All Products
Search
Document Center

Simple Log Service:Log fields

Last Updated:Feb 29, 2024

This topic describes the fields of the log entries for Internet traffic.

Log field

Description

__topic__

The topic of a log entry. Valid value: cloudfirewall_access_log.

log_type

The type of a log entry. Valid value: internet_log. This value indicates a log entry for Internet traffic.

aliuid

The ID of an Alibaba Cloud account.

app_name

The name of the protocol over which an application is accessed. The value can be HTTPS, NTP, SIP, SMB, NFS, or DNS. If the protocol is unknown, the value Unknown is displayed.

direction

The direction of Internet traffic. Valid values:

  • in: inbound

  • out: outbound

domain

The domain name of a destination server.

dst_ip

The IP address of a destination server.

dst_port

The destination port.

end_time

The time when a session ends. The value is a UNIX timestamp. Unit: seconds.

in_bps

The rate of inbound traffic. Unit: bit/s.

in_packet_bytes

The total size of inbound packets. Unit: bytes.

in_packet_count

The total number of inbound packets.

in_pps

The rate of inbound packets. Unit: packet/s.

ip_protocol

The type of an IP protocol. Valid values: TCP and UDP.

out_bps

The rate of outbound traffic. Unit: bit/s.

out_packet_bytes

The total size of outbound packets. Unit: bytes.

out_packet_count

The total number of outbound packets.

out_pps

The rate of outbound packets. Unit: packet/s.

region_id

The region from which access traffic is originated, for example, cn-beijing.

rule_result

The result of how an access policy processes Internet traffic. Valid values:

  • pass

  • alert

  • drop

src_ip

The IP address of a source server.

src_port

The source port. A host sends traffic data from this port.

start_time

The time when a session starts. The value is a UNIX timestamp. Unit: seconds.

start_time_min

The time when a session starts. The value is a UNIX timestamp. The value is rounded up to the next minute. Unit: seconds.

tcp_seq

The sequence number of a TCP segment.

total_bps

The total rate of inbound and outbound packets. Unit: bit/s.

total_packet_bytes

The total size of inbound and outbound packets. Unit: bytes.

total_packet_count

The total number of packets.

total_pps

The total rate of inbound and outbound packets. Unit: packet/s.

src_private_ip

The private IP address of a source server.

vul_level

The risk level of a vulnerability. Valid values:

  • 1: low

  • 2: medium

  • 3: high

url

The URL of a resource that is accessed.

acl_rule_id

The ID of an access control list (ACL) policy that is matched.

ips_rule_id

The ID of an intrusion prevention system (IPS) policy that is matched.

ips_ai_rule_id

The ID of an intelligent policy that is matched.

ips_rule_name

The Chinese name of an IPS policy that is matched.

ips_rule_name_en

The English name of an IPS policy that is matched.

attack_type_name

The Chinese name of an attack type.

attack_type_name_en

The English name of an attack type.