V 2.0 Authentication Messages 1

V 2.0 Authentication Messages

Base Rule

General Authentication Event

Type (type)

<vmid>

Text/String

Specifies the type of log; value is AUTHENTICATION.

Threat/Content Type (subtype)

<vendorinfo>

Text/String

Subtype of the system log

Source IP (ip)

<sip>

Number

Original session source IP address.

User (user)

<login>

Text/String

End user being authenticated

Object (object)

<object>

Text/String

Name of the object associated with the system event.

Authentication Policy (authpolicy)

<policy>

Text/String

Policy invoked for authentication before allowing access to a protected resource.

Repeat Count (repeatcnt)

<quantity>

Number

Number of sessions with same Source IP, Destination IP, Application, and Subtype seen within 5 seconds.

Log Action (logset)

<action>

Text/String

Log Forwarding Profile that was applied to the session.

Description (desc)

<subject>

Text/String

Additional authentication information.

Event Type (event)

<result>

Text/String

Result of the authentication attempt.

Device Name (device_name)

<objectname>

Text/String

The hostname of the firewall on which the session was logged.

Authentication Protocol (authproto)

<protname>

Text/String

Indicates the authentication protocol used by the server. For example, PEAP with GTC.

Source Hostname (src_host)

<sname>

Text/String

The hostname of the device that Device-ID identifies as the source of the traffic.

Source MAC Address (src_mac)

<smac>

Text/String

The MAC address for the device that Device-ID identifies as the source of the traffic.

User Agent (user_agent)

<useragent>

Text/String

The string from the HTTP request header User-Agent.

Session ID

<session>

Number

A string that uniquely identifies the traffic session.