Database Schema
Database Tables
admin_logins
<section begin='admin_logins' />
Column Name | Human Name | Type | Description |
---|---|---|---|
time_stamp | Timestamp | timestamp without time zone | The time of the event |
login | Login | text | The login name |
local | Local | boolean | True if it is a login attempt through a local process |
client_addr | Client Address | inet | The client IP address |
succeeded | Succeeded | boolean | True if the login succeeded, false otherwise |
reason | Reason | character(1) | The reason for the login (if applicable) |
<section end='admin_logins' />
sessions
<section begin='sessions' />
Column Name | Human Name | Type | Description |
---|---|---|---|
session_id | Session ID | bigint | The session |
time_stamp | Timestamp | timestamp without time zone | The time of the event |
end_time | End Time | timestamp without time zone | The time the session ended |
bypassed | Bypassed | boolean | True if the session was bypassed, false otherwise |
entitled | Entitled | boolean | True if the session is entitled to premium functionality |
protocol | Protocol | smallint | The IP protocol of session |
icmp_type | ICMP Type | smallint | The ICMP type of session if ICMP |
hostname | Hostname | text | The hostname of the local address |
username | Username | text | The username associated with this session |
policy_id | Policy ID | smallint | The policy |
policy_rule_id | Policy Rule ID | smallint | The ID of the matching policy rule (0 means none) |
c_client_addr | Client-side Client Address | inet | The client-side client IP address |
c_server_addr | Client-side Server Address | inet | The client-side server IP address |
c_server_port | Client-side Server Port | integer | The client-side server port |
c_client_port | Client-side Client Port | integer | The client-side client port |
s_client_addr | Server-side Client Address | inet | The server-side client IP address |
s_server_addr | Server-side Server Address | inet | The server-side server IP address |
s_server_port | Server-side Server Port | integer | The server-side server port |
s_client_port | Server-side Client Port | integer | The server-side client port |
client_intf | Client Interface | smallint | The client interface |
server_intf | Server Interface | smallint | The server interface |
client_country | Client Country | text | The client Country |
client_latitude | Client Latitude | real | The client Latitude |
client_longitude | Client Longitude | real | The client Longitude |
server_country | Server Country | text | The server Country |
server_latitude | Server Latitude | real | The server Latitude |
server_longitude | Server Longitude | real | The server Longitude |
c2p_bytes | From-Client Bytes | bigint | The number of bytes the client sent to Untangle (client-to-pipeline) |
p2c_bytes | To-Client Bytes | bigint | The number of bytes Untangle sent to client (pipeline-to-client) |
s2p_bytes | From-Server Bytes | bigint | The number of bytes the server sent to Untangle (client-to-pipeline) |
p2s_bytes | To-Server Bytes | bigint | The number of bytes Untangle sent to server (pipeline-to-client) |
filter_prefix | Filter Block | text | The network filter that blocked the connection (filter,shield,invalid) |
firewall_blocked | Firewall Blocked | boolean | True if Firewall blocked the session, false otherwise |
firewall_flagged | Firewall Flagged | boolean | True if Firewall flagged the session, false otherwise |
firewall_rule_index | Firewall Rule ID | integer | The matching rule in Firewall (if any) |
application_control_lite_protocol | Application Control Lite Protocol | text | The application protocol according to Application Control Lite |
application_control_lite_blocked | Application Control Lite Blocked | boolean | True if Application Control Lite blocked the session |
captive_portal_blocked | Captive Portal Blocked | boolean | True if Captive Portal blocked the session |
captive_portal_rule_index | Captive Portal Rule ID | integer | The matching rule in Captive Portal (if any) |
application_control_application | Application Control Application | text | The application according to Application Control |
application_control_protochain | Application Control Protochain | text | The protochain according to Application Control |
application_control_category | Application Control Category | text | The category according to Application Control |
application_control_blocked | Application Control Blocked | boolean | True if Application Control blocked the session |
application_control_flagged | Application Control Flagged | boolean | True if Application Control flagged the session |
application_control_confidence | Application Control Confidence | integer | True if Application Control confidence of this session's identification |
application_control_ruleid | Application Control Rule ID | integer | The matching rule in Application Control (if any) |
application_control_detail | Application Control Detail | text | The text detail from the Application Control engine |
bandwidth_control_priority | Bandwidth Control Priority | integer | The priority given to this session |
bandwidth_control_rule | Bandwidth Control Rule ID | integer | The matching rule in Bandwidth Control rule (if any) |
ssl_inspector_ruleid | SSL Inspector Rule ID | integer | The matching rule in SSL Inspector rule (if any) |
ssl_inspector_status | SSL Inspector Status | text | The status/action of the SSL session (INSPECTED,IGNORED,BLOCKED,UNTRUSTED,ABANDONED) |
ssl_inspector_detail | SSL Inspector Detail | text | Additional text detail about the SSL connection (SNI, IP Address) |
local_addr | Local Address | inet | The IP address of the local participant |
remote_addr | Remote Address | inet | The IP address of the remote participant |
tags | Tags | text | The tags on this session |
<section end='sessions' />
session_minutes
<section begin='session_minutes' />
Column Name | Human Name | Type | Description |
---|---|---|---|
session_id | Session ID | bigint | The session |
time_stamp | Timestamp | timestamp without time zone | The time of the event |
c2s_bytes | From-Client Bytes | bigint | The number of bytes the client sent |
s2c_bytes | From-Server Bytes | bigint | The number of bytes the server sent |
start_time | Start Time | timestamp without time zone | The start time of the session |
end_time | End Time | timestamp without time zone | The time the session ended |
bypassed | Bypassed | boolean | True if the session was bypassed, false otherwise |
entitled | Entitled | boolean | True if the session is entitled to premium functionality |
protocol | Protocol | smallint | The IP protocol of session |
icmp_type | ICMP Type | smallint | The ICMP type of session if ICMP |
hostname | Hostname | text | The hostname of the local address |
username | Username | text | The username associated with this session |
policy_id | Policy ID | smallint | The policy |
policy_rule_id | Policy Rule ID | smallint | The ID of the matching policy rule (0 means none) |
c_client_addr | Client-side Client Address | inet | The client-side client IP address |
c_server_addr | Client-side Server Address | inet | The client-side server IP address |
c_server_port | Client-side Server Port | integer | The client-side server port |
c_client_port | Client-side Client Port | integer | The client-side client port |
s_client_addr | Server-side Client Address | inet | The server-side client IP address |
s_server_addr | Server-side Server Address | inet | The server-side server IP address |
s_server_port | Server-side Server Port | integer | The server-side server port |
s_client_port | Server-side Client Port | integer | The server-side client port |
client_intf | Client Interface | smallint | The client interface |
server_intf | Server Interface | smallint | The server interface |
client_country | Client Country | text | The client Country |
client_latitude | Client Latitude | real | The client Latitude |
client_longitude | Client Longitude | real | The client Longitude |
server_country | Server Country | text | The server Country |
server_latitude | Server Latitude | real | The server Latitude |
server_longitude | Server Longitude | real | The server Longitude |
filter_prefix | Filter Block | text | The network filter that blocked the connection (filter,shield,invalid) |
firewall_blocked | Firewall Blocked | boolean | True if Firewall blocked the session, false otherwise |
firewall_flagged | Firewall Flagged | boolean | True if Firewall flagged the session, false otherwise |
firewall_rule_index | Firewall Rule ID | integer | The matching rule in Firewall (if any) |
application_control_lite_protocol | Application Control Lite Protocol | text | The application protocol according to Application Control Lite |
application_control_lite_blocked | Application Control Lite Blocked | boolean | True if Application Control Lite blocked the session |
captive_portal_blocked | Captive Portal Blocked | boolean | True if Captive Portal blocked the session |
captive_portal_rule_index | Captive Portal Rule ID | integer | The matching rule in Captive Portal (if any) |
application_control_application | Application Control Application | text | The application according to Application Control |
application_control_protochain | Application Control Protochain | text | The protochain according to Application Control |
application_control_category | Application Control Category | text | The category according to Application Control |
application_control_blocked | Application Control Blocked | boolean | True if Application Control blocked the session |
application_control_flagged | Application Control Flagged | boolean | True if Application Control flagged the session |
application_control_confidence | Application Control Confidence | integer | True if Application Control confidence of this session's identification |
application_control_ruleid | Application Control Rule ID | integer | The matching rule in Application Control (if any) |
application_control_detail | Application Control Detail | text | The text detail from the Application Control engine |
bandwidth_control_priority | Bandwidth Control Priority | integer | The priority given to this session |
bandwidth_control_rule | Bandwidth Control Rule ID | integer | The matching rule in Bandwidth Control rule (if any) |
ssl_inspector_ruleid | SSL Inspector Rule ID | integer | The matching rule in SSL Inspector rule (if any) |
ssl_inspector_status | SSL Inspector Status | text | The status/action of the SSL session (INSPECTED,IGNORED,BLOCKED,UNTRUSTED,ABANDONED) |
ssl_inspector_detail | SSL Inspector Detail | text | Additional text detail about the SSL connection (SNI, IP Address) |
local_addr | Local Address | inet | The IP address of the local participant |
remote_addr | Remote Address | inet | The IP address of the remote participant |
tags | Tags | text | The tags on this session |
<section end='session_minutes' />
quotas
<section begin='quotas' />
Column Name | Human Name | Type | Description |
---|---|---|---|
time_stamp | Timestamp | timestamp without time zone | The time of the event |
action | Action | integer | The action (1=Quota Given, 2=Quota Exceeded) |
size | Size | bigint | The size of the quota |
reason | Reason | text | The reason for the action |
entity | Entity | text | The IP entity given the quota (address/username) |
<section end='quotas' />
host_table_updates
<section begin='host_table_updates' />
Column Name | Human Name | Type | Description |
---|---|---|---|
address | Address | inet | The IP address of the host |
key | Key | text | The key being updated |
value | Value | text | The new value for the key |
time_stamp | Timestamp | timestamp without time zone | The time of the event |
old_value | Old Value | text | The old value for the key |
<section end='host_table_updates' />
device_table_updates
<section begin='device_table_updates' />
Column Name | Human Name | Type | Description |
---|---|---|---|
mac_address | MAC Address | text | The MAC address of the device |
key | Key | text | The key being updated |
value | Value | text | The new value for the key |
time_stamp | Timestamp | timestamp without time zone | The time of the event |
old_value | Old Value | text | The old value for the key |
<section end='device_table_updates' />
alerts
<section begin='alerts' />
Column Name | Human Name | Type | Description |
---|---|---|---|
time_stamp | Timestamp | timestamp without time zone | The time of the event |
description | Text detail of the event | text | The description from the alert rule. |
summary_text | Summary Text | text | The summary text of the alert |
json | JSON Text | text | The summary JSON representation of the event causing the alert |
<section end='alerts' />
settings_changes
<section begin='settings_changes' />
Column Name | Human Name | Type | Description |
---|---|---|---|
time_stamp | Timestamp | timestamp without time zone | The time of the event |
settings_file | Settings File | text | The name of the file changed |
username | Username | text | The username logged in at the time of the change |
hostname | Hostname | text | The remote hostname |
<section end='settings_changes' />
wan_failover_test_events
<section begin='wan_failover_test_events' />
Column Name | Human Name | Type | Description |
---|---|---|---|
time_stamp | Timestamp | timestamp without time zone | The time of the event |
interface_id | Interface ID | integer | This interface ID |
name | Interface Name | text | This name of the interface |
description | Text detail of the event | text | The description from the test rule |
success | Success | boolean | The result of the test (true if the test succeeded, false otherwise) |
event_id | Event ID | bigint | The unique event ID |
<section end='wan_failover_test_events' />
wan_failover_action_events
<section begin='wan_failover_action_events' />
Column Name | Human Name | Type | Description |
---|---|---|---|
time_stamp | Timestamp | timestamp without time zone | The time of the event |
interface_id | Interface ID | integer | This interface ID |
action | Action | text | This action (CONNECTED,DISCONNECTED) |
os_name | Interface O/S Name | text | This O/S name of the interface |
name | Interface Name | text | This name of the interface |
event_id | Event ID | bigint | The unique event ID |
<section end='wan_failover_action_events' />
mail_msgs
<section begin='mail_msgs' />
Column Name | Human Name | Type | Description |
---|---|---|---|
time_stamp | Timestamp | timestamp without time zone | The time of the event |
session_id | Session ID | bigint | The session |
client_intf | Client Interface | smallint | The client interface |
server_intf | Server Interface | smallint | The server interface |
c_client_addr | Client-side Client Address | inet | The client-side client IP address |
s_client_addr | Server-side Client Address | inet | The server-side client IP address |
c_server_addr | Client-side Server Address | inet | The client-side server IP address |
s_server_addr | Server-side Server Address | inet | The server-side server IP address |
c_client_port | Client-side Client Port | integer | The client-side client port |
s_client_port | Server-side Client Port | integer | The server-side client port |
c_server_port | Client-side Server Port | integer | The client-side server port |
s_server_port | Server-side Server Port | integer | The server-side server port |
policy_id | Policy ID | bigint | The policy |
username | Username | text | The username associated with this session |
msg_id | Message ID | bigint | The message ID |
subject | Subject | text | The email subject |
hostname | Hostname | text | The hostname of the local address |
event_id | Event ID | bigint | The unique event ID |
sender | Sender | text | The address of the sender |
receiver | Receiver | text | The address of the receiver |
virus_blocker_lite_clean | Virus Blocker Lite Clean | boolean | The cleanliness of the file according to Virus Blocker Lite |
virus_blocker_lite_name | Virus Blocker Lite Name | text | The name of the malware according to Virus Blocker Lite |
virus_blocker_clean | Virus Blocker Clean | boolean | The cleanliness of the file according to Virus Blocker |
virus_blocker_name | Virus Blocker Name | text | The name of the malware according to Virus Blocker |
spam_blocker_lite_score | Spam Blocker Lite Score | real | The score of the email according to Spam Blocker Lite |
spam_blocker_lite_is_spam | Spam Blocker Lite Spam | boolean | The spam status of the email according to Spam Blocker Lite |
spam_blocker_lite_tests_string | Spam Blocker Lite Tests | text | The tess results for Spam Blocker Lite |
spam_blocker_lite_action | Spam Blocker Lite Action | character(1) | The action taken by Spam Blocker Lite |
spam_blocker_score | Spam Blocker Score | real | The score of the email according to Spam Blocker |
spam_blocker_is_spam | Spam Blocker Spam | boolean | The spam status of the email according to Spam Blocker |
spam_blocker_tests_string | Spam Blocker Tests | text | The tess results for Spam Blocker |
spam_blocker_action | Spam Blocker Action | character(1) | The action taken by Spam Blocker |
phish_blocker_score | Phish Blocker Score | real | The score of the email according to Phish Blocker |
phish_blocker_is_spam | Phish Blocker Phish | boolean | The phish status of the email according to Phish Blocker |
phish_blocker_tests_string | Phish Blocker Tests | text | The tess results for Phish Blocker |
phish_blocker_action | Phish Blocker Action | character(1) | The action taken by Phish Blocker |
<section end='mail_msgs' />
mail_addrs
<section begin='mail_addrs' />
Column Name | Human Name | Type | Description |
---|---|---|---|
time_stamp | Timestamp | timestamp without time zone | The time of the event |
session_id | Session ID | bigint | The session |
client_intf | Client Interface | smallint | The client interface |
server_intf | Server Interface | smallint | The server interface |
c_client_addr | Client-side Client Address | inet | The client-side client IP address |
s_client_addr | Server-side Client Address | inet | The server-side client IP address |
c_server_addr | Client-side Server Address | inet | The client-side server IP address |
s_server_addr | Server-side Server Address | inet | The server-side server IP address |
c_client_port | Client-side Client Port | integer | The client-side client port |
s_client_port | Server-side Client Port | integer | The server-side client port |
c_server_port | Client-side Server Port | integer | The client-side server port |
s_server_port | Server-side Server Port | integer | The server-side server port |
policy_id | Policy ID | bigint | The policy |
username | Username | text | The username associated with this session |
msg_id | Message ID | bigint | The message ID |
subject | Subject | text | The email subject |
addr | Address | text | The address of this event |
addr_name | Address Name | text | The name for this address |
addr_kind | Address Kind | character(1) | The type for this address (F=From, T=To, C=CC, G=Envelope From, B=Envelope To, X=Unknown) |
hostname | Hostname | text | The hostname of the local address |
event_id | Event ID | bigint | The unique event ID |
sender | Sender | text | The address of the sender |
virus_blocker_lite_clean | Virus Blocker Lite Clean | boolean | The cleanliness of the file according to Virus Blocker Lite |
virus_blocker_lite_name | Virus Blocker Lite Name | text | The name of the malware according to Virus Blocker Lite |
virus_blocker_clean | Virus Blocker Clean | boolean | The cleanliness of the file according to Virus Blocker |
virus_blocker_name | Virus Blocker Name | text | The name of the malware according to Virus Blocker |
spam_blocker_lite_score | Spam Blocker Lite Score | real | The score of the email according to Spam Blocker Lite |
spam_blocker_lite_is_spam | Spam Blocker Lite Spam | boolean | The spam status of the email according to Spam Blocker Lite |
spam_blocker_lite_action | Spam Blocker Lite Action | character(1) | The action taken by Spam Blocker Lite |
spam_blocker_lite_tests_string | Spam Blocker Lite Tests | text | The tess results for Spam Blocker Lite |
spam_blocker_score | Spam Blocker Score | real | The score of the email according to Spam Blocker |
spam_blocker_is_spam | Spam Blocker Spam | boolean | The spam status of the email according to Spam Blocker |
spam_blocker_action | Spam Blocker Action | character(1) | The action taken by Spam Blocker |
spam_blocker_tests_string | Spam Blocker Tests | text | The tess results for Spam Blocker |
phish_blocker_score | Phish Blocker Score | real | The score of the email according to Phish Blocker |
phish_blocker_is_spam | Phish Blocker Phish | boolean | The phish status of the email according to Phish Blocker |
phish_blocker_tests_string | Phish Blocker Tests | text | The tess results for Phish Blocker |
phish_blocker_action | Phish Blocker Action | character(1) | The action taken by Phish Blocker |
<section end='mail_addrs' />
smtp_tarpit_events
<section begin='smtp_tarpit_events' />
Column Name | Human Name | Type | Description |
---|---|---|---|
time_stamp | Timestamp | timestamp without time zone | The time of the event |
ipaddr | Client Address | inet | The client IP address |
hostname | Hostname | text | The hostname of the local address |
policy_id | Policy ID | bigint | The policy |
vendor_name | Vendor Name | character varying(255) | The "vendor name" of the app that logged the event |
event_id | Event ID | bigint | The unique event ID |
<section end='smtp_tarpit_events' />
http_events
<section begin='http_events' />
Column Name | Human Name | Type | Description |
---|---|---|---|
request_id | Request ID | bigint | The HTTP request ID |
time_stamp | Timestamp | timestamp without time zone | The time of the event |
session_id | Session ID | bigint | The session |
client_intf | Client Interface | smallint | The client interface |
server_intf | Server Interface | smallint | The server interface |
c_client_addr | Client-side Client Address | inet | The client-side client IP address |
s_client_addr | Server-side Client Address | inet | The server-side client IP address |
c_server_addr | Client-side Server Address | inet | The client-side server IP address |
s_server_addr | Server-side Server Address | inet | The server-side server IP address |
c_client_port | Client-side Client Port | integer | The client-side client port |
s_client_port | Server-side Client Port | integer | The server-side client port |
c_server_port | Client-side Server Port | integer | The client-side server port |
s_server_port | Server-side Server Port | integer | The server-side server port |
policy_id | Policy ID | smallint | The policy |
username | Username | text | The username associated with this session |
hostname | Hostname | text | The hostname of the local address |
method | Method | character(1) | The HTTP method |
uri | URI | text | The HTTP URI |
host | Host | text | The HTTP host |
domain | Domain | text | The HTTP domain (shortened host) |
referer | Referer | text | The Referer URL |
c2s_content_length | Client-to-server Content Length | bigint | The client-to-server content length |
s2c_content_length | Server-to-client Content Length | bigint | The server-to-client content length |
s2c_content_type | Server-to-client Content Type | text | The server-to-client content type |
ad_blocker_cookie_ident | Ad Blocker Cookie | text | This name of cookie blocked by Ad Blocker |
ad_blocker_action | Ad Blocker Action | character(1) | This action of Ad Blocker on this request |
web_filter_reason | Web Filter Reason | character(1) | This reason Web Filter blocked/flagged this request |
web_filter_category_id | Web Filter Category ID | int | This category ID according to Web Filter |
web_filter_blocked | Web Filter Blocked | boolean | If Web Filter blocked this request |
web_filter_flagged | Web Filter Flagged | boolean | If Web Filter flagged this request |
virus_blocker_lite_clean | Virus Blocker Lite Clean | boolean | The cleanliness of the file according to Virus Blocker Lite |
virus_blocker_lite_name | Virus Blocker Lite Name | text | The name of the malware according to Virus Blocker Lite |
virus_blocker_clean | Virus Blocker Clean | boolean | The cleanliness of the file according to Virus Blocker |
virus_blocker_name | Virus Blocker Name | text | The name of the malware according to Virus Blocker |
<section end='http_events' />
ftp_events
<section begin='ftp_events' />
Column Name | Human Name | Type | Description |
---|---|---|---|
event_id | Event ID | bigint | The unique event ID |
time_stamp | Timestamp | timestamp without time zone | The time of the event |
session_id | Session ID | bigint | The session |
client_intf | Client Interface | smallint | The client interface |
server_intf | Server Interface | smallint | The server interface |
c_client_addr | Client-side Client Address | inet | The client-side client IP address |
s_client_addr | Server-side Client Address | inet | The server-side client IP address |
c_server_addr | Client-side Server Address | inet | The client-side server IP address |
s_server_addr | Server-side Server Address | inet | The server-side server IP address |
policy_id | Policy ID | bigint | The policy |
username | Username | text | The username associated with this session |
hostname | Hostname | text | The hostname of the local address |
request_id | Request ID | bigint | The FTP request ID |
method | Method | character(1) | The FTP method |
uri | URI | text | The FTP URI |
virus_blocker_lite_clean | Virus Blocker Lite Clean | boolean | The cleanliness of the file according to Virus Blocker Lite |
virus_blocker_lite_name | Virus Blocker Lite Name | text | The name of the malware according to Virus Blocker Lite |
virus_blocker_clean | Virus Blocker Clean | boolean | The cleanliness of the file according to Virus Blocker |
virus_blocker_name | Virus Blocker Name | text | The name of the malware according to Virus Blocker |
<section end='ftp_events' />
ipsec_user_events
<section begin='ipsec_user_events' />
Column Name | Human Name | Type | Description |
---|---|---|---|
event_id | Event ID | bigint | The unique event ID |
time_stamp | Timestamp | timestamp without time zone | The time of the event |
connect_stamp | Connect Time | timestamp without time zone | The time the connection started |
goodbye_stamp | End Time | timestamp without time zone | The time the connection ended |
client_address | Client Address | text | The remote IP address of the client |
client_protocol | Client Protocol | text | The protocol the client used to connect |
client_username | Client Username | text | The username of the client |
net_process | Net Process | text | The PID of the PPP process for L2TP connections or the connection ID for Xauth connections |
net_interface | Net Interface | text | The PPP interface for L2TP connections or the client interface for Xauth connections |
elapsed_time | Elapsed Time | text | The total time the client was connected |
rx_bytes | Bytes Received | bigint | The number of bytes received from the client in this connection |
tx_bytes | Bytes Sent | bigint | The number of bytes sent to the client in this connection |
<section end='ipsec_user_events' />
ipsec_tunnel_stats
<section begin='ipsec_tunnel_stats' />
Column Name | Human Name | Type | Description |
---|---|---|---|
time_stamp | Timestamp | timestamp without time zone | The time of the event |
tunnel_name | Tunnel Name | text | The name of the IPsec tunnel |
in_bytes | In Bytes | bigint | The number of bytes received during this time frame |
out_bytes | Out Bytes | bigint | The number of bytes transmitted during this time frame |
event_id | Event ID | bigint | The unique event ID |
<section end='ipsec_tunnel_stats' />
interface_stat_events
<section begin='interface_stat_events' />
Column Name | Human Name | Type | Description |
---|---|---|---|
time_stamp | Timestamp | timestamp without time zone | The time of the event |
interface_id | Interface ID | integer | The interface ID |
rx_rate | Rx Rate | double precision | The RX rate (bytes/s) |
tx_rate | Tx Rate | double precision | The TX rate (bytes/s) |
<section end='interface_stat_events' />
configuration_backup_events
<section begin='configuration_backup_events' />
Column Name | Human Name | Type | Description |
---|---|---|---|
time_stamp | Timestamp | timestamp without time zone | The time of the event |
success | Success | boolean | The result of the backup (true if the backup succeeded, false otherwise) |
description | Text detail of the event | text | Text detail of the event |
destination | Destination | text | The location of the backup |
event_id | Event ID | bigint | The unique event ID |
<section end='configuration_backup_events' />
directory_connector_login_events
<section begin='directory_connector_login_events' />
Column Name | Human Name | Type | Description |
---|---|---|---|
time_stamp | Timestamp | timestamp without time zone | The time of the event |
login_name | Login Name | text | The login name |
domain | Domain | text | The AD domain |
type | Type | text | The type of event (I=Login,U=Update,O=Logout) |
client_addr | Client Address | inet | The client IP address |
<section end='directory_connector_login_events' />
server_events
<section begin='server_events' />
Column Name | Human Name | Type | Description |
---|---|---|---|
time_stamp | Timestamp | timestamp without time zone | The time of the event |
load_1 | CPU load (1-min) | numeric(6,2) | The 1-minute CPU load |
load_5 | CPU load (5-min) | numeric(6,2) | The 5-minute CPU load |
load_15 | CPU load (15-min) | numeric(6,2) | The 15-minute CPU load |
cpu_user | CPU User Utilization | numeric(6,3) | The user CPU percent utilization |
cpu_system | CPU System Utilization | numeric(6,3) | The system CPU percent utilization |
mem_total | Total Memory | bigint | The total bytes of memory |
mem_free | Memory Free | bigint | The number of free bytes of memory |
disk_total | Disk Size | bigint | The total disk size in bytes |
disk_free | Disk Free | bigint | The free disk space in bytes |
swap_total | Swap Size | bigint | The total swap size in bytes |
swap_free | Swap Free | bigint | The free disk swap in bytes |
active_hosts | Active Hosts | integer | The number of active hosts |
<section end='server_events' />
web_cache_stats
<section begin='web_cache_stats' />
Column Name | Human Name | Type | Description |
---|---|---|---|
time_stamp | Timestamp | timestamp without time zone | The time of the event |
hits | Hits | bigint | The number of cache hits during this time frame |
misses | Misses | bigint | The number of cache misses during this time frame |
bypasses | Bypasses | bigint | The number of cache user bypasses during this time frame |
systems | System bypasses | bigint | The number of cache system bypasses during this time frame |
hit_bytes | Hit Bytes | bigint | The number of bytes saved from cache hits |
miss_bytes | Miss Bytes | bigint | The number of bytes not saved from cache misses |
event_id | Event ID | bigint | The unique event ID |
<section end='web_cache_stats' />
http_query_events
<section begin='http_query_events' />
Column Name | Human Name | Type | Description |
---|---|---|---|
event_id | Event ID | bigint | The unique event ID |
time_stamp | Timestamp | timestamp without time zone | The time of the event |
session_id | Session ID | bigint | The session |
client_intf | Client Interface | smallint | The client interface |
server_intf | Server Interface | smallint | The server interface |
c_client_addr | Client-side Client Address | inet | The client-side client IP address |
s_client_addr | Server-side Client Address | inet | The server-side client IP address |
c_server_addr | Client-side Server Address | inet | The client-side server IP address |
s_server_addr | Server-side Server Address | inet | The server-side server IP address |
c_client_port | Client-side Client Port | integer | The client-side client port |
s_client_port | Server-side Client Port | integer | The server-side client port |
c_server_port | Client-side Server Port | integer | The client-side server port |
s_server_port | Server-side Server Port | integer | The server-side server port |
policy_id | Policy ID | bigint | The policy |
username | Username | text | The username associated with this session |
hostname | Hostname | text | The hostname of the local address |
request_id | Request ID | bigint | The HTTP request ID |
method | Method | character(1) | The HTTP method |
uri | URI | text | The HTTP URI |
term | Search Term | text | The search term |
host | Host | text | The HTTP host |
c2s_content_length | Client-to-server Content Length | bigint | The client-to-server content length |
s2c_content_length | Server-to-client Content Length | bigint | The server-to-client content length |
s2c_content_type | Server-to-client Content Type | text | The server-to-client content type |
<section end='http_query_events' />
captive_portal_user_events
<section begin='captive_portal_user_events' />
Column Name | Human Name | Type | Description |
---|---|---|---|
time_stamp | Timestamp | timestamp without time zone | The time of the event |
policy_id | Policy ID | bigint | The policy |
event_id | Event ID | bigint | The unique event ID |
login_name | Login Name | text | The login username |
event_info | Event Type | text | The type of event (LOGIN, FAILED, TIMEOUT, INACTIVE, USER_LOGOUT, ADMIN_LOGOUT) |
auth_type | Authorization Type | text | The authorization type for this event |
client_addr | Client Address | text | The remote IP address of the client |
<section end='captive_portal_user_events' />
openvpn_stats
<section begin='openvpn_stats' />
Column Name | Human Name | Type | Description |
---|---|---|---|
time_stamp | Timestamp | timestamp without time zone | The time of the event |
start_time | Start Time | timestamp without time zone | The time the OpenVPN session started |
end_time | End Time | timestamp without time zone | The time the OpenVPN session ended |
rx_bytes | Bytes Received | bigint | The total bytes received from the client during this session |
tx_bytes | Bytes Sent | bigint | The total bytes sent to the client during this session |
remote_address | Remote Address | inet | The remote IP address of the client |
pool_address | Pool Address | inet | The pool IP address of the client |
remote_port | Remote Port | integer | The remote port of the client |
client_name | Client Name | text | The name of the client |
event_id | Event ID | bigint | The unique event ID |
<section end='openvpn_stats' />
openvpn_events
<section begin='openvpn_events' />
Column Name | Human Name | Type | Description |
---|---|---|---|
time_stamp | Timestamp | timestamp without time zone | The time of the event |
remote_address | Remote Address | inet | The remote IP address of the client |
pool_address | Pool Address | inet | The pool IP address of the client |
client_name | Client Name | text | The name of the client |
type | Type | text | The type of the event (CONNECT,DISCONNECT) |
<section end='openvpn_events' />
intrusion_prevention_events
<section begin='intrusion_prevention_events' />
Column Name | Human Name | Type | Description |
---|---|---|---|
time_stamp | Timestamp | timestamp without time zone | The time of the event |
sig_id | Signature ID | bigint | This ID of the rule |
gen_id | Grouping ID | bigint | The grouping ID for the rule, The gen_id + sig_id specify the rule's unique identifier |
class_id | Classtype ID | bigint | The numeric ID for the classtype |
source_addr | Source Address | inet | The source IP address of the packet |
source_port | Source Port | integer | The source port of the packet (if applicable) |
dest_addr | Destination Address | inet | The destination IP address of the packet |
dest_port | Destination Port | integer | The destination port of the packet (if applicable) |
protocol | Protocol | integer | The protocol of the packet |
blocked | Blocked | boolean | If the packet was blocked/dropped |
category | Category | text | The application specific grouping |
classtype | Classtype | text | The generalized threat rule grouping (unrelated to gen_id) |
msg | Message | text | The "title" or "description" of the rule |
<section end='intrusion_prevention_events' />
syslog
<section begin='syslog' />
Column Name | Human Name | Type | Description |
---|---|---|---|
time_stamp | Timestamp | timestamp without time zone | The time of the event |
description | Text detail of the event | text | The description from the alert rule. |
summary_text | Summary Text | text | The summary text of the alert |
json | JSON Text | text | The summary JSON representation of the event causing the alert |
<section end='syslog' />
user_table_updates
<section begin='user_table_updates' />
Column Name | Human Name | Type | Description |
---|---|---|---|
username | Username | text | The username |
key | Key | text | The key being updated |
value | Value | text | The new value for the key |
old_value | Old Value | text | The old value for the key |
time_stamp | Timestamp | timestamp without time zone | The time of the event |
<section end='user_table_updates' />