Skip to main content
Skip table of contents

V 2.0 : URL Filtering Events

Vendor Documentation


Rule NameRule TypeCommon EventClassification
V 2.0 : URL Filtering EventsBase RuleGeneral Network TrafficNetwork Traffic
V 2.0 : URL Filtering : AcceptSub RuleTraffic Allowed by ProxyNetwork Allow
V 2.0 : URL Filtering : AllowSub RuleTraffic Allowed by ProxyNetwork Allow
V 2.0 : URL Filtering : RejectSub RuleTraffic Denied by ProxyNetwork Deny

Mapping with LogRhythm Schema

Device Key in Log MessageLogRhythm SchemaData TypeSchema Description
subproductN/AN/ACan be VPN or non-VPN
Product<vmid>Text/StringProduct name
OriginipN/AN/AIP of the log origin 
originN/AN/AName of the first Security Gateway that reported this event
SIP<sip>IP AddressSource IP
SPort<sport>NumberSource host port number
DIP<dip>IP AddressDestination IP
dport<dport>NumberDestination host port number
protocol<protnum>NumberProtocol detected on the connection
ifname<sinterface>Text/StringThe name of the Security Gateway interface through which a connection traverses
Reason<reason>Text/StringInformation on the error occurred
RuleN/AN/AMatched rule number
InfoN/AN/ARule information on the blocked diameter CMD
XlateSIP<snatip>IP AddressSource ipv4 after applying NAT
XlateSport<snatport>NumberSource port after applying hide NAT on source IP
XlateDIP<dnatip>IP AddressDestination ipv4 after applying NAT
XlateDPort<dnatport>NumberDestination port after applying NAT
rule_uidN/AN/AAccess policy rule ID which the connection was matched on
UrlN/AN/AMatched URL
UserN/AN/ASource user name
matched_categoryN/AN/AName of matched category
app_rule_nameN/AN/ARule name
web_client_typeN/AN/AWeb client detected in the HTTP request (e.g., Chrome)
web_server_typeN/AN/AWeb server detected in the HTTP response
app_risk<severity>NumberApplication risk
Possible values:
0 - Unknown
1 - Very Low
2 - Low
3 - Medium
4 - High
5 - Critical
appi_name<process>Text/StringApplication name
app_descN/AN/AApplication description
app_idN/AN/AApplication ID
app_properties<subject>Text/StringApplication categories
src_machine_name<sname>Text/StringMachine name connected to source IP
src_user_name<login>Text/StringUser name connected to source IP
proxy_src_ipN/AN/ASender source IP (even when using proxy)
received_bytes<bytesout>NumberNumber of bytes received during connection
sent_bytes<bytesin>NumberNumber of bytes sent during the connection
timeN/AN/AThe time stamp when the log was created
alertN/AN/AAlert level of matched rule (for connection logs)
flagsN/AN/ACheckpoint internal field
loguidN/AN/AUUID of unified logs 
sequencenumN/AN/ANumber added to order logs with the same Linux timestamp and origin
__policy_id_tag<policy>Text/StringCheck Point internal field
app_rule_idN/AN/ARule number
app_sig_idN/AN/AThe signature ID by which the application was detected
origin_sic_nameN/AN/AMachine SIC 
ticket_idN/AN/AUnique ID per file
usercheck_incident_uidN/AN/AUserCheck incident ID
resource<url>Text/String/NumberResource from the HTTP request
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.