Event Definitions: Difference between revisions
No edit summary |
No edit summary |
||
(One intermediate revision by the same user not shown) | |||
Line 153: | Line 153: | ||
== | == PrioritizeEvent == | ||
<section begin=' | <section begin='PrioritizeEvent' /> | ||
These events are created by [[ | These events are created by the [[Bandwidth Control]] and update the [[Database_Schema#sessions|session]] table when a session is prioritized. | ||
{| border="1" cellpadding="2" width="90%" align="center" | {| border="1" cellpadding="2" width="90%" align="center" | ||
Line 162: | Line 162: | ||
! Type | ! Type | ||
! Description | ! Description | ||
getClass | getClass | ||
|- | |- | ||
Line 172: | Line 167: | ||
|Class | |Class | ||
|The class name | |The class name | ||
getPartitionTablePostfix | |||
getPriority | |||
|- | |- | ||
| | |priority | ||
| | |int | ||
|The | |The priority | ||
getRuleId | |||
|- | |- | ||
| | |ruleId | ||
|int | |int | ||
|The | |The rule ID | ||
getSessionEvent | |||
|- | |- | ||
| | |sessionEvent | ||
| | |SessionEvent | ||
|The | |The session event | ||
getTag | |||
getTimeStamp | |||
|- | |- | ||
| | |timeStamp | ||
|Timestamp | |||
|The timestamp | |||
|} | |||
<section end='PrioritizeEvent' /> | |||
== VirusFtpEvent == | |||
<section begin='VirusFtpEvent' /> | |||
These events are created by [[Virus Blocker]] and update the [[Database_Schema#ftp_events|ftp_events]] table when Virus Blocker scans an FTP transfer. | |||
{| border="1" cellpadding="2" width="90%" align="center" | |||
! Attribute Name | |||
! Type | |||
! Description | |||
getAppName | |||
|- | |||
|appName | |||
|String | |String | ||
|The | |The name of the application | ||
getClass | |||
|- | |- | ||
| | |class | ||
| | |Class | ||
|The | |The class name | ||
getClean | |||
|- | |- | ||
| | |clean | ||
|boolean | |boolean | ||
|True if | |True if clean, false otherwise | ||
getPartitionTablePostfix | |||
getSessionEvent | |||
|- | |- | ||
| | |sessionEvent | ||
| | |SessionEvent | ||
|The | |The session event | ||
getTag | getTag | ||
getTimeStamp | getTimeStamp | ||
|- | |- | ||
Line 239: | Line 229: | ||
|Timestamp | |Timestamp | ||
|The timestamp | |The timestamp | ||
getUri | |||
|- | |- | ||
| | |uri | ||
|String | |String | ||
|The | |The URI | ||
getVirusName | |||
|- | |||
|virusName | |||
|String | |||
|The virus name, if not clean | |||
|} | |} | ||
<section end=' | <section end='VirusFtpEvent' /> | ||
== | == VirusHttpEvent == | ||
<section begin=' | <section begin='VirusHttpEvent' /> | ||
These events are created by [[ | These events are created by [[Virus Blocker]] and update the [[Database_Schema#http_events|http_events]] table when Virus Blocker scans an HTTP transfer. | ||
{| border="1" cellpadding="2" width="90%" align="center" | {| border="1" cellpadding="2" width="90%" align="center" | ||
Line 257: | Line 252: | ||
! Type | ! Type | ||
! Description | ! Description | ||
getAppName | |||
|- | |- | ||
| | |appName | ||
| | |String | ||
|The | |The name of the application | ||
getClass | getClass | ||
|- | |- | ||
Line 267: | Line 262: | ||
|Class | |Class | ||
|The class name | |The class name | ||
getClean | |||
|- | |- | ||
| | |clean | ||
| | |boolean | ||
| | |True if clean, false otherwise | ||
getPartitionTablePostfix | getPartitionTablePostfix | ||
getRequestLine | |||
|- | |||
|requestLine | |||
|RequestLine | |||
|The request line | |||
getSessionEvent | getSessionEvent | ||
|- | |- | ||
Line 278: | Line 278: | ||
|SessionEvent | |SessionEvent | ||
|The session event | |The session event | ||
getTag | |||
getTimeStamp | |||
|- | |- | ||
|timeStamp | |||
|timeStamp | |||
|Timestamp | |Timestamp | ||
|The timestamp | |The timestamp | ||
getVirusName | |||
|- | |- | ||
| | |virusName | ||
|String | |String | ||
|The | |The virus name, if not clean | ||
|} | |} | ||
<section end=' | <section end='VirusHttpEvent' /> | ||
== | == VirusSmtpEvent == | ||
<section begin=' | <section begin='VirusSmtpEvent' /> | ||
These events are created by [[ | These events are created by [[Virus Blocker]] and update the [[Database_Schema#mail_msgs|mail_msgs]] table when Virus Blocker scans an email. | ||
{| border="1" cellpadding="2" width="90%" align="center" | {| border="1" cellpadding="2" width="90%" align="center" | ||
Line 307: | Line 302: | ||
! Type | ! Type | ||
! Description | ! Description | ||
getAction | |||
|- | |- | ||
| | |action | ||
| | |String | ||
|The | |The action | ||
getAppName | |||
|- | |- | ||
| | |appName | ||
| | |String | ||
|The | |The name of the application | ||
getClass | |||
getClass | |||
|- | |- | ||
|class | |class | ||
|Class | |Class | ||
|The class name | |The class name | ||
getClean | |||
|- | |- | ||
| | |clean | ||
| | |boolean | ||
| | |True if clean, false otherwise | ||
getMessageId | |||
|- | |- | ||
| | |messageId | ||
| | |Long | ||
|The | |The message ID | ||
getPartitionTablePostfix | getPartitionTablePostfix | ||
getTag | |||
getTimeStamp | |||
|- | |- | ||
| | |timeStamp | ||
| | |Timestamp | ||
|The | |The timestamp | ||
getVirusName | |||
|- | |- | ||
| | |virusName | ||
| | |String | ||
|The | |The virus name, if not clean | ||
|} | |} | ||
<section end=' | <section end='VirusSmtpEvent' /> | ||
== | == FirewallEvent == | ||
<section begin=' | <section begin='FirewallEvent' /> | ||
These events are created by [[ | These events are created by [[Firewall]] and update the [[Database_Schema#sessions|sessions]] table when a firewall rule matches a session. | ||
{| border="1" cellpadding="2" width="90%" align="center" | {| border="1" cellpadding="2" width="90%" align="center" | ||
Line 382: | Line 352: | ||
! Type | ! Type | ||
! Description | ! Description | ||
getBlocked | |||
|- | |- | ||
| | |blocked | ||
| | |boolean | ||
| | |True if blocked, false otherwise | ||
getClass | getClass | ||
|- | |- | ||
Line 392: | Line 362: | ||
|Class | |Class | ||
|The class name | |The class name | ||
getFlagged | |||
|- | |- | ||
| | |flagged | ||
| | |boolean | ||
| | |True if flagged, false otherwise | ||
getPartitionTablePostfix | getPartitionTablePostfix | ||
getRuleId | |||
|- | |||
|ruleId | |||
|long | |||
|The rule ID | |||
getSessionId | |||
|- | |- | ||
| | |sessionId | ||
| | |Long | ||
|The | |The session ID | ||
getTag | getTag | ||
getTimeStamp | getTimeStamp | ||
Line 409: | Line 384: | ||
|Timestamp | |Timestamp | ||
|The timestamp | |The timestamp | ||
|} | |} | ||
<section end=' | <section end='FirewallEvent' /> | ||
== | == OpenVpnStatusEvent == | ||
<section begin=' | <section begin='OpenVpnStatusEvent' /> | ||
These events are created by [[ | These events are created by [[OpenVPN]] and update the [[Database_Schema#openvpn_stats|openvpn_stats]] table periodically. | ||
{| border="1" cellpadding="2" width="90%" align="center" | {| border="1" cellpadding="2" width="90%" align="center" | ||
Line 427: | Line 397: | ||
! Type | ! Type | ||
! Description | ! Description | ||
getAddress | |||
|- | |- | ||
| | |address | ||
| | |InetAddress | ||
| | |The address | ||
getBytesRxDelta | |||
|- | |||
|bytesRxDelta | |||
|long | |||
|The delta number of RX (received) bytes from the previous event | |||
getBytesRxTotal | |||
|- | |||
|bytesRxTotal | |||
|long | |||
|The total number of RX (received) bytes | |||
getBytesTxDelta | |||
|- | |||
|bytesTxDelta | |||
|long | |||
|The delta number of TX (transmitted) bytes from the previous event | |||
getBytesTxTotal | |||
|- | |||
|bytesTxTotal | |||
|long | |||
|The total number of TX (transmitted) bytes | |||
getClass | getClass | ||
|- | |- | ||
Line 437: | Line 427: | ||
|Class | |Class | ||
|The class name | |The class name | ||
getClientName | |||
|- | |- | ||
| | |clientName | ||
|String | |String | ||
|The | |The client name | ||
getEnd | |||
|- | |- | ||
| | |end | ||
| | |Timestamp | ||
|The | |The end | ||
getPartitionTablePostfix | |||
getPoolAddress | |||
|- | |||
|poolAddress | |||
|InetAddress | |||
|The pool address | |||
getPort | |||
|- | |||
|port | |||
|int | |||
|The port | |||
getStart | |||
|- | |||
|start | |||
|Timestamp | |||
|The start | |||
getTag | getTag | ||
getTimeStamp | getTimeStamp | ||
Line 455: | Line 460: | ||
|The timestamp | |The timestamp | ||
|} | |} | ||
<section end=' | <section end='OpenVpnStatusEvent' /> | ||
== | == OpenVpnEvent == | ||
<section begin=' | <section begin='OpenVpnEvent' /> | ||
These events are created by [[ | These events are created by [[OpenVPN]] and update the [[Database_Schema#openvpn_events|openvpn_events]] table when OpenVPN processes a client action. | ||
{| border="1" cellpadding="2" width="90%" align="center" | {| border="1" cellpadding="2" width="90%" align="center" | ||
Line 467: | Line 472: | ||
! Type | ! Type | ||
! Description | ! Description | ||
getAddress | |||
|- | |- | ||
| | |address | ||
| | |InetAddress | ||
| | |The address | ||
getClass | getClass | ||
|- | |- | ||
Line 477: | Line 482: | ||
|Class | |Class | ||
|The class name | |The class name | ||
getClientName | |||
|- | |- | ||
| | |clientName | ||
| | |String | ||
| | |The client name | ||
getPartitionTablePostfix | getPartitionTablePostfix | ||
getPoolAddress | |||
|- | |- | ||
| | |poolAddress | ||
| | |InetAddress | ||
|The | |The pool address | ||
getTag | getTag | ||
getTimeStamp | getTimeStamp | ||
Line 499: | Line 499: | ||
|Timestamp | |Timestamp | ||
|The timestamp | |The timestamp | ||
getType | |||
|- | |||
|type | |||
|OpenVpnEvent$EventType | |||
|The type | |||
|} | |} | ||
<section end=' | <section end='OpenVpnEvent' /> | ||
== | == AdminLoginEvent == | ||
<section begin=' | <section begin='AdminLoginEvent' /> | ||
These events are created by the | These events are created by the base system and inserted to the [[Database_Schema#user_table_updates|admin_logins]] table when an administrator login is attempted or successful. | ||
{| border="1" cellpadding="2" width="90%" align="center" | {| border="1" cellpadding="2" width="90%" align="center" | ||
Line 517: | Line 522: | ||
|Class | |Class | ||
|The class name | |The class name | ||
getClientAddress | |||
|- | |- | ||
| | |clientAddress | ||
| | |InetAddress | ||
|The | |The client address | ||
getLocal | |||
|- | |||
|local | |||
|boolean | |||
|1 if login is done via local console, 0 otherwise | |||
getLogin | |||
|- | |||
|login | |||
|String | |||
|The login username | |||
getPartitionTablePostfix | |||
getReason | |||
|- | |- | ||
| | |reason | ||
| | |String | ||
|The | |The reason | ||
getSucceeded | |||
|- | |- | ||
| | |succeeded | ||
| | |boolean | ||
| | |1 if successful, 0 otherwise | ||
getTag | getTag | ||
getTimeStamp | getTimeStamp | ||
Line 540: | Line 555: | ||
|The timestamp | |The timestamp | ||
|} | |} | ||
<section end=' | <section end='AdminLoginEvent' /> | ||
== | == AlertEvent == | ||
<section begin=' | <section begin='AlertEvent' /> | ||
These events are created by [[ | These events are created by [[Reports]] and inserted to the [[Database_Schema#alerts|alerts]] table when an alert fires. | ||
{| border="1" cellpadding="2" width="90%" align="center" | {| border="1" cellpadding="2" width="90%" align="center" | ||
Line 552: | Line 567: | ||
! Type | ! Type | ||
! Description | ! Description | ||
getCausalRule | |||
|- | |- | ||
| | |causalRule | ||
| | |EventRule | ||
|The | |The causal rule | ||
getCause | |||
|- | |||
|cause | |||
|LogEvent | |||
|The cause | |||
getClass | getClass | ||
|- | |- | ||
Line 562: | Line 582: | ||
|Class | |Class | ||
|The class name | |The class name | ||
getDescription | |||
|- | |||
|description | |||
|String | |||
|The description | |||
getEventSent | |||
|- | |||
|eventSent | |||
|Boolean | |||
|True if the event was sent, false otherwise | |||
getJson | |||
|- | |||
|json | |||
|String | |||
|The JSON string | |||
getPartitionTablePostfix | getPartitionTablePostfix | ||
getSummaryText | |||
|- | |- | ||
| | |summaryText | ||
|String | |String | ||
|The | |The summary text | ||
getTag | getTag | ||
getTimeStamp | getTimeStamp | ||
Line 580: | Line 610: | ||
|The timestamp | |The timestamp | ||
|} | |} | ||
<section end=' | <section end='AlertEvent' /> | ||
== | == InterfaceStatEvent == | ||
<section begin=' | <section begin='InterfaceStatEvent' /> | ||
These events are created by | These events are created by the base system and inserted to the [[Database_Schema#settings_changes|interface_stat_events]] table periodically with interface stats. | ||
{| border="1" cellpadding="2" width="90%" align="center" | {| border="1" cellpadding="2" width="90%" align="center" | ||
Line 597: | Line 627: | ||
|Class | |Class | ||
|The class name | |The class name | ||
getInterfaceId | |||
|- | |- | ||
| | |interfaceId | ||
| | |int | ||
|The | |The interface ID | ||
getPartitionTablePostfix | getPartitionTablePostfix | ||
getRxBytes | |||
|- | |- | ||
| | |rxBytes | ||
| | |double | ||
|The | |The total of received bytes | ||
getRxRate | |||
|- | |- | ||
| | |rxRate | ||
| | |double | ||
|The | |The RX rate in byte/s | ||
getTag | getTag | ||
getTimeStamp | getTimeStamp | ||
Line 619: | Line 649: | ||
|Timestamp | |Timestamp | ||
|The timestamp | |The timestamp | ||
|} | getTxBytes | ||
<section end=' | |- | ||
|txBytes | |||
|double | |||
== | |The total of transmitted bytes | ||
<section begin=' | getTxRate | ||
|- | |||
|txRate | |||
|double | |||
|The TX rate in byte/s | |||
|} | |||
<section end='InterfaceStatEvent' /> | |||
== LogEvent == | |||
<section begin='LogEvent' /> | |||
These events | These base class for all events. | ||
{| border="1" cellpadding="2" width="90%" align="center" | {| border="1" cellpadding="2" width="90%" align="center" | ||
Line 632: | Line 672: | ||
! Type | ! Type | ||
! Description | ! Description | ||
getClass | getClass | ||
|- | |- | ||
Line 642: | Line 677: | ||
|Class | |Class | ||
|The class name | |The class name | ||
getPartitionTablePostfix | getPartitionTablePostfix | ||
getTag | getTag | ||
getTimeStamp | getTimeStamp | ||
Line 659: | Line 684: | ||
|Timestamp | |Timestamp | ||
|The timestamp | |The timestamp | ||
|} | |||
| | <section end='LogEvent' /> | ||
== SystemStatEvent == | |||
<section begin='SystemStatEvent' /> | |||
<section | |||
These events are created by the base system and inserted to the [[Database_Schema#server_events|server_events]] table periodically. | |||
These events are created by | |||
{| border="1" cellpadding="2" width="90%" align="center" | {| border="1" cellpadding="2" width="90%" align="center" | ||
Line 682: | Line 697: | ||
! Type | ! Type | ||
! Description | ! Description | ||
getActiveHosts | |||
|- | |- | ||
| | |activeHosts | ||
| | |int | ||
|The | |The active host count | ||
getClass | getClass | ||
|- | |- | ||
Line 692: | Line 707: | ||
|Class | |Class | ||
|The class name | |The class name | ||
getCpuSystem | |||
|- | |- | ||
| | |cpuSystem | ||
| | |float | ||
| | |The system CPU utilization | ||
getCpuUser | |||
|- | |- | ||
| | |cpuUser | ||
| | |float | ||
|The | |The user CPU utilization | ||
getDiskFree | |||
|- | |||
|diskFree | |||
|long | |||
|The amount of disk free | |||
getDiskFreePercent | |||
|- | |- | ||
| | |diskFreePercent | ||
| | |float | ||
|The | |The percentage of disk free | ||
getDiskTotal | |||
|- | |- | ||
| | |diskTotal | ||
| | |long | ||
|The | |The total size of the disk | ||
getDiskUsed | |||
|- | |- | ||
| | |diskUsed | ||
| | |long | ||
|The | |The amount of disk used | ||
getDiskUsedPercent | |||
|- | |- | ||
| | |diskUsedPercent | ||
| | |float | ||
|The | |The percentage of disk used | ||
getLoad1 | |||
|- | |- | ||
| | |load1 | ||
| | |float | ||
|The | |The 1-minute CPU load | ||
getLoad15 | |||
|- | |- | ||
| | |load15 | ||
| | |float | ||
|The | |The 15-minute CPU load | ||
getLoad5 | |||
|- | |- | ||
| | |load5 | ||
| | |float | ||
| | |The 5-minute CPU load | ||
getMemBuffers | |||
|- | |||
|memBuffers | |||
|long | |||
|The amount of memory used by buffers | |||
getMemCache | |||
|- | |- | ||
| | |memCache | ||
| | |long | ||
|The | |The amount of memory used by cache | ||
getMemFree | |||
|- | |- | ||
| | |memFree | ||
| | |long | ||
|The | |The amount of free memory | ||
getMemFreePercent | |||
|- | |- | ||
| | |memFreePercent | ||
| | |float | ||
|The | |The percentage of total memory that is free | ||
getMemTotal | |||
|- | |- | ||
| | |memTotal | ||
| | |long | ||
| | |The total amount of memory | ||
getMemUsed | |||
|- | |- | ||
| | |memUsed | ||
| | |long | ||
|The | |The amount of used memory | ||
getMemUsedPercent | |||
|- | |- | ||
| | |memUsedPercent | ||
| | |float | ||
| | |The percentage of total memory that is used | ||
getPartitionTablePostfix | getPartitionTablePostfix | ||
getSwapFree | |||
|- | |- | ||
| | |swapFree | ||
|long | |long | ||
|The | |The amount of free swap | ||
getSwapFreePercent | |||
|- | |||
|swapFreePercent | |||
|float | |||
|The percentage of total swap that is free | |||
getSwapTotal | |||
|- | |||
|swapTotal | |||
|long | |||
|The total size of swap | |||
getSwapUsed | |||
|- | |||
|swapUsed | |||
|long | |||
|The amount of used swap | |||
getSwapUsedPercent | |||
|- | |- | ||
| | |swapUsedPercent | ||
| | |float | ||
|The | |The percentage of total swap that is used | ||
getTag | getTag | ||
getTimeStamp | getTimeStamp | ||
Line 815: | Line 825: | ||
|The timestamp | |The timestamp | ||
|} | |} | ||
<section end=' | <section end='SystemStatEvent' /> | ||
== | == HostTableEvent == | ||
<section begin=' | <section begin='HostTableEvent' /> | ||
These events are created by | These events are created by the base system and inserted to the [[Database_Schema#host_table_updates|host_table_updates]] table when the host table is modified. | ||
{| border="1" cellpadding="2" width="90%" align="center" | {| border="1" cellpadding="2" width="90%" align="center" | ||
Line 832: | Line 842: | ||
|InetAddress | |InetAddress | ||
|The address | |The address | ||
getClass | |||
|- | |- | ||
|class | |||
|Class | |||
|class | |||
|Class | |||
|The class name | |The class name | ||
getKey | |||
|- | |- | ||
| | |key | ||
|String | |String | ||
|The | |The key | ||
getOldValue | |||
|- | |- | ||
| | |oldValue | ||
| | |String | ||
|The | |The old value | ||
getPartitionTablePostfix | getPartitionTablePostfix | ||
getTag | |||
getTimeStamp | |||
|- | |- | ||
| | |timeStamp | ||
|Timestamp | |Timestamp | ||
|The | |The timestamp | ||
getValue | |||
|- | |- | ||
| | |value | ||
| | |String | ||
|The | |The value | ||
|} | |} | ||
<section end=' | <section end='HostTableEvent' /> | ||
== | == DeviceTableEvent == | ||
<section begin=' | <section begin='DeviceTableEvent' /> | ||
These events are created by | These events are created by the base system and inserted to the [[Database_Schema#device_table_updates|device_table_updates]] table when the device list is modified. | ||
{| border="1" cellpadding="2" width="90%" align="center" | {| border="1" cellpadding="2" width="90%" align="center" | ||
Line 902: | Line 882: | ||
! Type | ! Type | ||
! Description | ! Description | ||
getClass | getClass | ||
|- | |- | ||
Line 912: | Line 887: | ||
|Class | |Class | ||
|The class name | |The class name | ||
getDevice | |||
|- | |- | ||
| | |device | ||
|DeviceTableEntry | |||
|The Device | |||
getKey | |||
|- | |||
|key | |||
|String | |||
|The key | |||
getMacAddress | |||
|- | |||
|macAddress | |||
|String | |||
|The MAC address | |||
getOldValue | |||
|- | |||
|oldValue | |||
|String | |String | ||
|The | |The old value | ||
getPartitionTablePostfix | getPartitionTablePostfix | ||
getTag | getTag | ||
getTimeStamp | getTimeStamp | ||
Line 929: | Line 914: | ||
|Timestamp | |Timestamp | ||
|The timestamp | |The timestamp | ||
getValue | |||
|- | |- | ||
| | |value | ||
| | |String | ||
|The | |The value | ||
|} | |} | ||
<section end=' | <section end='DeviceTableEvent' /> | ||
== | == SettingsChangesEvent == | ||
<section begin=' | <section begin='SettingsChangesEvent' /> | ||
These events are created by the base system and inserted to the [[Database_Schema# | These events are created by the base system and inserted to the [[Database_Schema#settings_changes|settings_changes]] table when settings are changed. | ||
{| border="1" cellpadding="2" width="90%" align="center" | {| border="1" cellpadding="2" width="90%" align="center" | ||
Line 952: | Line 937: | ||
|Class | |Class | ||
|The class name | |The class name | ||
getHostname | |||
|- | |- | ||
| | |hostname | ||
|String | |String | ||
|The | |The hostname | ||
getPartitionTablePostfix | getPartitionTablePostfix | ||
getSettingsFile | |||
|- | |- | ||
| | |settingsFile | ||
|String | |String | ||
|The | |The settings file | ||
getTag | getTag | ||
getTimeStamp | getTimeStamp | ||
Line 984: | Line 954: | ||
|Timestamp | |Timestamp | ||
|The timestamp | |The timestamp | ||
getUsername | |||
|- | |||
|username | |||
|String | |||
|The username | |||
|} | |} | ||
<section end=' | <section end='SettingsChangesEvent' /> | ||
== | == UserTableEvent == | ||
<section begin=' | <section begin='UserTableEvent' /> | ||
These events are created by | These events are created by the base system and inserted to the [[Database_Schema#user_table_updates|user_table_updates]] table when the user table is modified. | ||
{| border="1" cellpadding="2" width="90%" align="center" | {| border="1" cellpadding="2" width="90%" align="center" | ||
Line 997: | Line 972: | ||
! Type | ! Type | ||
! Description | ! Description | ||
getClass | getClass | ||
|- | |- | ||
Line 1,012: | Line 977: | ||
|Class | |Class | ||
|The class name | |The class name | ||
getKey | |||
|- | |- | ||
| | |key | ||
|String | |String | ||
|The | |The key | ||
getOldValue | |||
|- | |- | ||
| | |oldValue | ||
|String | |String | ||
|The | |The old value | ||
getPartitionTablePostfix | getPartitionTablePostfix | ||
getTag | getTag | ||
getTimeStamp | getTimeStamp | ||
Line 1,039: | Line 994: | ||
|Timestamp | |Timestamp | ||
|The timestamp | |The timestamp | ||
|} | getUsername | ||
<section end=' | |- | ||
|username | |||
|String | |||
|The username | |||
getValue | |||
|- | |||
|value | |||
|String | |||
|The value | |||
|} | |||
<section end='UserTableEvent' /> | |||
== | == SessionMinuteEvent == | ||
<section begin=' | <section begin='SessionMinuteEvent' /> | ||
These events are created by the base system and | These events are created by the base system and update the [[Database_Schema#sessions|session_minutes]] table each minute a session exists. | ||
{| border="1" cellpadding="2" width="90%" align="center" | {| border="1" cellpadding="2" width="90%" align="center" | ||
Line 1,052: | Line 1,017: | ||
! Type | ! Type | ||
! Description | ! Description | ||
getC2sBytes | |||
|- | |||
|c2sBytes | |||
|long | |||
|The number of bytes sent from the client to the server | |||
getClass | getClass | ||
|- | |- | ||
Line 1,057: | Line 1,027: | ||
|Class | |Class | ||
|The class name | |The class name | ||
getPartitionTablePostfix | getPartitionTablePostfix | ||
getS2cBytes | |||
|- | |- | ||
| | |s2cBytes | ||
| | |long | ||
|The | |The number of bytes sent from the server to the client | ||
getSessionId | |||
|- | |- | ||
| | |sessionId | ||
| | |long | ||
|The | |The session ID | ||
getTag | getTag | ||
getTimeStamp | getTimeStamp | ||
Line 1,079: | Line 1,044: | ||
|Timestamp | |Timestamp | ||
|The timestamp | |The timestamp | ||
|} | |} | ||
<section end=' | <section end='SessionMinuteEvent' /> | ||
== | == SessionEvent == | ||
<section begin=' | <section begin='SessionEvent' /> | ||
These base | These events are created by the base system and update the [[Database_Schema#sessions|sessions]] table each time a session is created. | ||
{| border="1" cellpadding="2" width="90%" align="center" | {| border="1" cellpadding="2" width="90%" align="center" | ||
Line 1,102: | Line 1,057: | ||
! Type | ! Type | ||
! Description | ! Description | ||
getCClientAddr | |||
|- | |- | ||
| | |CClientAddr | ||
| | |InetAddress | ||
|The | |The client-side (pre-NAT) client address | ||
getCClientPort | |||
|- | |- | ||
| | |CClientPort | ||
| | |Integer | ||
|The | |The client-side (pre-NAT) client port | ||
getCServerAddr | |||
|- | |- | ||
| | |CServerAddr | ||
| | |InetAddress | ||
|The | |The client-side (pre-NAT) server address | ||
getCServerPort | |||
|- | |- | ||
| | |CServerPort | ||
| | |Integer | ||
|The | |The client-side (pre-NAT) server port | ||
getSClientAddr | |||
|- | |- | ||
| | |SClientAddr | ||
| | |InetAddress | ||
|The | |The server-side (post-NAT) client address | ||
getSClientPort | |||
|- | |- | ||
| | |SClientPort | ||
| | |Integer | ||
|The | |The server-side (post-NAT) client port | ||
getSServerAddr | |||
|- | |- | ||
| | |SServerAddr | ||
| | |InetAddress | ||
|The | |The server-side (post-NAT) server address | ||
getSServerPort | |||
|- | |- | ||
| | |SServerPort | ||
| | |Integer | ||
|The | |The server-side (post-NAT) server port | ||
getBypassed | |||
|- | |- | ||
| | |bypassed | ||
| | |boolean | ||
| | |True if bypassed, false otherwise | ||
getClass | |||
|- | |- | ||
| | |class | ||
| | |Class | ||
|The | |The class name | ||
getClientCountry | |||
|- | |- | ||
| | |clientCountry | ||
| | |String | ||
|The | |The client country | ||
getClientIntf | |||
|- | |- | ||
| | |clientIntf | ||
| | |Integer | ||
|The | |The client interface ID | ||
getClientLatitude | |||
|- | |- | ||
| | |clientLatitude | ||
| | |Double | ||
|The | |The client latitude | ||
getClientLongitude | |||
|- | |- | ||
| | |clientLongitude | ||
| | |Double | ||
|The | |The client longitude | ||
getEntitled | |||
|- | |- | ||
| | |entitled | ||
| | |boolean | ||
|The | |The entitled status | ||
getFilterPrefix | |||
|- | |- | ||
| | |filterPrefix | ||
| | |String | ||
|The | |The filter prefix if blocked by the filter rules | ||
getHostname | |||
|- | |- | ||
| | |hostname | ||
| | |String | ||
|The | |The hostname | ||
getIcmpType | |||
|- | |- | ||
| | |icmpType | ||
| | |Short | ||
|The | |The ICMP type | ||
getLocalAddr | |||
|- | |- | ||
| | |localAddr | ||
| | |InetAddress | ||
|The | |The local host address | ||
getPartitionTablePostfix | |||
getPolicyId | |||
|- | |- | ||
| | |policyId | ||
| | |Integer | ||
|The | |The policy ID | ||
getPolicyRuleId | |||
|- | |- | ||
| | |policyRuleId | ||
| | |Integer | ||
|The | |The policy rule ID | ||
getProtocol | |||
|- | |- | ||
| | |protocol | ||
| | |Short | ||
|The | |The protocol | ||
getProtocolName | |||
|- | |- | ||
| | |protocolName | ||
| | |String | ||
|The | |The protocol name | ||
getRemoteAddr | |||
|- | |- | ||
| | |remoteAddr | ||
| | |InetAddress | ||
|The | |The remote host address | ||
getServerCountry | |||
|- | |||
|serverCountry | |||
|String | |||
|The server country | |||
getServerIntf | |||
|- | |||
|serverIntf | |||
|Integer | |||
|The server interface ID | |||
getServerLatitude | |||
|- | |||
|serverLatitude | |||
|Double | |||
|The server latitude | |||
getServerLongitude | |||
|- | |- | ||
| | |serverLongitude | ||
| | |Double | ||
|The | |The server longitude | ||
getSessionId | |||
|- | |- | ||
| | |sessionId | ||
| | |Long | ||
|The | |The session ID | ||
getTag | getTag | ||
getTimeStamp | getTagsString | ||
|- | |||
|tagsString | |||
|String | |||
|The string value of all tags | |||
getTimeStamp | |||
|- | |- | ||
|timeStamp | |timeStamp | ||
|Timestamp | |Timestamp | ||
|The timestamp | |The timestamp | ||
getUsername | |||
|- | |||
|username | |||
|String | |||
|The username | |||
|} | |} | ||
<section end=' | <section end='SessionEvent' /> | ||
== | == SessionStatsEvent == | ||
<section begin=' | <section begin='SessionStatsEvent' /> | ||
These events are created by the base system and update the [[Database_Schema#sessions| | These events are created by the base system and update the [[Database_Schema#sessions|sessions]] table when a session ends with the updated stats. | ||
{| border="1" cellpadding="2" width="90%" align="center" | {| border="1" cellpadding="2" width="90%" align="center" | ||
Line 1,267: | Line 1,232: | ||
! Type | ! Type | ||
! Description | ! Description | ||
getC2pBytes | |||
|- | |- | ||
| | |c2pBytes | ||
|long | |long | ||
|The number of bytes sent from the client to | |The number of bytes sent from the client to Untangle | ||
getClass | getClass | ||
|- | |- | ||
Line 1,277: | Line 1,242: | ||
|Class | |Class | ||
|The class name | |The class name | ||
getEndTime | |||
|- | |- | ||
| | |endTime | ||
|long | |long | ||
|The | |The end time/date | ||
getP2cBytes | |||
|- | |- | ||
| | |p2cBytes | ||
|long | |long | ||
|The session ID | |The number of bytes sent to the client from Untangle | ||
getTag | getP2sBytes | ||
|- | |||
|p2sBytes | |||
|long | |||
|The number of bytes sent to the server from Untangle | |||
getPartitionTablePostfix | |||
getS2pBytes | |||
|- | |||
|s2pBytes | |||
|long | |||
|The number of bytes sent from the server to Untangle | |||
getSessionEvent | |||
|- | |||
|sessionEvent | |||
|SessionEvent | |||
|The session event | |||
getSessionId | |||
|- | |||
|sessionId | |||
|Long | |||
|The session ID | |||
getTag | |||
getTimeStamp | getTimeStamp | ||
|- | |- | ||
Line 1,295: | Line 1,280: | ||
|The timestamp | |The timestamp | ||
|} | |} | ||
<section end=' | <section end='SessionStatsEvent' /> | ||
== | == SessionNatEvent == | ||
<section begin=' | <section begin='SessionNatEvent' /> | ||
These events are created by the base system and update the [[Database_Schema#sessions|sessions]] table each time a session is | These events are created by the base system and update the [[Database_Schema#sessions|sessions]] table each time a session is NATd with the post-NAT information. | ||
{| border="1" cellpadding="2" width="90%" align="center" | {| border="1" cellpadding="2" width="90%" align="center" | ||
Line 1,307: | Line 1,292: | ||
! Type | ! Type | ||
! Description | ! Description | ||
getSClientAddr | |||
|- | |- | ||
| | |SClientAddr | ||
|InetAddress | |InetAddress | ||
|The | |The server-side (post-NAT) client address | ||
getSClientPort | |||
|- | |- | ||
|SClientPort | |||
|SClientPort | |||
|Integer | |Integer | ||
|The server-side (post-NAT) client port | |The server-side (post-NAT) client port | ||
Line 1,347: | Line 1,312: | ||
|Integer | |Integer | ||
|The server-side (post-NAT) server port | |The server-side (post-NAT) server port | ||
getClass | getClass | ||
|- | |- | ||
Line 1,357: | Line 1,317: | ||
|Class | |Class | ||
|The class name | |The class name | ||
getPartitionTablePostfix | |||
getServerIntf | |||
|- | |- | ||
| | |serverIntf | ||
|Integer | |Integer | ||
|The | |The server interface ID | ||
getSessionEvent | |||
|- | |- | ||
| | |sessionEvent | ||
| | |SessionEvent | ||
|The | |The session event | ||
getTag | |||
getTimeStamp | |||
|- | |- | ||
| | |timeStamp | ||
| | |Timestamp | ||
|The | |The timestamp | ||
|} | |||
<section end='SessionNatEvent' /> | |||
== QuotaEvent == | |||
<section begin='QuotaEvent' /> | |||
These events are created by the [[Bandwidth Control]] and inserted or update the [[Database_Schema#quotas|quotas]] table when quotas are given or exceeded. | |||
{| border="1" cellpadding="2" width="90%" align="center" | |||
! Attribute Name | |||
! Type | |||
! Description | |||
getAction | |||
|- | |- | ||
| | |action | ||
| | |int | ||
|The | |The action (1=Quota Given, 2=Quota Exceeded) | ||
getClass | |||
|- | |- | ||
| | |class | ||
| | |Class | ||
|The | |The class name | ||
getEntity | |||
|- | |- | ||
| | |entity | ||
|String | |String | ||
|The | |The entity | ||
getPartitionTablePostfix | getPartitionTablePostfix | ||
getQuotaSize | |||
|- | |- | ||
| | |quotaSize | ||
| | |long | ||
|The | |The quota size | ||
getReason | |||
|- | |- | ||
| | |reason | ||
| | |String | ||
|The | |The reason | ||
getTag | |||
getTimeStamp | |||
|- | |- | ||
| | |timeStamp | ||
| | |Timestamp | ||
|The | |The timestamp | ||
|} | |||
<section end='QuotaEvent' /> | |||
== SmtpMessageAddressEvent == | |||
<section begin='SmtpMessageAddressEvent' /> | |||
These events are created by SMTP subsystem and inserted to the [[Database_Schema#mail_addrs|mail_addrs]] table for each address on each email. | |||
{| border="1" cellpadding="2" width="90%" align="center" | |||
! Attribute Name | |||
! Type | |||
! Description | |||
getAddr | |||
|- | |- | ||
| | |addr | ||
|String | |String | ||
|The | |The address | ||
getClass | |||
|- | |- | ||
| | |class | ||
| | |Class | ||
|The | |The class name | ||
getKind | |||
|- | |- | ||
| | |kind | ||
| | |AddressKind | ||
|The | |The type for this address (F=From, T=To, C=CC, G=Envelope From, B=Envelope To, X=Unknown) | ||
getMessageId | |||
|- | |- | ||
| | |messageId | ||
| | |Long | ||
|The | |The message ID | ||
getPartitionTablePostfix | |||
getPersonal | |||
|- | |- | ||
| | |personal | ||
| | |String | ||
| | |personal | ||
getTag | getTag | ||
getTimeStamp | getTimeStamp | ||
Line 1,459: | Line 1,424: | ||
|Timestamp | |Timestamp | ||
|The timestamp | |The timestamp | ||
|} | |||
<section end='SmtpMessageAddressEvent' /> | |||
|} | |||
<section end=' | |||
== | == SmtpMessageEvent == | ||
<section begin=' | <section begin='SmtpMessageEvent' /> | ||
These events are created by | These events are created by SMTP subsystem and inserted to the [[Database_Schema#mail_msgs|mail_msgs]] table for each email. | ||
{| border="1" cellpadding="2" width="90%" align="center" | {| border="1" cellpadding="2" width="90%" align="center" | ||
Line 1,477: | Line 1,437: | ||
! Type | ! Type | ||
! Description | ! Description | ||
getAddresses | |||
|- | |- | ||
| | |addresses | ||
| | |Set | ||
|The | |The addresses | ||
getClass | getClass | ||
|- | |- | ||
Line 1,487: | Line 1,447: | ||
|Class | |Class | ||
|The class name | |The class name | ||
getEnvelopeFromAddress | |||
|- | |- | ||
| | |envelopeFromAddress | ||
| | |String | ||
|The | |The envelop FROM address | ||
getEnvelopeToAddress | |||
|- | |- | ||
| | |envelopeToAddress | ||
| | |String | ||
|The | |The envelope TO address | ||
getMessageId | |||
|- | |- | ||
| | |messageId | ||
| | |Long | ||
|The | |The message ID | ||
getPartitionTablePostfix | getPartitionTablePostfix | ||
getReceiver | |||
|- | |||
|receiver | |||
|String | |||
|The receiver | |||
getSender | |||
|- | |||
|sender | |||
|String | |||
|The sender | |||
getSessionEvent | |||
|- | |- | ||
| | |sessionEvent | ||
| | |SessionEvent | ||
|The | |The session event | ||
getSessionId | getSessionId | ||
|- | |- | ||
Line 1,513: | Line 1,483: | ||
|Long | |Long | ||
|The session ID | |The session ID | ||
getSubject | |||
|- | |||
|subject | |||
|String | |||
|The subject | |||
getTag | getTag | ||
getTimeStamp | getTimeStamp | ||
Line 1,519: | Line 1,494: | ||
|Timestamp | |Timestamp | ||
|The timestamp | |The timestamp | ||
getTmpFile | |||
|- | |||
|tmpFile | |||
|File | |||
|The /tmp file | |||
|} | |} | ||
<section end=' | <section end='SmtpMessageEvent' /> | ||
== | == CaptureRuleEvent == | ||
<section begin=' | <section begin='CaptureRuleEvent' /> | ||
These events are created by | These events are created by [[Captive Portal]] and update the [[Database_Schema#sessions|sessions]] table when Captive Portal processes a session. | ||
{| border="1" cellpadding="2" width="90%" align="center" | {| border="1" cellpadding="2" width="90%" align="center" | ||
Line 1,532: | Line 1,512: | ||
! Type | ! Type | ||
! Description | ! Description | ||
getCaptured | |||
|- | |- | ||
| | |captured | ||
| | |boolean | ||
| | |True if captured, false otherwise | ||
getClass | getClass | ||
|- | |- | ||
Line 1,558: | Line 1,523: | ||
|The class name | |The class name | ||
getPartitionTablePostfix | getPartitionTablePostfix | ||
getRuleId | |||
|- | |- | ||
| | |ruleId | ||
|Integer | |Integer | ||
|The | |The rule ID | ||
getSessionEvent | |||
|- | |||
|sessionEvent | |||
|SessionEvent | |||
|The session event | |||
getTag | getTag | ||
getTimeStamp | getTimeStamp | ||
Line 1,570: | Line 1,540: | ||
|The timestamp | |The timestamp | ||
|} | |} | ||
<section end=' | <section end='CaptureRuleEvent' /> | ||
== | == CaptivePortalUserEvent == | ||
<section begin=' | <section begin='CaptivePortalUserEvent' /> | ||
These events are created by | These events are created by [[Captive Portal]] and inserted to the [[Database_Schema#captive_portal_user_events|captive_portal_user_events]] table when Captive Portal user takes an action. | ||
{| border="1" cellpadding="2" width="90%" align="center" | {| border="1" cellpadding="2" width="90%" align="center" | ||
Line 1,582: | Line 1,552: | ||
! Type | ! Type | ||
! Description | ! Description | ||
getAuthenticationType | |||
|- | |- | ||
| | |authenticationType | ||
| | |CaptivePortalSettings$AuthenticationType | ||
|The | |The authentication type | ||
getAuthenticationTypeValue | |||
|- | |- | ||
| | |authenticationTypeValue | ||
| | |String | ||
|The | |The authentication type as a string | ||
getClass | getClass | ||
|- | |- | ||
Line 1,597: | Line 1,567: | ||
|Class | |Class | ||
|The class name | |The class name | ||
getClientAddr | |||
|- | |- | ||
| | |clientAddr | ||
| | |String | ||
|The | |The client address | ||
getEvent | |||
|- | |- | ||
| | |event | ||
|String | |CaptivePortalUserEvent$EventType | ||
|The | |The event (LOGIN, FAILED, TIMEOUT, INACTIVE, USER_LOGOUT, ADMIN_LOGOUT) | ||
getEventValue | |||
|- | |||
|eventValue | |||
|String | |||
|The event value as a string (LOGIN, FAILED, TIMEOUT, INACTIVE, USER_LOGOUT, ADMIN_LOGOUT) | |||
getLoginName | |||
|- | |||
|loginName | |||
|String | |||
|The login name | |||
getPartitionTablePostfix | |||
getPolicyId | |||
|- | |||
|policyId | |||
|Integer | |||
|The policy ID | |||
getTag | getTag | ||
getTimeStamp | getTimeStamp | ||
Line 1,615: | Line 1,600: | ||
|The timestamp | |The timestamp | ||
|} | |} | ||
<section end=' | <section end='CaptivePortalUserEvent' /> | ||
== | == AdBlockerEvent == | ||
<section begin=' | <section begin='AdBlockerEvent' /> | ||
These events are created by | These events are created by [[Ad Blocker]] and update the [[Database_Schema#http_events|http_events]] table when an ad is blocked. | ||
{| border="1" cellpadding="2" width="90%" align="center" | {| border="1" cellpadding="2" width="90%" align="center" | ||
Line 1,627: | Line 1,612: | ||
! Type | ! Type | ||
! Description | ! Description | ||
getAction | |||
|- | |- | ||
| | |action | ||
| | |Action | ||
|The | |The action | ||
getClass | getClass | ||
|- | |- | ||
Line 1,637: | Line 1,622: | ||
|Class | |Class | ||
|The class name | |The class name | ||
getPartitionTablePostfix | |||
getReason | |||
|- | |- | ||
| | |reason | ||
|String | |String | ||
|The | |The reason | ||
getRequestId | |||
|- | |- | ||
| | |requestId | ||
| | |Long | ||
|The | |The request ID | ||
getTag | getTag | ||
getTimeStamp | getTimeStamp | ||
Line 1,654: | Line 1,639: | ||
|Timestamp | |Timestamp | ||
|The timestamp | |The timestamp | ||
|} | |} | ||
<section end=' | <section end='AdBlockerEvent' /> | ||
== | == CookieEvent == | ||
<section begin=' | <section begin='CookieEvent' /> | ||
These events are created by | These events are created by [[Ad Blocker]] and update the [[Database_Schema#http_events|http_events]] table when a cookie is blocked. | ||
{| border="1" cellpadding="2" width="90%" align="center" | {| border="1" cellpadding="2" width="90%" align="center" | ||
Line 1,677: | Line 1,657: | ||
|Class | |Class | ||
|The class name | |The class name | ||
getIdentification | |||
|- | |- | ||
| | |identification | ||
|String | |String | ||
|The | |The identification string | ||
getPartitionTablePostfix | |||
getRequestId | |||
|- | |- | ||
| | |requestId | ||
| | |Long | ||
|The | |The request ID | ||
getSessionEvent | |||
|- | |- | ||
| | |sessionEvent | ||
| | |SessionEvent | ||
|The | |The session event | ||
getTag | getTag | ||
getTimeStamp | getTimeStamp | ||
Line 1,704: | Line 1,679: | ||
|Timestamp | |Timestamp | ||
|The timestamp | |The timestamp | ||
|} | |} | ||
<section end=' | <section end='CookieEvent' /> | ||
== | == HttpRequestEvent == | ||
<section begin=' | <section begin='HttpRequestEvent' /> | ||
These events are created by | These events are created by HTTP subsystem and inserted to the [[Database_Schema#http_events|http_events]] table when a web request happens. | ||
{| border="1" cellpadding="2" width="90%" align="center" | {| border="1" cellpadding="2" width="90%" align="center" | ||
Line 1,727: | Line 1,697: | ||
|Class | |Class | ||
|The class name | |The class name | ||
getContentLength | |||
|- | |- | ||
| | |contentLength | ||
|String | |long | ||
|The | |The content length | ||
getDomain | |||
|- | |||
|domain | |||
|String | |||
|The domain | |||
getHost | |||
|- | |||
|host | |||
|String | |||
|The host | |||
getMethod | |||
|- | |||
|method | |||
|HttpMethod | |||
|The HTTP method | |||
getPartitionTablePostfix | getPartitionTablePostfix | ||
getReferer | |||
|- | |- | ||
| | |referer | ||
|String | |String | ||
|The | |The referer | ||
getRequestId | |||
|- | |||
|requestId | |||
|Long | |||
|The request ID | |||
getRequestUri | |||
|- | |||
|requestUri | |||
|URI | |||
|The request URI | |||
getSessionEvent | |||
|- | |||
|sessionEvent | |||
|SessionEvent | |||
|The session event | |||
getTag | getTag | ||
getTimeStamp | getTimeStamp | ||
Line 1,744: | Line 1,744: | ||
|Timestamp | |Timestamp | ||
|The timestamp | |The timestamp | ||
|} | |||
<section end='HttpRequestEvent' /> | |||
|} | |||
<section end=' | |||
== | == HttpResponseEvent == | ||
<section begin=' | <section begin='HttpResponseEvent' /> | ||
These events are created by | These events are created by HTTP subsystem and update the [[Database_Schema#http_events|http_events]] table when a web response happens. | ||
{| border="1" cellpadding="2" width="90%" align="center" | {| border="1" cellpadding="2" width="90%" align="center" | ||
Line 1,767: | Line 1,762: | ||
|Class | |Class | ||
|The class name | |The class name | ||
getContentFilename | |||
|- | |- | ||
| | |contentFilename | ||
|String | |String | ||
|The | |The content filename | ||
getContentLength | |||
|- | |||
|contentLength | |||
|long | |||
|The content length | |||
getContentType | |||
|- | |- | ||
| | |contentType | ||
|String | |String | ||
|The | |The content type | ||
getHttpRequestEvent | |||
|- | |||
|httpRequestEvent | |||
|HttpRequestEvent | |||
|The corresponding HTTP request event | |||
getPartitionTablePostfix | getPartitionTablePostfix | ||
getTag | getRequestLine | ||
getTimeStamp | |- | ||
|requestLine | |||
|RequestLine | |||
|The request line | |||
getTag | |||
getTimeStamp | |||
|- | |- | ||
|timeStamp | |timeStamp | ||
|Timestamp | |Timestamp | ||
|The timestamp | |The timestamp | ||
|} | |} | ||
<section end=' | <section end='HttpResponseEvent' /> | ||
== | == WebCacheEvent == | ||
<section begin=' | <section begin='WebCacheEvent' /> | ||
These events are created by | These events are created by [[Web Cache]] and inserted to the [[Database_Schema#web_cache_stats|web_cache_stats]] table periodically. | ||
{| border="1" cellpadding="2" width="90%" align="center" | {| border="1" cellpadding="2" width="90%" align="center" | ||
Line 1,807: | Line 1,807: | ||
! Type | ! Type | ||
! Description | ! Description | ||
getBypassCount | |||
|- | |- | ||
| | |bypassCount | ||
|long | |long | ||
|The number of | |The number of bypasses | ||
getClass | getClass | ||
|- | |- | ||
Line 1,817: | Line 1,817: | ||
|Class | |Class | ||
|The class name | |The class name | ||
getHitBytes | |||
|- | |- | ||
| | |hitBytes | ||
|long | |long | ||
|The number of bytes | |The number of bytes worth of hits | ||
getHitCount | |||
|- | |||
|hitCount | |||
|long | |||
|The number of hits | |||
getMissBytes | |||
|- | |||
|missBytes | |||
|long | |||
|The number of bytes worth of misses | |||
getMissCount | |||
|- | |||
|missCount | |||
|long | |||
|The number of misses | |||
getPartitionTablePostfix | |||
getPolicyId | |||
|- | |||
|policyId | |||
|Long | |||
|The policy ID | |||
getSystemCount | |||
|- | |- | ||
| | |systemCount | ||
|long | |long | ||
|The | |The number of system bypasses | ||
getTag | getTag | ||
getTimeStamp | getTimeStamp | ||
Line 1,835: | Line 1,855: | ||
|The timestamp | |The timestamp | ||
|} | |} | ||
<section end=' | <section end='WebCacheEvent' /> | ||
== | == TunnelVpnStatusEvent == | ||
<section begin=' | <section begin='TunnelVpnStatusEvent' /> | ||
These events are created by | These events are created by [[Tunnel VPN]] and inserted to the [[Database_Schema#tunnel_vpn_stats|tunnel_vpn_stats]] table periodically. | ||
{| border="1" cellpadding="2" width="90%" align="center" | {| border="1" cellpadding="2" width="90%" align="center" | ||
Line 1,847: | Line 1,867: | ||
! Type | ! Type | ||
! Description | ! Description | ||
getClass | |||
|- | |- | ||
| | |class | ||
| | |Class | ||
|The | |The class name | ||
getInBytes | |||
|- | |- | ||
| | |inBytes | ||
| | |long | ||
|The | |The number of bytes received from this tunnel | ||
getOutBytes | |||
|- | |- | ||
| | |outBytes | ||
| | |long | ||
|The | |The number of bytes sent in this tunnel | ||
getPartitionTablePostfix | |||
getTag | |||
getTimeStamp | |||
|- | |- | ||
| | |timeStamp | ||
| | |Timestamp | ||
|The | |The timestamp | ||
getTunnelName | |||
|- | |- | ||
| | |tunnelName | ||
| | |String | ||
|The | |The name of this tunnel | ||
|} | |||
<section end='TunnelVpnStatusEvent' /> | |||
| | |||
== TunnelVpnEvent == | |||
<section begin='TunnelVpnEvent' /> | |||
These events are created by [[Tunnel VPN]] and inserted to the [[Database_Schema#tunnel_vpn_events|tunnel_vpn_events]] table when a tunnel connection event occurs. | |||
| | {| border="1" cellpadding="2" width="90%" align="center" | ||
! Attribute Name | |||
| | ! Type | ||
! Description | |||
getClass | getClass | ||
|- | |- | ||
Line 1,897: | Line 1,912: | ||
|Class | |Class | ||
|The class name | |The class name | ||
getEventType | |||
|- | |- | ||
| | |eventType | ||
| | |TunnelVpnEvent$EventType | ||
|The | |The event type | ||
getLocalAddress | |||
|- | |- | ||
| | |localAddress | ||
| | |InetAddress | ||
|The | |The local host address | ||
getPartitionTablePostfix | |||
getServerAddress | |||
|- | |- | ||
| | |serverAddress | ||
| | |InetAddress | ||
|The | |The server address | ||
getTag | |||
getTimeStamp | |||
|- | |- | ||
| | |timeStamp | ||
| | |Timestamp | ||
|The | |The timestamp | ||
getTunnelName | |||
|- | |- | ||
| | |tunnelName | ||
|String | |String | ||
|The | |The name of this tunnel | ||
|} | |||
<section end='TunnelVpnEvent' /> | |||
== IntrusionPreventionLogEvent == | |||
<section begin='IntrusionPreventionLogEvent' /> | |||
These events are created by [[Intrusion Prevention]] and inserted to the [[Database_Schema#intrusion_prevention_events|intrusion_prevention_events]] table when a rule matches. | |||
{| border="1" cellpadding="2" width="90%" align="center" | |||
! Attribute Name | |||
! Type | |||
! Description | |||
getBlocked | |||
|- | |||
|blocked | |||
|boolean | |||
|True if blocked, false otherwise | |||
getCategory | |||
|- | |- | ||
| | |category | ||
|String | |String | ||
|The | |The category | ||
getClass | |||
|- | |- | ||
| | |class | ||
| | |Class | ||
|The | |The class name | ||
getClassificationId | |||
|- | |- | ||
| | |classificationId | ||
| | |long | ||
|The | |The classification ID | ||
getClasstype | |||
|- | |- | ||
| | |classtype | ||
| | |String | ||
|The | |The classtype | ||
getDportIcode | |||
|- | |- | ||
| | |dportIcode | ||
| | |int | ||
|The | |The dportIcode | ||
getEventId | |||
|- | |- | ||
| | |eventId | ||
| | |long | ||
|The | |The event ID | ||
getEventMicrosecond | |||
|- | |- | ||
| | |eventMicrosecond | ||
| | |long | ||
|The | |The event microsecond | ||
getEventSecond | |||
|- | |- | ||
| | |eventSecond | ||
| | |long | ||
|The | |The event second | ||
getEventType | |||
|- | |- | ||
| | |eventType | ||
| | |long | ||
|The | |The event type | ||
getGeneratorId | |||
|- | |- | ||
| | |generatorId | ||
| | |long | ||
|The | |The generator ID | ||
getImpact | |||
|- | |- | ||
| | |impact | ||
| | |short | ||
|The | |The impact | ||
getImpactFlag | |||
|- | |- | ||
| | |impactFlag | ||
| | |short | ||
|The | |The impact flag | ||
getIpDestination | |||
|- | |||
|ipDestination | |||
|InetAddress | |||
|The IP address destination | |||
getIpSource | |||
|- | |- | ||
| | |ipSource | ||
| | |InetAddress | ||
|The | |The IP address source | ||
getMplsLabel | |||
|- | |- | ||
| | |mplsLabel | ||
| | |long | ||
|The | |The mplsLabel | ||
getMsg | |||
|- | |- | ||
| | |msg | ||
|String | |String | ||
|The | |The msg | ||
| | getPadding | ||
|- | |||
|padding | |||
|int | |||
|The padding | |||
getPartitionTablePostfix | |||
getPriorityId | |||
|- | |- | ||
| | |priorityId | ||
|long | |long | ||
|The | |The priority ID | ||
getProtocol | |||
|- | |||
|protocol | |||
|short | |||
|The protocol | |||
getRid | |||
|- | |- | ||
| | |rid | ||
| | |String | ||
| | |Rule ID | ||
getSensorId | |||
|- | |- | ||
| | |sensorId | ||
|long | |long | ||
|The | |The sensor ID | ||
getSignatureId | |||
|- | |- | ||
| | |signatureId | ||
|long | |long | ||
|The | |The signature ID | ||
getSignatureRevision | |||
|- | |- | ||
| | |signatureRevision | ||
|long | |long | ||
|The | |The signature revision | ||
getSportItype | |||
|- | |- | ||
| | |sportItype | ||
| | |int | ||
|The | |The sportItype | ||
getTag | getTag | ||
getTimeStamp | getTimeStamp | ||
Line 2,069: | Line 2,084: | ||
|Timestamp | |Timestamp | ||
|The timestamp | |The timestamp | ||
getVlanId | |||
|- | |||
|vlanId | |||
|int | |||
|The VLAN Id | |||
|} | |} | ||
<section end=' | <section end='IntrusionPreventionLogEvent' /> | ||
== | == ApplicationControlLogEvent == | ||
<section begin=' | <section begin='ApplicationControlLogEvent' /> | ||
These events are created by | These events are created by [[Application Control]] and update the [[Database_Schema#sessions|sessions]] table when application control identifies a session. | ||
{| border="1" cellpadding="2" width="90%" align="center" | {| border="1" cellpadding="2" width="90%" align="center" | ||
Line 2,082: | Line 2,102: | ||
! Type | ! Type | ||
! Description | ! Description | ||
getApplication | |||
|- | |- | ||
| | |application | ||
| | |String | ||
|The | |The application | ||
getBlocked | |||
|- | |- | ||
| | |blocked | ||
| | |boolean | ||
| | |True if blocked, false otherwise | ||
getCategory | |||
|- | |- | ||
| | |category | ||
| | |String | ||
|The | |The category | ||
getClass | getClass | ||
|- | |- | ||
Line 2,107: | Line 2,122: | ||
|Class | |Class | ||
|The class name | |The class name | ||
getConfidence | |||
|- | |||
|confidence | |||
|Integer | |||
|The confidence (0-100) | |||
getDetail | |||
|- | |||
|detail | |||
|String | |||
|The details | |||
getFlagged | |||
|- | |||
|flagged | |||
|boolean | |||
|True if flagged, false otherwise | |||
getPartitionTablePostfix | getPartitionTablePostfix | ||
getProtochain | |||
|- | |||
|protochain | |||
|String | |||
|The protochain | |||
getRuleId | |||
|- | |- | ||
| | |ruleId | ||
|Integer | |Integer | ||
|The | |The rule ID | ||
getSessionEvent | getSessionEvent | ||
|- | |- | ||
Line 2,118: | Line 2,153: | ||
|SessionEvent | |SessionEvent | ||
|The session event | |The session event | ||
getState | |||
|- | |||
|state | |||
|Integer | |||
|The state | |||
getTag | getTag | ||
getTimeStamp | getTimeStamp | ||
Line 2,125: | Line 2,165: | ||
|The timestamp | |The timestamp | ||
|} | |} | ||
<section end=' | <section end='ApplicationControlLogEvent' /> | ||
== | == LoginEvent == | ||
<section begin=' | <section begin='LoginEvent' /> | ||
These events are created by | These events are created by [[Directory Connector]] and inserted to the [[Database_Schema#directory_connector_login_events|directory_connector_login_events]] table for each login. | ||
{| border="1" cellpadding="2" width="90%" align="center" | {| border="1" cellpadding="2" width="90%" align="center" | ||
Line 2,137: | Line 2,177: | ||
! Type | ! Type | ||
! Description | ! Description | ||
getClass | getClass | ||
|- | |- | ||
Line 2,147: | Line 2,182: | ||
|Class | |Class | ||
|The class name | |The class name | ||
getClientAddr | |||
|- | |||
|clientAddr | |||
|InetAddress | |||
|The client address | |||
getDomain | |||
|- | |||
|domain | |||
|String | |||
|The domain | |||
getEvent | |||
|- | |- | ||
| | |event | ||
|String | |String | ||
|The | |The event | ||
getLoginName | |||
|- | |- | ||
| | |loginName | ||
| | |String | ||
|The | |The login name | ||
getLoginType | |||
|- | |- | ||
| | |loginType | ||
|String | |String | ||
| | |W = Windows login, A=Active Directory, R=RADIUS, T=test | ||
getPartitionTablePostfix | |||
getTag | getTag | ||
getTimeStamp | getTimeStamp | ||
Line 2,170: | Line 2,215: | ||
|The timestamp | |The timestamp | ||
|} | |} | ||
<section end=' | <section end='LoginEvent' /> | ||
== | == WebFilterEvent == | ||
<section begin=' | <section begin='WebFilterEvent' /> | ||
These events are created by | These events are created by [[Web Filter]] and update the [[Database_Schema#http_events|http_events]] table when web filter processes a web request. | ||
{| border="1" cellpadding="2" width="90%" align="center" | {| border="1" cellpadding="2" width="90%" align="center" | ||
Line 2,182: | Line 2,227: | ||
! Type | ! Type | ||
! Description | ! Description | ||
getAppName | |||
|- | |||
|appName | |||
|String | |||
|The name of the application | |||
getBlocked | |||
|- | |||
|blocked | |||
|Boolean | |||
|True if blocked, false otherwise | |||
getCategory | |||
|- | |- | ||
| | |category | ||
|String | |String | ||
|The | |The category | ||
getCategoryId | |||
|- | |||
|categoryId | |||
|Integer | |||
|Numeric value of matching category | |||
getClass | getClass | ||
|- | |- | ||
Line 2,192: | Line 2,252: | ||
|Class | |Class | ||
|The class name | |The class name | ||
getFlagged | |||
|- | |- | ||
| | |flagged | ||
| | |Boolean | ||
|The | |True if flagged, false otherwise | ||
getPartitionTablePostfix | |||
getReason | |||
|- | |||
|reason | |||
|Reason | |||
|The reason | |||
getRequestLine | |||
|- | |- | ||
| | |requestLine | ||
| | |RequestLine | ||
|The | |The request line | ||
getRuleId | |||
|- | |||
|ruleId | |||
|Integer | |||
|The rule ID | |||
getSessionEvent | |||
|- | |- | ||
| | |sessionEvent | ||
| | |SessionEvent | ||
| | |The session event | ||
getTag | getTag | ||
getTimeStamp | getTimeStamp | ||
Line 2,215: | Line 2,285: | ||
|The timestamp | |The timestamp | ||
|} | |} | ||
<section end=' | <section end='WebFilterEvent' /> | ||
== | == WebFilterQueryEvent == | ||
<section begin=' | <section begin='WebFilterQueryEvent' /> | ||
These events are created by | These events are created by [[Web Filter]] and inserted to the [[Database_Schema#http_query_events|http_query_events]] table when web filter processes a search engine search. | ||
{| border="1" cellpadding="2" width="90%" align="center" | {| border="1" cellpadding="2" width="90%" align="center" | ||
Line 2,227: | Line 2,297: | ||
! Type | ! Type | ||
! Description | ! Description | ||
getAppName | |||
|- | |- | ||
| | |appName | ||
| | |String | ||
|The | |The name of the application | ||
getBlocked | |||
|- | |||
|blocked | |||
|Boolean | |||
|True if blocked, false otherwise | |||
getClass | getClass | ||
|- | |- | ||
Line 2,237: | Line 2,312: | ||
|Class | |Class | ||
|The class name | |The class name | ||
getContentLength | |||
|- | |||
|contentLength | |||
|long | |||
|The content length | |||
getFlagged | |||
|- | |- | ||
| | |flagged | ||
| | |Boolean | ||
| | |True if flagged, false otherwise | ||
getHost | |||
|- | |- | ||
| | |host | ||
|String | |String | ||
|The | |The host | ||
getMethod | |||
|- | |- | ||
| | |method | ||
| | |HttpMethod | ||
|The | |The method | ||
getPartitionTablePostfix | getPartitionTablePostfix | ||
getRequestId | |||
|- | |- | ||
| | |requestId | ||
| | |Long | ||
|The | |The request ID | ||
getRequestUri | |||
|- | |- | ||
| | |requestUri | ||
| | |URI | ||
|The | |The request URI | ||
getSessionEvent | getSessionEvent | ||
|- | |- | ||
Line 2,268: | Line 2,348: | ||
|SessionEvent | |SessionEvent | ||
|The session event | |The session event | ||
getTag | |||
getTerm | |||
|- | |- | ||
| | |term | ||
|String | |String | ||
|The | |The search term/phrase | ||
getTimeStamp | getTimeStamp | ||
|- | |- | ||
Line 2,284: | Line 2,359: | ||
|Timestamp | |Timestamp | ||
|The timestamp | |The timestamp | ||
|} | |} | ||
<section end=' | <section end='WebFilterQueryEvent' /> | ||
== | == WanFailoverTestEvent == | ||
<section begin=' | <section begin='WanFailoverTestEvent' /> | ||
These events are created by [[ | These events are created by [[WAN Failover]] and inserted to the [[Database_Schema#wan_failover_test_events|wan_failover_test_events]] table when a test is run. | ||
{| border="1" cellpadding="2" width="90%" align="center" | {| border="1" cellpadding="2" width="90%" align="center" | ||
Line 2,302: | Line 2,372: | ||
! Type | ! Type | ||
! Description | ! Description | ||
getClass | getClass | ||
|- | |- | ||
Line 2,312: | Line 2,377: | ||
|Class | |Class | ||
|The class name | |The class name | ||
getDescription | |||
|- | |||
|description | |||
|String | |||
|The description | |||
getInterfaceId | |||
|- | |- | ||
| | |interfaceId | ||
| | |int | ||
|The | |The interface ID | ||
getName | |||
|- | |- | ||
| | |name | ||
| | |String | ||
|The | |The test name | ||
getOsName | |||
|- | |- | ||
|timeStamp | |osName | ||
|Timestamp | |String | ||
|The timestamp | |The O/S interface name | ||
|} | getPartitionTablePostfix | ||
<section end=' | getSuccess | ||
|- | |||
|success | |||
|Boolean | |||
|True if successful, false otherwise | |||
getTag | |||
getTimeStamp | |||
|- | |||
|timeStamp | |||
|Timestamp | |||
|The timestamp | |||
|} | |||
<section end='WanFailoverTestEvent' /> | |||
== | == WanFailoverEvent == | ||
<section begin=' | <section begin='WanFailoverEvent' /> | ||
These events are created by [[ | These events are created by [[WAN Failover]] and inserted to the [[Database_Schema#wan_failover_action_events|wan_failover_action_events]] table when WAN Failover takes an action. | ||
{| border="1" cellpadding="2" width="90%" align="center" | {| border="1" cellpadding="2" width="90%" align="center" | ||
Line 2,342: | Line 2,422: | ||
! Type | ! Type | ||
! Description | ! Description | ||
getAction | |||
|- | |- | ||
| | |action | ||
| | |WanFailoverEvent$Action | ||
|The | |The action | ||
getClass | getClass | ||
|- | |- | ||
Line 2,357: | Line 2,432: | ||
|Class | |Class | ||
|The class name | |The class name | ||
getInterfaceId | |||
|- | |- | ||
| | |interfaceId | ||
| | |int | ||
|The | |The interface ID | ||
getName | |||
|- | |- | ||
| | |name | ||
|String | |String | ||
|The | |The name | ||
getOsName | |||
|- | |- | ||
| | |osName | ||
|String | |String | ||
|The | |The O/S interface name | ||
getPartitionTablePostfix | getPartitionTablePostfix | ||
getTag | getTag | ||
getTimeStamp | getTimeStamp | ||
Line 2,390: | Line 2,455: | ||
|The timestamp | |The timestamp | ||
|} | |} | ||
<section end=' | <section end='WanFailoverEvent' /> | ||
== | == ThreatPreventionEvent == | ||
<section begin=' | <section begin='ThreatPreventionEvent' /> | ||
These events are created by [[ | These events are created by [[Threat Prevention]] and inserted to the [[Database_Schema#sessions|sessions]] table for each threat lookup. | ||
{| border="1" cellpadding="2" width="90%" align="center" | {| border="1" cellpadding="2" width="90%" align="center" | ||
Line 2,402: | Line 2,467: | ||
! Type | ! Type | ||
! Description | ! Description | ||
getBlocked | |||
|- | |- | ||
| | |blocked | ||
| | |boolean | ||
| | |True if blocked, false otherwise | ||
getClass | getClass | ||
|- | |- | ||
Line 2,412: | Line 2,477: | ||
|Class | |Class | ||
|The class name | |The class name | ||
getClientCategories | |||
|- | |||
|clientCategories | |||
|int | |||
|Client threat categories | |||
getClientReputation | |||
|- | |||
|clientReputation | |||
|int | |||
|Client threat reputation | |||
getFlagged | |||
|- | |||
|flagged | |||
|boolean | |||
|True if flagged, false otherwise | |||
getPartitionTablePostfix | getPartitionTablePostfix | ||
getRuleId | |||
|- | |||
|ruleId | |||
|long | |||
|The rule ID | |||
getServerCategories | |||
|- | |||
|serverCategories | |||
|int | |||
|Server threat categories | |||
getServerReputation | |||
|- | |- | ||
| | |serverReputation | ||
| | |int | ||
| | |Server threat reputation | ||
getSessionId | |||
|- | |- | ||
| | |sessionId | ||
|Long | |Long | ||
|The | |The session ID | ||
getTag | getTag | ||
getTimeStamp | getTimeStamp | ||
Line 2,430: | Line 2,520: | ||
|The timestamp | |The timestamp | ||
|} | |} | ||
<section end=' | <section end='ThreatPreventionEvent' /> | ||
== | == ThreatPreventionHttpEvent == | ||
<section begin=' | <section begin='ThreatPreventionHttpEvent' /> | ||
These events are created by [[ | These events are created by [[Threat Prevention]] and inserted to the [[Database_Schema#http_events|http_events]] table for each threat lookup. | ||
{| border="1" cellpadding="2" width="90%" align="center" | {| border="1" cellpadding="2" width="90%" align="center" | ||
Line 2,442: | Line 2,532: | ||
! Type | ! Type | ||
! Description | ! Description | ||
getBlocked | |||
|- | |- | ||
|class | |blocked | ||
|Boolean | |||
|True if blocked, false otherwise | |||
getCategories | |||
|- | |||
|categories | |||
|Integer | |||
|Server threat categories | |||
getClass | |||
|- | |||
|class | |||
|Class | |Class | ||
|The class name | |The class name | ||
getFlagged | |||
|- | |- | ||
| | |flagged | ||
| | |Boolean | ||
| | |True if flagged, false otherwise | ||
getPartitionTablePostfix | getPartitionTablePostfix | ||
getReputation | |||
|- | |||
|reputation | |||
|Integer | |||
|Server threat reputation | |||
getRequestLine | |||
|- | |||
|requestLine | |||
|RequestLine | |||
|The request line | |||
getRuleId | |||
|- | |- | ||
| | |ruleId | ||
| | |Integer | ||
|The | |The rule ID | ||
getSessionEvent | getSessionEvent | ||
|- | |- | ||
Line 2,470: | Line 2,580: | ||
|The timestamp | |The timestamp | ||
|} | |} | ||
<section end=' | <section end='ThreatPreventionHttpEvent' /> | ||
== | == SpamLogEvent == | ||
<section begin=' | <section begin='SpamLogEvent' /> | ||
These events are created by | These events are created by [[Spam Blocker]] and update the [[Database_Schema#mail_msgs|mail_msgs]] table when an email is scanned. | ||
{| border="1" cellpadding="2" width="90%" align="center" | {| border="1" cellpadding="2" width="90%" align="center" | ||
Line 2,482: | Line 2,592: | ||
! Type | ! Type | ||
! Description | ! Description | ||
getClass | getAction | ||
|- | |||
|action | |||
|SpamMessageAction | |||
|The action | |||
getClass | |||
|- | |- | ||
|class | |class | ||
|Class | |Class | ||
|The class name | |The class name | ||
getClientAddr | |||
|- | |- | ||
| | |clientAddr | ||
| | |InetAddress | ||
|The | |The client address | ||
getClientPort | |||
|- | |- | ||
| | |clientPort | ||
| | |int | ||
|The | |The client port | ||
getMessageId | |||
|- | |- | ||
| | |messageId | ||
| | |Long | ||
|The | |The message ID | ||
getPartitionTablePostfix | getPartitionTablePostfix | ||
getReceiver | |||
|- | |- | ||
| | |receiver | ||
|String | |String | ||
|The | |The receiver | ||
getScore | |||
|- | |||
|score | |||
|float | |||
|The score | |||
getSender | |||
|- | |- | ||
| | |sender | ||
| | |String | ||
|The | |The sender | ||
getServerAddr | |||
|- | |- | ||
| | |serverAddr | ||
| | |InetAddress | ||
|The | |The server address | ||
getServerPort | |||
|- | |- | ||
| | |serverPort | ||
| | |int | ||
|The | |The server port | ||
getSmtpMessageEvent | |||
|- | |- | ||
|timeStamp | |smtpMessageEvent | ||
|Timestamp | |SmtpMessageEvent | ||
|The timestamp | |The parent SMTP message event | ||
|} | isSpam | ||
<section end=' | |- | ||
|isSpam | |||
|boolean | |||
|True if spam, false otherwise | |||
getSubject | |||
|- | |||
|subject | |||
|String | |||
|The subject | |||
getTag | |||
getTestsString | |||
|- | |||
|testsString | |||
|String | |||
|The tests string from the spam engine | |||
getTimeStamp | |||
|- | |||
|timeStamp | |||
|Timestamp | |||
|The timestamp | |||
getVendorName | |||
|- | |||
|vendorName | |||
|String | |||
|The application name | |||
|} | |||
<section end='SpamLogEvent' /> | |||
== | == SpamSmtpTarpitEvent == | ||
<section begin=' | <section begin='SpamSmtpTarpitEvent' /> | ||
These events are created by | These events are created by [[Spam Blocker]] and inserted to the [[Database_Schema#smtp_tarpit_events|smtp_tarpit_events]] table when a session is tarpitted. | ||
{| border="1" cellpadding="2" width="90%" align="center" | {| border="1" cellpadding="2" width="90%" align="center" | ||
Line 2,547: | Line 2,687: | ||
! Type | ! Type | ||
! Description | ! Description | ||
getIPAddr | |||
|- | |||
|IPAddr | |||
|InetAddress | |||
|The IP address | |||
getClass | getClass | ||
|- | |- | ||
Line 2,552: | Line 2,697: | ||
|Class | |Class | ||
|The class name | |The class name | ||
getHostname | |||
|- | |- | ||
| | |hostname | ||
|String | |String | ||
|The | |The hostname | ||
getPartitionTablePostfix | |||
getSessionEvent | |||
|- | |- | ||
| | |sessionEvent | ||
| | |SessionEvent | ||
|The | |The session event | ||
getSessionId | |||
|- | |- | ||
| | |sessionId | ||
| | |Long | ||
|The | |The session ID | ||
getTag | |||
getTimeStamp | |||
|- | |- | ||
| | |timeStamp | ||
| | |Timestamp | ||
|The | |The timestamp | ||
getVendorName | |||
|- | |- | ||
| | |vendorName | ||
| | |String | ||
|The | |The application name | ||
|} | |} | ||
<section end=' | <section end='SpamSmtpTarpitEvent' /> | ||
== | == ConfigurationBackupEvent == | ||
<section begin=' | <section begin='ConfigurationBackupEvent' /> | ||
These events are created by [[ | These events are created by [[Configuration Backup]] and inserted to the [[Database_Schema#configuratio_backup_events|configuratio_backup_events]] table when a backup occurs. | ||
{| border="1" cellpadding="2" width="90%" align="center" | {| border="1" cellpadding="2" width="90%" align="center" | ||
Line 2,597: | Line 2,737: | ||
! Type | ! Type | ||
! Description | ! Description | ||
getClass | getClass | ||
|- | |- | ||
Line 2,607: | Line 2,742: | ||
|Class | |Class | ||
|The class name | |The class name | ||
getDestination | |||
|- | |- | ||
| | |destination | ||
| | |String | ||
|The | |The destination | ||
getDetail | |||
|- | |- | ||
| | |detail | ||
| | |String | ||
|The | |The details | ||
getPartitionTablePostfix | getPartitionTablePostfix | ||
getSuccess | |||
|- | |- | ||
| | |success | ||
| | |boolean | ||
| | |True if successful, false otherwise | ||
getTag | getTag | ||
getTimeStamp | getTimeStamp | ||
Line 2,645: | Line 2,765: | ||
|The timestamp | |The timestamp | ||
|} | |} | ||
<section end=' | <section end='ConfigurationBackupEvent' /> | ||
== | == TunnelStatusEvent == | ||
<section begin=' | <section begin='TunnelStatusEvent' /> | ||
These events are created by [[ | These events are created by [[IPsec VPN]] and inserted to the [[Database_Schema#ipsec_tunnel_stats|ipsec_tunnel_stats]] table periodically. | ||
{| border="1" cellpadding="2" width="90%" align="center" | {| border="1" cellpadding="2" width="90%" align="center" | ||
Line 2,685: | Line 2,805: | ||
|The name of this tunnel | |The name of this tunnel | ||
|} | |} | ||
<section end=' | <section end='TunnelStatusEvent' /> | ||
== | == IpsecVpnEvent == | ||
<section begin=' | <section begin='IpsecVpnEvent' /> | ||
These events are created by [[ | These events are created by [[IPsec VPN]] and inserted to the [[Database_Schema#ipsec_vpn_events|ipsec_vpn_events]] table when IPsec connection event occurs. | ||
{| border="1" cellpadding="2" width="90%" align="center" | {| border="1" cellpadding="2" width="90%" align="center" | ||
Line 2,705: | Line 2,825: | ||
|- | |- | ||
|eventType | |eventType | ||
| | |IpsecVpnEvent$EventType | ||
|The event type | |The event type | ||
getLocalAddress | getLocalAddress | ||
|- | |- | ||
|localAddress | |localAddress | ||
| | |String | ||
|The local host address | |The local host address | ||
getPartitionTablePostfix | getPartitionTablePostfix | ||
getRemoteAddress | |||
|- | |- | ||
| | |remoteAddress | ||
| | |String | ||
|The | |The remote host address | ||
getTag | getTag | ||
getTimeStamp | getTimeStamp | ||
Line 2,724: | Line 2,844: | ||
|Timestamp | |Timestamp | ||
|The timestamp | |The timestamp | ||
getTunnelDescription | |||
|- | |- | ||
| | |tunnelDescription | ||
|String | |String | ||
| | |Description of tunnel | ||
|} | |} | ||
<section end=' | <section end='IpsecVpnEvent' /> | ||
== | == VirtualUserEvent == | ||
<section begin=' | <section begin='VirtualUserEvent' /> | ||
These events are created by [[ | These events are created by [[IPsec VPN]] and inserted to the [[Database_Schema#ipsec_user_events|ipsec_user_events]] table when a user event occurs. | ||
{| border="1" cellpadding="2" width="90%" align="center" | {| border="1" cellpadding="2" width="90%" align="center" | ||
Line 2,742: | Line 2,862: | ||
! Type | ! Type | ||
! Description | ! Description | ||
getClass | |||
|- | |- | ||
| | |class | ||
| | |Class | ||
| | |The class name | ||
getClientAddress | |||
|- | |||
|clientAddress | |||
|InetAddress | |||
|The client address | |||
getClientProtocol | |||
|- | |- | ||
| | |clientProtocol | ||
|String | |String | ||
|The | |The client protocol | ||
getClientUsername | |||
|- | |- | ||
| | |clientUsername | ||
| | |String | ||
|The | |The client username | ||
getElapsedTime | |||
|- | |- | ||
| | |elapsedTime | ||
|String | |String | ||
|The | |The elapsed time | ||
getEventId | getEventId | ||
|- | |- | ||
|eventId | |eventId | ||
| | |Long | ||
|The event ID | |The event ID | ||
getNetInterface | |||
|- | |- | ||
| | |netInterface | ||
| | |String | ||
|The | |The net interface | ||
getNetProcess | |||
|- | |- | ||
| | |netProcess | ||
| | |String | ||
|The | |The net process | ||
getNetRXbytes | |||
|- | |- | ||
| | |netRXbytes | ||
| | |Long | ||
|The | |The number of RX (received) bytes | ||
getNetTXbytes | |||
|- | |- | ||
| | |netTXbytes | ||
| | |Long | ||
|The | |The number of TX (transmitted) bytes | ||
getPartitionTablePostfix | |||
getTag | |||
getTimeStamp | |||
|- | |- | ||
| | |timeStamp | ||
| | |Timestamp | ||
|The | |The timestamp | ||
|} | |||
<section end='VirtualUserEvent' /> | |||
== SslInspectorLogEvent == | |||
<section begin='SslInspectorLogEvent' /> | |||
These events are created by [[SSL Inspector]] and update the [[Database_Schema#sessions|sessions]] table when a session is processed by SSL Inspector. | |||
{| border="1" cellpadding="2" width="90%" align="center" | |||
! Attribute Name | |||
! Type | |||
! Description | |||
getClass | |||
|- | |- | ||
| | |class | ||
| | |Class | ||
|The | |The class name | ||
getDetail | |||
|- | |- | ||
| | |detail | ||
| | |String | ||
|The | |The details | ||
getPartitionTablePostfix | |||
getRuleId | |||
|- | |- | ||
| | |ruleId | ||
| | |Integer | ||
|The | |The rule ID | ||
getSessionEvent | |||
|- | |- | ||
| | |sessionEvent | ||
| | |SessionEvent | ||
|The | |The session event | ||
getStatus | |||
|- | |- | ||
| | |status | ||
|String | |String | ||
|The | |The status | ||
getTag | |||
getTimeStamp | |||
|- | |- | ||
| | |timeStamp | ||
| | |Timestamp | ||
|The | |The timestamp | ||
|} | |||
<section end='SslInspectorLogEvent' /> | |||
|- | |||
| | |||
| | == ApplicationControlLiteEvent == | ||
|The | <section begin='ApplicationControlLiteEvent' /> | ||
These events are created by [[Application Control Lite]] and update the [[Database_Schema#sessions|sessions]] table when application control lite identifies a session. | |||
{| border="1" cellpadding="2" width="90%" align="center" | |||
! Attribute Name | |||
! Type | |||
! Description | |||
getBlocked | |||
|- | |||
|blocked | |||
|boolean | |||
|True if blocked, false otherwise | |||
getClass | |||
|- | |||
|class | |||
|Class | |||
|The class name | |||
getPartitionTablePostfix | |||
getProtocol | getProtocol | ||
|- | |- | ||
|protocol | |protocol | ||
| | |String | ||
|The protocol | |The protocol | ||
getSessionId | |||
|- | |- | ||
| | |sessionId | ||
| | |Long | ||
| | |The session ID | ||
getTag | |||
getTimeStamp | |||
|- | |- | ||
|timeStamp | |||
|Timestamp | |||
|The timestamp | |||
|timeStamp | |||
|Timestamp | |||
|The timestamp | |||
|} | |} | ||
<section end=' | <section end='ApplicationControlLiteEvent' /> | ||
} | |||
Latest revision as of 15:36, 9 February 2020
All event data is stored in the Database Schema in a relational database. As Untangle and applications process traffic they create Event objects that add and modify content in the database. Each event has it's own class/object with certain fields that modify the database in a certain way.
The list below shows the classes used in the event logging and the attributes of each event object. These can be used to add alerts in Reports or for other event handling within Untangle.
SpamLogEvent
<section begin='SpamLogEvent' />
These events are created by Spam Blocker and update the mail_msgs table when an email is scanned.
Attribute Name | Type | Description
getAction |
---|---|---|
action | SpamMessageAction | The action
getClass |
class | Class | The class name
getClientAddr |
clientAddr | InetAddress | The client address
getClientPort |
clientPort | int | The client port
getMessageId |
messageId | Long | The message ID
getPartitionTablePostfix getReceiver |
receiver | String | The receiver
getScore |
score | float | The score
getSender |
sender | String | The sender
getServerAddr |
serverAddr | InetAddress | The server address
getServerPort |
serverPort | int | The server port
getSmtpMessageEvent |
smtpMessageEvent | SmtpMessageEvent | The parent SMTP message event
isSpam |
isSpam | boolean | True if spam, false otherwise
getSubject |
subject | String | The subject
getTag getTestsString |
testsString | String | The tests string from the spam engine
getTimeStamp |
timeStamp | Timestamp | The timestamp
getVendorName |
vendorName | String | The application name |
<section end='SpamLogEvent' />
SpamSmtpTarpitEvent
<section begin='SpamSmtpTarpitEvent' />
These events are created by Spam Blocker and inserted to the smtp_tarpit_events table when a session is tarpitted.
Attribute Name | Type | Description
getIPAddr |
---|---|---|
IPAddr | InetAddress | The IP address
getClass |
class | Class | The class name
getHostname |
hostname | String | The hostname
getPartitionTablePostfix getSessionEvent |
sessionEvent | SessionEvent | The session event
getSessionId |
sessionId | Long | The session ID
getTag getTimeStamp |
timeStamp | Timestamp | The timestamp
getVendorName |
vendorName | String | The application name |
<section end='SpamSmtpTarpitEvent' />
PrioritizeEvent
<section begin='PrioritizeEvent' />
These events are created by the Bandwidth Control and update the session table when a session is prioritized.
Attribute Name | Type | Description
getClass |
---|---|---|
class | Class | The class name
getPartitionTablePostfix getPriority |
priority | int | The priority
getRuleId |
ruleId | int | The rule ID
getSessionEvent |
sessionEvent | SessionEvent | The session event
getTag getTimeStamp |
timeStamp | Timestamp | The timestamp |
<section end='PrioritizeEvent' />
VirusFtpEvent
<section begin='VirusFtpEvent' />
These events are created by Virus Blocker and update the ftp_events table when Virus Blocker scans an FTP transfer.
Attribute Name | Type | Description
getAppName |
---|---|---|
appName | String | The name of the application
getClass |
class | Class | The class name
getClean |
clean | boolean | True if clean, false otherwise
getPartitionTablePostfix getSessionEvent |
sessionEvent | SessionEvent | The session event
getTag getTimeStamp |
timeStamp | Timestamp | The timestamp
getUri |
uri | String | The URI
getVirusName |
virusName | String | The virus name, if not clean |
<section end='VirusFtpEvent' />
VirusHttpEvent
<section begin='VirusHttpEvent' />
These events are created by Virus Blocker and update the http_events table when Virus Blocker scans an HTTP transfer.
Attribute Name | Type | Description
getAppName |
---|---|---|
appName | String | The name of the application
getClass |
class | Class | The class name
getClean |
clean | boolean | True if clean, false otherwise
getPartitionTablePostfix getRequestLine |
requestLine | RequestLine | The request line
getSessionEvent |
sessionEvent | SessionEvent | The session event
getTag getTimeStamp |
timeStamp | Timestamp | The timestamp
getVirusName |
virusName | String | The virus name, if not clean |
<section end='VirusHttpEvent' />
VirusSmtpEvent
<section begin='VirusSmtpEvent' />
These events are created by Virus Blocker and update the mail_msgs table when Virus Blocker scans an email.
Attribute Name | Type | Description
getAction |
---|---|---|
action | String | The action
getAppName |
appName | String | The name of the application
getClass |
class | Class | The class name
getClean |
clean | boolean | True if clean, false otherwise
getMessageId |
messageId | Long | The message ID
getPartitionTablePostfix getTag getTimeStamp |
timeStamp | Timestamp | The timestamp
getVirusName |
virusName | String | The virus name, if not clean |
<section end='VirusSmtpEvent' />
FirewallEvent
<section begin='FirewallEvent' />
These events are created by Firewall and update the sessions table when a firewall rule matches a session.
Attribute Name | Type | Description
getBlocked |
---|---|---|
blocked | boolean | True if blocked, false otherwise
getClass |
class | Class | The class name
getFlagged |
flagged | boolean | True if flagged, false otherwise
getPartitionTablePostfix getRuleId |
ruleId | long | The rule ID
getSessionId |
sessionId | Long | The session ID
getTag getTimeStamp |
timeStamp | Timestamp | The timestamp |
<section end='FirewallEvent' />
OpenVpnStatusEvent
<section begin='OpenVpnStatusEvent' />
These events are created by OpenVPN and update the openvpn_stats table periodically.
Attribute Name | Type | Description
getAddress |
---|---|---|
address | InetAddress | The address
getBytesRxDelta |
bytesRxDelta | long | The delta number of RX (received) bytes from the previous event
getBytesRxTotal |
bytesRxTotal | long | The total number of RX (received) bytes
getBytesTxDelta |
bytesTxDelta | long | The delta number of TX (transmitted) bytes from the previous event
getBytesTxTotal |
bytesTxTotal | long | The total number of TX (transmitted) bytes
getClass |
class | Class | The class name
getClientName |
clientName | String | The client name
getEnd |
end | Timestamp | The end
getPartitionTablePostfix getPoolAddress |
poolAddress | InetAddress | The pool address
getPort |
port | int | The port
getStart |
start | Timestamp | The start
getTag getTimeStamp |
timeStamp | Timestamp | The timestamp |
<section end='OpenVpnStatusEvent' />
OpenVpnEvent
<section begin='OpenVpnEvent' />
These events are created by OpenVPN and update the openvpn_events table when OpenVPN processes a client action.
Attribute Name | Type | Description
getAddress |
---|---|---|
address | InetAddress | The address
getClass |
class | Class | The class name
getClientName |
clientName | String | The client name
getPartitionTablePostfix getPoolAddress |
poolAddress | InetAddress | The pool address
getTag getTimeStamp |
timeStamp | Timestamp | The timestamp
getType |
type | OpenVpnEvent$EventType | The type |
<section end='OpenVpnEvent' />
AdminLoginEvent
<section begin='AdminLoginEvent' />
These events are created by the base system and inserted to the admin_logins table when an administrator login is attempted or successful.
Attribute Name | Type | Description
getClass |
---|---|---|
class | Class | The class name
getClientAddress |
clientAddress | InetAddress | The client address
getLocal |
local | boolean | 1 if login is done via local console, 0 otherwise
getLogin |
login | String | The login username
getPartitionTablePostfix getReason |
reason | String | The reason
getSucceeded |
succeeded | boolean | 1 if successful, 0 otherwise
getTag getTimeStamp |
timeStamp | Timestamp | The timestamp |
<section end='AdminLoginEvent' />
AlertEvent
<section begin='AlertEvent' />
These events are created by Reports and inserted to the alerts table when an alert fires.
Attribute Name | Type | Description
getCausalRule |
---|---|---|
causalRule | EventRule | The causal rule
getCause |
cause | LogEvent | The cause
getClass |
class | Class | The class name
getDescription |
description | String | The description
getEventSent |
eventSent | Boolean | True if the event was sent, false otherwise
getJson |
json | String | The JSON string
getPartitionTablePostfix getSummaryText |
summaryText | String | The summary text
getTag getTimeStamp |
timeStamp | Timestamp | The timestamp |
<section end='AlertEvent' />
InterfaceStatEvent
<section begin='InterfaceStatEvent' />
These events are created by the base system and inserted to the interface_stat_events table periodically with interface stats.
Attribute Name | Type | Description
getClass |
---|---|---|
class | Class | The class name
getInterfaceId |
interfaceId | int | The interface ID
getPartitionTablePostfix getRxBytes |
rxBytes | double | The total of received bytes
getRxRate |
rxRate | double | The RX rate in byte/s
getTag getTimeStamp |
timeStamp | Timestamp | The timestamp
getTxBytes |
txBytes | double | The total of transmitted bytes
getTxRate |
txRate | double | The TX rate in byte/s |
<section end='InterfaceStatEvent' />
LogEvent
<section begin='LogEvent' />
These base class for all events.
Attribute Name | Type | Description
getClass |
---|---|---|
class | Class | The class name
getPartitionTablePostfix getTag getTimeStamp |
timeStamp | Timestamp | The timestamp |
<section end='LogEvent' />
SystemStatEvent
<section begin='SystemStatEvent' />
These events are created by the base system and inserted to the server_events table periodically.
Attribute Name | Type | Description
getActiveHosts |
---|---|---|
activeHosts | int | The active host count
getClass |
class | Class | The class name
getCpuSystem |
cpuSystem | float | The system CPU utilization
getCpuUser |
cpuUser | float | The user CPU utilization
getDiskFree |
diskFree | long | The amount of disk free
getDiskFreePercent |
diskFreePercent | float | The percentage of disk free
getDiskTotal |
diskTotal | long | The total size of the disk
getDiskUsed |
diskUsed | long | The amount of disk used
getDiskUsedPercent |
diskUsedPercent | float | The percentage of disk used
getLoad1 |
load1 | float | The 1-minute CPU load
getLoad15 |
load15 | float | The 15-minute CPU load
getLoad5 |
load5 | float | The 5-minute CPU load
getMemBuffers |
memBuffers | long | The amount of memory used by buffers
getMemCache |
memCache | long | The amount of memory used by cache
getMemFree |
memFree | long | The amount of free memory
getMemFreePercent |
memFreePercent | float | The percentage of total memory that is free
getMemTotal |
memTotal | long | The total amount of memory
getMemUsed |
memUsed | long | The amount of used memory
getMemUsedPercent |
memUsedPercent | float | The percentage of total memory that is used
getPartitionTablePostfix getSwapFree |
swapFree | long | The amount of free swap
getSwapFreePercent |
swapFreePercent | float | The percentage of total swap that is free
getSwapTotal |
swapTotal | long | The total size of swap
getSwapUsed |
swapUsed | long | The amount of used swap
getSwapUsedPercent |
swapUsedPercent | float | The percentage of total swap that is used
getTag getTimeStamp |
timeStamp | Timestamp | The timestamp |
<section end='SystemStatEvent' />
HostTableEvent
<section begin='HostTableEvent' />
These events are created by the base system and inserted to the host_table_updates table when the host table is modified.
Attribute Name | Type | Description
getAddress |
---|---|---|
address | InetAddress | The address
getClass |
class | Class | The class name
getKey |
key | String | The key
getOldValue |
oldValue | String | The old value
getPartitionTablePostfix getTag getTimeStamp |
timeStamp | Timestamp | The timestamp
getValue |
value | String | The value |
<section end='HostTableEvent' />
DeviceTableEvent
<section begin='DeviceTableEvent' />
These events are created by the base system and inserted to the device_table_updates table when the device list is modified.
Attribute Name | Type | Description
getClass |
---|---|---|
class | Class | The class name
getDevice |
device | DeviceTableEntry | The Device
getKey |
key | String | The key
getMacAddress |
macAddress | String | The MAC address
getOldValue |
oldValue | String | The old value
getPartitionTablePostfix getTag getTimeStamp |
timeStamp | Timestamp | The timestamp
getValue |
value | String | The value |
<section end='DeviceTableEvent' />
SettingsChangesEvent
<section begin='SettingsChangesEvent' />
These events are created by the base system and inserted to the settings_changes table when settings are changed.
Attribute Name | Type | Description
getClass |
---|---|---|
class | Class | The class name
getHostname |
hostname | String | The hostname
getPartitionTablePostfix getSettingsFile |
settingsFile | String | The settings file
getTag getTimeStamp |
timeStamp | Timestamp | The timestamp
getUsername |
username | String | The username |
<section end='SettingsChangesEvent' />
UserTableEvent
<section begin='UserTableEvent' />
These events are created by the base system and inserted to the user_table_updates table when the user table is modified.
Attribute Name | Type | Description
getClass |
---|---|---|
class | Class | The class name
getKey |
key | String | The key
getOldValue |
oldValue | String | The old value
getPartitionTablePostfix getTag getTimeStamp |
timeStamp | Timestamp | The timestamp
getUsername |
username | String | The username
getValue |
value | String | The value |
<section end='UserTableEvent' />
SessionMinuteEvent
<section begin='SessionMinuteEvent' />
These events are created by the base system and update the session_minutes table each minute a session exists.
Attribute Name | Type | Description
getC2sBytes |
---|---|---|
c2sBytes | long | The number of bytes sent from the client to the server
getClass |
class | Class | The class name
getPartitionTablePostfix getS2cBytes |
s2cBytes | long | The number of bytes sent from the server to the client
getSessionId |
sessionId | long | The session ID
getTag getTimeStamp |
timeStamp | Timestamp | The timestamp |
<section end='SessionMinuteEvent' />
SessionEvent
<section begin='SessionEvent' />
These events are created by the base system and update the sessions table each time a session is created.
Attribute Name | Type | Description
getCClientAddr |
---|---|---|
CClientAddr | InetAddress | The client-side (pre-NAT) client address
getCClientPort |
CClientPort | Integer | The client-side (pre-NAT) client port
getCServerAddr |
CServerAddr | InetAddress | The client-side (pre-NAT) server address
getCServerPort |
CServerPort | Integer | The client-side (pre-NAT) server port
getSClientAddr |
SClientAddr | InetAddress | The server-side (post-NAT) client address
getSClientPort |
SClientPort | Integer | The server-side (post-NAT) client port
getSServerAddr |
SServerAddr | InetAddress | The server-side (post-NAT) server address
getSServerPort |
SServerPort | Integer | The server-side (post-NAT) server port
getBypassed |
bypassed | boolean | True if bypassed, false otherwise
getClass |
class | Class | The class name
getClientCountry |
clientCountry | String | The client country
getClientIntf |
clientIntf | Integer | The client interface ID
getClientLatitude |
clientLatitude | Double | The client latitude
getClientLongitude |
clientLongitude | Double | The client longitude
getEntitled |
entitled | boolean | The entitled status
getFilterPrefix |
filterPrefix | String | The filter prefix if blocked by the filter rules
getHostname |
hostname | String | The hostname
getIcmpType |
icmpType | Short | The ICMP type
getLocalAddr |
localAddr | InetAddress | The local host address
getPartitionTablePostfix getPolicyId |
policyId | Integer | The policy ID
getPolicyRuleId |
policyRuleId | Integer | The policy rule ID
getProtocol |
protocol | Short | The protocol
getProtocolName |
protocolName | String | The protocol name
getRemoteAddr |
remoteAddr | InetAddress | The remote host address
getServerCountry |
serverCountry | String | The server country
getServerIntf |
serverIntf | Integer | The server interface ID
getServerLatitude |
serverLatitude | Double | The server latitude
getServerLongitude |
serverLongitude | Double | The server longitude
getSessionId |
sessionId | Long | The session ID
getTag getTagsString |
tagsString | String | The string value of all tags
getTimeStamp |
timeStamp | Timestamp | The timestamp
getUsername |
username | String | The username |
<section end='SessionEvent' />
SessionStatsEvent
<section begin='SessionStatsEvent' />
These events are created by the base system and update the sessions table when a session ends with the updated stats.
Attribute Name | Type | Description
getC2pBytes |
---|---|---|
c2pBytes | long | The number of bytes sent from the client to Untangle
getClass |
class | Class | The class name
getEndTime |
endTime | long | The end time/date
getP2cBytes |
p2cBytes | long | The number of bytes sent to the client from Untangle
getP2sBytes |
p2sBytes | long | The number of bytes sent to the server from Untangle
getPartitionTablePostfix getS2pBytes |
s2pBytes | long | The number of bytes sent from the server to Untangle
getSessionEvent |
sessionEvent | SessionEvent | The session event
getSessionId |
sessionId | Long | The session ID
getTag getTimeStamp |
timeStamp | Timestamp | The timestamp |
<section end='SessionStatsEvent' />
SessionNatEvent
<section begin='SessionNatEvent' />
These events are created by the base system and update the sessions table each time a session is NATd with the post-NAT information.
Attribute Name | Type | Description
getSClientAddr |
---|---|---|
SClientAddr | InetAddress | The server-side (post-NAT) client address
getSClientPort |
SClientPort | Integer | The server-side (post-NAT) client port
getSServerAddr |
SServerAddr | InetAddress | The server-side (post-NAT) server address
getSServerPort |
SServerPort | Integer | The server-side (post-NAT) server port
getClass |
class | Class | The class name
getPartitionTablePostfix getServerIntf |
serverIntf | Integer | The server interface ID
getSessionEvent |
sessionEvent | SessionEvent | The session event
getTag getTimeStamp |
timeStamp | Timestamp | The timestamp |
<section end='SessionNatEvent' />
QuotaEvent
<section begin='QuotaEvent' />
These events are created by the Bandwidth Control and inserted or update the quotas table when quotas are given or exceeded.
Attribute Name | Type | Description
getAction |
---|---|---|
action | int | The action (1=Quota Given, 2=Quota Exceeded)
getClass |
class | Class | The class name
getEntity |
entity | String | The entity
getPartitionTablePostfix getQuotaSize |
quotaSize | long | The quota size
getReason |
reason | String | The reason
getTag getTimeStamp |
timeStamp | Timestamp | The timestamp |
<section end='QuotaEvent' />
SmtpMessageAddressEvent
<section begin='SmtpMessageAddressEvent' />
These events are created by SMTP subsystem and inserted to the mail_addrs table for each address on each email.
Attribute Name | Type | Description
getAddr |
---|---|---|
addr | String | The address
getClass |
class | Class | The class name
getKind |
kind | AddressKind | The type for this address (F=From, T=To, C=CC, G=Envelope From, B=Envelope To, X=Unknown)
getMessageId |
messageId | Long | The message ID
getPartitionTablePostfix getPersonal |
personal | String | personal
getTag getTimeStamp |
timeStamp | Timestamp | The timestamp |
<section end='SmtpMessageAddressEvent' />
SmtpMessageEvent
<section begin='SmtpMessageEvent' />
These events are created by SMTP subsystem and inserted to the mail_msgs table for each email.
Attribute Name | Type | Description
getAddresses |
---|---|---|
addresses | Set | The addresses
getClass |
class | Class | The class name
getEnvelopeFromAddress |
envelopeFromAddress | String | The envelop FROM address
getEnvelopeToAddress |
envelopeToAddress | String | The envelope TO address
getMessageId |
messageId | Long | The message ID
getPartitionTablePostfix getReceiver |
receiver | String | The receiver
getSender |
sender | String | The sender
getSessionEvent |
sessionEvent | SessionEvent | The session event
getSessionId |
sessionId | Long | The session ID
getSubject |
subject | String | The subject
getTag getTimeStamp |
timeStamp | Timestamp | The timestamp
getTmpFile |
tmpFile | File | The /tmp file |
<section end='SmtpMessageEvent' />
CaptureRuleEvent
<section begin='CaptureRuleEvent' />
These events are created by Captive Portal and update the sessions table when Captive Portal processes a session.
Attribute Name | Type | Description
getCaptured |
---|---|---|
captured | boolean | True if captured, false otherwise
getClass |
class | Class | The class name
getPartitionTablePostfix getRuleId |
ruleId | Integer | The rule ID
getSessionEvent |
sessionEvent | SessionEvent | The session event
getTag getTimeStamp |
timeStamp | Timestamp | The timestamp |
<section end='CaptureRuleEvent' />
CaptivePortalUserEvent
<section begin='CaptivePortalUserEvent' />
These events are created by Captive Portal and inserted to the captive_portal_user_events table when Captive Portal user takes an action.
Attribute Name | Type | Description
getAuthenticationType |
---|---|---|
authenticationType | CaptivePortalSettings$AuthenticationType | The authentication type
getAuthenticationTypeValue |
authenticationTypeValue | String | The authentication type as a string
getClass |
class | Class | The class name
getClientAddr |
clientAddr | String | The client address
getEvent |
event | CaptivePortalUserEvent$EventType | The event (LOGIN, FAILED, TIMEOUT, INACTIVE, USER_LOGOUT, ADMIN_LOGOUT)
getEventValue |
eventValue | String | The event value as a string (LOGIN, FAILED, TIMEOUT, INACTIVE, USER_LOGOUT, ADMIN_LOGOUT)
getLoginName |
loginName | String | The login name
getPartitionTablePostfix getPolicyId |
policyId | Integer | The policy ID
getTag getTimeStamp |
timeStamp | Timestamp | The timestamp |
<section end='CaptivePortalUserEvent' />
AdBlockerEvent
<section begin='AdBlockerEvent' />
These events are created by Ad Blocker and update the http_events table when an ad is blocked.
Attribute Name | Type | Description
getAction |
---|---|---|
action | Action | The action
getClass |
class | Class | The class name
getPartitionTablePostfix getReason |
reason | String | The reason
getRequestId |
requestId | Long | The request ID
getTag getTimeStamp |
timeStamp | Timestamp | The timestamp |
<section end='AdBlockerEvent' />
CookieEvent
<section begin='CookieEvent' />
These events are created by Ad Blocker and update the http_events table when a cookie is blocked.
Attribute Name | Type | Description
getClass |
---|---|---|
class | Class | The class name
getIdentification |
identification | String | The identification string
getPartitionTablePostfix getRequestId |
requestId | Long | The request ID
getSessionEvent |
sessionEvent | SessionEvent | The session event
getTag getTimeStamp |
timeStamp | Timestamp | The timestamp |
<section end='CookieEvent' />
HttpRequestEvent
<section begin='HttpRequestEvent' />
These events are created by HTTP subsystem and inserted to the http_events table when a web request happens.
Attribute Name | Type | Description
getClass |
---|---|---|
class | Class | The class name
getContentLength |
contentLength | long | The content length
getDomain |
domain | String | The domain
getHost |
host | String | The host
getMethod |
method | HttpMethod | The HTTP method
getPartitionTablePostfix getReferer |
referer | String | The referer
getRequestId |
requestId | Long | The request ID
getRequestUri |
requestUri | URI | The request URI
getSessionEvent |
sessionEvent | SessionEvent | The session event
getTag getTimeStamp |
timeStamp | Timestamp | The timestamp |
<section end='HttpRequestEvent' />
HttpResponseEvent
<section begin='HttpResponseEvent' />
These events are created by HTTP subsystem and update the http_events table when a web response happens.
Attribute Name | Type | Description
getClass |
---|---|---|
class | Class | The class name
getContentFilename |
contentFilename | String | The content filename
getContentLength |
contentLength | long | The content length
getContentType |
contentType | String | The content type
getHttpRequestEvent |
httpRequestEvent | HttpRequestEvent | The corresponding HTTP request event
getPartitionTablePostfix getRequestLine |
requestLine | RequestLine | The request line
getTag getTimeStamp |
timeStamp | Timestamp | The timestamp |
<section end='HttpResponseEvent' />
WebCacheEvent
<section begin='WebCacheEvent' />
These events are created by Web Cache and inserted to the web_cache_stats table periodically.
Attribute Name | Type | Description
getBypassCount |
---|---|---|
bypassCount | long | The number of bypasses
getClass |
class | Class | The class name
getHitBytes |
hitBytes | long | The number of bytes worth of hits
getHitCount |
hitCount | long | The number of hits
getMissBytes |
missBytes | long | The number of bytes worth of misses
getMissCount |
missCount | long | The number of misses
getPartitionTablePostfix getPolicyId |
policyId | Long | The policy ID
getSystemCount |
systemCount | long | The number of system bypasses
getTag getTimeStamp |
timeStamp | Timestamp | The timestamp |
<section end='WebCacheEvent' />
TunnelVpnStatusEvent
<section begin='TunnelVpnStatusEvent' />
These events are created by Tunnel VPN and inserted to the tunnel_vpn_stats table periodically.
Attribute Name | Type | Description
getClass |
---|---|---|
class | Class | The class name
getInBytes |
inBytes | long | The number of bytes received from this tunnel
getOutBytes |
outBytes | long | The number of bytes sent in this tunnel
getPartitionTablePostfix getTag getTimeStamp |
timeStamp | Timestamp | The timestamp
getTunnelName |
tunnelName | String | The name of this tunnel |
<section end='TunnelVpnStatusEvent' />
TunnelVpnEvent
<section begin='TunnelVpnEvent' />
These events are created by Tunnel VPN and inserted to the tunnel_vpn_events table when a tunnel connection event occurs.
Attribute Name | Type | Description
getClass |
---|---|---|
class | Class | The class name
getEventType |
eventType | TunnelVpnEvent$EventType | The event type
getLocalAddress |
localAddress | InetAddress | The local host address
getPartitionTablePostfix getServerAddress |
serverAddress | InetAddress | The server address
getTag getTimeStamp |
timeStamp | Timestamp | The timestamp
getTunnelName |
tunnelName | String | The name of this tunnel |
<section end='TunnelVpnEvent' />
IntrusionPreventionLogEvent
<section begin='IntrusionPreventionLogEvent' />
These events are created by Intrusion Prevention and inserted to the intrusion_prevention_events table when a rule matches.
Attribute Name | Type | Description
getBlocked |
---|---|---|
blocked | boolean | True if blocked, false otherwise
getCategory |
category | String | The category
getClass |
class | Class | The class name
getClassificationId |
classificationId | long | The classification ID
getClasstype |
classtype | String | The classtype
getDportIcode |
dportIcode | int | The dportIcode
getEventId |
eventId | long | The event ID
getEventMicrosecond |
eventMicrosecond | long | The event microsecond
getEventSecond |
eventSecond | long | The event second
getEventType |
eventType | long | The event type
getGeneratorId |
generatorId | long | The generator ID
getImpact |
impact | short | The impact
getImpactFlag |
impactFlag | short | The impact flag
getIpDestination |
ipDestination | InetAddress | The IP address destination
getIpSource |
ipSource | InetAddress | The IP address source
getMplsLabel |
mplsLabel | long | The mplsLabel
getMsg |
msg | String | The msg
getPadding |
padding | int | The padding
getPartitionTablePostfix getPriorityId |
priorityId | long | The priority ID
getProtocol |
protocol | short | The protocol
getRid |
rid | String | Rule ID
getSensorId |
sensorId | long | The sensor ID
getSignatureId |
signatureId | long | The signature ID
getSignatureRevision |
signatureRevision | long | The signature revision
getSportItype |
sportItype | int | The sportItype
getTag getTimeStamp |
timeStamp | Timestamp | The timestamp
getVlanId |
vlanId | int | The VLAN Id |
<section end='IntrusionPreventionLogEvent' />
ApplicationControlLogEvent
<section begin='ApplicationControlLogEvent' />
These events are created by Application Control and update the sessions table when application control identifies a session.
Attribute Name | Type | Description
getApplication |
---|---|---|
application | String | The application
getBlocked |
blocked | boolean | True if blocked, false otherwise
getCategory |
category | String | The category
getClass |
class | Class | The class name
getConfidence |
confidence | Integer | The confidence (0-100)
getDetail |
detail | String | The details
getFlagged |
flagged | boolean | True if flagged, false otherwise
getPartitionTablePostfix getProtochain |
protochain | String | The protochain
getRuleId |
ruleId | Integer | The rule ID
getSessionEvent |
sessionEvent | SessionEvent | The session event
getState |
state | Integer | The state
getTag getTimeStamp |
timeStamp | Timestamp | The timestamp |
<section end='ApplicationControlLogEvent' />
LoginEvent
<section begin='LoginEvent' />
These events are created by Directory Connector and inserted to the directory_connector_login_events table for each login.
Attribute Name | Type | Description
getClass |
---|---|---|
class | Class | The class name
getClientAddr |
clientAddr | InetAddress | The client address
getDomain |
domain | String | The domain
getEvent |
event | String | The event
getLoginName |
loginName | String | The login name
getLoginType |
loginType | String | W = Windows login, A=Active Directory, R=RADIUS, T=test
getPartitionTablePostfix getTag getTimeStamp |
timeStamp | Timestamp | The timestamp |
<section end='LoginEvent' />
WebFilterEvent
<section begin='WebFilterEvent' />
These events are created by Web Filter and update the http_events table when web filter processes a web request.
Attribute Name | Type | Description
getAppName |
---|---|---|
appName | String | The name of the application
getBlocked |
blocked | Boolean | True if blocked, false otherwise
getCategory |
category | String | The category
getCategoryId |
categoryId | Integer | Numeric value of matching category
getClass |
class | Class | The class name
getFlagged |
flagged | Boolean | True if flagged, false otherwise
getPartitionTablePostfix getReason |
reason | Reason | The reason
getRequestLine |
requestLine | RequestLine | The request line
getRuleId |
ruleId | Integer | The rule ID
getSessionEvent |
sessionEvent | SessionEvent | The session event
getTag getTimeStamp |
timeStamp | Timestamp | The timestamp |
<section end='WebFilterEvent' />
WebFilterQueryEvent
<section begin='WebFilterQueryEvent' />
These events are created by Web Filter and inserted to the http_query_events table when web filter processes a search engine search.
Attribute Name | Type | Description
getAppName |
---|---|---|
appName | String | The name of the application
getBlocked |
blocked | Boolean | True if blocked, false otherwise
getClass |
class | Class | The class name
getContentLength |
contentLength | long | The content length
getFlagged |
flagged | Boolean | True if flagged, false otherwise
getHost |
host | String | The host
getMethod |
method | HttpMethod | The method
getPartitionTablePostfix getRequestId |
requestId | Long | The request ID
getRequestUri |
requestUri | URI | The request URI
getSessionEvent |
sessionEvent | SessionEvent | The session event
getTag getTerm |
term | String | The search term/phrase
getTimeStamp |
timeStamp | Timestamp | The timestamp |
<section end='WebFilterQueryEvent' />
WanFailoverTestEvent
<section begin='WanFailoverTestEvent' />
These events are created by WAN Failover and inserted to the wan_failover_test_events table when a test is run.
Attribute Name | Type | Description
getClass |
---|---|---|
class | Class | The class name
getDescription |
description | String | The description
getInterfaceId |
interfaceId | int | The interface ID
getName |
name | String | The test name
getOsName |
osName | String | The O/S interface name
getPartitionTablePostfix getSuccess |
success | Boolean | True if successful, false otherwise
getTag getTimeStamp |
timeStamp | Timestamp | The timestamp |
<section end='WanFailoverTestEvent' />
WanFailoverEvent
<section begin='WanFailoverEvent' />
These events are created by WAN Failover and inserted to the wan_failover_action_events table when WAN Failover takes an action.
Attribute Name | Type | Description
getAction |
---|---|---|
action | WanFailoverEvent$Action | The action
getClass |
class | Class | The class name
getInterfaceId |
interfaceId | int | The interface ID
getName |
name | String | The name
getOsName |
osName | String | The O/S interface name
getPartitionTablePostfix getTag getTimeStamp |
timeStamp | Timestamp | The timestamp |
<section end='WanFailoverEvent' />
ThreatPreventionEvent
<section begin='ThreatPreventionEvent' />
These events are created by Threat Prevention and inserted to the sessions table for each threat lookup.
Attribute Name | Type | Description
getBlocked |
---|---|---|
blocked | boolean | True if blocked, false otherwise
getClass |
class | Class | The class name
getClientCategories |
clientCategories | int | Client threat categories
getClientReputation |
clientReputation | int | Client threat reputation
getFlagged |
flagged | boolean | True if flagged, false otherwise
getPartitionTablePostfix getRuleId |
ruleId | long | The rule ID
getServerCategories |
serverCategories | int | Server threat categories
getServerReputation |
serverReputation | int | Server threat reputation
getSessionId |
sessionId | Long | The session ID
getTag getTimeStamp |
timeStamp | Timestamp | The timestamp |
<section end='ThreatPreventionEvent' />
ThreatPreventionHttpEvent
<section begin='ThreatPreventionHttpEvent' />
These events are created by Threat Prevention and inserted to the http_events table for each threat lookup.
Attribute Name | Type | Description
getBlocked |
---|---|---|
blocked | Boolean | True if blocked, false otherwise
getCategories |
categories | Integer | Server threat categories
getClass |
class | Class | The class name
getFlagged |
flagged | Boolean | True if flagged, false otherwise
getPartitionTablePostfix getReputation |
reputation | Integer | Server threat reputation
getRequestLine |
requestLine | RequestLine | The request line
getRuleId |
ruleId | Integer | The rule ID
getSessionEvent |
sessionEvent | SessionEvent | The session event
getTag getTimeStamp |
timeStamp | Timestamp | The timestamp |
<section end='ThreatPreventionHttpEvent' />
SpamLogEvent
<section begin='SpamLogEvent' />
These events are created by Spam Blocker and update the mail_msgs table when an email is scanned.
Attribute Name | Type | Description
getAction |
---|---|---|
action | SpamMessageAction | The action
getClass |
class | Class | The class name
getClientAddr |
clientAddr | InetAddress | The client address
getClientPort |
clientPort | int | The client port
getMessageId |
messageId | Long | The message ID
getPartitionTablePostfix getReceiver |
receiver | String | The receiver
getScore |
score | float | The score
getSender |
sender | String | The sender
getServerAddr |
serverAddr | InetAddress | The server address
getServerPort |
serverPort | int | The server port
getSmtpMessageEvent |
smtpMessageEvent | SmtpMessageEvent | The parent SMTP message event
isSpam |
isSpam | boolean | True if spam, false otherwise
getSubject |
subject | String | The subject
getTag getTestsString |
testsString | String | The tests string from the spam engine
getTimeStamp |
timeStamp | Timestamp | The timestamp
getVendorName |
vendorName | String | The application name |
<section end='SpamLogEvent' />
SpamSmtpTarpitEvent
<section begin='SpamSmtpTarpitEvent' />
These events are created by Spam Blocker and inserted to the smtp_tarpit_events table when a session is tarpitted.
Attribute Name | Type | Description
getIPAddr |
---|---|---|
IPAddr | InetAddress | The IP address
getClass |
class | Class | The class name
getHostname |
hostname | String | The hostname
getPartitionTablePostfix getSessionEvent |
sessionEvent | SessionEvent | The session event
getSessionId |
sessionId | Long | The session ID
getTag getTimeStamp |
timeStamp | Timestamp | The timestamp
getVendorName |
vendorName | String | The application name |
<section end='SpamSmtpTarpitEvent' />
ConfigurationBackupEvent
<section begin='ConfigurationBackupEvent' />
These events are created by Configuration Backup and inserted to the configuratio_backup_events table when a backup occurs.
Attribute Name | Type | Description
getClass |
---|---|---|
class | Class | The class name
getDestination |
destination | String | The destination
getDetail |
detail | String | The details
getPartitionTablePostfix getSuccess |
success | boolean | True if successful, false otherwise
getTag getTimeStamp |
timeStamp | Timestamp | The timestamp |
<section end='ConfigurationBackupEvent' />
TunnelStatusEvent
<section begin='TunnelStatusEvent' />
These events are created by IPsec VPN and inserted to the ipsec_tunnel_stats table periodically.
Attribute Name | Type | Description
getClass |
---|---|---|
class | Class | The class name
getInBytes |
inBytes | long | The number of bytes received from this tunnel
getOutBytes |
outBytes | long | The number of bytes sent in this tunnel
getPartitionTablePostfix getTag getTimeStamp |
timeStamp | Timestamp | The timestamp
getTunnelName |
tunnelName | String | The name of this tunnel |
<section end='TunnelStatusEvent' />
IpsecVpnEvent
<section begin='IpsecVpnEvent' />
These events are created by IPsec VPN and inserted to the ipsec_vpn_events table when IPsec connection event occurs.
Attribute Name | Type | Description
getClass |
---|---|---|
class | Class | The class name
getEventType |
eventType | IpsecVpnEvent$EventType | The event type
getLocalAddress |
localAddress | String | The local host address
getPartitionTablePostfix getRemoteAddress |
remoteAddress | String | The remote host address
getTag getTimeStamp |
timeStamp | Timestamp | The timestamp
getTunnelDescription |
tunnelDescription | String | Description of tunnel |
<section end='IpsecVpnEvent' />
VirtualUserEvent
<section begin='VirtualUserEvent' />
These events are created by IPsec VPN and inserted to the ipsec_user_events table when a user event occurs.
Attribute Name | Type | Description
getClass |
---|---|---|
class | Class | The class name
getClientAddress |
clientAddress | InetAddress | The client address
getClientProtocol |
clientProtocol | String | The client protocol
getClientUsername |
clientUsername | String | The client username
getElapsedTime |
elapsedTime | String | The elapsed time
getEventId |
eventId | Long | The event ID
getNetInterface |
netInterface | String | The net interface
getNetProcess |
netProcess | String | The net process
getNetRXbytes |
netRXbytes | Long | The number of RX (received) bytes
getNetTXbytes |
netTXbytes | Long | The number of TX (transmitted) bytes
getPartitionTablePostfix getTag getTimeStamp |
timeStamp | Timestamp | The timestamp |
<section end='VirtualUserEvent' />
SslInspectorLogEvent
<section begin='SslInspectorLogEvent' />
These events are created by SSL Inspector and update the sessions table when a session is processed by SSL Inspector.
Attribute Name | Type | Description
getClass |
---|---|---|
class | Class | The class name
getDetail |
detail | String | The details
getPartitionTablePostfix getRuleId |
ruleId | Integer | The rule ID
getSessionEvent |
sessionEvent | SessionEvent | The session event
getStatus |
status | String | The status
getTag getTimeStamp |
timeStamp | Timestamp | The timestamp |
<section end='SslInspectorLogEvent' />
ApplicationControlLiteEvent
<section begin='ApplicationControlLiteEvent' />
These events are created by Application Control Lite and update the sessions table when application control lite identifies a session.
Attribute Name | Type | Description
getBlocked |
---|---|---|
blocked | boolean | True if blocked, false otherwise
getClass |
class | Class | The class name
getPartitionTablePostfix getProtocol |
protocol | String | The protocol
getSessionId |
sessionId | Long | The session ID
getTag getTimeStamp |
timeStamp | Timestamp | The timestamp |
<section end='ApplicationControlLiteEvent' />
}