This topic describes the fields of the log entries for Internet traffic.

Log field Description
__topic__ The topic of a log entry. Valid value: cloudfirewall_access_log.
log_type The type of a log entry. Valid value: internet_log. This value indicates a log entry for Internet traffic.
aliuid The ID of an Alibaba Cloud account.
app_name The name of the protocol over which an application is accessed. The value can be HTTPS, NTP, SIP, SMB, NFS, or DNS. If the protocol is unknown, the value Unknown is displayed.
direction The direction of Internet traffic. Valid values:
  • in: inbound traffic
  • out: outbound traffic
domain The domain name of a destination server.
dst_ip The IP address of a destination server.
dst_port The destination port.
end_time The time when a session ends. The value is a UNIX timestamp. Unit: seconds.
in_bps The rate of inbound traffic. Unit: bit/s.
in_packet_bytes The total size of inbound packets. Unit: bytes.
in_packet_count The total number of inbound packets.
in_pps The rate of inbound packets. Unit: packet/s.
ip_protocol The type of an IP protocol. Valid values: TCP and UDP.
out_bps The rate of outbound traffic. Unit: bit/s.
out_packet_bytes The total size of outbound packets. Unit: bytes.
out_packet_count The total number of outbound packets.
out_pps The rate of outbound packets. Unit: packet/s.
region_id The region from which access traffic is originated, for example, cn-beijing.
rule_result The result of how an access policy processes Internet traffic. Valid values:
  • pass
  • alert
  • drop
src_ip The IP address of a source server.
src_port The source port of a host that sends traffic data.
start_time The time when a session starts. The value is a UNIX timestamp. Unit: seconds.
start_time_min The time when a session starts. The value is a UNIX timestamp. The value is rounded up to the next minute. Unit: seconds.
tcp_seq The sequence number of a TCP segment.
total_bps The total rate of inbound and outbound packets. Unit: bit/s.
total_packet_bytes The total size of inbound and outbound packets. Unit: bytes.
total_packet_count The total number of packets.
total_pps The total rate of inbound and outbound packets. Unit: packet/s.
src_private_ip The private IP address of a source server.
vul_level The risk level of a vulnerability. Valid values:
  • 1: low
  • 2: medium
  • 3: high
url The URL of a resource that is accessed.
acl_rule_id The ID of an access control list (ACL) policy that is matched.
ips_rule_id The ID of an intrusion prevention system (IPS) policy that is matched.
ips_ai_rule_id The ID of an intelligent policy that is matched.
ips_rule_name The Chinese name of an IPS that is matched.
ips_rule_name_en The name of an IPS that is matched.
attack_type_name The Chinese name of an attack type.
attack_type_name_en The name of an attack type.