Cloud NGFW for AWS Traffic Log Fields
Source Address (src_ip)
Original session source IP address.
Source Port (sport)
Source port utilized by the session.
Destination Address (dst)
Original session destination IP address.
Destination Port (dport)
Destination port utilized by the session.
IP Protocol (proto)
IP protocol associated with the session.
Application associated with the session.
Rule Name (rule)
Name of the rule that the session matched.
Action taken for the session; possible values are:
Bytes Received (bytes_received)
Number of bytes in the server-to-client direction of the session.
Bytes Sent (bytes_sent)
Number of bytes in the client-to-server direction of the session.
Packets Received (pkts_received)
Number of server-to-client packets for the session.
Packets Sent (pkts_sent)
Number of client-to-server packets for the session.
Start Time (start)
Time of session start.
Elapsed Time (elapsed)
Elapsed time of the session.
Repeat Count (repeatcnt)
Number of sessions with same Source IP, Destination IP, Application, and Subtype seen within 5 seconds.
URL category associated with the session (if applicable).
Source Country (srcloc)
Source country or Internal region for private addresses; maximum length is 32 bytes.
Destination Country (dstloc)
Destination country or Internal region for private addresses. Maximum length is 32 bytes.
Session End Reason (session_end_reason)
The reason a session terminated. If the termination had multiple causes, this field displays only the highest priority reason. The possible session end reason values are as follows, in order of priority (where the first is highest):
XFF Address (xff)
The IP address of the user who requested the web page or the IP address of the next to last device that the request traversed. If the request goes through one or more proxies, load balancers, or other upstream devices, the firewall displays the IP address of the most recent device.
Recommended For You
Recommended videos not found.