This section describes some dynamic metadata fields that apply to these protocols/applications:

This document will include more metadata field descriptions in the future. For additional fields not listed here, contact LogRhythm Support.

HTTP Field Names and Descriptions

FieldDescription

ClientAddr

The IP address of the traffic source.

Cookie

Full output of information stored by a server on a client’s system.

HeaderRaw

The raw header information included in packet transmission.

Host

Source of the HTTP session (for example, www.logrhythm.com).

Method

HTTP commands, such as GET, PUT, POST, etc.

MIMEType

The format or type of data sent over HTTP.

Referer

HTTP header field that identifies the address of the site that linked to the flow you are inspecting.

Server

Physical server that transmitted the HTTP traffic to the client.

ServerAddr

IP address of the server (destination) that transmitted the HTTP traffic to the client.

ServerAgent

Type of web service running on the destination server.

SessionPacketCounter

Number of packets received in the flow you are inspecting.

TimeStart

Time stamp that the flow started.

TimeEnd

Time stamp that the flow ended.

HTTPS Field Names and Descriptions

FieldDescription

ClientAddr

IP address of the traffic source.

CommonName

Name given by a company for its SSL certificate.

ServerAddr

IP address of the server (destination) that transmitted the HTTPS traffic to the client.

ServerName

Domain from where HTTPS traffic was transmitted. The #serverName field is particularly useful for HTTPS, because URL information is commonly not available for secure traffic.

SessionPacketCounter

Number of packets received in the flow you are inspecting.

SubjectAltName

Alternative host names protected by the site’s SSL certificate.

TimeStart

Time the flow started.

TimeStop

Time the flow ended.

SMTP Field Names and Descriptions

FieldDescription

AttachFilename

List of all attachments to an email message.

AttachSize

Total size of all attachments to an email message.

AttachTransferEncoding

Encoding mechanism used on the email message.

AttachType

Attachment type (for example, an image or PDF).

ClientAddr

IP address of the source mail server.

Duration

Time it took for the email to travel to its recipient.

MIMEType

The format or type of data in the content of the SMTP traffic.

RcvdDate

Date an email message was received by the recipient’s mail client.

If multiple recipients exist, you see multiple #receivedDate values.

Receiver

Email recipient.

SenderAlias

Email alias of the sender as defined in the source mail server.

SenderDomain

Domain of the sender as reported by the source mail server.

SenderEmail

Email address of the sender.

Server

Mail server of the destination of an email message.

ServerAddr

IP address of the destination mail server.

ServerResp

Communication sent from destination mail server, including response code.

Subject

Actual subject line of the email message.

TimeStart

Time email transfer began.

TimeStop

Time email transfer ended.

SMB (Samba) Field Names and Descriptions

FieldDescription

Callee

Domain of the destination of Samba traffic.

Caller

Host name of the source system generating traffic over Samba.

ClientAddr

IP address of the source system generating traffic over Samba.

CommandString

Command string returned from Samba.

Filename

If file transfer occurred over Samba, the name of the file is reported here.

FileSize

If file transfer occurred over Samba, the size of the file is reported here.

Path

If file transfer occurred over Samba, the network path is reported here.

ServerAddr

IP address of the destination of Samba traffic.

SessionPacketCounter

Number of packets transferred during this Samba session.

TimeStart

Time Samba session began.

TimeStop

Time Samba session ended.