This topic describes the fields of Internet access logs in Cloud Firewall (CFW).

Log field Description
__topic__ The topic of a log entry. Valid value: cloudfirewall_access_log.
owner_id The ID of an Alibaba Cloud account.
log_type The type of a log entry.
app_name The name of the protocol over which an application is accessed. The value can be HTTPS, NTP, SIP, SMB, NFS, or DNS. If the protocol is unknown, the value Unknown is displayed.
direction The direction of Internet traffic. Valid values:
  • in: inbound traffic
  • out: outbound traffic
domain The domain name of a destination server.
dst_ip The IP address of a destination server.
dst_port The destination port.
end_time The time when a session ends. The value is a UNIX timestamp. Unit: seconds.
in_bps The rate of inbound traffic. Unit: bit/s.
in_packet_bytes The total size of inbound packets. Unit: bytes.
in_packet_count The total number of inbound packets.
in_pps The rate of inbound packets. Unit: packet/s.
ip_protocol The type of an IP protocol. Valid values: TCP and UDP.
out_bps The rate of outbound traffic. Unit: bit/s.
out_packet_bytes The total size of outbound traffic. Unit: bytes.
out_packet_count The total number of outbound packets.
out_pps The rate of outbound packets. Unit: packet/s.
region_id The region from which access traffic originates.
rule_result The result of how an access policy processes Internet traffic. Valid values:
  • pass: Data packets are allowed to pass Cloud Firewall.
  • alert: An alert is triggered when data packets attempt to pass Cloud Firewall.
  • drop: Data packets are dropped.
src_ip The IP address of a source server.
src_port The source port of a host that sends traffic data.
start_time The time when a session ends. The value is a UNIX timestamp. Unit: seconds.
start_time_min The time when a session starts. The value is a UNIX timestamp. The value is rounded up to the next minute. Unit: seconds.
tcp_seq The sequence number of a TCP segment.
total_bps The total rate of inbound and outbound packets. Unit: bit/s.
total_packet_bytes The total size of inbound and outbound packets. Unit: bytes.
total_packet_count The total number of packets.
total_pps The total rate of inbound and outbound packets. Unit: packet/s.
src_private_ip The private IP address of a source server.
vul_level The risk level of a vulnerability. Valid values:
  • 1: low
  • 2: medium
  • 3: high
url The URL of a resource that is accessed.
acl_rule_id The ID of an access control list (ACL) policy that is matched.
ips_rule_id The ID of an intrusion prevention system (IPS) policy that is matched.
ips_ai_rule_id The ID of an intelligent policy that is matched.
ips_rule_name The Chinese name of an IPS that is matched.
ips_rule_name_en The name of an IPS that is matched.
attack_type_name The Chinese name of an attack type.
attack_type_name_en The name of an attack type.