Event Definitions: Difference between revisions

Revision as of 18:17, 10 August 2017

Events Events Events

All event data is stored in the Database Schema in a relational database. As Untangle and applications process traffic they create Event objects that add and modify content in the database. Each event has it's own class/object with certain fields that modify the database in a certain way.

The list below shows the classes used in the event logging and the attributes of each event object. These can be used to add alerts in Reports or for other event handling within Untangle.

HostTableEvent

These events are created by the base system and inserted to the host_table_updates table when the host table is modified.

Attribute Name	Type	Description
address	InetAddress	The address
class	Class	The class name
key	String	The key
oldValue	String	The old value
timeStamp	Timestamp	The timestamp
value	String	The value

DeviceTableEvent

These events are created by the base system and inserted to the device_table_updates table when the device list is modified.

Attribute Name	Type	Description
class	Class	The class name
device	DeviceTableEntry	The Device
key	String	The key
macAddress	String	The MAC address
oldValue	String	The old value
timeStamp	Timestamp	The timestamp
value	String	The value

UserTableEvent

These events are created by the base system and inserted to the user_table_updates table when the user table is modified.

Attribute Name	Type	Description
class	Class	The class name
key	String	The key
oldValue	String	The old value
timeStamp	Timestamp	The timestamp
username	String	The username
value	String	The value

SessionStatsEvent

These events are created by the base system and update the sessions table when a session ends with the updated stats.

Attribute Name	Type	Description
c2pBytes	long	The number of bytes sent from the client to Untangle
class	Class	The class name
endTime	long	The end time/date
p2cBytes	long	The number of bytes sent to the client from Untangle
p2sBytes	long	The number of bytes sent to the server from Untangle
s2pBytes	long	The number of bytes sent from the server to Untangle
sessionEvent	SessionEvent	The session event
sessionId	Long	The session ID
timeStamp	Timestamp	The timestamp

SessionEvent

These events are created by the base system and update the sessions table each time a session is created.

Attribute Name	Type	Description
CClientAddr	InetAddress	The client-side (pre-NAT) client address
CClientPort	Integer	The client-side (pre-NAT) client port
CServerAddr	InetAddress	The client-side (pre-NAT) server address
CServerPort	Integer	The client-side (pre-NAT) server port
SClientAddr	InetAddress	The server-side (post-NAT) client address
SClientPort	Integer	The server-side (post-NAT) client port
SServerAddr	InetAddress	The server-side (post-NAT) server address
SServerPort	Integer	The server-side (post-NAT) server port
bypassed	boolean	True if bypassed, false otherwise
class	Class	The class name
clientCountry	String	The client country
clientIntf	Integer	The client interface ID
clientLatitude	Double	The client latitude
clientLongitude	Double	The client longitude
entitled	boolean	The entitled status
filterPrefix	String	The filter prefix if blocked by the filter rules
hostname	String	The hostname
icmpType	Short	The ICMP type
localAddr	InetAddress	The local host address
policyId	Integer	The policy ID
policyRuleId	Integer	The policy rule ID
protocol	Short	The protocol
protocolName	String	The protocol name
remoteAddr	InetAddress	The remote host address
serverCountry	String	The server country
serverIntf	Integer	The server interface ID
serverLatitude	Double	The server latitude
serverLongitude	Double	The server longitude
sessionId	Long	The session ID
tagsString	String	The string value of all tags
timeStamp	Timestamp	The timestamp
username	String	The username

SessionMinuteEvent

These events are created by the base system and update the session_minutes table each minute a session exists.

Attribute Name	Type	Description
c2sBytes	long	The number of bytes sent from the client to the server
class	Class	The class name
s2cBytes	long	The number of bytes sent from the server to the client
sessionId	long	The session ID
timeStamp	Timestamp	The timestamp

SessionNatEvent

These events are created by the base system and update the sessions table each time a session is NATd with the post-NAT information.

Attribute Name	Type	Description
SClientAddr	InetAddress	The server-side (post-NAT) client address
SClientPort	Integer	The server-side (post-NAT) client port
SServerAddr	InetAddress	The server-side (post-NAT) server address
SServerPort	Integer	The server-side (post-NAT) server port
class	Class	The class name
serverIntf	Integer	The server interface ID
sessionEvent	SessionEvent	The session event
timeStamp	Timestamp	The timestamp

QuotaEvent

These events are created by the Bandwidth Control and inserted or update the quotas table when quotas are given or exceeded.

Attribute Name	Type	Description
action	int	The action (1=Quota Given, 2=Quota Exceeded)
class	Class	The class name
entity	String	The entity
quotaSize	long	The quota size
reason	String	The reason
timeStamp	Timestamp	The timestamp

SettingsChangesEvent

These events are created by the base system and inserted to the settings_changes table when settings are changed.

Attribute Name	Type	Description
class	Class	The class name
hostname	String	The hostname
settingsFile	String	The settings file
timeStamp	Timestamp	The timestamp
username	String	The username

AdminLoginEvent

These events are created by the base system and inserted to the admin_logins table when an administrator login is attempted or successful.

Attribute Name	Type	Description
class	Class	The class name
clientAddress	InetAddress	The client address
local	boolean	1 if login is done via local console, 0 otherwise
login	String	The login username
reason	String	The reason
succeeded	boolean	1 if successful, 0 otherwise
timeStamp	Timestamp	The timestamp

AlertEvent

These events are created by Reports and inserted to the alerts table when an alert fires.

Attribute Name	Type	Description
causalRule	EventRule	The causal rule
cause	LogEvent	The cause
class	Class	The class name
description	String	The description
eventSent	Boolean	True if the event was sent, false otherwise
json	String	The JSON string
summaryText	String	The summary text
timeStamp	Timestamp	The timestamp

LogEvent

These base class for all events.

Attribute Name	Type	Description
class	Class	The class name
timeStamp	Timestamp	The timestamp

InterfaceStatEvent

These events are created by the base system and inserted to the interface_stat_events table periodically with interface stats.

Attribute Name	Type	Description
class	Class	The class name
interfaceId	int	The interface ID
rxBytes	double	The total of received bytes
rxRate	double	The RX rate in byte/s
timeStamp	Timestamp	The timestamp
txBytes	double	The total of transmitted bytes
txRate	double	The TX rate in byte/s

SystemStatEvent

These events are created by the base system and inserted to the server_events table periodically.

Attribute Name	Type	Description
activeHosts	int	The active host count
class	Class	The class name
cpuSystem	float	The system CPU utilization
cpuUser	float	The user CPU utilization
diskFree	long	The amount of disk free
diskFreePercent	float	The percentage of disk free
diskTotal	long	The total size of the disk
diskUsed	long	The amount of disk used
diskUsedPercent	float	The percentage of disk used
load1	float	The 1-minute CPU load
load15	float	The 15-minute CPU load
load5	float	The 5-minute CPU load
memBuffers	long	The amount of memory used by buffers
memCache	long	The amount of memory used by cache
memFree	long	The amount of free memory
memFreePercent	float	The percentage of total memory that is free
memTotal	long	The total amount of memory
memUsed	long	The amount of used memory
memUsedPercent	float	The percentage of total memory that is used
swapFree	long	The amount of free swap
swapFreePercent	float	The percentage of total swap that is free
swapTotal	long	The total size of swap
swapUsed	long	The amount of used swap
swapUsedPercent	float	The percentage of total swap that is used
timeStamp	Timestamp	The timestamp

CaptivePortalUserEvent

These events are created by Captive Portal and inserted to the captive_portal_user_events table when Captive Portal user takes amconsole:

Attribute Name	Type	Description
authenticationType	CaptivePortalSettings$AuthenticationType	The authentication type
authenticationTypeValue	String	The authentication type as a string
class	Class	The class name
clientAddr	String	The client address
event	CaptivePortalUserEvent$EventType	The event (LOGIN, FAILED, TIMEOUT, INACTIVE, USER_LOGOUT, ADMIN_LOGOUT)
eventValue	String	The event value as a string (LOGIN, FAILED, TIMEOUT, INACTIVE, USER_LOGOUT, ADMIN_LOGOUT)
loginName	String	The login name
policyId	Integer	The policy ID
timeStamp	Timestamp	The timestamp

CaptureRuleEvent

These events are created by Captive Portal and update the sessions table when Captive Portal processes a session.

Attribute Name	Type	Description
captured	boolean	True if captured, false otherwise
class	Class	The class name
ruleId	Integer	The rule ID
sessionEvent	SessionEvent	The session event
timeStamp	Timestamp	The timestamp

TunnelStatusEvent

These events are created by IPsec VPN and inserted to the ipsec_tunnel_stats table periodically.

Attribute Name	Type	Description
class	Class	The class name
inBytes	long	The number of bytes received from this tunnel
outBytes	long	The number of bytes sent in this tunnel
timeStamp	Timestamp	The timestamp
tunnelName	String	The name of this tunnel

VirtualUserEvent

These events are created by IPsec VPN and inserted to the ipsec_user_events table when a user event occurs.

Attribute Name	Type	Description
class	Class	The class name
clientAddress	InetAddress	The client address
clientProtocol	String	The client protocol
clientUsername	String	The client username
elapsedTime	String	The elapsed time
eventId	Long	The event ID
netInterface	String	The net interface
netProcess	String	The net process
netRXbytes	Long	The number of RX (received) bytes
netTXbytes	Long	The number of TX (transmitted) bytes
timeStamp	Timestamp	The timestamp

ConfigurationBackupEvent

These events are created by Configuration Backup and inserted to the configuratio_backup_events table when a backup occurs.

Attribute Name	Type	Description
class	Class	The class name
destination	String	The destination
detail	String	The details
success	boolean	True if successful, false otherwise
timeStamp	Timestamp	The timestamp

IntrusionPreventionLogEvent

These events are created by Intrusion Prevention and inserted to the intrusion_prevention_events table when a rule matches.

Attribute Name	Type	Description
blocked	short	1 if blocked, 0 otherwise
category	String	The category
class	Class	The class name
classificationId	long	The classification ID
classtype	String	The classtype
dportIcode	int	The dportIcode
eventId	long	The event ID
eventMicrosecond	long	The event microsecond
eventSecond	long	The event second
eventType	long	The event type
generatorId	long	The generator ID
impact	short	The impact
impactFlag	short	The impact flag
ipDestination	InetAddress	The IP address destination
ipSource	InetAddress	The IP address source
mplsLabel	long	The mplsLabel
msg	String	The msg
padding	int	The padding
priorityId	long	The priority ID
protocol	short	The protocol
sensorId	long	The sensor ID
signatureId	long	The signature ID
signatureRevision	long	The signature revision
sportItype	int	The sportItype
timeStamp	Timestamp	The timestamp
vlanId	int	The VLAN Id

SslInspectorLogEvent

These events are created by SSL Inspector and update the sessions table when a session is processed by SSL Inspector.

Attribute Name	Type	Description
class	Class	The class name
detail	String	The details
ruleId	Integer	The rule ID
sessionEvent	SessionEvent	The session event
status	String	The status
timeStamp	Timestamp	The timestamp

ApplicationControlLiteEvent

These events are created by Application Control Lite and update the sessions table when application control lite identifies a session.

Attribute Name	Type	Description
blocked	boolean	True if blocked, false otherwise
class	Class	The class name
protocol	String	The protocol
sessionId	Long	The session ID
timeStamp	Timestamp	The timestamp

ApplicationControlLogEvent

These events are created by Application Control and update the sessions table when application control identifies a session.

Attribute Name	Type	Description
application	String	The application
blocked	boolean	True if blocked, false otherwise
category	String	The category
class	Class	The class name
confidence	Integer	The confidence (0-100)
detail	String	The details
flagged	boolean	True if flagged, false otherwise
protochain	String	The protochain
ruleId	Integer	The rule ID
sessionEvent	SessionEvent	The session event
state	Integer	The state
timeStamp	Timestamp	The timestamp

CookieEvent

These events are created by Ad Blocker and update the http_events table when a cookie is blocked.

Attribute Name	Type	Description
class	Class	The class name
identification	String	The identification string
requestId	Long	The request ID
sessionEvent	SessionEvent	The session event
timeStamp	Timestamp	The timestamp

AdBlockerEvent

These events are created by Ad Blocker and update the http_events table when an ad is blocked.

Attribute Name	Type	Description
action	Action	The action
class	Class	The class name
reason	String	The reason
requestId	Long	The request ID
timeStamp	Timestamp	The timestamp

WebFilterQueryEvent

These events are created by Web Filter and inserted to the http_query_events table when web filter processes a search engine search.

Attribute Name	Type	Description
appName	String	The name of the application
class	Class	The class name
contentLength	long	The content length
host	String	The host
method	HttpMethod	The method
requestId	Long	The request ID
requestUri	URI	The request URI
sessionEvent	SessionEvent	The session event
term	String	The search term/phrase
timeStamp	Timestamp	The timestamp

WebFilterEvent

These events are created by Web Filter and update the http_events table when web filter processes a web request.

Attribute Name	Type	Description
appName	String	The name of the application
blocked	Boolean	True if blocked, false otherwise
category	String	The category
class	Class	The class name
flagged	Boolean	True if flagged, false otherwise
reason	Reason	The reason
requestLine	RequestLine	The request line
sessionEvent	SessionEvent	The session event
timeStamp	Timestamp	The timestamp

PrioritizeEvent

These events are created by the Bandwidth Control and update the session table when a session is prioritized.

Attribute Name	Type	Description
class	Class	The class name
priority	int	The priority
ruleId	int	The rule ID
sessionEvent	SessionEvent	The session event
timeStamp	Timestamp	The timestamp

WanFailoverTestEvent

These events are created by WAN Failover and inserted to the wan_failover_test_events table when a test is run.

Attribute Name	Type	Description
class	Class	The class name
description	String	The description
interfaceId	int	The interface ID
name	String	The test name
osName	String	The O/S interface name
success	Boolean	True if successful, false otherwise
timeStamp	Timestamp	The timestamp

WanFailoverEvent

These events are created by WAN Failover and inserted to the wan_failover_action_events table when WAN Failover takes an action.

Attribute Name	Type	Description
action	WanFailoverEvent$Action	The action
class	Class	The class name
interfaceId	int	The interface ID
name	String	The name
osName	String	The O/S interface name
timeStamp	Timestamp	The timestamp

SpamSmtpTarpitEvent

These events are created by Spam Blocker and inserted to the smtp_tarpit_events table when a session is tarpitted.

Attribute Name	Type	Description
IPAddr	InetAddress	The IP address
class	Class	The class name
hostname	String	The hostname
sessionEvent	SessionEvent	The session event
sessionId	Long	The session ID
timeStamp	Timestamp	The timestamp
vendorName	String	The application name

SpamLogEvent

These events are created by Spam Blocker and update the mail_msgs table when an email is scanned.

Attribute Name	Type	Description
action	SpamMessageAction	The action
class	Class	The class name
clientAddr	InetAddress	The client address
clientPort	int	The client port
messageId	Long	The message ID
receiver	String	The receiver
score	float	The score
sender	String	The sender
serverAddr	InetAddress	The server address
serverPort	int	The server port
smtpMessageEvent	SmtpMessageEvent	The parent SMTP message event
isSpam	boolean	True if spam, false otherwise
subject	String	The subject
testsString	String	The tests string from the spam engine
timeStamp	Timestamp	The timestamp
vendorName	String	The application name

FirewallEvent

These events are created by Firewall and update the sessions table when a firewall rule matches a session.

Attribute Name	Type	Description
blocked	boolean	True if blocked, false otherwise
class	Class	The class name
flagged	boolean	True if flagged, false otherwise
ruleId	long	The rule ID
sessionId	Long	The session ID
timeStamp	Timestamp	The timestamp

LoginEvent

These events are created by Directory Connector and inserted to the directory_connector_login_events table for each login.

Attribute Name	Type	Description
class	Class	The class name
clientAddr	InetAddress	The client address
domain	String	The domain
event	String	The event
loginName	String	The login name
timeStamp	Timestamp	The timestamp

SmtpMessageAddressEvent

These events are created by SMTP subsystem and inserted to the mail_addrs table for each address on each email.

Attribute Name	Type	Description
addr	String	The address
class	Class	The class name
kind	AddressKind	The type for this address (F=From, T=To, C=CC, G=Envelope From, B=Envelope To, X=Unknown)
messageId	Long	The message ID
personal	String	personal
timeStamp	Timestamp	The timestamp

SmtpMessageEvent

These events are created by SMTP subsystem and inserted to the mail_msgs table for each email.

Attribute Name	Type	Description
addresses	Set	The addresses
class	Class	The class name
envelopeFromAddress	String	The envelop FROM address
envelopeToAddress	String	The envelope TO address
messageId	Long	The message ID
receiver	String	The receiver
sender	String	The sender
sessionEvent	SessionEvent	The session event
sessionId	Long	The session ID
subject	String	The subject
timeStamp	Timestamp	The timestamp
tmpFile	File	The /tmp file

VirusSmtpEvent

These events are created by Virus Blocker and update the mail_msgs table when Virus Blocker scans an email.

Attribute Name	Type	Description
action	String	The action
appName	String	The name of the application
class	Class	The class name
clean	boolean	True if clean, false otherwise
messageId	Long	The message ID
timeStamp	Timestamp	The timestamp
virusName	String	The virus name, if not clean

VirusFtpEvent

These events are created by Virus Blocker and update the ftp_events table when Virus Blocker scans an FTP transfer.

Attribute Name	Type	Description
appName	String	The name of the application
class	Class	The class name
clean	boolean	True if clean, false otherwise
sessionEvent	SessionEvent	The session event
timeStamp	Timestamp	The timestamp
uri	String	The URI
virusName	String	The virus name, if not clean

VirusHttpEvent

These events are created by Virus Blocker and update the http_events table when Virus Blocker scans an HTTP transfer.

Attribute Name	Type	Description
appName	String	The name of the application
class	Class	The class name
clean	boolean	True if clean, false otherwise
requestId	Long	The request ID
timeStamp	Timestamp	The timestamp
virusName	String	The virus name, if not clean

SpamSmtpTarpitEvent

These events are created by Spam Blocker and inserted to the smtp_tarpit_events table when a session is tarpitted.

Attribute Name	Type	Description
IPAddr	InetAddress	The IP address
class	Class	The class name
hostname	String	The hostname
sessionEvent	SessionEvent	The session event
sessionId	Long	The session ID
timeStamp	Timestamp	The timestamp
vendorName	String	The application name

SpamLogEvent

These events are created by Spam Blocker and update the mail_msgs table when an email is scanned.

Attribute Name	Type	Description
action	SpamMessageAction	The action
class	Class	The class name
clientAddr	InetAddress	The client address
clientPort	int	The client port
messageId	Long	The message ID
receiver	String	The receiver
score	float	The score
sender	String	The sender
serverAddr	InetAddress	The server address
serverPort	int	The server port
smtpMessageEvent	SmtpMessageEvent	The parent SMTP message event
isSpam	boolean	True if spam, false otherwise
subject	String	The subject
testsString	String	The tests string from the spam engine
timeStamp	Timestamp	The timestamp
vendorName	String	The application name

HttpResponseEvent

These events are created by HTTP subsystem and update the http_events table when a web response happens.

Attribute Name	Type	Description
class	Class	The class name
contentLength	long	The content length
contentType	String	The content type
httpRequestEvent	HttpRequestEvent	The corresponding HTTP request event
requestLine	RequestLine	The request line
timeStamp	Timestamp	The timestamp

HttpRequestEvent

These events are created by HTTP subsystem and inserted to the http_events table when a web request happens.

Attribute Name	Type	Description
class	Class	The class name
contentLength	long	The content length
domain	String	The domain
host	String	The host
method	HttpMethod	The HTTP method
referer	String	The referer
requestId	Long	The request ID
requestUri	URI	The request URI
sessionEvent	SessionEvent	The session event
timeStamp	Timestamp	The timestamp

OpenVpnEvent

These events are created by OpenVPN and update the openvpn_events table when OpenVPN processes a client action.

Attribute Name	Type	Description
address	InetAddress	The address
class	Class	The class name
clientName	String	The client name
poolAddress	InetAddress	The pool address
timeStamp	Timestamp	The timestamp
type	OpenVpnEvent$EventType	The type

OpenVpnStatusEvent

These events are created by OpenVPN and update the openvpn_stats table periodically.

Attribute Name	Type	Description
address	InetAddress	The address
bytesRxDelta	long	The delta number of RX (received) bytes from the previous event
bytesRxTotal	long	The total number of RX (received) bytes
bytesTxDelta	long	The delta number of TX (transmitted) bytes from the previous event
bytesTxTotal	long	The total number of TX (transmitted) bytes
class	Class	The class name
clientName	String	The client name
end	Timestamp	The end
poolAddress	InetAddress	The pool address
port	int	The port
start	Timestamp	The start
timeStamp	Timestamp	The timestamp

WebCacheEvent

These events are created by Web Cache and inserted to the web_cache_stats table periodically.

Attribute Name	Type	Description
bypassCount	long	The number of bypasses
class	Class	The class name
hitBytes	long	The number of bytes worth of hits
hitCount	long	The number of hits
missBytes	long	The number of bytes worth of misses
missCount	long	The number of misses
policyId	Long	The policy ID
systemCount	long	The number of system bypasses
timeStamp	Timestamp	The timestamp

@@ Line 29: / Line 29: @@
 |String
 |The key
+|-
+|oldValue
+|String
+|The old value
 |-
 |timeStamp
@@ Line 66: / Line 70: @@
 |String
 |The MAC address
+|-
+|oldValue
+|String
+|The old value
 |-
 |timeStamp
@@ Line 78: / Line 86: @@
-== PenaltyBoxEvent ==
+== UserTableEvent ==
-<section begin='PenaltyBoxEvent' />
+<section begin='UserTableEvent' />
-These events are created by the [[Bandwidth Control]] and inserted to the [[Database_Schema#penaltybox|penaltybox]] table.
+These events are created by the base system and inserted to the [[Database_Schema#user_table_updates|user_table_updates]] table when the user table is modified.
 {| border="1" cellpadding="2" width="90%" align="center"
@@ Line 87: / Line 95: @@
 ! Type
 ! Description
-|-
-|action
-|int
-|The action
-|-
-|address
-|InetAddress
-|The address
 |-
 |class
@@ Line 100: / Line 100: @@
 |The class name
 |-
-|entryTime
+|key
-|Timestamp
+|String
-|The entry time
+|The key
 |-
-|exitTime
+|oldValue
-|Timestamp
+|String
-|The exit time
+|The old value
 |-
 |timeStamp
 |Timestamp
 |The timestamp
+|-
+|username
+|String
+|The username
+|-
+|value
+|String
+|The value
 |}
-<section end='PenaltyBoxEvent' />
+<section end='UserTableEvent' />
@@ Line 148: / Line 156: @@
 |long
 |The number of bytes sent from the server to Untangle
+|-
+|sessionEvent
+|SessionEvent
+|The session event
 |-
 |sessionId
@@ Line 170: / Line 182: @@
 ! Description
 |-
-|cClientAddr
+|CClientAddr
 |InetAddress
 |The client-side (pre-NAT) client address
 |-
-|cClientPort
+|CClientPort
 |Integer
 |The client-side (pre-NAT) client port
 |-
-|cServerAddr
+|CServerAddr
 |InetAddress
 |The client-side (pre-NAT) server address
 |-
-|cServerPort
+|CServerPort
 |Integer
 |The client-side (pre-NAT) server port
 |-
-|sClientAddr
+|SClientAddr
 |InetAddress
 |The server-side (post-NAT) client address
 |-
-|sClientPort
+|SClientPort
 |Integer
 |The server-side (post-NAT) client port
 |-
-|sServerAddr
+|SServerAddr
 |InetAddress
 |The server-side (post-NAT) server address
 |-
-|sServerPort
+|SServerPort
 |Integer
 |The server-side (post-NAT) server port
@@ Line 285: / Line 297: @@
 |Long
 |The session ID
+|-
+|tagsString
+|String
+|The string value of all tags
 |-
 |timeStamp
@@ Line 340: / Line 356: @@
 ! Description
 |-
-|sClientAddr
+|SClientAddr
 |InetAddress
 |The server-side (post-NAT) client address
 |-
-|sClientPort
+|SClientPort
 |Integer
 |The server-side (post-NAT) client port
 |-
-|sServerAddr
+|SServerAddr
 |InetAddress
 |The server-side (post-NAT) server address
 |-
-|sServerPort
+|SServerPort
 |Integer
 |The server-side (post-NAT) server port
@@ Line 363: / Line 379: @@
 |Integer
 |The server interface ID
+|-
+|sessionEvent
+|SessionEvent
+|The session event
 |-
 |timeStamp
@@ Line 384: / Line 404: @@
 |int
 |The action (1=Quota Given, 2=Quota Exceeded)
-|-
-|address
-|InetAddress
-|The address
 |-
 |class
 |Class
 |The class name
+|-
+|entity
+|String
+|The entity
 |-
 |quotaSize
@@ Line 441: / Line 461: @@
-== LogEvent ==
+== AdminLoginEvent ==
-<section begin='LogEvent' />
+<section begin='AdminLoginEvent' />
-These base class for all events.
+These events are created by the base system and inserted to the [[Database_Schema#user_table_updates|admin_logins]] table when an administrator login is attempted or successful.
 {| border="1" cellpadding="2" width="90%" align="center"
@@ Line 454: / Line 474: @@
 |Class
 |The class name
+|-
+|clientAddress
+|InetAddress
+|The client address
+|-
+|local
+|boolean
+|1 if login is done via local console, 0 otherwise
+|-
+|login
+|String
+|The login username
+|-
+|reason
+|String
+|The reason
+|-
+|succeeded
+|boolean
+|1 if successful, 0 otherwise
 |-
 |timeStamp
@@ Line 459: / Line 499: @@
 |The timestamp
 |}
-<section end='LogEvent' />
+<section end='AdminLoginEvent' />
-== InterfaceStatEvent ==
+== AlertEvent ==
-<section begin='InterfaceStatEvent' />
+<section begin='AlertEvent' />
-These events are created by the base system and inserted to the [[Database_Schema#settings_changes|interface_stat_events]] table periodically with interface stats.
+These events are created by [[Reports]] and inserted to the [[Database_Schema#alerts|alerts]] table when an alert fires.
 {| border="1" cellpadding="2" width="90%" align="center"
@@ Line 471: / Line 511: @@
 ! Type
 ! Description
+|-
+|causalRule
+|EventRule
+|The causal rule
+|-
+|cause
+|LogEvent
+|The cause
 |-
 |class
@@ Line 476: / Line 524: @@
 |The class name
 |-
-|interfaceId
+|description
-|int
+|String
-|The interface ID
+|The description
+|-
+|eventSent
+|Boolean
+|True if the event was sent, false otherwise
+|-
+|json
+|String
+|The JSON string
 |-
-|rxRate
+|summaryText
-|double
+|String
-|The RX rate in byte/s
+|The summary text
 |-
 |timeStamp
 |Timestamp
 |The timestamp
-|-
-|txRate
-|double
-|The TX rate in byte/s
 |}
-<section end='InterfaceStatEvent' />
+<section end='AlertEvent' />
-== SystemStatEvent ==
+== LogEvent ==
-<section begin='SystemStatEvent' />
+<section begin='LogEvent' />
-These events are created by the base system and inserted to the [[Database_Schema#server_events|server_events]] table periodically.
+These base class for all events.
 {| border="1" cellpadding="2" width="90%" align="center"
@@ Line 505: / Line 557: @@
 ! Description
 |-
-|activeHosts
+|class
-|int
+|Class
-|The active host count
+|The class name
+|-
+|timeStamp
+|Timestamp
+|The timestamp
+|}
+<section end='LogEvent' />
+== InterfaceStatEvent ==
+<section begin='InterfaceStatEvent' />
+These events are created by the base system and inserted to the [[Database_Schema#settings_changes|interface_stat_events]] table periodically with interface stats.
+{| border="1" cellpadding="2" width="90%" align="center"
+! Attribute Name
+! Type
+! Description
 |-
 |class
@@ Line 513: / Line 582: @@
 |The class name
 |-
-|cpuSystem
+|interfaceId
-|float
+|int
-|The system CPU utilization
+|The interface ID
 |-
-|cpuUser
+|rxBytes
-|float
+|double
-|The user CPU utilization
+|The total of received bytes
 |-
-|diskFree
+|rxRate
-|long
+|double
-|The amount of disk free
+|The RX rate in byte/s
 |-
-|diskFreePercent
+|timeStamp
-|float
+|Timestamp
-|The percentage of disk free
+|The timestamp
 |-
-|diskTotal
+|txBytes
-|long
+|double
-|The total size of the disk
+|The total of transmitted bytes
 |-
-|diskUsed
+|txRate
-|long
+|double
-|The amount of disk used
+|The TX rate in byte/s
+|}
+<section end='InterfaceStatEvent' />
+== SystemStatEvent ==
+<section begin='SystemStatEvent' />
+These events are created by the base system and inserted to the [[Database_Schema#server_events|server_events]] table periodically.
+{| border="1" cellpadding="2" width="90%" align="center"
+! Attribute Name
+! Type
+! Description
+|-
+|activeHosts
+|int
+|The active host count
 |-
-|diskUsedPercent
+|class
-|float
+|Class
-|The percentage of disk used
+|The class name
 |-
-|load1
+|cpuSystem
 |float
-|The 1-minute CPU load
+|The system CPU utilization
 |-
-|load15
+|cpuUser
+|float
+|The user CPU utilization
+|-
+|diskFree
+|long
+|The amount of disk free
+|-
+|diskFreePercent
+|float
+|The percentage of disk free
+|-
+|diskTotal
+|long
+|The total size of the disk
+|-
+|diskUsed
+|long
+|The amount of disk used
+|-
+|diskUsedPercent
+|float
+|The percentage of disk used
+|-
+|load1
+|float
+|The 1-minute CPU load
+|-
+|load15
 |float
 |The 15-minute CPU load
@@ Line 608: / Line 722: @@
-== TunnelStatusEvent ==
+== CaptivePortalUserEvent ==
-<section begin='TunnelStatusEvent' />
+<section begin='CaptivePortalUserEvent' />
-These events are created by [[IPsec VPN]] and inserted to the [[Database_Schema#ipsec_tunnel_stats|ipsec_tunnel_stats]] table periodically.
+These events are created by [[Captive Portal]] and inserted to the [[Database_Schema#captive_portal_user_events|captive_portal_user_events]] table when Captive Portal user takes amconsole:
 {| border="1" cellpadding="2" width="90%" align="center"
 ! Attribute Name
 ! Type
 ! Description
+|-
+|authenticationType
+|CaptivePortalSettings$AuthenticationType
+|The authentication type
+|-
+|authenticationTypeValue
+|String
+|The authentication type as a string
 |-
 |class
@@ Line 622: / Line 743: @@
 |The class name
 |-
-|inBytes
+|clientAddr
-|long
+|String
-|The number of bytes received from this tunnel
+|The client address
 |-
-|outBytes
+|event
-|long
+|CaptivePortalUserEvent$EventType
-|The number of bytes sent in this tunnel
+|The event (LOGIN, FAILED, TIMEOUT, INACTIVE, USER_LOGOUT, ADMIN_LOGOUT)
 |-
-|timeStamp
+|eventValue
-|Timestamp
+|String
-|The timestamp
+|The event value as a string (LOGIN, FAILED, TIMEOUT, INACTIVE, USER_LOGOUT, ADMIN_LOGOUT)
 |-
-|tunnelName
+|loginName
 |String
-|The name of this tunnel
+|The login name
+|-
+|policyId
+|Integer
+|The policy ID
+|-
+|timeStamp
+|Timestamp
+|The timestamp
 |}
-<section end='TunnelStatusEvent' />
+<section end='CaptivePortalUserEvent' />
-== VirtualUserEvent ==
+== CaptureRuleEvent ==
-<section begin='VirtualUserEvent' />
+<section begin='CaptureRuleEvent' />
-These events are created by [[IPsec VPN]] and inserted to the [[Database_Schema#ipsec_user_events|ipsec_user_events]] table when a user event occurs.
+These events are created by [[Captive Portal]] and update the [[Database_Schema#sessions|sessions]] table when Captive Portal processes a session.
 {| border="1" cellpadding="2" width="90%" align="center"
@@ Line 650: / Line 779: @@
 ! Type
 ! Description
+|-
+|captured
+|boolean
+|True if captured, false otherwise
 |-
 |class
@@ Line 655: / Line 788: @@
 |The class name
 |-
-|clientAddress
+|ruleId
-|InetAddress
+|Integer
-|The client address
+|The rule ID
 |-
-|clientProtocol
+|sessionEvent
-|String
+|SessionEvent
-|The client protocol
+|The session event
-|-
-|clientUsername
-|String
-|The client username
-|-
-|elapsedTime
-|String
-|The elapsed time
-|-
-|eventId
-|Long
-|The event ID
-|-
-|netInterface
-|String
-|The net interface
-|-
-|netProcess
-|String
-|The net process
-|-
-|netRXbytes
-|Long
-|The number of RX (received) bytes
-|-
-|netTXbytes
-|Long
-|The number of TX (transmitted) bytes
 |-
 |timeStamp
@@ Line 695: / Line 800: @@
 |The timestamp
 |}
-<section end='VirtualUserEvent' />
+<section end='CaptureRuleEvent' />
-== AlertEvent ==
+== TunnelStatusEvent ==
-<section begin='AlertEvent' />
+<section begin='TunnelStatusEvent' />
-These events are created by [[Reports]] and inserted to the [[Database_Schema#alerts|alerts]] table when an alert fires.
+These events are created by [[IPsec VPN]] and inserted to the [[Database_Schema#ipsec_tunnel_stats|ipsec_tunnel_stats]] table periodically.
 {| border="1" cellpadding="2" width="90%" align="center"
@@ Line 707: / Line 812: @@
 ! Type
 ! Description
-|-
-|cause
-|LogEvent
-|The cause
 |-
 |class
@@ Line 716: / Line 817: @@
 |The class name
 |-
-|description
+|inBytes
-|String
+|long
-|The description
+|The number of bytes received from this tunnel
 |-
-|json
+|outBytes
-|JSONObject
+|long
-|The JSON string
+|The number of bytes sent in this tunnel
-|-
-|summaryText
-|String
-|The summary text
 |-
 |timeStamp
 |Timestamp
 |The timestamp
+|-
+|tunnelName
+|String
+|The name of this tunnel
 |}
-<section end='AlertEvent' />
+<section end='TunnelStatusEvent' />
-== ConfigurationBackupEvent ==
+== VirtualUserEvent ==
-<section begin='ConfigurationBackupEvent' />
+<section begin='VirtualUserEvent' />
-These events are created by [[Configuration Backup]] and inserted to the [[Database_Schema#configuratio_backup_events|configuratio_backup_events]] table when a backup occurs.
+These events are created by [[IPsec VPN]] and inserted to the [[Database_Schema#ipsec_user_events|ipsec_user_events]] table when a user event occurs.
 {| border="1" cellpadding="2" width="90%" align="center"
@@ Line 749: / Line 850: @@
 |The class name
 |-
-|destination
+|clientAddress
+|InetAddress
+|The client address
+|-
+|clientProtocol
 |String
-|The destination
+|The client protocol
 |-
-|detail
+|clientUsername
 |String
-|The details
+|The client username
 |-
-|success
+|elapsedTime
-|boolean
+|String
-|True if successful, false otherwise
+|The elapsed time
 |-
-|timeStamp
+|eventId
-|Timestamp
+|Long
-|The timestamp
+|The event ID
+|-
+|netInterface
+|String
+|The net interface
+|-
+|netProcess
+|String
+|The net process
+|-
+|netRXbytes
+|Long
+|The number of RX (received) bytes
+|-
+|netTXbytes
+|Long
+|The number of TX (transmitted) bytes
+|-
+|timeStamp
+|Timestamp
+|The timestamp
 |}
-<section end='ConfigurationBackupEvent' />
+<section end='VirtualUserEvent' />
-== WebCacheEvent ==
+== ConfigurationBackupEvent ==
-<section begin='WebCacheEvent' />
+<section begin='ConfigurationBackupEvent' />
-These events are created by [[Web Cache]] and inserted to the [[Database_Schema#web_cache_stats|web_cache_stats]] table periodically.
+These events are created by [[Configuration Backup]] and inserted to the [[Database_Schema#configuratio_backup_events|configuratio_backup_events]] table when a backup occurs.
 {| border="1" cellpadding="2" width="90%" align="center"
@@ Line 778: / Line 903: @@
 ! Description
 |-
-|bypassCount
+|class
-|long
+|Class
-|The number of bypasses
-|-
-|class
-|Class
 |The class name
 |-
-|hitBytes
+|destination
-|long
+|String
-|The number of bytes worth of hits
+|The destination
 |-
-|hitCount
+|detail
-|long
+|String
-|The number of hits
+|The details
 |-
-|missBytes
+|success
-|long
+|boolean
-|The number of bytes worth of misses
+|True if successful, false otherwise
 |-
-|missCount
+|timeStamp
-|long
+|Timestamp
-|The number of misses
+|The timestamp
-|-
+|}
-|policyId
+<section end='ConfigurationBackupEvent' />
-|Long
-|The policy ID
-|-
-|systemCount
-|long
-|The number of system bypasses
-|-
-|timeStamp
-|Timestamp
-|The timestamp
-|}
-<section end='WebCacheEvent' />
-== PrioritizeEvent ==
+== IntrusionPreventionLogEvent ==
-<section begin='PrioritizeEvent' />
+<section begin='IntrusionPreventionLogEvent' />
-These events are created by the [[Bandwidth Control]] and update the [[Database_Schema#sessions|session]] table when a session is prioritized.
+These events are created by [[Intrusion Prevention]] and inserted to the [[Database_Schema#intrusion_prevention_events|intrusion_prevention_events]] table when a rule matches.
 {| border="1" cellpadding="2" width="90%" align="center"
@@ Line 826: / Line 935: @@
 ! Type
 ! Description
+|-
+|blocked
+|short
+|1 if blocked, 0 otherwise
+|-
+|category
+|String
+|The category
 |-
 |class
@@ Line 831: / Line 948: @@
 |The class name
 |-
-|priority
+|classificationId
+|long
+|The classification ID
+|-
+|classtype
+|String
+|The classtype
+|-
+|dportIcode
 |int
-|The priority
+|The dportIcode
 |-
-|ruleId
+|eventId
-|int
+|long
-|The rule ID
+|The event ID
 |-
-|sessionEvent
+|eventMicrosecond
-|SessionEvent
+|long
-|The session event
+|The event microsecond
 |-
-|timeStamp
+|eventSecond
-|Timestamp
+|long
-|The timestamp
+|The event second
-|}
-<section end='PrioritizeEvent' />
-== HttpResponseEvent ==
-<section begin='HttpResponseEvent' />
-These events are created by HTTP subsystem and update the [[Database_Schema#http_events|http_events]] table when a web response happens.
-{| border="1" cellpadding="2" width="90%" align="center"
-! Attribute Name
-! Type
-! Description
 |-
-|class
+|eventType
-|Class
+|long
-|The class name
+|The event type
 |-
-|contentLength
+|generatorId
 |long
-|The content length
+|The generator ID
 |-
-|contentType
+|impact
-|String
+|short
-|The content type
+|The impact
 |-
-|httpRequestEvent
+|impactFlag
-|HttpRequestEvent
+|short
-|The corresponding HTTP request event
+|The impact flag
 |-
-|requestLine
+|ipDestination
-|RequestLine
+|InetAddress
-|The request line
+|The IP address destination
 |-
-|timeStamp
+|ipSource
-|Timestamp
+|InetAddress
-|The timestamp
+|The IP address source
-|}
-<section end='HttpResponseEvent' />
-== HttpRequestEvent ==
-<section begin='HttpRequestEvent' />
-These events are created by HTTP subsystem and inserted to the [[Database_Schema#http_events|http_events]] table when a web request happens.
-{| border="1" cellpadding="2" width="90%" align="center"
-! Attribute Name
-! Type
-! Description
 |-
-|class
+|mplsLabel
-|Class
+|long
-|The class name
+|The mplsLabel
 |-
-|contentLength
+|msg
-|long
+|String
-|The content length
+|The msg
 |-
-|domain
+|padding
-|String
+|int
-|The domain
+|The padding
 |-
-|host
+|priorityId
-|String
+|long
-|The host
+|The priority ID
 |-
-|method
+|protocol
-|HttpMethod
+|short
-|The HTTP method
+|The protocol
 |-
-|referer
+|sensorId
-|String
+|long
-|The referer
+|The sensor ID
 |-
-|requestId
+|signatureId
-|Long
+|long
-|The request ID
+|The signature ID
 |-
-|requestUri
+|signatureRevision
-|URI
+|long
-|The request URI
+|The signature revision
 |-
-|sessionEvent
+|sportItype
-|SessionEvent
+|int
-|The session event
+|The sportItype
 |-
 |timeStamp
 |Timestamp
 |The timestamp
+|-
+|vlanId
+|int
+|The VLAN Id
 |}
-<section end='HttpRequestEvent' />
+<section end='IntrusionPreventionLogEvent' />
-== ApplicationControlLiteEvent ==
+== SslInspectorLogEvent ==
-<section begin='ApplicationControlLiteEvent' />
+<section begin='SslInspectorLogEvent' />
-These events are created by [[Application Control Lite]] and update the [[Database_Schema#sessions|sessions]] table when application control lite identifies a session.
+These events are created by [[SSL Inspector]] and update the [[Database_Schema#sessions|sessions]] table when a session is processed by SSL Inspector.
 {| border="1" cellpadding="2" width="90%" align="center"
@@ Line 950: / Line 1,053: @@
 ! Description
 |-
-|blocked
+|class
-|boolean
-|True if blocked, false otherwise
-|-
-|class
 |Class
 |The class name
 |-
-|protocol
+|detail
 |String
-|The protocol
+|The details
+|-
+|ruleId
+|Integer
+|The rule ID
+|-
+|sessionEvent
+|SessionEvent
+|The session event
 |-
-|sessionId
+|status
-|Long
+|String
-|The session ID
+|The status
 |-
 |timeStamp
@@ Line 970: / Line 1,077: @@
 |The timestamp
 |}
-<section end='ApplicationControlLiteEvent' />
+<section end='SslInspectorLogEvent' />
-== FirewallEvent ==
+== ApplicationControlLiteEvent ==
-<section begin='FirewallEvent' />
+<section begin='ApplicationControlLiteEvent' />
-These events are created by [[Firewall]] and update the [[Database_Schema#sessions|sessions]] table when a firewall rule matches a session.
+These events are created by [[Application Control Lite]] and update the [[Database_Schema#sessions|sessions]] table when application control lite identifies a session.
 {| border="1" cellpadding="2" width="90%" align="center"
@@ Line 991: / Line 1,098: @@
 |The class name
 |-
-|flagged
+|protocol
-|boolean
+|String
-|True if flagged, false otherwise
+|The protocol
-|-
-|ruleId
-|long
-|The rule ID
 |-
 |sessionId
@@ Line 1,007: / Line 1,110: @@
 |The timestamp
 |}
-<section end='FirewallEvent' />
+<section end='ApplicationControlLiteEvent' />
-== WebFilterQueryEvent ==
+== ApplicationControlLogEvent ==
-<section begin='WebFilterQueryEvent' />
+<section begin='ApplicationControlLogEvent' />
-These events are created by [[Web Filter]] and inserted to the [[Database_Schema#http_query_events|http_query_events]] table when web filter processes a search engine search.
+These events are created by [[Application Control]] and update the [[Database_Schema#sessions|sessions]] table when application control identifies a session.
 {| border="1" cellpadding="2" width="90%" align="center"
@@ Line 1,019: / Line 1,122: @@
 ! Type
 ! Description
+|-
+|application
+|String
+|The application
+|-
+|blocked
+|boolean
+|True if blocked, false otherwise
+|-
+|category
+|String
+|The category
 |-
 |class
@@ Line 1,024: / Line 1,139: @@
 |The class name
 |-
-|contentLength
+|confidence
-|long
+|Integer
-|The content length
+|The confidence (0-100)
 |-
-|host
+|detail
 |String
-|The host
+|The details
 |-
-|method
+|flagged
-|HttpMethod
+|boolean
-|The method
+|True if flagged, false otherwise
 |-
-|nodeName
+|protochain
 |String
-|The name of the application
+|The protochain
 |-
-|requestId
+|ruleId
-|Long
+|Integer
-|The request ID
+|The rule ID
-|-
-|requestUri
-|URI
-|The request URI
 |-
 |sessionEvent
@@ Line 1,052: / Line 1,163: @@
 |The session event
 |-
-|term
+|state
-|String
+|Integer
-|The search term/phrase
+|The state
 |-
 |timeStamp
@@ Line 1,060: / Line 1,171: @@
 |The timestamp
 |}
-<section end='WebFilterQueryEvent' />
+<section end='ApplicationControlLogEvent' />
-== WebFilterEvent ==
+== CookieEvent ==
-<section begin='WebFilterEvent' />
+<section begin='CookieEvent' />
-These events are created by [[Web Filter]] and update the [[Database_Schema#http_events|http_events]] table when web filter processes a web request.
+These events are created by [[Ad Blocker]] and update the [[Database_Schema#http_events|http_events]] table when a cookie is blocked.
 {| border="1" cellpadding="2" width="90%" align="center"
@@ Line 1,072: / Line 1,183: @@
 ! Type
 ! Description
-|-
-|blocked
-|Boolean
-|True if blocked, false otherwise
-|-
-|category
-|String
-|The category
 |-
 |class
@@ Line 1,085: / Line 1,188: @@
 |The class name
 |-
-|flagged
+|identification
-|Boolean
-|True if flagged, false otherwise
-|-
-|nodeName
 |String
-|The name of the application
+|The identification string
 |-
-|reason
+|requestId
-|Reason
+|Long
-|The reason
+|The request ID
+|-
+|sessionEvent
+|SessionEvent
+|The session event
 |-
 |timeStamp
@@ Line 1,101: / Line 1,204: @@
 |The timestamp
 |}
-<section end='WebFilterEvent' />
+<section end='CookieEvent' />
-== ApplicationControlLogEvent ==
+== AdBlockerEvent ==
-<section begin='ApplicationControlLogEvent' />
+<section begin='AdBlockerEvent' />
-These events are created by [[Application Control]] and update the [[Database_Schema#sessions|sessions]] table when application control identifies a session.
+These events are created by [[Ad Blocker]] and update the [[Database_Schema#http_events|http_events]] table when an ad is blocked.
 {| border="1" cellpadding="2" width="90%" align="center"
@@ Line 1,114: / Line 1,217: @@
 ! Description
 |-
-|application
+|action
-|String
+|Action
-|The application
+|The action
-|-
-|blocked
-|boolean
-|True if blocked, false otherwise
-|-
-|category
-|String
-|The category
 |-
 |class
@@ Line 1,130: / Line 1,225: @@
 |The class name
 |-
-|confidence
+|reason
-|Integer
+|String
-|The confidence (0-100)
+|The reason
 |-
-|detail
+|requestId
-|String
+|Long
-|The details
+|The request ID
-|-
-|flagged
-|boolean
-|True if flagged, false otherwise
-|-
-|protochain
-|String
-|The protochain
-|-
-|ruleId
-|Integer
-|The rule ID
-|-
-|sessionEvent
-|SessionEvent
-|The session event
-|-
-|state
-|Integer
-|The state
 |-
 |timeStamp
@@ Line 1,162: / Line 1,237: @@
 |The timestamp
 |}
-<section end='ApplicationControlLogEvent' />
+<section end='AdBlockerEvent' />
-== SslInspectorLogEvent ==
+== WebFilterQueryEvent ==
-<section begin='SslInspectorLogEvent' />
+<section begin='WebFilterQueryEvent' />
-These events are created by [[SSL Inspector]] and update the [[Database_Schema#sessions|sessions]] table when a session is processed by SSL Inspector.
+These events are created by [[Web Filter]] and inserted to the [[Database_Schema#http_query_events|http_query_events]] table when web filter processes a search engine search.
 {| border="1" cellpadding="2" width="90%" align="center"
@@ Line 1,174: / Line 1,249: @@
 ! Type
 ! Description
+|-
+|appName
+|String
+|The name of the application
 |-
 |class
@@ Line 1,179: / Line 1,258: @@
 |The class name
 |-
-|detail
+|contentLength
+|long
+|The content length
+|-
+|host
 |String
-|The details
+|The host
+|-
+|method
+|HttpMethod
+|The method
+|-
+|requestId
+|Long
+|The request ID
 |-
-|ruleId
+|requestUri
-|Integer
+|URI
-|The rule ID
+|The request URI
 |-
 |sessionEvent
@@ Line 1,191: / Line 1,282: @@
 |The session event
 |-
-|status
+|term
 |String
-|The status
+|The search term/phrase
 |-
 |timeStamp
@@ Line 1,199: / Line 1,290: @@
 |The timestamp
 |}
-<section end='SslInspectorLogEvent' />
+<section end='WebFilterQueryEvent' />
-== SpamSmtpTarpitEvent ==
+== WebFilterEvent ==
-<section begin='SpamSmtpTarpitEvent' />
+<section begin='WebFilterEvent' />
-These events are created by [[Spam Blocker]] and inserted to the [[Database_Schema#smtp_tarpit_events|smtp_tarpit_events]] table when a session is tarpitted.
+These events are created by [[Web Filter]] and update the [[Database_Schema#http_events|http_events]] table when web filter processes a web request.
 {| border="1" cellpadding="2" width="90%" align="center"
@@ Line 1,212: / Line 1,303: @@
 ! Description
 |-
-|iPAddr
+|appName
-|InetAddress
+|String
-|The IP address
+|The name of the application
+|-
+|blocked
+|Boolean
+|True if blocked, false otherwise
+|-
+|category
+|String
+|The category
 |-
 |class
@@ Line 1,220: / Line 1,319: @@
 |The class name
 |-
-|hostname
+|flagged
-|String
+|Boolean
-|The hostname
+|True if flagged, false otherwise
 |-
-|sessionEvent
+|reason
+|Reason
+|The reason
+|-
+|requestLine
+|RequestLine
+|The request line
+|-
+|sessionEvent
 |SessionEvent
 |The session event
-|-
-|sessionId
-|Long
-|The session ID
 |-
 |timeStamp
 |Timestamp
 |The timestamp
-|-
-|vendorName
-|String
-|The application name
 |}
-<section end='SpamSmtpTarpitEvent' />
+<section end='WebFilterEvent' />
-== SpamLogEvent ==
+== PrioritizeEvent ==
-<section begin='SpamLogEvent' />
+<section begin='PrioritizeEvent' />
-These events are created by [[Spam Blocker]] and update the [[Database_Schema#mail_msgs|mail_msgs]] table when an email is scanned.
+These events are created by the [[Bandwidth Control]] and update the [[Database_Schema#sessions|session]] table when a session is prioritized.
 {| border="1" cellpadding="2" width="90%" align="center"
@@ Line 1,252: / Line 1,351: @@
 ! Type
 ! Description
-|-
-|action
-|SpamMessageAction
-|The action
 |-
 |class
@@ Line 1,261: / Line 1,356: @@
 |The class name
 |-
-|clientAddr
+|priority
-|InetAddress
+|int
-|The client address
+|The priority
 |-
-|clientPort
+|ruleId
 |int
-|The client port
+|The rule ID
 |-
-|messageId
+|sessionEvent
-|Long
+|SessionEvent
-|The message ID
+|The session event
 |-
-|receiver
+|timeStamp
-|String
+|Timestamp
-|The receiver
+|The timestamp
+|}
+<section end='PrioritizeEvent' />
+== WanFailoverTestEvent ==
+<section begin='WanFailoverTestEvent' />
+These events are created by [[WAN Failover]] and inserted to the [[Database_Schema#wan_failover_test_events|wan_failover_test_events]] table when a test is run.
+{| border="1" cellpadding="2" width="90%" align="center"
+! Attribute Name
+! Type
+! Description
 |-
-|score
+|class
-|float
+|Class
-|The score
+|The class name
 |-
-|sender
+|description
 |String
-|The sender
+|The description
 |-
-|serverAddr
+|interfaceId
-|InetAddress
-|The server address
-|-
-|serverPort
 |int
-|The server port
+|The interface ID
 |-
-|smtpMessageEvent
+|name
-|SmtpMessageEvent
+|String
-|The parent SMTP message event
+|The test name
 |-
-|isSpam
+|osName
-|boolean
-|True if spam, false otherwise
-|-
-|subject
 |String
-|The subject
+|The O/S interface name
 |-
-|testsString
+|success
-|String
+|Boolean
-|The tests string from the spam engine
+|True if successful, false otherwise
 |-
 |timeStamp
 |Timestamp
 |The timestamp
-|-
-|vendorName
-|String
-|The application name
 |}
-<section end='SpamLogEvent' />
+<section end='WanFailoverTestEvent' />
-== SpamSmtpTarpitEvent ==
+== WanFailoverEvent ==
-<section begin='SpamSmtpTarpitEvent' />
+<section begin='WanFailoverEvent' />
-These events are created by [[Spam Blocker]] and inserted to the [[Database_Schema#smtp_tarpit_events|smtp_tarpit_events]] table when a session is tarpitted.
+These events are created by [[WAN Failover]] and inserted to the [[Database_Schema#wan_failover_action_events|wan_failover_action_events]] table when WAN Failover takes an action.
 {| border="1" cellpadding="2" width="90%" align="center"
@@ Line 1,330: / Line 1,426: @@
 ! Description
 |-
-|iPAddr
+|action
-|InetAddress
+|WanFailoverEvent$Action
-|The IP address
+|The action
 |-
 |class
@@ Line 1,338: / Line 1,434: @@
 |The class name
 |-
-|hostname
+|interfaceId
+|int
+|The interface ID
+|-
+|name
 |String
-|The hostname
+|The name
 |-
-|sessionEvent
+|osName
-|SessionEvent
+|String
-|The session event
+|The O/S interface name
-|-
-|sessionId
-|Long
-|The session ID
 |-
 |timeStamp
 |Timestamp
 |The timestamp
-|-
-|vendorName
-|String
-|The application name
 |}
-<section end='SpamSmtpTarpitEvent' />
+<section end='WanFailoverEvent' />
-== SpamLogEvent ==
+== SpamSmtpTarpitEvent ==
-<section begin='SpamLogEvent' />
+<section begin='SpamSmtpTarpitEvent' />
-These events are created by [[Spam Blocker]] and update the [[Database_Schema#mail_msgs|mail_msgs]] table when an email is scanned.
+These events are created by [[Spam Blocker]] and inserted to the [[Database_Schema#smtp_tarpit_events|smtp_tarpit_events]] table when a session is tarpitted.
 {| border="1" cellpadding="2" width="90%" align="center"
@@ Line 1,371: / Line 1,463: @@
 ! Description
 |-
-|action
+|IPAddr
-|SpamMessageAction
+|InetAddress
-|The action
+|The IP address
 |-
 |class
@@ Line 1,379: / Line 1,471: @@
 |The class name
 |-
-|clientAddr
+|hostname
-|InetAddress
+|String
-|The client address
+|The hostname
 |-
-|clientPort
+|sessionEvent
-|int
+|SessionEvent
-|The client port
+|The session event
 |-
-|messageId
+|sessionId
 |Long
-|The message ID
+|The session ID
 |-
-|receiver
+|timeStamp
-|String
+|Timestamp
-|The receiver
+|The timestamp
 |-
-|score
+|vendorName
-|float
-|The score
-|-
-|sender
 |String
-|The sender
+|The application name
-|-
+|}
-|serverAddr
+<section end='SpamSmtpTarpitEvent' />
+== SpamLogEvent ==
+<section begin='SpamLogEvent' />
+These events are created by [[Spam Blocker]] and update the [[Database_Schema#mail_msgs|mail_msgs]] table when an email is scanned.
+{| border="1" cellpadding="2" width="90%" align="center"
+! Attribute Name
+! Type
+! Description
+|-
+|action
+|SpamMessageAction
+|The action
+|-
+|class
+|Class
+|The class name
+|-
+|clientAddr
 |InetAddress
-|The server address
+|The client address
 |-
-|serverPort
+|clientPort
 |int
-|The server port
+|The client port
 |-
-|smtpMessageEvent
+|messageId
-|SmtpMessageEvent
+|Long
+|The message ID
+|-
+|receiver
+|String
+|The receiver
+|-
+|score
+|float
+|The score
+|-
+|sender
+|String
+|The sender
+|-
+|serverAddr
+|InetAddress
+|The server address
+|-
+|serverPort
+|int
+|The server port
+|-
+|smtpMessageEvent
+|SmtpMessageEvent
 |The parent SMTP message event
 |-
@@ Line 1,438: / Line 1,571: @@
-== CookieEvent ==
+== FirewallEvent ==
-<section begin='CookieEvent' />
+<section begin='FirewallEvent' />
-These events are created by [[Ad Blocker]] and update the [[Database_Schema#http_events|http_events]] table when a cookie is blocked.
+These events are created by [[Firewall]] and update the [[Database_Schema#sessions|sessions]] table when a firewall rule matches a session.
 {| border="1" cellpadding="2" width="90%" align="center"
@@ Line 1,447: / Line 1,580: @@
 ! Type
 ! Description
+|-
+|blocked
+|boolean
+|True if blocked, false otherwise
 |-
 |class
@@ Line 1,452: / Line 1,589: @@
 |The class name
 |-
-|identification
+|flagged
-|String
+|boolean
-|The identification string
+|True if flagged, false otherwise
+|-
+|ruleId
+|long
+|The rule ID
 |-
-|requestId
+|sessionId
 |Long
-|The request ID
+|The session ID
-|-
-|sessionEvent
-|SessionEvent
-|The session event
 |-
 |timeStamp
@@ Line 1,468: / Line 1,605: @@
 |The timestamp
 |}
-<section end='CookieEvent' />
+<section end='FirewallEvent' />
-== AdBlockerEvent ==
+== LoginEvent ==
-<section begin='AdBlockerEvent' />
+<section begin='LoginEvent' />
-These events are created by [[Ad Blocker]] and update the [[Database_Schema#http_events|http_events]] table when an ad is blocked.
+These events are created by [[Directory Connector]] and inserted to the [[Database_Schema#directory_connector_login_events|directory_connector_login_events]] table for each login.
 {| border="1" cellpadding="2" width="90%" align="center"
@@ Line 1,481: / Line 1,618: @@
 ! Description
 |-
-|action
+|class
-|Action
-|The action
-|-
-|class
 |Class
 |The class name
 |-
-|reason
+|clientAddr
+|InetAddress
+|The client address
+|-
+|domain
+|String
+|The domain
+|-
+|event
 |String
-|The reason
+|The event
 |-
-|requestId
+|loginName
-|Long
+|String
-|The request ID
+|The login name
 |-
 |timeStamp
@@ Line 1,501: / Line 1,642: @@
 |The timestamp
 |}
-<section end='AdBlockerEvent' />
+<section end='LoginEvent' />
-== IntrusionPreventionLogEvent ==
+== SmtpMessageAddressEvent ==
-<section begin='IntrusionPreventionLogEvent' />
+<section begin='SmtpMessageAddressEvent' />
-These events are created by [[Intrusion Prevention]] and inserted to the [[Database_Schema#intrusion_prevention_events|intrusion_prevention_events]] table when a rule matches.
+These events are created by SMTP subsystem and inserted to the [[Database_Schema#mail_addrs|mail_addrs]] table for each address on each email.
 {| border="1" cellpadding="2" width="90%" align="center"
@@ Line 1,514: / Line 1,655: @@
 ! Description
 |-
-|blocked
+|addr
-|short
-|1 if blocked, 0 otherwise
-|-
-|category
 |String
-|The category
+|The address
 |-
 |class
@@ Line 1,526: / Line 1,663: @@
 |The class name
 |-
-|classificationId
+|kind
-|long
+|AddressKind
-|The classification ID
+|The type for this address (F=From, T=To, C=CC, G=Envelope From, B=Envelope To, X=Unknown)
+|-
+|messageId
+|Long
+|The message ID
 |-
-|classtype
+|personal
 |String
-|The classtype
+|personal
 |-
-|dportIcode
+|timeStamp
-|int
+|Timestamp
-|The dportIcode
+|The timestamp
-|-
+|}
-|eventId
+<section end='SmtpMessageAddressEvent' />
-|long
-|The event ID
+== SmtpMessageEvent ==
+<section begin='SmtpMessageEvent' />
+These events are created by SMTP subsystem and inserted to the [[Database_Schema#mail_msgs|mail_msgs]] table for each email.
+{| border="1" cellpadding="2" width="90%" align="center"
+! Attribute Name
+! Type
+! Description
 |-
-|eventMicrosecond
+|addresses
-|long
+|Set
-|The event microsecond
+|The addresses
 |-
-|eventSecond
+|class
-|long
+|Class
-|The event second
+|The class name
 |-
-|eventType
+|envelopeFromAddress
-|long
+|String
-|The event type
+|The envelop FROM address
 |-
-|generatorId
+|envelopeToAddress
-|long
+|String
-|The generator ID
+|The envelope TO address
 |-
-|impact
+|messageId
-|short
+|Long
-|The impact
+|The message ID
 |-
-|impactFlag
+|receiver
-|short
+|String
-|The impact flag
+|The receiver
 |-
-|ipDestination
+|sender
-|InetAddress
+|String
-|The IP address destination
+|The sender
 |-
-|ipSource
+|sessionEvent
-|InetAddress
+|SessionEvent
-|The IP address source
+|The session event
 |-
-|mplsLabel
+|sessionId
-|long
+|Long
-|The mplsLabel
+|The session ID
 |-
-|msg
+|subject
 |String
-|The msg
+|The subject
 |-
-|padding
+|timeStamp
-|int
+|Timestamp
-|The padding
+|The timestamp
 |-
-|priorityId
+|tmpFile
-|long
+|File
-|The priority ID
+|The /tmp file
-|-
+|}
-|protocol
+<section end='SmtpMessageEvent' />
-|short
-|The protocol
-|-
+== VirusSmtpEvent ==
-|sensorId
+<section begin='VirusSmtpEvent' />
-|long
-|The sensor ID
+These events are created by [[Virus Blocker]] and update the [[Database_Schema#mail_msgs|mail_msgs]] table when Virus Blocker scans an email.
+{| border="1" cellpadding="2" width="90%" align="center"
+! Attribute Name
+! Type
+! Description
 |-
-|signatureId
+|action
-|long
+|String
-|The signature ID
+|The action
 |-
-|signatureRevision
+|appName
-|long
+|String
-|The signature revision
+|The name of the application
 |-
-|sportItype
+|class
-|int
+|Class
-|The sportItype
+|The class name
 |-
-|timeStamp
+|clean
+|boolean
+|True if clean, false otherwise
+|-
+|messageId
+|Long
+|The message ID
+|-
+|timeStamp
 |Timestamp
 |The timestamp
 |-
-|vlanId
+|virusName
-|int
+|String
-|The VLAN Id
+|The virus name, if not clean
 |}
-<section end='IntrusionPreventionLogEvent' />
+<section end='VirusSmtpEvent' />
-== WanFailoverTestEvent ==
+== VirusFtpEvent ==
-<section begin='WanFailoverTestEvent' />
+<section begin='VirusFtpEvent' />
-These events are created by [[WAN Failover]] and inserted to the [[Database_Schema#wan_failover_test_events|wan_failover_test_events]] table when a test is run.
+These events are created by [[Virus Blocker]] and update the [[Database_Schema#ftp_events|ftp_events]] table when Virus Blocker scans an FTP transfer.
 {| border="1" cellpadding="2" width="90%" align="center"
@@ Line 1,630: / Line 1,793: @@
 ! Type
 ! Description
+|-
+|appName
+|String
+|The name of the application
 |-
 |class
@@ Line 1,635: / Line 1,802: @@
 |The class name
 |-
-|description
+|clean
-|String
+|boolean
-|The description
+|True if clean, false otherwise
 |-
-|interfaceId
+|sessionEvent
-|int
+|SessionEvent
-|The interface ID
+|The session event
+|-
+|timeStamp
+|Timestamp
+|The timestamp
 |-
-|name
+|uri
 |String
-|The test name
+|The URI
 |-
-|osName
+|virusName
 |String
-|The O/S interface name
+|The virus name, if not clean
-|-
-|success
-|Boolean
-|True if successful, false otherwise
-|-
-|timeStamp
-|Timestamp
-|The timestamp
 |}
-<section end='WanFailoverTestEvent' />
+<section end='VirusFtpEvent' />
-== WanFailoverEvent ==
+== VirusHttpEvent ==
-<section begin='WanFailoverEvent' />
+<section begin='VirusHttpEvent' />
-These events are created by [[WAN Failover]] and inserted to the [[Database_Schema#wan_failover_action_events|wan_failover_action_events]] table when WAN Failover takes an action.
+These events are created by [[Virus Blocker]] and update the [[Database_Schema#http_events|http_events]] table when Virus Blocker scans an HTTP transfer.
 {| border="1" cellpadding="2" width="90%" align="center"
@@ Line 1,672: / Line 1,835: @@
 ! Description
 |-
-|action
+|appName
-|WanFailoverEvent$Action
+|String
-|The action
+|The name of the application
 |-
 |class
@@ Line 1,680: / Line 1,843: @@
 |The class name
 |-
-|interfaceId
+|clean
-|int
+|boolean
-|The interface ID
+|True if clean, false otherwise
 |-
-|name
+|requestId
-|String
+|Long
-|The name
+|The request ID
-|-
-|osName
-|String
-|The O/S interface name
 |-
 |timeStamp
 |Timestamp
 |The timestamp
+|-
+|virusName
+|String
+|The virus name, if not clean
 |}
-<section end='WanFailoverEvent' />
+<section end='VirusHttpEvent' />
-== CaptivePortalUserEvent ==
+== SpamSmtpTarpitEvent ==
-<section begin='CaptivePortalUserEvent' />
+<section begin='SpamSmtpTarpitEvent' />
-These events are created by [[Captive Portal]] and inserted to the [[Database_Schema#captive_portal_user_events|captive_portal_user_events]] table when Captive Portal user takes an action.
+These events are created by [[Spam Blocker]] and inserted to the [[Database_Schema#smtp_tarpit_events|smtp_tarpit_events]] table when a session is tarpitted.
 {| border="1" cellpadding="2" width="90%" align="center"
@@ Line 1,709: / Line 1,872: @@
 ! Description
 |-
-|authenticationType
+|IPAddr
-|CaptivePortalSettings$AuthenticationType
+|InetAddress
-|The authentication type
+|The IP address
-|-
-|authenticationTypeValue
-|String
-|The authentication type as a string
 |-
 |class
@@ Line 1,721: / Line 1,880: @@
 |The class name
 |-
-|clientAddr
+|hostname
-|InetAddress
+|String
-|The client address
+|The hostname
 |-
-|event
+|sessionEvent
-|CaptivePortalUserEvent$EventType
+|SessionEvent
-|The event (LOGIN, FAILED, TIMEOUT, INACTIVE, USER_LOGOUT, ADMIN_LOGOUT)
+|The session event
 |-
-|eventValue
+|sessionId
-|String
+|Long
-|The event value as a string (LOGIN, FAILED, TIMEOUT, INACTIVE, USER_LOGOUT, ADMIN_LOGOUT)
+|The session ID
-|-
-|loginName
-|String
-|The login name
-|-
-|policyId
-|Integer
-|The policy ID
 |-
 |timeStamp
 |Timestamp
 |The timestamp
+|-
+|vendorName
+|String
+|The application name
 |}
-<section end='CaptivePortalUserEvent' />
+<section end='SpamSmtpTarpitEvent' />
-== CaptureRuleEvent ==
+== SpamLogEvent ==
-<section begin='CaptureRuleEvent' />
+<section begin='SpamLogEvent' />
-These events are created by [[Captive Portal]] and update the [[Database_Schema#sessions|sessions]] table when Captive Portal processes a session.
+These events are created by [[Spam Blocker]] and update the [[Database_Schema#mail_msgs|mail_msgs]] table when an email is scanned.
 {| border="1" cellpadding="2" width="90%" align="center"
@@ Line 1,758: / Line 1,913: @@
 ! Description
 |-
-|captured
+|action
-|boolean
+|SpamMessageAction
-|True if captured, false otherwise
+|The action
 |-
 |class
@@ Line 1,766: / Line 1,921: @@
 |The class name
 |-
-|ruleId
+|clientAddr
-|Integer
+|InetAddress
-|The rule ID
+|The client address
 |-
-|sessionEvent
+|clientPort
-|SessionEvent
+|int
-|The session event
+|The client port
 |-
-|timeStamp
+|messageId
-|Timestamp
+|Long
-|The timestamp
+|The message ID
-|}
-<section end='CaptureRuleEvent' />
-== VirusSmtpEvent ==
-<section begin='VirusSmtpEvent' />
-These events are created by [[Virus Blocker]] and update the [[Database_Schema#mail_msgs|mail_msgs]] table when Virus Blocker scans an email.
-{| border="1" cellpadding="2" width="90%" align="center"
-! Attribute Name
-! Type
-! Description
 |-
-|action
+|receiver
 |String
-|The action
+|The receiver
 |-
-|class
+|score
-|Class
+|float
-|The class name
+|The score
 |-
-|clean
+|sender
-|boolean
+|String
-|True if clean, false otherwise
+|The sender
 |-
-|messageId
+|serverAddr
-|Long
+|InetAddress
-|The message ID
+|The server address
 |-
-|nodeName
+|serverPort
-|String
+|int
-|The name of the application
+|The server port
 |-
-|timeStamp
+|smtpMessageEvent
-|Timestamp
+|SmtpMessageEvent
-|The timestamp
+|The parent SMTP message event
 |-
-|virusName
+|isSpam
+|boolean
+|True if spam, false otherwise
+|-
+|subject
+|String
+|The subject
+|-
+|testsString
+|String
+|The tests string from the spam engine
+|-
+|timeStamp
+|Timestamp
+|The timestamp
+|-
+|vendorName
 |String
-|The virus name, if not clean
+|The application name
 |}
-<section end='VirusSmtpEvent' />
+<section end='SpamLogEvent' />
-== VirusFtpEvent ==
+== HttpResponseEvent ==
-<section begin='VirusFtpEvent' />
+<section begin='HttpResponseEvent' />
-These events are created by [[Virus Blocker]] and update the [[Database_Schema#ftp_events|ftp_events]] table when Virus Blocker scans an FTP transfer.
+These events are created by HTTP subsystem and update the [[Database_Schema#http_events|http_events]] table when a web response happens.
 {| border="1" cellpadding="2" width="90%" align="center"
@@ Line 1,836: / Line 1,994: @@
 |The class name
 |-
-|clean
+|contentLength
-|boolean
+|long
-|True if clean, false otherwise
+|The content length
 |-
-|nodeName
+|contentType
 |String
-|The name of the application
+|The content type
+|-
+|httpRequestEvent
+|HttpRequestEvent
+|The corresponding HTTP request event
 |-
-|sessionEvent
+|requestLine
-|SessionEvent
+|RequestLine
-|The session event
+|The request line
 |-
 |timeStamp
 |Timestamp
 |The timestamp
-|-
-|uri
-|String
-|The URI
-|-
-|virusName
-|String
-|The virus name, if not clean
 |}
-<section end='VirusFtpEvent' />
+<section end='HttpResponseEvent' />
-== VirusHttpEvent ==
+== HttpRequestEvent ==
-<section begin='VirusHttpEvent' />
+<section begin='HttpRequestEvent' />
-These events are created by [[Virus Blocker]] and update the [[Database_Schema#http_events|http_events]] table when Virus Blocker scans an HTTP transfer.
+These events are created by HTTP subsystem and inserted to the [[Database_Schema#http_events|http_events]] table when a web request happens.
 {| border="1" cellpadding="2" width="90%" align="center"
@@ Line 1,877: / Line 2,031: @@
 |The class name
 |-
-|clean
+|contentLength
-|boolean
+|long
-|True if clean, false otherwise
+|The content length
+|-
+|domain
+|String
+|The domain
+|-
+|host
+|String
+|The host
+|-
+|method
+|HttpMethod
+|The HTTP method
 |-
-|nodeName
+|referer
 |String
-|The name of the application
+|The referer
 |-
 |requestId
 |Long
 |The request ID
+|-
+|requestUri
+|URI
+|The request URI
+|-
+|sessionEvent
+|SessionEvent
+|The session event
 |-
 |timeStamp
 |Timestamp
 |The timestamp
-|-
-|virusName
-|String
-|The virus name, if not clean
 |}
-<section end='VirusHttpEvent' />
+<section end='HttpRequestEvent' />
@@ Line 1,998: / Line 2,168: @@
-== SmtpMessageAddressEvent ==
+== WebCacheEvent ==
-<section begin='SmtpMessageAddressEvent' />
+<section begin='WebCacheEvent' />
-These events are created by SMTP subsystem and inserted to the [[Database_Schema#mail_addrs|mail_addrs]] table for each address on each email.
+These events are created by [[Web Cache]] and inserted to the [[Database_Schema#web_cache_stats|web_cache_stats]] table periodically.
 {| border="1" cellpadding="2" width="90%" align="center"
@@ Line 2,008: / Line 2,178: @@
 ! Description
 |-
-|addr
+|bypassCount
-|String
+|long
-|The address
+|The number of bypasses
 |-
 |class
@@ Line 2,016: / Line 2,186: @@
 |The class name
 |-
-|kind
+|hitBytes
-|AddressKind
+|long
-|The type for this address (F=From, T=To, C=CC, G=Envelope From, B=Envelope To, X=Unknown)
+|The number of bytes worth of hits
 |-
-|messageId
+|hitCount
-|Long
+|long
-|The message ID
+|The number of hits
 |-
-|personal
+|missBytes
-|String
+|long
-|personal
+|The number of bytes worth of misses
 |-
-|timeStamp
+|missCount
-|Timestamp
+|long
-|The timestamp
+|The number of misses
-|}
-<section end='SmtpMessageAddressEvent' />
-== SmtpMessageEvent ==
-<section begin='SmtpMessageEvent' />
-These events are created by SMTP subsystem and inserted to the [[Database_Schema#mail_msgs|mail_msgs]] table for each email.
-{| border="1" cellpadding="2" width="90%" align="center"
-! Attribute Name
-! Type
-! Description
-|-
-|addresses
-|Set
-|The addresses
-|-
-|class
-|Class
-|The class name
-|-
-|envelopeFromAddress
-|String
-|The envelop FROM address
-|-
-|envelopeToAddress
-|String
-|The envelope TO address
-|-
-|messageId
-|Long
-|The message ID
-|-
-|receiver
-|String
-|The receiver
-|-
-|sender
-|String
-|The sender
-|-
-|sessionEvent
-|SessionEvent
-|The session event
-|-
-|sessionId
-|Long
-|The session ID
-|-
-|subject
-|String
-|The subject
-|-
-|timeStamp
-|Timestamp
-|The timestamp
-|-
-|tmpFile
-|File
-|The /tmp file
-|}
-<section end='SmtpMessageEvent' />
-== LoginEvent ==
-<section begin='LoginEvent' />
-These events are created by [[Directory Connector]] and inserted to the [[Database_Schema#directory_connector_login_events|directory_connector_login_events]] table for each login.
-{| border="1" cellpadding="2" width="90%" align="center"
-! Attribute Name
-! Type
-! Description
 |-
-|class
+|policyId
-|Class
+|Long
-|The class name
+|The policy ID
 |-
-|clientAddr
+|systemCount
-|InetAddress
+|long
-|The client address
+|The number of system bypasses
-|-
-|domain
-|String
-|The domain
-|-
-|event
-|String
-|The event
-|-
-|loginName
-|String
-|The login name
 |-
 |timeStamp
@@ Line 2,130: / Line 2,214: @@
 |The timestamp
 |}
-<section end='LoginEvent' />
+<section end='WebCacheEvent' />

Event Definitions: Difference between revisions

Revision as of 18:17, 10 August 2017

HostTableEvent

DeviceTableEvent

UserTableEvent

SessionStatsEvent

SessionEvent

SessionMinuteEvent

SessionNatEvent

QuotaEvent

SettingsChangesEvent

AdminLoginEvent

AlertEvent

LogEvent

InterfaceStatEvent

SystemStatEvent

CaptivePortalUserEvent

CaptureRuleEvent

TunnelStatusEvent

VirtualUserEvent

ConfigurationBackupEvent

IntrusionPreventionLogEvent

SslInspectorLogEvent

ApplicationControlLiteEvent

ApplicationControlLogEvent

CookieEvent

AdBlockerEvent

WebFilterQueryEvent

WebFilterEvent

PrioritizeEvent

WanFailoverTestEvent

WanFailoverEvent

SpamSmtpTarpitEvent

SpamLogEvent

FirewallEvent

LoginEvent

SmtpMessageAddressEvent

SmtpMessageEvent

VirusSmtpEvent

VirusFtpEvent

VirusHttpEvent

SpamSmtpTarpitEvent

SpamLogEvent

HttpResponseEvent

HttpRequestEvent

OpenVpnEvent

OpenVpnStatusEvent

WebCacheEvent

Navigation menu

Search