Cloud Firewall Log Formats
Cloud Firewall logs show traffic that has been handled by network tunnels.
Table of Contents
Examples
"2019-01-14 18:03:46","[211039844]","Passive Monitor", "CDFW Tunnel Device","OUTBOUND","1","84","172.17.3.4","","146.112.255.129", "","ams1.edc","12","ALLOW","google.com,apple.com","44,66"
The example entry is 188 bytes. To estimate the size of your S3 Logs, see Estimate the Size of Your Logs.
Order of Fields in the Cloud Firewall Log
<timestamp><origin IDs><identities><identity type><direction><protocol><packet size><source IP><source port><destination IP><destination port><data center><rule ID><action><fqdns><destination list IDs>
- Timestamp—The timestamp of the request transaction in UTC.
- Origin IDs—The unique identity of the network tunnel.
- Identities—The names of the network tunnel.
- Identity Type—The type of identity that made the request. Should always be "CDFW Tunnel Device".
- Direction—The direction of the packet. It is destined either towards the internet or to the customer's network.
- Protocol—The actual protocol of the traffic. It could be TCP, UDP, ICMP.
- Packet Size—The size of the packet that Umbrella CDFW received.
- Source IP—The internal IP address of the user-generated traffic towards the CDFW. If the traffic goes through NAT before it comes to CDFW, it will be the NAT IP address.
- Source Port—The internal port number of the user-generated traffic towards the CDFW.
- Destination IP—The destination IP address of the user-generated traffic towards the CDFW.
- Destination Port—The destination port number of the user-generated traffic towards the CDFW.
- Data Center—The name of the Umbrella data center that processed the user-generated traffic.
- Rule ID—The ID of the rule that processed the user traffic.
- Action—The final verdict whether to allow or block the traffic based on the rule.
- FQDNs—The fully qualified domain names (FQDNs) that match the request.
- Destination List IDs—The destination list IDs that Umbrella applied in the rule.
Admin Audit Log Formats < Cloud Firewall Log Formats > Data Loss Prevention (DLP) Log Formats
Updated 7 months ago