bluemax-ngf-session-logs
Get session logs from BLUEMAX NGF device.
bluemax-ngf-session-logs [profile=PROFILE] [duration=NUM{mon|w|d|h|m|s}] [from=yyyyMMddHHmmss] [to=yyyyMMddHHmmss]
- profile=PROFILE
- Profile name of BLUEMAX NGF
- duration=NUM{mon|w|d|h|m|s}
- Scan only recent data. You should use s(second), m(minute), h(hour), d(day), mon(month) time unit. For example,
10smeans data from 10 seconds earlier. - from=yyyyMMddHHmmss
- Start time of range. yyyyMMddHHmmss format. If you omit time part, it will be padded by zero.
- to=yyyyMMddHHmmss
- End time of range. yyyyMMddHHmmss format. If you omit time part, it will be padded by zero.
Output Fields
| Field | Type | Name | Description |
|---|---|---|---|
| _time | String | Time | Start time of session |
| profile | String | Connect profile | Profile name of BLUEMAX NGF |
| log_type | String | Log type | e.g. Allow(IPv4), Deny(IPv6) |
| session_id | Long | Session ID | |
| src_ip | IP address | Source IP address | |
| src_port | Integer | Source port | |
| dst_ip | IP address | Destination IP address | |
| dst_port | Integer | Destination port | |
| protocol | String | Protocol | e.g. TCP, UDP, ICMP |
| app | String | Application | e.g. HTTP, HTTPS, SYSLOG, DOMAIN-UDP |
| action | String | action | e.g. PERMIT, DENY |
| reason | String | reason | e.g. Denied by Deny Rule |
| policy | String | Policy | 'rule_id: rule_name' format |
| rule_id | Integer | Rule ID | |
| rule_name | String | Rule name | |
| total_bytes | Long | Total number of bytes transferred | |
| total_pkts | Long | Total number of packets transferred | |
| start_time | Date | Start time of session | |
| end_time | Date | End time of session |