Application-Related Fields in the Query Data
This section describes some dynamic metadata fields that apply to these protocols/applications:
This document will include more metadata field descriptions in the future. For additional fields not listed here, contact LogRhythm Support.
HTTP Field Names and Descriptions
| Field | Description |
|---|---|
ClientAddr | The IP address of the traffic source. |
Cookie | Full output of information stored by a server on a client’s system. |
HeaderRaw | The raw header information included in packet transmission. |
Host | Source of the HTTP session (for example, www.logrhythm.com). |
Method | HTTP commands, such as GET, PUT, POST, etc. |
MIMEType | The format or type of data sent over HTTP. |
Referer | HTTP header field that identifies the address of the site that linked to the flow you are inspecting. |
Server | Physical server that transmitted the HTTP traffic to the client. |
ServerAddr | IP address of the server (destination) that transmitted the HTTP traffic to the client. |
ServerAgent | Type of web service running on the destination server. |
SessionPacketCounter | Number of packets received in the flow you are inspecting. |
TimeStart | Time stamp that the flow started. |
TimeEnd | Time stamp that the flow ended. |
HTTPS Field Names and Descriptions
| Field | Description |
|---|---|
ClientAddr | IP address of the traffic source. |
CommonName | Name given by a company for its SSL certificate. |
ServerAddr | IP address of the server (destination) that transmitted the HTTPS traffic to the client. |
ServerName | Domain from where HTTPS traffic was transmitted. The #serverName field is particularly useful for HTTPS, because URL information is commonly not available for secure traffic. |
SessionPacketCounter | Number of packets received in the flow you are inspecting. |
SubjectAltName | Alternative host names protected by the site’s SSL certificate. |
TimeStart | Time the flow started. |
TimeStop | Time the flow ended. |
SMTP Field Names and Descriptions
| Field | Description |
|---|---|
AttachFilename | List of all attachments to an email message. |
AttachSize | Total size of all attachments to an email message. |
AttachTransferEncoding | Encoding mechanism used on the email message. |
AttachType | Attachment type (for example, an image or PDF). |
ClientAddr | IP address of the source mail server. |
Duration | Time it took for the email to travel to its recipient. |
MIMEType | The format or type of data in the content of the SMTP traffic. |
RcvdDate | Date an email message was received by the recipient’s mail client.
If multiple recipients exist, you see multiple #receivedDate values.
|
Receiver | Email recipient. |
SenderAlias | Email alias of the sender as defined in the source mail server. |
SenderDomain | Domain of the sender as reported by the source mail server. |
SenderEmail | Email address of the sender. |
Server | Mail server of the destination of an email message. |
ServerAddr | IP address of the destination mail server. |
ServerResp | Communication sent from destination mail server, including response code. |
Subject | Actual subject line of the email message. |
TimeStart | Time email transfer began. |
TimeStop | Time email transfer ended. |
SMB (Samba) Field Names and Descriptions
| Field | Description |
|---|---|
Callee | Domain of the destination of Samba traffic. |
Caller | Host name of the source system generating traffic over Samba. |
ClientAddr | IP address of the source system generating traffic over Samba. |
CommandString | Command string returned from Samba. |
Filename | If file transfer occurred over Samba, the name of the file is reported here. |
FileSize | If file transfer occurred over Samba, the size of the file is reported here. |
Path | If file transfer occurred over Samba, the network path is reported here. |
ServerAddr | IP address of the destination of Samba traffic. |
SessionPacketCounter | Number of packets transferred during this Samba session. |
TimeStart | Time Samba session began. |
TimeStop | Time Samba session ended. |