This section describes some dynamic metadata fields that apply to these protocols/applications:
This document will include more metadata field descriptions in the future. For additional fields not listed here, contact LogRhythm Support.
HTTP Field Names and Descriptions
|
Field |
Description |
|---|---|
|
ClientAddr |
The IP address of the traffic source. |
|
Cookie |
Full output of information stored by a server on a client’s system. |
|
HeaderRaw |
The raw header information included in packet transmission. |
|
Host |
Source of the HTTP session (for example, www.logrhythm.com). |
|
Method |
HTTP commands, such as GET, PUT, POST, etc. |
|
MIMEType |
The format or type of data sent over HTTP. |
|
Referer |
HTTP header field that identifies the address of the site that linked to the flow you are inspecting. |
|
Server |
Physical server that transmitted the HTTP traffic to the client. |
|
ServerAddr |
IP address of the server (destination) that transmitted the HTTP traffic to the client. |
|
ServerAgent |
Type of web service running on the destination server. |
|
SessionPacketCounter |
Number of packets received in the flow you are inspecting. |
|
TimeStart |
Time stamp that the flow started. |
|
TimeEnd |
Time stamp that the flow ended. |
HTTPS Field Names and Descriptions
|
Field |
Description |
|---|---|
|
ClientAddr |
IP address of the traffic source. |
|
CommonName |
Name given by a company for its SSL certificate. |
|
ServerAddr |
IP address of the server (destination) that transmitted the HTTPS traffic to the client. |
|
ServerName |
Domain from where HTTPS traffic was transmitted. The #serverName field is particularly useful for HTTPS, because URL information is commonly not available for secure traffic. |
|
SessionPacketCounter |
Number of packets received in the flow you are inspecting. |
|
SubjectAltName |
Alternative host names protected by the site’s SSL certificate. |
|
TimeStart |
Time the flow started. |
|
TimeStop |
Time the flow ended. |
SMTP Field Names and Descriptions
|
Field |
Description |
|---|---|
|
AttachFilename |
List of all attachments to an email message. |
|
AttachSize |
Total size of all attachments to an email message. |
|
AttachTransferEncoding |
Encoding mechanism used on the email message. |
|
AttachType |
Attachment type (for example, an image or PDF). |
|
ClientAddr |
IP address of the source mail server. |
|
Duration |
Time it took for the email to travel to its recipient. |
|
MIMEType |
The format or type of data in the content of the SMTP traffic. |
|
RcvdDate |
Date an email message was received by the recipient’s mail client. If multiple recipients exist, you see multiple #receivedDate values.
|
|
Receiver |
Email recipient. |
|
SenderAlias |
Email alias of the sender as defined in the source mail server. |
|
SenderDomain |
Domain of the sender as reported by the source mail server. |
|
SenderEmail |
Email address of the sender. |
|
Server |
Mail server of the destination of an email message. |
|
ServerAddr |
IP address of the destination mail server. |
|
ServerResp |
Communication sent from destination mail server, including response code. |
|
Subject |
Actual subject line of the email message. |
|
TimeStart |
Time email transfer began. |
|
TimeStop |
Time email transfer ended. |
SMB (Samba) Field Names and Descriptions
|
Field |
Description |
|---|---|
|
Callee |
Domain of the destination of Samba traffic. |
|
Caller |
Host name of the source system generating traffic over Samba. |
|
ClientAddr |
IP address of the source system generating traffic over Samba. |
|
CommandString |
Command string returned from Samba. |
|
Filename |
If file transfer occurred over Samba, the name of the file is reported here. |
|
FileSize |
If file transfer occurred over Samba, the size of the file is reported here. |
|
Path |
If file transfer occurred over Samba, the network path is reported here. |
|
ServerAddr |
IP address of the destination of Samba traffic. |
|
SessionPacketCounter |
Number of packets transferred during this Samba session. |
|
TimeStart |
Time Samba session began. |
|
TimeStop |
Time Samba session ended. |