| Appendix A - Logs | 547
Data Fields
recv_bytes status message
Type
integer string string
Description
Total number of bytes received
Ultimate state of traffic – accept/deny
Message displayed
Malware Logs
HTTP, HTTPS, FTP Logs are displayed only if Web Protection Module is subscribed.
POP, POPS, IMAP, IMAPS, SMTP and SMTPS Logs are displayed only if Web Protection Module is subscribed.
Message ID
08001
08002
09001
09002
10001
10002
11001
11002
12001
12002
Message
The URL has been blocked as it contained a virus
Access to URL is allowed as it does not contain any virus
FTP data transfer was blocked as it contained a virus
FTP data transfer didn’t have any virus and completed successfully
The mail is infected with a virus detected by the Device
Mail doesn’t contain any virus
The mail is infected with a virus detected by the Device
Mail doesn’t contain any virus
The mail is infected with a virus detected by the Device
Mail doesn’t contain any virus
Log Component
HTTP
HTTP
FTP
FTP
SMTP
SMTP
POP3
POP3
IMAP4
IMAP4
Sample Logs:
device="SFW" date=2017-01-31 time=15:35:15 timezone="IST" device_name="CR750iNG-XP" device_id=C44310050024-P29PUA log_id=030906208001 log_type="Anti-Virus" log_component="HTTP" log_subtype="Virus" status="" priority=Critical fw_rule_id=2 user_name="jsmith" iap=1 av_policy_name="" virus="EICAR-AV-Test" url=http://www.eicar.org/download/eicar.com" domainname="
www.eicar.org
" src_ip=10.198.47.71 src_country_code=R1 dst_ip=213.211.198.62 dst_country_code=DEU protocol="TCP" src_port=11013 dst_port=80 sent_bytes=0 recv_bytes=353
Module-specific Fields
Data Fields
status
Type
string fw_rule_id integer
Description
Ultimate status of traffic – Allowed or
Denied
Firewall Rule ID which is applied on the traffic
Type
string integer string string string string string string string string string string integer string string string string string string string string string string string integer integer integer integer integer quarantine src_domainname dst_domainname src_ip src_country_code dst_ip dst_country_code protocol src_port dst_port sent_bytes recv_bytes
Data Fields
user_name iap av_policy_name from_email_address to_email_address subject mailid mailsize virus
FTP_url
FTP_direction filename filesize filepath ftpcommand url domainname
Description
User name
Policy Code of the Internet Access Policy applied
Malware scanning policy name which is applied on the traffic
Sender email address
Receipeint email address
Signature messsage
Signature classification
Priority of IPS policy
Virus name
FTP URL from which virus was downloaded
Direction of FTP transfer: Upload or
Download
Name of the file that contained virus
Size of the file that contained virus
Path of the file containing virus
FTP command used when virus was found
URL from which virus was downloaded
Domain from which virus was downloaded
Path and filename of the file quarantined
Sender domain name
Receiver domain name
Original Source IP address of traffic
Code of the country to which the source
IP belongs
Original Destination IP address of traffic
Code of the country to which the destination IP belongs
Protocol number of traffic
Original Source Port of TCP and UDP traffic
Original Destination Port of TCP and
UDP traffic
Total number of bytes sent
Total number of bytes received
| Appendix A - Logs | 548