Skip to main content
Skip table of contents

V 2.0 : Traffic : Forward : VMID13

Vendor Documentation

Classification

Rule Name

Rule Type

Common Event

Classification

V 2.0: 13_Forward Traffic Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

V 2.0: 13_Forward Traffic Client-rst

Sub Rule

Connection Reset

Network Traffic

V 2.0: 13_Forward Traffic Servert-rst

Sub Rule

Connection Reset

Network Traffic

V 2.0: 13_Local Traffic Session Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

V 2.0: 13_Traffic Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

V 2.0: 13_Traffic Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

V 2.0: 13_Traffic Reset

Sub Rule

Connection Reset

Network Traffic

V 2.0: 13_Traffic Session Denied

Sub Rule

Traffic Denied by Network Firewall

Network Deny

V 2.0: 13_Traffic Session Started

Sub Rule

Network Session Created

Network Traffic

V 2.0: 13_Traffic Session Timeout

Sub Rule

Session Timeout

Warning

V 2.0: Traffic: Forward: VMID13

Base Rule

Traffic Allowed by Network Firewall

Network Allow

Mapping with LogRhythm Schema

Device Key in Log Message

LogRhythm Schema

Data Type

Schema Description

Device Key in Log Message

LogRhythm Schema

Data Type

Schema Description

date

N/A

N/A

The date of the event.

time

N/A

N/A

The time of the event.

logid

<vmid>

Number

The log ID.

type

<vendorinfo>

Text/String

The type of event.

subtype

N/A

N/A

The subtype of the event.

level

<severity>

Text/String

The level of the event.

vd

N/A

N/A

The virtual domain.

eventtime

N/A

N/A

The event time in epoch format.

srcip

<sip>

IP Address

The source IP address.

srcport

<sport>

Number

The source port.

srcintf

<sinterface>

Text/String

The source interface.

srcintfrole

N/A

N/A

The role of the source interface.

dstip

<dip>

IP Address

The destination IP address.

dstport

<dport>

Number

The destination port.

dstintf

<dinterface>

Text/String

The destination interface.

dstintfrole

N/A

N/A

The role of the destination interface.

srcuuid

N/A

N/A

The source UUID.

dstuuid

N/A

N/A

The destination UUID.

poluuid

N/A

N/A

The policy UUID.

sessionid

<session>

Number

The session ID.

proto

<protnum>

Number

The protocol.

action

<action>
<tag1>

Text/String

The action, taken by the firewall.

policyid

<policy>

Number

The policy ID.

policytype

N/A

N/A

The type of policy.

service

<protname>

Text/String

The service.

dstcountry

N/A

N/A

The destination country.

srccountry

N/A

N/A

The source country.

trandisp

N/A

N/A

The traffic disposition.

transip

<snatip>

IP Address

The translated IP address.

transport

<snatport>

Number

The transport.

appid

<object>

Number

The application ID.

app

<objectname>

Text/String

The application.

appcat

<objecttype>

Text/String

The application category.

apprisk

<threatname>

Text/String

The application risk.

applist

N/A

N/A

The application list.

duration

<seconds>

Number

The duration of the event.

sentbyte

<bytesin>

Number

The number of sent bytes.

rcvdbyte

<bytesout>

Number

The number of received bytes.

sentpkt

<packetsin>

Number

The number of sent packets.

rcvdpkt

<packetsout>

Number

The number of received packets.

utmaction

<status>
<tag2>

Text/String

The UTM action.

countapp

<quantity>

Number

The number of applications.

osname

N/A

N/A

The operating system name.

mastersrcmac

N/A

N/A

The master source MAC address.

srcmac

<smac>

Text/String

The source MAC address.

dstmac

<dmac>

Text/String

The destination MAC address.

user

<login>

<domainorigin>

Text/String

User name

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.