Difference between revisions of "Event Definitions"

Revision as of 15:33, 9 February 2020

Events Events Events

All event data is stored in the Database Schema in a relational database. As Untangle and applications process traffic they create Event objects that add and modify content in the database. Each event has it's own class/object with certain fields that modify the database in a certain way.

The list below shows the classes used in the event logging and the attributes of each event object. These can be used to add alerts in Reports or for other event handling within Untangle.

SpamLogEvent

These events are created by Spam Blocker and update the mail_msgs table when an email is scanned.

Attribute Name	Type	Description getAction
action	SpamMessageAction	The action getClass
class	Class	The class name getClientAddr
clientAddr	InetAddress	The client address getClientPort
clientPort	int	The client port getMessageId
messageId	Long	The message ID getPartitionTablePostfix getReceiver
receiver	String	The receiver getScore
score	float	The score getSender
sender	String	The sender getServerAddr
serverAddr	InetAddress	The server address getServerPort
serverPort	int	The server port getSmtpMessageEvent
smtpMessageEvent	SmtpMessageEvent	The parent SMTP message event isSpam
isSpam	boolean	True if spam, false otherwise getSubject
subject	String	The subject getTag getTestsString
testsString	String	The tests string from the spam engine getTimeStamp
timeStamp	Timestamp	The timestamp getVendorName
vendorName	String	The application name

== SpamSmtpTarpitEvent ==

These events are created by Spam Blocker and inserted to the smtp_tarpit_events table when a session is tarpitted.

Attribute Name	Type	Description getIPAddr
IPAddr	InetAddress	The IP address getClass
class	Class	The class name getHostname
hostname	String	The hostname getPartitionTablePostfix getSessionEvent
sessionEvent	SessionEvent	The session event getSessionId
sessionId	Long	The session ID getTag getTimeStamp
timeStamp	Timestamp	The timestamp getVendorName
vendorName	String	The application name

== PrioritizeEvent ==

These events are created by the Bandwidth Control and update the session table when a session is prioritized.

Attribute Name	Type	Description getClass
class	Class	The class name getPartitionTablePostfix getPriority
priority	int	The priority getRuleId
ruleId	int	The rule ID getSessionEvent
sessionEvent	SessionEvent	The session event getTag getTimeStamp
timeStamp	Timestamp	The timestamp

== VirusFtpEvent ==

These events are created by Virus Blocker and update the ftp_events table when Virus Blocker scans an FTP transfer.

Attribute Name	Type	Description getAppName
appName	String	The name of the application getClass
class	Class	The class name getClean
clean	boolean	True if clean, false otherwise getPartitionTablePostfix getSessionEvent
sessionEvent	SessionEvent	The session event getTag getTimeStamp
timeStamp	Timestamp	The timestamp getUri
uri	String	The URI getVirusName
virusName	String	The virus name, if not clean

== VirusHttpEvent ==

These events are created by Virus Blocker and update the http_events table when Virus Blocker scans an HTTP transfer.

Attribute Name	Type	Description getAppName
appName	String	The name of the application getClass
class	Class	The class name getClean
clean	boolean	True if clean, false otherwise getPartitionTablePostfix getRequestLine
requestLine	RequestLine	The request line getSessionEvent
sessionEvent	SessionEvent	The session event getTag getTimeStamp
timeStamp	Timestamp	The timestamp getVirusName
virusName	String	The virus name, if not clean

== VirusSmtpEvent ==

These events are created by Virus Blocker and update the mail_msgs table when Virus Blocker scans an email.

Attribute Name	Type	Description getAction
action	String	The action getAppName
appName	String	The name of the application getClass
class	Class	The class name getClean
clean	boolean	True if clean, false otherwise getMessageId
messageId	Long	The message ID getPartitionTablePostfix getTag getTimeStamp
timeStamp	Timestamp	The timestamp getVirusName
virusName	String	The virus name, if not clean

== FirewallEvent ==

These events are created by Firewall and update the sessions table when a firewall rule matches a session.

Attribute Name	Type	Description getBlocked
blocked	boolean	True if blocked, false otherwise getClass
class	Class	The class name getFlagged
flagged	boolean	True if flagged, false otherwise getPartitionTablePostfix getRuleId
ruleId	long	The rule ID getSessionId
sessionId	Long	The session ID getTag getTimeStamp
timeStamp	Timestamp	The timestamp

== OpenVpnStatusEvent ==

These events are created by OpenVPN and update the openvpn_stats table periodically.

Attribute Name	Type	Description getAddress
address	InetAddress	The address getBytesRxDelta
bytesRxDelta	long	The delta number of RX (received) bytes from the previous event getBytesRxTotal
bytesRxTotal	long	The total number of RX (received) bytes getBytesTxDelta
bytesTxDelta	long	The delta number of TX (transmitted) bytes from the previous event getBytesTxTotal
bytesTxTotal	long	The total number of TX (transmitted) bytes getClass
class	Class	The class name getClientName
clientName	String	The client name getEnd
end	Timestamp	The end getPartitionTablePostfix getPoolAddress
poolAddress	InetAddress	The pool address getPort
port	int	The port getStart
start	Timestamp	The start getTag getTimeStamp
timeStamp	Timestamp	The timestamp

== OpenVpnEvent ==

These events are created by OpenVPN and update the openvpn_events table when OpenVPN processes a client action.

Attribute Name	Type	Description getAddress
address	InetAddress	The address getClass
class	Class	The class name getClientName
clientName	String	The client name getPartitionTablePostfix getPoolAddress
poolAddress	InetAddress	The pool address getTag getTimeStamp
timeStamp	Timestamp	The timestamp getType
type	OpenVpnEvent$EventType	The type

== AdminLoginEvent ==

These events are created by the base system and inserted to the admin_logins table when an administrator login is attempted or successful.

Attribute Name	Type	Description getClass
class	Class	The class name getClientAddress
clientAddress	InetAddress	The client address getLocal
local	boolean	1 if login is done via local console, 0 otherwise getLogin
login	String	The login username getPartitionTablePostfix getReason
reason	String	The reason getSucceeded
succeeded	boolean	1 if successful, 0 otherwise getTag getTimeStamp
timeStamp	Timestamp	The timestamp

== AlertEvent ==

These events are created by Reports and inserted to the alerts table when an alert fires.

Attribute Name	Type	Description getCausalRule
causalRule	EventRule	The causal rule getCause
cause	LogEvent	The cause getClass
class	Class	The class name getDescription
description	String	The description getEventSent
eventSent	Boolean	True if the event was sent, false otherwise getJson
json	String	The JSON string getPartitionTablePostfix getSummaryText
summaryText	String	The summary text getTag getTimeStamp
timeStamp	Timestamp	The timestamp

== InterfaceStatEvent ==

These events are created by the base system and inserted to the interface_stat_events table periodically with interface stats.

Attribute Name	Type	Description getClass
class	Class	The class name getInterfaceId
interfaceId	int	The interface ID getPartitionTablePostfix getRxBytes
rxBytes	double	The total of received bytes getRxRate
rxRate	double	The RX rate in byte/s getTag getTimeStamp
timeStamp	Timestamp	The timestamp getTxBytes
txBytes	double	The total of transmitted bytes getTxRate
txRate	double	The TX rate in byte/s

== LogEvent ==

These base class for all events.

Attribute Name	Type	Description getClass
class	Class	The class name getPartitionTablePostfix getTag getTimeStamp
timeStamp	Timestamp	The timestamp

== SystemStatEvent ==

These events are created by the base system and inserted to the server_events table periodically.

Attribute Name	Type	Description getActiveHosts
activeHosts	int	The active host count getClass
class	Class	The class name getCpuSystem
cpuSystem	float	The system CPU utilization getCpuUser
cpuUser	float	The user CPU utilization getDiskFree
diskFree	long	The amount of disk free getDiskFreePercent
diskFreePercent	float	The percentage of disk free getDiskTotal
diskTotal	long	The total size of the disk getDiskUsed
diskUsed	long	The amount of disk used getDiskUsedPercent
diskUsedPercent	float	The percentage of disk used getLoad1
load1	float	The 1-minute CPU load getLoad15
load15	float	The 15-minute CPU load getLoad5
load5	float	The 5-minute CPU load getMemBuffers
memBuffers	long	The amount of memory used by buffers getMemCache
memCache	long	The amount of memory used by cache getMemFree
memFree	long	The amount of free memory getMemFreePercent
memFreePercent	float	The percentage of total memory that is free getMemTotal
memTotal	long	The total amount of memory getMemUsed
memUsed	long	The amount of used memory getMemUsedPercent
memUsedPercent	float	The percentage of total memory that is used getPartitionTablePostfix getSwapFree
swapFree	long	The amount of free swap getSwapFreePercent
swapFreePercent	float	The percentage of total swap that is free getSwapTotal
swapTotal	long	The total size of swap getSwapUsed
swapUsed	long	The amount of used swap getSwapUsedPercent
swapUsedPercent	float	The percentage of total swap that is used getTag getTimeStamp
timeStamp	Timestamp	The timestamp

== HostTableEvent ==

These events are created by the base system and inserted to the host_table_updates table when the host table is modified.

Attribute Name	Type	Description getAddress
address	InetAddress	The address getClass
class	Class	The class name getKey
key	String	The key getOldValue
oldValue	String	The old value getPartitionTablePostfix getTag getTimeStamp
timeStamp	Timestamp	The timestamp getValue
value	String	The value

== DeviceTableEvent ==

These events are created by the base system and inserted to the device_table_updates table when the device list is modified.

Attribute Name	Type	Description getClass
class	Class	The class name getDevice
device	DeviceTableEntry	The Device getKey
key	String	The key getMacAddress
macAddress	String	The MAC address getOldValue
oldValue	String	The old value getPartitionTablePostfix getTag getTimeStamp
timeStamp	Timestamp	The timestamp getValue
value	String	The value

== SettingsChangesEvent ==

These events are created by the base system and inserted to the settings_changes table when settings are changed.

Attribute Name	Type	Description getClass
class	Class	The class name getHostname
hostname	String	The hostname getPartitionTablePostfix getSettingsFile
settingsFile	String	The settings file getTag getTimeStamp
timeStamp	Timestamp	The timestamp getUsername
username	String	The username

== UserTableEvent ==

These events are created by the base system and inserted to the user_table_updates table when the user table is modified.

Attribute Name	Type	Description getClass
class	Class	The class name getKey
key	String	The key getOldValue
oldValue	String	The old value getPartitionTablePostfix getTag getTimeStamp
timeStamp	Timestamp	The timestamp getUsername
username	String	The username getValue
value	String	The value

== SessionMinuteEvent ==

These events are created by the base system and update the session_minutes table each minute a session exists.

Attribute Name	Type	Description getC2sBytes
c2sBytes	long	The number of bytes sent from the client to the server getClass
class	Class	The class name getPartitionTablePostfix getS2cBytes
s2cBytes	long	The number of bytes sent from the server to the client getSessionId
sessionId	long	The session ID getTag getTimeStamp
timeStamp	Timestamp	The timestamp

== SessionEvent ==

These events are created by the base system and update the sessions table each time a session is created.

Attribute Name	Type	Description getCClientAddr
CClientAddr	InetAddress	The client-side (pre-NAT) client address getCClientPort
CClientPort	Integer	The client-side (pre-NAT) client port getCServerAddr
CServerAddr	InetAddress	The client-side (pre-NAT) server address getCServerPort
CServerPort	Integer	The client-side (pre-NAT) server port getSClientAddr
SClientAddr	InetAddress	The server-side (post-NAT) client address getSClientPort
SClientPort	Integer	The server-side (post-NAT) client port getSServerAddr
SServerAddr	InetAddress	The server-side (post-NAT) server address getSServerPort
SServerPort	Integer	The server-side (post-NAT) server port getBypassed
bypassed	boolean	True if bypassed, false otherwise getClass
class	Class	The class name getClientCountry
clientCountry	String	The client country getClientIntf
clientIntf	Integer	The client interface ID getClientLatitude
clientLatitude	Double	The client latitude getClientLongitude
clientLongitude	Double	The client longitude getEntitled
entitled	boolean	The entitled status getFilterPrefix
filterPrefix	String	The filter prefix if blocked by the filter rules getHostname
hostname	String	The hostname getIcmpType
icmpType	Short	The ICMP type getLocalAddr
localAddr	InetAddress	The local host address getPartitionTablePostfix getPolicyId
policyId	Integer	The policy ID getPolicyRuleId
policyRuleId	Integer	The policy rule ID getProtocol
protocol	Short	The protocol getProtocolName
protocolName	String	The protocol name getRemoteAddr
remoteAddr	InetAddress	The remote host address getServerCountry
serverCountry	String	The server country getServerIntf
serverIntf	Integer	The server interface ID getServerLatitude
serverLatitude	Double	The server latitude getServerLongitude
serverLongitude	Double	The server longitude getSessionId
sessionId	Long	The session ID getTag getTagsString
tagsString	String	The string value of all tags getTimeStamp
timeStamp	Timestamp	The timestamp getUsername
username	String	The username

== SessionStatsEvent ==

These events are created by the base system and update the sessions table when a session ends with the updated stats.

Attribute Name	Type	Description getC2pBytes
c2pBytes	long	The number of bytes sent from the client to Untangle getClass
class	Class	The class name getEndTime
endTime	long	The end time/date getP2cBytes
p2cBytes	long	The number of bytes sent to the client from Untangle getP2sBytes
p2sBytes	long	The number of bytes sent to the server from Untangle getPartitionTablePostfix getS2pBytes
s2pBytes	long	The number of bytes sent from the server to Untangle getSessionEvent
sessionEvent	SessionEvent	The session event getSessionId
sessionId	Long	The session ID getTag getTimeStamp
timeStamp	Timestamp	The timestamp

== SessionNatEvent ==

These events are created by the base system and update the sessions table each time a session is NATd with the post-NAT information.

Attribute Name	Type	Description getSClientAddr
SClientAddr	InetAddress	The server-side (post-NAT) client address getSClientPort
SClientPort	Integer	The server-side (post-NAT) client port getSServerAddr
SServerAddr	InetAddress	The server-side (post-NAT) server address getSServerPort
SServerPort	Integer	The server-side (post-NAT) server port getClass
class	Class	The class name getPartitionTablePostfix getServerIntf
serverIntf	Integer	The server interface ID getSessionEvent
sessionEvent	SessionEvent	The session event getTag getTimeStamp
timeStamp	Timestamp	The timestamp

== QuotaEvent ==

These events are created by the Bandwidth Control and inserted or update the quotas table when quotas are given or exceeded.

Attribute Name	Type	Description getAction
action	int	The action (1=Quota Given, 2=Quota Exceeded) getClass
class	Class	The class name getEntity
entity	String	The entity getPartitionTablePostfix getQuotaSize
quotaSize	long	The quota size getReason
reason	String	The reason getTag getTimeStamp
timeStamp	Timestamp	The timestamp

== SmtpMessageAddressEvent ==

These events are created by SMTP subsystem and inserted to the mail_addrs table for each address on each email.

Attribute Name	Type	Description getAddr
addr	String	The address getClass
class	Class	The class name getKind
kind	AddressKind	The type for this address (F=From, T=To, C=CC, G=Envelope From, B=Envelope To, X=Unknown) getMessageId
messageId	Long	The message ID getPartitionTablePostfix getPersonal
personal	String	personal getTag getTimeStamp
timeStamp	Timestamp	The timestamp

== SmtpMessageEvent ==

These events are created by SMTP subsystem and inserted to the mail_msgs table for each email.

Attribute Name	Type	Description getAddresses
addresses	Set	The addresses getClass
class	Class	The class name getEnvelopeFromAddress
envelopeFromAddress	String	The envelop FROM address getEnvelopeToAddress
envelopeToAddress	String	The envelope TO address getMessageId
messageId	Long	The message ID getPartitionTablePostfix getReceiver
receiver	String	The receiver getSender
sender	String	The sender getSessionEvent
sessionEvent	SessionEvent	The session event getSessionId
sessionId	Long	The session ID getSubject
subject	String	The subject getTag getTimeStamp
timeStamp	Timestamp	The timestamp getTmpFile
tmpFile	File	The /tmp file

== CaptureRuleEvent ==

These events are created by Captive Portal and update the sessions table when Captive Portal processes a session.

Attribute Name	Type	Description getCaptured
captured	boolean	True if captured, false otherwise getClass
class	Class	The class name getPartitionTablePostfix getRuleId
ruleId	Integer	The rule ID getSessionEvent
sessionEvent	SessionEvent	The session event getTag getTimeStamp
timeStamp	Timestamp	The timestamp

== CaptivePortalUserEvent ==

These events are created by Captive Portal and inserted to the captive_portal_user_events table when Captive Portal user takes an action.

Attribute Name	Type	Description getAuthenticationType
authenticationType	CaptivePortalSettings$AuthenticationType	The authentication type getAuthenticationTypeValue
authenticationTypeValue	String	The authentication type as a string getClass
class	Class	The class name getClientAddr
clientAddr	String	The client address getEvent
event	CaptivePortalUserEvent$EventType	The event (LOGIN, FAILED, TIMEOUT, INACTIVE, USER_LOGOUT, ADMIN_LOGOUT) getEventValue
eventValue	String	The event value as a string (LOGIN, FAILED, TIMEOUT, INACTIVE, USER_LOGOUT, ADMIN_LOGOUT) getLoginName
loginName	String	The login name getPartitionTablePostfix getPolicyId
policyId	Integer	The policy ID getTag getTimeStamp
timeStamp	Timestamp	The timestamp

== AdBlockerEvent ==

These events are created by Ad Blocker and update the http_events table when an ad is blocked.

Attribute Name	Type	Description getAction
action	Action	The action getClass
class	Class	The class name getPartitionTablePostfix getReason
reason	String	The reason getRequestId
requestId	Long	The request ID getTag getTimeStamp
timeStamp	Timestamp	The timestamp

== CookieEvent ==

These events are created by Ad Blocker and update the http_events table when a cookie is blocked.

Attribute Name	Type	Description getClass
class	Class	The class name getIdentification
identification	String	The identification string getPartitionTablePostfix getRequestId
requestId	Long	The request ID getSessionEvent
sessionEvent	SessionEvent	The session event getTag getTimeStamp
timeStamp	Timestamp	The timestamp

== HttpRequestEvent ==

These events are created by HTTP subsystem and inserted to the http_events table when a web request happens.

Attribute Name	Type	Description getClass
class	Class	The class name getContentLength
contentLength	long	The content length getDomain
domain	String	The domain getHost
host	String	The host getMethod
method	HttpMethod	The HTTP method getPartitionTablePostfix getReferer
referer	String	The referer getRequestId
requestId	Long	The request ID getRequestUri
requestUri	URI	The request URI getSessionEvent
sessionEvent	SessionEvent	The session event getTag getTimeStamp
timeStamp	Timestamp	The timestamp

== HttpResponseEvent ==

These events are created by HTTP subsystem and update the http_events table when a web response happens.

Attribute Name	Type	Description getClass
class	Class	The class name getContentFilename
contentFilename	String	The content filename getContentLength
contentLength	long	The content length getContentType
contentType	String	The content type getHttpRequestEvent
httpRequestEvent	HttpRequestEvent	The corresponding HTTP request event getPartitionTablePostfix getRequestLine
requestLine	RequestLine	The request line getTag getTimeStamp
timeStamp	Timestamp	The timestamp

== WebCacheEvent ==

These events are created by Web Cache and inserted to the web_cache_stats table periodically.

Attribute Name	Type	Description getBypassCount
bypassCount	long	The number of bypasses getClass
class	Class	The class name getHitBytes
hitBytes	long	The number of bytes worth of hits getHitCount
hitCount	long	The number of hits getMissBytes
missBytes	long	The number of bytes worth of misses getMissCount
missCount	long	The number of misses getPartitionTablePostfix getPolicyId
policyId	Long	The policy ID getSystemCount
systemCount	long	The number of system bypasses getTag getTimeStamp
timeStamp	Timestamp	The timestamp

== TunnelVpnStatusEvent ==

These events are created by Tunnel VPN and inserted to the tunnel_vpn_stats table periodically.

Attribute Name	Type	Description getClass
class	Class	The class name getInBytes
inBytes	long	The number of bytes received from this tunnel getOutBytes
outBytes	long	The number of bytes sent in this tunnel getPartitionTablePostfix getTag getTimeStamp
timeStamp	Timestamp	The timestamp getTunnelName
tunnelName	String	The name of this tunnel

== TunnelVpnEvent ==

These events are created by Tunnel VPN and inserted to the tunnel_vpn_events table when a tunnel connection event occurs.

Attribute Name	Type	Description getClass
class	Class	The class name getEventType
eventType	TunnelVpnEvent$EventType	The event type getLocalAddress
localAddress	InetAddress	The local host address getPartitionTablePostfix getServerAddress
serverAddress	InetAddress	The server address getTag getTimeStamp
timeStamp	Timestamp	The timestamp getTunnelName
tunnelName	String	The name of this tunnel

== IntrusionPreventionLogEvent ==

These events are created by Intrusion Prevention and inserted to the intrusion_prevention_events table when a rule matches.

Attribute Name	Type	Description getBlocked
blocked	boolean	True if blocked, false otherwise getCategory
category	String	The category getClass
class	Class	The class name getClassificationId
classificationId	long	The classification ID getClasstype
classtype	String	The classtype getDportIcode
dportIcode	int	The dportIcode getEventId
eventId	long	The event ID getEventMicrosecond
eventMicrosecond	long	The event microsecond getEventSecond
eventSecond	long	The event second getEventType
eventType	long	The event type getGeneratorId
generatorId	long	The generator ID getImpact
impact	short	The impact getImpactFlag
impactFlag	short	The impact flag getIpDestination
ipDestination	InetAddress	The IP address destination getIpSource
ipSource	InetAddress	The IP address source getMplsLabel
mplsLabel	long	The mplsLabel getMsg
msg	String	The msg getPadding
padding	int	The padding getPartitionTablePostfix getPriorityId
priorityId	long	The priority ID getProtocol
protocol	short	The protocol getRid
rid	String	Rule ID getSensorId
sensorId	long	The sensor ID getSignatureId
signatureId	long	The signature ID getSignatureRevision
signatureRevision	long	The signature revision getSportItype
sportItype	int	The sportItype getTag getTimeStamp
timeStamp	Timestamp	The timestamp getVlanId
vlanId	int	The VLAN Id

== ApplicationControlLogEvent ==

These events are created by Application Control and update the sessions table when application control identifies a session.

Attribute Name	Type	Description getApplication
application	String	The application getBlocked
blocked	boolean	True if blocked, false otherwise getCategory
category	String	The category getClass
class	Class	The class name getConfidence
confidence	Integer	The confidence (0-100) getDetail
detail	String	The details getFlagged
flagged	boolean	True if flagged, false otherwise getPartitionTablePostfix getProtochain
protochain	String	The protochain getRuleId
ruleId	Integer	The rule ID getSessionEvent
sessionEvent	SessionEvent	The session event getState
state	Integer	The state getTag getTimeStamp
timeStamp	Timestamp	The timestamp

== LoginEvent ==

These events are created by Directory Connector and inserted to the directory_connector_login_events table for each login.

Attribute Name	Type	Description getClass
class	Class	The class name getClientAddr
clientAddr	InetAddress	The client address getDomain
domain	String	The domain getEvent
event	String	The event getLoginName
loginName	String	The login name getLoginType
loginType	String	W = Windows login, A=Active Directory, R=RADIUS, T=test getPartitionTablePostfix getTag getTimeStamp
timeStamp	Timestamp	The timestamp

== WebFilterEvent ==

These events are created by Web Filter and update the http_events table when web filter processes a web request.

Attribute Name	Type	Description getAppName
appName	String	The name of the application getBlocked
blocked	Boolean	True if blocked, false otherwise getCategory
category	String	The category getCategoryId
categoryId	Integer	Numeric value of matching category getClass
class	Class	The class name getFlagged
flagged	Boolean	True if flagged, false otherwise getPartitionTablePostfix getReason
reason	Reason	The reason getRequestLine
requestLine	RequestLine	The request line getRuleId
ruleId	Integer	The rule ID getSessionEvent
sessionEvent	SessionEvent	The session event getTag getTimeStamp
timeStamp	Timestamp	The timestamp

== WebFilterQueryEvent ==

These events are created by Web Filter and inserted to the http_query_events table when web filter processes a search engine search.

Attribute Name	Type	Description getAppName
appName	String	The name of the application getBlocked
blocked	Boolean	True if blocked, false otherwise getClass
class	Class	The class name getContentLength
contentLength	long	The content length getFlagged
flagged	Boolean	True if flagged, false otherwise getHost
host	String	The host getMethod
method	HttpMethod	The method getPartitionTablePostfix getRequestId
requestId	Long	The request ID getRequestUri
requestUri	URI	The request URI getSessionEvent
sessionEvent	SessionEvent	The session event getTag getTerm
term	String	The search term/phrase getTimeStamp
timeStamp	Timestamp	The timestamp

== WanFailoverTestEvent ==

These events are created by WAN Failover and inserted to the wan_failover_test_events table when a test is run.

Attribute Name	Type	Description getClass
class	Class	The class name getDescription
description	String	The description getInterfaceId
interfaceId	int	The interface ID getName
name	String	The test name getOsName
osName	String	The O/S interface name getPartitionTablePostfix getSuccess
success	Boolean	True if successful, false otherwise getTag getTimeStamp
timeStamp	Timestamp	The timestamp

== WanFailoverEvent ==

These events are created by WAN Failover and inserted to the wan_failover_action_events table when WAN Failover takes an action.

Attribute Name	Type	Description getAction
action	WanFailoverEvent$Action	The action getClass
class	Class	The class name getInterfaceId
interfaceId	int	The interface ID getName
name	String	The name getOsName
osName	String	The O/S interface name getPartitionTablePostfix getTag getTimeStamp
timeStamp	Timestamp	The timestamp

== ThreatPreventionEvent ==

These events are created by Threat Prevention and inserted to the sessions table for each threat lookup.

Attribute Name	Type	Description getBlocked
blocked	boolean	True if blocked, false otherwise getClass
class	Class	The class name getClientCategories
clientCategories	int	Client threat categories getClientReputation
clientReputation	int	Client threat reputation getFlagged
flagged	boolean	True if flagged, false otherwise getPartitionTablePostfix getRuleId
ruleId	long	The rule ID getServerCategories
serverCategories	int	Server threat categories getServerReputation
serverReputation	int	Server threat reputation getSessionId
sessionId	Long	The session ID getTag getTimeStamp
timeStamp	Timestamp	The timestamp

== ThreatPreventionHttpEvent ==

These events are created by Threat Prevention and inserted to the http_events table for each threat lookup.

Attribute Name	Type	Description getBlocked
blocked	Boolean	True if blocked, false otherwise getCategories
categories	Integer	Server threat categories getClass
class	Class	The class name getFlagged
flagged	Boolean	True if flagged, false otherwise getPartitionTablePostfix getReputation
reputation	Integer	Server threat reputation getRequestLine
requestLine	RequestLine	The request line getRuleId
ruleId	Integer	The rule ID getSessionEvent
sessionEvent	SessionEvent	The session event getTag getTimeStamp
timeStamp	Timestamp	The timestamp

== SpamLogEvent ==

These events are created by Spam Blocker and update the mail_msgs table when an email is scanned.

Attribute Name	Type	Description getAction
action	SpamMessageAction	The action getClass
class	Class	The class name getClientAddr
clientAddr	InetAddress	The client address getClientPort
clientPort	int	The client port getMessageId
messageId	Long	The message ID getPartitionTablePostfix getReceiver
receiver	String	The receiver getScore
score	float	The score getSender
sender	String	The sender getServerAddr
serverAddr	InetAddress	The server address getServerPort
serverPort	int	The server port getSmtpMessageEvent
smtpMessageEvent	SmtpMessageEvent	The parent SMTP message event isSpam
isSpam	boolean	True if spam, false otherwise getSubject
subject	String	The subject getTag getTestsString
testsString	String	The tests string from the spam engine getTimeStamp
timeStamp	Timestamp	The timestamp getVendorName
vendorName	String	The application name

== SpamSmtpTarpitEvent ==

These events are created by Spam Blocker and inserted to the smtp_tarpit_events table when a session is tarpitted.

Attribute Name	Type	Description getIPAddr
IPAddr	InetAddress	The IP address getClass
class	Class	The class name getHostname
hostname	String	The hostname getPartitionTablePostfix getSessionEvent
sessionEvent	SessionEvent	The session event getSessionId
sessionId	Long	The session ID getTag getTimeStamp
timeStamp	Timestamp	The timestamp getVendorName
vendorName	String	The application name

== ConfigurationBackupEvent ==

These events are created by Configuration Backup and inserted to the configuratio_backup_events table when a backup occurs.

Attribute Name	Type	Description getClass
class	Class	The class name getDestination
destination	String	The destination getDetail
detail	String	The details getPartitionTablePostfix getSuccess
success	boolean	True if successful, false otherwise getTag getTimeStamp
timeStamp	Timestamp	The timestamp

== TunnelStatusEvent ==

These events are created by IPsec VPN and inserted to the ipsec_tunnel_stats table periodically.

Attribute Name	Type	Description getClass
class	Class	The class name getInBytes
inBytes	long	The number of bytes received from this tunnel getOutBytes
outBytes	long	The number of bytes sent in this tunnel getPartitionTablePostfix getTag getTimeStamp
timeStamp	Timestamp	The timestamp getTunnelName
tunnelName	String	The name of this tunnel

== IpsecVpnEvent ==

These events are created by IPsec VPN and inserted to the ipsec_vpn_events table when IPsec connection event occurs.

Attribute Name	Type	Description getClass
class	Class	The class name getEventType
eventType	IpsecVpnEvent$EventType	The event type getLocalAddress
localAddress	String	The local host address getPartitionTablePostfix getRemoteAddress
remoteAddress	String	The remote host address getTag getTimeStamp
timeStamp	Timestamp	The timestamp getTunnelDescription
tunnelDescription	String	Description of tunnel

== VirtualUserEvent ==

These events are created by IPsec VPN and inserted to the ipsec_user_events table when a user event occurs.

Attribute Name	Type	Description getClass
class	Class	The class name getClientAddress
clientAddress	InetAddress	The client address getClientProtocol
clientProtocol	String	The client protocol getClientUsername
clientUsername	String	The client username getElapsedTime
elapsedTime	String	The elapsed time getEventId
eventId	Long	The event ID getNetInterface
netInterface	String	The net interface getNetProcess
netProcess	String	The net process getNetRXbytes
netRXbytes	Long	The number of RX (received) bytes getNetTXbytes
netTXbytes	Long	The number of TX (transmitted) bytes getPartitionTablePostfix getTag getTimeStamp
timeStamp	Timestamp	The timestamp

== SslInspectorLogEvent ==

These events are created by SSL Inspector and update the sessions table when a session is processed by SSL Inspector.

Attribute Name	Type	Description getClass
class	Class	The class name getDetail
detail	String	The details getPartitionTablePostfix getRuleId
ruleId	Integer	The rule ID getSessionEvent
sessionEvent	SessionEvent	The session event getStatus
status	String	The status getTag getTimeStamp
timeStamp	Timestamp	The timestamp

== ApplicationControlLiteEvent ==

These events are created by Application Control Lite and update the sessions table when application control lite identifies a session.

Attribute Name	Type	Description getBlocked
blocked	boolean	True if blocked, false otherwise getClass
class	Class	The class name getPartitionTablePostfix getProtocol
protocol	String	The protocol getSessionId
sessionId	Long	The session ID getTag getTimeStamp
timeStamp	Timestamp	The timestamp

}

Edge Threat Management

Difference between revisions of "Event Definitions"

Revision as of 15:33, 9 February 2020

SpamLogEvent

Navigation menu

Page actions

Page actions

Personal tools

Navigation

Search

Tools

@@ Line 7: / Line 7: @@
 The list below shows the classes used in the event logging and the attributes of each event object. These can be used to add alerts in [[Reports]] or for other event handling within Untangle.
 == SpamLogEvent ==
@@ Line 99: / Line 100: @@
 |String
 |The application name
-|}
+|}<section end='SpamLogEvent' />== SpamSmtpTarpitEvent ==
-<section end='SpamLogEvent' />
-== SpamSmtpTarpitEvent ==
 <section begin='SpamSmtpTarpitEvent' />
@@ Line 149: / Line 146: @@
 |String
 |The application name
-|}
+|}<section end='SpamSmtpTarpitEvent' />== PrioritizeEvent ==
-<section end='SpamSmtpTarpitEvent' />
+<section begin='PrioritizeEvent' />
+These events are created by the [[Bandwidth Control]] and update the [[Database_Schema#sessions|session]] table when a session is prioritized.
-== SpamLogEvent ==
-<section begin='SpamLogEvent' />
-These events are created by [[Spam Blocker]] and update the [[Database_Schema#mail_msgs|mail_msgs]] table when an email is scanned.
 {| border="1" cellpadding="2" width="90%" align="center"
@@ Line 162: / Line 155: @@
 ! Type
 ! Description
-getAction
-|-
-|action
-|SpamMessageAction
-|The action
 getClass
 |-
@@ Line 172: / Line 160: @@
 |Class
 |The class name
-getClientAddr
+getPartitionTablePostfix
+getPriority
 |-
-|clientAddr
+|priority
-|InetAddress
+|int
-|The client address
+|The priority
-getClientPort
+getRuleId
 |-
-|clientPort
+|ruleId
 |int
-|The client port
+|The rule ID
-getMessageId
+getSessionEvent
 |-
-|messageId
+|sessionEvent
-|Long
+|SessionEvent
-|The message ID
+|The session event
-getPartitionTablePostfix
+getTag
-getReceiver
+getTimeStamp
+|-
+|timeStamp
+|Timestamp
+|The timestamp
+|}<section end='PrioritizeEvent' />== VirusFtpEvent ==
+<section begin='VirusFtpEvent' />
+These events are created by [[Virus Blocker]] and update the [[Database_Schema#ftp_events|ftp_events]] table when Virus Blocker scans an FTP transfer.
+{| border="1" cellpadding="2" width="90%" align="center"
+! Attribute Name
+! Type
+! Description
+getAppName
 |-
-|receiver
+|appName
 |String
-|The receiver
+|The name of the application
-getScore
+getClass
 |-
-|score
+|class
-|float
+|Class
-|The score
+|The class name
-getSender
+getClean
 |-
-|sender
+|clean
-|String
-|The sender
-getServerAddr
-|-
-|serverAddr
-|InetAddress
-|The server address
-getServerPort
-|-
-|serverPort
-|int
-|The server port
-getSmtpMessageEvent
-|-
-|smtpMessageEvent
-|SmtpMessageEvent
-|The parent SMTP message event
-isSpam
-|-
-|isSpam
 |boolean
-|True if spam, false otherwise
+|True if clean, false otherwise
-getSubject
+getPartitionTablePostfix
+getSessionEvent
 |-
-|subject
+|sessionEvent
-|String
+|SessionEvent
-|The subject
+|The session event
 getTag
-getTestsString
-|-
-|testsString
-|String
-|The tests string from the spam engine
 getTimeStamp
 |-
@@ Line 239: / Line 218: @@
 |Timestamp
 |The timestamp
-getVendorName
+getUri
 |-
-|vendorName
+|uri
 |String
-|The application name
+|The URI
-|}
+getVirusName
-<section end='SpamLogEvent' />
+|-
+|virusName
+|String
+|The virus name, if not clean
+|}<section end='VirusFtpEvent' />== VirusHttpEvent ==
+<section begin='VirusHttpEvent' />
+These events are created by [[Virus Blocker]] and update the [[Database_Schema#http_events|http_events]] table when Virus Blocker scans an HTTP transfer.
-== SpamSmtpTarpitEvent ==
-<section begin='SpamSmtpTarpitEvent' />
-These events are created by [[Spam Blocker]] and inserted to the [[Database_Schema#smtp_tarpit_events|smtp_tarpit_events]] table when a session is tarpitted.
 {| border="1" cellpadding="2" width="90%" align="center"
@@ Line 257: / Line 237: @@
 ! Type
 ! Description
-getIPAddr
+getAppName
 |-
-|IPAddr
+|appName
-|InetAddress
+|String
-|The IP address
+|The name of the application
 getClass
 |-
@@ Line 267: / Line 247: @@
 |Class
 |The class name
-getHostname
+getClean
 |-
-|hostname
+|clean
-|String
+|boolean
-|The hostname
+|True if clean, false otherwise
 getPartitionTablePostfix
+getRequestLine
+|-
+|requestLine
+|RequestLine
+|The request line
 getSessionEvent
 |-
@@ Line 278: / Line 263: @@
 |SessionEvent
 |The session event
-getSessionId
-|-
-|sessionId
-|Long
-|The session ID
 getTag
 getTimeStamp
@@ Line 289: / Line 269: @@
 |Timestamp
 |The timestamp
-getVendorName
+getVirusName
 |-
-|vendorName
+|virusName
 |String
-|The application name
+|The virus name, if not clean
-|}
+|}<section end='VirusHttpEvent' />== VirusSmtpEvent ==
-<section end='SpamSmtpTarpitEvent' />
+<section begin='VirusSmtpEvent' />
+These events are created by [[Virus Blocker]] and update the [[Database_Schema#mail_msgs|mail_msgs]] table when Virus Blocker scans an email.
-== OpenVpnStatusEvent ==
-<section begin='OpenVpnStatusEvent' />
-These events are created by [[OpenVPN]] and update the [[Database_Schema#openvpn_stats|openvpn_stats]] table periodically.
 {| border="1" cellpadding="2" width="90%" align="center"
@@ Line 307: / Line 283: @@
 ! Type
 ! Description
-getAddress
+getAction
 |-
-|address
+|action
-|InetAddress
+|String
-|The address
+|The action
-getBytesRxDelta
+getAppName
 |-
-|bytesRxDelta
+|appName
-|long
+|String
-|The delta number of RX (received) bytes from the previous event
+|The name of the application
-getBytesRxTotal
+getClass
 |-
-|bytesRxTotal
+|class
-|long
+|Class
-|The total number of RX (received) bytes
+|The class name
-getBytesTxDelta
+getClean
 |-
-|bytesTxDelta
+|clean
-|long
+|boolean
-|The delta number of TX (transmitted) bytes from the previous event
+|True if clean, false otherwise
-getBytesTxTotal
+getMessageId
+|-
+|messageId
+|Long
+|The message ID
+getPartitionTablePostfix
+getTag
+getTimeStamp
+|-
+|timeStamp
+|Timestamp
+|The timestamp
+getVirusName
+|-
+|virusName
+|String
+|The virus name, if not clean
+|}<section end='VirusSmtpEvent' />== FirewallEvent ==
+<section begin='FirewallEvent' />
+These events are created by [[Firewall]] and update the [[Database_Schema#sessions|sessions]] table when a firewall rule matches a session.
+{| border="1" cellpadding="2" width="90%" align="center"
+! Attribute Name
+! Type
+! Description
+getBlocked
 |-
-|bytesTxTotal
+|blocked
-|long
+|boolean
-|The total number of TX (transmitted) bytes
+|True if blocked, false otherwise
 getClass
 |-
@@ Line 337: / Line 339: @@
 |Class
 |The class name
-getClientName
+getFlagged
 |-
-|clientName
+|flagged
-|String
+|boolean
-|The client name
+|True if flagged, false otherwise
-getEnd
-|-
-|end
-|Timestamp
-|The end
 getPartitionTablePostfix
-getPoolAddress
+getRuleId
 |-
-|poolAddress
+|ruleId
-|InetAddress
+|long
-|The pool address
+|The rule ID
-getPort
+getSessionId
 |-
-|port
+|sessionId
-|int
+|Long
-|The port
+|The session ID
-getStart
-|-
-|start
-|Timestamp
-|The start
 getTag
 getTimeStamp
@@ Line 369: / Line 361: @@
 |Timestamp
 |The timestamp
-|}
+|}<section end='FirewallEvent' />== OpenVpnStatusEvent ==
-<section end='OpenVpnStatusEvent' />
+<section begin='OpenVpnStatusEvent' />
+These events are created by [[OpenVPN]] and update the [[Database_Schema#openvpn_stats|openvpn_stats]] table periodically.
-== OpenVpnEvent ==
+{| border="1" cellpadding="2" width="90%" align="center"
-<section begin='OpenVpnEvent' />
+! Attribute Name
-These events are created by [[OpenVPN]] and update the [[Database_Schema#openvpn_events|openvpn_events]] table when OpenVPN processes a client action.
-{| border="1" cellpadding="2" width="90%" align="center"
-! Attribute Name
 ! Type
 ! Description
@@ Line 387: / Line 375: @@
 |InetAddress
 |The address
+getBytesRxDelta
+|-
+|bytesRxDelta
+|long
+|The delta number of RX (received) bytes from the previous event
+getBytesRxTotal
+|-
+|bytesRxTotal
+|long
+|The total number of RX (received) bytes
+getBytesTxDelta
+|-
+|bytesTxDelta
+|long
+|The delta number of TX (transmitted) bytes from the previous event
+getBytesTxTotal
+|-
+|bytesTxTotal
+|long
+|The total number of TX (transmitted) bytes
 getClass
 |-
@@ Line 397: / Line 405: @@
 |String
 |The client name
+getEnd
+|-
+|end
+|Timestamp
+|The end
 getPartitionTablePostfix
 getPoolAddress
@@ Line 403: / Line 416: @@
 |InetAddress
 |The pool address
-getTag
+getPort
-getTimeStamp
 |-
-|timeStamp
+|port
-|Timestamp
+|int
+|The port
+getStart
+|-
+|start
+|Timestamp
+|The start
+getTag
+getTimeStamp
+|-
+|timeStamp
+|Timestamp
 |The timestamp
-getType
+|}<section end='OpenVpnStatusEvent' />== OpenVpnEvent ==
-|-
+<section begin='OpenVpnEvent' />
-|type
-|OpenVpnEvent$EventType
-|The type
-|}
-<section end='OpenVpnEvent' />
+These events are created by [[OpenVPN]] and update the [[Database_Schema#openvpn_events|openvpn_events]] table when OpenVPN processes a client action.
-== ApplicationControlLiteEvent ==
-<section begin='ApplicationControlLiteEvent' />
-These events are created by [[Application Control Lite]] and update the [[Database_Schema#sessions|sessions]] table when application control lite identifies a session.
 {| border="1" cellpadding="2" width="90%" align="center"
@@ Line 427: / Line 441: @@
 ! Type
 ! Description
-getBlocked
+getAddress
 |-
-|blocked
+|address
-|boolean
+|InetAddress
-|True if blocked, false otherwise
+|The address
 getClass
 |-
@@ Line 437: / Line 451: @@
 |Class
 |The class name
-getPartitionTablePostfix
+getClientName
-getProtocol
 |-
-|protocol
+|clientName
 |String
-|The protocol
+|The client name
-getSessionId
+getPartitionTablePostfix
+getPoolAddress
 |-
-|sessionId
+|poolAddress
-|Long
+|InetAddress
-|The session ID
+|The pool address
 getTag
 getTimeStamp
@@ Line 454: / Line 468: @@
 |Timestamp
 |The timestamp
-|}
+getType
-<section end='ApplicationControlLiteEvent' />
+|-
+|type
+|OpenVpnEvent$EventType
+|The type
+|}<section end='OpenVpnEvent' />== AdminLoginEvent ==
+<section begin='AdminLoginEvent' />
+These events are created by the base system and inserted to the [[Database_Schema#user_table_updates|admin_logins]] table when an administrator login is attempted or successful.
-== FirewallEvent ==
-<section begin='FirewallEvent' />
-These events are created by [[Firewall]] and update the [[Database_Schema#sessions|sessions]] table when a firewall rule matches a session.
 {| border="1" cellpadding="2" width="90%" align="center"
@@ Line 467: / Line 482: @@
 ! Type
 ! Description
-getBlocked
-|-
-|blocked
-|boolean
-|True if blocked, false otherwise
 getClass
 |-
@@ Line 477: / Line 487: @@
 |Class
 |The class name
-getFlagged
+getClientAddress
+|-
+|clientAddress
+|InetAddress
+|The client address
+getLocal
 |-
-|flagged
+|local
 |boolean
-|True if flagged, false otherwise
+|1 if login is done via local console, 0 otherwise
-getPartitionTablePostfix
+getLogin
-getRuleId
 |-
-|ruleId
+|login
-|long
+|String
-|The rule ID
+|The login username
-getSessionId
+getPartitionTablePostfix
+getReason
+|-
+|reason
+|String
+|The reason
+getSucceeded
 |-
-|sessionId
+|succeeded
-|Long
+|boolean
-|The session ID
+|1 if successful, 0 otherwise
 getTag
 getTimeStamp
@@ Line 499: / Line 519: @@
 |Timestamp
 |The timestamp
-|}
+|}<section end='AdminLoginEvent' />== AlertEvent ==
-<section end='FirewallEvent' />
+<section begin='AlertEvent' />
+These events are created by [[Reports]] and inserted to the [[Database_Schema#alerts|alerts]] table when an alert fires.
-== PrioritizeEvent ==
-<section begin='PrioritizeEvent' />
-These events are created by the [[Bandwidth Control]] and update the [[Database_Schema#sessions|session]] table when a session is prioritized.
 {| border="1" cellpadding="2" width="90%" align="center"
@@ Line 512: / Line 528: @@
 ! Type
 ! Description
+getCausalRule
+|-
+|causalRule
+|EventRule
+|The causal rule
+getCause
+|-
+|cause
+|LogEvent
+|The cause
 getClass
 |-
@@ Line 517: / Line 543: @@
 |Class
 |The class name
-getPartitionTablePostfix
+getDescription
-getPriority
 |-
-|priority
+|description
-|int
+|String
-|The priority
+|The description
-getRuleId
+getEventSent
+|-
+|eventSent
+|Boolean
+|True if the event was sent, false otherwise
+getJson
 |-
-|ruleId
+|json
-|int
+|String
-|The rule ID
+|The JSON string
-getSessionEvent
+getPartitionTablePostfix
+getSummaryText
 |-
-|sessionEvent
+|summaryText
-|SessionEvent
+|String
-|The session event
+|The summary text
 getTag
 getTimeStamp
@@ Line 539: / Line 570: @@
 |Timestamp
 |The timestamp
-|}
+|}<section end='AlertEvent' />== InterfaceStatEvent ==
-<section end='PrioritizeEvent' />
+<section begin='InterfaceStatEvent' />
+These events are created by the base system and inserted to the [[Database_Schema#settings_changes|interface_stat_events]] table periodically with interface stats.
-== AdBlockerEvent ==
-<section begin='AdBlockerEvent' />
-These events are created by [[Ad Blocker]] and update the [[Database_Schema#http_events|http_events]] table when an ad is blocked.
 {| border="1" cellpadding="2" width="90%" align="center"
@@ Line 552: / Line 579: @@
 ! Type
 ! Description
-getAction
+getClass
 |-
-|action
+|class
-|Action
-|The action
-getClass
-|-
-|class
 |Class
 |The class name
+getInterfaceId
+|-
+|interfaceId
+|int
+|The interface ID
 getPartitionTablePostfix
-getReason
+getRxBytes
 |-
-|reason
+|rxBytes
-|String
+|double
-|The reason
+|The total of received bytes
-getRequestId
+getRxRate
 |-
-|requestId
+|rxRate
-|Long
+|double
-|The request ID
+|The RX rate in byte/s
 getTag
 getTimeStamp
@@ Line 579: / Line 606: @@
 |Timestamp
 |The timestamp
-|}
+getTxBytes
-<section end='AdBlockerEvent' />
+|-
+|txBytes
+|double
+|The total of transmitted bytes
+getTxRate
+|-
+|txRate
+|double
+|The TX rate in byte/s
+|}<section end='InterfaceStatEvent' />== LogEvent ==
+<section begin='LogEvent' />
+These base class for all events.
-== CookieEvent ==
-<section begin='CookieEvent' />
-These events are created by [[Ad Blocker]] and update the [[Database_Schema#http_events|http_events]] table when a cookie is blocked.
 {| border="1" cellpadding="2" width="90%" align="center"
@@ Line 597: / Line 630: @@
 |Class
 |The class name
-getIdentification
-|-
-|identification
-|String
-|The identification string
 getPartitionTablePostfix
-getRequestId
-|-
-|requestId
-|Long
-|The request ID
-getSessionEvent
-|-
-|sessionEvent
-|SessionEvent
-|The session event
 getTag
 getTimeStamp
@@ Line 619: / Line 637: @@
 |Timestamp
 |The timestamp
-|}
+|}<section end='LogEvent' />== SystemStatEvent ==
-<section end='CookieEvent' />
+<section begin='SystemStatEvent' />
+These events are created by the base system and inserted to the [[Database_Schema#server_events|server_events]] table periodically.
-== VirusFtpEvent ==
-<section begin='VirusFtpEvent' />
-These events are created by [[Virus Blocker]] and update the [[Database_Schema#ftp_events|ftp_events]] table when Virus Blocker scans an FTP transfer.
 {| border="1" cellpadding="2" width="90%" align="center"
@@ Line 632: / Line 646: @@
 ! Type
 ! Description
-getAppName
+getActiveHosts
 |-
-|appName
+|activeHosts
-|String
+|int
-|The name of the application
+|The active host count
 getClass
 |-
@@ Line 642: / Line 656: @@
 |Class
 |The class name
-getClean
+getCpuSystem
 |-
-|clean
+|cpuSystem
-|boolean
+|float
-|True if clean, false otherwise
+|The system CPU utilization
-getPartitionTablePostfix
+getCpuUser
-getSessionEvent
 |-
-|sessionEvent
+|cpuUser
-|SessionEvent
+|float
-|The session event
+|The user CPU utilization
-getTag
+getDiskFree
-getTimeStamp
 |-
-|timeStamp
+|diskFree
-|Timestamp
+|long
-|The timestamp
+|The amount of disk free
-getUri
+getDiskFreePercent
 |-
-|uri
+|diskFreePercent
-|String
+|float
-|The URI
+|The percentage of disk free
-getVirusName
+getDiskTotal
 |-
-|virusName
+|diskTotal
-|String
+|long
-|The virus name, if not clean
+|The total size of the disk
-|}
+getDiskUsed
-<section end='VirusFtpEvent' />
-== VirusHttpEvent ==
-<section begin='VirusHttpEvent' />
-These events are created by [[Virus Blocker]] and update the [[Database_Schema#http_events|http_events]] table when Virus Blocker scans an HTTP transfer.
-{| border="1" cellpadding="2" width="90%" align="center"
-! Attribute Name
-! Type
-! Description
-getAppName
 |-
-|appName
+|diskUsed
-|String
+|long
-|The name of the application
+|The amount of disk used
-getClass
+getDiskUsedPercent
 |-
-|class
+|diskUsedPercent
-|Class
+|float
-|The class name
+|The percentage of disk used
-getClean
+getLoad1
 |-
-|clean
+|load1
-|boolean
+|float
-|True if clean, false otherwise
+|The 1-minute CPU load
-getPartitionTablePostfix
+getLoad15
-getRequestLine
 |-
-|requestLine
+|load15
-|RequestLine
+|float
-|The request line
+|The 15-minute CPU load
-getSessionEvent
+getLoad5
+|-
+|load5
+|float
+|The 5-minute CPU load
+getMemBuffers
 |-
-|sessionEvent
+|memBuffers
-|SessionEvent
+|long
-|The session event
+|The amount of memory used by buffers
-getTag
+getMemCache
-getTimeStamp
 |-
-|timeStamp
+|memCache
-|Timestamp
+|long
-|The timestamp
+|The amount of memory used by cache
-getVirusName
+getMemFree
 |-
-|virusName
+|memFree
-|String
+|long
-|The virus name, if not clean
+|The amount of free memory
-|}
+getMemFreePercent
-<section end='VirusHttpEvent' />
-== VirusSmtpEvent ==
-<section begin='VirusSmtpEvent' />
-These events are created by [[Virus Blocker]] and update the [[Database_Schema#mail_msgs|mail_msgs]] table when Virus Blocker scans an email.
-{| border="1" cellpadding="2" width="90%" align="center"
-! Attribute Name
-! Type
-! Description
-getAction
 |-
-|action
+|memFreePercent
-|String
+|float
-|The action
+|The percentage of total memory that is free
-getAppName
+getMemTotal
 |-
-|appName
+|memTotal
-|String
+|long
-|The name of the application
+|The total amount of memory
-getClass
+getMemUsed
 |-
-|class
+|memUsed
-|Class
+|long
-|The class name
+|The amount of used memory
-getClean
+getMemUsedPercent
 |-
-|clean
+|memUsedPercent
-|boolean
+|float
-|True if clean, false otherwise
+|The percentage of total memory that is used
-getMessageId
+getPartitionTablePostfix
+getSwapFree
+|-
+|swapFree
+|long
+|The amount of free swap
+getSwapFreePercent
+|-
+|swapFreePercent
+|float
+|The percentage of total swap that is free
+getSwapTotal
+|-
+|swapTotal
+|long
+|The total size of swap
+getSwapUsed
+|-
+|swapUsed
+|long
+|The amount of used swap
+getSwapUsedPercent
 |-
-|messageId
+|swapUsedPercent
-|Long
+|float
-|The message ID
+|The percentage of total swap that is used
-getPartitionTablePostfix
 getTag
 getTimeStamp
@@ Line 764: / Line 773: @@
 |Timestamp
 |The timestamp
-getVirusName
+|}<section end='SystemStatEvent' />== HostTableEvent ==
-|-
+<section begin='HostTableEvent' />
-|virusName
-|String
-|The virus name, if not clean
-|}
-<section end='VirusSmtpEvent' />
+These events are created by the base system and inserted to the [[Database_Schema#host_table_updates|host_table_updates]] table when the host table is modified.
-== FirewallEvent ==
+{| border="1" cellpadding="2" width="90%" align="center"
-<section begin='FirewallEvent' />
-These events are created by [[Firewall]] and update the [[Database_Schema#sessions|sessions]] table when a firewall rule matches a session.
-{| border="1" cellpadding="2" width="90%" align="center"
 ! Attribute Name
 ! Type
 ! Description
-getBlocked
+getAddress
 |-
-|blocked
+|address
-|boolean
+|InetAddress
-|True if blocked, false otherwise
+|The address
 getClass
 |-
@@ Line 792: / Line 792: @@
 |Class
 |The class name
-getFlagged
+getKey
+|-
+|key
+|String
+|The key
+getOldValue
 |-
-|flagged
+|oldValue
-|boolean
+|String
-|True if flagged, false otherwise
+|The old value
 getPartitionTablePostfix
-getRuleId
-|-
-|ruleId
-|long
-|The rule ID
-getSessionId
-|-
-|sessionId
-|Long
-|The session ID
 getTag
 getTimeStamp
@@ Line 814: / Line 809: @@
 |Timestamp
 |The timestamp
-|}
+getValue
-<section end='FirewallEvent' />
+|-
+|value
+|String
+|The value
+|}<section end='HostTableEvent' />== DeviceTableEvent ==
+<section begin='DeviceTableEvent' />
-== OpenVpnStatusEvent ==
+These events are created by the base system and inserted to the [[Database_Schema#device_table_updates|device_table_updates]] table when the device list is modified.
-<section begin='OpenVpnStatusEvent' />
-These events are created by [[OpenVPN]] and update the [[Database_Schema#openvpn_stats|openvpn_stats]] table periodically.
 {| border="1" cellpadding="2" width="90%" align="center"
@@ Line 827: / Line 823: @@
 ! Type
 ! Description
-getAddress
-|-
-|address
-|InetAddress
-|The address
-getBytesRxDelta
-|-
-|bytesRxDelta
-|long
-|The delta number of RX (received) bytes from the previous event
-getBytesRxTotal
-|-
-|bytesRxTotal
-|long
-|The total number of RX (received) bytes
-getBytesTxDelta
-|-
-|bytesTxDelta
-|long
-|The delta number of TX (transmitted) bytes from the previous event
-getBytesTxTotal
-|-
-|bytesTxTotal
-|long
-|The total number of TX (transmitted) bytes
 getClass
 |-
@@ Line 857: / Line 828: @@
 |Class
 |The class name
-getClientName
+getDevice
 |-
-|clientName
+|device
+|DeviceTableEntry
+|The Device
+getKey
+|-
+|key
 |String
-|The client name
+|The key
-getEnd
+getMacAddress
+|-
+|macAddress
+|String
+|The MAC address
+getOldValue
 |-
-|end
+|oldValue
-|Timestamp
+|String
-|The end
+|The old value
 getPartitionTablePostfix
-getPoolAddress
-|-
-|poolAddress
-|InetAddress
-|The pool address
-getPort
-|-
-|port
-|int
-|The port
-getStart
-|-
-|start
-|Timestamp
-|The start
 getTag
 getTimeStamp
@@ Line 889: / Line 855: @@
 |Timestamp
 |The timestamp
-|}
+getValue
-<section end='OpenVpnStatusEvent' />
+|-
+|value
+|String
+|The value
+|}<section end='DeviceTableEvent' />== SettingsChangesEvent ==
+<section begin='SettingsChangesEvent' />
-== OpenVpnEvent ==
+These events are created by the base system and inserted to the [[Database_Schema#settings_changes|settings_changes]] table when settings are changed.
-<section begin='OpenVpnEvent' />
-These events are created by [[OpenVPN]] and update the [[Database_Schema#openvpn_events|openvpn_events]] table when OpenVPN processes a client action.
 {| border="1" cellpadding="2" width="90%" align="center"
@@ Line 902: / Line 869: @@
 ! Type
 ! Description
-getAddress
-|-
-|address
-|InetAddress
-|The address
 getClass
 |-
@@ Line 912: / Line 874: @@
 |Class
 |The class name
-getClientName
+getHostname
 |-
-|clientName
+|hostname
 |String
-|The client name
+|The hostname
 getPartitionTablePostfix
-getPoolAddress
+getSettingsFile
 |-
-|poolAddress
+|settingsFile
-|InetAddress
+|String
-|The pool address
+|The settings file
 getTag
 getTimeStamp
@@ Line 929: / Line 891: @@
 |Timestamp
 |The timestamp
-getType
+getUsername
 |-
-|type
+|username
-|OpenVpnEvent$EventType
+|String
-|The type
+|The username
-|}
+|}<section end='SettingsChangesEvent' />== UserTableEvent ==
-<section end='OpenVpnEvent' />
+<section begin='UserTableEvent' />
+These events are created by the base system and inserted to the [[Database_Schema#user_table_updates|user_table_updates]] table when the user table is modified.
-== AdminLoginEvent ==
+{| border="1" cellpadding="2" width="90%" align="center"
-<section begin='AdminLoginEvent' />
-These events are created by the base system and inserted to the [[Database_Schema#user_table_updates|admin_logins]] table when an administrator login is attempted or successful.
-{| border="1" cellpadding="2" width="90%" align="center"
 ! Attribute Name
 ! Type
@@ Line 952: / Line 910: @@
 |Class
 |The class name
-getClientAddress
+getKey
 |-
-|clientAddress
+|key
-|InetAddress
+|String
-|The client address
+|The key
-getLocal
+getOldValue
 |-
-|local
+|oldValue
-|boolean
-|1 if login is done via local console, 0 otherwise
-getLogin
-|-
-|login
 |String
-|The login username
+|The old value
 getPartitionTablePostfix
-getReason
-|-
-|reason
-|String
-|The reason
-getSucceeded
-|-
-|succeeded
-|boolean
-|1 if successful, 0 otherwise
 getTag
 getTimeStamp
@@ Line 984: / Line 927: @@
 |Timestamp
 |The timestamp
-|}
+getUsername
-<section end='AdminLoginEvent' />
+|-
+|username
+|String
-== AlertEvent ==
+|The username
-<section begin='AlertEvent' />
+getValue
+|-
+|value
+|String
+|The value
+|}<section end='UserTableEvent' />== SessionMinuteEvent ==
+<section begin='SessionMinuteEvent' />
-These events are created by [[Reports]] and inserted to the [[Database_Schema#alerts|alerts]] table when an alert fires.
+These events are created by the base system and update the [[Database_Schema#sessions|session_minutes]] table each minute a session exists.
 {| border="1" cellpadding="2" width="90%" align="center"
@@ Line 997: / Line 946: @@
 ! Type
 ! Description
-getCausalRule
+getC2sBytes
 |-
-|causalRule
+|c2sBytes
-|EventRule
+|long
-|The causal rule
+|The number of bytes sent from the client to the server
-getCause
-|-
-|cause
-|LogEvent
-|The cause
 getClass
 |-
@@ Line 1,012: / Line 956: @@
 |Class
 |The class name
-getDescription
+getPartitionTablePostfix
+getS2cBytes
 |-
-|description
+|s2cBytes
-|String
+|long
-|The description
+|The number of bytes sent from the server to the client
-getEventSent
+getSessionId
 |-
-|eventSent
+|sessionId
-|Boolean
+|long
-|True if the event was sent, false otherwise
+|The session ID
-getJson
-|-
-|json
-|String
-|The JSON string
-getPartitionTablePostfix
-getSummaryText
-|-
-|summaryText
-|String
-|The summary text
 getTag
 getTimeStamp
@@ Line 1,039: / Line 973: @@
 |Timestamp
 |The timestamp
-|}
+|}<section end='SessionMinuteEvent' />== SessionEvent ==
-<section end='AlertEvent' />
+<section begin='SessionEvent' />
+These events are created by the base system and update the [[Database_Schema#sessions|sessions]] table each time a session is created.
-== InterfaceStatEvent ==
-<section begin='InterfaceStatEvent' />
-These events are created by the base system and inserted to the [[Database_Schema#settings_changes|interface_stat_events]] table periodically with interface stats.
 {| border="1" cellpadding="2" width="90%" align="center"
@@ Line 1,052: / Line 982: @@
 ! Type
 ! Description
-getClass
+getCClientAddr
 |-
-|class
+|CClientAddr
-|Class
+|InetAddress
-|The class name
+|The client-side (pre-NAT) client address
-getInterfaceId
+getCClientPort
 |-
-|interfaceId
+|CClientPort
-|int
+|Integer
-|The interface ID
+|The client-side (pre-NAT) client port
-getPartitionTablePostfix
+getCServerAddr
-getRxBytes
 |-
-|rxBytes
+|CServerAddr
-|double
+|InetAddress
-|The total of received bytes
+|The client-side (pre-NAT) server address
-getRxRate
+getCServerPort
 |-
-|rxRate
+|CServerPort
-|double
+|Integer
-|The RX rate in byte/s
+|The client-side (pre-NAT) server port
-getTag
+getSClientAddr
-getTimeStamp
 |-
-|timeStamp
+|SClientAddr
-|Timestamp
+|InetAddress
-|The timestamp
+|The server-side (post-NAT) client address
-getTxBytes
+getSClientPort
 |-
-|txBytes
+|SClientPort
-|double
+|Integer
-|The total of transmitted bytes
+|The server-side (post-NAT) client port
-getTxRate
+getSServerAddr
 |-
-|txRate
+|SServerAddr
-|double
+|InetAddress
-|The TX rate in byte/s
+|The server-side (post-NAT) server address
-|}
+getSServerPort
-<section end='InterfaceStatEvent' />
+|-
+|SServerPort
+|Integer
-== LogEvent ==
+|The server-side (post-NAT) server port
-<section begin='LogEvent' />
+getBypassed
+|-
-These base class for all events.
+|bypassed
+|boolean
-{| border="1" cellpadding="2" width="90%" align="center"
+|True if bypassed, false otherwise
-! Attribute Name
-! Type
-! Description
 getClass
 |-
@@ Line 1,107: / Line 1,032: @@
 |Class
 |The class name
-getPartitionTablePostfix
+getClientCountry
-getTag
+|-
-getTimeStamp
+|clientCountry
+|String
+|The client country
+getClientIntf
 |-
-|timeStamp
+|clientIntf
-|Timestamp
+|Integer
-|The timestamp
+|The client interface ID
-|}
+getClientLatitude
-<section end='LogEvent' />
-== SystemStatEvent ==
-<section begin='SystemStatEvent' />
-These events are created by the base system and inserted to the [[Database_Schema#server_events|server_events]] table periodically.
-{| border="1" cellpadding="2" width="90%" align="center"
-! Attribute Name
-! Type
-! Description
-getActiveHosts
 |-
-|activeHosts
+|clientLatitude
-|int
+|Double
-|The active host count
+|The client latitude
-getClass
+getClientLongitude
 |-
-|class
+|clientLongitude
-|Class
+|Double
-|The class name
+|The client longitude
-getCpuSystem
+getEntitled
 |-
-|cpuSystem
+|entitled
-|float
+|boolean
-|The system CPU utilization
+|The entitled status
-getCpuUser
+getFilterPrefix
 |-
-|cpuUser
+|filterPrefix
-|float
+|String
-|The user CPU utilization
+|The filter prefix if blocked by the filter rules
-getDiskFree
+getHostname
 |-
-|diskFree
+|hostname
-|long
+|String
-|The amount of disk free
+|The hostname
-getDiskFreePercent
+getIcmpType
 |-
-|diskFreePercent
+|icmpType
-|float
+|Short
-|The percentage of disk free
+|The ICMP type
-getDiskTotal
+getLocalAddr
 |-
-|diskTotal
+|localAddr
-|long
+|InetAddress
-|The total size of the disk
+|The local host address
-getDiskUsed
+getPartitionTablePostfix
+getPolicyId
 |-
-|diskUsed
+|policyId
-|long
+|Integer
-|The amount of disk used
+|The policy ID
-getDiskUsedPercent
+getPolicyRuleId
 |-
-|diskUsedPercent
+|policyRuleId
-|float
+|Integer
-|The percentage of disk used
+|The policy rule ID
-getLoad1
+getProtocol
 |-
-|load1
+|protocol
-|float
+|Short
-|The 1-minute CPU load
+|The protocol
-getLoad15
+getProtocolName
 |-
-|load15
+|protocolName
-|float
+|String
-|The 15-minute CPU load
+|The protocol name
-getLoad5
+getRemoteAddr
 |-
-|load5
+|remoteAddr
-|float
+|InetAddress
-|The 5-minute CPU load
+|The remote host address
-getMemBuffers
+getServerCountry
 |-
-|memBuffers
+|serverCountry
-|long
+|String
-|The amount of memory used by buffers
+|The server country
-getMemCache
+getServerIntf
 |-
-|memCache
+|serverIntf
-|long
+|Integer
-|The amount of memory used by cache
+|The server interface ID
-getMemFree
+getServerLatitude
 |-
-|memFree
+|serverLatitude
-|long
+|Double
-|The amount of free memory
+|The server latitude
-getMemFreePercent
+getServerLongitude
 |-
-|memFreePercent
+|serverLongitude
-|float
+|Double
-|The percentage of total memory that is free
+|The server longitude
-getMemTotal
+getSessionId
 |-
-|memTotal
+|sessionId
-|long
+|Long
-|The total amount of memory
+|The session ID
-getMemUsed
+getTag
+getTagsString
 |-
-|memUsed
+|tagsString
-|long
+|String
-|The amount of used memory
+|The string value of all tags
-getMemUsedPercent
-|-
-|memUsedPercent
-|float
-|The percentage of total memory that is used
-getPartitionTablePostfix
-getSwapFree
-|-
-|swapFree
-|long
-|The amount of free swap
-getSwapFreePercent
-|-
-|swapFreePercent
-|float
-|The percentage of total swap that is free
-getSwapTotal
-|-
-|swapTotal
-|long
-|The total size of swap
-getSwapUsed
-|-
-|swapUsed
-|long
-|The amount of used swap
-getSwapUsedPercent
-|-
-|swapUsedPercent
-|float
-|The percentage of total swap that is used
-getTag
 getTimeStamp
 |-
@@ Line 1,254: / Line 1,139: @@
 |Timestamp
 |The timestamp
-|}
+getUsername
-<section end='SystemStatEvent' />
+|-
+|username
+|String
+|The username
+|}<section end='SessionEvent' />== SessionStatsEvent ==
+<section begin='SessionStatsEvent' />
-== SessionMinuteEvent ==
+These events are created by the base system and update the [[Database_Schema#sessions|sessions]] table when a session ends with the updated stats.
-<section begin='SessionMinuteEvent' />
-These events are created by the base system and update the [[Database_Schema#sessions|session_minutes]] table each minute a session exists.
 {| border="1" cellpadding="2" width="90%" align="center"
@@ Line 1,267: / Line 1,153: @@
 ! Type
 ! Description
-getC2sBytes
+getC2pBytes
 |-
-|c2sBytes
+|c2pBytes
 |long
-|The number of bytes sent from the client to the server
+|The number of bytes sent from the client to Untangle
 getClass
 |-
@@ Line 1,277: / Line 1,163: @@
 |Class
 |The class name
-getPartitionTablePostfix
+getEndTime
-getS2cBytes
 |-
-|s2cBytes
+|endTime
 |long
-|The number of bytes sent from the server to the client
+|The end time/date
-getSessionId
+getP2cBytes
 |-
-|sessionId
+|p2cBytes
 |long
-|The session ID
+|The number of bytes sent to the client from Untangle
-getTag
+getP2sBytes
-getTimeStamp
 |-
-|timeStamp
+|p2sBytes
-|Timestamp
+|long
-|The timestamp
+|The number of bytes sent to the server from Untangle
-|}
+getPartitionTablePostfix
-<section end='SessionMinuteEvent' />
+getS2pBytes
+|-
+|s2pBytes
+|long
+|The number of bytes sent from the server to Untangle
+getSessionEvent
+|-
+|sessionEvent
+|SessionEvent
+|The session event
+getSessionId
+|-
+|sessionId
+|Long
+|The session ID
+getTag
+getTimeStamp
+|-
+|timeStamp
+|Timestamp
+|The timestamp
+|}<section end='SessionStatsEvent' />== SessionNatEvent ==
+<section begin='SessionNatEvent' />
+These events are created by the base system and update the [[Database_Schema#sessions|sessions]] table each time a session is NATd with the post-NAT information.
-== SessionEvent ==
-<section begin='SessionEvent' />
-These events are created by the base system and update the [[Database_Schema#sessions|sessions]] table each time a session is created.
 {| border="1" cellpadding="2" width="90%" align="center"
@@ Line 1,307: / Line 1,209: @@
 ! Type
 ! Description
-getCClientAddr
+getSClientAddr
 |-
-|CClientAddr
+|SClientAddr
 |InetAddress
-|The client-side (pre-NAT) client address
+|The server-side (post-NAT) client address
-getCClientPort
+getSClientPort
 |-
-|CClientPort
+|SClientPort
 |Integer
-|The client-side (pre-NAT) client port
+|The server-side (post-NAT) client port
-getCServerAddr
-|-
-|CServerAddr
-|InetAddress
-|The client-side (pre-NAT) server address
-getCServerPort
-|-
-|CServerPort
-|Integer
-|The client-side (pre-NAT) server port
-getSClientAddr
-|-
-|SClientAddr
-|InetAddress
-|The server-side (post-NAT) client address
-getSClientPort
-|-
-|SClientPort
-|Integer
-|The server-side (post-NAT) client port
 getSServerAddr
 |-
@@ Line 1,347: / Line 1,229: @@
 |Integer
 |The server-side (post-NAT) server port
-getBypassed
-|-
-|bypassed
-|boolean
-|True if bypassed, false otherwise
 getClass
 |-
@@ Line 1,357: / Line 1,234: @@
 |Class
 |The class name
-getClientCountry
+getPartitionTablePostfix
+getServerIntf
 |-
-|clientCountry
+|serverIntf
-|String
-|The client country
-getClientIntf
-|-
-|clientIntf
 |Integer
-|The client interface ID
+|The server interface ID
-getClientLatitude
+getSessionEvent
 |-
-|clientLatitude
+|sessionEvent
-|Double
+|SessionEvent
-|The client latitude
+|The session event
-getClientLongitude
+getTag
+getTimeStamp
 |-
-|clientLongitude
+|timeStamp
-|Double
+|Timestamp
-|The client longitude
+|The timestamp
-getEntitled
+|}<section end='SessionNatEvent' />== QuotaEvent ==
+<section begin='QuotaEvent' />
+These events are created by the [[Bandwidth Control]] and inserted or update the [[Database_Schema#quotas|quotas]] table when quotas are given or exceeded.
+{| border="1" cellpadding="2" width="90%" align="center"
+! Attribute Name
+! Type
+! Description
+getAction
 |-
-|entitled
+|action
-|boolean
+|int
-|The entitled status
+|The action (1=Quota Given, 2=Quota Exceeded)
-getFilterPrefix
+getClass
 |-
-|filterPrefix
+|class
-|String
+|Class
-|The filter prefix if blocked by the filter rules
+|The class name
-getHostname
+getEntity
 |-
-|hostname
+|entity
 |String
-|The hostname
+|The entity
-getIcmpType
-|-
-|icmpType
-|Short
-|The ICMP type
-getLocalAddr
-|-
-|localAddr
-|InetAddress
-|The local host address
 getPartitionTablePostfix
-getPolicyId
+getQuotaSize
 |-
-|policyId
+|quotaSize
-|Integer
+|long
-|The policy ID
+|The quota size
-getPolicyRuleId
+getReason
 |-
-|policyRuleId
+|reason
-|Integer
+|String
-|The policy rule ID
+|The reason
-getProtocol
+getTag
+getTimeStamp
 |-
-|protocol
+|timeStamp
-|Short
+|Timestamp
-|The protocol
+|The timestamp
-getProtocolName
+|}<section end='QuotaEvent' />== SmtpMessageAddressEvent ==
+<section begin='SmtpMessageAddressEvent' />
+These events are created by SMTP subsystem and inserted to the [[Database_Schema#mail_addrs|mail_addrs]] table for each address on each email.
+{| border="1" cellpadding="2" width="90%" align="center"
+! Attribute Name
+! Type
+! Description
+getAddr
 |-
-|protocolName
+|addr
 |String
-|The protocol name
+|The address
-getRemoteAddr
+getClass
 |-
-|remoteAddr
+|class
-|InetAddress
+|Class
-|The remote host address
+|The class name
-getServerCountry
+getKind
 |-
-|serverCountry
+|kind
-|String
+|AddressKind
-|The server country
+|The type for this address (F=From, T=To, C=CC, G=Envelope From, B=Envelope To, X=Unknown)
-getServerIntf
+getMessageId
 |-
-|serverIntf
+|messageId
-|Integer
+|Long
-|The server interface ID
+|The message ID
-getServerLatitude
+getPartitionTablePostfix
+getPersonal
 |-
-|serverLatitude
+|personal
-|Double
+|String
-|The server latitude
+|personal
-getServerLongitude
-|-
-|serverLongitude
-|Double
-|The server longitude
-getSessionId
-|-
-|sessionId
-|Long
-|The session ID
 getTag
 getTimeStamp
@@ Line 1,459: / Line 1,333: @@
 |Timestamp
 |The timestamp
-getUsername
+|}<section end='SmtpMessageAddressEvent' />== SmtpMessageEvent ==
-|-
+<section begin='SmtpMessageEvent' />
-|username
-|String
-|The username
-|}
-<section end='SessionEvent' />
+These events are created by SMTP subsystem and inserted to the [[Database_Schema#mail_msgs|mail_msgs]] table for each email.
-== SessionStatsEvent ==
-<section begin='SessionStatsEvent' />
-These events are created by the base system and update the [[Database_Schema#sessions|sessions]] table when a session ends with the updated stats.
 {| border="1" cellpadding="2" width="90%" align="center"
@@ Line 1,477: / Line 1,342: @@
 ! Type
 ! Description
-getC2pBytes
+getAddresses
 |-
-|c2pBytes
+|addresses
-|long
+|Set
-|The number of bytes sent from the client to Untangle
+|The addresses
 getClass
 |-
@@ Line 1,487: / Line 1,352: @@
 |Class
 |The class name
-getEndTime
+getEnvelopeFromAddress
 |-
-|endTime
+|envelopeFromAddress
-|long
+|String
-|The end time/date
+|The envelop FROM address
-getP2cBytes
+getEnvelopeToAddress
 |-
-|p2cBytes
+|envelopeToAddress
-|long
+|String
-|The number of bytes sent to the client from Untangle
+|The envelope TO address
-getP2sBytes
+getMessageId
 |-
-|p2sBytes
+|messageId
-|long
+|Long
-|The number of bytes sent to the server from Untangle
+|The message ID
 getPartitionTablePostfix
-getS2pBytes
+getReceiver
 |-
-|s2pBytes
+|receiver
-|long
+|String
-|The number of bytes sent from the server to Untangle
+|The receiver
+getSender
+|-
+|sender
+|String
+|The sender
+getSessionEvent
+|-
+|sessionEvent
+|SessionEvent
+|The session event
 getSessionId
 |-
@@ Line 1,513: / Line 1,388: @@
 |Long
 |The session ID
+getSubject
+|-
+|subject
+|String
+|The subject
 getTag
 getTimeStamp
@@ Line 1,519: / Line 1,399: @@
 |Timestamp
 |The timestamp
-|}
+getTmpFile
-<section end='SessionStatsEvent' />
+|-
+|tmpFile
+|File
+|The /tmp file
+|}<section end='SmtpMessageEvent' />== CaptureRuleEvent ==
+<section begin='CaptureRuleEvent' />
+These events are created by [[Captive Portal]] and update the [[Database_Schema#sessions|sessions]] table when Captive Portal processes a session.
-== SessionNatEvent ==
-<section begin='SessionNatEvent' />
-These events are created by the base system and update the [[Database_Schema#sessions|sessions]] table each time a session is NATd with the post-NAT information.
 {| border="1" cellpadding="2" width="90%" align="center"
@@ Line 1,532: / Line 1,413: @@
 ! Type
 ! Description
-getSClientAddr
+getCaptured
 |-
-|SClientAddr
+|captured
-|InetAddress
+|boolean
-|The server-side (post-NAT) client address
+|True if captured, false otherwise
-getSClientPort
+getClass
 |-
-|SClientPort
+|class
-|Integer
-|The server-side (post-NAT) client port
-getSServerAddr
-|-
-|SServerAddr
-|InetAddress
-|The server-side (post-NAT) server address
-getSServerPort
-|-
-|SServerPort
-|Integer
-|The server-side (post-NAT) server port
-getClass
-|-
-|class
 |Class
 |The class name
 getPartitionTablePostfix
-getServerIntf
+getRuleId
 |-
-|serverIntf
+|ruleId
 |Integer
-|The server interface ID
+|The rule ID
+getSessionEvent
+|-
+|sessionEvent
+|SessionEvent
+|The session event
 getTag
 getTimeStamp
@@ Line 1,569: / Line 1,440: @@
 |Timestamp
 |The timestamp
-|}
+|}<section end='CaptureRuleEvent' />== CaptivePortalUserEvent ==
-<section end='SessionNatEvent' />
+<section begin='CaptivePortalUserEvent' />
+These events are created by [[Captive Portal]] and inserted to the [[Database_Schema#captive_portal_user_events|captive_portal_user_events]] table when Captive Portal user takes an action.
-== QuotaEvent ==
-<section begin='QuotaEvent' />
-These events are created by the [[Bandwidth Control]] and inserted or update the [[Database_Schema#quotas|quotas]] table when quotas are given or exceeded.
 {| border="1" cellpadding="2" width="90%" align="center"
@@ Line 1,582: / Line 1,449: @@
 ! Type
 ! Description
-getAction
+getAuthenticationType
 |-
-|action
+|authenticationType
-|int
+|CaptivePortalSettings$AuthenticationType
-|The action (1=Quota Given, 2=Quota Exceeded)
+|The authentication type
-getAddress
+getAuthenticationTypeValue
 |-
-|address
+|authenticationTypeValue
-|InetAddress
+|String
-|The address
+|The authentication type as a string
 getClass
 |-
@@ Line 1,597: / Line 1,464: @@
 |Class
 |The class name
-getPartitionTablePostfix
+getClientAddr
-getQuotaSize
+|-
+|clientAddr
+|String
+|The client address
+getEvent
 |-
-|quotaSize
+|event
-|long
+|CaptivePortalUserEvent$EventType
-|The quota size
+|The event (LOGIN, FAILED, TIMEOUT, INACTIVE, USER_LOGOUT, ADMIN_LOGOUT)
-getReason
+getEventValue
 |-
-|reason
+|eventValue
 |String
-|The reason
+|The event value as a string (LOGIN, FAILED, TIMEOUT, INACTIVE, USER_LOGOUT, ADMIN_LOGOUT)
-getTag
+getLoginName
-getTimeStamp
 |-
-|timeStamp
+|loginName
-|Timestamp
+|String
+|The login name
+getPartitionTablePostfix
+getPolicyId
+|-
+|policyId
+|Integer
+|The policy ID
+getTag
+getTimeStamp
+|-
+|timeStamp
+|Timestamp
 |The timestamp
-|}
+|}<section end='CaptivePortalUserEvent' />== AdBlockerEvent ==
-<section end='QuotaEvent' />
+<section begin='AdBlockerEvent' />
+These events are created by [[Ad Blocker]] and update the [[Database_Schema#http_events|http_events]] table when an ad is blocked.
-== HostTableEvent ==
-<section begin='HostTableEvent' />
-These events are created by the base system and inserted to the [[Database_Schema#host_table_updates|host_table_updates]] table when the host table is modified.
 {| border="1" cellpadding="2" width="90%" align="center"
@@ Line 1,627: / Line 1,505: @@
 ! Type
 ! Description
-getAddress
+getAction
 |-
-|address
+|action
-|InetAddress
+|Action
-|The address
+|The action
 getClass
 |-
@@ Line 1,637: / Line 1,515: @@
 |Class
 |The class name
-getKey
+getPartitionTablePostfix
+getReason
 |-
-|key
+|reason
 |String
-|The key
+|The reason
-getOldValue
+getRequestId
 |-
-|oldValue
+|requestId
-|String
+|Long
-|The old value
+|The request ID
-getPartitionTablePostfix
 getTag
 getTimeStamp
@@ Line 1,654: / Line 1,532: @@
 |Timestamp
 |The timestamp
-getValue
+|}<section end='AdBlockerEvent' />== CookieEvent ==
-|-
+<section begin='CookieEvent' />
-|value
-|String
-|The value
-|}
-<section end='HostTableEvent' />
+These events are created by [[Ad Blocker]] and update the [[Database_Schema#http_events|http_events]] table when a cookie is blocked.
-== DeviceTableEvent ==
-<section begin='DeviceTableEvent' />
-These events are created by the base system and inserted to the [[Database_Schema#device_table_updates|device_table_updates]] table when the device list is modified.
 {| border="1" cellpadding="2" width="90%" align="center"
@@ Line 1,677: / Line 1,546: @@
 |Class
 |The class name
-getDevice
+getIdentification
 |-
-|device
+|identification
-|DeviceTableEntry
-|The Device
-getKey
-|-
-|key
 |String
-|The key
+|The identification string
-getMacAddress
+getPartitionTablePostfix
+getRequestId
 |-
-|macAddress
+|requestId
-|String
+|Long
-|The MAC address
+|The request ID
-getOldValue
+getSessionEvent
 |-
-|oldValue
+|sessionEvent
-|String
+|SessionEvent
-|The old value
+|The session event
-getPartitionTablePostfix
 getTag
 getTimeStamp
@@ Line 1,704: / Line 1,568: @@
 |Timestamp
 |The timestamp
-getValue
+|}<section end='CookieEvent' />== HttpRequestEvent ==
-|-
+<section begin='HttpRequestEvent' />
-|value
-|String
-|The value
-|}
-<section end='DeviceTableEvent' />
+These events are created by HTTP subsystem and inserted to the [[Database_Schema#http_events|http_events]] table when a web request happens.
-== SettingsChangesEvent ==
-<section begin='SettingsChangesEvent' />
-These events are created by the base system and inserted to the [[Database_Schema#settings_changes|settings_changes]] table when settings are changed.
 {| border="1" cellpadding="2" width="90%" align="center"
@@ Line 1,727: / Line 1,582: @@
 |Class
 |The class name
-getHostname
+getContentLength
+|-
+|contentLength
+|long
+|The content length
+getDomain
 |-
-|hostname
+|domain
 |String
-|The hostname
+|The domain
-getPartitionTablePostfix
+getHost
-getSettingsFile
 |-
-|settingsFile
+|host
 |String
-|The settings file
+|The host
-getTag
+getMethod
-getTimeStamp
+|-
+|method
+|HttpMethod
+|The HTTP method
+getPartitionTablePostfix
+getReferer
+|-
+|referer
+|String
+|The referer
+getRequestId
+|-
+|requestId
+|Long
+|The request ID
+getRequestUri
+|-
+|requestUri
+|URI
+|The request URI
+getSessionEvent
+|-
+|sessionEvent
+|SessionEvent
+|The session event
+getTag
+getTimeStamp
 |-
 |timeStamp
 |Timestamp
 |The timestamp
-getUsername
+|}<section end='HttpRequestEvent' />== HttpResponseEvent ==
-|-
+<section begin='HttpResponseEvent' />
-|username
-|String
-|The username
-|}
-<section end='SettingsChangesEvent' />
+These events are created by HTTP subsystem and update the [[Database_Schema#http_events|http_events]] table when a web response happens.
-== UserTableEvent ==
-<section begin='UserTableEvent' />
-These events are created by the base system and inserted to the [[Database_Schema#user_table_updates|user_table_updates]] table when the user table is modified.
 {| border="1" cellpadding="2" width="90%" align="center"
@@ Line 1,767: / Line 1,643: @@
 |Class
 |The class name
-getKey
+getContentFilename
 |-
-|key
+|contentFilename
 |String
-|The key
+|The content filename
-getOldValue
+getContentLength
+|-
+|contentLength
+|long
+|The content length
+getContentType
 |-
-|oldValue
+|contentType
 |String
-|The old value
+|The content type
+getHttpRequestEvent
+|-
+|httpRequestEvent
+|HttpRequestEvent
+|The corresponding HTTP request event
 getPartitionTablePostfix
+getRequestLine
+|-
+|requestLine
+|RequestLine
+|The request line
 getTag
 getTimeStamp
@@ Line 1,784: / Line 1,675: @@
 |Timestamp
 |The timestamp
-getUsername
+|}<section end='HttpResponseEvent' />== WebCacheEvent ==
-|-
+<section begin='WebCacheEvent' />
-|username
-|String
-|The username
-getValue
-|-
-|value
-|String
-|The value
-|}
-<section end='UserTableEvent' />
+These events are created by [[Web Cache]] and inserted to the [[Database_Schema#web_cache_stats|web_cache_stats]] table periodically.
-== SessionMinuteEvent ==
-<section begin='SessionMinuteEvent' />
-These events are created by the base system and update the [[Database_Schema#sessions|session_minutes]] table each minute a session exists.
 {| border="1" cellpadding="2" width="90%" align="center"
@@ Line 1,807: / Line 1,684: @@
 ! Type
 ! Description
-getC2sBytes
+getBypassCount
 |-
-|c2sBytes
+|bypassCount
 |long
-|The number of bytes sent from the client to the server
+|The number of bypasses
 getClass
 |-
@@ Line 1,817: / Line 1,694: @@
 |Class
 |The class name
-getPartitionTablePostfix
+getHitBytes
-getS2cBytes
+|-
+|hitBytes
+|long
+|The number of bytes worth of hits
+getHitCount
 |-
-|s2cBytes
+|hitCount
 |long
-|The number of bytes sent from the server to the client
+|The number of hits
-getSessionId
+getMissBytes
 |-
-|sessionId
+|missBytes
 |long
-|The session ID
+|The number of bytes worth of misses
-getTag
+getMissCount
-getTimeStamp
 |-
-|timeStamp
+|missCount
-|Timestamp
+|long
-|The timestamp
+|The number of misses
-|}
+getPartitionTablePostfix
-<section end='SessionMinuteEvent' />
+getPolicyId
+|-
+|policyId
-== SessionEvent ==
+|Long
-<section begin='SessionEvent' />
+|The policy ID
+getSystemCount
+|-
+|systemCount
+|long
+|The number of system bypasses
+getTag
+getTimeStamp
+|-
+|timeStamp
+|Timestamp
+|The timestamp
+|}<section end='WebCacheEvent' />== TunnelVpnStatusEvent ==
+<section begin='TunnelVpnStatusEvent' />
-These events are created by the base system and update the [[Database_Schema#sessions|sessions]] table each time a session is created.
+These events are created by [[Tunnel VPN]] and inserted to the [[Database_Schema#tunnel_vpn_stats|tunnel_vpn_stats]] table periodically.
 {| border="1" cellpadding="2" width="90%" align="center"
@@ Line 1,847: / Line 1,740: @@
 ! Type
 ! Description
-getCClientAddr
+getClass
 |-
-|CClientAddr
+|class
-|InetAddress
+|Class
-|The client-side (pre-NAT) client address
+|The class name
-getCClientPort
+getInBytes
 |-
-|CClientPort
+|inBytes
-|Integer
+|long
-|The client-side (pre-NAT) client port
+|The number of bytes received from this tunnel
-getCServerAddr
+getOutBytes
 |-
-|CServerAddr
+|outBytes
-|InetAddress
+|long
-|The client-side (pre-NAT) server address
+|The number of bytes sent in this tunnel
-getCServerPort
+getPartitionTablePostfix
+getTag
+getTimeStamp
 |-
-|CServerPort
+|timeStamp
-|Integer
+|Timestamp
-|The client-side (pre-NAT) server port
+|The timestamp
-getSClientAddr
+getTunnelName
 |-
-|SClientAddr
+|tunnelName
-|InetAddress
+|String
-|The server-side (post-NAT) client address
+|The name of this tunnel
-getSClientPort
+|}<section end='TunnelVpnStatusEvent' />== TunnelVpnEvent ==
+<section begin='TunnelVpnEvent' />
+These events are created by [[Tunnel VPN]] and inserted to the [[Database_Schema#tunnel_vpn_events|tunnel_vpn_events]] table when a tunnel connection event occurs.
+{| border="1" cellpadding="2" width="90%" align="center"
+! Attribute Name
+! Type
+! Description
+getClass
 |-
-|SClientPort
+|class
-|Integer
+|Class
-|The server-side (post-NAT) client port
+|The class name
-getSServerAddr
+getEventType
+|-
+|eventType
+|TunnelVpnEvent$EventType
+|The event type
+getLocalAddress
 |-
-|SServerAddr
+|localAddress
 |InetAddress
-|The server-side (post-NAT) server address
+|The local host address
-getSServerPort
+getPartitionTablePostfix
+getServerAddress
 |-
-|SServerPort
+|serverAddress
-|Integer
+|InetAddress
-|The server-side (post-NAT) server port
+|The server address
-getBypassed
+getTag
+getTimeStamp
 |-
-|bypassed
+|timeStamp
-|boolean
+|Timestamp
-|True if bypassed, false otherwise
+|The timestamp
-getClass
+getTunnelName
 |-
-|class
+|tunnelName
+|String
+|The name of this tunnel
+|}<section end='TunnelVpnEvent' />== IntrusionPreventionLogEvent ==
+<section begin='IntrusionPreventionLogEvent' />
+These events are created by [[Intrusion Prevention]] and inserted to the [[Database_Schema#intrusion_prevention_events|intrusion_prevention_events]] table when a rule matches.
+{| border="1" cellpadding="2" width="90%" align="center"
+! Attribute Name
+! Type
+! Description
+getBlocked
+|-
+|blocked
+|boolean
+|True if blocked, false otherwise
+getCategory
+|-
+|category
+|String
+|The category
+getClass
+|-
+|class
 |Class
 |The class name
-getClientCountry
+getClassificationId
+|-
+|classificationId
+|long
+|The classification ID
+getClasstype
 |-
-|clientCountry
+|classtype
 |String
-|The client country
+|The classtype
-getClientIntf
+getDportIcode
 |-
-|clientIntf
+|dportIcode
-|Integer
+|int
-|The client interface ID
+|The dportIcode
-getClientLatitude
+getEventId
 |-
-|clientLatitude
+|eventId
-|Double
+|long
-|The client latitude
+|The event ID
-getClientLongitude
+getEventMicrosecond
 |-
-|clientLongitude
+|eventMicrosecond
-|Double
+|long
-|The client longitude
+|The event microsecond
-getEntitled
+getEventSecond
 |-
-|entitled
+|eventSecond
-|boolean
+|long
-|The entitled status
+|The event second
-getFilterPrefix
+getEventType
 |-
-|filterPrefix
+|eventType
-|String
+|long
-|The filter prefix if blocked by the filter rules
+|The event type
-getHostname
+getGeneratorId
 |-
-|hostname
+|generatorId
-|String
+|long
-|The hostname
+|The generator ID
-getIcmpType
+getImpact
+|-
+|impact
+|short
+|The impact
+getImpactFlag
 |-
-|icmpType
+|impactFlag
-|Short
+|short
-|The ICMP type
+|The impact flag
-getLocalAddr
+getIpDestination
 |-
-|localAddr
+|ipDestination
 |InetAddress
-|The local host address
+|The IP address destination
-getPartitionTablePostfix
+getIpSource
-getPolicyId
 |-
-|policyId
+|ipSource
-|Integer
+|InetAddress
-|The policy ID
+|The IP address source
-getPolicyRuleId
+getMplsLabel
 |-
-|policyRuleId
+|mplsLabel
-|Integer
+|long
-|The policy rule ID
+|The mplsLabel
+getMsg
+|-
+|msg
+|String
+|The msg
+getPadding
+|-
+|padding
+|int
+|The padding
+getPartitionTablePostfix
+getPriorityId
+|-
+|priorityId
+|long
+|The priority ID
 getProtocol
 |-
 |protocol
-|Short
+|short
 |The protocol
-getProtocolName
+getRid
 |-
-|protocolName
+|rid
 |String
-|The protocol name
+|Rule ID
-getRemoteAddr
+getSensorId
 |-
-|remoteAddr
+|sensorId
-|InetAddress
+|long
-|The remote host address
+|The sensor ID
-getServerCountry
+getSignatureId
 |-
-|serverCountry
+|signatureId
-|String
+|long
-|The server country
+|The signature ID
-getServerIntf
+getSignatureRevision
 |-
-|serverIntf
+|signatureRevision
-|Integer
+|long
-|The server interface ID
+|The signature revision
-getServerLatitude
+getSportItype
 |-
-|serverLatitude
+|sportItype
-|Double
+|int
-|The server latitude
+|The sportItype
-getServerLongitude
-|-
-|serverLongitude
-|Double
-|The server longitude
-getSessionId
-|-
-|sessionId
-|Long
-|The session ID
 getTag
-getTagsString
-|-
-|tagsString
-|String
-|The string value of all tags
 getTimeStamp
 |-
@@ Line 2,004: / Line 1,949: @@
 |Timestamp
 |The timestamp
-getUsername
+getVlanId
 |-
-|username
+|vlanId
-|String
+|int
-|The username
+|The VLAN Id
-|}
+|}<section end='IntrusionPreventionLogEvent' />== ApplicationControlLogEvent ==
-<section end='SessionEvent' />
+<section begin='ApplicationControlLogEvent' />
+These events are created by [[Application Control]] and update the [[Database_Schema#sessions|sessions]] table when application control identifies a session.
-== SessionStatsEvent ==
-<section begin='SessionStatsEvent' />
-These events are created by the base system and update the [[Database_Schema#sessions|sessions]] table when a session ends with the updated stats.
 {| border="1" cellpadding="2" width="90%" align="center"
@@ Line 2,022: / Line 1,963: @@
 ! Type
 ! Description
-getC2pBytes
+getApplication
+|-
+|application
+|String
+|The application
+getBlocked
+|-
+|blocked
+|boolean
+|True if blocked, false otherwise
+getCategory
 |-
-|c2pBytes
+|category
-|long
+|String
-|The number of bytes sent from the client to Untangle
+|The category
 getClass
 |-
@@ Line 2,032: / Line 1,983: @@
 |Class
 |The class name
-getEndTime
+getConfidence
 |-
-|endTime
+|confidence
-|long
+|Integer
-|The end time/date
+|The confidence (0-100)
-getP2cBytes
+getDetail
 |-
-|p2cBytes
+|detail
-|long
+|String
-|The number of bytes sent to the client from Untangle
+|The details
-getP2sBytes
+getFlagged
 |-
-|p2sBytes
+|flagged
-|long
+|boolean
-|The number of bytes sent to the server from Untangle
+|True if flagged, false otherwise
 getPartitionTablePostfix
-getS2pBytes
+getProtochain
+|-
+|protochain
+|String
+|The protochain
+getRuleId
 |-
-|s2pBytes
+|ruleId
-|long
+|Integer
-|The number of bytes sent from the server to Untangle
+|The rule ID
 getSessionEvent
 |-
@@ Line 2,058: / Line 2,014: @@
 |SessionEvent
 |The session event
-getSessionId
+getState
 |-
-|sessionId
+|state
-|Long
+|Integer
-|The session ID
+|The state
 getTag
 getTimeStamp
@@ Line 2,069: / Line 2,025: @@
 |Timestamp
 |The timestamp
-|}
+|}<section end='ApplicationControlLogEvent' />== LoginEvent ==
-<section end='SessionStatsEvent' />
+<section begin='LoginEvent' />
+These events are created by [[Directory Connector]] and inserted to the [[Database_Schema#directory_connector_login_events|directory_connector_login_events]] table for each login.
-== SessionNatEvent ==
-<section begin='SessionNatEvent' />
-These events are created by the base system and update the [[Database_Schema#sessions|sessions]] table each time a session is NATd with the post-NAT information.
 {| border="1" cellpadding="2" width="90%" align="center"
@@ Line 2,082: / Line 2,034: @@
 ! Type
 ! Description
-getSClientAddr
-|-
-|SClientAddr
-|InetAddress
-|The server-side (post-NAT) client address
-getSClientPort
-|-
-|SClientPort
-|Integer
-|The server-side (post-NAT) client port
-getSServerAddr
-|-
-|SServerAddr
-|InetAddress
-|The server-side (post-NAT) server address
-getSServerPort
-|-
-|SServerPort
-|Integer
-|The server-side (post-NAT) server port
 getClass
 |-
@@ Line 2,107: / Line 2,039: @@
 |Class
 |The class name
-getPartitionTablePostfix
+getClientAddr
-getServerIntf
 |-
-|serverIntf
+|clientAddr
-|Integer
+|InetAddress
-|The server interface ID
+|The client address
-getSessionEvent
+getDomain
 |-
-|sessionEvent
+|domain
-|SessionEvent
+|String
-|The session event
+|The domain
+getEvent
+|-
+|event
+|String
+|The event
+getLoginName
+|-
+|loginName
+|String
+|The login name
+getLoginType
+|-
+|loginType
+|String
+|W = Windows login, A=Active Directory, R=RADIUS, T=test
+getPartitionTablePostfix
 getTag
 getTimeStamp
@@ Line 2,124: / Line 2,071: @@
 |Timestamp
 |The timestamp
-|}
+|}<section end='LoginEvent' />== WebFilterEvent ==
-<section end='SessionNatEvent' />
+<section begin='WebFilterEvent' />
+These events are created by [[Web Filter]] and update the [[Database_Schema#http_events|http_events]] table when web filter processes a web request.
-== QuotaEvent ==
-<section begin='QuotaEvent' />
-These events are created by the [[Bandwidth Control]] and inserted or update the [[Database_Schema#quotas|quotas]] table when quotas are given or exceeded.
 {| border="1" cellpadding="2" width="90%" align="center"
@@ Line 2,137: / Line 2,080: @@
 ! Type
 ! Description
-getAction
+getAppName
 |-
-|action
+|appName
-|int
+|String
-|The action (1=Quota Given, 2=Quota Exceeded)
+|The name of the application
-getClass
+getBlocked
 |-
-|class
+|blocked
+|Boolean
+|True if blocked, false otherwise
+getCategory
+|-
+|category
+|String
+|The category
+getCategoryId
+|-
+|categoryId
+|Integer
+|Numeric value of matching category
+getClass
+|-
+|class
 |Class
 |The class name
-getEntity
+getFlagged
 |-
-|entity
+|flagged
-|String
+|Boolean
-|The entity
+|True if flagged, false otherwise
 getPartitionTablePostfix
-getQuotaSize
-|-
-|quotaSize
-|long
-|The quota size
 getReason
 |-
 |reason
-|String
+|Reason
 |The reason
-getTag
+getRequestLine
-getTimeStamp
 |-
-|timeStamp
+|requestLine
-|Timestamp
+|RequestLine
+|The request line
+getRuleId
+|-
+|ruleId
+|Integer
+|The rule ID
+getSessionEvent
+|-
+|sessionEvent
+|SessionEvent
+|The session event
+getTag
+getTimeStamp
+|-
+|timeStamp
+|Timestamp
 |The timestamp
-|}
+|}<section end='WebFilterEvent' />== WebFilterQueryEvent ==
-<section end='QuotaEvent' />
+<section begin='WebFilterQueryEvent' />
+These events are created by [[Web Filter]] and inserted to the [[Database_Schema#http_query_events|http_query_events]] table when web filter processes a search engine search.
-== SmtpMessageAddressEvent ==
-<section begin='SmtpMessageAddressEvent' />
-These events are created by SMTP subsystem and inserted to the [[Database_Schema#mail_addrs|mail_addrs]] table for each address on each email.
 {| border="1" cellpadding="2" width="90%" align="center"
@@ Line 2,182: / Line 2,146: @@
 ! Type
 ! Description
-getAddr
+getAppName
 |-
-|addr
+|appName
 |String
-|The address
+|The name of the application
+getBlocked
+|-
+|blocked
+|Boolean
+|True if blocked, false otherwise
 getClass
 |-
@@ Line 2,192: / Line 2,161: @@
 |Class
 |The class name
-getKind
+getContentLength
 |-
-|kind
+|contentLength
-|AddressKind
+|long
-|The type for this address (F=From, T=To, C=CC, G=Envelope From, B=Envelope To, X=Unknown)
+|The content length
-getMessageId
+getFlagged
 |-
-|messageId
+|flagged
-|Long
+|Boolean
-|The message ID
+|True if flagged, false otherwise
-getPartitionTablePostfix
+getHost
-getPersonal
 |-
-|personal
+|host
 |String
-|personal
+|The host
-getTag
+getMethod
-getTimeStamp
+|-
+|method
+|HttpMethod
+|The method
+getPartitionTablePostfix
+getRequestId
 |-
-|timeStamp
+|requestId
-|Timestamp
+|Long
-|The timestamp
+|The request ID
-|}
+getRequestUri
-<section end='SmtpMessageAddressEvent' />
+|-
+|requestUri
+|URI
-== SmtpMessageEvent ==
+|The request URI
-<section begin='SmtpMessageEvent' />
+getSessionEvent
+|-
-These events are created by SMTP subsystem and inserted to the [[Database_Schema#mail_msgs|mail_msgs]] table for each email.
+|sessionEvent
+|SessionEvent
+|The session event
+getTag
+getTerm
+|-
+|term
+|String
+|The search term/phrase
+getTimeStamp
+|-
+|timeStamp
+|Timestamp
+|The timestamp
+|}<section end='WebFilterQueryEvent' />== WanFailoverTestEvent ==
+<section begin='WanFailoverTestEvent' />
+These events are created by [[WAN Failover]] and inserted to the [[Database_Schema#wan_failover_test_events|wan_failover_test_events]] table when a test is run.
 {| border="1" cellpadding="2" width="90%" align="center"
@@ Line 2,227: / Line 2,217: @@
 ! Type
 ! Description
-getAddresses
-|-
-|addresses
-|Set
-|The addresses
 getClass
 |-
@@ Line 2,237: / Line 2,222: @@
 |Class
 |The class name
-getEnvelopeFromAddress
+getDescription
 |-
-|envelopeFromAddress
+|description
 |String
-|The envelop FROM address
+|The description
-getEnvelopeToAddress
+getInterfaceId
 |-
-|envelopeToAddress
+|interfaceId
-|String
+|int
-|The envelope TO address
+|The interface ID
-getMessageId
+getName
 |-
-|messageId
+|name
-|Long
-|The message ID
-getPartitionTablePostfix
-getReceiver
-|-
-|receiver
 |String
-|The receiver
+|The test name
-getSender
+getOsName
 |-
-|sender
+|osName
 |String
-|The sender
+|The O/S interface name
-getSessionEvent
+getPartitionTablePostfix
+getSuccess
 |-
-|sessionEvent
+|success
-|SessionEvent
+|Boolean
-|The session event
+|True if successful, false otherwise
-getSessionId
+getTag
+getTimeStamp
 |-
-|sessionId
+|timeStamp
-|Long
+|Timestamp
-|The session ID
-getSubject
-|-
-|subject
-|String
-|The subject
-getTag
-getTimeStamp
-|-
-|timeStamp
-|Timestamp
 |The timestamp
-getTmpFile
+|}<section end='WanFailoverTestEvent' />== WanFailoverEvent ==
-|-
+<section begin='WanFailoverEvent' />
-|tmpFile
-|File
-|The /tmp file
-|}
-<section end='SmtpMessageEvent' />
+These events are created by [[WAN Failover]] and inserted to the [[Database_Schema#wan_failover_action_events|wan_failover_action_events]] table when WAN Failover takes an action.
-== CaptureRuleEvent ==
-<section begin='CaptureRuleEvent' />
-These events are created by [[Captive Portal]] and update the [[Database_Schema#sessions|sessions]] table when Captive Portal processes a session.
 {| border="1" cellpadding="2" width="90%" align="center"
@@ Line 2,302: / Line 2,263: @@
 ! Type
 ! Description
-getCaptured
+getAction
 |-
-|captured
+|action
-|boolean
+|WanFailoverEvent$Action
-|True if captured, false otherwise
+|The action
 getClass
 |-
@@ Line 2,312: / Line 2,273: @@
 |Class
 |The class name
-getPartitionTablePostfix
+getInterfaceId
-getRuleId
 |-
-|ruleId
+|interfaceId
-|Integer
+|int
-|The rule ID
+|The interface ID
-getSessionEvent
+getName
+|-
+|name
+|String
+|The name
+getOsName
 |-
-|sessionEvent
+|osName
-|SessionEvent
+|String
-|The session event
+|The O/S interface name
+getPartitionTablePostfix
 getTag
 getTimeStamp
@@ Line 2,329: / Line 2,295: @@
 |Timestamp
 |The timestamp
-|}
+|}<section end='WanFailoverEvent' />== ThreatPreventionEvent ==
-<section end='CaptureRuleEvent' />
+<section begin='ThreatPreventionEvent' />
+These events are created by [[Threat Prevention]] and inserted to the [[Database_Schema#sessions|sessions]] table for each threat lookup.
-== CaptivePortalUserEvent ==
-<section begin='CaptivePortalUserEvent' />
-These events are created by [[Captive Portal]] and inserted to the [[Database_Schema#captive_portal_user_events|captive_portal_user_events]] table when Captive Portal user takes an action.
 {| border="1" cellpadding="2" width="90%" align="center"
@@ Line 2,342: / Line 2,304: @@
 ! Type
 ! Description
-getAuthenticationType
+getBlocked
 |-
-|authenticationType
+|blocked
-|CaptivePortalSettings$AuthenticationType
+|boolean
-|The authentication type
+|True if blocked, false otherwise
-getAuthenticationTypeValue
-|-
-|authenticationTypeValue
-|String
-|The authentication type as a string
 getClass
 |-
@@ Line 2,357: / Line 2,314: @@
 |Class
 |The class name
-getClientAddr
+getClientCategories
 |-
-|clientAddr
+|clientCategories
-|String
+|int
-|The client address
+|Client threat categories
-getEvent
+getClientReputation
 |-
-|event
+|clientReputation
-|CaptivePortalUserEvent$EventType
+|int
-|The event (LOGIN, FAILED, TIMEOUT, INACTIVE, USER_LOGOUT, ADMIN_LOGOUT)
+|Client threat reputation
-getEventValue
+getFlagged
+|-
+|flagged
+|boolean
+|True if flagged, false otherwise
+getPartitionTablePostfix
+getRuleId
+|-
+|ruleId
+|long
+|The rule ID
+getServerCategories
 |-
-|eventValue
+|serverCategories
-|String
+|int
-|The event value as a string (LOGIN, FAILED, TIMEOUT, INACTIVE, USER_LOGOUT, ADMIN_LOGOUT)
+|Server threat categories
-getLoginName
+getServerReputation
 |-
-|loginName
+|serverReputation
-|String
+|int
-|The login name
+|Server threat reputation
-getPartitionTablePostfix
+getSessionId
-getPolicyId
 |-
-|policyId
+|sessionId
-|Integer
+|Long
-|The policy ID
+|The session ID
 getTag
 getTimeStamp
@@ Line 2,389: / Line 2,356: @@
 |Timestamp
 |The timestamp
-|}
+|}<section end='ThreatPreventionEvent' />== ThreatPreventionHttpEvent ==
-<section end='CaptivePortalUserEvent' />
+<section begin='ThreatPreventionHttpEvent' />
+These events are created by [[Threat Prevention]] and inserted to the [[Database_Schema#http_events|http_events]] table for each threat lookup.
-== AdBlockerEvent ==
-<section begin='AdBlockerEvent' />
-These events are created by [[Ad Blocker]] and update the [[Database_Schema#http_events|http_events]] table when an ad is blocked.
 {| border="1" cellpadding="2" width="90%" align="center"
@@ Line 2,402: / Line 2,365: @@
 ! Type
 ! Description
-getAction
+getBlocked
+|-
+|blocked
+|Boolean
+|True if blocked, false otherwise
+getCategories
 |-
-|action
+|categories
-|Action
+|Integer
-|The action
+|Server threat categories
 getClass
 |-
@@ Line 2,412: / Line 2,380: @@
 |Class
 |The class name
+getFlagged
+|-
+|flagged
+|Boolean
+|True if flagged, false otherwise
 getPartitionTablePostfix
-getReason
+getReputation
+|-
+|reputation
+|Integer
+|Server threat reputation
+getRequestLine
+|-
+|requestLine
+|RequestLine
+|The request line
+getRuleId
 |-
-|reason
+|ruleId
-|String
+|Integer
-|The reason
+|The rule ID
-getRequestId
+getSessionEvent
 |-
-|requestId
+|sessionEvent
-|Long
+|SessionEvent
-|The request ID
+|The session event
 getTag
 getTimeStamp
@@ Line 2,429: / Line 2,412: @@
 |Timestamp
 |The timestamp
-|}
+|}<section end='ThreatPreventionHttpEvent' />== SpamLogEvent ==
-<section end='AdBlockerEvent' />
+<section begin='SpamLogEvent' />
+These events are created by [[Spam Blocker]] and update the [[Database_Schema#mail_msgs|mail_msgs]] table when an email is scanned.
-== CookieEvent ==
-<section begin='CookieEvent' />
-These events are created by [[Ad Blocker]] and update the [[Database_Schema#http_events|http_events]] table when a cookie is blocked.
 {| border="1" cellpadding="2" width="90%" align="center"
@@ Line 2,442: / Line 2,421: @@
 ! Type
 ! Description
+getAction
+|-
+|action
+|SpamMessageAction
+|The action
 getClass
 |-
@@ Line 2,447: / Line 2,431: @@
 |Class
 |The class name
-getIdentification
+getClientAddr
+|-
+|clientAddr
+|InetAddress
+|The client address
+getClientPort
 |-
-|identification
+|clientPort
-|String
+|int
-|The identification string
+|The client port
-getPartitionTablePostfix
+getMessageId
-getRequestId
 |-
-|requestId
+|messageId
 |Long
-|The request ID
+|The message ID
-getSessionEvent
+getPartitionTablePostfix
+getReceiver
 |-
-|sessionEvent
+|receiver
-|SessionEvent
+|String
-|The session event
+|The receiver
-getTag
+getScore
-getTimeStamp
 |-
-|timeStamp
+|score
-|Timestamp
+|float
-|The timestamp
+|The score
-|}
+getSender
-<section end='CookieEvent' />
-== HttpRequestEvent ==
-<section begin='HttpRequestEvent' />
-These events are created by HTTP subsystem and inserted to the [[Database_Schema#http_events|http_events]] table when a web request happens.
-{| border="1" cellpadding="2" width="90%" align="center"
-! Attribute Name
-! Type
-! Description
-getClass
 |-
-|class
+|sender
-|Class
+|String
-|The class name
+|The sender
-getContentLength
+getServerAddr
 |-
-|contentLength
+|serverAddr
-|long
+|InetAddress
-|The content length
+|The server address
-getDomain
+getServerPort
 |-
-|domain
+|serverPort
-|String
+|int
-|The domain
+|The server port
-getHost
+getSmtpMessageEvent
 |-
-|host
+|smtpMessageEvent
-|String
+|SmtpMessageEvent
-|The host
+|The parent SMTP message event
-getMethod
+isSpam
 |-
-|method
+|isSpam
-|HttpMethod
+|boolean
-|The HTTP method
+|True if spam, false otherwise
-getPartitionTablePostfix
+getSubject
-getReferer
 |-
-|referer
+|subject
 |String
-|The referer
+|The subject
-getRequestId
+getTag
+getTestsString
 |-
-|requestId
+|testsString
-|Long
+|String
-|The request ID
+|The tests string from the spam engine
-getRequestUri
-|-
-|requestUri
-|URI
-|The request URI
-getSessionEvent
-|-
-|sessionEvent
-|SessionEvent
-|The session event
-getTag
 getTimeStamp
 |-
@@ Line 2,534: / Line 2,498: @@
 |Timestamp
 |The timestamp
-|}
+getVendorName
-<section end='HttpRequestEvent' />
+|-
+|vendorName
+|String
+|The application name
+|}<section end='SpamLogEvent' />== SpamSmtpTarpitEvent ==
+<section begin='SpamSmtpTarpitEvent' />
+These events are created by [[Spam Blocker]] and inserted to the [[Database_Schema#smtp_tarpit_events|smtp_tarpit_events]] table when a session is tarpitted.
-== HttpResponseEvent ==
-<section begin='HttpResponseEvent' />
-These events are created by HTTP subsystem and update the [[Database_Schema#http_events|http_events]] table when a web response happens.
 {| border="1" cellpadding="2" width="90%" align="center"
@@ Line 2,547: / Line 2,512: @@
 ! Type
 ! Description
+getIPAddr
+|-
+|IPAddr
+|InetAddress
+|The IP address
 getClass
 |-
@@ Line 2,552: / Line 2,522: @@
 |Class
 |The class name
-getContentFilename
+getHostname
 |-
-|contentFilename
+|hostname
 |String
-|The content filename
+|The hostname
-getContentLength
+getPartitionTablePostfix
+getSessionEvent
 |-
-|contentLength
+|sessionEvent
-|long
+|SessionEvent
-|The content length
+|The session event
-getContentType
+getSessionId
 |-
-|contentType
+|sessionId
-|String
+|Long
-|The content type
+|The session ID
-getHttpRequestEvent
-|-
-|httpRequestEvent
-|HttpRequestEvent
-|The corresponding HTTP request event
-getPartitionTablePostfix
-getRequestLine
-|-
-|requestLine
-|RequestLine
-|The request line
 getTag
 getTimeStamp
@@ Line 2,584: / Line 2,544: @@
 |Timestamp
 |The timestamp
-|}
+getVendorName
-<section end='HttpResponseEvent' />
+|-
+|vendorName
+|String
+|The application name
+|}<section end='SpamSmtpTarpitEvent' />== ConfigurationBackupEvent ==
+<section begin='ConfigurationBackupEvent' />
+These events are created by [[Configuration Backup]] and inserted to the [[Database_Schema#configuratio_backup_events|configuratio_backup_events]] table when a backup occurs.
-== WebCacheEvent ==
-<section begin='WebCacheEvent' />
-These events are created by [[Web Cache]] and inserted to the [[Database_Schema#web_cache_stats|web_cache_stats]] table periodically.
 {| border="1" cellpadding="2" width="90%" align="center"
@@ Line 2,597: / Line 2,558: @@
 ! Type
 ! Description
-getBypassCount
+getClass
-|-
-|bypassCount
-|long
-|The number of bypasses
-getClass
 |-
 |class
 |Class
 |The class name
-getHitBytes
+getDestination
 |-
-|hitBytes
+|destination
-|long
+|String
-|The number of bytes worth of hits
+|The destination
-getHitCount
+getDetail
 |-
-|hitCount
+|detail
-|long
+|String
-|The number of hits
+|The details
-getMissBytes
+getPartitionTablePostfix
+getSuccess
 |-
-|missBytes
+|success
-|long
+|boolean
-|The number of bytes worth of misses
+|True if successful, false otherwise
-getMissCount
+getTag
-|-
+getTimeStamp
-|missCount
-|long
-|The number of misses
-getPartitionTablePostfix
-getPolicyId
-|-
-|policyId
-|Long
-|The policy ID
-getSystemCount
-|-
-|systemCount
-|long
-|The number of system bypasses
-getTag
-getTimeStamp
 |-
 |timeStamp
 |Timestamp
 |The timestamp
-|}
+|}<section end='ConfigurationBackupEvent' />== TunnelStatusEvent ==
-<section end='WebCacheEvent' />
+<section begin='TunnelStatusEvent' />
+These events are created by [[IPsec VPN]] and inserted to the [[Database_Schema#ipsec_tunnel_stats|ipsec_tunnel_stats]] table periodically.
-== TunnelVpnStatusEvent ==
-<section begin='TunnelVpnStatusEvent' />
-These events are created by [[Tunnel VPN]] and inserted to the [[Database_Schema#tunnel_vpn_stats|tunnel_vpn_stats]] table periodically.
 {| border="1" cellpadding="2" width="90%" align="center"
@@ Line 2,684: / Line 2,621: @@
 |String
 |The name of this tunnel
-|}
+|}<section end='TunnelStatusEvent' />== IpsecVpnEvent ==
-<section end='TunnelVpnStatusEvent' />
+<section begin='IpsecVpnEvent' />
+These events are created by [[IPsec VPN]] and inserted to the [[Database_Schema#ipsec_vpn_events|ipsec_vpn_events]] table when IPsec connection event occurs.
-== TunnelVpnEvent ==
-<section begin='TunnelVpnEvent' />
-These events are created by [[Tunnel VPN]] and inserted to the [[Database_Schema#tunnel_vpn_events|tunnel_vpn_events]] table when a tunnel connection event occurs.
 {| border="1" cellpadding="2" width="90%" align="center"
@@ Line 2,705: / Line 2,638: @@
 |-
 |eventType
-|TunnelVpnEvent$EventType
+|IpsecVpnEvent$EventType
 |The event type
 getLocalAddress
 |-
 |localAddress
-|InetAddress
+|String
 |The local host address
 getPartitionTablePostfix
-getServerAddress
+getRemoteAddress
 |-
-|serverAddress
+|remoteAddress
-|InetAddress
+|String
-|The server address
+|The remote host address
 getTag
 getTimeStamp
@@ Line 2,724: / Line 2,657: @@
 |Timestamp
 |The timestamp
-getTunnelName
+getTunnelDescription
 |-
-|tunnelName
+|tunnelDescription
 |String
-|The name of this tunnel
+|Description of tunnel
-|}
+|}<section end='IpsecVpnEvent' />== VirtualUserEvent ==
-<section end='TunnelVpnEvent' />
+<section begin='VirtualUserEvent' />
+These events are created by [[IPsec VPN]] and inserted to the [[Database_Schema#ipsec_user_events|ipsec_user_events]] table when a user event occurs.
-== IntrusionPreventionLogEvent ==
-<section begin='IntrusionPreventionLogEvent' />
-These events are created by [[Intrusion Prevention]] and inserted to the [[Database_Schema#intrusion_prevention_events|intrusion_prevention_events]] table when a rule matches.
 {| border="1" cellpadding="2" width="90%" align="center"
@@ Line 2,742: / Line 2,671: @@
 ! Type
 ! Description
-getBlocked
-|-
-|blocked
-|boolean
-|True if blocked, false otherwise
-getCategory
-|-
-|category
-|String
-|The category
 getClass
 |-
@@ Line 2,757: / Line 2,676: @@
 |Class
 |The class name
-getClassificationId
+getClientAddress
 |-
-|classificationId
+|clientAddress
-|long
+|InetAddress
-|The classification ID
+|The client address
-getClasstype
+getClientProtocol
 |-
-|classtype
+|clientProtocol
 |String
-|The classtype
+|The client protocol
-getDportIcode
+getClientUsername
 |-
-|dportIcode
+|clientUsername
-|int
+|String
-|The dportIcode
+|The client username
+getElapsedTime
+|-
+|elapsedTime
+|String
+|The elapsed time
 getEventId
 |-
 |eventId
-|long
+|Long
 |The event ID
-getEventMicrosecond
+getNetInterface
 |-
-|eventMicrosecond
+|netInterface
-|long
+|String
-|The event microsecond
+|The net interface
-getEventSecond
+getNetProcess
 |-
-|eventSecond
+|netProcess
-|long
+|String
-|The event second
+|The net process
-getEventType
+getNetRXbytes
 |-
-|eventType
+|netRXbytes
-|long
+|Long
-|The event type
+|The number of RX (received) bytes
-getGeneratorId
+getNetTXbytes
 |-
-|generatorId
+|netTXbytes
-|long
+|Long
-|The generator ID
+|The number of TX (transmitted) bytes
-getImpact
+getPartitionTablePostfix
+getTag
+getTimeStamp
 |-
-|impact
+|timeStamp
-|short
+|Timestamp
-|The impact
+|The timestamp
-getImpactFlag
+|}<section end='VirtualUserEvent' />== SslInspectorLogEvent ==
+<section begin='SslInspectorLogEvent' />
+These events are created by [[SSL Inspector]] and update the [[Database_Schema#sessions|sessions]] table when a session is processed by SSL Inspector.
+{| border="1" cellpadding="2" width="90%" align="center"
+! Attribute Name
+! Type
+! Description
+getClass
 |-
-|impactFlag
+|class
-|short
+|Class
-|The impact flag
+|The class name
-getIpDestination
+getDetail
 |-
-|ipDestination
+|detail
-|InetAddress
+|String
-|The IP address destination
+|The details
-getIpSource
+getPartitionTablePostfix
+getRuleId
 |-
-|ipSource
+|ruleId
-|InetAddress
+|Integer
-|The IP address source
+|The rule ID
-getMplsLabel
+getSessionEvent
 |-
-|mplsLabel
+|sessionEvent
-|long
+|SessionEvent
-|The mplsLabel
+|The session event
-getMsg
+getStatus
 |-
-|msg
+|status
 |String
-|The msg
+|The status
-getPadding
+getTag
+getTimeStamp
 |-
-|padding
+|timeStamp
-|int
+|Timestamp
-|The padding
+|The timestamp
-getPartitionTablePostfix
+|}<section end='SslInspectorLogEvent' />== ApplicationControlLiteEvent ==
-getPriorityId
+<section begin='ApplicationControlLiteEvent' />
+These events are created by [[Application Control Lite]] and update the [[Database_Schema#sessions|sessions]] table when application control lite identifies a session.
+{| border="1" cellpadding="2" width="90%" align="center"
+! Attribute Name
+! Type
+! Description
+getBlocked
 |-
-|priorityId
+|blocked
-|long
+|boolean
-|The priority ID
+|True if blocked, false otherwise
+getClass
+|-
+|class
+|Class
+|The class name
+getPartitionTablePostfix
 getProtocol
 |-
 |protocol
-|short
+|String
 |The protocol
-getRid
+getSessionId
 |-
-|rid
+|sessionId
-|String
+|Long
-|Rule ID
+|The session ID
-getSensorId
-|-
-|sensorId
-|long
-|The sensor ID
-getSignatureId
-|-
-|signatureId
-|long
-|The signature ID
-getSignatureRevision
-|-
-|signatureRevision
-|long
-|The signature revision
-getSportItype
-|-
-|sportItype
-|int
-|The sportItype
-getTag
-getTimeStamp
-|-
-|timeStamp
-|Timestamp
-|The timestamp
-getVlanId
-|-
-|vlanId
-|int
-|The VLAN Id
-|}
-<section end='IntrusionPreventionLogEvent' />
-== AlertEvent ==
-<section begin='AlertEvent' />
-These events are created by [[Reports]] and inserted to the [[Database_Schema#alerts|alerts]] table when an alert fires.
-{| border="1" cellpadding="2" width="90%" align="center"
-! Attribute Name
-! Type
-! Description
-getCause
-|-
-|cause
-|LogEvent
-|The cause
-getClass
-|-
-|class
-|Class
-|The class name
-getDescription
-|-
-|description
-|String
-|The description
-getJson
-|-
-|json
-|JSONObject
-|The JSON string
-getPartitionTablePostfix
-getSummaryText
-|-
-|summaryText
-|String
-|The summary text
-getTag
-getTimeStamp
-|-
-|timeStamp
-|Timestamp
-|The timestamp
-|}
-<section end='AlertEvent' />
-== SmtpMessageAddressEvent ==
-<section begin='SmtpMessageAddressEvent' />
-These events are created by SMTP subsystem and inserted to the [[Database_Schema#mail_addrs|mail_addrs]] table for each address on each email.
-{| border="1" cellpadding="2" width="90%" align="center"
-! Attribute Name
-! Type
-! Description
-getAddr
-|-
-|addr
-|String
-|The address
-getClass
-|-
-|class
-|Class
-|The class name
-getKind
-|-
-|kind
-|AddressKind
-|The type for this address (F=From, T=To, C=CC, G=Envelope From, B=Envelope To, X=Unknown)
-getMessageId
-|-
-|messageId
-|Long
-|The message ID
-getPartitionTablePostfix
-getPersonal
-|-
-|personal
-|String
-|personal
-getTag
-getTimeStamp
-|-
-|timeStamp
-|Timestamp
-|The timestamp
-|}
-<section end='SmtpMessageAddressEvent' />
-== SmtpMessageEvent ==
-<section begin='SmtpMessageEvent' />
-These events are created by SMTP subsystem and inserted to the [[Database_Schema#mail_msgs|mail_msgs]] table for each email.
-{| border="1" cellpadding="2" width="90%" align="center"
-! Attribute Name
-! Type
-! Description
-getAddresses
-|-
-|addresses
-|Set
-|The addresses
-getClass
-|-
-|class
-|Class
-|The class name
-getEnvelopeFromAddress
-|-
-|envelopeFromAddress
-|String
-|The envelop FROM address
-getEnvelopeToAddress
-|-
-|envelopeToAddress
-|String
-|The envelope TO address
-getMessageId
-|-
-|messageId
-|Long
-|The message ID
-getPartitionTablePostfix
-getReceiver
-|-
-|receiver
-|String
-|The receiver
-getSender
-|-
-|sender
-|String
-|The sender
-getSessionEvent
-|-
-|sessionEvent
-|SessionEvent
-|The session event
-getSessionId
-|-
-|sessionId
-|Long
-|The session ID
-getSubject
-|-
-|subject
-|String
-|The subject
-getTag
-getTimeStamp
-|-
-|timeStamp
-|Timestamp
-|The timestamp
-getTmpFile
-|-
-|tmpFile
-|File
-|The /tmp file
-|}
-<section end='SmtpMessageEvent' />
-== ApplicationControlLogEvent ==
-<section begin='ApplicationControlLogEvent' />
-These events are created by [[Application Control]] and update the [[Database_Schema#sessions|sessions]] table when application control identifies a session.
-{| border="1" cellpadding="2" width="90%" align="center"
-! Attribute Name
-! Type
-! Description
-getApplication
-|-
-|application
-|String
-|The application
-getBlocked
-|-
-|blocked
-|boolean
-|True if blocked, false otherwise
-getCategory
-|-
-|category
-|String
-|The category
-getClass
-|-
-|class
-|Class
-|The class name
-getConfidence
-|-
-|confidence
-|Integer
-|The confidence (0-100)
-getDetail
-|-
-|detail
-|String
-|The details
-getFlagged
-|-
-|flagged
-|boolean
-|True if flagged, false otherwise
-getPartitionTablePostfix
-getProtochain
-|-
-|protochain
-|String
-|The protochain
-getRuleId
-|-
-|ruleId
-|Integer
-|The rule ID
-getSessionEvent
-|-
-|sessionEvent
-|SessionEvent
-|The session event
-getState
-|-
-|state
-|Integer
-|The state
-getTag
-getTimeStamp
-|-
-|timeStamp
-|Timestamp
-|The timestamp
-|}
-<section end='ApplicationControlLogEvent' />
-== LoginEvent ==
-<section begin='LoginEvent' />
-These events are created by [[Directory Connector]] and inserted to the [[Database_Schema#directory_connector_login_events|directory_connector_login_events]] table for each login.
-{| border="1" cellpadding="2" width="90%" align="center"
-! Attribute Name
-! Type
-! Description
-getClass
-|-
-|class
-|Class
-|The class name
-getClientAddr
-|-
-|clientAddr
-|InetAddress
-|The client address
-getDomain
-|-
-|domain
-|String
-|The domain
-getEvent
-|-
-|event
-|String
-|The event
-getLoginName
-|-
-|loginName
-|String
-|The login name
-getLoginType
-|-
-|loginType
-|String
-|W = Windows login, A=Active Directory, R=RADIUS, T=test
-getPartitionTablePostfix
-getTag
-getTimeStamp
-|-
-|timeStamp
-|Timestamp
-|The timestamp
-|}
-<section end='LoginEvent' />
-== WebFilterEvent ==
-<section begin='WebFilterEvent' />
-These events are created by [[Web Filter]] and update the [[Database_Schema#http_events|http_events]] table when web filter processes a web request.
-{| border="1" cellpadding="2" width="90%" align="center"
-! Attribute Name
-! Type
-! Description
-getAppName
-|-
-|appName
-|String
-|The name of the application
-getBlocked
-|-
-|blocked
-|Boolean
-|True if blocked, false otherwise
-getCategory
-|-
-|category
-|String
-|The category
-getCategoryId
-|-
-|categoryId
-|Integer
-|Numeric value of matching category
-getClass
-|-
-|class
-|Class
-|The class name
-getFlagged
-|-
-|flagged
-|Boolean
-|True if flagged, false otherwise
-getPartitionTablePostfix
-getReason
-|-
-|reason
-|Reason
-|The reason
-getRequestLine
-|-
-|requestLine
-|RequestLine
-|The request line
-getRuleId
-|-
-|ruleId
-|Integer
-|The rule ID
-getSessionEvent
-|-
-|sessionEvent
-|SessionEvent
-|The session event
-getTag
-getTimeStamp
-|-
-|timeStamp
-|Timestamp
-|The timestamp
-|}
-<section end='WebFilterEvent' />
-== WebFilterQueryEvent ==
-<section begin='WebFilterQueryEvent' />
-These events are created by [[Web Filter]] and inserted to the [[Database_Schema#http_query_events|http_query_events]] table when web filter processes a search engine search.
-{| border="1" cellpadding="2" width="90%" align="center"
-! Attribute Name
-! Type
-! Description
-getAppName
-|-
-|appName
-|String
-|The name of the application
-getBlocked
-|-
-|blocked
-|Boolean
-|True if blocked, false otherwise
-getClass
-|-
-|class
-|Class
-|The class name
-getContentLength
-|-
-|contentLength
-|long
-|The content length
-getFlagged
-|-
-|flagged
-|Boolean
-|True if flagged, false otherwise
-getHost
-|-
-|host
-|String
-|The host
-getMethod
-|-
-|method
-|HttpMethod
-|The method
-getPartitionTablePostfix
-getRequestId
-|-
-|requestId
-|Long
-|The request ID
-getRequestUri
-|-
-|requestUri
-|URI
-|The request URI
-getSessionEvent
-|-
-|sessionEvent
-|SessionEvent
-|The session event
-getTag
-getTerm
-|-
-|term
-|String
-|The search term/phrase
-getTimeStamp
-|-
-|timeStamp
-|Timestamp
-|The timestamp
-|}
-<section end='WebFilterQueryEvent' />
-== WanFailoverTestEvent ==
-<section begin='WanFailoverTestEvent' />
-These events are created by [[WAN Failover]] and inserted to the [[Database_Schema#wan_failover_test_events|wan_failover_test_events]] table when a test is run.
-{| border="1" cellpadding="2" width="90%" align="center"
-! Attribute Name
-! Type
-! Description
-getClass
-|-
-|class
-|Class
-|The class name
-getDescription
-|-
-|description
-|String
-|The description
-getInterfaceId
-|-
-|interfaceId
-|int
-|The interface ID
-getName
-|-
-|name
-|String
-|The test name
-getOsName
-|-
-|osName
-|String
-|The O/S interface name
-getPartitionTablePostfix
-getSuccess
-|-
-|success
-|Boolean
-|True if successful, false otherwise
-getTag
-getTimeStamp
-|-
-|timeStamp
-|Timestamp
-|The timestamp
-|}
-<section end='WanFailoverTestEvent' />
-== WanFailoverEvent ==
-<section begin='WanFailoverEvent' />
-These events are created by [[WAN Failover]] and inserted to the [[Database_Schema#wan_failover_action_events|wan_failover_action_events]] table when WAN Failover takes an action.
-{| border="1" cellpadding="2" width="90%" align="center"
-! Attribute Name
-! Type
-! Description
-getAction
-|-
-|action
-|WanFailoverEvent$Action
-|The action
-getClass
-|-
-|class
-|Class
-|The class name
-getInterfaceId
-|-
-|interfaceId
-|int
-|The interface ID
-getName
-|-
-|name
-|String
-|The name
-getOsName
-|-
-|osName
-|String
-|The O/S interface name
-getPartitionTablePostfix
-getTag
-getTimeStamp
-|-
-|timeStamp
-|Timestamp
-|The timestamp
-|}
-<section end='WanFailoverEvent' />
-== CaptureRuleEvent ==
-<section begin='CaptureRuleEvent' />
-These events are created by [[Captive Portal]] and update the [[Database_Schema#sessions|sessions]] table when Captive Portal processes a session.
-{| border="1" cellpadding="2" width="90%" align="center"
-! Attribute Name
-! Type
-! Description
-getCaptured
-|-
-|captured
-|boolean
-|True if captured, false otherwise
-getClass
-|-
-|class
-|Class
-|The class name
-getPartitionTablePostfix
-getRuleId
-|-
-|ruleId
-|Integer
-|The rule ID
-getSessionEvent
-|-
-|sessionEvent
-|SessionEvent
-|The session event
-getTag
-getTimeStamp
-|-
-|timeStamp
-|Timestamp
-|The timestamp
-|}
-<section end='CaptureRuleEvent' />
-== CaptivePortalUserEvent ==
-<section begin='CaptivePortalUserEvent' />
-These events are created by [[Captive Portal]] and inserted to the [[Database_Schema#captive_portal_user_events|captive_portal_user_events]] table when Captive Portal user takes an action.
-{| border="1" cellpadding="2" width="90%" align="center"
-! Attribute Name
-! Type
-! Description
-getAuthenticationType
-|-
-|authenticationType
-|CaptivePortalSettings$AuthenticationType
-|The authentication type
-getAuthenticationTypeValue
-|-
-|authenticationTypeValue
-|String
-|The authentication type as a string
-getClass
-|-
-|class
-|Class
-|The class name
-getClientAddr
-|-
-|clientAddr
-|InetAddress
-|The client address
-getEvent
-|-
-|event
-|CaptivePortalUserEvent$EventType
-|The event (LOGIN, FAILED, TIMEOUT, INACTIVE, USER_LOGOUT, ADMIN_LOGOUT)
-getEventValue
-|-
-|eventValue
-|String
-|The event value as a string (LOGIN, FAILED, TIMEOUT, INACTIVE, USER_LOGOUT, ADMIN_LOGOUT)
-getLoginName
-|-
-|loginName
-|String
-|The login name
-getPartitionTablePostfix
-getPolicyId
-|-
-|policyId
-|Integer
-|The policy ID
-getTag
-getTimeStamp
-|-
-|timeStamp
-|Timestamp
-|The timestamp
-|}
-<section end='CaptivePortalUserEvent' />
-== SpamLogEvent ==
-<section begin='SpamLogEvent' />
-These events are created by [[Spam Blocker]] and update the [[Database_Schema#mail_msgs|mail_msgs]] table when an email is scanned.
-{| border="1" cellpadding="2" width="90%" align="center"
-! Attribute Name
-! Type
-! Description
-getAction
-|-
-|action
-|SpamMessageAction
-|The action
-getClass
-|-
-|class
-|Class
-|The class name
-getClientAddr
-|-
-|clientAddr
-|InetAddress
-|The client address
-getClientPort
-|-
-|clientPort
-|int
-|The client port
-getMessageId
-|-
-|messageId
-|Long
-|The message ID
-getPartitionTablePostfix
-getReceiver
-|-
-|receiver
-|String
-|The receiver
-getScore
-|-
-|score
-|float
-|The score
-getSender
-|-
-|sender
-|String
-|The sender
-getServerAddr
-|-
-|serverAddr
-|InetAddress
-|The server address
-getServerPort
-|-
-|serverPort
-|int
-|The server port
-getSmtpMessageEvent
-|-
-|smtpMessageEvent
-|SmtpMessageEvent
-|The parent SMTP message event
-isSpam
-|-
-|isSpam
-|boolean
-|True if spam, false otherwise
-getSubject
-|-
-|subject
-|String
-|The subject
-getTag
-getTestsString
-|-
-|testsString
-|String
-|The tests string from the spam engine
-getTimeStamp
-|-
-|timeStamp
-|Timestamp
-|The timestamp
-getVendorName
-|-
-|vendorName
-|String
-|The application name
-|}
-<section end='SpamLogEvent' />
-== SpamSmtpTarpitEvent ==
-<section begin='SpamSmtpTarpitEvent' />
-These events are created by [[Spam Blocker]] and inserted to the [[Database_Schema#smtp_tarpit_events|smtp_tarpit_events]] table when a session is tarpitted.
-{| border="1" cellpadding="2" width="90%" align="center"
-! Attribute Name
-! Type
-! Description
-getIPAddr
-|-
-|IPAddr
-|InetAddress
-|The IP address
-getClass
-|-
-|class
-|Class
-|The class name
-getHostname
-|-
-|hostname
-|String
-|The hostname
-getPartitionTablePostfix
-getSessionEvent
-|-
-|sessionEvent
-|SessionEvent
-|The session event
-getSessionId
-|-
-|sessionId
-|Long
-|The session ID
-getTag
-getTimeStamp
-|-
-|timeStamp
-|Timestamp
-|The timestamp
-getVendorName
-|-
-|vendorName
-|String
-|The application name
-|}
-<section end='SpamSmtpTarpitEvent' />
-== ConfigurationBackupEvent ==
-<section begin='ConfigurationBackupEvent' />
-These events are created by [[Configuration Backup]] and inserted to the [[Database_Schema#configuratio_backup_events|configuratio_backup_events]] table when a backup occurs.
-{| border="1" cellpadding="2" width="90%" align="center"
-! Attribute Name
-! Type
-! Description
-getClass
-|-
-|class
-|Class
-|The class name
-getDestination
-|-
-|destination
-|String
-|The destination
-getDetail
-|-
-|detail
-|String
-|The details
-getPartitionTablePostfix
-getSuccess
-|-
-|success
-|boolean
-|True if successful, false otherwise
-getTag
-getTimeStamp
-|-
-|timeStamp
-|Timestamp
-|The timestamp
-|}
-<section end='ConfigurationBackupEvent' />
-== TunnelStatusEvent ==
-<section begin='TunnelStatusEvent' />
-These events are created by [[IPsec VPN]] and inserted to the [[Database_Schema#ipsec_tunnel_stats|ipsec_tunnel_stats]] table periodically.
-{| border="1" cellpadding="2" width="90%" align="center"
-! Attribute Name
-! Type
-! Description
-getClass
-|-
-|class
-|Class
-|The class name
-getInBytes
-|-
-|inBytes
-|long
-|The number of bytes received from this tunnel
-getOutBytes
-|-
-|outBytes
-|long
-|The number of bytes sent in this tunnel
-getPartitionTablePostfix
-getTag
-getTimeStamp
-|-
-|timeStamp
-|Timestamp
-|The timestamp
-getTunnelName
-|-
-|tunnelName
-|String
-|The name of this tunnel
-|}
-<section end='TunnelStatusEvent' />
-== IpsecVpnEvent ==
-<section begin='IpsecVpnEvent' />
-These events are created by [[IPsec VPN]] and inserted to the [[Database_Schema#ipsec_vpn_events|ipsec_vpn_events]] table when IPsec connection event occurs.
-{| border="1" cellpadding="2" width="90%" align="center"
-! Attribute Name
-! Type
-! Description
-getClass
-|-
-|class
-|Class
-|The class name
-getEventType
-|-
-|eventType
-|IpsecVpnEvent$EventType
-|The event type
-getLocalAddress
-|-
-|localAddress
-|String
-|The local host address
-getPartitionTablePostfix
-getRemoteAddress
-|-
-|remoteAddress
-|String
-|The remote host address
-getTag
-getTimeStamp
-|-
-|timeStamp
-|Timestamp
-|The timestamp
-getTunnelDescription
-|-
-|tunnelDescription
-|String
-|Description of tunnel
-|}
-<section end='IpsecVpnEvent' />
-== VirtualUserEvent ==
-<section begin='VirtualUserEvent' />
-These events are created by [[IPsec VPN]] and inserted to the [[Database_Schema#ipsec_user_events|ipsec_user_events]] table when a user event occurs.
-{| border="1" cellpadding="2" width="90%" align="center"
-! Attribute Name
-! Type
-! Description
-getClass
-|-
-|class
-|Class
-|The class name
-getClientAddress
-|-
-|clientAddress
-|InetAddress
-|The client address
-getClientProtocol
-|-
-|clientProtocol
-|String
-|The client protocol
-getClientUsername
-|-
-|clientUsername
-|String
-|The client username
-getElapsedTime
-|-
-|elapsedTime
-|String
-|The elapsed time
-getEventId
-|-
-|eventId
-|Long
-|The event ID
-getNetInterface
-|-
-|netInterface
-|String
-|The net interface
-getNetProcess
-|-
-|netProcess
-|String
-|The net process
-getNetRXbytes
-|-
-|netRXbytes
-|Long
-|The number of RX (received) bytes
-getNetTXbytes
-|-
-|netTXbytes
-|Long
-|The number of TX (transmitted) bytes
-getPartitionTablePostfix
-getTag
-getTimeStamp
-|-
-|timeStamp
-|Timestamp
-|The timestamp
-|}
-<section end='VirtualUserEvent' />
-== SslInspectorLogEvent ==
-<section begin='SslInspectorLogEvent' />
-These events are created by [[SSL Inspector]] and update the [[Database_Schema#sessions|sessions]] table when a session is processed by SSL Inspector.
-{| border="1" cellpadding="2" width="90%" align="center"
-! Attribute Name
-! Type
-! Description
-getClass
-|-
-|class
-|Class
-|The class name
-getDetail
-|-
-|detail
-|String
-|The details
-getPartitionTablePostfix
-getRuleId
-|-
-|ruleId
-|Integer
-|The rule ID
-getSessionEvent
-|-
-|sessionEvent
-|SessionEvent
-|The session event
-getStatus
-|-
-|status
-|String
-|The status
-getTag
-getTimeStamp
-|-
-|timeStamp
-|Timestamp
-|The timestamp
-|}
-<section end='SslInspectorLogEvent' />
-== ApplicationControlLiteEvent ==
-<section begin='ApplicationControlLiteEvent' />
-These events are created by [[Application Control Lite]] and update the [[Database_Schema#sessions|sessions]] table when application control lite identifies a session.
-{| border="1" cellpadding="2" width="90%" align="center"
-! Attribute Name
-! Type
-! Description
-getBlocked
-|-
-|blocked
-|boolean
-|True if blocked, false otherwise
-getClass
-|-
-|class
-|Class
-|The class name
-getPartitionTablePostfix
-getProtocol
-|-
-|protocol
-|String
-|The protocol
-getSessionId
-|-
-|sessionId
-|Long
-|The session ID
-getTag
-getTimeStamp
-|-
-|timeStamp
-|Timestamp
-|The timestamp
-|}
-<section end='ApplicationControlLiteEvent' />
-== HttpRequestEvent ==
-<section begin='HttpRequestEvent' />
-These events are created by HTTP subsystem and inserted to the [[Database_Schema#http_events|http_events]] table when a web request happens.
-{| border="1" cellpadding="2" width="90%" align="center"
-! Attribute Name
-! Type
-! Description
-getClass
-|-
-|class
-|Class
-|The class name
-getContentLength
-|-
-|contentLength
-|long
-|The content length
-getDomain
-|-
-|domain
-|String
-|The domain
-getHost
-|-
-|host
-|String
-|The host
-getMethod
-|-
-|method
-|HttpMethod
-|The HTTP method
-getPartitionTablePostfix
-getReferer
-|-
-|referer
-|String
-|The referer
-getRequestId
-|-
-|requestId
-|Long
-|The request ID
-getRequestUri
-|-
-|requestUri
-|URI
-|The request URI
-getSessionEvent
-|-
-|sessionEvent
-|SessionEvent
-|The session event
-getTag
-getTimeStamp
-|-
-|timeStamp
-|Timestamp
-|The timestamp
-|}
-<section end='HttpRequestEvent' />
-== HttpResponseEvent ==
-<section begin='HttpResponseEvent' />
-These events are created by HTTP subsystem and update the [[Database_Schema#http_events|http_events]] table when a web response happens.
-{| border="1" cellpadding="2" width="90%" align="center"
-! Attribute Name
-! Type
-! Description
-getClass
-|-
-|class
-|Class
-|The class name
-getContentLength
-|-
-|contentLength
-|long
-|The content length
-getContentType
-|-
-|contentType
-|String
-|The content type
-getHttpRequestEvent
-|-
-|httpRequestEvent
-|HttpRequestEvent
-|The corresponding HTTP request event
-getPartitionTablePostfix
-getRequestLine
-|-
-|requestLine
-|RequestLine
-|The request line
-getTag
-getTimeStamp
-|-
-|timeStamp
-|Timestamp
-|The timestamp
-|}
-<section end='HttpResponseEvent' />
-== IntrusionPreventionLogEvent ==
-<section begin='IntrusionPreventionLogEvent' />
-These events are created by [[Intrusion Prevention]] and inserted to the [[Database_Schema#intrusion_prevention_events|intrusion_prevention_events]] table when a rule matches.
-{| border="1" cellpadding="2" width="90%" align="center"
-! Attribute Name
-! Type
-! Description
-getBlocked
-|-
-|blocked
-|short
-|True if blocked, false otherwise
-getCategory
-|-
-|category
-|String
-|The category
-getClass
-|-
-|class
-|Class
-|The class name
-getClassificationId
-|-
-|classificationId
-|long
-|The classification ID
-getClasstype
-|-
-|classtype
-|String
-|The classtype
-getDportIcode
-|-
-|dportIcode
-|int
-|The dportIcode
-getEventId
-|-
-|eventId
-|long
-|The event ID
-getEventMicrosecond
-|-
-|eventMicrosecond
-|long
-|The event microsecond
-getEventSecond
-|-
-|eventSecond
-|long
-|The event second
-getEventType
-|-
-|eventType
-|long
-|The event type
-getGeneratorId
-|-
-|generatorId
-|long
-|The generator ID
-getImpact
-|-
-|impact
-|short
-|The impact
-getImpactFlag
-|-
-|impactFlag
-|short
-|The impact flag
-getIpDestination
-|-
-|ipDestination
-|InetAddress
-|The IP address destination
-getIpSource
-|-
-|ipSource
-|InetAddress
-|The IP address source
-getMplsLabel
-|-
-|mplsLabel
-|long
-|The mplsLabel
-getMsg
-|-
-|msg
-|String
-|The msg
-getPadding
-|-
-|padding
-|int
-|The padding
-getPartitionTablePostfix
-getPriorityId
-|-
-|priorityId
-|long
-|The priority ID
-getProtocol
-|-
-|protocol
-|short
-|The protocol
-getSensorId
-|-
-|sensorId
-|long
-|The sensor ID
-getSignatureId
-|-
-|signatureId
-|long
-|The signature ID
-getSignatureRevision
-|-
-|signatureRevision
-|long
-|The signature revision
-getSportItype
-|-
-|sportItype
-|int
-|The sportItype
 getTag
 getTimeStamp
@@ Line 4,184: / Line 2,805: @@
 |Timestamp
 |The timestamp
-getVlanId
+|}<section end='ApplicationControlLiteEvent' />}
-|-
-|vlanId
-|int
-|The VLAN Id
-|}
-<section end='IntrusionPreventionLogEvent' />