Skip to content

Checkpoint Security Gateways

Description

Constructor : Checkpoint

Product : Security Gateways

Theoretical injector performance

N/A

Log Sample

1
time=20Feb2016 10:43:15|action=accept|orig=10.10.1.4|i/f_dir=inbound|i/f_name=bond2.1001|has_accounting=0|uuid=<54e701b3,00000004,6f0410ac,c0001801>|product=VPN-1 & FireWall-1|inzone=Internal|outzone=Internal|rule=80|rule_uid={D5FA20F6-872C-4466-AE48-DE7436C46FD0}|service_id=LDAP|src=10.10.62.46|s_port=61440|dst=10.10.16.33|service=389|proto=tcp|src_machine_name=system1@group.local|snid=f5214a3f|dst_user_name=AAAAten Hozee (A006416f6)(+)|dst_machine_name=system1@group.local|__policy_id_tag=product=VPN-1 & FireWall-1[db_tag={4C813D35-DA2C-454A-A671-2E1E624DDB84};mgmt=system1.ct.company;date=1424419903;policy_name=Policy_compan.ct.|origin_sic_name=CN=fwvsx-dc-a_vs-fw8,O=system1.ct.company.4diss6

Normalized fields

Constructor field LMC field
action [action]
appi_name [app][name]
proto [app][proto][name]
client_outbound_interface [init][host][if]
i_f_name [init][host][if]
src_machine_name [init][host][name]
inzone [init][group][name]
xlatesport [init][host][nat][port]
xlatesrc [init][host][nat][ip]
s_port [init][host][port]
src_country [init][loc][country_short]
vpn_user [init][usr][id]
src_user_name [init][usr][name]
kv_policy_id_tag.product [obs][group][name]
rule [rule][id]
rule_uid [rule][uid]
peer_gateway [session][cipher][gateway]
scheme [session][cipher][key_exchange]
client_inbound_bytes [session][in][byte]
received_bytes [session][in][byte]
client_inbound_packets [session][in][packet]
client_outbound_bytes [session][out][byte]
sent_bytes [session][out][byte]
client_outbound_packets [session][out][packet]
server_outbound_interface [target][host][if]
dst_machine_name [target][host][name]
outzone [target][group][name]
service [target][host][port]
xlatedport [target][host][nat][port]
dst_user_name [target][usr][name]
user [target][usr][name]
attack with attack_info [alarm][description]
confidence_level [alarm][impact] (concatenated)
connection_state [ids][connection_state]
content_type [session][file][type]
action [alarm][name]
severity [alarm][sev]
policy_id_tag.policy_name [rule][name]
rule_name [rule][name] (concatenated)
total_logs [session][count]
tcp_flags [app][method]
cookiei [session][cookie][client]
cookier [session][cookie][server]
dstkeyid [target][usr][id]
srckeyid [init][usr][id]
vpn_feature_name [app][method]
community [init][group][name]
app_category [session][file][type]
app_risk [alarm][impact]
dst [target][host][ip]
new_ip [target][host][ip]
src [init][host][ip]
old_ip [init][host][ip]
client_ip [init][host][ip]
orig [obs][host][ip]
origin_sic_name [obs][host][name]
action [alarm][name]
appi_name [app][name]
client_inbound_bytes [session][in][byte]
client_inbound_packets [session][in][packet]
client_outbound_bytes [session][out][byte]
client_outbound_interface [init][host][if]
client_outbound_packets [session][out][packet]
dst_machine_name [target][host][name]
dst_user_name [target][usr][name]
i_f_dir [checkpoint][direction]
i_f_name [init][host][if]
inzone [init][host][net]
outzone [target][host][net]
peer_gateway [session][cipher][gateway]
proto [app][proto][name]
received_bytes [session][in][byte]
rule [rule][id]
rule_uid [rule][uid]
s_port [init][host][port]
sent_bytes [session][out][byte]
server_outbound_interface [target][host][if]
service [target][host][port]
severity [alarm][sev]
scheme [session][cipher][key_exchange]
src_country [init][loc][cty][cty_short]
src_machine_name [init][host][name]
src_user_name [init][usr][name]
user [target][usr][name]
xlatedport [target][host][nat][port]
xlatesport [init][host][nat][port]
xlatesrc [init][host][nat][ip]
dst [target][host][ip]
new_ip [target][host][ip]
src [init][host][ip]
old_ip [init][host][ip]
client_ip [init][host][ip]
orig [obs][host][ip]
origin_sic_name [obs][host][name]
product [checkpoint][policy_id_tag][product]
db_tag [checkpoint][policy_id_tag][db_tag]
has_accounting [checkpoint][has_accounting]
app_desc not used
app_id not used
app_properties not used
app_rule_id not used
app_rule_name not used
app_sig_id not used
browse_time not used
bytes not used
client_inbound_interface not used
client_inbound_packet not used
dce_rpc_interface_uuid not used
dec_rcp_interface_uuid_1 not used
dec_rcp_interface_uuid_2 not used
dec_rcp_interface_uuid_3 not used
elapsed not used
event_time not used
https_inspection_rule_id not used
https_inspection_rule_name not used
icmp not used
icmp_code not used
icmp_type not used
matched_category not used
message_info not used
nat_add_ct_rulenum not used
nat_rulenum not used
packets not used
protection_id not used
performance_impact not used
protection_name not used
protection_type not used
proxy_src_ip not used
segment_time not used
server_inbound_bytes not used
server_inbound_interface not used
server_inbound_packets not used
server_outbound_packets not used
server_outbound_bytes not used
smartdefense_profile not used
start_time not used
suppressed_logs not used
snid not used