Internet Security Logs Parent topic

Deep Edge Internet Security logs are categorized by eleven types of violation logs identified by Message Type. The following table explains the details of each item in a violation log.
Log Item
Description
Example
Time
Date and time when recorded
2014-02-11 22:51:00
Message Type
Anti-malware/Anti-spam/Anti-APT/Anti-DoS/Anti-APT/WRS/IPS/Botnet/C&C Contact Alert/Blocked file extensions/HTTP Cert Error/Client Cert Error
Anti-Malware
User Name
The user account if Deep Edge is configured as LDAP or Local User authentication. Otherwise, it will be the Client IP address
Lily
Jerry
Group Name
The group name of authenticated user (Default is empty)
English-Club
URL
URL visited by clients, if applicable
u034024.778669.com/
Client IP
Source IP address
192.168.1.101
Server IP
Destination IP address
192.168.1.119
10.64.1.55
Domain
The domain visited by clients, if applicable
www.google.com
URL Category
The URL Category name identified by Deep Edge
Shopping
Spyware
File Name
The file name downloaded by clients if applicable
eicar.zip
Malware Name
The virus name blocked by an Anti-Malware scan
Eicar
Action
Block/Monitor
Block
Policy Name
The security policy name for traffic control
Default
known-user
WRS Score
The score of URL queried by WRS, if applicable. The scope is 0 ~ 100. A higher value has a better reputation.
49
Source Port
Port Number
42074
39199
Destination Port
Port Number
53
80
IPS Rule
The IPS rule name if it is triggered by IPS Scan
--
ERS Category
1 = blocked by ERS; 0 = otherwise
0
Mail Sender
The message traffic mail sender. Default is empty.
--
Mail Receiver
The message traffic mail recipient. Default is empty.
--
Mail Subject
The message traffic mail subject. Default is empty.
--
Transfer Protocol
TCP/UDP/ICMP/ICMPv6
TCP
App Name
The application name identified by Deep Edge
DNS
HTTP
Sina Weibo
App Attribute Name
The granular application name
Sina Weibo-Post Message