# Copyright (c) 2010 Flowerfire, Inc. All Rights Reserved.
lang_stats = {
##
## Language Module -- Statistics
##
## This is the Statistics section of the default English language module
##
# If you want to "white-label" this product so it uses another name, uncomment these and change PRODUCT_NAME.
# If you want to change the support email address shown in the web interface and documentation, or the web site
# URL, or the purchase URL, you can uncomment and change SUPPORT_EMAIL or PRODUCT_URL or PURCHASE_URL.
#PRODUCT_NAME = "Product Name"
#SUPPORT_EMAIL = "support@sawmill.net"
#PRODUCT_URL = "http://www.sawmill.net/"
#PURCHASE_URL = "http://www.sawmill.net/purchase.html"
EDITION_MATRIX_URL = "http://www.sawmill.net/matrix.html"
# Change this to your charset if your translation does not use UTF-8.
charset = "UTF-8"
statistics_label = "$command_line.profile"
#
#
# btn - shared button like words where each word starts with an uppercase letter. Lowercase is allowed in button like words, i.e. "Save and Close"
#
#
btn = {
about = "About"
add = "Add"
admin = "Admin"
apply = "Apply"
ascending = "Ascending"
back = "Back"
browse = "Browse"
calendar = "Calendar"
cancel = "Cancel"
cancel_task = "Cancel Task"
cancel_zoom = "Cancel Zoom"
clear = "Clear"
clear_search_result = "Clear Search Result"
close = "Close"
close_window = "Close Window"
columns_info = "Columns Info"
comment = "Comment"
config = "Config"
continue = "Continue"
customize = "Customize"
customize_report_in_config = "Customize Report in Config"
database_info = "Database Info"
date_filter = "Date Filter"
date_picker = "Date Picker"
delete = "Delete"
descending = "Descending"
deselect_all = "Deselect All"
description = "Description"
duplicate = "Duplicate"
edit = "Edit"
email_report = "Email Report"
export = "Export"
filters = "Filters"
finish = "Finish"
footer = "Footer"
header = "Header"
help = "Help"
loading = "Loading"
logout = "Logout"
macros = "Macros"
miscellaneous = "Miscellaneous"
next = "Next"
no = "No"
none = "None"
ok = "OK"
printer_friendly = "Printer Friendly"
profile = "Profile"
profiles = "Profiles"
rebuild_database = "Build Database"
refresh = "Refresh"
remove = "Remove"
rename = "Rename"
reports = "Reports"
report_filter = "Report Filter"
save = "Save"
save_and_apply = "Save and Apply"
save_and_close = "Save and Close"
save_as_new_report = "Save As New Report"
save_changes = "Save Changes"
save_report_changes = "Save Report Changes"
saving = "Saving"
search = "Search"
select_all = "Select All"
select_deselect_all = "Select/Deselect All"
show_columns_info = "Show Columns Info"
show_examples = "Show Examples"
sort = "Sort"
start = "Start"
submit = "Submit"
table_filter = "Table Filter"
undo_all_changes = "Undo All Changes"
update_database = "Update Database"
used = "Used"
view_config = "View Config"
view_reports = "View Reports"
yes = "Yes"
} # btn
general = {
#
# Reports toolbar
#
admin_profiles = "Admin (Profiles)"
admin_title_prefix = "Admin"
manager = "Manager"
statistics_visitor = "Statistics Visitor"
show_hide_sidebar = "Show/hide sidebar"
export_table = "Export Table"
item_n_m_of_total = "Item $starting_row - $ending_row of $total_rows"
no_data = "No data returned in query"
database_error_info = "Database error, no database available."
error_in_generating_the_report_info = "Error in generating the report or in displaying progress."
loading_document_info = "Loading document, please wait."
report_startup_info = "Report startup, please wait."
loggin_in_info = "Logging in, please wait"
forgot_your_password = "Forgot your password?"
forgot_your_password_info = "
If you are a non-administrative user please contact the system administrator to reset your password.
If your are the administrative user you can reset your password from the command line with
sawmill -a rra -u username -pw password
This command will reset your root admin username and password.
On Windows you can run this command from the command prompt by typing e.g.
c:\\
cd c:\\Program Files\\Sawmill 8
Sawmill -a rra -u \"my username\" -pw \"my password\"
"
logged_in_as_username_info = "Logged in as '$param1'"
no_profile_exists_info = "Sorry, no profile exists for this user name."
no_data_in_result_info = "No data in result to display."
contents_label = "Contents"
rbac_no_permission_header = "No Permission"
rbac_no_permission_info = "You don't have grants to view this page or profile. Please contact your system administrator for more details."
page_grants_are_limited_to_view = "Your grants for this page are limited to view, changes cannot be saved."
no_changes_to_save = "No changes to save."
item_copy = "$param1 copy" # I.e. "My report name copy"
invalid_email_address_in_recipients_msg = "Invalid email address(es) in recipients."
no_recipient_address_message = "Please define a recipient address"
email_to = "To"
email_cc = "Cc"
email_bcc = "Bcc"
optional = "optional"
none = "none"
background_process_terminated = "The background process terminated unexpectedly, without returning a result."
entire_data_range_info = "(entire date range)"
no_date_information_in_database = "(no date information in database)"
ascending = "ascending"
descending = "descending"
do_not_show_message_again = "Don't show this message again"
number_of_licensed_profiles = "Number of licensed profiles"
} # general
form_validation = {
no_value = "No value. Please define a value."
duplicat_name = "Duplicate name. Please define a unique name."
invalid_number = "Invalid number. Please define a valid number."
invalid_integer = "Invalid number. Please define a valid integer."
invalid_integer_min_max = "Invalid number. Please define an integer number >= $param1 and <= $param2."
invalid_integer_min = "Invalid number. Please define an integer number >= $param1."
invalid_integer_max = "Invalid number. Please define an integer number <= $param1."
invalid_float = "Invalid number. Please define a valid floating point number."
invalid_float_min_max = "Invalid number. Please define a floating point number >= $param1 and <= $param2."
invalid_float_min = "Invalid number. Please define a floating point number >= $param1."
invalid_float_max = "Invalid number. Please define a floating point number <= $param1."
invalid_regular_expression = "Invalid regular expression."
invalid_email_address = "Invalid email address format."
invalid_email_addresses = "Invalid email addresses. Please define a valid email address or addresses. Multiple email addresses must be separated by a comma."
invalid_identifier = "Invalid identifier (node name). Valid characters for an identifier are an underscore _, the numbers 0-9 and the English letters a-z, all in lowercase."
passsword_requires_symbol = "The password requires at least one symbol."
passsword_requires_digit = "The password requires at least one digit."
passsword_requires_lowercase_and_uppercase = "The password requires lowercase and uppercase letters."
passsword_requires_letter = "The password requires at least one letter."
passsword_requires_min_n_charaters = "The password requires minimum $param1 characters."
}
authentication = {
invalid_retyped_password = "The re-typed password does not match the first password. Please re-type the password."
login_plugins_not_supported = "This version of $PRODUCT_NAME is configured to use \"login plug-ins\" but this feature is not supported by the current license. Please contact your system administrator to remove the login plug-ins or to use a different license."
password_expired_info = "Your password expired, please re-enter your current password and a new password to be used in future."
cookies_not_accepted_info = "$PRODUCT_NAME detected that your web browser does not accept cookies. $PRODUCT_NAME requires cookies to function properly, please change your web web browser settings so that cookies are accepted."
} # authentication
my_account = {
my_account_settings = "My Account Settings"
username = "Username"
password = "Password"
retype_password = "Re-type password"
change_password = "Change Password"
cancel_change_password = "Cancel Change Password"
invalid_password2_message = "The re-typed password does not match the first password. Please re-type the passwowrd."
auto_logout_info = "You will be automatically logged out after the changes have been saved. Click OK to continue."
} # my_account
macros = {
create_new_macro = "Create New Macro"
manage_macros = "Manage Macros"
move_top = "Move top"
move_up = "Move up"
move_down = "Move down"
move_bottom = "Move down"
no_macros_exist = "No Macros exist"
name = "Name"
actions_on_activate = "Actions to be taken when activating this macro"
open_current_report = "Open current report"
apply_current_date = "Apply current date"
entire_date_range = "entire date range"
apply_current_filters = "Apply current filters"
no_filters = "no filters"
confirm_macro_replacement_message = "A macro with this name already exists.\nDo you want to replace the existing macro?"
} # macros
reports_menu = {
no_group = "--- No Group ---"
create_new_group = "--- Create New Group ---"
show_hide_sidebar = "Show/hide sidebar"
} # reports_menu
customize_report_element = {
customize_report_element = "Customize Report Element"
save_changes_persistent = "Save changes persistent"
graph_type = "Graph type"
show_3d = "Show 3D"
show_remainder_variable = "Show remainder variable"
show_legend = "Show legend"
max_legend_rows = "Max number of legend rows"
max_variables = "Max number of variables"
height = "Height"
length = "Length"
general = "General"
filters = "Filters"
graphs = "Graphs"
table = "Table"
graphs_and_table = "Graphs and Table"
table_options = "Table Options"
pivot_table = "Pivot Table"
graph_options = "Graph Options"
advanced_options = "Advanced options"
show_header_bar = "Show header bar (recommended when using multiple report elements)"
description = "Description"
date_filter = "Date filter"
report_filter = "Report filter"
table_filter = "Table filter"
header = "Header"
footer = "Footer"
edit_description = "Edit Description"
edit_date_filter = "Edit Date Filter"
edit_report_filter = "Edit Report Filter"
edit_table_filter = "Edit Table Filter"
edit_header = "Edit Header"
edit_footer = "Edit Footer"
manage_fields = "Manage Fields"
sort_by = "Sort by"
table_columns = "Table columns"
number_of_rows = "Number of rows"
of = "of"
current = "Current"
default = "Default"
aggregation_rows = "Aggregation rows"
remainder = "Remainder"
averages = "Averages"
min = "Min"
max = "Max"
totals = "Totals"
static_session_paths_report_options = "Static session paths report options (when generated from command line or via scheduler)"
expand_paths_greater_than = "Expand paths greater than"
number_of_rows_expanded = "Number of rows expanded"
show_pivot_table = "Show pivot table"
drill_down_to = "Drill down to"
sort_drill_down_differently = "Sort drill down data different than main table"
no_column_checked_msg = "No column checked. Please check at least on column."
chrono_bar_graph = "Chronological bar graph"
chrono_line_graph = "Chronological line graph"
bar_graph = "Bar graph"
line_graph = "Line graph"
pie_chart = "Pie chart"
chronological = "Chronological"
reverse_chronological = "Reverse chronological"
all_descending = "All descending"
as_defined_for_table = "As defined for table"
select_field = "--- Select Field ---"
selected_drill_down_field = "Selected drill down field"
text = "text"
bar = "bar"
} # customize_report_element
manage_fields = {
available_fields = "Available fields"
fields_in_graphs_and_table = "Fields in graphs and table"
add = "Add >"
remove = "< Remove"
} # manage_fields
save_report_changes = {
save_report_changes = "Save Report Changes"
save_report_changes_info = "Save report changes saves the graphs and table properties of the current report. It does not save any applied date or filters."
do_not_show_dialog_in_future = "Don't show this dialog in future but save right away"
row_number_paging_info = "Row Number Paging Info"
paged_table_row_number_info = "The current report contains one or more paged tables where the row numbers do not start with 1. Please note that row numbers not starting with 1 are ignored, they are not saved in the report."
}
save_as_new_report = {
save_as_new_report = "Save As New Report"
save_active = "Save active report as new report with report name"
show_in_reports_menu = "Show report in reports menu"
show_in_static_menu = "Show report in static reports menu"
add_to_report_group = "Add report to report group"
add_report_description = "Add Report Description"
edit_report_description = "Edit Report Description"
group_name = "Group name"
save_active_date = "Save active date as date filter within new report"
save_absolute_date = "Save absolute date"
save_relative_date = "Save relative date"
save_active_filters = "Save active filters"
save_filters_visible = "Save filters as visible filter items"
save_filters_hidden = "Save filters as hidden filter expression"
report_description = "Report description"
new = "New" # Used like i.e. "File types New"
} # save_as_new_report
email_report = {
email_report = "Email Report"
send_button = "Send"
edit_smtp_button = "Edit SMTP"
edit_smtp_server = "Edit SMTP Server"
smtp_server = "SMTP server"
username = "Username"
password = "Password"
add_comment = "Add Comment"
remove_comment = "Remove Comment"
from = "From"
recipients = "Recipients"
subject = "Subject"
comment = "Comment"
address_format_example = "name@example.com or display name "
remember_recipients = "Remember recipients for this profile"
no_smtp_server_defined_msg = "No SMTP server defined. Please define a SMTP server via \"Edit SMTP\"."
} # email_report
database_info = {
database = "Database"
database_info = "Database Info"
receiving_database_info = "Receiving database information, please wait."
refresh_database_info = "Refresh Database Info"
confirm_rebuild_database = "Build/Rebuild Database"
click_to_refresh = "Click here to refresh the report"
database_building = "The database is currently building or updating."
database_is_buidling_updating = "Database is building/updating"
no_database_activity = "None (database is not active)"
view_database_progress = "View database progress or an updated report"
init_update_database = "Initializing update database"
update_database_started = "Update database started"
update_database_completed = "Update database completed"
init_build_database = "Initializing build database"
erasing_existing_database = "Erasing existing database"
rebuild_database_started = "Rebuild database started"
rebuild_database_completed = "Rebuild database completed"
update_database_initiated = "Update database initiated"
rebuild_database_initiated = "Build/rebuild database initiated"
syslog_format_label = "Syslog data format"
syslog_required_format_label = "Logging device"
database_directory = "Database $lang_stats.directory"
database_name = "Database name"
real_time_processing = "Real time processing"
last_modified = "Last modified"
current_operation = "Current operation"
last_operation = "Last operation"
earliest_log_entry = "Earliest log entry"
latest_log_entry = "Latest log entry"
rebuild_erases_database_info = "Note, when building the database the current contents of the database will be erased, and a new database will be created."
confirm_rebuild_database_text = "Are you sure you want to rebuild the database?"
database_not_yet_built = "The database is not yet built."
click_rebuild_to_build = "Click Build Database or view a report to start building the database."
database_task_cancelled = "The database task has been cancelled."
please_wait_for_database_progress_or_report_info = "Please wait for database progress or an updated report."
} # database_info
log_detail_sorting = {
label = "Log Detail Sorting Warning"
msg_in_reports = "You are trying to sort a log detail report which contains more than 1,000,000 rows, this might take a long time to complete."
msg_in_config = "You are trying to sort a log detail report element. This might take a long time to complete if the report element contains more than 1,000,000 rows."
click_continue_to_sort = "Click \"Continue\" to sort the log detail report."
} # log_detail_sorting
error_handling = {
label = "$PRODUCT_NAME Alert"
report_it_link = "report it"
report_it_info = "If you believe this is a bug in Sawmill, please $param1."
product_alert_info = "$PRODUCT_NAME Alert Info"
error_while_processing_last_request = "An error occured while processing the last request."
click_here_to_view_alert_msg = "Click here to view the alert message"
} # error_handling
bug_report = {
label = "$PRODUCT_NAME Bug Report"
instruction = "Please enter your email address, any comment and click Send Bug Report. The text below will be sent to support@flowerfire.com. If you would rather not receive a reply, you can leave the email address blank."
your_email_address_label = "Your email address"
comments_label = "Comments"
send_button = "Send Bug Report"
response_label = "$PRODUCT_NAME Bug Report Response"
response_info = "Thank you, the bug report has been sent."
} # bug_report
licensing = {
features = {
# DON'T TRANSLATE features!
lite = "Lite"
pro = "Professional"
advanced = "Advanced"
enterprise = "Enterprise"
} # features
version_info = "$param1 version $param2"
} # licensing
calendar = {
label = "Calendar"
statistics_date_coverage = "Statistics date coverage"
active_date_in_reports = "Active date in reports"
entire_date_range = "Entire date range"
week_label = "week"
} # calendar
date_picker = {
date_picker = "Date Picker"
entire_date_range = "Entire date range"
earliest_date = "Earliest date"
recent = "Recent"
last = "Last"
years = "years"
quarters = "quarters"
months = "months"
weeks = "weeks"
days = "days"
date_or_start_date = "Date or Start Date "
end_date = "End Date "
relative_date = "Relative Date"
invalid_date_range_msg = "Invalid date range. The start date must be smaller than the end date."
} # date_picker
email_report = {
label = "Email"
send_report_by_email_label = "Send Report By Email"
}
graphs = {
sorted_by = "sorted by"
} # graphs
date_filter = {
on_off_button = "Date Filter"
statistics_for_date_info = "Statistics for"
day = "day"
days = "days"
dates_applies_individually = "Dates are applied individually"
clear_date = "Clear Date"
clear_filters = "Clear Filters"
clear_all = "Clear All"
no_date_applied_invalid = "No date applied. The date filter \"$param1\" is invalid."
no_date_applied_out_of_range = "No date applied. The date filter \"$param1\" is out of the available log date range."
predefined_date = "The current report uses pre-defined dates."
predefined_date2 = "Changing the date in Date Picker will have no effect in the report."
} # date_filter
date_time_filter = {
label = "Date/Time Filter"
none_info = "none"
}
global_filter = {
filters = "Filters"
label = "Filter"
report_is_filtered_label = "Report is filtered and shows data for"
filter_type = "Filter type"
standard = "Standard"
field = "Field"
operator = "Operator"
field_is = "is"
field_is_not = "is NOT"
field_matches_wildcard = "matches wildcard"
field_not_matches_wildcard = "not matches wildcard"
field_matches_regular_expression = "matches regular expression"
field_not_matches_regular_expression = "not matches regular expression"
field_is_less_than = "is less than"
field_is_greater_than = "is greater than"
new_item = "New Item"
edit_item = "Edit Item"
select_field = "--- Select Field ---"
select_day_of_week = "--- Select day of week ---"
select_hour = "--- Select hour ---"
session_contains_page_with_wildcard_expression = "Session contains page matching wildcard expression"
session_contains_not_page_with_wildcard_expression = "Session does NOT contain page matching wildcard expression"
session_start_is = "Session start is"
session_start_is_not = "Session start is NOT"
session_start_is_date_time = "Session start is date/time"
session_start_is_not_date_time = "Session start is NOT date/time"
expression_is = "Expression is"
is_item_name = "is item name"
is_wildcard_expression = "is wildcard expression"
is_regular_expression = "is regular expression"
not_item_name = "is NOT item name"
not_wildcard_expression = "is NOT wildcard expression"
not_regular_expression = "is NOT regular expression"
is_less_than = "is less than"
is_greater_than = "is greater than"
name = "Name"
value_label = "Value"
expression = "Expression"
no_filter_fields_enabled_info = "No filter fields are active. Open the filter to activate one or more filter fields."
new_filter_item_form_label = "New $param1 filter item"
edit_filter_item_form_label = "Edit $param1 filter item"
show_empty_filter_fields_button = "Show Empty Filter Fields"
hide_empty_filter_fields_button = "Hide Empty Filter Fields"
add_new_filter_item_button = "Add New Filter Item"
filter_item_name_label = "Name"
filter_item_wildcard_expression_label = "Wildcard Expression"
filter_item_regular_expression_label = "Regular Expression"
filter_item_session_start_label = "Session start"
filter_item_session_contains_label = "Session contains"
filter_item_is_duplicate_message = "A filter item with this name already exists."
filter_item_is_invalid_regexp_message = "Invalid regular expression, please correct the expression."
confirm_delete_message = "Are you sure you want to delete the filter item $param1?"
session_label = "Session"
expression_label = "Expression"
advanced_filter_label = "Advanced filter expression"
add_advanced_filter_label = "Add Advanced Filter Expression"
edit_advanced_filter_label = "Edit Advanced Filter Expression"
advanced_filter_comment_label = "Filter comment (optional, used for user friendly filter display in reports)"
advanced_filter_expression_label = "Filter expression"
available_database_fields_info = "Available database fields to be used in the filter expression"
missing_advanced_filter_expression_message = "Please define a filter expression."
confirm_delete_advanced_filter_message = "Are you sure you want to delete the advanced filter expression?"
confirm_existing_filter_replacement_message = "A filter with this name already exists. Would you like to replace the existing filter?"
missing_filter_name_message = "Please define a filter name."
just_added = "Just added"
active = "active"
saved = "Saved"
recently_added = "Recently added"
move_to_saved = "Move to Saved"
add_new_item = "Add New Item"
# global_filter_group_editor
group_name = "Group name"
build_in_report_filter = "Build in report filter"
edit_group = "Edit Group"
save_checked_as_group = "Save Checked as Group"
new_group = "New Group"
} # global_filter
pivot_table = {
drill_down_to = "Drill down to"
number_of_rows = "Number of rows"
sort_drill_down_differently = "Sort drill down data differently from main table"
sort_by = "Sort by"
sort_direction = "Sort direction"
ascending = "Ascending"
descending = "Descending"
show_averages_row = "Show averages row"
} # pivot_table
zoom = {
zoom_active = "Zoom Active"
zoom_to_date_in_calendar_info = "Zoom to selected date by opening a report."
zoom_to_date_items_info = "Zoom to selected date item(s) by opening a report."
zoom_selected_items_info = "Zoom to selected items by opening a report or via Filters."
add_build_in_report_filters = "Add build-in report filters upon zoom."
# tab_label = "Zoom Options"
# default_report_view_on_zoom_label = "Default report view on zoom when clicking on a table item"
# zoom_to_report_label = "Zoom to report"
# zoomed_into_label = "Report is zoomed and shows data for"
# hierarchy_label = "Hierarchy"
# zoom_field_session_start_label = "Session start"
# zoom_field_session_user_label = "Session user"
zoom_button = "Zoom"
}
export = {
# label = "Export CSV"
export_table = "Export Table"
number_of_rows = "Number of rows"
data_exported_info = "The export is complete. Please click the link to open or save the exported CSV file."
exporting_data_info = "Exporting CSV file"
# download_button = "Download CSV file"
download_button = "Open or save CSV file"
# e.g. all rows, "All 1-10"
all = "All"
range = "Range"
export_aggregation_rows = "Export active aggregation rows (Average, Min, Max, Total)"
average = "AVERAGE"
min = "MIN"
max = "MAX"
total = "TOTAL"
} # export
report_builder = {
hierarchy = "$report_label Hierarchy"
}
row_numbers = {
invalid_row_numbers_message = "Invalid row numbers."
show_row_from_to = "Show row $param1 - $param2"
show_row_1_up_to = "Show row 1 - $param1"
custom_row_range = "Custom row range"
row = "Row"
}
field_categories = {
page_url = "Page/URL"
ip_address = "IP address"
destination_email_address = "Destination email address"
source_email_address = "Source email address"
} # field_categories
field_labels = {
average_tag = " (average)"
max_tag = " (max)"
min_tag = " (min)"
# Numerical field labels
hits = "hits"
page_views = "page views"
bytes_transferred = "bytes transferred"
bytes_transmitted = "bytes transmitted"
bytes_xmt = "bytes transmitted"
bytes_rcv = "bytes received"
visitors = "visitors"
unique_client_ips = "unique client IPs"
unique_remote_ips = "unique remote IPs"
unique_source_ips = "unique source IPs"
unique_users = "unique users"
sessions = "sessions"
messages = "messages"
spam_messages = "spam messages"
events = "events"
entries = "entries"
transfers = "transfers"
time_spent = "time spent"
### accesses = "accesses"
requests = "requests"
clips = "clips"
bytes_sent = "bytes sent"
bytes_received = "bytes received"
bytes = "bytes"
sent = "sent"
rcvd = "received"
file_size = "file size"
file_time = "file time"
resends = "resends"
failed_resends = "failed resends"
sent_time = "sent time"
tcplen = "TCP length"
udplen = "UDP length"
connections = "connections"
attacks = "attacks"
counts = "counts"
out_of_order = "out of order"
outages = "outages"
missing = "missing"
early = "early"
late = "late"
available = "available"
highest = "highest"
lowest = "lowest"
average = "average"
requested = "requested"
rebuffering = "rebuffering"
resent = "resent"
average_bandwidth = "average bandwidth"
average_bytes = "average bytes"
current_bandwidth = "current bandwidth"
lost = "lost"
session_time = "session time"
delay_time = "delay time"
viruses = "viruses"
inbound_bytes = "inbound bytes"
inbound_messages = "inbound messages"
delivered_messages = "delivered messages"
processing_time = "processing time"
downloads = "downloads"
uploads = "uploads"
total_time = "total time"
tickets = "tickets"
xdelay = "xdelay"
chunks_read = "chunks read"
chunks_written = "chunks written"
frame = "frame"
host_time = "host time"
source_packets = "source packets"
destination_packets = "destination packets"
source_bytes = "source bytes"
### destination_bytes = "destination bytes"
unique_source_addresses = "unique source addresses"
original_client_ip = "original client ip"
maximum_concurrent_sessions = "maximum concurrent sessions"
# Session field labels used in database fields and report fields
ssession_page = "session page"
ssession_id = "session ID"
ssessions = "sessions"
ssession_event = "session event"
ssession_events = "session events"
ssession_user = "session user"
ssession_users = "session users"
ssession_date_time = "session date/time"
ssession_begin = "session begin"
ssession_end = "session end"
ssession_duration = "session duration"
ssession_entrances = "session entrances"
ssession_exits = "session exits"
session_id = "session ID"
# Other field labels
page = "page"
page_directory = "page/directory"
date = "date"
time = "time"
date_time = "date/time"
date_time_timestamp = "date/time timestamp" # Used in date_time_timestamp report fields
year_month_day = "year/month/day"
year = "year"
month = "month"
day = "day"
hostname = "hostname"
domain_description = "domain description"
# contry_region_city = "country/region/city"
country = "country"
region = "region"
city = "city"
country_region_city = "country/region/city"
location = "geographic location"
organization = "organization"
isp = "ISP"
domain = "domain"
referrer_description = "referrer description"
referrer = "referrer"
search_phrase = "search phrase"
search_engine = "search engine"
screen_dimensions = "screen dimensions"
screen_depth = "screen depth"
file_type = "file type"
filetype = "file type"
spider = "spider"
worm = "worm"
url = "URL"
operation = "operation"
### protocol = "protocol"
direction = "direction"
size = "size"
size_range = "size range"
response = "response"
server_response = "server response"
server_domain = "server domain"
### user = "user"
node = "node"
node_field = "node"
authenticated_user = "authenticated user"
authenticated_username = "authenticated username"
web_browser = "web browser"
operating_system = "operating system"
error = "error"
day_of_week = "day of week"
day_of_year = "day of year"
hour_of_day = "hour of day"
week_of_year = "week of year"
log_filename = "log filename"
visitor_id = "visitor id"
audiocodec = "audio codec"
audio_stat = "audio stat"
avgbandwidth = "average bandwidth"
c_buffercount = "buffered count"
c_bytes = "client bytes"
c_connect_type = "client connection type"
c_cpu = "client CPU"
c_dns = "client hostname"
c_hostexe = "host application"
c_hostexever = "host application version number"
c_ip = "client IP"
c_os = "client OS"
c_osversion = "client OS version number"
c_pkts_lost_client = "client packets lost"
c_pkts_lost_cont_net = "client continuous packets lost"
c_pkts_lost_net = "packets lost in network"
c_pkts_received = "client packets received"
c_pkts_recovered_ecc = "client packets recovered ECC"
c_pkts_recovered_resent = "client packets resent"
c_playerid = "player GUID"
c_playerlanguage = "player language"
c_playerversion = "player version number"
c_quality = "client quality"
c_rate = "client rate"
c_resendreqs = "client resend requests"
c_starttime = "start time"
### c_status = "client status code"
c_totalbuffertime = "buffering time"
c_uri = "original URL"
c_uri_address = "original URL IP"
c_uri_extension = "original URL extension"
c_uri_host = "original URL hostname"
c_uri_hostname = "original URL resolved hostname"
c_uri_port = "original URL port"
c_uri_query = "original URL query"
c_uri_scheme = "original URL scheme"
c_uri_stem = "URL"
channelurl = "channel URL"
connect_time = "connect time"
cs_accept = "Accept"
cs_accept_charset = "Accept-Charset"
cs_accept_encoding = "Accept-Encoding"
cs_accept_language = "Accept-Language"
cs_accept_ranges = "Accept-Ranges"
cs_age = "Age"
cs_allow = "Allow"
cs_authentication_info = "Authentication-Info"
cs_authorization = "request header: Authorization"
cs_cache_control = "Cache-Control"
cs_client_ip = "Client-IP"
cs_connection = "Connection"
cs_content_encoding = "Content-Encoding"
cs_content_language = "Content-Language"
cs_content_length = "Content-Length"
cs_content_location = "Content-Location"
cs_content_md5 = "Content-MD5"
cs_content_range = "Content-Range"
cs_content_type = "Content-Type"
### cs_cookie = "Cookie"
cs_cookie2 = "Cookie2"
cs_date = "Date"
cs_etag = "Etag"
cs_expect = "Expect"
cs_expires = "Expires"
cs_from = "From"
cs_front_end_https = "Front-End-HTTPS"
### cs_host = "Host"
cs_if_match = "If-Match"
cs_if_modified_since = "If-Modified-Since"
cs_if_none_match = "If-None-Match"
cs_if_range = "If-Range"
cs_if_unmodified_since = "If-Unmodified-Since"
cs_last_modified = "Last-Modified"
cs_location = "Location"
cs_max_forwards = "Max-Forwards"
cs_meter = "Meter"
cs_p3p = "P3P"
cs_pragma = "Pragma"
cs_proxy_authenticate = "Proxy-Authenticate"
cs_proxy_authorization = "Proxy-Authorization"
cs_proxy_connection = "Proxy-Connection"
cs_range = "Range"
### cs_referer = "referrer"
cs_refresh = "Refresh"
cs_retry_after = "Retry-After"
cs_server = "Server"
cs_set_cookie = "Set-Cookie"
cs_set_cookie2 = "Set-Cookie2"
cs_te = "TE"
cs_trailer = "Trailer"
cs_transfer_encoding = "Transfer-Encoding"
cs_upgrade = "Upgrade"
### cs_user_agent = "User-Agent"
cs_vary = "Vary"
cs_via = "Via"
cs_www_authenticate = "WWW-Authenticate"
cs_warning = "Warning"
cs_x_bluecoat_mc_client_ip = "X-Bluecoat-MC-Client-Ip"
cs_x_bluecoat_via = "X-Bluecoat-Via"
cs_x_forwarded_for = "X-Forwarded-For"
x_forwarded_for = "X-Forwarded-For"
cs_auth_group = "authenticated group name"
cs_auth_groups = "authenticated group names"
cs_auth_type = "proxy authentication type"
cs_bodylength = "body bytes (client to server)"
cs_bytes = "client-to-server bytes"
cs_categories = "content categories"
cs_categories_external = "external service content categories"
cs_categories_policy = "CPL content categories"
cs_categories_provider = "provider content categories"
cs_categories_qualified = "qualified content categories"
cs_category = "content category"
cs_headerlength = "header bytes (client to server)"
cs_host = "server domain"
hostfield = "server domain"
cs_ip = "client destination IP"
cs_method = "method"
method = "method"
transfer_time = "transfer time"
path_args = "path args"
search_args = "search args"
cs_protocol = "protocol"
cs_realm = "authentication realm"
sc_realm = "server-to-client realm"
cs_request_line = "client request line"
cs_uri = "URL"
cs_uri_address = "URL IP"
cs_uri_extension = "URL extension"
cs_uri_host = "URL hostname"
cs_uri_hostname = "URL resolved hostname"
cs_uri_port = "URL port"
cs_uri_query = "URL query"
url_query = "URL query"
cs_uri_scheme = "URL scheme"
cs_uri_stem = "URL"
cs_userdn = "authenticated full username"
cs_username = "authenticated username"
c_username = "authenticated username"
cs_user_name = "authenticated username"
cs_version = "protocol"
s_session_id = "session ID"
s_content_path = "content path"
cs_url = "client-to-server URL"
cs_media_name = "media name"
c_max_bandwidth = "maximum bandwidth"
cs_media_role = "media role"
s_proxied = "proxied"
dnslookup_time = "DNS lookup time"
duration = "duration"
filelength = "file length"
filesize = "file size"
gmttime = "UTC date/time"
localtime = "local date/time"
x_localtime = "local date/time"
protocol = "protocol"
r_dns = "remote server DNS"
r_ip = "remote server IP"
r_host = "remote server host"
r_port = "remote server port"
r_supplier_dns = "upstream hostname"
r_supplier_ip = "upstream IP"
r_supplier_port = "upstream port"
s_object_source = "server object source"
# Removed "Response header" from this section because it made names too long
rs_accept = "Accept"
rs_accept_charset = "Accept-Charset"
rs_accept_encoding = "Accept-Encoding"
rs_accept_language = "Accept-Language"
rs_accept_ranges = "Accept-Ranges"
rs_age = "Age"
rs_allow = "Allow"
rs_authentication_info = "Authentication-Info"
rs_authorization = "Authorization"
rs_cache_control = "Cache-Control"
rs_client_ip = "Client-IP"
rs_connection = "Connection"
rs_content_encoding = "Content-Encoding"
rs_content_language = "Content-Language"
rs_content_length = "Content-Length"
rs_content_location = "Content-Location"
rs_content_md5 = "Content-MD5"
rs_content_range = "Content-Range"
rs_content_type = "Content-Type"
rs_cookie = "Cookie"
rs_cookie2 = "Cookie2"
rs_date = "Date"
rs_etag = "Etag"
rs_expect = "Expect"
rs_expires = "Expires"
rs_from = "From"
rs_front_end_https = "Front-End-HTTPS"
rs_host = "Host"
rs_if_match = "If-Match"
rs_if_modified_since = "If-Modified-Since"
rs_if_none_match = "If-None-Match"
rs_if_range = "If-Range"
rs_if_unmodified_since = "If-Unmodified-Since"
rs_last_modified = "Last-Modified"
rs_location = "Location"
rs_max_forwards = "Max-Forwards"
rs_meter = "Meter"
rs_p3p = "P3P"
rs_pragma = "Pragma"
rs_proxy_authenticate = "Proxy-Authenticate"
rs_proxy_authorization = "Proxy-Authorization"
rs_proxy_connection = "Proxy-Connection"
rs_range = "Range"
rs_referer = "Referer"
rs_refresh = "Refresh"
rs_retry_after = "Retry-After"
rs_server = "Server"
rs_set_cookie = "Set-Cookie"
rs_set_cookie2 = "Set-Cookie2"
rs_te = "TE"
rs_trailer = "Trailer"
rs_transfer_encoding = "Transfer-Encoding"
rs_upgrade = "Upgrade"
rs_user_agent = "User-Agent"
rs_vary = "Vary"
rs_via = "Via"
rs_www_authenticate = "WWW-Authenticate"
rs_warning = "Warning"
rs_x_bluecoat_mc_client_ip = "X-Bluecoat-MC-Client-Ip"
rs_x_bluecoat_via = "X-Bluecoat-Via"
rs_x_forwarded_for = "X-Forwarded-For"
rs_bodylength = "body bytes (upstream to server)"
rs_bytes = "total bytes (upstream to server)"
rs_headerlength = "header bytes (upstream to server)"
rs_response_line = "response status line"
rs_status = "remote server status"
rs_version = "response protocol version"
s_action = "processing action"
s_computername = "server name"
s_connect_type = "upstream connection type"
s_cpu_util = "server CPU usage"
s_dns = "server hostname"
s_hierarchy = "cache hierarchy"
s_icap_info = "ICAP response info"
s_icap_status = "ICAP response status"
s_ip = "server IP"
s_pkts_sent = "server packets sent"
### s_port = "server port"
c_port = "client port"
s_sitename = "server service used"
s_supplier_ip = "supplier IP"
s_supplier_name = "supplier name"
c_totalclients = "total clients (client)"
s_totalclients = "total clients (server)"
s_uri = "cache URL"
s_uri_address = "cache URL IP"
s_uri_extension = "cache URL extension"
s_uri_host = "cache URL hostname"
s_uri_hostname = "cache URL resolved hostname"
s_uri_port = "cache URL port"
s_uri_query = "cache URL query"
s_uri_scheme = "cache URL scheme"
s_uri_stem = "cache URL path"
sc_adapter = "server adapter used"
sc_win32_status = "win32 status"
sc_auth_status = "authentication status"
sc_bodylength = "body bytes (server to client)"
sc_bytes = "server-to-client bytes"
sc_connection = "client connection ID"
sc_filter_category = "content category"
sc_filter_result = "content filtering result"
sc_headerlength = "header bytes (server to client)"
sc_status = "server status"
cs_status = "client status"
c_status = "client response code"
sc_substatus = "server substatus"
sr_bodylength = "body bytes (server to upstream)"
sr_bytes = "total bytes (server to upstream)"
sr_headerlength = "header bytes (server to upstream)"
sr_uri = "server URL"
sr_uri_address = "server URL IP"
sr_uri_extension = "server URL extension"
sr_uri_host = "server URL hostname"
sr_uri_hostname = "server URL resolved hostname"
sr_uri_port = "server URL port"
sr_uri_query = "server URL query"
sr_uri_scheme = "server URL scheme"
sr_uri_stem = "server URL path"
time_taken = "time taken"
time_taken_avg = "average time taken"
timestamp = "unix-style timestamp"
transport = "transport"
videocodec = "video codec"
x_bluecoat_appliance_name = "appliance name"
x_bluecoat_appliance_primary_address = "appliance primary address"
x_bluecoat_day = "current day (local)"
x_bluecoat_day_utc = "current day (UTC)"
x_bluecoat_end_time_wft = "transaction end timestamp (WFT)"
x_bluecoat_hour = "current hour (local)"
x_bluecoat_hour_utc = "current hour (UTC)"
x_bluecoat_minute = "current minute (local)"
x_bluecoat_minute_utc = "current minute (UTC)"
x_bluecoat_month = "current month (local)"
x_bluecoat_month_utc = "current month (UTC)"
x_bluecoat_monthname = "current month name (local)"
x_bluecoat_monthname_utc = "current month name (UTC)"
x_bluecoat_proxy_primary_address = "appliance primary address"
x_bluecoat_proxy_via_http_version = "appliance HTTP Via version"
x_bluecoat_redirect_location = "policy redirect location"
x_bluecoat_release_id = "SGOS release ID"
x_bluecoat_second = "current second (local)"
x_bluecoat_second_utc = "current second (UTC)"
x_bluecoat_server_connection_socket_errno = "upstream connection failure message"
x_bluecoat_special_amp = "ampersand"
x_bluecoat_special_apos = "apostrophe"
x_bluecoat_special_gt = "greater-than"
x_bluecoat_special_lt = "less-than"
x_bluecoat_special_quot = "double quote"
x_bluecoat_special_slash = "forward slash"
x_bluecoat_ssl_failure_reason = "upstream SSL failure message"
x_bluecoat_start_time_wft = "transaction start timestamp (WFT)"
x_bluecoat_surfcontrol_category_id = "SurfControl content category ID"
x_bluecoat_surfcontrol_is_denied = "transaction allowed boolean"
x_bluecoat_surfcontrol_is_proxied = "transaction explicit boolean"
x_bluecoat_surfcontrol_reporter_id = "SurfControl reporter ID"
x_bluecoat_transaction_id = "transaction ID"
x_bluecoat_websense_category_id = "Websense content category ID"
x_bluecoat_websense_keyword = "Websense keyword"
x_bluecoat_websense_reporter_id = "Websense reporter ID"
x_bluecoat_websense_status = "Websense status"
x_bluecoat_websense_user = "Websense username"
x_bluecoat_weekday = "current weekday (local)"
x_bluecoat_weekday_utc = "current weekday (UTC)"
x_bluecoat_year = "current year (local)"
x_bluecoat_year_utc = "current year (UTC)"
x_cache_info = "caching info"
x_cache_user = "authenticated username"
### req__vars_auth_user = "authenticated user"
req__vars_auth_user = "authenticated user"
req__vars_pauth_user = "authenticated user"
req__reqpb_method = "request method"
req__reqpb_uri = "request page"
req__reqpb_query = "request query"
req__reqpb_protocol = "request protocol"
x_client_address = "client IP"
x_client_ip = "client IP"
x_cookie_date = "current date/time (local)"
x_cs_http_version = "HTTP request version"
x_cs_socks_ip = "SOCKS destination IP"
x_cs_socks_method = "SOCKS method"
x_cs_socks_port = "SOCKS destination port"
x_cs_socks_version = "SOCKS version"
x_cs_username_or_ip = "username or client IP"
x_duration = "play duration"
x_duration_per_successful_access = "duration per access"
x_exception_company_name = "company name"
x_exception_contact = "exceptoin contact info"
x_exception_details = "exception details"
x_exception_help = "exception help info"
x_exception_id = "exception ID"
x_exception_last_erro = "transaction error message"
x_exception_reason = "transaction termination reason"
x_exception_sourcefile = "exception source file"
x_exception_sourceline = "exception source line number"
x_exception_summary = "exception summary"
x_http_date = "current date (local)"
x_im_attachments = "IM attachment names"
x_im_buddy_id = "IM buddy ID"
x_im_buddy_name = "IM buddy display name"
x_im_buddy_state = "IM buddy state"
x_im_chat_room_id = "IM chat room ID"
x_im_chat_room_members = "IM chat room member Ids"
x_im_chat_room_type = "IM chat room type"
x_im_client_info = "IM client info"
x_im_file_path = "IM file path"
x_im_file_size = "IM file size"
x_im_message_opcode = "IM opcode"
x_im_message_route = "IM route"
x_im_message_size = "IM message length"
x_im_message_text = "IM message text"
x_im_message_type = "IM message type"
x_im_method = "IM method"
x_im_user_id = "IM user ID"
x_im_user_name = "IM client display name"
x_im_user_state = "IM user state"
x_rs_http_version = "HTTP protocol version (upstream to server)"
x_rs_streaming_content = "content"
x_sc_http_status = "HTTP response code"
x_sc_http_version = "HTTP protocol version (server to client)"
x_sr_http_version = "HTTP protocol version (server to upstream)"
x_streaming_bitrate = "bitrate"
x_timestamp = "local date/time"
x_timestamp_unix = "current time (local)"
x_timestamp_unix_utc = "current time (UTC)"
x_virus_id = "ICAP virus ID"
x_wm_c_dns = "client hostname"
x_wm_c_ip = "client IP"
sys_msgs = "system message"
icmp_code = "icmp code"
icmp_type = "icmp type"
s_port = "source port"
src_port = "source port"
dst_port = "destination port"
source_port = "source port"
xlatedst = "translated destination"
xlatesrc = "translated source"
xlatesport = "translated source port"
xlatedport = "translated destination port"
dst = "destination"
src = "source"
proto = "protocol"
i_f_dir = "interface direction"
i_f_name = "interface name"
### req__srvhdrs_clf_status = "cookie"
req__headers_user_agent = "agent"
cs_cookie = "cookie"
cs_user_agent = "agent"
c_agent = "agent"
browser = "agent"
x_bytes_received = "bytes received"
s_operation = "operation"
server_port = "server port"
user = "user"
cs_referer = "referrer"
referer = "referrer"
cs_referrer = "referrer"
cs_referred = "referrer"
req__headers_referer = "referrer"
afp_status = "status"
afp_method = "method"
req__vars_p2c_cl = "size"
req__srvhdrs_content_length = "content length"
len = "length"
acct_output_octets = "output octets"
acct_input_octets = "input octets"
total_bytes = "total bytes"
result = "result"
req__srvhdrs_clf_status = "server response"
ses__client_ip = "client IP"
device_id = "device ID"
security_level = "security level"
message = "message"
start_time = "start time"
policy_id = "policy ID"
service = "service"
action = "action"
src_zone = "source zone"
dst_zone = "destination zone"
translated_ip = "translated IP"
port = "port"
interface = "interface"
source_code_location = "source code location"
username = "username"
authorization_method = "authorization method"
### aborted = "Aborted"
recordid = "record ID"
totaldownloads = "total downloads"
totalconnections = "total connections"
serverbandwidth = "server bandwidth"
maximumconnections = "maximum connections"
filesdownloadederror = "files downloaded error"
currentdownloads = "current downloads"
currentconnections = "current connections"
connections24h = "24h connections"
processortime = "processor time"
bytes_second = "bytes/second"
bytes_second_2_ = "bytes/second"
in = "in"
out = "out"
pct = "percent"
type = "type"
from = "from"
to = "to"
test = "test"
reason = "reason"
source_side = "source side"
source_ip = "source IP"
destination_side = "destination side"
destination_ip = "destination IP"
### destination_port = "destination port"
service_ip = "service IP"
totalkbdownloaded = "total kb downloaded"
queuelength = "queue length"
userid = "user ID"
status = "status"
httpstatus = "http status"
record_type = "record type"
record_id = "record ID"
application_id = "application ID"
host_id = "host ID"
organization_id = "organization ID"
source_direction = "source direction"
destination_direction = "destination direction"
alarm_level = "alarm level"
signature_id = "signature ID"
subsignature_id = "subsignature ID"
router_ip = "router IP"
attack_detail = "attack detail"
bytes_incoming = "bytes incoming"
bytes_outgoing = "bytes outgoing"
spam = "spam"
screen = "screen"
msgend = "message end"
virus = "virus"
drive_id = "drive ID"
model = "model"
bus1 = "bus1"
scsi_id = "scsi ID"
activedevsonbus = "active devs on bus"
aborted = "aborted"
threadstatus = "thread status"
threaderror = "thread error"
disc_manufacturer = "disc manufacturer"
### authorization_method = "authorization method"
client_hostname = "client hostname"
client_ip = "client IP"
filename = "filename"
read = "read"
write = "write"
numopen = "num open"
uid = "UID"
gid = "GID"
pid = "PID"
source = "source"
category = "category"
event = "event"
computer = "computer"
group_name = "group name"
task_name = "task name"
host_name = "host name"
response_time = "response time"
initial_connect_time = "initial connect time"
subject = "subject"
encoding = "encoding"
nfiles = "number of files"
nbytes = "bytes"
name = "name"
### attachment = "attachment"
attno = "attachment number"
agent = "agent"
host = "host"
reporter = "reporter"
data_bytes = "data bytes"
all_bytes = "all bytes"
work_order = "work order"
disc_name = "disc name"
seq = "sequence"
good = "good"
drive = "drive"
printer = "printer"
last = "last"
visitor_cookie = "visitor cookie"
client_connects = "client connects"
source_connects = "source connects"
bytes_read = "bytes read"
bytes_written = "bytes written"
message_id = "message id"
source_address = "source address"
destination_address = "destination address"
job_number = "job number"
event_id = "event id"
egroup = "egroup"
cookie = "cookie"
source_hostname = "source hostname"
disconnect = "disconnect"
file = "file"
log_type = "log type"
header = "header"
rule = "rule"
windowsmedia = "windows media"
c_startime = "client star time"
c_hostexec = "client host executable"
c_hostexecver = "clicne host exec version"
c_pkts_lost_cont = "client packets lost cont"
server_ip = "server IP"
serverip = "server IP"
c_cpu_util = "client CPU util"
cache_state = "cache state"
client_info = "client info"
client_guid = "client GUID"
client_data = "client data"
stat1 = "stat1"
stat2 = "stat2"
stream_components = "stream components"
server_address = "server address"
average_bitrate = "average bitrate"
packets_sent = "packets sent"
presentation_id = "presentation id"
computername = "computer name"
servicename = "service name"
packet_type = "packet type"
user_name = "username"
fully_qualified_user_name = "fully qualified username"
called_station_id = "called station ID"
calling_station_id = "calling station ID"
callback_number = "callback number"
framed_ip_address = "framed IP address"
nas_identifier = "nas identifier"
nas_ip_address = "nas IP address"
nas_port = "nas port"
client_vendor = "client vendor"
client_ip_address = "client IP address"
client_friendly_name = "client friendly name"
event_timestamp = "event timestamp"
port_limit = "port limit"
nas_port_type = "nas port type"
connect_info = "connect info"
framed_protocol = "framed protocol"
service_type = "service type"
authentication_type = "authentication type"
np_policy_name = "np policy name"
reason_code = "reason code"
class = "class"
session_timeout = "session timeout"
idle_timeout = "idle timeout"
termination_action = "termination action"
eap_friendly_name = "eap friendly name"
acct_status_type = "status type"
acct_delay_time = "delay time"
acct_input_octet = "input octet"
acct_output_octet = "output octet"
acct_session_id = "session id"
acct_unique_session_id = "unique session ID"
acct_authentic = "authentic"
acct_session_time = "session time"
acct_input_packet = "input packet"
acct_output_packet = "output packet"
acct_terminate_cause = "terminate cause"
acct_multi_ssn_id = "multi ssn ID"
acct_link_count = "link count"
acct_interim_interval = "interim interval"
tunnel_type = "tunnel type"
tunnel_medium_type = "tunnel medium type"
tunnel_client_endpt = "tunnel client endpoint"
tunnel_server_endpt = "tunnel server endpoint"
acct_tunnel_conn = "tunnel connection"
tunnel_pvt_group_id = "tunnel private group ID"
tunnel_assignment_id = "tunnel assignment ID"
tunnel_preference = "tunnel preference"
ms_acct_auth_type = "ms account auth type"
ms_acct_eap_type = "ms account eap type"
ms_ras_version = "ms ras version"
ms_ras_vendor = "ms ras vendor"
ms_chap_error = "ms chap error"
ms_chap_domain = "ms chap domain"
ms_ppe_encryption_type = "ms ppe encryption type"
ms_mppe_encryption_policy = "ms mppe encryption policy"
server_host = "server host"
facility = "facility"
severity = "severity"
authenticated = "authenticated"
source_type = "source type"
destination_type = "destination type"
message_code = "message code"
station = "station"
source_host = "source host"
destination = "destination"
### group = "group"
cn = "CN"
sn = "SN"
sa = "SA"
sev = "severity"
rpt = "recipient"
payload = "payload"
inbound_spi = "inbound spi"
outbound_spi = "outbound spi"
server_hostname = "server hostname"
local_proxy_host = "local proxy host"
local_proxy_subnet = "local proxy subnet"
local_proxy_mask = "local proxy mask"
remote_proxy_host = "remote proxy host"
remote_proxy_subnet = "remote proxy subnet"
remote_proxy_mask = "remote proxy mask"
destination_host = "destination host"
local_port = "local port"
remote_port = "remote port"
827_ip = "827 IP"
host1 = "host1"
host1_ip = "host1 IP"
host2 = "host2"
host2_ip = "host2 IP"
trash = "trash"
client_port = "client port"
x_bytes_sent = "bytes sent"
x_src_port_id = "source port ID"
x_dest_port_id = "destination port ID"
details = "details"
machine_name = "machine name"
endpoint = "endpoint"
call_type = "call type"
iv_status_code = "IV status code"
uuid = "UUID"
group_uuid_list = "group UUID list"
priority = "priority"
line_number = "line number"
code = "code"
protected_object = "protected object"
requested_permissions = "requested permissions"
principals = "principals"
qop = "qop"
outcome = "outcome"
outcome_status = "outcome status"
originator_component = "originator component"
originator_action = "originator action"
originator_location = "originator location"
originator_blade = "originator blade"
accessor_principal = "accessor principal"
accessor_principal_auth = "accessor principal auth"
target_object = "target object"
target_resource = "target resource"
event_rev = "event revision"
data = "data"
status_code = "status code"
originator_id = "originator ID"
command_arguments = "command arguments"
server = "server"
client = "client"
number_of_groups = "number of groups"
event_outcome = "event outcome"
authorization_status = "authorization status"
item_1 = "item 1"
target_host = "target host"
syslog_time = "syslog time"
id = "ID"
fw = "firewall"
pri = "priority"
c = "c"
m = "m"
dstname = "destination name"
arg = "argument"
op = "operation"
browsing_host = "browsing host"
cache_response = "cache response"
proxy_hostname = "proxy hostname"
browsing_hostname = "browsing hostname"
destination_hostname = "destination hostname"
path = "path"
owner = "owner"
brick = "brick"
oninterface = "on interface"
list = "list"
remote_hostname = "remote hostname"
remote_ip = "remote IP"
object_source = "object source"
tcpflags = "tcp flags"
document_source = "document source"
address = "address"
sender = "sender"
recipient = "recipient"
type_code = "type code"
relay = "relay"
state = "state"
domain = "domain"
rcpt_to = "recipient"
helo_text = "HELO text"
banned_domain = "banned domain"
banned_ip = "banned IP"
banned_helo = "banned HELO"
invalid_helo = "invalid HELO"
banned_rcpt_to = "banned recipient"
relay_denied_recipient = "relay denied recipient"
banned_subject = "banned subject"
banned_text = "banned text"
banned_body_from = "banned body from"
invalid_body_to = "invalid body to"
banned_received = "banned received"
over_max_recipient = "over-max recipient"
banned_x_mailer = "banned x-mailer"
forged_message_id = "forged message ID"
service_name = "service name"
destination_service = "destination service"
foundry_name = "foundry name"
foundry_ip = "foundry IP"
web_server_name = "web server name"
microseconds = "microseconds"
proxy = "proxy"
iteration = "iteration"
ethernet_address = "ethernet address"
incoming_bytes = "incoming bytes"
outgoing_bytes = "outgoing bytes"
incoming_packets = "incoming packets"
outgoing_packets = "outgoing packets"
incoming_ip_packets = "incoming IP packets"
outgoing_ip_packets = "outgoing IP packets"
calllegtype = "call leg type"
connectionid = "connection ID"
setuptime = "setup time"
peeraddress = "peer address"
peersubaddress = "peer subaddress"
disconnectcause = "disconnect cause"
disconnecttext = "disconnect text"
connecttime = "connect time"
disconnecttime = "disconnect time"
callorigin = "call origin"
chargedunits = "charged units"
infotype = "info type"
transmitpackets = "transmitted packets"
transmitbytes = "transmitted bytes"
receivebytes = "receive bytes"
n = "n"
src_host = "source host"
src_network = "source network"
dst_host = "destination host"
dst_network = "destination network"
msg = "message"
no = "number"
product = "product"
origin = "origin"
community = "community"
info = "info"
translated_source = "translated source"
translated_destination = "translated destination"
translated_source_port = "translated source port"
translated_destination_port = "translated destination port"
partner = "partner"
source_key_id = "source key id"
destination_key_id = "destination key id"
elapsed = "elapsed"
cache_result = "cache result"
request_method = "request method"
authenticaled_user = "authenticated user"
proxy_route = "proxy route"
proxy_server = "proxy server"
response_type = "response type"
peer_status = "peer status"
peer_host = "peer host"
mime_type = "mime type"
destination__ip = "destination IP"
programerr = "program error"
server_name = "server name"
mode = "mode"
incoming_channel = "incoming channel"
outgoing_channel = "outgoing channel"
receiver_before_rewriting = "receiver before rewriting"
receiver_after_rewriting = "receiver after rewriting"
deliveryinfo = "delivery info"
complete = "complete"
nrcpts = "number of recipients"
nrcpt = "number of recipients"
relay_hostname = "relay hostname"
relay_ip = "relay IP"
smtp_server = "smtp server"
antivirus_filter_result = "antivirus filter result"
attachment_filter_result = "attachment filter result"
mbox = "message box"
msgid = "message ID"
mss = "mss"
msgfile = "message file"
msgsize = "message size"
cmd = "command"
fromhost = "from host"
rcpts = "recipients"
desthost = "destination host"
source_email = "source email"
target_email = "target email"
trigger = "trigger"
destination_email = "destination email"
in_out = "in/out"
post_office = "post office"
inet_user = "inet user"
gateway = "gateway"
remote_id = "remote ID"
originator = "originator"
length = "length"
seconds = "seconds"
cost = "cost"
mts_id = "mts ID"
recipients = "recipients"
partner_name = "partner name"
recipient_address = "recipient address"
recipient_report_status = "recipient report status"
number_recipients = "number of recipients"
origination_time = "origination time"
encryption = "encryption"
service_version = "service version"
linked_msgid = "linked message ID"
message_subject = "message subject"
sender_address = "sender address"
daemon = "daemon"
qp = "queue process ID"
side = "side"
error_message = "error message"
log_pathname = "log pathname"
scan_date = "scan date"
scan_time = "scan time"
scan_type = "scan type"
scan_status = "scan status"
airbill = "airbill"
reference = "reference"
ship_date = "ship date"
gladiola = "gladiola"
acct = "account"
origin_name = "origin name"
origin_company = "origin company"
origin_address = "origin address"
origin_city = "origin city"
origin_state = "origin state"
origin_zip = "origin zip"
origin_country = "origin country"
dest_name = "destination name"
dest_company = "destination company"
dest_address = "destination address"
dest_city = "destination city"
dest_state = "destination state"
dest_zip = "destination zip"
dest_country = "destination country"
session = "session"
parameter = "parameter"
child = "child"
rate = "rate"
email = "email"
suffix = "suffix"
completion = "completion"
notes = "notes"
pathname = "pathname"
password = "password"
packets = "packets"
partial_hostname = "partial hostname"
tools_usage = "tools usage"
response_time_group = "response time group"
user_agent = "user agent"
error_status = "error status"
cache_usage = "cache usage"
portal_section = "portal section"
store = "store"
sessionid = "session ID"
attribute = "attribute"
package = "package"
ras_client = "ras client"
full_name = "full name"
auth_type = "authentication type"
acct_input_packets = "input packets"
acct_output_packets = "output packets"
acct_termination_cause = "termination cause"
acct_multi_session_id = "multi session ID"
acc_err_message = "error message"
annex_product_name = "annex product name"
annex_sw_version = "annex software version"
annex_system_disc_reason = "annex system disc reason"
annex_modem_disc_reason = "annex modem disc reason"
annex_disconnect_reason = "annex disconnect reason"
annex_transmit_speed = "annex transmit speed"
annex_receive_speed = "annex receive speed"
ascend_modem_port_number = "ascend modem port number"
ascend_modem_slot_number = "ascend modem slot number"
ascend_modem_shelf_number = "ascend modem shelf number"
ascend_xmit_rate = "ascend transmit rate"
nautica_acct_sessionid = "nautica account session ID"
nautica_acct_direction = "nautica account direction"
nautica_acct_causeprotocol = "nautica account causeprotocol"
nautica_acct_causesource = "nautica account causesource"
telebit_accounting_info = "telebit accounting info"
last_number_dialed_out = "last number dialed out"
last_number_dialed_in_dnis = "last number dialed in dnis"
last_callers_number_ani = "last callers number ani"
channel = "channel"
event_date_time = "event date time"
call_start_date_time = "call start date time"
call_end_date_time = "call end date time"
default_dte_data_rate = "default dte data rate"
initial_rx_link_data_rate = "initial rx link data rate"
final_rx_link_data_rate = "final rx link data rate"
initial_tx_link_data_rate = "initial tx link data rate"
final_tx_link_data_rate = "final tx link data rate"
sync_async_mode = "sync async mode"
originate_answer_mode = "originate answer mode"
modulation_type = "modulation type"
equalization_type = "equalization type"
fallback_enabled = "fallback enabled"
characters_sent = "characters sent"
characters_received = "characters received"
blocks_sent = "blocks sent"
blocks_received = "blocks received"
blocks_resent = "blocks resent"
retrains_requested = "retrains requested"
retrains_granted = "retrains granted"
line_reversals = "line reversals"
number_of_characters_lost = "number of characters lost"
number_of_blers = "number of blers"
number_of_link_timeouts = "number of link timeouts"
number_of_fallbacks = "number of fallbacks"
number_of_upshifts = "number of upshifts"
number_of_link_naks = "number of link naks"
back_channel_data_rate = "back channel data rate"
simplified_mnp_levels = "simplified mnp levels"
simplified_v42bis_usage = "simplified v42bis usage"
pw_vpn_id = "password VPN ID"
real_name = "real name"
order = "order"
invoice = "invoice"
shipping_method = "shipping method"
total = "total"
lines_since_email = "lines since email"
framed_protocol_7_ = "framed protocol"
framed_ip_address_8_ = "framed IP address"
acct_session_time_46_ = "session time"
connect_info_77_ = "connect info"
acct_input_octets_42_ = "input octets"
acct_output_octets_43_ = "output octets"
acct_input_packets_47_ = "input packets"
acct_output_packets_48_ = "output packets"
acct_terminate_cause_49_ = "terminate cause"
acct_authentic_45_ = "authentic"
nas_port_5_ = "nas port"
nas_port_type_61_ = "nas port type"
calling_station_id_31_ = "calling station ID"
service_type_6_ = "service type"
nas_ip_address_4_ = "nas ip address"
acct_delay_time_41_ = "delay time"
acct_session_id_44_ = "session ID"
framed_ip_netmask = "framed IP netmask"
framed_routing = "framed routing"
filter_id = "filter IP"
framed_mtu = "framed MTU"
framed_compression = "framed compression"
login_ip_host = "login IP host"
login_service = "login service"
login_tcp_port = "login TCP port"
callback_id = "callback ID"
framed_route = "framed route"
framed_ipx_network = "framed IPX network"
proxy_state = "proxy state"
tunnel_client_endpoint = "tunnel client endpoint"
tunnel_server_endpoint = "tunnel server endpoint"
acct_tunnel_connection = "tunnel connection"
tunnel_private_group_id = "tunnel private group ID"
acct_tunnel_packets_lost = "tunnel packets lost"
acct_input_gigawords = "input gigawords"
acct_output_gigawords = "output gigawords"
nas_port_id = "nas port id"
sid = "SID"
program = "program"
connect_host = "connect host"
address_host = "address host"
address_port = "address port"
command = "command"
arguments = "arguments"
version = "version"
access_event = "access event"
policy_server = "policy server"
resource = "resource"
subevent = "subevent"
description = "description"
idletime = "idle time"
maxtime = "maximum time"
auth_level = "authentication level"
transactionid = "transaction ID"
site_instance = "site instance"
raw_url = "raw URL"
base = "base"
scope = "scope"
filter = "filter"
err = "err"
tag = "tag"
nentries = "number of entries"
etime = "elapsed time"
dn = "DN"
### version = "version"
ruid = "RUID"
euid = "EUID"
pgid = "PGID"
fid = "FID"
logid = "log ID"
edomain = "e domain"
srcip = "source IP"
srcport = "source port"
srcburb = "src burb"
dstip = "destination IP"
dstport = "destination port"
dstburb = "destination burb"
protocolname = "protocol name"
netsessid = "net session ID"
request_command = "request_command"
bytes_written_to_client = "bytes written to client"
bytes_written_to_server = "bytes written to server"
type1 = "type 1"
type2 = "type 2"
type3 = "type 3"
type4 = "type 4"
ip = "ip"
cat_page = "category page"
cat_action = "category action"
date2 = "date 2"
time2 = "time 2"
message_source = "message source"
document = "document"
profile = "profile"
category_code = "category code"
configuration = "configuration"
error_filename = "error filename"
error_line_number = "error line number"
intermediate_host = "intermediate host"
intermediate_port = "intermediate port"
packets_received = "packets received"
logging_device = "logging device"
syslog_priority = "syslog priority"
fac = "fac"
area = "area"
log = "log"
logging_devide = "logging device"
### ip_address = "ip address"
sport = "source port"
dport = "destination port"
indev = "input device"
inport = "input port"
rc = "RC"
lvl = "LVLl"
prog = "program"
### src.ip = "source IP"
### src.port = "source port"
### dst.ip = "destination IP"
### dst.port = "destination port"
itype = "I type"
### side.in = "side in"
### side.out = "side out"
### side.exp = "side exp"
### cnx.state = "connection state"
### lvl.info = "LVL info"
ibyte = "bytes in"
ipacket = "packets in"
ibyte_ack = "acknowledged bytes in"
ipacket_ack = "acknowledged packets in"
fw_name = "firewall name"
dir = "direction"
ip_address = "IP address"
messageid = "message ID"
report = "report"
config = "config"
match_method = "match method"
words = "words"
logical_words = "logical words"
translated_port = "translated port"
application = "application"
process = "process"
process_no = "process number"
permission = "permission"
port_name = "port name"
packet_len = "packet length"
header_len = "header length"
time_to_live = "time to live"
nas_ip = "nas IP"
framed_ip = "framed IP"
status_type = "status type"
authentication = "authentication"
termination_cause = "termination cause"
destination_bytes = "destination bytes"
flags = "flags"
faddr_host = "foreign IP"
faddr_port = "foreign port"
faddr_service = "foreign service"
gaddr_host = "global IP"
gaddr_port = "global port"
gaddr_service = "global service"
laddr_host = "local IP"
laddr_port = "local port"
laddr_service = "local service"
access_group = "access group"
queue = "queue"
in_interface = "in interface"
out_interface = "out interface"
mac_address = "MAC address"
packet_length = "packet length"
precedence = "precedence"
ttl = "TTL"
packet_id = "packet ID"
window = "window"
reserved_bits = "reserved bits"
urgent_pointer = "urgent pointer"
tcp_flags = "TCP flags"
ip_flags = "IP flags"
device_ip = "device ip"
device = "device"
connection_type = "connection type"
classification = "classification"
xref = "xref"
iplen = "IP length"
dmglen = "DMG length"
### ack = "ack"
win = "window"
### tcplen = "TCP length"
chain = "chain"
### source_interface = "source interface"
destination_interface = "destination interface"
event_number = "event number"
event_type = "event type"
logon = "logon"
logon_type = "logon type"
logon_process = "logon process"
logon_account = "logon account"
account = "account"
authentication_package = "authentication package"
workstation_name = "workstation name"
source_workstation = "source workstation"
error_code = "error code"
substatus_code = "substatus code"
source_mac_address = "source MAC address"
log_id = "log ID"
node_id = "node ID"
rule_id = "rule ID"
nat_source_ip = "NAT source IP"
nat_destination_ip = "NAT destination IP"
nat_source_port = "NAT source port"
nat_destination_port = "NAT destination port"
source_interface = "source interface"
protocol_agent = "protocol agent"
alert_name = "alert name"
syslog_message = "syslog message"
icmp_id = "ICMP ID"
ipsec_spi = "IPSEC SPI"
rtt = "RTT"
time_elapsed = "time elapsed"
authenticated_name = "authenticated name"
source_vlan = "source VLAN"
destination_vlan = "destination VLAN"
firewall_engine_id = "firewall engine ID"
info_message = "info message"
sending_server = "sending server"
receiving_server = "receiving server"
l = "L"
s = "S"
f = "F"
i = "I"
t = "T"
flag = "flag"
pop_account = "pop account"
local_account = "local account"
queried_host = "queried host"
snort_priority = "snort priority"
device_name = "device name"
source_network = "source network"
destination_network = "destination network"
sourcenetwork = "source network"
object_name = "object name"
usr_acct_reason_code = "user account reason code"
usr_call_arrival_time = "user call arrival time"
usr_call_end_time = "user call end time"
usr_chassis_call_channel = "user chassis call channel"
usr_chassis_call_slot = "user chassis call slot"
stop_time = "stop time"
page_info = "page info"
request_id = "request ID"
component_id = "component ID"
recipient_list = "recipient list"
origin_ip = "origin IP"
inbound_interface = "inbound interface"
outbound_interface = "outbound interface"
virtual_device = "virtual device"
attack = "attack"
policy_name = "policy name"
policy_version = "policy version"
rulebase = "rulebase"
rule_number = "rule number"
user_flag = "user flag"
subcategory = "subcategory"
is_hidden = "is hidden"
is_duplicate = "is duplicate"
is_alert = "is alert"
run_script = "run script"
send_email = "send email"
sent_snmp_trap = "sent SNMP trap"
sent_syslog = "sent syslog"
from_external = "from external"
variable_data = "variable data"
backup = "backup"
actual_bytes = "actual bytes"
kb_per_second = "kb per second"
sql_server = "SQL server"
adsm_server = "ADSM server"
sql_status = "SQL status"
adsm_status = "ADSM status"
connecting_ip = "connecting IP"
helo_ehlo_name = "HELO/EHLO name"
destination_domain = "destination domain"
authenticator = "authenticator"
connected_ip_rdns = "connected IP RDNS"
unicast_address = "unicast address"
multicast_address = "multicast address"
end = "end"
speedmode = "speed mode"
streaming = "streaming"
send_user_vol = "send user volume"
subtype = "subtype"
attack_id = "attack ID"
send = "send"
received = "received"
send_packets = "send packets"
sent_pkts = "sent packets"
received_packets = "received packets"
rcvd_pkts = "received packets"
catagory = "category"
detail = "detail"
slot = "slot"
line = "line"
vd = "vd"
dir_disp = "dir disp"
tran_disp = "translated disp"
calling_number = "calling number"
called_number = "called number"
call = "call"
cl = "CL"
p = "P"
transaction_id = "transaction ID"
agent_name = "agent name"
server_interface = "server interface"
request_host = "request host"
file_server_ip = "file server IP"
filter_category_mask = "filter category mask"
site_category = "site category"
reply_message = "reply message"
vendor_specific = "vendor specific"
login_lat_service = "login LAT service"
login_lat_node = "login LAT node"
login_lat_group = "login LAT group"
framed_appletalk_link = "framed appletalk link"
framed_appletalk_network = "framed appletalk network"
framed_appletalk_zone = "framed appletalk zone"
acct_terminate_clause = "terminate clause"
login_lat_port = "login LAT port"
password_retry = "password retry"
prompt = "prompt"
configuration_token = "configuration token"
ascend = "ascend"
saved_radius_framed_route = "saved radius framed route"
nas_manufacturer = "NAS manufacturer"
sam_account_name = "SAM account name"
ip_source_ip = "source IP"
ip_source_port = "source port"
ip_destination_ip = "destination IP"
ip_destination_port = "destination port"
bandwidth = "bandwidth"
cache_operation = "cache operation"
observation_type = "observation type"
template_id = "template ID"
service_id = "service ID"
content_id = "content ID"
content_type = "content type"
content_description = "content description"
rule_return_value = "rule return value"
display_method = "display method"
exit_method = "exit method"
smart_link = "smart link"
page_location = "page location"
dependent_see = "dependent see"
original_price = "original price"
order_number = "order number"
user_defined_string = "user defined string"
error_number = "error number"
security_context = "security context"
computer_name = "computer name"
query = "query"
error_type = "error type"
error_parameter = "error parameter"
threadid = "threadid"
result_code = "result code"
http_code = "HTTP code"
hierarchy = "hierarchy"
zone = "zone"
forward_bytes = "forward bytes"
reverse_bytes = "reverse bytes"
forward_packets = "forward packets"
reverse_packets = "reverse packets"
receiving_interface = "receiving interface"
sending_interface = "sending interface"
alert_code = "alert code"
brick_source = "brick source"
proxy_destination = "proxy destination"
brick_port = "brick port"
proxy_port = "proxy port"
reflect_type = "reflect type"
rel_vpn = "rel VPNn"
vpn_direction = "VPN direction"
spi = "SPI"
user_id = "user ID"
mapped_source = "mapped source"
mapped_destination = "mapped destination"
mapped_source_port = "mapped source port"
mapped_destination_port = "mapped destination port"
end_time = "end time"
peer_ip = "peer IP"
### virus_name = "virus name"
rbl = "RBL"
spam_score = "spam score"
ssl = "SSL"
encrypted_time = "encrypted time"
logger = "logger"
virus_location = "virus location"
primary_action = "primary action"
secondary_action = "secondary action"
action_taken = "action taken"
virus_type = "virus type"
scan_id = "scan ID"
new_ext = "new ext"
group_id = "group ID"
event_data = "event data"
vbin_id = "vbin ID"
virus_id = "virus ID"
quarantine_status = "quarantine status"
operation_flags = "operation flags"
send_status = "send status"
compressed = "compressed"
depth = "depth"
still_infected = "still infected"
virus_def_info = "virus definition info"
virus_def_sequence = "virus definition sequence"
cleanable = "cleanable"
deletable = "deletable"
backup_id = "backup ID"
parent = "parent"
guid = "GUID"
client_group = "client group"
domain_name = "domain name"
nt_name = "NT name"
software_version = "software version"
syslog_event_type = "syslog event type"
syslog_protocol = "syslog protocol"
blocked_source_ip = "blocked source IP"
rbl_list = "RBL list"
kiosk_id = "kiosk ID"
ntk_filename = "NTK filename"
object_type = "object type"
info2 = "info2"
info3 = "info3"
info4 = "info4"
message_info = "message info"
virus_host = "virus host"
virus_sender = "virus sender"
virus_recipient = "virus recipient"
process_name = "process name"
process_id = "process ID"
host_machine = "host machine"
message_level = "message level"
message_set = "message set"
octets = "octets"
flows = "flows"
active_time = "active time"
player_type = "player type"
client_id = "client ID"
stat3 = "stat3"
stat4 = "stat4"
stat4_transport = "stat4 transport"
stat4_turboplay = "stat4 turboplay"
stat4_clipend = "stat4 clipend"
turboplay = "turboplay"
clipend = "clipend"
binding_state = "binding state"
next_binding_state = "next binding state"
hardware_ethernet = "hardware ethernet"
note = "note"
client_gateway = "client gateway"
lease_ip = "lease IP"
mailer = "mailer"
stat = "stat"
reject = "reject"
module = "module"
return_code = "return code"
link_state = "link state"
v1 = "v1"
v2 = "v2"
v3 = "v3"
v4 = "v4"
num_recipients = "number of recipients"
delay = "delay"
origin_hostname = "origin hostname"
language = "language"
auth = "auth"
srcif = "source interface"
svsrc = "svsrc"
svsrc_port = "svsrc port"
dstif = "destination interface"
nexthoprouter = "next hop router"
nms = "NMS"
switch_name = "switch name"
device_type = "device type"
duplex = "duplex"
vlan = "vlan"
speed = "speed"
security = "security"
rx_octets = "rx octets"
tx_octets = "tx octets"
elapsed_time = "elapsed time"
source_channel = "source channel"
destination_channel = "destination channel"
http_operation = "HTTP operation"
slot___port = "slot and port"
other_date = "other date"
evt = "event"
subevt = "subevent"
srcintfc = "source interface"
dstintfc = "destination interface"
oper = "operation"
server_state = "server state"
additional_info = "additional info"
ping_time = "ping time"
return_path = "return path"
script = "script"
component = "component"
syslog_message_type = "syslog message type"
source_country = "source country"
keywords = "keywords"
firebox_ip = "firebox IP"
original_filename = "original filename"
converted_filename = "converted filename"
http_cc_guid = "http CC GUID"
http_cc_session = "http CC session"
remote_address = "remote address"
remote_user = "remote user"
uri = "uri"
found_location = "found location"
scanning_time = "scanning time"
authentication_result = "authentication result"
source_name = "source name"
destination_name = "destination name"
server_source = "server source"
server_source_port = "server source port"
program_name = "program name"
event_code = "event code"
logon_id = "logon ID"
new_process_id = "new process ID"
creator_process_id = "creator process ID"
image_file_name = "image file name"
current_state = "current state"
previous_state = "previous state"
previous_date = "previous date"
previous_time = "previous time"
time_difference = "time difference"
realm = "realm"
tarantella_server = "tarantella server"
application_server = "application server"
security_method = "security method"
filer_name = "filer name"
retry = "retry"
notification_command = "notification command"
contact = "contact"
license = "license"
scanned_message_file = "scanned message file"
setup_time = "setup time"
matching_rule = "matching rule"
start_position = "start position"
end_position = "end position"
sbrs_value = "sbrs value"
brightmail_result = "brightmail result"
antivirus_result = "antivirus result"
interface_host = "interface host"
reverse_dns_host = "reverse DNS host"
cat2 = "cat2"
cat3 = "cat3"
forwarded_recipient = "forwarded recipient"
content_scan = "content scan"
fail_reason = "fail reason"
remote_server_ip = "remote server IP"
remote_server_hostname = "remote server hostname"
local_server_hostname = "local server hostname"
local_file = "local file"
user_address = "user address"
failed_logons = "failed logons"
search_terms = "search terms"
match = "match"
template = "template"
policyid = "policy ID"
srcname = "source name"
src_int = "source interface"
dst_int = "destination interface"
source_event = "source event"
sent_pkt = "sent packets"
rcvd_pkt = "received packets"
vpn = "VPN"
tran_ip = "translated IP"
tran_port = "translated port"
virus_file = "virus file"
virus_name_file = "virus name/file"
ids_class = "IDS class"
ids_reference = "IDS reference"
user_domain = "user domain"
ticket_options = "ticket options"
ticket_encryption_type = "ticket encryption type"
client_address = "client address"
workstation = "workstation"
file_name = "file name"
protocol_type = "protocol type"
event_ip = "event IP"
session_type = "session type"
traceback = "traceback"
devicename = "device name"
log_level = "log level"
source_address_domain = "source domain"
source_address_ip = "source IP"
destination_address_domain = "destination domain"
destination_address_ip = "destination IP"
destination_port = "destination port"
emanager_policy = "emanager policy"
emanager_action = "emanager action"
emanager_message = "emanager message"
sub_module = "sub module"
event_name = "event name"
event_description = "event description"
data_type = "data type"
login_name = "login name"
terminal_name = "terminal name"
### adapter = "adapter"
### consolidated_message = "consolidated message"
ip_code = "IP code"
### count = "count"
message_type = "message type"
adapter = "adapter"
alert_destination_mac_addr = "alert destination MAC address"
alert_source_mac_addr = "alert source MAC address"
consolidated_message = "consolidated message"
count = "count"
cve = "CVE"
family = "family"
flow_cookie = "flow cookie"
interface_id = "interface ID"
interval = "interval"
ip_protocol = "IP protocol"
level = "level"
packet = "packet"
payload_left_offset = "payload left offset"
payload_right_offset = "payload right offset"
policy_tag = "policy tag"
reliability = "reliability"
request = "request"
string_value = "string value"
title = "title"
vendor = "vendor"
vlan_id = "VLAN ID"
lookups = "lookups"
pkts_sent = "packets sent"
pkts_rcvd = "packets received"
caller_user_name = "caller user name"
caller_domain = "caller domain"
caller_logon_id = "caller logon ID"
caller_process_id = "caller process ID"
transited_services = "transited services"
source_network_address = "source network address"
### handle_id = "handle ID"
logon_guid = "logon GUID"
primary_user_name = "primary user name"
primary_domain = "primary domain"
primary_logon_id = "primary logon ID"
target_account_name = "target account name"
target_domain = "target domain"
target_account_id = "target account ID"
privileges = "privileges"
accesses = "accesses"
restricted_sid_count = "restricted sid count"
access_mask = "access mask"
object_server = "object server"
### object_type = "object type"
### object_name = "object name"
handle_id = "handle ID"
operation_id = "operation ID"
client_user_name = "client user name"
client_domain = "client domain"
client_logon_id = "client logon ID"
member_name = "member name"
member_id = "member ID"
url_accessed = "URL accessed"
bad_ppp_slip = "bad PPP slip"
const = "const"
ct_hndl = "CT handle"
diag = "diag"
d_pad = "d pad"
d_pad_comp = "d pad comp"
far_end_echo_levl = "far end echo level"
freq_offst = "freq offst"
general_info = "general info"
levl = "level"
mail_lost__host = "mail lost host"
naks = "naks"
neg_window = "negative window"
phase2 = "phase2"
phase_jit__freq = "phase jit frequency"
phase_roll = "phase roll"
proj_max_rx_b_rate__client = "proj max rx b rate client"
rbs = "rbs"
reset = "reset"
retrans_frames = "retransmit frames"
round_trip = "round trip"
rx_overruns = "rx overruns"
rx_tx_levl = "rx/tx level"
rx_tx_link_layer = "rx/tx link layer"
rx_tx_ppp_slip = "rx/tx ppp slip"
rx_tx_string = "rx/tx string"
rx_tx__max_neg_i_frame = "rx/tx max neg i frame"
sp = "sp"
ss7_cot = "ss7/cot"
state_trnsn = "state transition"
string = "string"
sync_lost = "sync lost"
t401_timeouts = "t401 timeouts"
test_err = "test err"
tx = "tx"
tx_window_closures = "tx window closures"
v0_synch_loss = "v0 synch loss"
v110__rx_good = "v110: rx good"
v42bis_size__dict = "v42bis size dict"
v44_size__dict = "v44 size dict"
v90_sgn_ptrn = "v90 signal pattern"
v90_train = "v90 train"
atmp = "atmp"
attempt = "attempt"
init = "init"
snr = "snr"
sq = "sq"
rx_bad = "rx bad"
low = "low"
high = "high"
desired_client = "desired client"
desired_host = "desired host"
remote = "remote"
remote_up_down = "remote up/down"
fail = "fail"
disc_reason = "disc reason"
account_id = "account ID"
authen = "authentication"
called = "called"
calling = "calling"
comp__last = "comp last"
conn = "connection"
disc_code = "disc code"
disc_subsys = "disc subsys"
disc_text = "disc text"
ds0_slot_port_ds1_chan = "ds0 slot/port/ds1/chan"
ec__rx_tx = "ec: rx/tx"
init_rx_tx_b_rate = "init rx/tx b rate"
mask = "mask"
phys = "phys"
prot__last = "prot: last"
resource_slot_port = "resource slot/port"
retr__local = "retr: local"
rx_tx_b_rate__last = "rx/tx b rate last"
rx_tx_chars = "rx/tx chars"
rx_tx__chars = "rx/tx chars"
setup = "setup"
speedshift__local_up_down = "speedshift local up/down"
std__last = "std last"
v90__stat = "v90 stat"
issue_id = "issue ID"
issue_name = "issue name"
intruder_ip = "intruder IP"
intruder_name = "intruder name"
victim_ip = "victim IP"
victim_name = "victim name"
parameters = "parameters"
response_level = "response level"
intruder_port = "intruder port"
victim_port = "victim port"
packet_flags = "packet flags"
### presentation_id = "presentation ID"
platform = "platform"
distribution = "distribution"
cpu = "cpu"
client_stats_results = "client stats results"
startup = "startup"
stream_number = "stream number"
codec = "codec"
transport_protocol = "transport protocol"
clip_end = "clip end"
customer = "customer"
ssvc = "ssvc"
cnt = "count"
url_category = "URL category"
tree_name = "tree name"
object_container_name = "object container name"
default_file_server = "default file server"
current_login_addresses = "current login addresses"
current_login_count = "current login count"
orig = "origin"
sys_message = "system message"
fw_message = "firewall message"
tcp_packet_out_of_state = "TCP packet out of state"
icmp = "ICMP"
nat_rulenum = "NAT rule number"
nat_addtnl_rulenum = "NAT additional rule number"
dns_query = "DNS query"
dns_type = "DNS type"
cache_status = "cache status"
cache_service_method = "cache service method"
filter_category = "filter category"
cache_decision = "cache decision"
http_status = "HTTP status"
enterprise = "enterprise"
enterprise_mib_name = "enterprise mib name"
uptime = "uptime"
agent_ip = "agent IP"
generic_num = "generic num"
specific_num = "specific num"
var01_oid = "var01 oid"
var01_value = "var01 value"
var01_mib_name = "var01 mib name"
var01_mib_value = "var01 mib value"
var02_oid = "var02 oid"
var02_value = "var02 value"
var02_mib_name = "var02 mib name"
var02_mib_value = "var02 mib value"
var03_oid = "var03 oid"
var03_value = "var03 value"
var03_mib_name = "var03 mib name"
var03_mib_value = "var03 mib value"
var04_oid = "var04 oid"
var04_value = "var04 value"
var04_mib_name = "var04 mib name"
var04_mib_value = "var04 mib value"
var05_oid = "var05 oid"
var05_value = "var05 value"
var05_mib_name = "var05 mib name"
var05_mib_value = "var05 mib value"
var06_oid = "var06 oid"
var06_value = "var06 value"
var06_mib_name = "var06 mib name"
var06_mib_value = "var06 mib value"
route = "route"
database = "database"
information = "information"
firewall = "firewall"
hwdest = "destination mac address"
destip = "destination IP"
destport = "destination port"
enetproto = "ETH protocol number"
ipproto = "IP protocol"
recvif = "source interface"
hwsrc = "source mac address"
ack = "ACK"
arp = "ARP message type"
### conn = "connection"
cwr = "CWR"
destif = "destination interface"
ece = "ECE"
fin = "FIN"
icmpdestip = "ICMP destination IP"
icmpsrcip = "ICMP source IP"
icmptype = "ICMP type"
psh = "PSH"
rst = "RST"
syn = "SYN"
urg = "URG"
### spam_bytes = "spam bytes"
machine_desc = "machine description"
monitor_info = "monitor info"
result_id = "result ID"
result_desc = "result description"
action_time = "action time"
result_value = "result value"
result_info = "result info"
convinfo = "conversion info"
dstclass = "destination class"
cache = "cache"
ref = "reference"
policy = "policy"
engine = "engine"
content = "content"
prio = "priority"
shutdown = "shutdown"
previous_shutdown = "previous shutdown"
corever = "core version"
cfgver = "config file version"
cfgfile = "config file used"
termsent = "data sent (server)"
origsent = "data sent (client)"
connsrcport = "source port"
connsrcip = "source IP"
connsrcid = "source ping ID"
connrecvif = "receiving interface"
connipproto = "IP protocol"
conndestport = "destination port"
conndestip = "destination IP"
conndestif = "destination interface"
conndestid = "destination ping ID"
udptotlen = "UDP data length"
tcphdrlen = "TCP header length"
ipdatalen = "IP data length"
echoseq = "ECHO sequence"
echoid = "ECHO ID"
dest = "destination"
peer = "peer"
bidir = "bi direction"
ses = "SES"
demo = "demonstration mode"
algsesid = "algsesid"
algmod = "algmod"
translated_source_ip = "translated source IP"
translated_destination_ip = "translated destination IP"
mime_part = "MIME part"
spam_bytes = "spam bytes"
src_ip = "source IP"
dst_ip = "destination IP"
side_in = "side in"
side_out = "side out"
side_exp = "side exp"
cnx_state = "connection state"
lvl_info = "level info"
### ibyte = "I byte"
### ipacket = "ipacket"
### ibyte_ack = "acknowledged bytes in"
### ipacket_ack = "acknowledged packets in"
upload_size = "upload size"
fromip = "from IP"
ticket = "ticket"
namespace = "namespace"
x_transaction = "transaction"
x_username = "username"
x_hiercode = "hierarchy code"
x_note = "note"
destenet = "destination network"
hwsender = "sender mac address"
srcenet = "source network"
vpntunnel = "VPN tunnel"
local_address = "local address"
loglevel = "log level"
client_destination = "client destination"
policy_type = "policy type"
filter_type = "filter type"
filter_name = "filter name"
filter_result = "filter result"
virus_file_name = "virus file name"
message_count = "message count"
e2e_time = "end-to-end time"
### host_time = "server processing time"
nw_time = "network time"
ssl_time = "SSL time"
average_e2e_time = "average end-to-end time"
average_host_time = "average server processing time"
average_nw_time = "average network time"
average_ssl_time = "average SSL time"
session_hash = "session hash"
kilobytes = "kilobytes"
throughput = "througput"
average_throughput = "average througput"
tcp_ooo = "out-of-order TCP segments"
tcp_rtt = "TCP time"
average_tcp_ooo = "average out-of-order TCP segments"
average_tcp_rtt = "average TCP time"
tcp_retrans = "TCP retransmissions"
average_tcp_retrans = "average TCP retransmissions"
http_method = "HTTP method"
http_version = "HTTP version"
uri_query_string = "URI query string"
post_query_string = "POST query string"
is_container = "is container"
is_subordinate = "is container"
location_code = "location code"
uri_stem = "page"
response_code = "response code"
win32_status = "win32 status"
snmp_trap_product = "snmp trap product"
id_source = "ID source"
url_filter = "URL filter"
check_result = "scan result"
message_result = "message status"
virus_name = "virus name"
group = "group"
setting = "setting"
related_id = "related ID"
key = "key"
revision = "revision"
opcode = "opcode"
question_name = "question name"
media_type = "media type"
infected_status = "infected status"
recip = "recipients"
object = "object"
mailbox = "mailbox"
folder = "folder"
blacklist = "blacklist"
bytes_in = "bytes in"
bytes_out = "bytes out"
cpu_time = "CPU time"
actual_time = "actual time"
src_addr = "source address"
dest_addr = "destination address"
caller_id = "caller ID"
branch = "branch"
email_allowed = "contact type"
platforms = "platforms"
trial_download_time = "download date/time"
message_test_field = "message test field"
virus_host_file = "virus host file"
### virus_filter = "virus filter"
### spam_filter = "spam filter"
connecting_server_ip = "connecting server IP"
connecting_server_name = "connecting server name"
local_ip_address = "local IP address"
remote_ip_address = "remote IP address"
x_throughput = "througput"
x_tcp_rtt_count = "TCP RTT count"
x_tcp_rtt = "TCP RTT"
x_tcp_ooo = "TCP OOO"
x_tcp_retrx = "TCP retries"
x_ssl_time = "SSL time"
x_e2e_time = "end-to-end time"
x_process_time = "process time"
x_network_time = "network time"
x_nw_error_count = "NW error count"
x_cl_error_count = "CL error count"
x_sv_error_count = "SV error count"
x_ap_error_count = "AP error count"
x_timed_out = "timed out"
x_ct_error_count = "CT error count"
x_cu_error_count = "CU error count"
x_record_type = "record type"
x_object_id = "object ID"
x_page_id = "page ID"
x_session_id = "session ID"
sc_location = "location"
x_sc_mimetype = "MIME type"
x_redirect = "redirect"
x_document = "document"
x_container = "container"
x_component = "component"
x_aborted = "aborted"
email_address = "email address"
client_computer = "client computer"
user_account = "user account"
client_os = "client OS"
server_os = "server OS"
share_name = "share name"
content_length = "content length"
blocked_content = "blocked content"
summary = "summary"
flow = "flow"
strings = "strings"
eventlog = "event log"
recordnumber = "record number"
timegenerated = "time generated"
timewritten = "time written"
eventid = "event ID"
eventtype = "event type"
eventtypename = "event type name"
eventcategory = "event category"
eventcategoryname = "event category name"
sourcename = "sourcename"
logins = "logins"
gw_id = "gateway ID"
trace_type = "trace type"
bip_code = "BIP code"
cs_sip = "server IP"
channel_id = "channel ID"
channel_name = "channel name"
cdn_url = "CDN URL"
source_url = "source URL"
proxy_used = "proxy used"
last_modified_time = "last modified time"
headers = "headers"
x_remote_id = "remote ID"
x_sc_contentlength = "server-to-client content length"
x_rs_contentlength = "remote-to-server content length"
x_cs_bodylength = "client-to-server body length"
x_sr_bodylength = "server-to-remote body length"
x_cs_headerlength = "client-to-server header length"
x_sc_headerlength = "server-to-client header length"
x_sr_headerlength = "server-to-remote header length"
x_rs_headerlength = "remote-to-server header length"
x_elapsed_seconds = "elapsed seconds"
evt_ref_id = "event reference ID"
evt_id = "event ID"
evt_name = "event name"
evt_type = "event type"
evt_desc = "event description"
evt_sev = "event severity"
evt_subj = "event subject"
evt_cat = "event category"
evt_date = "event date"
physical_path = "physical path"
virtual_path = "virtual path"
conference_server_address = "conference server address"
conference_id = "conference ID"
client_name = "client name"
client_type = "client type"
cuid = "CUID"
log_date_time = "log date/time"
xlated_src_ip = "translated source IP"
xlated_src_port = "translated source port"
xlated_dst_ip = "translated destination IP"
xlated_dst_port = "translated destination port"
### virus_host_file = "virus host file"
virus_filter = "virus filter"
spam_filter = "spam filter"
s_spam_filter = "signature spam filter"
h_spam_filter = "heuristic (SPS) spam filter"
spam_filter_type = "spam filter type"
spam_detected = "spam detected"
virus_detected = "virus detected"
logging_device_country = "country"
client_version = "client version"
overview_all_sites = "Overview All Sites"
hours_all_sites = "Hours All Sites"
days_all_sites = "Days All Sites"
weekdays_all_sites = "Weekdays All Sites"
traffic_over_time_all_sites = "Traffic Over Time All Sites"
users_all_sites = "Users All Sites"
devices_all_sites = "Devices All Sites"
countries_all_sites = "Countries All Sites"
encryption_all_sites = "Encryption All Sites"
single_des_ips = "Single Des IPs"
client_versions_all_sites = "Client Versions All Sites"
client_ip_all_sites = "Client IP All Sites"
overview_usa = "Overview USA"
overview_usa_usar = "Overview USA (USAR)"
overview_singapore = "Overview Singapore"
overview_uk = "Overview UK"
overview_france = "Overview France"
overview_germany = "Overview Germany"
overview_australia = "Overview Australia"
overview_denmark = "Overview Denmark"
overview_netherlands = "Overview Netherlands"
overview_korea = "Overview Korea"
overview_south_africa = "Overview South Africa"
overview_switzerland = "Overview Switzerland"
logins_usa = "Logins USA"
logins_usa_usar = "Logins USA (USAR)"
logins_singapore = "Logins Singapore"
logins_uk = "Logins UK"
logins_france = "Logins France"
logins_germany = "Logins Germany"
logins_australia = "Logins Australia"
logins_denmark = "Logins Denmark"
logins_netherlands = "Logins Netherlands"
logins_korea = "Logins Korea"
logins_south_africa = "Logins South Africa"
logins_switzerland = "Logins Switzerland"
failed_logins_usa = "Failed Logins USA"
failed_logins_usa_usar = "Failed Logins USA (USAR)"
failed_logins_singapore = "Failed Logins Singapore"
failed_logins_uk = "Failed Logins UK"
failed_logins_france = "Failed Logins France"
failed_logins_germany = "Failed Logins Germany"
failed_logins_australia = "Failed Logins Australia"
failed_logins_denmark = "Failed Logins Denmark"
failed_logins_netherlands = "Failed Logins Netherlands"
failed_logins_korea = "Failed Logins Korea"
failed_logins_south_africa = "Failed Logins South Africa"
failed_logins_switzerland = "Failed Logins Switzerland"
top_hours_usa = "Top Hours USA"
top_hours_usa_usar = "Top Hours USA (USAR)"
top_hours_singapore = "Top Hours Singapore"
top_hours_uk = "Top Hours UK"
top_hours_france = "Top Hours France"
top_hours_germany = "Top Hours Germany"
top_hours_australia = "Top Hours Australia"
top_hours_denmark = "Top Hours Denmark"
top_hours_netherlands = "Top Hours Netherlands"
top_hours_korea = "Top Hours Korea"
top_hours_south_africa = "Top Hours South Africa"
top_hours_switzerland = "Top Hours Switzerland"
weekdays_usa = "Weekdays USA"
weekdays_usa_usar = "Weekdays USA (USAR)"
weekdays_singapore = "Weekdays Singapore"
weekdays_uk = "Weekdays UK"
weekdays_france = "Weekdays France"
weekdays_germany = "Weekdays Germany"
weekdays_australia = "Weekdays Australia"
weekdays_denmark = "Weekdays Denmark"
weekdays_netherlands = "Weekdays Netherlands"
weekdays_korea = "Weekdays Korea"
weekdays_south_africa = "Weekdays South Africa"
weekdays_switzerland = "Weekdays Switzerland"
cert_info = "certificate info"
issuer = "issuer"
af_portal_id = "AF portal ID"
network_name = "network name"
desktop_server = "desktop server"
obj = "object"
ipaddr = "IP address"
message_version = "message version"
sequence_id = "sequence ID"
policy_uuid = "policy UUID"
signature_name = "signature name"
message_parameters = "message parameters"
capture_available = "capture available"
slot_and_segment = "slot/segment"
aggregation_period_start = "aggregation period start"
events_in_aggregation_period = "events in aggregation period"
error_location = "error location"
page_title = "page title"
cat = "category"
cat_desc = "category description"
event_header = "event header"
sensor_name = "sensor name"
collection = "collection"
from_host = "from host"
from_addr = "from address"
catalog_id = "catalog ID"
transmitted_records = "transmitted records"
transmitted_user_data = "transmitted user data"
compressed_user_data = "compressed user data"
file_sender_partner = "file sender partner"
file_receiver_partner = "file receiver partner"
file_sender_user = "file sender user"
file_receiver_user = "file receiver user"
logic_file_id = "logic file ID"
transfer_id = "transfer ID"
date_command_catalog = "date command catalog"
time_command_catalog = "time command catalog"
transfer_begin_date = "transfer begin date"
transfer_begin_time = "transfer begin time"
transfer_end_date = "transfer end date"
transfer_end_time = "transfer end time"
item_type = "item type"
protocol_id = "protocol ID"
compression_rate = "compression rate"
record_size = "record size"
file_record_format = "file record format"
network_compression = "network compression"
private_parameter = "private parameter"
file_application_sender = "file application sender"
file_application_receiver = "file application receiver"
partner_group = "partner group"
calls = "calls"
call_number = "call number"
root_call_number = "root call number"
parent_call_number = "parent call number"
orig_id = "origin ID"
orig_name = "origin name"
orig_dept = "origin department"
account_code = "account code"
dest_id = "destination ID"
dest_dept = "destination department"
call_data = "call data"
auth_code = "auth code"
hunt_group = "hunt group"
client_username = "client username"
object_mime = "object mime"
protocol_name = "protocol name"
rule_1 = "rule 1"
rule_2 = "rule 2"
entity = "entity"
logon_failure = "logon failure"
object_handle = "object handle"
login_duration = "login duration"
available_duration = "available duration"
unavailable_duration = "unavailable duration"
agent_id = "agent ID"
agent_first_name = "agent first name"
agent_last_name = "agent last name"
logout_type = "logout type"
logged_groups = "logged groups"
audit_event_id = "audit event id"
audit_event_id_modifier = "audit event id modifier"
invariant_audit_id = "invariant audit id"
effective_user_id = "effective user id"
effective_group_id = "effective group id"
real_user_id = "real user id"
real_group_id = "real group id"
audit_session_id = "audit session id"
terminal_id = "terminal id"
text = "text"
return_message = "return message"
duration_to_answer = "duration to answer"
talk_duration = "talk duration"
hold_duration = "hold duration"
wrap_duration = "wrap duration"
abandoned_duration = "abandonded duration"
ringing_duration = "ringing duration"
supervisor_help_count = "supervisor help count"
comment = "comment"
event_category = "event category"
account_type = "account type"
assigned_ip_address = "assigned IP address"
bytes_sent_delta = "bytes sent (delta)"
bytes_received_delta = "bytes received (delta)"
processing_time_delta = "processing time (delta)"
bidirectional = "bidirectional"
source_proxy = "source proxy"
destination_proxy = "destination proxy"
client_host_name = "client host name"
destination_host_name = "destination host name"
connection_id = "connection ID"
network_interface = "network interface"
raw_ip_header = "raw IP header"
raw_payload = "raw payload"
original_client_ip = "original client IP"
client_agent = "client agent"
http_response_code = "HTTP response code"
last_command = "last command"
last_response = "last response"
infected_file_name = "infected file name"
liveupdate_result_code = "LiveUpdate result code"
virus_definitions_update_result_code = "virus definitions update result code"
scan_result_code = "scan result code"
spam_filter_outcome = "spam filter outcome"
detection = "detection"
partfile = "partfile"
thread_id = "thread ID"
local_addr = "local address"
peer_addr = "peer address"
peer_port = "peer port"
peer_description = "peer description"
scan_what = "scan what"
scan_detect = "scan detect"
scan_action = "scan action"
delivery_error = "delivery error"
device_hostname = "device hostname"
paks_in = "packets in"
paks_out = "packets out"
acct_flags = "accounting flag"
nas_portname = "NAS portname"
task_id = "task ID"
addr = "address"
x_virus_details = "virus details"
x_icap_error_code = "ICAP error code"
x_icap_error_details = "ICAP error details"
users = "users"
request_bytes = "requested bytes"
license_exp_date = "license expiry date"
license_type = "license type"
debug = "debug"
### object_type = "object type"
### object_name = "object name"
key_info = "key info"
feature_id = "feature ID"
hierarchy_code = "hierarchy code"
proxy_name = "proxy name"
clientip = "client IP"
session_events = "session events"
brick_state = "brick state"
code_id = "code ID"
rule_fields_table = "rule fields table"
eua_result = "EUA result"
sub_type = "sub type"
### eua_result = "EUA result"
auth_timeout = "auth timeout"
user_db = "user DB"
eua_action = "EUA action"
elap = "elap"
vpn_vendor = "VPN vendor"
local_ip = "local IP"
admin_id = "admin id"
option = "option"
exception_type = "exception type"
bandwidth_type = "bandwidth type"
unit = "unit"
passed_bandwidth_after_throttling = "passed bandwidth after throttling"
gamer_tag = "gamer tag"
product_id = "product ID"
title_id = "title ID"
title_name = "title name"
operator_id = "operator ID"
retailer_id = "retailer ID"
payment_method = "payment method"
terminal_type = "terminal type"
totpages = "total pages"
stime = "printer start time"
ptime = "printer end time"
### printer = "printer name"
lines = "lines printed"
copies = "copies printed"
print_duration = "print duration"
system_message = "system message"
relay_hostname = "relay hostname"
relay_ip = "relay IP"
nrcpt = "number of recipients"
messages_rcvd = "messages received"
counter = "counter"
transport_name = "transport name"
router_name = "router name"
warning = "warning"
hostname_ip = "hostname / IP"
### authenticated_name = "auth name"
smtp_delivery_conf = "delivery conf"
cert_verif_status = "cert status"
dist_name_from_peer = "name from peer"
shadow_transport_name = "shadow transport name"
user_rfc1413 = "RFC1413 user"
tls_cipher_suite = "TLS cipher"
messages_sent = "messages sent"
messages_received = "messages received"
messages_queued = "messages queued"
messages_delivered = "messages delivered"
messages_bounced = "messages bounced"
messages_delayed = "messages delayed"
messages_aborted = "messages aborted"
bounce_reason = "bounce reason"
bounce_response = "bounce response"
warnings = "warnings"
warning_message = "warnings"
cid = "Client ID"
rid = "RID"
mid = "MID"
icid = "ICID"
vpn_name = "VPN name"
http_accesses = "HTTP accesses"
errors = "errors"
worms = "worms"
spiders = "spiders"
broken_links = "broken links"
screen_info_hits = "screen info hits"
hit_type = "hit type"
unique_ip_addresses = "unique IP addresses"
filter_action = "filter action"
filter_code = "filter code"
filter_rcode = "filter rcode"
base_code = "base code"
threats = "threats"
scans = "scans"
total_files = "total files"
infected_files = "infected files"
threat = "threat"
threat_type = "threat type"
original_location = "original location"
current_location = "current location"
action_description = "action description"
started_on = "started on"
completed = "completed"
# windows server 2008
security_id = "Security ID"
account_domain = "Account Domain"
new_logon = "New Logon"
worksatation_name = "Workstation Name"
auth_package = "Package"
package_name = "Package Name (NTLM only)"
key_length = "Key Length"
# interscan_messaging_security_suite_integrated
attachment = "attachment"
action_on_content = "action on content"
action_on_message = "action on message"
quarantine_area_name = "quarantine area name"
filter_content = "filter content"
attachment_extension = "attachment extension"
h_spam_filter_outcome = "H spam filter outcome"
s_spam_filter_outcome = "S spam filter outcome"
antivirus_filter_outcome = "antivirus filter outcome"
content_filter_outcome = "content filter outcome"
filtered_messages = "filtered messages"
filtered_packets = "filtered packets"
attachment_outcome = "attachment outcome"
ipfilter_type = "ipfilter type"
messages_processed = "messages processed"
bytes_processed = "bytes processed"
bytes_delivered = "bytes delivered"
outbound_messages = "outbound messages"
virus_processed = "virus processed"
virus_delivered = "virus delivered"
content_detected = "content detected"
content_processed = "content processed"
content_delivered = "content delivered"
spam_processed = "spam processed"
spam_delivered = "spam delivered"
attachment_detected = "attachment detected"
attachment_processed = "attachment processed"
attachment_delivered = "attachment delivered"
# ascenlink
inpkts = "packets in"
outpkts = "packets out"
inbytes = "bytes in"
outbytes = "bytes out"
totlen = "total length"
link = "link"
inclass = "in class"
outclass = "out class"
# msieser_http
client_mac_address = "client MAC address"
server_ip_address = "server IP address"
server_mac_address = "server MAC address"
# mcafee_e1000_mail_scanner
app = "application"
spam_rules = "broken rules"
spam_audit_id = "audit ID"
spam_sender = "sender"
spam_rcpt = "recipients"
spam_address = "source address"
spam_dest_address = "destination address"
# exim_4
recipient_username = "recipient username"
# nessus
subnet = "subnet"
# java_administration_mbean
Active = "active"
DeploymentState = "deployment state"
Destination = "destination"
Durable = "durable"
EJBComponent = "EJB component"
HealthState = "health state"
Status = "status"
Transacted = "transacted"
FilterDispatchedRequestsEnabled = "filter dispatched request enabled"
IndexDirectoryEnabled = "index directory enabled"
JSPDebug = "JSP debug"
JSPKeepGenerated = "JSP keep generated"
JSPVerbose = "JSP verbose"
CachingDisabled = "caching disabled"
ObjectName = "object name"
PoolState = "pool state"
Enabled = "enabled"
Name = "name"
### CachingDisabled = "caching disabled"
### ObjectName = "object name"
### PoolState = "pool state"
### Enabled = "enabled"
SessionMonitoringEnabled = "session monitoring enabled"
# java_administration_mbean numerical fields
MaxCapacity = "max capacity"
CurrCapacity = "current capacity"
ExecuteThreadCurrentIdleCount = "execute thread current idle count"
PendingRequestCurrentCount = "pending request current count"
PendingRequestOld = "old pending request"
ServicedRequestTotalCount = "serviced request total count"
WaitSecondsHighCount = "wait seconds high count"
StatementProfileCount = "statement profile count"
PrepStmtCacheHitCount = "prepared statement cache hit count"
ConnectionsTotalCount = "connections total count"
ConnectionLeakProfileCount = "connection leak profile count"
WaitingForConnectionCurrentCount = "waiting for connection current count"
ActiveConnectionsCurrentCount = "active connection current count"
ActiveConnectionsAverageCount = "active connections average count"
ExecuteThreadTotalCount = "execute thread total count"
ActiveConnectionsHighCount = "active connections high count"
LeakedConnectionCount = "leaked connection count"
PrepStmtCacheMissCount = "prepared statement cache miss count"
WaitingForConnectionHighCount = "waiting for connection high count"
PreparedStatementCacheProfileCount = "prepared statement cache profile count"
FailuresToReconnectCount = "failure to reconnect count"
HighestNumAvailable = "highest num available"
HighestNumUnavailable = "highest num unavailable"
NumAvailable = "num available"
NumUnavailable = "num unavailable"
ConnectionDelayTime = "connection delay time"
AccessTotalCount = "access total count"
ActiveTransactionsTotalCount = "active transactions total count"
BeansInUseCount = "beans in use count"
BeansInUseCurrentCount = "beans in use current count"
BytesCurrentCount = "bytes current count"
BytesHighCount = "bytes high count"
BytesPendingCount = "bytes pending count"
BytesReceivedCount = "bytes received count"
BytesSentCount = "bytes sent count"
BytesThresholdTime = "bytes threshold count"
ConnectionsCurrentCount = "connections current count"
ConnectionsHighCount = "connections high count"
ConsumersCurrentCount = "consumers current count"
ConsumersHighCount = "consumers high count"
ConsumersTotalCount = "consumers total count"
DestinationsCurrentCount = "destinations current count"
DestinationsHighCount = "destinations high count"
DestinationsTotalCount = "destinations total count"
DestroyedTotalCount = "destroyed total count"
IdleBeansCount = "idle beans count"
InitialRecoveredTransactionTotalCount = "initial recovered transaction total count"
JMSServersCurrentCount = "JMS servers current count"
JMSServersHighCount = "JMS servers high count"
JMSServersTotalCount = "JSM servers total count"
MessagesCurrentCount = "messages current count"
MessagesHighCount = "messages high count"
MessagesPendingCount = "messages pending count"
MessagesReceivedCount = "messages received count"
MessagesSentCount = "messages sent count"
MessagesThresholdTime = "messages threshold time"
MissTotalCount = "miss total count"
PendingRequestOldestTime = "pending request oldest time"
PooledBeansCurrentCount = "pooled beans current count"
ProducersCurrentCount = "producers current count"
ProducersHighCount = "producers high count"
ProducersTotalCount = "producers total count"
RecoveredTransactionCompletionPercent = "recovered transactions completion percent"
SecondsActiveTotalCount = "seconds active total count"
SessionPoolsCurrentCount = "session pools current count"
SessionPoolsHighCount = "session pools high count"
SessionPoolsTotalCount = "session pools total count"
SessionsCurrentCount = "sessions current count"
SessionsHighCount = "sessions high count"
SessionsTotalCount = "sessions total count"
TimeoutTotalCount = "timeout total count"
TransactionAbandonedTotalCount = "transaction abandoned total count"
TransactionCommittedTotalCount = "transaction committed total count"
TransactionHeuristicsTotalCount = "transaction heuristics total count"
TransactionRolledBackAppTotalCount = "transaction rolled back app total count"
TransactionRolledBackResourceTotalCount = "transaction rolled back resource total count"
TransactionRolledBackSystemTotalCount = "transaction reolled back system total count"
TransactionRolledBackTimeoutTotalCount = "transaction rolled back timeout total count"
TransactionRolledBackTotalCount = "transaction rolled back total count"
TransactionTotalCount = "transaction total count"
TransactionsCommittedTotalCount = "transactions committed total count"
TransactionsRolledBackTotalCount = "transactions rolled back total count"
TransactionsTimedOutTotalCount = "transactions timed out total count"
WaiterCurrentCount = "waiter current count"
WaiterTotalCount = "waiter total count"
ConnectionPoolCount = "connection pool count"
JSPPageCheckSecs = "JSP page check secs"
OpenSessionsCurrentCount = "open sessions current count"
OpenSessionsHighCount = "open sessions high count"
ServletReloadCheckSecs = "servlet reload check secs"
SessionCookieMaxAgeSecs = "session cookie max age secs"
SessionIDLength = "session ID length"
SessionInvalidationIntervalSecs = "session invalidation interval secs"
SessionTimeoutSecs = "session timeout secs"
SessionsOpenedTotalCount = "session opened total count"
SingleThreadedServletPoolSize = "single threaded servlet pool size"
# trend_micro_control_manager
policy_settings = "policy settings"
generation_time_zone = "generation time zone"
generated = "generated"
infect_source = "infect source"
infect_destination = "infect destination"
pattern = "pattern"
first_action = "first action"
first_action_result = "first action result"
second_action = "second action"
second_action_result = "second action result"
file_path = "file path"
login_user_name = "login user name"
object_name_url = "object name URL"
blocking_type = "blocking type"
blocking_rule = "blocking rule"
malicious_events = "malicious events"
content_filtering_events = "content filtering events"
virus_events = "virus events"
spyware_events = "spyware events"
web_spyware_events = "web spyware events"
workstation_spyware_events = "workstation spyware events"
web_filtering_events = "web filtering events"
email_filtering_events = "email filtering events"
admin_events = "admin events"
download_events = "download events"
workstation_virus_events = "workstation virus events"
web_virus_events = "web virus events"
email_virus_events = "email virus events"
# postfix
messages_blocked = "messages blocked"
messages_expired = "messages expired"
messages_deferred = "messages deferred"
bytes_blocked = "bytes blocked"
bytes_expired = "bytes expired"
bytes_bounced = "bytes bounced"
bytes_deferred = "bytes deferred"
sasl_method = "SASL method"
sasl_username = "SASL user"
# du
kb = "kilobytes"
file_bytes = "bytes from files"
files = "files"
directory = "directory"
directory_bytes_recursive = "bytes in directories (recursively duplicated)"
# kasperskylabs_mailserver
scan_events = "scan events"
modification_time = "modification time"
source1 = "source 1"
# netscreen_ssl_gateway
role = "role"
roles = "roles"
# communigate pro
pop_logins = "pop logins"
pop_messages_retrieved = "pop messages retrieved"
pop_bytes_retrieved = "pop bytes retrieved"
pop_messages_deleted = "pop messages deleted"
# deepmail_pop_imap_smtp
octets_retrieved = "octets retrieved"
messages_listed = "messages listed"
messages_seen = "messsages seen"
messages_unseen = "messsages unseen"
messages_deleted = "messages deleted"
messages_retrieved = "messages retrieved"
queuefile = "queue file"
# locayta_logging
websessionid = "web session ID"
searchtype = "search type"
resulttype = "result type"
servername = "server name"
requeststarttime = "request start time"
requestendtime = "request end time"
requesttotalrecordcount = "request total record count"
requestpagerecordcount = "request page record count"
querystring = "query string"
searches = "searches"
gatewaysessionid = "gateway session id"
searches = "searches"
initialpage = "initial page"
billablesearches = "billable searches"
pagerequests = "page requests"
classificationlist = "classification list"
localitylist = "locality list"
classificationargument = "classification argument"
classificationselection = "classification selection"
localityargument = "locality argument"
localityselection = "locality selection"
paidadsserved = "paid ads served"
bookid = "BookID"
# interscan_web_security_suite
blocked_url = "blocked URL"
opp_id = "opp ID"
content_category = "content category"
trend_category = "trend category"
sub_category = "sub category"
url_filtering_events_url_blocking = "URL filtering events (url_blocking log)"
url_filtering_events_http = "URL filtering events (http log)"
# Clickstream Technologies Plc - DataSherpa Log Format
x_colour_depth = "Colour Depth"
x_javascript_version = "Javascript Version"
x_language = "Language"
x_screen_resolution = "Screen Resolution"
x_timezone_offset = "Timezone Offset"
x_java_enabled = "Java Enabled"
x_browser_size = "Browser Size"
x_connection_type = "Connection Type (client)"
x_homepage = "Homepage (current page)"
x_flash_version = "Flash Version"
x_plug_ins = "Plug-ins"
x_form_data_raw_cookie = "form-data"
x_html_title = "Page Title"
x_accepting_cookies = "Accepting Cookies"
x_impression_id = "Impression ID"
x_client_uid = "Client User ID"
x_display_id = "Page Display ID"
x_new_session_flag = "New Session"
x_new_user_flag = "New User"
x_new_visit_flag = "New Visit"
x_page_enum = "Page Enumeration"
x_popup_flag = "Pop up"
x_previous_page = "Previous Page"
x_referer_host = "Referer Host"
x_request_id = "Request ID"
x_robot_name = "Robot Name"
x_server_uid = "Server User ID"
x_userdefined_page_name = "Page Name (custom)"
x_userdefined_page_name_category = "Page Name Category (custom)"
x_userdefined_page_name_categoryparent = "Page Name CategoryParent (custom)"
x_visit_id = "Visit ID"
x_suspicion_level = "Suspicion Level"
x_extended_data_raw = "CSData"
x_extended_data_error = "CSData - Error"
x_download_time = "Download Time"
# zeus_g
orders = "orders"
mml_order_id = "MML order ID"
gk_order_id = "GK order ID"
item_description = "item description"
item_id = "item ID"
items_ordered = "unique items ordered"
total_amount = "order revenue"
discount_amount = "discount amount"
tax_amount = "tax amount"
shipping_amount = "shipping amount"
item_quantity = "item quantity"
item_cost = "item cost"
total_item_cost = "total item cost"
nodelf = "node"
#### paid_search_engine = "paid search engine"
integrated_search_engine = "search engine"
### # bt_logging
### searches = "searches"
### gatewaysessionid = "gateway session id"
# iscdhcpleases
lease = "lease"
leases = "leases"
# terraplay fields
application_name = "application name"
session_name = "session name"
gas_ip_address = "client GAS IP"
session_profile_name = "session profile name"
client_profile_name = "client profile name"
client_role = "client role"
client_conn = "connections"
total_clients = "total clients per session"
total_objects = "total objects per session"
total_objects_groups = "total object groups per session"
client_status = "client status"
max_upstream = "max byte rate upstream"
max_downstream = "max byte rate downstream"
max_udp_size = "max UDP payload"
term_session_reason = "termination reason (session)"
client_disconn_reason = "disconn reason (client)"
extra_session_info = "info (session)"
extra_client_info = "info (client)"
### # interscan_web_security_suite
### blocked_url = "blocked URL"
### opp_id = "opp ID"
### content_category = "content category"
### trend_category = "trend category"
### sub_category = "sub category"
### url_filtering_events_url_blocking = "URL filtering events (url_blocking log)"
### url_filtering_events_http = "URL filtering events (http log)"
###
### # Clickstream Technologies Plc - DataSherpa Log Format
### x_colour_depth = "Colour Depth"
### x_javascript_version = "Javascript Version"
### x_language = "Language"
### x_screen_resolution = "Screen Resolution"
### x_timezone_offset = "Timezone Offset"
### x_java_enabled = "Java Enabled"
### x_browser_size = "Browser Size"
### x_connection_type = "Connection Type (client)"
### x_homepage = "Homepage (current page)"
### x_flash_version = "Flash Version"
### x_plug_ins = "Plug-ins"
### x_form_data_raw_cookie = "form-data"
### x_html_title = "Page Title"
### x_accepting_cookies = "Accepting Cookies"
### x_impression_id = "Impression ID"
### x_client_uid = "Client User ID"
### x_display_id = "Page Display ID"
### x_new_session_flag = "New Session"
### x_new_user_flag = "New User"
### x_new_visit_flag = "New Visit"
### x_page_enum = "Page Enumeration"
### x_popup_flag = "Pop up"
### x_previous_page = "Previous Page"
### x_referer_host = "Referer Host"
### x_request_id = "Request ID"
### x_robot_name = "Robot Name"
### x_server_uid = "Server User ID"
### x_userdefined_page_name = "Page Name (custom)"
### x_userdefined_page_name_category = "Page Name Category (custom)"
### x_userdefined_page_name_categoryparent = "Page Name CategoryParent (custom)"
### x_visit_id = "Visit ID"
### x_suspicion_level = "Suspicion Level"
### x_extended_data_raw = "CSData"
### x_extended_data_error = "CSData - Error"
### x_download_time = "Download Time"
###
### # zeus_g
### orders = "orders"
### mml_order_id = "MML order ID"
### gk_order_id = "GK order ID"
### item_description = "item description"
### item_id = "item ID"
### items_ordered = "unique items ordered"
### total_amount = "order revenue"
### discount_amount = "discount amount"
### tax_amount = "tax amount"
### shipping_amount = "shipping amount"
### item_quantity = "item quantity"
### item_cost = "item cost"
### total_item_cost = "total item cost"
### nodelf = "node"
#### paid_search_engine = "paid search engine"
### integrated_search_engine = "search engine"
###
### # locayta_logging
### websessionid = "web session ID"
### searchtype = "search type"
### resulttype = "result type"
### servername = "server name"
### requeststarttime = "request start time"
### requestendtime = "request end time"
### requesttotalrecordcount = "request total record count"
### requestpagerecordcount = "request page record count"
### querystring = "query string"
###
### # bt_logging
### searches = "searches"
### gatewaysessionid = "gateway session id"
###
### # iscdhcpleases
### lease = "lease"
### leases = "leases"
# intermapper_event
up_time = "up time"
down_time = "down time"
utilization = "utilization"
index_number = "index number"
# sendmail
ctladdr = "control address"
dsn = "DSN"
full_stat = "full status"
#messages_delivered = "messages delivered"
messages_not_delivered = "messages not delivered"
#bytes_delivered = "bytes delivered"
bytes_not_delivered = "bytes not delivered"
ruleset = "rule set"
total_delay = "delay (total)"
# ascenlink
inpkts = "packets in"
outpkts = "packets out"
inbytes = "bytes in"
outbytes = "bytes out"
totlen = "total length"
link = "link"
inclass = "in class"
outclass = "out class"
# msieser_http
client_mac_address = "client MAC address"
server_ip_address = "server IP address"
server_mac_address = "server MAC address"
# forti_gate
cat_desc = "category description"
serial = "serial"
ui = "UI"
ftp = "FTP"
http = "HTTP"
imap = "IMAP"
pop3 = "POP3"
smtp = "SMTP"
aven = "aven"
fcni = "fcni"
fdni = "fdni"
idsdb = "idsdb"
idsmn = "idsmn"
idssn = "idssn"
libav = "libav"
virdb = "virdb"
# symantec_gateway_security
month = "month"
argument = "argument"
av_comfort = "antivirus comfort"
av_scan = "antivirus scan"
context_data = "context data"
context_description = "context description"
probable_probe = "probable probe"
trace_route_ttl = "trace route TTL"
# mcafee_e1000_mail_scanner
app = "application"
spam_rules = "broken rules"
spam_audit_id = "audit ID"
spam_sender = "sender"
spam_rcpt = "recipients"
spam_address = "source address"
spam_dest_address = "destination address"
# exim_4
recipient_username = "recipient username"
antibody_filter = "antibody filter"
messages_filtered = "messages filtered"
# nessus
subnet = "subnet"
# java_administration_mbean
Active = "active"
DeploymentState = "deployment state"
Destination = "destination"
Durable = "durable"
EJBComponent = "EJB component"
HealthState = "health state"
Status = "status"
Transacted = "transacted"
FilterDispatchedRequestsEnabled = "filter dispatched request enabled"
IndexDirectoryEnabled = "index directory enabled"
JSPDebug = "JSP debug"
JSPKeepGenerated = "JSP keep generated"
JSPVerbose = "JSP verbose"
CachingDisabled = "caching disabled"
ObjectName = "object name"
PoolState = "pool state"
Enabled = "enabled"
Name = "name"
### CachingDisabled = "caching disabled"
### ObjectName = "object name"
### PoolState = "pool state"
### Enabled = "enabled"
SessionMonitoringEnabled = "session monitoring enabled"
# java_administration_mbean numerical fields
MaxCapacity = "max capacity"
CurrCapacity = "current capacity"
ExecuteThreadCurrentIdleCount = "execute thread current idle count"
PendingRequestCurrentCount = "pending request current count"
PendingRequestOld = "old pending request"
ServicedRequestTotalCount = "serviced request total count"
WaitSecondsHighCount = "wait seconds high count"
StatementProfileCount = "statement profile count"
PrepStmtCacheHitCount = "prepared statement cache hit count"
ConnectionsTotalCount = "connections total count"
ConnectionLeakProfileCount = "connection leak profile count"
WaitingForConnectionCurrentCount = "waiting for connection current count"
ActiveConnectionsCurrentCount = "active connection current count"
ActiveConnectionsAverageCount = "active connections average count"
ExecuteThreadTotalCount = "execute thread total count"
ActiveConnectionsHighCount = "active connections high count"
LeakedConnectionCount = "leaked connection count"
PrepStmtCacheMissCount = "prepared statement cache miss count"
WaitingForConnectionHighCount = "waiting for connection high count"
PreparedStatementCacheProfileCount = "prepared statement cache profile count"
FailuresToReconnectCount = "failure to reconnect count"
HighestNumAvailable = "highest num available"
HighestNumUnavailable = "highest num unavailable"
NumAvailable = "num available"
NumUnavailable = "num unavailable"
ConnectionDelayTime = "connection delay time"
AccessTotalCount = "access total count"
ActiveTransactionsTotalCount = "active transactions total count"
BeansInUseCount = "beans in use count"
BeansInUseCurrentCount = "beans in use current count"
BytesCurrentCount = "bytes current count"
BytesHighCount = "bytes high count"
BytesPendingCount = "bytes pending count"
BytesReceivedCount = "bytes received count"
BytesSentCount = "bytes sent count"
BytesThresholdTime = "bytes threshold count"
ConnectionsCurrentCount = "connections current count"
ConnectionsHighCount = "connections high count"
ConsumersCurrentCount = "consumers current count"
ConsumersHighCount = "consumers high count"
ConsumersTotalCount = "consumers total count"
DestinationsCurrentCount = "destinations current count"
DestinationsHighCount = "destinations high count"
DestinationsTotalCount = "destinations total count"
DestroyedTotalCount = "destroyed total count"
IdleBeansCount = "idle beans count"
InitialRecoveredTransactionTotalCount = "initial recovered transaction total count"
JMSServersCurrentCount = "JMS servers current count"
JMSServersHighCount = "JMS servers high count"
JMSServersTotalCount = "JSM servers total count"
MessagesCurrentCount = "messages current count"
MessagesHighCount = "messages high count"
MessagesPendingCount = "messages pending count"
MessagesReceivedCount = "messages received count"
MessagesSentCount = "messages sent count"
MessagesThresholdTime = "messages threshold time"
MissTotalCount = "miss total count"
PendingRequestOldestTime = "pending request oldest time"
PooledBeansCurrentCount = "pooled beans current count"
ProducersCurrentCount = "producers current count"
ProducersHighCount = "producers high count"
ProducersTotalCount = "producers total count"
RecoveredTransactionCompletionPercent = "recovered transactions completion percent"
SecondsActiveTotalCount = "seconds active total count"
SessionPoolsCurrentCount = "session pools current count"
SessionPoolsHighCount = "session pools high count"
SessionPoolsTotalCount = "session pools total count"
SessionsCurrentCount = "sessions current count"
SessionsHighCount = "sessions high count"
SessionsTotalCount = "sessions total count"
TimeoutTotalCount = "timeout total count"
TransactionAbandonedTotalCount = "transaction abandoned total count"
TransactionCommittedTotalCount = "transaction committed total count"
TransactionHeuristicsTotalCount = "transaction heuristics total count"
TransactionRolledBackAppTotalCount = "transaction rolled back app total count"
TransactionRolledBackResourceTotalCount = "transaction rolled back resource total count"
TransactionRolledBackSystemTotalCount = "transaction reolled back system total count"
TransactionRolledBackTimeoutTotalCount = "transaction rolled back timeout total count"
TransactionRolledBackTotalCount = "transaction rolled back total count"
TransactionTotalCount = "transaction total count"
TransactionsCommittedTotalCount = "transactions committed total count"
TransactionsRolledBackTotalCount = "transactions rolled back total count"
TransactionsTimedOutTotalCount = "transactions timed out total count"
WaiterCurrentCount = "waiter current count"
WaiterTotalCount = "waiter total count"
ConnectionPoolCount = "connection pool count"
JSPPageCheckSecs = "JSP page check secs"
OpenSessionsCurrentCount = "open sessions current count"
OpenSessionsHighCount = "open sessions high count"
ServletReloadCheckSecs = "servlet reload check secs"
SessionCookieMaxAgeSecs = "session cookie max age secs"
SessionIDLength = "session ID length"
SessionInvalidationIntervalSecs = "session invalidation interval secs"
SessionTimeoutSecs = "session timeout secs"
SessionsOpenedTotalCount = "session opened total count"
SingleThreadedServletPoolSize = "single threaded servlet pool size"
# trend_micro_control_manager
policy_settings = "policy settings"
generation_time_zone = "generation time zone"
generated = "generated"
infect_source = "infect source"
infect_destination = "infect destination"
pattern = "pattern"
first_action = "first action"
first_action_result = "first action result"
second_action = "second action"
second_action_result = "second action result"
file_path = "file path"
login_user_name = "login user name"
object_name_url = "object name URL"
blocking_type = "blocking type"
blocking_rule = "blocking rule"
malicious_events = "malicious events"
content_filtering_events = "content filtering events"
virus_events = "virus events"
spyware_events = "spyware events"
web_spyware_events = "web spyware events"
workstation_spyware_events = "workstation spyware events"
web_filtering_events = "web filtering events"
email_filtering_events = "email filtering events"
admin_events = "admin events"
download_events = "download events"
workstation_virus_events = "workstation virus events"
web_virus_events = "web virus events"
email_virus_events = "email virus events"
# postfix
messages_blocked = "messages blocked"
messages_expired = "messages expired"
messages_deferred = "messages deferred"
bytes_blocked = "bytes blocked"
bytes_expired = "bytes expired"
bytes_bounced = "bytes bounced"
bytes_deferred = "bytes deferred"
# du
kb = "kilobytes"
file_bytes = "bytes from files"
files = "files"
directory = "directory"
directory_bytes_recursive = "bytes in directories (recursively duplicated)"
# kasperskylabs_mailserver
scan_events = "scan events"
modification_time = "modification time"
source1 = "source 1"
# netscreen_ssl_gateway
role = "role"
roles = "roles"
# communigate pro
pop_logins = "POP logins"
pop_messages_retrieved = "POP messages retrieved"
pop_bytes_retrieved = "POP bytes retrieved"
pop_messages_deleted = "POP messages deleted"
imap_account = "IMAP account"
imap_logins = "IMAP logins"
# deepmail_pop_imap_smtp
octets_retrieved = "octets retrieved"
messages_listed = "messages listed"
messages_seen = "messsages seen"
messages_unseen = "messsages unseen"
messages_deleted = "messages deleted"
messages_retrieved = "messages retrieved"
queuefile = "queue file"
# locayta_logging
websessionid = "web session ID"
searchtype = "search type"
resulttype = "result type"
servername = "server name"
requeststarttime = "request start time"
requestendtime = "request end time"
requesttotalrecordcount = "request total record count"
requestpagerecordcount = "request page record count"
querystring = "query string"
searches = "searches"
gatewaysessionid = "gateway session id"
searches = "searches"
initialpage = "initial page"
billablesearches = "billable searches"
pagerequests = "page requests"
classificationlist = "classification list"
localitylist = "locality list"
classificationargument = "classification argument"
classificationselection = "classification selection"
localityargument = "locality argument"
localityselection = "locality selection"
paidadsserved = "paid ads served"
bookid = "BookID"
# interscan_web_security_suite
blocked_url = "blocked URL"
opp_id = "opp ID"
content_category = "content category"
trend_category = "trend category"
sub_category = "sub category"
url_filtering_events_url_blocking = "URL filtering events (url_blocking log)"
url_filtering_events_http = "URL filtering events (http log)"
# Clickstream Technologies Plc - DataSherpa Log Format
x_colour_depth = "Colour Depth"
x_javascript_version = "Javascript Version"
x_language = "Language"
x_screen_resolution = "Screen Resolution"
x_timezone_offset = "Timezone Offset"
x_java_enabled = "Java Enabled"
x_browser_size = "Browser Size"
x_connection_type = "Connection Type (client)"
x_homepage = "Homepage (current page)"
x_flash_version = "Flash Version"
x_plug_ins = "Plug-ins"
x_form_data_raw_cookie = "form-data"
x_html_title = "Page Title"
x_accepting_cookies = "Accepting Cookies"
x_impression_id = "Impression ID"
x_client_uid = "Client User ID"
x_display_id = "Page Display ID"
x_new_session_flag = "New Session"
x_new_user_flag = "New User"
x_new_visit_flag = "New Visit"
x_page_enum = "Page Enumeration"
x_popup_flag = "Pop up"
x_previous_page = "Previous Page"
x_referer_host = "Referer Host"
x_request_id = "Request ID"
x_robot_name = "Robot Name"
x_server_uid = "Server User ID"
x_userdefined_page_name = "Page Name (custom)"
x_userdefined_page_name_category = "Page Name Category (custom)"
x_userdefined_page_name_categoryparent = "Page Name CategoryParent (custom)"
x_visit_id = "Visit ID"
x_suspicion_level = "Suspicion Level"
x_extended_data_raw = "CSData"
x_extended_data_error = "CSData - Error"
x_download_time = "Download Time"
# zeus_g
orders = "orders"
mml_order_id = "MML order ID"
gk_order_id = "GK order ID"
item_description = "item description"
item_id = "item ID"
items_ordered = "unique items ordered"
total_amount = "order revenue"
discount_amount = "discount amount"
tax_amount = "tax amount"
shipping_amount = "shipping amount"
item_quantity = "item quantity"
item_cost = "item cost"
total_item_cost = "total item cost"
nodelf = "node"
#### paid_search_engine = "paid search engine"
integrated_search_engine = "search engine"
### # bt_logging
### searches = "searches"
### gatewaysessionid = "gateway session id"
# iscdhcpleases
lease = "lease"
leases = "leases"
# terraplay fields
application_name = "application name"
session_name = "session name"
gas_ip_address = "client GAS IP"
session_profile_name = "session profile name"
client_profile_name = "client profile name"
client_role = "client role"
client_conn = "connections"
total_clients = "total clients per session"
total_objects = "total objects per session"
total_objects_groups = "total object groups per session"
client_status = "client status"
max_upstream = "max byte rate upstream"
max_downstream = "max byte rate downstream"
max_udp_size = "max UDP payload"
term_session_reason = "termination reason (session)"
client_disconn_reason = "disconn reason (client)"
extra_session_info = "info (session)"
extra_client_info = "info (client)"
### # interscan_web_security_suite
### blocked_url = "blocked URL"
### opp_id = "opp ID"
### content_category = "content category"
### trend_category = "trend category"
### sub_category = "sub category"
### url_filtering_events_url_blocking = "URL filtering events (url_blocking log)"
### url_filtering_events_http = "URL filtering events (http log)"
###
### # Clickstream Technologies Plc - DataSherpa Log Format
### x_colour_depth = "Colour Depth"
### x_javascript_version = "Javascript Version"
### x_language = "Language"
### x_screen_resolution = "Screen Resolution"
### x_timezone_offset = "Timezone Offset"
### x_java_enabled = "Java Enabled"
### x_browser_size = "Browser Size"
### x_connection_type = "Connection Type (client)"
### x_homepage = "Homepage (current page)"
### x_flash_version = "Flash Version"
### x_plug_ins = "Plug-ins"
### x_form_data_raw_cookie = "form-data"
### x_html_title = "Page Title"
### x_accepting_cookies = "Accepting Cookies"
### x_impression_id = "Impression ID"
### x_client_uid = "Client User ID"
### x_display_id = "Page Display ID"
### x_new_session_flag = "New Session"
### x_new_user_flag = "New User"
### x_new_visit_flag = "New Visit"
### x_page_enum = "Page Enumeration"
### x_popup_flag = "Pop up"
### x_previous_page = "Previous Page"
### x_referer_host = "Referer Host"
### x_request_id = "Request ID"
### x_robot_name = "Robot Name"
### x_server_uid = "Server User ID"
### x_userdefined_page_name = "Page Name (custom)"
### x_userdefined_page_name_category = "Page Name Category (custom)"
### x_userdefined_page_name_categoryparent = "Page Name CategoryParent (custom)"
### x_visit_id = "Visit ID"
### x_suspicion_level = "Suspicion Level"
### x_extended_data_raw = "CSData"
### x_extended_data_error = "CSData - Error"
### x_download_time = "Download Time"
###
### # zeus_g
### orders = "orders"
### mml_order_id = "MML order ID"
### gk_order_id = "GK order ID"
### item_description = "item description"
### item_id = "item ID"
### items_ordered = "unique items ordered"
### total_amount = "order revenue"
### discount_amount = "discount amount"
### tax_amount = "tax amount"
### shipping_amount = "shipping amount"
### item_quantity = "item quantity"
### item_cost = "item cost"
### total_item_cost = "total item cost"
### nodelf = "node"
#### paid_search_engine = "paid search engine"
### integrated_search_engine = "search engine"
###
### # locayta_logging
### websessionid = "web session ID"
### searchtype = "search type"
### resulttype = "result type"
### servername = "server name"
### requeststarttime = "request start time"
### requestendtime = "request end time"
### requesttotalrecordcount = "request total record count"
### requestpagerecordcount = "request page record count"
### querystring = "query string"
###
### # bt_logging
### searches = "searches"
### gatewaysessionid = "gateway session id"
###
### # iscdhcpleases
### lease = "lease"
### leases = "leases"
# intermapper_event
up_time = "up time"
down_time = "down time"
utilization = "utilization"
index_number = "index number"
# sendmail
ctladdr = "control address"
dsn = "DSN"
# msieser_smtp
cc = "CC"
attachments = "attachments"
# praudit
audit_event_id = "audit event ID"
audit_event_id_modifier = "audit event ID modifier"
invariant_audit_id = "invariant audit ID"
effective_user_id = "effective user ID"
effective_group_id = "effective group ID"
real_user_id = "real user ID"
real_group_id = "real group ID"
audit_session_id = "audit session ID"
terminal_id = "terminal ID"
text = "text"
return_message = "return message"
audit_event_id = "audit event ID"
audit_event_id_modifier = "audit event ID modifier"
invariant_audit_id = "invariant audit ID"
effective_user_id = "effective user ID"
effective_group_id = "effective group ID"
real_user_id = "real user ID"
real_group_id = "real group ID"
audit_session_id = "audit session ID"
terminal_id = "terminal ID"
text = "text"
return_message = "return message"
access_mode = "access mode"
owner_user_id = "owner user ID"
owner_group_id = "owner group ID"
file_system_id = "file system ID"
inode_id = "inode ID"
exec_args = "exec args"
# zyxel_firewall_welf
devid = "device ID"
cat = "category"
protoid = "protocol ID"
trans = "transfer"
# forti_gate
cat_desc = "category description"
serial = "serial"
ui = "UI"
ftp = "FTP"
http = "HTTP"
imap = "IMAP"
pop3 = "POP3"
smtp = "SMTP"
aven = "aven"
fcni = "fcni"
fdni = "fdni"
idsdb = "idsdb"
idsmn = "idsmn"
idssn = "idssn"
libav = "libav"
virdb = "virdb"
app_type = "application type"
# symantec_gateway_security
month = "month"
argument = "argument"
av_comfort = "antivirus comfort"
av_scan = "antivirus scan"
context_data = "context data"
context_description = "context description"
probable_probe = "probable probe"
trace_route_ttl = "trace route TTL"
# mailman_post
posting_user = "posting user"
posts = "posts"
# watchguard_xml
pckt_len = "packet length"
ip_hdr_len = "IP header length"
tz = "timezone"
pr = "protocol"
wgt = "WGT"
proc_id = "process ID"
disp = "displacement"
src_intf = "source interface"
why = "reason"
recv = "received"
# watchguard_xml
pckt_len = "packet length"
ip_hdr_len = "IP header length"
tz = "timezone"
pr = "protocol"
wgt = "WGT"
proc_id = "process ID"
disp = "displacement"
src_intf = "source interface"
why = "reason"
recv = "received"
src_user = "source user"
src_ip_nat = "source IP (NAT)"
src_port_nat = "source port (NAT)"
dst_ip_nat = "destination IP (NAT)"
dst_port_nat = "destination IP (NAT)"
dst_intf = "destination interface"
alarm_id = "alarm ID"
alarm_name = "alarm name"
msg_id = "message ID"
proxy_act = "proxy action"
new_msg = "new message"
tcpinfo = "TCP information"
cats = "categories"
# microsoft_windows_firewall
tcpsyn = "TCP SYN"
tcpack = "TCP ACK"
tcpwin = "TCP window"
icmpcode = "ICMP code"
# amavis
mail_id = "mail ID"
# cisco_as5300
slot_port = "slot port"
slot_contr_chan = "slot/control/channel"
call_id = "call ID"
std = "standard"
prot = "protocol"
comp = "compression"
init_rx_b_rate = "initial receive bit rate"
init_tx_b_rate = "initial transfer bit rate"
finl_rx_b_rate = "final receive bit rate"
finl_tx_b_rate = "final transfer bit rate"
retr = "retries"
rx_chars = "received chars"
tx_chars = "transferred chars"
bad = "bad"
rx_ec = "received EC"
tx_ec = "transferred EC"
finl_state = "final state"
disc_radius_ = "disconnect (radius)"
disc_modem_ = "disconnect (modem)"
calls = "calls"
# mc_afee_web_shield_xml
utc_time = "UTC time"
local_time = "local time"
tz_offset = "timezone offset"
os_name = "OS name"
os_version = "OS version"
host_ip = "host IP"
host_domain_name = "host domain name"
sev_type = "severity type"
client_request = "client request"
client_request_line = "client request line"
audit_id = "audit ID"
conversation_id = "conversation ID"
conversation_policy = "conversation policy"
neat_delta = "neat delta"
neat_starttime = "neat starttime"
# xwall
returnpath = "return path"
msgdate = "message date"
msgtime = "message time"
sendprio = "send priority"
rr = "RR"
att = "ATT"
history = "history"
infected = "infected"
virusinfo = "virus info"
format = "format"
bayes = "bayes"
exclude = "exclude"
ipaddress = "IP address"
heuristic = "heuristic"
atttype = "ATT type"
slsservice = "SLS service"
slsinfo = "SLS info"
# internet_security_systems_network_sensors
tag_name = "tag name"
event_count = "event count"
target_ip = "target IP"
sensor_dns_name = "sensor DNS name"
algorithm_id = "algorithm ID"
attacksuccessful = "attack successful"
ianaprotocolid = "iana protocol ID"
sourceethernetaddress = "source ethernet address"
systemagent = "system agent"
intruder_ip_addr = "intruder IP address"
packet_destinationaddress = "packet destination address"
packet_destinationport = "packet destination port"
packet_destinationportname = "packet destination port name"
packet_sourceaddress = "packet source address"
packet_sourceport = "packet source port"
packet_sourceportname = "packet source port name"
victim_ip_addr = "victim IP addr"
login = "login"
attackorigin = "attack origin"
caller_machine_name = "caller machine name"
destinationethernetaddress = "destination ethernet address"
serverid = "server ID"
intruder_ip_addr = "intruder IP address"
victim_ip_addr = "victim IP address"
victimip = "victim IP"
accessed = "accessed"
http_server = "HTTP server"
login = "login"
accessed = "accessed"
content_range = "content range"
repeat_count = "repeat count"
firstip = "first IP"
secondip = "second IP"
xid = "XID"
http_server = "HTTP server"
server_type = "server type"
victimip = "victim IP"
# snare_aix
obs1 = "obs1"
obs2 = "obs2"
egid = "group ID"
epriv = "privileges"
fd = "file descriptor"
# Domino Access logs
translated_uri = "translated URI"
cookie_header = "cookie header"
# sourcefile_ids
initiator_ip = "initiator IP"
responder_ip = "responder IP"
initiator_port = "initiator port"
responder_port = "responder port"
first_packet = "first packet"
last_packet = "last packet"
protocols = "protocols"
client_application_id = "client application ID"
client_application_version = "client application version"
unique_initiator_ips = "unique initiators IPs"
# autoadmin
is_error = "is error"
# blue_coat_w3_c
cs_uri_path = "path"
# symantec_antivirus
logged_by = "logger"
# annex_term_server
terminal = "terminal"
port_number = "port number"
# kerio_mailserver
sender_host = "sender host"
messages_failed = "messages failed"
messages_relayed = "messages relayed"
bytes_failed = "bytes failed"
bytes_relayed = "bytes relayed"
bytes_delayed = "bytes delayed"
security_events = "security events"
messages_spam_filtered = "messages spam filtered"
bytes_spam_filtered = "bytes spam filtered"
spam_threshold = "spam threshold"
spam_subject = "spam subject"
# netscape
req__headers_host = "server domain"
# backup_exec
set_resource_name = "set resource name"
resource_name = "set resource name"
tape_name = "tape name"
display_volume = "display volume"
volume_display_volume = "display volume"
backup_type = "backup type"
mail_messages_backed_up = "mail messages backed up"
folders_backed_up = "folders backed up"
mailboxes_backed_up = "mailboxes backed up"
files_backed_up = "files backed up"
directories_backed_up = "directories backed up"
sets_backed_up = "sets backed up"
misc = "miscellaneous"
summary_misc = "miscellaneous"
joblog_header_server = "server"
joblog_header_name = "name"
# argosoft_mail_server
connections_rejected = "connections rejected"
bytes_queued = "bytes queued"
rejection_reason = "rejection reason"
spam_messages_queued = "spam messages queued"
spam_messages_delivered = "spam messages delivered"
# mps
retrieved_documents = "retrieved documents"
searched_databases = "searched databases"
retrieved_from_database = "retrieved from database"
document_id = "document ID"
item = "item"
# tipping_point_ips
message_version = "message version"
iso_start_time = "iso start time"
alert_hostname = "alert hostname"
alert_ip = "alert IP"
sequence_id = "sequence ID"
reserved = "reserved"
policy_uuid = "policy UUID"
signature_name = "signature name"
protocol_name = "protocol name"
iso_end_time = "iso end time"
traffic_threshold_parameters = "traffic threshold parameters"
traffic_capture_available = "traffic capture available"
slot_and_segment = "slot and segment"
request_target = "request target"
request_detail = "request detail"
firewall_ip_protocol = "firewall IP protocol"
# barracuda_spam_firewall
messages_quarantined = "messages quarantined"
spam_blocking_expression = "spam blocking expression"
messages_tagged = "messages tagged"
virus_blocking_expression = "virus blocking expression"
messages_spam_blocked = "messages spam blocked"
messages_virus_blocked = "messages virus blocked"
queued_messages_quarantined = "queued messages quarantined"
queued_messages_spam_blocked = "queued messages spam blocked"
queued_messages_virus_blocked = "queued messages virus blocked"
queued_messages_tagged = "queued messages tagged"
delivered_messages_quarantined = "delivered messages quarantined"
delivered_messages_spam_blocked = "delivered messages spam blocked"
delivered_messages_virus_blocked = "delivered messages virus blocked"
delivered_messages_tagged = "delivered messages tagged"
encrypted = "encrypted"
queue_id = "queue ID"
messages_scanned = "messages scanned"
messages_rejected = "messages rejected"
messages_allowed = "messages allowed"
messages_deferred_scan = "messages deferred (SCAN)"
messages_deferred_recv = "messages deferred (RECV)"
messages_pu_quarantined = "messages quarantined (per user)"
messages_whitelist = "messages whitelisted"
# juniper_ssl
concurrent_users = "Concurrent Users"
concurrent_users_count = "Concurrent User Events"
j_date_time = "j date time"
failed_logins = "failed logins"
# cisco_voice_router
receivepackets = "packets received"
# openldap
search_base = "search base"
search_scope = "search scope"
search_filter = "search filter"
search_result_tag = "search result tag"
search_result_err = "search result error"
search_result_txt = "search result text"
bind_dn = "bind DN"
bind_method = "bind method"
bind_result_tag = "bind result tag"
bind_result_err = "bind result error"
bind_result_txt = "bind result text"
# barrier_group
event_protocol = "event protocol"
source_mac = "source MAC"
internal_source = "internal source"
blocked_source = "blocked source"
dest_ip = "destination IP"
dest_port = "destination port"
dest_url = "destination URL"
dest_mac = "destination MAC"
internal_dest = "internal destination"
blocked_dest = "blocked destination"
good_host = "good host"
bad_host = "bad host"
detector = "detector"
internal_sources = "internal sources"
blocked_sources = "blocked sources"
internal_destinations = "internal destinations"
blocked_destinations = "blocked destinations"
good_hosts = "good hosts"
bad_hosts = "bad hosts"
# performance_monitor
machine = "machine"
percent_cpu_used = "percent cpu used"
load = "load"
disk_usage = "disk usage"
samples = "samples"
packets_in_out = "packets in/out"
percent_cpu_used_average = "average percent cpu used"
load_average = "average load"
disk_usage_average = "average disk usage"
packets_in_out_average = "average packets in/out"
percent_cpu_used_maximum = "maximum percent cpu used"
load_maximum = "maximum load"
disk_usage_maximum = "maximum disk usage"
packets_in_out_maximum = "maximum packets in/out"
percent_cpu_used_minimum = "minimum percent cpu used"
load_minimum = "minimum load"
disk_usage_minimum = "minimum disk usage"
packets_in_out_minimum = "minimum packets in/out"
page_faults = "page faults"
page_faults_minimum = "minimum page faults"
page_faults_maximum = "maximum page faults"
page_faults_average = "average page faults"
errors_minimum = "minimum errors"
errors_maximum = "maximum errors"
errors_average = "average errors"
# cisco_wlan_controller
source_code_filename = "source code filename"
source_code_line_number = "source code line number"
# aventail_client_server_access
auth_method = "authentication method"
equipment_id = "equipment ID"
timezone = "time zone"
dest_host = "destination host"
# aventail_web_access.cfg
full_ldap_user = "full LDAP user"
# racf_security.cfg
sysid = "system ID"
job = "job"
step = "step"
terminal_level = "terminal level"
qual = "qualifier"
jobid = "job ID"
userdata = "user data"
jesinput = "JES input"
exenode = "EXE node"
appl = "application"
dataset = "dataset"
genprof = "generate profile"
volume = "volume"
intent = "intent"
allowed = "allowed"
token_status = "token status"
# windows_event_log_dumpel
document_number = "document number"
document_name = "document name"
pages = "pages"
new_handle_id = "new handle ID"
event_code_description = "event code description"
event_code_category = "event code category"
# microsoft_media_server
x_duration_per_visitor = "play duration per visitor"
x_duration_per_clip = "play duration per clip"
x_duration_per_success_access = "play duration per successful access"
session_event_type = "session event type"
successful_clips = "successful clips"
successful_accesses = "successful accesses"
property_value = "property value"
stream_start_stop_events = "stream start/stop events"
# cisco_pix
source_network_port = "source network port"
destination_network_port = "destination network port"
icmp_type = "ICMP type"
icmp_code = "ICMP code"
aaa_status = "AAA status"
group_policy = "group policy"
private_ip = "private IP"
message_facility = "message facility"
message_severity = "message severity"
message_mnemonic = "message mnemonic"
client_type = "client type"
client_public_addr = "client public address"
server_public_addr = "server public address"
assigned_public_addr = "assigned public address"
# cisco_pix numeric
connections_torn_down = "connections torn down"
connections_built = "connections built"
access_list = "access list"
vty_line = "VTY line"
# log4j
agency_id = "agency ID"
build = "build"
# beatbox
sc_ack_time = "server-to-client ack time"
cs_ack_time = "server-to-client ack time"
sc_send_time = "server-to-client send time"
cs_send_time = "server-to-client send time"
sc_reply_time = "server-to-client reply time"
cs_reply_time = "server-to-client reply time"
# ice_cast
total_duration_96kbps = "total duration (based on 96kbps)"
average_duration_96kbps = "average duration (based on 96kbps)"
more_than_15_minutes = "more than 15 minutes"
fifteen_minute_sessions = "fifteen minute sessions"
# Mutiny
property_value = "Value"
event_status = "Event status"
node_name = "Node names"
node_label = "Node label"
event_state = "Event state"
event_id = "Event ID"
property_event = "Property events"
cpu_load = "CPU Load"
mem_usage = "Memory Usage"
disk_usage = "Disk Usage"
if_usage_in = "Interface Usage (in)"
if_usage_out = "Interface Usage (out)"
if_bandwidth_in = "Interface Bandwidth (in)"
if_bandwidth_out = "Interface Bandwidth (out)"
if_bandwidth_tot = "Interface Bandwidth (total)"
# blue_coat_w3_c
af_site_name = "site name"
af_country_code = "country code"
af_reporting_region_code = "reporting region code"
af_reporting_sector_code = "reporting sector code"
af_hyperion_code = "hyperion code"
# cisco_vpnconcentrator
vpn_sessions = "VPN sessions"
arp_ip = "ARP IP"
arp_mac = "ARP MAC"
# MainEnable Mail Server
pop_events = "POP events"
# iptables_config
rule_no = "rule number"
rule_name = "rule name"
inbound_inf = "inbound interface"
outbound_inf = "outbound interface"
source_ports = "source ports"
destination_ports = "destination ports"
# microsoft_exchange2000
unique_message_ids = "unique message IDs"
sender_domain = "sender domain"
recipient_domain = "recipient domain"
# radius_accounting
current_connections = "current connections"
maximum_connections = "maximum connections"
cisco_av_pair = "cisco AV pair"
aaa_server = "AAA server"
network_device_group = "network device group"
access_device = "access device"
outer_ip_address = "outer IP address"
# flash_media_server
sc_stream_bytes = "server-to-client stream bytes"
x_file_size = "file size"
x_file_length = "file length"
stream_stop_file_length = "file length (at stream stop)"
x_app = "application"
x_category = "event category"
x_event = "event type"
x_pid = "PID"
x_sid = "stream ID"
# 2009-07-29 - MSG - Changed the label for this field from 'Server name' to 'Stream name' since
# the field values are stream URLs and customers didn't know where the URL report was.
#x_sname = "server name"
x_sname = "stream name"
x_comment = "comment"
c_client_id = "client ID"
x_suri_stem = "server path name"
c_referrer = "referrer"
c_user_agent = "user agent"
c_proto = "client protocol"
x_ctx = "context"
x_sname_query = "stream URI query"
x_file_ext = "file extension"
x_spos = "stream position"
x_status = "status"
session_duration = "media session duration"
stream_duration = "stream duration"
stream_duration_per_event = "stream duration per event"
stream_duration_per_visitor = "stream duration per visitor"
# edgecast_flash_media_server
flash_session_duration = "flash session duration"
watch_duration_percentage = "watch duration percentage"
bytes_watched_percentage = "bytes watched percentage"
stream_duration_per_client_ip = "stream duration per client IP"
# ezproxy
ezproxy_dbvar0 = "database variable"
ezproxy_groups = "groups"
ezproxy_protocol = "protocol"
ezproxy_session = "current session"
ezproxy_usrvar0 = "user"
ezproxy_usrvar1 = "user"
ezproxy_usrvar2 = "user"
ezproxy_usrvar3 = "user"
ezproxy_usrvar4 = "user"
ezproxy_usrvar5 = "user"
ezproxy_usrvar6 = "user"
ezproxy_usrvar7 = "user"
ezproxy_usrvar8 = "user"
ezproxy_usrvar9 = "user"
# ironmail_spam
esp_total_points = "ESP total points"
# peoplesoft_appserver
lang = "language"
token = "token"
identifier = "identifier"
# applied_identity
ruleid = "rule ID"
authsource = "authentication source"
# sidewinder_firewall
ipkt = "packets in"
opkt = "packets out"
agent_type = "agent type"
acl_id = "ACL ID"
cache_hit = "cache hit"
acl_position = "ACL position"
request_status = "request status"
cpu_data = "CPU data"
real_data = "real data"
virt_data = "virtual data"
load_data = "load data"
mbuf_data = "MBUF data"
dsthostname = "destination hostname"
filedom = "file domain"
filetyp = "file type"
permgranted = "permission granted"
permwanted = "permission wanted"
originator_domain = "originator domain"
recipient_domain = "recipient domain"
srcdmn = "source domain"
srchostname = "source hostname"
srcservice = "source service"
tgtdmn = "target domain"
udb_action = "UDB action"
udb_admin = "UDB admin"
udb_class = "UDB class"
udb_user = "UDB user"
# cisco_net_flow_flow_export
dpkts = "packets"
doctets = "bytes"
unix_secs = "unix seconds"
unix_nsecs = "unix nseconds"
sysuptime = "system uptime"
exaddr = "exporter IP"
first = "first"
engine_type = "engine type"
engine_id = "engine ID"
srcaddr = "source address"
dstaddr = "destination address"
nexthop = "next hop IP"
input = "input interface number"
output = "output interface number"
src_mask = "source mask"
dst_mask = "destination mask"
src_as = "source AS"
dst_as = "destination AS"
tos = "type of service"
# sonic_wall_tz_170
destination_description = "destination description"
scanned_port_list = "scanned port list"
# net_cache_net_app55
x_client_port = "client port"
x_action = "action"
x_packets = "packets sent"
x_dropped_bytes = "bytes dropped"
x_requested_packets = "packets requested"
x_dropped_packets = "packets dropped"
x_protocol = "protocol"
x_transport = "transport protocol"
x_product = "product"
x_client_id = "client ID"
x_wwfilter_categories = "filter categories"
x_wwfilter_result = "filter result"
x_elapsed_milliseconds = "elapsed milliseconds"
x_play_time = "play times"
x_connect_time = "connect times"
x_play_time_per_visitor = "play time per visitor"
x_play_time_per_request = "play time per request"
x_connect_time_per_visitor = "connect times per visitor"
x_connect_time_per_request = "connect times per request"
x_last_verify = "last verify time"
cached = "cache status"
sc_comment = "server comment"
# mutiny
view = "view"
mutiny_node = "mutiny node"
session_timing_event = "session timing event"
property_name_du = "property name du"
property_name_iu = "property name iu"
property_name_ib = "property name ib"
uptime_events = "uptime events"
property_event_cpu_load = "property event cpu load"
property_event_memory_usage = "property event memory usage"
property_event_disk_usage = "property event disk usage"
property_event_interface_usage_in = "property event interface usage in"
property_event_interface_usage_out = "property event interface usage out"
property_event_interface_bandwidth_in = "property event interface bandwidth in"
property_event_interface_bandwidth_out = "property event interface bandwidth out"
# safesquid_combined
filter_reason = "filter reason"
interface_ip = "interface ip"
interface_port = "interface port"
unique_record_id = "unique record id"
client_connection_id = "client connection id"
http_status_code = "http status code"
filter_reason = "filter reason"
interface_ip = "interface ip"
interface_port = "interface port"
profiles = "profiles"
events_profile = "events (profile)"
bytes_transferred_profile = "bytes transferred (profile)"
elapsed_time_profile = "elapsed time (profile)"
# safesquid_orange
unique_ips = "unique IPs"
clientid = "clientid"
client_accept = "client accept"
client_referer = "client referrer"
client_host = "client host"
client_range = "client range"
http_file = "HTTP file"
http_host = "HTTP host"
http_port = "HTTP port"
http_proto = "HTTP proto"
pwd = "pwd"
shlvl = "shlvl"
client_cookie = "client cookie"
client_user_agent = "client user agent"
# iscdhcp
lease_duration = "lease duration"
network = "network"
# juniper_netscreen_secure_access
request_url = "request url"
user_role = "user role"
user_realm = "user realm"
meeting_id = "meeting id"
meeting_name = "meeting name"
meeting_description = "meeting description"
upload_download_file_type = "upload/download file type"
destination_path = "destination path"
scheme = "scheme"
# numeric
web_access_duration = "Web access duration"
items_listed = "items listed"
chunks_read = "chunks read"
chunks_written = "chunks written"
terminal_connections_authorized = "terminal connections authorized"
planned_meeting_duration = "Planned meeting duration"
meeting_attendee_duration = "Meeting attendee duration"
meeting_attendee = "Total attendees"
meeting_data = "Total transmitted data size(KB)"
# centricity_pacs
## evc = "event ckey"
## type = "event type"
## edt = "event date time"
## euid = "exam ID"
## suid = "study ID"
## an = "accession number"
## pc = "procedure code"
## pd = "procedure description"
## mod = "modality"
## bp = "body part"
## sc = "site code"
## sd = "study date"
## acqsc = "acquisition site"
## ad = "acquisition date"
## ni = "number of images"
## nri = "number of rejected images"
## nf = "total number of frames"
## nrf = "number of rejected frames"
## ep = "exam priority"
## es = "exam status"
## aqs = "acquisition status"
## stsid = "short term storage device"
## vuid = "long term archive device"
## rpid = "requesting physician ID"
## rpn = "requesting physician name"
## apid = "approving physician ID"
## apn = "approving physician name"
## did = "deptartment ID"
## wid = "workstation ID"
## unm = "user name"
## uid = "user name"
## pdob = "patient birth date"
## rpi = "patient ID"
## urpi = "internal patient ID"
## pn = "patient name"
## ls = "archive status"
## osuid = "old study ID"
## oan = "old accession number"
## orpi = "old patient ID"
## ourpi = "old internal patient ID"
## opn = "old patient name"
# easy_lender_login_audit
user_full_name = "user name"
user_last_name = "user last name"
user_title = "user title"
account_status = "account status"
# tfs_mailreport_extended
attachment_size = "attachment size"
message_id = "message ID"
host_ip_address = "host IP address"
message_signature = "message signature"
message_encryption = "message encryption"
attachment_name = "attachment name"
attachment_signature = "attachment signature"
attachment_encryption = "attachment encryption"
virus_result = "virus result"
virus_action = "virus action"
policy_result = "policy result"
policy_action = "policy action"
connecting_ip_address = "connecting IP address"
rbl_domain = "RBL domain"
rbl_response = "RBL response"
connection_action = "connection action"
connection_status = "connection status"
connection_result = "connection result"
# zone_alarm
source_description = "source description"
# nortel_ssl_vpn
share = "share"
tunip = "tunnel IP"
groups = "groups"
# Just the flight
ppc = "PPC"
ppcseid = "PPC search engine ID"
ppcsekeyword = "PPC search engine keywords"
log_order_number = "order number"
log_amount = "amount"
log_name = "name"
log_email = "email"
# Kerio WinRoute Web format
page_title = "page title"
# iron_port
sbrs_action = "SBRS action"
sbrs_list = "SBRS list"
sbrs_score = "SBRS score"
webrep = "Web Reputation"
dvs = "DVS engine"
spyware_name = "spyware name"
trr = "threat risk rating"
webroot_threat_id = "webroot thread ID"
webroot_trace_id = "webroot trace ID"
bandwidth_source = "bandwidth source"
message_deliveries_aborted = "message deliveries aborted"
messages_spam_positive = "messages spam positive"
messages_virus_positive = "messages virus positive"
# inter_scan_viruswall
http_events = "HTTP events"
# cwat
site_id = "site ID"
alert_id = "alert ID"
alert_sequence = "alert sequence"
alert_date = "alert date"
alert_status_code = "alert status code"
alert_status = "alert status"
thread_id = "thread ID"
machine_time = "machine time"
sequence_number = "sequence number"
cwat_node_management_id = "CWAT node management ID"
alert_location = "alert location"
flag_under_om_management = "flag under OM management"
log_number = "log number"
alert_type = "alert type"
alert_level = "alert level"
policy_category = "policy category"
suspicious_event_score = "suspicious event score"
suspicious_event_day = "suspicious event day"
suspicious_event_time = "suspicious event time"
suspicious_event_score_statement = "suspicious event score statement"
node_usage_type = "node usage type"
logon_user = "logon user"
bus_discrimination_id = "bus discrimination ID"
bus_peculiar_code = "bus peculiar code"
device_discrimination_id = "device discrimination ID"
device_peculiar_code = "device peculiar code"
bus_status = "bus status"
output_file_size = "output file size"
output_file_name = "output file name"
startup_shutdown_process_name = "startup shutdown process name"
window_name = "window name"
source_file_name = "source file name"
dest_file_name = "dest file name"
install_app_name = "install app name"
dest_installation = "dest installation"
book_name = "book name"
keyword = "keyword"
screenshot_info = "screenshot info"
sourcemac = "sourcemac"
communication_type = "communication type"
unregistered_node_ip = "unregistered node IP"
unregistered_node_mac = "unregistered node mac"
last_shutdown = "last shutdown"
packet_data = "packet data"
tampered_log_name = "tampered log name"
os_time_after_tamper = "os time after tamper"
machine_alert_id = "machine alert ID"
alert_event_type = "alert event type"
media_name = "media name"
bcc = "bcc"
send_time = "send time"
mail_size = "mail size"
mail_count = "mail count"
mail_body = "mail body"
attachment_presence = "attachment presence"
attach_name = "attach name"
attach_size = "attach size"
keyboard_operation = "keyboard operation"
clipboard_type = "clipboard type"
clipboard_information = "clipboard information"
alert_status_update_time = "alert status update time"
record_update_time = "record update time"
action_date = "action date"
operator = "operator"
action_contents_code = "action contents code"
action_contents = "action contents"
action_result_code = "action result code"
action_result = "action result"
auto_mnl_action_code = "auto mnl action code"
auto_mnl_action = "auto mnl action"
cwat_standard_time_action = "CWAT standard time action"
sequence_number_action = "sequence number action"
alert_id_action = "alert id action"
user_name_action = "user name action"
comment = "comment"
update_time = "update time"
virus_check_result_code = "virus check result code"
virus_check_result = "virus check result"
virus_check_start_time = "virus check start time"
virus_check_complete_time = "virus check complete time"
nodes = "nodes"
site_name = "site name"
last_alert_time = "last alert time"
power_on = "power on"
power_off = "power off"
medium = "medium"
pending = "pending"
checking = "checking"
processed = "processed"
no_action = "no action"
alert_count = "alert count"
node_count = "node count"
cwat_location = "user group"
high_priority_events = "high priority events"
medium_priority_events = "medium priority events"
low_priority_events = "low priority events"
# managers_events = "managers events"
# partners_events = "partners events"
# normal_events = "normal events"
alert_month = "alert month"
# intersafe
sub_group = "sub-group"
account_name = "account name"
transmit_status = "transmit status"
transmit_time = "transmit time"
transmit_data = "transmit data"
document_type = "document type"
request_protocol = "request protocol"
# syslog_ng_tab_separated
syslog_facility = "syslog facility"
syslog_level = "syslog level"
syslog_tag = "syslog tag"
syslog_syslogread = "syslog read"
syslog_seq = "syslog sequence number"
syslog_datetime = "syslog datetime"
# netgear_fvl328_syslog_required
destination_url = "destination url"
host_mac_address = "host MAC address"
# SmoothWall Guardian 5
filter_group_name = "filter group name"
filter_group_id = "filter group ID"
page_score = "page score"
page_category = "page category"
# piolink_network_loadbalance
full_message = "full message"
# sun_one_netscape_directory_server
connection_id = "connection ID"
attrs = "attributes"
file_descriptor = "file descriptor"
closing_code = "closing code"
from_ip = "from IP"
to_ip = "to IP"
csn = "CSN"
abandon_msgid = "abandon message ID"
newrdn = "new RDN"
oid = "OID"
targetop = "target operation"
err = "error"
sun_etime = "etime"
sun_etime2 = "etime"
connection_duration = "connection duration"
server_start_time = "server start time"
# web_sense
url_ip = "URL IP"
# sharetech_firewall
spt = "source port"
dpt = "destination port"
wan = "WAN"
mark = "mark"
# datagram_syslog_agent
print_filename = "print filename"
print_program = "print program"
print_file_owner = "print file owner"
print_method = "print method"
print_bytes = "print bytes"
print_pages = "print pages"
system_information = "system information"
# tivoli_access_manager_webseal
accessor_name_in_rgy = "accessor name"
accessor_principal_domain = "accessor principal domain"
accessor_session_id = "accessor session id"
accessor_user_location = "accessor user location"
accessor_user_location_type = "accessor user location type"
originator_component_rev = "originator component revision"
originator_event_id = "originator event id"
originator_instance = "originator instance"
resource_access_action = "resource access action"
resource_access_httpmethod = "resource access method"
resource_access_httpresponse = "resource access response"
resource_access_httpurl = "resource access url"
target_object_nameinapp = "target object name"
# broadweb
devicetype = "device type"
ifno = "interface number"
rulename = "rule name"
ori = "ORI"
btime = "begin time"
# openbsd_packet_filter
window_size = "window size"
tcp_header_options = "TCP header options"
dont_fragment_bit = "don't fragment bit"
workstation_ip = "Workstation IP"
workstation_mac_address = "Workstation MAC address"
mib_tree = "MIB tree"
community_string = "Community string"
pf_tos = "TOS"
icmp_message = "ICMP message"
# sonic_wall
ipscat = "IPS type"
ipspri = "IPS danger level"
ssid = "SSID"
channel = "channel"
detection_device = "detection device"
detection_reason = "detection reason"
virus_action = "virus action"
usr = "user"
# dans_guardian29
filter_category = "filter category"
filter_group_number = "filter group number"
phrase_score = "weighted phrase score"
# siteminder_policy_server
response_time2 = "response time"
response_time3 = "response time"
# metavante_ceb_failed_logins
first_name = "first name"
last_name = "last name"
failure_reason = "failure reason"
login_status = "login status"
customer_id = "customer ID"
bank_number = "bank number"
# iissmtpW3_c
disconnections = "disconnections"
# apache_custom
visitors_per_download = "visitors per download"
# forti_gate
new_act = "new action"
new_daddr = "new destination address"
new_dintf = "new destination interface"
new_log = "new log"
new_nat = "new NAT"
new_saddr = "new source address"
new_schd = "new schedule"
new_sintf = "new source interface"
new_svr = "new server"
old_act = "old action"
old_daddr = "old destination address"
old_dintf = "old destination interface"
old_log = "old log"
old_nat = "old NAT"
old_saddr = "old source address"
old_schd = "old schedule"
old_sintf = "old source interface"
old_svr = "old server"
# isacsv
sc_authenticated = "authenticated"
s_svcname = "service name"
cs_transport = "transport"
cs_mime_type = "mime type"
s_cache_info = "cache info"
filter_info = "filter info"
cs_network = "client network"
sc_network = "server network"
error_info = "error info"
# juniper_secure_access_ssl_vpn
host_checker_policy = "host checker policy"
host_checker_status = "host checker status"
host_checker_rule = "host checker rule"
# numeric
unique_failed_users = "unique failed users"
unique_firewall_failed_users = "unique firewall failed users"
unique_av_failed_users = "unique AV failed users"
unique_os_failed_users = "unique OS failed users"
unique_system_failed_users = "unique system failed users"
unique_spyware_failed_users = "unique spyware failed users"
unique_rule_six_failed_users = "unique rule six failed users"
unique_rule_seven_failed_users = "unique rule seven failed users"
unique_rule_eight_failed_users = "unique rule eight failed users"
unique_passed_users = "unique passed users"
# tacacs_accounting
paks_in = "packets in"
paks_out = "packets out"
nas_portname = "nas portname"
task_id = "task ID"
acct_flags = "accounting flags"
# firewall1_ng
# status = "Status"
# date = "Date"
# time = "Time"
# product = "Product"
# interface = "Interface"
# origin = "Origin"
# type = "Type"
# action = "Action"
# service = "Service"
# source = "Source"
# destination = "Destination"
# protocol = "Protocol"
# rule = "Rule"
nat_rule_number = "NAT rule number"
nat_additional_rule_number = "NAT additional rule number"
ipv6_source = "IPv6 Source"
ipv6_destination = "IPv6 Destination"
# source_port = "Source Port"
# user = "User"
# source_key_id = "Source Key ID"
# destination_key_id = "Destination Key ID"
attack_name = "Attack Name"
source_ip_phone = "Source IP-phone"
destination_ip_phone = "Destination IP-phone"
# media_type = "Media Type"
registered_ip_phones = "Registered IP-phones"
# elapsed = "Elapsed"
# bytes = "Bytes"
# xlatesrc = "XlateSrc"
# xlatedst = "XlateDst"
# xlatesport = "XlateSPort"
## xlatedport = "XlateDPort"
client_inbound_interface = "Client Inbound Interface"
client_outbound_interface = "Client Outbound Interface"
server_inbound_interface = "Server Inbound Interface"
client_inbound_bytes = "Client Inbound Bytes"
client_outbound_bytes = "Client Outbound Bytes"
server_inbound_bytes = "Server Inbound Bytes"
server_outbound_bytes = "Server Outbound Bytes"
client_inbound_packets = "Client Inbound Packets"
client_outbound_packets = "Client Outbound Packets"
server_inbound_packets = "Server Inbound Packets"
server_outbound_packets = "Server Outbound Packets"
client_inbound_diffserv = "Client Inbound DiffServ"
client_outbound_diffserv = "Client Outbound DiffServ"
server_inbound_diffserv = "Server Inbound DiffServ"
server_outbound_diffserv = "Server Outbound DiffServ"
client_in_rule_match = "Client In rule match"
client_out_rule_match = "Client Out rule match"
server_in_rule_match = "Server In rule match"
server_out_rule_match = "Server Out rule match"
sub_service = "Sub Service"
encryption_scheme = "Encryption Scheme"
vpn_peer_gateway = "VPN Peer Gateway"
ike_initiator_cookie = "IKE Initiator Cookie"
ike_responder_cookie = "IKE Responder Cookie"
ike_phase2_message_id = "IKE Phase2 Message ID"
encryption_methods = "Encryption Methods"
# partner = "Partner"
# community = "Community"
source_gateway = "Source Gateway"
destination_gateway = "Destination Gateway"
estimation = "Estimation"
wire_byte_sec_out = "Wire Byte/Sec Out"
wire_byte_sec_in = "Wire Byte/Sec in"
wire_packet_sec_out = "Wire Packet/Sec Out"
wire_packet_sec_in = "Wire Packet/Sec in"
application_byte_sec_out = "Application Byte/Sec Out"
application_byte_sec_in = "Application Byte/Sec in"
application_packet_sec_out = "Application Packet/Sec Out"
application_packet_sec_in = "Application Packet/Sec in"
bw_loss = "BW Loss, %"
rtt__ms = "RTT, ms"
cir__bps = "CIR, Bps"
bw_loss_threshold = "BW Loss Threshold, %"
rtt_threshold__ms = "RTT Threshold, ms"
cir_threshold__bps = "CIR Threshold, Bps"
sla_violation = "SLA Violation"
virtual_link = "Virtual Link"
sample_id = "Sample ID"
# packets = "Packets"
# start_time = "Start Time"
# session_id = "Session ID"
ua_session_id = "UA Session Id"
display_name = "Display Name"
# id_source = "ID Source"
# url = "URL"
# operation = "Operation"
encryption_type = "Encryption Type"
end_to_end_encryption = "End to End Encryption"
sso_type = "SSO Type"
# application_name = "Application Name"
auth_domain = "Auth Domain"
users_ip = "User's IP"
redirect_url = "Redirect URL"
headers_inserted_removed = "Headers inserted/removed"
ua_auth_result = "UA Auth result"
request_result = "Request Result"
redirection_destination = "Redirection destination"
# comment = "Comment"
gtp_version = "GTP Version"
gtp_message_type = "GTP Message Type"
tunnel_id = "Tunnel ID"
teid_sig_up = "TEID Sig Up"
teid_sig_down = "TEID Sig Down"
mobile_country_code = "Mobile Country Code"
mobile_network_code = "Mobile Network Code"
ms_identification_number = "MS Identification Number"
ms_isdn = "MS-ISDN"
apn = "APN"
end_user_ip_address = "End User IP Address"
sgsn_for_signal = "SGSN for Signal"
sgsn_for_traffic = "SGSN for Traffic"
ggsn_for_signal = "GGSN for Signal"
ggsn_for_traffic = "GGSN for Traffic"
selection_mode = "Selection Mode"
nsapi = "NSAPI"
linked_nsapi = "Linked NSAPI"
# information = "Information"
reject_id = "Reject ID"
attack_information = "Attack Information"
rule_uid = "Rule UID"
# rule_name = "Rule Name"
current_rule_number = "Current Rule Number"
subproduct = "Subproduct"
vpn_feature = "VPN Feature"
# category = "Category"
access = "Access"
user_group = "User Group"
# application = "Application"
outgoing_url = "Outgoing URL"
authentication_method = "Authentication Method"
malware_name = "Malware Name"
malware_type = "Malware Type"
fs_protocol = "FS Protocol"
authentication_status = "Authentication Status"
# description = "Description"
anti_virus = "Anti Virus"
end_user_firewall = "End User Firewall"
isb = "ISB"
ics_scan = "ICS Scan"
endpoint_id = "Endpoint ID"
# user_name = "User Name"
# domain = "Domain"
# policy = "Policy"
# version = "Version"
# event_type = "Event Type"
user_directory = "User Directory"
# user_group = "User Group"
file_direction = "File Direction"
scanned_file_name = "Scanned File name"
scan_result = "Scan Result"
# virus_name = "Virus Name"
file_origin = "File Origin"
update_status = "Update Status"
signature_version = "Signature Version"
update_source = "Update Source"
subscription_expiration = "Subscription Expiration"
# file_type = "File Type"
end_user_ipv6_address = "End User IPv6 Address"
radio_access_type = "Radio Access Type"
mobile_user_location = "Mobile User Location"
mobile_subscriber_time_zone = "Mobile Subscriber Time Zone"
international_mobile_equipment_identifier = "International Mobile Equipment Identifier"
unique_sources = "unique sources"
# spamd
scantime = "scan time"
required_score = "required score"
rhost = "remote host"
raddr = "remote address"
rport = "remote port"
autolearn = "auto learn status"
score = "score"
rules = "rules"
spam_status = "spam status"
average_scan_time = "average scan time"
average_message_score = "average message score"
# ichain
c_version = "client version"
cs_authname = "client username"
# aladdin_esafe_sessions_log_v5
decision_by = "decision maker"
extended_result = "extended result"
vlan = "VLAN"
# limelight_flash_media_server
x_cpu_load = "cpu load"
x_mem_load = "memory load"
x_adaptor = "adapter"
x_vhost = "vHost"
x_appinst = "appinst"
x_suri_query = "suri query"
x_suri = "sURL"
x_file_name = "file name"
cs_stream_bytes = "client-to-server stream bytes"
x_service_name = "service name"
x_sc_qos_bytes = "server QOS bytes"
# microsoft_isa_w3c
rule_1 = "first rule"
rule_2 = "second rule"
param_1 = "first parameter"
param_2 = "second parameter"
ip_header = "IP header"
filter_rule = "filter rule"
filterinfo = "filter info"
# net_continuum
application_ip = "application IP"
application_port = "application port"
attack_description = "attack description"
# sun_one_directory_server_audit
changetype = "change type"
newrdn = "new RDN"
deleteoldrdn = "old RDN deletion"
operand = "operand"
changed_value = "changed value"
# given_name = "given name"
# mail = "email address"
# sn = "SN"
operation_operand = "Operation/Operand"
# vbrick_ethernetv_portal_server
x_type = "stream type"
x_ip = "source IP"
broadcast_type = "broadcast type"
# iisweb
broken_link = "broken link"
# oracle_audit
oracle_release = "oracle release"
entry_id = "entry ID"
statement = "statement"
obj_creator = "object creator"
obj_name = "object name"
ses_actions = "session actions"
ses_tid = "session thread ID"
os_user_id = "OS user ID"
audit_file = "audit file"
jserver_release = "JServer release"
oracle_home = "oracle home"
system_name = "system name"
oracle_node_name = "node name"
release = "release"
instance_name = "instance name"
redo_thread = "redo thread"
oracle_pid = "oracle process ID"
unix_pid = "unix process ID"
oracle_image = "image"
database_user = "database user ID"
# iisweb_breach
rbl_num_proxies = "number of proxies"
rbl_num_spam = "number of spam"
rbl_num_unknowns = "number of unknowns"
rbl_num_responded = "number responded"
# dovecot_pop_imap
rip = "remote IP"
lip = "local IP"
top = "TOP"
retrieve = "RETR"
del = "DELE"
# aruba_wireless_switch
sta_mac_address = "STA mac address"
sta_ip = "STA IP"
ap_ip = "AP IP"
ap_mac_address = "AP IP"
location_id = "location ID"
auth_alg = "authentication algorithm"
u_encr = "unicast encryption"
m_encr = "multicast encryption"
bssid = "BSSID"
essid = "ESSID"
slotport = "slot port"
ingress = "ingress"
tunnel = "tunnel"
etype = "etype"
vlan_current = "current VLAN"
vlan_defined = "defined VLAN"
vlan_assigned = "assigned VLAN"
maximum_users = "maximum users"
unique_sta_mac_addresses = "unique STA mac addresses"
switch_ip = "switch IP"
reauth = "reauth"
update = "update"
debug_query = "debug query"
# dorian_event_archiver
user_whose_credentials_were_used = "credentialed user"
target_logon_guid = "target logon GUID"
target_server_info = "target server info"
target_server_name = "target server name"
target_user_name = "target user name"
# wowza_media_server_pro
x_sname = "stream name"
x_severity = "severity"
x_stream_id = "stream ID"
sc_bytes = "server-to-client bytes"
cs_bytes = "client-to-server bytes"
sc_stream_bytes = "server-to-client stream bytes"
cs_stream_bytes = "client-to-server stream bytes"
stream_duration = "stream duration"
session_duration = "session duration"
duration_per_sessions = "duration per session"
duration_per_stream = "duration per stream"
publish_duration = "publish duration"
play_duration = "play duration"
pause_duration = "pause duration"
# sendmail_nt
qid = "QID"
# microsoft_exchange_2007_csv
connector_id = "connector ID"
entered_org_from_ip = "entered org from IP"
internal_message_id = "internal message ID"
local_endpoint = "local endpoint"
p1_from_address = "P1 from address"
p2_from_addresses = "P2 from addresses"
reason_data = "reason data"
recipient_count = "recipient count"
recipient_status = "recipient status"
related_recipient_address = "related recipient address"
remote_endpoint = "remote endpoint"
smtp_response = "smtp response"
source_context = "source context"
directionality = "directionality"
tenant_id = "tenant ID"
original_client_ip = "original client IP"
original_server_ip = "original server IP"
custom_data = "custom data"
# hmailserver_smtp
spam_sender_address = "Spammer address"
spam_sender_ip = "Spammer IP"
spam_reject_reason = "Spam reject reason"
# jataayu_carrier_wap_server
client_msisdn = "client MSISDN"
bearer = "bearer"
# numeric
response_bytes = "response bytes"
round_trip_time = "round trip time"
# cisco_waas_tcp_proxy
pass_through_reason = "Pass through reason"
wae_peer_id = "WAE peer id"
wae_ip = "WAE IP"
our_policy = "our policy"
peer_policy = "peer policy"
final_policy = "final policy"
#latency = "latency"
non_optimized_read_queue_latency = "non-optimized read queue latency"
non_optimized_dre_latency = "non-optimized dre latency"
non_optimized_write_queue_latency = "non-optimized write queue latency"
optimized_read_queue_latency = "optimized read queue latency"
optimized_dre_latency = "optimized dre latency"
optimized_write_queue_latency = "optimized write queue latency"
tcp_rst_reason = "TCP RST reason"
app_map_name = "application map name"
app_name = "application name"
app_classifier_name = "Application classifier name"
cfgd_policy = "CFGD policy"
drvd_policy = "DRVD policy"
tfo_reject_reason = "TFO reject reason"
ao_cfgd_policy = "AO CFGD policy"
ao_drvd_policy = "AO DRVD policy"
ao_final_policy = "AO final policy"
ao_reject_reason = "AO reject reason"
ssl_reject_reason = "SSL reject reason"
dirm = "DIRM"
applied_policy = "applied policy"
# special report
maximum_concurrent_connections = "Maximum concurrent connections by Date/Time"
# numeric
non_optimized_bytes_read = "Non-optimized bytes read"
optimized_bytes_written = "Optimized bytes written"
optimized_bytes_read = "Optimized bytes read"
non_optimized_bytes_written = "Non-optimized bytes written"
bytes_passed_through = "Bytes passed through"
concurrent_connections = "concurrent connections"
connections_started = "Connections started"
connections_ended_ot = "Connections ended (OT)"
connections_ended_sodre = "Connections ended (SODRE)"
pass_throughs = "Pass throughs"
# anti_spam_smtpproxy
resulttag = "result tag"
#source_ip = "source IP"
#sender = "sender"
#recipient = "recipient"
#comment = "comment"
#subject = "subject"
collection_filename = "collection filename"
#message_type = "message type"
whitelist_addition = "whitelist addition"
unchecked_recipient = "unchecked recipient"
immediate_disconnects = "immediate disconnects"
comment_trail = "comment trail"
# netstat
#protocol = "protocol"
#local_address = "local address"
#local_port = "local port"
foreign_address = "foreign address"
foreign_port = "foreign port"
#state = "state"
#pid = "PID"
#service_name = "service name"
##executable = "executable"
recv_q = "receive queue"
send_q = "send queue"
#program_name = "program name"
refcnt = "reference count"
flags = "flags"
#type = "type"
inode = "inode"
#path = "path"
# unix_daemon_messages
daemon_message = "daemon message"
# fortinet_syslog_required
wttime = "time"
# citrix_netscaler
application_type = "application type"
validation_type = "validation type"
nat_ip = "NAT IP"
delink_time = "delink time"
total_bytes_send = "total bytes sent"
total_bytes_recv = "total bytes received"
sslvpn_client_type = "SSLVPN client type"
http_resources_accessed = "HTTP resources accessed"
nonhttp_resources_accessed = "non-HTTP resources accessed"
total_tcp_connections = "total TCP connections"
total_udp_flows = "total UDP flows"
total_policies_allowed = "total policies allowed"
total_policies_denied = "total policies denied"
# firepass_ssl_vpn
valid = "valid status"
passed = "passed status"
session_status = "session status"
interface_ip = "interface IP"
# bomgar_box
segment_number = "segment number"
total_segments = "total segments"
site = "site"
who = "who"
who_ip = "who IP"
target = "target"
disabled = "disabled"
display_number = "display number"
perm_admin = "perm admin"
perm_view_reports = "perm view reports"
reset_password = "reset password"
password_expiry = "password expiry"
password_never_expires = "password never expires"
security_question = "security question"
security_answer = "security answer"
failed_login_attempts = "failed login attempts"
account_expiry = "account expiry"
comments = "comments"
perm_edit_public_template = "perm edit public template"
perm_edit_public_file_store = "perm edit public file store"
perm_edit_canned_messages = "perm edit canned messages"
perm_edit_sd_teams = "perm edit sd teams"
perm_change_display_name = "perm change display name"
perm_show_on_public_list = "perm show on public list"
perm_sd_allowed = "perm sd allowed"
perm_sd_ss_control = "perm sd ss control"
perm_sd_reverse_connect = "perm sd reverse connect"
perm_sd_file_transfer = "perm sd file transfer"
perm_sd_remote_shell = "perm sd remote shell"
perm_sd_system_info = "perm sd system info"
perm_sd_prompt_ss = "perm sd prompt ss"
perm_sd_prompt_file_transfer = "perm sd prompt file transfer"
perm_sd_prompt_remote_shell = "perm sd prompt remote shell"
perm_sd_prompt_system_info = "perm sd prompt system info"
perm_sd_ss_request = "perm sd ss request"
perm_sd_push = "perm sd push"
perm_sd_push_timeout = "perm sd push timeout"
perm_pd_allowed = "perm pd allowed"
h_default_answer = "h default answer"
created_date = "created date"
prompt_remote_shell = "prompt remote shell"
new_failed_login_attempts = "new failed login attempts"
new_password_expiry = "new password expiry"
new_password = "new password"
new_perm_change_display_name = "new perm change display name"
new_perm_sd_push = "new perm sd push"
new_password_never_expires = "new password never expires"
old_disabled = "old disabled"
old_display_number = "old display number"
old_display_name = "old display name"
old_password = "old password"
old_reset_password = "old reset password"
old_password_expiry = "old password expiry"
old_password_never_expires = "old password never expires"
old_security_question = "old security question"
old_security_answer = "old security answer"
old_failed_login_attempts = "old failed login attempts"
old_account_expiry = "old account expiry"
old_comments = "old comments"
old_username = "old username"
old_perm_admin = "old perm admin"
old_perm_view_reports = "old perm view reports"
old_perm_edit_public_template = "old perm edit public template"
old_perm_edit_public_file_store = "old perm edit public file store"
old_perm_edit_canned_messages = "old perm edit canned messages"
old_perm_edit_sd_teams = "old perm edit sd teams"
old_perm_change_display_name = "old perm change display name"
old_perm_show_on_public_list = "old perm show on public list"
old_perm_sd_allowed = "old perm sd allowed"
old_perm_sd_ss_control = "old perm sd ss control"
old_perm_sd_reverse_connect = "old perm sd reverse connect"
old_perm_sd_file_transfer = "old perm sd file transfer"
old_perm_sd_remote_shell = "old perm sd remote shell"
old_perm_sd_system_info = "old perm sd system info"
old_perm_sd_prompt_ss = "old perm sd prompt ss"
old_perm_sd_prompt_file_transfer = "old perm sd prompt file transfer"
old_perm_sd_prompt_remote_shell = "old perm sd prompt remote shell"
old_perm_sd_prompt_system_info = "old perm sd prompt system info"
old_perm_sd_ss_request = "old perm sd ss request"
old_perm_sd_push = "old perm sd push"
old_perm_sd_push_timeout = "old perm sd push timeout"
old_perm_sd_push_default_answer = "old perm sd push default answer"
old_perm_pd_allowed = "old perm pd allowed"
old_created_date = "old created date"
# critical_path_pop_imap
msgsretr = "msg retrieved"
nfetched = "fetched"
nstored = "stored"
rxbytes = "receive bytes"
txave = "transmit ave"
txbytes = "transmit bytes"
txtime = "transmit time"
mailboxsize = "mailbox size"
commands = "commands"
capacity = "capacity"
# cisco_ips
sensor = "sensor"
received_time = "received time"
event_utc_time = "event utc time"
event_local_time = "event local time"
sig_id = "sig id"
src_address = "source address"
variable = "variable"
dst_address = "destination address"
virtual_sensor = "virtual sensor"
risk_rating = "risk rating"
threat_rating = "threat rating"
alarm_status = "alarm status"
# sophos_web_appliance
request_time_microseconds = "request time (us)"
request_time_seconds = "request time (s)"
access_checks_time = "access checks time"
file_typing_time = "file typing time"
remote_host = "remote host"
action_code = "action code"
matched_uri_category = "matched URL category"
antivirus_engine_version = "antivirus engine version"
antivirus_data_version = "antivirus data version"
uri_list_version = "URI list version"
http_request_string = "HTTP request string"
filetype_category = "filetype category"
policy_rule_id = "policy rule ID"
src_cat = "source category"
# nortel_acd
#queue_id = ""
agent_hours = "agent hours"
agents_logged_in = "agent logged in hours"
calls_answered = "calls answered"
time_busy = "time busy"
time_manned = "time manned"
calls_abandoned = "calls abandoned"
wait_answered = "wait for answered calls"
wait_abandoned = "wait for abandoned calls"
agent_id = "agent ID"
agent_calls_answered = "calls answered (agent)"
agent_time_busy = "time busy (agent)"
agent_time_manned = "time manned (agent)"
avg_agent_time_busy = "time busy (agent/hour)"
avg_agent_time_manned = "time manned (agent/hour)"
tsf = "TSF"
average_tsf = "TSF (average)"
total_with_tsf = "#TSF"
dn_inc = "DN Incoming"
time_inc = "Time Incoming"
dn_out = "DN Outgoing"
time_out = "Time Outgoing"
xfer_idn = "#Transferred IDN"
xfer_acd = "#Transferred ACD"
average_speed_of_answer = "average speed of answer"
# unreal_media_server
delivery_protocol = "delivery protocol"
user_type = "user type"
concurrent_accesses = "concurrent accesses"
# special report
maximum_concurrent_accesses = "Maximum concurrent views by Date/Time"
# gene6_ftp_w3c
uploads = "uploads"
downloads = "downloads"
# mcafee_secure_messaging_gateway
convid = "conv ID"
# snare_oracle_listener
log_source = "log source"
# forti_gate_comma_sep
adgroup = "active directory group"
devname = "device name"
# For customer profile for Graham Smith
grouped_referrer = "grouped referrer"
# asp_email
dns_server = "DNS server"
full_server_response = "full server response"
# tipping_point_sms
action_type = "action type"
signature_uuid = "signature UUID"
signature_number = "signature number"
signature_protocol = "signature protocol"
source_zone_name = "source zone name"
destination_zone_name = "destination zone name"
incoming_physical_port = "incoming physical port"
device_segment = "device segment"
taxonomy_id = "taxonomy ID"
# autodesk_network_license_manager
department = "department"
license_server_name = "license server name"
license_server_mac_address = "license server MAC address"
product_name = "product name"
maximum_concurrent_users = "maximum concurrent users"
license_activation_date = "license activation date"
product_serial_number = "product serial number"
product_information = "product information"
authentication_server = "server information"
denial_by_product = "authentication failures"
denial_by_hour_of_day = "authentication failures / hour"
authentication_by_department = "authentication by department"
authentication_by_user = "authentication by user"
authentication_by_product = "authentication by product"
user_by_department = "user by department"
# windows_2003_dns
flags_hex = "hex flag"
# imail
messages_forwarded = "bytes forwarded"
bytes_forwarded = "bytes forwarded"
relay_host = "relay host"
# astaro_security_gateway
fwrule = "firewall rules"
initf = "interface"
dstmac = "destination MAC address"
srcmac = "source MAC address"
srcsvc = "source service"
dstsvc = "destination service"
firewall_events = "firewall events"
statuscode = "status code"
filteraction = "filter action"
categoryname = "category name"
# web_star_proxy
unique_hosts = "unique hosts"
# symantec_mail_security
returned_disposition = "returned disposition"
policy_query = "policy query"
filtering_policy_name = "filtering policy name"
# defensepro
packet_count = "packet count"
packet_bandwidth = "packet bandwidth"
physical_port = "physical port"
radware_attack_id = "Radware attack ID"
radware_id = "Radware ID"
vlan_tag = "VLAN tag"
rpls_rd = "RPLS RD"
rpls_tag = "RPLS tag"
context = "context"
# iis_odbc
bytesrecvd = "bytes received"
bytessent = "bytes sent"
processingtime = "processing time"
clienthost = "client host"
logtime = "log time"
servicestatus = "service status"
win32status = "win32 status"
target = "target"
# sawmill_tagging_server
client_ip_from_server = "client IP"
client_screen_dimensions = "screen dimensions"
client_screen_depth = "screen depth"
# mcafee_secure_messaging_gateway
convid = "conv ID"
# snare_oracle_listener
log_source = "log source"
# forti_gate_comma_sep
adgroup = "active directory group"
devname = "device name"
fw_pri = "firewall priority"
# For customer profile for Graham Smith
grouped_referrer = "grouped referrer"
# asp_email
dns_server = "DNS server"
full_server_response = "full server response"
# tipping_point_sms
action_type = "action type"
signature_uuid = "signature UUID"
signature_number = "signature number"
signature_protocol = "signature protocol"
source_zone_name = "source zone name"
destination_zone_name = "destination zone name"
incoming_physical_port = "incoming physical port"
device_segment = "device segment"
taxonomy_id = "taxonomy ID"
# autodesk_network_license_manager
department = "department"
license_server_name = "license server name"
license_server_mac_address = "license server MAC address"
product_name = "product name"
maximum_concurrent_users = "maximum concurrent users"
license_activation_date = "license activation date"
product_serial_number = "product serial number"
product_information = "product information"
authentication_server = "server information"
denial_by_product = "authentication failures"
denial_by_hour_of_day = "authentication failures / hour"
authentication_by_department = "authentication by department"
authentication_by_user = "authentication by user"
authentication_by_product = "authentication by product"
user_by_department = "user by department"
# windows_2003_dns
flags_hex = "hex flag"
# imail
messages_forwarded = "bytes forwarded"
bytes_forwarded = "bytes forwarded"
relay_host = "relay host"
# astaro_security_gateway
fwrule = "firewall rules"
initf = "interface"
dstmac = "destination MAC address"
srcmac = "source MAC address"
srcsvc = "source service"
dstsvc = "destination service"
firewall_events = "firewall events"
statuscode = "status code"
filteraction = "filter action"
categoryname = "category name"
# web_star_proxy
unique_hosts = "unique hosts"
# symantec_mail_security
returned_disposition = "returned disposition"
policy_query = "policy query"
filtering_policy_name = "filtering policy name"
# defensepro
packet_count = "packet count"
packet_bandwidth = "packet bandwidth"
physical_port = "physical port"
radware_attack_id = "Radware attack ID"
radware_id = "Radware ID"
vlan_tag = "VLAN tag"
rpls_rd = "RPLS RD"
rpls_tag = "RPLS tag"
context = "context"
# watchguard_firebox_xcore_eseries
msg_id = "message ID"
dst_intf = "destination interface"
app_beh_name = "application behavior"
# ias
ms_ras_client_name = "RAS Client Name"
# common_access
time_stamp = "timestamp"
# nokia_ip350_checkpoint_ng
# nat_addtnl_rulenum = "NAT additional rule number"
# nat_rulenum = "NAT rule number"
# firewall1_fw_log_ftn_export
smart_defense = "SmartDefense"
# linksys_vpn_router
unique_destination_ips = "unique destination IPs"
# firewall1_fw_log_ftn_export
smart_defense = "SmartDefense"
# palo_alto_networks_firewall_traffic
#serial = ""
#subtype = ""
config_ver = "config version"
config_version = "config version"
#src = ""
#dst = ""
natsrc = "NAT source"
natdst = "NAT destination"
#rule = ""
srcuser = "source user"
dstuser = "destination user"
source_user = "source user"
source_zone = "source zone"
destination_user = "destination user"
destination_zone = "destination zone"
elapsed_time__sec = "elapsed time"
generate_time = "generate time"
#app = ""
vsys = "vsys"
#from = ""
#to = ""
inbound_if = "inbound interface"
outbound_if = "outbound interface"
logset = "log set"
log_setting = "log setting"
padding = "padding"
receive_time = "receive time"
time_received = "received time"
time_logged = "logged time"
virtual_system = "virtual system"
#sessionid = ""
#sport = ""
#dport = ""
natsport = "NAT source port"
natdport = "NAT destination port"
#flags = ""
#proto = ""
#action = ""
#bytes = ""
#bytes_sent = ""
#bytes_received = ""
#packets = ""
start = "start"
#elapsed = ""
#category = ""
repeatcnt = "repeat count"
threat_content_type = "threat content type"
# whg
sip = "source IP"
dip = "destination IP"
# win2_kperfmon
current_connected_players = "current connected players"
current_player_allocated_bandwidth__kbps = "current player allocated bandwidth (kbps)"
current_streaming_players = "current streaming players"
peak_connected_players = "peak connected players"
peak_streaming_players = "peak streaming players"
total_player_bytes_sent = "total player bytes sent"
# mime_sweeper
x_req_size = "request size"
x_user = "user"
# pure_ftp_syslog_required
kilobytes_per_second = "KB per second" # kb_per_second might be kilobits
# openfire_im
message_body = "message body"
message_from = "from"
message_id = "message ID"
message_thread = "thread ID"
message_to = "to"
#message_type = "message type"
jive_packet_status = "status"
jive_packet_streamid = "stream ID"
threads = "threads"
streams = "streams"
# sa_netscreen_syslog
bytestotal = "bytes total"
# aix_cpu_utilization
usr_percent = "user percentage"
sys_percent = "system percentage"
wio_percent = "I/O wait percentage"
idle_percent = "idle percentage"
# isa_odbc
clientusername = "client username"
clientauthenticate = "client authenticate"
clientagent = "client agent"
uri = "URI"
mimetype = "mime type"
desthostip = "dest host IP"
desthostport = "dest host port"
srcnetwork = "SRC network"
dstnetwork = "DST network"
authenticationserver = "authentication server"
referredserver = "referred server"
objectsource = "object source"
resultcode = "result code"
cacheinfo = "cache info"
errorinfo = "error info"
# gta_gbware
cat_site = "site category"
# barracuda_waf_audit
admin_name = "Admin name"
login_ip = "Login IP"
login_port = "Login port"
transaction_type = "Transaction type"
command_name = "Command name"
change_type = "Change type"
old_value = "Old value"
new_value = "New value"
additional_data = "Additional data"
# shoutcast18
unique_destinations = "unique destinations"
player = "player"
# talkback
remote_addr = "remote address"
log_format = "log format"
syslog_format = "syslog format"
autodetect_formats = "autodetect formats"
log_source_types = "log source types"
database_type = "database type"
arch = "arch"
unique_ip = "unique IP"
log_entries_accepted = "log entries accepted"
build_error = "build error"
build_duration = "build duration"
# coradiant_truesight_data_objects
x_cs_post = "client to server post"
x_first_public_ip = "first public IP"
x_first_public_ip_source = "first public IP source"
x_client_aborted = "client aborted"
x_server_aborted = "server aborted"
x_client_timed_out = "client timed out"
x_server_timed_out = "server timed out"
x_extension = "extension"
x_errors = "errors"
x_info = "info"
x_peripheral_traffic = "peripheral traffic"
x_session_request_tags_found_list = "session request tags found"
x_session_response_tags_found_list = "session response tags found"
x_session_tags_used_list = "session tags used"
x_stateless = "stateless"
x_matching_a_session_tag_locator = "matching a session tag locator"
x_missing_x_forwarded_for_session_tag_locator = "missing X-Forwarded-For session tag locator"
x_session_tags_collision_list = "session tags collision"
x_session_tag_multi_value = "session tag multi value"
x_session_tag_collision = "session tag collision"
x_session_tag_group_collision = "session tag group collision"
x_custom_gzip = "custom gzip"
x_custom_usernamepw = "custom usernamepw"
x_custom_pw_username = "custom pw username"
x_historical_custom_fields = "historical custom fields"
x_tcp_packet_count = "TCP packet count"
x_nw_info_count = "NW info count"
x_cl_info_count = "CL info count"
x_sv_info_count = "SV info count"
x_ap_info_count = "AP info count"
x_ct_info_count = "CT info count"
x_cu_info_count = "CU info count"
} # field_labels
item_descriptions = {
ip_address = "IP Address"
no_referrer = "(no referrer)"
no_search_phrase = "(no search phrase)"
no_search_engine = "(no search engine)"
no_file_type = "(no type)"
no_spider = "(not a spider)"
no_worm = "(not a worm)"
spider = "(spider)"
not_an_url = "(unknown--not a URL)"
unknown_browser = "unknown (possible spider)"
unknown_os = "unknown"
unspecified_browser = "unspecified"
unspecified_os = "unspecified"
not_an_ip = "(unavailable-- not an IP)"
screen_info = "(screen info)"
screen_depth = {
1 = "1 bit (black/white only; no gray)"
2 = "2 bit (4 colors)"
4 = "4 bit (16 colors)"
8 = "8 bit (256 colors)"
16 = "16 bit (near full color)"
24 = "24 bit (full color)"
32 = "32 bit (full color)"
} # screen_depth
} # item_descriptions
graph = {
bar_chart_title = "Graph of $numerical_field_label by $discrete_field_label"
bar_chart_numerical_field_label = "{=capitalize(numerical_field_label)=}"
bar_chart_multiplier_note = "x $multiplier"
bar_chart_discrete_field_label = "{=capitalize(discrete_field_label)=}"
remaining_items = "$param1 other items"
hour_labels = {
0 = "M"
1 = "1am"
2 = "2am"
3 = "3am"
4 = "4am"
5 = "5am"
6 = "6am"
7 = "7am"
8 = "8am"
9 = "9am"
10 = "10am"
11 = "11am"
12 = "N"
13 = "1pm"
14 = "2pm"
15 = "3pm"
16 = "4pm"
17 = "5pm"
18 = "6pm"
19 = "7pm"
20 = "8pm"
21 = "9pm"
22 = "10pm"
23 = "11pm"
} # hour_labels
} # graph
geoip = {
unknown_country = "(unknown country)"
unknown_region = "(unknown region)"
unknown_city = "(unknown city)"
unknown_organization = "(unknown organization)"
unknown_isp = "(unknown ISP)"
unknown_domain = "(unknown domain)"
} # geoip
overview = {
label = "Overview"
date_label = "Start/End date:"
days_covered_label = "Days covered:"
all_days_label = "All days"
average_per_day_label = "Average per day"
not_a_report_field_warning = "Not a report field!"
}
miscellaneous = {
default_page = "(default page)"
directory = "directory"
directories = "directories"
days = "Days"
years_months_days = "Years/months/days"
pages_directories = "Pages/directories"
}
table = {
total_label = "Total"
subtotal_label = "Sub total"
average_label = "Average"
min_label = "Min"
max_label = "Max"
average_header_tag = "Average"
cutoff_remainder_row_label = "$param1 other items"
reloading_reports_page = "Reloading reports page, please wait."
} # table
menu = {
groups = {
department_group = "Department Group"
traffic_group = "Traffic"
date_time_group = "Date and time"
content_group = "Content"
referrer_group = "Referrers"
visitor_demographics_group = "Visitor demographics"
user_demographics_group = "User demographics"
visitor_systems_group = "Visitor systems"
user_systems_group = "User systems"
technical_group = "Technical"
sessions_group = "Sessions"
accounting_group = "Process accounting"
account_group = "Account"
server_group = "Server"
player_group = "Player"
users_group = "Users"
caching_group = "Caching"
filtering_group = "Filtering"
security_group = "Security"
chat_room_group = "Chat rooms"
source_group = "Source"
destination_group = "Destination"
translated_group = "Translated"
authentication_group = "Authentication"
actions_group = "Actions"
processes_group = "Processes"
other_group = "Other"
stream_information_group = "Stream information"
client_information_group = "Client information"
tcp_flags_group = "TCP flags"
tcp_group = "TCP"
snmp_group = "SNMP"
icmp_group = "ICMP"
ntp_group = "NTP"
dns_group = "DNS"
startup_shutdown_group = "Startup/Shutdown"
connections_group = "Connections"
packet_logging_group = "Packet Logging"
dhcp_group = "DHCP"
netcon_group = "NetCon"
all_sites_group = "All Sites"
overview_group = "Overview"
failed_logins_group = "Failed Logins"
logins_group = "Logins"
top_hours_group = "Top Hours"
weekdays_group = "Weekdays"
av_group = "AntiVirus"
ip_filter = "IP Filter"
event_group = "Event Log"
partner_group = "Partner"
meta_group = "Meta"
# autodesk_network_license_manager
product_information_group = "Product Information"
information_group = "Information"
authentication_group = "Authentication"
date_time_reports_group = "Date / Time Reports"
# cisco_waas_tcp_proxy
results_group = "Results"
# trend_micro_control_manager
viruses_group = "Viruses"
spyware_group = "Spyware"
email_content_security_group = "Email Content Security"
web_security_group = "Web Security"
admin_group = "Admin"
# interscan_web_security_suite
url_filtering_group = "URL Filtering"
executive_group = "Executive"
# terraplay groups
session_group = "Session"
client_group = "Client"
# ias_csv
tunnel_group = "Tunnel"
# microsoft_exchange2000
sender_group = "Sender"
recipient_group = "Recipient"
message_group = "Message"
# tfs_mailreport_extended
attachments_group = "Attachments"
policies_group = "Policies"
messages_group = "Messages"
# nortel_ssl_vpn
vpn_group = "VPN"
syslog_group = "Syslog"
# juniper_netscreen_secure_access
meeting_group = "Meetings"
# centricity_pacs
physician_group = "Physicians"
procedure_group = "Procedures"
patient_group = "Patients"
# cwat
alerts_group = "Alerts"
suspicious_events_group = "Suspicious Events"
actions_gruop = "Actions"
mail_group = "Mail"
viruses_group = "Viruses"
# tfs_mailreport_extended
attachments_group = "Attachments"
policies_group = "Policies"
messages_group = "Messages"
# cwat
alerts_by_priority_group = "Alerts by Priority"
alerts_by_usergroup_group = "Alerts by Usergroup"
alerts_by_month_group = "Alerts by Month"
# aventail_client_server_access
connect_tunnel_group = "Connect Tunnel"
backend_server_flows_group = "Backend Server Flows"
connect_proxy_group = "Connect Proxy"
# tivoli_access_manager_webseal
target_group = "Targets"
resource_group = "Resources"
outcome_group = "Outcomes"
accessor_group = "Accessors"
originator_group = "Originators"
# forti_gate
policy_change_group = "Policy Change"
# juniper_secure_access_vpn_ssl
host_checker_group = "Host Checker"
# iron_port
compliance_group = "Compliance"
resources_group = "Resources"
# sun_one_directory_server_audit
changes_group = "Changes"
# oracle_audit
system_group = "System"
# tfs_mailreport_extended
attachments_group = "Attachments"
policies_group = "Policies"
messages_group = "Messages"
# aruba_wireless_switch
ap_group = "AP"
vlan_group = "VLAN"
# microsoft_exchange_2007_csv
agent_group = "Agent"
send_receive_group = "Send/Receive"
message_tracking_group = "Message Tracking"
# bomgar_box
permissions_group = "Permissions"
main_group = "Main"
# unreal_media_server
accesses_group = "Accesses"
# cisco_pix
crypto_group = "Crypto"
} # groups
reports = {
overview = "Overview"
log_detail = "Log Detail"
sessions_overview = "Sessions Overview"
session_paths = "Sessions Paths"
session_page_paths = "Paths through a page"
entry_pages = "Entry Pages"
exit_pages = "Exit Pages"
session_pages = "Session Pages"
session_users = "Session Users"
individual_sessions = "Individual Sessions"
search_phrase_by_search_engine = "Search phrases by search engine"
chat_detail = "Chat Details"
broken_links = "Broken links"
threat_detail = "Threat Detail"
# trend_micro_control_manager
computer_name_virus = "Computer names (Virus)"
infect_source_virus = "Infect sources (Virus)"
infect_destination_virus = "Infect destinations (Virus)"
virus_virus = "Viruses (Virus)"
product_virus = "Products (Virus)"
pattern_virus = "Patterns (Virus)"
file_name_virus = "File names (Virus)"
file_path_virus = "File paths (Virus)"
first_action_virus = "First actions (Virus)"
first_action_result_virus = "First action results (Virus)"
second_action_virus = "Second actions (Virus)"
second_action_result_virus = "Second action results (Virus)"
login_user_name_virus = "Login user names (Virus)"
engine_virus = "Engines (Virus)"
computer_name_spyware = "Computer names (Spyware)"
infect_source_spyware = "Infect sources (Spyware)"
infect_destination_spyware = "Infect destinations (Spyware)"
virus_spyware = "Viruses (Spyware)"
product_spyware = "Products (Spyware)"
pattern_spyware = "Patterns (Spyware)"
file_name_spyware = "File names (Spyware)"
file_path_spyware = "File paths (Spyware)"
first_action_spyware = "First actions (Spyware)"
first_action_result_spyware = "First action results (Spyware)"
second_action_spyware = "Second actions (Spyware)"
second_action_result_spyware = "Second action results (Spyware)"
login_user_name_spyware = "Login user names (Spyware)"
engine_spyware = "Engines (Virus)"
computer_name_email_content = "Computer names (Email)"
message_id_email_content = "Message IDs (Email)"
sender_email_content = "Senders (Email)"
recipient_email_content = "Recipients (Email)"
policy_name_email_content = "Policy names (Email)"
policy_settings_email_content = "Policy settings (Email)"
action_on_content_email_content = "Action on content (Email)"
action_on_message_email_content = "Action on message (Email)"
subject_email_content = "Subject (Email)"
computer_name_web = "Computer names (Web)"
# du
filenames_directories = "Filenames/directories"
# interscan_web_security_suite
user_access = "Users (Access)"
location_access = "Countries/Regions/Cities (Access)"
domain_description_access = "Domain descriptions (Access)"
user_virus = "Users (Virus)"
location_virus = "Countries/Regions/Cities (Virus)"
domain_description_virus = "Domain descriptions (Virus)"
user_url_filtering = "Users (URL Filtering)"
location_url_filtering = "Countries/Regions/Cities (URL Filtering)"
domain_description_url_filtering = "Domain descriptions (URL Filtering)"
executive_user = "Users"
executive_domain = "Domains"
executive_blocked_url = "Blocked URLs"
executive_path = "Files"
executive_file_type = "File types"
executive_trend_category = "Trend Categories"
# zeus_g
search_phrases_by_search_engine = "Search phrases by search engine"
search_phrases_by_paid_search_engine = "Search phrases by PPCSE"
paid_search_engine = "Paid search engines"
keywords_by_se_orders = "Keywords by SE/Orders"
keywords_by_se_items = "Keywords by SE/Items"
# interscan_messaging_security_suite_integrated
attachments_by_sender = "Attachments by sender"
# aventail_client_server_access
aventail_client_server_access = {
overview = "Overview"
date_time = "Date/time"
days = "Days"
day_of_week = "Day of week"
hour_of_day = "Hour of day"
source_host = "Source host"
location = "Source location"
dest_host = "Destination host"
dest_port = "Destination port"
user_name = "Username"
auth_method = "Authentication method"
status = "Status"
realm = "Realm"
group_report = "Group"
sessions_overview = "Sessions overview"
session_users = "Session users"
individual_sessions = "Individual sessions"
connect_tunnel_overview = "Overview (CT)"
connect_tunnel_date_time = "Date/time (CT)"
connect_tunnel_days = "Days (CT)"
connect_tunnel_day_of_week = "Day of week (CT)"
connect_tunnel_hour_of_day = "Hour of day (CT)"
connect_tunnel_source_host = "Source host (CT)"
connect_tunnel_location = "Source location (CT)"
connect_tunnel_dest_host = "Destination host (CT)"
connect_tunnel_dest_port = "Destination port (CT)"
connect_tunnel_user_name = "Username (CT)"
connect_tunnel_dn = "DN (CT)"
connect_tunnel_auth_method = "Authentication method (CT)"
connect_tunnel_protocol = "Protocol (CT)"
connect_tunnel_status = "Status (CT)"
connect_tunnel_realm = "Realm (CT)"
connect_tunnel_equipment_id = "Equipment ID (CT)"
connect_tunnel_group_report = "Group (CT)"
connect_tunnel_sessions_overview = "Sessions overview (CT)"
connect_tunnel_session_users = "Session users (CT)"
connect_tunnel_individual_sessions = "Individual sessions (CT)"
connect_proxy_overview = "Overview (CP)"
connect_proxy_date_time = "Date/time (CP)"
connect_proxy_days = "Days (CP)"
connect_proxy_day_of_week = "Day of week (CP)"
connect_proxy_hour_of_day = "Hour of day (CP)"
connect_proxy_source_host = "Source host (CP)"
connect_proxy_location = "Source location (CP)"
connect_proxy_dest_host = "Destination host (CP)"
connect_proxy_dest_port = "Destination port (CP)"
connect_proxy_user_name = "Username (CP)"
connect_proxy_dn = "DN (CP)"
connect_proxy_auth_method = "Authentication method (CP)"
connect_proxy_status = "Status (CP)"
connect_proxy_realm = "Realm (CP)"
connect_proxy_equipment_id = "Equipment ID (CP)"
connect_proxy_group_report = "Group (CP)"
connect_proxy_sessions_overview = "Sessions overview (CP)"
connect_proxy_session_users = "Session users (CP)"
connect_proxy_individual_sessions = "Individual sessions (CP)"
backend_server_flows_overview = "Overview (BSF)"
backend_server_flows_date_time = "Date/time (BSF)"
backend_server_flows_days = "Days (BSF)"
backend_server_flows_day_of_week = "Day of week (BSF)"
backend_server_flows_hour_of_day = "Hour of day (BSF)"
backend_server_flows_source_host = "Source host (BSF)"
backend_server_flows_location = "Source location (BSF)"
backend_server_flows_dest_host = "Destination host (BSF)"
backend_server_flows_dest_port = "Destination port (BSF)"
backend_server_flows_user_name = "Username (BSF)"
backend_server_flows_dn = "DN (BSF)"
backend_server_flows_auth_method = "Authentication method (BSF)"
backend_server_flows_protocol = "Protocol (BSF)"
backend_server_flows_status = "Status (BSF)"
backend_server_flows_realm = "Realm (BSF)"
backend_server_flows_equipment_id = "Equipment ID (BSF)"
backend_server_flows_group_report = "Group (BSF)"
backend_server_flows_sessions_overview = "Sessions overview (BSF)"
backend_server_flows_session_users = "Session users (BSF)"
backend_server_flows_individual_sessions = "Individual sessions (BSF)"
} # aventail_client_server_access
# zyxel_firewall_welf
idp = "IDP"
anti_virus = "Anti-virus"
anti_spam = "Anti-spam"
vpn = "VPN"
web_block = "Web-block"
# ironport_sseries_full
internet_tools = "Internet Tools"
legal_liability = "Legal Liability"
productivity_loss = "Productivity Loss"
business_usage = "Business Usage"
warning_security_risks = "Warning Security Risks"
critical_security_risks = "Critical Security Risks"
bandwidth_loss = "Bandwidth Loss"
bandwidth_gain = "Bandwidth Gain"
date_time = "Date/time"
days = "Days"
day_of_week = "Day of week"
top_malware = "Top Malware ID"
malware_by_user = "Malware By User"
malware_by_client = "Malware By Client"
malware_by_category = "Malware By Category"
malware_by_site = "Malware By Site"
top_sites = "Top Sites"
top_clients = "Top Clients"
top_users = "Top Users"
top_categories = "Top Categories"
time_per_site = "Time Per Site"
time_per_client = "Time Per Client"
url_categories_problems = "URL Categories Problems"
# ironport
antispam_result = "antispam result"
antivirus_result = "antivirus result"
# cell_ips
category_detail = "category detail"
} # reports
} # menu
sessions_overview = {
label = "Sessions overview"
total_session_users = "Total session users"
total_sessions = "Total sessions"
total_session_events = "Total session events"
total_days = "Total days"
sessions_per_day = "Sessions per day"
repeat_users = "Repeat users"
sessions_by_one_time_users = "Sessions by one-time users"
sessions_by_repeat_users = "Sessions by repeat users"
one_time_users = "One-time users"
two_time_users = "Two-time users"
three_time_users = "Three-time users"
four_time_users = "Four-time users"
five_time_users = "Five-time users"
more_time_users = "Six+-time users"
average_sessions_per_user = "Average sessions per user"
median_sessions_per_user = "Median sessions per user"
total_session_duration = "Total duration of all sessions"
average_session_duration = "Average session duration"
average_accesses_per_session = "Average accesses per session"
maximum_concurrent_sessions = "Maximum concurrent sessions"
} # sessions_overview
session_pages = {
label = "Session pages"
sessions = "Sessions"
page = "Page"
events = "Events"
time_spent = "Time spent"
} # sessions_pages
session_users = {
label = "Session users"
sessions = "Sessions"
user = "User"
events = "Events"
time_spent = "Time spent"
} # sessions_users
session_paths = {
label = "Session paths"
of_sessions = "Out of $param1 sessions, ..."
started_at = "started at"
then_went_to = "then went to"
then_ended = "then ended"
more_sessions = "$sessions more sessions..."
max_number_of_rows_label = "Maximum number of rows to add upon expand"
reset_collapse_all = "Reset/Collapse All"
more_rows = "more rows"
} # sessions_pages
session_page_paths = {
label = "Paths through a page"
pages = "Pages"
show_paths_button = "Show Paths"
page_paths_page_of_label = "Of the $param1 events for $param2"
page_paths_page_is_empty_message = "Please define a page name."
page_names_lookup_label = "Page Lookup"
lookup_pages = "Lookup Pages"
page_names_lookup_search_result_label = "Page Lookup Search Result"
page_label = "Page"
from_label = "from"
no_pages_found_info = "No pages found"
page_names_lookup_search_label = "Page name or pages path contains:"
predecessor_info = "came from"
no_predecessor_info = "started at"
successor_info = "went to"
no_successor_info = "ended at"
more_rows = "more..."
n_more_pages = "$pages_remaining more pages"
n_is_unknown_page = "$page is an unknown page or there are no events on this page."
loading_info = "Loading ..."
pages_from_to_of_total_rows = "Pages $param1 - $param2 of $param3"
} # session_page_paths
individual_sessions = {
label = "Individual sessions"
session_id = "Session ID"
user = "User"
start_time = "Start Time"
end_time = "End Time"
} # individual_sessions
entry_pages = {
label = "Entry pages"
} # entry_pages
# This should be a phrase or string which dividers database field names in the name of
# multi-column report. E.g., if this is " by ", then the name of a report showing pages
# and IPs will be "page by IP". Or if this is "/", the report name will be "page/IP".
multi_column_report_divider = " by "
# Obsoleted by the line above, but here for compatibility with legacy profiles
search_phrases_by_search_engine.label = "Search phrases by search engine"
firegen_view = {
label = "FireGen™ View"
} # firegen_view
log_detail = {
label = "Log detail"
} # log_detail
single_page_summary = {
label = "Single-page Summary"
} # single_page_summary
urls_by_client_ip = {
label = "URLs by client IP"
} # urls_by_client_ip
exit_pages = {
label = "Exit pages"
} # exit_pages
# This specifies the divider to use between three-digit groups in large integers,
# and the divider to use between the integer and decimal (fractional) portion of numbers.
# For instance, with thousands_divider="," and decimal_divider=".", 1 million divided by three
# would be represented as 333,333.333 (to three decimal points).
# With thousands_divider="." and decimal_divider=",", 1 million divided by three
# would be represented as 333.333,333 (to three decimal points).
numbers = {
thousands_divider = ","
decimal_divider = "."
}
# These are the rules that we use to pluralize words.
# These rules are based on regular expressions; see the documentation
# on regular expressions for information about how to use them. In brief,
# put ^ at the beginning of the word, $ and the end, (.*) where the word stem goes,
# and an ending. Then put " -> ", and the pluralized version, with $1
# where the word stem goes. You can have as many rules as you want; $PRODUCT_NAME will
# try them all in order until it gets to an undefined rule number.
# If one rule succeeds, the translation is done. If none of the rules match,
# we use the word itself as its own plural.
#
# Note: the uncommon "Latin" pluralization which converts -us to -i (e.g. cactus->cacti) is omitted here,
# because most -us words actually pluralized as -uses. If necessary, another rule can be added
# if a latin pluralization is needed.
#
# Due to English's general lack of any sort of consistent spelling rules,
# this will not work for all plurals, but it does a pretty good job for most of them.
pluralize = {
# Special case for the phrases "hour of day" and "day of week", which should be pluralized as "hours of day" and "days of week"
x_of_y = "^([^ ]+) of ([^ ]+)$ -> $1s of $2"
# English words ending in -Xy, where X is a consonant, are pluralized by replacing the y with ies.
# E.g. city -> cities, party -> parties.
y_to_ies = "^(.*[^aeiou])y$ -> $1ies"
# English words ending in -Xs where X is a vowel, have an extra s added, followed by es. E.g. bus->busses.
# Disabled for now, because it gives very strange results when the field name is already plural e.g. bytes->bytesses.
# Best to leave words ending in s alone, I think, when pluralizing-- it might miss some, but overall will do better.
# s_to_sses = "^(.*[aeiouy]s)$ -> $1ses"
# English words ending in -s where the s does *not* follow a vowel are often pluralized by adding -es, e.g. toss->tosses.
# BUT, because in many cases, field names are plural to begin with (e.g. recipients),
# Words ending in -s are for the moment assumed to be plural already, and are not re-pluralized.
# Words ending in -ss or -x are assumed to be singular, and are pluralized by adding -es, e.g. address->addresses, mailbox->mailboxes.
#PLURALIZE_RULE_3 "^(.*s)$ -> $1es"
ss_to_sses = "^(.*ss)$ -> $1es"
x_to_xes = "^(.*x)$ -> $1es"
s_to_s = "^(.*s)$ -> $1"
# A phrase ending with "elapsed" should not be pluralized.
leave_elapsed = "^(.*elapsed)$ -> $1"
# The word "data", or a phrase ending with "data", is already plural, and should not be pluralized.
leave_data = "^(.*data)$ -> $1"
# The word "information", or a phrase ending with "information", should be left alone by the pluralizer.
leave_information = "^(.*information)$ -> $1"
# Most other English words are pluralized by adding -s.
add_s = "^(.*)$ -> $1s"
} # pluralize
# These are the rules that $PRODUCT_NAME uses to capitalize words.
# These rules are based on regular expressions; see the documentation
# on regular expressions for information about how to use them. In brief,
# put ^ at the beginning of the word, $ and the end, (.*) any place you want
# to remember a section of the word to use in the capitalized version.
# Then put %22 -> %22, and the pluralized version, with $1 first remembered section goes,
# $2 for the second, etc. You can have as many rules as you want; $PRODUCT_NAME will
# try them all in order until it gets to an undefined rule number.
# If one rule succeeds, the translation is done. If none of the rules match,
# $PRODUCT_NAME uses the word itself as its own capitalization.
capitalize = {
a = "^a(.*)$ -> A$1"
b = "^b(.*)$ -> B$1"
c = "^c(.*)$ -> C$1"
d = "^d(.*)$ -> D$1"
e = "^e(.*)$ -> E$1"
f = "^f(.*)$ -> F$1"
g = "^g(.*)$ -> G$1"
h = "^h(.*)$ -> H$1"
i = "^i(.*)$ -> I$1"
j = "^j(.*)$ -> J$1"
k = "^k(.*)$ -> K$1"
l = "^l(.*)$ -> L$1"
m = "^m(.*)$ -> M$1"
n = "^n(.*)$ -> N$1"
o = "^o(.*)$ -> O$1"
p = "^p(.*)$ -> P$1"
q = "^q(.*)$ -> Q$1"
r = "^r(.*)$ -> R$1"
s = "^s(.*)$ -> S$1"
t = "^t(.*)$ -> T$1"
u = "^u(.*)$ -> U$1"
v = "^v(.*)$ -> V$1"
w = "^w(.*)$ -> W$1"
x = "^x(.*)$ -> X$1"
y = "^y(.*)$ -> Y$1"
z = "^z(.*)$ -> Z$1"
} # capitalize
# first_weekday and marked_weekday specify default
# values for the calendar and date picker weekday display.
# first_weekday defines the weekday which is displayed as
# first day in the month display. marked_weekday specifies
# the day which is displayed in a more prominent color
# than the other weekdays. Define a letter from 1 - 7 for first_weekday
# and marked_weekday. (1 = Sunday, 2 = Monday, ..., 7 = Saturday)
first_weekday = 1
marked_weekday = 1
weekdays = {
1 = "Sunday"
2 = "Monday"
3 = "Tuesday"
4 = "Wednesday"
5 = "Thursday"
6 = "Friday"
7 = "Saturday"
corrupt_date_time = "corrupt date/time"
} # weekdays
weekdays_short = {
1 = "S"
2 = "M"
3 = "T"
4 = "W"
5 = "T"
6 = "F"
7 = "S"
} # weekdays_short
weekdays_twoletter = {
1 = "Su"
2 = "Mo"
3 = "Tu"
4 = "We"
5 = "Th"
6 = "Fr"
7 = "Sa"
} # weekdays_twoletter
hours = {
0 = "midnight - 1:00 AM"
1 = "1:00 AM - 2:00 AM"
2 = "2:00 AM - 3:00 AM"
3 = "3:00 AM - 4:00 AM"
4 = "4:00 AM - 5:00 AM"
5 = "5:00 AM - 6:00 AM"
6 = "6:00 AM - 7:00 AM"
7 = "7:00 AM - 8:00 AM"
8 = "8:00 AM - 9:00 AM"
9 = "9:00 AM - 10:00 AM"
10 = "10:00 AM - 11:00 AM"
11 = "11:00 AM - noon"
12 = "noon - 1:00 PM"
13 = "1:00 PM - 2:00 PM"
14 = "2:00 PM - 3:00 PM"
15 = "3:00 PM - 4:00 PM"
16 = "4:00 PM - 5:00 PM"
17 = "5:00 PM - 6:00 PM"
18 = "6:00 PM - 7:00 PM"
19 = "7:00 PM - 8:00 PM"
20 = "8:00 PM - 9:00 PM"
21 = "9:00 PM - 10:00 PM"
22 = "10:00 PM - 11:00 PM"
23 = "11:00 PM - midnight"
} # hours
hours_on_graph = {
0 = "0:00 midn."
1 = "1:00 am"
2 = "2:00 am"
3 = "3:00 am"
4 = "4:00 am"
5 = "5:00 am"
6 = "6:00 am"
7 = "7:00 am"
8 = "8:00 am"
9 = "9:00 am"
10 = "10:00 am"
11 = "11:00 am"
12 = "12:00 noon"
13 = "1:00 pm"
14 = "2:00 pm"
15 = "3:00 pm"
16 = "4:00 pm"
17 = "5:00 pm"
18 = "6:00 pm"
19 = "7:00 pm"
20 = "8:00 pm"
21 = "9:00 pm"
22 = "10:00 pm"
23 = "11:00 pm"
} # hours_on_graph
quarter_short = "Q"
months = {
1 = "January"
2 = "February"
3 = "March"
4 = "April"
5 = "May"
6 = "June"
7 = "July"
8 = "August"
9 = "September"
10 = "October"
11 = "November"
12 = "December"
} # months
months_short = {
Jan = "Jan"
Feb = "Feb"
Mar = "Mar"
Apr = "Apr"
May = "May"
Jun = "Jun"
Jul = "Jul"
Aug = "Aug"
Sep = "Sep"
Oct = "Oct"
Nov = "Nov"
Dec = "Dec"
} # months_short
duration = {
year = "year"
month = "month"
day = "day"
hour = "hour"
minute = "minute"
second = "second"
# This generates a 10y20d format for 10 years, 20 days, and 20d for 20 days.
# Change this as appropriate for the language
compact_year_day = "$(internal.duration.years)y $(internal.duration.days)d "
compact_day = "$(internal.duration.days)d "
# This calculates durations. It does not usually have to be translated.
# It will display them as "Y years, D days, H hours, M minutes, S seconds",
# using the unit words above. Unless this format is inappropriate for the language,
# everything from here to "END calculation" can be left unmodified
calculation = "{=
subroutine(duration_multi(string unit, int value, bool more), (
if (value == 0) then
'';
else (
if (value == 1) then
print('1 $unit');
else
value . ' ' . pluralize(unit);
if (more) then
', ';
);
));
subroutine(duration_hms(string unit, int value), (
if (length(value) == 1) then '0';
value;
));
string total_duration = '';
if (internal.duration.compact) then (
if (internal.duration.years > 0) and (internal.duration.days > 0) then
total_duration .= lang_stats.duration.compact_year_day;
else if (internal.duration.days > 0) then
total_duration .= lang_stats.duration.compact_day;
)
else (
total_duration .= duration_multi(lang_stats.duration.year, internal.duration.years, true);
total_duration .= duration_multi(lang_stats.duration.day, internal.duration.days, true);
);
if (!internal.duration.compact) then (
total_duration .= duration_multi(lang_stats.duration.hour, internal.duration.hours, true);
total_duration .= duration_multi(lang_stats.duration.minute, internal.duration.minutes, true);
total_duration .= duration_multi(lang_stats.duration.second, internal.duration.seconds, false);
if (length(total_duration) == 0) then
total_duration = '0 ' . pluralize(lang_stats.duration.second);
)
else (
total_duration .= duration_hms(lang_stats.duration.hour, internal.duration.hours);
total_duration .= ':';
total_duration .= duration_hms(lang_stats.duration.minute, internal.duration.minutes);
total_duration .= ':';
total_duration .= duration_hms(lang_stats.duration.second, internal.duration.seconds);
);
total_duration;
=}"
# END calculation
} # duration
progress = {
step_number_info = "(Step $param1 of $param2)"
canceling_task_info = "Canceling task, please wait."
task_canceled_info = "Task has been cancelled."
confirm_cancel_task_message = "Are you sure you want to cancel the current task ?"
progress_label = "Progress"
receiving_progress_information = "Receiving progress information. Please wait...."
loading_report = "Loading report"
loading_document = "Loading document"
loading = "Loading"
receiving_data = "Receiving data; please wait."
progress_prediction_minor_label = "Collecting progress information"
progress_prediction_description = "Progress predection might take several minutes, please wait."
checking_for_progress_info = "Checking for progress information, please wait."
progress_prediction_label = "Progress Prediction"
collecting_progress_information_info = "Generating report and collecting progress information, please wait."
receiving_progress_data_info = "Receiving progress information, please wait."
database_is_processing_info = "Database is processing."
processing_steps_label = "Processing steps"
elapsed_time_label = "Elapsed time"
remaining_time_label = "Remaining time"
percent_complete_label = "Complete"
processing_one_of_many_steps_label = "Processing step $param1 of $param2"
processing_details_label = "Processing details"
show_processing_details_button = "Show processing details"
hide_processing_details_button = "Hide processing details"
reading_command = "Reading output of command: $param1"
reading_odbc = "Reading log data using ODBC"
# reading_log_file = "Reading log file: $param1"
reading_log_file = "Reading log file: {=convert_local_code_page_to_utf8(param1)=}"
reading_stdin = "Reading log data from standard input stream"
writing_database = "Consolidating and writing database"
building_indices = "Building database indices"
preparing_to_consolidate = "Preparing to consolidate database"
configuration_name = "Profile name"
expiring_hits_before = "Expiring hits before $param1"
deleting_unused_items = "Deleting unused items from database"
converting_database = "Converting database segments"
starting_safe_update = "Starting safe update"
details_label = "Show/Hide Processing Details"
log_entries_processed_label = "Log lines processed"
log_bytes_processed_label = "Log bytes processed"
log_entries_accepted_label = "Log entries accepted"
time_elapsed_label = "Time elapsed"
consolidation_time_spent_label = "Time spent consolidating database"
average_processing_speed_label = "Average processing speed"
current_processing_speed_label = "Current processing speed"
entries_bytes_per_second_value = "$internal.progress.entries_per_second entries per second; $internal.progress.bytes_per_second per second"
estimated_time_remaining_label = "Estimated time remaining"
dns_lookups_attempted_label = "DNS lookups attempted"
dns_lookups_succeeded_network_label = "DNS lookups succeeded (from network)"
dns_lookups_succeeded_cache_label = "DNS lookups succeeded (from cache)"
dns_lookups_failed_label = "DNS lookups failed"
dns_lookups_timed_out_label = "DNS lookups timed out"
memory_used_by_write_buffer = "Memory used by database write buffer"
disk_used_by_write_buffer = "Disk space used by database write buffer"
memory_used_by_visitor_info = "Memory used by visitor lists"
memory_used_by_largest_segment = "Memory used by largest database segment"
memory_used_by_field_names = "Memory used by $internal.field_name index"
more_information = "More information"
getting_http_data = "Getting data by HTTP from $volatile.log_source_http_hostname"
querying_table_values = "Querying table values from the database ($total_table_rows rows)"
creating_session_table = "Creating session table"
collecting_new_session_events = "Collecting new session events from main table"
computing_new_session_users = "Computing new session users"
transferring_new_session_events = "Transferring old events from new users to update table"
removing_updated_sessions = "Removing old session events from new users from session table"
removing_updated_sessions_join = "Removing old session events from new users from session join table"
analyzing_new_session_events = "Analyzing new sessions"
adding_new_events_to_sessions = "Adding new session events to sessions table"
adding_new_events_to_sessions_join = "Adding new session events to sessions join table"
indexing_sessions_join = "Indexing sessions join table"
building_hierarchy_table = "Building hierarchy table for $param1"
collecting_flattened_data = "Collecting bottom-level item data for statistics display"
building_table_rows = "Building the table rows"
building_xref_table = "Building cross-reference table $param1 of $param3 ($param2)"
updating_xref_table = "Updating cross-reference table $param1 ($param2)"
building_index = "Building index $param1 of $param3 ($param2)"
updating_normalization_table = "Updating normalization (itemnum) table ($param1)"
generating_subview = "Generating %22$SUBVIEWNAME%22 section ($SUBVIEWNUM of $NUMSUBVIEWS)"
percent_complete = "Percent complete"
processing_please_wait = "Processing--Please Wait..."
skipping_previously_seen_data = "Skipping previously-seen data"
combining_multisegment_xref = "Combining multisegment cross-reference table for query"
querying_main_table = "Querying database main table"
downloading_file = "Downloading/processing file $param1"
preparing_update_database = "Preparing update database"
preparing_build_database = "Preparing build database"
init_database = "Initializing database"
erasing_existing_database_data = "Erasing existing database data."
generating_report = "Generating report"
waiting_for_database = "Waiting for database (real-time)"
scanning_itemnum_table_for_hierarchy = "Scanning itemnum table ($hierarchydbfield)"
creating_bottomlevelitems_table = "Creating bottom-level items table ($hierarchydbfield)"
creating_subitems_table = "Creating subitems table ($hierarchydbfield)"
indexing_bli_bli = "Indexing bottom-level items field of bottom-level items table ($hierarchydbfield)"
indexing_bli_superitem = "Indexing subitems field of bottom-level items table ($hierarchydbfield)"
indexing_subitems_superitem = "Indexing superitems field of subitems table ($hierarchydbfield)"
indexing_subitems_subitems = "Indexing subitems field of subitems table ($hierarchydbfield)"
major_task = {
# label = Operation
build_database = "Building database"
update_database = "Updating database"
remove_database_data = "Removing data from database"
convert_61_database = "Converting 6.0/6.1 database"
view_statistics = "Generating report"
generate_html_files = "Generating HTML files"
start_parsing_server = "Parsing server (multiprocessor log parsing)"
unknown = "Unknown"
process_logs = "Processing logs"
export_database = "Exporting database"
import_database = "Importing database"
} # major_task
step = {
reading_log_data = "Reading log data"
delete_unused_subitems = "Deleting unused subitems"
merging_items = "Merging database items"
merging_subitems = "Merging database subitems"
merging_main_table = "Merging database main table"
merging_xref_tables = "Merging database cross-reference tables"
removing_database_data = "Removing data from main table"
deleting_unused_items = "Deleting unused items"
querying_log_detail = "Querying log detail from main table"
collecting_table_data = "Collecting data from xref table"
collecting_table_data_main_table = "Collecting data from main table"
integrating_table_data = "Integrating collected data into table"
querying_table_values = "Querying table values"
computing_overview = "Computing Overview"
generating_report_table = "Generating report table"
### generating_table_display = "Generating table display"
generating_display = "Generating display"
computing_session_information = "Computing session information"
generating_report = "Generating report"
loading_filtered_session_logfile = "Loading filtered session information"
computing_filtered_session_information = "Computing filtered session information"
loading_session_logfile = "Loading session information"
collecting_session_information = "Collecting session information"
splitting_sessions = "Splitting/eliminating sessions with timeout and maximum duration"
adding_logfile_indices = "Adding indices to main table"
building_xref_tables = "Building cross-reference tables"
building_hierarchy_tables = "Building hierarchy tables"
scanning_itemnum_table_for_hierarchy = "Scanning itemnum table"
creating_bottomlevelitems_table = "Creating bottom-level items table"
creating_subitems_table = "Creating subitems table"
indexing_bli_bli = "Indexing bottom-level items field of bottom-level items table"
indexing_bli_superitem = "Indexing subitems field of bottom-level items table"
indexing_subitems_superitem = "Indexing superitems field of subitems table"
indexing_subitems_subitems = "Indexing subitems field of subitems table"
building_indices_simultaneously = "Building database indices simultaneously"
building_indices_separately = "Building database indices"
building_xrefs_simultaneously = "Building database cross-reference tables"
building_xrefs_separately = "Building database cross-reference tables"
downloading_geoip_database = "Downloading the GeoIP database (14M)"
subprocesses_building_indices_and_xrefs = "Waiting for subprocesses to build indices and cross-references"
erasing_database = "Erasing database"
computing_subtables = "Computing subtables"
computing_leading_sums = "Computing leading row sums"
generating_table_display = "Generating table display"
detecting_log_format = "Detecting log format"
indexing_main_table = "Indexing main table"
updating_normalization_tables = "Updating normalization tables"
computing_report_table_rows = "Computing report table rows"
querying_main_table = "Querying main table for report"
querying_xref_table = "Querying cross-reference table ($param1) for report"
caching_report_from_query_result = "Caching report from query result"
generating_report_from_cache = "Generating report from cache"
exporting_itemnums = "Exporting itemnums"
exporting_main_table = "Exporting main table"
importing_itemnums = "Importing itemnums"
importing_main_table = "Importing main table"
} # step
details = {
log_lines_processed = "Log lines processed"
average_log_lines_per_second = "Average lines per second"
current_log_lines_per_second = "Current lines per second"
maximum_log_lines_per_second = "Maximum lines per second"
log_bytes_processed = "Log bytes processed"
log_bytes_downloaded = "Log bytes downloaded"
average_log_bytes_per_second = "Average bytes per second"
current_log_bytes_per_second = "Current bytes per second"
maximum_log_bytes_per_second = "Maximum bytes per second"
log_bytes_downloaded = "Log bytes downloaded"
} # details
minor_task_label = "Current sub-operation"
minor_minor_task_label = "Current sub-sub-operation"
task_processing_file = "Processing file $param"
error_in_get_progress_state = "Error in get_progress_state.cfv when reporting report progress!"
error_in_get_progress_state_database = "Error in get_progress_state.cfv when reporting database progress!"
report_has_been_sent = "The report has been sent."
close_window = "Close Window"
} # progress
log_formats = {
helix_universal = {
turboplay = {
0|1|0 = "Off - User preference"
0|2|0 = "Off - Available bandwidth below 256 Kbps"
0|3|0 = "Off - SureStream in use"
0|4|0 = "Off - Excess rebuffering"
0|5|0 = "Off - Presentation not enabled for TurboPlay"
0|6|0 = "Off - Server not enabled for TurboPlay"
0|7|0 = "Off - Live presentation not supported"
1 = "On"
"(empty)" = "(empty)"
} # turboplay
transport = {
0 = "IP Multicast"
1 = "UDP"
2 = "TCP"
3 = "HTTP cloaked"
"(empty)" = "(empty)"
} # transport
clip_end = {
0 = "end of presentation reached"
1 = "stop command issued"
2 = "reconnection required"
3 = "redirection"
"(empty)" = "(empty)"
} # clip_end
} # helix_universal
snort2_syslog = {
# Note to translators: these are the English versions of the Snort 2 log format rules.
# They will appear only when Snort logs are analyzed. It is not necessary to translate
# these unless you need Snort reports to be translated.
rule = {
113 = "BACKDOOR DeepThroat access"
122 = "BACKDOOR DeepThroat 3.1 System Info Client Request"
124 = "BACKDOOR DeepThroat 3.1 FTP Status Client Request"
125 = "BACKDOOR DeepThroat 3.1 E-Mail Info From Server"
126 = "BACKDOOR DeepThroat 3.1 E-Mail Info Client Request"
127 = "BACKDOOR DeepThroat 3.1 Server Status From Server"
128 = "BACKDOOR DeepThroat 3.1 Server Status Client Request"
129 = "BACKDOOR DeepThroat 3.1 Drive Info From Server"
130 = "BACKDOOR DeepThroat 3.1 System Info From Server"
131 = "BACKDOOR DeepThroat 3.1 Drive Info Client Request"
132 = "BACKDOOR DeepThroat 3.1 Server FTP Port Change From Server"
133 = "BACKDOOR DeepThroat 3.1 Cached Passwords Client Request"
134 = "BACKDOOR DeepThroat 3.1 RAS Passwords Client Request"
135 = "BACKDOOR DeepThroat 3.1 Server Password Change Client Request"
136 = "BACKDOOR DeepThroat 3.1 Server Password Remove Client Request"
137 = "BACKDOOR DeepThroat 3.1 Rehash Client Request"
138 = "BACKDOOR DeepThroat 3.1 Server Rehash Client Request"
140 = "BACKDOOR DeepThroat 3.1 ICQ Alert OFF Client Request"
142 = "BACKDOOR DeepThroat 3.1 ICQ Alert ON Client Request"
143 = "BACKDOOR DeepThroat 3.1 Change Wallpaper Client Request"
148 = "BACKDOOR DeepThroat 3.1 Keylogger Active on Network"
149 = "BACKDOOR DeepThroat 3.1 Client Sending Data to Server on Network"
150 = "BACKDOOR DeepThroat 3.1 Server Active on Network"
154 = "BACKDOOR DeepThroat 3.1 Wrong Password"
156 = "BACKDOOR DeepThroat 3.1 Visible Window List Client Request"
160 = "BACKDOOR NetMetro Incoming Traffic"
164 = "BACKDOOR DeepThroat 3.1 Server Active on Network"
165 = "BACKDOOR DeepThroat 3.1 Keylogger on Server ON"
166 = "BACKDOOR DeepThroat 3.1 Show Picture Client Request"
167 = "BACKDOOR DeepThroat 3.1 Hide/Show Clock Client Request"
168 = "BACKDOOR DeepThroat 3.1 Hide/Show Desktop Client Request"
169 = "BACKDOOR DeepThroat 3.1 Swap Mouse Buttons Client Request"
170 = "BACKDOOR DeepThroat 3.1 Enable/Disable CTRL-ALT-DEL Client Request"
171 = "BACKDOOR DeepThroat 3.1 Freeze Mouse Client Request"
172 = "BACKDOOR DeepThroat 3.1 Show Dialog Box Client Request"
173 = "BACKDOOR DeepThroat 3.1 Show Replyable Dialog Box Client Request"
174 = "BACKDOOR DeepThroat 3.1 Hide/Show Start Button Client Request"
175 = "BACKDOOR DeepThroat 3.1 Resolution Change Client Request"
177 = "BACKDOOR DeepThroat 3.1 Keylogger on Server OFF"
179 = "BACKDOOR DeepThroat 3.1 FTP Server Port Client Request"
180 = "BACKDOOR DeepThroat 3.1 Process List Client request"
181 = "BACKDOOR DeepThroat 3.1 Close Port Scan Client Request"
182 = "BACKDOOR DeepThroat 3.1 Registry Add Client Request"
186 = "BACKDOOR DeepThroat 3.1 Monitor on/off Client Request"
187 = "BACKDOOR DeepThroat 3.1 Delete File Client Request"
188 = "BACKDOOR DeepThroat 3.1 Kill Window Client Request"
189 = "BACKDOOR DeepThroat 3.1 Disable Window Client Request"
190 = "BACKDOOR DeepThroat 3.1 Enable Window Client Request"
191 = "BACKDOOR DeepThroat 3.1 Change Window Title Client Request"
192 = "BACKDOOR DeepThroat 3.1 Hide Window Client Request"
193 = "BACKDOOR DeepThroat 3.1 Show Window Client Request"
194 = "BACKDOOR DeepThroat 3.1 Send Text to Window Client Request"
196 = "BACKDOOR DeepThroat 3.1 Hide/Show Systray Client Request"
197 = "BACKDOOR DeepThroat 3.1 Create Directory Client Request"
198 = "BACKDOOR DeepThroat 3.1 All Window List Client Request"
199 = "BACKDOOR DeepThroat 3.1 Play Sound Client Request"
200 = "BACKDOOR DeepThroat 3.1 Run Program Normal Client Request"
201 = "BACKDOOR DeepThroat 3.1 Run Program Hidden Client Request"
202 = "BACKDOOR DeepThroat 3.1 Get NET File Client Request"
203 = "BACKDOOR DeepThroat 3.1 Find File Client Request"
204 = "BACKDOOR DeepThroat 3.1 Find File Client Request"
205 = "BACKDOOR DeepThroat 3.1 HUP Modem Client Request"
206 = "BACKDOOR DeepThroat 3.1 CD ROM Open Client Request"
207 = "BACKDOOR DeepThroat 3.1 CD ROM Close Client Request"
293 = "IMAP EXPLOIT overflow"
295 = "IMAP EXPLOIT x86 linux overflow"
296 = "IMAP EXPLOIT x86 linux overflow"
297 = "IMAP EXPLOIT x86 linux overflow"
298 = "IMAP EXPLOIT x86 linux overflow"
299 = "IMAP EXPLOIT x86 linux overflow"
318 = "EXPLOIT bootp x86 bsd overfow"
319 = "EXPLOIT bootp x86 linux overflow"
338 = "FTP EXPLOIT format string"
340 = "FTP EXPLOIT overflow"
341 = "FTP EXPLOIT overflow"
342 = "FTP EXPLOIT wu-ftpd 2.6.0 site exec format string overflow Solaris 2.8"
343 = "FTP EXPLOIT wu-ftpd 2.6.0 site exec format string overflow FreeBSD"
345 = "FTP EXPLOIT wu-ftpd 2.6.0 site exec format string overflow generic"
346 = "FTP EXPLOIT wu-ftpd 2.6.0 site exec format string check"
348 = "FTP EXPLOIT wu-ftpd 2.6.0"
349 = "FTP EXPLOIT MKD overflow"
350 = "FTP EXPLOIT x86 linux overflow"
351 = "FTP EXPLOIT x86 linux overflow"
352 = "FTP EXPLOIT x86 linux overflow"
445 = "ICMP SKIP"
446 = "ICMP SKIP (Undefined Code!"
448 = "ICMP Source Quench (Undefined Code!)"
449 = "ICMP Time-To-Live Exceeded in Transit"
450 = "ICMP Time-To-Live Exceeded in Transit (Undefined Code!)"
455 = "ICMP Traceroute ipopts"
488 = "INFO Connection Closed MSG from Port 80"
490 = "INFO battle-mail traffic"
501 = "MISC source route lssre"
508 = "MISC gopher proxy"
513 = "MISC Cisco Catalyst Remote Access"
516 = "MISC SNMP NT UserList"
521 = "MISC Large UDP Packet"
529 = "NETBIOS DOS RFPoison"
534 = "NETBIOS SMB CD.."
535 = "NETBIOS SMB CD..."
536 = "NETBIOS SMB D access"
537 = "NETBIOS SMB IPC access"
538 = "NETBIOS SMB IPC access"
539 = "NETBIOS Samba clientaccess"
556 = "P2P Outbound GNUTella client request"
557 = "P2P GNUTella client request"
558 = "INFO Outbound GNUTella client request"
559 = "P2P Inbound GNUTella client request"
560 = "POLICY VNC server response"
561 = "P2P Napster Client Data"
562 = "P2P Napster Client Data"
563 = "P2P Napster Client Data"
564 = "P2P Napster Client Data"
565 = "P2P Napster Server Login"
566 = "POLICY PCAnywhere server response"
569 = "RPC snmpXdmi overflow attempt TCP"
570 = "RPC EXPLOIT ttdbserv solaris overflow"
571 = "RPC EXPLOIT ttdbserv Solaris overflow"
572 = "RPC DOS ttdbserv Solaris"
573 = "RPC AMD Overflow"
588 = "RPC portmap ttdbserv request UDP"
592 = "RPC rstatd query"
596 = "RPC portmap listing"
597 = "RPC portmap listing"
600 = "RPC EXPLOIT statdx"
601 = "RSERVICES rlogin LinuxNIS"
612 = "RPC rusers query UDP"
613 = "SCAN myscan"
615 = "SCAN SOCKS Proxy attempt"
616 = "SCAN ident version request"
617 = "SCAN ssh-research-scanner"
619 = "SCAN cybercop os probe"
622 = "SCAN ipEye SYN scan"
628 = "SCAN nmap TCP"
635 = "SCAN XTACACS logout"
636 = "SCAN cybercop udp bomb"
637 = "SCAN Webtrends Scanner UDP Probe"
647 = "SHELLCODE sparc setuid 0"
652 = "SHELLCODE Linux shellcode"
653 = "SHELLCODE x86 unicode NOOP"
656 = "SMTP EXPLOIT x86 windows CSMMail overflow"
666 = "SMTP sendmail 8.4.1 exploit"
674 = "MS-SQL xp_displayparamstmt possible buffer overflow"
675 = "MS-SQL xp_setsqlsecurity possible buffer overflow"
690 = "MS-SQL/SMB xp_printstatements possible buffer overflow"
695 = "MS-SQL/SMB xp_sprintf possible buffer overflow"
696 = "MS-SQL/SMB xp_showcolv possible buffer overflow"
697 = "MS-SQL/SMB xp_peekqueue possible buffer overflow"
698 = "MS-SQL/SMB xp_proxiedmetadata possible buffer overflow"
699 = "MS-SQL xp_printstatements possible buffer overflow"
700 = "MS-SQL/SMB xp_updatecolvbm possible buffer overflow"
701 = "MS-SQL xp_updatecolvbm possible buffer overflow"
702 = "MS-SQL/SMB xp_displayparamstmt possible buffer overflow"
703 = "MS-SQL/SMB xp_setsqlsecurity possible buffer overflow"
704 = "MS-SQL xp_sprintf possible buffer overflow"
705 = "MS-SQL xp_showcolv possible buffer overflow"
707 = "MS-SQL xp_proxiedmetadata possible buffer overflow"
709 = "TELNET 4Dgifts SGI account attempt"
710 = "TELNET EZsetup account attempt"
712 = "TELNET ld_library_path"
713 = "TELNET livingston DOS"
714 = "TELNET resolv_host_conf"
721 = "Virus - Possible pif Worm"
722 = "Virus - Possible NAVIDAD Worm"
723 = "Virus - Possible MyRomeo Worm"
729 = "Virus - Possible scr Worm"
730 = "Virus - Possible shs Worm"
732 = "Virus - Possible QAZ Worm Infection"
736 = "Virus - Successful eurocalculator execution"
737 = "Virus - Possible eurocalculator.exe file"
738 = "Virus - Possible Pikachu Pokemon Virus"
739 = "Virus - Possible Triplesix Worm"
740 = "Virus - Possible Tune.vbs"
741 = "Virus - Possible NAIL Worm"
742 = "Virus - Possible NAIL Worm"
743 = "Virus - Possible NAIL Worm"
744 = "Virus - Possible NAIL Worm"
745 = "Virus - Possible Papa Worm"
746 = "Virus - Possible Freelink Worm"
747 = "Virus - Possible Simbiosis Worm"
748 = "Virus - Possible BADASS Worm"
749 = "Virus - Possible ExploreZip.B Worm"
751 = "Virus - Possible wscript.KakWorm"
752 = "Virus Possible Suppl Worm"
753 = "Virus - Possible NewApt.Worm - theobbq.exe"
754 = "Virus - Possible Word Macro - VALE"
755 = "Virus - Possible IROK Worm"
756 = "Virus - Possible Fix2001 Worm"
757 = "Virus - Possible Y2K Zelu Trojan"
758 = "Virus - Possible The_Fly Trojan"
759 = "Virus - Possible Word Macro - VALE"
760 = "Virus - Possible Passion Worm"
761 = "Virus - Possible NewApt.Worm - cooler3.exe"
762 = "Virus - Possible NewApt.Worm - party.exe"
763 = "Virus - Possible NewApt.Worm - hog.exe"
764 = "Virus - Possible NewApt.Worm - goal1.exe"
765 = "Virus - Possible NewApt.Worm - pirate.exe"
766 = "Virus - Possible NewApt.Worm - video.exe"
767 = "Virus - Possible NewApt.Worm - baby.exe"
768 = "Virus - Possible NewApt.Worm - cooler1.exe"
769 = "Virus - Possible NewApt.Worm - boss.exe"
770 = "Virus - Possible NewApt.Worm - g-zilla.exe"
771 = "Virus - Possible ToadieE-mail Trojan"
773 = "Virus - Possible Happy99 Virus"
774 = "Virus - Possible CheckThis Trojan"
776 = "Virus - Possible NewApt.Worm - copier.exe"
777 = "Virus - Possible MyPics Worm"
778 = "Virus - Possible Babylonia - X-MAS.exe"
779 = "Virus - Possible NewApt.Worm - gadget.exe"
780 = "Virus - Possible NewApt.Worm - irnglant.exe"
781 = "Virus - Possible NewApt.Worm - casper.exe"
782 = "Virus - Possible NewApt.Worm - fborfw.exe"
783 = "Virus - Possible NewApt.Worm - saddam.exe"
784 = "Virus - Possible NewApt.Worm - bboy.exe"
785 = "Virus - Possible NewApt.Worm - monica.exe"
786 = "Virus - Possible NewApt.Worm - goal.exe"
787 = "Virus - Possible NewApt.Worm - panther.exe"
788 = "Virus - Possible NewApt.Worm - chestburst.exe"
789 = "Virus - Possible NewApt.Worm - farter.exe"
790 = "Virus - Possible Common Sense Worm"
791 = "Virus - Possible NewApt.Worm - cupid2.exe"
792 = "Virus - Possible Resume Worm"
794 = "Virus - Possible Resume Worm"
799 = "Virus - Possible Timofonica Worm"
800 = "Virus - Possible Resume Worm"
802 = "Virus - Possible Zipped Files Trojan"
808 = "WEB-CGI webdriver access"
809 = "WEB-CGI whois_raw.cgi arbitrary command execution attempt"
810 = "WEB-CGI whois_raw.cgi access"
811 = "WEB-CGI websitepro path access"
812 = "WEB-CGI webplus version access"
815 = "WEB-CGI websendmail access"
818 = "WEB-CGI dcforum.cgi access"
819 = "WEB-CGI mmstdod.cgi access"
820 = "WEB-CGI anaconda directory transversal attempt"
821 = "WEB-CGI imagemap.exe overflow attempt"
823 = "WEB-CGI cvsweb.cgi access"
825 = "WEB-CGI glimpse access"
826 = "WEB-CGI htmlscript access"
827 = "WEB-CGI info2www access"
828 = "WEB-CGI maillist.pl access"
829 = "WEB-CGI nph-test-cgi access"
830 = "WEB-CGI NPH-publish access"
832 = "WEB-CGI perl.exe access"
833 = "WEB-CGI rguest.exe access"
834 = "WEB-CGI rwwwshell.pl access"
836 = "WEB-CGI textcounter.pl access"
837 = "WEB-CGI uploader.exe access"
838 = "WEB-CGI webgais access"
839 = "WEB-CGI finger access"
840 = "WEB-CGI perlshop.cgi access"
841 = "WEB-CGI pfdisplay.cgi access"
842 = "WEB-CGI aglimpse access"
843 = "WEB-CGI anform2 access"
844 = "WEB-CGI args.bat access"
846 = "WEB-CGI bnbform.cgi access"
847 = "WEB-CGI campas access"
849 = "WEB-CGI view-source access"
850 = "WEB-CGI wais.pl access"
851 = "WEB-CGI files.pl access"
852 = "WEB-CGI wguest.exe access"
853 = "WEB-CGI wrap access"
854 = "WEB-CGI classifieds.cgi access"
855 = "WEB-CGI edit.pl access"
856 = "WEB-CGI environ.cgi access"
857 = "WEB-CGI faxsurvey access"
858 = "WEB-CGI filemail access"
859 = "WEB-CGI man.sh access"
860 = "WEB-CGI snork.bat access"
861 = "WEB-CGI w3-msql access"
862 = "WEB-CGI csh access"
863 = "WEB-CGI day5datacopier.cgi access"
864 = "WEB-CGI day5datanotifier.cgi access"
865 = "WEB-CGI ksh access"
866 = "WEB-CGI post-query access"
868 = "WEB-CGI rsh access"
869 = "WEB-CGI dumpenv.pl access"
870 = "WEB-CGI snorkerz.cmd access"
871 = "WEB-CGI survey.cgi access"
872 = "WEB-CGI tcsh access"
873 = "WEB-CGI scriptalias access"
874 = "WEB-CGI w3-msql solaris x86 access"
875 = "WEB-CGI win-c-sample.exe access"
877 = "WEB-CGI rksh access"
878 = "WEB-CGI w3tvars.pm access"
880 = "WEB-CGI LWGate access"
881 = "WEB-CGI archie access"
883 = "WEB-CGI flexform access"
884 = "WEB-CGI formmail access"
885 = "WEB-CGI bash access"
886 = "WEB-CGI phf access"
887 = "WEB-CGI www-sql access"
889 = "WEB-CGI ppdscgi.exe access"
890 = "WEB-CGI sendform.cgi access"
891 = "WEB-CGI upload.pl access"
892 = "WEB-CGI AnyForm2 access"
893 = "WEB-CGI MachineInfo access"
895 = "WEB-CGI redirect access"
896 = "WEB-CGI way-board access"
897 = "WEB-CGI pals-cgi access"
898 = "WEB-CGI commerce.cgi access"
901 = "WEB-CGI webspirs.cgi access"
902 = "WEB-CGI tstisapi.dll access"
903 = "WEB-COLDFUSION cfcache.map access"
909 = "WEB-COLDFUSION datasource username attempt"
910 = "WEB-COLDFUSION fileexists.cfm access"
911 = "WEB-COLDFUSION exprcalc access"
912 = "WEB-COLDFUSION parks access"
913 = "WEB-COLDFUSION cfappman access"
914 = "WEB-COLDFUSION beaninfo access"
915 = "WEB-COLDFUSION evaluate.cfm access"
916 = "WEB-COLDFUSION getodbcdsn access"
917 = "WEB-COLDFUSION db connections flush attempt"
918 = "WEB-COLDFUSION expeval access"
919 = "WEB-COLDFUSION datasource passwordattempt"
920 = "WEB-COLDFUSION datasource attempt"
922 = "WEB-COLDFUSION displayfile access"
923 = "WEB-COLDFUSION getodbcin attempt"
925 = "WEB-COLDFUSION mainframeset access"
926 = "WEB-COLDFUSION set odbc ini attempt"
927 = "WEB-COLDFUSION settings refresh attempt"
928 = "WEB-COLDFUSION exampleapp access"
929 = "WEB-COLDFUSION CFUSION_VERIFYMAIL access"
930 = "WEB-COLDFUSION snippets attempt"
931 = "WEB-COLDFUSION cfmlsyntaxcheck.cfm access"
932 = "WEB-COLDFUSION application.cfm access"
933 = "WEB-COLDFUSION onrequestend.cfm access"
936 = "WEB-COLDFUSION gettempdirectory.cfm access-"
937 = "WEB-FRONTPAGE _vti_rpc access"
940 = "WEB-FRONTPAGE shtml.dll access"
941 = "WEB-FRONTPAGE contents.htm access"
942 = "WEB-FRONTPAGE orders.htm access"
943 = "WEB-FRONTPAGE fpsrvadm.exe access"
944 = "WEB-FRONTPAGE fpremadm.exe access"
946 = "WEB-FRONTPAGE fpadmcgi.exe access"
947 = "WEB-FRONTPAGE orders.txt access"
949 = "WEB-FRONTPAGE registrations.htm access"
950 = "WEB-FRONTPAGE cfgwiz.exe access"
954 = "WEB-FRONTPAGE form_results.htm access"
955 = "WEB-FRONTPAGE access.cnf access"
956 = "WEB-FRONTPAGE register.txt access"
957 = "WEB-FRONTPAGE registrations.txt access"
959 = "WEB-FRONTPAGE service.pwd"
960 = "WEB-FRONTPAGE service.stp access"
961 = "WEB-FRONTPAGE services.cnf access"
962 = "WEB-FRONTPAGE shtml.exe access"
963 = "WEB-FRONTPAGE svcacl.cnf access"
964 = "WEB-FRONTPAGE users.pwd access"
965 = "WEB-FRONTPAGE writeto.cnf access"
966 = "WEB-FRONTPAGE fourdots request"
968 = "WEB-FRONTPAGE register.htm access"
984 = "WEB-IIS JET VBA access"
985 = "WEB-IIS JET VBA access"
1004 = "WEB-IIS codebrowser Exair access"
1005 = "WEB-IIS codebrowser SDK access"
1010 = "WEB-IIS encoding access"
1012 = "WEB-IIS fpcount attempt"
1013 = "WEB-IIS fpcount access"
1028 = "WEB-IIS query.asp access"
1031 = "WEB-IIS /SiteServer/Publishing/viewcode.asp access"
1032 = "WEB-IIS showcode access"
1033 = "WEB-IIS showcode access"
1034 = "WEB-IIS showcode access"
1035 = "WEB-IIS showcode access"
1036 = "WEB-IIS showcode access"
1047 = "WEB-MISC Netscape Enterprise DOS"
1048 = "WEB-MISC Netscape Enterprise directory listing attempt"
1049 = "WEB-MISC iPlanet ../../ DOS attempt"
1053 = "WEB-CGI ads.cgi command execution attempt"
1056 = "WEB-MISC Tomcat view source attempt"
1057 = "WEB-MISC ftp attempt"
1058 = "WEB-MISC xp_enumdsn attempt"
1059 = "WEB-MISC xp_filelist attempt"
1060 = "WEB-MISC xp_availablemedia attempt"
1061 = "WEB-MISC xp_cmdshell attempt"
1064 = "WEB-MISC wsh attempt"
1065 = "WEB-MISC rcmd attempt"
1068 = "WEB-MISC tftp attempt"
1069 = "WEB-MISC xp_regread attempt"
1077 = "WEB-MISC queryhit.htm access"
1078 = "WEB-MISC counter.exe access"
1081 = "WEB-MISC Netscape Servers suite DOS"
1082 = "WEB-MISC amazon 1-click cookie theft"
1083 = "WEB-MISC unify eWave ServletExec DOS"
1084 = "WEB-MISC Allaire JRUN DOS attempt"
1085 = "WEB-PHP strings overflow"
1086 = "WEB-PHP strings overflow"
1090 = "WEB-CGI Allaire Pro Web Shell attempt"
1091 = "WEB-MISC ICQ Webfront HTTP DOS"
1095 = "WEB-MISC Talentsoft Web+ Source Code view access"
1096 = "WEB-MISC Talentsoft Web+ internal IP Address access"
1097 = "WEB-CGI Talentsoft Web+ exploit attempt"
1098 = "WEB-MISC SmartWin CyberOffice Shopping Cart access"
1099 = "WEB-MISC cybercop scan"
1100 = "WEB-MISC L3retriever HTTP Probe"
1101 = "WEB-MISC Webtrends HTTP probe"
1102 = "WEB-MISC Nessus 404 probe"
1105 = "WEB-MISC BigBrother access"
1106 = "WEB-CGI Poll-it access"
1107 = "WEB-MISC ftp.pl access"
1108 = "WEB-MISC Tomcat server snoop access"
1109 = "WEB-MISC ROXEN directory list attempt"
1110 = "WEB-MISC apache source.asp file access"
1114 = "WEB-MISC prefix-get //"
1115 = "WEB-MISC ICQ webserver DOS"
1116 = "WEB-MISC Lotus DelDoc attempt"
1117 = "WEB-MISC Lotus EditDoc attempt"
1118 = "WEB-MISC ls -l"
1119 = "WEB-MISC mlog.phtml access"
1120 = "WEB-MISC mylog.phtml access"
1121 = "WEB-MISC O\\'Reilly args.bat access"
1123 = "WEB-MISC ?PageServices access"
1124 = "WEB-MISC Ecommerce check.txt access"
1125 = "WEB-MISC webcart access"
1126 = "WEB-MISC AuthChangeUrl access"
1127 = "WEB-MISC convert.bas access"
1128 = "WEB-MISC cpshost.dll access"
1130 = "WEB-MISC .wwwacl access"
1131 = "WEB-MISC .wwwacl access"
1132 = "WEB-MISC Netscape Unixware overflow"
1136 = "WEB-MISC cd.."
1138 = "WEB-MISC Cisco Web DOS attempt"
1140 = "WEB-MISC guestbook.pl access"
1141 = "WEB-MISC handler access"
1142 = "WEB-MISC /.... access"
1143 = "WEB-MISC ///cgi-bin access"
1144 = "WEB-MISC /cgi-bin/// access"
1145 = "WEB-MISC /~root access"
1146 = "WEB-MISC Ecommerce import.txt access"
1147 = "WEB-MISC cat access"
1148 = "WEB-MISC Ecommerce import.txt access"
1149 = "WEB-CGI count.cgi access"
1150 = "WEB-MISC Domino catalog.nsf access"
1151 = "WEB-MISC Domino domcfg.nsf access"
1152 = "WEB-MISC Domino domlog.nsf access"
1153 = "WEB-MISC Domino log.nsf access"
1154 = "WEB-MISC Domino names.nsf access"
1155 = "WEB-MISC Ecommerce checks.txt access"
1156 = "WEB-MISC apache DOS attempt"
1157 = "WEB-MISC Netscape PublishingXpert access"
1160 = "WEB-MISC Netscape dir index wp"
1161 = "WEB-PHP piranha passwd.php3 access"
1164 = "WEB-MISC shopping cart access access"
1165 = "WEB-MISC Novell Groupwise gwweb.exe access"
1168 = "WEB-MISC mall log order access"
1172 = "WEB-CGI bigconf.cgi access"
1173 = "WEB-MISC architext_query.pl access"
1174 = "WEB-CGI /cgi-bin/jj access"
1177 = "WEB-MISC Netscape Enterprise Server directory view"
1178 = "WEB-PHP Phorum read access"
1179 = "WEB-PHP Phorum violation access"
1180 = "WEB-MISC get32.exe access"
1181 = "WEB-MISC Annex Terminal DOS attempt"
1182 = "WEB-MISC cgitest.exe attempt"
1183 = "WEB-MISC Netscape Enterprise Server directory view"
1184 = "WEB-MISC Netscape Enterprise Server directory view"
1185 = "WEB-CGI bizdbsearch attempt"
1192 = "WEB-MISC Trend Micro OfficeScan access"
1193 = "WEB-MISC oracle web arbitrary command execution attempt"
1194 = "WEB-CGI sojourn.cgi File attempt"
1195 = "WEB-CGI sojourn.cgi access"
1197 = "WEB-PHP Phorum code access"
1200 = "ATTACK-RESPONSES Invalid URL"
1201 = "ATTACK-RESPONSES 403 Forbidden"
1202 = "WEB-MISC search.vts access"
1205 = "WEB-CGI axs.cgi access"
1206 = "WEB-CGI cachemgr.cgi access"
1207 = "WEB-MISC htgrep access"
1208 = "WEB-CGI responder.cgi access"
1209 = "WEB-MISC .nsconfig access"
1211 = "WEB-CGI web-map.cgi access"
1213 = "WEB-MISC backup access"
1214 = "WEB-MISC intranet access"
1216 = "WEB-MISC filemail access"
1217 = "WEB-MISC plusmail access"
1219 = "WEB-CGI dfire.cgi access"
1220 = "WEB-MISC ultraboard access"
1221 = "WEB-MISC musicat empower access"
1222 = "WEB-CGI pals-cgi arbitrary file access attempt"
1224 = "WEB-MISC ROADS search.pl attempt"
1230 = "WEB-MISC VirusWall FtpSave access"
1231 = "WEB-MISC VirusWall catinfo access"
1232 = "WEB-MISC VirusWall catinfo access"
1234 = "WEB-MISC VirusWall FtpSaveCSP access"
1235 = "WEB-MISC VirusWall FtpSaveCVP access"
1236 = "WEB-MISC Tomcat sourecode view"
1237 = "WEB-MISC Tomcat sourecode view"
1238 = "WEB-MISC Tomcat sourecode view"
1239 = "NETBIOS RFParalyze Attempt"
1246 = "WEB-FRONTPAGE rad overflow attempt"
1247 = "WEB-FRONTPAGE rad overflow attempt"
1248 = "WEB-FRONTPAGE rad fp30reg.dll access"
1249 = "WEB-FRONTPAGE frontpage rad fp4areg.dll access"
1252 = "TELNET bsd telnet exploit response"
1253 = "TELNET bsd exploit client finishing"
1254 = "WEB-PHP PHPLIB remote command attempt"
1255 = "WEB-PHP PHPLIB remote command attempt"
1258 = "WEB-MISC HP OpenView Manager DOS"
1259 = "WEB-MISC SWEditServlet access"
1274 = "RPC portmap ttdbserv request TCP"
1276 = "RPC portmap ypserv request TCP"
1277 = "RPC portmap ypupdated request UDP"
1278 = "RPC rstatd query"
1282 = "RPC EXPLOIT statdx"
1288 = "WEB-FRONTPAGE /_vti_bin/ access"
1291 = "WEB-MISC sml3com access"
1293 = "NETBIOS nimda .eml"
1294 = "NETBIOS nimda .nws"
1295 = "NETBIOS nimda RICHED20.DLL"
1296 = "RPC portmap request yppasswdd"
1297 = "RPC portmap request yppasswdd"
1302 = "WEB-MISC console.exe access"
1303 = "WEB-MISC cs.exe access"
1304 = "WEB-CGI txt2html.cgi access"
1307 = "WEB-CGI store.cgi access"
1308 = "WEB-CGI sendmessage.cgi access"
1309 = "WEB-CGI zsh access"
1361 = "WEB-ATTACKS nmap command attempt"
1362 = "WEB-ATTACKS xterm command attempt"
1371 = "WEB-ATTACKS /etc/motd access"
1376 = "WEB-MISC jrun directory browse attempt"
1381 = "WEB-MISC Trend Micro OfficeScan attempt"
1384 = "MISC UPnP malformed advertisement"
1386 = "MS-SQL/SMB raiserror possible buffer overflow"
1388 = "MISC UPnP Location overflow"
1390 = "SHELLCODE x86 inc ebx NOOP"
1391 = "WEB-MISC Phorecast remote code execution attempt"
1392 = "WEB-CGI lastlines.cgi access"
1393 = "MISC AIM AddGame attempt"
1395 = "WEB-CGI zml.cgi attempt"
1396 = "WEB-CGI zml.cgi access"
1403 = "WEB-MISC viewcode access"
1404 = "WEB-MISC showcode access"
1405 = "WEB-CGI AHG search.cgi access"
1406 = "WEB-CGI agora.cgi access"
1407 = "WEB-PHP smssend.php access"
1409 = "SNMP community string buffer overflow attempt"
1410 = "WEB-CGI dcboard.cgi access"
1421 = "SNMP AgentX/tcp request"
1423 = "WEB-PHP content-disposition memchr overflow"
1424 = "SHELLCODE x86 EB OC NOOP"
1425 = "WEB-PHP content-disposition"
1426 = "SNMP PROTOS test-suite-req-app attempt"
1427 = "SNMP PROTOS test-suite-trap-app attempt"
1428 = "MULTIMEDIA audio galaxy keepalive"
1429 = "POLICY poll.gotomypc.com access"
1430 = "TELNET Solaris memory mismanagement exploit attempt"
1433 = "WEB-MISC .history access"
1434 = "WEB-MISC .bash_history access"
1436 = "MULTIMEDIA Quicktime User Agent access"
1437 = "MULTIMEDIA Windows Media audio download"
1438 = "MULTIMEDIA Windows Media Video download"
1439 = "MULTIMEDIA Shoutcast playlist redirection"
1440 = "MULTIMEDIA Icecast playlist redirection"
1447 = "MISC MS Terminal server request (RDP)"
1448 = "MISC MS Terminal server request"
1451 = "WEB-CGI NPH-publish access"
1452 = "WEB-CGI args.cmd access"
1453 = "WEB-CGI AT-generated.cgi access"
1454 = "WEB-CGI wwwwais access"
1455 = "WEB-CGI calender.pl access"
1458 = "WEB-CGI user_update_passwd.pl access"
1459 = "WEB-CGI bb-histlog.sh access"
1460 = "WEB-CGI bb-histsvc.sh access"
1461 = "WEB-CGI bb-rep.sh access"
1462 = "WEB-CGI bb-replog.sh access"
1464 = "ATTACK-RESPONSES oracle one hour install"
1465 = "WEB-CGI auktion.cgi access"
1466 = "WEB-CGI cgiforum.pl access"
1467 = "WEB-CGI directorypro.cgi access"
1468 = "WEB-CGI Web Shopper shopper.cgi attempt"
1469 = "WEB-CGI Web Shopper shopper.cgi access"
1470 = "WEB-CGI listrec.pl access"
1471 = "WEB-CGI mailnews.cgi access"
1472 = "WEB-CGI book.cgi access"
1473 = "WEB-CGI newsdesk.cgi access"
1474 = "WEB-CGI cal_make.pl access"
1475 = "WEB-CGI mailit.pl access"
1476 = "WEB-CGI sdbsearch.cgi access"
1477 = "WEB-CGI swc attempt"
1478 = "WEB-CGI swc access"
1479 = "WEB-CGI ttawebtop.cgi arbitrary file attempt"
1480 = "WEB-CGI ttawebtop.cgi access"
1481 = "WEB-CGI upload.cgi access"
1482 = "WEB-CGI view_source access"
1483 = "WEB-CGI ustorekeeper.pl access"
1489 = "WEB-MISC /~nobody access"
1493 = "WEB-MISC RBS ISP /newuser access"
1494 = "WEB-CGI SIX webboard generate.cgi attempt"
1495 = "WEB-CGI SIX webboard generate.cgi access"
1496 = "WEB-CGI spin_client.cgi access"
1499 = "WEB-MISC SiteScope Service access"
1500 = "WEB-MISC ExAir access"
1502 = "WEB-CGI a1stats a1disp3.cgi access"
1505 = "WEB-CGI alchemy http server PRN arbitrary command execution attempt"
1506 = "WEB-CGI alchemy http server NUL arbitrary command execution attempt"
1507 = "WEB-CGI alibaba.pl arbitrary command execution attempt"
1508 = "WEB-CGI alibaba.pl access"
1510 = "WEB-CGI test.bat arbitrary command execution attempt"
1511 = "WEB-CGI test.bat access"
1512 = "WEB-CGI input.bat arbitrary command execution attempt"
1513 = "WEB-CGI input.bat access"
1514 = "WEB-CGI input2.bat arbitrary command execution attempt"
1515 = "WEB-CGI input2.bat access"
1516 = "WEB-CGI envout.bat arbitrary command execution attempt"
1517 = "WEB-CGI envout.bat access"
1518 = "WEB-MISC nstelemetry.adp access"
1521 = "WEB-MISC server-status access"
1522 = "WEB-MISC ans.pl attempt"
1523 = "WEB-MISC ans.pl access"
1524 = "WEB-MISC AxisStorpoint CD attempt"
1525 = "WEB-MISC Axis Storpoint CD access"
1528 = "WEB-MISC BBoard access"
1531 = "WEB-CGI bb-hist.sh attempt"
1532 = "WEB-CGI bb-hostscv.sh attempt"
1533 = "WEB-CGI bb-hostscv.sh access"
1534 = "WEB-CGI agora.cgi attempt"
1535 = "WEB-CGI bizdbsearch access"
1538 = "NNTP AUTHINFO USER overflow attempt"
1539 = "WEB-CGI /cgi-bin/ls access"
1540 = "WEB-COLDFUSION ?Mode=debug attempt"
1542 = "WEB-CGI cgimail access"
1543 = "WEB-CGI cgiwrap access"
1547 = "WEB-CGI csSearch.cgi arbitrary command execution attempt"
1548 = "WEB-CGI csSearch.cgi access"
1551 = "WEB-MISC /CVS/Entries access"
1552 = "WEB-MISC cvsweb version access"
1553 = "WEB-CGI /cart/cart.cgi access"
1554 = "WEB-CGI dbman db.cgi access"
1555 = "WEB-CGI DCShop access"
1556 = "WEB-CGI DCShop orders.txt access"
1557 = "WEB-CGI DCShop auth_user_file.txt access"
1558 = "WEB-MISC Delegate whois overflow attempt"
1559 = "WEB-MISC /doc/packages access"
1560 = "WEB-MISC /doc/ access"
1561 = "WEB-MISC ?open access"
1563 = "WEB-MISC login.htm attempt"
1564 = "WEB-MISC login.htm access"
1565 = "WEB-CGI eshop.pl arbitrary commane execution attempt"
1566 = "WEB-CGI eshop.pl access"
1570 = "WEB-CGI loadpage.cgi access"
1572 = "WEB-CGI commerce.cgi arbitrary file access attempt"
1573 = "WEB-CGI cgiforum.pl attempt"
1574 = "WEB-CGI directorypro.cgi attempt"
1575 = "WEB-MISC Domino mab.nsf access"
1576 = "WEB-MISC Domino cersvr.nsf access"
1577 = "WEB-MISC Domino setup.nsf access"
1578 = "WEB-MISC Domino statrep.nsf access"
1580 = "WEB-MISC Domino events4.nsf access"
1581 = "WEB-MISC Domino ntsync4.nsf access"
1582 = "WEB-MISC Domino collect4.nsf access"
1583 = "WEB-MISC Domino mailw46.nsf access"
1584 = "WEB-MISC Domino bookmark.nsf access"
1585 = "WEB-MISC Domino agentrunner.nsf access"
1586 = "WEB-MISC Domino mail.box access"
1587 = "WEB-MISC cgitest.exe access"
1588 = "WEB-MISC SalesLogix Eviewer access"
1589 = "WEB-MISC musicat empower attempt"
1590 = "WEB-CGI faqmanager.cgi arbitrary file access attempt"
1591 = "WEB-CGI faqmanager.cgi access"
1592 = "WEB-CGI /fcgi-bin/echo.exe access"
1593 = "WEB-CGI FormHandler.cgi external site redirection attempt"
1594 = "WEB-CGI FormHandler.cgi access"
1597 = "WEB-CGI guestbook.cgi access"
1599 = "WEB-CGI search.cgi access"
1603 = "WEB-MISC DELETE attempt"
1606 = "WEB-CGI icat access"
1608 = "WEB-CGI htmlscript attempt"
1609 = "WEB-CGI faxsurvey arbitrary file read attempt"
1611 = "WEB-CGI eXtropia webstore access"
1612 = "WEB-MISC ftp.pl attempt"
1613 = "WEB-MISC handler attempt"
1614 = "WEB-MISC Novell Groupwise gwweb.exe attempt"
1615 = "WEB-MISC htgrep attempt"
1617 = "WEB-CGI Bugzilla doeditvotes.cgi access"
1619 = "EXPERIMENTAL WEB-IIS .htr request"
1620 = "BAD TRAFFIC Non-Standard IP protocol"
1629 = "OTHER-IDS SecureNetPro traffic"
1634 = "POP3 PASS overflow attempt"
1635 = "POP3 APOP overflow attempt"
1637 = "WEB-CGI yabb.cgi access"
1642 = "WEB-CGI document.d2w access"
1643 = "WEB-CGI db2www access"
1644 = "WEB-CGI test-cgi attempt"
1646 = "WEB-CGI test.cgi access"
1647 = "WEB-CGI faxsurvey attempt (full path)"
1648 = "WEB-CGI perl.exe command attempt"
1649 = "WEB-CGI perl command attempt"
1650 = "WEB-CGI tst.bat access"
1651 = "WEB-CGI enivorn.pl access"
1652 = "WEB-CGI campus attempt"
1653 = "WEB-CGI campus access"
1654 = "WEB-CGI cart32.exe access"
1655 = "WEB-CGI pfdispaly.cgi arbitrary command execution attempt"
1656 = "WEB-CGI pfdispaly.cgi access"
1658 = "WEB-CGI pagelog.cgi access"
1659 = "WEB-COLDFUSION sendmail.cfm access"
1663 = "WEB-MISC *.pl access"
1664 = "WEB-MISC mkplog.exe access"
1665 = "WEB-MISC mkilog.exe access"
1666 = "ATTACK-RESPONSES index of /cgi-bin/ response"
1668 = "WEB-CGI /cgi-bin/ access"
1669 = "WEB-CGI /cgi-dos/ access"
1670 = "WEB-MISC /home/ftp access"
1671 = "WEB-MISC /home/www access"
1698 = "ORACLE execute_system attempt"
1700 = "WEB-CGI imagemap.exe access"
1702 = "WEB-CGI Amaya templates sendtemp.pl access"
1705 = "WEB-CGI echo.bat arbitrary command execution attempt"
1706 = "WEB-CGI echo.bat access"
1707 = "WEB-CGI hello.bat arbitrary command execution attempt"
1708 = "WEB-CGI hello.bat access"
1709 = "WEB-CGI ad.cgi access"
1710 = "WEB-CGI bbs_forum.cgi access"
1711 = "WEB-CGI bsguest.cgi access"
1712 = "WEB-CGI bslist.cgi access"
1713 = "WEB-CGI cgforum.cgi access"
1714 = "WEB-CGI newdesk access"
1715 = "WEB-CGI register.cgi access"
1716 = "WEB-CGI gbook.cgi access"
1717 = "WEB-CGI simplestguest.cgi access"
1718 = "WEB-CGI statusconfig.pl access"
1720 = "WEB-CGI talkback.cgi access"
1721 = "WEB-CGI adcycle access"
1722 = "WEB-CGI MachineInfo access"
1723 = "WEB-CGI emumail.cgi NULL attempt"
1724 = "WEB-CGI emumail.cgi access"
1727 = "WEB-CGI SGI InfoSearch fname access"
1731 = "WEB-CGI a1stats access"
1735 = "WEB-CLIENT XMLHttpRequest attempt"
1736 = "WEB-PHP squirrel mail spell-check arbitrary command attempt"
1737 = "WEB-PHP squirrel mail theme arbitrary command attempt"
1738 = "WEB-MISC global.inc access"
1740 = "WEB-PHP DNSTools authentication bypass attempt"
1741 = "WEB-PHP DNSTools access"
1742 = "WEB-PHP Blahz-DNS dostuff.php modify user attempt"
1743 = "WEB-PHP Blahz-DNS dostuff.php access"
1744 = "WEB-MISC SecureSite authentication bypass attempt"
1745 = "WEB-PHP Messagerie supp_membre.php access"
1749 = "EXPERIMENTAL WEB-IIS .NET trace.axd access"
1752 = "MISC AIM AddExternalApp attempt"
1757 = "WEB-MISC b2 arbitrary command execution attempt"
1758 = "WEB-MISC b2 access"
1760 = "OTHER-IDS ISS RealSecure 6 event collector connection attempt"
1761 = "OTHER-IDS ISS RealSecure 6 daemon connection attempt"
1762 = "WEB-CGI phf arbitrary command execution attempt"
1763 = "WEB-CGI Nortel Contivity cgiproc DOS attempt"
1764 = "WEB-CGI Nortel Contivity cgiproc DOS attempt"
1765 = "WEB-CGI Nortel Contivity cgiproc access"
1766 = "WEB-MISC search.dll directory listing attempt"
1767 = "WEB-MISC search.dll access"
1769 = "WEB-MISC .DS_Store access"
1770 = "WEB-MISC .FBCIndex access"
1771 = "POLICY IPSec PGPNet connection attempt"
1774 = "WEB-PHP bb_smilies.php access"
1780 = "IMAP EXPLOIT partial body overflow attempt"
1787 = "WEB-CGI csPassword.cgi access"
1788 = "WEB-CGI csPassword password.cgi.tmp access"
1792 = "NNTP return code buffer overflow attempt"
1801 = "WEB-IIS .asp HTTP header buffer overflow attempt"
1802 = "WEB-IIS .asa HTTP header buffer overflow attempt"
1803 = "WEB-IIS .cer HTTP header buffer overflow attempt"
1804 = "WEB-IIS .cdx HTTP header buffer overflow attempt"
1807 = "WEB-MISC Transfer-Encoding\\: chunked"
1815 = "WEB-PHP directory.php arbitrary command attempt"
1816 = "WEB-PHP directory.php access"
1819 = "MISC Alcatel PABX 4400 connection attempt"
1820 = "WEB-MISC IBM Net.Commerce orderdspc.d2w access"
1824 = "WEB-CGI alienform.cgi access"
1825 = "WEB-CGI AlienForm af.cgi access"
1826 = "WEB-MISC WEB-INF access"
1829 = "WEB-MISC Tomcat TroubleShooter servlet access"
1830 = "WEB-MISC Tomcat SnoopServlet servlet access"
1840 = "WEB-CLIENT Javascript document.domain attempt"
1846 = "POLICY vncviewer Java applet download attempt"
1847 = "WEB-MISC webalizer access"
1848 = "WEB-MISC webcart-lite access"
1849 = "WEB-MISC webfind.exe access"
1850 = "WEB-CGI way-board.cgi access"
1851 = "WEB-MISC active.log access"
1865 = "WEB-CGI webdist.cgi arbitrary command attempt"
1867 = "MISC xdmcp info query"
1868 = "WEB-CGI story.pl arbitrary file read attempt"
1869 = "WEB-CGI story.pl access"
1870 = "WEB-CGI siteUserMod.cgi access"
1872 = "WEB-MISC Oracle Dynamic Monitoring Services (dms) access"
1873 = "WEB-MISC globals.jsa access"
1874 = "WEB-MISC Oracle Java Process Manager access"
1875 = "WEB-CGI cgicso access"
1876 = "WEB-CGI nph-publish.cgi access"
1877 = "WEB-CGI printenv access"
1878 = "WEB-CGI sdbsearch.cgi access"
1879 = "WEB-CGI book.cgi arbitrary command execution attempt"
1880 = "WEB-MISC oracle web application server access"
1881 = "WEB-MISC bad HTTP/1.1 request, Potentially worm attack"
1887 = "MISC OpenSSL Worm traffic"
1889 = "MISC slapper worm admin traffic"
1893 = "SNMP missing community string attempt"
1900 = "ATTACK-RESPONSES successful kadmind buffer overflow attempt"
1901 = "ATTACK-RESPONSES successful kadmind buffer overflow attempt"
1931 = "WEB-CGI rpc-nlog.pl access"
1932 = "WEB-CGI rpc-smb.pl access"
1933 = "WEB-CGI cart.cgi access"
1934 = "POP2 FOLD overflow attempt"
1935 = "POP2 FOLD arbitrary file attempt"
1936 = "POP3 AUTH overflow attempt"
1937 = "POP3 LIST overflow attempt"
1938 = "POP3 XTND overflow attempt"
1939 = "MISC bootp hardware address length overflow"
1940 = "MISC bootp invalid hardware type"
1943 = "WEB-MISC /Carello/add.exe access"
1944 = "WEB-MISC /ecscripts/ecware.exe access"
1947 = "WEB-MISC answerbook2 arbitrary command execution attempt"
1957 = "RPC sadmind UDP PING"
1958 = "RPC sadmind TCP PING"
1959 = "RPC portmap NFS request UDP"
1960 = "RPC portmap NFS request TCP"
1961 = "RPC portmap RQUOTA request UDP"
1962 = "RPC portmap RQUOTA request TCP"
1966 = "MISC GlobalSunTech Access Point Information Disclosure attempt"
1967 = "WEB-PHP phpbb quick-reply.php arbitrary command attempt"
1968 = "WEB-PHP phpbb quick-reply.php access"
1969 = "WEB-MISC ion-p access"
1975 = "FTP DELE overflow attempt"
1977 = "WEB-MISC xp_regwrite attempt"
1978 = "WEB-MISC xp_regdeletekey attempt"
1979 = "WEB-MISC perl post attempt"
1994 = "WEB-CGI vpasswd.cgi access"
1995 = "WEB-CGI alya.cgi access"
1996 = "WEB-CGI viralator.cgi access"
1997 = "WEB-PHP read_body.php access attempt"
1998 = "WEB-PHP calendar.php access"
1999 = "WEB-PHP edit_image.php access"
2251 = "NETBIOS DCERPC Remote Activation bind attempt"
2252 = "NETBIOS SMB DCERPC Remote Activation bind attempt"
103 = "BACKDOOR subseven 22"
104 = "BACKDOOR - Dagger_1.4.0_client_connect"
105 = "BACKDOOR - Dagger_1.4.0"
106 = "BACKDOOR ACKcmdC trojan scan"
107 = "BACKDOOR subseven DEFCON8 2.1 access"
108 = "BACKDOOR QAZ Worm Client Login access"
109 = "BACKDOOR netbus active"
110 = "BACKDOOR netbus getinfo"
111 = "BACKDOOR netbus getinfo"
112 = "BACKDOOR BackOrifice access"
114 = "BACKDOOR netbus active"
115 = "BACKDOOR netbus active"
116 = "BACKDOOR BackOrifice access"
117 = "BACKDOOR Infector.1.x"
118 = "BACKDOOR SatansBackdoor.2.0.Beta"
119 = "BACKDOOR Doly 2.0 access"
120 = "BACKDOOR Infector 1.6 Server to Client"
121 = "BACKDOOR Infector 1.6 Client to Server Connection Request"
141 = "BACKDOOR HackAttack 1.20 Connect"
144 = "FTP ADMw0rm ftp login attempt"
145 = "BACKDOOR GirlFriendaccess"
146 = "BACKDOOR NetSphere access"
147 = "BACKDOOR GateCrasher"
151 = "BACKDOOR DeepThroat 3.1 Client Sending Data to Server on Network"
152 = "BACKDOOR BackConstruction 2.1 Connection"
153 = "BACKDOOR DonaldDick 1.53 Traffic"
155 = "BACKDOOR NetSphere 1.31.337 access"
157 = "BACKDOOR BackConstruction 2.1 Client FTP Open Request"
158 = "BACKDOOR BackConstruction 2.1 Server FTP Open Reply"
159 = "BACKDOOR NetMetro File List"
161 = "BACKDOOR Matrix 2.0 Client connect"
162 = "BACKDOOR Matrix 2.0 Server access"
163 = "BACKDOOR WinCrash 1.0 Server Active"
176 = "BACKDOOR DeepThroat 3.1 Hide/Show Start Button Client Request"
183 = "BACKDOOR SIGNATURE - Q ICMP"
184 = "BACKDOOR Q access"
185 = "BACKDOOR CDK"
195 = "BACKDOOR DeepThroat 3.1 Server Response"
208 = "BACKDOOR PhaseZero Server Active on Network"
209 = "BACKDOOR w00w00 attempt"
210 = "BACKDOOR attempt"
211 = "BACKDOOR MISC r00t attempt"
212 = "BACKDOOR MISC rewt attempt"
213 = "BACKDOOR MISC Linux rootkit attempt"
214 = "BACKDOOR MISC Linux rootkit attempt lrkr0x"
215 = "BACKDOOR MISC Linux rootkit attempt"
216 = "BACKDOOR MISC Linux rootkit satori attempt"
217 = "BACKDOOR MISC sm4ck attempt"
218 = "BACKDOOR MISC Solaris 2.5 attempt"
219 = "BACKDOOR HidePak backdoor attempt"
220 = "BACKDOOR HideSource backdoor attempt"
221 = "DDOS TFN Probe"
222 = "DDOS tfn2k icmp possible communication"
223 = "DDOS Trin00\\:DaemontoMaster(PONGdetected)"
224 = "DDOS Stacheldraht server spoof"
225 = "DDOS Stacheldraht gag server response"
226 = "DDOS Stacheldraht server response"
227 = "DDOS Stacheldraht client spoofworks"
228 = "DDOS TFN client command BE"
229 = "DDOS Stacheldraht client check skillz"
230 = "DDOS shaft client to handler"
231 = "DDOS Trin00\\:DaemontoMaster(messagedetected)"
232 = "DDOS Trin00\\:DaemontoMaster(*HELLO*detected)"
233 = "DDOS Trin00\\:Attacker to Master default startup password"
234 = "DDOS Trin00 Attacker to Master default password"
235 = "DDOS Trin00 Attacker to Master default mdie password"
236 = "DDOS Stacheldraht client check gag"
237 = "DDOS Trin00\\:MastertoDaemon(defaultpassdetected!)"
238 = "DDOS TFN server response"
239 = "DDOS shaft handler to agent"
240 = "DDOS shaft agent to handler"
241 = "DDOS shaft synflood"
243 = "DDOS mstream agent to handler"
244 = "DDOS mstream handler to agent"
245 = "DDOS mstream handler ping to agent"
246 = "DDOS mstream agent pong to handler"
247 = "DDOS mstream client to handler"
248 = "DDOS mstream handler to client"
249 = "DDOS mstream client to handler"
250 = "DDOS mstream handler to client"
251 = "DDOS - TFN client command LE"
252 = "DNS named iquery attempt"
253 = "DNS SPOOF query response PTR with TTL\\: 1 min. and no authority"
254 = "DNS SPOOF query response with ttl\\: 1 min. and no authority"
255 = "DNS zone transfer TCP"
256 = "DNS named authors attempt"
257 = "DNS named version attempt"
258 = "DNS EXPLOIT named 8.2 = 8.2.1"
259 = "DNS EXPLOIT named overflow (ADM)"
260 = "DNS EXPLOIT named overflow (ADMROCKS)"
261 = "DNS EXPLOIT named overflow attempt"
262 = "DNS EXPLOIT x86 Linux overflow attempt"
264 = "DNS EXPLOIT x86 Linux overflow attempt"
265 = "DNS EXPLOIT x86 Linux overflow attempt (ADMv2)"
266 = "DNS EXPLOIT x86 FreeBSD overflow attempt"
267 = "DNS EXPLOIT sparc overflow attempt"
268 = "DOS Jolt attack"
269 = "DOS Land attack"
270 = "DOS Teardrop attack"
271 = "DOS UDP echo+chargen bomb"
272 = "DOS IGMP dos attack"
273 = "DOS IGMP dos attack"
274 = "DOS ath"
275 = "DOS NAPTHA"
276 = "DOS Real Audio Server"
277 = "DOS Real Server template.html"
278 = "DOS Real Server template.html"
279 = "DOS Bay/Nortel Nautica Marlin"
281 = "DOS Ascend Route"
282 = "DOS arkiea backup"
283 = "EXPLOIT Netscape 4.7 client overflow"
284 = "POP2 x86 Linux overflow"
285 = "POP2 x86 Linux overflow"
286 = "POP3 EXPLOIT x86 BSD overflow"
287 = "POP3 EXPLOIT x86 BSD overflow"
288 = "POP3 EXPLOIT x86 Linux overflow"
289 = "POP3 EXPLOIT x86 SCO overflow"
290 = "POP3 EXPLOIT qpopper overflow"
291 = "NNTP Cassandra Overflow"
292 = "EXPLOIT x86 Linux samba overflow"
300 = "EXPLOIT nlps x86 Solaris overflow"
301 = "EXPLOIT LPRng overflow"
302 = "EXPLOIT Redhat 7.0 lprd overflow"
303 = "DNS EXPLOIT named tsig overflow attempt"
304 = "EXPLOIT SCO calserver overflow"
305 = "EXPLOIT delegate proxy overflow"
306 = "EXPLOIT VQServer admin"
307 = "EXPLOIT CHAT IRC topic overflow"
308 = "EXPLOIT NextFTP client overflow"
309 = "EXPLOIT sniffit overflow"
310 = "EXPLOIT x86 windows MailMax overflow"
311 = "EXPLOIT Netscape 4.7 unsucessful overflow"
312 = "EXPLOIT ntpdx overflow attempt"
313 = "EXPLOIT ntalkd x86 Linux overflow"
314 = "DNS EXPLOIT named tsig overflow attempt"
315 = "EXPLOIT x86 Linux mountd overflow"
316 = "EXPLOIT x86 Linux mountd overflow"
317 = "EXPLOIT x86 Linux mountd overflow"
320 = "FINGER cmd_rootsh backdoor attempt"
321 = "FINGER account enumeration attempt"
322 = "FINGER search query"
323 = "FINGER root query"
324 = "FINGER null request"
325 = "FINGER probe 0 attempt"
326 = "FINGER remote command \\; execution attempt"
327 = "FINGER remote command pipe execution attempt"
328 = "FINGER bomb attempt"
329 = "FINGER cybercop redirection"
330 = "FINGER redirection attempt"
331 = "FINGER cybercop query"
332 = "FINGER 0 query"
333 = "FINGER . query"
334 = "FTP .forward"
335 = "FTP .rhosts"
336 = "FTP CWD ~root attempt"
337 = "FTP CEL overflow attempt"
339 = "FTP EXPLOIT OpenBSD x86 ftpd"
344 = "FTP EXPLOIT wu-ftpd 2.6.0 site exec format string overflow Linux"
353 = "FTP adm scan"
354 = "FTP iss scan"
355 = "FTP pass wh00t"
356 = "FTP passwd retrieval attempt"
357 = "FTP piss scan"
358 = "FTP saint scan"
359 = "FTP satan scan"
360 = "FTP serv-u directory transversal"
361 = "FTP site exec"
362 = "FTP tar parameters"
363 = "ICMP IRDP router advertisement"
364 = "ICMP IRDP router selection"
365 = "ICMP PING (Undefined Code!)"
366 = "ICMP PING *NIX"
368 = "ICMP PING BSDtype"
369 = "ICMP PING BayRS Router"
370 = "ICMP PING BeOS4.x"
371 = "ICMP PING Cisco Type.x"
372 = "ICMP PING Delphi-Piette Windows"
373 = "ICMP PING Flowpoint2200 or Network Management Software"
374 = "ICMP PING IP NetMonitor Macintosh"
375 = "ICMP PING LINUX/*BSD"
376 = "ICMP PING Microsoft Windows"
377 = "ICMP PING Network Toolbox 3 Windows"
378 = "ICMP PING Ping-O-MeterWindows"
379 = "ICMP PING Pinger Windows"
380 = "ICMP PING Seer Windows"
381 = "ICMP PING Sun Solaris"
382 = "ICMP PING Windows"
384 = "ICMP PING"
385 = "ICMP traceroute-"
386 = "ICMP Address Mask Reply"
387 = "ICMP Address Mask Reply (Undefined Code!)"
388 = "ICMP Address Mask Request"
389 = "ICMP Address Mask Request (Undefined Code!)"
390 = "ICMP Alternate Host Address"
391 = "ICMP Alternate Host Address (Undefined Code!)"
392 = "ICMP Datagram Conversion Error"
393 = "ICMP Datagram Conversion Error (Undefined Code!)"
394 = "ICMP Destination Unreachable (Destination Host Unknown)"
395 = "ICMP Destination Unreachable (Destination Network Unknown)"
396 = "ICMP Destination Unreachable (Fragmentation Needed and DF bit was set)"
397 = "ICMP Destination Unreachable (Host Precedence Violation)"
398 = "ICMP Destination Unreachable (Host Unreachable for Type of Service)"
399 = "ICMP Destination Unreachable (Host Unreachable)"
400 = "ICMP Destination Unreachable (Network Unreachable for Type of Service)"
401 = "ICMP Destination Unreachable (Network Unreachable)"
402 = "ICMP Destination Unreachable (Port Unreachable)"
403 = "ICMP Destination Unreachable (Precedence Cutoff in effect)"
404 = "ICMP Destination Unreachable (Protocol Unreachable)"
405 = "ICMP Destination Unreachable (Source Host Isolated)"
406 = "ICMP Destination Unreachable (Source Route Failed)"
407 = "ICMP Destination Unreachable (Undefined Code!)"
408 = "ICMP Echo Reply"
409 = "ICMP Echo Reply (Undefined Code!)"
410 = "ICMP Fragment Reassembly Time Exceeded"
411 = "ICMP IPV6 I-Am-Here"
412 = "ICMP IPV6 I-Am-Here (Undefined Code!"
413 = "ICMP IPV6 Where-Are-You"
414 = "ICMP IPV6 Where-Are-You (Undefined Code!)"
415 = "ICMP Information Reply"
416 = "ICMP Information Reply (Undefined Code!)"
417 = "ICMP Information Request"
418 = "ICMP Information Request (Undefined Code!)"
419 = "ICMP Mobile Host Redirect"
420 = "ICMP Mobile Host Redirect (Undefined Code!)"
421 = "ICMP Mobile Registration Reply"
422 = "ICMP Mobile Registration Reply (Undefined Code!)"
423 = "ICMP Mobile Registration Request"
424 = "ICMP Mobile Registration Request (Undefined Code!"
425 = "ICMP Parameter Problem (Bad Length)"
426 = "ICMP Parameter Problem (Missing a Required Option)"
427 = "ICMP Parameter Problem (Unspecified Error)"
428 = "ICMP Parameter Problem (Undefined Code!)"
429 = "ICMP Photuris (Reserved)"
430 = "ICMP Photuris (Unknown Security Parameters Index)"
431 = "ICMP Photuris (Valid Security Parameters, But Authentication Failed)"
432 = "ICMP Photuris (Valid Security Parameters, But Decryption Failed)"
433 = "ICMP Photuris (Undefined Code!)"
436 = "ICMP Redirect (for TOS and Host)"
437 = "ICMP Redirect (for TOS and Network)"
438 = "ICMP Redirect (Undefined Code!)"
439 = "ICMP Reserved for Security (Type 19)"
440 = "ICMP Reserved for Security (Type 19) (Undefined Code!)"
441 = "ICMP Router Advertisement"
443 = "ICMP Router Selection"
451 = "ICMP Timestamp Reply"
452 = "ICMP Timestamp Reply (Undefined Code!)"
453 = "ICMP Timestamp Request"
454 = "ICMP Timestamp Request (Undefined Code!)"
456 = "ICMP Traceroute"
457 = "ICMP Traceroute (Undefined Code!)"
458 = "ICMP Unassigned! (Type 1)"
459 = "ICMP Unassigned! (Type 1) (Undefined Code)"
460 = "ICMP Unassigned! (Type 2)"
461 = "ICMP Unassigned! (Type 2) (Undefined Code)"
462 = "ICMP Unassigned! (Type 7)"
463 = "ICMP Unassigned! (Type 7) (Undefined Code!)"
465 = "ICMP ISS Pinger"
466 = "ICMP L3retriever Ping"
467 = "ICMP Nemesis v1.1 Echo"
469 = "ICMP PING NMAP"
471 = "ICMP icmpenum v1.1.1"
472 = "ICMP redirect host"
473 = "ICMP redirect net"
474 = "ICMP superscan echo"
475 = "ICMP traceroute ipopts"
476 = "ICMP webtrends scanner"
477 = "ICMP Source Quench"
478 = "ICMP Broadscan Smurf Scanner"
480 = "ICMP PING speedera"
481 = "ICMP TJPingPro1.1Build 2 Windows"
482 = "ICMP PING WhatsupGold Windows"
483 = "ICMP PING CyberKit 2.2 Windows"
484 = "ICMP PING Sniffer Pro/NetXRay network scan"
485 = "ICMP Destination Unreachable (Communication Administratively Prohibited)"
486 = "ICMP Destination Unreachable (Communication with Destination Host is Administratively Prohibited)"
487 = "ICMP Destination Unreachable (Communication with Destination Network is Administratively Prohibited)"
489 = "INFO FTP No Password"
491 = "INFO FTP Bad login"
492 = "INFO TELNET Bad Login"
493 = "INFO psyBNC access"
494 = "ATTACK-RESPONSES command completed"
495 = "ATTACK-RESPONSES command error"
496 = "ATTACK RESPONSES directory listing"
497 = "ATTACK-RESPONSES file copied ok"
498 = "ATTACK-RESPONSES id check returned root"
499 = "ICMP Large ICMP Packet"
500 = "MISC source route lssr"
502 = "MISC source route ssrr"
503 = "MISC Source Port 20 to <1024"
504 = "MISC source port 53 to <1024"
505 = "MISC Insecure TIMBUKTU Password"
506 = "MISC ramen worm incoming"
507 = "MISC PCAnywhere Attempted Administrator Login"
509 = "WEB-MISC PCCS mysql database admin tool access"
510 = "POLICY HP JetDirect LCD modification attempt"
511 = "MISC Invalid PCAnywhere Login"
512 = "MISC PCAnywhere Failed Login"
514 = "MISC ramen worm"
517 = "MISC xdmcp query"
518 = "TFTP Put"
519 = "TFTP parent directory"
520 = "TFTP root directory"
522 = "MISC Tiny Fragments"
523 = "BAD-TRAFFIC ip reserved bit set"
524 = "BAD-TRAFFIC tcp port 0 traffic"
525 = "BAD-TRAFFIC udp port 0 traffic"
526 = "BAD-TRAFFIC data in TCP SYN packet"
527 = "BAD-TRAFFIC same SRC/DST"
528 = "BAD-TRAFFIC loopback traffic"
530 = "NETBIOS NT NULL session"
532 = "NETBIOS SMB ADMIN access"
533 = "NETBIOS SMB C access"
540 = "CHAT MSN message"
541 = "CHAT ICQ access"
542 = "CHAT IRC nick change"
543 = "POLICY FTP \\'STOR 1MB\\' possible warez site"
544 = "POLICY FTP \\'RETR 1MB\\' possible warez site"
545 = "POLICY FTP \\'CWD / \\' possible warez site"
546 = "POLICY FTP \\'CWD \\' possible warez site"
547 = "POLICY FTP \\'MKD \\' possible warez site"
548 = "POLICY FTP \\'MKD .\\' possible warez site"
549 = "P2P napster login"
550 = "P2P napster new user login"
551 = "P2P napster download attempt"
552 = "P2P napster upload request"
553 = "POLICY FTP anonymous login attempt"
554 = "POLICY FTP \\'MKD / \\' possible warez site"
555 = "POLICY WinGate telnet server response"
567 = "POLICY SMTP relaying denied"
568 = "POLICY HP JetDirect LCD modification attempt"
574 = "RPC mountd TCP export request"
575 = "RPC portmap admind request UDP"
576 = "RPC portmap amountd request UDP"
577 = "RPC portmap bootparam request UDP"
578 = "RPC portmap cmsd request UDP"
579 = "RPC portmap mountd request UDP"
580 = "RPC portmap nisd request UDP"
581 = "RPC portmap pcnfsd request UDP"
582 = "RPC portmap rexd request UDP"
583 = "RPC portmap rstatd request UDP"
584 = "RPC portmap rusers request UDP"
585 = "RPC portmap sadmind request UDP"
586 = "RPC portmap selection_svc request UDP"
587 = "RPC portmap status request UDP"
589 = "RPC portmap yppasswd request UDP"
590 = "RPC portmap ypserv request UDP"
591 = "RPC portmap ypupdated request TCP"
593 = "RPC portmap snmpXdmi request TCP"
595 = "RPC portmap espd request TCP"
598 = "RPC portmap listing TCP 111"
599 = "RPC portmap listing TCP 32771"
602 = "RSERVICES rlogin bin"
603 = "RSERVICES rlogin echo++"
604 = "RSERVICES rsh froot"
605 = "RSERVICES rlogin login failure"
606 = "RSERVICES rlogin root"
607 = "RSERVICES rsh bin"
608 = "RSERVICES rsh echo + +"
609 = "RSERVICES rsh froot"
610 = "RSERVICES rsh root"
611 = "RSERVICES rlogin login failure"
614 = "BACKDOOR hack-a-tack attempt"
618 = "SCAN Squid Proxy attempt"
620 = "SCAN Proxy \\(8080\\) attempt"
621 = "SCAN FIN"
623 = "SCAN NULL"
624 = "SCAN SYN FIN"
625 = "SCAN XMAS"
626 = "SCAN cybercop os PA12 attempt"
627 = "SCAN cybercop os SFU12 probe"
629 = "SCAN nmap fingerprint attempt"
630 = "SCAN synscan portscan"
631 = "SMTP ehlo cybercop attempt"
632 = "SMTP expn cybercop attempt"
634 = "SCAN Amanda client version request"
638 = "SHELLCODE SGI NOOP"
639 = "SHELLCODE SGI NOOP"
640 = "SHELLCODE AIX NOOP"
641 = "SHELLCODE Digital UNIX NOOP"
642 = "SHELLCODE HP-UX NOOP"
643 = "SHELLCODE HP-UX NOOP"
644 = "SHELLCODE sparc NOOP"
645 = "SHELLCODE sparc NOOP"
646 = "SHELLCODE sparc NOOP"
648 = "SHELLCODE x86 NOOP"
649 = "SHELLCODE x86 setgid 0"
650 = "SHELLCODE x86 setuid 0"
651 = "SHELLCODE x86 stealth NOOP"
654 = "SMTP RCPT TO overflow"
655 = "SMTP sendmail 8.6.9 exploit"
657 = "SMTP chameleon overflow"
658 = "SMTP exchange mime DOS"
659 = "SMTP expn decode"
660 = "SMTP expn root"
661 = "SMTP majordomo ifs"
662 = "SMTP sendmail 5.5.5 exploit"
663 = "SMTP rcpt to sed command attempt"
664 = "SMTP RCPT TO decode attempt"
665 = "SMTP sendmail 5.6.5 exploit"
667 = "SMTP sendmail 8.6.10 exploit"
668 = "SMTP sendmail 8.6.10 exploit"
669 = "SMTP sendmail 8.6.9 exploit"
670 = "SMTP sendmail 8.6.9 exploit"
671 = "SMTP sendmail 8.6.9c exploit"
672 = "SMTP vrfy decode"
673 = "MS-SQL sp_start_job - program execution"
676 = "MS-SQL/SMB sp_start_job - program execution"
677 = "MS-SQL/SMB sp_password password change"
678 = "MS-SQL/SMB sp_delete_alert log file deletion"
679 = "MS-SQL/SMB sp_adduser database user creation"
680 = "MS-SQL/SMB sa login failed"
681 = "MS-SQL/SMB xp_cmdshell program execution"
682 = "MS-SQL xp_enumresultset possible buffer overflow"
683 = "MS-SQL sp_password - password change"
684 = "MS-SQL sp_delete_alert log file deletion"
685 = "MS-SQL sp_adduser - database user creation"
686 = "MS-SQL xp_reg* - registry access"
687 = "MS-SQL xp_cmdshell - program execution"
688 = "MS-SQL sa login failed"
689 = "MS-SQL/SMB xp_reg* registry access"
691 = "MS-SQL shellcode attempt"
692 = "MS-SQL/SMB shellcode attempt"
693 = "MS-SQL shellcode attempt"
694 = "MS-SQL/SMB shellcode attempt"
706 = "MS-SQL xp_peekqueue possible buffer overflow"
708 = "MS-SQL/SMB xp_enumresultset possible buffer overflow"
711 = "TELNET SGI telnetd format bug"
715 = "TELNET Attempted SU from wrong group"
716 = "TELNET access"
717 = "TELNET not on console"
718 = "TELNET login incorrect"
719 = "TELNET root login"
720 = "Virus - SnowWhite Trojan Incoming"
724 = "Virus - Possible MyRomeo Worm"
725 = "Virus - Possible MyRomeo Worm"
726 = "Virus - Possible MyRomeo Worm"
727 = "Virus - Possible MyRomeo Worm"
728 = "Virus - Possible MyRomeo Worm"
731 = "Virus - Possible QAZ Worm"
733 = "Virus - Possible QAZ Worm Calling Home"
734 = "Virus - Possible Matrix worm"
735 = "Virus - Possible MyRomeo Worm"
772 = "Virus - Possible PrettyPark Trojan"
775 = "Virus - Possible Bubbleboy Worm"
793 = "Virus - Mail .VBS"
795 = "Virus - Possible Worm - txt.vbs file"
796 = "Virus - Possible Worm - xls.vbs file"
797 = "Virus - Possible Worm - jpg.vbs file"
798 = "Virus - Possible Worm - gif.vbs file"
801 = "Virus - Possible Worm - doc.vbs file"
803 = "WEB-CGI HyperSeek hsx.cgi directory traversal attempt"
804 = "WEB-CGI SWSoft ASPSeek Overflow attempt"
805 = "WEB-CGI webspeed access"
806 = "WEB-CGI yabb.cgi directory traversal attempt"
807 = "WEB-CGI /wwwboard/passwd.txt access"
813 = "WEB-CGI webplus directory traversal"
817 = "WEB-CGI dcboard.cgi invalid user addition attempt"
824 = "WEB-CGI php.cgi access"
835 = "WEB-CGI test-cgi access"
845 = "WEB-CGI AT-admin.cgi access"
848 = "WEB-CGI view-source directory traversal"
867 = "WEB-CGI visadmin.exe access"
879 = "WEB-CGI admin.pl access"
882 = "WEB-CGI calendar access"
888 = "WEB-CGI wwwadmin.pl access"
894 = "WEB-CGI bb-hist.sh access"
899 = "WEB-CGI Amaya templates sendtemp.pl directory traversal attempt"
900 = "WEB-CGI webspirs.cgi directory traversal attempt"
904 = "WEB-COLDFUSION exampleapp application.cfm"
905 = "WEB-COLDFUSION application.cfm access"
906 = "WEB-COLDFUSION getfile.cfm access"
907 = "WEB-COLDFUSION addcontent.cfm access"
908 = "WEB-COLDFUSION administrator access"
921 = "WEB-COLDFUSION admin encrypt attempt"
924 = "WEB-COLDFUSION admin decrypt attempt"
935 = "WEB-COLDFUSION startstop DOS access"
939 = "WEB-FRONTPAGE posting"
945 = "WEB-FRONTPAGE fpadmin.htm access"
948 = "WEB-FRONTPAGE form_results access"
951 = "WEB-FRONTPAGE authors.pwd access"
952 = "WEB-FRONTPAGE author.exe access"
953 = "WEB-FRONTPAGE administrators.pwd access"
958 = "WEB-FRONTPAGE service.cnf access"
967 = "WEB-FRONTPAGE dvwssr.dll access"
969 = "WEB-IIS WebDAV file lock attempt"
970 = "WEB-IIS multiple decode attempt"
971 = "WEB-IIS ISAPI .printer access"
972 = "WEB-IIS .-asp access"
973 = "WEB-IIS *.idc attempt"
974 = "WEB-IIS ..\\.. access"
975 = "WEB-IIS .asp\\:\\: DATA access"
976 = "WEB-IIS .bat? access"
977 = "WEB-IIS .cnf access"
978 = "WEB-IIS ASP contents view"
979 = "WEB-IIS ASP contents view"
980 = "WEB-IIS CGImail.exe access"
981 = "WEB-IIS unicode directory traversal attempt"
982 = "WEB-IIS unicode directory traversal attempt"
983 = "WEB-IIS unicode directory traversal attempt"
986 = "WEB-IIS MSProxy access"
987 = "WEB-IIS .htr access"
988 = "WEB-IIS SAM Attempt"
989 = "WEB-IIS Unicode2.pl script (File permission canonicalization)"
990 = "WEB-IIS _vti_inf access"
991 = "WEB-IIS achg.htr access"
992 = "WEB-IIS adctest.asp access"
993 = "WEB-IIS iisadmin access"
994 = "WEB-IIS /scripts/iisadmin/default.htm access"
995 = "WEB-IIS ism.dll access"
996 = "WEB-IIS anot.htr access"
997 = "WEB-IIS asp-dot attempt"
998 = "WEB-IIS asp-srch attempt"
999 = "WEB-IIS bdir access"
1000 = "WEB-IIS bdir.htr access"
1001 = "WEB-MISC carbo.dll access"
1002 = "WEB-IIS cmd.exe access"
1003 = "WEB-IIS cmd? access"
1007 = "WEB-IIS cross-site scripting attempt"
1008 = "WEB-IIS del attempt"
1009 = "WEB-IIS directory listing"
1011 = "WEB-IIS exec-src access"
1015 = "WEB-IIS getdrvs.exe access"
1016 = "WEB-IIS global.asa access"
1017 = "WEB-IIS idc-srch attempt"
1018 = "WEB-IIS iisadmpwd attempt"
1019 = "WEB-IIS index server file source code attempt"
1020 = "WEB-IIS isc data attempt"
1021 = "WEB-IIS ism.dll attempt"
1022 = "WEB-IIS jet vba access"
1023 = "WEB-IIS msadcs.dll access"
1024 = "WEB-IIS newdsn.exe access"
1025 = "WEB-IIS perl access"
1026 = "WEB-IIS perl-browse0a attempt"
1027 = "WEB-IIS perl-browse20 attempt"
1029 = "WEB-IIS scripts-browse access"
1030 = "WEB-IIS search97.vts access"
1037 = "WEB-IIS showcode.asp access"
1038 = "WEB-IIS site server config access"
1039 = "WEB-IIS srch.htm access"
1040 = "WEB-IIS srchadm access"
1041 = "WEB-IIS uploadn.asp access"
1042 = "WEB-IIS view source via translate header"
1043 = "WEB-IIS viewcode.asp access"
1044 = "WEB-IIS webhits access"
1045 = "WEB-IIS Unauthorized IP Access Attempt"
1046 = "WEB-IIS site/iisamples access"
1050 = "WEB-MISC iPlanet GETPROPERTIES attempt"
1051 = "WEB-CGI technote main.cgi file directory traversal attempt"
1052 = "WEB-CGI technote print.cgi directory traversal attempt"
1054 = "WEB-MISC weblogic view source attempt"
1055 = "WEB-MISC Tomcat directory traversal attempt"
1062 = "WEB-MISC nc.exe attempt"
1066 = "WEB-MISC telnet attempt"
1067 = "WEB-MISC net attempt"
1070 = "WEB-MISC WebDAV search access"
1071 = "WEB-MISC .htpasswd access"
1072 = "WEB-MISC Lotus Domino directory traversal"
1073 = "WEB-MISC webhits.exe access"
1075 = "WEB-IIS postinfo.asp access"
1076 = "WEB-IIS repost.asp access"
1079 = "WEB-MISC WebDAV propfind access"
1080 = "WEB-MISC unify eWave ServletExec upload"
1087 = "WEB-MISC whisker tab splice attack"
1088 = "WEB-CGI eXtropia webstore directory traversal"
1089 = "WEB-CGI shopping cart directory traversal"
1092 = "WEB-CGI Armada Style Master Index directory traversal"
1093 = "WEB-CGI cached_feed.cgi moreover shopping cart directory traversal"
1094 = "WEB-CGI webstore directory traversal"
1103 = "WEB-MISC Netscape admin passwd"
1104 = "WEB-MISC whisker space splice attack"
1111 = "WEB-MISC Tomcat server exploit access"
1112 = "WEB-MISC http directory traversal"
1113 = "WEB-MISC http directory traversal"
1122 = "WEB-MISC /etc/passwd"
1129 = "WEB-MISC .htaccess access"
1133 = "SCAN cybercop os probe"
1134 = "WEB-PHP Phorum admin access"
1137 = "WEB-PHP Phorum authentication access"
1139 = "WEB-MISC whisker HEAD/./"
1158 = "WEB-MISC windmail.exe access"
1159 = "WEB-MISC webplus access"
1162 = "WEB-MISC cart 32 AdminPwd access"
1163 = "WEB-CGI webdist.cgi access"
1166 = "WEB-MISC ws_ftp.ini access"
1167 = "WEB-MISC rpm_query access"
1171 = "WEB-MISC whisker HEAD with large datagram"
1175 = "WEB-MISC wwwboard.pl access"
1176 = "WEB-MISC order.log access"
1186 = "WEB-MISC Netscape Enterprise Server directory view"
1187 = "WEB-MISC SalesLogix Eviewer web command attempt"
1188 = "WEB-MISC Netscape Enterprise Server directory view"
1189 = "WEB-MISC Netscape Enterprise Server directory view"
1190 = "WEB-MISC Netscape Enterprise Server directory view"
1191 = "WEB-MISC Netscape Enterprise Server directory view"
1196 = "WEB-CGI SGI InfoSearch fname attempt"
1198 = "WEB-MISC Netscape Enterprise Server directory view"
1199 = "WEB-MISC Compaq Insight directory traversal"
1204 = "WEB-CGI ax-admin.cgi access"
1212 = "WEB-MISC Admin_files access"
1215 = "WEB-CGI ministats admin access"
1218 = "WEB-MISC adminlogin access"
1225 = "X11 MIT Magic Cookie detected"
1226 = "X11 xopen"
1227 = "X11 outbound client connection detected"
1228 = "SCAN nmap XMAS"
1229 = "FTP CWD ..."
1233 = "WEB-CLIENT Outlook EML access"
1240 = "EXPLOIT MDBMS overflow"
1241 = "WEB-MISC SWEditServlet directory traversal attempt"
1242 = "WEB-IIS ISAPI .ida access"
1243 = "WEB-IIS ISAPI .ida attempt"
1244 = "WEB-IIS ISAPI .idq attempt"
1245 = "WEB-IIS ISAPI .idq access"
1250 = "WEB-MISC Cisco IOS HTTP configuration attempt"
1251 = "INFO TELNET Bad Login"
1256 = "WEB-IIS CodeRed v2 root.exe access"
1257 = "DOS Winnuke attack"
1260 = "WEB-MISC long basic authorization string"
1261 = "EXPLOIT AIX pdnsd overflow"
1262 = "RPC portmap admind request TCP"
1263 = "RPC portmap amountd request TCP"
1264 = "RPC portmap bootparam request TCP"
1265 = "RPC portmap cmsd request TCP"
1266 = "RPC portmap mountd request TCP"
1267 = "RPC portmap nisd request TCP"
1268 = "RPC portmap pcnfsd request TCP"
1269 = "RPC portmap rexd request TCP"
1270 = "RPC portmap rstatd request TCP"
1271 = "RPC portmap rusers request TCP"
1272 = "RPC portmap sadmind request TCP"
1273 = "RPC portmap selection_svc request TCP"
1275 = "RPC portmap yppasswd request TCP"
1279 = "RPC portmap snmpXdmi request UDP"
1280 = "RPC portmap listing UDP 111"
1281 = "RPC portmap listing UDP 32771"
1283 = "WEB-IIS outlook web dos"
1284 = "WEB-CLIENT readme.eml download attempt"
1285 = "WEB-IIS msdac access"
1286 = "WEB-IIS _mem_bin access"
1287 = "WEB-IIS scripts access"
1289 = "TFTP GET Admin.dll"
1290 = "WEB-CLIENT readme.eml autoload attempt"
1292 = "ATTACK-RESPONSES directory listing"
1298 = "RPC portmap tooltalk request TCP"
1299 = "RPC portmap tooltalk request UDP"
1300 = "WEB-PHP admin.php file upload attempt"
1301 = "WEB-PHP admin.php access"
1305 = "WEB-CGI txt2html.cgi directory traversal attempt"
1306 = "WEB-CGI store.cgi product directory traversal attempt"
1310 = "PORN free XXX"
1311 = "PORN hardcore anal"
1312 = "PORN nude cheerleader"
1313 = "PORN up skirt"
1314 = "PORN young teen"
1315 = "PORN hot young sex"
1316 = "PORN fuck fuck fuck"
1317 = "PORN anal sex"
1318 = "PORN hardcore rape"
1319 = "PORN real snuff"
1320 = "PORN fuck movies"
1321 = "BAD-TRAFFIC 0 ttl"
1322 = "BAD-TRAFFIC bad frag bits"
1323 = "EXPLOIT rwhoisd format string attempt"
1324 = "EXPLOIT ssh CRC32 overflow /bin/sh"
1325 = "EXPLOIT ssh CRC32 overflow filler"
1326 = "EXPLOIT ssh CRC32 overflow NOOP"
1327 = "EXPLOIT ssh CRC32 overflow"
1328 = "WEB-ATTACKS ps command attempt"
1329 = "WEB-ATTACKS /bin/ps command attempt"
1330 = "WEB-ATTACKS wget command attempt"
1331 = "WEB-ATTACKS uname -a command attempt"
1332 = "WEB-ATTACKS /usr/bin/id command attempt"
1333 = "WEB-ATTACKS id command attempt"
1334 = "WEB-ATTACKS echo command attempt"
1335 = "WEB-ATTACKS kill command attempt"
1336 = "WEB-ATTACKS chmod command attempt"
1337 = "WEB-ATTACKS chgrp command attempt"
1338 = "WEB-ATTACKS chown command attempt"
1339 = "WEB-ATTACKS chsh command attempt"
1340 = "WEB-ATTACKS tftp command attempt"
1341 = "WEB-ATTACKS /usr/bin/gcc command attempt"
1342 = "WEB-ATTACKS gcc command attempt"
1343 = "WEB-ATTACKS /usr/bin/cc command attempt"
1344 = "WEB-ATTACKS cc command attempt"
1345 = "WEB-ATTACKS /usr/bin/cpp command attempt"
1346 = "WEB-ATTACKS cpp command attempt"
1347 = "WEB-ATTACKS /usr/bin/g++ command attempt"
1348 = "WEB-ATTACKS g++ command attempt"
1349 = "WEB-ATTACKS bin/python access attempt"
1350 = "WEB-ATTACKS python access attempt"
1351 = "WEB-ATTACKS bin/tclsh execution attempt"
1352 = "WEB-ATTACKS tclsh execution attempt"
1353 = "WEB-ATTACKS bin/nasm command attempt"
1354 = "WEB-ATTACKS nasm command attempt"
1355 = "WEB-ATTACKS /usr/bin/perl execution attempt"
1356 = "WEB-ATTACKS perl execution attempt"
1357 = "WEB-ATTACKS nt admin addition attempt"
1358 = "WEB-ATTACKS traceroute command attempt"
1359 = "WEB-ATTACKS ping command attempt"
1360 = "WEB-ATTACKS netcat command attempt"
1363 = "WEB-ATTACKS X application to remote host attempt"
1364 = "WEB-ATTACKS lsof command attempt"
1365 = "WEB-ATTACKS rm command attempt"
1366 = "WEB-ATTACKS mail command attempt"
1367 = "WEB-ATTACKS mail command attempt"
1368 = "WEB-ATTACKS /bin/ls command attempt"
1369 = "WEB-ATTACKS /bin/ls command attempt"
1370 = "WEB-ATTACKS /etc/inetd.conf access"
1372 = "WEB-ATTACKS /etc/shadow access"
1373 = "WEB-ATTACKS conf/httpd.conf attempt"
1374 = "WEB-ATTACKS .htgroup access"
1375 = "WEB-MISC sadmind worm access"
1377 = "FTP wu-ftp bad file completion attempt ("
1378 = "FTP wu-ftp bad file completion attempt curly-bracket"
1379 = "FTP STAT overflow attempt"
1380 = "WEB-IIS cross-site scripting attempt"
1382 = "EXPLOIT CHAT IRC Ettercap parse overflow attempt"
1383 = "P2P Fastrack (kazaa/morpheus) GET request"
1385 = "WEB-MISC mod-plsql administration access"
1387 = "MS-SQL raiserror possible buffer overflow"
1389 = "WEB-MISC viewcode.jse access"
1394 = "SHELLCODE x86 NOOP"
1397 = "WEB-CGI wayboard attempt"
1398 = "EXPLOIT CDE dtspcd exploit attempt"
1399 = "WEB-PHP PHP-Nuke remote file include attempt"
1400 = "WEB-IIS /scripts/samples/ access"
1401 = "WEB-IIS /msadc/samples/ access"
1402 = "WEB-IIS iissamples access"
1408 = "DOS MSDTC attempt"
1411 = "SNMP public access udp"
1412 = "SNMP public access tcp"
1413 = "SNMP private access udp"
1414 = "SNMP private access tcp"
1415 = "SNMP Broadcast request"
1416 = "SNMP broadcast trap"
1417 = "SNMP request udp"
1418 = "SNMP request tcp"
1419 = "SNMP trap udp"
1420 = "SNMP trap tcp"
1422 = "SNMP community string buffer overflow attempt (with evasion)"
1431 = "BAD-TRAFFIC syn to multicast address"
1432 = "P2P GNUTella GET"
1435 = "DNS named authors attempt"
1441 = "TFTP GET nc.exe"
1442 = "TFTP GET shadow"
1443 = "TFTP GET passwd"
1444 = "TFTP Get"
1445 = "POLICY FTP file_id.diz access possible warez site"
1446 = "SMTP vrfy root"
1449 = "POLICY FTP anonymous (ftp) login attempt"
1450 = "SMTP expn *@"
1456 = "WEB-CGI calender_admin.pl access"
1457 = "WEB-CGI user_update_admin.pl access"
1463 = "CHAT IRC message"
1484 = "WEB-IIS /isapi/tstisapi.dll access"
1485 = "WEB-IIS mkilog.exe access"
1486 = "WEB-IIS ctss.idc access"
1487 = "WEB-IIS /iisadmpwd/aexp2.htr access"
1488 = "WEB-CGI store.cgi directory traversal attempt"
1490 = "WEB-PHP Phorum /support/common.php attempt"
1491 = "WEB-PHP Phorum /support/common.php access"
1492 = "WEB-MISC RBS ISP /newuser directory traversal attempt"
1497 = "WEB-MISC cross site scripting attempt"
1498 = "WEB-MISC PIX firewall manager directory traversal attempt"
1501 = "WEB-CGI a1stats a1disp3.cgi directory traversal attempt"
1503 = "WEB-CGI admentor admin.asp access"
1504 = "MISC AFS access"
1509 = "WEB-CGI AltaVista Intranet Search directory traversal attempt"
1519 = "WEB-MISC apache ?M=D directory list attempt"
1520 = "WEB-MISC server-info access"
1526 = "WEB-MISC basilix sendmail.inc access"
1527 = "WEB-MISC basilix mysql.class access"
1529 = "FTP SITE overflow attempt"
1530 = "FTP format string attempt"
1536 = "WEB-CGI calendar_admin.pl arbitrary command execution attempt"
1537 = "WEB-CGI calendar_admin.pl access"
1541 = "FINGER version query"
1544 = "WEB-MISC Cisco Catalyst command execution attempt"
1545 = "DOS Cisco attempt"
1546 = "WEB-MISC Cisco /%% DOS attempt"
1549 = "SMTP HELO overflow attempt"
1550 = "SMTP ETRN overflow attempt"
1562 = "FTP SITE CHOWN overflow attempt"
1567 = "WEB-IIS /exchange/root.asp attempt"
1568 = "WEB-IIS /exchange/root.asp access"
1569 = "WEB-CGI loadpage.cgi directory traversal attempt"
1571 = "WEB-CGI dcforum.cgi directory traversal attempt"
1579 = "WEB-MISC Domino webadmin.nsf access"
1595 = "WEB-IIS htimage.exe access"
1598 = "WEB-CGI Home Free search.cgi directory traversal attempt"
1600 = "WEB-CGI htsearch arbitrary configuration file attempt"
1601 = "WEB-CGI htsearch arbitrary file read attempt"
1602 = "WEB-CGI htsearch access"
1604 = "WEB-MISC iChat directory traversal attempt"
1605 = "DOS iParty DOS attempt"
1607 = "WEB-CGI HyperSeek hsx.cgi access"
1610 = "WEB-CGI formmail arbitrary command execution attempt"
1616 = "DNS named version attempt"
1618 = "WEB-IIS .asp Transfer-Encoding\\: chunked"
1621 = "FTP CMD overflow attempt"
1622 = "FTP RNFR ././ attempt"
1623 = "FTP invalid MODE"
1624 = "FTP large PWD command"
1625 = "FTP large SYST command"
1626 = "WEB-IIS /StoreCSVS/InstantOrder.asmx request"
1627 = "BAD-TRAFFIC Unassigned/Reserved IP protocol"
1628 = "WEB-CGI FormHandler.cgi directory traversal attempt attempt"
1631 = "CHAT AIM login"
1632 = "CHAT AIM send message"
1633 = "CHAT AIM receive message"
1636 = "MISC Xtramail Username overflow attempt"
1638 = "SCAN SSH Version map attempt"
1639 = "CHAT IRC DCC file transfer request"
1640 = "CHAT IRC DCC chat request"
1641 = "DOS DB2 dos attempt"
1645 = "WEB-CGI testcgi access"
1657 = "WEB-CGI pagelog.cgi directory traversal attempt"
1660 = "WEB-IIS trace.axd access"
1661 = "WEB-IIS cmd32.exe access"
1662 = "WEB-MISC /~ftp access"
1667 = "WEB-MISC cross site scripting \\(img src=javascript\\) attempt"
1672 = "FTP CWD ~ attempt"
1673 = "ORACLE EXECUTE_SYSTEM attempt"
1674 = "ORACLE connect_data\\(command=version\\) attempt"
1675 = "ORACLE misparsed login response"
1676 = "ORACLE select union attempt"
1677 = "ORACLE select like \\'%\\' attempt"
1678 = "ORACLE select like \\\\'%\\\\' attempt"
1679 = "ORACLE describe attempt"
1680 = "ORACLE all_constraints access"
1681 = "ORACLE all_views access"
1682 = "ORACLE all_source access"
1683 = "ORACLE all_tables access"
1684 = "ORACLE all_tab_columns access"
1685 = "ORACLE all_tab_privs access"
1686 = "ORACLE dba_tablespace access"
1687 = "ORACLE dba_tables access"
1688 = "ORACLE user_tablespace access"
1689 = "ORACLE sys.all_users access"
1690 = "ORACLE grant attempt"
1691 = "ORACLE ALTER USER attempt"
1692 = "ORACLE drop table attempt"
1693 = "ORACLE create table attempt"
1694 = "ORACLE alter table attempt"
1695 = "ORACLE truncate table attempt"
1696 = "ORACLE create database attempt"
1697 = "ORACLE alter database attempt"
1699 = "P2P Fastrack (kazaa/morpheus) traffic"
1701 = "WEB-CGI calendar-admin.pl access"
1703 = "WEB-CGI auktion.cgi directory traversal attempt"
1704 = "WEB-CGI cal_make.pl directory traversal attempt"
1719 = "WEB-CGI talkback.cgi directory traversal attempt"
1725 = "WEB-IIS +.htr code fragment attempt"
1726 = "WEB-IIS doctodep.btr access"
1728 = "FTP CWD ~ attempt"
1729 = "CHAT IRC channel join"
1730 = "WEB-CGI ustorekeeper.pl directory traversal attempt"
1732 = "RPC portmap rwalld request UDP"
1733 = "RPC portmap rwalld request TCP"
1734 = "FTP USER overflow attempt"
1739 = "WEB-PHP DNSTools administrator authentication bypass attempt"
1746 = "RPC portmap cachefsd request UDP"
1747 = "RPC portmap cachefsd request TCP"
1748 = "FTP command overflow attempt"
1750 = "WEB-IIS users.xml access"
1751 = "EXPLOIT cachefsd buffer overflow attempt"
1753 = "WEB-IIS as_web.exe access"
1754 = "WEB-IIS as_web4.exe access"
1755 = "IMAP partial body buffer overflow attempt"
1756 = "WEB-IIS NewsPro administration authentication attempt"
1759 = "MS-SQL xp_cmdshell program execution (445)"
1768 = "WEB-IIS header field buffer overflow attempt"
1772 = "WEB-IIS pbserver access"
1773 = "WEB-PHP php.exe access"
1775 = "MYSQL root login attempt"
1776 = "MYSQL show databases attempt"
1777 = "FTP EXPLOIT STAT * dos attempt"
1778 = "FTP EXPLOIT STAT ? dos attempt"
1779 = "FTP CWD .... attempt"
1781 = "PORN dildo"
1782 = "PORN nipple clamp"
1783 = "PORN oral sex"
1784 = "PORN nude celeb"
1785 = "PORN voyeur"
1786 = "PORN raw sex"
1789 = "CHAT IRC dns request"
1790 = "CHAT IRC dns response"
1791 = "BACKDOOR fragroute trojan connection attempt"
1793 = "PORN fetish"
1794 = "PORN masturbation"
1795 = "PORN ejaculation"
1796 = "PORN virgin"
1797 = "PORN BDSM"
1798 = "PORN erotica"
1799 = "PORN fisting"
1800 = "VIRUS Klez Incoming"
1805 = "WEB-CGI Oracle reports CGI access"
1806 = "WEB-IIS .htr Transfer-Encoding\\: chunked"
1808 = "WEB-MISC apache chunked encoding memory corruption exploit attempt"
1809 = "WEB-MISC Apache Chunked-Encoding worm attempt"
1810 = "ATTACK-RESPONSES successful gobbles ssh exploit (GOBBLE)"
1811 = "ATTACK-RESPONSES successful gobbles ssh exploit (uname)"
1812 = "EXPLOIT gobbles SSH exploit attempt"
1813 = "ICMP digital island bandwidth query"
1814 = "WEB-MISC CISCO VoIP DOS ATTEMPT"
1817 = "WEB-IIS MS Site Server default login attempt"
1818 = "WEB-IIS MS Site Server admin attempt"
1821 = "EXPLOIT LPD dvips remote command execution attempt"
1822 = "WEB-CGI alienform.cgi directory traversal attempt"
1823 = "WEB-CGI AlienForm af.cgi directory traversal attempt"
1827 = "WEB-MISC Tomcat servlet mapping cross site scripting attempt"
1828 = "WEB-MISC iPlanet Search directory traversal attempt"
1831 = "WEB-MISC jigsaw dos attempt"
1832 = "CHAT ICQ forced user addition"
1833 = "PORN naked lesbians"
1834 = "WEB-PHP PHP-Wiki cross site scripting attempt"
1835 = "WEB-MISC Macromedia SiteSpring cross site scripting attempt"
1836 = "PORN alt.binaries.pictures.erotica"
1837 = "PORN alt.binaries.pictures.tinygirls"
1838 = "EXPLOIT SSH server banner overflow"
1839 = "WEB-MISC mailman cross site scripting attempt"
1841 = "WEB-CLIENT Javascript URL host spoofing attempt"
1842 = "IMAP login buffer overflow attempt"
1843 = "BACKDOOR trinity connection attempt"
1844 = "IMAP authenticate overflow attempt"
1845 = "IMAP list literal overflow attempt"
1852 = "WEB-MISC robots.txt access"
1853 = "BACKDOOR win-trin00 connection attempt"
1854 = "DDOS Stacheldraht handler = agent (niggahbitch)"
1855 = "DDOS Stacheldraht agent = handler (skillz)"
1856 = "DDOS Stacheldraht handler = agent (ficken)"
1857 = "WEB-MISC robot.txt access"
1858 = "WEB-MISC CISCO PIX Firewall Manager directory traversal attempt"
1859 = "WEB-MISC Sun JavaServer default password login attempt"
1860 = "WEB-MISC Linksys router default password login attempt \\(\\:admin\\)"
1861 = "WEB-MISC Linksys router default password login attempt \\(admin\\:admin\\)"
1862 = "WEB-CGI mrtg.cgi directory traversal attempt"
1864 = "FTP SITE NEWER attempt"
1866 = "POP3 USER overflow attempt"
1871 = "WEB-MISC Oracle XSQLConfig.xml access"
1882 = "ATTACK-RESPONSES id check returned userid"
1883 = "ATTACK-RESPONSES id check returned nobody"
1884 = "ATTACK-RESPONSES id check returned web"
1885 = "ATTACK-RESPONSES id check returned http"
1886 = "ATTACK-RESPONSES id check returned apache"
1888 = "FTP SITE CPWD overflow attempt"
1890 = "RPC status GHBN format string attack"
1891 = "RPC status GHBN format string attack"
1892 = "SNMP null community string attempt"
1894 = "EXPLOIT kadmind buffer overflow attempt"
1895 = "EXPLOIT kadmind buffer overflow attempt"
1896 = "EXPLOIT kadmind buffer overflow attempt"
1897 = "EXPLOIT kadmind buffer overflow attempt"
1898 = "EXPLOIT kadmind buffer overflow attempt"
1899 = "EXPLOIT kadmind buffer overflow attempt"
1902 = "IMAP lsub literal overflow attempt"
1903 = "IMAP rename overflow attempt"
1904 = "IMAP find overflow attempt"
1905 = "RPC AMD UDP amqproc_mount plog overflow attempt"
1906 = "RPC AMD TCP amqproc_mount plog overflow attempt"
1907 = "RPC CMSD UDP CMSD_CREATE buffer overflow attempt"
1908 = "RPC CMSD TCP CMSD_CREATE buffer overflow attempt"
1909 = "RPC CMSD TCP CMSD_INSERT buffer overflow attempt"
1910 = "RPC CMSD udp CMSD_INSERT buffer overflow attempt"
1911 = "RPC sadmind UDP NETMGT_PROC_SERVICE CLIENT_DOMAIN overflow attempt"
1912 = "RPC sadmind TCP NETMGT_PROC_SERVICE CLIENT_DOMAIN overflow attempt"
1913 = "RPC STATD UDP stat mon_name format string exploit attempt"
1914 = "RPC STATD TCP stat mon_name format string exploit attempt"
1915 = "RPC STATD UDP monitor mon_name format string exploit attempt"
1916 = "RPC STATD TCP monitor mon_name format string exploit attempt"
1917 = "SCAN UPnP service discover attempt"
1918 = "SCAN SolarWinds IP scan attempt"
1919 = "FTP CWD overflow attempt"
1920 = "FTP SITE NEWER overflow attempt"
1921 = "FTP SITE ZIPCHK attempt"
1922 = "RPC portmap proxy attempt TCP"
1923 = "RPC portmap proxy attempt UDP"
1924 = "RPC mountd UDP export request"
1925 = "RPC mountd TCP exportall request"
1926 = "RPC mountd UDP exportall request"
1927 = "FTP authorized_keys"
1928 = "FTP shadow retrieval attempt"
1929 = "BACKDOOR TCPDUMP/PCAP trojan traffic"
1930 = "IMAP auth overflow attempt"
1941 = "TFTP filename overflow attempt"
1942 = "FTP RMDIR overflow attempt"
1945 = "WEB-IIS unicode directory traversal attempt"
1946 = "WEB-MISC answerbook2 admin attempt"
1948 = "DNS zone transfer UDP"
1949 = "RPC portmap SET attempt TCP 111"
1950 = "RPC portmap SET attempt UDP 111"
1951 = "RPC mountd TCP mount request"
1952 = "RPC mountd UDP mount request"
1953 = "RPC AMD TCP pid request"
1954 = "RPC AMD UDP pid request"
1955 = "RPC AMD TCP version request"
1956 = "RPC AMD UDP version request"
1963 = "RPC RQUOTA getquota overflow attempt UDP"
1964 = "RPC tooltalk UDP overflow attempt"
1965 = "RPC tooltalk TCP overflow attempt"
1970 = "WEB-IIS MDAC Content-Type overflow attempt"
1971 = "FTP SITE EXEC format string attempt"
1972 = "FTP PASS overflow attempt"
1973 = "FTP MKD overflow attempt"
1974 = "FTP REST overflow attempt"
1976 = "FTP RMD overflow attempt"
1980 = "BACKDOOR DeepThroat 3.1 Connection attempt"
1981 = "BACKDOOR DeepThroat 3.1 Connection attempt (3150)"
1982 = "BACKDOOR DeepThroat 3.1 Server Response (3150)"
1983 = "BACKDOOR DeepThroat 3.1 Connection attempt (4120)"
1984 = "BACKDOOR DeepThroat 3.1 Server Response (4120)"
1985 = "BACKDOOR Doly 1.5 server response"
1986 = "CHAT MSN file transfer request"
1987 = "MISC xfs overflow attempt"
1988 = "CHAT MSN file transfer accept"
1989 = "CHAT MSN file transfer reject"
1990 = "CHAT MSN user search"
1991 = "CHAT MSN login attempt"
1992 = "FTP LIST directory traversal attempt"
1993 = "IMAP login literal buffer overflow attempt"
2000 = "WEB-PHP readmsg.php access"
2001 = "WEB-CGI smartsearch.cgi access"
2002 = "WEB-PHP external include path"
2003 = "MS-SQL Worm propagation attempt"
2004 = "MS-SQL Worm propagation attempt OUTBOUND"
2005 = "RPC portmap kcms_server request UDP"
2006 = "RPC portmap kcms_server request TCP"
2007 = "RPC kcms_server directory traversal attempt"
2008 = "MISC CVS invalid user authentication response"
2009 = "MISC CVS invalid repository response"
2010 = "MISC CVS double free exploit attempt response"
2011 = "MISC CVS invalid directory response"
2012 = "MISC CVS missing cvsroot response"
2013 = "MISC CVS invalid module response"
2014 = "RPC portmap UNSET attempt TCP 111"
2015 = "RPC portmap UNSET attempt UDP 111"
2016 = "RPC portmap status request TCP"
2017 = "RPC portmap espd request UDP"
2018 = "RPC mountd TCP dump request"
2019 = "RPC mountd UDP dump request"
2020 = "RPC mountd TCP unmount request"
2021 = "RPC mountd UDP unmount request"
2022 = "RPC mountd TCP unmountall request"
2023 = "RPC mountd UDP unmountall request"
2024 = "RPC RQUOTA getquota overflow attempt TCP"
2025 = "RPC yppasswd username overflow attempt UDP"
2026 = "RPC yppasswd username overflow attempt TCP"
2027 = "RPC yppasswd old password overflow attempt UDP"
2028 = "RPC yppasswd old password overflow attempt TCP"
2029 = "RPC yppasswd new password overflow attempt UDP"
2030 = "RPC yppasswd new password overflow attempt TCP"
2031 = "RPC yppasswd user update UDP"
2032 = "RPC yppasswd user update TCP"
2033 = "RPC ypserv maplist request UDP"
2034 = "RPC ypserv maplist request TCP"
2035 = "RPC portmap network-status-monitor request UDP"
2036 = "RPC portmap network-status-monitor request TCP"
2037 = "RPC network-status-monitor mon-callback request UDP"
2038 = "RPC network-status-monitor mon-callback request TCP"
2039 = "MISC bootp hostname format string attempt"
2040 = "POLICY xtacacs login attempt"
2041 = "MISC xtacacs failed login response"
2042 = "POLICY xtacacs accepted login response"
2043 = "MISC isakmp login failed"
2044 = "POLICY PPTP setup attempt"
2045 = "RPC snmpXdmi overflow attempt UDP"
2046 = "IMAP partial body.peek buffer overflow attempt"
2047 = "MISC rsyncd module list access"
2048 = "MISC rsyncd overflow attempt"
2049 = "MS-SQL ping attempt"
2050 = "MS-SQL version overflow attempt"
2051 = "WEB-CGI cached_feed.cgi moreover shopping cart access"
2052 = "WEB-CGI overflow.cgi access"
2053 = "WEB-CGI process_bug.cgi access"
2054 = "WEB-CGI enter_bug.cgi arbitrary command attempt"
2055 = "WEB-CGI enter_bug.cgi access"
2056 = "WEB-MISC TRACE attempt"
2057 = "WEB-MISC helpout.exe access"
2058 = "WEB-MISC MsmMask.exe attempt"
2059 = "WEB-MISC MsmMask.exe access"
2060 = "WEB-MISC DB4Web access"
2061 = "WEB-MISC Tomcat null byte directory listing attempt"
2062 = "WEB-MISC iPlanet .perf access"
2063 = "WEB-MISC Demarc SQL injection attempt"
2064 = "WEB-MISC Lotus Notes .csp script source download attempt"
2065 = "WEB-MISC Lotus Notes .csp script source download attempt"
2066 = "WEB-MISC Lotus Notes .pl script source download attempt"
2067 = "WEB-MISC Lotus Notes .exe script source download attempt"
2068 = "WEB-MISC BitKeeper arbitrary command attempt"
2069 = "WEB-MISC chip.ini access"
2070 = "WEB-MISC post32.exe arbitrary command attempt"
2071 = "WEB-MISC post32.exe access"
2072 = "WEB-MISC lyris.pl access"
2073 = "WEB-MISC globals.pl access"
2074 = "WEB-PHP Mambo uploadimage.php upload php file attempt"
2075 = "WEB-PHP Mambo upload.php upload php file attempt"
2076 = "WEB-PHP Mambo uploadimage.php access"
2077 = "WEB-PHP Mambo upload.php access"
2078 = "WEB-PHP phpBB privmsg.php access"
2079 = "RPC portmap nlockmgr request UDP"
2080 = "RPC portmap nlockmgr request TCP"
2081 = "RPC portmap rpc.xfsmd request UDP"
2082 = "RPC portmap rpc.xfsmd request TCP"
2083 = "RPC rpc.xfsmd xfs_export attempt UDP"
2084 = "RPC rpc.xfsmd xfs_export attempt TCP"
2085 = "WEB-CGI parse_xml.cgi access"
2086 = "WEB-CGI streaming server parse_xml.cgi access"
2087 = "SMTP >From comment overflow attempt"
2088 = "RPC ypupdated arbitrary command attempt UDP"
2089 = "RPC ypupdated arbitrary command attempt TCP"
2090 = "WEB-IIS WEBDAV exploit attempt"
2091 = "WEB-IIS WEBDAV nessus safe scan attempt"
2092 = "RPC portmap proxy integer overflow attempt UDP"
2093 = "RPC portmap proxy integer overflow attempt TCP"
2094 = "RPC CMSD UDP CMSD_CREATE array buffer overflow attempt"
2095 = "RPC CMSD TCP CMSD_CREATE array buffer overflow attempt"
2100 = "BACKDOOR SubSeven 2.1 Gold server connection response"
2101 = "NETBIOS SMB SMB_COM_TRANSACTION Max Parameter and Max Count of 0 DOS Attempt"
2102 = "NETBIOS SMB SMB_COM_TRANSACTION Max Data Count of 0 DOS Attempt"
2103 = "NETBIOS SMB trans2open buffer overflow attempt"
2104 = "ATTACK-RESPONSES rexec username too long response"
2105 = "IMAP authenticate literal overflow attempt"
2106 = "IMAP lsub overflow attempt"
2107 = "IMAP create buffer overflow attempt"
2108 = "POP3 CAPA overflow attempt"
2109 = "POP3 TOP overflow attempt"
2110 = "POP3 STAT overflow attempt"
2111 = "POP3 DELE overflow attempt"
2112 = "POP3 RSET overflow attempt"
2113 = "RSERVICES rexec username overflow attempt"
2114 = "RSERVICES rexec password overflow attempt"
2115 = "WEB-CGI album.pl access"
2116 = "WEB-CGI chipcfg.cgi access"
2117 = "WEB-IIS Battleaxe Forum login.asp access"
2118 = "IMAP list overflow attempt"
2119 = "IMAP rename literal overflow attempt"
2120 = "IMAP create literal buffer overflow attempt"
2121 = "POP3 DELE negative arguement attempt"
2122 = "POP3 UIDL negative arguement attempt"
2123 = "ATTACK-RESPONSES Microsoft cmd.exe banner"
2124 = "BACKDOOR Remote PC Access connection attempt"
2125 = "FTP CWD C:\\\\"
2126 = "MISC Microsoft PPTP Start Control Request buffer overflow attempt"
2127 = "WEB-CGI ikonboard.cgi access"
2128 = "WEB-CGI swsrv.cgi access"
2129 = "WEB-IIS nsiislog.dll access"
2130 = "WEB-IIS IISProtect siteadmin.asp access"
2131 = "WEB-IIS IISProtect access"
2132 = "WEB-IIS Synchrologic Email Accelerator userid list access attempt"
2133 = "WEB-IIS MS BizTalk server access"
2134 = "WEB-IIS register.asp access"
2135 = "WEB-MISC philboard.mdb access"
2136 = "WEB-MISC philboard_admin.asp authentication bypass attempt"
2137 = "WEB-MISC philboard_admin.asp access"
2138 = "WEB-MISC logicworks.ini access"
2139 = "WEB-MISC /*.shtml access"
2140 = "WEB-PHP p-news.php access"
2141 = "WEB-PHP shoutbox.php directory traversal attempt"
2142 = "WEB-PHP shoutbox.php access"
2143 = "WEB-PHP b2 cafelog gm-2-b2.php remote command execution attempt"
2144 = "WEB-PHP b2 cafelog gm-2-b2.php access"
2145 = "WEB-PHP TextPortal admin.php default password (admin) attempt"
2146 = "WEB-PHP TextPortal admin.php default password (12345) attempt"
2147 = "WEB-PHP BLNews objects.inc.php4 remote command execution attempt"
2148 = "WEB-PHP BLNews objects.inc.php4 access"
2149 = "WEB-PHP Turba status.php access"
2150 = "WEB-PHP ttCMS header.php remote command execution attempt"
2151 = "WEB-PHP ttCMS header.php access"
2152 = "WEB-PHP test.php access"
2153 = "WEB-PHP autohtml.php directory traversal attempt"
2154 = "WEB-PHP autohtml.php access"
2155 = "WEB-PHP ttforum remote command execution attempt"
2156 = "WEB-MISC mod_gzip_status access"
2157 = "WEB-IIS IISProtect GlobalAdmin.asp access"
2158 = "MISC BGP invalid length"
2159 = "MISC BGP invalid type (0)"
2160 = "VIRUS OUTBOUND .exe file attachment"
2161 = "VIRUS OUTBOUND .doc file attachment"
2162 = "VIRUS OUTBOUND .hta file attachment"
2163 = "VIRUS OUTBOUND .chm file attachment"
2164 = "VIRUS OUTBOUND .reg file attachment"
2165 = "VIRUS OUTBOUND .ini file attachment"
2166 = "VIRUS OUTBOUND .bat file attachment"
2167 = "VIRUS OUTBOUND .diz file attachment"
2168 = "VIRUS OUTBOUND .cpp file attachment"
2169 = "VIRUS OUTBOUND .dll file attachment"
2170 = "VIRUS OUTBOUND .vxd file attachment"
2171 = "VIRUS OUTBOUND .sys file attachment"
2172 = "VIRUS OUTBOUND .com file attachment"
2173 = "VIRUS OUTBOUND .hsq file attachment"
2174 = "NETBIOS SMB winreg access"
2175 = "NETBIOS SMB winreg access (unicode)"
2176 = "NETBIOS SMB Startup Folder access attempt"
2177 = "NETBIOS SMB Startup Folder access attempt (unicode)"
2180 = "P2P BitTorrent announce request"
2181 = "P2P BitTorrent transfer"
2183 = "SMTP Content-Transfer-Encoding overflow attempt"
2186 = "BAD-TRAFFIC IP Proto 53 (SWIPE)"
2187 = "BAD-TRAFFIC IP Proto 55 (IP Mobility)"
2188 = "BAD-TRAFFIC IP Proto 77 (Sun ND)"
2189 = "BAD-TRAFFIC IP Proto 103 (PIM)"
2190 = "NETBIOS DCERPC invalid bind attempt"
2191 = "NETBIOS SMB DCERPC invalid bind attempt"
2192 = "NETBIOS DCERPC ISystemActivator bind attempt"
2193 = "NETBIOS SMB DCERPC ISystemActivator bind attempt"
} # rule
} # snort2_syslog
http_server_responses = {
100 = "Continue"
101 = "Switching Protocols"
102 = "Processing"
200 = "OK"
201 = "Created"
202 = "Accepted"
203 = "Non-Authoritative Information"
204 = "No Content"
205 = "Reset Content"
206 = "Partial Content"
207 = "Multi-Status"
226 = "IM Used"
300 = "Multiple Choices"
301 = "Moved Permanently"
302 = "Found"
303 = "See Other"
304 = "Not Modified"
305 = "Use Proxy"
306 = "(Reserved)"
307 = "Temporary Redirect"
400 = "Bad Request"
401 = "Unauthorized"
402 = "Payment Required"
403 = "Forbidden"
404 = "Not Found"
405 = "Method Not Allowed"
406 = "Not Acceptable"
407 = "Proxy Authentication Required"
408 = "Request Timeout"
409 = "Conflict"
410 = "Gone"
411 = "Length Required"
412 = "Precondition Failed"
413 = "Request Entity Too Large"
414 = "Request-URI Too Long"
415 = "Unsupported Media Type"
416 = "Requested Range Not Satisfiable"
417 = "Expectation Failed"
422 = "Unprocessable Entity"
423 = "Locked"
424 = "Failed Dependency"
426 = "Upgrade Required"
500 = "Internal Server Error"
501 = "Not Implemented"
502 = "Bad Gateway"
503 = "Service Unavailable"
504 = "Gateway Timeout"
505 = "HTTP Version Not Supported"
507 = "Insufficient Storage"
510 = "Not Extended"
} # http_server_responses
sonic_wall = {
ipspri = {
1 = "high"
2 = "medium"
3 = "low"
"(empty)" = "(empty)"
}
event_type = {
gateway_antivirus_alert = "Gateway Anti-Virus Alert"
ips_detection_alert = "IPS Detection Alert"
found_rogue_access_point = "Found Rogue Access Point"
}
} # sonic_wall
net_continuum = {
level = {
ALER = 'Alert'
WARN = 'Warning'
NOTI = 'Notice'
} # level
} # net_continuum
vbrick_ethernetv_portal_server = {
broadcast_type = {
presentation = "Presentation"
video_on_demand = "Video on Demand"
live_broadcast = "Live Broadcast"
} # broadcast_type
} # vbrick_ethernetv_portal_server
aventail_client_server_access = {
equipment_type = {
W = "Windows"
M = "Mac"
L = "Linux"
P = "PDA"
A = "ActiveSync Mobile Phone"
X = "Default/Unknown"
unspecified = "Mobile Phone"
} # equipment_type
}
barracuda_spam_firewall = {
reasons = {
0 = "Message Allowed"
1 = "Virus"
2 = "Banned Attachment"
3 = "RBL Match"
4 = "Rate Control"
5 = "Too Many Message In Session"
6 = "Timeout Exceeded"
7 = "No Such Domain"
8 = "No Such User"
9 = "Subject Filter Match"
11 = "Client IP"
12 = "Recipient Address Rejected"
13 = "No Valid Recipients"
14 = "Domain Not Found"
15 = "Sender Address Rejected"
17 = "Need Fully Qualified Recipient"
18 = "Need Gully Qualified Send"
20 = "MAIL FROM Syntax Error"
21 = "Bad Address Syntax"
22 = "RCPT TO Syntax Error"
23 = "Send EHLO/HELO First"
24 = "Need MAIL Command"
25 = "Nested MAIL Command"
27 = "EHLO/HELO Syntax Error"
30 = "Mail Protocol Error"
31 = "Score"
34 = "Header Filter Match"
35 = "Sender Block/Accept"
36 = "Recipient Block/Accept"
37 = "Body Filter Match"
38 = "Message Size Bypass"
39 = "Intention Analysis Match"
40 = "SPF/Caller-ID"
41 = "Client Host Rejected"
44 = "Authentication Not Enabled"
45 = "Allowed Message Size Exceeded"
46 = "Too Many Recipients"
47 = "Need RCPT Command"
48 = "DATA Syntax Error"
49 = "Internal Error"
50 = "Too Many Hops"
55 = "Invalid Parameter Syntax"
56 = "STARTTLS Syntax Error"
57 = "TLS Already Active"
58 = "Too Many Errors"
59 = "Need STARTTLS First"
60 = "Spam Fingerprint Found"
61 = "Barracuda Whitelist"
62 = "Barracuda Blacklist"
} # reasons
} # barracuda_spam_firewall
firepass_ssl_vpn = {
session_status = {
0 = "Server session in progress"
1 = "Logged out from server"
2 = "Server session timed out"
7 = "Session handed off to failover box"
} # session_status
} # firepass_ssl_vpn
tipping_point_sms = {
action_type = {
7 = "Permit"
8 = "Block"
9 = "P2P"
} # action_type
severity = {
0 = "Normal"
1 = "Low"
2 = "Minor"
3 = "Major"
4 = "Critical"
} # severity
} # tipping_point_sms
autodesk_network_license_manager = {
# For translation
action = {
IN = "IN (license returned)"
OUT = "OUT (license granted)"
DENIED = "DENIED"
}
} # autodesk_network_license_manager
} # log_formats
# This is nowhere near a complete list of Windows event codes, but we gotta start somewhere.
# If you add your own codes here, please email them to support@sawmill.net, so we can add them to
# this list.
windows_event_codes = {
515 = {
category = "System Events"
description = "A trusted logon process has registered with the Local Security Authority"
}
517 = {
category = "System Events"
description = "The audit log was cleared"
}
528 = {
category = "Logon/Logoff"
description = "Successful Logon"
}
538 = {
category = "Logon/Logoff"
description = "User Logoff"
}
540 = {
category = "Logon/Logoff"
description = "Successful Network Logon"
}
552 = {
category = "Logon/Logoff"
description = "Logon attempt using explicit credentials"
}
560 = {
category = "Object Access"
description = "Object Open"
}
562 = {
category = "Object Access"
description = "Handle Closed"
}
564 = {
category = "Object Access"
description = "Object Deleted"
}
565 = {
category = "Directory Service"
description = "Object Open (Active Directory)"
}
566 = {
category = "Directory Service"
description = "Object Operation (W3 Active Directory)"
}
567 = {
category = "Object Access"
description = "Object Access Attempt"
}
576 = {
category = "Privilege Use"
description = "Special privileges assigned to new logon"
}
578 = {
category = "Privilege Use"
description = "Privileged object operation"
}
672 = {
category = "Account Logon"
description = "Authentication Ticket Granted"
}
673 = {
category = "Account Logon"
description = "Service Ticket Granted"
}
675 = {
category = "Account Logon"
description = "Pre-authentication failed"
}
680 = {
category = "Account Logon"
description = "Account Used for Logon by"
}
} # windows_event_codes
directory = "{=if (_PLATFORM eq \"UNIX\") then lang_stats.unix_directory else lang_stats.windows_directory;=}"
directories = "{=if (_PLATFORM eq \"UNIX\") then lang_stats.unix_directories else lang_stats.windows_directories;=}"
# Translate these words
unix_directory = "directory"
unix_directories = "directories"
windows_directory = "folder"
windows_directories = "folders"
} # lang_stats