Security Log

Security log stores security events.

Security log model

Each security log entry has the following fields:

Field Type Description

extra

Object

Information about the entity that generated security event.

extra.source

String

Log source that generated this event.

extra.channel

String

Log channel where this security event was received.

eventClassId

String

ID of the security event class.

eventDescription

String

Description of the security event class.

host

Object

Host that generated this security event.

id

Integer

Unique record ID

ident

String

Additional event identification used for filtering events.

level

String

Log level of the record.

message

String/Object

Detailed information about the security event. You can find out more in the message section.

severity

String

Severity of the event. Corresponds to the security event’s class

timestamp

Integer

Timestamp of log record creation.

Message

Field Type Description

connection

Object

Object that stores the information about network connection during the request that triggered the security log event.

connection.localAddress

String

Local address of the request target.

connection.localPort

String

Local port of the request target.

connection.localHost

String

Host address of the request target.

connection.remoteAddress

String

IP address of the request sender.

connection.remoteHost

String

Host address of the request sender.

connection.request

Object

Information about the request that generated the security event.

connection.request.hostname

String

IP of the host to which the request was sent.

connection.request.request

String

String with the request that was sent in the following format – METHOD /path/to/endpoint.

connection.request.userAgent

String

User agent of the user that made the request.

login

String

Login of the user, that triggered security event.

message

String

Security event message.

remoteAddress

String

IP address of the user, that triggered the security event.