Security Log
Security log stores security events.
Security log model
Each security log entry has the following fields:
Field | Type | Description |
---|---|---|
extra |
Object |
Information about the entity that generated security event. |
extra.source |
String |
Log source that generated this event. |
extra.channel |
String |
Log channel where this security event was received. |
eventClassId |
String |
ID of the security event class. |
eventDescription |
String |
Description of the security event class. |
host |
Object |
Host that generated this security event. |
id |
Integer |
Unique record ID |
ident |
String |
Additional event identification used for filtering events. |
level |
String |
Log level of the record. |
message |
String/Object |
Detailed information about the security event. You can find out more in the message section. |
severity |
String |
Severity of the event. Corresponds to the security event’s class |
timestamp |
Integer |
Timestamp of log record creation. |
Message
Field | Type | Description |
---|---|---|
connection |
Object |
Object that stores the information about network connection during the request that triggered the security log event. |
connection.localAddress |
String |
Local address of the request target. |
connection.localPort |
String |
Local port of the request target. |
connection.localHost |
String |
Host address of the request target. |
connection.remoteAddress |
String |
IP address of the request sender. |
connection.remoteHost |
String |
Host address of the request sender. |
connection.request |
Object |
Information about the request that generated the security event. |
connection.request.hostname |
String |
IP of the host to which the request was sent. |
connection.request.request |
String |
String with the request that was sent in the following format – |
connection.request.userAgent |
String |
User agent of the user that made the request. |
login |
String |
Login of the user, that triggered security event. |
message |
String |
Security event message. |
remoteAddress |
String |
IP address of the user, that triggered the security event. |