Log Field Description

This section describes the log fields interconnected with LTS.

Field	Type	Description
src_ip	string	Source IP address
src_port	string	Source port number
dst_ip	string	Destination IP address
dst_port	string	Destination port number
protocol	string	Protocol type
app	string	Application type
src_region_name	string	Source region name
src_region_id	string	Source region ID
dst_region_name	string	Destination region name
dst_region_id	string	Destination region ID
log_type	string	Log type. internet: Internet border traffic log nat: NAT border traffic log vpc: inter-VPC traffic log
vsys	long	Firewall protection direction. 1: north-south 2: east-west
direction	string	Traffic direction. out2in: inbound in2out: outbound
action	string	Response action of the firewall. permit deny block drop
packet	string	Original data packet of the attack log. NOTE: The encoding format is Base64.
attack_rule	string	Defense rule that works for the detected attack
attack_rule_id	string	ID of the defense rule that works for the detected attack
attack_type	string	Type of the attack. Vulnerability exploit Vulnerability scan Trojan Worms Phishing Web attacks Application DDoS Buffer overflow Password attacks Mail Access control Hacking tools Hijacking Protocol exception Spam Spyware DDoS flood Suspicious DNS activities Other suspicious behaviors
level	string	Level of detected threats. CRITICAL HIGH MIDDLE LOW
source	string	Defense for the detected attack. 0: basic protection 1: virtual patch
event_time	long	Attack time

Field	Type	Description
rule_id	string	ID of the triggering rule
src_ip	string	Source IP address
src_port	string	Source port number
dst_ip	string	Destination IP address
dst_port	string	Destination port number
src_region_name	string	Source region name
src_region_id	string	Source region ID
dst_region_name	string	Destination region name
dst_region_id	string	Destination region ID
log_type	string	Log type. internet: Internet border traffic log nat: NAT border traffic log vpc: inter-VPC traffic log
dst_host	string	Destination domain name
vsys	long	Firewall protection direction. 1: north-south 2: east-west
protocol	string	Protocol type
app	string	Application type
direction	string	Traffic direction. out2in: inbound in2out: outbound
action	string	Response action of the firewall. permit deny
hit_time	long	Time of an access

Field	Type	Description
src_ip	string	Source IP address
src_port	string	Source port number
dst_ip	string	Destination IP address
dst_port	string	Destination port number
protocol	string	Protocol type
app	string	Application type
direction	string	Traffic direction. out2in: inbound in2out: outbound
action	string	Response action of the firewall. permit deny
src_region_name	string	Source region name
src_region_id	string	Source region ID
src_vpc	string	ID of the VPC that the source IP address belongs to
dst_region_name	string	Destination region name
dst_region_id	string	Destination region ID
dst_vpc	string	ID of the VPC that the destination IP address belongs to
log_type	string	Log type. internet: Internet border traffic log nat: NAT border traffic log vpc: inter-VPC traffic log
dst_host	string	Destination domain name
vsys	long	Firewall protection direction. 1: north-south 2: east-west
hit_time	long	Time of an access
to_s_bytes	long	Number of bytes sent from the client to the server
to_c_bytes	long	Number of bytes sent from the server to the client
to_s_pkts	long	Number of packets sent from the client to the server
to_c_pkts	long	Number of packets sent from the server to the client
bytes	long	Number of bytes of the protected traffic
packets	long	Number of packets in the protected traffic
start_time	long	Stream start time
end_time	long	Stream end time