| Safe Haskell | None |
|---|---|
| Language | Haskell2010 |
Panos.Syslog.Traffic
Contents
Description
Fields for traffic logs.
Synopsis
- action :: Traffic -> Bytes
- application :: Traffic -> Bytes
- bytes :: Traffic -> Word64
- bytesReceived :: Traffic -> Word64
- bytesSent :: Traffic -> Word64
- destinationAddress :: Traffic -> IP
- destinationCountry :: Traffic -> Bytes
- destinationPort :: Traffic -> Word16
- destinationUser :: Traffic -> Bytes
- destinationZone :: Traffic -> Bytes
- deviceName :: Traffic -> Bytes
- elapsedTime :: Traffic -> Word64
- inboundInterface :: Traffic -> Bytes
- ipProtocol :: Traffic -> Bytes
- logAction :: Traffic -> Bytes
- natDestinationIp :: Traffic -> IP
- natDestinationPort :: Traffic -> Word16
- natSourceIp :: Traffic -> IP
- natSourcePort :: Traffic -> Word16
- outboundInterface :: Traffic -> Bytes
- packets :: Traffic -> Word64
- packetsReceived :: Traffic -> Word64
- packetsSent :: Traffic -> Word64
- ruleName :: Traffic -> Bytes
- sequenceNumber :: Traffic -> Word64
- serialNumber :: Traffic -> Bytes
- sessionEndReason :: Traffic -> Bytes
- sourceAddress :: Traffic -> IP
- sourceCountry :: Traffic -> Bytes
- sourcePort :: Traffic -> Word16
- sourceUser :: Traffic -> Bytes
- sourceZone :: Traffic -> Bytes
- subtype :: Traffic -> Bytes
- syslogHost :: Traffic -> Bytes
- timeGenerated :: Traffic -> Datetime
- virtualSystem :: Traffic -> Bytes
- virtualSystemName :: Traffic -> Bytes
- deviceGroupHierarchyLevel1 :: Traffic -> Word64
- deviceGroupHierarchyLevel2 :: Traffic -> Word64
- deviceGroupHierarchyLevel3 :: Traffic -> Word64
- deviceGroupHierarchyLevel4 :: Traffic -> Word64
Fields
action :: Traffic -> Bytes Source #
Action taken for the session; possible values are:
- allow: session was allowed by policy
- deny: session was denied by policy
- drop: session was dropped silently
- drop ICMP: session was silently dropped with an ICMP unreachable message to the host or application
- reset both: session was terminated and a TCP reset is sent to both the sides of the connection
- reset client: session was terminated and a TCP reset is sent to the client
- reset server: session was terminated and a TCP reset is sent to the server
application :: Traffic -> Bytes Source #
Application associated with the session.
bytesReceived :: Traffic -> Word64 Source #
Number of bytes in the server-to-client direction of the session.
bytesSent :: Traffic -> Word64 Source #
Number of bytes in the client-to-server direction of the session.
destinationAddress :: Traffic -> IP Source #
Original session destination IP address.
destinationCountry :: Traffic -> Bytes Source #
Destination country or Internal region for private addresses. Maximum length is 32 bytes.
destinationPort :: Traffic -> Word16 Source #
Destination port utilized by the session.
destinationUser :: Traffic -> Bytes Source #
Username of the user to which the session was destined.
destinationZone :: Traffic -> Bytes Source #
Zone the session was destined to.
deviceName :: Traffic -> Bytes Source #
The hostname of the firewall on which the session was logged.
elapsedTime :: Traffic -> Word64 Source #
Elapsed time of the session.
inboundInterface :: Traffic -> Bytes Source #
Interface that the session was sourced from.
ipProtocol :: Traffic -> Bytes Source #
IP protocol associated with the session.
natDestinationIp :: Traffic -> IP Source #
If Destination NAT performed, the post-NAT Destination IP address.
natDestinationPort :: Traffic -> Word16 Source #
Post-NAT destination port.
natSourceIp :: Traffic -> IP Source #
If Source NAT performed, the post-NAT Source IP address.
natSourcePort :: Traffic -> Word16 Source #
Post-NAT source port.
outboundInterface :: Traffic -> Bytes Source #
Interface that the session was destined to.
packets :: Traffic -> Word64 Source #
Number of total packets (transmit and receive) for the session.
packetsReceived :: Traffic -> Word64 Source #
Number of server-to-client packets for the session.
packetsSent :: Traffic -> Word64 Source #
Number of client-to-server packets for the session.
sequenceNumber :: Traffic -> Word64 Source #
A 64-bit log entry identifier incremented sequentially; each log type has a unique number space.
serialNumber :: Traffic -> Bytes Source #
Serial number of the firewall that generated the log. These occassionally contain non-numeric characters, so do not attempt to parse this as a decimal number.
sessionEndReason :: Traffic -> Bytes Source #
The reason a session terminated.
sourceAddress :: Traffic -> IP Source #
Original session source IP address.
sourceCountry :: Traffic -> Bytes Source #
Source country or Internal region for private addresses; maximum length is 32 bytes.
sourcePort :: Traffic -> Word16 Source #
Source port utilized by the session.
sourceUser :: Traffic -> Bytes Source #
Username of the user who initiated the session.
sourceZone :: Traffic -> Bytes Source #
Zone the session was sourced from.
subtype :: Traffic -> Bytes Source #
Subtype of traffic log; values are start, end, drop, and deny.
- Start: session started
- End: session ended
- Drop: session dropped before the application is identified and there is no rule that allows the session.
- Deny: session dropped after the application is identified and there is a rule to block or no rule that allows the session.
syslogHost :: Traffic -> Bytes Source #
The hostname from the syslog header appended to the PAN-OS log.
This field is not documented by Palo Alto Network and technically
is not part of the log, but in practice, it is always present.
This is similar to deviceName.
timeGenerated :: Traffic -> Datetime Source #
Time the log was generated on the dataplane.
virtualSystem :: Traffic -> Bytes Source #
Virtual System associated with the session.
virtualSystemName :: Traffic -> Bytes Source #
The name of the virtual system associated with the session; only valid on firewalls enabled for multiple virtual systems.