Skip to main content
Skip table of contents

General Firewall Events

Vendor Documentation

Classification

Rule NameRule TypeClassificationCommon Event
Base RuleGeneral Firewall Log
Packet ForwardedSub RuleInformationForwarding Data
Packet DroppedSub RuleWarningRequest Dropped
Management PacketSub RuleInformationManagement Pack Received
No Packet AssociatedSub RuleInformationGeneral Information Log Message

Mapping with LogRhythm Schema

Device Key in Log Message

LogRhthm Schema

Data Type

Schema Description

idN/AN/AN/A
sn<serialnumber>NumberIndicates the device serial number
timeN/AN/AReports the time of event
fwN/AN/AIndicates the WAN IP Address
pri<severity>NumberDisplays the event priority level (0=emergency, 7=debug)
c<vmid>NumberIndicates the legacy category number (Note: SonicOS/X does not currently send new category information)
gcatN/AN/ADisplay event group category when using Enhanced Syslog
mN/AN/AProvides the message ID number
srcMac<smac>Text/StringSource MAC Address
src<sip>
<sport>
<sinterface>
IP Address
Number
Text/String
Indicates the source IP address, and optionally, port, network interface, and resolved name
srcZoneN/AN/ADisplays source zone
dstMac<dmac>Text/StringDestination MAC Address
dst<dip>
<dport>
<dinterface>
IP Address
Number
Text/String
Destination IP address, and optionally, port, network interface, and resolved name
dstZoneN/AN/ADisplays destination zone
proto<protname>Text/StringDisplays the protocol information (rendered as “proto=[protocol]” or just “[proto]/[service]”)
rcvd<bytesin>NumberIndicates the number of bytes received within connection
rule<policy>Text/StringUsed to identify a policy or a rule associated with an event
app<object>NumberIndicates the application for the applied Syslog. Only displays when Flow Reporting is enabled
appName<objectname>Text/StringIndicates the non-signature Application Name that matches the Application ID “app” or “f” of the Syslog; Only displays when Flow Reporting is enabled
msg<vendorinfo>Text/StringDisplays the message which is composed of either or both a predefined message and a dynamic message containing a string %s or numeric %d argument
note<subject>Text/StringAdditional information that is application-dependent
n<quantity>NumberIndicates the number of times event occurs
fw_action<action>
<tag1>
Text/String

The explicit action performed on network traffic (packets) encountered by the firewall based on built-in or user-configured policies that may allow or drop packets.

Possible values are:

    • forward - packet is forwarded due to a matching policy or rule set
    • drop - packet is dropped due to a matching policy or rule set
    • mgmt - packet is a management packet, management policy will be applied
    • NA - not associated with a packet, firewall action is Not Applicable
uuidN/AN/AA universally unique identifier (UUID) is a 128-bit label that is unique within the SonicOS/X product platforms used to tag information objects.
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.