Contenido fichero /data/config/analyzer/policy/0/log_names.txt en Stonegate IPS

Esta entrada enlaza con esta otra.

IPS Versión 2.0:


LN_AGENT_ID
1290 int32 Inspection agent identifier 1.x\Diagnostics


LN_AVG_AVG
1470 double TBD 1.x\Common


LN_AVG_CNT
1471 int64 TBD 1.x\Common


LN_AVG_MAX
1469 double TBD 1.x\Common


LN_AVG_MIN
1468 double TBD 1.x\Common


LN_AVG_STRUCT
1061 void (Marker showing that this struct contains minimum, maximum, average, and number of samples) 1.x\System


LN_BLACKLIST_DURATION
1052 int32 Duration of blacklisting in seconds. Blacklist response


LN_BYTES
1018 int64 Number of bytes 1.x\Structure fields


LN_BYTES_CHECKED
1019 int64 Number of inspected bytes 1.x\Structure fields


LN_BYTES_MISSED
1020 int64 Number of missed bytes 1.x\Structure fields


LN_CLIENT_PORT
1050 int32 Blacklisted Endpoint1 port (empty = all ports). Blacklist response


LN_CLIENT_PORT_RANGE
1051 int32 Blacklisted Endpoint1 port range. Blacklist response


LN_COMP_ID
3 int32 The identifier of the creator of the log entry. Sender


LN_CONN_DIRECTION
310 int32 Connection direction


LN_CONN_STATUS
309 int32 Connection status


LN_CONN_TYPE
308 int32 Connection type


LN_COUNT
1021 int32 Count 1.x\Structure fields


LN_DHCP_LEASE_EXPIRES
528 ntpstamp DHCP_LEASE_EXPIRES


LN_DHCP_LEASE_GW
529 ipv4 DHCP_LEASE_GW


LN_DHCP_LEASE_IP
530 ipv4 DHCP_LEASE_IP


LN_DHCP_LEASE_NETMASK
531 int32 DHCP_LEASE_NETMASK


LN_DHCP_LEASE_RECEIVED
532 ntpstamp DHCP_LEASE_RECEIVED


LN_END_POINT
504 int32 END_POINT


LN_ETH_LENGTH_AVG
1462 double TBD 1.x\Ethernet\Protocol analysis


LN_ETH_LENGTH_CNT
1463 int64 TBD 1.x\Ethernet\Protocol analysis


LN_ETH_LENGTH_MAX
1461 double TBD 1.x\Ethernet\Protocol analysis


LN_ETH_LENGTH_MIN
1460 double TBD 1.x\Ethernet\Protocol analysis


LN_ETH_TYPE
1082 int32 Type field in Ethernet frame Ethernet\Frame


LN_EVENT_REF_CNT
1293 int32 Number of references to shared objects 1.x\Diagnostics


LN_FIELD_ID
1402 int32 Log field identifier Diagnostics


LN_FIELD_UPDATABLE
1403 bool Log field is content is updateable Diagnostics


LN_FIREWALL_ID
1042 int32 The ID number of firewall node for which the blacklist request is assigned (this must match to the firewall id given blacklist analyzer module). Blacklist response


LN_FPS_MATCHED
1206 int64 Number of fingerprints matched 1.x\Statistics\TCP fingerprinting


LN_FRAMES
1017 int32 Number of frames 1.x\Structure fields


LN_FW_ACCEPTED_BYTES
326 int64 FW_ACCEPTED_BYTES


LN_FW_ACCEPTED_PACKETS
327 int64 FW_ACCEPTED_PACKETS


LN_FW_ACCOUNTED_BYTES
336 int64 FW_ACCOUNTED_BYTES


LN_FW_ACCOUNTED_PACKETS
337 int64 FW_ACCOUNTED_PACKETS


LN_FW_DECRYPTED_BYTES
332 int64 FW_DECRYPTED_BYTES


LN_FW_DECRYPTED_PACKETS
333 int64 FW_DECRYPTED_PACKETS


LN_FW_DROPPED_BYTES
328 int64 FW_DROPPED_BYTES


LN_FW_DROPPED_PACKETS
329 int64 FW_DROPPED_PACKETS


LN_FW_ENCRYPTED_BYTES
330 int64 FW_ENCRYPTED_BYTES


LN_FW_ENCRYPTED_PACKETS
331 int64 FW_ENCRYPTED_PACKETS


LN_FW_NATTED_BYTES
334 int64 FW_NATTED_BYTES


LN_FW_NATTED_PACKETS
335 int64 FW_NATTED_PACKETS


LN_FW_RECEIVED_BYTES
322 int64 FW_RECEIVED_BYTES


LN_FW_RECEIVED_PACKETS
323 int64 FW_RECEIVED_PACKETS


LN_FW_SENT_BYTES
324 int64 FW_SENT_BYTES


LN_FW_SENT_PACKETS
325 int64 FW_SENT_PACKETS


LN_ICMP_FIELD_CODE
1371 int32 ICMP code field value 1.x\ICMP\Protocol analysis


LN_ICMP_FIELD_TYPE
1370 int32 ICMP type field value 1.x\ICMP\Protocol analysis


LN_INFO_MSG
19 string Information Message Situation


LN_INTERFACE
35 int32 Interface


LN_IP_CLIENT_ADDR
1045 ipv4 Blacklisted IP addresses for Endpoint1. Blacklist response


LN_IP_CLIENT_MASK
1046 int32 Netmask for blacklisted Endpoint1 IP address (32 = host address). Blacklist response


LN_IP_DATAGRAM_BYTES
1115 int64 Number of bytes in IPv4 datagrams 1.x\IP\Protocol analysis


LN_IP_DATAGRAM_COUNT
1114 int32 Number of IPv4 datagrams 1.x\IP\Protocol analysis


LN_IP_DATAGRAM_LENGTH
1137 int32 IPv4 datagram length IP\Protocol analysis


LN_IP_DATA_LENGTH
1113 int32 Length of IP data payload (not header) 1.x\IP\Protocol analysis


LN_IP_DEST
1352 ipv4 Destination IPv4 field in packet header IP\Packet


LN_IP_FRAGMENT_SIZE_AVG
1122 double The average fragment size of received ip datagramsx 1.x\IP\Protocol analysis


LN_IP_FRAGMENT_SIZE_CNT
1123 int32 The number of received fragmented ip datagrams 1.x\IP\Protocol analysis


LN_IP_FRAGMENT_SIZE_MAX
1121 int32 The maximum fragment size of received ip datagrams 1.x\IP\Protocol analysis


LN_IP_FRAGMENT_SIZE_MIN
1120 int32 The minimum fragment size of received ip datagrams 1.x\IP\Protocol analysis


LN_IP_FRAG_DIFFERENT_BYTES
1438 int32 Total number of differing bytes IP\Protocol analysis


LN_IP_FRAG_DIFFERENT_BYTES_FIRST
1439 int32 Index of the first differing byte IP\Protocol analysis


LN_IP_FRAG_DIFFERENT_BYTES_LAST
1440 int32 Index of the last differing byte IP\Protocol analysis


LN_IP_FRAG_DIFFERENT_NEW_FIRST
1442 int32 New value for the first differing byte IP\Protocol analysis


LN_IP_FRAG_DIFFERENT_NEW_LAST
1444 int32 New value for the last differing byte IP\Protocol analysis


LN_IP_FRAG_DIFFERENT_OLD_FIRST
1441 int32 Original value for the first differing byte IP\Protocol analysis


LN_IP_FRAG_DIFFERENT_OLD_LAST
1443 int32 Original value for last differing byte IP\Protocol analysis


LN_IP_PROTO
1047 int32 IP protocol number in packet header 1.x\IP\Packet


LN_IP_SERVER_ADDR
1043 ipv4 Blacklisted IP addresses for Endpoint2. Blacklist response


LN_IP_SERVER_MASK
1044 int32 Netmask for blacklisted Endpoint2 IP address (32 = host address). Blacklist response


LN_IP_SOURCE
1351 ipv4 Source IPv4 field in packet header IP\Packet


LN_IP_TTL_AVG
1118 double The average time to live of received ip datagrams 1.x\IP\Protocol analysis


LN_IP_TTL_CNT
1119 int32 The number of received ip datagrams 1.x\IP\Protocol analysis


LN_IP_TTL_MAX
1117 int32 The maximum time to live value of received ip datagrams 1.x\IP\Protocol analysis


LN_IP_TTL_MIN
1116 int32 The minimum time to live value of received ip datagrams 1.x\IP\Protocol analysis


LN_LENGTH
1467 int32 TDB 1.x\Common


LN_MEMORY_USAGE
1292 int32 Used amount of memory 1.x\Diagnostics


LN_MODPAR_BOOL
1320 bool Boolean value agent parameter. 1.x\Configuration


LN_MODPAR_DFA_ID
1323 int32 Fingerprint identifier agent parameter. 1.x\Configuration


LN_MODPAR_DOUBLE
1322 double Floating point value agent parameter. 1.x\Configuration


LN_MODPAR_FIELD_ID
1546 int32 Correlation log field identifier agent parameter. 1.x\Configuration


LN_MODPAR_ID
1318 int32 Identifier of agent parameter. 1.x\Configuration


LN_MODPAR_INT
1319 int32 Integer value agent parameter. 1.x\Configuration


LN_MODPAR_IPV4
1324 ipv4 IP address agent parameter. 1.x\Configuration


LN_MODPAR_SITUATION
1325 int32 Situation identifier agent parameter. 1.x\Configuration


LN_MODPAR_STRING
1321 string String value agent parameter. 1.x\Configuration


LN_MODULE_ID
1291 int32 Module identifier 1.x\Diagnostics


LN_NAT_BALANCE_ID
393 int32 NAT_BALANCE_ID


LN_NAT_MAP_ID
394 int32 NAT_MAP_ID


LN_NUM_LOG_EVENTS
363 int64 Number of log events


LN_PASSED_BYTES
388 int64 PASSED_BYTES


LN_PEER_COMPONENT_ID
307 int32 Peer component id


LN_PEER_END_POINT
506 int32 PEER_END_POINT


LN_PEER_SECURITY_GATEWAY
505 int32 PEER_SECURITY_GATEWAY


LN_PHASE1_FAIL
511 int64 IKE_PHASE1_FAIL


LN_PHASE1_SUCC
510 int64 IKE_PHASE1_SUCC


LN_PHASE2_FAIL
513 int64 IKE_PHASE2_FAIL


LN_PHASE2_SUCC
512 int64 IKE_PHASE2_SUCC


LN_PORT_DEST
1354 int32 TCP or UDP destination port in packet header IP\Packet


LN_PORT_SOURCE
1353 int32 TCP or UDP source port in packet header IP\Packet


LN_PORT_TCP_CLIENT
1357 int32 Port number of the client in a TCP connection 1.x\TCP\Connection


LN_PORT_TCP_SERVER
1358 int32 Port number of the server in a TCP connection 1.x\TCP\Connection


LN_PROBE_FAIL
500 int32 PROBE_FAIL


LN_PROBE_OK
399 int32 PROBE_OK


LN_PROTOCOL
11 int32 IP protocol Packet\Filtering


LN_REF_COMP_ID
1026 int32 The sender id of the referred event Structure fields


LN_REF_CREATION_TIME
1563 ntpstamp The event timestamp of the referred event Structure fields


LN_REF_EVENT_ID
1027 int64 The event id of the referred event Structure fields


LN_SCRIPT_PARAMS
1039 string The parameters for the script in script response. 1.x\Script response


LN_SCRIPT_PATH
1038 string The path of the script to be executed in script response. 1.x\Script response


LN_SELECTED_CACHE
396 int32 SELECTED_CACHE


LN_SELECTED_RTT
395 int32 SELECTED_RTT


LN_SENDER_BUILD
1448 int32 Build number Configuration


LN_SENDER_MODULE_MAJOR
1314 int32 Module major version Configuration


LN_SENDER_MODULE_MINOR
1315 int32 Module minor version Configuration


LN_SENDER_MODULE_PL
1316 int32 Module patchlevel Configuration


LN_SENSOR_INSPECTED_BYTES
357 int64 Bytes inspected by sensor


LN_SENSOR_INSPECTED_PACKETS
358 int64 Packets inspected by sensor


LN_SENSOR_LOST_BYTES
359 int64 Bytes lost in sensor


LN_SENSOR_LOST_PACKETS
360 int64 Packets lost in sensor


LN_SENSOR_PROCESSED_BYTES
355 int64 Bytes processed by sensor


LN_SENSOR_PROCESSED_PACKETS
356 int64 Packets processed by sensor


LN_SENSOR_RECEIVED_BYTES
338 int64 Bytes received by sensor


LN_SENSOR_RECEIVED_PACKETS
339 int64 Packets received by sensor


LN_SERVER_PORT
1048 int32 Blacklisted Endpoint2 port (empty = all ports). Blacklist response


LN_SERVER_PORT_RANGE
1049 int32 Blacklisted Endpoint2 port range. Blacklist response


LN_SHAPING_CLASS
386 int32 SHAPING_CLASS


LN_SHAPING_GUARANTEE
389 int64 SHAPING_GUARANTEE


LN_SHAPING_LIMIT
390 int64 SHAPING_LIMIT


LN_SHAPING_PRIORITY
391 int32 SHAPING_PRIORITY


LN_SMTP_MAIL_AVG_SIZE
1221 double The average e-mail message size seen 1.x\SMTP\Protocol analysis


LN_SMTP_MAIL_CNT
1222 int64 The number of e-mail messages seen 1.x\SMTP\Protocol analysis


LN_SMTP_MAIL_MAX_SIZE
1220 double The largest e-mail message size seen 1.x\SMTP\Protocol analysis


LN_SMTP_MAIL_MIN_SIZE
1219 double The smallest e-mail message size seen 1.x\SMTP\Protocol analysis


LN_SRC_ADDRESS
398 ipv4 SRC_ADDRESS


LN_TCP_BYTE_CNT
1153 int64 Number of payload bytes 1.x\TCP\Protocol analysis


LN_TCP_BYTE_CNT_FRAGMENTED
1154 int64 Number of payload bytes in fragmented segments 1.x\TCP\Protocol analysis


LN_TCP_FLAG_VALUE
1187 int32 Value of the flag field in TCP header 1.x\TCP\Protocol analysis


LN_TCP_MISSING_SEG_CNT
1157 int32 Number of delivered missing segment marks 1.x\TCP\Protocol analysis


LN_TCP_OPTION_KIND
1191 int32 Option kind TCP\Protocol analysis


LN_TCP_SEG_CNT
1149 int32 Number of segments 1.x\TCP\Protocol analysis


LN_TCP_SEG_CNT_FRAGMENTED
1152 int32 Number of fragmented segments 1.x\TCP\Protocol analysis


LN_TEST_INT32
1237 int32 32-bit test integer. Testing


LN_TOTAL_BYTES
387 int64 TOTAL_BYTES


LN_UNRESOLVED_FIELD
1547 int32 Blacklist Response field for which value resolving failed. Blacklist response


LN_VPN_BYTES_RECEIVED
509 int64 VPN_BYTES_RECEIVED


LN_VPN_BYTES_SENT
508 int64 VPN_BYTES_SENT


LN_ACTION
14 int32 Connection action


LN_AGENT_MEMUSAGE
1296 map( LN_AGENT_ID; LN_MEMORY_USAGE, LN_EVENT_REF_CNT) Memory usage of each agent 1.x\Diagnostics


LN_ALERT
25 int32 Type of alert Alert


LN_ALERT_SEVERITY
602 int32 Severity of an alert Situation


LN_ANALYZER_CONFIG_UPDATE
1583 opaque This is an internal log field. The value contains an update to analyzer configuration.


LN_BALANCING_PROBING
397 map( LN_SRC_ADDRESS; LN_PROBE_OK, LN_PROBE_FAIL ) BALANCING_PROBING


LN_BALANCING_SELECTION
392 map( LN_NAT_BALANCE_ID, LN_NAT_MAP_ID; LN_SELECTED_RTT, LN_SELECTED_CACHE ) BALANCING_SELECTION


LN_BLACKLIST_RESPONSE
1053 struct(LN_FIREWALL_ID,LN_IP_SERVER_ADDR,LN_IP_SERVER_MASK,LN_IP_CLIENT_ADDR,LN_IP_CLIENT_MASK,LN_PROTOCOL,LN_SERVER_PORT,LN_SERVER_PORT_RANGE,LN_CLIENT_PORT,LN_CLIENT_PORT_RANGE,LN_BLACKLIST_DURATION,LN_UNRESOLVED_FIELD) Firewall blacklist response Blacklist response


LN_BLOCKED_RECEIVE
1299 bool Receive was blocked temporarily due to low free memory 1.x\Diagnostics


LN_CLUSTER_ID
1554 int32 The identifier of the cluster of the creator of the log entry. Sender


LN_CONFIG_ID
1447 int32 Configuration identifier related to this situation. 1.x\Situation


LN_CONNECTION_ANALYSIS_END
1450 void Application module could not continue analysing traffic stream after this event. Situation


LN_CONNECTIVITY
306 struct(LN_PEER_COMPONENT_ID,LN_CONN_TYPE,LN_CONN_STATUS,LN_CONN_DIRECTION,LN_INFO_MSG) Connectivity


LN_CONN_STAT
1059 void Marker showing that the event record contains the statistics of a connection. 1.x\Situation


LN_CORE_EVENT_REF_CNT
1295 int32 Number of references to shared objects in analyzer core 1.x\Diagnostics


LN_CORE_MEMORY_USAGE
1294 int32 Used amount of memory in analyzer core 1.x\Diagnostics


LN_CORRELATE_EVENT_FIELDS_FOR_MATCHING
1481 int32 Event fields for matching similar events


LN_CORRELATE_EVENT_LIMIT_IN_TIME_WINDOW
1482 int32 Event limit in time window


LN_CORRELATE_EVENT_MATCHING_CRITERIA
1483 int32 Criteria for matching the event fields for counting similar events


LN_CORRELATE_ONLY
1568 bool This is an internal log field. The value is TRUE if the event should not be forwarded to log server, but instead only be used for correlation purposes.


LN_CORRELATE_SID
1567 int32 This is an internal log field. The field contains the identifier of a correlation situation that has ordered this event.


LN_CORRELATE_TIME_SLOTS_IN_TIME_WINDOW
1484 int32 Events are counted for each slot and then summed for the sliding time window


LN_CORRELATE_TIME_WINDOW
1485 int32 A time window in seconds for counting the matched events


LN_CORRELATION_COMP_ID
1584 int32 This log field is used to indicate the policy which is used to decide a response after successful correlation. Usually the value of this field is the same as "Component ID", and the field is omitted. Sender


LN_CORR_EXTRA_PAYLOAD
1587 int32 This is an internal log field. The value contains a log field id that is present in the log record only for correlation purposes and should be stripped before storing the event in the log server database.


LN_DATA_CALL_STATS
1475 struct(LN_AVG_STRUCT,LN_AVG_MIN,LN_AVG_MAX,LN_AVG_AVG,LN_AVG_CNT) TBD 1.x\Statistics\TCP fingerprinting


LN_DETECT_TIME
1280 ntpstamp Time of detecting the situation. 1.x\Time


LN_DHCP_LEASES
527 struct( LN_INTERFACE, LN_DHCP_LEASE_IP, LN_DHCP_LEASE_NETMASK, LN_DHCP_LEASE_GW, LN_DHCP_LEASE_RECEIVED, LN_DHCP_LEASE_EXPIRES ) DHCP_LEASES


LN_DIX_FRAMESBYTES
1454 struct(LN_FRAMES,LN_BYTES) TBD (DIX_FRAMESBYTES) 1.x\Statistics\Ethernet


LN_DIX_TYPES
1457 map( LN_ETH_TYPE; LN_FRAMES, LN_BYTES ) Map describing how many frames and bytes of each Ethernet type in Ethernet (DIX or IEEE) frames 1.x\Statistics\Ethernet


LN_DNS_CLASS
1428 string DNS RR class DNS\Protocol analysis


LN_DNS_HDR_ANCOUNT
1420 int32 DNS answers count DNS\Protocol analysis


LN_DNS_HDR_ARCOUNT
1422 int32 DNS additional section count DNS\Protocol analysis


LN_DNS_HDR_FLAG_TC
1415 bool DNS header flag TC DNS\Protocol analysis


LN_DNS_HDR_ID
1411 int32 DNS message ID DNS\Protocol analysis


LN_DNS_HDR_IS_REQUEST
1412 bool DNS message is request DNS\Protocol analysis


LN_DNS_HDR_NSCOUNT
1421 int32 DNS authority section count DNS\Protocol analysis


LN_DNS_HDR_OPCODE
1413 string DNS operation DNS\Protocol analysis


LN_DNS_HDR_QDCOUNT
1419 int32 DNS questions count DNS\Protocol analysis


LN_DNS_HDR_RCODE
1418 string DNS return code DNS\Protocol analysis


LN_DNS_NAME_LENGTH
1435 int32 DNS name length DNS\Protocol analysis


LN_DNS_OFFSET
1432 int32 DNS message offset where the situation occurs DNS\Protocol analysis


LN_DNS_POINTER
1431 int32 DNS name pointer DNS\Protocol analysis


LN_DNS_QCLASS
1425 string DNS query class DNS\Protocol analysis


LN_DNS_QNAME
1423 string DNS query name (first) DNS\Protocol analysis


LN_DNS_QTYPE
1424 string DNS query type DNS\Protocol analysis


LN_DNS_SECTION
1426 string DNS section DNS\Protocol analysis


LN_DNS_TYPE
1427 string DNS RR type DNS\Protocol analysis


LN_DNS_UDP_PAYLOAD
1433 int32 UDP payload size DNS\Protocol analysis


LN_DNS_UDP_PAYLOAD_BY_OPT
1434 int32 UDP payload advertized by DNS OPT record DNS\Protocol analysis


LN_DPORT
10 int32 Packet destination protocol port Packet\Filtering


LN_DROP
1557 void Drop response was applied.


LN_DROPPED_DGRAM_CNT
1302 int32 Number of dropped datagrams


LN_DROP_CONNECTION
1561 void Drop Response dropped a connection.


LN_DROP_DATAGRAM
1560 void Drop Response dropped a datagram.


LN_DROP_FAILED
1558 void Drop Response could not be applied.


LN_DROP_FRAME
1559 void Drop Response dropped a frame.


LN_DROP_SESSION
1562 void Drop Response dropped a session.


LN_DST
8 ipv4 Packet destination IP address Packet\Filtering


LN_DST_IP_RANGE
526 ipv4 DST_IP_RANGE


LN_ERROR_CNT
1007 int32 Number of errors 1.x\Diagnostics


LN_ERROR_ID
1480 int32 Error identifier Diagnostics


LN_ERROR_MSG
1002 string Error message for debugging and testing 1.x\Diagnostics


LN_ETH_FRAMESBYTES
1456 struct(LN_FRAMES,LN_BYTES) TBD (DIX_FRAMESBYTES) 1.x\Ethernet\Protocol analysis


LN_ETH_FRAME_LENGTH
1089 int32 Ethernet frame length Ethernet\Protocol analysis


LN_ETH_LENGTH_DIST
1464 map(LN_LENGTH;LN_COUNT) TBD 1.x\Ethernet\Protocol analysis


LN_ETH_LENGTH_STATS
1459 struct(LN_AVG_STRUCT,LN_ETH_LENGTH_MIN,LN_ETH_LENGTH_MAX,LN_ETH_LENGTH_AVG,LN_ETH_LENGTH_CNT) TBD (ETH_LENGTH_STATS) 1.x\Ethernet\Protocol analysis


LN_ETH_MIN_FRAME_LENGTH
1090 int32 Minimum ethernet frame length Ethernet\Protocol analysis


LN_ETH_TYPES
1091 map( LN_ETH_TYPE; LN_FRAMES, LN_BYTES ) Map describing how many frames and bytes of each Ethernet type in Ethernet (DIX or IEEE) frames 1.x\Ethernet\Protocol analysis


LN_EVENT_COUNT
1077 int32 Number of events in time frame Situation


LN_EVENT_ID
1030 int64 Event id, unique within one sender Situation


LN_EVENT_UPDATE
1401 int64 Event id for which this event is update Diagnostics


LN_EXCERPT
1016 opaque Recording of application level data stream of the attack. Traffic record\Excerpt


LN_EXCERPT_POS
1348 int32 Position within the attached short recording Traffic record\Excerpt


LN_FACILITY
22 int32 Engine subsystem


LN_FAILED_ALLOC_CNT
1300 int32 Number of failed memory allocation attempts 1.x\Diagnostics


LN_FAILED_RESP_CNT
1301 int32 Number of failed response attempts 1.x\Diagnostics


LN_FBACTION
10015 int32 Identifies an action to be performed to a running command Common


LN_FBCHANNEL
10003 int64 Command channel of Field buffer coded command Common


LN_FBCOMMAND
10002 int32 Field buffer coded command Common


LN_FBDATA
10008 string Block of sginfo data Common


LN_FBDESCRIPTIVENAME
10004 string Description of FBCOMMAND Common


LN_FBENABLED
10011 bool Enable/disable sshd Common


LN_FBENCRYPTED
10006 void Allow policy to be encrypted in sginfo Common


LN_FBERRNO
10013 int32 Error number of failed command Common


LN_FBMESSAGE
10014 string Error message of failed command Common


LN_FBNEWPASSWORD
10012 string New password Common


LN_FBOTP
10016 string Fb new management contact Common


LN_FBPROGRESS_CURRENT
10009 int64 Current progress Common


LN_FBPROGRESS_MAX
10010 int64 Total progress Common


LN_FBREPLY
10007 int32 Field buffer coded reply Common


LN_FBTRANSFER_INCLUDE_CORE_FILES
10005 void Include core files with sginfo Common


LN_FIELDS_UPDATABLE
1404 map( LN_FIELD_ID; LN_FIELD_UPDATABLE) Map of updateable logfields Diagnostics


LN_FORWARD_RULE_TAG
1365 int32 The tag of the last matching rule when forwarding the traffic to the agent that made this log record 1.x\Situation


LN_FP_SITUATION
1004 int32 The situation identifier of a matching fingerprint. 1.x\Situation


LN_FTP_ACCOUNT_LEN
1329 int32 FTP account length FTP\Protocol analysis


LN_FTP_ADAT_ARG_LEN
1336 int32 FTP ADAT argument length FTP\Protocol analysis


LN_FTP_ALLOCATE_SIZE
1330 int32 FTP allocate size FTP\Protocol analysis


LN_FTP_ARG_LEN
1345 int32 FTP argument length FTP\Protocol analysis


LN_FTP_AUTH_ARG_LEN
1335 int32 FTP AUTH argument length FTP\Protocol analysis


LN_FTP_CLIENT_STATE_NAME
1282 string FTP module client state FTP\Protocol analysis


LN_FTP_CLNT_ARG_LEN
1346 int32 FTP CLNT argument length FTP\Protocol analysis


LN_FTP_CMD_BOUND_TYPE
1275 int32 Command bound violation type (0=none, 1=too long pathname, 2=too long username, 3=too long ACCT information, 4=too large ALLO size, 5=too long SITE parameter, 6=too long HELP parameter, 7=too long marker (REST), 8=too large protection buffer size (PBSZ), 9=too long AUTH parameter, 10=too long ADAT parameter, 11=too long MIC parameter, 12=too long CONF parameter, 13=too long ENC parameter, 14=too long LANG parameter, 15=too long EPRT parameter, 16=too long OPTS parameter, 17=too long LPRT parameter, 18=too long password, 19=too long fixed-length command, 20=too long CLNT parameter, 21=too long ESTP parameter) 1.x\FTP\Protocol analysis


LN_FTP_CMD_LEN
1273 int32 The length of the too long FTP command 1.x\FTP\Protocol analysis


LN_FTP_CMD_NAME
1274 string The name of the FTP command (no arguments) FTP\Protocol analysis


LN_FTP_COMMAND
1271 string FTP client command FTP\Protocol analysis


LN_FTP_CONF_ARG_LEN
1338 int32 FTP CONF argument length FTP\Protocol analysis


LN_FTP_ENC_ARG_LEN
1339 int32 FTP ENC argument length FTP\Protocol analysis


LN_FTP_EPRT_ARG_LEN
1341 int32 FTP EPRT argument length FTP\Protocol analysis


LN_FTP_ESTP_ARG_LEN
1347 int32 FTP ESTP argument length FTP\Protocol analysis


LN_FTP_HELP_ARG_LEN
1332 int32 FTP HELP argument length FTP\Protocol analysis


LN_FTP_LANG_ARG_LEN
1340 int32 FTP LANG argument length FTP\Protocol analysis


LN_FTP_LPRT_ARG_LEN
1343 int32 FTP LPRT argument length FTP\Protocol analysis


LN_FTP_MARKER_LEN
1333 int32 FTP REST argument length FTP\Protocol analysis


LN_FTP_MIC_ARG_LEN
1337 int32 FTP MIC argument length FTP\Protocol analysis


LN_FTP_OPTS_ARG_LEN
1342 int32 FTP OPTS argument length FTP\Protocol analysis


LN_FTP_PASSWORD_LEN
1344 int32 FTP password length FTP\Protocol analysis


LN_FTP_PATHNAME_LEN
1327 int32 FTP pathname length FTP\Protocol analysis


LN_FTP_PROTECTION_BUFFER_SIZE
1334 int32 FTP protection buffer size (PBSZ argument) FTP\Protocol analysis


LN_FTP_REPLY
1276 string FTP server reply FTP\Protocol analysis


LN_FTP_REPLY_CODE
1277 int32 FTP server reply code FTP\Protocol analysis


LN_FTP_REPLY_LEN
1278 int32 The length of the too long FTP server reply FTP\Protocol analysis


LN_FTP_REPLY_LINE_LEN
1279 int32 The length of the too long FTP server reply line FTP\Protocol analysis


LN_FTP_SERVER_ACTION
1284 int32 Suspicious server action after a suspicious client command 1) connection terminated (server possibly crashed), 2) server violated the protocol in reply (probably a successful attack), 3) server replied "OK" FTP\Protocol analysis


LN_FTP_SERVER_BANNER
1272 string FTP server banner FTP\Protocol analysis


LN_FTP_SERVER_STATE_NAME
1283 string FTP module server state FTP\Protocol analysis


LN_FTP_SITE_ARG_LEN
1331 int32 FTP SITE argument length FTP\Protocol analysis


LN_FTP_STATE_NAME
1285 string State of FTP session FTP\Protocol analysis


LN_FTP_USERNAME_LEN
1328 int32 FTP username length FTP\Protocol analysis


LN_GROUPING_REASON
1029 string Reason for grouping these event records together. 1.x\Situation


LN_GROUP_ID
1551 int32 The identifier of the situation group that matched in a situation response 1.x\Diagnostics


LN_HANDLER_CALLS
1453 int64 Number of validation handler calls during validation of a TCP connection. 1.x\Statistics\TCP fingerprinting


LN_HTTP_CONTENT_LENGTH
1308 int64 HTTP content length 1.x\HTTP\Protocol analysis


LN_HTTP_CONTENT_TYPE
1307 string HTTP content type 1.x\HTTP\Protocol analysis


LN_HTTP_HEADER
1313 string HTTP header field contents HTTP\Protocol analysis


LN_HTTP_HEADER_NAME
1312 string HTTP header field name HTTP\Protocol analysis


LN_HTTP_NO_REQUEST
1366 void Response could not be associated to any request. HTTP\Protocol analysis


LN_HTTP_REQUESTS_NOT_STORED
1449 int64 Number of requests that could not be stored in this pipelined HTTP connection due to pipeline overflow. HTTP\Protocol analysis


LN_HTTP_REQUEST_HOST
1586 string HTTP request host 1.x\HTTP\Protocol analysis


LN_HTTP_REQUEST_LINE
1566 string HTTP request line HTTP\Protocol analysis


LN_HTTP_REQUEST_MESSAGE_FIELD_NAME_LENGTH
1406 int64 HTTP request header field name length HTTP\Protocol analysis


LN_HTTP_REQUEST_MESSAGE_FIELD_VALUE_LENGTH
1407 int64 HTTP request header field value length HTTP\Protocol analysis


LN_HTTP_REQUEST_METHOD
1303 string HTTP request method HTTP\Protocol analysis


LN_HTTP_REQUEST_URI
1305 string HTTP request uri HTTP\Protocol analysis


LN_HTTP_REQUEST_VERSION
1304 string HTTP request version HTTP\Protocol analysis


LN_HTTP_RESPONSE_CODE
1306 int32 HTTP response code HTTP\Protocol analysis


LN_HTTP_RESPONSE_MESSAGE_FIELD_NAME_LENGTH
1408 int64 HTTP response header field name length HTTP\Protocol analysis


LN_HTTP_RESPONSE_MESSAGE_FIELD_VALUE_LENGTH
1409 int64 HTTP response header field value length HTTP\Protocol analysis


LN_HTTP_URI_LENGTH
1405 int64 HTTP request URI length HTTP\Protocol analysis


LN_ICMP_CODE
101 int32 ICMP code attribute ICMP


LN_ICMP_EXPECTED_MESSAGE_LENGTH
1398 int32 Expected ICMP message length ICMP\Protocol analysis


LN_ICMP_FIELD_ADDRESS_MASK
1385 int32 ICMP address mask field value ICMP\Protocol analysis


LN_ICMP_FIELD_ADDR_ENTRY_SIZE
1378 int32 ICMP address entry size field value ICMP\Protocol analysis


LN_ICMP_FIELD_DATAGRAM_REFERENCE
1372 opaque Header of datagram associated with the ICMP message 1.x\ICMP\Protocol analysis


LN_ICMP_FIELD_DOMAIN_NAME
1391 string ICMP domain name field value ICMP\Protocol analysis


LN_ICMP_FIELD_GATEWAY_IP_ADDR
1374 ipv4 ICMP gateway address field value ICMP\Protocol analysis


LN_ICMP_FIELD_IDENTIFIER
1375 int32 ICMP identifier field value 1.x\ICMP\Protocol analysis


LN_ICMP_FIELD_LIFETIME
1379 int32 ICMP lifetime field value ICMP\Protocol analysis


LN_ICMP_FIELD_NUM_ADDRS
1377 int32 ICMP number of addresses field value ICMP\Protocol analysis


LN_ICMP_FIELD_ORIGINATE_TIMESTAMP
1382 int32 ICMP originate timestamp field value ICMP\Protocol analysis


LN_ICMP_FIELD_OUTBOUND_HOP_COUNT
1387 int32 ICMP outbound hop count field value ICMP\Protocol analysis


LN_ICMP_FIELD_OUTPUT_LINK_MTU
1390 int32 ICMP output link MTU field value ICMP\Protocol analysis


LN_ICMP_FIELD_OUTPUT_LINK_SPEED
1389 int32 ICMP output link speed field value ICMP\Protocol analysis


LN_ICMP_FIELD_POINTER
1373 int32 Byte offset to problem value in datagram associated with the ICMP message ICMP\Protocol analysis


LN_ICMP_FIELD_PREFERENCE_LEVEL
1381 int32 ICMP preference level field value ICMP\Protocol analysis


LN_ICMP_FIELD_RECEIVE_TIMESTAMP
1383 int32 ICMP receive timestamp field value ICMP\Protocol analysis


LN_ICMP_FIELD_RETURN_HOP_COUNT
1388 int32 ICMP return hop count field value ICMP\Protocol analysis


LN_ICMP_FIELD_ROUTER_ADDRESS
1380 ipv4 ICMP router address field value ICMP\Protocol analysis


LN_ICMP_FIELD_SEQUENCE_NUMBER
1376 int32 ICMP sequence number field value ICMP\Protocol analysis


LN_ICMP_FIELD_TRACEROUTE_ID
1386 int32 ICMP traceroute ID field value ICMP\Protocol analysis


LN_ICMP_FIELD_TRANSMIT_TIMESTAMP
1384 int32 ICMP transmit timestamp field value ICMP\Protocol analysis


LN_ICMP_ID
102 int32 ICMP identifier ICMP


LN_ICMP_MESSAGE_LENGTH
1397 int32 ICMP message length ICMP\Protocol analysis


LN_ICMP_REFERENCED_DESTINATION_IP_ADDR
1393 ipv4 Destination IP address of datagram associated with the ICMP message ICMP\Protocol analysis


LN_ICMP_REFERENCED_DESTINATION_PORT
1396 int32 Destination port of IP datagram associated with the ICMP message ICMP\Protocol analysis


LN_ICMP_REFERENCED_IP_PROTO
1394 int32 Protocol field of IP datagram associated with the ICMP message ICMP\Protocol analysis


LN_ICMP_REFERENCED_SOURCE_IP_ADDR
1392 ipv4 Source IP address of datagram associated with the ICMP message ICMP\Protocol analysis


LN_ICMP_REFERENCED_SOURCE_PORT
1395 int32 Source port of IP datagram associated with the ICMP message ICMP\Protocol analysis


LN_ICMP_TYPE
100 int32 ICMP type attribute ICMP


LN_IEEE_FRAMESBYTES
1455 struct(LN_FRAMES,LN_BYTES) TBD (DIX_FRAMESBYTES) 1.x\Statistics\Ethernet


LN_IEEE_TYPES
1458 map( LN_ETH_TYPE; LN_FRAMES, LN_BYTES ) Map describing how many frames and bytes of each Ethernet type in Ethernet (DIX or IEEE) frames 1.x\Statistics\Ethernet


LN_IF_LOGICAL
1477 int32 Logical interface for packet Sender\Capture


LN_IF_PHYSICAL
1478 int32 Physical interface for packet Sender\Capture


LN_IMF_ENCODED_WORD
1228 string The encoded word token related to this event. SMTP\Protocol analysis


LN_IMF_HEADER_FIELD
1225 string The contents (possibly partial) of the mail header field related to this event. SMTP\Protocol analysis


LN_IMF_HEADER_FIELD_NAME
1224 string The name of the mail header field related to this event. SMTP\Protocol analysis


LN_IMF_HEADER_FIELD_POSITION
1229 int32 The number of characters processed in this header field when this event was generated. SMTP\Protocol analysis


LN_IMF_TOKEN
1226 string The syntactical token in mail body related to this event. SMTP\Protocol analysis


LN_IMF_TOKEN_LENGTH
1227 int32 The length of the syntactical token in mail body related to this event. SMTP\Protocol analysis


LN_IPS_SERVICE
1479 struct(LN_IP_PROTO,LN_PORT_TCP_CLIENT,LN_PORT_TCP_SERVER,LN_PORT_SOURCE,LN_PORT_DEST,LN_ICMP_FIELD_TYPE,LN_ICMP_FIELD_CODE) Special field for filtering IPS logs using the defined services. Not present in the log entries as such. 1.x\Protocol header fields


LN_IP_ATTACKER
1359 ipv4 IPv4 address of the attacking host Attacker analysis


LN_IP_CHECKSUM
1110 int32 Checksum number in IPv4 header IP\Protocol analysis


LN_IP_DATAGRAM_NEW_LENGTH
1446 int32 IPv4 datagram suggested new length IP\Protocol analysis


LN_IP_FRAGMENT_OFFSET
1107 int32 Fragment offset in IPv4 IP\Protocol analysis


LN_IP_FRAG_CONFLICT_RANGE
1445 struct(LN_IP_FRAG_DIFFERENT_BYTES,LN_IP_FRAG_DIFFERENT_BYTES_FIRST,LN_IP_FRAG_DIFFERENT_BYTES_LAST,LN_IP_FRAG_DIFFERENT_OLD_FIRST,LN_IP_FRAG_DIFFERENT_NEW_FIRST,LN_IP_FRAG_DIFFERENT_OLD_LAST,LN_IP_FRAG_DIFFERENT_NEW_LAST) Byte range that had content conflict between fragments IP\Protocol analysis


LN_IP_HEADER_FLAGS
1106 int32 Header flags of IPv4 1.x\IP\Protocol analysis


LN_IP_HEADER_LENGTH
1102 int32 Length of IP (version 4) header IP\Protocol analysis


LN_IP_IDENTIFICATION
1105 int32 Identification in IPv4 header IP\Protocol analysis


LN_IP_MINIMUM_FRAGMENT_SIZE_LIMIT
1111 int32 Minimum fragment size limit of IPv4 1.x\IP\Protocol analysis


LN_IP_OFFSET
1112 int32 Start offset of IP from the begining of ethernet frame IP\Protocol analysis


LN_IP_OPTION_LENGTH
1437 int32 Length of IP option that caused the response IP\Protocol analysis


LN_IP_OPTION_NUMBER
1436 int32 IP option number that caused the response IP\Protocol analysis


LN_IP_TARGET
1360 ipv4 IPv4 address of the target host Attacker analysis


LN_IP_TCP_CLIENT
1355 ipv4 IPv4 address of the client in a TCP connection 1.x\TCP\Connection


LN_IP_TCP_SERVER
1356 ipv4 IPv4 address of the server in a TCP connection 1.x\TCP\Connection


LN_IP_TIME_TO_LIVE
1108 int32 Time to live field in IPv4 header 1.x\IP\Protocol analysis


LN_IP_TOTAL_LENGTH
1104 int32 IPv4 total length IP\Protocol analysis


LN_IP_TS_CHECKSUM_ERROR_CNT
1141 int32 Number of datagrams with checksum error 1.x\IP\Protocol analysis


LN_IP_TS_CHECKSUM_ERROR_DATAGRAM_SOURCES
1130 map(LN_IP_SOURCE;LN_IP_DATAGRAM_COUNT,LN_IP_DATAGRAM_BYTES) How many bytes and datagrams with invalid ip checksum we have seen from each source ip 1.x\IP\Protocol analysis


LN_IP_TS_DATAGRAMS_WITH_OPTIONS
1133 int32 How many datagrams we have seen with ip options 1.x\IP\Protocol analysis


LN_IP_TS_DATAGRAM_BYTE_CNT
1138 map( LN_IP_DATAGRAM_LENGTH; LN_IP_DATAGRAM_COUNT ) For each datagram length, the number of datagrams 1.x\IP\Protocol analysis


LN_IP_TS_DESTINATIONS_DATAGRAMSBYTES
1135 map(LN_IP_DEST;LN_IP_DATAGRAM_COUNT,LN_IP_DATAGRAM_BYTES) How many bytes and datagrams we have seen from each target ip 1.x\IP\Protocol analysis


LN_IP_TS_DF_SET_CNT
1131 int32 Number of datagrams seen with dont fragment bit set in ip header 1.x\IP\Protocol analysis


LN_IP_TS_DF_SET_SOURCES
1132 map(LN_IP_SOURCE;LN_IP_DATAGRAM_COUNT,LN_IP_DATAGRAM_BYTES) How many bytes and datagrams we have seen from each source ip with dont fragment bit set in ip header 1.x\IP\Protocol analysis


LN_IP_TS_FIRST_FRAGMENT_SIZE
1127 struct(LN_AVG_STRUCT,LN_IP_FRAGMENT_SIZE_MIN,LN_IP_FRAGMENT_SIZE_MAX,LN_IP_FRAGMENT_SIZE_AVG,LN_IP_FRAGMENT_SIZE_CNT) Statistics on ip fragment size only for first seen fragments for each datagram 1.x\IP\Protocol analysis


LN_IP_TS_FRAGMENTED_DATAGRAMS_SOURCES
1129 map(LN_IP_SOURCE;LN_IP_DATAGRAM_COUNT,LN_IP_DATAGRAM_BYTES) How many bytes and datagrams we have seen from each source ip 1.x\IP\Protocol analysis


LN_IP_TS_FRAGMENT_CNT
1140 int32 Number of datagram fragments 1.x\IP\Protocol analysis


LN_IP_TS_FRAGMENT_SIZE
1126 struct(LN_AVG_STRUCT,LN_IP_FRAGMENT_SIZE_MIN,LN_IP_FRAGMENT_SIZE_MAX,LN_IP_FRAGMENT_SIZE_AVG,LN_IP_FRAGMENT_SIZE_CNT) Statistics on ip fragment size 1.x\IP\Protocol analysis


LN_IP_TS_FRAGMENT_SIZE_DISTRIBUTION
1128 map(LN_IP_DATA_LENGTH; LN_IP_DATAGRAM_COUNT) How many times each fragment size is seen 1.x\IP\Protocol analysis


LN_IP_TS_LENGTH_DISTRIBUTION
1124 map( LN_IP_DATA_LENGTH; LN_IP_DATAGRAM_COUNT) IP datagram length distribution (fragments are counted also, so varies from 0 to ~1480) 1.x\IP\Protocol analysis


LN_IP_TS_OPTIONS_SOURCES_DATAGRAMBYTES
1134 map(LN_IP_SOURCE;LN_IP_DATAGRAM_COUNT,LN_IP_DATAGRAM_BYTES) How many bytes and datagrams from each source ip with ip header options 1.x\IP\Protocol analysis


LN_IP_TS_PROTOCOLS
1139 map( LN_PROTOCOL; LN_IP_DATAGRAM_COUNT, LN_IP_DATAGRAM_BYTES ) For each protocol on IP, the number of datagrams and total number of bytes in them 1.x\IP\Protocol analysis


LN_IP_TS_SOURCES_DATAGRAMSBYTES
1136 map(LN_IP_SOURCE;LN_IP_DATAGRAM_COUNT,LN_IP_DATAGRAM_BYTES) How many bytes and datagrams we have seen from each source ip 1.x\IP\Protocol analysis


LN_IP_TS_TTL
1125 struct(LN_AVG_STRUCT,LN_IP_TTL_MIN,LN_IP_TTL_MAX,LN_IP_TTL_AVG,LN_IP_TTL_CNT) Statistics on ip ttl values 1.x\IP\Protocol analysis


LN_IP_TYPE_OF_SERVICE
1103 int32 Type of service of IP (version 4) header 1.x\IP\Protocol analysis


LN_IP_VERSION
1101 int32 Version of IP header IP\Protocol analysis


LN_LOG_ID
2 int64 Data Identifier System


LN_LONG_MSG
601 string Long description of alert 1.x\Alert


LN_MAC_DEST
1349 mac Destination MAC field in packet header Ethernet\Frame


LN_MAC_DEST_OTHER
1025 mac The former MAC address corresponding to the seen target IPv4 address 1.x\Ethernet\Frame


LN_MAC_SOURCE
1361 mac Source MAC field in packet header Ethernet\Frame


LN_MAC_SOURCE_OTHER
1023 mac The former MAC address corresponding to the seen source IPv4 address 1.x\Ethernet\Frame


LN_MEM_AVAIL
1298 int32 Total amount of free memory 1.x\Diagnostics


LN_MISSED_CALL_STATS
1476 struct(LN_AVG_STRUCT,LN_AVG_MIN,LN_AVG_MAX,LN_AVG_AVG,LN_AVG_CNT) TBD 1.x\Statistics\TCP fingerprinting


LN_MODPAR_VAL
1326 struct(LN_MODPAR_ID,LN_MODPAR_INT,LN_MODPAR_BOOL,LN_MODPAR_STRING,LN_MODPAR_DOUBLE,LN_MODPAR_DFA_ID,LN_MODPAR_IPV4,LN_MODPAR_SITUATION,LN_MODPAR_FIELD_ID) List of agent parameters and the defined values. 1.x\Configuration\Inspection


LN_MODULE_MEMUSAGE
1297 map( LN_MODULE_ID; LN_MEMORY_USAGE, LN_EVENT_REF_CNT) Memory usage of each module 1.x\Diagnostics


LN_NODE_CONFIGURATION
304 string Current configuration Configuration


LN_NODE_CONFIGURATION_TIMESTAMP
305 ntpstamp Configuration upload time


LN_NODE_DYNUP
303 string Update package level Configuration


LN_NODE_ID
4 ipv4 The IPv4 address of the originator Sender


LN_NODE_LOAD
320 int32 Node load


LN_NODE_STATUS
300 int32 Node status


LN_NODE_VERSION
301 string Node version Sender


LN_NOT_FINAL_VALUE
1410 void Entry is not final Diagnostics


LN_NUM_ALERTS
1037 int32 [OUT OF USE] The number of configured alert responses in this event record. 1.x\Alert


LN_NUM_ALERT_RESPONSES
365 int64 Number of alert responses performed by this engine


LN_NUM_BLACKLIST_RESPONSES
369 int64 Number of blacklist responses performed by this engine


LN_NUM_DISCARD_RESPONSES
368 int64 Number of discard responses performed by this engine


LN_NUM_LOG_RESPONSES
364 int64 Number of log responses performed by this engine


LN_NUM_RECORD_RESPONSES
366 int64 Number of record responses performed by this engine


LN_NUM_RESET_RESPONSES
367 int64 Number of reset responses performed by this engine


LN_ONE_LAN
1549 void The "View interface as one LAN" option was enabled on the logical interface through which the packet was received. Sender\Capture


LN_ORIG_ALERT
1486 int32 Type of alert in the referred event Alert


LN_ORIG_ALERT_SEVERITY
1487 int32 Severity of an alert in the referred event Situation


LN_ORIG_COMP_ID
1488 int32 The identifier of the log entry's creator in the referred event Sender


LN_ORIG_CONFIG_ID
1489 int32 Configuration identifier related to the situation in the referred event


LN_ORIG_EVENT_COUNT
1490 int32 Count of events in the time frame of the referred event Situation


LN_ORIG_EVENT_ID
1491 int64 Event id of the referred event, unique within one sender Situation


LN_ORIG_GROUP_ID
1556 int32 Identifier of the situation group that matched in a situation response 1.x\Diagnostics


LN_ORIG_NODE_ID
1493 ipv4 The IPv4 address of the originator of the referred event Sender


LN_ORIG_NUM_ALERTS
1494 int32 [OUT OF USE] The number of configured alert responses in the referred event record. 1.x\Alert


LN_ORIG_RESPONSE_ID
1555 int32 Identifier of the response that was generated, when the response was a situation response 1.x\Diagnostics


LN_ORIG_SENDER_AGENT_ID
1495 int32 Sender agent identification in the referred event 1.x\Configuration


LN_ORIG_SENDER_CONFIG_ID
1545 int32 Configuration identifier of the sender of the referred event 1.x\Configuration


LN_ORIG_SENDER_MODULE_ID
1492 int32 Sender module identification in the referred event Configuration


LN_ORIG_SENDER_MODULE_VERSION
1496 struct(LN_SENDER_MODULE_MAJOR,LN_SENDER_MODULE_MINOR,LN_SENDER_MODULE_PL,LN_SENDER_BUILD) Module version in the referred event


LN_ORIG_SENDER_OS_VER
1497 string The operating system version of the sender of the referred event


LN_ORIG_SITUATION
1498 int32 The identifier of the situation that caused sending the referred event Situation


LN_ORIG_TIMESTAMP
1499 ntpstamp Time of creating the referred event record Time


LN_ORIG_TIME_FRAME_BEGIN
1500 ntpstamp Ntp stamp of begin of time frame in the referred event Configuration


LN_ORIG_TIME_FRAME_END
1501 ntpstamp Ntp stamp of end of time frame in the referred event Configuration


LN_PACKET_ANALYSIS_END
1369 void Module could not continue analysing network packet or datagram after this event. Situation


LN_PACKET_DATA
1367 opaque Recorded packet data Traffic record\Full capture


LN_PACKET_NOT_SEEN
1350 void Flag indicating that the related packet was not seen IP\Protocol analysis


LN_PASSIVE_DISCARD
1565 void Discard response was made with passive option. Drop response


LN_RECEIVED_LOG_EVENTS
361 map( LN_COMP_ID; LN_NUM_LOG_EVENTS ) RECEIVED_LOG_EVENTS


LN_RECEPTION_TIME
24 ntpstamp Reception Time Time


LN_RECORD_FRAME_CACHED
1368 void Marker showing that this frame was received before the recording was started. The frame was taken from a memory cache to this recording. Traffic record\Full capture


LN_RECORD_ID
1041 int64 Identification of the connection recording Traffic record\Full capture


LN_REF_EVENT
1028 struct(LN_REF_COMP_ID,LN_REF_EVENT_ID,LN_REF_CREATION_TIME) Reference to another event Reference


LN_RESPONSE_ID
1550 int32 The identifier of the matched situation response 1.x\Diagnostics


LN_RULE_ID
20 int32 Rule tag value of acceptance rule Packet\Filtering


LN_SA_AUTH_ALG
520 int32 SA_AUTH_ALG


LN_SA_BUNDLE
514 int32 SA_BUNDLE


LN_SA_CIPHER_ALG
518 int32 SA_CIPHER_ALG


LN_SA_COMPRESSION_ALG
519 int32 SA_COMPRESSION_ALG


LN_SA_EXPIRE_HARDLIMIT
524 ntpstamp SA_EXPIRE_HARDLIMIT


LN_SA_EXPIRE_SOFTLIMIT
523 ntpstamp SA_EXPIRE_SOFTLIMIT


LN_SA_INCOMING
517 bool SA_INCOMING


LN_SA_KB_HARDLIMIT
522 int32 SA_KB_HARDLIMIT


LN_SA_KB_SOFTLIMIT
521 int32 SA_KB_SOFTLIMIT


LN_SA_RESPONDER
516 bool SA_RESPONDER


LN_SA_TYPE
515 int32 SA_TYPE


LN_SCAN_ICMP_ECHO_NO_RESPONSE_COUNTER
1520 int32 Number of distinct ICMP Echo Request (ping) destinations that did not reply to a request. Scan detection\ICMP\Analysis


LN_SCAN_ICMP_ECHO_NO_RESPONSE_LIMIT
1521 int32 Maximum number of allowed ICMP Echo Request (ping) destinations per originator that do not reply to a request. 1.x\Scan detection\ICMP\Analysis


LN_SCAN_ICMP_ECHO_REQUEST_COUNTER
1518 int32 Number of distinct ICMP Echo Request (ping) destinations detected. Scan detection\ICMP\Analysis


LN_SCAN_ICMP_ECHO_REQUEST_LIMIT
1519 int32 Maximum number of allowed ICMP Echo Request (ping) destinations per originator. 1.x\Scan detection\ICMP\Analysis


LN_SCAN_ICMP_ECHO_TARGETS
1530 string List of the detected ICMP Echo Request (ping) destinations. Scan detection\ICMP\Analysis


LN_SCAN_ICMP_NETMASK_NO_RESPONSE_COUNTER
1528 int32 Number of distinct ICMP Netmask Request destinations that did not reply to a request. Scan detection\ICMP\Analysis


LN_SCAN_ICMP_NETMASK_NO_RESPONSE_LIMIT
1529 int32 Maximum number of allowed ICMP Netmask Request destinations per originator that do not reply to a request. 1.x\Scan detection\ICMP\Analysis


LN_SCAN_ICMP_NETMASK_REQUEST_COUNTER
1526 int32 Number of distinct ICMP Netmask Request destinations detected. Scan detection\ICMP\Analysis


LN_SCAN_ICMP_NETMASK_REQUEST_LIMIT
1527 int32 Maximum number of allowed ICMP Netmask Request destinations per originator. 1.x\Scan detection\ICMP\Analysis


LN_SCAN_ICMP_NETMASK_TARGETS
1532 string List of the detected ICMP Netmask Request destinations. Scan detection\ICMP\Analysis


LN_SCAN_ICMP_NO_RESPONSE_COUNTER
1516 int32 Number of the distinct ICMP request destinations for any of counted ICMP requests (Echo Request, Timestamp Request, Netmask Request) that did not reply to a request. Scan detection\ICMP\Analysis


LN_SCAN_ICMP_NO_RESPONSE_LIMIT
1517 int32 Maximum number of allowed ICMP request destinations per originator for any of the counted ICMP requests (Echo Request, Timestamp Request, Netmask Request) that do not reply to a request. 1.x\Scan detection\ICMP\Analysis


LN_SCAN_ICMP_REQUEST_COUNTER
1514 int32 Number of the distinct ICMP request destinations for the counted ICMP requests (Echo Request, Timestamp Request, Netmask Request). Scan detection\ICMP\Analysis


LN_SCAN_ICMP_REQUEST_LIMIT
1515 int32 Maximum number of allowed ICMP request destinations per originator for any of the counted ICMP requests (Echo Request, Timestamp Request, Netmask Request). 1.x\Scan detection\ICMP\Analysis


LN_SCAN_ICMP_TIMESTAMP_NO_RESPONSE_COUNTER
1524 int32 Number of the distinct ICMP Timestamp Request destinations that did not reply to a request. Scan detection\ICMP\Analysis


LN_SCAN_ICMP_TIMESTAMP_NO_RESPONSE_LIMIT
1525 int32 Maximum number of allowed ICMP Timestamp Request destinations per originator that do not reply to a request. 1.x\Scan detection\ICMP\Analysis


LN_SCAN_ICMP_TIMESTAMP_REQUEST_COUNTER
1522 int32 Number of the distinct ICMP Timestamp Request destinations detected. Scan detection\ICMP\Analysis


LN_SCAN_ICMP_TIMESTAMP_REQUEST_LIMIT
1523 int32 Maximum number of allowed ICMP Timestamp Request destinations per originator. 1.x\Scan detection\ICMP\Analysis


LN_SCAN_ICMP_TIMESTAMP_TARGETS
1531 string List of the detected ICMP Timestamp Request destinations. Scan detection\ICMP


LN_SCAN_RULE_TAG
1513 int32 Rule tag of the rule where the scan domain is defined. 1.x\Scan detection


LN_SCAN_START_TIME
1511 ntpstamp Detected starting time of this port scanning activity. Scan detection


LN_SCAN_TCP_NEGATIVE_COUNTER
1537 int32 Number of distinct TCP destinations that denied attempted connections with TCP RST. Scan detection\TCP\Analysis


LN_SCAN_TCP_NEGATIVE_LIMIT
1538 int32 Maximum number of allowed TCP destinations per originator that deny connection attempts with TCP RST. 1.x\Scan detection\TCP\Analysis


LN_SCAN_TCP_NORMAL_COUNTER
1533 int32 Number of distinct TCP destinations with successful connection establishment and bidirectional data transfer. Scan detection\TCP\Analysis


LN_SCAN_TCP_NORMAL_LIMIT
1534 int32 Maximum number of allowed TCP destinations per originator with whom normal connection establishment is allowed. 1.x\Scan detection\TCP\Analysis


LN_SCAN_TCP_NO_ACK_COUNTER
1541 int32 Number of distinct TCP destinations targeted for illegal TCP segments. Scan detection\TCP\Analysis


LN_SCAN_TCP_NO_ACK_LIMIT
1542 int32 Maximum number of allowed TCP destinations per originator targeted for illegal TCP segments. 1.x\Scan detection\TCP\Analysis


LN_SCAN_TCP_NO_ACK_TARGETS
1544 string List of TCP destinations targeted for illegal TCP segments. Scan detection\TCP\Analysis


LN_SCAN_TCP_NO_RESPONSE_COUNTER
1539 int32 Number of distinct TCP destinations that did not reply to connection attempts. Scan detection\TCP\Analysis


LN_SCAN_TCP_NO_RESPONSE_LIMIT
1540 int32 Maximum number of allowed TCP destinations per originator that do not reply to connection attempts. 1.x\Scan detection\TCP\Analysis


LN_SCAN_TCP_POSITIVE_COUNTER
1535 int32 Number of distinct TCP destinations with successful connection establishment but no data sent by the client within the defined time limit. Scan detection\TCP\Analysis


LN_SCAN_TCP_POSITIVE_LIMIT
1536 int32 Maximum number of distinct TCP destinations per originator with normal connection establishment where the client sends no data (successful scan of open TCP port). 1.x\Scan detection\TCP\Analysis


LN_SCAN_TCP_TARGETS
1543 string List of the detected TCP port scan destinations. Scan detection\TCP


LN_SCAN_UDP_NEGATIVE_COUNTER
1502 int32 Number of distinct destinations detected that replied with ICMP Port Unreachable (successful scan of closed UDP port). Scan detection\UDP\Analysis


LN_SCAN_UDP_NEGATIVE_LIMIT
1503 int32 Maximum number of destinations per originator allowed to reply with ICMP Port Unreachable. 1.x\Scan detection\UDP\Analysis


LN_SCAN_UDP_POSITIVE_COUNTER
1504 int32 Number of bi-directional UDP conversations detected. Scan detection\UDP\Analysis


LN_SCAN_UDP_POSITIVE_LIMIT
1505 int32 Maximum number of allowed destinations per originator that reply with UDP datagram. 1.x\Scan detection\UDP\Analysis


LN_SCAN_UDP_PROBE_COUNTER
1506 int32 Number of destinations that did not reply using UDP. Scan detection\UDP\Analysis


LN_SCAN_UDP_PROBE_LIMIT
1507 int32 Maximum number of allowed destinations per originator that do not reply to UDP datagram with UDP datagram. 1.x\Scan detection\UDP\Analysis


LN_SCAN_UDP_TARGETS
1510 string List of the detected UDP destinations. Scan detection\UDP


LN_SCAN_UDP_TARGET_COUNTER
1508 int32 Total number of UDP destinations detected. Scan detection\UDP\Analysis


LN_SCAN_UDP_TARGET_LIMIT
1509 int32 Maximum number of allowed of UDP destinations per originator. 1.x\Scan detection\UDP\Analysis


LN_SCRIPT_RESPONSE
1040 struct(LN_SCRIPT_PATH,LN_SCRIPT_PARAMS) Script response 1.x\Script response


LN_SECURITY_GATEWAY
502 int32 SECURITY_GATEWAY


LN_SENDER_AGENT_ID
1364 int32 Sender agent identification 1.x\Configuration


LN_SENDER_CONFIG_ID
1281 int32 Configuration identifier of the sender 1.x\Configuration


LN_SENDER_MODULE_ID
1363 int32 Sender module identification Configuration


LN_SENDER_MODULE_VERSION
1317 struct(LN_SENDER_MODULE_MAJOR,LN_SENDER_MODULE_MINOR,LN_SENDER_MODULE_PL,LN_SENDER_BUILD) Module version Configuration


LN_SENDER_OS_VER
1005 string The operating system version of the sender. 1.x\Configuration


LN_SENDER_TYPE
31 int32 Sender type Configuration


LN_SENDER_TYPE_OBSOLETE
1564 int32 Placeholder for removed SENDER_TYPE field (had wrong id).


LN_SENT_LOG_EVENTS
362 map( LN_COMP_ID; LN_NUM_LOG_EVENTS ) SENT_LOG_EVENTS


LN_SERVICE
27 struct(LN_IP_PROTO,LN_PORT_TCP_CLIENT,LN_PORT_TCP_SERVER,LN_PORT_SOURCE,LN_PORT_DEST,LN_ICMP_FIELD_TYPE,LN_ICMP_FIELD_CODE) Special field for filtering logs using the defined services. Not present in the log entries as such. 1.x\Protocol header fields


LN_SESSION_EVENT
302 int32 Session monitoring event code (1 = new, 2 = update, 3 = remove)


LN_SIP_CALL_ID
1579 string SIP call ID SIP\Protocol analysis


LN_SIP_CONTACT
1578 string SIP contact address SIP\Protocol analysis


LN_SIP_CONTENT_LENGTH
1582 string Length of message body SIP\Protocol analysis


LN_SIP_CONTENT_TYPE
1581 string Content type of message body SIP\Protocol analysis


LN_SIP_FROM
1576 string From address SIP\Protocol analysis


LN_SIP_HEADER
1574 string SIP header field contents SIP\Protocol analysis


LN_SIP_HEADER_NAME
1575 string SIP header field name SIP\Protocol analysis


LN_SIP_REQUEST_METHOD
1569 string SIP request method SIP\Protocol analysis


LN_SIP_REQUEST_URI
1570 string SIP request URI SIP\Protocol analysis


LN_SIP_REQUEST_VERSION
1571 string SIP request version SIP\Protocol analysis


LN_SIP_RESPONSE_REASON_PHRASE
1573 string SIP response reason-phrase SIP\Protocol analysis


LN_SIP_RESPONSE_STATUS_CODE
1572 string SIP response status code SIP\Protocol analysis


LN_SIP_TO
1577 string To address SIP\Protocol analysis


LN_SIP_VIA
1580 string SIP VIA address SIP\Protocol analysis


LN_SITUATION
1000 int32 The identifier of the situation that caused sending this event. Situation


LN_SMTP_COMMAND
1213 string Suspicious SMTP command sent by the client. SMTP\Protocol analysis


LN_SMTP_MAIL_STATS
1223 struct(LN_AVG_STRUCT,LN_SMTP_MAIL_MIN_SIZE,LN_SMTP_MAIL_MAX_SIZE,LN_SMTP_MAIL_AVG_SIZE,LN_SMTP_MAIL_CNT) Statistics on e-mail messages 1.x\SMTP\Protocol analysis


LN_SMTP_MISPLACED_COMMAND
1214 string Command that occurred in a wrong place in the command sequence. SMTP\Protocol analysis


LN_SMTP_RECIPIENT
1212 string SMTP recipient (RCPT parameter forward path) of the envelope. SMTP\Protocol analysis


LN_SMTP_REPLY
1217 string Suspicious SMTP reply message sent by the server. SMTP\Protocol analysis


LN_SMTP_REVERSE_PATH
1211 string SMTP reverse path (MAIL FROM parameter) of the envelope. SMTP\Protocol analysis


LN_SMTP_SERVER_ACTION
1218 int32 Suspicious server action after a suspicious client command 1) connection terminated (server possibly crashed), 2) server violated the protocol in reply (probably a successful attack), 3) server replied "OK" SMTP\Protocol analysis


LN_SMTP_SERVER_BANNER
1216 string Banner sent by the SMTP server at the beginning of the connection. SMTP\Protocol analysis


LN_SMTP_TRANSACTION_STATE
1215 string State of SMTP transaction. SMTP\Protocol analysis


LN_SOURCE_FILE
1286 string Source file name Diagnostics


LN_SOURCE_FILE_LINE
1287 int32 Line number in source file Diagnostics


LN_SPORT
9 int32 Packet source protocol port Packet\Filtering


LN_SRC
7 ipv4 Packet source IP address Packet\Filtering


LN_SRC_IP_RANGE
525 ipv4 SRC_IP_RANGE


LN_SRC_VLAN
112 int32 Source VLAN


LN_SRVHELPER_ID
110 int32 Protocol agent identification


LN_SSH1_FORBIDDEN_AUTHENTICATION_METHOD
1289 string Forbidden SSHv1 authentication method. 1.x\SSH\Protocol analysis


LN_SSH1_FORBIDDEN_CIPHER
1288 string Forbidden SSHv1 cipher. 1.x\SSH\Protocol analysis


LN_SSH1_HOST_KEY_BITS
1267 int32 SSHv1 host key bits. SSH\Protocol analysis


LN_SSH1_HOST_KEY_MIN_LEN_VALUE
1268 int32 SSHv1 host key minimum length value. 1.x\SSH\Protocol analysis


LN_SSH1_SERVER_KEY_BITS
1265 int32 SSHv1 server key bits. SSH\Protocol analysis


LN_SSH1_SERVER_KEY_MIN_LEN_VALUE
1266 int32 SSHv1 server key minimum length value. 1.x\SSH\Protocol analysis


LN_SSH_CALC_CLIENT_CRYPTO_BIT_RATIO
1270 float Calculated SSH client crypto bit ratio. SSH\Protocol analysis


LN_SSH_CALC_SERVER_CRYPTO_BIT_RATIO
1269 float Calculated SSH server crypto bit ratio. SSH\Protocol analysis


LN_SSH_CLIENT_CRYPTO_BIT_RATIO
1252 float SSH client crypto bit ratio. 1.x\SSH\Protocol analysis


LN_SSH_CLIENT_CRYPTO_BLOCK_COUNT
1254 int32 SSH client crypto block count. 1.x\SSH\Protocol analysis


LN_SSH_CLIENT_CRYPTO_BLOCK_LEN
1253 int32 SSH client crypto block length. 1.x\SSH\Protocol analysis


LN_SSH_SERVER_CRYPTO_BIT_RATIO
1249 float SSH server crypto bit ratio. 1.x\SSH\Protocol analysis


LN_SSH_SERVER_CRYPTO_BLOCK_COUNT
1251 int32 SSH server crypto block count. 1.x\SSH\Protocol analysis


LN_SSH_SERVER_CRYPTO_BLOCK_LEN
1250 int32 SSH server crypto block length. 1.x\SSH\Protocol analysis


LN_STORAGE_SERVER_ID
30 int32 Internal field for log server.


LN_SYSLOG_FACILITY
1055 int32 Syslog entry facility 1.x\Syslog


LN_SYSLOG_LEVEL
1056 int32 Syslog entry level 1.x\Syslog


LN_SYSLOG_MSG
1054 string Syslog entry message string 1.x\Syslog


LN_SYSLOG_TYPE
111 int32 Syslog message type Syslog


LN_TCP_CONNECTION_START_TIME
1142 ntpstamp The start time of the TCP connection. TCP\Connection


LN_TCP_EXPECTED_LEN
1451 int32 Expected length of an item. 1.x\TCP\Protocol analysis


LN_TCP_FLAG_USAGE_TS_STAT
1199 map( LN_TCP_FLAG_VALUE; LN_COUNT ) FIXME!!! 1.x\TCP\Protocol analysis


LN_TCP_FP_CONN_STATS
1472 struct(LN_BYTES_CHECKED,LN_BYTES_MISSED,LN_FPS_MATCHED) TBD 1.x\TCP\Protocol analysis


LN_TCP_FP_CONN_STATS_C
1473 struct(LN_BYTES_CHECKED,LN_BYTES_MISSED,LN_FPS_MATCHED) TBD 1.x\TCP\Protocol analysis


LN_TCP_FP_CONN_STATS_S
1474 struct(LN_BYTES_CHECKED,LN_BYTES_MISSED,LN_FPS_MATCHED) TBD 1.x\TCP\Protocol analysis


LN_TCP_HANDSHAKE_SEEN
1362 bool Was the TCP connection initial handshake seen? TCP\Connection


LN_TCP_OPTION_LENGTH
1585 int32 Length of TCP option that caused the response TCP\Protocol analysis


LN_TCP_OPTION_USAGE_TS_STAT
1200 map( LN_TCP_OPTION_KIND; LN_COUNT ) FIXME!!! 1.x\TCP\Protocol analysis


LN_TCP_RST
1552 void Reset Response was applied to reset a TCP connection. 1.x\Reset response


LN_TCP_RST_NO_TCP
1553 void Reset Response could not be applied because there was no TCP connection. 1.x\Reset response


LN_TCP_SEEN_LEN
1452 int32 The length of an item seen in network traffic. 1.x\TCP\Protocol analysis


LN_TCP_SEG_TS_STAT
1196 struct(LN_TCP_SEG_CNT,LN_TCP_SEG_CNT_FRAGMENTED,LN_TCP_BYTE_CNT,LN_TCP_BYTE_CNT_FRAGMENTED,LN_TCP_MISSING_SEG_CNT) TCP traffic statistics 1.x\TCP\Protocol analysis


LN_TEST_BOOL
1233 bool Test boolean Testing


LN_TEST_DOUBLE
1235 double Test double Testing


LN_TEST_FLOAT
1234 float Test float Testing


LN_TEST_INT64
1241 int64 64-bit test integer Testing


LN_TEST_IPV4
1240 ipv4 Test IPv4 address Testing


LN_TEST_MAC
1243 mac Test MAC address Testing


LN_TEST_MAP
1239 map(LN_TEST_INT32,LN_TEST_INT32;LN_TEST_INT32,LN_TEST_INT32) Test map Testing


LN_TEST_NTPSTAMP
1242 ntpstamp Test timestamp Testing


LN_TEST_STRING
1236 string Test string Testing


LN_TEST_STRUCT
1238 struct(LN_TEST_INT32,LN_IP_SOURCE) Test struct Testing


LN_TEST_VOID
1244 void Test void data Testing


LN_TIMESTAMP
1 ntpstamp Time of creating the event record. Time


LN_TIME_FRAME_BEGIN
1075 ntpstamp Ntp stamp of begin of time frame Configuration


LN_TIME_FRAME_END
1076 ntpstamp Ntp stamp of end of time frame Configuration


LN_TRAFFIC_COUNTERS
319 map( LN_INTERFACE; LN_FW_RECEIVED_BYTES, LN_FW_RECEIVED_PACKETS, LN_FW_SENT_BYTES, LN_FW_SENT_PACKETS, LN_FW_ACCEPTED_BYTES, LN_FW_ACCEPTED_PACKETS, LN_FW_DROPPED_BYTES, LN_FW_DROPPED_PACKETS, LN_FW_ENCRYPTED_BYTES, LN_FW_ENCRYPTED_PACKETS, LN_FW_DECRYPTED_BYTES, LN_FW_DECRYPTED_PACKETS, LN_FW_NATTED_BYTES, LN_FW_NATTED_PACKETS, LN_FW_ACCOUNTED_BYTES, LN_FW_ACCOUNTED_PACKETS, LN_SENSOR_RECEIVED_BYTES, LN_SENSOR_RECEIVED_PACKETS, LN_SENSOR_PROCESSED_BYTES, LN_SENSOR_PROCESSED_PACKETS, LN_SENSOR_INSPECTED_BYTES, LN_SENSOR_INSPECTED_PACKETS, LN_SENSOR_LOST_BYTES, LN_SENSOR_LOST_PACKETS ) Traffic counters


LN_TRAFFIC_SHAPING
385 map( LN_SHAPING_CLASS, LN_INTERFACE; LN_TOTAL_BYTES, LN_PASSED_BYTES, LN_SHAPING_GUARANTEE, LN_SHAPING_LIMIT, LN_SHAPING_PRIORITY ) TRAFFIC_SHAPING


LN_TS_RULE_TAG
1060 int32 The rule tag of the rule that caused compilation of the time slot statistics in this event record. 1.x\Sender


LN_UDP_DATAGRAM_SIZE
1205 int32 The size of the UDP datagram. UDP\Protocol analysis


LN_UDP_FP_CONN_STATS
1309 struct(LN_BYTES_CHECKED,LN_BYTES_MISSED,LN_FPS_MATCHED) Connection statistics made by udp_fp (both streams) 1.x\UDP\Protocol analysis


LN_UDP_FP_CONN_STATS_C
1310 struct(LN_BYTES_CHECKED,LN_BYTES_MISSED,LN_FPS_MATCHED) Connection statistics made by udp_fp (client stream) 1.x\UDP\Protocol analysis


LN_UDP_FP_CONN_STATS_S
1311 struct(LN_BYTES_CHECKED,LN_BYTES_MISSED,LN_FPS_MATCHED) Connection statistics made by udp_fp (server stream) 1.x\UDP\Protocol analysis


LN_VLAN_ID
1548 int32 Identifier of the VLAN the packet was received from 1.x\Sender\Capture


LN_VPN_ID
501 int32 VPN_ID


LN_VPN_STATISTICS
507 map( LN_END_POINT, LN_PEER_SECURITY_GATEWAY, LN_PEER_END_POINT; LN_VPN_BYTES_SENT, LN_VPN_BYTES_RECEIVED, LN_PHASE1_SUCC, LN_PHASE1_FAIL, LN_PHASE2_SUCC, LN_PHASE2_FAIL ) VPN_STATISTICS


LN_VPN_STATUS
503 map( LN_END_POINT, LN_PEER_SECURITY_GATEWAY, LN_PEER_END_POINT; LN_CONN_STATUS, LN_INFO_MSG ) VPN_STATUS


LN_WHOLE_SESSION_SEEN
1003 bool True, if no data of this session has been missed up to this point. Protocol analysis\General


Publicado por Pere Moltó Agut a las 0:00

Labels: , , , ,