This topic describes the fields of Internet traffic log entries.

Log field Description
__topic__ The topic of a log entry. Valid value: cloudfirewall_access_log.
log_type The type of a log entry. Valid value: internet_log. This value indicates an Internet traffic log entry.
aliuid The ID of an Alibaba Cloud account.
app_name The name of the protocol over which an application is accessed. The value can be any protocol, such as HTTPS, NTP, SIP, SMB, NFS, or DNS. If the protocol is unknown, the value is displayed as Unknown.
direction The direction of Internet traffic. Valid values:
  • in: inbound traffic
  • out: outbound traffic
domain The domain name of a destination server.
dst_ip The IP address of a destination server.
dst_port The destination port.
end_time The time when a session ends. Unit: seconds (UNIX timestamp).
in_bps The rate of inbound traffic. Unit: bit/s.
in_packet_bytes The total size of inbound packets. Unit: bytes.
in_packet_count The total number of inbound packets.
in_pps The rate of inbound packets. Unit: packet/s.
ip_protocol The type of an IP protocol. Valid values: TCP and UDP.
out_bps The rate of outbound traffic. Unit: bit/s.
out_packet_bytes The total size of outbound packets. Unit: bytes.
out_packet_count The total number of outbound packets.
out_pps The rate of outbound packets. Unit: packet/s.
region_id The region from which access traffic is originated, for example, cn-beijing.
rule_result The result of how an access policy processes Internet traffic. Valid values:
  • pass
  • alert
  • drop
src_ip The IP address of a source server.
src_port The source port.
start_time The time when a session starts. Unit: seconds (UNIX timestamp).
start_time_min The time when a session starts. The value of this field is rounded up to the next minute. Unit: seconds (UNIX timestamp).
tcp_seq The sequence number of a TCP segment.
total_bps The total rate of inbound and outbound packets. Unit: bit/s.
total_packet_bytes The total size of inbound and outbound packets. Unit: bytes.
total_packet_count The total number of packets.
total_pps The total rate of inbound and outbound packets. Unit: packet/s.
src_private_ip The private IP address of a source server.
vul_level The risk level of a vulnerability. Valid values:
  • 1: low
  • 2: moderate
  • 3: high
url The URL of a resource that is accessed.
acl_rule_id The ID of an access control list (ACL) policy that is matched.
ips_rule_id The ID of an intrusion prevention system (IPS) policy that is matched.
ips_ai_rule_id The ID of an intelligent policy that is matched.