ePrism SSL VA SSL
SSL session logs
Default Log Format
[%sstn] %chip %chpt %ship %shpt %sacs %sfcs %snis "%info" %csps %cscs %ssps %sscs "%xsub" "%xiss" %xser %xsig %flag %scpu %cscx %sscx %ctfp %sxst
Log Schema
| Type | Field | Display Name | Description |
|---|---|---|---|
| Date | _time | Time | %sstn |
| IP address | src_ip | Source IP | %chip |
| Port | src_port | Source port | %chpt |
| IP address | dst_ip | Destination IP | %ship |
| Port | dst_port | Destination port | %shpt |
| String | action | Action | %sacs e.g. OK, BYPASS, FAIL |
| String | reason | Reason | %sfcs e.g. ERR_CLT_ACCEPT, ERR_CLT_ALERT |
| Domain | domain | Domain | %snis |
| String | info | Information | %info e.g. BYPASS_SERVER |
| String | x509_subject | x509 subject | %xsub |
| String | x509_issuer | x509 issuer | %xiss |
| String | x509_serial | x509 serial | %xser e.g. c9:bf:08:2e:b7:bd:95:50:51:0d:c5:af:ed:f4:3f:8d |
| String | x509_signature | x509 signature | %xsig e.g. 58:b6:a8:e3:3c:21:e0:2d:cd:16:dd:d5:07:b5:e3:85 |
| String | x509_status | x509 status | %sxst e.g. UNTRUST |
| String | client_tls_ver | Client TLS version | %csps e.g. TLS1.2, TLS1.0 |
| String | server_tls_ver | Server TLS version | %ssps e.g. TLS1.2, TLS1.0 |
| String | client_tls_cipher | Client TLS cipher | %cscs e.g. ECDHE-RSA-AES128-SHA |
| String | server_tls_cipher | Server TLS cipher | %sscs e.g. ECDHE-RSA-AES128-SHA |
| String | client_tls_algo | Client TLS algorithm | %cscx e.g. X25519(253):RSA-PSS(2048 |
| String | server_tls_algo | Server TLS algorithm | %sscx e.g. X25519(253):RSA-PSS(2048) |
| String | flags | Flgas | %flag e.g. CC,VLDS |
| String | cpu_id | CPU | %scpu e.g. 00, 01, 03 |
| String | tls_fingerprint | TLS fingerprint |