Skip to content

Flow Analytics - Firewall Events

This view provides detailed visibilty, filtering and analytical options for events recorded from the Firewall configuration and summarized in Firewall Events category.

Refer Flow Analytics Overview for details on Search, Filter, Show/Hide Columns, Select Gateways and modify Time Formats/Timeframes.

Tables and Fields available in Firewall Events are as follows

Event Details Description
Date and Time ISO 8601 format: YYYY-MM-DD T HH:MM:SS:S Example: 2020-11-22T10:58:46.820
Type APPD ID, FLOW_LOG, TLS_LOG, URLFILTER
Level DEBUG, INFO, NOTICE, WARNING, ERROR, CRITCAL, ALERT, EMERGENCY
Session ID ..
Service Description
Src IP Source IP Adresss
Src Port Source Port
Dest IP Destination IP Address
Dest Port Destination Port
Protocol UDP, TCP
Application Info Description
Client App Name Application name associated with client side of the session. Example: Advanced Packaging Tool
Payload App Name HTTP application name associated with webserver host. Example: Facebook
Service App Name Application name associated with server side of the session Example: HTTP
Action Description
Action DENY ???????? Verify ALLOW events are not in this view
State ESTABLISHED, CLOSE, CLOSED, CLOSE_WAIT, TIME_WAIT, FIN_WAIT, LAST_ACK
HTTP Request Description
Host Host portion of URL
Method GET, PUT, POST, HEAD, DELETE, PATCH, OPTIONS
URI URI Identifier RFC 3986
FQDN Description
FQDN Fully Qualified Domain Name