Cloud NGFW for Azure
Cloud NGFW for Azure Traffic Log Fields
Table of Contents
Expand All
|
Collapse All
Cloud NGFW for Azure Docs
Cloud NGFW for Azure Traffic Log Fields
Learn about Traffic log fields for your Cloud NGFW for Azure resource.
Where Can I Use This? | What Do I Need? |
---|---|
|
|
Field Name
|
Description
|
---|---|
Source Address (src_ip)
|
Original session source IP address.
|
Source port (sport)
|
Source port utilized by the session.
|
Destination Address (dst)
|
Original session destination IP address.
|
Destination port (dport)
|
Destination port utilized by the session.
|
IP Protocol (proto)
|
IP protocol associated with the session.
|
Application (app)
|
Application associated with the session.
|
Rule Name (rule)
|
Name of the rule that the session matched.
|
Action (action)
|
Action taken for the session; possible values are:
|
Bytes Received (bytes_received)
|
Number of bytes in the server-to-client direction of the session.
|
Bytes Sent (bytes_sent)
|
Number of bytes in the client-to-server direction of the session.
|
Packets Received (pkts_received)
|
Number of server-to-client packets for the session.
|
Packets Sent (pkts_sent)
|
Number of client-to-server packets for the session.
|
Start Time (start)
|
Time of session start.
|
Elapsed Time (elapsed)
|
Elapsed time of the session.
|
Repeat Count (repeatcnt)
|
Number of sessions with the same Source IP, Destination IP,
Application, and Subtype seen within 5 seconds.
|
Category (category)
|
URL category associated with the session (if applicable).
|
Source Country (srcloc)
|
Source country or Internal region for private addresses; maximum
length is 32 bytes.
|
Destination Country (dstloc)
|
Destination country or Internal region for private addresses. The
maximum length is 32 bytes.
|
Session End Reason (session_end_reason)
|
The reason is a session terminated. If the termination had multiple
causes, this field displays only the highest priority reason. The
possible session end reason values are as follows, in order of
priority (where the first is highest):
|
XFF Address (xff)
|
The IP address of the user who requested the webpage or the IP
address of the next to the last device that the request traversed.
If the request goes through one or more proxies, load balancers, or
other upstream devices, the firewall displays the IP address of the
most recent device.
|