Database Schema: Difference between revisions
Bcarmichael (talk | contribs) |
Bcarmichael (talk | contribs) |
||
(5 intermediate revisions by 2 users not shown) | |||
Line 1: | Line 1: | ||
= Database Tables = | = Database Tables = | ||
== | == configuration_backup_events == | ||
<section begin=' | <section begin='configuration_backup_events' /> | ||
{| border="1" cellpadding="2" width="90%%" align="center" | {| border="1" cellpadding="2" width="90%%" align="center" | ||
Line 15: | Line 15: | ||
|The time of the event | |The time of the event | ||
|- | |- | ||
| | |success | ||
| | |Success | ||
|boolean | |||
|The result of the backup (true if the backup succeeded, false otherwise) | |||
|- | |||
|description | |||
|Text detail of the event | |||
|text | |text | ||
| | |Text detail of the event | ||
|- | |- | ||
| | |destination | ||
| | |Destination | ||
| | |text | ||
| | |The location of the backup | ||
|- | |- | ||
| | |event_id | ||
| | |Event ID | ||
| | |bigint | ||
|The | |The unique event ID | ||
|- | |- | ||
|} | |} | ||
<section end=' | <section end='configuration_backup_events' /> | ||
() | |||
== http_events == | |||
== | <section begin='http_events' /> | ||
<section begin=' | |||
{| border="1" cellpadding="2" width="90%%" align="center" | {| border="1" cellpadding="2" width="90%%" align="center" | ||
Line 53: | Line 48: | ||
!Description | !Description | ||
|- | |- | ||
| | |request_id | ||
| | |Request ID | ||
|bigint | |bigint | ||
|The | |The HTTP request ID | ||
|- | |- | ||
|time_stamp | |time_stamp | ||
Line 63: | Line 58: | ||
|The time of the event | |The time of the event | ||
|- | |- | ||
| | |session_id | ||
| | |Session ID | ||
| | |bigint | ||
|The | |The session | ||
|- | |- | ||
| | |client_intf | ||
| | |Client Interface | ||
|smallint | |smallint | ||
|The | |The client interface | ||
|- | |- | ||
| | |server_intf | ||
| | |Server Interface | ||
|smallint | |smallint | ||
|The | |The server interface | ||
|- | |- | ||
| | |c_client_addr | ||
| | |Client-side Client Address | ||
| | |inet | ||
|The | |The client-side client IP address | ||
|- | |- | ||
| | |s_client_addr | ||
| | |Server-side Client Address | ||
|inet | |||
|The server-side client IP address | |||
|inet | |||
|The | |||
|- | |- | ||
|c_server_addr | |c_server_addr | ||
Line 118: | Line 88: | ||
|The client-side server IP address | |The client-side server IP address | ||
|- | |- | ||
| | |s_server_addr | ||
| | |Server-side Server Address | ||
| | |inet | ||
|The | |The server-side server IP address | ||
|- | |- | ||
|c_client_port | |c_client_port | ||
Line 128: | Line 98: | ||
|The client-side client port | |The client-side client port | ||
|- | |- | ||
| | |s_client_port | ||
|Server-side Client | |Server-side Client Port | ||
| | |integer | ||
|The server-side client | |The server-side client port | ||
|- | |- | ||
| | |c_server_port | ||
| | |Client-side Server Port | ||
| | |integer | ||
|The | |The client-side server port | ||
|- | |- | ||
|s_server_port | |s_server_port | ||
Line 142: | Line 112: | ||
|integer | |integer | ||
|The server-side server port | |The server-side server port | ||
|- | |- | ||
|client_country | |client_country | ||
Line 188: | Line 143: | ||
|The server Longitude | |The server Longitude | ||
|- | |- | ||
| | |policy_id | ||
| | |Policy ID | ||
| | |smallint | ||
|The | |The policy | ||
|- | |- | ||
| | |username | ||
| | |Username | ||
| | |text | ||
|The | |The username associated with this session | ||
|- | |- | ||
| | |hostname | ||
| | |Hostname | ||
| | |text | ||
|The | |The hostname of the local address | ||
|- | |- | ||
| | |method | ||
| | |Method | ||
| | |character(1) | ||
|The | |The HTTP method | ||
|- | |- | ||
| | |uri | ||
| | |URI | ||
|text | |text | ||
|The | |The HTTP URI | ||
|- | |- | ||
| | |host | ||
| | |Host | ||
| | |text | ||
| | |The HTTP host | ||
|- | |- | ||
| | |domain | ||
| | |Domain | ||
| | |text | ||
| | |The HTTP domain (shortened host) | ||
|- | |- | ||
| | |referer | ||
| | |Referer | ||
|text | |text | ||
|The | |The Referer URL | ||
|- | |- | ||
| | |c2s_content_length | ||
| | |Client-to-server Content Length | ||
| | |bigint | ||
| | |The client-to-server content length | ||
|- | |- | ||
| | |s2c_content_length | ||
| | |Server-to-client Content Length | ||
| | |bigint | ||
| | |The server-to-client content length | ||
|- | |- | ||
| | |s2c_content_type | ||
|Server-to-client Content Type | |||
|- | |||
|text | |text | ||
|The | |The server-to-client content type | ||
|- | |- | ||
| | |s2c_content_filename | ||
| | |Server-to-client Content Disposition Filename | ||
|text | |text | ||
|The | |The server-to-client content disposition filename | ||
|- | |- | ||
| | |ad_blocker_cookie_ident | ||
| | |Ad Blocker Cookie | ||
|text | |text | ||
| | |This name of cookie blocked by Ad Blocker | ||
|- | |- | ||
| | |ad_blocker_action | ||
| | |Ad Blocker Action | ||
| | |character(1) | ||
| | |This action of Ad Blocker on this request | ||
|- | |- | ||
| | |web_filter_reason | ||
| | |Reason for action (Web Filter) | ||
| | |character(1) | ||
| | |This reason Web Filter blocked/flagged this request | ||
|- | |- | ||
| | |web_filter_category_id | ||
| | |Web Category (Web Filter) | ||
| | |smallint | ||
| | |This numeric category according to Web Filter | ||
|- | |- | ||
| | |web_filter_rule_id | ||
| | |Web Rule (Web Filter) | ||
| | |smallint | ||
| | |This numeric rule according to Web Filter | ||
|- | |- | ||
| | |web_filter_blocked | ||
| | |Blocked (Web Filter) | ||
| | |boolean | ||
| | |If Web Filter blocked this request | ||
|- | |- | ||
| | |web_filter_flagged | ||
| | |Flagged (Web Filter) | ||
| | |boolean | ||
| | |If Web Filter flagged this request | ||
|- | |- | ||
| | |virus_blocker_lite_clean | ||
| | |Virus Blocker Lite Clean | ||
| | |boolean | ||
|The | |The cleanliness of the file according to Virus Blocker Lite | ||
|- | |- | ||
| | |virus_blocker_lite_name | ||
| | |Virus Blocker Lite Name | ||
| | |text | ||
|The | |The name of the malware according to Virus Blocker Lite | ||
|- | |- | ||
| | |virus_blocker_clean | ||
| | |Virus Blocker Clean | ||
| | |boolean | ||
|The | |The cleanliness of the file according to Virus Blocker | ||
|- | |- | ||
| | |virus_blocker_name | ||
| | |Virus Blocker Name | ||
|text | |text | ||
| | |The name of the malware according to Virus Blocker | ||
|- | |- | ||
| | |threat_prevention_blocked | ||
| | |Threat Prevention Blocked | ||
| | |boolean | ||
| | |If Threat Prevention blocked this request | ||
|- | |- | ||
| | |threat_prevention_flagged | ||
| | |Threat Prevention Flagged | ||
| | |boolean | ||
| | |If Threat Prevention flagged this request | ||
|- | |||
|threat_prevention_rule_id | |||
|Threat Prevention Rule Id | |||
|integer | |||
|This numeric rule according to Threat Prevention | |||
|- | |||
|threat_prevention_reputation | |||
|Threat Prevention Reputation | |||
|smallint | |||
|This numeric threat reputation | |||
|- | |- | ||
| | |threat_prevention_categories | ||
| | |Threat Prevention Categories | ||
| | |integer | ||
| | |This bitmask of threat categories | ||
|- | |- | ||
|} | |} | ||
<section end=' | <section end='http_events' /> | ||
() | |||
== intrusion_prevention_events == | |||
== | <section begin='intrusion_prevention_events' /> | ||
<section begin=' | |||
{| border="1" cellpadding="2" width="90%%" align="center" | {| border="1" cellpadding="2" width="90%%" align="center" | ||
Line 340: | Line 295: | ||
!Type | !Type | ||
!Description | !Description | ||
|- | |- | ||
|time_stamp | |time_stamp | ||
Line 351: | Line 301: | ||
|The time of the event | |The time of the event | ||
|- | |- | ||
| | |sig_id | ||
| | |Signature ID | ||
|bigint | |bigint | ||
| | |This ID of the rule | ||
|- | |- | ||
| | |gen_id | ||
| | |Grouping ID | ||
|bigint | |bigint | ||
|The | |The grouping ID for the rule, The gen_id + sig_id specify the rule's unique identifier | ||
|- | |- | ||
| | |class_id | ||
| | |Classtype ID | ||
| | |bigint | ||
|The | |The numeric ID for the classtype | ||
|- | |- | ||
| | |source_addr | ||
| | |Source Address | ||
| | |inet | ||
|The | |The source IP address of the packet | ||
|- | |- | ||
| | |source_port | ||
| | |Source Port | ||
| | |integer | ||
| | |The source port of the packet (if applicable) | ||
|- | |- | ||
| | |dest_addr | ||
| | |Destination Address | ||
| | |inet | ||
| | |The destination IP address of the packet | ||
|- | |||
|dest_port | |||
|Destination Port | |||
|integer | |||
|The destination port of the packet (if applicable) | |||
|- | |- | ||
|protocol | |protocol | ||
|Protocol | |Protocol | ||
| | |integer | ||
|The | |The protocol of the packet | ||
|- | |- | ||
| | |blocked | ||
| | |Blocked | ||
| | |boolean | ||
| | |If the packet was blocked/dropped | ||
|- | |- | ||
| | |category | ||
| | |Category | ||
|text | |text | ||
|The | |The application specific grouping for the signature | ||
|- | |- | ||
| | |classtype | ||
| | |Classtype | ||
|text | |text | ||
|The | |The generalized threat signature grouping (unrelated to gen_id) | ||
|- | |- | ||
| | |msg | ||
| | |Message | ||
| | |text | ||
|The | |The "title" or "description" of the signature | ||
|- | |- | ||
| | |rid | ||
| | |Rule ID | ||
| | |text | ||
|The | |The rule id | ||
|- | |- | ||
| | |rule_id | ||
| | |Rule ID | ||
| | |text | ||
|The | |The rule id | ||
|- | |- | ||
| | |} | ||
| | <section end='intrusion_prevention_events' /> | ||
() | |||
== smtp_tarpit_events == | |||
<section begin='smtp_tarpit_events' /> | |||
{| border="1" cellpadding="2" width="90%%" align="center" | |||
!Column Name | |||
!Human Name | |||
!Type | |||
!Description | |||
|- | |- | ||
| | |time_stamp | ||
| | |Timestamp | ||
| | |timestamp without time zone | ||
|The | |The time of the event | ||
|- | |- | ||
| | |ipaddr | ||
| | |Client Address | ||
|inet | |inet | ||
|The | |The client IP address | ||
|- | |- | ||
| | |hostname | ||
| | |Hostname | ||
| | |text | ||
|The | |The hostname of the local address | ||
|- | |- | ||
| | |policy_id | ||
| | |Policy ID | ||
| | |bigint | ||
|The | |The policy | ||
|- | |- | ||
| | |vendor_name | ||
| | |Vendor Name | ||
| | |character varying(255) | ||
|The | |The "vendor name" of the app that logged the event | ||
|- | |- | ||
| | |event_id | ||
| | |Event ID | ||
| | |bigint | ||
|The | |The unique event ID | ||
|- | |- | ||
| | |} | ||
| | <section end='smtp_tarpit_events' /> | ||
() | |||
== ipsec_user_events == | |||
<section begin='ipsec_user_events' /> | |||
{| border="1" cellpadding="2" width="90%%" align="center" | |||
!Column Name | |||
!Human Name | |||
!Type | |||
!Description | |||
|- | |- | ||
| | |event_id | ||
| | |Event ID | ||
| | |bigint | ||
|The | |The unique event ID | ||
|- | |||
|time_stamp | |||
|Timestamp | |||
|timestamp without time zone | |||
|The time of the event | |||
|- | |- | ||
| | |connect_stamp | ||
| | |Connect Time | ||
| | |timestamp without time zone | ||
|The | |The time the connection started | ||
|- | |- | ||
| | |goodbye_stamp | ||
| | |End Time | ||
| | |timestamp without time zone | ||
|The | |The time the connection ended | ||
|- | |- | ||
| | |client_address | ||
| | |Client Address | ||
|text | |text | ||
|The | |The remote IP address of the client | ||
|- | |- | ||
| | |client_protocol | ||
| | |Client Protocol | ||
| | |text | ||
|The | |The protocol the client used to connect | ||
|- | |- | ||
| | |client_username | ||
| | |Client Username | ||
| | |text | ||
|The | |The username of the client | ||
|- | |- | ||
| | |net_process | ||
| | |Net Process | ||
|text | |text | ||
|The | |The PID of the PPP process for L2TP connections or the connection ID for Xauth connections | ||
|- | |- | ||
| | |net_interface | ||
| | |Net Interface | ||
| | |text | ||
| | |The PPP interface for L2TP connections or the client interface for Xauth connections | ||
|- | |- | ||
| | |elapsed_time | ||
| | |Elapsed Time | ||
|text | |text | ||
|The | |The total time the client was connected | ||
|- | |- | ||
| | |rx_bytes | ||
| | |Bytes Received | ||
| | |bigint | ||
| | |The number of bytes received from the client in this connection | ||
|- | |- | ||
| | |tx_bytes | ||
| | |Bytes Sent | ||
| | |bigint | ||
| | |The number of bytes sent to the client in this connection | ||
|- | |- | ||
| | |} | ||
| | <section end='ipsec_user_events' /> | ||
| | () | ||
|The | |||
== ipsec_vpn_events == | |||
<section begin='ipsec_vpn_events' /> | |||
{| border="1" cellpadding="2" width="90%%" align="center" | |||
!Column Name | |||
!Human Name | |||
!Type | |||
!Description | |||
|- | |||
|event_id | |||
|Event ID | |||
|bigint | |||
|The unique event ID | |||
|- | |||
|time_stamp | |||
|Timestamp | |||
|timestamp without time zone | |||
|The time of the event | |||
|- | |- | ||
| | |local_address | ||
| | |Local Address | ||
|text | |text | ||
|The | |The local address of the tunnel | ||
|- | |- | ||
| | |remote_address | ||
| | |Remote Address | ||
|text | |text | ||
|The | |The remote address of the tunnel | ||
|- | |- | ||
| | |tunnel_description | ||
| | |Tunnel Description | ||
|text | |text | ||
|The | |The description of the tunnel | ||
|- | |- | ||
| | |event_type | ||
| | |Event Type | ||
| | |text | ||
| | |The type of the event (CONNECT,DISCONNECT) | ||
|- | |- | ||
| | |} | ||
| | <section end='ipsec_vpn_events' /> | ||
() | |||
== ipsec_tunnel_stats == | |||
<section begin='ipsec_tunnel_stats' /> | |||
{| border="1" cellpadding="2" width="90%%" align="center" | |||
!Column Name | |||
!Human Name | |||
!Type | |||
!Description | |||
|- | |- | ||
| | |time_stamp | ||
| | |Timestamp | ||
| | |timestamp without time zone | ||
| | |The time of the event | ||
|- | |- | ||
| | |tunnel_name | ||
| | |Tunnel Name | ||
| | |text | ||
|The | |The name of the IPsec tunnel | ||
|- | |- | ||
| | |in_bytes | ||
| | |In Bytes | ||
| | |bigint | ||
|The | |The number of bytes received during this time frame | ||
|- | |- | ||
| | |out_bytes | ||
| | |Out Bytes | ||
| | |bigint | ||
|The | |The number of bytes transmitted during this time frame | ||
|- | |- | ||
| | |event_id | ||
| | |Event ID | ||
| | |bigint | ||
|The | |The unique event ID | ||
|- | |- | ||
|} | |||
<section end='ipsec_tunnel_stats' /> | |||
() | |||
== http_query_events == | |||
<section begin='http_query_events' /> | |||
|} | |||
<section end=' | |||
== | |||
<section begin=' | |||
{| border="1" cellpadding="2" width="90%%" align="center" | {| border="1" cellpadding="2" width="90%%" align="center" | ||
Line 623: | Line 580: | ||
!Type | !Type | ||
!Description | !Description | ||
|- | |||
|event_id | |||
|Event ID | |||
|bigint | |||
|The unique event ID | |||
|- | |- | ||
|time_stamp | |time_stamp | ||
Line 629: | Line 591: | ||
|The time of the event | |The time of the event | ||
|- | |- | ||
| | |session_id | ||
| | |Session ID | ||
|bigint | |bigint | ||
|The | |The session | ||
|- | |- | ||
| | |client_intf | ||
| | |Client Interface | ||
| | |smallint | ||
|The | |The client interface | ||
|- | |- | ||
| | |server_intf | ||
| | |Server Interface | ||
| | |smallint | ||
|The | |The server interface | ||
|- | |- | ||
| | |c_client_addr | ||
|Client-side Client Address | |||
|inet | |||
|The client-side client IP address | |||
|- | |- | ||
| | |s_client_addr | ||
|Address | |Server-side Client Address | ||
|inet | |inet | ||
|The IP address | |The server-side client IP address | ||
|- | |- | ||
| | |c_server_addr | ||
| | |Client-side Server Address | ||
| | |inet | ||
|The | |The client-side server IP address | ||
|- | |- | ||
| | |s_server_addr | ||
| | |Server-side Server Address | ||
| | |inet | ||
|The | |The server-side server IP address | ||
|- | |||
|c_client_port | |||
|Client-side Client Port | |||
|integer | |||
|The client-side client port | |||
|- | |- | ||
| | |s_client_port | ||
| | |Server-side Client Port | ||
| | |integer | ||
|The | |The server-side client port | ||
|- | |- | ||
| | |c_server_port | ||
| | |Client-side Server Port | ||
| | |integer | ||
|The | |The client-side server port | ||
|- | |- | ||
| | |s_server_port | ||
|Server-side Server Port | |||
|integer | |||
|The server-side server port | |||
|- | |- | ||
| | |policy_id | ||
| | |Policy ID | ||
| | |bigint | ||
|The | |The policy | ||
|- | |- | ||
| | |username | ||
| | |Username | ||
|text | |text | ||
|The | |The username associated with this session | ||
|- | |- | ||
| | |hostname | ||
| | |Hostname | ||
|text | |text | ||
|The | |The hostname of the local address | ||
|- | |- | ||
| | |request_id | ||
| | |Request ID | ||
| | |bigint | ||
|The | |The HTTP request ID | ||
|- | |||
|method | |||
|Method | |||
|character(1) | |||
|The HTTP method | |||
|- | |- | ||
| | |uri | ||
| | |URI | ||
|text | |text | ||
|The | |The HTTP URI | ||
|- | |- | ||
| | |term | ||
|Search Term | |||
|text | |||
|The search term | |||
|- | |- | ||
| | |host | ||
| | |Host | ||
| | |text | ||
|The | |The HTTP host | ||
|- | |||
|c2s_content_length | |||
|Client-to-server Content Length | |||
|bigint | |||
|The client-to-server content length | |||
|- | |||
|s2c_content_length | |||
|Server-to-client Content Length | |||
|bigint | |||
|The server-to-client content length | |||
|- | |- | ||
| | |s2c_content_type | ||
| | |Server-to-client Content Type | ||
|text | |text | ||
|The | |The server-to-client content type | ||
|- | |- | ||
| | |blocked | ||
| | |Blocked | ||
| | |boolean | ||
| | |If Web Filter blocked this search term | ||
|- | |- | ||
| | |flagged | ||
| | |Flagged | ||
| | |boolean | ||
| | |If Web Filter flagged this search term | ||
|- | |- | ||
|} | |} | ||
<section end=' | <section end='http_query_events' /> | ||
() | |||
== admin_logins == | |||
== | <section begin='admin_logins' /> | ||
<section begin=' | |||
{| border="1" cellpadding="2" width="90%%" align="center" | {| border="1" cellpadding="2" width="90%%" align="center" | ||
Line 776: | Line 729: | ||
|The time of the event | |The time of the event | ||
|- | |- | ||
| | |login | ||
| | |Login | ||
|text | |text | ||
|The name | |The login name | ||
|- | |- | ||
| | |local | ||
| | |Local | ||
| | |boolean | ||
| | |True if it is a login attempt through a local process | ||
|- | |- | ||
| | |client_addr | ||
| | |Client Address | ||
| | |inet | ||
|The | |The client IP address | ||
|- | |- | ||
|} | |succeeded | ||
<section end=' | |Succeeded | ||
|boolean | |||
|True if the login succeeded, false otherwise | |||
|- | |||
|reason | |||
|Reason | |||
|character(1) | |||
|The reason for the login (if applicable) | |||
|- | |||
|} | |||
<section end='admin_logins' /> | |||
() | |||
== sessions == | |||
== | <section begin='sessions' /> | ||
<section begin=' | |||
{| border="1" cellpadding="2" width="90%%" align="center" | {| border="1" cellpadding="2" width="90%%" align="center" | ||
Line 803: | Line 766: | ||
!Type | !Type | ||
!Description | !Description | ||
|- | |||
|session_id | |||
|Session ID | |||
|bigint | |||
|The session | |||
|- | |- | ||
|time_stamp | |time_stamp | ||
Line 809: | Line 777: | ||
|The time of the event | |The time of the event | ||
|- | |- | ||
| | |end_time | ||
| | |End Time | ||
| | |timestamp without time zone | ||
| | |The time the session ended | ||
|- | |- | ||
| | |bypassed | ||
| | |Bypassed | ||
| | |boolean | ||
| | |True if the session was bypassed, false otherwise | ||
|- | |- | ||
| | |entitled | ||
| | |Entitled | ||
| | |boolean | ||
| | |True if the session is entitled to premium functionality | ||
|- | |- | ||
| | |protocol | ||
| | |Protocol | ||
| | |smallint | ||
|The | |The IP protocol of session | ||
|- | |- | ||
| | |icmp_type | ||
| | |ICMP Type | ||
| | |smallint | ||
|The | |The ICMP type of session if ICMP | ||
|- | |- | ||
| | |hostname | ||
|Hostname | |||
|text | |||
|The hostname of the local address | |||
|- | |- | ||
| | |username | ||
| | |Username | ||
| | |text | ||
|The | |The username associated with this session | ||
|- | |- | ||
| | |policy_id | ||
| | |Policy ID | ||
| | |smallint | ||
| | |The policy | ||
|- | |- | ||
| | |policy_rule_id | ||
| | |Policy Rule ID | ||
| | |smallint | ||
| | |The ID of the matching policy rule (0 means none) | ||
|- | |- | ||
| | |local_addr | ||
| | |Local Address | ||
| | |inet | ||
| | |The IP address of the local participant | ||
|- | |- | ||
| | |remote_addr | ||
| | |Remote Address | ||
| | |inet | ||
| | |The IP address of the remote participant | ||
|- | |- | ||
| | |c_client_addr | ||
| | |Client-side Client Address | ||
| | |inet | ||
|The | |The client-side client IP address | ||
|- | |- | ||
| | |c_server_addr | ||
|Client-side Server Address | |||
|inet | |||
|The client-side server IP address | |||
|- | |- | ||
| | |c_server_port | ||
| | |Client-side Server Port | ||
| | |integer | ||
|The | |The client-side server port | ||
|- | |- | ||
| | |c_client_port | ||
| | |Client-side Client Port | ||
| | |integer | ||
|The | |The client-side client port | ||
|- | |- | ||
|s_client_addr | |||
|Server-side Client Address | |||
|inet | |||
|The server-side client IP address | |||
|s_client_addr | |||
|Server-side Client Address | |||
|inet | |||
|The server-side client | |||
|- | |- | ||
|s_server_addr | |s_server_addr | ||
Line 930: | Line 862: | ||
|The server-side server IP address | |The server-side server IP address | ||
|- | |- | ||
| | |s_server_port | ||
| | |Server-side Server Port | ||
|integer | |integer | ||
|The | |The server-side server port | ||
|- | |- | ||
|s_client_port | |s_client_port | ||
Line 940: | Line 872: | ||
|The server-side client port | |The server-side client port | ||
|- | |- | ||
| | |client_intf | ||
|Client | |Client Interface | ||
| | |smallint | ||
|The client | |The client interface | ||
|- | |- | ||
| | |server_intf | ||
|Server | |Server Interface | ||
| | |smallint | ||
|The server | |The server interface | ||
|- | |- | ||
| | |client_country | ||
| | |Client Country | ||
|text | |text | ||
|The | |The client Country | ||
|- | |- | ||
| | |client_latitude | ||
| | |Client Latitude | ||
| | |real | ||
|The | |The client Latitude | ||
|- | |- | ||
| | |client_longitude | ||
| | |Client Longitude | ||
|real | |||
|The client Longitude | |||
|- | |||
|server_country | |||
|Server Country | |||
|text | |text | ||
|The | |The server Country | ||
|- | |||
|server_latitude | |||
|Server Latitude | |||
|real | |||
|The server Latitude | |||
|- | |- | ||
| | |server_longitude | ||
| | |Server Longitude | ||
| | |real | ||
|The | |The server Longitude | ||
|- | |- | ||
| | |c2p_bytes | ||
| | |From-Client Bytes | ||
|bigint | |bigint | ||
|The | |The number of bytes the client sent to Untangle (client-to-pipeline) | ||
|- | |- | ||
| | |p2c_bytes | ||
| | |To-Client Bytes | ||
| | |bigint | ||
|The | |The number of bytes Untangle sent to client (pipeline-to-client) | ||
|- | |- | ||
| | |s2p_bytes | ||
| | |From-Server Bytes | ||
| | |bigint | ||
|The | |The number of bytes the server sent to Untangle (client-to-pipeline) | ||
|- | |- | ||
| | |p2s_bytes | ||
| | |To-Server Bytes | ||
| | |bigint | ||
|The | |The number of bytes Untangle sent to server (pipeline-to-client) | ||
|- | |- | ||
| | |filter_prefix | ||
| | |Filter Block | ||
|text | |text | ||
|The | |The network filter that blocked the connection (filter,shield,invalid) | ||
|- | |- | ||
| | |firewall_blocked | ||
| | |Firewall Blocked | ||
|boolean | |boolean | ||
| | |True if Firewall blocked the session, false otherwise | ||
|- | |- | ||
| | |firewall_flagged | ||
| | |Firewall Flagged | ||
| | |boolean | ||
| | |True if Firewall flagged the session, false otherwise | ||
|- | |- | ||
| | |firewall_rule_index | ||
| | |Firewall Rule ID | ||
| | |integer | ||
|The | |The matching rule in Firewall (if any) | ||
|- | |- | ||
| | |threat_prevention_blocked | ||
| | |Threat Prevention Blocked | ||
|boolean | |boolean | ||
| | |If Threat Prevention blocked | ||
|- | |- | ||
| | |threat_prevention_flagged | ||
| | |Threat Prevention Flagged | ||
| | |boolean | ||
| | |If Threat Prevention flagged | ||
|- | |- | ||
| | |threat_prevention_reason | ||
| | |Threat Prevention Reason | ||
|character(1) | |character(1) | ||
| | |Threat Prevention reason | ||
|- | |||
|threat_prevention_rule_id | |||
|Threat Prevention Rule Id | |||
|integer | |||
|Numeric rule id of Threat Prevention | |||
|- | |- | ||
| | |threat_prevention_client_reputation | ||
| | |Threat Prevention Client Reputation | ||
| | |smallint | ||
| | |Numeric client reputation of Threat Prevention | ||
|- | |- | ||
| | |threat_prevention_client_categories | ||
| | |Threat Prevention Client Categories | ||
| | |integer | ||
| | |Bitmask client categories of Threat Prevention | ||
|- | |- | ||
| | |threat_prevention_server_reputation | ||
| | |Threat Prevention Server Reputation | ||
| | |smallint | ||
| | |Numeric server reputation of Threat Prevention | ||
|- | |- | ||
| | |threat_prevention_server_categories | ||
| | |Threat Prevention Server Categories | ||
| | |integer | ||
| | |Bitmask server categories of Threat Prevention | ||
|- | |- | ||
| | |application_control_lite_protocol | ||
| | |Application Control Lite Protocol | ||
| | |text | ||
|The | |The application protocol according to Application Control Lite | ||
|- | |- | ||
| | |application_control_lite_blocked | ||
| | |Application Control Lite Blocked | ||
|boolean | |boolean | ||
| | |True if Application Control Lite blocked the session | ||
|- | |- | ||
| | |captive_portal_blocked | ||
| | |Captive Portal Blocked | ||
|boolean | |||
|True if Captive Portal blocked the session | |||
|- | |||
|captive_portal_rule_index | |||
|Captive Portal Rule ID | |||
|integer | |||
|The matching rule in Captive Portal (if any) | |||
|- | |||
|application_control_application | |||
|Application Control Application | |||
|text | |text | ||
|The | |The application according to Application Control | ||
|- | |||
|application_control_protochain | |||
|Application Control Protochain | |||
|text | |||
|The protochain according to Application Control | |||
|- | |- | ||
| | |application_control_category | ||
| | |Application Control Category | ||
| | |text | ||
|The | |The category according to Application Control | ||
|- | |- | ||
| | |application_control_blocked | ||
|Application Control Blocked | |||
|boolean | |||
|True if Application Control blocked the session | |||
|- | |- | ||
| | |application_control_flagged | ||
| | |Application Control Flagged | ||
| | |boolean | ||
| | |True if Application Control flagged the session | ||
|- | |- | ||
| | |application_control_confidence | ||
| | |Application Control Confidence | ||
| | |integer | ||
| | |True if Application Control confidence of this session's identification | ||
|- | |- | ||
| | |application_control_ruleid | ||
| | |Application Control Rule ID | ||
| | |integer | ||
|The | |The matching rule in Application Control (if any) | ||
|- | |- | ||
| | |application_control_detail | ||
| | |Application Control Detail | ||
| | |text | ||
|The | |The text detail from the Application Control engine | ||
|- | |- | ||
| | |bandwidth_control_priority | ||
| | |Bandwidth Control Priority | ||
| | |integer | ||
|The | |The priority given to this session | ||
|- | |- | ||
| | |bandwidth_control_rule | ||
| | |Bandwidth Control Rule ID | ||
| | |integer | ||
|The | |The matching rule in Bandwidth Control rule (if any) | ||
|- | |- | ||
| | |ssl_inspector_ruleid | ||
| | |SSL Inspector Rule ID | ||
| | |integer | ||
|The | |The matching rule in SSL Inspector rule (if any) | ||
|- | |- | ||
| | |ssl_inspector_status | ||
| | |SSL Inspector Status | ||
| | |text | ||
|The | |The status/action of the SSL session (INSPECTED,IGNORED,BLOCKED,UNTRUSTED,ABANDONED) | ||
|- | |- | ||
| | |ssl_inspector_detail | ||
| | |SSL Inspector Detail | ||
| | |text | ||
| | |Additional text detail about the SSL connection (SNI, IP Address) | ||
|- | |- | ||
| | |tags | ||
| | |Tags | ||
| | |text | ||
|The | |The tags on this session | ||
|- | |- | ||
| | |} | ||
<section end='sessions' /> | |||
() | |||
| | == session_minutes == | ||
<section begin='session_minutes' /> | |||
{| border="1" cellpadding="2" width="90%%" align="center" | |||
!Column Name | |||
!Human Name | |||
!Type | |||
!Description | |||
|- | |- | ||
| | |session_id | ||
| | |Session ID | ||
|bigint | |bigint | ||
|The | |The session | ||
|- | |- | ||
| | |time_stamp | ||
| | |Timestamp | ||
| | |timestamp without time zone | ||
|The | |The time of the event | ||
|- | |- | ||
| | |c2s_bytes | ||
| | |From-Client Bytes | ||
|bigint | |bigint | ||
|The | |The number of bytes the client sent | ||
|- | |- | ||
| | |s2c_bytes | ||
| | |From-Server Bytes | ||
| | |bigint | ||
|The | |The number of bytes the server sent | ||
|- | |- | ||
| | |start_time | ||
| | |Start Time | ||
| | |timestamp without time zone | ||
|The | |The start time of the session | ||
|- | |- | ||
| | |end_time | ||
| | |End Time | ||
| | |timestamp without time zone | ||
|The | |The time the session ended | ||
|- | |- | ||
| | |bypassed | ||
| | |Bypassed | ||
| | |boolean | ||
| | |True if the session was bypassed, false otherwise | ||
|- | |- | ||
| | |entitled | ||
| | |Entitled | ||
| | |boolean | ||
|The | |True if the session is entitled to premium functionality | ||
|- | |||
|protocol | |||
|Protocol | |||
|smallint | |||
|The IP protocol of session | |||
|- | |- | ||
| | |icmp_type | ||
| | |ICMP Type | ||
| | |smallint | ||
|The | |The ICMP type of session if ICMP | ||
|- | |- | ||
| | |hostname | ||
| | |Hostname | ||
|text | |text | ||
|The | |The hostname of the local address | ||
|- | |- | ||
| | |username | ||
| | |Username | ||
|text | |text | ||
|The | |The username associated with this session | ||
|- | |- | ||
| | |policy_id | ||
| | |Policy ID | ||
| | |smallint | ||
|The | |The policy | ||
|- | |- | ||
| | |policy_rule_id | ||
| | |Policy Rule ID | ||
| | |smallint | ||
|The | |The ID of the matching policy rule (0 means none) | ||
|- | |- | ||
| | |local_addr | ||
| | |Local Address | ||
| | |inet | ||
|The | |The IP address of the local participant | ||
|- | |- | ||
| | |remote_addr | ||
| | |Remote Address | ||
| | |inet | ||
|The | |The IP address of the remote participant | ||
|- | |- | ||
| | |c_client_addr | ||
| | |Client-side Client Address | ||
| | |inet | ||
|The | |The client-side client IP address | ||
|- | |- | ||
| | |c_server_addr | ||
| | |Client-side Server Address | ||
| | |inet | ||
|The | |The client-side server IP address | ||
|- | |- | ||
| | |c_server_port | ||
| | |Client-side Server Port | ||
| | |integer | ||
|The | |The client-side server port | ||
|- | |- | ||
| | |c_client_port | ||
| | |Client-side Client Port | ||
| | |integer | ||
|The | |The client-side client port | ||
|- | |- | ||
| | |s_client_addr | ||
| | |Server-side Client Address | ||
| | |inet | ||
|The | |The server-side client IP address | ||
|- | |- | ||
| | |s_server_addr | ||
| | |Server-side Server Address | ||
| | |inet | ||
|The | |The server-side server IP address | ||
|- | |- | ||
| | |s_server_port | ||
| | |Server-side Server Port | ||
| | |integer | ||
|The | |The server-side server port | ||
|- | |- | ||
| | |s_client_port | ||
| | |Server-side Client Port | ||
| | |integer | ||
|The | |The server-side client port | ||
|- | |- | ||
| | |client_intf | ||
| | |Client Interface | ||
|smallint | |||
|The client interface | |||
|- | |||
|server_intf | |||
|Server Interface | |||
|smallint | |||
|The server interface | |||
|- | |||
|client_country | |||
|Client Country | |||
|text | |text | ||
|The | |The client Country | ||
|- | |- | ||
| | |client_latitude | ||
| | |Client Latitude | ||
| | |real | ||
|The | |The client Latitude | ||
|- | |- | ||
| | |client_longitude | ||
|Client Longitude | |||
|real | |||
|The client Longitude | |||
|- | |||
|server_country | |||
|Server Country | |||
|text | |||
|The server Country | |||
|- | |- | ||
| | |server_latitude | ||
| | |Server Latitude | ||
| | |real | ||
|The | |The server Latitude | ||
|- | |- | ||
| | |server_longitude | ||
| | |Server Longitude | ||
| | |real | ||
|The | |The server Longitude | ||
|- | |- | ||
| | |filter_prefix | ||
| | |Filter Block | ||
|text | |text | ||
|The | |The network filter that blocked the connection (filter,shield,invalid) | ||
|- | |- | ||
| | |firewall_blocked | ||
| | |Firewall Blocked | ||
| | |boolean | ||
|The | |True if Firewall blocked the session, false otherwise | ||
|- | |||
|firewall_flagged | |||
|Firewall Flagged | |||
|boolean | |||
|True if Firewall flagged the session, false otherwise | |||
|- | |||
|firewall_rule_index | |||
|Firewall Rule ID | |||
|integer | |||
|The matching rule in Firewall (if any) | |||
|- | |||
|threat_prevention_blocked | |||
|Threat Prevention Blocked | |||
|boolean | |||
|If Threat Prevention blocked | |||
|- | |- | ||
| | |threat_prevention_flagged | ||
| | |Threat Prevention Flagged | ||
| | |boolean | ||
| | |If Threat Prevention flagged | ||
|- | |- | ||
| | |threat_prevention_reason | ||
| | |Threat Prevention Reason | ||
| | |character(1) | ||
| | |Threat Prevention reason | ||
|- | |- | ||
| | |threat_prevention_rule_id | ||
|Threat Prevention Rule Id | |||
|integer | |||
|Numeric rule id of Threat Prevention | |||
|- | |- | ||
| | |threat_prevention_client_reputation | ||
| | |Threat Prevention Client Reputation | ||
| | |smallint | ||
| | |Numeric client reputation of Threat Prevention | ||
|- | |- | ||
| | |threat_prevention_client_categories | ||
| | |Threat Prevention Client Categories | ||
| | |integer | ||
| | |Bitmask client categories of Threat Prevention | ||
|- | |- | ||
| | |threat_prevention_server_reputation | ||
| | |Threat Prevention Server Reputation | ||
|smallint | |smallint | ||
| | |Numeric server reputation of Threat Prevention | ||
|- | |- | ||
| | |threat_prevention_server_categories | ||
|Server | |Threat Prevention Server Categories | ||
| | |integer | ||
| | |Bitmask server categories of Threat Prevention | ||
|- | |- | ||
| | |application_control_lite_protocol | ||
| | |Application Control Lite Protocol | ||
| | |text | ||
|The | |The application protocol according to Application Control Lite | ||
|- | |- | ||
| | |application_control_lite_blocked | ||
| | |Application Control Lite Blocked | ||
| | |boolean | ||
| | |True if Application Control Lite blocked the session | ||
|- | |- | ||
| | |captive_portal_blocked | ||
| | |Captive Portal Blocked | ||
| | |boolean | ||
| | |True if Captive Portal blocked the session | ||
|- | |- | ||
| | |captive_portal_rule_index | ||
| | |Captive Portal Rule ID | ||
|integer | |integer | ||
|The | |The matching rule in Captive Portal (if any) | ||
|- | |- | ||
| | |application_control_application | ||
| | |Application Control Application | ||
| | |text | ||
|The | |The application according to Application Control | ||
|- | |- | ||
| | |application_control_protochain | ||
| | |Application Control Protochain | ||
| | |text | ||
|The | |The protochain according to Application Control | ||
|- | |- | ||
| | |application_control_category | ||
| | |Application Control Category | ||
|text | |text | ||
|The | |The category according to Application Control | ||
|- | |- | ||
| | |application_control_blocked | ||
| | |Application Control Blocked | ||
| | |boolean | ||
| | |True if Application Control blocked the session | ||
|- | |||
|application_control_flagged | |||
|Application Control Flagged | |||
|boolean | |||
|True if Application Control flagged the session | |||
|- | |- | ||
| | |application_control_confidence | ||
| | |Application Control Confidence | ||
| | |integer | ||
| | |True if Application Control confidence of this session's identification | ||
|- | |- | ||
| | |application_control_ruleid | ||
| | |Application Control Rule ID | ||
| | |integer | ||
|The | |The matching rule in Application Control (if any) | ||
|- | |- | ||
| | |application_control_detail | ||
| | |Application Control Detail | ||
|text | |text | ||
|The | |The text detail from the Application Control engine | ||
|- | |- | ||
| | |bandwidth_control_priority | ||
| | |Bandwidth Control Priority | ||
|integer | |||
|The priority given to this session | |||
|- | |||
|bandwidth_control_rule | |||
|Bandwidth Control Rule ID | |||
|integer | |||
|The matching rule in Bandwidth Control rule (if any) | |||
|- | |||
|ssl_inspector_ruleid | |||
|SSL Inspector Rule ID | |||
|integer | |||
|The matching rule in SSL Inspector rule (if any) | |||
|- | |||
|ssl_inspector_status | |||
|SSL Inspector Status | |||
|text | |text | ||
|The | |The status/action of the SSL session (INSPECTED,IGNORED,BLOCKED,UNTRUSTED,ABANDONED) | ||
|- | |- | ||
| | |ssl_inspector_detail | ||
| | |SSL Inspector Detail | ||
|text | |text | ||
| | |Additional text detail about the SSL connection (SNI, IP Address) | ||
|- | |- | ||
| | |tags | ||
| | |Tags | ||
| | |text | ||
|The | |The tags on this session | ||
|- | |- | ||
| | |} | ||
| | <section end='session_minutes' /> | ||
() | |||
== quotas == | |||
<section begin='quotas' /> | |||
{| border="1" cellpadding="2" width="90%%" align="center" | |||
!Column Name | |||
!Human Name | |||
!Type | |||
!Description | |||
|- | |- | ||
| | |time_stamp | ||
| | |Timestamp | ||
| | |timestamp without time zone | ||
|The | |The time of the event | ||
|- | |- | ||
| | |entity | ||
| | |Entity | ||
|text | |text | ||
| | |The IP entity given the quota (address/username) | ||
|- | |- | ||
| | |action | ||
| | |Action | ||
| | |integer | ||
|The action (1=Quota Given, 2=Quota Exceeded) | |||
|- | |- | ||
| | |size | ||
| | |Size | ||
| | |bigint | ||
| | |The size of the quota | ||
|- | |- | ||
| | |reason | ||
| | |Reason | ||
| | |text | ||
| | |The reason for the action | ||
|- | |- | ||
| | |} | ||
| | <section end='quotas' /> | ||
() | |||
== host_table_updates == | |||
<section begin='host_table_updates' /> | |||
{| border="1" cellpadding="2" width="90%%" align="center" | |||
!Column Name | |||
!Human Name | |||
!Type | |||
!Description | |||
|- | |- | ||
| | |address | ||
| | |Address | ||
| | |inet | ||
| | |The IP address of the host | ||
|- | |- | ||
| | |key | ||
| | |Key | ||
| | |text | ||
|The | |The key being updated | ||
|- | |- | ||
| | |value | ||
| | |Value | ||
|text | |text | ||
|The | |The new value for the key | ||
|- | |- | ||
| | |old_value | ||
| | |Old Value | ||
|text | |text | ||
|The | |The old value for the key | ||
|- | |- | ||
|} | |time_stamp | ||
<section end=' | |Timestamp | ||
|timestamp without time zone | |||
|The time of the event | |||
|- | |||
|} | |||
<section end='host_table_updates' /> | |||
() | |||
== | == device_table_updates == | ||
<section begin=' | <section begin='device_table_updates' /> | ||
{| border="1" cellpadding="2" width="90%%" align="center" | {| border="1" cellpadding="2" width="90%%" align="center" | ||
Line 1,511: | Line 1,494: | ||
!Description | !Description | ||
|- | |- | ||
| | |mac_address | ||
| | |MAC Address | ||
| | |text | ||
|The | |The MAC address of the device | ||
|- | |- | ||
| | |key | ||
| | |Key | ||
| | |text | ||
|The | |The key being updated | ||
|- | |- | ||
| | |value | ||
| | |Value | ||
| | |text | ||
|The | |The new value for the key | ||
|- | |- | ||
| | |old_value | ||
| | |Old Value | ||
| | |text | ||
|The | |The old value for the key | ||
|- | |- | ||
| | |time_stamp | ||
| | |Timestamp | ||
| | |timestamp without time zone | ||
|The | |The time of the event | ||
|- | |- | ||
| | |} | ||
<section end='device_table_updates' /> | |||
() | |||
== user_table_updates == | |||
<section begin='user_table_updates' /> | |||
{| border="1" cellpadding="2" width="90%%" align="center" | |||
!Column Name | |||
!Human Name | |||
!Type | |||
!Description | |||
| | |||
|- | |- | ||
|username | |username | ||
|Username | |Username | ||
|text | |text | ||
|The username | |The username | ||
|- | |- | ||
| | |key | ||
| | |Key | ||
|text | |text | ||
|The | |The key being updated | ||
|- | |- | ||
| | |value | ||
| | |Value | ||
| | |text | ||
|The | |The new value for the key | ||
|- | |- | ||
| | |old_value | ||
| | |Old Value | ||
|text | |text | ||
|The | |The old value for the key | ||
|- | |- | ||
| | |time_stamp | ||
| | |Timestamp | ||
| | |timestamp without time zone | ||
|The | |The time of the event | ||
|- | |- | ||
|} | |||
<section end='user_table_updates' /> | |||
() | |||
== alerts == | |||
<section begin='alerts' /> | |||
|} | |||
<section end=' | |||
== | |||
<section begin=' | |||
{| border="1" cellpadding="2" width="90%%" align="center" | {| border="1" cellpadding="2" width="90%%" align="center" | ||
!Column Name | !Column Name | ||
Line 1,618: | Line 1,569: | ||
!Type | !Type | ||
!Description | !Description | ||
|- | |- | ||
|time_stamp | |time_stamp | ||
Line 1,629: | Line 1,575: | ||
|The time of the event | |The time of the event | ||
|- | |- | ||
| | |description | ||
| | |Text detail of the event | ||
| | |text | ||
|The | |The description from the alert rule. | ||
|- | |- | ||
| | |summary_text | ||
| | |Summary Text | ||
|text | |text | ||
|The | |The summary text of the alert | ||
|- | |- | ||
| | |json | ||
| | |JSON Text | ||
|text | |text | ||
|The | |The summary JSON representation of the event causing the alert | ||
|- | |- | ||
| | |} | ||
| | <section end='alerts' /> | ||
() | |||
== settings_changes == | |||
<section begin='settings_changes' /> | |||
{| border="1" cellpadding="2" width="90%%" align="center" | |||
!Column Name | |||
!Human Name | |||
!Type | |||
!Description | |||
|- | |- | ||
| | |time_stamp | ||
| | |Timestamp | ||
|timestamp without time zone | |||
|The time of the event | |||
|- | |||
|settings_file | |||
|Settings File | |||
|text | |text | ||
|The | |The name of the file changed | ||
|- | |- | ||
| | |username | ||
| | |Username | ||
|text | |text | ||
|The | |The username logged in at the time of the change | ||
|- | |- | ||
| | |hostname | ||
| | |Hostname | ||
|text | |text | ||
|The | |The remote hostname | ||
|- | |- | ||
|} | |} | ||
<section end=' | <section end='settings_changes' /> | ||
() | |||
== web_cache_stats == | |||
== | <section begin='web_cache_stats' /> | ||
<section begin=' | |||
{| border="1" cellpadding="2" width="90%%" align="center" | {| border="1" cellpadding="2" width="90%%" align="center" | ||
Line 1,697: | Line 1,641: | ||
|The time of the event | |The time of the event | ||
|- | |- | ||
| | |hits | ||
| | |Hits | ||
| | |bigint | ||
|The | |The number of cache hits during this time frame | ||
|- | |- | ||
| | |misses | ||
| | |Misses | ||
|bigint | |bigint | ||
|The number of | |The number of cache misses during this time frame | ||
|- | |- | ||
| | |bypasses | ||
| | |Bypasses | ||
|bigint | |bigint | ||
|The number of | |The number of cache user bypasses during this time frame | ||
|- | |- | ||
| | |systems | ||
| | |System bypasses | ||
|bigint | |bigint | ||
|The | |The number of cache system bypasses during this time frame | ||
|- | |- | ||
|} | |hit_bytes | ||
<section end=' | |Hit Bytes | ||
|bigint | |||
|The number of bytes saved from cache hits | |||
|- | |||
|miss_bytes | |||
|Miss Bytes | |||
|bigint | |||
|The number of bytes not saved from cache misses | |||
|- | |||
|event_id | |||
|Event ID | |||
|bigint | |||
|The unique event ID | |||
|- | |||
|} | |||
<section end='web_cache_stats' /> | |||
() | |||
== server_events == | |||
== | <section begin='server_events' /> | ||
<section begin=' | |||
{| border="1" cellpadding="2" width="90%%" align="center" | {| border="1" cellpadding="2" width="90%%" align="center" | ||
Line 1,735: | Line 1,694: | ||
|The time of the event | |The time of the event | ||
|- | |- | ||
| | |load_1 | ||
| | |CPU load (1-min) | ||
| | |numeric(6,2) | ||
|The | |The 1-minute CPU load | ||
|- | |- | ||
| | |load_5 | ||
| | |CPU load (5-min) | ||
| | |numeric(6,2) | ||
|The | |The 5-minute CPU load | ||
|- | |- | ||
| | |load_15 | ||
| | |CPU load (15-min) | ||
| | |numeric(6,2) | ||
|The | |The 15-minute CPU load | ||
|- | |- | ||
| | |cpu_user | ||
|CPU User Utilization | |||
|numeric(6,3) | |||
|The user CPU percent utilization | |||
|- | |- | ||
| | |cpu_system | ||
| | |CPU System Utilization | ||
| | |numeric(6,3) | ||
|The | |The system CPU percent utilization | ||
|- | |- | ||
| | |mem_total | ||
| | |Total Memory | ||
| | |bigint | ||
|The | |The total bytes of memory | ||
|- | |- | ||
| | |mem_free | ||
| | |Memory Free | ||
| | |bigint | ||
| | |The number of free bytes of memory | ||
|- | |- | ||
| | |disk_total | ||
| | |Disk Size | ||
| | |bigint | ||
|The | |The total disk size in bytes | ||
|- | |- | ||
| | |disk_free | ||
| | |Disk Free | ||
|bigint | |bigint | ||
|The | |The free disk space in bytes | ||
|- | |||
|swap_total | |||
|Swap Size | |||
|bigint | |||
|The total swap size in bytes | |||
|- | |||
|swap_free | |||
|Swap Free | |||
|bigint | |||
|The free disk swap in bytes | |||
|- | |||
|active_hosts | |||
|Active Hosts | |||
|integer | |||
|The number of active hosts | |||
|- | |- | ||
|} | |} | ||
<section end=' | <section end='server_events' /> | ||
() | |||
== interface_stat_events == | |||
== | <section begin='interface_stat_events' /> | ||
<section begin=' | |||
{| border="1" cellpadding="2" width="90%%" align="center" | {| border="1" cellpadding="2" width="90%%" align="center" | ||
Line 1,806: | Line 1,772: | ||
|The time of the event | |The time of the event | ||
|- | |- | ||
| | |interface_id | ||
| | |Interface ID | ||
| | |integer | ||
|The | |The interface ID | ||
|- | |- | ||
| | |rx_rate | ||
| | |Rx Rate | ||
| | |double precision | ||
|The | |The RX rate (bytes/s) | ||
|- | |||
|rx_bytes | |||
|Bytes Received | |||
|bigint | |||
|The number of bytes received from the client in this connection | |||
|- | |- | ||
| | |tx_rate | ||
| | |Tx Rate | ||
| | |double precision | ||
|The | |The TX rate (bytes/s) | ||
|- | |- | ||
| | |tx_bytes | ||
| | |Bytes Sent | ||
| | |bigint | ||
|The client | |The number of bytes sent to the client in this connection | ||
|- | |- | ||
|} | |} | ||
<section end=' | <section end='interface_stat_events' /> | ||
() | |||
== mail_msgs == | |||
== | <section begin='mail_msgs' /> | ||
<section begin=' | |||
{| border="1" cellpadding="2" width="90%%" align="center" | {| border="1" cellpadding="2" width="90%%" align="center" | ||
Line 1,844: | Line 1,815: | ||
|The time of the event | |The time of the event | ||
|- | |- | ||
| | |session_id | ||
| | |Session ID | ||
| | |bigint | ||
|The | |The session | ||
|- | |- | ||
| | |client_intf | ||
| | |Client Interface | ||
| | |smallint | ||
|The | |The client interface | ||
|- | |- | ||
| | |server_intf | ||
| | |Server Interface | ||
| | |smallint | ||
|The | |The server interface | ||
|- | |- | ||
| | |c_client_addr | ||
| | |Client-side Client Address | ||
| | |inet | ||
|The | |The client-side client IP address | ||
|- | |- | ||
| | |s_client_addr | ||
| | |Server-side Client Address | ||
| | |inet | ||
|The | |The server-side client IP address | ||
|- | |- | ||
| | |c_server_addr | ||
| | |Client-side Server Address | ||
| | |inet | ||
|The | |The client-side server IP address | ||
|- | |- | ||
| | |s_server_addr | ||
| | |Server-side Server Address | ||
| | |inet | ||
|The | |The server-side server IP address | ||
|- | |- | ||
| | |c_client_port | ||
| | |Client-side Client Port | ||
| | |integer | ||
|The | |The client-side client port | ||
|- | |- | ||
| | |s_client_port | ||
| | |Server-side Client Port | ||
|integer | |||
|The server-side client port | |||
|- | |||
|c_server_port | |||
|Client-side Server Port | |||
|integer | |||
|The client-side server port | |||
|- | |||
|s_server_port | |||
|Server-side Server Port | |||
|integer | |||
|The server-side server port | |||
|- | |||
|policy_id | |||
|Policy ID | |||
|bigint | |bigint | ||
|The | |The policy | ||
|- | |- | ||
| | |username | ||
| | |Username | ||
| | |text | ||
|The | |The username associated with this session | ||
|- | |- | ||
| | |msg_id | ||
| | |Message ID | ||
|bigint | |bigint | ||
|The | |The message ID | ||
|- | |- | ||
| | |subject | ||
| | |Subject | ||
| | |text | ||
|The | |The email subject | ||
|- | |- | ||
| | |hostname | ||
|Hostname | |||
|text | |||
|The hostname of the local address | |||
|- | |- | ||
| | |event_id | ||
| | |Event ID | ||
| | |bigint | ||
|The | |The unique event ID | ||
|- | |- | ||
| | |sender | ||
| | |Sender | ||
| | |text | ||
|The | |The address of the sender | ||
|- | |- | ||
| | |receiver | ||
| | |Receiver | ||
| | |text | ||
|The | |The address of the receiver | ||
|- | |- | ||
| | |virus_blocker_lite_clean | ||
| | |Virus Blocker Lite Clean | ||
| | |boolean | ||
|The | |The cleanliness of the file according to Virus Blocker Lite | ||
|- | |- | ||
| | |virus_blocker_lite_name | ||
| | |Virus Blocker Lite Name | ||
| | |text | ||
|The | |The name of the malware according to Virus Blocker Lite | ||
|- | |- | ||
| | |virus_blocker_clean | ||
| | |Virus Blocker Clean | ||
| | |boolean | ||
|The | |The cleanliness of the file according to Virus Blocker | ||
|- | |||
|virus_blocker_name | |||
|Virus Blocker Name | |||
|text | |||
|The name of the malware according to Virus Blocker | |||
|- | |- | ||
| | |spam_blocker_lite_score | ||
| | |Spam Blocker Lite Score | ||
| | |real | ||
|The | |The score of the email according to Spam Blocker Lite | ||
|- | |- | ||
| | |spam_blocker_lite_is_spam | ||
| | |Spam Blocker Lite Spam | ||
| | |boolean | ||
|The | |The spam status of the email according to Spam Blocker Lite | ||
|- | |- | ||
| | |spam_blocker_lite_tests_string | ||
|Spam Blocker Lite Tests | |||
|text | |||
|The tess results for Spam Blocker Lite | |||
|- | |- | ||
| | |spam_blocker_lite_action | ||
| | |Spam Blocker Lite Action | ||
| | |character(1) | ||
|The | |The action taken by Spam Blocker Lite | ||
|- | |- | ||
| | |spam_blocker_score | ||
| | |Spam Blocker Score | ||
| | |real | ||
|The | |The score of the email according to Spam Blocker | ||
|- | |- | ||
| | |spam_blocker_is_spam | ||
| | |Spam Blocker Spam | ||
| | |boolean | ||
|The | |The spam status of the email according to Spam Blocker | ||
|- | |- | ||
| | |spam_blocker_tests_string | ||
| | |Spam Blocker Tests | ||
| | |text | ||
|The | |The tess results for Spam Blocker | ||
|- | |- | ||
| | |spam_blocker_action | ||
| | |Spam Blocker Action | ||
| | |character(1) | ||
|The | |The action taken by Spam Blocker | ||
|- | |- | ||
| | |phish_blocker_score | ||
| | |Phish Blocker Score | ||
| | |real | ||
|The | |The score of the email according to Phish Blocker | ||
|- | |- | ||
| | |phish_blocker_is_spam | ||
| | |Phish Blocker Phish | ||
| | |boolean | ||
|The | |The phish status of the email according to Phish Blocker | ||
|- | |- | ||
| | |phish_blocker_tests_string | ||
| | |Phish Blocker Tests | ||
| | |text | ||
|The | |The tess results for Phish Blocker | ||
|- | |- | ||
| | |phish_blocker_action | ||
| | |Phish Blocker Action | ||
| | |character(1) | ||
|The | |The action taken by Phish Blocker | ||
|- | |- | ||
| | |} | ||
| | <section end='mail_msgs' /> | ||
() | |||
== mail_addrs == | |||
<section begin='mail_addrs' /> | |||
{| border="1" cellpadding="2" width="90%%" align="center" | |||
!Column Name | |||
!Human Name | |||
!Type | |||
!Description | |||
|- | |- | ||
| | |time_stamp | ||
| | |Timestamp | ||
| | |timestamp without time zone | ||
|The | |The time of the event | ||
|- | |- | ||
| | |session_id | ||
| | |Session ID | ||
| | |bigint | ||
|The | |The session | ||
|- | |- | ||
| | |client_intf | ||
| | |Client Interface | ||
| | |smallint | ||
|The | |The client interface | ||
|- | |- | ||
| | |server_intf | ||
| | |Server Interface | ||
| | |smallint | ||
|The | |The server interface | ||
|- | |- | ||
| | |c_client_addr | ||
| | |Client-side Client Address | ||
| | |inet | ||
|The | |The client-side client IP address | ||
|- | |- | ||
| | |s_client_addr | ||
| | |Server-side Client Address | ||
| | |inet | ||
|The | |The server-side client IP address | ||
|- | |- | ||
| | |c_server_addr | ||
| | |Client-side Server Address | ||
| | |inet | ||
|The | |The client-side server IP address | ||
|- | |- | ||
| | |s_server_addr | ||
| | |Server-side Server Address | ||
| | |inet | ||
|The | |The server-side server IP address | ||
|- | |- | ||
| | |c_client_port | ||
| | |Client-side Client Port | ||
| | |integer | ||
|The | |The client-side client port | ||
|- | |- | ||
| | |s_client_port | ||
| | |Server-side Client Port | ||
| | |integer | ||
|The | |The server-side client port | ||
|- | |- | ||
| | |c_server_port | ||
| | |Client-side Server Port | ||
| | |integer | ||
|The | |The client-side server port | ||
|- | |- | ||
| | |s_server_port | ||
| | |Server-side Server Port | ||
| | |integer | ||
|The | |The server-side server port | ||
|- | |- | ||
| | |policy_id | ||
| | |Policy ID | ||
|bigint | |bigint | ||
|The | |The policy | ||
|- | |- | ||
| | |username | ||
| | |Username | ||
|text | |text | ||
|The | |The username associated with this session | ||
|- | |- | ||
| | |msg_id | ||
|Message ID | |||
|bigint | |||
|The message ID | |||
|- | |- | ||
| | |subject | ||
| | |Subject | ||
| | |text | ||
|The | |The email subject | ||
|- | |- | ||
| | |addr | ||
| | |Address | ||
| | |text | ||
|The | |The address of this event | ||
|- | |||
|addr_name | |||
|Address Name | |||
|text | |||
|The name for this address | |||
|- | |||
|addr_kind | |||
|Address Kind | |||
|character(1) | |||
|The type for this address (F=From, T=To, C=CC, G=Envelope From, B=Envelope To, X=Unknown) | |||
|- | |||
|hostname | |||
|Hostname | |||
|text | |||
|The hostname of the local address | |||
|- | |- | ||
|event_id | |event_id | ||
Line 2,118: | Line 2,108: | ||
|The unique event ID | |The unique event ID | ||
|- | |- | ||
| | |sender | ||
| | |Sender | ||
|text | |text | ||
|The | |The address of the sender | ||
|- | |- | ||
| | |virus_blocker_lite_clean | ||
| | |Virus Blocker Lite Clean | ||
| | |boolean | ||
|The | |The cleanliness of the file according to Virus Blocker Lite | ||
|- | |- | ||
| | |virus_blocker_lite_name | ||
| | |Virus Blocker Lite Name | ||
|text | |text | ||
|The | |The name of the malware according to Virus Blocker Lite | ||
|- | |||
|virus_blocker_clean | |||
|Virus Blocker Clean | |||
|boolean | |||
|The cleanliness of the file according to Virus Blocker | |||
|- | |- | ||
| | |virus_blocker_name | ||
| | |Virus Blocker Name | ||
|text | |text | ||
|The | |The name of the malware according to Virus Blocker | ||
|- | |||
|spam_blocker_lite_score | |||
|Spam Blocker Lite Score | |||
|real | |||
|The score of the email according to Spam Blocker Lite | |||
|- | |- | ||
| | |spam_blocker_lite_is_spam | ||
|Spam Blocker Lite Spam | |||
|boolean | |||
|The spam status of the email according to Spam Blocker Lite | |||
|- | |- | ||
| | |spam_blocker_lite_action | ||
| | |Spam Blocker Lite Action | ||
| | |character(1) | ||
|The | |The action taken by Spam Blocker Lite | ||
|- | |- | ||
| | |spam_blocker_lite_tests_string | ||
| | |Spam Blocker Lite Tests | ||
| | |text | ||
|The | |The tess results for Spam Blocker Lite | ||
|- | |- | ||
| | |spam_blocker_score | ||
| | |Spam Blocker Score | ||
| | |real | ||
|The | |The score of the email according to Spam Blocker | ||
|- | |- | ||
| | |spam_blocker_is_spam | ||
| | |Spam Blocker Spam | ||
| | |boolean | ||
|The | |The spam status of the email according to Spam Blocker | ||
|- | |- | ||
| | |spam_blocker_action | ||
| | |Spam Blocker Action | ||
| | |character(1) | ||
|The | |The action taken by Spam Blocker | ||
|- | |- | ||
| | |spam_blocker_tests_string | ||
| | |Spam Blocker Tests | ||
| | |text | ||
|The | |The tess results for Spam Blocker | ||
|- | |- | ||
| | |phish_blocker_score | ||
| | |Phish Blocker Score | ||
| | |real | ||
|The | |The score of the email according to Phish Blocker | ||
|- | |- | ||
| | |phish_blocker_is_spam | ||
| | |Phish Blocker Phish | ||
| | |boolean | ||
|The | |The phish status of the email according to Phish Blocker | ||
|- | |- | ||
| | |phish_blocker_tests_string | ||
| | |Phish Blocker Tests | ||
|text | |text | ||
|The | |The tess results for Phish Blocker | ||
|- | |- | ||
| | |phish_blocker_action | ||
| | |Phish Blocker Action | ||
| | |character(1) | ||
|The | |The action taken by Phish Blocker | ||
|- | |- | ||
|} | |} | ||
<section end=' | <section end='mail_addrs' /> | ||
() | |||
== ftp_events == | |||
== | <section begin='ftp_events' /> | ||
<section begin=' | |||
{| border="1" cellpadding="2" width="90%%" align="center" | {| border="1" cellpadding="2" width="90%%" align="center" | ||
Line 2,213: | Line 2,205: | ||
!Type | !Type | ||
!Description | !Description | ||
|- | |||
|event_id | |||
|Event ID | |||
|bigint | |||
|The unique event ID | |||
|- | |- | ||
|time_stamp | |time_stamp | ||
Line 2,219: | Line 2,216: | ||
|The time of the event | |The time of the event | ||
|- | |- | ||
| | |session_id | ||
| | |Session ID | ||
|bigint | |||
|The session | |||
|- | |||
|client_intf | |||
|Client Interface | |||
|smallint | |||
|The client interface | |||
|- | |||
|server_intf | |||
|Server Interface | |||
|smallint | |||
|The server interface | |||
|- | |||
|c_client_addr | |||
|Client-side Client Address | |||
|inet | |inet | ||
|The | |The client-side client IP address | ||
|- | |- | ||
| | |s_client_addr | ||
| | |Server-side Client Address | ||
|inet | |inet | ||
|The | |The server-side client IP address | ||
|- | |- | ||
| | |c_server_addr | ||
|Client | |Client-side Server Address | ||
| | |inet | ||
|The | |The client-side server IP address | ||
|- | |- | ||
| | |s_server_addr | ||
| | |Server-side Server Address | ||
| | |inet | ||
|The | |The server-side server IP address | ||
|- | |- | ||
| | |policy_id | ||
|Policy ID | |||
|bigint | |||
|The policy | |||
|- | |- | ||
| | |username | ||
| | |Username | ||
| | |text | ||
|The | |The username associated with this session | ||
|- | |- | ||
| | |hostname | ||
| | |Hostname | ||
| | |text | ||
| | |The hostname of the local address | ||
|- | |- | ||
| | |request_id | ||
| | |Request ID | ||
|bigint | |bigint | ||
|The | |The FTP request ID | ||
|- | |- | ||
| | |method | ||
| | |Method | ||
| | |character(1) | ||
|The | |The FTP method | ||
|- | |- | ||
| | |uri | ||
| | |URI | ||
| | |text | ||
|The | |The FTP URI | ||
|- | |- | ||
| | |virus_blocker_lite_clean | ||
| | |Virus Blocker Lite Clean | ||
| | |boolean | ||
|The | |The cleanliness of the file according to Virus Blocker Lite | ||
|- | |- | ||
| | |virus_blocker_lite_name | ||
| | |Virus Blocker Lite Name | ||
| | |text | ||
|The | |The name of the malware according to Virus Blocker Lite | ||
|- | |- | ||
| | |virus_blocker_clean | ||
| | |Virus Blocker Clean | ||
|boolean | |boolean | ||
| | |The cleanliness of the file according to Virus Blocker | ||
|- | |- | ||
| | |virus_blocker_name | ||
| | |Virus Blocker Name | ||
|text | |text | ||
|The | |The name of the malware according to Virus Blocker | ||
|- | |- | ||
|} | |||
<section end='ftp_events' /> | |||
() | |||
|} | |||
<section end=' | |||
== | == tunnel_vpn_events == | ||
<section begin=' | <section begin='tunnel_vpn_events' /> | ||
{| border="1" cellpadding="2" width="90%%" align="center" | {| border="1" cellpadding="2" width="90%%" align="center" | ||
Line 2,329: | Line 2,313: | ||
!Type | !Type | ||
!Description | !Description | ||
|- | |||
|event_id | |||
|Event ID | |||
|bigint | |||
|The unique event ID | |||
|- | |- | ||
|time_stamp | |time_stamp | ||
Line 2,335: | Line 2,324: | ||
|The time of the event | |The time of the event | ||
|- | |- | ||
| | |tunnel_name | ||
| | |Tunnel Name | ||
|text | |||
|The name the tunnel | |||
|- | |||
|server_address | |||
|Server IP Address | |||
|text | |text | ||
|The | |The address of the remote server | ||
|- | |- | ||
| | |local_address | ||
| | |Local Address | ||
|text | |text | ||
|The | |The local address assigned the client | ||
|- | |- | ||
| | |event_type | ||
| | |Event Type | ||
|text | |text | ||
|The | |The type of the event (CONNECT,DISCONNECT) | ||
|- | |- | ||
|} | |} | ||
<section end=' | <section end='tunnel_vpn_events' /> | ||
() | |||
== tunnel_vpn_stats == | |||
== | <section begin='tunnel_vpn_stats' /> | ||
<section begin=' | |||
{| border="1" cellpadding="2" width="90%%" align="center" | {| border="1" cellpadding="2" width="90%%" align="center" | ||
Line 2,362: | Line 2,356: | ||
!Type | !Type | ||
!Description | !Description | ||
|- | |- | ||
|time_stamp | |time_stamp | ||
Line 2,388: | Line 2,362: | ||
|The time of the event | |The time of the event | ||
|- | |- | ||
|} | |tunnel_name | ||
<section end=' | |Tunnel Name | ||
|text | |||
|The name of the Tunnel VPN tunnel | |||
|- | |||
|in_bytes | |||
|In Bytes | |||
|bigint | |||
|The number of bytes received during this time frame | |||
|- | |||
|out_bytes | |||
|Out Bytes | |||
|bigint | |||
|The number of bytes transmitted during this time frame | |||
|- | |||
|event_id | |||
|Event ID | |||
|bigint | |||
|The unique event ID | |||
|- | |||
|} | |||
<section end='tunnel_vpn_stats' /> | |||
() | |||
== | == wan_failover_test_events == | ||
<section begin=' | <section begin='wan_failover_test_events' /> | ||
<section end=' | {| border="1" cellpadding="2" width="90%%" align="center" | ||
!Column Name | |||
!Human Name | |||
!Type | |||
!Description | |||
|- | |||
|time_stamp | |||
|Timestamp | |||
|timestamp without time zone | |||
|The time of the event | |||
|- | |||
|interface_id | |||
|Interface ID | |||
|integer | |||
|This interface ID | |||
|- | |||
|name | |||
|Interface Name | |||
|text | |||
|This name of the interface | |||
|- | |||
|description | |||
|Text detail of the event | |||
|text | |||
|The description from the test rule | |||
|- | |||
|success | |||
|Success | |||
|boolean | |||
|The result of the test (true if the test succeeded, false otherwise) | |||
|- | |||
|event_id | |||
|Event ID | |||
|bigint | |||
|The unique event ID | |||
|- | |||
|} | |||
<section end='wan_failover_test_events' /> | |||
() | |||
== wan_failover_action_events == | |||
<section begin='wan_failover_action_events' /> | |||
{| border="1" cellpadding="2" width="90%%" align="center" | |||
!Column Name | |||
!Human Name | |||
!Type | |||
!Description | |||
|- | |||
|time_stamp | |||
|Timestamp | |||
|timestamp without time zone | |||
|The time of the event | |||
|- | |||
|interface_id | |||
|Interface ID | |||
|integer | |||
|This interface ID | |||
|- | |||
|action | |||
|Action | |||
|text | |||
|This action (CONNECTED,DISCONNECTED) | |||
|- | |||
|os_name | |||
|Interface O/S Name | |||
|text | |||
|This O/S name of the interface | |||
|- | |||
|name | |||
|Interface Name | |||
|text | |||
|This name of the interface | |||
|- | |||
|event_id | |||
|Event ID | |||
|bigint | |||
|The unique event ID | |||
|- | |||
|} | |||
<section end='wan_failover_action_events' /> | |||
() | |||
== directory_connector_login_events == | |||
<section begin='directory_connector_login_events' /> | |||
{| border="1" cellpadding="2" width="90%%" align="center" | |||
!Column Name | |||
!Human Name | |||
!Type | |||
!Description | |||
|- | |||
|time_stamp | |||
|Timestamp | |||
|timestamp without time zone | |||
|The time of the event | |||
|- | |||
|login_name | |||
|Login Name | |||
|text | |||
|The login name | |||
|- | |||
|domain | |||
|Domain | |||
|text | |||
|The AD domain | |||
|- | |||
|type | |||
|Type | |||
|text | |||
|The type of event (I=Login,U=Update,O=Logout) | |||
|- | |||
|client_addr | |||
|Client Address | |||
|inet | |||
|The client IP address | |||
|- | |||
|login_type | |||
|Login Type | |||
|text | |||
|The login type | |||
|- | |||
|} | |||
<section end='directory_connector_login_events' /> | |||
() | |||
== captive_portal_user_events == | |||
<section begin='captive_portal_user_events' /> | |||
{| border="1" cellpadding="2" width="90%%" align="center" | |||
!Column Name | |||
!Human Name | |||
!Type | |||
!Description | |||
|- | |||
|time_stamp | |||
|Timestamp | |||
|timestamp without time zone | |||
|The time of the event | |||
|- | |||
|policy_id | |||
|Policy ID | |||
|bigint | |||
|The policy | |||
|- | |||
|event_id | |||
|Event ID | |||
|bigint | |||
|The unique event ID | |||
|- | |||
|login_name | |||
|Login Name | |||
|text | |||
|The login username | |||
|- | |||
|event_info | |||
|Event Type | |||
|text | |||
|The type of event (LOGIN, FAILED, TIMEOUT, INACTIVE, USER_LOGOUT, ADMIN_LOGOUT) | |||
|- | |||
|auth_type | |||
|Authorization Type | |||
|text | |||
|The authorization type for this event | |||
|- | |||
|client_addr | |||
|Client Address | |||
|text | |||
|The remote IP address of the client | |||
|- | |||
|} | |||
<section end='captive_portal_user_events' /> | |||
() | |||
== openvpn_stats == | |||
<section begin='openvpn_stats' /> | |||
{| border="1" cellpadding="2" width="90%%" align="center" | |||
!Column Name | |||
!Human Name | |||
!Type | |||
!Description | |||
|- | |||
|time_stamp | |||
|Timestamp | |||
|timestamp without time zone | |||
|The time of the event | |||
|- | |||
|start_time | |||
|Start Time | |||
|timestamp without time zone | |||
|The time the OpenVPN session started | |||
|- | |||
|end_time | |||
|End Time | |||
|timestamp without time zone | |||
|The time the OpenVPN session ended | |||
|- | |||
|rx_bytes | |||
|Bytes Received | |||
|bigint | |||
|The total bytes received from the client during this session | |||
|- | |||
|tx_bytes | |||
|Bytes Sent | |||
|bigint | |||
|The total bytes sent to the client during this session | |||
|- | |||
|remote_address | |||
|Remote Address | |||
|inet | |||
|The remote IP address of the client | |||
|- | |||
|pool_address | |||
|Pool Address | |||
|inet | |||
|The pool IP address of the client | |||
|- | |||
|remote_port | |||
|Remote Port | |||
|integer | |||
|The remote port of the client | |||
|- | |||
|client_name | |||
|Client Name | |||
|text | |||
|The name of the client | |||
|- | |||
|event_id | |||
|Event ID | |||
|bigint | |||
|The unique event ID | |||
|- | |||
|} | |||
<section end='openvpn_stats' /> | |||
() | |||
== openvpn_events == | |||
<section begin='openvpn_events' /> | |||
{| border="1" cellpadding="2" width="90%%" align="center" | |||
!Column Name | |||
!Human Name | |||
!Type | |||
!Description | |||
|- | |||
|time_stamp | |||
|Timestamp | |||
|timestamp without time zone | |||
|The time of the event | |||
|- | |||
|remote_address | |||
|Remote Address | |||
|inet | |||
|The remote IP address of the client | |||
|- | |||
|pool_address | |||
|Pool Address | |||
|inet | |||
|The pool IP address of the client | |||
|- | |||
|client_name | |||
|Client Name | |||
|text | |||
|The name of the client | |||
|- | |||
|type | |||
|Type | |||
|text | |||
|The type of the event (CONNECT,DISCONNECT) | |||
|- | |||
|} | |||
<section end='openvpn_events' /> | |||
() |
Latest revision as of 18:37, 8 September 2020
Database Tables
configuration_backup_events
<section begin='configuration_backup_events' />
Column Name | Human Name | Type | Description |
---|---|---|---|
time_stamp | Timestamp | timestamp without time zone | The time of the event |
success | Success | boolean | The result of the backup (true if the backup succeeded, false otherwise) |
description | Text detail of the event | text | Text detail of the event |
destination | Destination | text | The location of the backup |
event_id | Event ID | bigint | The unique event ID |
<section end='configuration_backup_events' /> ()
http_events
<section begin='http_events' />
Column Name | Human Name | Type | Description |
---|---|---|---|
request_id | Request ID | bigint | The HTTP request ID |
time_stamp | Timestamp | timestamp without time zone | The time of the event |
session_id | Session ID | bigint | The session |
client_intf | Client Interface | smallint | The client interface |
server_intf | Server Interface | smallint | The server interface |
c_client_addr | Client-side Client Address | inet | The client-side client IP address |
s_client_addr | Server-side Client Address | inet | The server-side client IP address |
c_server_addr | Client-side Server Address | inet | The client-side server IP address |
s_server_addr | Server-side Server Address | inet | The server-side server IP address |
c_client_port | Client-side Client Port | integer | The client-side client port |
s_client_port | Server-side Client Port | integer | The server-side client port |
c_server_port | Client-side Server Port | integer | The client-side server port |
s_server_port | Server-side Server Port | integer | The server-side server port |
client_country | Client Country | text | The client Country |
client_latitude | Client Latitude | real | The client Latitude |
client_longitude | Client Longitude | real | The client Longitude |
server_country | Server Country | text | The server Country |
server_latitude | Server Latitude | real | The server Latitude |
server_longitude | Server Longitude | real | The server Longitude |
policy_id | Policy ID | smallint | The policy |
username | Username | text | The username associated with this session |
hostname | Hostname | text | The hostname of the local address |
method | Method | character(1) | The HTTP method |
uri | URI | text | The HTTP URI |
host | Host | text | The HTTP host |
domain | Domain | text | The HTTP domain (shortened host) |
referer | Referer | text | The Referer URL |
c2s_content_length | Client-to-server Content Length | bigint | The client-to-server content length |
s2c_content_length | Server-to-client Content Length | bigint | The server-to-client content length |
s2c_content_type | Server-to-client Content Type | text | The server-to-client content type |
s2c_content_filename | Server-to-client Content Disposition Filename | text | The server-to-client content disposition filename |
ad_blocker_cookie_ident | Ad Blocker Cookie | text | This name of cookie blocked by Ad Blocker |
ad_blocker_action | Ad Blocker Action | character(1) | This action of Ad Blocker on this request |
web_filter_reason | Reason for action (Web Filter) | character(1) | This reason Web Filter blocked/flagged this request |
web_filter_category_id | Web Category (Web Filter) | smallint | This numeric category according to Web Filter |
web_filter_rule_id | Web Rule (Web Filter) | smallint | This numeric rule according to Web Filter |
web_filter_blocked | Blocked (Web Filter) | boolean | If Web Filter blocked this request |
web_filter_flagged | Flagged (Web Filter) | boolean | If Web Filter flagged this request |
virus_blocker_lite_clean | Virus Blocker Lite Clean | boolean | The cleanliness of the file according to Virus Blocker Lite |
virus_blocker_lite_name | Virus Blocker Lite Name | text | The name of the malware according to Virus Blocker Lite |
virus_blocker_clean | Virus Blocker Clean | boolean | The cleanliness of the file according to Virus Blocker |
virus_blocker_name | Virus Blocker Name | text | The name of the malware according to Virus Blocker |
threat_prevention_blocked | Threat Prevention Blocked | boolean | If Threat Prevention blocked this request |
threat_prevention_flagged | Threat Prevention Flagged | boolean | If Threat Prevention flagged this request |
threat_prevention_rule_id | Threat Prevention Rule Id | integer | This numeric rule according to Threat Prevention |
threat_prevention_reputation | Threat Prevention Reputation | smallint | This numeric threat reputation |
threat_prevention_categories | Threat Prevention Categories | integer | This bitmask of threat categories |
<section end='http_events' /> ()
intrusion_prevention_events
<section begin='intrusion_prevention_events' />
Column Name | Human Name | Type | Description |
---|---|---|---|
time_stamp | Timestamp | timestamp without time zone | The time of the event |
sig_id | Signature ID | bigint | This ID of the rule |
gen_id | Grouping ID | bigint | The grouping ID for the rule, The gen_id + sig_id specify the rule's unique identifier |
class_id | Classtype ID | bigint | The numeric ID for the classtype |
source_addr | Source Address | inet | The source IP address of the packet |
source_port | Source Port | integer | The source port of the packet (if applicable) |
dest_addr | Destination Address | inet | The destination IP address of the packet |
dest_port | Destination Port | integer | The destination port of the packet (if applicable) |
protocol | Protocol | integer | The protocol of the packet |
blocked | Blocked | boolean | If the packet was blocked/dropped |
category | Category | text | The application specific grouping for the signature |
classtype | Classtype | text | The generalized threat signature grouping (unrelated to gen_id) |
msg | Message | text | The "title" or "description" of the signature |
rid | Rule ID | text | The rule id |
rule_id | Rule ID | text | The rule id |
<section end='intrusion_prevention_events' /> ()
smtp_tarpit_events
<section begin='smtp_tarpit_events' />
Column Name | Human Name | Type | Description |
---|---|---|---|
time_stamp | Timestamp | timestamp without time zone | The time of the event |
ipaddr | Client Address | inet | The client IP address |
hostname | Hostname | text | The hostname of the local address |
policy_id | Policy ID | bigint | The policy |
vendor_name | Vendor Name | character varying(255) | The "vendor name" of the app that logged the event |
event_id | Event ID | bigint | The unique event ID |
<section end='smtp_tarpit_events' /> ()
ipsec_user_events
<section begin='ipsec_user_events' />
Column Name | Human Name | Type | Description |
---|---|---|---|
event_id | Event ID | bigint | The unique event ID |
time_stamp | Timestamp | timestamp without time zone | The time of the event |
connect_stamp | Connect Time | timestamp without time zone | The time the connection started |
goodbye_stamp | End Time | timestamp without time zone | The time the connection ended |
client_address | Client Address | text | The remote IP address of the client |
client_protocol | Client Protocol | text | The protocol the client used to connect |
client_username | Client Username | text | The username of the client |
net_process | Net Process | text | The PID of the PPP process for L2TP connections or the connection ID for Xauth connections |
net_interface | Net Interface | text | The PPP interface for L2TP connections or the client interface for Xauth connections |
elapsed_time | Elapsed Time | text | The total time the client was connected |
rx_bytes | Bytes Received | bigint | The number of bytes received from the client in this connection |
tx_bytes | Bytes Sent | bigint | The number of bytes sent to the client in this connection |
<section end='ipsec_user_events' /> ()
ipsec_vpn_events
<section begin='ipsec_vpn_events' />
Column Name | Human Name | Type | Description |
---|---|---|---|
event_id | Event ID | bigint | The unique event ID |
time_stamp | Timestamp | timestamp without time zone | The time of the event |
local_address | Local Address | text | The local address of the tunnel |
remote_address | Remote Address | text | The remote address of the tunnel |
tunnel_description | Tunnel Description | text | The description of the tunnel |
event_type | Event Type | text | The type of the event (CONNECT,DISCONNECT) |
<section end='ipsec_vpn_events' /> ()
ipsec_tunnel_stats
<section begin='ipsec_tunnel_stats' />
Column Name | Human Name | Type | Description |
---|---|---|---|
time_stamp | Timestamp | timestamp without time zone | The time of the event |
tunnel_name | Tunnel Name | text | The name of the IPsec tunnel |
in_bytes | In Bytes | bigint | The number of bytes received during this time frame |
out_bytes | Out Bytes | bigint | The number of bytes transmitted during this time frame |
event_id | Event ID | bigint | The unique event ID |
<section end='ipsec_tunnel_stats' /> ()
http_query_events
<section begin='http_query_events' />
Column Name | Human Name | Type | Description |
---|---|---|---|
event_id | Event ID | bigint | The unique event ID |
time_stamp | Timestamp | timestamp without time zone | The time of the event |
session_id | Session ID | bigint | The session |
client_intf | Client Interface | smallint | The client interface |
server_intf | Server Interface | smallint | The server interface |
c_client_addr | Client-side Client Address | inet | The client-side client IP address |
s_client_addr | Server-side Client Address | inet | The server-side client IP address |
c_server_addr | Client-side Server Address | inet | The client-side server IP address |
s_server_addr | Server-side Server Address | inet | The server-side server IP address |
c_client_port | Client-side Client Port | integer | The client-side client port |
s_client_port | Server-side Client Port | integer | The server-side client port |
c_server_port | Client-side Server Port | integer | The client-side server port |
s_server_port | Server-side Server Port | integer | The server-side server port |
policy_id | Policy ID | bigint | The policy |
username | Username | text | The username associated with this session |
hostname | Hostname | text | The hostname of the local address |
request_id | Request ID | bigint | The HTTP request ID |
method | Method | character(1) | The HTTP method |
uri | URI | text | The HTTP URI |
term | Search Term | text | The search term |
host | Host | text | The HTTP host |
c2s_content_length | Client-to-server Content Length | bigint | The client-to-server content length |
s2c_content_length | Server-to-client Content Length | bigint | The server-to-client content length |
s2c_content_type | Server-to-client Content Type | text | The server-to-client content type |
blocked | Blocked | boolean | If Web Filter blocked this search term |
flagged | Flagged | boolean | If Web Filter flagged this search term |
<section end='http_query_events' /> ()
admin_logins
<section begin='admin_logins' />
Column Name | Human Name | Type | Description |
---|---|---|---|
time_stamp | Timestamp | timestamp without time zone | The time of the event |
login | Login | text | The login name |
local | Local | boolean | True if it is a login attempt through a local process |
client_addr | Client Address | inet | The client IP address |
succeeded | Succeeded | boolean | True if the login succeeded, false otherwise |
reason | Reason | character(1) | The reason for the login (if applicable) |
<section end='admin_logins' /> ()
sessions
<section begin='sessions' />
Column Name | Human Name | Type | Description |
---|---|---|---|
session_id | Session ID | bigint | The session |
time_stamp | Timestamp | timestamp without time zone | The time of the event |
end_time | End Time | timestamp without time zone | The time the session ended |
bypassed | Bypassed | boolean | True if the session was bypassed, false otherwise |
entitled | Entitled | boolean | True if the session is entitled to premium functionality |
protocol | Protocol | smallint | The IP protocol of session |
icmp_type | ICMP Type | smallint | The ICMP type of session if ICMP |
hostname | Hostname | text | The hostname of the local address |
username | Username | text | The username associated with this session |
policy_id | Policy ID | smallint | The policy |
policy_rule_id | Policy Rule ID | smallint | The ID of the matching policy rule (0 means none) |
local_addr | Local Address | inet | The IP address of the local participant |
remote_addr | Remote Address | inet | The IP address of the remote participant |
c_client_addr | Client-side Client Address | inet | The client-side client IP address |
c_server_addr | Client-side Server Address | inet | The client-side server IP address |
c_server_port | Client-side Server Port | integer | The client-side server port |
c_client_port | Client-side Client Port | integer | The client-side client port |
s_client_addr | Server-side Client Address | inet | The server-side client IP address |
s_server_addr | Server-side Server Address | inet | The server-side server IP address |
s_server_port | Server-side Server Port | integer | The server-side server port |
s_client_port | Server-side Client Port | integer | The server-side client port |
client_intf | Client Interface | smallint | The client interface |
server_intf | Server Interface | smallint | The server interface |
client_country | Client Country | text | The client Country |
client_latitude | Client Latitude | real | The client Latitude |
client_longitude | Client Longitude | real | The client Longitude |
server_country | Server Country | text | The server Country |
server_latitude | Server Latitude | real | The server Latitude |
server_longitude | Server Longitude | real | The server Longitude |
c2p_bytes | From-Client Bytes | bigint | The number of bytes the client sent to Untangle (client-to-pipeline) |
p2c_bytes | To-Client Bytes | bigint | The number of bytes Untangle sent to client (pipeline-to-client) |
s2p_bytes | From-Server Bytes | bigint | The number of bytes the server sent to Untangle (client-to-pipeline) |
p2s_bytes | To-Server Bytes | bigint | The number of bytes Untangle sent to server (pipeline-to-client) |
filter_prefix | Filter Block | text | The network filter that blocked the connection (filter,shield,invalid) |
firewall_blocked | Firewall Blocked | boolean | True if Firewall blocked the session, false otherwise |
firewall_flagged | Firewall Flagged | boolean | True if Firewall flagged the session, false otherwise |
firewall_rule_index | Firewall Rule ID | integer | The matching rule in Firewall (if any) |
threat_prevention_blocked | Threat Prevention Blocked | boolean | If Threat Prevention blocked |
threat_prevention_flagged | Threat Prevention Flagged | boolean | If Threat Prevention flagged |
threat_prevention_reason | Threat Prevention Reason | character(1) | Threat Prevention reason |
threat_prevention_rule_id | Threat Prevention Rule Id | integer | Numeric rule id of Threat Prevention |
threat_prevention_client_reputation | Threat Prevention Client Reputation | smallint | Numeric client reputation of Threat Prevention |
threat_prevention_client_categories | Threat Prevention Client Categories | integer | Bitmask client categories of Threat Prevention |
threat_prevention_server_reputation | Threat Prevention Server Reputation | smallint | Numeric server reputation of Threat Prevention |
threat_prevention_server_categories | Threat Prevention Server Categories | integer | Bitmask server categories of Threat Prevention |
application_control_lite_protocol | Application Control Lite Protocol | text | The application protocol according to Application Control Lite |
application_control_lite_blocked | Application Control Lite Blocked | boolean | True if Application Control Lite blocked the session |
captive_portal_blocked | Captive Portal Blocked | boolean | True if Captive Portal blocked the session |
captive_portal_rule_index | Captive Portal Rule ID | integer | The matching rule in Captive Portal (if any) |
application_control_application | Application Control Application | text | The application according to Application Control |
application_control_protochain | Application Control Protochain | text | The protochain according to Application Control |
application_control_category | Application Control Category | text | The category according to Application Control |
application_control_blocked | Application Control Blocked | boolean | True if Application Control blocked the session |
application_control_flagged | Application Control Flagged | boolean | True if Application Control flagged the session |
application_control_confidence | Application Control Confidence | integer | True if Application Control confidence of this session's identification |
application_control_ruleid | Application Control Rule ID | integer | The matching rule in Application Control (if any) |
application_control_detail | Application Control Detail | text | The text detail from the Application Control engine |
bandwidth_control_priority | Bandwidth Control Priority | integer | The priority given to this session |
bandwidth_control_rule | Bandwidth Control Rule ID | integer | The matching rule in Bandwidth Control rule (if any) |
ssl_inspector_ruleid | SSL Inspector Rule ID | integer | The matching rule in SSL Inspector rule (if any) |
ssl_inspector_status | SSL Inspector Status | text | The status/action of the SSL session (INSPECTED,IGNORED,BLOCKED,UNTRUSTED,ABANDONED) |
ssl_inspector_detail | SSL Inspector Detail | text | Additional text detail about the SSL connection (SNI, IP Address) |
tags | Tags | text | The tags on this session |
<section end='sessions' /> ()
session_minutes
<section begin='session_minutes' />
Column Name | Human Name | Type | Description |
---|---|---|---|
session_id | Session ID | bigint | The session |
time_stamp | Timestamp | timestamp without time zone | The time of the event |
c2s_bytes | From-Client Bytes | bigint | The number of bytes the client sent |
s2c_bytes | From-Server Bytes | bigint | The number of bytes the server sent |
start_time | Start Time | timestamp without time zone | The start time of the session |
end_time | End Time | timestamp without time zone | The time the session ended |
bypassed | Bypassed | boolean | True if the session was bypassed, false otherwise |
entitled | Entitled | boolean | True if the session is entitled to premium functionality |
protocol | Protocol | smallint | The IP protocol of session |
icmp_type | ICMP Type | smallint | The ICMP type of session if ICMP |
hostname | Hostname | text | The hostname of the local address |
username | Username | text | The username associated with this session |
policy_id | Policy ID | smallint | The policy |
policy_rule_id | Policy Rule ID | smallint | The ID of the matching policy rule (0 means none) |
local_addr | Local Address | inet | The IP address of the local participant |
remote_addr | Remote Address | inet | The IP address of the remote participant |
c_client_addr | Client-side Client Address | inet | The client-side client IP address |
c_server_addr | Client-side Server Address | inet | The client-side server IP address |
c_server_port | Client-side Server Port | integer | The client-side server port |
c_client_port | Client-side Client Port | integer | The client-side client port |
s_client_addr | Server-side Client Address | inet | The server-side client IP address |
s_server_addr | Server-side Server Address | inet | The server-side server IP address |
s_server_port | Server-side Server Port | integer | The server-side server port |
s_client_port | Server-side Client Port | integer | The server-side client port |
client_intf | Client Interface | smallint | The client interface |
server_intf | Server Interface | smallint | The server interface |
client_country | Client Country | text | The client Country |
client_latitude | Client Latitude | real | The client Latitude |
client_longitude | Client Longitude | real | The client Longitude |
server_country | Server Country | text | The server Country |
server_latitude | Server Latitude | real | The server Latitude |
server_longitude | Server Longitude | real | The server Longitude |
filter_prefix | Filter Block | text | The network filter that blocked the connection (filter,shield,invalid) |
firewall_blocked | Firewall Blocked | boolean | True if Firewall blocked the session, false otherwise |
firewall_flagged | Firewall Flagged | boolean | True if Firewall flagged the session, false otherwise |
firewall_rule_index | Firewall Rule ID | integer | The matching rule in Firewall (if any) |
threat_prevention_blocked | Threat Prevention Blocked | boolean | If Threat Prevention blocked |
threat_prevention_flagged | Threat Prevention Flagged | boolean | If Threat Prevention flagged |
threat_prevention_reason | Threat Prevention Reason | character(1) | Threat Prevention reason |
threat_prevention_rule_id | Threat Prevention Rule Id | integer | Numeric rule id of Threat Prevention |
threat_prevention_client_reputation | Threat Prevention Client Reputation | smallint | Numeric client reputation of Threat Prevention |
threat_prevention_client_categories | Threat Prevention Client Categories | integer | Bitmask client categories of Threat Prevention |
threat_prevention_server_reputation | Threat Prevention Server Reputation | smallint | Numeric server reputation of Threat Prevention |
threat_prevention_server_categories | Threat Prevention Server Categories | integer | Bitmask server categories of Threat Prevention |
application_control_lite_protocol | Application Control Lite Protocol | text | The application protocol according to Application Control Lite |
application_control_lite_blocked | Application Control Lite Blocked | boolean | True if Application Control Lite blocked the session |
captive_portal_blocked | Captive Portal Blocked | boolean | True if Captive Portal blocked the session |
captive_portal_rule_index | Captive Portal Rule ID | integer | The matching rule in Captive Portal (if any) |
application_control_application | Application Control Application | text | The application according to Application Control |
application_control_protochain | Application Control Protochain | text | The protochain according to Application Control |
application_control_category | Application Control Category | text | The category according to Application Control |
application_control_blocked | Application Control Blocked | boolean | True if Application Control blocked the session |
application_control_flagged | Application Control Flagged | boolean | True if Application Control flagged the session |
application_control_confidence | Application Control Confidence | integer | True if Application Control confidence of this session's identification |
application_control_ruleid | Application Control Rule ID | integer | The matching rule in Application Control (if any) |
application_control_detail | Application Control Detail | text | The text detail from the Application Control engine |
bandwidth_control_priority | Bandwidth Control Priority | integer | The priority given to this session |
bandwidth_control_rule | Bandwidth Control Rule ID | integer | The matching rule in Bandwidth Control rule (if any) |
ssl_inspector_ruleid | SSL Inspector Rule ID | integer | The matching rule in SSL Inspector rule (if any) |
ssl_inspector_status | SSL Inspector Status | text | The status/action of the SSL session (INSPECTED,IGNORED,BLOCKED,UNTRUSTED,ABANDONED) |
ssl_inspector_detail | SSL Inspector Detail | text | Additional text detail about the SSL connection (SNI, IP Address) |
tags | Tags | text | The tags on this session |
<section end='session_minutes' /> ()
quotas
<section begin='quotas' />
Column Name | Human Name | Type | Description |
---|---|---|---|
time_stamp | Timestamp | timestamp without time zone | The time of the event |
entity | Entity | text | The IP entity given the quota (address/username) |
action | Action | integer | The action (1=Quota Given, 2=Quota Exceeded) |
size | Size | bigint | The size of the quota |
reason | Reason | text | The reason for the action |
<section end='quotas' /> ()
host_table_updates
<section begin='host_table_updates' />
Column Name | Human Name | Type | Description |
---|---|---|---|
address | Address | inet | The IP address of the host |
key | Key | text | The key being updated |
value | Value | text | The new value for the key |
old_value | Old Value | text | The old value for the key |
time_stamp | Timestamp | timestamp without time zone | The time of the event |
<section end='host_table_updates' /> ()
device_table_updates
<section begin='device_table_updates' />
Column Name | Human Name | Type | Description |
---|---|---|---|
mac_address | MAC Address | text | The MAC address of the device |
key | Key | text | The key being updated |
value | Value | text | The new value for the key |
old_value | Old Value | text | The old value for the key |
time_stamp | Timestamp | timestamp without time zone | The time of the event |
<section end='device_table_updates' /> ()
user_table_updates
<section begin='user_table_updates' />
Column Name | Human Name | Type | Description |
---|---|---|---|
username | Username | text | The username |
key | Key | text | The key being updated |
value | Value | text | The new value for the key |
old_value | Old Value | text | The old value for the key |
time_stamp | Timestamp | timestamp without time zone | The time of the event |
<section end='user_table_updates' /> ()
alerts
<section begin='alerts' />
Column Name | Human Name | Type | Description |
---|---|---|---|
time_stamp | Timestamp | timestamp without time zone | The time of the event |
description | Text detail of the event | text | The description from the alert rule. |
summary_text | Summary Text | text | The summary text of the alert |
json | JSON Text | text | The summary JSON representation of the event causing the alert |
<section end='alerts' /> ()
settings_changes
<section begin='settings_changes' />
Column Name | Human Name | Type | Description |
---|---|---|---|
time_stamp | Timestamp | timestamp without time zone | The time of the event |
settings_file | Settings File | text | The name of the file changed |
username | Username | text | The username logged in at the time of the change |
hostname | Hostname | text | The remote hostname |
<section end='settings_changes' /> ()
web_cache_stats
<section begin='web_cache_stats' />
Column Name | Human Name | Type | Description |
---|---|---|---|
time_stamp | Timestamp | timestamp without time zone | The time of the event |
hits | Hits | bigint | The number of cache hits during this time frame |
misses | Misses | bigint | The number of cache misses during this time frame |
bypasses | Bypasses | bigint | The number of cache user bypasses during this time frame |
systems | System bypasses | bigint | The number of cache system bypasses during this time frame |
hit_bytes | Hit Bytes | bigint | The number of bytes saved from cache hits |
miss_bytes | Miss Bytes | bigint | The number of bytes not saved from cache misses |
event_id | Event ID | bigint | The unique event ID |
<section end='web_cache_stats' /> ()
server_events
<section begin='server_events' />
Column Name | Human Name | Type | Description |
---|---|---|---|
time_stamp | Timestamp | timestamp without time zone | The time of the event |
load_1 | CPU load (1-min) | numeric(6,2) | The 1-minute CPU load |
load_5 | CPU load (5-min) | numeric(6,2) | The 5-minute CPU load |
load_15 | CPU load (15-min) | numeric(6,2) | The 15-minute CPU load |
cpu_user | CPU User Utilization | numeric(6,3) | The user CPU percent utilization |
cpu_system | CPU System Utilization | numeric(6,3) | The system CPU percent utilization |
mem_total | Total Memory | bigint | The total bytes of memory |
mem_free | Memory Free | bigint | The number of free bytes of memory |
disk_total | Disk Size | bigint | The total disk size in bytes |
disk_free | Disk Free | bigint | The free disk space in bytes |
swap_total | Swap Size | bigint | The total swap size in bytes |
swap_free | Swap Free | bigint | The free disk swap in bytes |
active_hosts | Active Hosts | integer | The number of active hosts |
<section end='server_events' /> ()
interface_stat_events
<section begin='interface_stat_events' />
Column Name | Human Name | Type | Description |
---|---|---|---|
time_stamp | Timestamp | timestamp without time zone | The time of the event |
interface_id | Interface ID | integer | The interface ID |
rx_rate | Rx Rate | double precision | The RX rate (bytes/s) |
rx_bytes | Bytes Received | bigint | The number of bytes received from the client in this connection |
tx_rate | Tx Rate | double precision | The TX rate (bytes/s) |
tx_bytes | Bytes Sent | bigint | The number of bytes sent to the client in this connection |
<section end='interface_stat_events' /> ()
mail_msgs
<section begin='mail_msgs' />
Column Name | Human Name | Type | Description |
---|---|---|---|
time_stamp | Timestamp | timestamp without time zone | The time of the event |
session_id | Session ID | bigint | The session |
client_intf | Client Interface | smallint | The client interface |
server_intf | Server Interface | smallint | The server interface |
c_client_addr | Client-side Client Address | inet | The client-side client IP address |
s_client_addr | Server-side Client Address | inet | The server-side client IP address |
c_server_addr | Client-side Server Address | inet | The client-side server IP address |
s_server_addr | Server-side Server Address | inet | The server-side server IP address |
c_client_port | Client-side Client Port | integer | The client-side client port |
s_client_port | Server-side Client Port | integer | The server-side client port |
c_server_port | Client-side Server Port | integer | The client-side server port |
s_server_port | Server-side Server Port | integer | The server-side server port |
policy_id | Policy ID | bigint | The policy |
username | Username | text | The username associated with this session |
msg_id | Message ID | bigint | The message ID |
subject | Subject | text | The email subject |
hostname | Hostname | text | The hostname of the local address |
event_id | Event ID | bigint | The unique event ID |
sender | Sender | text | The address of the sender |
receiver | Receiver | text | The address of the receiver |
virus_blocker_lite_clean | Virus Blocker Lite Clean | boolean | The cleanliness of the file according to Virus Blocker Lite |
virus_blocker_lite_name | Virus Blocker Lite Name | text | The name of the malware according to Virus Blocker Lite |
virus_blocker_clean | Virus Blocker Clean | boolean | The cleanliness of the file according to Virus Blocker |
virus_blocker_name | Virus Blocker Name | text | The name of the malware according to Virus Blocker |
spam_blocker_lite_score | Spam Blocker Lite Score | real | The score of the email according to Spam Blocker Lite |
spam_blocker_lite_is_spam | Spam Blocker Lite Spam | boolean | The spam status of the email according to Spam Blocker Lite |
spam_blocker_lite_tests_string | Spam Blocker Lite Tests | text | The tess results for Spam Blocker Lite |
spam_blocker_lite_action | Spam Blocker Lite Action | character(1) | The action taken by Spam Blocker Lite |
spam_blocker_score | Spam Blocker Score | real | The score of the email according to Spam Blocker |
spam_blocker_is_spam | Spam Blocker Spam | boolean | The spam status of the email according to Spam Blocker |
spam_blocker_tests_string | Spam Blocker Tests | text | The tess results for Spam Blocker |
spam_blocker_action | Spam Blocker Action | character(1) | The action taken by Spam Blocker |
phish_blocker_score | Phish Blocker Score | real | The score of the email according to Phish Blocker |
phish_blocker_is_spam | Phish Blocker Phish | boolean | The phish status of the email according to Phish Blocker |
phish_blocker_tests_string | Phish Blocker Tests | text | The tess results for Phish Blocker |
phish_blocker_action | Phish Blocker Action | character(1) | The action taken by Phish Blocker |
<section end='mail_msgs' /> ()
mail_addrs
<section begin='mail_addrs' />
Column Name | Human Name | Type | Description |
---|---|---|---|
time_stamp | Timestamp | timestamp without time zone | The time of the event |
session_id | Session ID | bigint | The session |
client_intf | Client Interface | smallint | The client interface |
server_intf | Server Interface | smallint | The server interface |
c_client_addr | Client-side Client Address | inet | The client-side client IP address |
s_client_addr | Server-side Client Address | inet | The server-side client IP address |
c_server_addr | Client-side Server Address | inet | The client-side server IP address |
s_server_addr | Server-side Server Address | inet | The server-side server IP address |
c_client_port | Client-side Client Port | integer | The client-side client port |
s_client_port | Server-side Client Port | integer | The server-side client port |
c_server_port | Client-side Server Port | integer | The client-side server port |
s_server_port | Server-side Server Port | integer | The server-side server port |
policy_id | Policy ID | bigint | The policy |
username | Username | text | The username associated with this session |
msg_id | Message ID | bigint | The message ID |
subject | Subject | text | The email subject |
addr | Address | text | The address of this event |
addr_name | Address Name | text | The name for this address |
addr_kind | Address Kind | character(1) | The type for this address (F=From, T=To, C=CC, G=Envelope From, B=Envelope To, X=Unknown) |
hostname | Hostname | text | The hostname of the local address |
event_id | Event ID | bigint | The unique event ID |
sender | Sender | text | The address of the sender |
virus_blocker_lite_clean | Virus Blocker Lite Clean | boolean | The cleanliness of the file according to Virus Blocker Lite |
virus_blocker_lite_name | Virus Blocker Lite Name | text | The name of the malware according to Virus Blocker Lite |
virus_blocker_clean | Virus Blocker Clean | boolean | The cleanliness of the file according to Virus Blocker |
virus_blocker_name | Virus Blocker Name | text | The name of the malware according to Virus Blocker |
spam_blocker_lite_score | Spam Blocker Lite Score | real | The score of the email according to Spam Blocker Lite |
spam_blocker_lite_is_spam | Spam Blocker Lite Spam | boolean | The spam status of the email according to Spam Blocker Lite |
spam_blocker_lite_action | Spam Blocker Lite Action | character(1) | The action taken by Spam Blocker Lite |
spam_blocker_lite_tests_string | Spam Blocker Lite Tests | text | The tess results for Spam Blocker Lite |
spam_blocker_score | Spam Blocker Score | real | The score of the email according to Spam Blocker |
spam_blocker_is_spam | Spam Blocker Spam | boolean | The spam status of the email according to Spam Blocker |
spam_blocker_action | Spam Blocker Action | character(1) | The action taken by Spam Blocker |
spam_blocker_tests_string | Spam Blocker Tests | text | The tess results for Spam Blocker |
phish_blocker_score | Phish Blocker Score | real | The score of the email according to Phish Blocker |
phish_blocker_is_spam | Phish Blocker Phish | boolean | The phish status of the email according to Phish Blocker |
phish_blocker_tests_string | Phish Blocker Tests | text | The tess results for Phish Blocker |
phish_blocker_action | Phish Blocker Action | character(1) | The action taken by Phish Blocker |
<section end='mail_addrs' /> ()
ftp_events
<section begin='ftp_events' />
Column Name | Human Name | Type | Description |
---|---|---|---|
event_id | Event ID | bigint | The unique event ID |
time_stamp | Timestamp | timestamp without time zone | The time of the event |
session_id | Session ID | bigint | The session |
client_intf | Client Interface | smallint | The client interface |
server_intf | Server Interface | smallint | The server interface |
c_client_addr | Client-side Client Address | inet | The client-side client IP address |
s_client_addr | Server-side Client Address | inet | The server-side client IP address |
c_server_addr | Client-side Server Address | inet | The client-side server IP address |
s_server_addr | Server-side Server Address | inet | The server-side server IP address |
policy_id | Policy ID | bigint | The policy |
username | Username | text | The username associated with this session |
hostname | Hostname | text | The hostname of the local address |
request_id | Request ID | bigint | The FTP request ID |
method | Method | character(1) | The FTP method |
uri | URI | text | The FTP URI |
virus_blocker_lite_clean | Virus Blocker Lite Clean | boolean | The cleanliness of the file according to Virus Blocker Lite |
virus_blocker_lite_name | Virus Blocker Lite Name | text | The name of the malware according to Virus Blocker Lite |
virus_blocker_clean | Virus Blocker Clean | boolean | The cleanliness of the file according to Virus Blocker |
virus_blocker_name | Virus Blocker Name | text | The name of the malware according to Virus Blocker |
<section end='ftp_events' /> ()
tunnel_vpn_events
<section begin='tunnel_vpn_events' />
Column Name | Human Name | Type | Description |
---|---|---|---|
event_id | Event ID | bigint | The unique event ID |
time_stamp | Timestamp | timestamp without time zone | The time of the event |
tunnel_name | Tunnel Name | text | The name the tunnel |
server_address | Server IP Address | text | The address of the remote server |
local_address | Local Address | text | The local address assigned the client |
event_type | Event Type | text | The type of the event (CONNECT,DISCONNECT) |
<section end='tunnel_vpn_events' /> ()
tunnel_vpn_stats
<section begin='tunnel_vpn_stats' />
Column Name | Human Name | Type | Description |
---|---|---|---|
time_stamp | Timestamp | timestamp without time zone | The time of the event |
tunnel_name | Tunnel Name | text | The name of the Tunnel VPN tunnel |
in_bytes | In Bytes | bigint | The number of bytes received during this time frame |
out_bytes | Out Bytes | bigint | The number of bytes transmitted during this time frame |
event_id | Event ID | bigint | The unique event ID |
<section end='tunnel_vpn_stats' /> ()
wan_failover_test_events
<section begin='wan_failover_test_events' />
Column Name | Human Name | Type | Description |
---|---|---|---|
time_stamp | Timestamp | timestamp without time zone | The time of the event |
interface_id | Interface ID | integer | This interface ID |
name | Interface Name | text | This name of the interface |
description | Text detail of the event | text | The description from the test rule |
success | Success | boolean | The result of the test (true if the test succeeded, false otherwise) |
event_id | Event ID | bigint | The unique event ID |
<section end='wan_failover_test_events' /> ()
wan_failover_action_events
<section begin='wan_failover_action_events' />
Column Name | Human Name | Type | Description |
---|---|---|---|
time_stamp | Timestamp | timestamp without time zone | The time of the event |
interface_id | Interface ID | integer | This interface ID |
action | Action | text | This action (CONNECTED,DISCONNECTED) |
os_name | Interface O/S Name | text | This O/S name of the interface |
name | Interface Name | text | This name of the interface |
event_id | Event ID | bigint | The unique event ID |
<section end='wan_failover_action_events' /> ()
directory_connector_login_events
<section begin='directory_connector_login_events' />
Column Name | Human Name | Type | Description |
---|---|---|---|
time_stamp | Timestamp | timestamp without time zone | The time of the event |
login_name | Login Name | text | The login name |
domain | Domain | text | The AD domain |
type | Type | text | The type of event (I=Login,U=Update,O=Logout) |
client_addr | Client Address | inet | The client IP address |
login_type | Login Type | text | The login type |
<section end='directory_connector_login_events' /> ()
captive_portal_user_events
<section begin='captive_portal_user_events' />
Column Name | Human Name | Type | Description |
---|---|---|---|
time_stamp | Timestamp | timestamp without time zone | The time of the event |
policy_id | Policy ID | bigint | The policy |
event_id | Event ID | bigint | The unique event ID |
login_name | Login Name | text | The login username |
event_info | Event Type | text | The type of event (LOGIN, FAILED, TIMEOUT, INACTIVE, USER_LOGOUT, ADMIN_LOGOUT) |
auth_type | Authorization Type | text | The authorization type for this event |
client_addr | Client Address | text | The remote IP address of the client |
<section end='captive_portal_user_events' /> ()
openvpn_stats
<section begin='openvpn_stats' />
Column Name | Human Name | Type | Description |
---|---|---|---|
time_stamp | Timestamp | timestamp without time zone | The time of the event |
start_time | Start Time | timestamp without time zone | The time the OpenVPN session started |
end_time | End Time | timestamp without time zone | The time the OpenVPN session ended |
rx_bytes | Bytes Received | bigint | The total bytes received from the client during this session |
tx_bytes | Bytes Sent | bigint | The total bytes sent to the client during this session |
remote_address | Remote Address | inet | The remote IP address of the client |
pool_address | Pool Address | inet | The pool IP address of the client |
remote_port | Remote Port | integer | The remote port of the client |
client_name | Client Name | text | The name of the client |
event_id | Event ID | bigint | The unique event ID |
<section end='openvpn_stats' /> ()
openvpn_events
<section begin='openvpn_events' />
Column Name | Human Name | Type | Description |
---|---|---|---|
time_stamp | Timestamp | timestamp without time zone | The time of the event |
remote_address | Remote Address | inet | The remote IP address of the client |
pool_address | Pool Address | inet | The pool IP address of the client |
client_name | Client Name | text | The name of the client |
type | Type | text | The type of the event (CONNECT,DISCONNECT) |
<section end='openvpn_events' /> ()