique event ID
login_name Login Name text The login username
event_info Event Type text The type of event (LOGIN, FAILED, TIMEOUT, INACTIVE, USER_LOGOUT, ADMIN_LOGOUT)
auth_type Authorization Type text The authorization type for this event
client_addr Client Address text The remote IP address of the client

<section end='captive_portal_user_events' /> ()

openvpn_stats

<section begin='openvpn_stats' />

Column Name Human Name Type Description
time_stamp Timestamp timestamp without time zone The time of the event
start_time Start Time timestamp without time zone The time the OpenVPN session started
end_time End Time timestamp without time zone The time the OpenVPN session ended
rx_bytes Bytes Received bigint The total bytes received from the client during this session
tx_bytes Bytes Sent bigint The total bytes sent to the client during this session
remote_address Remote Address inet The remote IP address of the client
pool_address Pool Address inet The pool IP address of the client
remote_port Remote Port integer The remote port of the client
client_name Client Name text The name of the client
event_id Event ID bigint The unique event ID

<section end='openvpn_stats' /> ()

openvpn_events

<section begin='openvpn_events' />

Column Name Human Name Type Description
time_stamp Timestamp timestamp without time zone The time of the event
remote_address Remote Address inet The remote IP address of the client
pool_address Pool Address inet The pool IP address of the client
client_name Client Name text The name of the client
type Type text The type of the event (CONNECT,DISCONNECT)

<section end='openvpn_events' /> ()