Skip to main content
Skip table of contents

User Activity Events

Vendor Documentation


Rule NameRule TypeClassificationCommon Event
User Activity EventsBase RuleGeneral User Activity Monitor Event
Packet ForwardedSub RuleInformationForwarding Data
Packet DroppedSub RuleWarningRequest Dropped
Management PacketSub RuleInformationManagement Pack Received
No Packet AssociatedSub RuleInformationGeneral Information Log Message

Mapping with LogRhythm Schema

Device Key in Log MessageLogRhthm SchemaData TypeSchema Description
sn<serialnumber>NumberIndicates the device serial number
timeN/AN/AReports the time of event
fwN/AN/AIndicates the WAN IP Address
pri<severity>NumberDisplays the event priority level (0=emergency, 7=debug)
c<vmid>NumberIndicates the legacy category number (Note: SonicOS/X does not currently send new category information)
gcatN/AN/ADisplay event group category when using Enhanced Syslog
mN/AN/AProvides the message ID number
msg<vendorinfo>Text/StringDisplays the message which is composed of either or both a predefined message and a dynamic message containing a string %s or numeric %d argument
IP Address
Indicates the source IP address, and optionally, port, network interface, and resolved name
IP Address
Destination IP address, and optionally, port, network interface, and resolved name
proto<protname>NumberDisplays the protocol information (rendered as “proto=[protocol]” or just “[proto]/[service]”)
dur<duration>NumberDisplays the connection duration in seconds; pertains to the activity time of an authenticated user session (such as logout messages)
note<subject>Text/StringAdditional information that is application-dependent
n<quantity>NumberIndicates the number of times event occurs

The explicit action performed on network traffic (packets) encountered by the firewall based on built-in or user-configured policies that may allow or drop packets.

Possible values are:

    • forward - packet is forwarded due to a matching policy or rule set
    • drop - packet is dropped due to a matching policy or rule set
    • mgmt - packet is a management packet, management policy will be applied
    • NA - not associated with a packet, firewall action is Not Applicable
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.