Database Schema
From Edge Threat Management Wiki - Arista
The global DB schema shows the tables and columns used for tracking all logged events in Untangle. These can be used to add conditions to reports and event logs and in the reporting system to create or edit reports.
ipsec_tunnel_stats
<section begin='ipsec_tunnel_stats' />
| Column Name | Human Name | Type | Description |
|---|---|---|---|
| time_stamp | Timestamp | timestamp without time zone | The time of the event |
| tunnel_name | Tunnel Name | text | The name of the IPsec tunnel |
| in_bytes | In Bytes | bigint | The number of bytes received during this time frame |
| out_bytes | Out Bytes | bigint | The number of bytes transmitted during this time frame |
| event_id | Event ID | bigint | The unique event ID |
<section end='ipsec_tunnel_stats' />
ipsec_user_events
<section begin='ipsec_user_events' />
| Column Name | Human Name | Type | Description |
|---|---|---|---|
| event_id | Event ID | bigint | The unique event ID |
| time_stamp | Timestamp | timestamp without time zone | The time of the event |
| connect_stamp | Connect Time | timestamp without time zone | The time the connection started |
| goodbye_stamp | End Time | timestamp without time zone | The time the connection ended |
| client_address | Client Address | text | The remote IP address of the client |
| client_protocol | Client Protocol | text | The protocol the client used to connect |
| client_username | Client Username | text | The username of the client |
| net_process | Net Process | text | The PID of the PPP process for L2TP connections or the connection ID for Xauth connections |
| net_interface | Net Interface | text | The PPP interface for L2TP connections or the client interface for Xauth connections |
| elapsed_time | Elapsed Time | text | The total time the client was connected |
| rx_bytes | Bytes Received | bigint | The number of bytes received from the client in this connection |
| tx_bytes | Bytes Sent | bigint | The number of bytes sent to the client in this connection |
<section end='ipsec_user_events' />
http_events
<section begin='http_events' />
| Column Name | Human Name | Type | Description |
|---|---|---|---|
| request_id | Request ID | bigint | The HTTP request ID |
| time_stamp | Timestamp | timestamp without time zone | The time of the event |
| session_id | Session ID | bigint | The session |
| client_intf | Client Interface | smallint | The client interface |
| server_intf | Server Interface | smallint | The server interface |
| c_client_addr | Client-side Client Address | inet | The client-side client IP address |
| s_client_addr | Server-side Client Address | inet | The server-side client IP address |
| c_server_addr | Client-side Server Address | inet | The client-side server IP address |
| s_server_addr | Server-side Server Address | inet | The server-side server IP address |
| c_client_port | Client-side Client Port | integer | The client-side client port |
| s_client_port | Server-side Client Port | integer | The server-side client port |
| c_server_port | Client-side Server Port | integer | The client-side server port |
| s_server_port | Server-side Server Port | integer | The server-side server port |
| policy_id | Policy ID | smallint | The policy |
| username | Username | text | The username associated with this session |
| hostname | Hostname | text | The hostname of the local address |
| method | Method | character(1) | The HTTP method |
| uri | URI | text | The HTTP URI |
| host | Host | text | The HTTP host |
| domain | Domain | text | The HTTP domain (shortened host) |
| referer | Referer | text | The Referer URL |
| c2s_content_length | Client-to-server Content Length | bigint | The client-to-server content length |
| s2c_content_length | Server-to-client Content Length | bigint | The server-to-client content length |
| s2c_content_type | Server-to-client Content Type | text | The server-to-client content type |
| ad_blocker_cookie_ident | Ad Blocker Cookie | text | This name of cookie blocked by Ad Blocker |
| ad_blocker_action | Ad Blocker Action | character(1) | This action of Ad Blocker on this request |
| web_filter_lite_reason | Web Filter Lite Reason | character(1) | This reason Web Filter Lite blocked/flagged this request |
| web_filter_lite_category | Web Filter Lite Category | text | This category according to Web Filter Lite |
| web_filter_lite_blocked | Web Filter Lite Blocked | boolean | If Web Filter Lite blocked this request |
| web_filter_lite_flagged | Web Filter Lite Flagged | boolean | If Web Filter Lite flagged this request |
| web_filter_reason | Web Filter Reason | character(1) | This reason Web Filter blocked/flagged this request |
| web_filter_category | Web Filter Category | text | This category according to Web Filter |
| web_filter_blocked | Web Filter Blocked | boolean | If Web Filter blocked this request |
| web_filter_flagged | Web Filter Flagged | boolean | If Web Filter flagged this request |
| virus_blocker_lite_clean | Virus Blocker Lite Clean | boolean | The cleanliness of the file according to Virus Blocker Lite |
| virus_blocker_lite_name | Virus Blocker Lite Name | text | The name of the malware according to Virus Blocker Lite |
| virus_blocker_clean | Virus Blocker Clean | boolean | The cleanliness of the file according to Virus Blocker |
| virus_blocker_name | Virus Blocker Name | text | The name of the malware according to Virus Blocker |
<section end='http_events' />
captive_portal_user_events
<section begin='captive_portal_user_events' />
| Column Name | Human Name | Type | Description |
|---|---|---|---|
| time_stamp | Timestamp | timestamp without time zone | The time of the event |
| policy_id | Policy ID | bigint | The policy |
| event_id | Event ID | bigint | The unique event ID |
| login_name | Login Name | text | The login username |
| event_info | Event Type | text | The type of event (LOGIN, FAILED, TIMEOUT, INACTIVE, USER_LOGOUT, ADMIN_LOGOUT) |
| auth_type | Authorization Type | text | The authorization type for this event |
| client_addr | Client Address | text | The remote IP address of the client |
<section end='captive_portal_user_events' />
server_events
<section begin='server_events' />
| Column Name | Human Name | Type | Description |
|---|---|---|---|
| time_stamp | Timestamp | timestamp without time zone | The time of the event |
| load_1 | CPU load (1-min) | numeric(6,2) | The 1-minute CPU load |
| load_5 | CPU load (5-min) | numeric(6,2) | The 5-minute CPU load |
| load_15 | CPU load (15-min) | numeric(6,2) | The 15-minute CPU load |
| cpu_user | CPU User Utilization | numeric(6,3) | The user CPU percent utilization |
| cpu_system | CPU System Utilization | numeric(6,3) | The system CPU percent utilization |
| mem_total | Total Memory | bigint | The total bytes of memory |
| mem_free | Memory Free | bigint | The number of free bytes of memory |
| disk_total | Disk Size | bigint | The total disk size in bytes |
| disk_free | Disk Free | bigint | The free disk space in bytes |
| swap_total | Swap Size | bigint | The total swap size in bytes |
| swap_free | Swap Free | bigint | The free disk swap in bytes |
| active_hosts | Active Hosts | integer | The number of active hosts |
<section end='server_events' />
interface_stat_events
<section begin='interface_stat_events' />
| Column Name | Human Name | Type | Description |
|---|---|---|---|
| time_stamp | Timestamp | timestamp without time zone | The time of the event |
| interface_id | Interface ID | integer | The interface ID |
| rx_rate | Rx Rate | double precision | The RX rate (bytes/s) |
| tx_rate | Tx Rate | double precision | The TX rate (bytes/s) |
<section end='interface_stat_events' />
openvpn_stats
<section begin='openvpn_stats' />
| Column Name | Human Name | Type | Description |
|---|---|---|---|
| time_stamp | Timestamp | timestamp without time zone | The time of the event |
| start_time | Start Time | timestamp without time zone | The time the OpenVPN session started |
| end_time | End Time | timestamp without time zone | The time the OpenVPN session ended |
| rx_bytes | Bytes Received | bigint | The total bytes received from the client during this session |
| tx_bytes | Bytes Sent | bigint | The total bytes sent to the client during this session |
| remote_address | Remote Address | inet | The remote IP address of the client |
| pool_address | Pool Address | inet | The pool IP address of the client |
| remote_port | Remote Port | integer | The remote port of the client |
| client_name | Client Name | text | The name of the client |
| event_id | Event ID | bigint | The unique event ID |
<section end='openvpn_stats' />
openvpn_events
<section begin='openvpn_events' />
| Column Name | Human Name | Type | Description |
|---|---|---|---|
| time_stamp | Timestamp | timestamp without time zone | The time of the event |
| remote_address | Remote Address | inet | The remote IP address of the client |
| pool_address | Pool Address | inet | The pool IP address of the client |
| client_name | Client Name | text | The name of the client |
| type | Type | text | The type of the event (CONNECT/DISCONNECT) |
<section end='openvpn_events' />
mail_msgs
<section begin='mail_msgs' />
| Column Name | Human Name | Type | Description |
|---|---|---|---|
| time_stamp | Timestamp | timestamp without time zone | The time of the event |
| session_id | Session ID | bigint | The session |
| client_intf | Client Interface | smallint | The client interface |
| server_intf | Server Interface | smallint | The server interface |
| c_client_addr | Client-side Client Address | inet | The client-side client IP address |
| s_client_addr | Server-side Client Address | inet | The server-side client IP address |
| c_server_addr | Client-side Server Address | inet | The client-side server IP address |
| s_server_addr | Server-side Server Address | inet | The server-side server IP address |
| c_client_port | Client-side Client Port | integer | The client-side client port |
| s_client_port | Server-side Client Port | integer | The server-side client port |
| c_server_port | Client-side Server Port | integer | The client-side server port |
| s_server_port | Server-side Server Port | integer | The server-side server port |
| policy_id | Policy ID | bigint | The policy |
| username | Username | text | The username associated with this session |
| msg_id | Message ID | bigint | The message ID |
| subject | Subject | text | The email subject |
| hostname | Hostname | text | The hostname of the local address |
| event_id | Event ID | bigint | The unique event ID |
| sender | Sender | text | The address of the sender |
| receiver | Receiver | text | The address of the receiver |
| virus_blocker_lite_clean | Virus Blocker Lite Clean | boolean | The cleanliness of the file according to Virus Blocker Lite |
| virus_blocker_lite_name | Virus Blocker Lite Name | text | The name of the malware according to Virus Blocker Lite |
| virus_blocker_clean | Virus Blocker Clean | boolean | The cleanliness of the file according to Virus Blocker |
| virus_blocker_name | Virus Blocker Name | text | The name of the malware according to Virus Blocker |
| spam_blocker_lite_score | Spam Blocker Lite Score | real | The score of the email according to Spam Blocker Lite |
| spam_blocker_lite_is_spam | Spam Blocker Lite Spam | boolean | The spam status of the email according to Spam Blocker Lite |
| spam_blocker_lite_tests_string | Spam Blocker Lite Tests | text | The tess results for Spam Blocker Lite |
| spam_blocker_lite_action | Spam Blocker Lite Action | character(1) | The action taken by Spam Blocker Lite |
| spam_blocker_score | Spam Blocker Score | real | The score of the email according to Spam Blocker |
| spam_blocker_is_spam | Spam Blocker Spam | boolean | The spam status of the email according to Spam Blocker |
| spam_blocker_tests_string | Spam Blocker Tests | text | The tess results for Spam Blocker |
| spam_blocker_action | Spam Blocker Action | character(1) | The action taken by Spam Blocker |
| phish_blocker_score | Phish Blocker Score | real | The score of the email according to Phish Blocker |
| phish_blocker_is_spam | Phish Blocker Phish | boolean | The phish status of the email according to Phish Blocker |
| phish_blocker_tests_string | Phish Blocker Tests | text | The tess results for Phish Blocker |
| phish_blocker_action | Phish Blocker Action | character(1) | The action taken by Phish Blocker |
<section end='mail_msgs' />
mail_addrs
<section begin='mail_addrs' />
| Column Name | Human Name | Type | Description |
|---|---|---|---|
| time_stamp | Timestamp | timestamp without time zone | The time of the event |
| session_id | Session ID | bigint | The session |
| client_intf | Client Interface | smallint | The client interface |
| server_intf | Server Interface | smallint | The server interface |
| c_client_addr | Client-side Client Address | inet | The client-side client IP address |
| s_client_addr | Server-side Client Address | inet | The server-side client IP address |
| c_server_addr | Client-side Server Address | inet | The client-side server IP address |
| s_server_addr | Server-side Server Address | inet | The server-side server IP address |
| c_client_port | Client-side Client Port | integer | The client-side client port |
| s_client_port | Server-side Client Port | integer | The server-side client port |
| c_server_port | Client-side Server Port | integer | The client-side server port |
| s_server_port | Server-side Server Port | integer | The server-side server port |
| policy_id | Policy ID | bigint | The policy |
| username | Username | text | The username associated with this session |
| msg_id | Message ID | bigint | The message ID |
| subject | Subject | text | The email subject |
| addr | Address | text | The address of this event |
| addr_name | Address Name | text | The name for this address |
| addr_kind | Address Kind | character(1) | The type for this address (F=From, T=To, C=CC, G=Envelope From, B=Envelope To, X=Unknown) |
| hostname | Hostname | text | The hostname of the local address |
| event_id | Event ID | bigint | The unique event ID |
| sender | Sender | text | The address of the sender |
| virus_blocker_lite_clean | Virus Blocker Lite Clean | boolean | The cleanliness of the file according to Virus Blocker Lite |
| virus_blocker_lite_name | Virus Blocker Lite Name | text | The name of the malware according to Virus Blocker Lite |
| virus_blocker_clean | Virus Blocker Clean | boolean | The cleanliness of the file according to Virus Blocker |
| virus_blocker_name | Virus Blocker Name | text | The name of the malware according to Virus Blocker |
| spam_blocker_lite_score | Spam Blocker Lite Score | real | The score of the email according to Spam Blocker Lite |
| spam_blocker_lite_is_spam | Spam Blocker Lite Spam | boolean | The spam status of the email according to Spam Blocker Lite |
| spam_blocker_lite_action | Spam Blocker Lite Action | character(1) | The action taken by Spam Blocker Lite |
| spam_blocker_lite_tests_string | Spam Blocker Lite Tests | text | The tess results for Spam Blocker Lite |
| spam_blocker_score | Spam Blocker Score | real | The score of the email according to Spam Blocker |
| spam_blocker_is_spam | Spam Blocker Spam | boolean | The spam status of the email according to Spam Blocker |
| spam_blocker_action | Spam Blocker Action | character(1) | The action taken by Spam Blocker |
| spam_blocker_tests_string | Spam Blocker Tests | text | The tess results for Spam Blocker |
| phish_blocker_score | Phish Blocker Score | real | The score of the email according to Phish Blocker |
| phish_blocker_is_spam | Phish Blocker Phish | boolean | The phish status of the email according to Phish Blocker |
| phish_blocker_tests_string | Phish Blocker Tests | text | The tess results for Phish Blocker |
| phish_blocker_action | Phish Blocker Action | character(1) | The action taken by Phish Blocker |
<section end='mail_addrs' />
smtp_tarpit_events
<section begin='smtp_tarpit_events' />
| Column Name | Human Name | Type | Description |
|---|---|---|---|
| time_stamp | Timestamp | timestamp without time zone | The time of the event |
| ipaddr | Client Address | inet | The client IP address |
| hostname | Hostname | text | The hostname of the local address |
| policy_id | Policy ID | bigint | The policy |
| vendor_name | Vendor Name | character varying(255) | The "vendor name" of the app that logged the event |
| event_id | Event ID | bigint | The unique event ID |
<section end='smtp_tarpit_events' />
ftp_events
<section begin='ftp_events' />
| Column Name | Human Name | Type | Description |
|---|---|---|---|
| event_id | Event ID | bigint | The unique event ID |
| time_stamp | Timestamp | timestamp without time zone | The time of the event |
| session_id | Session ID | bigint | The session |
| client_intf | Client Interface | smallint | The client interface |
| server_intf | Server Interface | smallint | The server interface |
| c_client_addr | Client-side Client Address | inet | The client-side client IP address |
| s_client_addr | Server-side Client Address | inet | The server-side client IP address |
| c_server_addr | Client-side Server Address | inet | The client-side server IP address |
| s_server_addr | Server-side Server Address | inet | The server-side server IP address |
| policy_id | Policy ID | bigint | The policy |
| username | Username | text | The username associated with this session |
| hostname | Hostname | text | The hostname of the local address |
| request_id | Request ID | bigint | The FTP request ID |
| method | Method | character(1) | The FTP method |
| uri | URI | text | The FTP URI |
| virus_blocker_lite_clean | Virus Blocker Lite Clean | boolean | The cleanliness of the file according to Virus Blocker Lite |
| virus_blocker_lite_name | Virus Blocker Lite Name | text | The name of the malware according to Virus Blocker Lite |
| virus_blocker_clean | Virus Blocker Clean | boolean | The cleanliness of the file according to Virus Blocker |
| virus_blocker_name | Virus Blocker Name | text | The name of the malware according to Virus Blocker |
<section end='ftp_events' />
wan_failover_test_events
<section begin='wan_failover_test_events' />
| Column Name | Human Name | Type | Description |
|---|---|---|---|
| time_stamp | Timestamp | timestamp without time zone | The time of the event |
| interface_id | Interface ID | integer | This interface ID |
| name | Interface Name | text | This name of the interface |
| description | Text detail of the event | text | The description from the test rule |
| success | Success | boolean | The result of the test (true if the test succeeded, false otherwise) |
| event_id | Event ID | bigint | The unique event ID |
<section end='wan_failover_test_events' />
wan_failover_action_events
<section begin='wan_failover_action_events' />
| Column Name | Human Name | Type | Description |
|---|---|---|---|
| time_stamp | Timestamp | timestamp without time zone | The time of the event |
| interface_id | Interface ID | integer | This interface ID |
| action | Action | text | This action (CONNECTED/DISCONNECTED) |
| os_name | Interface O/S Name | text | This O/S name of the interface |
| name | Interface Name | text | This name of the interface |
| event_id | Event ID | bigint | The unique event ID |
<section end='wan_failover_action_events' />
intrusion_prevention_events
<section begin='intrusion_prevention_events' />
| Column Name | Human Name | Type | Description |
|---|---|---|---|
| time_stamp | Timestamp | timestamp without time zone | The time of the event |
| sig_id | Signature ID | bigint | This ID of the rule |
| gen_id | Grouping ID | bigint | The grouping ID for the rule, The gen_id + sig_id specify the rule's unique identifier |
| class_id | Classtype ID | bigint | The numeric ID for the classtype |
| source_addr | Source Address | inet | The source IP address of the packet |
| source_port | Source Port | integer | The source port of the packet (if applicable) |
| dest_addr | Destination Address | inet | The destination IP address of the packet |
| dest_port | Destination Port | integer | The destination port of the packet (if applicable) |
| protocol | Protocol | integer | The protocol of the packet |
| blocked | Blocked | boolean | If the packet was blocked/dropped |
| category | Category | text | The application specific grouping |
| classtype | Classtype | text | The generalized threat rule grouping (unrelated to gen_id) |
| msg | Message | text | The "title" or "description" of the rule |
<section end='intrusion_prevention_events' />
web_cache_stats
<section begin='web_cache_stats' />
| Column Name | Human Name | Type | Description |
|---|---|---|---|
| time_stamp | Timestamp | timestamp without time zone | The time of the event |
| hits | Hits | bigint | The number of cache hits during this time frame |
| misses | Misses | bigint | The number of cache misses during this time frame |
| bypasses | Bypasses | bigint | The number of cache user bypasses during this time frame |
| systems | System bypasses | bigint | The number of cache system bypasses during this time frame |
| hit_bytes | Hit Bytes | bigint | The number of bytes saved from cache hits |
| miss_bytes | Miss Bytes | bigint | The number of bytes not saved from cache misses |
| event_id | Event ID | bigint | The unique event ID |
<section end='web_cache_stats' />
http_query_events
<section begin='http_query_events' />
| Column Name | Human Name | Type | Description |
|---|---|---|---|
| event_id | Event ID | bigint | The unique event ID |
| time_stamp | Timestamp | timestamp without time zone | The time of the event |
| session_id | Session ID | bigint | The session |
| client_intf | Client Interface | smallint | The client interface |
| server_intf | Server Interface | smallint | The server interface |
| c_client_addr | Client-side Client Address | inet | The client-side client IP address |
| s_client_addr | Server-side Client Address | inet | The server-side client IP address |
| c_server_addr | Client-side Server Address | inet | The client-side server IP address |
| s_server_addr | Server-side Server Address | inet | The server-side server IP address |
| c_client_port | Client-side Client Port | integer | The client-side client port |
| s_client_port | Server-side Client Port | integer | The server-side client port |
| c_server_port | Client-side Server Port | integer | The client-side server port |
| s_server_port | Server-side Server Port | integer | The server-side server port |
| policy_id | Policy ID | bigint | The policy |
| username | Username | text | The username associated with this session |
| hostname | Hostname | text | The hostname of the local address |
| request_id | Request ID | bigint | The HTTP request ID |
| method | Method | character(1) | The HTTP method |
| uri | URI | text | The HTTP URI |
| term | Search Term | text | The search term |
| host | Host | text | The HTTP host |
| c2s_content_length | Client-to-server Content Length | bigint | The client-to-server content length |
| s2c_content_length | Server-to-client Content Length | bigint | The server-to-client content length |
| s2c_content_type | Server-to-client Content Type | text | The server-to-client content type |
<section end='http_query_events' />
directory_connector_login_events
<section begin='directory_connector_login_events' />
| Column Name | Human Name | Type | Description |
|---|---|---|---|
| time_stamp | Timestamp | timestamp without time zone | The time of the event |
| login_name | Login Name | text | The login name |
| domain | Domain | text | The AD domain |
| type | Type | text | The type of event (I=Login,U=Update,O=Logout) |
| client_addr | Client Address | inet | The client IP address |
<section end='directory_connector_login_events' />
admin_logins
<section begin='admin_logins' />
| Column Name | Human Name | Type | Description |
|---|---|---|---|
| time_stamp | Timestamp | timestamp without time zone | The time of the event |
| login | Login | text | The login name |
| local | Local | boolean | True if it is a login attempt through a local process |
| client_addr | Client Address | inet | The client IP address |
| succeeded | Succeeded | boolean | True if the login succeeded, false otherwise |
| reason | Reason | character(1) | The reason for the login (if applicable) |
<section end='admin_logins' />
sessions
<section begin='sessions' />
| Column Name | Human Name | Type | Description |
|---|---|---|---|
| session_id | Session ID | bigint | The session |
| time_stamp | Timestamp | timestamp without time zone | The time of the event |
| end_time | End Time | timestamp without time zone | The time the session ended |
| bypassed | Bypassed | boolean | True if the session was bypassed, false otherwise |
| entitled | Entitled | boolean | True if the session is entitled to premium functionality |
| protocol | Protocol | smallint | The IP protocol of session |
| icmp_type | ICMP Type | smallint | The ICMP type of session if ICMP |
| hostname | Hostname | text | The hostname of the local address |
| username | Username | text | The username associated with this session |
| policy_id | Policy ID | smallint | The policy |
| policy_rule_id | Policy Rule ID | smallint | The ID of the matching policy rule (0 means none) |
| local_addr | Local Address | inet | The IP address of the local participant |
| remote_addr | Remote Address | inet | The IP address of the remote participant |
| c_client_addr | Client-side Client Address | inet | The client-side client IP address |
| c_server_addr | Client-side Server Address | inet | The client-side server IP address |
| c_server_port | Client-side Server Port | integer | The client-side server port |
| c_client_port | Client-side Client Port | integer | The client-side client port |
| s_client_addr | Server-side Client Address | inet | The server-side client IP address |
| s_server_addr | Server-side Server Address | inet | The server-side server IP address |
| s_server_port | Server-side Server Port | integer | The server-side server port |
| s_client_port | Server-side Client Port | integer | The server-side client port |
| client_intf | Client Interface | smallint | The client interface |
| server_intf | Server Interface | smallint | The server interface |
| client_country | Client Country | text | The client Country |
| client_latitude | Client Latitude | real | The client Latitude |
| client_longitude | Client Longitude | real | The client Longitude |
| server_country | Server Country | text | The server Country |
| server_latitude | Server Latitude | real | The server Latitude |
| server_longitude | Server Longitude | real | The server Longitude |
| c2p_bytes | From-Client Bytes | bigint | The number of bytes the client sent to Untangle (client-to-pipeline) |
| p2c_bytes | To-Client Bytes | bigint | The number of bytes Untangle sent to client (pipeline-to-client) |
| s2p_bytes | From-Server Bytes | bigint | The number of bytes the server sent to Untangle (client-to-pipeline) |
| p2s_bytes | To-Server Bytes | bigint | The number of bytes Untangle sent to server (pipeline-to-client) |
| filter_prefix | Filter Block | text | The network filter that blocked the connection |
| firewall_blocked | Firewall Blocked | boolean | True if Firewall blocked the session, false otherwise |
| firewall_flagged | Firewall Flagged | boolean | True if Firewall flagged the session, false otherwise |
| firewall_rule_index | Firewall Rule ID | integer | The matching rule in Firewall (if any) |
| application_control_lite_protocol | Application Control Lite Protocol | text | The application protocol according to Application Control Lite |
| application_control_lite_blocked | Application Control Lite Blocked | boolean | True if Application Control Lite blocked the session |
| captive_portal_blocked | Captive Portal Blocked | boolean | True if Captive Portal blocked the session |
| captive_portal_rule_index | Captive Portal Rule ID | integer | The matching rule in Captive Portal (if any) |
| application_control_application | Application Control Application | text | The application according to Application Control |
| application_control_protochain | Application Control Protochain | text | The protochain according to Application Control |
| application_control_category | Application Control Category | text | The category according to Application Control |
| application_control_blocked | Application Control Blocked | boolean | True if Application Control blocked the session |
| application_control_flagged | Application Control Flagged | boolean | True if Application Control flagged the session |
| application_control_confidence | Application Control Confidence | integer | True if Application Control confidence of this session's identification |
| application_control_ruleid | Application Control Rule ID | integer | The matching rule in Application Control (if any) |
| application_control_detail | Application Control Detail | text | The text detail from the Application Control engine |
| bandwidth_control_priority | Bandwidth Control Priority | integer | The priority given to this session |
| bandwidth_control_rule | Bandwidth Control Rule ID | integer | The matching rule in Bandwidth Control rule (if any) |
| ssl_inspector_ruleid | SSL Inspector Rule ID | integer | The matching rule in SSL Inspector rule (if any) |
| ssl_inspector_status | SSL Inspector Status | text | The status/action of the SSL session (INSPECTED/IGNORED/BLOCKED/UNTRUSTED/ABANDONED) |
| ssl_inspector_detail | SSL Inspector Detail | text | Additional text detail about the SSL connection (SNI, IP Address) |
<section end='sessions' />
session_minutes
<section begin='session_minutes' />
| Column Name | Human Name | Type | Description |
|---|---|---|---|
| session_id | Session ID | bigint | The session |
| time_stamp | Timestamp | timestamp without time zone | The time of the event |
| c2s_bytes | From-Client Bytes | bigint | The number of bytes the client sent |
| s2c_bytes | From-Server Bytes | bigint | The number of bytes the server sent |
| start_time | Start Time | timestamp without time zone | The start time of the session |
| end_time | End Time | timestamp without time zone | The time the session ended |
| bypassed | Bypassed | boolean | True if the session was bypassed, false otherwise |
| entitled | Entitled | boolean | True if the session is entitled to premium functionality |
| protocol | Protocol | smallint | The IP protocol of session |
| icmp_type | ICMP Type | smallint | The ICMP type of session if ICMP |
| hostname | Hostname | text | The hostname of the local address |
| username | Username | text | The username associated with this session |
| policy_id | Policy ID | smallint | The policy |
| policy_rule_id | Policy Rule ID | smallint | The ID of the matching policy rule (0 means none) |
| local_addr | Local Address | inet | The IP address of the local participant |
| remote_addr | Remote Address | inet | The IP address of the remote participant |
| c_client_addr | Client-side Client Address | inet | The client-side client IP address |
| c_server_addr | Client-side Server Address | inet | The client-side server IP address |
| c_server_port | Client-side Server Port | integer | The client-side server port |
| c_client_port | Client-side Client Port | integer | The client-side client port |
| s_client_addr | Server-side Client Address | inet | The server-side client IP address |
| s_server_addr | Server-side Server Address | inet | The server-side server IP address |
| s_server_port | Server-side Server Port | integer | The server-side server port |
| s_client_port | Server-side Client Port | integer | The server-side client port |
| client_intf | Client Interface | smallint | The client interface |
| server_intf | Server Interface | smallint | The server interface |
| client_country | Client Country | text | The client Country |
| client_latitude | Client Latitude | real | The client Latitude |
| client_longitude | Client Longitude | real | The client Longitude |
| server_country | Server Country | text | The server Country |
| server_latitude | Server Latitude | real | The server Latitude |
| server_longitude | Server Longitude | real | The server Longitude |
| filter_prefix | Filter Block | text | The network filter that blocked the connection |
| firewall_blocked | Firewall Blocked | boolean | True if Firewall blocked the session, false otherwise |
| firewall_flagged | Firewall Flagged | boolean | True if Firewall flagged the session, false otherwise |
| firewall_rule_index | Firewall Rule ID | integer | The matching rule in Firewall (if any) |
| application_control_lite_protocol | Application Control Lite Protocol | text | The application protocol according to Application Control Lite |
| application_control_lite_blocked | Application Control Lite Blocked | boolean | True if Application Control Lite blocked the session |
| captive_portal_blocked | Captive Portal Blocked | boolean | True if Captive Portal blocked the session |
| captive_portal_rule_index | Captive Portal Rule ID | integer | The matching rule in Captive Portal (if any) |
| application_control_application | Application Control Application | text | The application according to Application Control |
| application_control_protochain | Application Control Protochain | text | The protochain according to Application Control |
| application_control_category | Application Control Category | text | The category according to Application Control |
| application_control_blocked | Application Control Blocked | boolean | True if Application Control blocked the session |
| application_control_flagged | Application Control Flagged | boolean | True if Application Control flagged the session |
| application_control_confidence | Application Control Confidence | integer | True if Application Control confidence of this session's identification |
| application_control_ruleid | Application Control Rule ID | integer | The matching rule in Application Control (if any) |
| application_control_detail | Application Control Detail | text | The text detail from the Application Control engine |
| bandwidth_control_priority | Bandwidth Control Priority | integer | The priority given to this session |
| bandwidth_control_rule | Bandwidth Control Rule ID | integer | The matching rule in Bandwidth Control rule (if any) |
| ssl_inspector_ruleid | SSL Inspector Rule ID | integer | The matching rule in SSL Inspector rule (if any) |
| ssl_inspector_status | SSL Inspector Status | text | The status/action of the SSL session (INSPECTED/IGNORED/BLOCKED/UNTRUSTED/ABANDONED) |
| ssl_inspector_detail | SSL Inspector Detail | text | Additional text detail about the SSL connection (SNI, IP Address) |
<section end='session_minutes' />
penaltybox
<section begin='penaltybox' />
| Column Name | Human Name | Type | Description |
|---|---|---|---|
| address | Address | inet | The IP address of the host |
| reason | Reason | text | The reason for the action |
| start_time | Start Time | timestamp without time zone | The time the client entered the penalty box |
| end_time | End Time | timestamp without time zone | The time the client exited the penalty box |
| time_stamp | Timestamp | timestamp without time zone | The time of the event |
<section end='penaltybox' />
quotas
<section begin='quotas' />
| Column Name | Human Name | Type | Description |
|---|---|---|---|
| time_stamp | Timestamp | timestamp without time zone | The time of the event |
| address | Address | inet | The IP address of the host |
| action | Action | integer | The action (1=Quota Given, 2=Quota Exceeded) |
| size | Size | bigint | The size of the quota |
| reason | Reason | text | The reason for the action |
<section end='quotas' />
host_table_updates
<section begin='host_table_updates' />
| Column Name | Human Name | Type | Description |
|---|---|---|---|
| address | Address | inet | The IP address of the host |
| key | Key | text | The key being updated |
| value | Value | text | The new value for the key |
| time_stamp | Timestamp | timestamp without time zone | The time of the event |
<section end='host_table_updates' />
device_table_updates
<section begin='device_table_updates' />
| Column Name | Human Name | Type | Description |
|---|---|---|---|
| mac_address | MAC Address | text | The MAC address of the device |
| key | Key | text | The key being updated |
| value | Value | text | The new value for the key |
| time_stamp | Timestamp | timestamp without time zone | The time of the event |
<section end='device_table_updates' />
alerts
<section begin='alerts' />
| Column Name | Human Name | Type | Description |
|---|---|---|---|
| time_stamp | Timestamp | timestamp without time zone | The time of the event |
| description | Text detail of the event | text | The description from the alert rule. |
| summary_text | Summary Text | text | The summary text of the alert |
| json | JSON Text | text | The summary JSON representation of the event causing the alert |
<section end='alerts' />
configuration_backup_events
<section begin='configuration_backup_events' />
| Column Name | Human Name | Type | Description |
|---|---|---|---|
| time_stamp | Timestamp | timestamp without time zone | The time of the event |
| success | Success | boolean | The result of the backup (true if the backup succeeded, false otherwise) |
| description | Text detail of the event | text | Text detail of the event |
| destination | Destination | text | The location of the backup |
| event_id | Event ID | bigint | The unique event ID |
<section end='configuration_backup_events' />
settings_changes
<section begin='settings_changes' />
| Column Name | Human Name | Type | Description |
|---|---|---|---|
| time_stamp | Timestamp | timestamp without time zone | The time of the event |
| settings_file | Settings File | text | The name of the file changed |
| username | Username | text | The username logged in at the time of the change |
| hostname | Hostname | text | The remote hostname |
<section end='settings_changes' />
