Column | Example | Description |
date | date=2014-12-02 | Log date. |
time | time=10:27:01 | Log time. |
log_id | log_id=0200004230 | Log ID. |
type | type=attack | Log type: attack. |
subtype | subtype=ip_reputation | Log subtype: ip_reputation. |
pri | pri=warning | Log level. |
vd | vd=root | Virtual domain. |
msg_id | msg_id=13065998 | Message ID. |
count | count=1 | For IP reputation, count=1. |
severity | severity=high | Rule severity. |
proto | proto=0 | Protocol. |
service | service=http | Service. |
src | src=173.177.99.94 | Source IP address. |
src_port | src_port=49301 | Source port. |
dst | dst=10.61.2.100 | Destination IP address. |
dst_port | dst_port=80 | Destination port. |
policy | policy=vs1 | Virtual server name. |
action | action=deny | Policy action. |
srccountry | srccountry | Location of the source IP address. |
dstcountry | dstcountry | Location of the destination IP address. |
msg | msg= | Security rule name, category, subcategory, and description of the attack. |
Column | Example | Description |
date | date=2014-12-02 | Log date. |
time | time=10:27:01 | Log time. |
log_id | log_id=0200004230 | Log ID. |
type | type=attack | Log type: attack. |
subtype | subtype=synflood | Log subtype: synflood. |
pri | pri=warning | Log level. |
vd | vd=root | Virtual domain. |
msg_id | msg_id=13065998 | Message ID. |
count | count=1 | For DoS, number of timeouts sent per destination. |
severity | severity=high | Always “high” for DoS. |
proto | proto=0 | Protocol. |
service | service=http | Service. |
src | src=173.177.99.94 | Source IP address. |
src_port | src_port=49301 | Source port. |
dst | dst=10.61.2.100 | Destination IP address. |
dst_port | dst_port=80 | Destination port. |
policy | policy=unknown | For DoS, policy=unknown. |
action | action=deny | Policy action. |
srccountry | srccountry=Reserved | Location of the source IP address. |
dstcountry | dstcountry=Reserved | Location of the destination IP address. |
msg | msg= | Security rule name, category, subcategory, and description of the attack. |
Column | Example | Description |
date | date=2015-07-22 | Log date. |
time | time=10:27:01 | Log time. |
log_id | log_id=0202008074 | Log ID. |
type | type=attack | Log type: attack. |
subtype | subtype=waf | Log subtype: waf. |
pri | pri=alert | Log level. |
vd | vd=root | Virtual domain. |
msg_id | msg_id=1512 | Message ID. |
count | count=1 | Rule match count. |
severity | severity=low | Rule severity. |
proto | proto=6 | Protocol. |
service | service=http | Service. |
src | src=1.1.1.1 | Source IP address. |
src_port | src_port=34352 | Source port. |
dst | dst=2.2.2.2 | Destination IP address. |
dst_port | dst_port=80 | Destination port. |
policy | policy=vs1 | Virtual server name. |
action | action=pass | Policy action. |
sigid | sigid=1 | Attack signature ID. |
subcat | subcat=waf_subtype | WAF module: waf_web_attack_signature, waf_url_access, waf_http_protocol_cont and waf_sql_xss_injection_detect. |
http_host | http_host=192.168.1.140:8080 | HTTP Host header in HTTP request. Maximum length is 64. Longer URIs are truncated and appended with .... |
http_url | http_url=/bigdata | URI in HTTP request. Maximum length is 128. Longer URIs are truncated and appended with .... |
pkt_hdr | pkt_hdr=header | Contents of the packet header that matched the attack signature. |
srccountry | srccountry=Australia | Location of the source IP address. |
dstcountry | dstcountry=France | Location of the destination IP address. |
msg | msg="Find Attack ID: 1010010001 NAME: "HTTP Method Violation" CATEGORY: "HTTP Protocol Constraint" SUB_CATEGORY: "Request Method Rule"" | Security rule name, category, subcategory, and description of the attack. |
Column | Example | Description |
date | date=2014-12-02 | Log date. |
time | time=10:27:01 | Log time. |
log_id | log_id=0200004230 | Log ID. |
type | type=attack | Log type: attack. |
subtype | subtype=geo | Log subtype: geo. |
pri | pri=warning | Log level. |
vd | vd=root | Virtual domain. |
msg_id | msg_id=13065998 | Message ID. |
count | count=1 | Rule match count. |
severity | severity=high | Rule severity. |
proto | proto=0 | Protocol. |
service | service=http | Service. |
src | src=173.177.99.94 | Source IP address. |
src_port | src_port=49301 | Source port. |
dst | dst=10.61.2.100 | Destination IP address. |
dst_port | dst_port=80 | Destination port. |
policy | policy=vs1 | Virtual server name. |
action | action=deny | Policy action. |
srccountry | srccountry | Location of the source IP address. |
dstcountry | dstcountry | Location of the destination IP address. |
msg | msg= | Security rule name, category, subcategory, and description of the attack. |