Updated on 2024-10-09 GMT+08:00

Log Field Description

This section describes the log fields interconnected with LTS.

Attack Event Logs

Field

Type

Description

src_ip

string

Source IP address

src_port

string

Source port number

dst_ip

string

Destination IP address

dst_port

string

Destination port number

protocol

string

Protocol type

app

string

Application type

src_region_name

string

Source region name

src_region_id

string

Source region ID

dst_region_name

string

Destination region name

dst_region_id

string

Destination region ID

log_type

string

Log type.

  • internet: Internet border traffic log
  • nat: NAT border traffic log
  • vpc: inter-VPC traffic log

vsys

long

Firewall protection direction.

  • 1: north-south
  • 2: east-west

direction

string

Traffic direction.

  • out2in: inbound
  • in2out: outbound

action

string

Response action of the firewall.

  • permit
  • deny
  • block
  • drop

packet

string

Original data packet of the attack log.

NOTE:

The encoding format is Base64.

attack_rule

string

Defense rule that works for the detected attack

attack_rule_id

string

ID of the defense rule that works for the detected attack

attack_type

string

Type of the attack.

  • Vulnerability exploit
  • Vulnerability scan
  • Trojan
  • Worms
  • Phishing
  • Web attacks
  • Application DDoS
  • Buffer overflow
  • Password attacks
  • Mail
  • Access control
  • Hacking tools
  • Hijacking
  • Protocol exception
  • Spam
  • Spyware
  • DDoS flood
  • Suspicious DNS activities
  • Other suspicious behaviors

level

string

Level of detected threats.

  • CRITICAL
  • HIGH
  • MIDDLE
  • LOW

source

string

Defense for the detected attack.

  • 0: basic protection
  • 1: virtual patch

event_time

long

Attack time

Access Control Logs

Field

Type

Description

rule_id

string

ID of the triggering rule

src_ip

string

Source IP address

src_port

string

Source port number

dst_ip

string

Destination IP address

dst_port

string

Destination port number

src_region_name

string

Source region name

src_region_id

string

Source region ID

dst_region_name

string

Destination region name

dst_region_id

string

Destination region ID

log_type

string

Log type.

  • internet: Internet border traffic log
  • nat: NAT border traffic log
  • vpc: inter-VPC traffic log

dst_host

string

Destination domain name

vsys

long

Firewall protection direction.

  • 1: north-south
  • 2: east-west

protocol

string

Protocol type

app

string

Application type

direction

string

Traffic direction.

  • out2in: inbound
  • in2out: outbound

action

string

Response action of the firewall.

  • permit
  • deny

hit_time

long

Time of an access

Traffic Logs

Field

Type

Description

src_ip

string

Source IP address

src_port

string

Source port number

dst_ip

string

Destination IP address

dst_port

string

Destination port number

protocol

string

Protocol type

app

string

Application type

direction

string

Traffic direction.

  • out2in: inbound
  • in2out: outbound

action

string

Response action of the firewall.

  • permit
  • deny

src_region_name

string

Source region name

src_region_id

string

Source region ID

src_vpc

string

ID of the VPC that the source IP address belongs to

dst_region_name

string

Destination region name

dst_region_id

string

Destination region ID

dst_vpc

string

ID of the VPC that the destination IP address belongs to

log_type

string

Log type.

  • internet: Internet border traffic log
  • nat: NAT border traffic log
  • vpc: inter-VPC traffic log

dst_host

string

Destination domain name

vsys

long

Firewall protection direction.

  • 1: north-south
  • 2: east-west

hit_time

long

Time of an access

to_s_bytes

long

Number of bytes sent from the client to the server

to_c_bytes

long

Number of bytes sent from the server to the client

to_s_pkts

long

Number of packets sent from the client to the server

to_c_pkts

long

Number of packets sent from the server to the client

bytes

long

Number of bytes of the protected traffic

packets

long

Number of packets in the protected traffic

start_time

long

Stream start time

end_time

long

Stream end time