Firewall Messages - v6.3.X

https://www.forcepoint.com/product/ngfw-next-generation-firewall
https://help.stonesoft.com/onlinehelp/StoneGate/SMC/6.5.0/GUID-71291199-8540-496C-A4DF-52A69E8FE227.html
https://support.forcepoint.com/KBArticle?id=000015002
https://www.websense.com/content/support/library/ngfw/v64/mgmt/ngfw_640_pg_a_en-us.pdf

Firewall Messages - v6.3.X

Base Rule

General Firewall Event

Information

Firewall Related Connection

Sub Rule

General Firewall Event

Information

Connection Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

Connection Discarded

Sub Rule

Traffic Denied by Network Firewall

Network Deny

Connection Closed

Sub Rule

Connection Closed

Network Traffic

Connection Closed Abnormally

Sub Rule

Connection Closed

Network Traffic

Connection Progress

Sub Rule

Connection Starting

Network Traffic

Connection Interface Changed

Sub Rule

Network Interface Changed State

Information

TCP Segment SYN Has No Options

Sub Rule

TCP SYN Received

Network Traffic

TCP Checksum Mismatch

Sub Rule

General Checksum Information

Information

Logged HTTP URL

Sub Rule

URL Information

Information

Device Key in Log Message

LogRhythm Schema

Data Type

severity

<severity>

Text/String/Number

Version

<version>

Number

vmid

<vmid>

Number

command

<command>

Text/String

requestURL

<url>

Text/String

in

<packetsin>

Number

out

<packetsout>

Number

app

<object>

Text/String/Number

deviceFacility

<objectname>

Text/String

msg

<subject>

Text/String

destinationTranslatedPort

<dport>

Number

sourceTranslatedPort

<sport>

Number

destinationTranslatedAddress

<dnatip>

IP Address

sourceTranslatedAddress

<snatip>

IP Address

act

<action>

Text/String

deviceinboundinterface

<sinterface>

Text/String/Number

proto

<protnum>

Number

dpt

<dport>

Number

spt

<sport>

Number

dst

<dip>

IP Address

src

<sip>

IP Address

dvchost

<dname>

Text/String/Number