Event Definitions
All event data is stored in the Database Schema in a relational database. As Untangle and applications process traffic they create Event objects that add and modify content in the database. Each event has it's own class/object with certain fields that modify the database in a certain way.
The list below shows the classes used in the event logging and the attributes of each event object. These can be used to add alerts in Reports or for other event handling within Untangle.
SpamLogEvent
<section begin='SpamLogEvent' />
These events are created by Spam Blocker and update the mail_msgs table when an email is scanned.
Attribute Name | Type | Description
getAction |
---|---|---|
action | SpamMessageAction | The action
getClass |
class | Class | The class name
getClientAddr |
clientAddr | InetAddress | The client address
getClientPort |
clientPort | int | The client port
getMessageId |
messageId | Long | The message ID
getPartitionTablePostfix getReceiver |
receiver | String | The receiver
getScore |
score | float | The score
getSender |
sender | String | The sender
getServerAddr |
serverAddr | InetAddress | The server address
getServerPort |
serverPort | int | The server port
getSmtpMessageEvent |
smtpMessageEvent | SmtpMessageEvent | The parent SMTP message event
isSpam |
isSpam | boolean | True if spam, false otherwise
getSubject |
subject | String | The subject
getTag getTestsString |
testsString | String | The tests string from the spam engine
getTimeStamp |
timeStamp | Timestamp | The timestamp
getVendorName |
vendorName | String | The application name |
<section end='SpamLogEvent' />== SpamSmtpTarpitEvent ==
<section begin='SpamSmtpTarpitEvent' />
These events are created by Spam Blocker and inserted to the smtp_tarpit_events table when a session is tarpitted.
Attribute Name | Type | Description
getIPAddr |
---|---|---|
IPAddr | InetAddress | The IP address
getClass |
class | Class | The class name
getHostname |
hostname | String | The hostname
getPartitionTablePostfix getSessionEvent |
sessionEvent | SessionEvent | The session event
getSessionId |
sessionId | Long | The session ID
getTag getTimeStamp |
timeStamp | Timestamp | The timestamp
getVendorName |
vendorName | String | The application name |
<section end='SpamSmtpTarpitEvent' />== PrioritizeEvent ==
<section begin='PrioritizeEvent' />
These events are created by the Bandwidth Control and update the session table when a session is prioritized.
Attribute Name | Type | Description
getClass |
---|---|---|
class | Class | The class name
getPartitionTablePostfix getPriority |
priority | int | The priority
getRuleId |
ruleId | int | The rule ID
getSessionEvent |
sessionEvent | SessionEvent | The session event
getTag getTimeStamp |
timeStamp | Timestamp | The timestamp |
<section end='PrioritizeEvent' />== VirusFtpEvent ==
<section begin='VirusFtpEvent' />
These events are created by Virus Blocker and update the ftp_events table when Virus Blocker scans an FTP transfer.
Attribute Name | Type | Description
getAppName |
---|---|---|
appName | String | The name of the application
getClass |
class | Class | The class name
getClean |
clean | boolean | True if clean, false otherwise
getPartitionTablePostfix getSessionEvent |
sessionEvent | SessionEvent | The session event
getTag getTimeStamp |
timeStamp | Timestamp | The timestamp
getUri |
uri | String | The URI
getVirusName |
virusName | String | The virus name, if not clean |
<section end='VirusFtpEvent' />== VirusHttpEvent ==
<section begin='VirusHttpEvent' />
These events are created by Virus Blocker and update the http_events table when Virus Blocker scans an HTTP transfer.
Attribute Name | Type | Description
getAppName |
---|---|---|
appName | String | The name of the application
getClass |
class | Class | The class name
getClean |
clean | boolean | True if clean, false otherwise
getPartitionTablePostfix getRequestLine |
requestLine | RequestLine | The request line
getSessionEvent |
sessionEvent | SessionEvent | The session event
getTag getTimeStamp |
timeStamp | Timestamp | The timestamp
getVirusName |
virusName | String | The virus name, if not clean |
<section end='VirusHttpEvent' />== VirusSmtpEvent ==
<section begin='VirusSmtpEvent' />
These events are created by Virus Blocker and update the mail_msgs table when Virus Blocker scans an email.
Attribute Name | Type | Description
getAction |
---|---|---|
action | String | The action
getAppName |
appName | String | The name of the application
getClass |
class | Class | The class name
getClean |
clean | boolean | True if clean, false otherwise
getMessageId |
messageId | Long | The message ID
getPartitionTablePostfix getTag getTimeStamp |
timeStamp | Timestamp | The timestamp
getVirusName |
virusName | String | The virus name, if not clean |
<section end='VirusSmtpEvent' />== FirewallEvent ==
<section begin='FirewallEvent' />
These events are created by Firewall and update the sessions table when a firewall rule matches a session.
Attribute Name | Type | Description
getBlocked |
---|---|---|
blocked | boolean | True if blocked, false otherwise
getClass |
class | Class | The class name
getFlagged |
flagged | boolean | True if flagged, false otherwise
getPartitionTablePostfix getRuleId |
ruleId | long | The rule ID
getSessionId |
sessionId | Long | The session ID
getTag getTimeStamp |
timeStamp | Timestamp | The timestamp |
<section end='FirewallEvent' />== OpenVpnStatusEvent ==
<section begin='OpenVpnStatusEvent' />
These events are created by OpenVPN and update the openvpn_stats table periodically.
Attribute Name | Type | Description
getAddress |
---|---|---|
address | InetAddress | The address
getBytesRxDelta |
bytesRxDelta | long | The delta number of RX (received) bytes from the previous event
getBytesRxTotal |
bytesRxTotal | long | The total number of RX (received) bytes
getBytesTxDelta |
bytesTxDelta | long | The delta number of TX (transmitted) bytes from the previous event
getBytesTxTotal |
bytesTxTotal | long | The total number of TX (transmitted) bytes
getClass |
class | Class | The class name
getClientName |
clientName | String | The client name
getEnd |
end | Timestamp | The end
getPartitionTablePostfix getPoolAddress |
poolAddress | InetAddress | The pool address
getPort |
port | int | The port
getStart |
start | Timestamp | The start
getTag getTimeStamp |
timeStamp | Timestamp | The timestamp |
<section end='OpenVpnStatusEvent' />== OpenVpnEvent ==
<section begin='OpenVpnEvent' />
These events are created by OpenVPN and update the openvpn_events table when OpenVPN processes a client action.
Attribute Name | Type | Description
getAddress |
---|---|---|
address | InetAddress | The address
getClass |
class | Class | The class name
getClientName |
clientName | String | The client name
getPartitionTablePostfix getPoolAddress |
poolAddress | InetAddress | The pool address
getTag getTimeStamp |
timeStamp | Timestamp | The timestamp
getType |
type | OpenVpnEvent$EventType | The type |
<section end='OpenVpnEvent' />== AdminLoginEvent ==
<section begin='AdminLoginEvent' />
These events are created by the base system and inserted to the admin_logins table when an administrator login is attempted or successful.
Attribute Name | Type | Description
getClass |
---|---|---|
class | Class | The class name
getClientAddress |
clientAddress | InetAddress | The client address
getLocal |
local | boolean | 1 if login is done via local console, 0 otherwise
getLogin |
login | String | The login username
getPartitionTablePostfix getReason |
reason | String | The reason
getSucceeded |
succeeded | boolean | 1 if successful, 0 otherwise
getTag getTimeStamp |
timeStamp | Timestamp | The timestamp |
<section end='AdminLoginEvent' />== AlertEvent ==
<section begin='AlertEvent' />
These events are created by Reports and inserted to the alerts table when an alert fires.
Attribute Name | Type | Description
getCausalRule |
---|---|---|
causalRule | EventRule | The causal rule
getCause |
cause | LogEvent | The cause
getClass |
class | Class | The class name
getDescription |
description | String | The description
getEventSent |
eventSent | Boolean | True if the event was sent, false otherwise
getJson |
json | String | The JSON string
getPartitionTablePostfix getSummaryText |
summaryText | String | The summary text
getTag getTimeStamp |
timeStamp | Timestamp | The timestamp |
<section end='AlertEvent' />== InterfaceStatEvent ==
<section begin='InterfaceStatEvent' />
These events are created by the base system and inserted to the interface_stat_events table periodically with interface stats.
Attribute Name | Type | Description
getClass |
---|---|---|
class | Class | The class name
getInterfaceId |
interfaceId | int | The interface ID
getPartitionTablePostfix getRxBytes |
rxBytes | double | The total of received bytes
getRxRate |
rxRate | double | The RX rate in byte/s
getTag getTimeStamp |
timeStamp | Timestamp | The timestamp
getTxBytes |
txBytes | double | The total of transmitted bytes
getTxRate |
txRate | double | The TX rate in byte/s |
<section end='InterfaceStatEvent' />== LogEvent ==
<section begin='LogEvent' />
These base class for all events.
Attribute Name | Type | Description
getClass |
---|---|---|
class | Class | The class name
getPartitionTablePostfix getTag getTimeStamp |
timeStamp | Timestamp | The timestamp |
<section end='LogEvent' />== SystemStatEvent ==
<section begin='SystemStatEvent' />
These events are created by the base system and inserted to the server_events table periodically.
Attribute Name | Type | Description
getActiveHosts |
---|---|---|
activeHosts | int | The active host count
getClass |
class | Class | The class name
getCpuSystem |
cpuSystem | float | The system CPU utilization
getCpuUser |
cpuUser | float | The user CPU utilization
getDiskFree |
diskFree | long | The amount of disk free
getDiskFreePercent |
diskFreePercent | float | The percentage of disk free
getDiskTotal |
diskTotal | long | The total size of the disk
getDiskUsed |
diskUsed | long | The amount of disk used
getDiskUsedPercent |
diskUsedPercent | float | The percentage of disk used
getLoad1 |
load1 | float | The 1-minute CPU load
getLoad15 |
load15 | float | The 15-minute CPU load
getLoad5 |
load5 | float | The 5-minute CPU load
getMemBuffers |
memBuffers | long | The amount of memory used by buffers
getMemCache |
memCache | long | The amount of memory used by cache
getMemFree |
memFree | long | The amount of free memory
getMemFreePercent |
memFreePercent | float | The percentage of total memory that is free
getMemTotal |
memTotal | long | The total amount of memory
getMemUsed |
memUsed | long | The amount of used memory
getMemUsedPercent |
memUsedPercent | float | The percentage of total memory that is used
getPartitionTablePostfix getSwapFree |
swapFree | long | The amount of free swap
getSwapFreePercent |
swapFreePercent | float | The percentage of total swap that is free
getSwapTotal |
swapTotal | long | The total size of swap
getSwapUsed |
swapUsed | long | The amount of used swap
getSwapUsedPercent |
swapUsedPercent | float | The percentage of total swap that is used
getTag getTimeStamp |
timeStamp | Timestamp | The timestamp |
<section end='SystemStatEvent' />== HostTableEvent ==
<section begin='HostTableEvent' />
These events are created by the base system and inserted to the host_table_updates table when the host table is modified.
Attribute Name | Type | Description
getAddress |
---|---|---|
address | InetAddress | The address
getClass |
class | Class | The class name
getKey |
key | String | The key
getOldValue |
oldValue | String | The old value
getPartitionTablePostfix getTag getTimeStamp |
timeStamp | Timestamp | The timestamp
getValue |
value | String | The value |
<section end='HostTableEvent' />== DeviceTableEvent ==
<section begin='DeviceTableEvent' />
These events are created by the base system and inserted to the device_table_updates table when the device list is modified.
Attribute Name | Type | Description
getClass |
---|---|---|
class | Class | The class name
getDevice |
device | DeviceTableEntry | The Device
getKey |
key | String | The key
getMacAddress |
macAddress | String | The MAC address
getOldValue |
oldValue | String | The old value
getPartitionTablePostfix getTag getTimeStamp |
timeStamp | Timestamp | The timestamp
getValue |
value | String | The value |
<section end='DeviceTableEvent' />== SettingsChangesEvent ==
<section begin='SettingsChangesEvent' />
These events are created by the base system and inserted to the settings_changes table when settings are changed.
Attribute Name | Type | Description
getClass |
---|---|---|
class | Class | The class name
getHostname |
hostname | String | The hostname
getPartitionTablePostfix getSettingsFile |
settingsFile | String | The settings file
getTag getTimeStamp |
timeStamp | Timestamp | The timestamp
getUsername |
username | String | The username |
<section end='SettingsChangesEvent' />== UserTableEvent ==
<section begin='UserTableEvent' />
These events are created by the base system and inserted to the user_table_updates table when the user table is modified.
Attribute Name | Type | Description
getClass |
---|---|---|
class | Class | The class name
getKey |
key | String | The key
getOldValue |
oldValue | String | The old value
getPartitionTablePostfix getTag getTimeStamp |
timeStamp | Timestamp | The timestamp
getUsername |
username | String | The username
getValue |
value | String | The value |
<section end='UserTableEvent' />== SessionMinuteEvent ==
<section begin='SessionMinuteEvent' />
These events are created by the base system and update the session_minutes table each minute a session exists.
Attribute Name | Type | Description
getC2sBytes |
---|---|---|
c2sBytes | long | The number of bytes sent from the client to the server
getClass |
class | Class | The class name
getPartitionTablePostfix getS2cBytes |
s2cBytes | long | The number of bytes sent from the server to the client
getSessionId |
sessionId | long | The session ID
getTag getTimeStamp |
timeStamp | Timestamp | The timestamp |
<section end='SessionMinuteEvent' />== SessionEvent ==
<section begin='SessionEvent' />
These events are created by the base system and update the sessions table each time a session is created.
Attribute Name | Type | Description
getCClientAddr |
---|---|---|
CClientAddr | InetAddress | The client-side (pre-NAT) client address
getCClientPort |
CClientPort | Integer | The client-side (pre-NAT) client port
getCServerAddr |
CServerAddr | InetAddress | The client-side (pre-NAT) server address
getCServerPort |
CServerPort | Integer | The client-side (pre-NAT) server port
getSClientAddr |
SClientAddr | InetAddress | The server-side (post-NAT) client address
getSClientPort |
SClientPort | Integer | The server-side (post-NAT) client port
getSServerAddr |
SServerAddr | InetAddress | The server-side (post-NAT) server address
getSServerPort |
SServerPort | Integer | The server-side (post-NAT) server port
getBypassed |
bypassed | boolean | True if bypassed, false otherwise
getClass |
class | Class | The class name
getClientCountry |
clientCountry | String | The client country
getClientIntf |
clientIntf | Integer | The client interface ID
getClientLatitude |
clientLatitude | Double | The client latitude
getClientLongitude |
clientLongitude | Double | The client longitude
getEntitled |
entitled | boolean | The entitled status
getFilterPrefix |
filterPrefix | String | The filter prefix if blocked by the filter rules
getHostname |
hostname | String | The hostname
getIcmpType |
icmpType | Short | The ICMP type
getLocalAddr |
localAddr | InetAddress | The local host address
getPartitionTablePostfix getPolicyId |
policyId | Integer | The policy ID
getPolicyRuleId |
policyRuleId | Integer | The policy rule ID
getProtocol |
protocol | Short | The protocol
getProtocolName |
protocolName | String | The protocol name
getRemoteAddr |
remoteAddr | InetAddress | The remote host address
getServerCountry |
serverCountry | String | The server country
getServerIntf |
serverIntf | Integer | The server interface ID
getServerLatitude |
serverLatitude | Double | The server latitude
getServerLongitude |
serverLongitude | Double | The server longitude
getSessionId |
sessionId | Long | The session ID
getTag getTagsString |
tagsString | String | The string value of all tags
getTimeStamp |
timeStamp | Timestamp | The timestamp
getUsername |
username | String | The username |
<section end='SessionEvent' />== SessionStatsEvent ==
<section begin='SessionStatsEvent' />
These events are created by the base system and update the sessions table when a session ends with the updated stats.
Attribute Name | Type | Description
getC2pBytes |
---|---|---|
c2pBytes | long | The number of bytes sent from the client to Untangle
getClass |
class | Class | The class name
getEndTime |
endTime | long | The end time/date
getP2cBytes |
p2cBytes | long | The number of bytes sent to the client from Untangle
getP2sBytes |
p2sBytes | long | The number of bytes sent to the server from Untangle
getPartitionTablePostfix getS2pBytes |
s2pBytes | long | The number of bytes sent from the server to Untangle
getSessionEvent |
sessionEvent | SessionEvent | The session event
getSessionId |
sessionId | Long | The session ID
getTag getTimeStamp |
timeStamp | Timestamp | The timestamp |
<section end='SessionStatsEvent' />== SessionNatEvent ==
<section begin='SessionNatEvent' />
These events are created by the base system and update the sessions table each time a session is NATd with the post-NAT information.
Attribute Name | Type | Description
getSClientAddr |
---|---|---|
SClientAddr | InetAddress | The server-side (post-NAT) client address
getSClientPort |
SClientPort | Integer | The server-side (post-NAT) client port
getSServerAddr |
SServerAddr | InetAddress | The server-side (post-NAT) server address
getSServerPort |
SServerPort | Integer | The server-side (post-NAT) server port
getClass |
class | Class | The class name
getPartitionTablePostfix getServerIntf |
serverIntf | Integer | The server interface ID
getSessionEvent |
sessionEvent | SessionEvent | The session event
getTag getTimeStamp |
timeStamp | Timestamp | The timestamp |
<section end='SessionNatEvent' />== QuotaEvent ==
<section begin='QuotaEvent' />
These events are created by the Bandwidth Control and inserted or update the quotas table when quotas are given or exceeded.
Attribute Name | Type | Description
getAction |
---|---|---|
action | int | The action (1=Quota Given, 2=Quota Exceeded)
getClass |
class | Class | The class name
getEntity |
entity | String | The entity
getPartitionTablePostfix getQuotaSize |
quotaSize | long | The quota size
getReason |
reason | String | The reason
getTag getTimeStamp |
timeStamp | Timestamp | The timestamp |
<section end='QuotaEvent' />== SmtpMessageAddressEvent ==
<section begin='SmtpMessageAddressEvent' />
These events are created by SMTP subsystem and inserted to the mail_addrs table for each address on each email.
Attribute Name | Type | Description
getAddr |
---|---|---|
addr | String | The address
getClass |
class | Class | The class name
getKind |
kind | AddressKind | The type for this address (F=From, T=To, C=CC, G=Envelope From, B=Envelope To, X=Unknown)
getMessageId |
messageId | Long | The message ID
getPartitionTablePostfix getPersonal |
personal | String | personal
getTag getTimeStamp |
timeStamp | Timestamp | The timestamp |
<section end='SmtpMessageAddressEvent' />== SmtpMessageEvent ==
<section begin='SmtpMessageEvent' />
These events are created by SMTP subsystem and inserted to the mail_msgs table for each email.
Attribute Name | Type | Description
getAddresses |
---|---|---|
addresses | Set | The addresses
getClass |
class | Class | The class name
getEnvelopeFromAddress |
envelopeFromAddress | String | The envelop FROM address
getEnvelopeToAddress |
envelopeToAddress | String | The envelope TO address
getMessageId |
messageId | Long | The message ID
getPartitionTablePostfix getReceiver |
receiver | String | The receiver
getSender |
sender | String | The sender
getSessionEvent |
sessionEvent | SessionEvent | The session event
getSessionId |
sessionId | Long | The session ID
getSubject |
subject | String | The subject
getTag getTimeStamp |
timeStamp | Timestamp | The timestamp
getTmpFile |
tmpFile | File | The /tmp file |
<section end='SmtpMessageEvent' />== CaptureRuleEvent ==
<section begin='CaptureRuleEvent' />
These events are created by Captive Portal and update the sessions table when Captive Portal processes a session.
Attribute Name | Type | Description
getCaptured |
---|---|---|
captured | boolean | True if captured, false otherwise
getClass |
class | Class | The class name
getPartitionTablePostfix getRuleId |
ruleId | Integer | The rule ID
getSessionEvent |
sessionEvent | SessionEvent | The session event
getTag getTimeStamp |
timeStamp | Timestamp | The timestamp |
<section end='CaptureRuleEvent' />== CaptivePortalUserEvent ==
<section begin='CaptivePortalUserEvent' />
These events are created by Captive Portal and inserted to the captive_portal_user_events table when Captive Portal user takes an action.
Attribute Name | Type | Description
getAuthenticationType |
---|---|---|
authenticationType | CaptivePortalSettings$AuthenticationType | The authentication type
getAuthenticationTypeValue |
authenticationTypeValue | String | The authentication type as a string
getClass |
class | Class | The class name
getClientAddr |
clientAddr | String | The client address
getEvent |
event | CaptivePortalUserEvent$EventType | The event (LOGIN, FAILED, TIMEOUT, INACTIVE, USER_LOGOUT, ADMIN_LOGOUT)
getEventValue |
eventValue | String | The event value as a string (LOGIN, FAILED, TIMEOUT, INACTIVE, USER_LOGOUT, ADMIN_LOGOUT)
getLoginName |
loginName | String | The login name
getPartitionTablePostfix getPolicyId |
policyId | Integer | The policy ID
getTag getTimeStamp |
timeStamp | Timestamp | The timestamp |
<section end='CaptivePortalUserEvent' />== AdBlockerEvent ==
<section begin='AdBlockerEvent' />
These events are created by Ad Blocker and update the http_events table when an ad is blocked.
Attribute Name | Type | Description
getAction |
---|---|---|
action | Action | The action
getClass |
class | Class | The class name
getPartitionTablePostfix getReason |
reason | String | The reason
getRequestId |
requestId | Long | The request ID
getTag getTimeStamp |
timeStamp | Timestamp | The timestamp |
<section end='AdBlockerEvent' />== CookieEvent ==
<section begin='CookieEvent' />
These events are created by Ad Blocker and update the http_events table when a cookie is blocked.
Attribute Name | Type | Description
getClass |
---|---|---|
class | Class | The class name
getIdentification |
identification | String | The identification string
getPartitionTablePostfix getRequestId |
requestId | Long | The request ID
getSessionEvent |
sessionEvent | SessionEvent | The session event
getTag getTimeStamp |
timeStamp | Timestamp | The timestamp |
<section end='CookieEvent' />== HttpRequestEvent ==
<section begin='HttpRequestEvent' />
These events are created by HTTP subsystem and inserted to the http_events table when a web request happens.
Attribute Name | Type | Description
getClass |
---|---|---|
class | Class | The class name
getContentLength |
contentLength | long | The content length
getDomain |
domain | String | The domain
getHost |
host | String | The host
getMethod |
method | HttpMethod | The HTTP method
getPartitionTablePostfix getReferer |
referer | String | The referer
getRequestId |
requestId | Long | The request ID
getRequestUri |
requestUri | URI | The request URI
getSessionEvent |
sessionEvent | SessionEvent | The session event
getTag getTimeStamp |
timeStamp | Timestamp | The timestamp |
<section end='HttpRequestEvent' />== HttpResponseEvent ==
<section begin='HttpResponseEvent' />
These events are created by HTTP subsystem and update the http_events table when a web response happens.
Attribute Name | Type | Description
getClass |
---|---|---|
class | Class | The class name
getContentFilename |
contentFilename | String | The content filename
getContentLength |
contentLength | long | The content length
getContentType |
contentType | String | The content type
getHttpRequestEvent |
httpRequestEvent | HttpRequestEvent | The corresponding HTTP request event
getPartitionTablePostfix getRequestLine |
requestLine | RequestLine | The request line
getTag getTimeStamp |
timeStamp | Timestamp | The timestamp |
<section end='HttpResponseEvent' />== WebCacheEvent ==
<section begin='WebCacheEvent' />
These events are created by Web Cache and inserted to the web_cache_stats table periodically.
Attribute Name | Type | Description
getBypassCount |
---|---|---|
bypassCount | long | The number of bypasses
getClass |
class | Class | The class name
getHitBytes |
hitBytes | long | The number of bytes worth of hits
getHitCount |
hitCount | long | The number of hits
getMissBytes |
missBytes | long | The number of bytes worth of misses
getMissCount |
missCount | long | The number of misses
getPartitionTablePostfix getPolicyId |
policyId | Long | The policy ID
getSystemCount |
systemCount | long | The number of system bypasses
getTag getTimeStamp |
timeStamp | Timestamp | The timestamp |
<section end='WebCacheEvent' />== TunnelVpnStatusEvent ==
<section begin='TunnelVpnStatusEvent' />
These events are created by Tunnel VPN and inserted to the tunnel_vpn_stats table periodically.
Attribute Name | Type | Description
getClass |
---|---|---|
class | Class | The class name
getInBytes |
inBytes | long | The number of bytes received from this tunnel
getOutBytes |
outBytes | long | The number of bytes sent in this tunnel
getPartitionTablePostfix getTag getTimeStamp |
timeStamp | Timestamp | The timestamp
getTunnelName |
tunnelName | String | The name of this tunnel |
<section end='TunnelVpnStatusEvent' />== TunnelVpnEvent ==
<section begin='TunnelVpnEvent' />
These events are created by Tunnel VPN and inserted to the tunnel_vpn_events table when a tunnel connection event occurs.
Attribute Name | Type | Description
getClass |
---|---|---|
class | Class | The class name
getEventType |
eventType | TunnelVpnEvent$EventType | The event type
getLocalAddress |
localAddress | InetAddress | The local host address
getPartitionTablePostfix getServerAddress |
serverAddress | InetAddress | The server address
getTag getTimeStamp |
timeStamp | Timestamp | The timestamp
getTunnelName |
tunnelName | String | The name of this tunnel |
<section end='TunnelVpnEvent' />== IntrusionPreventionLogEvent ==
<section begin='IntrusionPreventionLogEvent' />
These events are created by Intrusion Prevention and inserted to the intrusion_prevention_events table when a rule matches.
Attribute Name | Type | Description
getBlocked |
---|---|---|
blocked | boolean | True if blocked, false otherwise
getCategory |
category | String | The category
getClass |
class | Class | The class name
getClassificationId |
classificationId | long | The classification ID
getClasstype |
classtype | String | The classtype
getDportIcode |
dportIcode | int | The dportIcode
getEventId |
eventId | long | The event ID
getEventMicrosecond |
eventMicrosecond | long | The event microsecond
getEventSecond |
eventSecond | long | The event second
getEventType |
eventType | long | The event type
getGeneratorId |
generatorId | long | The generator ID
getImpact |
impact | short | The impact
getImpactFlag |
impactFlag | short | The impact flag
getIpDestination |
ipDestination | InetAddress | The IP address destination
getIpSource |
ipSource | InetAddress | The IP address source
getMplsLabel |
mplsLabel | long | The mplsLabel
getMsg |
msg | String | The msg
getPadding |
padding | int | The padding
getPartitionTablePostfix getPriorityId |
priorityId | long | The priority ID
getProtocol |
protocol | short | The protocol
getRid |
rid | String | Rule ID
getSensorId |
sensorId | long | The sensor ID
getSignatureId |
signatureId | long | The signature ID
getSignatureRevision |
signatureRevision | long | The signature revision
getSportItype |
sportItype | int | The sportItype
getTag getTimeStamp |
timeStamp | Timestamp | The timestamp
getVlanId |
vlanId | int | The VLAN Id |
<section end='IntrusionPreventionLogEvent' />== ApplicationControlLogEvent ==
<section begin='ApplicationControlLogEvent' />
These events are created by Application Control and update the sessions table when application control identifies a session.
Attribute Name | Type | Description
getApplication |
---|---|---|
application | String | The application
getBlocked |
blocked | boolean | True if blocked, false otherwise
getCategory |
category | String | The category
getClass |
class | Class | The class name
getConfidence |
confidence | Integer | The confidence (0-100)
getDetail |
detail | String | The details
getFlagged |
flagged | boolean | True if flagged, false otherwise
getPartitionTablePostfix getProtochain |
protochain | String | The protochain
getRuleId |
ruleId | Integer | The rule ID
getSessionEvent |
sessionEvent | SessionEvent | The session event
getState |
state | Integer | The state
getTag getTimeStamp |
timeStamp | Timestamp | The timestamp |
<section end='ApplicationControlLogEvent' />== LoginEvent ==
<section begin='LoginEvent' />
These events are created by Directory Connector and inserted to the directory_connector_login_events table for each login.
Attribute Name | Type | Description
getClass |
---|---|---|
class | Class | The class name
getClientAddr |
clientAddr | InetAddress | The client address
getDomain |
domain | String | The domain
getEvent |
event | String | The event
getLoginName |
loginName | String | The login name
getLoginType |
loginType | String | W = Windows login, A=Active Directory, R=RADIUS, T=test
getPartitionTablePostfix getTag getTimeStamp |
timeStamp | Timestamp | The timestamp |
<section end='LoginEvent' />== WebFilterEvent ==
<section begin='WebFilterEvent' />
These events are created by Web Filter and update the http_events table when web filter processes a web request.
Attribute Name | Type | Description
getAppName |
---|---|---|
appName | String | The name of the application
getBlocked |
blocked | Boolean | True if blocked, false otherwise
getCategory |
category | String | The category
getCategoryId |
categoryId | Integer | Numeric value of matching category
getClass |
class | Class | The class name
getFlagged |
flagged | Boolean | True if flagged, false otherwise
getPartitionTablePostfix getReason |
reason | Reason | The reason
getRequestLine |
requestLine | RequestLine | The request line
getRuleId |
ruleId | Integer | The rule ID
getSessionEvent |
sessionEvent | SessionEvent | The session event
getTag getTimeStamp |
timeStamp | Timestamp | The timestamp |
<section end='WebFilterEvent' />== WebFilterQueryEvent ==
<section begin='WebFilterQueryEvent' />
These events are created by Web Filter and inserted to the http_query_events table when web filter processes a search engine search.
Attribute Name | Type | Description
getAppName |
---|---|---|
appName | String | The name of the application
getBlocked |
blocked | Boolean | True if blocked, false otherwise
getClass |
class | Class | The class name
getContentLength |
contentLength | long | The content length
getFlagged |
flagged | Boolean | True if flagged, false otherwise
getHost |
host | String | The host
getMethod |
method | HttpMethod | The method
getPartitionTablePostfix getRequestId |
requestId | Long | The request ID
getRequestUri |
requestUri | URI | The request URI
getSessionEvent |
sessionEvent | SessionEvent | The session event
getTag getTerm |
term | String | The search term/phrase
getTimeStamp |
timeStamp | Timestamp | The timestamp |
<section end='WebFilterQueryEvent' />== WanFailoverTestEvent ==
<section begin='WanFailoverTestEvent' />
These events are created by WAN Failover and inserted to the wan_failover_test_events table when a test is run.
Attribute Name | Type | Description
getClass |
---|---|---|
class | Class | The class name
getDescription |
description | String | The description
getInterfaceId |
interfaceId | int | The interface ID
getName |
name | String | The test name
getOsName |
osName | String | The O/S interface name
getPartitionTablePostfix getSuccess |
success | Boolean | True if successful, false otherwise
getTag getTimeStamp |
timeStamp | Timestamp | The timestamp |
<section end='WanFailoverTestEvent' />== WanFailoverEvent ==
<section begin='WanFailoverEvent' />
These events are created by WAN Failover and inserted to the wan_failover_action_events table when WAN Failover takes an action.
Attribute Name | Type | Description
getAction |
---|---|---|
action | WanFailoverEvent$Action | The action
getClass |
class | Class | The class name
getInterfaceId |
interfaceId | int | The interface ID
getName |
name | String | The name
getOsName |
osName | String | The O/S interface name
getPartitionTablePostfix getTag getTimeStamp |
timeStamp | Timestamp | The timestamp |
<section end='WanFailoverEvent' />== ThreatPreventionEvent ==
<section begin='ThreatPreventionEvent' />
These events are created by Threat Prevention and inserted to the sessions table for each threat lookup.
Attribute Name | Type | Description
getBlocked |
---|---|---|
blocked | boolean | True if blocked, false otherwise
getClass |
class | Class | The class name
getClientCategories |
clientCategories | int | Client threat categories
getClientReputation |
clientReputation | int | Client threat reputation
getFlagged |
flagged | boolean | True if flagged, false otherwise
getPartitionTablePostfix getRuleId |
ruleId | long | The rule ID
getServerCategories |
serverCategories | int | Server threat categories
getServerReputation |
serverReputation | int | Server threat reputation
getSessionId |
sessionId | Long | The session ID
getTag getTimeStamp |
timeStamp | Timestamp | The timestamp |
<section end='ThreatPreventionEvent' />== ThreatPreventionHttpEvent ==
<section begin='ThreatPreventionHttpEvent' />
These events are created by Threat Prevention and inserted to the http_events table for each threat lookup.
Attribute Name | Type | Description
getBlocked |
---|---|---|
blocked | Boolean | True if blocked, false otherwise
getCategories |
categories | Integer | Server threat categories
getClass |
class | Class | The class name
getFlagged |
flagged | Boolean | True if flagged, false otherwise
getPartitionTablePostfix getReputation |
reputation | Integer | Server threat reputation
getRequestLine |
requestLine | RequestLine | The request line
getRuleId |
ruleId | Integer | The rule ID
getSessionEvent |
sessionEvent | SessionEvent | The session event
getTag getTimeStamp |
timeStamp | Timestamp | The timestamp |
<section end='ThreatPreventionHttpEvent' />== SpamLogEvent ==
<section begin='SpamLogEvent' />
These events are created by Spam Blocker and update the mail_msgs table when an email is scanned.
Attribute Name | Type | Description
getAction |
---|---|---|
action | SpamMessageAction | The action
getClass |
class | Class | The class name
getClientAddr |
clientAddr | InetAddress | The client address
getClientPort |
clientPort | int | The client port
getMessageId |
messageId | Long | The message ID
getPartitionTablePostfix getReceiver |
receiver | String | The receiver
getScore |
score | float | The score
getSender |
sender | String | The sender
getServerAddr |
serverAddr | InetAddress | The server address
getServerPort |
serverPort | int | The server port
getSmtpMessageEvent |
smtpMessageEvent | SmtpMessageEvent | The parent SMTP message event
isSpam |
isSpam | boolean | True if spam, false otherwise
getSubject |
subject | String | The subject
getTag getTestsString |
testsString | String | The tests string from the spam engine
getTimeStamp |
timeStamp | Timestamp | The timestamp
getVendorName |
vendorName | String | The application name |
<section end='SpamLogEvent' />== SpamSmtpTarpitEvent ==
<section begin='SpamSmtpTarpitEvent' />
These events are created by Spam Blocker and inserted to the smtp_tarpit_events table when a session is tarpitted.
Attribute Name | Type | Description
getIPAddr |
---|---|---|
IPAddr | InetAddress | The IP address
getClass |
class | Class | The class name
getHostname |
hostname | String | The hostname
getPartitionTablePostfix getSessionEvent |
sessionEvent | SessionEvent | The session event
getSessionId |
sessionId | Long | The session ID
getTag getTimeStamp |
timeStamp | Timestamp | The timestamp
getVendorName |
vendorName | String | The application name |
<section end='SpamSmtpTarpitEvent' />== ConfigurationBackupEvent ==
<section begin='ConfigurationBackupEvent' />
These events are created by Configuration Backup and inserted to the configuratio_backup_events table when a backup occurs.
Attribute Name | Type | Description
getClass |
---|---|---|
class | Class | The class name
getDestination |
destination | String | The destination
getDetail |
detail | String | The details
getPartitionTablePostfix getSuccess |
success | boolean | True if successful, false otherwise
getTag getTimeStamp |
timeStamp | Timestamp | The timestamp |
<section end='ConfigurationBackupEvent' />== TunnelStatusEvent ==
<section begin='TunnelStatusEvent' />
These events are created by IPsec VPN and inserted to the ipsec_tunnel_stats table periodically.
Attribute Name | Type | Description
getClass |
---|---|---|
class | Class | The class name
getInBytes |
inBytes | long | The number of bytes received from this tunnel
getOutBytes |
outBytes | long | The number of bytes sent in this tunnel
getPartitionTablePostfix getTag getTimeStamp |
timeStamp | Timestamp | The timestamp
getTunnelName |
tunnelName | String | The name of this tunnel |
<section end='TunnelStatusEvent' />== IpsecVpnEvent ==
<section begin='IpsecVpnEvent' />
These events are created by IPsec VPN and inserted to the ipsec_vpn_events table when IPsec connection event occurs.
Attribute Name | Type | Description
getClass |
---|---|---|
class | Class | The class name
getEventType |
eventType | IpsecVpnEvent$EventType | The event type
getLocalAddress |
localAddress | String | The local host address
getPartitionTablePostfix getRemoteAddress |
remoteAddress | String | The remote host address
getTag getTimeStamp |
timeStamp | Timestamp | The timestamp
getTunnelDescription |
tunnelDescription | String | Description of tunnel |
<section end='IpsecVpnEvent' />== VirtualUserEvent ==
<section begin='VirtualUserEvent' />
These events are created by IPsec VPN and inserted to the ipsec_user_events table when a user event occurs.
Attribute Name | Type | Description
getClass |
---|---|---|
class | Class | The class name
getClientAddress |
clientAddress | InetAddress | The client address
getClientProtocol |
clientProtocol | String | The client protocol
getClientUsername |
clientUsername | String | The client username
getElapsedTime |
elapsedTime | String | The elapsed time
getEventId |
eventId | Long | The event ID
getNetInterface |
netInterface | String | The net interface
getNetProcess |
netProcess | String | The net process
getNetRXbytes |
netRXbytes | Long | The number of RX (received) bytes
getNetTXbytes |
netTXbytes | Long | The number of TX (transmitted) bytes
getPartitionTablePostfix getTag getTimeStamp |
timeStamp | Timestamp | The timestamp |
<section end='VirtualUserEvent' />== SslInspectorLogEvent ==
<section begin='SslInspectorLogEvent' />
These events are created by SSL Inspector and update the sessions table when a session is processed by SSL Inspector.
Attribute Name | Type | Description
getClass |
---|---|---|
class | Class | The class name
getDetail |
detail | String | The details
getPartitionTablePostfix getRuleId |
ruleId | Integer | The rule ID
getSessionEvent |
sessionEvent | SessionEvent | The session event
getStatus |
status | String | The status
getTag getTimeStamp |
timeStamp | Timestamp | The timestamp |
<section end='SslInspectorLogEvent' />== ApplicationControlLiteEvent ==
<section begin='ApplicationControlLiteEvent' />
These events are created by Application Control Lite and update the sessions table when application control lite identifies a session.
Attribute Name | Type | Description
getBlocked |
---|---|---|
blocked | boolean | True if blocked, false otherwise
getClass |
class | Class | The class name
getPartitionTablePostfix getProtocol |
protocol | String | The protocol
getSessionId |
sessionId | Long | The session ID
getTag getTimeStamp |
timeStamp | Timestamp | The timestamp |
<section end='ApplicationControlLiteEvent' />}