Difference between revisions of "Event Definitions"

Revision as of 16:06, 24 June 2019

Events Events Events

All event data is stored in the Database Schema in a relational database. As Untangle and applications process traffic they create Event objects that add and modify content in the database. Each event has it's own class/object with certain fields that modify the database in a certain way.

The list below shows the classes used in the event logging and the attributes of each event object. These can be used to add alerts in Reports or for other event handling within Untangle.

SpamLogEvent

These events are created by Spam Blocker and update the mail_msgs table when an email is scanned.

Attribute Name	Type	Description getAction
action	SpamMessageAction	The action getClass
class	Class	The class name getClientAddr
clientAddr	InetAddress	The client address getClientPort
clientPort	int	The client port getMessageId
messageId	Long	The message ID getPartitionTablePostfix getReceiver
receiver	String	The receiver getScore
score	float	The score getSender
sender	String	The sender getServerAddr
serverAddr	InetAddress	The server address getServerPort
serverPort	int	The server port getSmtpMessageEvent
smtpMessageEvent	SmtpMessageEvent	The parent SMTP message event isSpam
isSpam	boolean	True if spam, false otherwise getSubject
subject	String	The subject getTag getTestsString
testsString	String	The tests string from the spam engine getTimeStamp
timeStamp	Timestamp	The timestamp getVendorName
vendorName	String	The application name

SpamSmtpTarpitEvent

These events are created by Spam Blocker and inserted to the smtp_tarpit_events table when a session is tarpitted.

Attribute Name	Type	Description getIPAddr
IPAddr	InetAddress	The IP address getClass
class	Class	The class name getHostname
hostname	String	The hostname getPartitionTablePostfix getSessionEvent
sessionEvent	SessionEvent	The session event getSessionId
sessionId	Long	The session ID getTag getTimeStamp
timeStamp	Timestamp	The timestamp getVendorName
vendorName	String	The application name

SpamLogEvent

These events are created by Spam Blocker and update the mail_msgs table when an email is scanned.

Attribute Name	Type	Description getAction
action	SpamMessageAction	The action getClass
class	Class	The class name getClientAddr
clientAddr	InetAddress	The client address getClientPort
clientPort	int	The client port getMessageId
messageId	Long	The message ID getPartitionTablePostfix getReceiver
receiver	String	The receiver getScore
score	float	The score getSender
sender	String	The sender getServerAddr
serverAddr	InetAddress	The server address getServerPort
serverPort	int	The server port getSmtpMessageEvent
smtpMessageEvent	SmtpMessageEvent	The parent SMTP message event isSpam
isSpam	boolean	True if spam, false otherwise getSubject
subject	String	The subject getTag getTestsString
testsString	String	The tests string from the spam engine getTimeStamp
timeStamp	Timestamp	The timestamp getVendorName
vendorName	String	The application name

SpamSmtpTarpitEvent

These events are created by Spam Blocker and inserted to the smtp_tarpit_events table when a session is tarpitted.

Attribute Name	Type	Description getIPAddr
IPAddr	InetAddress	The IP address getClass
class	Class	The class name getHostname
hostname	String	The hostname getPartitionTablePostfix getSessionEvent
sessionEvent	SessionEvent	The session event getSessionId
sessionId	Long	The session ID getTag getTimeStamp
timeStamp	Timestamp	The timestamp getVendorName
vendorName	String	The application name

OpenVpnStatusEvent

These events are created by OpenVPN and update the openvpn_stats table periodically.

Attribute Name	Type	Description getAddress
address	InetAddress	The address getBytesRxDelta
bytesRxDelta	long	The delta number of RX (received) bytes from the previous event getBytesRxTotal
bytesRxTotal	long	The total number of RX (received) bytes getBytesTxDelta
bytesTxDelta	long	The delta number of TX (transmitted) bytes from the previous event getBytesTxTotal
bytesTxTotal	long	The total number of TX (transmitted) bytes getClass
class	Class	The class name getClientName
clientName	String	The client name getEnd
end	Timestamp	The end getPartitionTablePostfix getPoolAddress
poolAddress	InetAddress	The pool address getPort
port	int	The port getStart
start	Timestamp	The start getTag getTimeStamp
timeStamp	Timestamp	The timestamp

OpenVpnEvent

These events are created by OpenVPN and update the openvpn_events table when OpenVPN processes a client action.

Attribute Name	Type	Description getAddress
address	InetAddress	The address getClass
class	Class	The class name getClientName
clientName	String	The client name getPartitionTablePostfix getPoolAddress
poolAddress	InetAddress	The pool address getTag getTimeStamp
timeStamp	Timestamp	The timestamp getType
type	OpenVpnEvent$EventType	The type

ApplicationControlLiteEvent

These events are created by Application Control Lite and update the sessions table when application control lite identifies a session.

Attribute Name	Type	Description getBlocked
blocked	boolean	True if blocked, false otherwise getClass
class	Class	The class name getPartitionTablePostfix getProtocol
protocol	String	The protocol getSessionId
sessionId	Long	The session ID getTag getTimeStamp
timeStamp	Timestamp	The timestamp

FirewallEvent

These events are created by Firewall and update the sessions table when a firewall rule matches a session.

Attribute Name	Type	Description getBlocked
blocked	boolean	True if blocked, false otherwise getClass
class	Class	The class name getFlagged
flagged	boolean	True if flagged, false otherwise getPartitionTablePostfix getRuleId
ruleId	long	The rule ID getSessionId
sessionId	Long	The session ID getTag getTimeStamp
timeStamp	Timestamp	The timestamp

PrioritizeEvent

These events are created by the Bandwidth Control and update the session table when a session is prioritized.

Attribute Name	Type	Description getClass
class	Class	The class name getPartitionTablePostfix getPriority
priority	int	The priority getRuleId
ruleId	int	The rule ID getSessionEvent
sessionEvent	SessionEvent	The session event getTag getTimeStamp
timeStamp	Timestamp	The timestamp

AdBlockerEvent

These events are created by Ad Blocker and update the http_events table when an ad is blocked.

Attribute Name	Type	Description getAction
action	Action	The action getClass
class	Class	The class name getPartitionTablePostfix getReason
reason	String	The reason getRequestId
requestId	Long	The request ID getTag getTimeStamp
timeStamp	Timestamp	The timestamp

CookieEvent

These events are created by Ad Blocker and update the http_events table when a cookie is blocked.

Attribute Name	Type	Description getClass
class	Class	The class name getIdentification
identification	String	The identification string getPartitionTablePostfix getRequestId
requestId	Long	The request ID getSessionEvent
sessionEvent	SessionEvent	The session event getTag getTimeStamp
timeStamp	Timestamp	The timestamp

VirusFtpEvent

These events are created by Virus Blocker and update the ftp_events table when Virus Blocker scans an FTP transfer.

Attribute Name	Type	Description getAppName
appName	String	The name of the application getClass
class	Class	The class name getClean
clean	boolean	True if clean, false otherwise getPartitionTablePostfix getSessionEvent
sessionEvent	SessionEvent	The session event getTag getTimeStamp
timeStamp	Timestamp	The timestamp getUri
uri	String	The URI getVirusName
virusName	String	The virus name, if not clean

VirusHttpEvent

These events are created by Virus Blocker and update the http_events table when Virus Blocker scans an HTTP transfer.

Attribute Name	Type	Description getAppName
appName	String	The name of the application getClass
class	Class	The class name getClean
clean	boolean	True if clean, false otherwise getPartitionTablePostfix getRequestLine
requestLine	RequestLine	The request line getSessionEvent
sessionEvent	SessionEvent	The session event getTag getTimeStamp
timeStamp	Timestamp	The timestamp getVirusName
virusName	String	The virus name, if not clean

VirusSmtpEvent

These events are created by Virus Blocker and update the mail_msgs table when Virus Blocker scans an email.

Attribute Name	Type	Description getAction
action	String	The action getAppName
appName	String	The name of the application getClass
class	Class	The class name getClean
clean	boolean	True if clean, false otherwise getMessageId
messageId	Long	The message ID getPartitionTablePostfix getTag getTimeStamp
timeStamp	Timestamp	The timestamp getVirusName
virusName	String	The virus name, if not clean

FirewallEvent

These events are created by Firewall and update the sessions table when a firewall rule matches a session.

Attribute Name	Type	Description getBlocked
blocked	boolean	True if blocked, false otherwise getClass
class	Class	The class name getFlagged
flagged	boolean	True if flagged, false otherwise getPartitionTablePostfix getRuleId
ruleId	long	The rule ID getSessionId
sessionId	Long	The session ID getTag getTimeStamp
timeStamp	Timestamp	The timestamp

OpenVpnStatusEvent

These events are created by OpenVPN and update the openvpn_stats table periodically.

Attribute Name	Type	Description getAddress
address	InetAddress	The address getBytesRxDelta
bytesRxDelta	long	The delta number of RX (received) bytes from the previous event getBytesRxTotal
bytesRxTotal	long	The total number of RX (received) bytes getBytesTxDelta
bytesTxDelta	long	The delta number of TX (transmitted) bytes from the previous event getBytesTxTotal
bytesTxTotal	long	The total number of TX (transmitted) bytes getClass
class	Class	The class name getClientName
clientName	String	The client name getEnd
end	Timestamp	The end getPartitionTablePostfix getPoolAddress
poolAddress	InetAddress	The pool address getPort
port	int	The port getStart
start	Timestamp	The start getTag getTimeStamp
timeStamp	Timestamp	The timestamp

OpenVpnEvent

These events are created by OpenVPN and update the openvpn_events table when OpenVPN processes a client action.

Attribute Name	Type	Description getAddress
address	InetAddress	The address getClass
class	Class	The class name getClientName
clientName	String	The client name getPartitionTablePostfix getPoolAddress
poolAddress	InetAddress	The pool address getTag getTimeStamp
timeStamp	Timestamp	The timestamp getType
type	OpenVpnEvent$EventType	The type

AdminLoginEvent

These events are created by the base system and inserted to the admin_logins table when an administrator login is attempted or successful.

Attribute Name	Type	Description getClass
class	Class	The class name getClientAddress
clientAddress	InetAddress	The client address getLocal
local	boolean	1 if login is done via local console, 0 otherwise getLogin
login	String	The login username getPartitionTablePostfix getReason
reason	String	The reason getSucceeded
succeeded	boolean	1 if successful, 0 otherwise getTag getTimeStamp
timeStamp	Timestamp	The timestamp

AlertEvent

These events are created by Reports and inserted to the alerts table when an alert fires.

Attribute Name	Type	Description getCausalRule
causalRule	EventRule	The causal rule getCause
cause	LogEvent	The cause getClass
class	Class	The class name getDescription
description	String	The description getEventSent
eventSent	Boolean	True if the event was sent, false otherwise getJson
json	String	The JSON string getPartitionTablePostfix getSummaryText
summaryText	String	The summary text getTag getTimeStamp
timeStamp	Timestamp	The timestamp

InterfaceStatEvent

These events are created by the base system and inserted to the interface_stat_events table periodically with interface stats.

Attribute Name	Type	Description getClass
class	Class	The class name getInterfaceId
interfaceId	int	The interface ID getPartitionTablePostfix getRxBytes
rxBytes	double	The total of received bytes getRxRate
rxRate	double	The RX rate in byte/s getTag getTimeStamp
timeStamp	Timestamp	The timestamp getTxBytes
txBytes	double	The total of transmitted bytes getTxRate
txRate	double	The TX rate in byte/s

LogEvent

These base class for all events.

Attribute Name	Type	Description getClass
class	Class	The class name getPartitionTablePostfix getTag getTimeStamp
timeStamp	Timestamp	The timestamp

SystemStatEvent

These events are created by the base system and inserted to the server_events table periodically.

Attribute Name	Type	Description getActiveHosts
activeHosts	int	The active host count getClass
class	Class	The class name getCpuSystem
cpuSystem	float	The system CPU utilization getCpuUser
cpuUser	float	The user CPU utilization getDiskFree
diskFree	long	The amount of disk free getDiskFreePercent
diskFreePercent	float	The percentage of disk free getDiskTotal
diskTotal	long	The total size of the disk getDiskUsed
diskUsed	long	The amount of disk used getDiskUsedPercent
diskUsedPercent	float	The percentage of disk used getLoad1
load1	float	The 1-minute CPU load getLoad15
load15	float	The 15-minute CPU load getLoad5
load5	float	The 5-minute CPU load getMemBuffers
memBuffers	long	The amount of memory used by buffers getMemCache
memCache	long	The amount of memory used by cache getMemFree
memFree	long	The amount of free memory getMemFreePercent
memFreePercent	float	The percentage of total memory that is free getMemTotal
memTotal	long	The total amount of memory getMemUsed
memUsed	long	The amount of used memory getMemUsedPercent
memUsedPercent	float	The percentage of total memory that is used getPartitionTablePostfix getSwapFree
swapFree	long	The amount of free swap getSwapFreePercent
swapFreePercent	float	The percentage of total swap that is free getSwapTotal
swapTotal	long	The total size of swap getSwapUsed
swapUsed	long	The amount of used swap getSwapUsedPercent
swapUsedPercent	float	The percentage of total swap that is used getTag getTimeStamp
timeStamp	Timestamp	The timestamp

SessionMinuteEvent

These events are created by the base system and update the session_minutes table each minute a session exists.

Attribute Name	Type	Description getC2sBytes
c2sBytes	long	The number of bytes sent from the client to the server getClass
class	Class	The class name getPartitionTablePostfix getS2cBytes
s2cBytes	long	The number of bytes sent from the server to the client getSessionId
sessionId	long	The session ID getTag getTimeStamp
timeStamp	Timestamp	The timestamp

SessionEvent

These events are created by the base system and update the sessions table each time a session is created.

Attribute Name	Type	Description getCClientAddr
CClientAddr	InetAddress	The client-side (pre-NAT) client address getCClientPort
CClientPort	Integer	The client-side (pre-NAT) client port getCServerAddr
CServerAddr	InetAddress	The client-side (pre-NAT) server address getCServerPort
CServerPort	Integer	The client-side (pre-NAT) server port getSClientAddr
SClientAddr	InetAddress	The server-side (post-NAT) client address getSClientPort
SClientPort	Integer	The server-side (post-NAT) client port getSServerAddr
SServerAddr	InetAddress	The server-side (post-NAT) server address getSServerPort
SServerPort	Integer	The server-side (post-NAT) server port getBypassed
bypassed	boolean	True if bypassed, false otherwise getClass
class	Class	The class name getClientCountry
clientCountry	String	The client country getClientIntf
clientIntf	Integer	The client interface ID getClientLatitude
clientLatitude	Double	The client latitude getClientLongitude
clientLongitude	Double	The client longitude getEntitled
entitled	boolean	The entitled status getFilterPrefix
filterPrefix	String	The filter prefix if blocked by the filter rules getHostname
hostname	String	The hostname getIcmpType
icmpType	Short	The ICMP type getLocalAddr
localAddr	InetAddress	The local host address getPartitionTablePostfix getPolicyId
policyId	Integer	The policy ID getPolicyRuleId
policyRuleId	Integer	The policy rule ID getProtocol
protocol	Short	The protocol getProtocolName
protocolName	String	The protocol name getRemoteAddr
remoteAddr	InetAddress	The remote host address getServerCountry
serverCountry	String	The server country getServerIntf
serverIntf	Integer	The server interface ID getServerLatitude
serverLatitude	Double	The server latitude getServerLongitude
serverLongitude	Double	The server longitude getSessionId
sessionId	Long	The session ID getTag getTimeStamp
timeStamp	Timestamp	The timestamp getUsername
username	String	The username

SessionStatsEvent

These events are created by the base system and update the sessions table when a session ends with the updated stats.

Attribute Name	Type	Description getC2pBytes
c2pBytes	long	The number of bytes sent from the client to Untangle getClass
class	Class	The class name getEndTime
endTime	long	The end time/date getP2cBytes
p2cBytes	long	The number of bytes sent to the client from Untangle getP2sBytes
p2sBytes	long	The number of bytes sent to the server from Untangle getPartitionTablePostfix getS2pBytes
s2pBytes	long	The number of bytes sent from the server to Untangle getSessionId
sessionId	Long	The session ID getTag getTimeStamp
timeStamp	Timestamp	The timestamp

SessionNatEvent

These events are created by the base system and update the sessions table each time a session is NATd with the post-NAT information.

Attribute Name	Type	Description getSClientAddr
SClientAddr	InetAddress	The server-side (post-NAT) client address getSClientPort
SClientPort	Integer	The server-side (post-NAT) client port getSServerAddr
SServerAddr	InetAddress	The server-side (post-NAT) server address getSServerPort
SServerPort	Integer	The server-side (post-NAT) server port getClass
class	Class	The class name getPartitionTablePostfix getServerIntf
serverIntf	Integer	The server interface ID getTag getTimeStamp
timeStamp	Timestamp	The timestamp

QuotaEvent

These events are created by the Bandwidth Control and inserted or update the quotas table when quotas are given or exceeded.

Attribute Name	Type	Description getAction
action	int	The action (1=Quota Given, 2=Quota Exceeded) getAddress
address	InetAddress	The address getClass
class	Class	The class name getPartitionTablePostfix getQuotaSize
quotaSize	long	The quota size getReason
reason	String	The reason getTag getTimeStamp
timeStamp	Timestamp	The timestamp

HostTableEvent

These events are created by the base system and inserted to the host_table_updates table when the host table is modified.

Attribute Name	Type	Description getAddress
address	InetAddress	The address getClass
class	Class	The class name getKey
key	String	The key getOldValue
oldValue	String	The old value getPartitionTablePostfix getTag getTimeStamp
timeStamp	Timestamp	The timestamp getValue
value	String	The value

DeviceTableEvent

These events are created by the base system and inserted to the device_table_updates table when the device list is modified.

Attribute Name	Type	Description getClass
class	Class	The class name getDevice
device	DeviceTableEntry	The Device getKey
key	String	The key getMacAddress
macAddress	String	The MAC address getOldValue
oldValue	String	The old value getPartitionTablePostfix getTag getTimeStamp
timeStamp	Timestamp	The timestamp getValue
value	String	The value

SettingsChangesEvent

These events are created by the base system and inserted to the settings_changes table when settings are changed.

Attribute Name	Type	Description getClass
class	Class	The class name getHostname
hostname	String	The hostname getPartitionTablePostfix getSettingsFile
settingsFile	String	The settings file getTag getTimeStamp
timeStamp	Timestamp	The timestamp getUsername
username	String	The username

UserTableEvent

These events are created by the base system and inserted to the user_table_updates table when the user table is modified.

Attribute Name	Type	Description getClass
class	Class	The class name getKey
key	String	The key getOldValue
oldValue	String	The old value getPartitionTablePostfix getTag getTimeStamp
timeStamp	Timestamp	The timestamp getUsername
username	String	The username getValue
value	String	The value

SessionMinuteEvent

These events are created by the base system and update the session_minutes table each minute a session exists.

Attribute Name	Type	Description getC2sBytes
c2sBytes	long	The number of bytes sent from the client to the server getClass
class	Class	The class name getPartitionTablePostfix getS2cBytes
s2cBytes	long	The number of bytes sent from the server to the client getSessionId
sessionId	long	The session ID getTag getTimeStamp
timeStamp	Timestamp	The timestamp

SessionEvent

These events are created by the base system and update the sessions table each time a session is created.

Attribute Name	Type	Description getCClientAddr
CClientAddr	InetAddress	The client-side (pre-NAT) client address getCClientPort
CClientPort	Integer	The client-side (pre-NAT) client port getCServerAddr
CServerAddr	InetAddress	The client-side (pre-NAT) server address getCServerPort
CServerPort	Integer	The client-side (pre-NAT) server port getSClientAddr
SClientAddr	InetAddress	The server-side (post-NAT) client address getSClientPort
SClientPort	Integer	The server-side (post-NAT) client port getSServerAddr
SServerAddr	InetAddress	The server-side (post-NAT) server address getSServerPort
SServerPort	Integer	The server-side (post-NAT) server port getBypassed
bypassed	boolean	True if bypassed, false otherwise getClass
class	Class	The class name getClientCountry
clientCountry	String	The client country getClientIntf
clientIntf	Integer	The client interface ID getClientLatitude
clientLatitude	Double	The client latitude getClientLongitude
clientLongitude	Double	The client longitude getEntitled
entitled	boolean	The entitled status getFilterPrefix
filterPrefix	String	The filter prefix if blocked by the filter rules getHostname
hostname	String	The hostname getIcmpType
icmpType	Short	The ICMP type getLocalAddr
localAddr	InetAddress	The local host address getPartitionTablePostfix getPolicyId
policyId	Integer	The policy ID getPolicyRuleId
policyRuleId	Integer	The policy rule ID getProtocol
protocol	Short	The protocol getProtocolName
protocolName	String	The protocol name getRemoteAddr
remoteAddr	InetAddress	The remote host address getServerCountry
serverCountry	String	The server country getServerIntf
serverIntf	Integer	The server interface ID getServerLatitude
serverLatitude	Double	The server latitude getServerLongitude
serverLongitude	Double	The server longitude getSessionId
sessionId	Long	The session ID getTag getTagsString
tagsString	String	The string value of all tags getTimeStamp
timeStamp	Timestamp	The timestamp getUsername
username	String	The username

SessionStatsEvent

These events are created by the base system and update the sessions table when a session ends with the updated stats.

Attribute Name	Type	Description getC2pBytes
c2pBytes	long	The number of bytes sent from the client to Untangle getClass
class	Class	The class name getEndTime
endTime	long	The end time/date getP2cBytes
p2cBytes	long	The number of bytes sent to the client from Untangle getP2sBytes
p2sBytes	long	The number of bytes sent to the server from Untangle getPartitionTablePostfix getS2pBytes
s2pBytes	long	The number of bytes sent from the server to Untangle getSessionEvent
sessionEvent	SessionEvent	The session event getSessionId
sessionId	Long	The session ID getTag getTimeStamp
timeStamp	Timestamp	The timestamp

SessionNatEvent

These events are created by the base system and update the sessions table each time a session is NATd with the post-NAT information.

Attribute Name	Type	Description getSClientAddr
SClientAddr	InetAddress	The server-side (post-NAT) client address getSClientPort
SClientPort	Integer	The server-side (post-NAT) client port getSServerAddr
SServerAddr	InetAddress	The server-side (post-NAT) server address getSServerPort
SServerPort	Integer	The server-side (post-NAT) server port getClass
class	Class	The class name getPartitionTablePostfix getServerIntf
serverIntf	Integer	The server interface ID getSessionEvent
sessionEvent	SessionEvent	The session event getTag getTimeStamp
timeStamp	Timestamp	The timestamp

QuotaEvent

These events are created by the Bandwidth Control and inserted or update the quotas table when quotas are given or exceeded.

Attribute Name	Type	Description getAction
action	int	The action (1=Quota Given, 2=Quota Exceeded) getClass
class	Class	The class name getEntity
entity	String	The entity getPartitionTablePostfix getQuotaSize
quotaSize	long	The quota size getReason
reason	String	The reason getTag getTimeStamp
timeStamp	Timestamp	The timestamp

SmtpMessageAddressEvent

These events are created by SMTP subsystem and inserted to the mail_addrs table for each address on each email.

Attribute Name	Type	Description getAddr
addr	String	The address getClass
class	Class	The class name getKind
kind	AddressKind	The type for this address (F=From, T=To, C=CC, G=Envelope From, B=Envelope To, X=Unknown) getMessageId
messageId	Long	The message ID getPartitionTablePostfix getPersonal
personal	String	personal getTag getTimeStamp
timeStamp	Timestamp	The timestamp

SmtpMessageEvent

These events are created by SMTP subsystem and inserted to the mail_msgs table for each email.

Attribute Name	Type	Description getAddresses
addresses	Set	The addresses getClass
class	Class	The class name getEnvelopeFromAddress
envelopeFromAddress	String	The envelop FROM address getEnvelopeToAddress
envelopeToAddress	String	The envelope TO address getMessageId
messageId	Long	The message ID getPartitionTablePostfix getReceiver
receiver	String	The receiver getSender
sender	String	The sender getSessionEvent
sessionEvent	SessionEvent	The session event getSessionId
sessionId	Long	The session ID getSubject
subject	String	The subject getTag getTimeStamp
timeStamp	Timestamp	The timestamp getTmpFile
tmpFile	File	The /tmp file

CaptureRuleEvent

These events are created by Captive Portal and update the sessions table when Captive Portal processes a session.

Attribute Name	Type	Description getCaptured
captured	boolean	True if captured, false otherwise getClass
class	Class	The class name getPartitionTablePostfix getRuleId
ruleId	Integer	The rule ID getSessionEvent
sessionEvent	SessionEvent	The session event getTag getTimeStamp
timeStamp	Timestamp	The timestamp

CaptivePortalUserEvent

These events are created by Captive Portal and inserted to the captive_portal_user_events table when Captive Portal user takes an action.

Attribute Name	Type	Description getAuthenticationType
authenticationType	CaptivePortalSettings$AuthenticationType	The authentication type getAuthenticationTypeValue
authenticationTypeValue	String	The authentication type as a string getClass
class	Class	The class name getClientAddr
clientAddr	String	The client address getEvent
event	CaptivePortalUserEvent$EventType	The event (LOGIN, FAILED, TIMEOUT, INACTIVE, USER_LOGOUT, ADMIN_LOGOUT) getEventValue
eventValue	String	The event value as a string (LOGIN, FAILED, TIMEOUT, INACTIVE, USER_LOGOUT, ADMIN_LOGOUT) getLoginName
loginName	String	The login name getPartitionTablePostfix getPolicyId
policyId	Integer	The policy ID getTag getTimeStamp
timeStamp	Timestamp	The timestamp

AdBlockerEvent

These events are created by Ad Blocker and update the http_events table when an ad is blocked.

Attribute Name	Type	Description getAction
action	Action	The action getClass
class	Class	The class name getPartitionTablePostfix getReason
reason	String	The reason getRequestId
requestId	Long	The request ID getTag getTimeStamp
timeStamp	Timestamp	The timestamp

CookieEvent

These events are created by Ad Blocker and update the http_events table when a cookie is blocked.

Attribute Name	Type	Description getClass
class	Class	The class name getIdentification
identification	String	The identification string getPartitionTablePostfix getRequestId
requestId	Long	The request ID getSessionEvent
sessionEvent	SessionEvent	The session event getTag getTimeStamp
timeStamp	Timestamp	The timestamp

HttpRequestEvent

These events are created by HTTP subsystem and inserted to the http_events table when a web request happens.

Attribute Name	Type	Description getClass
class	Class	The class name getContentLength
contentLength	long	The content length getDomain
domain	String	The domain getHost
host	String	The host getMethod
method	HttpMethod	The HTTP method getPartitionTablePostfix getReferer
referer	String	The referer getRequestId
requestId	Long	The request ID getRequestUri
requestUri	URI	The request URI getSessionEvent
sessionEvent	SessionEvent	The session event getTag getTimeStamp
timeStamp	Timestamp	The timestamp

HttpResponseEvent

These events are created by HTTP subsystem and update the http_events table when a web response happens.

Attribute Name	Type	Description getClass
class	Class	The class name getContentFilename
contentFilename	String	The content filename getContentLength
contentLength	long	The content length getContentType
contentType	String	The content type getHttpRequestEvent
httpRequestEvent	HttpRequestEvent	The corresponding HTTP request event getPartitionTablePostfix getRequestLine
requestLine	RequestLine	The request line getTag getTimeStamp
timeStamp	Timestamp	The timestamp

WebCacheEvent

These events are created by Web Cache and inserted to the web_cache_stats table periodically.

Attribute Name	Type	Description getBypassCount
bypassCount	long	The number of bypasses getClass
class	Class	The class name getHitBytes
hitBytes	long	The number of bytes worth of hits getHitCount
hitCount	long	The number of hits getMissBytes
missBytes	long	The number of bytes worth of misses getMissCount
missCount	long	The number of misses getPartitionTablePostfix getPolicyId
policyId	Long	The policy ID getSystemCount
systemCount	long	The number of system bypasses getTag getTimeStamp
timeStamp	Timestamp	The timestamp

TunnelVpnStatusEvent

These events are created by Tunnel VPN and inserted to the tunnel_vpn_stats table periodically.

Attribute Name	Type	Description getClass
class	Class	The class name getInBytes
inBytes	long	The number of bytes received from this tunnel getOutBytes
outBytes	long	The number of bytes sent in this tunnel getPartitionTablePostfix getTag getTimeStamp
timeStamp	Timestamp	The timestamp getTunnelName
tunnelName	String	The name of this tunnel

TunnelVpnEvent

These events are created by Tunnel VPN and inserted to the tunnel_vpn_events table when a tunnel connection event occurs.

Attribute Name	Type	Description getClass
class	Class	The class name getEventType
eventType	TunnelVpnEvent$EventType	The event type getLocalAddress
localAddress	InetAddress	The local host address getPartitionTablePostfix getServerAddress
serverAddress	InetAddress	The server address getTag getTimeStamp
timeStamp	Timestamp	The timestamp getTunnelName
tunnelName	String	The name of this tunnel

IntrusionPreventionLogEvent

These events are created by Intrusion Prevention and inserted to the intrusion_prevention_events table when a rule matches.

Attribute Name	Type	Description getBlocked
blocked	boolean	True if blocked, false otherwise getCategory
category	String	The category getClass
class	Class	The class name getClassificationId
classificationId	long	The classification ID getClasstype
classtype	String	The classtype getDportIcode
dportIcode	int	The dportIcode getEventId
eventId	long	The event ID getEventMicrosecond
eventMicrosecond	long	The event microsecond getEventSecond
eventSecond	long	The event second getEventType
eventType	long	The event type getGeneratorId
generatorId	long	The generator ID getImpact
impact	short	The impact getImpactFlag
impactFlag	short	The impact flag getIpDestination
ipDestination	InetAddress	The IP address destination getIpSource
ipSource	InetAddress	The IP address source getMplsLabel
mplsLabel	long	The mplsLabel getMsg
msg	String	The msg getPadding
padding	int	The padding getPartitionTablePostfix getPriorityId
priorityId	long	The priority ID getProtocol
protocol	short	The protocol getRid
rid	String	Rule ID getSensorId
sensorId	long	The sensor ID getSignatureId
signatureId	long	The signature ID getSignatureRevision
signatureRevision	long	The signature revision getSportItype
sportItype	int	The sportItype getTag getTimeStamp
timeStamp	Timestamp	The timestamp getVlanId
vlanId	int	The VLAN Id

AlertEvent

These events are created by Reports and inserted to the alerts table when an alert fires.

Attribute Name	Type	Description getCause
cause	LogEvent	The cause getClass
class	Class	The class name getDescription
description	String	The description getJson
json	JSONObject	The JSON string getPartitionTablePostfix getSummaryText
summaryText	String	The summary text getTag getTimeStamp
timeStamp	Timestamp	The timestamp

SmtpMessageAddressEvent

These events are created by SMTP subsystem and inserted to the mail_addrs table for each address on each email.

Attribute Name	Type	Description getAddr
addr	String	The address getClass
class	Class	The class name getKind
kind	AddressKind	The type for this address (F=From, T=To, C=CC, G=Envelope From, B=Envelope To, X=Unknown) getMessageId
messageId	Long	The message ID getPartitionTablePostfix getPersonal
personal	String	personal getTag getTimeStamp
timeStamp	Timestamp	The timestamp

SmtpMessageEvent

These events are created by SMTP subsystem and inserted to the mail_msgs table for each email.

Attribute Name	Type	Description getAddresses
addresses	Set	The addresses getClass
class	Class	The class name getEnvelopeFromAddress
envelopeFromAddress	String	The envelop FROM address getEnvelopeToAddress
envelopeToAddress	String	The envelope TO address getMessageId
messageId	Long	The message ID getPartitionTablePostfix getReceiver
receiver	String	The receiver getSender
sender	String	The sender getSessionEvent
sessionEvent	SessionEvent	The session event getSessionId
sessionId	Long	The session ID getSubject
subject	String	The subject getTag getTimeStamp
timeStamp	Timestamp	The timestamp getTmpFile
tmpFile	File	The /tmp file

ApplicationControlLogEvent

These events are created by Application Control and update the sessions table when application control identifies a session.

Attribute Name	Type	Description getApplication
application	String	The application getBlocked
blocked	boolean	True if blocked, false otherwise getCategory
category	String	The category getClass
class	Class	The class name getConfidence
confidence	Integer	The confidence (0-100) getDetail
detail	String	The details getFlagged
flagged	boolean	True if flagged, false otherwise getPartitionTablePostfix getProtochain
protochain	String	The protochain getRuleId
ruleId	Integer	The rule ID getSessionEvent
sessionEvent	SessionEvent	The session event getState
state	Integer	The state getTag getTimeStamp
timeStamp	Timestamp	The timestamp

LoginEvent

These events are created by Directory Connector and inserted to the directory_connector_login_events table for each login.

Attribute Name	Type	Description getClass
class	Class	The class name getClientAddr
clientAddr	InetAddress	The client address getDomain
domain	String	The domain getEvent
event	String	The event getLoginName
loginName	String	The login name getLoginType
loginType	String	W = Windows login, A=Active Directory, R=RADIUS, T=test getPartitionTablePostfix getTag getTimeStamp
timeStamp	Timestamp	The timestamp

WebFilterEvent

These events are created by Web Filter and update the http_events table when web filter processes a web request.

Attribute Name	Type	Description getAppName
appName	String	The name of the application getBlocked
blocked	Boolean	True if blocked, false otherwise getCategory
category	String	The category getCategoryId
categoryId	Integer	Numeric value of matching category getClass
class	Class	The class name getFlagged
flagged	Boolean	True if flagged, false otherwise getPartitionTablePostfix getReason
reason	Reason	The reason getRequestLine
requestLine	RequestLine	The request line getRuleId
ruleId	Integer	The rule ID getSessionEvent
sessionEvent	SessionEvent	The session event getTag getTimeStamp
timeStamp	Timestamp	The timestamp

WebFilterQueryEvent

These events are created by Web Filter and inserted to the http_query_events table when web filter processes a search engine search.

Attribute Name	Type	Description getAppName
appName	String	The name of the application getBlocked
blocked	Boolean	True if blocked, false otherwise getClass
class	Class	The class name getContentLength
contentLength	long	The content length getFlagged
flagged	Boolean	True if flagged, false otherwise getHost
host	String	The host getMethod
method	HttpMethod	The method getPartitionTablePostfix getRequestId
requestId	Long	The request ID getRequestUri
requestUri	URI	The request URI getSessionEvent
sessionEvent	SessionEvent	The session event getTag getTerm
term	String	The search term/phrase getTimeStamp
timeStamp	Timestamp	The timestamp

WanFailoverTestEvent

These events are created by WAN Failover and inserted to the wan_failover_test_events table when a test is run.

Attribute Name	Type	Description getClass
class	Class	The class name getDescription
description	String	The description getInterfaceId
interfaceId	int	The interface ID getName
name	String	The test name getOsName
osName	String	The O/S interface name getPartitionTablePostfix getSuccess
success	Boolean	True if successful, false otherwise getTag getTimeStamp
timeStamp	Timestamp	The timestamp

WanFailoverEvent

These events are created by WAN Failover and inserted to the wan_failover_action_events table when WAN Failover takes an action.

Attribute Name	Type	Description getAction
action	WanFailoverEvent$Action	The action getClass
class	Class	The class name getInterfaceId
interfaceId	int	The interface ID getName
name	String	The name getOsName
osName	String	The O/S interface name getPartitionTablePostfix getTag getTimeStamp
timeStamp	Timestamp	The timestamp

CaptureRuleEvent

These events are created by Captive Portal and update the sessions table when Captive Portal processes a session.

Attribute Name	Type	Description getCaptured
captured	boolean	True if captured, false otherwise getClass
class	Class	The class name getPartitionTablePostfix getRuleId
ruleId	Integer	The rule ID getSessionEvent
sessionEvent	SessionEvent	The session event getTag getTimeStamp
timeStamp	Timestamp	The timestamp

CaptivePortalUserEvent

These events are created by Captive Portal and inserted to the captive_portal_user_events table when Captive Portal user takes an action.

Attribute Name	Type	Description getAuthenticationType
authenticationType	CaptivePortalSettings$AuthenticationType	The authentication type getAuthenticationTypeValue
authenticationTypeValue	String	The authentication type as a string getClass
class	Class	The class name getClientAddr
clientAddr	InetAddress	The client address getEvent
event	CaptivePortalUserEvent$EventType	The event (LOGIN, FAILED, TIMEOUT, INACTIVE, USER_LOGOUT, ADMIN_LOGOUT) getEventValue
eventValue	String	The event value as a string (LOGIN, FAILED, TIMEOUT, INACTIVE, USER_LOGOUT, ADMIN_LOGOUT) getLoginName
loginName	String	The login name getPartitionTablePostfix getPolicyId
policyId	Integer	The policy ID getTag getTimeStamp
timeStamp	Timestamp	The timestamp

SpamLogEvent

These events are created by Spam Blocker and update the mail_msgs table when an email is scanned.

Attribute Name	Type	Description getAction
action	SpamMessageAction	The action getClass
class	Class	The class name getClientAddr
clientAddr	InetAddress	The client address getClientPort
clientPort	int	The client port getMessageId
messageId	Long	The message ID getPartitionTablePostfix getReceiver
receiver	String	The receiver getScore
score	float	The score getSender
sender	String	The sender getServerAddr
serverAddr	InetAddress	The server address getServerPort
serverPort	int	The server port getSmtpMessageEvent
smtpMessageEvent	SmtpMessageEvent	The parent SMTP message event isSpam
isSpam	boolean	True if spam, false otherwise getSubject
subject	String	The subject getTag getTestsString
testsString	String	The tests string from the spam engine getTimeStamp
timeStamp	Timestamp	The timestamp getVendorName
vendorName	String	The application name

SpamSmtpTarpitEvent

These events are created by Spam Blocker and inserted to the smtp_tarpit_events table when a session is tarpitted.

Attribute Name	Type	Description getIPAddr
IPAddr	InetAddress	The IP address getClass
class	Class	The class name getHostname
hostname	String	The hostname getPartitionTablePostfix getSessionEvent
sessionEvent	SessionEvent	The session event getSessionId
sessionId	Long	The session ID getTag getTimeStamp
timeStamp	Timestamp	The timestamp getVendorName
vendorName	String	The application name

ConfigurationBackupEvent

These events are created by Configuration Backup and inserted to the configuratio_backup_events table when a backup occurs.

Attribute Name	Type	Description getClass
class	Class	The class name getDestination
destination	String	The destination getDetail
detail	String	The details getPartitionTablePostfix getSuccess
success	boolean	True if successful, false otherwise getTag getTimeStamp
timeStamp	Timestamp	The timestamp

TunnelStatusEvent

These events are created by IPsec VPN and inserted to the ipsec_tunnel_stats table periodically.

Attribute Name	Type	Description getClass
class	Class	The class name getInBytes
inBytes	long	The number of bytes received from this tunnel getOutBytes
outBytes	long	The number of bytes sent in this tunnel getPartitionTablePostfix getTag getTimeStamp
timeStamp	Timestamp	The timestamp getTunnelName
tunnelName	String	The name of this tunnel

IpsecVpnEvent

These events are created by IPsec VPN and inserted to the ipsec_vpn_events table when IPsec connection event occurs.

Attribute Name	Type	Description getClass
class	Class	The class name getEventType
eventType	IpsecVpnEvent$EventType	The event type getLocalAddress
localAddress	String	The local host address getPartitionTablePostfix getRemoteAddress
remoteAddress	String	The remote host address getTag getTimeStamp
timeStamp	Timestamp	The timestamp getTunnelDescription
tunnelDescription	String	Description of tunnel

VirtualUserEvent

These events are created by IPsec VPN and inserted to the ipsec_user_events table when a user event occurs.

Attribute Name	Type	Description getClass
class	Class	The class name getClientAddress
clientAddress	InetAddress	The client address getClientProtocol
clientProtocol	String	The client protocol getClientUsername
clientUsername	String	The client username getElapsedTime
elapsedTime	String	The elapsed time getEventId
eventId	Long	The event ID getNetInterface
netInterface	String	The net interface getNetProcess
netProcess	String	The net process getNetRXbytes
netRXbytes	Long	The number of RX (received) bytes getNetTXbytes
netTXbytes	Long	The number of TX (transmitted) bytes getPartitionTablePostfix getTag getTimeStamp
timeStamp	Timestamp	The timestamp

SslInspectorLogEvent

These events are created by SSL Inspector and update the sessions table when a session is processed by SSL Inspector.

Attribute Name	Type	Description getClass
class	Class	The class name getDetail
detail	String	The details getPartitionTablePostfix getRuleId
ruleId	Integer	The rule ID getSessionEvent
sessionEvent	SessionEvent	The session event getStatus
status	String	The status getTag getTimeStamp
timeStamp	Timestamp	The timestamp

ApplicationControlLiteEvent

These events are created by Application Control Lite and update the sessions table when application control lite identifies a session.

Attribute Name	Type	Description getBlocked
blocked	boolean	True if blocked, false otherwise getClass
class	Class	The class name getPartitionTablePostfix getProtocol
protocol	String	The protocol getSessionId
sessionId	Long	The session ID getTag getTimeStamp
timeStamp	Timestamp	The timestamp

HttpRequestEvent

These events are created by HTTP subsystem and inserted to the http_events table when a web request happens.

Attribute Name	Type	Description getClass
class	Class	The class name getContentLength
contentLength	long	The content length getDomain
domain	String	The domain getHost
host	String	The host getMethod
method	HttpMethod	The HTTP method getPartitionTablePostfix getReferer
referer	String	The referer getRequestId
requestId	Long	The request ID getRequestUri
requestUri	URI	The request URI getSessionEvent
sessionEvent	SessionEvent	The session event getTag getTimeStamp
timeStamp	Timestamp	The timestamp

HttpResponseEvent

These events are created by HTTP subsystem and update the http_events table when a web response happens.

Attribute Name	Type	Description getClass
class	Class	The class name getContentLength
contentLength	long	The content length getContentType
contentType	String	The content type getHttpRequestEvent
httpRequestEvent	HttpRequestEvent	The corresponding HTTP request event getPartitionTablePostfix getRequestLine
requestLine	RequestLine	The request line getTag getTimeStamp
timeStamp	Timestamp	The timestamp

IntrusionPreventionLogEvent

These events are created by Intrusion Prevention and inserted to the intrusion_prevention_events table when a rule matches.

Attribute Name	Type	Description getBlocked
blocked	short	True if blocked, false otherwise getCategory
category	String	The category getClass
class	Class	The class name getClassificationId
classificationId	long	The classification ID getClasstype
classtype	String	The classtype getDportIcode
dportIcode	int	The dportIcode getEventId
eventId	long	The event ID getEventMicrosecond
eventMicrosecond	long	The event microsecond getEventSecond
eventSecond	long	The event second getEventType
eventType	long	The event type getGeneratorId
generatorId	long	The generator ID getImpact
impact	short	The impact getImpactFlag
impactFlag	short	The impact flag getIpDestination
ipDestination	InetAddress	The IP address destination getIpSource
ipSource	InetAddress	The IP address source getMplsLabel
mplsLabel	long	The mplsLabel getMsg
msg	String	The msg getPadding
padding	int	The padding getPartitionTablePostfix getPriorityId
priorityId	long	The priority ID getProtocol
protocol	short	The protocol getSensorId
sensorId	long	The sensor ID getSignatureId
signatureId	long	The signature ID getSignatureRevision
signatureRevision	long	The signature revision getSportItype
sportItype	int	The sportItype getTag getTimeStamp
timeStamp	Timestamp	The timestamp getVlanId
vlanId	int	The VLAN Id

@@ Line 8: / Line 8: @@
 The list below shows the classes used in the event logging and the attributes of each event object. These can be used to add alerts in [[Reports]] or for other event handling within Untangle.
-== HostTableEvent ==
+== SpamLogEvent ==
-<section begin='HostTableEvent' />
+<section begin='SpamLogEvent' />
-These events are created by the base system and inserted to the [[Database_Schema#host_table_updates|host_table_updates]] table when the host table is modified.
+These events are created by [[Spam Blocker]] and update the [[Database_Schema#mail_msgs|mail_msgs]] table when an email is scanned.
 {| border="1" cellpadding="2" width="90%" align="center"
@@ Line 17: / Line 17: @@
 ! Type
 ! Description
+getAction
 |-
-|address
+|action
-|InetAddress
+|SpamMessageAction
-|The address
+|The action
+getClass
 |-
 |class
 |Class
 |The class name
+getClientAddr
 |-
-|key
+|clientAddr
-|String
+|InetAddress
-|The key
+|The client address
+getClientPort
 |-
-|oldValue
+|clientPort
-|String
+|int
-|The old value
+|The client port
+getMessageId
 |-
-|timeStamp
+|messageId
-|Timestamp
+|Long
-|The timestamp
+|The message ID
+getPartitionTablePostfix
+getReceiver
 |-
-|value
+|receiver
 |String
-|The value
+|The receiver
-|}
+getScore
-<section end='HostTableEvent' />
+|-
+|score
+|float
-== DeviceTableEvent ==
+|The score
-<section begin='DeviceTableEvent' />
+getSender
-These events are created by the base system and inserted to the [[Database_Schema#device_table_updates|device_table_updates]] table when the device list is modified.
-{| border="1" cellpadding="2" width="90%" align="center"
-! Attribute Name
-! Type
-! Description
 |-
-|class
+|sender
-|Class
+|String
-|The class name
+|The sender
+getServerAddr
 |-
-|device
+|serverAddr
-|DeviceTableEntry
+|InetAddress
-|The Device
+|The server address
+getServerPort
 |-
-|key
+|serverPort
-|String
+|int
-|The key
+|The server port
+getSmtpMessageEvent
 |-
-|macAddress
+|smtpMessageEvent
+|SmtpMessageEvent
+|The parent SMTP message event
+isSpam
+|-
+|isSpam
+|boolean
+|True if spam, false otherwise
+getSubject
+|-
+|subject
 |String
-|The MAC address
+|The subject
+getTag
+getTestsString
 |-
-|oldValue
+|testsString
 |String
-|The old value
+|The tests string from the spam engine
+getTimeStamp
 |-
 |timeStamp
 |Timestamp
 |The timestamp
+getVendorName
 |-
-|value
+|vendorName
 |String
-|The value
+|The application name
 |}
-<section end='DeviceTableEvent' />
+<section end='SpamLogEvent' />
-== UserTableEvent ==
+== SpamSmtpTarpitEvent ==
-<section begin='UserTableEvent' />
+<section begin='SpamSmtpTarpitEvent' />
-These events are created by the base system and inserted to the [[Database_Schema#user_table_updates|user_table_updates]] table when the user table is modified.
+These events are created by [[Spam Blocker]] and inserted to the [[Database_Schema#smtp_tarpit_events|smtp_tarpit_events]] table when a session is tarpitted.
 {| border="1" cellpadding="2" width="90%" align="center"
@@ Line 95: / Line 112: @@
 ! Type
 ! Description
+getIPAddr
+|-
+|IPAddr
+|InetAddress
+|The IP address
+getClass
 |-
 |class
 |Class
 |The class name
+getHostname
 |-
-|key
+|hostname
 |String
-|The key
+|The hostname
+getPartitionTablePostfix
+getSessionEvent
 |-
-|oldValue
+|sessionEvent
-|String
+|SessionEvent
-|The old value
+|The session event
+getSessionId
+|-
+|sessionId
+|Long
+|The session ID
+getTag
+getTimeStamp
 |-
 |timeStamp
 |Timestamp
 |The timestamp
+getVendorName
 |-
-|username
+|vendorName
 |String
-|The username
+|The application name
-|-
-|value
-|String
-|The value
 |}
-<section end='UserTableEvent' />
+<section end='SpamSmtpTarpitEvent' />
-== SessionStatsEvent ==
+== SpamLogEvent ==
-<section begin='SessionStatsEvent' />
+<section begin='SpamLogEvent' />
-These events are created by the base system and update the [[Database_Schema#sessions|sessions]] table when a session ends with the updated stats.
+These events are created by [[Spam Blocker]] and update the [[Database_Schema#mail_msgs|mail_msgs]] table when an email is scanned.
 {| border="1" cellpadding="2" width="90%" align="center"
@@ Line 132: / Line 162: @@
 ! Type
 ! Description
+getAction
 |-
-|c2pBytes
+|action
-|long
+|SpamMessageAction
-|The number of bytes sent from the client to Untangle
+|The action
+getClass
 |-
 |class
 |Class
 |The class name
+getClientAddr
 |-
-|endTime
+|clientAddr
-|long
+|InetAddress
-|The end time/date
+|The client address
+getClientPort
 |-
-|p2cBytes
+|clientPort
-|long
+|int
-|The number of bytes sent to the client from Untangle
+|The client port
+getMessageId
 |-
-|p2sBytes
+|messageId
-|long
+|Long
-|The number of bytes sent to the server from Untangle
+|The message ID
+getPartitionTablePostfix
+getReceiver
 |-
-|s2pBytes
+|receiver
-|long
+|String
-|The number of bytes sent from the server to Untangle
+|The receiver
+getScore
 |-
-|sessionEvent
+|score
-|SessionEvent
+|float
-|The session event
+|The score
+getSender
 |-
-|sessionId
+|sender
-|Long
+|String
-|The session ID
+|The sender
+getServerAddr
 |-
-|timeStamp
+|serverAddr
+|InetAddress
+|The server address
+getServerPort
+|-
+|serverPort
+|int
+|The server port
+getSmtpMessageEvent
+|-
+|smtpMessageEvent
+|SmtpMessageEvent
+|The parent SMTP message event
+isSpam
+|-
+|isSpam
+|boolean
+|True if spam, false otherwise
+getSubject
+|-
+|subject
+|String
+|The subject
+getTag
+getTestsString
+|-
+|testsString
+|String
+|The tests string from the spam engine
+getTimeStamp
+|-
+|timeStamp
 |Timestamp
 |The timestamp
+getVendorName
+|-
+|vendorName
+|String
+|The application name
 |}
-<section end='SessionStatsEvent' />
+<section end='SpamLogEvent' />
-== SessionEvent ==
+== SpamSmtpTarpitEvent ==
-<section begin='SessionEvent' />
+<section begin='SpamSmtpTarpitEvent' />
-These events are created by the base system and update the [[Database_Schema#sessions|sessions]] table each time a session is created.
+These events are created by [[Spam Blocker]] and inserted to the [[Database_Schema#smtp_tarpit_events|smtp_tarpit_events]] table when a session is tarpitted.
 {| border="1" cellpadding="2" width="90%" align="center"
@@ Line 181: / Line 257: @@
 ! Type
 ! Description
+getIPAddr
 |-
-|CClientAddr
+|IPAddr
 |InetAddress
-|The client-side (pre-NAT) client address
+|The IP address
+getClass
 |-
-|CClientPort
+|class
-|Integer
+|Class
-|The client-side (pre-NAT) client port
+|The class name
+getHostname
 |-
-|CServerAddr
+|hostname
-|InetAddress
+|String
-|The client-side (pre-NAT) server address
+|The hostname
+getPartitionTablePostfix
+getSessionEvent
 |-
-|CServerPort
+|sessionEvent
-|Integer
+|SessionEvent
-|The client-side (pre-NAT) server port
+|The session event
+getSessionId
 |-
-|SClientAddr
+|sessionId
-|InetAddress
+|Long
-|The server-side (post-NAT) client address
+|The session ID
+getTag
+getTimeStamp
 |-
-|SClientPort
+|timeStamp
-|Integer
+|Timestamp
-|The server-side (post-NAT) client port
+|The timestamp
+getVendorName
 |-
-|SServerAddr
+|vendorName
+|String
+|The application name
+|}
+<section end='SpamSmtpTarpitEvent' />
+== OpenVpnStatusEvent ==
+<section begin='OpenVpnStatusEvent' />
+These events are created by [[OpenVPN]] and update the [[Database_Schema#openvpn_stats|openvpn_stats]] table periodically.
+{| border="1" cellpadding="2" width="90%" align="center"
+! Attribute Name
+! Type
+! Description
+getAddress
+|-
+|address
 |InetAddress
-|The server-side (post-NAT) server address
+|The address
+getBytesRxDelta
 |-
-|SServerPort
+|bytesRxDelta
-|Integer
+|long
-|The server-side (post-NAT) server port
+|The delta number of RX (received) bytes from the previous event
+getBytesRxTotal
 |-
-|bypassed
+|bytesRxTotal
-|boolean
+|long
-|True if bypassed, false otherwise
+|The total number of RX (received) bytes
+getBytesTxDelta
 |-
-|class
+|bytesTxDelta
+|long
+|The delta number of TX (transmitted) bytes from the previous event
+getBytesTxTotal
+|-
+|bytesTxTotal
+|long
+|The total number of TX (transmitted) bytes
+getClass
+|-
+|class
 |Class
 |The class name
+getClientName
 |-
-|clientCountry
+|clientName
 |String
-|The client country
+|The client name
+getEnd
 |-
-|clientIntf
+|end
-|Integer
+|Timestamp
-|The client interface ID
+|The end
+getPartitionTablePostfix
+getPoolAddress
 |-
-|clientLatitude
+|poolAddress
-|Double
+|InetAddress
-|The client latitude
+|The pool address
+getPort
 |-
-|clientLongitude
+|port
-|Double
+|int
-|The client longitude
+|The port
+getStart
 |-
-|entitled
+|start
-|boolean
+|Timestamp
-|The entitled status
+|The start
+getTag
+getTimeStamp
 |-
-|filterPrefix
+|timeStamp
-|String
+|Timestamp
-|The filter prefix if blocked by the filter rules
+|The timestamp
+|}
+<section end='OpenVpnStatusEvent' />
+== OpenVpnEvent ==
+<section begin='OpenVpnEvent' />
+These events are created by [[OpenVPN]] and update the [[Database_Schema#openvpn_events|openvpn_events]] table when OpenVPN processes a client action.
+{| border="1" cellpadding="2" width="90%" align="center"
+! Attribute Name
+! Type
+! Description
+getAddress
 |-
-|hostname
+|address
-|String
+|InetAddress
-|The hostname
+|The address
+getClass
 |-
-|icmpType
+|class
-|Short
+|Class
-|The ICMP type
+|The class name
+getClientName
 |-
-|localAddr
+|clientName
-|InetAddress
+|String
-|The local host address
+|The client name
+getPartitionTablePostfix
+getPoolAddress
 |-
-|policyId
+|poolAddress
-|Integer
-|The policy ID
-|-
-|policyRuleId
-|Integer
-|The policy rule ID
-|-
-|protocol
-|Short
-|The protocol
-|-
-|protocolName
-|String
-|The protocol name
-|-
-|remoteAddr
 |InetAddress
-|The remote host address
+|The pool address
+getTag
+getTimeStamp
 |-
-|serverCountry
+|timeStamp
-|String
+|Timestamp
-|The server country
+|The timestamp
+getType
 |-
-|serverIntf
+|type
-|Integer
+|OpenVpnEvent$EventType
-|The server interface ID
+|The type
+|}
+<section end='OpenVpnEvent' />
+== ApplicationControlLiteEvent ==
+<section begin='ApplicationControlLiteEvent' />
+These events are created by [[Application Control Lite]] and update the [[Database_Schema#sessions|sessions]] table when application control lite identifies a session.
+{| border="1" cellpadding="2" width="90%" align="center"
+! Attribute Name
+! Type
+! Description
+getBlocked
+|-
+|blocked
+|boolean
+|True if blocked, false otherwise
+getClass
 |-
-|serverLatitude
+|class
-|Double
+|Class
-|The server latitude
+|The class name
+getPartitionTablePostfix
+getProtocol
 |-
-|serverLongitude
+|protocol
-|Double
+|String
-|The server longitude
+|The protocol
+getSessionId
 |-
 |sessionId
 |Long
 |The session ID
-|-
+getTag
-|tagsString
+getTimeStamp
-|String
-|The string value of all tags
 |-
 |timeStamp
 |Timestamp
 |The timestamp
-|-
+|}
-|username
+<section end='ApplicationControlLiteEvent' />
-|String
-|The username
-|}
-<section end='SessionEvent' />
-== SessionMinuteEvent ==
+== FirewallEvent ==
-<section begin='SessionMinuteEvent' />
+<section begin='FirewallEvent' />
-These events are created by the base system and update the [[Database_Schema#sessions|session_minutes]] table each minute a session exists.
+These events are created by [[Firewall]] and update the [[Database_Schema#sessions|sessions]] table when a firewall rule matches a session.
 {| border="1" cellpadding="2" width="90%" align="center"
@@ Line 322: / Line 467: @@
 ! Type
 ! Description
+getBlocked
 |-
-|c2sBytes
+|blocked
-|long
+|boolean
-|The number of bytes sent from the client to the server
+|True if blocked, false otherwise
+getClass
 |-
 |class
 |Class
 |The class name
+getFlagged
 |-
-|s2cBytes
+|flagged
+|boolean
+|True if flagged, false otherwise
+getPartitionTablePostfix
+getRuleId
+|-
+|ruleId
 |long
-|The number of bytes sent from the server to the client
+|The rule ID
+getSessionId
 |-
 |sessionId
-|long
+|Long
 |The session ID
+getTag
+getTimeStamp
 |-
 |timeStamp
@@ Line 343: / Line 500: @@
 |The timestamp
 |}
-<section end='SessionMinuteEvent' />
+<section end='FirewallEvent' />
-== SessionNatEvent ==
+== PrioritizeEvent ==
-<section begin='SessionNatEvent' />
+<section begin='PrioritizeEvent' />
-These events are created by the base system and update the [[Database_Schema#sessions|sessions]] table each time a session is NATd with the post-NAT information.
+These events are created by the [[Bandwidth Control]] and update the [[Database_Schema#sessions|session]] table when a session is prioritized.
 {| border="1" cellpadding="2" width="90%" align="center"
@@ Line 355: / Line 512: @@
 ! Type
 ! Description
-|-
+getClass
-|SClientAddr
-|InetAddress
-|The server-side (post-NAT) client address
-|-
-|SClientPort
-|Integer
-|The server-side (post-NAT) client port
-|-
-|SServerAddr
-|InetAddress
-|The server-side (post-NAT) server address
-|-
-|SServerPort
-|Integer
-|The server-side (post-NAT) server port
 |-
 |class
 |Class
 |The class name
+getPartitionTablePostfix
+getPriority
 |-
-|serverIntf
+|priority
-|Integer
+|int
-|The server interface ID
+|The priority
+getRuleId
+|-
+|ruleId
+|int
+|The rule ID
+getSessionEvent
 |-
 |sessionEvent
 |SessionEvent
 |The session event
+getTag
+getTimeStamp
 |-
 |timeStamp
@@ Line 388: / Line 540: @@
 |The timestamp
 |}
-<section end='SessionNatEvent' />
+<section end='PrioritizeEvent' />
-== QuotaEvent ==
+== AdBlockerEvent ==
-<section begin='QuotaEvent' />
+<section begin='AdBlockerEvent' />
-These events are created by the [[Bandwidth Control]] and inserted or update the [[Database_Schema#quotas|quotas]] table when quotas are given or exceeded.
+These events are created by [[Ad Blocker]] and update the [[Database_Schema#http_events|http_events]] table when an ad is blocked.
 {| border="1" cellpadding="2" width="90%" align="center"
@@ Line 400: / Line 552: @@
 ! Type
 ! Description
+getAction
 |-
 |action
-|int
+|Action
-|The action (1=Quota Given, 2=Quota Exceeded)
+|The action
+getClass
 |-
 |class
 |Class
 |The class name
-|-
+getPartitionTablePostfix
-|entity
+getReason
-|String
-|The entity
-|-
-|quotaSize
-|long
-|The quota size
 |-
 |reason
 |String
 |The reason
+getRequestId
+|-
+|requestId
+|Long
+|The request ID
+getTag
+getTimeStamp
 |-
 |timeStamp
@@ Line 425: / Line 580: @@
 |The timestamp
 |}
-<section end='QuotaEvent' />
+<section end='AdBlockerEvent' />
-== SettingsChangesEvent ==
+== CookieEvent ==
-<section begin='SettingsChangesEvent' />
+<section begin='CookieEvent' />
-These events are created by the base system and inserted to the [[Database_Schema#settings_changes|settings_changes]] table when settings are changed.
+These events are created by [[Ad Blocker]] and update the [[Database_Schema#http_events|http_events]] table when a cookie is blocked.
 {| border="1" cellpadding="2" width="90%" align="center"
@@ Line 437: / Line 592: @@
 ! Type
 ! Description
+getClass
 |-
 |class
 |Class
 |The class name
+getIdentification
 |-
-|hostname
+|identification
 |String
-|The hostname
+|The identification string
+getPartitionTablePostfix
+getRequestId
 |-
-|settingsFile
+|requestId
-|String
+|Long
-|The settings file
+|The request ID
+getSessionEvent
+|-
+|sessionEvent
+|SessionEvent
+|The session event
+getTag
+getTimeStamp
 |-
 |timeStamp
 |Timestamp
 |The timestamp
-|-
-|username
-|String
-|The username
 |}
-<section end='SettingsChangesEvent' />
+<section end='CookieEvent' />
-== AdminLoginEvent ==
+== VirusFtpEvent ==
-<section begin='AdminLoginEvent' />
+<section begin='VirusFtpEvent' />
-These events are created by the base system and inserted to the [[Database_Schema#user_table_updates|admin_logins]] table when an administrator login is attempted or successful.
+These events are created by [[Virus Blocker]] and update the [[Database_Schema#ftp_events|ftp_events]] table when Virus Blocker scans an FTP transfer.
 {| border="1" cellpadding="2" width="90%" align="center"
@@ Line 470: / Line 632: @@
 ! Type
 ! Description
+getAppName
+|-
+|appName
+|String
+|The name of the application
+getClass
 |-
 |class
 |Class
 |The class name
+getClean
 |-
-|clientAddress
+|clean
-|InetAddress
-|The client address
-|-
-|local
 |boolean
-|1 if login is done via local console, 0 otherwise
+|True if clean, false otherwise
+getPartitionTablePostfix
+getSessionEvent
 |-
-|login
+|sessionEvent
-|String
+|SessionEvent
-|The login username
+|The session event
+getTag
+getTimeStamp
 |-
-|reason
+|timeStamp
+|Timestamp
+|The timestamp
+getUri
+|-
+|uri
 |String
-|The reason
+|The URI
+getVirusName
 |-
-|succeeded
+|virusName
-|boolean
+|String
-|1 if successful, 0 otherwise
+|The virus name, if not clean
-|-
-|timeStamp
-|Timestamp
-|The timestamp
 |}
-<section end='AdminLoginEvent' />
+<section end='VirusFtpEvent' />
-== AlertEvent ==
+== VirusHttpEvent ==
-<section begin='AlertEvent' />
+<section begin='VirusHttpEvent' />
-These events are created by [[Reports]] and inserted to the [[Database_Schema#alerts|alerts]] table when an alert fires.
+These events are created by [[Virus Blocker]] and update the [[Database_Schema#http_events|http_events]] table when Virus Blocker scans an HTTP transfer.
 {| border="1" cellpadding="2" width="90%" align="center"
@@ Line 511: / Line 682: @@
 ! Type
 ! Description
+getAppName
 |-
-|causalRule
+|appName
-|EventRule
+|String
-|The causal rule
+|The name of the application
-|-
+getClass
-|cause
-|LogEvent
-|The cause
 |-
 |class
 |Class
 |The class name
+getClean
 |-
-|description
+|clean
-|String
+|boolean
-|The description
+|True if clean, false otherwise
+getPartitionTablePostfix
+getRequestLine
 |-
-|eventSent
+|requestLine
-|Boolean
+|RequestLine
-|True if the event was sent, false otherwise
+|The request line
+getSessionEvent
 |-
-|json
+|sessionEvent
-|String
+|SessionEvent
-|The JSON string
+|The session event
-|-
+getTag
-|summaryText
+getTimeStamp
-|String
-|The summary text
 |-
 |timeStamp
 |Timestamp
 |The timestamp
+getVirusName
+|-
+|virusName
+|String
+|The virus name, if not clean
 |}
-<section end='AlertEvent' />
+<section end='VirusHttpEvent' />
-== LogEvent ==
+== VirusSmtpEvent ==
-<section begin='LogEvent' />
+<section begin='VirusSmtpEvent' />
-These base class for all events.
+These events are created by [[Virus Blocker]] and update the [[Database_Schema#mail_msgs|mail_msgs]] table when Virus Blocker scans an email.
 {| border="1" cellpadding="2" width="90%" align="center"
@@ Line 556: / Line 732: @@
 ! Type
 ! Description
+getAction
 |-
-|class
+|action
+|String
+|The action
+getAppName
+|-
+|appName
+|String
+|The name of the application
+getClass
+|-
+|class
 |Class
 |The class name
+getClean
+|-
+|clean
+|boolean
+|True if clean, false otherwise
+getMessageId
+|-
+|messageId
+|Long
+|The message ID
+getPartitionTablePostfix
+getTag
+getTimeStamp
 |-
 |timeStamp
 |Timestamp
 |The timestamp
+getVirusName
+|-
+|virusName
+|String
+|The virus name, if not clean
 |}
-<section end='LogEvent' />
+<section end='VirusSmtpEvent' />
-== InterfaceStatEvent ==
+== FirewallEvent ==
-<section begin='InterfaceStatEvent' />
+<section begin='FirewallEvent' />
-These events are created by the base system and inserted to the [[Database_Schema#settings_changes|interface_stat_events]] table periodically with interface stats.
+These events are created by [[Firewall]] and update the [[Database_Schema#sessions|sessions]] table when a firewall rule matches a session.
 {| border="1" cellpadding="2" width="90%" align="center"
@@ Line 577: / Line 782: @@
 ! Type
 ! Description
+getBlocked
+|-
+|blocked
+|boolean
+|True if blocked, false otherwise
+getClass
 |-
 |class
 |Class
 |The class name
+getFlagged
 |-
-|interfaceId
+|flagged
-|int
+|boolean
-|The interface ID
+|True if flagged, false otherwise
+getPartitionTablePostfix
+getRuleId
 |-
-|rxBytes
+|ruleId
-|double
+|long
-|The total of received bytes
+|The rule ID
+getSessionId
 |-
-|rxRate
+|sessionId
-|double
+|Long
-|The RX rate in byte/s
+|The session ID
+getTag
+getTimeStamp
 |-
 |timeStamp
 |Timestamp
 |The timestamp
-|-
-|txBytes
-|double
-|The total of transmitted bytes
-|-
-|txRate
-|double
-|The TX rate in byte/s
 |}
-<section end='InterfaceStatEvent' />
+<section end='FirewallEvent' />
-== SystemStatEvent ==
+== OpenVpnStatusEvent ==
-<section begin='SystemStatEvent' />
+<section begin='OpenVpnStatusEvent' />
-These events are created by the base system and inserted to the [[Database_Schema#server_events|server_events]] table periodically.
+These events are created by [[OpenVPN]] and update the [[Database_Schema#openvpn_stats|openvpn_stats]] table periodically.
 {| border="1" cellpadding="2" width="90%" align="center"
@@ Line 618: / Line 827: @@
 ! Type
 ! Description
+getAddress
 |-
-|activeHosts
+|address
-|int
+|InetAddress
-|The active host count
+|The address
+getBytesRxDelta
 |-
-|class
+|bytesRxDelta
-|Class
+|long
-|The class name
+|The delta number of RX (received) bytes from the previous event
+getBytesRxTotal
 |-
-|cpuSystem
+|bytesRxTotal
-|float
-|The system CPU utilization
-|-
-|cpuUser
-|float
-|The user CPU utilization
-|-
-|diskFree
 |long
-|The amount of disk free
+|The total number of RX (received) bytes
+getBytesTxDelta
 |-
-|diskFreePercent
+|bytesTxDelta
-|float
-|The percentage of disk free
-|-
-|diskTotal
 |long
-|The total size of the disk
+|The delta number of TX (transmitted) bytes from the previous event
+getBytesTxTotal
 |-
-|diskUsed
+|bytesTxTotal
 |long
-|The amount of disk used
+|The total number of TX (transmitted) bytes
+getClass
 |-
-|diskUsedPercent
+|class
-|float
+|Class
-|The percentage of disk used
+|The class name
+getClientName
 |-
-|load1
+|clientName
-|float
+|String
-|The 1-minute CPU load
+|The client name
+getEnd
 |-
-|load15
+|end
-|float
+|Timestamp
-|The 15-minute CPU load
+|The end
+getPartitionTablePostfix
+getPoolAddress
 |-
-|load5
+|poolAddress
-|float
+|InetAddress
-|The 5-minute CPU load
+|The pool address
+getPort
 |-
-|memBuffers
+|port
-|long
+|int
-|The amount of memory used by buffers
+|The port
+getStart
 |-
-|memCache
+|start
-|long
+|Timestamp
-|The amount of memory used by cache
+|The start
+getTag
+getTimeStamp
 |-
-|memFree
+|timeStamp
-|long
+|Timestamp
-|The amount of free memory
+|The timestamp
+|}
+<section end='OpenVpnStatusEvent' />
+== OpenVpnEvent ==
+<section begin='OpenVpnEvent' />
+These events are created by [[OpenVPN]] and update the [[Database_Schema#openvpn_events|openvpn_events]] table when OpenVPN processes a client action.
+{| border="1" cellpadding="2" width="90%" align="center"
+! Attribute Name
+! Type
+! Description
+getAddress
 |-
-|memFreePercent
+|address
-|float
+|InetAddress
-|The percentage of total memory that is free
+|The address
+getClass
 |-
-|memTotal
+|class
-|long
+|Class
-|The total amount of memory
+|The class name
+getClientName
 |-
-|memUsed
+|clientName
-|long
+|String
-|The amount of used memory
+|The client name
+getPartitionTablePostfix
+getPoolAddress
 |-
-|memUsedPercent
+|poolAddress
-|float
+|InetAddress
-|The percentage of total memory that is used
+|The pool address
-|-
+getTag
-|swapFree
+getTimeStamp
-|long
-|The amount of free swap
-|-
-|swapFreePercent
-|float
-|The percentage of total swap that is free
-|-
-|swapTotal
-|long
-|The total size of swap
-|-
-|swapUsed
-|long
-|The amount of used swap
-|-
-|swapUsedPercent
-|float
-|The percentage of total swap that is used
 |-
 |timeStamp
 |Timestamp
 |The timestamp
+getType
+|-
+|type
+|OpenVpnEvent$EventType
+|The type
 |}
-<section end='SystemStatEvent' />
+<section end='OpenVpnEvent' />
-== CaptivePortalUserEvent ==
+== AdminLoginEvent ==
-<section begin='CaptivePortalUserEvent' />
+<section begin='AdminLoginEvent' />
+These events are created by the base system and inserted to the [[Database_Schema#user_table_updates|admin_logins]] table when an administrator login is attempted or successful.
-These events are created by [[Captive Portal]] and inserted to the [[Database_Schema#captive_portal_user_events|captive_portal_user_events]] table when Captive Portal user takes amconsole:
 {| border="1" cellpadding="2" width="90%" align="center"
 ! Attribute Name
 ! Type
 ! Description
-|-
+getClass
-|authenticationType
-|CaptivePortalSettings$AuthenticationType
-|The authentication type
-|-
-|authenticationTypeValue
-|String
-|The authentication type as a string
 |-
 |class
 |Class
 |The class name
+getClientAddress
 |-
-|clientAddr
+|clientAddress
-|String
+|InetAddress
 |The client address
+getLocal
 |-
-|event
+|local
-|CaptivePortalUserEvent$EventType
+|boolean
-|The event (LOGIN, FAILED, TIMEOUT, INACTIVE, USER_LOGOUT, ADMIN_LOGOUT)
+|1 if login is done via local console, 0 otherwise
+getLogin
 |-
-|eventValue
+|login
 |String
-|The event value as a string (LOGIN, FAILED, TIMEOUT, INACTIVE, USER_LOGOUT, ADMIN_LOGOUT)
+|The login username
+getPartitionTablePostfix
+getReason
 |-
-|loginName
+|reason
 |String
-|The login name
+|The reason
+getSucceeded
 |-
-|policyId
+|succeeded
-|Integer
+|boolean
-|The policy ID
+|1 if successful, 0 otherwise
+getTag
+getTimeStamp
 |-
 |timeStamp
@@ Line 767: / Line 985: @@
 |The timestamp
 |}
-<section end='CaptivePortalUserEvent' />
+<section end='AdminLoginEvent' />
-== CaptureRuleEvent ==
+== AlertEvent ==
-<section begin='CaptureRuleEvent' />
+<section begin='AlertEvent' />
-These events are created by [[Captive Portal]] and update the [[Database_Schema#sessions|sessions]] table when Captive Portal processes a session.
+These events are created by [[Reports]] and inserted to the [[Database_Schema#alerts|alerts]] table when an alert fires.
 {| border="1" cellpadding="2" width="90%" align="center"
@@ Line 779: / Line 997: @@
 ! Type
 ! Description
+getCausalRule
+|-
+|causalRule
+|EventRule
+|The causal rule
+getCause
 |-
-|captured
+|cause
-|boolean
+|LogEvent
-|True if captured, false otherwise
+|The cause
+getClass
 |-
 |class
 |Class
 |The class name
+getDescription
 |-
-|ruleId
+|description
-|Integer
+|String
-|The rule ID
+|The description
+getEventSent
 |-
-|sessionEvent
+|eventSent
-|SessionEvent
+|Boolean
-|The session event
+|True if the event was sent, false otherwise
+getJson
 |-
-|timeStamp
+|json
-|Timestamp
+|String
+|The JSON string
+getPartitionTablePostfix
+getSummaryText
+|-
+|summaryText
+|String
+|The summary text
+getTag
+getTimeStamp
+|-
+|timeStamp
+|Timestamp
 |The timestamp
 |}
-<section end='CaptureRuleEvent' />
+<section end='AlertEvent' />
-== TunnelStatusEvent ==
+== InterfaceStatEvent ==
-<section begin='TunnelStatusEvent' />
+<section begin='InterfaceStatEvent' />
-These events are created by [[IPsec VPN]] and inserted to the [[Database_Schema#ipsec_tunnel_stats|ipsec_tunnel_stats]] table periodically.
+These events are created by the base system and inserted to the [[Database_Schema#settings_changes|interface_stat_events]] table periodically with interface stats.
 {| border="1" cellpadding="2" width="90%" align="center"
@@ Line 812: / Line 1,052: @@
 ! Type
 ! Description
+getClass
 |-
 |class
 |Class
 |The class name
+getInterfaceId
 |-
-|inBytes
+|interfaceId
-|long
+|int
-|The number of bytes received from this tunnel
+|The interface ID
+getPartitionTablePostfix
+getRxBytes
+|-
+|rxBytes
+|double
+|The total of received bytes
+getRxRate
 |-
-|outBytes
+|rxRate
-|long
+|double
-|The number of bytes sent in this tunnel
+|The RX rate in byte/s
+getTag
+getTimeStamp
 |-
 |timeStamp
 |Timestamp
 |The timestamp
+getTxBytes
 |-
-|tunnelName
+|txBytes
-|String
+|double
-|The name of this tunnel
+|The total of transmitted bytes
+getTxRate
+|-
+|txRate
+|double
+|The TX rate in byte/s
 |}
-<section end='TunnelStatusEvent' />
+<section end='InterfaceStatEvent' />
-== VirtualUserEvent ==
+== LogEvent ==
-<section begin='VirtualUserEvent' />
+<section begin='LogEvent' />
-These events are created by [[IPsec VPN]] and inserted to the [[Database_Schema#ipsec_user_events|ipsec_user_events]] table when a user event occurs.
+These base class for all events.
 {| border="1" cellpadding="2" width="90%" align="center"
@@ Line 845: / Line 1,102: @@
 ! Type
 ! Description
+getClass
 |-
 |class
 |Class
 |The class name
+getPartitionTablePostfix
+getTag
+getTimeStamp
 |-
-|clientAddress
+|timeStamp
-|InetAddress
+|Timestamp
-|The client address
+|The timestamp
+|}
+<section end='LogEvent' />
+== SystemStatEvent ==
+<section begin='SystemStatEvent' />
+These events are created by the base system and inserted to the [[Database_Schema#server_events|server_events]] table periodically.
+{| border="1" cellpadding="2" width="90%" align="center"
+! Attribute Name
+! Type
+! Description
+getActiveHosts
 |-
-|clientProtocol
+|activeHosts
-|String
+|int
-|The client protocol
+|The active host count
+getClass
 |-
-|clientUsername
+|class
-|String
+|Class
-|The client username
+|The class name
+getCpuSystem
 |-
-|elapsedTime
+|cpuSystem
-|String
+|float
-|The elapsed time
+|The system CPU utilization
+getCpuUser
 |-
-|eventId
+|cpuUser
-|Long
+|float
-|The event ID
+|The user CPU utilization
+getDiskFree
 |-
-|netInterface
+|diskFree
-|String
+|long
-|The net interface
+|The amount of disk free
+getDiskFreePercent
 |-
-|netProcess
+|diskFreePercent
-|String
+|float
-|The net process
+|The percentage of disk free
+getDiskTotal
 |-
-|netRXbytes
+|diskTotal
-|Long
+|long
-|The number of RX (received) bytes
+|The total size of the disk
+getDiskUsed
 |-
-|netTXbytes
+|diskUsed
-|Long
+|long
-|The number of TX (transmitted) bytes
+|The amount of disk used
+getDiskUsedPercent
 |-
-|timeStamp
+|diskUsedPercent
-|Timestamp
+|float
-|The timestamp
+|The percentage of disk used
-|}
+getLoad1
-<section end='VirtualUserEvent' />
-== ConfigurationBackupEvent ==
-<section begin='ConfigurationBackupEvent' />
-These events are created by [[Configuration Backup]] and inserted to the [[Database_Schema#configuratio_backup_events|configuratio_backup_events]] table when a backup occurs.
-{| border="1" cellpadding="2" width="90%" align="center"
-! Attribute Name
-! Type
-! Description
 |-
-|class
+|load1
-|Class
+|float
-|The class name
+|The 1-minute CPU load
+getLoad15
+|-
+|load15
+|float
+|The 15-minute CPU load
+getLoad5
+|-
+|load5
+|float
+|The 5-minute CPU load
+getMemBuffers
 |-
-|destination
+|memBuffers
-|String
+|long
-|The destination
+|The amount of memory used by buffers
+getMemCache
 |-
-|detail
+|memCache
-|String
+|long
-|The details
+|The amount of memory used by cache
+getMemFree
 |-
-|success
+|memFree
-|boolean
+|long
-|True if successful, false otherwise
+|The amount of free memory
+getMemFreePercent
 |-
-|timeStamp
+|memFreePercent
-|Timestamp
+|float
-|The timestamp
+|The percentage of total memory that is free
-|}
+getMemTotal
-<section end='ConfigurationBackupEvent' />
-== IntrusionPreventionLogEvent ==
-<section begin='IntrusionPreventionLogEvent' />
-These events are created by [[Intrusion Prevention]] and inserted to the [[Database_Schema#intrusion_prevention_events|intrusion_prevention_events]] table when a rule matches.
-{| border="1" cellpadding="2" width="90%" align="center"
-! Attribute Name
-! Type
-! Description
 |-
-|blocked
+|memTotal
-|short
+|long
-|1 if blocked, 0 otherwise
+|The total amount of memory
+getMemUsed
 |-
-|category
+|memUsed
-|String
+|long
-|The category
+|The amount of used memory
+getMemUsedPercent
 |-
-|class
+|memUsedPercent
-|Class
+|float
-|The class name
+|The percentage of total memory that is used
+getPartitionTablePostfix
+getSwapFree
 |-
-|classificationId
+|swapFree
 |long
-|The classification ID
+|The amount of free swap
+getSwapFreePercent
 |-
-|classtype
+|swapFreePercent
-|String
+|float
-|The classtype
+|The percentage of total swap that is free
+getSwapTotal
 |-
-|dportIcode
+|swapTotal
-|int
-|The dportIcode
-|-
-|eventId
 |long
-|The event ID
+|The total size of swap
+getSwapUsed
 |-
-|eventMicrosecond
+|swapUsed
 |long
-|The event microsecond
+|The amount of used swap
+getSwapUsedPercent
 |-
-|eventSecond
+|swapUsedPercent
-|long
+|float
-|The event second
+|The percentage of total swap that is used
+getTag
+getTimeStamp
 |-
-|eventType
+|timeStamp
-|long
+|Timestamp
-|The event type
+|The timestamp
-|-
+|}
-|generatorId
+<section end='SystemStatEvent' />
-|long
-|The generator ID
+== SessionMinuteEvent ==
+<section begin='SessionMinuteEvent' />
+These events are created by the base system and update the [[Database_Schema#sessions|session_minutes]] table each minute a session exists.
+{| border="1" cellpadding="2" width="90%" align="center"
+! Attribute Name
+! Type
+! Description
+getC2sBytes
 |-
-|impact
+|c2sBytes
-|short
+|long
-|The impact
+|The number of bytes sent from the client to the server
+getClass
 |-
-|impactFlag
+|class
-|short
+|Class
-|The impact flag
+|The class name
+getPartitionTablePostfix
+getS2cBytes
 |-
-|ipDestination
+|s2cBytes
-|InetAddress
+|long
-|The IP address destination
+|The number of bytes sent from the server to the client
+getSessionId
 |-
-|ipSource
+|sessionId
-|InetAddress
-|The IP address source
-|-
-|mplsLabel
 |long
-|The mplsLabel
+|The session ID
+getTag
+getTimeStamp
 |-
-|msg
+|timeStamp
-|String
+|Timestamp
-|The msg
+|The timestamp
+|}
+<section end='SessionMinuteEvent' />
+== SessionEvent ==
+<section begin='SessionEvent' />
+These events are created by the base system and update the [[Database_Schema#sessions|sessions]] table each time a session is created.
+{| border="1" cellpadding="2" width="90%" align="center"
+! Attribute Name
+! Type
+! Description
+getCClientAddr
 |-
-|padding
+|CClientAddr
-|int
+|InetAddress
-|The padding
+|The client-side (pre-NAT) client address
+getCClientPort
 |-
-|priorityId
+|CClientPort
-|long
+|Integer
-|The priority ID
+|The client-side (pre-NAT) client port
-|-
+getCServerAddr
-|protocol
-|short
-|The protocol
 |-
-|sensorId
+|CServerAddr
-|long
+|InetAddress
-|The sensor ID
+|The client-side (pre-NAT) server address
+getCServerPort
 |-
-|signatureId
+|CServerPort
-|long
+|Integer
-|The signature ID
+|The client-side (pre-NAT) server port
+getSClientAddr
 |-
-|signatureRevision
+|SClientAddr
-|long
+|InetAddress
-|The signature revision
+|The server-side (post-NAT) client address
+getSClientPort
 |-
-|sportItype
+|SClientPort
-|int
+|Integer
-|The sportItype
+|The server-side (post-NAT) client port
+getSServerAddr
 |-
-|timeStamp
+|SServerAddr
-|Timestamp
+|InetAddress
-|The timestamp
+|The server-side (post-NAT) server address
+getSServerPort
 |-
-|vlanId
+|SServerPort
-|int
+|Integer
-|The VLAN Id
+|The server-side (post-NAT) server port
-|}
+getBypassed
-<section end='IntrusionPreventionLogEvent' />
+|-
+|bypassed
+|boolean
-== SslInspectorLogEvent ==
+|True if bypassed, false otherwise
-<section begin='SslInspectorLogEvent' />
+getClass
-These events are created by [[SSL Inspector]] and update the [[Database_Schema#sessions|sessions]] table when a session is processed by SSL Inspector.
-{| border="1" cellpadding="2" width="90%" align="center"
-! Attribute Name
-! Type
-! Description
 |-
 |class
 |Class
 |The class name
+getClientCountry
 |-
-|detail
+|clientCountry
 |String
-|The details
+|The client country
+getClientIntf
 |-
-|ruleId
+|clientIntf
 |Integer
-|The rule ID
+|The client interface ID
+getClientLatitude
 |-
-|sessionEvent
+|clientLatitude
-|SessionEvent
+|Double
-|The session event
+|The client latitude
+getClientLongitude
 |-
-|status
+|clientLongitude
-|String
+|Double
-|The status
+|The client longitude
+getEntitled
 |-
-|timeStamp
+|entitled
-|Timestamp
-|The timestamp
-|}
-<section end='SslInspectorLogEvent' />
-== ApplicationControlLiteEvent ==
-<section begin='ApplicationControlLiteEvent' />
-These events are created by [[Application Control Lite]] and update the [[Database_Schema#sessions|sessions]] table when application control lite identifies a session.
-{| border="1" cellpadding="2" width="90%" align="center"
-! Attribute Name
-! Type
-! Description
-|-
-|blocked
 |boolean
-|True if blocked, false otherwise
+|The entitled status
+getFilterPrefix
 |-
-|class
+|filterPrefix
-|Class
+|String
-|The class name
+|The filter prefix if blocked by the filter rules
+getHostname
 |-
-|protocol
+|hostname
 |String
-|The protocol
+|The hostname
+getIcmpType
 |-
-|sessionId
+|icmpType
-|Long
+|Short
-|The session ID
+|The ICMP type
+getLocalAddr
 |-
-|timeStamp
+|localAddr
-|Timestamp
+|InetAddress
-|The timestamp
+|The local host address
-|}
+getPartitionTablePostfix
-<section end='ApplicationControlLiteEvent' />
+getPolicyId
-== ApplicationControlLogEvent ==
-<section begin='ApplicationControlLogEvent' />
-These events are created by [[Application Control]] and update the [[Database_Schema#sessions|sessions]] table when application control identifies a session.
-{| border="1" cellpadding="2" width="90%" align="center"
-! Attribute Name
-! Type
-! Description
 |-
-|application
+|policyId
-|String
+|Integer
-|The application
+|The policy ID
+getPolicyRuleId
 |-
-|blocked
+|policyRuleId
-|boolean
+|Integer
-|True if blocked, false otherwise
+|The policy rule ID
+getProtocol
 |-
-|category
+|protocol
-|String
+|Short
-|The category
+|The protocol
+getProtocolName
 |-
-|class
+|protocolName
-|Class
-|The class name
-|-
-|confidence
-|Integer
-|The confidence (0-100)
-|-
-|detail
 |String
-|The details
+|The protocol name
+getRemoteAddr
 |-
-|flagged
+|remoteAddr
-|boolean
+|InetAddress
-|True if flagged, false otherwise
+|The remote host address
+getServerCountry
 |-
-|protochain
+|serverCountry
 |String
-|The protochain
+|The server country
+getServerIntf
 |-
-|ruleId
+|serverIntf
 |Integer
-|The rule ID
+|The server interface ID
+getServerLatitude
 |-
-|sessionEvent
+|serverLatitude
-|SessionEvent
+|Double
-|The session event
+|The server latitude
+getServerLongitude
+|-
+|serverLongitude
+|Double
+|The server longitude
+getSessionId
 |-
-|state
+|sessionId
-|Integer
+|Long
-|The state
+|The session ID
+getTag
+getTimeStamp
 |-
 |timeStamp
 |Timestamp
 |The timestamp
+getUsername
+|-
+|username
+|String
+|The username
 |}
-<section end='ApplicationControlLogEvent' />
+<section end='SessionEvent' />
-== CookieEvent ==
+== SessionStatsEvent ==
-<section begin='CookieEvent' />
+<section begin='SessionStatsEvent' />
-These events are created by [[Ad Blocker]] and update the [[Database_Schema#http_events|http_events]] table when a cookie is blocked.
+These events are created by the base system and update the [[Database_Schema#sessions|sessions]] table when a session ends with the updated stats.
 {| border="1" cellpadding="2" width="90%" align="center"
@@ Line 1,183: / Line 1,477: @@
 ! Type
 ! Description
+getC2pBytes
+|-
+|c2pBytes
+|long
+|The number of bytes sent from the client to Untangle
+getClass
 |-
 |class
 |Class
 |The class name
+getEndTime
 |-
-|identification
+|endTime
-|String
+|long
-|The identification string
+|The end time/date
+getP2cBytes
+|-
+|p2cBytes
+|long
+|The number of bytes sent to the client from Untangle
+getP2sBytes
+|-
+|p2sBytes
+|long
+|The number of bytes sent to the server from Untangle
+getPartitionTablePostfix
+getS2pBytes
+|-
+|s2pBytes
+|long
+|The number of bytes sent from the server to Untangle
+getSessionId
 |-
-|requestId
+|sessionId
 |Long
-|The request ID
+|The session ID
-|-
+getTag
-|sessionEvent
+getTimeStamp
-|SessionEvent
-|The session event
 |-
 |timeStamp
@@ Line 1,204: / Line 1,520: @@
 |The timestamp
 |}
-<section end='CookieEvent' />
+<section end='SessionStatsEvent' />
-== AdBlockerEvent ==
+== SessionNatEvent ==
-<section begin='AdBlockerEvent' />
+<section begin='SessionNatEvent' />
-These events are created by [[Ad Blocker]] and update the [[Database_Schema#http_events|http_events]] table when an ad is blocked.
+These events are created by the base system and update the [[Database_Schema#sessions|sessions]] table each time a session is NATd with the post-NAT information.
 {| border="1" cellpadding="2" width="90%" align="center"
@@ Line 1,216: / Line 1,532: @@
 ! Type
 ! Description
+getSClientAddr
 |-
-|action
+|SClientAddr
-|Action
+|InetAddress
-|The action
+|The server-side (post-NAT) client address
+getSClientPort
+|-
+|SClientPort
+|Integer
+|The server-side (post-NAT) client port
+getSServerAddr
+|-
+|SServerAddr
+|InetAddress
+|The server-side (post-NAT) server address
+getSServerPort
+|-
+|SServerPort
+|Integer
+|The server-side (post-NAT) server port
+getClass
 |-
 |class
 |Class
 |The class name
+getPartitionTablePostfix
+getServerIntf
 |-
-|reason
+|serverIntf
-|String
+|Integer
-|The reason
+|The server interface ID
-|-
+getTag
-|requestId
+getTimeStamp
-|Long
-|The request ID
 |-
 |timeStamp
@@ Line 1,237: / Line 1,570: @@
 |The timestamp
 |}
-<section end='AdBlockerEvent' />
+<section end='SessionNatEvent' />
-== WebFilterQueryEvent ==
+== QuotaEvent ==
-<section begin='WebFilterQueryEvent' />
+<section begin='QuotaEvent' />
-These events are created by [[Web Filter]] and inserted to the [[Database_Schema#http_query_events|http_query_events]] table when web filter processes a search engine search.
+These events are created by the [[Bandwidth Control]] and inserted or update the [[Database_Schema#quotas|quotas]] table when quotas are given or exceeded.
 {| border="1" cellpadding="2" width="90%" align="center"
@@ Line 1,249: / Line 1,582: @@
 ! Type
 ! Description
+getAction
 |-
-|appName
+|action
-|String
+|int
-|The name of the application
+|The action (1=Quota Given, 2=Quota Exceeded)
+getAddress
+|-
+|address
+|InetAddress
+|The address
+getClass
 |-
 |class
 |Class
 |The class name
+getPartitionTablePostfix
+getQuotaSize
 |-
-|contentLength
+|quotaSize
 |long
-|The content length
+|The quota size
+getReason
 |-
-|host
+|reason
 |String
-|The host
+|The reason
-|-
+getTag
-|method
+getTimeStamp
-|HttpMethod
-|The method
-|-
-|requestId
-|Long
-|The request ID
-|-
-|requestUri
-|URI
-|The request URI
-|-
-|sessionEvent
-|SessionEvent
-|The session event
-|-
-|term
-|String
-|The search term/phrase
 |-
 |timeStamp
@@ Line 1,290: / Line 1,615: @@
 |The timestamp
 |}
-<section end='WebFilterQueryEvent' />
+<section end='QuotaEvent' />
-== WebFilterEvent ==
+== HostTableEvent ==
-<section begin='WebFilterEvent' />
+<section begin='HostTableEvent' />
-These events are created by [[Web Filter]] and update the [[Database_Schema#http_events|http_events]] table when web filter processes a web request.
+These events are created by the base system and inserted to the [[Database_Schema#host_table_updates|host_table_updates]] table when the host table is modified.
 {| border="1" cellpadding="2" width="90%" align="center"
@@ Line 1,302: / Line 1,627: @@
 ! Type
 ! Description
+getAddress
 |-
-|appName
+|address
-|String
+|InetAddress
-|The name of the application
+|The address
-|-
+getClass
-|blocked
-|Boolean
-|True if blocked, false otherwise
-|-
-|category
-|String
-|The category
 |-
 |class
 |Class
 |The class name
+getKey
 |-
-|flagged
+|key
-|Boolean
+|String
-|True if flagged, false otherwise
+|The key
+getOldValue
 |-
-|reason
+|oldValue
-|Reason
+|String
-|The reason
+|The old value
+getPartitionTablePostfix
+getTag
+getTimeStamp
 |-
-|requestLine
+|timeStamp
-|RequestLine
+|Timestamp
-|The request line
+|The timestamp
+getValue
 |-
-|sessionEvent
+|value
-|SessionEvent
+|String
-|The session event
+|The value
-|-
-|timeStamp
-|Timestamp
-|The timestamp
 |}
-<section end='WebFilterEvent' />
+<section end='HostTableEvent' />
-== PrioritizeEvent ==
+== DeviceTableEvent ==
-<section begin='PrioritizeEvent' />
+<section begin='DeviceTableEvent' />
-These events are created by the [[Bandwidth Control]] and update the [[Database_Schema#sessions|session]] table when a session is prioritized.
+These events are created by the base system and inserted to the [[Database_Schema#device_table_updates|device_table_updates]] table when the device list is modified.
 {| border="1" cellpadding="2" width="90%" align="center"
@@ Line 1,351: / Line 1,672: @@
 ! Type
 ! Description
+getClass
 |-
 |class
 |Class
 |The class name
+getDevice
 |-
-|priority
+|device
-|int
+|DeviceTableEntry
-|The priority
+|The Device
+getKey
 |-
-|ruleId
+|key
-|int
+|String
-|The rule ID
+|The key
+getMacAddress
 |-
-|sessionEvent
+|macAddress
-|SessionEvent
+|String
-|The session event
+|The MAC address
+getOldValue
+|-
+|oldValue
+|String
+|The old value
+getPartitionTablePostfix
+getTag
+getTimeStamp
 |-
 |timeStamp
 |Timestamp
 |The timestamp
+getValue
+|-
+|value
+|String
+|The value
 |}
-<section end='PrioritizeEvent' />
+<section end='DeviceTableEvent' />
-== WanFailoverTestEvent ==
+== SettingsChangesEvent ==
-<section begin='WanFailoverTestEvent' />
+<section begin='SettingsChangesEvent' />
-These events are created by [[WAN Failover]] and inserted to the [[Database_Schema#wan_failover_test_events|wan_failover_test_events]] table when a test is run.
+These events are created by the base system and inserted to the [[Database_Schema#settings_changes|settings_changes]] table when settings are changed.
 {| border="1" cellpadding="2" width="90%" align="center"
@@ Line 1,384: / Line 1,722: @@
 ! Type
 ! Description
+getClass
 |-
 |class
 |Class
 |The class name
+getHostname
 |-
-|description
+|hostname
 |String
-|The description
+|The hostname
+getPartitionTablePostfix
+getSettingsFile
 |-
-|interfaceId
+|settingsFile
-|int
-|The interface ID
-|-
-|name
 |String
-|The test name
+|The settings file
+getTag
+getTimeStamp
 |-
-|osName
+|timeStamp
+|Timestamp
+|The timestamp
+getUsername
+|-
+|username
 |String
-|The O/S interface name
+|The username
-|-
-|success
-|Boolean
-|True if successful, false otherwise
-|-
-|timeStamp
-|Timestamp
-|The timestamp
 |}
-<section end='WanFailoverTestEvent' />
+<section end='SettingsChangesEvent' />
-== WanFailoverEvent ==
+== UserTableEvent ==
-<section begin='WanFailoverEvent' />
+<section begin='UserTableEvent' />
-These events are created by [[WAN Failover]] and inserted to the [[Database_Schema#wan_failover_action_events|wan_failover_action_events]] table when WAN Failover takes an action.
+These events are created by the base system and inserted to the [[Database_Schema#user_table_updates|user_table_updates]] table when the user table is modified.
 {| border="1" cellpadding="2" width="90%" align="center"
@@ Line 1,425: / Line 1,762: @@
 ! Type
 ! Description
-|-
+getClass
-|action
-|WanFailoverEvent$Action
-|The action
 |-
 |class
 |Class
 |The class name
+getKey
 |-
-|interfaceId
+|key
-|int
+|String
-|The interface ID
+|The key
+getOldValue
 |-
-|name
+|oldValue
 |String
-|The name
+|The old value
-|-
+getPartitionTablePostfix
-|osName
+getTag
-|String
+getTimeStamp
-|The O/S interface name
 |-
 |timeStamp
 |Timestamp
 |The timestamp
+getUsername
+|-
+|username
+|String
+|The username
+getValue
+|-
+|value
+|String
+|The value
 |}
-<section end='WanFailoverEvent' />
+<section end='UserTableEvent' />
-== SpamSmtpTarpitEvent ==
+== SessionMinuteEvent ==
-<section begin='SpamSmtpTarpitEvent' />
+<section begin='SessionMinuteEvent' />
-These events are created by [[Spam Blocker]] and inserted to the [[Database_Schema#smtp_tarpit_events|smtp_tarpit_events]] table when a session is tarpitted.
+These events are created by the base system and update the [[Database_Schema#sessions|session_minutes]] table each minute a session exists.
 {| border="1" cellpadding="2" width="90%" align="center"
@@ Line 1,462: / Line 1,807: @@
 ! Type
 ! Description
+getC2sBytes
 |-
-|IPAddr
+|c2sBytes
-|InetAddress
+|long
-|The IP address
+|The number of bytes sent from the client to the server
+getClass
 |-
 |class
 |Class
 |The class name
+getPartitionTablePostfix
+getS2cBytes
 |-
-|hostname
+|s2cBytes
-|String
+|long
-|The hostname
+|The number of bytes sent from the server to the client
+getSessionId
 |-
-|sessionEvent
+|sessionId
-|SessionEvent
+|long
-|The session event
-|-
-|sessionId
-|Long
 |The session ID
+getTag
+getTimeStamp
 |-
 |timeStamp
 |Timestamp
 |The timestamp
-|-
-|vendorName
-|String
-|The application name
 |}
-<section end='SpamSmtpTarpitEvent' />
+<section end='SessionMinuteEvent' />
-== SpamLogEvent ==
+== SessionEvent ==
-<section begin='SpamLogEvent' />
+<section begin='SessionEvent' />
-These events are created by [[Spam Blocker]] and update the [[Database_Schema#mail_msgs|mail_msgs]] table when an email is scanned.
+These events are created by the base system and update the [[Database_Schema#sessions|sessions]] table each time a session is created.
 {| border="1" cellpadding="2" width="90%" align="center"
@@ Line 1,503: / Line 1,847: @@
 ! Type
 ! Description
+getCClientAddr
 |-
-|action
+|CClientAddr
-|SpamMessageAction
+|InetAddress
-|The action
+|The client-side (pre-NAT) client address
+getCClientPort
 |-
-|class
+|CClientPort
-|Class
+|Integer
-|The class name
+|The client-side (pre-NAT) client port
+getCServerAddr
 |-
-|clientAddr
+|CServerAddr
 |InetAddress
-|The client address
+|The client-side (pre-NAT) server address
+getCServerPort
 |-
-|clientPort
+|CServerPort
-|int
+|Integer
-|The client port
+|The client-side (pre-NAT) server port
+getSClientAddr
 |-
-|messageId
+|SClientAddr
-|Long
+|InetAddress
-|The message ID
+|The server-side (post-NAT) client address
+getSClientPort
 |-
-|receiver
+|SClientPort
-|String
+|Integer
-|The receiver
+|The server-side (post-NAT) client port
+getSServerAddr
 |-
-|score
+|SServerAddr
-|float
+|InetAddress
-|The score
+|The server-side (post-NAT) server address
+getSServerPort
 |-
-|sender
+|SServerPort
-|String
+|Integer
-|The sender
+|The server-side (post-NAT) server port
+getBypassed
 |-
-|serverAddr
+|bypassed
-|InetAddress
+|boolean
-|The server address
+|True if bypassed, false otherwise
+getClass
 |-
-|serverPort
+|class
-|int
+|Class
-|The server port
+|The class name
+getClientCountry
+|-
+|clientCountry
+|String
+|The client country
+getClientIntf
+|-
+|clientIntf
+|Integer
+|The client interface ID
+getClientLatitude
+|-
+|clientLatitude
+|Double
+|The client latitude
+getClientLongitude
 |-
-|smtpMessageEvent
+|clientLongitude
-|SmtpMessageEvent
+|Double
-|The parent SMTP message event
+|The client longitude
+getEntitled
 |-
-|isSpam
+|entitled
 |boolean
-|True if spam, false otherwise
+|The entitled status
+getFilterPrefix
 |-
-|subject
+|filterPrefix
 |String
-|The subject
+|The filter prefix if blocked by the filter rules
+getHostname
 |-
-|testsString
+|hostname
 |String
-|The tests string from the spam engine
+|The hostname
+getIcmpType
 |-
-|timeStamp
+|icmpType
-|Timestamp
+|Short
-|The timestamp
+|The ICMP type
+getLocalAddr
 |-
-|vendorName
+|localAddr
-|String
+|InetAddress
-|The application name
+|The local host address
-|}
+getPartitionTablePostfix
-<section end='SpamLogEvent' />
+getPolicyId
-== FirewallEvent ==
-<section begin='FirewallEvent' />
-These events are created by [[Firewall]] and update the [[Database_Schema#sessions|sessions]] table when a firewall rule matches a session.
-{| border="1" cellpadding="2" width="90%" align="center"
-! Attribute Name
-! Type
-! Description
 |-
-|blocked
+|policyId
-|boolean
+|Integer
-|True if blocked, false otherwise
+|The policy ID
+getPolicyRuleId
 |-
-|class
+|policyRuleId
-|Class
+|Integer
-|The class name
+|The policy rule ID
+getProtocol
+|-
+|protocol
+|Short
+|The protocol
+getProtocolName
+|-
+|protocolName
+|String
+|The protocol name
+getRemoteAddr
+|-
+|remoteAddr
+|InetAddress
+|The remote host address
+getServerCountry
+|-
+|serverCountry
+|String
+|The server country
+getServerIntf
+|-
+|serverIntf
+|Integer
+|The server interface ID
+getServerLatitude
 |-
-|flagged
+|serverLatitude
-|boolean
+|Double
-|True if flagged, false otherwise
+|The server latitude
+getServerLongitude
 |-
-|ruleId
+|serverLongitude
-|long
+|Double
-|The rule ID
+|The server longitude
+getSessionId
 |-
 |sessionId
 |Long
 |The session ID
+getTag
+getTagsString
+|-
+|tagsString
+|String
+|The string value of all tags
+getTimeStamp
 |-
 |timeStamp
 |Timestamp
 |The timestamp
+getUsername
+|-
+|username
+|String
+|The username
 |}
-<section end='FirewallEvent' />
+<section end='SessionEvent' />
-== LoginEvent ==
+== SessionStatsEvent ==
-<section begin='LoginEvent' />
+<section begin='SessionStatsEvent' />
-These events are created by [[Directory Connector]] and inserted to the [[Database_Schema#directory_connector_login_events|directory_connector_login_events]] table for each login.
+These events are created by the base system and update the [[Database_Schema#sessions|sessions]] table when a session ends with the updated stats.
 {| border="1" cellpadding="2" width="90%" align="center"
@@ Line 1,617: / Line 2,022: @@
 ! Type
 ! Description
+getC2pBytes
+|-
+|c2pBytes
+|long
+|The number of bytes sent from the client to Untangle
+getClass
 |-
 |class
 |Class
 |The class name
+getEndTime
 |-
-|clientAddr
+|endTime
-|InetAddress
+|long
-|The client address
+|The end time/date
+getP2cBytes
 |-
-|domain
+|p2cBytes
-|String
+|long
-|The domain
+|The number of bytes sent to the client from Untangle
+getP2sBytes
 |-
-|event
+|p2sBytes
-|String
+|long
-|The event
+|The number of bytes sent to the server from Untangle
+getPartitionTablePostfix
+getS2pBytes
+|-
+|s2pBytes
+|long
+|The number of bytes sent from the server to Untangle
+getSessionEvent
+|-
+|sessionEvent
+|SessionEvent
+|The session event
+getSessionId
 |-
-|loginName
+|sessionId
-|String
+|Long
-|The login name
+|The session ID
+getTag
+getTimeStamp
 |-
 |timeStamp
@@ Line 1,642: / Line 2,070: @@
 |The timestamp
 |}
-<section end='LoginEvent' />
+<section end='SessionStatsEvent' />
-== SmtpMessageAddressEvent ==
+== SessionNatEvent ==
-<section begin='SmtpMessageAddressEvent' />
+<section begin='SessionNatEvent' />
-These events are created by SMTP subsystem and inserted to the [[Database_Schema#mail_addrs|mail_addrs]] table for each address on each email.
+These events are created by the base system and update the [[Database_Schema#sessions|sessions]] table each time a session is NATd with the post-NAT information.
 {| border="1" cellpadding="2" width="90%" align="center"
@@ Line 1,654: / Line 2,082: @@
 ! Type
 ! Description
+getSClientAddr
 |-
-|addr
+|SClientAddr
-|String
+|InetAddress
-|The address
+|The server-side (post-NAT) client address
+getSClientPort
 |-
-|class
+|SClientPort
-|Class
+|Integer
+|The server-side (post-NAT) client port
+getSServerAddr
+|-
+|SServerAddr
+|InetAddress
+|The server-side (post-NAT) server address
+getSServerPort
+|-
+|SServerPort
+|Integer
+|The server-side (post-NAT) server port
+getClass
+|-
+|class
+|Class
 |The class name
+getPartitionTablePostfix
+getServerIntf
 |-
-|kind
+|serverIntf
-|AddressKind
+|Integer
-|The type for this address (F=From, T=To, C=CC, G=Envelope From, B=Envelope To, X=Unknown)
+|The server interface ID
+getSessionEvent
 |-
-|messageId
+|sessionEvent
-|Long
+|SessionEvent
-|The message ID
+|The session event
-|-
+getTag
-|personal
+getTimeStamp
-|String
-|personal
 |-
 |timeStamp
@@ Line 1,679: / Line 2,125: @@
 |The timestamp
 |}
-<section end='SmtpMessageAddressEvent' />
+<section end='SessionNatEvent' />
-== SmtpMessageEvent ==
+== QuotaEvent ==
-<section begin='SmtpMessageEvent' />
+<section begin='QuotaEvent' />
-These events are created by SMTP subsystem and inserted to the [[Database_Schema#mail_msgs|mail_msgs]] table for each email.
+These events are created by the [[Bandwidth Control]] and inserted or update the [[Database_Schema#quotas|quotas]] table when quotas are given or exceeded.
 {| border="1" cellpadding="2" width="90%" align="center"
@@ Line 1,691: / Line 2,137: @@
 ! Type
 ! Description
+getAction
 |-
-|addresses
+|action
-|Set
+|int
-|The addresses
+|The action (1=Quota Given, 2=Quota Exceeded)
+getClass
 |-
 |class
 |Class
 |The class name
+getEntity
 |-
-|envelopeFromAddress
+|entity
 |String
-|The envelop FROM address
+|The entity
+getPartitionTablePostfix
+getQuotaSize
 |-
-|envelopeToAddress
+|quotaSize
-|String
+|long
-|The envelope TO address
+|The quota size
+getReason
 |-
-|messageId
+|reason
-|Long
-|The message ID
-|-
-|receiver
 |String
-|The receiver
+|The reason
+getTag
+getTimeStamp
 |-
-|sender
+|timeStamp
-|String
+|Timestamp
-|The sender
+|The timestamp
-|-
+|}
-|sessionEvent
+<section end='QuotaEvent' />
-|SessionEvent
-|The session event
-|-
-|sessionId
-|Long
-|The session ID
-|-
-|subject
-|String
-|The subject
-|-
-|timeStamp
-|Timestamp
-|The timestamp
-|-
-|tmpFile
-|File
-|The /tmp file
-|}
-<section end='SmtpMessageEvent' />
+== SmtpMessageAddressEvent ==
+<section begin='SmtpMessageAddressEvent' />
-== VirusSmtpEvent ==
+These events are created by SMTP subsystem and inserted to the [[Database_Schema#mail_addrs|mail_addrs]] table for each address on each email.
-<section begin='VirusSmtpEvent' />
-These events are created by [[Virus Blocker]] and update the [[Database_Schema#mail_msgs|mail_msgs]] table when Virus Blocker scans an email.
 {| border="1" cellpadding="2" width="90%" align="center"
@@ Line 1,752: / Line 2,182: @@
 ! Type
 ! Description
+getAddr
 |-
-|action
+|addr
 |String
-|The action
+|The address
-|-
+getClass
-|appName
-|String
-|The name of the application
 |-
 |class
 |Class
 |The class name
+getKind
 |-
-|clean
+|kind
-|boolean
+|AddressKind
-|True if clean, false otherwise
+|The type for this address (F=From, T=To, C=CC, G=Envelope From, B=Envelope To, X=Unknown)
+getMessageId
 |-
 |messageId
 |Long
 |The message ID
+getPartitionTablePostfix
+getPersonal
+|-
+|personal
+|String
+|personal
+getTag
+getTimeStamp
 |-
 |timeStamp
 |Timestamp
 |The timestamp
-|-
-|virusName
-|String
-|The virus name, if not clean
 |}
-<section end='VirusSmtpEvent' />
+<section end='SmtpMessageAddressEvent' />
-== VirusFtpEvent ==
+== SmtpMessageEvent ==
-<section begin='VirusFtpEvent' />
+<section begin='SmtpMessageEvent' />
-These events are created by [[Virus Blocker]] and update the [[Database_Schema#ftp_events|ftp_events]] table when Virus Blocker scans an FTP transfer.
+These events are created by SMTP subsystem and inserted to the [[Database_Schema#mail_msgs|mail_msgs]] table for each email.
 {| border="1" cellpadding="2" width="90%" align="center"
@@ Line 1,793: / Line 2,227: @@
 ! Type
 ! Description
+getAddresses
 |-
-|appName
+|addresses
-|String
+|Set
-|The name of the application
+|The addresses
+getClass
 |-
 |class
 |Class
 |The class name
+getEnvelopeFromAddress
 |-
-|clean
+|envelopeFromAddress
-|boolean
+|String
-|True if clean, false otherwise
+|The envelop FROM address
+getEnvelopeToAddress
+|-
+|envelopeToAddress
+|String
+|The envelope TO address
+getMessageId
+|-
+|messageId
+|Long
+|The message ID
+getPartitionTablePostfix
+getReceiver
+|-
+|receiver
+|String
+|The receiver
+getSender
+|-
+|sender
+|String
+|The sender
+getSessionEvent
 |-
 |sessionEvent
 |SessionEvent
 |The session event
+getSessionId
+|-
+|sessionId
+|Long
+|The session ID
+getSubject
+|-
+|subject
+|String
+|The subject
+getTag
+getTimeStamp
 |-
 |timeStamp
 |Timestamp
 |The timestamp
+getTmpFile
 |-
-|uri
+|tmpFile
-|String
+|File
-|The URI
+|The /tmp file
-|-
-|virusName
-|String
-|The virus name, if not clean
 |}
-<section end='VirusFtpEvent' />
+<section end='SmtpMessageEvent' />
-== VirusHttpEvent ==
+== CaptureRuleEvent ==
-<section begin='VirusHttpEvent' />
+<section begin='CaptureRuleEvent' />
-These events are created by [[Virus Blocker]] and update the [[Database_Schema#http_events|http_events]] table when Virus Blocker scans an HTTP transfer.
+These events are created by [[Captive Portal]] and update the [[Database_Schema#sessions|sessions]] table when Captive Portal processes a session.
 {| border="1" cellpadding="2" width="90%" align="center"
@@ Line 1,834: / Line 2,302: @@
 ! Type
 ! Description
+getCaptured
 |-
-|appName
+|captured
-|String
+|boolean
-|The name of the application
+|True if captured, false otherwise
+getClass
 |-
 |class
 |Class
 |The class name
+getPartitionTablePostfix
+getRuleId
 |-
-|clean
+|ruleId
-|boolean
+|Integer
-|True if clean, false otherwise
+|The rule ID
+getSessionEvent
 |-
-|requestId
+|sessionEvent
-|Long
+|SessionEvent
-|The request ID
+|The session event
+getTag
+getTimeStamp
 |-
 |timeStamp
 |Timestamp
 |The timestamp
-|-
-|virusName
-|String
-|The virus name, if not clean
 |}
-<section end='VirusHttpEvent' />
+<section end='CaptureRuleEvent' />
-== SpamSmtpTarpitEvent ==
+== CaptivePortalUserEvent ==
-<section begin='SpamSmtpTarpitEvent' />
+<section begin='CaptivePortalUserEvent' />
-These events are created by [[Spam Blocker]] and inserted to the [[Database_Schema#smtp_tarpit_events|smtp_tarpit_events]] table when a session is tarpitted.
+These events are created by [[Captive Portal]] and inserted to the [[Database_Schema#captive_portal_user_events|captive_portal_user_events]] table when Captive Portal user takes an action.
 {| border="1" cellpadding="2" width="90%" align="center"
@@ Line 1,871: / Line 2,342: @@
 ! Type
 ! Description
+getAuthenticationType
 |-
-|IPAddr
+|authenticationType
-|InetAddress
+|CaptivePortalSettings$AuthenticationType
-|The IP address
+|The authentication type
+getAuthenticationTypeValue
+|-
+|authenticationTypeValue
+|String
+|The authentication type as a string
+getClass
 |-
 |class
 |Class
 |The class name
+getClientAddr
 |-
-|hostname
+|clientAddr
+|String
+|The client address
+getEvent
+|-
+|event
+|CaptivePortalUserEvent$EventType
+|The event (LOGIN, FAILED, TIMEOUT, INACTIVE, USER_LOGOUT, ADMIN_LOGOUT)
+getEventValue
+|-
+|eventValue
 |String
-|The hostname
+|The event value as a string (LOGIN, FAILED, TIMEOUT, INACTIVE, USER_LOGOUT, ADMIN_LOGOUT)
+getLoginName
 |-
-|sessionEvent
+|loginName
-|SessionEvent
+|String
-|The session event
+|The login name
+getPartitionTablePostfix
+getPolicyId
 |-
-|sessionId
+|policyId
-|Long
+|Integer
-|The session ID
+|The policy ID
+getTag
+getTimeStamp
 |-
 |timeStamp
 |Timestamp
 |The timestamp
-|-
+|}
-|vendorName
+<section end='CaptivePortalUserEvent' />
-|String
-|The application name
-|}
-<section end='SpamSmtpTarpitEvent' />
-== SpamLogEvent ==
+== AdBlockerEvent ==
-<section begin='SpamLogEvent' />
+<section begin='AdBlockerEvent' />
-These events are created by [[Spam Blocker]] and update the [[Database_Schema#mail_msgs|mail_msgs]] table when an email is scanned.
+These events are created by [[Ad Blocker]] and update the [[Database_Schema#http_events|http_events]] table when an ad is blocked.
 {| border="1" cellpadding="2" width="90%" align="center"
@@ Line 1,912: / Line 2,402: @@
 ! Type
 ! Description
+getAction
 |-
 |action
-|SpamMessageAction
+|Action
 |The action
+getClass
 |-
 |class
 |Class
 |The class name
+getPartitionTablePostfix
+getReason
 |-
-|clientAddr
+|reason
-|InetAddress
+|String
-|The client address
+|The reason
+getRequestId
 |-
-|clientPort
+|requestId
-|int
-|The client port
-|-
-|messageId
 |Long
-|The message ID
+|The request ID
+getTag
+getTimeStamp
 |-
-|receiver
+|timeStamp
-|String
+|Timestamp
-|The receiver
+|The timestamp
+|}
+<section end='AdBlockerEvent' />
+== CookieEvent ==
+<section begin='CookieEvent' />
+These events are created by [[Ad Blocker]] and update the [[Database_Schema#http_events|http_events]] table when a cookie is blocked.
+{| border="1" cellpadding="2" width="90%" align="center"
+! Attribute Name
+! Type
+! Description
+getClass
 |-
-|score
+|class
-|float
+|Class
-|The score
+|The class name
+getIdentification
 |-
-|sender
+|identification
 |String
-|The sender
+|The identification string
+getPartitionTablePostfix
+getRequestId
 |-
-|serverAddr
+|requestId
-|InetAddress
+|Long
-|The server address
+|The request ID
+getSessionEvent
 |-
-|serverPort
+|sessionEvent
-|int
+|SessionEvent
-|The server port
+|The session event
-|-
+getTag
-|smtpMessageEvent
+getTimeStamp
-|SmtpMessageEvent
-|The parent SMTP message event
-|-
-|isSpam
-|boolean
-|True if spam, false otherwise
-|-
-|subject
-|String
-|The subject
-|-
-|testsString
-|String
-|The tests string from the spam engine
 |-
 |timeStamp
 |Timestamp
 |The timestamp
-|-
-|vendorName
-|String
-|The application name
 |}
-<section end='SpamLogEvent' />
+<section end='CookieEvent' />
-== HttpResponseEvent ==
+== HttpRequestEvent ==
-<section begin='HttpResponseEvent' />
+<section begin='HttpRequestEvent' />
-These events are created by HTTP subsystem and update the [[Database_Schema#http_events|http_events]] table when a web response happens.
+These events are created by HTTP subsystem and inserted to the [[Database_Schema#http_events|http_events]] table when a web request happens.
 {| border="1" cellpadding="2" width="90%" align="center"
@@ Line 1,989: / Line 2,482: @@
 ! Type
 ! Description
+getClass
 |-
 |class
 |Class
 |The class name
+getContentLength
 |-
 |contentLength
 |long
 |The content length
+getDomain
 |-
-|contentType
+|domain
 |String
-|The content type
+|The domain
+getHost
 |-
-|httpRequestEvent
+|host
-|HttpRequestEvent
+|String
-|The corresponding HTTP request event
+|The host
+getMethod
+|-
+|method
+|HttpMethod
+|The HTTP method
+getPartitionTablePostfix
+getReferer
+|-
+|referer
+|String
+|The referer
+getRequestId
+|-
+|requestId
+|Long
+|The request ID
+getRequestUri
+|-
+|requestUri
+|URI
+|The request URI
+getSessionEvent
 |-
-|requestLine
+|sessionEvent
-|RequestLine
+|SessionEvent
-|The request line
+|The session event
+getTag
+getTimeStamp
 |-
 |timeStamp
@@ Line 2,014: / Line 2,535: @@
 |The timestamp
 |}
-<section end='HttpResponseEvent' />
+<section end='HttpRequestEvent' />
-== HttpRequestEvent ==
+== HttpResponseEvent ==
-<section begin='HttpRequestEvent' />
+<section begin='HttpResponseEvent' />
-These events are created by HTTP subsystem and inserted to the [[Database_Schema#http_events|http_events]] table when a web request happens.
+These events are created by HTTP subsystem and update the [[Database_Schema#http_events|http_events]] table when a web response happens.
 {| border="1" cellpadding="2" width="90%" align="center"
@@ Line 2,026: / Line 2,547: @@
 ! Type
 ! Description
+getClass
 |-
 |class
 |Class
 |The class name
+getContentFilename
+|-
+|contentFilename
+|String
+|The content filename
+getContentLength
 |-
 |contentLength
 |long
 |The content length
+getContentType
 |-
-|domain
+|contentType
 |String
-|The domain
+|The content type
+getHttpRequestEvent
 |-
-|host
+|httpRequestEvent
-|String
+|HttpRequestEvent
-|The host
+|The corresponding HTTP request event
+getPartitionTablePostfix
+getRequestLine
 |-
-|method
+|requestLine
-|HttpMethod
+|RequestLine
-|The HTTP method
+|The request line
-|-
+getTag
-|referer
+getTimeStamp
-|String
-|The referer
-|-
-|requestId
-|Long
-|The request ID
-|-
-|requestUri
-|URI
-|The request URI
-|-
-|sessionEvent
-|SessionEvent
-|The session event
 |-
 |timeStamp
@@ Line 2,067: / Line 2,585: @@
 |The timestamp
 |}
-<section end='HttpRequestEvent' />
+<section end='HttpResponseEvent' />
-== OpenVpnEvent ==
+== WebCacheEvent ==
-<section begin='OpenVpnEvent' />
+<section begin='WebCacheEvent' />
-These events are created by [[OpenVPN]] and update the [[Database_Schema#openvpn_events|openvpn_events]] table when OpenVPN processes a client action.
+These events are created by [[Web Cache]] and inserted to the [[Database_Schema#web_cache_stats|web_cache_stats]] table periodically.
 {| border="1" cellpadding="2" width="90%" align="center"
@@ Line 2,079: / Line 2,597: @@
 ! Type
 ! Description
+getBypassCount
 |-
-|address
+|bypassCount
-|InetAddress
+|long
-|The address
+|The number of bypasses
+getClass
 |-
 |class
 |Class
 |The class name
+getHitBytes
 |-
-|clientName
+|hitBytes
-|String
+|long
-|The client name
+|The number of bytes worth of hits
+getHitCount
 |-
-|poolAddress
+|hitCount
-|InetAddress
+|long
-|The pool address
+|The number of hits
+getMissBytes
 |-
-|timeStamp
+|missBytes
-|Timestamp
+|long
-|The timestamp
+|The number of bytes worth of misses
+getMissCount
 |-
-|type
+|missCount
-|OpenVpnEvent$EventType
+|long
-|The type
+|The number of misses
+getPartitionTablePostfix
+getPolicyId
+|-
+|policyId
+|Long
+|The policy ID
+getSystemCount
+|-
+|systemCount
+|long
+|The number of system bypasses
+getTag
+getTimeStamp
+|-
+|timeStamp
+|Timestamp
+|The timestamp
 |}
-<section end='OpenVpnEvent' />
+<section end='WebCacheEvent' />
-== OpenVpnStatusEvent ==
+== TunnelVpnStatusEvent ==
-<section begin='OpenVpnStatusEvent' />
+<section begin='TunnelVpnStatusEvent' />
-These events are created by [[OpenVPN]] and update the [[Database_Schema#openvpn_stats|openvpn_stats]] table periodically.
+These events are created by [[Tunnel VPN]] and inserted to the [[Database_Schema#tunnel_vpn_stats|tunnel_vpn_stats]] table periodically.
 {| border="1" cellpadding="2" width="90%" align="center"
@@ Line 2,116: / Line 2,657: @@
 ! Type
 ! Description
+getClass
 |-
-|address
+|class
-|InetAddress
+|Class
-|The address
+|The class name
+getInBytes
 |-
-|bytesRxDelta
+|inBytes
 |long
-|The delta number of RX (received) bytes from the previous event
+|The number of bytes received from this tunnel
+getOutBytes
 |-
-|bytesRxTotal
+|outBytes
 |long
-|The total number of RX (received) bytes
+|The number of bytes sent in this tunnel
+getPartitionTablePostfix
+getTag
+getTimeStamp
 |-
-|bytesTxDelta
+|timeStamp
-|long
+|Timestamp
-|The delta number of TX (transmitted) bytes from the previous event
+|The timestamp
+getTunnelName
 |-
-|bytesTxTotal
+|tunnelName
-|long
+|String
-|The total number of TX (transmitted) bytes
+|The name of this tunnel
+|}
+<section end='TunnelVpnStatusEvent' />
+== TunnelVpnEvent ==
+<section begin='TunnelVpnEvent' />
+These events are created by [[Tunnel VPN]] and inserted to the [[Database_Schema#tunnel_vpn_events|tunnel_vpn_events]] table when a tunnel connection event occurs.
+{| border="1" cellpadding="2" width="90%" align="center"
+! Attribute Name
+! Type
+! Description
+getClass
 |-
 |class
 |Class
 |The class name
+getEventType
 |-
-|clientName
+|eventType
-|String
+|TunnelVpnEvent$EventType
-|The client name
+|The event type
+getLocalAddress
 |-
-|end
+|localAddress
-|Timestamp
+|InetAddress
-|The end
+|The local host address
+getPartitionTablePostfix
+getServerAddress
 |-
-|poolAddress
+|serverAddress
 |InetAddress
-|The pool address
+|The server address
+getTag
+getTimeStamp
 |-
-|port
+|timeStamp
-|int
+|Timestamp
-|The port
+|The timestamp
+getTunnelName
 |-
-|start
+|tunnelName
-|Timestamp
+|String
-|The start
+|The name of this tunnel
-|-
-|timeStamp
-|Timestamp
-|The timestamp
 |}
-<section end='OpenVpnStatusEvent' />
+<section end='TunnelVpnEvent' />
-== WebCacheEvent ==
+== IntrusionPreventionLogEvent ==
-<section begin='WebCacheEvent' />
+<section begin='IntrusionPreventionLogEvent' />
-These events are created by [[Web Cache]] and inserted to the [[Database_Schema#web_cache_stats|web_cache_stats]] table periodically.
+These events are created by [[Intrusion Prevention]] and inserted to the [[Database_Schema#intrusion_prevention_events|intrusion_prevention_events]] table when a rule matches.
 {| border="1" cellpadding="2" width="90%" align="center"
@@ Line 2,177: / Line 2,742: @@
 ! Type
 ! Description
+getBlocked
 |-
-|bypassCount
+|blocked
-|long
+|boolean
-|The number of bypasses
+|True if blocked, false otherwise
+getCategory
+|-
+|category
+|String
+|The category
+getClass
 |-
 |class
 |Class
 |The class name
+getClassificationId
 |-
-|hitBytes
+|classificationId
 |long
-|The number of bytes worth of hits
+|The classification ID
+getClasstype
 |-
-|hitCount
+|classtype
+|String
+|The classtype
+getDportIcode
+|-
+|dportIcode
+|int
+|The dportIcode
+getEventId
+|-
+|eventId
 |long
-|The number of hits
+|The event ID
+getEventMicrosecond
 |-
-|missBytes
+|eventMicrosecond
 |long
-|The number of bytes worth of misses
+|The event microsecond
+getEventSecond
 |-
-|missCount
+|eventSecond
 |long
-|The number of misses
+|The event second
+getEventType
 |-
-|policyId
+|eventType
-|Long
+|long
-|The policy ID
+|The event type
+getGeneratorId
 |-
-|systemCount
+|generatorId
 |long
-|The number of system bypasses
+|The generator ID
+getImpact
+|-
+|impact
+|short
+|The impact
+getImpactFlag
 |-
-|timeStamp
+|impactFlag
-|Timestamp
+|short
-|The timestamp
+|The impact flag
+getIpDestination
+|-
+|ipDestination
+|InetAddress
+|The IP address destination
+getIpSource
+|-
+|ipSource
+|InetAddress
+|The IP address source
+getMplsLabel
+|-
+|mplsLabel
+|long
+|The mplsLabel
+getMsg
+|-
+|msg
+|String
+|The msg
+getPadding
+|-
+|padding
+|int
+|The padding
+getPartitionTablePostfix
+getPriorityId
+|-
+|priorityId
+|long
+|The priority ID
+getProtocol
+|-
+|protocol
+|short
+|The protocol
+getRid
+|-
+|rid
+|String
+|Rule ID
+getSensorId
+|-
+|sensorId
+|long
+|The sensor ID
+getSignatureId
+|-
+|signatureId
+|long
+|The signature ID
+getSignatureRevision
+|-
+|signatureRevision
+|long
+|The signature revision
+getSportItype
+|-
+|sportItype
+|int
+|The sportItype
+getTag
+getTimeStamp
+|-
+|timeStamp
+|Timestamp
+|The timestamp
+getVlanId
+|-
+|vlanId
+|int
+|The VLAN Id
 |}
-<section end='WebCacheEvent' />
+<section end='IntrusionPreventionLogEvent' />
+== AlertEvent ==
+<section begin='AlertEvent' />
+These events are created by [[Reports]] and inserted to the [[Database_Schema#alerts|alerts]] table when an alert fires.
+{| border="1" cellpadding="2" width="90%" align="center"
+! Attribute Name
+! Type
+! Description
+getCause
+|-
+|cause
+|LogEvent
+|The cause
+getClass
+|-
+|class
+|Class
+|The class name
+getDescription
+|-
+|description
+|String
+|The description
+getJson
+|-
+|json
+|JSONObject
+|The JSON string
+getPartitionTablePostfix
+getSummaryText
+|-
+|summaryText
+|String
+|The summary text
+getTag
+getTimeStamp
+|-
+|timeStamp
+|Timestamp
+|The timestamp
+|}
+<section end='AlertEvent' />
+== SmtpMessageAddressEvent ==
+<section begin='SmtpMessageAddressEvent' />
+These events are created by SMTP subsystem and inserted to the [[Database_Schema#mail_addrs|mail_addrs]] table for each address on each email.
+{| border="1" cellpadding="2" width="90%" align="center"
+! Attribute Name
+! Type
+! Description
+getAddr
+|-
+|addr
+|String
+|The address
+getClass
+|-
+|class
+|Class
+|The class name
+getKind
+|-
+|kind
+|AddressKind
+|The type for this address (F=From, T=To, C=CC, G=Envelope From, B=Envelope To, X=Unknown)
+getMessageId
+|-
+|messageId
+|Long
+|The message ID
+getPartitionTablePostfix
+getPersonal
+|-
+|personal
+|String
+|personal
+getTag
+getTimeStamp
+|-
+|timeStamp
+|Timestamp
+|The timestamp
+|}
+<section end='SmtpMessageAddressEvent' />
+== SmtpMessageEvent ==
+<section begin='SmtpMessageEvent' />
+These events are created by SMTP subsystem and inserted to the [[Database_Schema#mail_msgs|mail_msgs]] table for each email.
+{| border="1" cellpadding="2" width="90%" align="center"
+! Attribute Name
+! Type
+! Description
+getAddresses
+|-
+|addresses
+|Set
+|The addresses
+getClass
+|-
+|class
+|Class
+|The class name
+getEnvelopeFromAddress
+|-
+|envelopeFromAddress
+|String
+|The envelop FROM address
+getEnvelopeToAddress
+|-
+|envelopeToAddress
+|String
+|The envelope TO address
+getMessageId
+|-
+|messageId
+|Long
+|The message ID
+getPartitionTablePostfix
+getReceiver
+|-
+|receiver
+|String
+|The receiver
+getSender
+|-
+|sender
+|String
+|The sender
+getSessionEvent
+|-
+|sessionEvent
+|SessionEvent
+|The session event
+getSessionId
+|-
+|sessionId
+|Long
+|The session ID
+getSubject
+|-
+|subject
+|String
+|The subject
+getTag
+getTimeStamp
+|-
+|timeStamp
+|Timestamp
+|The timestamp
+getTmpFile
+|-
+|tmpFile
+|File
+|The /tmp file
+|}
+<section end='SmtpMessageEvent' />
+== ApplicationControlLogEvent ==
+<section begin='ApplicationControlLogEvent' />
+These events are created by [[Application Control]] and update the [[Database_Schema#sessions|sessions]] table when application control identifies a session.
+{| border="1" cellpadding="2" width="90%" align="center"
+! Attribute Name
+! Type
+! Description
+getApplication
+|-
+|application
+|String
+|The application
+getBlocked
+|-
+|blocked
+|boolean
+|True if blocked, false otherwise
+getCategory
+|-
+|category
+|String
+|The category
+getClass
+|-
+|class
+|Class
+|The class name
+getConfidence
+|-
+|confidence
+|Integer
+|The confidence (0-100)
+getDetail
+|-
+|detail
+|String
+|The details
+getFlagged
+|-
+|flagged
+|boolean
+|True if flagged, false otherwise
+getPartitionTablePostfix
+getProtochain
+|-
+|protochain
+|String
+|The protochain
+getRuleId
+|-
+|ruleId
+|Integer
+|The rule ID
+getSessionEvent
+|-
+|sessionEvent
+|SessionEvent
+|The session event
+getState
+|-
+|state
+|Integer
+|The state
+getTag
+getTimeStamp
+|-
+|timeStamp
+|Timestamp
+|The timestamp
+|}
+<section end='ApplicationControlLogEvent' />
+== LoginEvent ==
+<section begin='LoginEvent' />
+These events are created by [[Directory Connector]] and inserted to the [[Database_Schema#directory_connector_login_events|directory_connector_login_events]] table for each login.
+{| border="1" cellpadding="2" width="90%" align="center"
+! Attribute Name
+! Type
+! Description
+getClass
+|-
+|class
+|Class
+|The class name
+getClientAddr
+|-
+|clientAddr
+|InetAddress
+|The client address
+getDomain
+|-
+|domain
+|String
+|The domain
+getEvent
+|-
+|event
+|String
+|The event
+getLoginName
+|-
+|loginName
+|String
+|The login name
+getLoginType
+|-
+|loginType
+|String
+|W = Windows login, A=Active Directory, R=RADIUS, T=test
+getPartitionTablePostfix
+getTag
+getTimeStamp
+|-
+|timeStamp
+|Timestamp
+|The timestamp
+|}
+<section end='LoginEvent' />
+== WebFilterEvent ==
+<section begin='WebFilterEvent' />
+These events are created by [[Web Filter]] and update the [[Database_Schema#http_events|http_events]] table when web filter processes a web request.
+{| border="1" cellpadding="2" width="90%" align="center"
+! Attribute Name
+! Type
+! Description
+getAppName
+|-
+|appName
+|String
+|The name of the application
+getBlocked
+|-
+|blocked
+|Boolean
+|True if blocked, false otherwise
+getCategory
+|-
+|category
+|String
+|The category
+getCategoryId
+|-
+|categoryId
+|Integer
+|Numeric value of matching category
+getClass
+|-
+|class
+|Class
+|The class name
+getFlagged
+|-
+|flagged
+|Boolean
+|True if flagged, false otherwise
+getPartitionTablePostfix
+getReason
+|-
+|reason
+|Reason
+|The reason
+getRequestLine
+|-
+|requestLine
+|RequestLine
+|The request line
+getRuleId
+|-
+|ruleId
+|Integer
+|The rule ID
+getSessionEvent
+|-
+|sessionEvent
+|SessionEvent
+|The session event
+getTag
+getTimeStamp
+|-
+|timeStamp
+|Timestamp
+|The timestamp
+|}
+<section end='WebFilterEvent' />
+== WebFilterQueryEvent ==
+<section begin='WebFilterQueryEvent' />
+These events are created by [[Web Filter]] and inserted to the [[Database_Schema#http_query_events|http_query_events]] table when web filter processes a search engine search.
+{| border="1" cellpadding="2" width="90%" align="center"
+! Attribute Name
+! Type
+! Description
+getAppName
+|-
+|appName
+|String
+|The name of the application
+getBlocked
+|-
+|blocked
+|Boolean
+|True if blocked, false otherwise
+getClass
+|-
+|class
+|Class
+|The class name
+getContentLength
+|-
+|contentLength
+|long
+|The content length
+getFlagged
+|-
+|flagged
+|Boolean
+|True if flagged, false otherwise
+getHost
+|-
+|host
+|String
+|The host
+getMethod
+|-
+|method
+|HttpMethod
+|The method
+getPartitionTablePostfix
+getRequestId
+|-
+|requestId
+|Long
+|The request ID
+getRequestUri
+|-
+|requestUri
+|URI
+|The request URI
+getSessionEvent
+|-
+|sessionEvent
+|SessionEvent
+|The session event
+getTag
+getTerm
+|-
+|term
+|String
+|The search term/phrase
+getTimeStamp
+|-
+|timeStamp
+|Timestamp
+|The timestamp
+|}
+<section end='WebFilterQueryEvent' />
+== WanFailoverTestEvent ==
+<section begin='WanFailoverTestEvent' />
+These events are created by [[WAN Failover]] and inserted to the [[Database_Schema#wan_failover_test_events|wan_failover_test_events]] table when a test is run.
+{| border="1" cellpadding="2" width="90%" align="center"
+! Attribute Name
+! Type
+! Description
+getClass
+|-
+|class
+|Class
+|The class name
+getDescription
+|-
+|description
+|String
+|The description
+getInterfaceId
+|-
+|interfaceId
+|int
+|The interface ID
+getName
+|-
+|name
+|String
+|The test name
+getOsName
+|-
+|osName
+|String
+|The O/S interface name
+getPartitionTablePostfix
+getSuccess
+|-
+|success
+|Boolean
+|True if successful, false otherwise
+getTag
+getTimeStamp
+|-
+|timeStamp
+|Timestamp
+|The timestamp
+|}
+<section end='WanFailoverTestEvent' />
+== WanFailoverEvent ==
+<section begin='WanFailoverEvent' />
+These events are created by [[WAN Failover]] and inserted to the [[Database_Schema#wan_failover_action_events|wan_failover_action_events]] table when WAN Failover takes an action.
+{| border="1" cellpadding="2" width="90%" align="center"
+! Attribute Name
+! Type
+! Description
+getAction
+|-
+|action
+|WanFailoverEvent$Action
+|The action
+getClass
+|-
+|class
+|Class
+|The class name
+getInterfaceId
+|-
+|interfaceId
+|int
+|The interface ID
+getName
+|-
+|name
+|String
+|The name
+getOsName
+|-
+|osName
+|String
+|The O/S interface name
+getPartitionTablePostfix
+getTag
+getTimeStamp
+|-
+|timeStamp
+|Timestamp
+|The timestamp
+|}
+<section end='WanFailoverEvent' />
+== CaptureRuleEvent ==
+<section begin='CaptureRuleEvent' />
+These events are created by [[Captive Portal]] and update the [[Database_Schema#sessions|sessions]] table when Captive Portal processes a session.
+{| border="1" cellpadding="2" width="90%" align="center"
+! Attribute Name
+! Type
+! Description
+getCaptured
+|-
+|captured
+|boolean
+|True if captured, false otherwise
+getClass
+|-
+|class
+|Class
+|The class name
+getPartitionTablePostfix
+getRuleId
+|-
+|ruleId
+|Integer
+|The rule ID
+getSessionEvent
+|-
+|sessionEvent
+|SessionEvent
+|The session event
+getTag
+getTimeStamp
+|-
+|timeStamp
+|Timestamp
+|The timestamp
+|}
+<section end='CaptureRuleEvent' />
+== CaptivePortalUserEvent ==
+<section begin='CaptivePortalUserEvent' />
+These events are created by [[Captive Portal]] and inserted to the [[Database_Schema#captive_portal_user_events|captive_portal_user_events]] table when Captive Portal user takes an action.
+{| border="1" cellpadding="2" width="90%" align="center"
+! Attribute Name
+! Type
+! Description
+getAuthenticationType
+|-
+|authenticationType
+|CaptivePortalSettings$AuthenticationType
+|The authentication type
+getAuthenticationTypeValue
+|-
+|authenticationTypeValue
+|String
+|The authentication type as a string
+getClass
+|-
+|class
+|Class
+|The class name
+getClientAddr
+|-
+|clientAddr
+|InetAddress
+|The client address
+getEvent
+|-
+|event
+|CaptivePortalUserEvent$EventType
+|The event (LOGIN, FAILED, TIMEOUT, INACTIVE, USER_LOGOUT, ADMIN_LOGOUT)
+getEventValue
+|-
+|eventValue
+|String
+|The event value as a string (LOGIN, FAILED, TIMEOUT, INACTIVE, USER_LOGOUT, ADMIN_LOGOUT)
+getLoginName
+|-
+|loginName
+|String
+|The login name
+getPartitionTablePostfix
+getPolicyId
+|-
+|policyId
+|Integer
+|The policy ID
+getTag
+getTimeStamp
+|-
+|timeStamp
+|Timestamp
+|The timestamp
+|}
+<section end='CaptivePortalUserEvent' />
+== SpamLogEvent ==
+<section begin='SpamLogEvent' />
+These events are created by [[Spam Blocker]] and update the [[Database_Schema#mail_msgs|mail_msgs]] table when an email is scanned.
+{| border="1" cellpadding="2" width="90%" align="center"
+! Attribute Name
+! Type
+! Description
+getAction
+|-
+|action
+|SpamMessageAction
+|The action
+getClass
+|-
+|class
+|Class
+|The class name
+getClientAddr
+|-
+|clientAddr
+|InetAddress
+|The client address
+getClientPort
+|-
+|clientPort
+|int
+|The client port
+getMessageId
+|-
+|messageId
+|Long
+|The message ID
+getPartitionTablePostfix
+getReceiver
+|-
+|receiver
+|String
+|The receiver
+getScore
+|-
+|score
+|float
+|The score
+getSender
+|-
+|sender
+|String
+|The sender
+getServerAddr
+|-
+|serverAddr
+|InetAddress
+|The server address
+getServerPort
+|-
+|serverPort
+|int
+|The server port
+getSmtpMessageEvent
+|-
+|smtpMessageEvent
+|SmtpMessageEvent
+|The parent SMTP message event
+isSpam
+|-
+|isSpam
+|boolean
+|True if spam, false otherwise
+getSubject
+|-
+|subject
+|String
+|The subject
+getTag
+getTestsString
+|-
+|testsString
+|String
+|The tests string from the spam engine
+getTimeStamp
+|-
+|timeStamp
+|Timestamp
+|The timestamp
+getVendorName
+|-
+|vendorName
+|String
+|The application name
+|}
+<section end='SpamLogEvent' />
+== SpamSmtpTarpitEvent ==
+<section begin='SpamSmtpTarpitEvent' />
+These events are created by [[Spam Blocker]] and inserted to the [[Database_Schema#smtp_tarpit_events|smtp_tarpit_events]] table when a session is tarpitted.
+{| border="1" cellpadding="2" width="90%" align="center"
+! Attribute Name
+! Type
+! Description
+getIPAddr
+|-
+|IPAddr
+|InetAddress
+|The IP address
+getClass
+|-
+|class
+|Class
+|The class name
+getHostname
+|-
+|hostname
+|String
+|The hostname
+getPartitionTablePostfix
+getSessionEvent
+|-
+|sessionEvent
+|SessionEvent
+|The session event
+getSessionId
+|-
+|sessionId
+|Long
+|The session ID
+getTag
+getTimeStamp
+|-
+|timeStamp
+|Timestamp
+|The timestamp
+getVendorName
+|-
+|vendorName
+|String
+|The application name
+|}
+<section end='SpamSmtpTarpitEvent' />
+== ConfigurationBackupEvent ==
+<section begin='ConfigurationBackupEvent' />
+These events are created by [[Configuration Backup]] and inserted to the [[Database_Schema#configuratio_backup_events|configuratio_backup_events]] table when a backup occurs.
+{| border="1" cellpadding="2" width="90%" align="center"
+! Attribute Name
+! Type
+! Description
+getClass
+|-
+|class
+|Class
+|The class name
+getDestination
+|-
+|destination
+|String
+|The destination
+getDetail
+|-
+|detail
+|String
+|The details
+getPartitionTablePostfix
+getSuccess
+|-
+|success
+|boolean
+|True if successful, false otherwise
+getTag
+getTimeStamp
+|-
+|timeStamp
+|Timestamp
+|The timestamp
+|}
+<section end='ConfigurationBackupEvent' />
+== TunnelStatusEvent ==
+<section begin='TunnelStatusEvent' />
+These events are created by [[IPsec VPN]] and inserted to the [[Database_Schema#ipsec_tunnel_stats|ipsec_tunnel_stats]] table periodically.
+{| border="1" cellpadding="2" width="90%" align="center"
+! Attribute Name
+! Type
+! Description
+getClass
+|-
+|class
+|Class
+|The class name
+getInBytes
+|-
+|inBytes
+|long
+|The number of bytes received from this tunnel
+getOutBytes
+|-
+|outBytes
+|long
+|The number of bytes sent in this tunnel
+getPartitionTablePostfix
+getTag
+getTimeStamp
+|-
+|timeStamp
+|Timestamp
+|The timestamp
+getTunnelName
+|-
+|tunnelName
+|String
+|The name of this tunnel
+|}
+<section end='TunnelStatusEvent' />
+== IpsecVpnEvent ==
+<section begin='IpsecVpnEvent' />
+These events are created by [[IPsec VPN]] and inserted to the [[Database_Schema#ipsec_vpn_events|ipsec_vpn_events]] table when IPsec connection event occurs.
+{| border="1" cellpadding="2" width="90%" align="center"
+! Attribute Name
+! Type
+! Description
+getClass
+|-
+|class
+|Class
+|The class name
+getEventType
+|-
+|eventType
+|IpsecVpnEvent$EventType
+|The event type
+getLocalAddress
+|-
+|localAddress
+|String
+|The local host address
+getPartitionTablePostfix
+getRemoteAddress
+|-
+|remoteAddress
+|String
+|The remote host address
+getTag
+getTimeStamp
+|-
+|timeStamp
+|Timestamp
+|The timestamp
+getTunnelDescription
+|-
+|tunnelDescription
+|String
+|Description of tunnel
+|}
+<section end='IpsecVpnEvent' />
+== VirtualUserEvent ==
+<section begin='VirtualUserEvent' />
+These events are created by [[IPsec VPN]] and inserted to the [[Database_Schema#ipsec_user_events|ipsec_user_events]] table when a user event occurs.
+{| border="1" cellpadding="2" width="90%" align="center"
+! Attribute Name
+! Type
+! Description
+getClass
+|-
+|class
+|Class
+|The class name
+getClientAddress
+|-
+|clientAddress
+|InetAddress
+|The client address
+getClientProtocol
+|-
+|clientProtocol
+|String
+|The client protocol
+getClientUsername
+|-
+|clientUsername
+|String
+|The client username
+getElapsedTime
+|-
+|elapsedTime
+|String
+|The elapsed time
+getEventId
+|-
+|eventId
+|Long
+|The event ID
+getNetInterface
+|-
+|netInterface
+|String
+|The net interface
+getNetProcess
+|-
+|netProcess
+|String
+|The net process
+getNetRXbytes
+|-
+|netRXbytes
+|Long
+|The number of RX (received) bytes
+getNetTXbytes
+|-
+|netTXbytes
+|Long
+|The number of TX (transmitted) bytes
+getPartitionTablePostfix
+getTag
+getTimeStamp
+|-
+|timeStamp
+|Timestamp
+|The timestamp
+|}
+<section end='VirtualUserEvent' />
+== SslInspectorLogEvent ==
+<section begin='SslInspectorLogEvent' />
+These events are created by [[SSL Inspector]] and update the [[Database_Schema#sessions|sessions]] table when a session is processed by SSL Inspector.
+{| border="1" cellpadding="2" width="90%" align="center"
+! Attribute Name
+! Type
+! Description
+getClass
+|-
+|class
+|Class
+|The class name
+getDetail
+|-
+|detail
+|String
+|The details
+getPartitionTablePostfix
+getRuleId
+|-
+|ruleId
+|Integer
+|The rule ID
+getSessionEvent
+|-
+|sessionEvent
+|SessionEvent
+|The session event
+getStatus
+|-
+|status
+|String
+|The status
+getTag
+getTimeStamp
+|-
+|timeStamp
+|Timestamp
+|The timestamp
+|}
+<section end='SslInspectorLogEvent' />
+== ApplicationControlLiteEvent ==
+<section begin='ApplicationControlLiteEvent' />
+These events are created by [[Application Control Lite]] and update the [[Database_Schema#sessions|sessions]] table when application control lite identifies a session.
+{| border="1" cellpadding="2" width="90%" align="center"
+! Attribute Name
+! Type
+! Description
+getBlocked
+|-
+|blocked
+|boolean
+|True if blocked, false otherwise
+getClass
+|-
+|class
+|Class
+|The class name
+getPartitionTablePostfix
+getProtocol
+|-
+|protocol
+|String
+|The protocol
+getSessionId
+|-
+|sessionId
+|Long
+|The session ID
+getTag
+getTimeStamp
+|-
+|timeStamp
+|Timestamp
+|The timestamp
+|}
+<section end='ApplicationControlLiteEvent' />
+== HttpRequestEvent ==
+<section begin='HttpRequestEvent' />
+These events are created by HTTP subsystem and inserted to the [[Database_Schema#http_events|http_events]] table when a web request happens.
+{| border="1" cellpadding="2" width="90%" align="center"
+! Attribute Name
+! Type
+! Description
+getClass
+|-
+|class
+|Class
+|The class name
+getContentLength
+|-
+|contentLength
+|long
+|The content length
+getDomain
+|-
+|domain
+|String
+|The domain
+getHost
+|-
+|host
+|String
+|The host
+getMethod
+|-
+|method
+|HttpMethod
+|The HTTP method
+getPartitionTablePostfix
+getReferer
+|-
+|referer
+|String
+|The referer
+getRequestId
+|-
+|requestId
+|Long
+|The request ID
+getRequestUri
+|-
+|requestUri
+|URI
+|The request URI
+getSessionEvent
+|-
+|sessionEvent
+|SessionEvent
+|The session event
+getTag
+getTimeStamp
+|-
+|timeStamp
+|Timestamp
+|The timestamp
+|}
+<section end='HttpRequestEvent' />
+== HttpResponseEvent ==
+<section begin='HttpResponseEvent' />
+These events are created by HTTP subsystem and update the [[Database_Schema#http_events|http_events]] table when a web response happens.
+{| border="1" cellpadding="2" width="90%" align="center"
+! Attribute Name
+! Type
+! Description
+getClass
+|-
+|class
+|Class
+|The class name
+getContentLength
+|-
+|contentLength
+|long
+|The content length
+getContentType
+|-
+|contentType
+|String
+|The content type
+getHttpRequestEvent
+|-
+|httpRequestEvent
+|HttpRequestEvent
+|The corresponding HTTP request event
+getPartitionTablePostfix
+getRequestLine
+|-
+|requestLine
+|RequestLine
+|The request line
+getTag
+getTimeStamp
+|-
+|timeStamp
+|Timestamp
+|The timestamp
+|}
+<section end='HttpResponseEvent' />
+== IntrusionPreventionLogEvent ==
+<section begin='IntrusionPreventionLogEvent' />
+These events are created by [[Intrusion Prevention]] and inserted to the [[Database_Schema#intrusion_prevention_events|intrusion_prevention_events]] table when a rule matches.
+{| border="1" cellpadding="2" width="90%" align="center"
+! Attribute Name
+! Type
+! Description
+getBlocked
+|-
+|blocked
+|short
+|True if blocked, false otherwise
+getCategory
+|-
+|category
+|String
+|The category
+getClass
+|-
+|class
+|Class
+|The class name
+getClassificationId
+|-
+|classificationId
+|long
+|The classification ID
+getClasstype
+|-
+|classtype
+|String
+|The classtype
+getDportIcode
+|-
+|dportIcode
+|int
+|The dportIcode
+getEventId
+|-
+|eventId
+|long
+|The event ID
+getEventMicrosecond
+|-
+|eventMicrosecond
+|long
+|The event microsecond
+getEventSecond
+|-
+|eventSecond
+|long
+|The event second
+getEventType
+|-
+|eventType
+|long
+|The event type
+getGeneratorId
+|-
+|generatorId
+|long
+|The generator ID
+getImpact
+|-
+|impact
+|short
+|The impact
+getImpactFlag
+|-
+|impactFlag
+|short
+|The impact flag
+getIpDestination
+|-
+|ipDestination
+|InetAddress
+|The IP address destination
+getIpSource
+|-
+|ipSource
+|InetAddress
+|The IP address source
+getMplsLabel
+|-
+|mplsLabel
+|long
+|The mplsLabel
+getMsg
+|-
+|msg
+|String
+|The msg
+getPadding
+|-
+|padding
+|int
+|The padding
+getPartitionTablePostfix
+getPriorityId
+|-
+|priorityId
+|long
+|The priority ID
+getProtocol
+|-
+|protocol
+|short
+|The protocol
+getSensorId
+|-
+|sensorId
+|long
+|The sensor ID
+getSignatureId
+|-
+|signatureId
+|long
+|The signature ID
+getSignatureRevision
+|-
+|signatureRevision
+|long
+|The signature revision
+getSportItype
+|-
+|sportItype
+|int
+|The sportItype
+getTag
+getTimeStamp
+|-
+|timeStamp
+|Timestamp
+|The timestamp
+getVlanId
+|-
+|vlanId
+|int
+|The VLAN Id
+|}
+<section end='IntrusionPreventionLogEvent' />

Edge Threat Management

Difference between revisions of "Event Definitions"

Revision as of 16:06, 24 June 2019

SpamLogEvent

SpamSmtpTarpitEvent

SpamLogEvent

SpamSmtpTarpitEvent

OpenVpnStatusEvent

OpenVpnEvent

ApplicationControlLiteEvent

FirewallEvent

PrioritizeEvent

AdBlockerEvent

CookieEvent

VirusFtpEvent

VirusHttpEvent

VirusSmtpEvent

FirewallEvent

OpenVpnStatusEvent

OpenVpnEvent

AdminLoginEvent

AlertEvent

InterfaceStatEvent

LogEvent

SystemStatEvent

SessionMinuteEvent

SessionEvent

SessionStatsEvent

SessionNatEvent

QuotaEvent

HostTableEvent

DeviceTableEvent

SettingsChangesEvent

UserTableEvent

SessionMinuteEvent

SessionEvent

SessionStatsEvent

SessionNatEvent

QuotaEvent

SmtpMessageAddressEvent

SmtpMessageEvent

CaptureRuleEvent

CaptivePortalUserEvent

AdBlockerEvent

CookieEvent

HttpRequestEvent

HttpResponseEvent

WebCacheEvent

TunnelVpnStatusEvent

TunnelVpnEvent

IntrusionPreventionLogEvent

AlertEvent

SmtpMessageAddressEvent

SmtpMessageEvent

ApplicationControlLogEvent

LoginEvent

WebFilterEvent

WebFilterQueryEvent

WanFailoverTestEvent

WanFailoverEvent

CaptureRuleEvent

CaptivePortalUserEvent

SpamLogEvent

SpamSmtpTarpitEvent

ConfigurationBackupEvent

TunnelStatusEvent

IpsecVpnEvent

VirtualUserEvent

SslInspectorLogEvent

ApplicationControlLiteEvent

HttpRequestEvent

HttpResponseEvent

IntrusionPreventionLogEvent

Navigation menu

Search