|
|
|
|
|
Message Type. The following table explains the details of each item in a violation log.
|
Log Item
|
Description
|
Example
|
|---|---|---|
|
Time
|
Date and time when recorded
|
2014-02-11 22:51:00
|
|
Message Type
|
Anti-malware/Anti-spam/Anti-APT/Anti-DoS/Anti-APT/WRS/IPS/Botnet/C&C Contact
Alert/Blocked file extensions/HTTP Cert Error/Client Cert Error
|
Anti-Malware
|
|
User Name
|
The user account if Deep Edge is configured as
LDAP or Local User authentication. Otherwise, it will be the Client IP address
|
Lily
Jerry
|
|
Group Name
|
The group name of authenticated user (Default is empty)
|
English-Club
|
|
URL
|
URL visited by clients, if applicable
|
u034024.778669.com/
|
|
Client IP
|
Source IP address
|
192.168.1.101
|
|
Server IP
|
Destination IP address
|
192.168.1.119
10.64.1.55
|
|
Domain
|
The domain visited by clients, if applicable
|
www.google.com
|
|
URL Category
|
The URL Category name identified by Deep Edge
|
Shopping
Spyware
|
|
File Name
|
The file name downloaded by clients if applicable
|
eicar.zip
|
|
Malware Name
|
The virus name blocked by an Anti-Malware scan
|
Eicar
|
|
Action
|
Block/Monitor
|
Block
|
|
Policy Name
|
The security policy name for traffic control
|
Default
known-user
|
|
WRS Score
|
The score of URL queried by WRS, if applicable. The scope is 0 ~ 100. A higher
value has a better reputation.
|
49
|
|
Source Port
|
Port Number
|
42074
39199
|
|
Destination Port
|
Port Number
|
53
80
|
|
IPS Rule
|
The IPS rule name if it is triggered by IPS Scan
|
--
|
|
ERS Category
|
1 = blocked by ERS; 0 = otherwise
|
0
|
|
Mail Sender
|
The message traffic mail sender. Default is empty.
|
--
|
|
Mail Receiver
|
The message traffic mail recipient. Default is empty.
|
--
|
|
Mail Subject
|
The message traffic mail subject. Default is empty.
|
--
|
|
Transfer Protocol
|
TCP/UDP/ICMP/ICMPv6
|
TCP
|
|
App Name
|
The application name identified by Deep Edge
|
DNS
HTTP
Sina Weibo
|
|
App Attribute Name
|
The granular application name
|
Sina Weibo-Post Message
|