Skip to main content
Skip table of contents

V 2.0 : VPN-1 & Firewall-1 Events

Vendor Documentation

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk122323

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk144192

Classification

Rule NameRule TypeCommon EventClassification
V 2.0 : VPN-1 & FireWall-1 EventsBase RuleGeneral Network TrafficNetwork Traffic
V 2.0 : Firewall Message DroppedSub RuleTraffic Denied by Network FirewallNetwork Deny
V 2.0 : Firewall Message RejectedSub RuleTraffic Denied by Network FirewallNetwork Deny
V 2.0 : Firewall Message AcceptedSub RuleTraffic Allowed by Network FirewallNetwork Allow
V 2.0 : Firewall Message BlockedSub RuleTraffic Denied by Network FirewallNetwork Deny
V 2.0 : Firewall Message AllowedSub RuleTraffic Allowed by Network FirewallNetwork Allow

Mapping with LogRhythm Schema

Device Key in Log MessageLogRhythm SchemaData TypeSchema Description
virtuallogsourceN/AN/AN/A
SubproductN/AN/ACan be VPN or non-VPN
Product<vmid>Text/StringProduct name
OriginipN/AN/AIP of the log origin 
originN/AN/AName of the first Security Gateway that reported this event
Action<action>
<tag1>		Text/StringAction of matched rule
Possible values:
Drop
Reject
Accept
Encrypt
Decrypt
Authorize
Deauthorize
Bypass
Block
Detect
Do not send
Allow
Ask User
Extract
SIP<sip>IP AddressSource IP
SPort<sport>NumberSource host port number
DIP<dip>IP AddressDestination IP
dport<dport>NumberDestination port
protocol<protnum>NumberProtocol detected on the connection
ifname<sinterface>Text/StringThe name of the Security Gateway interface through which a connection traverses
ifdirectionN/AN/AConnection direction
Reason<reason>Text/StringInformation on the error occurred
RuleN/AN/AMatched rule number
InfoN/AN/ARule information on the blocked diameter CMD
XlateSIP<snatip>IP AddressSource ipv4 after applying NAT
XlateSport<snatport>NumberSource port after applying hide NAT on source IP
XlateDIP<dnatip>IP AddressDestination ipv4 after applying NAT
XlateDPort<dnatport>NumberDestination port after applying NAT
User<login>Text/StringSource user name
alertN/AN/AAlert level of matched rule (for connection logs)
sys_msgsN/AN/AN/A
sys_messageN/AN/AN/A
rule_uidN/AN/AAccess policy rule ID on which the connection was matched
icmp_codeN/AN/AIn case a connection is ICMP, the ICMP code info will be added to the log
icmp_typeN/AN/AIn case a connection is ICMP, the type info will be added to the log
matched_categoryN/AN/AName of matched category
rule_nameN/AN/AAccess rule name
OriginZoneN/AN/AIndicates whether the source zone is internal or external 
ImpactedZoneN/AN/AIndicates whether the destination zone is internal or external
PolicyManagementN/AN/AName of the Management Server that manages this Security Gateway
PolicyNameN/AN/AName of the last policy that this Security Gateway fetched
ServiceN/AN/AConnection destination int/service int
StateN/AN/AN/A
TCP_FlagsN/AN/ATCP packet flags (SYN, ACK, etc.,)
timeN/AN/AThe time stamp when the log was created
flagsN/AN/ACheck Point internal field
loguidN/AN/AUUID of unified logs 
originsicnameN/AN/AMachine SIC 
sequencenumN/AN/ANumber added to order logs with the same Linux timestamp and origin
versionN/AN/AN/A
__policy_id_tag<policy>Text/StringCheck Point internal field
bytes N/AN/AN/A
client_inbound_bytes<bytesin>NumberN/A
client_inbound_interfaceN/AN/AN/A
client_inbound_packets<packetsin>NumberN/A
client_outbound_bytes<bytesout>NumberN/A
client_outbound_interfaceN/AN/AN/A
client_outbound_packets<packetsout>NumberN/A
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close