# Copyright (c) 2010 Flowerfire, Inc. All Rights Reserved. lang_stats = { ## ## Language Module -- Statistics ## ## This is the Statistics section of the default English language module ## # If you want to "white-label" this product so it uses another name, uncomment these and change PRODUCT_NAME. # If you want to change the support email address shown in the web interface and documentation, or the web site # URL, or the purchase URL, you can uncomment and change SUPPORT_EMAIL or PRODUCT_URL or PURCHASE_URL. #PRODUCT_NAME = "Product Name" #SUPPORT_EMAIL = "support@sawmill.net" #PRODUCT_URL = "http://www.sawmill.net/" #PURCHASE_URL = "http://www.sawmill.net/purchase.html" EDITION_MATRIX_URL = "http://www.sawmill.net/matrix.html" # Change this to your charset if your translation does not use UTF-8. charset = "UTF-8" statistics_label = "$command_line.profile" # # # btn - shared button like words where each word starts with an uppercase letter. Lowercase is allowed in button like words, i.e. "Save and Close" # # btn = { about = "About" add = "Add" admin = "Admin" apply = "Apply" ascending = "Ascending" back = "Back" browse = "Browse" build_database = "Build Database" build_rebuild_database = "Build/Rebuild Database" calendar = "Calendar" cancel = "Cancel" cancel_task = "Cancel Task" cancel_zoom = "Cancel Zoom" clear = "Clear" clear_search_result = "Clear Search Result" close = "Close" close_window = "Close Window" columns_info = "Columns Info" comment = "Comment" confirm = "Confirm" config = "Config" config_options = "Config Options" continue = "Continue" custom = "Custom" customize = "Customize" # customize_report = "Customize Report" # customize_report_in_config = "Customize Report in Config" customize_in_config = "Customize in Config" database_info = "Database Info" date_filter = "Date Filter" date_picker = "Date Picker" default = "Default" delete = "Delete" descending = "Descending" deselect_all = "Deselect All" description = "Description" duplicate = "Duplicate" edit = "Edit" email_report = "Email Report" export = "Export" filters = "Filters" finish = "Finish" footer = "Footer" header = "Header" help = "Help" language = "Language" less_info = "Less Info" loading = "Loading" logout = "Logout" macros = "Macros" miscellaneous = "Miscellaneous" more_info = "More Info" next = "Next" no = "No" none = "None" ok = "OK" previous = "Previous" printer_friendly = "Printer Friendly" profile = "Profile" profiles = "Profiles" rebuild_database = "Build Database" refresh = "Refresh" remove = "Remove" rename = "Rename" reports = "Reports" report_filter = "Report Filter" save = "Save" save_and_apply = "Save and Apply" save_and_close = "Save and Close" save_as_new_report = "Save As New Report" save_changes = "Save Changes" save_report_changes = "Save Report Changes" saving = "Saving" search = "Search" select = "Select" select_all = "Select All" select_deselect_all = "Select/Deselect All" show_columns_info = "Show Columns Info" show_examples = "Show Examples" sort = "Sort" start = "Start" submit = "Submit" table_filter = "Table Filter" undo_all_changes = "Undo All Changes" update_database = "Update Database" used = "Used" view_config = "View Config" view_reports = "View Reports" yes = "Yes" } # btn general = { admin_profiles = "Admin (Profiles)" admin_title_prefix = "Admin" alert = "Alert" error = "Error" manager = "Manager" statistics_visitor = "Statistics Visitor" # show_hide_sidebar = "Show/hide sidebar" export_table = "Export Table" item_n_m_of_total = "Item $starting_row - $ending_row of $total_rows" item_n_m_of_unknown_total = "Item $starting_row - $ending_row (unknown total items)" row_n_m_of_total = "Row $starting_row - $ending_row of $total_rows" row_n_m_of_unknown_total = "Row $starting_row - $ending_row (unknown total rows)" no_data = "No data returned in query" no_data_for_row_n_to_m = "No data for row $starting_row - $ending_row. Please try less rows." database_error_info = "Database error, no database available." error_in_generating_the_report_info = "Error in generating the report or in displaying progress." # loading_document_info = "Loading document, please wait." # report_startup_info = "Report startup, please wait." loggin_in_info = "Logging in, please wait" # forgot_your_password_info = " #
If you are a non-administrative user please contact the system administrator to reset your password.
#If your are the administrative user you can reset your password from the command line with
#sawmill -a rra -u username -pw password#
This command will reset your root admin username and password.
# On Windows you can run this command from the command prompt by typing e.g.
# c:\\" logged_in_as_username_info = "Logged in as '$param1'" no_profile_exists_info = "Sorry, no profile exists for this user name." no_data_in_result_info = "No data in result to display." contents_label = "Contents" rbac_no_permission_header = "No Permission" rbac_no_permission_info = "You don't have grants to view this page or profile. Please contact your system administrator for more details." page_grants_are_limited_to_view = "Your grants for this page are limited to view, changes cannot be saved." no_changes_to_save = "No changes to save." item_copy = "$param1 copy" # I.e. "My report name copy" invalid_email_address_in_recipients_msg = "Invalid email address(es) in recipients." no_recipient_address_message = "Please define a recipient address" email_to = "To" email_cc = "Cc" email_bcc = "Bcc" optional = "optional" none = "none" background_process_terminated = "The background process terminated unexpectedly, without returning a result." entire_data_range_info = "(entire date range)" no_date_information_in_database = "(no date information in database)" ascending = "ascending" descending = "descending" reload_current_page = "Reload current page" do_not_show_message_again = "Don't show this message again" number_of_licensed_profiles = "Number of licensed profiles" comma = "Comma" decimal_point = "Decimal point" space = "Space" other = "Other" noscript_info = "JavaScript must be enabled in order for you to use $PRODUCT_NAME. However, it seems JavaScript is either disabled or not supported by your browser or is disabled for the current URL. To use $PRODUCT_NAME, enable JavaScript by changing your browser options, then $param1." noscript_info_try_again = "try again" # warning = "Warning" } # general languages = { czech = { label = "Czech" } english = { label = "English" } german = { label = "German" } japanese = { label = "Japanese" } italian = { label = "Italian" } chinese_traditional = { label = "Traditional Chinese" } polish = { label = "Polish" } russian = { label = "Russian" } spanish = { label = "Spanish" } } # languages form_validation = { no_value = "No value. Please define a value." duplicat_name = "Duplicate name. Please define a unique name." invalid_number = "Invalid number. Please define a valid number." invalid_integer = "Invalid number. Please define a valid integer." invalid_integer_min_max = "Invalid number. Please define an integer number >= $param1 and <= $param2." invalid_integer_min = "Invalid number. Please define an integer number >= $param1." invalid_integer_max = "Invalid number. Please define an integer number <= $param1." invalid_float = "Invalid number. Please define a valid floating point number." invalid_float_min_max = "Invalid number. Please define a floating point number >= $param1 and <= $param2." invalid_float_min = "Invalid number. Please define a floating point number >= $param1." invalid_float_max = "Invalid number. Please define a floating point number <= $param1." invalid_regular_expression = "Invalid regular expression." invalid_email_address = "Invalid email address format." invalid_email_addresses = "Invalid email addresses. Please define a valid email address or addresses. Multiple email addresses must be separated by a comma." invalid_identifier = "Invalid identifier (node name). Valid characters for an identifier are an underscore _, the numbers 0-9 and the English letters a-z, all in lowercase." passsword_requires_symbol = "The password requires at least one symbol." passsword_requires_digit = "The password requires at least one digit." passsword_requires_lowercase_and_uppercase = "The password requires lowercase and uppercase letters." passsword_requires_letter = "The password requires at least one letter." passsword_requires_min_n_charaters = "The password requires minimum $param1 characters." } # form_validation authentication = { login_title = "$PRODUCT_NAME Login" enter_password = "Please enter your username and password." session_timed_out = "Your session has been inactive too long, and has timed out." username = "Username" password = "Password" reenter_password = "Reenter password" new_password = "New password" reenter_new_password = "Reenter new password" login_button = "Login" missing_username_message = "Please define a username." missing_password_message = "Please define a password." missing_password2_message = "Please re-type the password." invalid_password2_message = "The re-typed password does not match the first password. Please re-type the password." invalid_username_spaces = "The username contains invalid spaces. Please remove any leading or trailing spaces." invalid_password_spaces = "The password contains invalid spaces. Please remove any leading or trailing spaces." authentication_failed_message = "The username or password is not valid. Please enter a valid username and password." invalid_retyped_password = "The re-typed password does not match the first password. Please re-type the password." invalid_new_password_reuse = "Invalid new password. The new password has already been used. Please try a different password" invalid_username_or_password = "Invalid username or password." password_expired_message = "Your password expired, please re-enter your current password and a new password to be used in future." new_password = "New password" repeat_new_password = "Repeat new password" forgot_your_password = "Forgot your password?" forgot_password = "Forgot password?" forgot_password_no_email_support = "Sorry, your account or the $PRODUCT_NAME configuration does not support resetting your password by email. Please contact your system administrator to reset your password." forgot_password_no_email_support_root_admin_only = "Sorry, your account or the $PRODUCT_NAME configuration does not support resetting your password by email. Please follow the instructions below to reset your password." forgot_password_additional_email_info_root_admin_only = "In case that there is any problem with your email you may want to manualy reset your password as described below." forgot_password_root_admin_reset_instructions = "
# cd c:\\Program Files\\Sawmill 8
# Sawmill -a rra -u \"my username\" -pw \"my password\" #
You can reset your root administrator password from the command line with
sawmill -a rra -u username -pw password
This command will reset your root administrator username and password.
On Windows you can run this command from the command prompt by typing e.g.
c:\\
cd c:\\Program Files\\Sawmill 8
Sawmill -a rra -u \"my username\" -pw \"my password\"
The within/matches filter selects events with a two-stage process.
In the first stage, it computes the set of all field values of the Within field, which occur on events where the Matches field matches the specified wildcard expression. In the second stage, it selects all events where the Within field value is one of the values in the set computed in the first stage.
For example, this filter can be used to select all events within all sessions containing a particular page, by choosing the \"session id\" field as the within field, and the \"page\" field as the matches field.
" } # global_filter active_filters_info = { label = "Active Filters Info" info = "This shows the active filters separated in date_filter syntax and expressions. This information can be used to apply the active filters on the Command Line, in Admin Scheduler, in Config Reports Editor or Config Report Options." df_command_line_info = "Use the following option on the command line to use the current date filter:" df_form_field_info = "Use the following date filter in date filter form fields in Scheduler, Reports Editor and Report Options, to use the current date filter:" general_filter = "General Filter" f_command_line_info = "Use the following option in the Extra Options field of the Scheduler, or on the command line, to use the current general filters:" f_expression_info = "Use the following filter expression in Report Filter Expression form fields in Reports Editor and Report Options, to use the current general filters:" no_filters_info = "No date filter or general filter active." } pivot_table = { drill_down_to = "Drill down to" number_of_rows = "Number of rows" sort_drill_down_differently = "Sort drill down data differently from main table" sort_by = "Sort by" sort_direction = "Sort direction" ascending = "Ascending" descending = "Descending" show_averages_row = "Show averages row" omit_parenthesized_items = "Omit parenthesized items of drill down field" } # pivot_table zoom = { zoom_active = "Zoom Active" zoom_to_date_in_calendar_info = "Zoom to selected date by opening a report." zoom_to_date_items_info = "Zoom to selected date item(s) by opening a report." zoom_selected_items_info = "Zoom to selected items by opening a report or via Filters." add_build_in_report_filters = "Add build-in report filters upon zoom." # tab_label = "Zoom Options" # default_report_view_on_zoom_label = "Default report view on zoom when clicking on a table item" # zoom_to_report_label = "Zoom to report" # zoomed_into_label = "Report is zoomed and shows data for" # hierarchy_label = "Hierarchy" # zoom_field_session_start_label = "Session start" # zoom_field_session_user_label = "Session user" zoom_button = "Zoom" } export = { # label = "Export CSV" export_table = "Export Table" number_of_rows = "Number of rows" data_exported_info = "The export is complete. Please click the link to open or save the exported CSV file." exporting_data_info = "Exporting CSV file" # download_button = "Download CSV file" download_button = "Open or save CSV file" # e.g. all rows, "All 1-10" all = "All" range = "Range" unknown_total_items = "unknown total items" export_aggregation_rows = "Export active aggregation rows (Average, Min, Max, Total)" average = "AVERAGE" min = "MIN" max = "MAX" total = "TOTAL" } # export report_builder = { hierarchy = "$report_label Hierarchy" } row_numbers = { invalid_row_numbers_message = "Invalid row numbers." # show_row_from_to = "Show row $param1 - $param2" # show_row_1_up_to = "Show row 1 - $param1" # custom_row_range = "Custom row range" show_rows = "Show rows" row = "Row" } field_categories = { page_url = "Page/URL" ip_address = "IP address" destination_email_address = "Destination email address" source_email_address = "Source email address" } # field_categories field_labels = { average_tag = " (average)" max_tag = " (max)" min_tag = " (min)" # Numerical field labels hits = "hits" double_hits = "double hits" page_views = "page views" bytes_transferred = "bytes transferred" bytes_transmitted = "bytes transmitted" bytes_xmt = "bytes transmitted" bytes_rcv = "bytes received" visitors = "visitors" unique_client_ips = "unique client IPs" unique_remote_ips = "unique remote IPs" unique_source_ips = "unique source IPs" unique_users = "unique users" sessions = "sessions" messages = "messages" spam_messages = "spam messages" events = "events" entries = "entries" transfers = "transfers" time_spent = "time spent" ### accesses = "accesses" requests = "requests" clips = "clips" bytes_sent = "bytes sent" bytes_received = "bytes received" bytes = "bytes" sent = "sent" rcvd = "received" file_size = "file size" file_time = "file time" resends = "resends" failed_resends = "failed resends" sent_time = "sent time" tcplen = "TCP length" udplen = "UDP length" connections = "connections" attacks = "attacks" counts = "counts" out_of_order = "out of order" outages = "outages" missing = "missing" early = "early" late = "late" available = "available" highest = "highest" lowest = "lowest" average = "average" requested = "requested" rebuffering = "rebuffering" resent = "resent" average_bandwidth = "average bandwidth" average_bytes = "average bytes" current_bandwidth = "current bandwidth" lost = "lost" session_time = "session time" delay_time = "delay time" viruses = "viruses" inbound_bytes = "inbound bytes" inbound_messages = "inbound messages" delivered_messages = "delivered messages" processing_time = "processing time" downloads = "downloads" uploads = "uploads" total_time = "total time" tickets = "tickets" xdelay = "xdelay" chunks_read = "chunks read" chunks_written = "chunks written" frame = "frame" host_time = "host time" source_packets = "source packets" destination_packets = "destination packets" source_bytes = "source bytes" ### destination_bytes = "destination bytes" unique_source_addresses = "unique source addresses" original_client_ip = "original client ip" maximum_concurrent_sessions = "maximum concurrent sessions" # Session field labels used in database fields and report fields session_page = "session page" session_id = "session ID" sessions = "sessions" session_event = "session event" session_events = "session events" session_user = "session user" session_users = "session users" session_date_time = "session date/time" session_begin = "session begin" session_end = "session end" session_duration = "session duration" session_entrances = "session entrances" session_exits = "session exits" session_sequence_number = "session sequence number" # Other field labels page = "page" page_directory = "page/directory" date = "date" time = "time" date_time = "date/time" date_time_timestamp = "date/time timestamp" # Used in date_time_timestamp report fields year_month_day = "year/month/day" year = "year" month = "month" day = "day" hostname = "hostname" domain_description = "domain description" # contry_region_city = "country/region/city" country = "country" region = "region" city = "city" country_region_city = "country/region/city" location = "geographic location" organization = "organization" isp = "ISP" domain = "domain" referrer_description = "referrer description" referrer = "referrer" search_phrase = "search phrase" search_engine = "search engine" screen_dimensions = "screen dimensions" screen_depth = "screen depth" file_type = "file type" filetype = "file type" spider = "spider" worm = "worm" url = "URL" operation = "operation" ### protocol = "protocol" direction = "direction" size = "size" size_range = "size range" response = "response" server_response = "server response" server_domain = "server domain" ### user = "user" node = "node" node_field = "node" authenticated_user = "authenticated user" authenticated_username = "authenticated username" web_browser = "web browser" operating_system = "operating system" error = "error" day_of_week = "day of week" day_of_year = "day of year" hour_of_day = "hour of day" week_of_year = "week of year" log_filename = "log filename" visitor_id = "visitor id" audiocodec = "audio codec" audio_stat = "audio stat" avgbandwidth = "average bandwidth" c_buffercount = "buffered count" c_bytes = "client bytes" c_connect_type = "client connection type" c_cpu = "client CPU" c_dns = "client hostname" c_hostexe = "host application" c_hostexever = "host application version number" c_ip = "client IP" c_os = "client OS" c_osversion = "client OS version number" c_pkts_lost_client = "client packets lost" c_pkts_lost_cont_net = "client continuous packets lost" c_pkts_lost_net = "packets lost in network" c_pkts_received = "client packets received" c_pkts_recovered_ecc = "client packets recovered ECC" c_pkts_recovered_resent = "client packets resent" c_playerid = "player GUID" c_playerlanguage = "player language" c_playerversion = "player version number" c_quality = "client quality" c_rate = "client rate" c_resendreqs = "client resend requests" c_starttime = "start time" ### c_status = "client status code" c_totalbuffertime = "buffering time" # 2012-03-02 - GMF - Not sure which plug-in wanted these to be called "original URL", but they look like just "URL" or "client URL" to me. We could do a plug-in specific label for the plug-in that uses "original" if necessary. For now, changing them to remove "original" c_uri = "URL" c_uri_address = "URL IP" c_uri_extension = "URL extension" c_uri_host = "URL hostname" c_uri_hostname = "URL resolved hostname" c_uri_port = "URL port" c_uri_query = "URL query" c_uri_scheme = "URL scheme" c_uri_stem = "URL" channelurl = "channel URL" connect_time = "connect time" cs_accept = "Accept" cs_accept_charset = "Accept-Charset" cs_accept_encoding = "Accept-Encoding" cs_accept_language = "Accept-Language" cs_accept_ranges = "Accept-Ranges" cs_age = "Age" cs_allow = "Allow" cs_authentication_info = "Authentication-Info" cs_authorization = "request header: Authorization" cs_cache_control = "Cache-Control" cs_client_ip = "Client-IP" cs_connection = "Connection" cs_content_encoding = "Content-Encoding" cs_content_language = "Content-Language" cs_content_length = "Content-Length" cs_content_location = "Content-Location" cs_content_md5 = "Content-MD5" cs_content_range = "Content-Range" cs_content_type = "Content-Type" ### cs_cookie = "Cookie" cs_cookie2 = "Cookie2" cs_date = "Date" cs_etag = "Etag" cs_expect = "Expect" cs_expires = "Expires" cs_from = "From" cs_front_end_https = "Front-End-HTTPS" ### cs_host = "Host" cs_if_match = "If-Match" cs_if_modified_since = "If-Modified-Since" cs_if_none_match = "If-None-Match" cs_if_range = "If-Range" cs_if_unmodified_since = "If-Unmodified-Since" cs_last_modified = "Last-Modified" cs_location = "Location" cs_max_forwards = "Max-Forwards" cs_meter = "Meter" cs_p3p = "P3P" cs_pragma = "Pragma" cs_proxy_authenticate = "Proxy-Authenticate" cs_proxy_authorization = "Proxy-Authorization" cs_proxy_connection = "Proxy-Connection" cs_range = "Range" ### cs_referer = "referrer" cs_refresh = "Refresh" cs_retry_after = "Retry-After" cs_server = "Server" cs_set_cookie = "Set-Cookie" cs_set_cookie2 = "Set-Cookie2" cs_te = "TE" cs_trailer = "Trailer" cs_transfer_encoding = "Transfer-Encoding" cs_upgrade = "Upgrade" ### cs_user_agent = "User-Agent" cs_vary = "Vary" cs_via = "Via" cs_www_authenticate = "WWW-Authenticate" cs_warning = "Warning" cs_x_bluecoat_mc_client_ip = "X-Bluecoat-MC-Client-Ip" cs_x_bluecoat_via = "X-Bluecoat-Via" cs_x_forwarded_for = "X-Forwarded-For" x_forwarded_for = "X-Forwarded-For" cs_auth_group = "authenticated group name" cs_auth_groups = "authenticated group names" cs_auth_type = "proxy authentication type" cs_bodylength = "body bytes (client to server)" cs_bytes = "client-to-server bytes" cs_categories = "content categories" cs_categories_external = "external service content categories" cs_categories_policy = "CPL content categories" cs_categories_provider = "provider content categories" cs_categories_qualified = "qualified content categories" cs_category = "content category" cs_headerlength = "header bytes (client to server)" cs_host = "server domain" hostfield = "server domain" cs_ip = "client destination IP" cs_method = "method" method = "method" method_name = "method name" transfer_time = "transfer time" path_args = "path args" search_args = "search args" cs_protocol = "protocol" cs_realm = "authentication realm" sc_realm = "server-to-client realm" cs_request_line = "client request line" cs_uri = "URL" cs_uri_address = "URL IP" cs_uri_extension = "URL extension" cs_uri_host = "URL hostname" cs_uri_hostname = "URL resolved hostname" cs_uri_port = "URL port" cs_uri_query = "URL query" url_query = "URL query" cs_uri_scheme = "URL scheme" cs_uri_stem = "URL" cs_userdn = "authenticated full username" cs_username = "authenticated username" c_username = "authenticated username" cs_user_name = "authenticated username" cs_version = "protocol" s_session_id = "session ID" s_content_path = "content path" cs_url = "client-to-server URL" cs_media_name = "media name" c_max_bandwidth = "maximum bandwidth" cs_media_role = "media role" s_proxied = "proxied" dnslookup_time = "DNS lookup time" duration = "duration" filelength = "file length" filesize = "file size" gmttime = "UTC date/time" localtime = "local date/time" x_localtime = "local date/time" protocol = "protocol" r_dns = "remote server DNS" r_ip = "remote server IP" r_host = "remote server host" r_port = "remote server port" r_supplier_dns = "upstream hostname" r_supplier_ip = "upstream IP" r_supplier_port = "upstream port" s_object_source = "server object source" # Removed "Response header" from this section because it made names too long rs_accept = "Accept" rs_accept_charset = "Accept-Charset" rs_accept_encoding = "Accept-Encoding" rs_accept_language = "Accept-Language" rs_accept_ranges = "Accept-Ranges" rs_age = "Age" rs_allow = "Allow" rs_authentication_info = "Authentication-Info" rs_authorization = "Authorization" rs_cache_control = "Cache-Control" rs_client_ip = "Client-IP" rs_connection = "Connection" rs_content_encoding = "Content-Encoding" rs_content_language = "Content-Language" rs_content_length = "Content-Length" rs_content_location = "Content-Location" rs_content_md5 = "Content-MD5" rs_content_range = "Content-Range" rs_content_type = "Content-Type" rs_cookie = "Cookie" rs_cookie2 = "Cookie2" rs_date = "Date" rs_etag = "Etag" rs_expect = "Expect" rs_expires = "Expires" rs_from = "From" rs_front_end_https = "Front-End-HTTPS" rs_host = "Host" rs_if_match = "If-Match" rs_if_modified_since = "If-Modified-Since" rs_if_none_match = "If-None-Match" rs_if_range = "If-Range" rs_if_unmodified_since = "If-Unmodified-Since" rs_last_modified = "Last-Modified" rs_location = "Location" rs_max_forwards = "Max-Forwards" rs_meter = "Meter" rs_p3p = "P3P" rs_pragma = "Pragma" rs_proxy_authenticate = "Proxy-Authenticate" rs_proxy_authorization = "Proxy-Authorization" rs_proxy_connection = "Proxy-Connection" rs_range = "Range" rs_referer = "Referer" rs_refresh = "Refresh" rs_retry_after = "Retry-After" rs_server = "Server" rs_set_cookie = "Set-Cookie" rs_set_cookie2 = "Set-Cookie2" rs_te = "TE" rs_trailer = "Trailer" rs_transfer_encoding = "Transfer-Encoding" rs_upgrade = "Upgrade" rs_user_agent = "User-Agent" rs_vary = "Vary" rs_via = "Via" rs_www_authenticate = "WWW-Authenticate" rs_warning = "Warning" rs_x_bluecoat_mc_client_ip = "X-Bluecoat-MC-Client-Ip" rs_x_bluecoat_via = "X-Bluecoat-Via" rs_x_forwarded_for = "X-Forwarded-For" rs_bodylength = "body bytes (upstream to server)" rs_bytes = "total bytes (upstream to server)" rs_headerlength = "header bytes (upstream to server)" rs_response_line = "response status line" rs_status = "remote server status" rs_version = "response protocol version" s_action = "processing action" s_computername = "server name" s_connect_type = "upstream connection type" s_cpu_util = "server CPU usage" s_dns = "server hostname" s_hierarchy = "cache hierarchy" s_icap_info = "ICAP response info" s_icap_status = "ICAP response status" s_ip = "server IP" s_pkts_sent = "server packets sent" ### s_port = "server port" c_port = "client port" s_sitename = "server service used" s_supplier_ip = "supplier IP" s_supplier_name = "supplier name" c_totalclients = "total clients (client)" s_totalclients = "total clients (server)" s_uri = "cache URL" s_uri_address = "cache URL IP" s_uri_extension = "cache URL extension" s_uri_host = "cache URL hostname" s_uri_hostname = "cache URL resolved hostname" s_uri_port = "cache URL port" s_uri_query = "cache URL query" s_uri_scheme = "cache URL scheme" s_uri_stem = "cache URL path" sc_adapter = "server adapter used" sc_win32_status = "win32 status" sc_auth_status = "authentication status" sc_bodylength = "body bytes (server to client)" sc_bytes = "server-to-client bytes" sc_connection = "client connection ID" sc_filter_category = "content category" sc_filter_result = "content filtering result" sc_headerlength = "header bytes (server to client)" sc_status = "server status" cs_status = "client status" c_status = "client response code" sc_substatus = "server substatus" sr_bodylength = "body bytes (server to upstream)" sr_bytes = "total bytes (server to upstream)" sr_headerlength = "header bytes (server to upstream)" sr_uri = "server URL" sr_uri_address = "server URL IP" sr_uri_extension = "server URL extension" sr_uri_host = "server URL hostname" sr_uri_hostname = "server URL resolved hostname" sr_uri_port = "server URL port" sr_uri_query = "server URL query" sr_uri_scheme = "server URL scheme" sr_uri_stem = "server URL path" time_taken = "time taken" time_taken_avg = "average time taken" timestamp = "unix-style timestamp" transport = "transport" videocodec = "video codec" x_bluecoat_appliance_name = "appliance name" x_bluecoat_appliance_primary_address = "appliance primary address" x_bluecoat_day = "current day (local)" x_bluecoat_day_utc = "current day (UTC)" x_bluecoat_end_time_wft = "transaction end timestamp (WFT)" x_bluecoat_hour = "current hour (local)" x_bluecoat_hour_utc = "current hour (UTC)" x_bluecoat_minute = "current minute (local)" x_bluecoat_minute_utc = "current minute (UTC)" x_bluecoat_month = "current month (local)" x_bluecoat_month_utc = "current month (UTC)" x_bluecoat_monthname = "current month name (local)" x_bluecoat_monthname_utc = "current month name (UTC)" x_bluecoat_proxy_primary_address = "appliance primary address" x_bluecoat_proxy_via_http_version = "appliance HTTP Via version" x_bluecoat_redirect_location = "policy redirect location" x_bluecoat_release_id = "SGOS release ID" x_bluecoat_second = "current second (local)" x_bluecoat_second_utc = "current second (UTC)" x_bluecoat_server_connection_socket_errno = "upstream connection failure message" x_bluecoat_special_amp = "ampersand" x_bluecoat_special_apos = "apostrophe" x_bluecoat_special_gt = "greater-than" x_bluecoat_special_lt = "less-than" x_bluecoat_special_quot = "double quote" x_bluecoat_special_slash = "forward slash" x_bluecoat_ssl_failure_reason = "upstream SSL failure message" x_bluecoat_start_time_wft = "transaction start timestamp (WFT)" x_bluecoat_surfcontrol_category_id = "SurfControl content category ID" x_bluecoat_surfcontrol_is_denied = "transaction allowed boolean" x_bluecoat_surfcontrol_is_proxied = "transaction explicit boolean" x_bluecoat_surfcontrol_reporter_id = "SurfControl reporter ID" x_bluecoat_transaction_id = "transaction ID" x_bluecoat_websense_category_id = "Websense content category ID" x_bluecoat_websense_keyword = "Websense keyword" x_bluecoat_websense_reporter_id = "Websense reporter ID" x_bluecoat_websense_status = "Websense status" x_bluecoat_websense_user = "Websense username" x_bluecoat_weekday = "current weekday (local)" x_bluecoat_weekday_utc = "current weekday (UTC)" x_bluecoat_year = "current year (local)" x_bluecoat_year_utc = "current year (UTC)" x_cache_info = "caching info" x_cache_user = "authenticated username" ### req__vars_auth_user = "authenticated user" req__vars_auth_user = "authenticated user" req__vars_pauth_user = "authenticated user" req__reqpb_method = "request method" req__reqpb_uri = "request page" req__reqpb_query = "request query" req__reqpb_protocol = "request protocol" request_line_number = "request line number" x_client_address = "client IP" x_client_ip = "client IP" x_cookie_date = "current date/time (local)" x_cs_http_version = "HTTP request version" x_cs_socks_ip = "SOCKS destination IP" x_cs_socks_method = "SOCKS method" x_cs_socks_port = "SOCKS destination port" x_cs_socks_version = "SOCKS version" x_cs_username_or_ip = "username or client IP" x_duration = "play duration" x_duration_per_successful_access = "duration per access" x_exception_company_name = "company name" x_exception_contact = "exceptoin contact info" x_exception_details = "exception details" x_exception_help = "exception help info" x_exception_id = "exception ID" x_exception_last_erro = "transaction error message" x_exception_reason = "transaction termination reason" x_exception_sourcefile = "exception source file" x_exception_sourceline = "exception source line number" x_exception_summary = "exception summary" x_http_date = "current date (local)" x_im_attachments = "IM attachment names" x_im_buddy_id = "IM buddy ID" x_im_buddy_name = "IM buddy display name" x_im_buddy_state = "IM buddy state" x_im_chat_room_id = "IM chat room ID" x_im_chat_room_members = "IM chat room member Ids" x_im_chat_room_type = "IM chat room type" x_im_client_info = "IM client info" x_im_file_path = "IM file path" x_im_file_size = "IM file size" x_im_message_opcode = "IM opcode" x_im_message_route = "IM route" x_im_message_size = "IM message length" x_im_message_text = "IM message text" x_im_message_type = "IM message type" x_im_method = "IM method" x_im_user_id = "IM user ID" x_im_user_name = "IM client display name" x_im_user_state = "IM user state" x_rs_http_version = "HTTP protocol version (upstream to server)" x_rs_streaming_content = "content" x_sc_http_status = "HTTP response code" x_sc_http_version = "HTTP protocol version (server to client)" x_sr_http_version = "HTTP protocol version (server to upstream)" x_streaming_bitrate = "bitrate" x_timestamp = "local date/time" x_timestamp_unix = "current time (local)" x_timestamp_unix_utc = "current time (UTC)" x_virus_id = "ICAP virus ID" x_wm_c_dns = "client hostname" x_wm_c_ip = "client IP" sys_msgs = "system message" icmp_code = "icmp code" icmp_type = "icmp type" s_port = "source port" src_port = "source port" dst_port = "destination port" source_port = "source port" xlatedst = "translated destination" xlatesrc = "translated source" xlatesport = "translated source port" xlatedport = "translated destination port" dst = "destination" src = "source" proto = "protocol" i_f_dir = "interface direction" i_f_name = "interface name" ### req__srvhdrs_clf_status = "cookie" req__headers_user_agent = "agent" cs_cookie = "cookie" cs_user_agent = "agent" c_agent = "agent" browser = "agent" x_bytes_received = "bytes received" s_operation = "operation" server_port = "server port" user = "user" cs_referer = "referrer" referer = "referrer" cs_referrer = "referrer" cs_referred = "referrer" req__headers_referer = "referrer" afp_status = "status" afp_method = "method" req__vars_p2c_cl = "size" req__srvhdrs_content_length = "content length" len = "length" acct_output_octets = "output octets" acct_input_octets = "input octets" total_bytes = "total bytes" result = "result" req__srvhdrs_clf_status = "server response" ses__client_ip = "client IP" device_id = "device ID" security_level = "security level" message = "message" start_time = "start time" policy_id = "policy ID" service = "service" action = "action" src_zone = "source zone" dst_zone = "destination zone" translated_ip = "translated IP" port = "port" interface = "interface" source_code_location = "source code location" username = "username" authorization_method = "authorization method" ### aborted = "Aborted" recordid = "record ID" totaldownloads = "total downloads" totalconnections = "total connections" serverbandwidth = "server bandwidth" maximumconnections = "maximum connections" filesdownloadederror = "files downloaded error" currentdownloads = "current downloads" currentconnections = "current connections" connections24h = "24h connections" processortime = "processor time" bytes_second = "bytes/second" bytes_second_2_ = "bytes/second" in = "in" out = "out" pct = "percent" type = "type" from = "from" to = "to" test = "test" reason = "reason" source_side = "source side" source_ip = "source IP" destination_side = "destination side" destination_ip = "destination IP" ### destination_port = "destination port" service_ip = "service IP" totalkbdownloaded = "total kb downloaded" queuelength = "queue length" userid = "user ID" status = "status" httpstatus = "http status" record_type = "record type" record_id = "record ID" application_id = "application ID" host_id = "host ID" organization_id = "organization ID" source_direction = "source direction" destination_direction = "destination direction" alarm_level = "alarm level" signature_id = "signature ID" subsignature_id = "subsignature ID" router_ip = "router IP" attack_detail = "attack detail" bytes_incoming = "bytes incoming" bytes_outgoing = "bytes outgoing" spam = "spam" screen = "screen" msgend = "message end" virus = "virus" drive_id = "drive ID" model = "model" bus1 = "bus1" scsi_id = "scsi ID" activedevsonbus = "active devs on bus" aborted = "aborted" threadstatus = "thread status" threaderror = "thread error" disc_manufacturer = "disc manufacturer" ### authorization_method = "authorization method" client_hostname = "client hostname" client_ip = "client IP" filename = "filename" read = "read" write = "write" numopen = "num open" uid = "UID" gid = "GID" pid = "PID" source = "source" category = "category" event = "event" computer = "computer" group_name = "group name" task_name = "task name" host_name = "host name" response_time = "response time" initial_connect_time = "initial connect time" subject = "subject" encoding = "encoding" nfiles = "number of files" nbytes = "bytes" name = "name" ### attachment = "attachment" attno = "attachment number" agent = "agent" host = "host" reporter = "reporter" data_bytes = "data bytes" all_bytes = "all bytes" work_order = "work order" disc_name = "disc name" seq = "sequence" good = "good" drive = "drive" printer = "printer" last = "last" visitor_cookie = "visitor cookie" client_connects = "client connects" source_connects = "source connects" bytes_read = "bytes read" bytes_written = "bytes written" message_id = "message id" source_address = "source address" destination_address = "destination address" job_number = "job number" event_id = "event id" egroup = "egroup" cookie = "cookie" source_hostname = "source hostname" disconnect = "disconnect" file = "file" log_type = "log type" header = "header" rule = "rule" windowsmedia = "windows media" c_startime = "client star time" c_hostexec = "client host executable" c_hostexecver = "clicne host exec version" c_pkts_lost_cont = "client packets lost cont" server_ip = "server IP" serverip = "server IP" c_cpu_util = "client CPU util" cache_state = "cache state" client_info = "client info" client_guid = "client GUID" client_data = "client data" stat1 = "stat1" stat2 = "stat2" stream_components = "stream components" server_address = "server address" average_bitrate = "average bitrate" packets_sent = "packets sent" presentation_id = "presentation id" computername = "computer name" servicename = "service name" packet_type = "packet type" user_name = "username" fully_qualified_user_name = "fully qualified username" called_station_id = "called station ID" calling_station_id = "calling station ID" callback_number = "callback number" framed_ip_address = "framed IP address" nas_identifier = "NAS identifier" nas_ip_address = "NAS IP address" nas_port = "NAS port" client_vendor = "client vendor" client_ip_address = "client IP address" client_friendly_name = "client friendly name" event_timestamp = "event timestamp" port_limit = "port limit" nas_port_type = "NAS port type" connect_info = "connect info" framed_protocol = "framed protocol" service_type = "service type" authentication_type = "authentication type" np_policy_name = "NP policy name" reason_code = "reason code" class = "class" session_timeout = "session timeout" idle_timeout = "idle timeout" termination_action = "termination action" eap_friendly_name = "EAP friendly name" acct_status_type = "status type" acct_delay_time = "delay time" acct_input_octet = "input octet" acct_output_octet = "output octet" acct_session_id = "session ID" acct_unique_session_id = "unique session ID" acct_authentic = "authentic" acct_session_time = "session time" acct_input_packet = "input packet" acct_output_packet = "output packet" acct_terminate_cause = "terminate cause" acct_multi_ssn_id = "multi ssn ID" acct_link_count = "link count" acct_interim_interval = "interim interval" tunnel_type = "tunnel type" tunnel_medium_type = "tunnel medium type" tunnel_client_endpt = "tunnel client endpoint" tunnel_server_endpt = "tunnel server endpoint" acct_tunnel_conn = "tunnel connection" tunnel_pvt_group_id = "tunnel private group ID" tunnel_assignment_id = "tunnel assignment ID" tunnel_preference = "tunnel preference" ms_acct_auth_type = "ms account auth type" ms_acct_eap_type = "ms account EAP type" ms_ras_version = "ms ras version" ms_ras_vendor = "ms ras vendor" ms_chap_error = "ms chap error" ms_chap_domain = "ms chap domain" ms_ppe_encryption_type = "ms ppe encryption type" ms_mppe_encryption_policy = "ms mppe encryption policy" server_host = "server host" facility = "facility" severity = "severity" authenticated = "authenticated" source_type = "source type" destination_type = "destination type" message_code = "message code" station = "station" source_host = "source host" destination = "destination" ### group = "group" cn = "CN" sn = "SN" sa = "SA" sev = "severity" rpt = "recipient" payload = "payload" inbound_spi = "inbound spi" outbound_spi = "outbound spi" server_hostname = "server hostname" local_proxy_host = "local proxy host" local_proxy_subnet = "local proxy subnet" local_proxy_mask = "local proxy mask" remote_proxy_host = "remote proxy host" remote_proxy_subnet = "remote proxy subnet" remote_proxy_mask = "remote proxy mask" destination_host = "destination host" local_port = "local port" remote_port = "remote port" 827_ip = "827 IP" host1 = "host1" host1_ip = "host1 IP" host2 = "host2" host2_ip = "host2 IP" trash = "trash" client_port = "client port" x_bytes_sent = "bytes sent" x_src_port_id = "source port ID" x_dest_port_id = "destination port ID" details = "details" machine_name = "machine name" endpoint = "endpoint" call_type = "call type" iv_status_code = "IV status code" uuid = "UUID" group_uuid_list = "group UUID list" priority = "priority" line_number = "line number" code = "code" protected_object = "protected object" requested_permissions = "requested permissions" principals = "principals" qop = "qop" outcome = "outcome" outcome_status = "outcome status" originator_component = "originator component" originator_action = "originator action" originator_location = "originator location" originator_blade = "originator blade" accessor_principal = "accessor principal" accessor_principal_auth = "accessor principal auth" target_object = "target object" target_resource = "target resource" event_rev = "event revision" data = "data" status_code = "status code" originator_id = "originator ID" command_arguments = "command arguments" server = "server" client = "client" number_of_groups = "number of groups" event_outcome = "event outcome" authorization_status = "authorization status" item_1 = "item 1" target_host = "target host" syslog_time = "syslog time" id = "ID" fw = "firewall" pri = "priority" c = "c" m = "m" dstname = "destination name" arg = "argument" op = "operation" browsing_host = "browsing host" cache_response = "cache response" proxy_hostname = "proxy hostname" browsing_hostname = "browsing hostname" destination_hostname = "destination hostname" path = "path" owner = "owner" brick = "brick" oninterface = "on interface" list = "list" remote_hostname = "remote hostname" remote_ip = "remote IP" object_source = "object source" tcpflags = "tcp flags" document_source = "document source" address = "address" sender = "sender" recipient = "recipient" type_code = "type code" relay = "relay" state = "state" domain = "domain" rcpt_to = "recipient" helo_text = "HELO text" banned_domain = "banned domain" banned_ip = "banned IP" banned_helo = "banned HELO" invalid_helo = "invalid HELO" banned_rcpt_to = "banned recipient" relay_denied_recipient = "relay denied recipient" banned_subject = "banned subject" banned_text = "banned text" banned_body_from = "banned body from" invalid_body_to = "invalid body to" banned_received = "banned received" over_max_recipient = "over-max recipient" banned_x_mailer = "banned x-mailer" forged_message_id = "forged message ID" service_name = "service name" destination_service = "destination service" foundry_name = "foundry name" foundry_ip = "foundry IP" web_server_name = "web server name" microseconds = "microseconds" proxy = "proxy" iteration = "iteration" ethernet_address = "ethernet address" incoming_bytes = "incoming bytes" outgoing_bytes = "outgoing bytes" incoming_packets = "incoming packets" outgoing_packets = "outgoing packets" incoming_ip_packets = "incoming IP packets" outgoing_ip_packets = "outgoing IP packets" calllegtype = "call leg type" connectionid = "connection ID" setuptime = "setup time" peeraddress = "peer address" peersubaddress = "peer subaddress" disconnectcause = "disconnect cause" disconnecttext = "disconnect text" connecttime = "connect time" disconnecttime = "disconnect time" callorigin = "call origin" chargedunits = "charged units" infotype = "info type" transmitpackets = "transmitted packets" transmitbytes = "transmitted bytes" receivebytes = "receive bytes" n = "n" src_host = "source host" src_network = "source network" dst_host = "destination host" dst_network = "destination network" msg = "message" no = "number" product = "product" origin = "origin" community = "community" info = "info" translated_source = "translated source" translated_destination = "translated destination" translated_source_port = "translated source port" translated_destination_port = "translated destination port" partner = "partner" source_key_id = "source key id" destination_key_id = "destination key id" elapsed = "elapsed" cache_result = "cache result" request_method = "request method" authenticaled_user = "authenticated user" proxy_route = "proxy route" proxy_server = "proxy server" response_type = "response type" peer_status = "peer status" peer_host = "peer host" mime_type = "mime type" destination__ip = "destination IP" programerr = "program error" server_name = "server name" mode = "mode" incoming_channel = "incoming channel" outgoing_channel = "outgoing channel" receiver_before_rewriting = "receiver before rewriting" receiver_after_rewriting = "receiver after rewriting" deliveryinfo = "delivery info" complete = "complete" nrcpts = "number of recipients" nrcpt = "number of recipients" relay_hostname = "relay hostname" relay_ip = "relay IP" smtp_server = "smtp server" antivirus_filter_result = "antivirus filter result" attachment_filter_result = "attachment filter result" mbox = "message box" msgid = "message ID" mss = "mss" msgfile = "message file" msgsize = "message size" cmd = "command" fromhost = "from host" rcpts = "recipients" desthost = "destination host" source_email = "source email" target_email = "target email" trigger = "trigger" destination_email = "destination email" in_out = "in/out" post_office = "post office" inet_user = "inet user" gateway = "gateway" remote_id = "remote ID" originator = "originator" length = "length" seconds = "seconds" cost = "cost" mts_id = "mts ID" recipients = "recipients" partner_name = "partner name" recipient_address = "recipient address" recipient_report_status = "recipient report status" number_recipients = "number of recipients" origination_time = "origination time" encryption = "encryption" service_version = "service version" linked_msgid = "linked message ID" message_subject = "message subject" sender_address = "sender address" daemon = "daemon" qp = "queue process ID" side = "side" error_message = "error message" log_pathname = "log pathname" scan_date = "scan date" scan_time = "scan time" scan_type = "scan type" scan_status = "scan status" airbill = "airbill" reference = "reference" ship_date = "ship date" gladiola = "gladiola" acct = "account" origin_name = "origin name" origin_company = "origin company" origin_address = "origin address" origin_city = "origin city" origin_state = "origin state" origin_zip = "origin zip" origin_country = "origin country" dest_name = "destination name" dest_company = "destination company" dest_address = "destination address" dest_city = "destination city" dest_state = "destination state" dest_zip = "destination zip" dest_country = "destination country" session = "session" parameter = "parameter" child = "child" rate = "rate" email = "email" suffix = "suffix" completion = "completion" notes = "notes" pathname = "pathname" password = "password" packets = "packets" partial_hostname = "partial hostname" tools_usage = "tools usage" response_time_group = "response time group" user_agent = "user agent" error_status = "error status" cache_usage = "cache usage" portal_section = "portal section" store = "store" sessionid = "session ID" attribute = "attribute" package = "package" ras_client = "ras client" full_name = "full name" auth_type = "authentication type" acct_input_packets = "input packets" acct_output_packets = "output packets" acct_termination_cause = "termination cause" acct_multi_session_id = "multi session ID" acc_err_message = "error message" annex_product_name = "annex product name" annex_sw_version = "annex software version" annex_system_disc_reason = "annex system disc reason" annex_modem_disc_reason = "annex modem disc reason" annex_disconnect_reason = "annex disconnect reason" annex_transmit_speed = "annex transmit speed" annex_receive_speed = "annex receive speed" ascend_modem_port_number = "ascend modem port number" ascend_modem_slot_number = "ascend modem slot number" ascend_modem_shelf_number = "ascend modem shelf number" ascend_xmit_rate = "ascend transmit rate" nautica_acct_sessionid = "nautica account session ID" nautica_acct_direction = "nautica account direction" nautica_acct_causeprotocol = "nautica account causeprotocol" nautica_acct_causesource = "nautica account causesource" telebit_accounting_info = "telebit accounting info" last_number_dialed_out = "last number dialed out" last_number_dialed_in_dnis = "last number dialed in dnis" last_callers_number_ani = "last callers number ani" channel = "channel" event_date_time = "event date time" call_start_date_time = "call start date time" call_end_date_time = "call end date time" default_dte_data_rate = "default dte data rate" initial_rx_link_data_rate = "initial rx link data rate" final_rx_link_data_rate = "final rx link data rate" initial_tx_link_data_rate = "initial tx link data rate" final_tx_link_data_rate = "final tx link data rate" sync_async_mode = "sync async mode" originate_answer_mode = "originate answer mode" modulation_type = "modulation type" equalization_type = "equalization type" fallback_enabled = "fallback enabled" characters_sent = "characters sent" characters_received = "characters received" blocks_sent = "blocks sent" blocks_received = "blocks received" blocks_resent = "blocks resent" retrains_requested = "retrains requested" retrains_granted = "retrains granted" line_reversals = "line reversals" number_of_characters_lost = "number of characters lost" number_of_blers = "number of blers" number_of_link_timeouts = "number of link timeouts" number_of_fallbacks = "number of fallbacks" number_of_upshifts = "number of upshifts" number_of_link_naks = "number of link naks" back_channel_data_rate = "back channel data rate" simplified_mnp_levels = "simplified mnp levels" simplified_v42bis_usage = "simplified v42bis usage" pw_vpn_id = "password VPN ID" real_name = "real name" order = "order" invoice = "invoice" shipping_method = "shipping method" total = "total" lines_since_email = "lines since email" framed_protocol_7_ = "framed protocol" framed_ip_address_8_ = "framed IP address" acct_session_time_46_ = "session time" connect_info_77_ = "connect info" acct_input_octets_42_ = "input octets" acct_output_octets_43_ = "output octets" acct_input_packets_47_ = "input packets" acct_output_packets_48_ = "output packets" acct_terminate_cause_49_ = "terminate cause" acct_authentic_45_ = "authentic" nas_port_5_ = "nas port" nas_port_type_61_ = "nas port type" calling_station_id_31_ = "calling station ID" service_type_6_ = "service type" nas_ip_address_4_ = "nas ip address" acct_delay_time_41_ = "delay time" acct_session_id_44_ = "session ID" framed_ip_netmask = "framed IP netmask" framed_routing = "framed routing" filter_id = "filter IP" framed_mtu = "framed MTU" framed_compression = "framed compression" login_ip_host = "login IP host" login_service = "login service" login_tcp_port = "login TCP port" callback_id = "callback ID" framed_route = "framed route" framed_ipx_network = "framed IPX network" proxy_state = "proxy state" tunnel_client_endpoint = "tunnel client endpoint" tunnel_server_endpoint = "tunnel server endpoint" acct_tunnel_connection = "tunnel connection" tunnel_private_group_id = "tunnel private group ID" acct_tunnel_packets_lost = "tunnel packets lost" acct_input_gigawords = "input gigawords" acct_output_gigawords = "output gigawords" nas_port_id = "nas port id" sid = "SID" program = "program" connect_host = "connect host" address_host = "address host" address_port = "address port" command = "command" arguments = "arguments" version = "version" access_event = "access event" policy_server = "policy server" resource = "resource" subevent = "subevent" description = "description" idletime = "idle time" maxtime = "maximum time" auth_level = "authentication level" transactionid = "transaction ID" site_instance = "site instance" raw_url = "raw URL" base = "base" scope = "scope" filter = "filter" err = "err" tag = "tag" nentries = "number of entries" etime = "elapsed time" dn = "DN" ### version = "version" ruid = "RUID" euid = "EUID" pgid = "PGID" fid = "FID" logid = "log ID" edomain = "e domain" srcip = "source IP" srcport = "source port" srcburb = "src burb" dstip = "destination IP" dstport = "destination port" dstburb = "destination burb" protocolname = "protocol name" netsessid = "net session ID" request_command = "request_command" bytes_written_to_client = "bytes written to client" bytes_written_to_server = "bytes written to server" type1 = "type 1" type2 = "type 2" type3 = "type 3" type4 = "type 4" ip = "ip" cat_page = "category page" cat_action = "category action" date2 = "date 2" time2 = "time 2" message_source = "message source" document = "document" profile = "profile" category_code = "category code" configuration = "configuration" error_filename = "error filename" error_line_number = "error line number" intermediate_host = "intermediate host" intermediate_port = "intermediate port" packets_received = "packets received" logging_device = "logging device" syslog_priority = "syslog priority" fac = "fac" area = "area" log = "log" logging_devide = "logging device" ### ip_address = "ip address" sport = "source port" dport = "destination port" indev = "input device" inport = "input port" rc = "RC" lvl = "LVLl" prog = "program" ### src.ip = "source IP" ### src.port = "source port" ### dst.ip = "destination IP" ### dst.port = "destination port" itype = "I type" ### side.in = "side in" ### side.out = "side out" ### side.exp = "side exp" ### cnx.state = "connection state" ### lvl.info = "LVL info" ibyte = "bytes in" ipacket = "packets in" ibyte_ack = "acknowledged bytes in" ipacket_ack = "acknowledged packets in" fw_name = "firewall name" dir = "direction" ip_address = "IP address" messageid = "message ID" report = "report" config = "config" match_method = "match method" words = "words" logical_words = "logical words" translated_port = "translated port" application = "application" process = "process" process_no = "process number" permission = "permission" port_name = "port name" packet_len = "packet length" header_len = "header length" time_to_live = "time to live" nas_ip = "nas IP" framed_ip = "framed IP" status_type = "status type" authentication = "authentication" termination_cause = "termination cause" destination_bytes = "destination bytes" flags = "flags" faddr_host = "foreign IP" faddr_port = "foreign port" faddr_service = "foreign service" gaddr_host = "global IP" gaddr_port = "global port" gaddr_service = "global service" laddr_host = "local IP" laddr_port = "local port" laddr_service = "local service" access_group = "access group" queue = "queue" in_interface = "in interface" out_interface = "out interface" mac_address = "MAC address" packet_length = "packet length" precedence = "precedence" ttl = "TTL" packet_id = "packet ID" window = "window" reserved_bits = "reserved bits" urgent_pointer = "urgent pointer" tcp_flags = "TCP flags" ip_flags = "IP flags" device_ip = "device ip" device = "device" connection_type = "connection type" classification = "classification" xref = "xref" iplen = "IP length" dmglen = "DMG length" ### ack = "ack" win = "window" ### tcplen = "TCP length" chain = "chain" ### source_interface = "source interface" destination_interface = "destination interface" event_number = "event number" event_type = "event type" logon = "logon" logon_type = "logon type" logon_process = "logon process" logon_account = "logon account" account = "account" authentication_package = "authentication package" workstation_name = "workstation name" source_workstation = "source workstation" error_code = "error code" substatus_code = "substatus code" source_mac_address = "source MAC address" log_id = "log ID" node_id = "node ID" rule_id = "rule ID" nat_source_ip = "NAT source IP" nat_destination_ip = "NAT destination IP" nat_source_port = "NAT source port" nat_destination_port = "NAT destination port" source_interface = "source interface" protocol_agent = "protocol agent" alert_name = "alert name" syslog_message = "syslog message" icmp_id = "ICMP ID" ipsec_spi = "IPSEC SPI" rtt = "RTT" time_elapsed = "time elapsed" authenticated_name = "authenticated name" source_vlan = "source VLAN" destination_vlan = "destination VLAN" firewall_engine_id = "firewall engine ID" info_message = "info message" sending_server = "sending server" receiving_server = "receiving server" l = "L" s = "S" f = "F" i = "I" t = "T" flag = "flag" pop_account = "pop account" local_account = "local account" queried_host = "queried host" snort_priority = "snort priority" device_name = "device name" source_network = "source network" destination_network = "destination network" sourcenetwork = "source network" object_name = "object name" usr_acct_reason_code = "user account reason code" usr_call_arrival_time = "user call arrival time" usr_call_end_time = "user call end time" usr_chassis_call_channel = "user chassis call channel" usr_chassis_call_slot = "user chassis call slot" stop_time = "stop time" page_info = "page info" request_id = "request ID" component_id = "component ID" recipient_list = "recipient list" origin_ip = "origin IP" inbound_interface = "inbound interface" outbound_interface = "outbound interface" virtual_device = "virtual device" attack = "attack" policy_name = "policy name" policy_version = "policy version" rulebase = "rule base" rule_number = "rule number" user_flag = "user flag" subcategory = "subcategory" is_hidden = "is hidden" is_duplicate = "is duplicate" is_alert = "is alert" run_script = "run script" send_email = "send email" sent_snmp_trap = "sent SNMP trap" sent_syslog = "sent syslog" from_external = "from external" variable_data = "variable data" backup = "backup" actual_bytes = "actual bytes" kb_per_second = "kb per second" sql_server = "SQL server" adsm_server = "ADSM server" sql_status = "SQL status" adsm_status = "ADSM status" connecting_ip = "connecting IP" helo_ehlo_name = "HELO/EHLO name" destination_domain = "destination domain" authenticator = "authenticator" connected_ip_rdns = "connected IP RDNS" unicast_address = "unicast address" multicast_address = "multicast address" end = "end" speedmode = "speed mode" streaming = "streaming" send_user_vol = "send user volume" subtype = "subtype" attack_id = "attack ID" send = "send" received = "received" send_packets = "send packets" sent_pkts = "sent packets" received_packets = "received packets" rcvd_pkts = "received packets" catagory = "category" detail = "detail" slot = "slot" line = "line" vd = "vd" dir_disp = "dir disp" tran_disp = "translated disp" calling_number = "calling number" called_number = "called number" call = "call" cl = "CL" p = "P" transaction_id = "transaction ID" agent_name = "agent name" server_interface = "server interface" request_host = "request host" file_server_ip = "file server IP" filter_category_mask = "filter category mask" site_category = "site category" reply_message = "reply message" vendor_specific = "vendor specific" login_lat_service = "login LAT service" login_lat_node = "login LAT node" login_lat_group = "login LAT group" framed_appletalk_link = "framed appletalk link" framed_appletalk_network = "framed appletalk network" framed_appletalk_zone = "framed appletalk zone" acct_terminate_clause = "terminate clause" login_lat_port = "login LAT port" password_retry = "password retry" prompt = "prompt" configuration_token = "configuration token" ascend = "ascend" saved_radius_framed_route = "saved radius framed route" nas_manufacturer = "NAS manufacturer" sam_account_name = "SAM account name" ip_source_ip = "source IP" ip_source_port = "source port" ip_destination_ip = "destination IP" ip_destination_port = "destination port" bandwidth = "bandwidth" cache_operation = "cache operation" observation_type = "observation type" template_id = "template ID" service_id = "service ID" content_id = "content ID" content_type = "content type" content_description = "content description" rule_return_value = "rule return value" display_method = "display method" exit_method = "exit method" smart_link = "smart link" page_location = "page location" dependent_see = "dependent see" original_price = "original price" order_number = "order number" user_defined_string = "user defined string" error_number = "error number" security_context = "security context" computer_name = "computer name" query = "query" error_type = "error type" error_parameter = "error parameter" threadid = "threadid" result_code = "result code" http_code = "HTTP code" hierarchy = "hierarchy" zone = "zone" forward_bytes = "forward bytes" reverse_bytes = "reverse bytes" forward_packets = "forward packets" reverse_packets = "reverse packets" receiving_interface = "receiving interface" sending_interface = "sending interface" alert_code = "alert code" brick_source = "brick source" proxy_destination = "proxy destination" brick_port = "brick port" proxy_port = "proxy port" reflect_type = "reflect type" rel_vpn = "rel VPNn" vpn_direction = "VPN direction" spi = "SPI" user_id = "user ID" mapped_source = "mapped source" mapped_destination = "mapped destination" mapped_source_port = "mapped source port" mapped_destination_port = "mapped destination port" end_time = "end time" peer_ip = "peer IP" ### virus_name = "virus name" rbl = "RBL" spam_score = "spam score" ssl = "SSL" encrypted_time = "encrypted time" logger = "logger" virus_location = "virus location" primary_action = "primary action" secondary_action = "secondary action" action_taken = "action taken" virus_type = "virus type" scan_id = "scan ID" new_ext = "new ext" group_id = "group ID" event_data = "event data" vbin_id = "vbin ID" virus_id = "virus ID" quarantine_status = "quarantine status" operation_flags = "operation flags" send_status = "send status" compressed = "compressed" depth = "depth" still_infected = "still infected" virus_def_info = "virus definition info" virus_def_sequence = "virus definition sequence" cleanable = "cleanable" deletable = "deletable" backup_id = "backup ID" parent = "parent" guid = "GUID" client_group = "client group" domain_name = "domain name" nt_name = "NT name" software_version = "software version" syslog_event_type = "syslog event type" syslog_protocol = "syslog protocol" blocked_source_ip = "blocked source IP" rbl_list = "RBL list" kiosk_id = "kiosk ID" ntk_filename = "NTK filename" object_type = "object type" info2 = "info2" info3 = "info3" info4 = "info4" message_info = "message info" virus_host = "virus host" virus_sender = "virus sender" virus_recipient = "virus recipient" process_name = "process name" process_id = "process ID" host_machine = "host machine" message_level = "message level" message_set = "message set" octets = "octets" flows = "flows" active_time = "active time" player_type = "player type" client_id = "client ID" stat3 = "stat3" stat4 = "stat4" stat4_transport = "stat4 transport" stat4_turboplay = "stat4 turboplay" stat4_clipend = "stat4 clipend" turboplay = "turboplay" clipend = "clipend" binding_state = "binding state" next_binding_state = "next binding state" hardware_ethernet = "hardware ethernet" note = "note" client_gateway = "client gateway" lease_ip = "lease IP" mailer = "mailer" stat = "stat" reject = "reject" module = "module" return_code = "return code" link_state = "link state" v1 = "v1" v2 = "v2" v3 = "v3" v4 = "v4" num_recipients = "number of recipients" delay = "delay" origin_hostname = "origin hostname" language = "language" auth = "auth" srcif = "source interface" svsrc = "svsrc" svsrc_port = "svsrc port" dstif = "destination interface" nexthoprouter = "next hop router" nms = "NMS" switch_name = "switch name" device_type = "device type" device_category = "device category" duplex = "duplex" vlan = "vlan" speed = "speed" security = "security" rx_octets = "rx octets" tx_octets = "tx octets" elapsed_time = "elapsed time" source_channel = "source channel" destination_channel = "destination channel" http_operation = "HTTP operation" slot___port = "slot and port" other_date = "other date" evt = "event" subevt = "subevent" srcintfc = "source interface" dstintfc = "destination interface" oper = "operation" server_state = "server state" additional_info = "additional info" ping_time = "ping time" return_path = "return path" script = "script" component = "component" syslog_message_type = "syslog message type" source_country = "source country" keywords = "keywords" firebox_ip = "firebox IP" original_filename = "original filename" converted_filename = "converted filename" http_cc_guid = "http CC GUID" http_cc_session = "http CC session" remote_address = "remote address" remote_user = "remote user" uri = "uri" found_location = "found location" scanning_time = "scanning time" authentication_result = "authentication result" source_name = "source name" destination_name = "destination name" server_source = "server source" server_source_port = "server source port" program_name = "program name" event_code = "event code" logon_id = "logon ID" new_process_id = "new process ID" creator_process_id = "creator process ID" image_file_name = "image file name" current_state = "current state" previous_state = "previous state" previous_date = "previous date" previous_time = "previous time" time_difference = "time difference" realm = "realm" tarantella_server = "tarantella server" application_server = "application server" security_method = "security method" filer_name = "filer name" retry = "retry" notification_command = "notification command" contact = "contact" license = "license" scanned_message_file = "scanned message file" setup_time = "setup time" matching_rule = "matching rule" start_position = "start position" end_position = "end position" sbrs_value = "sbrs value" brightmail_result = "brightmail result" antivirus_result = "antivirus result" interface_host = "interface host" reverse_dns_host = "reverse DNS host" cat2 = "cat2" cat3 = "cat3" forwarded_recipient = "forwarded recipient" content_scan = "content scan" fail_reason = "fail reason" remote_server_ip = "remote server IP" remote_server_hostname = "remote server hostname" local_server_hostname = "local server hostname" local_file = "local file" user_address = "user address" failed_logons = "failed logons" search_terms = "search terms" match = "match" template = "template" policyid = "policy ID" srcname = "source name" src_int = "source interface" dst_int = "destination interface" source_event = "source event" sent_pkt = "sent packets" rcvd_pkt = "received packets" vpn = "VPN" tran_ip = "translated IP" tran_port = "translated port" virus_file = "virus file" virus_name_file = "virus name/file" ids_class = "IDS class" ids_reference = "IDS reference" user_domain = "user domain" ticket_options = "ticket options" ticket_encryption_type = "ticket encryption type" client_address = "client address" workstation = "workstation" file_name = "file name" protocol_type = "protocol type" event_ip = "event IP" session_type = "session type" traceback = "traceback" devicename = "device name" log_level = "log level" source_address_domain = "source domain" source_address_ip = "source IP" destination_address_domain = "destination domain" destination_address_ip = "destination IP" destination_port = "destination port" emanager_policy = "emanager policy" emanager_action = "emanager action" emanager_message = "emanager message" sub_module = "sub module" event_name = "event name" event_description = "event description" data_type = "data type" login_name = "login name" terminal_name = "terminal name" ### adapter = "adapter" ### consolidated_message = "consolidated message" ip_code = "IP code" ### count = "count" message_type = "message type" adapter = "adapter" alert_destination_mac_addr = "alert destination MAC address" alert_source_mac_addr = "alert source MAC address" consolidated_message = "consolidated message" count = "count" cve = "CVE" family = "family" flow_cookie = "flow cookie" interface_id = "interface ID" interval = "interval" ip_protocol = "IP protocol" level = "level" packet = "packet" payload_left_offset = "payload left offset" payload_right_offset = "payload right offset" policy_tag = "policy tag" reliability = "reliability" request = "request" string_value = "string value" title = "title" vendor = "vendor" vlan_id = "VLAN ID" lookups = "lookups" pkts_sent = "packets sent" pkts_rcvd = "packets received" caller_user_name = "caller user name" caller_domain = "caller domain" caller_logon_id = "caller logon ID" caller_process_id = "caller process ID" transited_services = "transited services" source_network_address = "source network address" ### handle_id = "handle ID" logon_guid = "logon GUID" primary_user_name = "primary user name" primary_domain = "primary domain" primary_logon_id = "primary logon ID" target_account_name = "target account name" target_domain = "target domain" target_account_id = "target account ID" privileges = "privileges" accesses = "accesses" restricted_sid_count = "restricted sid count" access_mask = "access mask" object_server = "object server" ### object_type = "object type" ### object_name = "object name" handle_id = "handle ID" operation_id = "operation ID" client_user_name = "client user name" client_domain = "client domain" client_logon_id = "client logon ID" member_name = "member name" member_id = "member ID" url_accessed = "URL accessed" bad_ppp_slip = "bad PPP slip" const = "const" ct_hndl = "CT handle" diag = "diag" d_pad = "d pad" d_pad_comp = "d pad comp" far_end_echo_levl = "far end echo level" freq_offst = "freq offst" general_info = "general info" levl = "level" mail_lost__host = "mail lost host" naks = "naks" neg_window = "negative window" phase2 = "phase2" phase_jit__freq = "phase jit frequency" phase_roll = "phase roll" proj_max_rx_b_rate__client = "proj max rx b rate client" rbs = "rbs" reset = "reset" retrans_frames = "retransmit frames" round_trip = "round trip" rx_overruns = "rx overruns" rx_tx_levl = "rx/tx level" rx_tx_link_layer = "rx/tx link layer" rx_tx_ppp_slip = "rx/tx ppp slip" rx_tx_string = "rx/tx string" rx_tx__max_neg_i_frame = "rx/tx max neg i frame" sp = "sp" ss7_cot = "ss7/cot" state_trnsn = "state transition" string = "string" sync_lost = "sync lost" t401_timeouts = "t401 timeouts" test_err = "test err" tx = "tx" tx_window_closures = "tx window closures" v0_synch_loss = "v0 synch loss" v110__rx_good = "v110: rx good" v42bis_size__dict = "v42bis size dict" v44_size__dict = "v44 size dict" v90_sgn_ptrn = "v90 signal pattern" v90_train = "v90 train" atmp = "atmp" attempt = "attempt" init = "init" snr = "snr" sq = "sq" rx_bad = "rx bad" low = "low" high = "high" desired_client = "desired client" desired_host = "desired host" remote = "remote" remote_up_down = "remote up/down" fail = "fail" disc_reason = "disc reason" account_id = "account ID" authen = "authentication" called = "called" calling = "calling" comp__last = "comp last" conn = "connection" disc_code = "disc code" disc_subsys = "disc subsys" disc_text = "disc text" ds0_slot_port_ds1_chan = "ds0 slot/port/ds1/chan" ec__rx_tx = "ec: rx/tx" init_rx_tx_b_rate = "init rx/tx b rate" mask = "mask" phys = "phys" prot__last = "prot: last" resource_slot_port = "resource slot/port" retr__local = "retr: local" rx_tx_b_rate__last = "rx/tx b rate last" rx_tx_chars = "rx/tx chars" rx_tx__chars = "rx/tx chars" setup = "setup" speedshift__local_up_down = "speedshift local up/down" std__last = "std last" v90__stat = "v90 stat" issue_id = "issue ID" issue_name = "issue name" intruder_ip = "intruder IP" intruder_name = "intruder name" victim_ip = "victim IP" victim_name = "victim name" parameters = "parameters" response_level = "response level" intruder_port = "intruder port" victim_port = "victim port" packet_flags = "packet flags" ### presentation_id = "presentation ID" platform = "platform" distribution = "distribution" cpu = "cpu" client_stats_results = "client stats results" startup = "startup" stream_number = "stream number" codec = "codec" transport_protocol = "transport protocol" clip_end = "clip end" customer = "customer" ssvc = "ssvc" cnt = "count" url_category = "URL category" tree_name = "tree name" object_container_name = "object container name" default_file_server = "default file server" current_login_addresses = "current login addresses" current_login_count = "current login count" orig = "origin" sys_message = "system message" fw_message = "firewall message" tcp_packet_out_of_state = "TCP packet out of state" icmp = "ICMP" nat_rulenum = "NAT rule number" nat_addtnl_rulenum = "NAT additional rule number" dns_query = "DNS query" dns_type = "DNS type" cache_status = "cache status" cache_service_method = "cache service method" filter_category = "filter category" cache_decision = "cache decision" http_status = "HTTP status" enterprise = "enterprise" enterprise_mib_name = "enterprise mib name" uptime = "uptime" agent_ip = "agent IP" generic_num = "generic num" specific_num = "specific num" var01_oid = "var01 oid" var01_value = "var01 value" var01_mib_name = "var01 mib name" var01_mib_value = "var01 mib value" var02_oid = "var02 oid" var02_value = "var02 value" var02_mib_name = "var02 mib name" var02_mib_value = "var02 mib value" var03_oid = "var03 oid" var03_value = "var03 value" var03_mib_name = "var03 mib name" var03_mib_value = "var03 mib value" var04_oid = "var04 oid" var04_value = "var04 value" var04_mib_name = "var04 mib name" var04_mib_value = "var04 mib value" var05_oid = "var05 oid" var05_value = "var05 value" var05_mib_name = "var05 mib name" var05_mib_value = "var05 mib value" var06_oid = "var06 oid" var06_value = "var06 value" var06_mib_name = "var06 mib name" var06_mib_value = "var06 mib value" route = "route" database = "database" information = "information" firewall = "firewall" hwdest = "destination mac address" destip = "destination IP" destport = "destination port" enetproto = "ETH protocol number" ipproto = "IP protocol" recvif = "receiver interface" hwsrc = "source mac address" ack = "ACK" arp = "ARP message type" ### conn = "connection" cwr = "CWR" destif = "destination interface" ece = "ECE" fin = "FIN" icmpdestip = "ICMP destination IP" icmpsrcip = "ICMP source IP" icmptype = "ICMP type" psh = "PSH" rst = "RST" syn = "SYN" urg = "URG" ### spam_bytes = "spam bytes" machine_desc = "machine description" monitor_info = "monitor info" result_id = "result ID" result_desc = "result description" action_time = "action time" result_value = "result value" result_info = "result info" convinfo = "conversion info" dstclass = "destination class" cache = "cache" ref = "reference" policy = "policy" engine = "engine" content = "content" prio = "priority" shutdown = "shutdown" previous_shutdown = "previous shutdown" corever = "core version" cfgver = "config file version" cfgfile = "config file used" termsent = "data sent (server)" origsent = "data sent (client)" connsrcport = "source port" connsrcip = "source IP" connsrcid = "source ping ID" connrecvif = "receiving interface" connipproto = "IP protocol" conndestport = "destination port" conndestip = "destination IP" conndestif = "destination interface" conndestid = "destination ping ID" udptotlen = "UDP data length" tcphdrlen = "TCP header length" ipdatalen = "IP data length" echoseq = "ECHO sequence" echoid = "ECHO ID" dest = "destination" peer = "peer" bidir = "bi direction" ses = "SES" demo = "demonstration mode" algsesid = "algsesid" algmod = "algmod" translated_source_ip = "translated source IP" translated_destination_ip = "translated destination IP" mime_part = "MIME part" spam_bytes = "spam bytes" src_ip = "source IP" dst_ip = "destination IP" side_in = "side in" side_out = "side out" side_exp = "side exp" cnx_state = "connection state" lvl_info = "level info" ### ibyte = "I byte" ### ipacket = "ipacket" ### ibyte_ack = "acknowledged bytes in" ### ipacket_ack = "acknowledged packets in" upload_size = "upload size" fromip = "from IP" ticket = "ticket" namespace = "namespace" x_transaction = "transaction" x_username = "username" x_hiercode = "hierarchy code" x_note = "note" destenet = "destination network" hwsender = "sender mac address" srcenet = "source network" vpntunnel = "VPN tunnel" local_address = "local address" loglevel = "log level" client_destination = "client destination" policy_type = "policy type" filter_type = "filter type" filter_name = "filter name" filter_result = "filter result" virus_file_name = "virus file name" message_count = "message count" e2e_time = "end-to-end time" ### host_time = "server processing time" nw_time = "network time" ssl_time = "SSL time" average_e2e_time = "average end-to-end time" average_host_time = "average server processing time" average_nw_time = "average network time" average_ssl_time = "average SSL time" session_hash = "session hash" kilobytes = "kilobytes" throughput = "througput" average_throughput = "average througput" tcp_ooo = "out-of-order TCP segments" tcp_rtt = "TCP time" average_tcp_ooo = "average out-of-order TCP segments" average_tcp_rtt = "average TCP time" tcp_retrans = "TCP retransmissions" average_tcp_retrans = "average TCP retransmissions" http_method = "HTTP method" http_version = "HTTP version" uri_query_string = "URI query string" post_query_string = "POST query string" is_container = "is container" is_subordinate = "is container" location_code = "location code" uri_stem = "page" response_code = "response code" win32_status = "win32 status" snmp_trap_product = "snmp trap product" id_source = "ID source" url_filter = "URL filter" check_result = "scan result" message_result = "message status" virus_name = "virus name" group = "group" setting = "setting" related_id = "related ID" key = "key" revision = "revision" opcode = "opcode" question_name = "question name" media_type = "media type" infected_status = "infected status" recip = "recipients" object = "object" mailbox = "mailbox" folder = "folder" blacklist = "blacklist" bytes_in = "bytes in" bytes_out = "bytes out" cpu_time = "CPU time" actual_time = "actual time" src_addr = "source address" dest_addr = "destination address" caller_id = "caller ID" branch = "branch" email_allowed = "contact type" platforms = "platforms" trial_download_time = "download date/time" message_test_field = "message test field" virus_host_file = "virus host file" ### virus_filter = "virus filter" ### spam_filter = "spam filter" connecting_server_ip = "connecting server IP" connecting_server_name = "connecting server name" local_ip_address = "local IP address" remote_ip_address = "remote IP address" x_record_type = "record type" x_object_id = "object ID" x_page_id = "page ID" x_session_id = "session ID" sc_location = "location" x_sc_mimetype = "MIME type" x_redirect = "redirect" x_document = "document" x_container = "container" x_component = "component" x_aborted = "aborted" email_address = "email address" client_computer = "client computer" user_account = "user account" client_os = "client OS" server_os = "server OS" share_name = "share name" content_length = "content length" blocked_content = "blocked content" summary = "summary" flow = "flow" strings = "strings" eventlog = "event log" recordnumber = "record number" timegenerated = "time generated" timewritten = "time written" eventid = "event ID" eventtype = "event type" eventtypename = "event type name" eventcategory = "event category" eventcategoryname = "event category name" sourcename = "sourcename" logins = "logins" gw_id = "gateway ID" trace_type = "trace type" bip_code = "BIP code" cs_sip = "server IP" channel_id = "channel ID" channel_name = "channel name" cdn_url = "CDN URL" source_url = "source URL" proxy_used = "proxy used" last_modified_time = "last modified time" headers = "headers" x_remote_id = "remote ID" x_sc_contentlength = "server-to-client content length" x_rs_contentlength = "remote-to-server content length" x_cs_bodylength = "client-to-server body length" x_sr_bodylength = "server-to-remote body length" x_cs_headerlength = "client-to-server header length" x_sc_headerlength = "server-to-client header length" x_sr_headerlength = "server-to-remote header length" x_rs_headerlength = "remote-to-server header length" x_elapsed_seconds = "elapsed seconds" evt_ref_id = "event reference ID" evt_id = "event ID" evt_name = "event name" evt_type = "event type" evt_desc = "event description" evt_sev = "event severity" evt_subj = "event subject" evt_cat = "event category" evt_date = "event date" physical_path = "physical path" virtual_path = "virtual path" conference_server_address = "conference server address" conference_id = "conference ID" client_name = "client name" client_type = "client type" cuid = "CUID" log_date_time = "log date/time" xlated_src_ip = "translated source IP" xlated_src_port = "translated source port" xlated_dst_ip = "translated destination IP" xlated_dst_port = "translated destination port" ### virus_host_file = "virus host file" virus_filter = "virus filter" spam_filter = "spam filter" s_spam_filter = "signature spam filter" h_spam_filter = "heuristic (SPS) spam filter" spam_filter_type = "spam filter type" spam_detected = "spam detected" virus_detected = "virus detected" logging_device_country = "country" client_version = "client version" overview_all_sites = "Overview All Sites" hours_all_sites = "Hours All Sites" days_all_sites = "Days All Sites" weekdays_all_sites = "Weekdays All Sites" traffic_over_time_all_sites = "Traffic Over Time All Sites" users_all_sites = "Users All Sites" devices_all_sites = "Devices All Sites" countries_all_sites = "Countries All Sites" encryption_all_sites = "Encryption All Sites" single_des_ips = "Single Des IPs" client_versions_all_sites = "Client Versions All Sites" client_ip_all_sites = "Client IP All Sites" overview_usa = "Overview USA" overview_usa_usar = "Overview USA (USAR)" overview_singapore = "Overview Singapore" overview_uk = "Overview UK" overview_france = "Overview France" overview_germany = "Overview Germany" overview_australia = "Overview Australia" overview_denmark = "Overview Denmark" overview_netherlands = "Overview Netherlands" overview_korea = "Overview Korea" overview_south_africa = "Overview South Africa" overview_switzerland = "Overview Switzerland" logins_usa = "Logins USA" logins_usa_usar = "Logins USA (USAR)" logins_singapore = "Logins Singapore" logins_uk = "Logins UK" logins_france = "Logins France" logins_germany = "Logins Germany" logins_australia = "Logins Australia" logins_denmark = "Logins Denmark" logins_netherlands = "Logins Netherlands" logins_korea = "Logins Korea" logins_south_africa = "Logins South Africa" logins_switzerland = "Logins Switzerland" failed_logins_usa = "Failed Logins USA" failed_logins_usa_usar = "Failed Logins USA (USAR)" failed_logins_singapore = "Failed Logins Singapore" failed_logins_uk = "Failed Logins UK" failed_logins_france = "Failed Logins France" failed_logins_germany = "Failed Logins Germany" failed_logins_australia = "Failed Logins Australia" failed_logins_denmark = "Failed Logins Denmark" failed_logins_netherlands = "Failed Logins Netherlands" failed_logins_korea = "Failed Logins Korea" failed_logins_south_africa = "Failed Logins South Africa" failed_logins_switzerland = "Failed Logins Switzerland" top_hours_usa = "Top Hours USA" top_hours_usa_usar = "Top Hours USA (USAR)" top_hours_singapore = "Top Hours Singapore" top_hours_uk = "Top Hours UK" top_hours_france = "Top Hours France" top_hours_germany = "Top Hours Germany" top_hours_australia = "Top Hours Australia" top_hours_denmark = "Top Hours Denmark" top_hours_netherlands = "Top Hours Netherlands" top_hours_korea = "Top Hours Korea" top_hours_south_africa = "Top Hours South Africa" top_hours_switzerland = "Top Hours Switzerland" weekdays_usa = "Weekdays USA" weekdays_usa_usar = "Weekdays USA (USAR)" weekdays_singapore = "Weekdays Singapore" weekdays_uk = "Weekdays UK" weekdays_france = "Weekdays France" weekdays_germany = "Weekdays Germany" weekdays_australia = "Weekdays Australia" weekdays_denmark = "Weekdays Denmark" weekdays_netherlands = "Weekdays Netherlands" weekdays_korea = "Weekdays Korea" weekdays_south_africa = "Weekdays South Africa" weekdays_switzerland = "Weekdays Switzerland" cert_info = "certificate info" issuer = "issuer" af_portal_id = "AF portal ID" network_name = "network name" desktop_server = "desktop server" obj = "object" ipaddr = "IP address" message_version = "message version" sequence_id = "sequence ID" policy_uuid = "policy UUID" signature_name = "signature name" message_parameters = "message parameters" capture_available = "capture available" slot_and_segment = "slot/segment" aggregation_period_start = "aggregation period start" events_in_aggregation_period = "events in aggregation period" error_location = "error location" page_title = "page title" cat = "category" cat_desc = "category description" event_header = "event header" sensor_name = "sensor name" collection = "collection" from_host = "from host" from_addr = "from address" catalog_id = "catalog ID" transmitted_records = "transmitted records" transmitted_user_data = "transmitted user data" compressed_user_data = "compressed user data" file_sender_partner = "file sender partner" file_receiver_partner = "file receiver partner" file_sender_user = "file sender user" file_receiver_user = "file receiver user" logic_file_id = "logic file ID" transfer_id = "transfer ID" date_command_catalog = "date command catalog" time_command_catalog = "time command catalog" transfer_begin_date = "transfer begin date" transfer_begin_time = "transfer begin time" transfer_end_date = "transfer end date" transfer_end_time = "transfer end time" item_type = "item type" protocol_id = "protocol ID" compression_rate = "compression rate" record_size = "record size" file_record_format = "file record format" network_compression = "network compression" private_parameter = "private parameter" file_application_sender = "file application sender" file_application_receiver = "file application receiver" partner_group = "partner group" calls = "calls" call_number = "call number" root_call_number = "root call number" parent_call_number = "parent call number" orig_id = "origin ID" orig_name = "origin name" orig_dept = "origin department" account_code = "account code" dest_id = "destination ID" dest_dept = "destination department" call_data = "call data" auth_code = "auth code" hunt_group = "hunt group" client_username = "client username" object_mime = "object mime" protocol_name = "protocol name" rule_1 = "rule 1" rule_2 = "rule 2" entity = "entity" logon_failure = "logon failure" object_handle = "object handle" login_duration = "login duration" available_duration = "available duration" unavailable_duration = "unavailable duration" agent_id = "agent ID" agent_first_name = "agent first name" agent_last_name = "agent last name" logout_type = "logout type" logged_groups = "logged groups" audit_event_id = "audit event id" audit_event_id_modifier = "audit event id modifier" invariant_audit_id = "invariant audit id" effective_user_id = "effective user id" effective_group_id = "effective group id" real_user_id = "real user id" real_group_id = "real group id" audit_session_id = "audit session id" terminal_id = "terminal id" text = "text" return_message = "return message" duration_to_answer = "duration to answer" talk_duration = "talk duration" hold_duration = "hold duration" wrap_duration = "wrap duration" abandoned_duration = "abandonded duration" ringing_duration = "ringing duration" supervisor_help_count = "supervisor help count" comment = "comment" event_category = "event category" account_type = "account type" assigned_ip_address = "assigned IP address" bytes_sent_delta = "bytes sent (delta)" bytes_received_delta = "bytes received (delta)" processing_time_delta = "processing time (delta)" bidirectional = "bidirectional" source_proxy = "source proxy" destination_proxy = "destination proxy" client_host_name = "client host name" destination_host_name = "destination host name" connection_id = "connection ID" network_interface = "network interface" raw_ip_header = "raw IP header" raw_payload = "raw payload" original_client_ip = "original client IP" client_agent = "client agent" http_response_code = "HTTP response code" last_command = "last command" last_response = "last response" infected_file_name = "infected file name" liveupdate_result_code = "LiveUpdate result code" virus_definitions_update_result_code = "virus definitions update result code" scan_result_code = "scan result code" spam_filter_outcome = "spam filter outcome" detection = "detection" partfile = "partfile" thread_id = "thread ID" local_addr = "local address" peer_addr = "peer address" peer_port = "peer port" peer_description = "peer description" scan_what = "scan what" scan_detect = "scan detect" scan_action = "scan action" delivery_error = "delivery error" device_hostname = "device hostname" paks_in = "packets in" paks_out = "packets out" acct_flags = "accounting flag" nas_portname = "NAS portname" task_id = "task ID" addr = "address" x_virus_details = "virus details" x_icap_error_code = "ICAP error code" x_icap_error_details = "ICAP error details" users = "users" request_bytes = "requested bytes" license_exp_date = "license expiry date" license_type = "license type" debug = "debug" ### object_type = "object type" ### object_name = "object name" key_info = "key info" feature_id = "feature ID" hierarchy_code = "hierarchy code" proxy_name = "proxy name" clientip = "client IP" session_events = "session events" brick_state = "brick state" code_id = "code ID" rule_fields_table = "rule fields table" eua_result = "EUA result" sub_type = "sub type" ### eua_result = "EUA result" auth_timeout = "auth timeout" user_db = "user DB" eua_action = "EUA action" elap = "elap" vpn_vendor = "VPN vendor" local_ip = "local IP" admin_id = "admin id" option = "option" exception_type = "exception type" bandwidth_type = "bandwidth type" unit = "unit" passed_bandwidth_after_throttling = "passed bandwidth after throttling" gamer_tag = "gamer tag" product_id = "product ID" title_id = "title ID" title_name = "title name" operator_id = "operator ID" retailer_id = "retailer ID" payment_method = "payment method" terminal_type = "terminal type" totpages = "total pages" stime = "printer start time" ptime = "printer end time" ### printer = "printer name" lines = "lines printed" copies = "copies printed" print_duration = "print duration" system_message = "system message" relay_hostname = "relay hostname" relay_ip = "relay IP" nrcpt = "number of recipients" messages_rcvd = "messages received" counter = "counter" transport_name = "transport name" router_name = "router name" warning = "warning" hostname_ip = "hostname / IP" ### authenticated_name = "auth name" smtp_delivery_conf = "delivery conf" cert_verif_status = "cert status" dist_name_from_peer = "name from peer" shadow_transport_name = "shadow transport name" user_rfc1413 = "RFC1413 user" tls_cipher_suite = "TLS cipher" messages_sent = "messages sent" messages_received = "messages received" messages_queued = "messages queued" messages_delivered = "messages delivered" messages_bounced = "messages bounced" messages_delayed = "messages delayed" messages_aborted = "messages aborted" bounce_reason = "bounce reason" bounce_response = "bounce response" warnings = "warnings" warning_message = "warning message" cid = "Client ID" rid = "RID" mid = "MID" icid = "ICID" vpn_name = "VPN name" http_accesses = "HTTP accesses" errors = "errors" worms = "worms" spiders = "spiders" broken_links = "broken links" screen_info_hits = "screen info hits" hit_type = "hit type" unique_ip_addresses = "unique IP addresses" filter_action = "filter action" filter_code = "filter code" filter_rcode = "filter rcode" base_code = "base code" threats = "threats" scans = "scans" total_files = "total files" infected_files = "infected files" threat = "threat" threat_type = "threat type" original_location = "original location" current_location = "current location" action_description = "action description" started_on = "started on" completed = "completed" # windows server 2008 security_id = "Security ID" account_domain = "Account Domain" new_logon = "New Logon" worksatation_name = "Workstation Name" auth_package = "Package" package_name = "Package Name (NTLM only)" key_length = "Key Length" # interscan_messaging_security_suite_integrated attachment = "attachment" action_on_content = "action on content" action_on_message = "action on message" quarantine_area_name = "quarantine area name" filter_content = "filter content" attachment_extension = "attachment extension" h_spam_filter_outcome = "H spam filter outcome" s_spam_filter_outcome = "S spam filter outcome" antivirus_filter_outcome = "antivirus filter outcome" content_filter_outcome = "content filter outcome" filtered_messages = "filtered messages" filtered_packets = "filtered packets" attachment_outcome = "attachment outcome" ipfilter_type = "ipfilter type" messages_processed = "messages processed" bytes_processed = "bytes processed" bytes_delivered = "bytes delivered" outbound_messages = "outbound messages" virus_processed = "virus processed" virus_delivered = "virus delivered" content_detected = "content detected" content_processed = "content processed" content_delivered = "content delivered" spam_processed = "spam processed" spam_delivered = "spam delivered" attachment_detected = "attachment detected" attachment_processed = "attachment processed" attachment_delivered = "attachment delivered" # ascenlink inpkts = "packets in" outpkts = "packets out" inbytes = "bytes in" outbytes = "bytes out" totlen = "total length" link = "link" inclass = "in class" outclass = "out class" # msieser_http client_mac_address = "client MAC address" server_ip_address = "server IP address" server_mac_address = "server MAC address" # mcafee_e1000_mail_scanner app = "application" spam_rules = "broken rules" spam_audit_id = "audit ID" spam_sender = "sender" spam_rcpt = "recipients" spam_address = "source address" spam_dest_address = "destination address" # exim_4 recipient_username = "recipient username" antibody_filter = "antibody filter" messages_filtered = "messages filtered" # nessus subnet = "subnet" # java_administration_mbean Active = "active" DeploymentState = "deployment state" Destination = "destination" Durable = "durable" EJBComponent = "EJB component" HealthState = "health state" Status = "status" Transacted = "transacted" FilterDispatchedRequestsEnabled = "filter dispatched request enabled" IndexDirectoryEnabled = "index directory enabled" JSPDebug = "JSP debug" JSPKeepGenerated = "JSP keep generated" JSPVerbose = "JSP verbose" CachingDisabled = "caching disabled" ObjectName = "object name" PoolState = "pool state" Enabled = "enabled" Name = "name" ### CachingDisabled = "caching disabled" ### ObjectName = "object name" ### PoolState = "pool state" ### Enabled = "enabled" SessionMonitoringEnabled = "session monitoring enabled" # java_administration_mbean numerical fields MaxCapacity = "max capacity" CurrCapacity = "current capacity" ExecuteThreadCurrentIdleCount = "execute thread current idle count" PendingRequestCurrentCount = "pending request current count" PendingRequestOld = "old pending request" ServicedRequestTotalCount = "serviced request total count" WaitSecondsHighCount = "wait seconds high count" StatementProfileCount = "statement profile count" PrepStmtCacheHitCount = "prepared statement cache hit count" ConnectionsTotalCount = "connections total count" ConnectionLeakProfileCount = "connection leak profile count" WaitingForConnectionCurrentCount = "waiting for connection current count" ActiveConnectionsCurrentCount = "active connection current count" ActiveConnectionsAverageCount = "active connections average count" ExecuteThreadTotalCount = "execute thread total count" ActiveConnectionsHighCount = "active connections high count" LeakedConnectionCount = "leaked connection count" PrepStmtCacheMissCount = "prepared statement cache miss count" WaitingForConnectionHighCount = "waiting for connection high count" PreparedStatementCacheProfileCount = "prepared statement cache profile count" FailuresToReconnectCount = "failure to reconnect count" HighestNumAvailable = "highest num available" HighestNumUnavailable = "highest num unavailable" NumAvailable = "num available" NumUnavailable = "num unavailable" ConnectionDelayTime = "connection delay time" AccessTotalCount = "access total count" ActiveTransactionsTotalCount = "active transactions total count" BeansInUseCount = "beans in use count" BeansInUseCurrentCount = "beans in use current count" BytesCurrentCount = "bytes current count" BytesHighCount = "bytes high count" BytesPendingCount = "bytes pending count" BytesReceivedCount = "bytes received count" BytesSentCount = "bytes sent count" BytesThresholdTime = "bytes threshold count" ConnectionsCurrentCount = "connections current count" ConnectionsHighCount = "connections high count" ConsumersCurrentCount = "consumers current count" ConsumersHighCount = "consumers high count" ConsumersTotalCount = "consumers total count" DestinationsCurrentCount = "destinations current count" DestinationsHighCount = "destinations high count" DestinationsTotalCount = "destinations total count" DestroyedTotalCount = "destroyed total count" IdleBeansCount = "idle beans count" InitialRecoveredTransactionTotalCount = "initial recovered transaction total count" JMSServersCurrentCount = "JMS servers current count" JMSServersHighCount = "JMS servers high count" JMSServersTotalCount = "JSM servers total count" MessagesCurrentCount = "messages current count" MessagesHighCount = "messages high count" MessagesPendingCount = "messages pending count" MessagesReceivedCount = "messages received count" MessagesSentCount = "messages sent count" MessagesThresholdTime = "messages threshold time" MissTotalCount = "miss total count" PendingRequestOldestTime = "pending request oldest time" PooledBeansCurrentCount = "pooled beans current count" ProducersCurrentCount = "producers current count" ProducersHighCount = "producers high count" ProducersTotalCount = "producers total count" RecoveredTransactionCompletionPercent = "recovered transactions completion percent" SecondsActiveTotalCount = "seconds active total count" SessionPoolsCurrentCount = "session pools current count" SessionPoolsHighCount = "session pools high count" SessionPoolsTotalCount = "session pools total count" SessionsCurrentCount = "sessions current count" SessionsHighCount = "sessions high count" SessionsTotalCount = "sessions total count" TimeoutTotalCount = "timeout total count" TransactionAbandonedTotalCount = "transaction abandoned total count" TransactionCommittedTotalCount = "transaction committed total count" TransactionHeuristicsTotalCount = "transaction heuristics total count" TransactionRolledBackAppTotalCount = "transaction rolled back app total count" TransactionRolledBackResourceTotalCount = "transaction rolled back resource total count" TransactionRolledBackSystemTotalCount = "transaction reolled back system total count" TransactionRolledBackTimeoutTotalCount = "transaction rolled back timeout total count" TransactionRolledBackTotalCount = "transaction rolled back total count" TransactionTotalCount = "transaction total count" TransactionsCommittedTotalCount = "transactions committed total count" TransactionsRolledBackTotalCount = "transactions rolled back total count" TransactionsTimedOutTotalCount = "transactions timed out total count" WaiterCurrentCount = "waiter current count" WaiterTotalCount = "waiter total count" ConnectionPoolCount = "connection pool count" JSPPageCheckSecs = "JSP page check secs" OpenSessionsCurrentCount = "open sessions current count" OpenSessionsHighCount = "open sessions high count" ServletReloadCheckSecs = "servlet reload check secs" SessionCookieMaxAgeSecs = "session cookie max age secs" SessionIDLength = "session ID length" SessionInvalidationIntervalSecs = "session invalidation interval secs" SessionTimeoutSecs = "session timeout secs" SessionsOpenedTotalCount = "session opened total count" SingleThreadedServletPoolSize = "single threaded servlet pool size" # trend_micro_control_manager policy_settings = "policy settings" generation_time_zone = "generation time zone" generated = "generated" infect_source = "infect source" infect_destination = "infect destination" pattern = "pattern" first_action = "first action" first_action_result = "first action result" second_action = "second action" second_action_result = "second action result" file_path = "file path" login_user_name = "login user name" object_name_url = "object name URL" blocking_type = "blocking type" blocking_rule = "blocking rule" malicious_events = "malicious events" content_filtering_events = "content filtering events" virus_events = "virus events" spyware_events = "spyware events" web_spyware_events = "web spyware events" workstation_spyware_events = "workstation spyware events" web_filtering_events = "web filtering events" email_filtering_events = "email filtering events" admin_events = "admin events" download_events = "download events" workstation_virus_events = "workstation virus events" web_virus_events = "web virus events" email_virus_events = "email virus events" # du kb = "kilobytes" file_bytes = "bytes from files" files = "files" directory = "directory" directory_bytes_recursive = "bytes in directories (recursively duplicated)" # kasperskylabs_mailserver scan_events = "scan events" modification_time = "modification time" source1 = "source 1" # netscreen_ssl_gateway role = "role" roles = "roles" # communigate_pro pop_logins = "POP logins" pop_messages_retrieved = "POP messages retrieved" pop_bytes_retrieved = "POP bytes retrieved" pop_messages_deleted = "POP messages deleted" imap_account = "IMAP account" imap_logins = "IMAP logins" # deepmail_pop_imap_smtp octets_retrieved = "octets retrieved" messages_listed = "messages listed" messages_seen = "messsages seen" messages_unseen = "messsages unseen" messages_deleted = "messages deleted" messages_retrieved = "messages retrieved" queuefile = "queue file" # locayta_logging websessionid = "web session ID" searchtype = "search type" resulttype = "result type" servername = "server name" requeststarttime = "request start time" requestendtime = "request end time" requesttotalrecordcount = "request total record count" requestpagerecordcount = "request page record count" querystring = "query string" searches = "searches" gatewaysessionid = "gateway session id" searches = "searches" initialpage = "initial page" billablesearches = "billable searches" pagerequests = "page requests" classificationlist = "classification list" localitylist = "locality list" classificationargument = "classification argument" classificationselection = "classification selection" localityargument = "locality argument" localityselection = "locality selection" paidadsserved = "paid ads served" bookid = "BookID" # interscan_web_security_suite blocked_url = "blocked URL" opp_id = "opp ID" content_category = "content category" trend_category = "trend category" sub_category = "sub category" url_filtering_events_url_blocking = "URL filtering events (url_blocking log)" url_filtering_events_http = "URL filtering events (http log)" # Clickstream Technologies Plc - DataSherpa Log Format x_colour_depth = "Colour Depth" x_javascript_version = "Javascript Version" x_language = "Language" x_screen_resolution = "Screen Resolution" x_timezone_offset = "Timezone Offset" x_java_enabled = "Java Enabled" x_browser_size = "Browser Size" x_connection_type = "Connection Type (client)" x_homepage = "Homepage (current page)" x_flash_version = "Flash Version" x_plug_ins = "Plug-ins" x_form_data_raw_cookie = "form-data" x_html_title = "Page Title" x_accepting_cookies = "Accepting Cookies" x_impression_id = "Impression ID" x_client_uid = "Client User ID" x_display_id = "Page Display ID" x_new_session_flag = "New Session" x_new_user_flag = "New User" x_new_visit_flag = "New Visit" x_page_enum = "Page Enumeration" x_popup_flag = "Pop up" x_previous_page = "Previous Page" x_referer_host = "Referer Host" x_request_id = "Request ID" x_robot_name = "Robot Name" x_server_uid = "Server User ID" x_userdefined_page_name = "Page Name (custom)" x_userdefined_page_name_category = "Page Name Category (custom)" x_userdefined_page_name_categoryparent = "Page Name CategoryParent (custom)" x_visit_id = "Visit ID" x_suspicion_level = "Suspicion Level" x_extended_data_raw = "CSData" x_extended_data_error = "CSData - Error" x_download_time = "Download Time" # zeus_g orders = "orders" mml_order_id = "MML order ID" gk_order_id = "GK order ID" item_description = "item description" item_id = "item ID" items_ordered = "unique items ordered" total_amount = "order revenue" discount_amount = "discount amount" tax_amount = "tax amount" shipping_amount = "shipping amount" item_quantity = "item quantity" item_cost = "item cost" total_item_cost = "total item cost" nodelf = "node" #### paid_search_engine = "paid search engine" integrated_search_engine = "search engine" ### # bt_logging ### searches = "searches" ### gatewaysessionid = "gateway session id" # iscdhcpleases lease = "lease" leases = "leases" # terraplay fields application_name = "application name" session_name = "session name" gas_ip_address = "client GAS IP" session_profile_name = "session profile name" client_profile_name = "client profile name" client_role = "client role" client_conn = "connections" total_clients = "total clients per session" total_objects = "total objects per session" total_objects_groups = "total object groups per session" client_status = "client status" max_upstream = "max byte rate upstream" max_downstream = "max byte rate downstream" max_udp_size = "max UDP payload" term_session_reason = "termination reason (session)" client_disconn_reason = "disconn reason (client)" extra_session_info = "info (session)" extra_client_info = "info (client)" # intermapper_event up_time = "up time" down_time = "down time" utilization = "utilization" index_number = "index number" # sendmail ctladdr = "control address" dsn = "DSN" # msieser_smtp cc = "CC" attachments = "attachments" # praudit audit_event_id = "audit event ID" audit_event_id_modifier = "audit event ID modifier" invariant_audit_id = "invariant audit ID" effective_user_id = "effective user ID" effective_group_id = "effective group ID" real_user_id = "real user ID" real_group_id = "real group ID" audit_session_id = "audit session ID" terminal_id = "terminal ID" text = "text" return_message = "return message" audit_event_id = "audit event ID" audit_event_id_modifier = "audit event ID modifier" invariant_audit_id = "invariant audit ID" effective_user_id = "effective user ID" effective_group_id = "effective group ID" real_user_id = "real user ID" real_group_id = "real group ID" audit_session_id = "audit session ID" terminal_id = "terminal ID" text = "text" return_message = "return message" access_mode = "access mode" owner_user_id = "owner user ID" owner_group_id = "owner group ID" file_system_id = "file system ID" inode_id = "inode ID" exec_args = "exec args" # zyxel_firewall_welf devid = "device ID" cat = "category" protoid = "protocol ID" trans = "transfer" # forti_gate cat_desc = "category description" serial = "serial" ui = "UI" ftp = "FTP" http = "HTTP" imap = "IMAP" pop3 = "POP3" smtp = "SMTP" aven = "aven" fcni = "fcni" fdni = "fdni" idsdb = "idsdb" idsmn = "idsmn" idssn = "idssn" libav = "libav" virdb = "virdb" app_type = "application type" new_act = "new action" new_daddr = "new destination address" new_dintf = "new destination interface" new_log = "new log" new_nat = "new NAT" new_saddr = "new source address" new_schd = "new schedule" new_sintf = "new source interface" new_svr = "new server" old_act = "old action" old_daddr = "old destination address" old_dintf = "old destination interface" old_log = "old log" old_nat = "old NAT" old_saddr = "old source address" old_schd = "old schedule" old_sintf = "old source interface" old_svr = "old server" dst_country = "destination country" src_country = "source country" tran_sip = "translated source IP" tran_sport = "translated source port" profilegroup = "profile group" shaper_drop_sent = "shaper drop sent" shaper_drop_rcvd = "shaper drop received" perip_drop = "perip drop" vpn_tunnel = "VPN tunnel" app_cat = "application category" carrier_ep = "carrier EP" subapp = "subapplication" subapp_cat = "subapplication category" # symantec_gateway_security month = "month" argument = "argument" av_comfort = "antivirus comfort" av_scan = "antivirus scan" context_data = "context data" context_description = "context description" probable_probe = "probable probe" trace_route_ttl = "trace route TTL" # mailman_post posting_user = "posting user" posts = "posts" # watchguard_xml pckt_len = "packet length" ip_hdr_len = "IP header length" tz = "timezone" pr = "protocol" wgt = "WGT" proc_id = "process ID" disp = "displacement" src_intf = "source interface" why = "reason" recv = "received" src_user = "source user" src_ip_nat = "source NAT IP" src_port_nat = "source NAT port" dst_ip_nat = "destination NAT IP" dst_port_nat = "destination NAT IP" dst_intf = "destination interface" alarm_id = "alarm ID" alarm_name = "alarm name" msg_id = "message ID" proxy_act = "proxy action" new_msg = "new message" tcpinfo = "TCP information" cats = "categories" # microsoft_windows_firewall tcpsyn = "TCP SYN" tcpack = "TCP ACK" tcpwin = "TCP window" icmpcode = "ICMP code" # amavis mail_id = "mail ID" # cisco_as5300 slot_port = "slot port" slot_contr_chan = "slot/control/channel" call_id = "call ID" std = "standard" prot = "protocol" comp = "compression" init_rx_b_rate = "initial receive bit rate" init_tx_b_rate = "initial transfer bit rate" finl_rx_b_rate = "final receive bit rate" finl_tx_b_rate = "final transfer bit rate" retr = "retries" rx_chars = "received chars" tx_chars = "transferred chars" bad = "bad" rx_ec = "received EC" tx_ec = "transferred EC" finl_state = "final state" disc_radius_ = "disconnect (radius)" disc_modem_ = "disconnect (modem)" calls = "calls" # mc_afee_web_shield_xml utc_time = "UTC time" local_time = "local time" tz_offset = "timezone offset" os_name = "OS name" os_version = "OS version" host_ip = "host IP" host_domain_name = "host domain name" sev_type = "severity type" client_request = "client request" client_request_line = "client request line" audit_id = "audit ID" conversation_id = "conversation ID" conversation_policy = "conversation policy" neat_delta = "neat delta" neat_starttime = "neat starttime" # xwall returnpath = "return path" msgdate = "message date" msgtime = "message time" sendprio = "send priority" rr = "RR" att = "ATT" history = "history" infected = "infected" virusinfo = "virus info" format = "format" bayes = "bayes" exclude = "exclude" ipaddress = "IP address" heuristic = "heuristic" atttype = "ATT type" slsservice = "SLS service" slsinfo = "SLS info" # internet_security_systems_network_sensors tag_name = "tag name" event_count = "event count" target_ip = "target IP" sensor_dns_name = "sensor DNS name" algorithm_id = "algorithm ID" attacksuccessful = "attack successful" ianaprotocolid = "iana protocol ID" sourceethernetaddress = "source ethernet address" systemagent = "system agent" intruder_ip_addr = "intruder IP address" packet_destinationaddress = "packet destination address" packet_destinationport = "packet destination port" packet_destinationportname = "packet destination port name" packet_sourceaddress = "packet source address" packet_sourceport = "packet source port" packet_sourceportname = "packet source port name" victim_ip_addr = "victim IP addr" login = "login" attackorigin = "attack origin" caller_machine_name = "caller machine name" destinationethernetaddress = "destination ethernet address" serverid = "server ID" intruder_ip_addr = "intruder IP address" victim_ip_addr = "victim IP address" victimip = "victim IP" accessed = "accessed" http_server = "HTTP server" login = "login" accessed = "accessed" content_range = "content range" repeat_count = "repeat count" firstip = "first IP" secondip = "second IP" xid = "XID" http_server = "HTTP server" server_type = "server type" victimip = "victim IP" # snare_aix obs1 = "obs1" obs2 = "obs2" egid = "group ID" epriv = "privileges" fd = "file descriptor" # Domino Access logs translated_uri = "translated URI" cookie_header = "cookie header" # sourcefile_ids initiator_ip = "initiator IP" responder_ip = "responder IP" initiator_port = "initiator port" responder_port = "responder port" first_packet = "first packet" last_packet = "last packet" protocols = "protocols" client_application_id = "client application ID" client_application_version = "client application version" unique_initiator_ips = "unique initiators IPs" # autoadmin is_error = "is error" # blue_coat_w3_c cs_uri_path = "path" af_site_name = "site name" af_country_code = "country code" af_reporting_region_code = "reporting region code" af_reporting_sector_code = "reporting sector code" af_hyperion_code = "hyperion code" # symantec_antivirus logged_by = "logger" # annex_term_server terminal = "terminal" port_number = "port number" # kerio_mailserver sender_host = "sender host" messages_failed = "messages failed" messages_relayed = "messages relayed" bytes_failed = "bytes failed" bytes_relayed = "bytes relayed" bytes_delayed = "bytes delayed" security_events = "security events" messages_spam_filtered = "messages spam filtered" bytes_spam_filtered = "bytes spam filtered" spam_threshold = "spam threshold" spam_subject = "spam subject" # netscape req__headers_host = "server domain" # backup_exec set_resource_name = "set resource name" resource_name = "set resource name" tape_name = "tape name" display_volume = "display volume" volume_display_volume = "display volume" backup_type = "backup type" mail_messages_backed_up = "mail messages backed up" folders_backed_up = "folders backed up" mailboxes_backed_up = "mailboxes backed up" files_backed_up = "files backed up" directories_backed_up = "directories backed up" sets_backed_up = "sets backed up" misc = "miscellaneous" summary_misc = "miscellaneous" joblog_header_server = "server" joblog_header_name = "name" # argosoft_mail_server connections_rejected = "connections rejected" bytes_queued = "bytes queued" rejection_reason = "rejection reason" spam_messages_queued = "spam messages queued" spam_messages_delivered = "spam messages delivered" # mps retrieved_documents = "retrieved documents" searched_databases = "searched databases" retrieved_from_database = "retrieved from database" document_id = "document ID" item = "item" # tipping_point_ips message_version = "message version" iso_start_time = "iso start time" alert_hostname = "alert hostname" alert_ip = "alert IP" sequence_id = "sequence ID" reserved = "reserved" policy_uuid = "policy UUID" signature_name = "signature name" protocol_name = "protocol name" iso_end_time = "iso end time" traffic_threshold_parameters = "traffic threshold parameters" traffic_capture_available = "traffic capture available" slot_and_segment = "slot and segment" request_target = "request target" request_detail = "request detail" firewall_ip_protocol = "firewall IP protocol" # barracuda_spam_firewall (fields) messages_quarantined = "messages quarantined" spam_blocking_expression = "spam blocking expression" messages_tagged = "messages tagged" virus_blocking_expression = "virus blocking expression" messages_spam_blocked = "messages spam blocked" messages_virus_blocked = "messages virus blocked" queued_messages_quarantined = "queued messages quarantined" queued_messages_spam_blocked = "queued messages spam blocked" queued_messages_virus_blocked = "queued messages virus blocked" queued_messages_tagged = "queued messages tagged" delivered_messages_quarantined = "delivered messages quarantined" delivered_messages_spam_blocked = "delivered messages spam blocked" delivered_messages_virus_blocked = "delivered messages virus blocked" delivered_messages_tagged = "delivered messages tagged" encrypted = "encrypted" queue_id = "queue ID" messages_scanned = "messages scanned" messages_rejected = "messages rejected" messages_allowed = "messages allowed" messages_deferred_scan = "messages deferred (SCAN)" messages_deferred_recv = "messages deferred (RECV)" messages_pu_quarantined = "messages quarantined (per user)" messages_whitelist = "messages whitelisted" messages_blocked = "messages blocked" messages_expired = "messages expired" bytes_blocked = "bytes blocked" bytes_expired = "bytes expired" bytes_bounced = "bytes bounced" # juniper_ssl concurrent_users = "Concurrent users" concurrent_users_count = "Concurrent user events" j_date_time = "j date time" failed_logins = "failed logins" # cisco_voice_router receivepackets = "packets received" # openldap search_base = "search base" search_scope = "search scope" search_filter = "search filter" search_result_tag = "search result tag" search_result_err = "search result error" search_result_txt = "search result text" bind_dn = "bind DN" bind_method = "bind method" bind_result_tag = "bind result tag" bind_result_err = "bind result error" bind_result_txt = "bind result text" # barrier_group event_protocol = "event protocol" source_mac = "source MAC" internal_source = "internal source" blocked_source = "blocked source" dest_ip = "destination IP" dest_port = "destination port" dest_url = "destination URL" dest_mac = "destination MAC" internal_dest = "internal destination" blocked_dest = "blocked destination" good_host = "good host" bad_host = "bad host" detector = "detector" internal_sources = "internal sources" blocked_sources = "blocked sources" internal_destinations = "internal destinations" blocked_destinations = "blocked destinations" good_hosts = "good hosts" bad_hosts = "bad hosts" # performance_monitor machine = "machine" percent_cpu_used = "percent cpu used" load = "load" disk_usage = "disk usage" samples = "samples" packets_in_out = "packets in/out" percent_cpu_used_average = "average percent cpu used" load_average = "average load" disk_usage_average = "average disk usage" packets_in_out_average = "average packets in/out" percent_cpu_used_maximum = "maximum percent cpu used" load_maximum = "maximum load" disk_usage_maximum = "maximum disk usage" packets_in_out_maximum = "maximum packets in/out" percent_cpu_used_minimum = "minimum percent cpu used" load_minimum = "minimum load" disk_usage_minimum = "minimum disk usage" packets_in_out_minimum = "minimum packets in/out" page_faults = "page faults" page_faults_minimum = "minimum page faults" page_faults_maximum = "maximum page faults" page_faults_average = "average page faults" errors_minimum = "minimum errors" errors_maximum = "maximum errors" errors_average = "average errors" # cisco_wlan_controller source_code_filename = "source code filename" source_code_line_number = "source code line number" # aventail_client_server_access (fields) auth_method = "authentication method" equipment_id = "equipment ID" timezone = "time zone" dest_host = "destination host" flow_events = "flow events" tunnel_flows = "tunnel flows" flow_duration = "flow duration" tunnel_duration = "tunnel duration" # aventail_web_access full_ldap_user = "full LDAP user" # racf_security sysid = "system ID" job = "job" step = "step" terminal_level = "terminal level" qual = "qualifier" jobid = "job ID" userdata = "user data" jesinput = "JES input" exenode = "EXE node" appl = "application" dataset = "dataset" genprof = "generate profile" volume = "volume" intent = "intent" allowed = "allowed" token_status = "token status" # windows_event_log_dumpel document_number = "document number" document_name = "document name" pages = "pages" new_handle_id = "new handle ID" event_code_description = "event code description" event_code_category = "event code category" # microsoft_media_server x_duration_per_visitor = "play duration per visitor" x_duration_per_clip = "play duration per clip" x_duration_per_success_access = "play duration per successful access" session_event_type = "session event type" successful_clips = "successful clips" successful_accesses = "successful accesses" property_value = "property value" stream_start_stop_events = "stream start/stop events" # cisco_pix source_network_port = "source network port" destination_network_port = "destination network port" icmp_type = "ICMP type" icmp_code = "ICMP code" aaa_status = "AAA status" group_policy = "group policy" private_ip = "private IP" message_facility = "message facility" message_severity = "message severity" message_mnemonic = "message mnemonic" client_type = "client type" client_public_addr = "client public address" server_public_addr = "server public address" assigned_public_addr = "assigned public address" # cisco_pix numeric connections_torn_down = "connections torn down" connections_built = "connections built" access_list = "access list" vty_line = "VTY line" # log4j agency_id = "agency ID" build = "build" milliseconds_from_layout_construction = "milliseconds from layout construction" nested_diagnostic_content = "nested diagnostic content" mapped_diagnostic_content = "mapped diagnostic content" thread_name = "thread name" logging_category = "logging category" # beatbox sc_ack_time = "server-to-client ack time" cs_ack_time = "server-to-client ack time" sc_send_time = "server-to-client send time" cs_send_time = "server-to-client send time" sc_reply_time = "server-to-client reply time" cs_reply_time = "server-to-client reply time" # ice_cast total_duration_96kbps = "total duration (based on 96kbps)" average_duration_96kbps = "average duration (based on 96kbps)" more_than_15_minutes = "more than 15 minutes" fifteen_minute_sessions = "fifteen minute sessions" # mutiny property_value = "Value" event_status = "Event status" node_name = "Node names" node_label = "Node label" event_state = "Event state" event_id = "Event ID" property_event = "Property events" cpu_load = "CPU Load" mem_usage = "Memory Usage" disk_usage = "Disk Usage" if_usage_in = "Interface Usage (in)" if_usage_out = "Interface Usage (out)" if_bandwidth_in = "Interface Bandwidth (in)" if_bandwidth_out = "Interface Bandwidth (out)" if_bandwidth_tot = "Interface Bandwidth (total)" view = "view" mutiny_node = "mutiny node" session_timing_event = "session timing event" property_name_du = "property name du" property_name_iu = "property name iu" property_name_ib = "property name ib" uptime_events = "uptime events" property_event_cpu_load = "property event cpu load" property_event_memory_usage = "property event memory usage" property_event_disk_usage = "property event disk usage" property_event_interface_usage_in = "property event interface usage in" property_event_interface_usage_out = "property event interface usage out" property_event_interface_bandwidth_in = "property event interface bandwidth in" property_event_interface_bandwidth_out = "property event interface bandwidth out" # cisco_vpnconcentrator vpn_sessions = "VPN sessions" arp_ip = "ARP IP" arp_mac = "ARP MAC" # MainEnable Mail Server pop_events = "POP events" # iptables_config rule_no = "rule number" rule_name = "rule name" inbound_inf = "inbound interface" outbound_inf = "outbound interface" source_ports = "source ports" destination_ports = "destination ports" # microsoft_exchange2000 unique_message_ids = "unique message IDs" sender_domain = "sender domain" recipient_domain = "recipient domain" # radius_accounting current_connections = "current connections" maximum_connections = "maximum connections" cisco_av_pair = "cisco AV pair" aaa_server = "AAA server" network_device_group = "network device group" access_device = "access device" outer_ip_address = "outer IP address" # flash_media_server sc_stream_bytes = "server-to-client stream bytes" x_file_size = "file size" x_file_length = "file length" stream_stop_file_length = "file length (at stream stop)" x_app = "application" x_category = "event category" x_event = "event type" x_pid = "PID" x_sid = "stream ID" # 2009-07-29 - MSG - Changed the label for this field from 'Server name' to 'Stream name' since # the field values are stream URLs and customers didn't know where the URL report was. #x_sname = "server name" x_sname = "stream name" x_comment = "comment" c_client_id = "client ID" x_suri_stem = "server path name" c_referrer = "referrer" c_user_agent = "user agent" c_proto = "client protocol" x_ctx = "context" x_sname_query = "stream URI query" x_file_ext = "file extension" x_spos = "stream position" x_status = "status" session_duration = "media session duration" stream_duration = "stream duration" stream_duration_per_event = "stream duration per event" stream_duration_per_visitor = "stream duration per visitor" c_spos = "stream position (client)" # edgecast_flash_media_server flash_session_duration = "flash session duration" watch_duration_percentage = "watch duration percentage" bytes_watched_percentage = "bytes watched percentage" stream_duration_per_client_ip = "stream duration per client IP" # ezproxy ezproxy_dbvar0 = "database variable" ezproxy_groups = "groups" ezproxy_protocol = "protocol" ezproxy_session = "current session" ezproxy_usrvar0 = "user" ezproxy_usrvar1 = "user" ezproxy_usrvar2 = "user" ezproxy_usrvar3 = "user" ezproxy_usrvar4 = "user" ezproxy_usrvar5 = "user" ezproxy_usrvar6 = "user" ezproxy_usrvar7 = "user" ezproxy_usrvar8 = "user" ezproxy_usrvar9 = "user" # ironmail_spam esp_total_points = "ESP total points" # peoplesoft_appserver lang = "language" token = "token" identifier = "identifier" stream_id = "stream ID" # applied_identity ruleid = "rule ID" authsource = "authentication source" # sidewinder_firewall ipkt = "packets in" opkt = "packets out" agent_type = "agent type" acl_id = "ACL ID" cache_hit = "cache hit" acl_position = "ACL position" request_status = "request status" cpu_data = "CPU data" real_data = "real data" virt_data = "virtual data" load_data = "load data" mbuf_data = "MBUF data" dsthostname = "destination hostname" filedom = "file domain" filetyp = "file type" permgranted = "permission granted" permwanted = "permission wanted" originator_domain = "originator domain" recipient_domain = "recipient domain" srcdmn = "source domain" srchostname = "source hostname" srcservice = "source service" tgtdmn = "target domain" udb_action = "UDB action" udb_admin = "UDB admin" udb_class = "UDB class" udb_user = "UDB user" # cisco_net_flow_flow_export dpkts = "packets" doctets = "bytes" unix_secs = "unix seconds" unix_nsecs = "unix nseconds" sysuptime = "system uptime" exaddr = "exporter IP" first = "first" engine_type = "engine type" engine_id = "engine ID" srcaddr = "source address" dstaddr = "destination address" nexthop = "next hop IP" input = "input interface number" output = "output interface number" src_mask = "source mask" dst_mask = "destination mask" src_as = "source AS" dst_as = "destination AS" tos = "type of service" # sonic_wall_tz_170 destination_description = "destination description" scanned_port_list = "scanned port list" # net_cache_net_app55 x_client_port = "client port" x_action = "action" x_packets = "packets sent" x_dropped_bytes = "bytes dropped" x_requested_packets = "packets requested" x_dropped_packets = "packets dropped" x_protocol = "protocol" x_transport = "transport protocol" x_product = "product" x_client_id = "client ID" x_wwfilter_categories = "filter categories" x_wwfilter_result = "filter result" x_elapsed_milliseconds = "elapsed milliseconds" x_play_time = "play times" x_connect_time = "connect times" x_play_time_per_visitor = "play time per visitor" x_play_time_per_request = "play time per request" x_connect_time_per_visitor = "connect times per visitor" x_connect_time_per_request = "connect times per request" x_last_verify = "last verify time" cached = "cache status" sc_comment = "server comment" # safesquid_combined filter_reason = "filter reason" interface_ip = "interface ip" interface_port = "interface port" unique_record_id = "unique record id" client_connection_id = "client connection id" http_status_code = "http status code" filter_reason = "filter reason" interface_ip = "interface ip" interface_port = "interface port" profiles = "profiles" events_profile = "events (profile)" bytes_transferred_profile = "bytes transferred (profile)" elapsed_time_profile = "elapsed time (profile)" # safesquid_orange unique_ips = "unique IPs" clientid = "clientid" client_accept = "client accept" client_referer = "client referrer" client_host = "client host" client_range = "client range" http_file = "HTTP file" http_host = "HTTP host" http_port = "HTTP port" http_proto = "HTTP proto" pwd = "pwd" shlvl = "shlvl" client_cookie = "client cookie" client_user_agent = "client user agent" # iscdhcp lease_duration = "lease duration" network = "network" # juniper_netscreen_secure_access request_url = "request url" user_role = "user role" user_realm = "user realm" meeting_id = "meeting id" meeting_name = "meeting name" meeting_description = "meeting description" upload_download_file_type = "upload/download file type" destination_path = "destination path" scheme = "scheme" # numeric web_access_duration = "Web access duration" items_listed = "items listed" chunks_read = "chunks read" chunks_written = "chunks written" terminal_connections_authorized = "terminal connections authorized" planned_meeting_duration = "Planned meeting duration" meeting_attendee_duration = "Meeting attendee duration" meeting_attendee = "Total attendees" meeting_data = "Total transmitted data size(KB)" # centricity_pacs ## evc = "event ckey" ## type = "event type" ## edt = "event date time" ## euid = "exam ID" ## suid = "study ID" ## an = "accession number" ## pc = "procedure code" ## pd = "procedure description" ## mod = "modality" ## bp = "body part" ## sc = "site code" ## sd = "study date" ## acqsc = "acquisition site" ## ad = "acquisition date" ## ni = "number of images" ## nri = "number of rejected images" ## nf = "total number of frames" ## nrf = "number of rejected frames" ## ep = "exam priority" ## es = "exam status" ## aqs = "acquisition status" ## stsid = "short term storage device" ## vuid = "long term archive device" ## rpid = "requesting physician ID" ## rpn = "requesting physician name" ## apid = "approving physician ID" ## apn = "approving physician name" ## did = "deptartment ID" ## wid = "workstation ID" ## unm = "user name" ## uid = "user name" ## pdob = "patient birth date" ## rpi = "patient ID" ## urpi = "internal patient ID" ## pn = "patient name" ## ls = "archive status" ## osuid = "old study ID" ## oan = "old accession number" ## orpi = "old patient ID" ## ourpi = "old internal patient ID" ## opn = "old patient name" # easy_lender_login_audit user_full_name = "user name" user_last_name = "user last name" user_title = "user title" account_status = "account status" # tfs_mailreport_extended attachment_size = "attachment size" message_id = "message ID" host_ip_address = "host IP address" message_signature = "message signature" message_encryption = "message encryption" attachment_name = "attachment name" attachment_signature = "attachment signature" attachment_encryption = "attachment encryption" virus_result = "virus result" virus_action = "virus action" policy_result = "policy result" policy_action = "policy action" connecting_ip_address = "connecting IP address" rbl_domain = "RBL domain" rbl_response = "RBL response" connection_action = "connection action" connection_status = "connection status" connection_result = "connection result" # zone_alarm source_description = "source description" # nortel_ssl_vpn share = "share" tunip = "tunnel IP" groups = "groups" # Just the flight ppc = "PPC" ppcseid = "PPC search engine ID" ppcsekeyword = "PPC search engine keywords" log_order_number = "order number" log_amount = "amount" log_name = "name" log_email = "email" # Kerio WinRoute Web format page_title = "page title" # iron_port sbrs_action = "SBRS action" sbrs_list = "SBRS list" sbrs_score = "SBRS score" webrep = "Web Reputation" dvs = "DVS engine" spyware_name = "spyware name" trr = "threat risk rating" webroot_threat_id = "webroot thread ID" webroot_trace_id = "webroot trace ID" bandwidth_source = "bandwidth source" message_deliveries_aborted = "message deliveries aborted" messages_spam_positive = "messages spam positive" messages_virus_positive = "messages virus positive" # inter_scan_viruswall http_events = "HTTP events" # cwat (this is now cwat_alert and has different groups) site_id = "site ID" alert_id = "alert ID" alert_sequence = "alert sequence" alert_date = "alert date" alert_status_code = "alert status code" alert_status = "alert status" thread_id = "thread ID" machine_time = "machine time" sequence_number = "sequence number" cwat_node_management_id = "CWAT node management ID" alert_location = "alert location" flag_under_om_management = "flag under OM management" log_number = "log number" alert_type = "alert type" alert_level = "alert level" policy_category = "policy category" suspicious_event_score = "suspicious event score" suspicious_event_day = "suspicious event day" suspicious_event_time = "suspicious event time" suspicious_event_score_statement = "suspicious event score statement" node_usage_type = "node usage type" logon_user = "logon user" bus_discrimination_id = "bus discrimination ID" bus_peculiar_code = "bus peculiar code" device_discrimination_id = "device discrimination ID" device_peculiar_code = "device peculiar code" bus_status = "bus status" output_file_size = "output file size" output_file_name = "output file name" startup_shutdown_process_name = "startup shutdown process name" window_name = "window name" source_file_name = "source file name" dest_file_name = "dest file name" install_app_name = "install app name" dest_installation = "dest installation" book_name = "book name" keyword = "keyword" screenshot_info = "screenshot info" sourcemac = "sourcemac" communication_type = "communication type" unregistered_node_ip = "unregistered node IP" unregistered_node_mac = "unregistered node mac" last_shutdown = "last shutdown" packet_data = "packet data" tampered_log_name = "tampered log name" os_time_after_tamper = "os time after tamper" machine_alert_id = "machine alert ID" alert_event_type = "alert event type" media_name = "media name" bcc = "bcc" send_time = "send time" mail_size = "mail size" mail_count = "mail count" mail_body = "mail body" attachment_presence = "attachment presence" attach_name = "attach name" attach_size = "attach size" keyboard_operation = "keyboard operation" clipboard_type = "clipboard type" clipboard_information = "clipboard information" alert_status_update_time = "alert status update time" record_update_time = "record update time" action_date = "action date" operator = "operator" action_contents_code = "action contents code" action_contents = "action contents" action_result_code = "action result code" action_result = "action result" auto_mnl_action_code = "auto mnl action code" auto_mnl_action = "auto mnl action" cwat_standard_time_action = "CWAT standard time action" sequence_number_action = "sequence number action" alert_id_action = "alert id action" user_name_action = "user name action" comment = "comment" update_time = "update time" virus_check_result_code = "virus check result code" virus_check_result = "virus check result" virus_check_start_time = "virus check start time" virus_check_complete_time = "virus check complete time" nodes = "nodes" site_name = "site name" last_alert_time = "last alert time" power_on = "power on" power_off = "power off" medium = "medium" pending = "pending" checking = "checking" processed = "processed" no_action = "no action" alert_count = "alert count" node_count = "node count" cwat_location = "user group" high_priority_events = "high priority events" medium_priority_events = "medium priority events" low_priority_events = "low priority events" # managers_events = "managers events" # partners_events = "partners events" # normal_events = "normal events" alert_month = "alert month" # intersafe sub_group = "sub-group" account_name = "account name" transmit_status = "transmit status" transmit_time = "transmit time" transmit_data = "transmit data" document_type = "document type" request_protocol = "request protocol" # syslog_ng_tab_separated syslog_facility = "syslog facility" syslog_level = "syslog level" syslog_tag = "syslog tag" syslog_syslogread = "syslog read" syslog_seq = "syslog sequence number" syslog_datetime = "syslog datetime" # netgear_fvl328_syslog_required destination_url = "destination url" host_mac_address = "host MAC address" # SmoothWall Guardian 5 filter_group_name = "filter group name" filter_group_id = "filter group ID" page_score = "page score" page_category = "page category" # piolink_network_loadbalance full_message = "full message" # sun_one_netscape_directory_server connection_id = "connection ID" attrs = "attributes" file_descriptor = "file descriptor" closing_code = "closing code" from_ip = "from IP" to_ip = "to IP" csn = "CSN" abandon_msgid = "abandon message ID" newrdn = "new RDN" oid = "OID" targetop = "target operation" err = "error" sun_etime = "etime" sun_etime2 = "etime" connection_duration = "connection duration" server_start_time = "server start time" # web_sense url_ip = "URL IP" # sharetech_firewall spt = "source port" dpt = "destination port" wan = "WAN" mark = "mark" # datagram_syslog_agent print_filename = "print filename" print_program = "print program" print_file_owner = "print file owner" print_method = "print method" print_bytes = "print bytes" print_pages = "print pages" system_information = "system information" # tivoli_access_manager_webseal accessor_name_in_rgy = "accessor name" accessor_principal_domain = "accessor principal domain" accessor_session_id = "accessor session id" accessor_user_location = "accessor user location" accessor_user_location_type = "accessor user location type" originator_component_rev = "originator component revision" originator_event_id = "originator event id" originator_instance = "originator instance" resource_access_action = "resource access action" resource_access_httpmethod = "resource access method" resource_access_httpresponse = "resource access response" resource_access_httpurl = "resource access url" target_object_nameinapp = "target object name" # broadweb devicetype = "device type" ifno = "interface number" rulename = "rule name" ori = "ORI" btime = "begin time" # openbsd_packet_filter window_size = "window size" tcp_header_options = "TCP header options" dont_fragment_bit = "don't fragment bit" workstation_ip = "Workstation IP" workstation_mac_address = "Workstation MAC address" mib_tree = "MIB tree" community_string = "Community string" pf_tos = "TOS" icmp_message = "ICMP message" # sonic_wall ipscat = "IPS type" ipspri = "IPS danger level" ssid = "SSID" channel = "channel" detection_device = "detection device" detection_reason = "detection reason" virus_action = "virus action" usr = "user" # dans_guardian29 filter_category = "filter category" filter_group_number = "filter group number" phrase_score = "weighted phrase score" # siteminder_policy_server response_time2 = "response time" response_time3 = "response time" # metavante_ceb_failed_logins first_name = "first name" last_name = "last name" failure_reason = "failure reason" login_status = "login status" customer_id = "customer ID" bank_number = "bank number" # iissmtpW3_c disconnections = "disconnections" # apache_custom visitors_per_download = "visitors per download" content_bytes = "content bytes" # isacsv sc_authenticated = "authenticated" s_svcname = "service name" cs_transport = "transport" cs_mime_type = "mime type" s_cache_info = "cache info" filter_info = "filter info" cs_network = "client network" sc_network = "server network" error_info = "error info" # juniper_secure_access_ssl_vpn host_checker_policy = "host checker policy" host_checker_status = "host checker status" host_checker_rule = "host checker rule" # numeric unique_failed_users = "unique failed users" unique_firewall_failed_users = "unique firewall failed users" unique_av_failed_users = "unique AV failed users" unique_os_failed_users = "unique OS failed users" unique_system_failed_users = "unique system failed users" unique_spyware_failed_users = "unique spyware failed users" unique_rule_six_failed_users = "unique rule six failed users" unique_rule_seven_failed_users = "unique rule seven failed users" unique_rule_eight_failed_users = "unique rule eight failed users" unique_passed_users = "unique passed users" # tacacs_accounting paks_in = "packets in" paks_out = "packets out" nas_portname = "nas portname" task_id = "task ID" acct_flags = "accounting flags" # firewall1_ng # status = "Status" # date = "Date" # time = "Time" # product = "Product" # interface = "Interface" # origin = "Origin" # type = "Type" # action = "Action" # service = "Service" # source = "Source" # destination = "Destination" # protocol = "Protocol" # rule = "Rule" nat_rule_number = "NAT rule number" nat_additional_rule_number = "NAT additional rule number" ipv6_source = "IPv6 Source" ipv6_destination = "IPv6 Destination" # source_port = "Source Port" # user = "User" # source_key_id = "Source Key ID" # destination_key_id = "Destination Key ID" attack_name = "Attack Name" source_ip_phone = "Source IP-phone" destination_ip_phone = "Destination IP-phone" # media_type = "Media Type" registered_ip_phones = "Registered IP-phones" # elapsed = "Elapsed" # bytes = "Bytes" # xlatesrc = "XlateSrc" # xlatedst = "XlateDst" # xlatesport = "XlateSPort" ## xlatedport = "XlateDPort" client_inbound_interface = "Client Inbound Interface" client_outbound_interface = "Client Outbound Interface" server_inbound_interface = "Server Inbound Interface" client_inbound_bytes = "Client Inbound Bytes" client_outbound_bytes = "Client Outbound Bytes" server_inbound_bytes = "Server Inbound Bytes" server_outbound_bytes = "Server Outbound Bytes" client_inbound_packets = "Client Inbound Packets" client_outbound_packets = "Client Outbound Packets" server_inbound_packets = "Server Inbound Packets" server_outbound_packets = "Server Outbound Packets" client_inbound_diffserv = "Client Inbound DiffServ" client_outbound_diffserv = "Client Outbound DiffServ" server_inbound_diffserv = "Server Inbound DiffServ" server_outbound_diffserv = "Server Outbound DiffServ" client_in_rule_match = "Client In rule match" client_out_rule_match = "Client Out rule match" server_in_rule_match = "Server In rule match" server_out_rule_match = "Server Out rule match" sub_service = "Sub Service" encryption_scheme = "Encryption Scheme" vpn_peer_gateway = "VPN Peer Gateway" ike_initiator_cookie = "IKE Initiator Cookie" ike_responder_cookie = "IKE Responder Cookie" ike_phase2_message_id = "IKE Phase2 Message ID" encryption_methods = "Encryption Methods" # partner = "Partner" # community = "Community" source_gateway = "Source Gateway" destination_gateway = "Destination Gateway" estimation = "Estimation" wire_byte_sec_out = "Wire Byte/Sec Out" wire_byte_sec_in = "Wire Byte/Sec in" wire_packet_sec_out = "Wire Packet/Sec Out" wire_packet_sec_in = "Wire Packet/Sec in" application_byte_sec_out = "Application Byte/Sec Out" application_byte_sec_in = "Application Byte/Sec in" application_packet_sec_out = "Application Packet/Sec Out" application_packet_sec_in = "Application Packet/Sec in" bw_loss = "BW Loss, %" rtt__ms = "RTT, ms" cir__bps = "CIR, Bps" bw_loss_threshold = "BW Loss Threshold, %" rtt_threshold__ms = "RTT Threshold, ms" cir_threshold__bps = "CIR Threshold, Bps" sla_violation = "SLA Violation" virtual_link = "Virtual Link" sample_id = "Sample ID" # packets = "Packets" # start_time = "Start Time" # session_id = "Session ID" ua_session_id = "UA Session Id" display_name = "Display Name" # id_source = "ID Source" # url = "URL" # operation = "Operation" encryption_type = "Encryption Type" end_to_end_encryption = "End to End Encryption" sso_type = "SSO Type" # application_name = "Application Name" auth_domain = "Auth Domain" users_ip = "User's IP" redirect_url = "Redirect URL" headers_inserted_removed = "Headers inserted/removed" ua_auth_result = "UA Auth result" request_result = "Request Result" redirection_destination = "Redirection destination" # comment = "Comment" gtp_version = "GTP Version" gtp_message_type = "GTP Message Type" tunnel_id = "Tunnel ID" teid_sig_up = "TEID Sig Up" teid_sig_down = "TEID Sig Down" mobile_country_code = "Mobile Country Code" mobile_network_code = "Mobile Network Code" ms_identification_number = "MS Identification Number" ms_isdn = "MS-ISDN" apn = "APN" end_user_ip_address = "End User IP Address" sgsn_for_signal = "SGSN for Signal" sgsn_for_traffic = "SGSN for Traffic" ggsn_for_signal = "GGSN for Signal" ggsn_for_traffic = "GGSN for Traffic" selection_mode = "Selection Mode" nsapi = "NSAPI" linked_nsapi = "Linked NSAPI" # information = "Information" reject_id = "Reject ID" attack_information = "Attack Information" rule_uid = "Rule UID" # rule_name = "Rule Name" current_rule_number = "Current Rule Number" subproduct = "Subproduct" vpn_feature = "VPN Feature" # category = "Category" access = "Access" user_group = "User Group" # application = "Application" outgoing_url = "Outgoing URL" authentication_method = "Authentication Method" malware_name = "Malware Name" malware_type = "Malware Type" fs_protocol = "FS Protocol" authentication_status = "Authentication Status" # description = "Description" anti_virus = "Anti Virus" end_user_firewall = "End User Firewall" isb = "ISB" ics_scan = "ICS Scan" endpoint_id = "Endpoint ID" # user_name = "User Name" # domain = "Domain" # policy = "Policy" # version = "Version" # event_type = "Event Type" user_directory = "User Directory" # user_group = "User Group" file_direction = "File Direction" scanned_file_name = "Scanned File name" scan_result = "Scan Result" # virus_name = "Virus Name" file_origin = "File Origin" update_status = "Update Status" signature_version = "Signature Version" update_source = "Update Source" subscription_expiration = "Subscription Expiration" # file_type = "File Type" end_user_ipv6_address = "End User IPv6 Address" radio_access_type = "Radio Access Type" mobile_user_location = "Mobile User Location" mobile_subscriber_time_zone = "Mobile Subscriber Time Zone" international_mobile_equipment_identifier = "International Mobile Equipment Identifier" unique_sources = "unique sources" # spamd scantime = "scan time" required_score = "required score" rhost = "remote host" raddr = "remote address" rport = "remote port" autolearn = "auto learn status" score = "score" rules = "rules" spam_status = "spam status" average_scan_time = "average scan time" average_message_score = "average message score" # ichain c_version = "client version" cs_authname = "client username" # aladdin_esafe_sessions_log_v5 decision_by = "decision maker" extended_result = "extended result" vlan = "VLAN" # limelight_flash_media_server x_cpu_load = "cpu load" x_mem_load = "memory load" x_adaptor = "adapter" x_vhost = "vHost" x_appinst = "appinst" x_suri_query = "suri query" x_suri = "sURL" x_file_name = "file name" cs_stream_bytes = "client-to-server stream bytes" x_service_name = "service name" x_sc_qos_bytes = "server QOS bytes" # microsoft_isa_w3c rule_1 = "first rule" rule_2 = "second rule" param_1 = "first parameter" param_2 = "second parameter" ip_header = "IP header" filter_rule = "filter rule" filterinfo = "filter info" # net_continuum application_ip = "application IP" application_port = "application port" attack_description = "attack description" # sun_one_directory_server_audit changetype = "change type" newrdn = "new RDN" deleteoldrdn = "old RDN deletion" operand = "operand" changed_value = "changed value" # given_name = "given name" # mail = "email address" # sn = "SN" operation_operand = "Operation/Operand" # vbrick_ethernetv_portal_server x_type = "stream type" x_ip = "source IP" broadcast_type = "broadcast type" # iisweb broken_link = "broken link" # oracle_audit oracle_release = "oracle release" entry_id = "entry ID" statement = "statement" obj_creator = "object creator" obj_name = "object name" ses_actions = "session actions" ses_tid = "session thread ID" os_user_id = "OS user ID" audit_file = "audit file" jserver_release = "JServer release" oracle_home = "oracle home" system_name = "system name" oracle_node_name = "node name" release = "release" instance_name = "instance name" redo_thread = "redo thread" oracle_pid = "oracle process ID" unix_pid = "unix process ID" oracle_image = "image" database_user = "database user ID" # iisweb_breach rbl_num_proxies = "number of proxies" rbl_num_spam = "number of spam" rbl_num_unknowns = "number of unknowns" rbl_num_responded = "number responded" # dovecot_pop_imap rip = "remote IP" lip = "local IP" top = "TOP" retrieve = "RETR" del = "DELE" # aruba_wireless_switch sta_mac_address = "STA mac address" sta_ip = "STA IP" ap_ip = "AP IP" ap_mac_address = "AP IP" location_id = "location ID" auth_alg = "authentication algorithm" u_encr = "unicast encryption" m_encr = "multicast encryption" bssid = "BSSID" essid = "ESSID" slotport = "slot port" ingress = "ingress" tunnel = "tunnel" etype = "etype" vlan_current = "current VLAN" vlan_defined = "defined VLAN" vlan_assigned = "assigned VLAN" maximum_users = "maximum users" unique_sta_mac_addresses = "unique STA mac addresses" switch_ip = "switch IP" reauth = "reauth" update = "update" debug_query = "debug query" # dorian_event_archiver user_whose_credentials_were_used = "credentialed user" target_logon_guid = "target logon GUID" target_server_info = "target server info" target_server_name = "target server name" target_user_name = "target user name" # wowza_media_server_pro x_sname = "stream name" x_severity = "severity" x_stream_id = "stream ID" sc_bytes = "server-to-client bytes" cs_bytes = "client-to-server bytes" sc_stream_bytes = "server-to-client stream bytes" cs_stream_bytes = "client-to-server stream bytes" stream_duration = "stream duration" session_duration = "session duration" publish_duration = "publish duration" play_duration = "play duration" connection_duration = "connection duration" pause_duration = "pause duration" average_stream_duration_per_stream = "duration per stream" average_play_duration_per_stream = "average play duration per stream" unique_client_ids = "unique client IDs" # sendmail_nt qid = "QID" # microsoft_exchange_2007_csv connector_id = "connector ID" entered_org_from_ip = "entered org from IP" internal_message_id = "internal message ID" local_endpoint = "local endpoint" p1_from_address = "P1 from address" p2_from_addresses = "P2 from addresses" reason_data = "reason data" recipient_count = "recipient count" recipient_status = "recipient status" related_recipient_address = "related recipient address" remote_endpoint = "remote endpoint" smtp_response = "smtp response" source_context = "source context" directionality = "directionality" tenant_id = "tenant ID" original_client_ip = "original client IP" original_server_ip = "original server IP" custom_data = "custom data" # hmailserver_smtp spam_sender_address = "Spammer address" spam_sender_ip = "Spammer IP" spam_reject_reason = "Spam reject reason" # jataayu_carrier_wap_server client_msisdn = "client MSISDN" bearer = "bearer" # numeric response_bytes = "response bytes" round_trip_time = "round trip time" # cisco_waas_tcp_proxy pass_through_reason = "Pass through reason" wae_peer_id = "WAE peer id" wae_ip = "WAE IP" our_policy = "our policy" peer_policy = "peer policy" final_policy = "final policy" #latency = "latency" non_optimized_read_queue_latency = "non-optimized read queue latency" non_optimized_dre_latency = "non-optimized dre latency" non_optimized_write_queue_latency = "non-optimized write queue latency" optimized_read_queue_latency = "optimized read queue latency" optimized_dre_latency = "optimized dre latency" optimized_write_queue_latency = "optimized write queue latency" tcp_rst_reason = "TCP RST reason" app_map_name = "application map name" app_name = "application name" app_classifier_name = "Application classifier name" cfgd_policy = "CFGD policy" drvd_policy = "DRVD policy" tfo_reject_reason = "TFO reject reason" ao_cfgd_policy = "AO CFGD policy" ao_drvd_policy = "AO DRVD policy" ao_final_policy = "AO final policy" ao_reject_reason = "AO reject reason" ssl_reject_reason = "SSL reject reason" dirm = "DIRM" applied_policy = "applied policy" # special report maximum_concurrent_connections = "Maximum concurrent connections by Date/Time" # numeric non_optimized_bytes_read = "Non-optimized bytes read" optimized_bytes_written = "Optimized bytes written" optimized_bytes_read = "Optimized bytes read" non_optimized_bytes_written = "Non-optimized bytes written" bytes_passed_through = "Bytes passed through" concurrent_connections = "concurrent connections" connections_started = "Connections started" connections_ended_ot = "Connections ended (OT)" connections_ended_sodre = "Connections ended (SODRE)" pass_throughs = "Pass throughs" # anti_spam_smtpproxy resulttag = "result tag" #source_ip = "source IP" #sender = "sender" #recipient = "recipient" #comment = "comment" #subject = "subject" collection_filename = "collection filename" #message_type = "message type" whitelist_addition = "whitelist addition" unchecked_recipient = "unchecked recipient" immediate_disconnects = "immediate disconnects" comment_trail = "comment trail" # netstat #protocol = "protocol" #local_address = "local address" #local_port = "local port" foreign_address = "foreign address" foreign_port = "foreign port" #state = "state" #pid = "PID" #service_name = "service name" ##executable = "executable" recv_q = "receive queue" send_q = "send queue" #program_name = "program name" refcnt = "reference count" flags = "flags" #type = "type" inode = "inode" #path = "path" # unix_daemon_messages daemon_message = "daemon message" # forti_mail/fortimail_event message_length = "message length" log_part = "log part" # fortinet_syslog_required wttime = "time" # citrix_netscaler application_type = "application type" validation_type = "validation type" nat_ip = "NAT IP" delink_time = "delink time" total_bytes_send = "total bytes sent" total_bytes_recv = "total bytes received" sslvpn_client_type = "SSLVPN client type" http_resources_accessed = "HTTP resources accessed" nonhttp_resources_accessed = "non-HTTP resources accessed" total_tcp_connections = "total TCP connections" total_udp_flows = "total UDP flows" total_policies_allowed = "total policies allowed" total_policies_denied = "total policies denied" # firepass_ssl_vpn valid = "valid status" passed = "passed status" session_status = "session status" interface_ip = "interface IP" # bomgar_box segment_number = "segment number" total_segments = "total segments" site = "site" who = "who" who_ip = "who IP" target = "target" disabled = "disabled" display_number = "display number" perm_admin = "perm admin" perm_view_reports = "perm view reports" reset_password = "reset password" password_expiry = "password expiry" password_never_expires = "password never expires" security_question = "security question" security_answer = "security answer" failed_login_attempts = "failed login attempts" account_expiry = "account expiry" comments = "comments" perm_edit_public_template = "perm edit public template" perm_edit_public_file_store = "perm edit public file store" perm_edit_canned_messages = "perm edit canned messages" perm_edit_sd_teams = "perm edit sd teams" perm_change_display_name = "perm change display name" perm_show_on_public_list = "perm show on public list" perm_sd_allowed = "perm sd allowed" perm_sd_ss_control = "perm sd ss control" perm_sd_reverse_connect = "perm sd reverse connect" perm_sd_file_transfer = "perm sd file transfer" perm_sd_remote_shell = "perm sd remote shell" perm_sd_system_info = "perm sd system info" perm_sd_prompt_ss = "perm sd prompt ss" perm_sd_prompt_file_transfer = "perm sd prompt file transfer" perm_sd_prompt_remote_shell = "perm sd prompt remote shell" perm_sd_prompt_system_info = "perm sd prompt system info" perm_sd_ss_request = "perm sd ss request" perm_sd_push = "perm sd push" perm_sd_push_timeout = "perm sd push timeout" perm_pd_allowed = "perm pd allowed" h_default_answer = "h default answer" created_date = "created date" prompt_remote_shell = "prompt remote shell" new_failed_login_attempts = "new failed login attempts" new_password_expiry = "new password expiry" new_password = "new password" new_perm_change_display_name = "new perm change display name" new_perm_sd_push = "new perm sd push" new_password_never_expires = "new password never expires" old_disabled = "old disabled" old_display_number = "old display number" old_display_name = "old display name" old_password = "old password" old_reset_password = "old reset password" old_password_expiry = "old password expiry" old_password_never_expires = "old password never expires" old_security_question = "old security question" old_security_answer = "old security answer" old_failed_login_attempts = "old failed login attempts" old_account_expiry = "old account expiry" old_comments = "old comments" old_username = "old username" old_perm_admin = "old perm admin" old_perm_view_reports = "old perm view reports" old_perm_edit_public_template = "old perm edit public template" old_perm_edit_public_file_store = "old perm edit public file store" old_perm_edit_canned_messages = "old perm edit canned messages" old_perm_edit_sd_teams = "old perm edit sd teams" old_perm_change_display_name = "old perm change display name" old_perm_show_on_public_list = "old perm show on public list" old_perm_sd_allowed = "old perm sd allowed" old_perm_sd_ss_control = "old perm sd ss control" old_perm_sd_reverse_connect = "old perm sd reverse connect" old_perm_sd_file_transfer = "old perm sd file transfer" old_perm_sd_remote_shell = "old perm sd remote shell" old_perm_sd_system_info = "old perm sd system info" old_perm_sd_prompt_ss = "old perm sd prompt ss" old_perm_sd_prompt_file_transfer = "old perm sd prompt file transfer" old_perm_sd_prompt_remote_shell = "old perm sd prompt remote shell" old_perm_sd_prompt_system_info = "old perm sd prompt system info" old_perm_sd_ss_request = "old perm sd ss request" old_perm_sd_push = "old perm sd push" old_perm_sd_push_timeout = "old perm sd push timeout" old_perm_sd_push_default_answer = "old perm sd push default answer" old_perm_pd_allowed = "old perm pd allowed" old_created_date = "old created date" # critical_path_pop_imap msgsretr = "msg retrieved" nfetched = "fetched" nstored = "stored" rxbytes = "receive bytes" txave = "transmit ave" txbytes = "transmit bytes" txtime = "transmit time" mailboxsize = "mailbox size" commands = "commands" capacity = "capacity" # cisco_ips sensor = "sensor" received_time = "received time" event_utc_time = "event utc time" event_local_time = "event local time" sig_id = "sig id" src_address = "source address" variable = "variable" dst_address = "destination address" virtual_sensor = "virtual sensor" risk_rating = "risk rating" threat_rating = "threat rating" alarm_status = "alarm status" # sophos_web_appliance request_time_microseconds = "request time (us)" request_time_seconds = "request time (s)" access_checks_time = "access checks time" file_typing_time = "file typing time" remote_host = "remote host" action_code = "action code" matched_uri_category = "matched URL category" antivirus_engine_version = "antivirus engine version" antivirus_data_version = "antivirus data version" uri_list_version = "URI list version" http_request_string = "HTTP request string" filetype_category = "filetype category" policy_rule_id = "policy rule ID" src_cat = "source category" # nortel_acd #queue_id = "" agent_hours = "agent hours" agents_logged_in = "agent logged in hours" calls_answered = "calls answered" time_busy = "time busy" time_manned = "time manned" calls_abandoned = "calls abandoned" wait_answered = "wait for answered calls" wait_abandoned = "wait for abandoned calls" agent_id = "agent ID" agent_calls_answered = "calls answered (agent)" agent_time_busy = "time busy (agent)" agent_time_manned = "time manned (agent)" avg_agent_time_busy = "time busy (agent/hour)" avg_agent_time_manned = "time manned (agent/hour)" tsf = "TSF" average_tsf = "TSF (average)" total_with_tsf = "#TSF" dn_inc = "DN Incoming" time_inc = "Time Incoming" dn_out = "DN Outgoing" time_out = "Time Outgoing" xfer_idn = "#Transferred IDN" xfer_acd = "#Transferred ACD" average_speed_of_answer = "average speed of answer" # unreal_media_server delivery_protocol = "delivery protocol" user_type = "user type" concurrent_accesses = "concurrent accesses" # special report maximum_concurrent_accesses = "Maximum concurrent views by Date/Time" # gene6_ftp_w3c uploads = "uploads" downloads = "downloads" # mcafee_secure_messaging_gateway convid = "conv ID" # snare_oracle_listener log_source = "log source" # forti_gate_comma_sep adgroup = "active directory group" devname = "device name" fw_pri = "firewall priority" # For customer profile for Graham Smith grouped_referrer = "grouped referrer" # asp_email dns_server = "DNS server" full_server_response = "full server response" # tipping_point_sms action_type = "action type" signature_uuid = "signature UUID" signature_number = "signature number" signature_protocol = "signature protocol" source_zone_name = "source zone name" destination_zone_name = "destination zone name" incoming_physical_port = "incoming physical port" device_segment = "device segment" taxonomy_id = "taxonomy ID" # autodesk_network_license_manager department = "department" license_server_name = "license server name" license_server_mac_address = "license server MAC address" product_name = "product name" maximum_concurrent_users = "maximum concurrent users" license_activation_date = "license activation date" product_serial_number = "product serial number" product_information = "product information" authentication_server = "server information" denial_by_product = "authentication failures" denial_by_hour_of_day = "authentication failures / hour" authentication_by_department = "authentication by department" authentication_by_user = "authentication by user" authentication_by_product = "authentication by product" user_by_department = "user by department" # windows_2003_dns flags_hex = "hex flag" # imail messages_forwarded = "bytes forwarded" bytes_forwarded = "bytes forwarded" relay_host = "relay host" connections_dropped_confirmed_spam = "connections dropped (confirmed spam)" connections_dropped_suspected_spam = "connections dropped (suspected spam)" # astaro_security_gateway fwrule = "firewall rules" initf = "interface" dstmac = "destination MAC address" srcmac = "source MAC address" srcsvc = "source service" dstsvc = "destination service" firewall_events = "firewall events" statuscode = "status code" filteraction = "filter action" categoryname = "category name" # web_star_proxy unique_hosts = "unique hosts" # defensepro packet_count = "packet count" packet_bandwidth = "packet bandwidth" physical_port = "physical port" radware_attack_id = "Radware attack ID" radware_id = "Radware ID" vlan_tag = "VLAN tag" rpls_rd = "RPLS RD" rpls_tag = "RPLS tag" context = "context" # iis_odbc bytesrecvd = "bytes received" bytessent = "bytes sent" processingtime = "processing time" clienthost = "client host" logtime = "log time" servicestatus = "service status" win32status = "win32 status" target = "target" # sawmill_tagging_server client_ip_from_server = "client IP" client_screen_dimensions = "screen dimensions" client_screen_depth = "screen depth" # mcafee_secure_messaging_gateway convid = "conv ID" # For customer profile for Graham Smith grouped_referrer = "grouped referrer" # symantec_mail_security returned_disposition = "returned disposition" policy_query = "policy query" filtering_policy_name = "filtering policy name" # watchguard_firebox_xcore_eseries msg_id = "message ID" dst_intf = "destination interface" app_beh_name = "application behavior" # ias ms_ras_client_name = "RAS Client Name" # common_access time_stamp = "timestamp" # nokia_ip350_checkpoint_ng # nat_addtnl_rulenum = "NAT additional rule number" # nat_rulenum = "NAT rule number" # firewall1_fw_log_ftn_export smart_defense = "SmartDefense" # linksys_vpn_router unique_destination_ips = "unique destination IPs" # palo_alto_networks_firewall_traffic # palo_alto_networks_firewall_threat # palo_alto_networks_firewall_integrated # Note that some field names have been replaced with more standard # names that will give more informative labels, but the old ones # must be supported for backward compatibility of older profiles. #action action_flags = "action flags" #app #application #bytes #bytes_sent #bytes_received #category config_ver = "config version" config_version = "config version" #src #source_ip #sport #source_port srcuser = "source user" source_user = "source user" #dst #destination_ip #dport #destination_port dstuser = "destination user" destination_user = "destination user" natsrc = "NAT source IP" #nat_source_ip natsport = "NAT source port" #nat_source_port natdst = "NAT destination IP" #nat_destination_ip natdport = "NAT destination port" #nat_destination_port #from source_zone = "source zone" source_location = "source location" #to destination_zone = "destination zone" destination_location = "destination location" #proto #protocol outbound_if = "outbound interface" egress_interface = "egress interface" #elapsed #elapsed_time elapsed_time__sec = "elapsed time" #flags generate_time = "generate time" inbound_if = "inbound interface" ingress_interface = "ingress interface" log_forwarding_profile = "log forwarding profile" log_setting = "log setting" logset = "log set" #packets padding = "padding" receive_time = "receive time" repeatcnt = "repeat count" #repeat_count #rule #rule_name #serial serial_number = "serial number" #sessionid #start_time start = "start" #type #sub_type threat_content_type = "threat content type" time_logged = "logged time" time_received = "received time" vsys = "virtual system" virtual_system = "virtual system" # whg sip = "source IP" dip = "destination IP" # win2_kperfmon current_connected_players = "current connected players" current_player_allocated_bandwidth__kbps = "current player allocated bandwidth (kbps)" current_streaming_players = "current streaming players" peak_connected_players = "peak connected players" peak_streaming_players = "peak streaming players" total_player_bytes_sent = "total player bytes sent" # mime_sweeper x_req_size = "request size" x_user = "user" # pure_ftp_syslog_required kilobytes_per_second = "KB per second" # kb_per_second might be kilobits # openfire_im message_body = "message body" message_from = "from" message_id = "message ID" message_thread = "thread ID" message_to = "to" #message_type = "message type" jive_packet_status = "status" jive_packet_streamid = "stream ID" threads = "threads" streams = "streams" # sa_netscreen_syslog bytestotal = "bytes total" # aix_cpu_utilization usr_percent = "user percentage" sys_percent = "system percentage" wio_percent = "I/O wait percentage" idle_percent = "idle percentage" # isa_odbc clientusername = "client username" clientauthenticate = "client authenticate" clientagent = "client agent" uri = "URI" mimetype = "mime type" desthostip = "dest host IP" desthostport = "dest host port" srcnetwork = "SRC network" dstnetwork = "DST network" authenticationserver = "authentication server" referredserver = "referred server" objectsource = "object source" resultcode = "result code" cacheinfo = "cache info" errorinfo = "error info" # gta_gbware cat_site = "site category" # concurrent_events snapon concurrent_events = "concurrent events" # barracuda_waf_audit admin_name = "Admin name" login_ip = "Login IP" login_port = "Login port" transaction_type = "Transaction type" command_name = "Command name" change_type = "Change type" old_value = "Old value" new_value = "New value" additional_data = "Additional data" # shoutcast18 unique_destinations = "unique destinations" player = "player" # talkback remote_addr = "remote address" log_format = "log format" syslog_format = "syslog format" autodetect_formats = "autodetect formats" log_source_types = "log source types" database_type = "database type" arch = "arch" unique_ip = "unique IP" log_entries_accepted = "log entries accepted" build_error = "build error" build_duration = "build duration" # coradiant_truesight_data_objects x_cs_post = "client to server post" x_first_public_ip = "first public IP" x_first_public_ip_source = "first public IP source" x_client_aborted = "client aborted" x_server_aborted = "server aborted" x_client_timed_out = "client timed out" x_server_timed_out = "server timed out" x_extension = "extension" x_errors = "errors" x_info = "info" x_peripheral_traffic = "peripheral traffic" x_session_request_tags_found_list = "session request tags found" x_session_response_tags_found_list = "session response tags found" x_session_tags_used_list = "session tags used" x_stateless = "stateless" x_matching_a_session_tag_locator = "matching a session tag locator" x_missing_x_forwarded_for_session_tag_locator = "missing X-Forwarded-For session tag locator" x_session_tags_collision_list = "session tags collision" x_session_tag_multi_value = "session tag multi value" x_session_tag_collision = "session tag collision" x_session_tag_group_collision = "session tag group collision" x_custom_gzip = "custom gzip" x_custom_usernamepw = "custom usernamepw" x_custom_pw_username = "custom pw username" x_historical_custom_fields = "historical custom fields" x_tcp_packet_count = "TCP packet count" x_nw_info_count = "NW info count" x_cl_info_count = "CL info count" x_sv_info_count = "SV info count" x_ap_info_count = "AP info count" x_ct_info_count = "CT info count" x_cu_info_count = "CU info count" # coradiant_object_v2 x_start_time = "start time" x_end_time = "end time" x_secure = "secure" # ias_xml #acct_authentic = "authentic" #acct_delay_time = "delay time" #acct_input_octets = "input octets" #acct_input_packets = "input packets" #acct_output_octets = "output octets" #acct_output_packets = "output packets" #acct_session_id = "session ID" #acct_session_time = "session time" #acct_status_type = "status type" #acct_terminate_cause = "terminate cause" #authentication_type = "authentication type" #called_station_id = "called station ID" #calling_station_id = "calling station ID" #cisco_av_pair = "cisco AV pair" #class = "class" #client_friendly_name = "client friendly name" #client_ip_address = "client IP address" #client_vendor = "client vendor" #computer_name = "computer name" #eap_friendly_name = "EAP friendly name" event_source = "event source" #framed_ip_address = "framed IP address" #framed_mtu = "framed MTU" # actual misspelling in xml tag name fully_qualifed_user_name = "fully qualified user name" ms_extended_quarantine_state = "MS extended quarantine state" ms_link_drop_time_limit = "MS link drop time limit" ms_link_utilization_threshold = "MS link utilization threshold" ms_quarantine_state = "MS quarantine state" #nas_identifier = "NAS identifier" #nas_ip_address = "NAS IP address" #nas_port = "NAS port" #nas_port_type = "NAS port type" #np_policy_name = "NP policy name" #packet_type = "packet type" provider_type = "provider type" proxy_policy_name = "proxy policy name" quarantine_update_non_compliant = "quarantine update non compliant" #reason_code = "reason code" #sam_account_name = "SAM account name" #service_type = "service type" #session_timeout = "session timeout" tunnel_medium_type = "tunnel medium type" #tunnel_pvt_group_id = "tunnel private group ID" #tunnel_type = "tunnel type" #user_name = "user name" #vendor_specific = "vendor specific" # cisco_access_control_server acct_input_octets = "input octets" acct_output_octets = "output octets" acct_input_packets = "input packets" acct_output_packets = "output packets" login_protocol = "login protocol" local_protocol = "local protocol" remote_protocol = "remote protocol" #local_port = "local port" #remote_port = "remote port" # site_guard connection_time = "connection time" detect_status = "detect status" detect_name = "detect name" detect_part = "detect part" signature_category = "signature category" signature_file = "signature file" signature_name = "signature name" keep_alive = "Keep-Alive" x_forwarded_for = "X-Forwarded-For" # excelerator sc_completed = "completed" x_origin_ip = "origin IP" sc_header_size = "header size" sc_content_length = "content length" # juniper_rt_flow src_nat_rule = "source NAT rule" dst_nat_rule = "destination NAT rule" threat_severity = "threat severity" pktlog_id = "packet log ID" packets_from_client = "packets from client" packets_from_server = "packets from server" inbound_packets = "inbound packets" outbound_packets = "outbound packets" bytes_from_client = "bytes from client" bytes_from_server = "bytes from server" outbound_bytes = "outbound bytes" nested_application = "nested application" packet_incoming_interface = "incoming packet interface" # email_security_appliance (mcafee) active_recipient = "active recipient" received_email_over_tls = "received over TLS" sent_email_over_tls = "sent over TLS" scanner_triggered = "triggered scanner" contentrule = "content rule" spamrules = "spam rule" spamscore = "spam score" spamthreshold = "spam threshold" xvalue = "value" # watchguard_firebox_cluster_traffic rcvd_bytes = "bytes received" sent_bytes = "bytes sent" dst_name = "destination name" # amazon_s3 request_uri = "request URI" # coradiant_object_v2 x_nw_error_count = "NW error count" x_cl_error_count = "CL error count" x_sv_error_count = "SV error count" x_ap_error_count = "AP error count" x_timed_out = "timed out" x_ct_error_count = "CT error count" x_cu_error_count = "CU error count" average_x_nw_error_count = "average NW error count" average_x_cl_error_count = "average CL error count" average_x_sv_error_count = "average SV error count" average_x_ap_error_count = "average AP error count" average_x_ct_error_count = "average CT error count" average_x_cu_error_count = "average CU error count" x_throughput = "throughput" x_tcp_rtt_count = "TCP RTT count" x_tcp_rtt = "TCP RTT" x_tcp_ooo = "TCP OOO" x_tcp_retrx = "TCP retries" x_ssl_time = "SSL time" x_e2e_time = "end-to-end time" x_process_time = "process time" x_network_time = "network time" average_x_throughput = "average throughput" average_x_tcp_rtt_count = "average TCP RTT count" average_x_tcp_rtt = "average TCP RTT" average_x_tcp_ooo = "average TCP OOO" average_x_tcp_retrx = "average TCP retries" average_x_ssl_time = "average SSL time" average_x_e2e_time = "average end-to-end time" average_x_process_time = "average process time" average_x_network_time = "average network time" web_server_ip = "web server IP" x_server_id = "server ID" sc_set_cookie = "Server-to-client Set-Cookie" x_aborted_count = "aborted count" x_application_name = "application name" x_closed = "closed" x_container_count = "container count" x_content_count = "content count" x_custom_browser = "custom browser" x_custom_entry_page = "custom entry page" x_custom_exit_page = "custom exit page" x_custom_mypostparamkey = "custom mypostparamkey" x_custom_os = "custom OS" x_custom_referrer_domain = "custom referrer domain" x_custom_referrer_name = "custom referrer name" x_document_count = "document count" x_entry_page = "entry page" x_error_category = "errorcategory" x_error_code = "error code" x_errored_aborted_count = "errored aborted count" x_errored_count = "errored count" x_errored_slt_broken_count = "errored SLT broken count" x_exit_page = "exit page" x_expired_count = "expired count" x_expired_early = "expired early" x_first_public_geo_city = "first public geo city" x_first_public_geo_country = "first public geo country" x_first_public_geo_country_string = "first public geo country string" x_first_public_geo_dns_name = "first public geo dns name" x_first_public_geo_isp = "first public geo ISP" x_first_public_geo_metro_area = "first public geo metro area" x_first_public_geo_organization = "first public geo organization" x_first_public_geo_region = "first public geo region" x_first_public_geo_region_string = "first public geo region string" x_group_id = "group ID" x_idle_time = "idle time" x_mixed_count = "mixed count" x_origin_referer = "origin referrer" x_page_count = "page count" x_page_name = "page name" x_redirect_count = "redirect count" x_redirect_host = "redirect host" x_redirect_network_time = "redirect network time" x_redirect_process_time = "redirect process time" x_redirect_ssl_count = "redirect SSL count" x_redirect_ssl_time = "redirect SSL time" x_redirect_time = "redirect time" x_secure_count = "secure count" x_slt_broken = "SLT broken" x_slt_broken_page_count = "SLT broken page count" x_ssl_count = "SSL count" x_think_time = "think time" x_user_id = "user ID" # cloudfront plays = "plays" # cloudfront_download x_edge_location = "edge location" x_edge_result_type = "edge result type" # gateway_reports snapon gateway_reports_start_time = "start time" gateway_reports_end_time = "end time" # mail_server_reports snapon mail_server_reports_sender_domain = "sender domain" mail_server_reports_recipient_domain = "recipient domain" # top_level_domain snapon top_level_domain = "top level domain" # groupwise_post_office_agent net_id = "net ID" # aar_report failed_device_profiles = "failed device profiles" failed_authentications = "failed authentications" successful_authentications = "successful authentications" long_username = "long username" zone_name = "zone name" artifact_name = "artifact name" device_profile_name = "device profile name" virtual_ip = "virtual IP" # privoxy requests_blocked = "requests blocked" # nemesis x_time_taken_milli = "time taken" x_cache_status = "cached status" x_cached = "cached" x_access_control = "access control" x_filter = "filter" c_method = "method" x_service = "service" s_content_type = "content type" s_status = "status" # helix_session_manager client_duration = "client duration" play_time = "play time" pause_time = "pause time" allowance_code = "allowance code" allowance_mesage = "allowance message" ext_auth_code = "external authorization code" ext_auth_message = "external authorization message" template_output = "template output" # forefront_thread_management_gateway bytes_sent_intermediate = "bytes sent (intermediate)" bytes_received_intermediate = "bytes received (intermediate)" connection_time_intermediate = "connection time (intermediate)" application_protocol = "application protocol" nis_scan_result = "NIS scan result" nis_signature = "NIS signature" nat_address = "NAT address" fwc_app_path = "FWC app path" internal_service_info = "internal service info" # webmetrics page_loads = "page loads" item_loads = "item loads" page_load_time = "page load time" item_load_time = "item load time" dns_time = "DNS time" first_packet_time = "first packet time" # net_flow_nfdump_o_long src_ip_addr = "source IP address" dst_ip_addr = "destination IP address" # barracuda_waf_access_with_header server_time = "server time" login_id = "login ID" protected_field = "protected field" wf_matched_field = "WF matched field" profile_matched_field = "profile matched field" response_type_field = "response type field" version = "version" # vsfpd transfer_type = "transfer type" special_action_flag = "special action flag" authenticated_user_id = "authenticated user ID" completion_status = "completion status" # media_flow_controller_w3c sc_bytes_content = "server-to-client bytes (content)" x_cache_hit = "cache hit" x_namespace = "namespace" sc_etag = "etag" x_remote_user = "remote user" sc_age = "age" # email_gateway act = "account" shost = "source host" dhost = "destination host" fsize = "file size" num_email_attachments = "number of email attachments" number_email_recipients = "number of recipients" email_attachments = "email attachments" master_scan_type = "master scan type" email_subject = "email subject" is_primary_action = "is_primary_action" # juniper_mfc store_id = "store ID" store_region = "store region" store_category = "store category" cache_control_in = "cache control (in)" cache_control_out = "cache control (out)" pragma_in = "pragma (in)" pragma_out = "pragma (out)" vary_out = "vary (out)" # referrer_analysis [snapon] ref_search_engine = "search engine" ref_search_phrase = "search phrase" # user_agent_analysis [snapon] uaa_web_browser = "web browser" uaa_web_browser_major_version = "web browser (major version)" uaa_web_browser_full_version = "web browser (full version)" uaa_operating_system = "operating system" uaa_spider = "spider" # broken_links [snapon] broken_links_page = "Page (target of broken link)" broken_links_referrer = "Referrer (source of broken link)" # geo_isp [snapon] geo_isp = "ISP" # geo_domain [snapon] geo_domain = "domain" # geo_organization [snapon] geo_organization = "organization" # geo_location [snapon] geo_location = "geographic location" # web_server_package [snapon] wsp_file_type = "file type" # worm [snapon] wsp_worm = "worm" # screen_dimensions [snapon] so_screen_dimensions = "screen dimensions" so_screen_depth = "screen depth" # web_gateway block_res = "block res" auth_user = "authenticated user" bytes_to_client = "bytes to client" rep_level = "reputation level" # winsshd bytes_downloaded = "bytes downloaded" bytes_uploaded = "bytes uploaded" windows_account = "Windows account" # f5_waf request_violations = "Request Violations" http_protocol_compliance_sub_violations = "HTTP sub-violations" evasion_techniques_sub_violations = "Tech sub-violations" web_services_security_sub_violations = "Web service sub-violaions" xff_ip = "XFF IP" route_domain = "Route Domain" http_classifier = "HTTP Classifier" geographic_location = "Geographic Location" # mcafee_ips attack_severity = "Attack serverity" attack_signature = "Attack signature" attack_confidence = "Attack confidence" network_protocol = "Network protocol" admin_domain = "Admin domain" result_status = "Result Status" detection_mechanism = "Detection mechanism" sensor_cluster_member = "Sensor cluster member" # windows_dhcp subnetmask = "subnet mask" client_hardware_address = "client hardware address" owner_host_ip_address = "owner host IP address" owner_host_netbios_name = "owner host NetBIOS name" owner_host_name = "owner host name" # f5_ssl_vpn successful_logins = "successful logins" ui_mode = "UI mode" browser_platform = "browser platform" browser_mode = "browser mode" http_bytes_in = "HTTP bytes in" http_bytes_out = "HTTP bytes out" auth_result = "authentication result" user_accesses = "user accesses" # icecase_playlist impressions = "impressions" stream_name = "stream name" # websense request_size = "request size" response_size = "response size" proxy_time = "proxy time" origin_time = "origin time" analytic_id = "analytic ID" reason_type = "reason type" content_stripping = "content stripping" logged_file_type = "logged file type" # globalscape_eft request_type = "request type" target = "target" # slurm alloccpus = "allocated processors" cputimeraw = "CPU time" end = "end time" eligible = "eligible time" jobid = "job ID" jobname = "job name" jobs = "jobs" maxrss = "maximum RSS" ncpus = "CPUs" nnodes = "nodes" ntasks = "tasks" partition = "partition" qos = "quality of service" start = "start time" state = "state" submit = "submission time" timelimit = "time limit" uid = "user ID" wait_time = "wait time" # utm_firewall evtcount = "event count" nattype = "NAT type" beforetransaddr = "before translation address" aftertransaddr = "after translation address" beforetransport = "before translation port" aftertransport = "after translation port" # device_types [snapon] mobile_device = "mobile device" # filemaker_access database_opens = "database opens" database_closes = "database closes" # nginx_log_format upstream_addr = "upstream address" upstream_status = "upstream status" http_referer = "HTTP referrer" http_user_agent = "HTTP user agent" http_x_forwarded_for = "HTTP X-Forwarded-For" } # field_labels field_labels_by_log_format = { tomcat_pattern = { time_taken_milliseconds = "time taken (milliseconds)" remote_logical_username = "remote logical username" request_thread_name = "request thread name" user_session_id = "user session ID" } # tomcat_pattern email_gateway = { suser = "sender" duser = "recipient" McafeeEmailgatewayOriginalSubject = "original subject" McafeeEmailgatewayOriginalSender = "original sender" McafeeEmailgatewayOriginalMessageId = "original message ID" McafeeEmailgatewayEmailEncryptionType = "email encryption type" } # email_gateway wowza_media_server_pro = { s_ip = "server IP" s_port = "server port" } slurm = { elapsed = "elapsed job time" end = "end time" start = "start time" # user = "user name" } # slurm } # field_labels_by_log_format # Reporting values used by snapons snapons = { device_type = { computer = "Computer" android_tablet = "Android Tablet" android_phone = "Android Phone" symbian_phone = "Symbian Phone" spider = "Spider" unknown = "Unknown" mobile = "Mobile (phone, tablet)" non_mobile = "Non-mobile (desktop, laptop, server)" not_a_mobile_device = "(not a mobile device)" } # device_type } # snapons item_descriptions = { ip_address = "IP Address" no_referrer = "(no referrer)" no_search_phrase = "(no search phrase)" no_search_engine = "(no search engine)" no_file_type = "(no type)" no_spider = "(not a spider)" no_worm = "(not a worm)" spider = "(spider)" not_an_url = "(unknown--not a URL)" unknown_browser = "unknown (possible spider)" unknown_os = "unknown" unspecified_browser = "unspecified" unspecified_os = "unspecified" not_an_ip = "(unavailable-- not an IP)" screen_info = "(screen info)" screen_depth = { 1 = "1 bit (black/white only; no gray)" 2 = "2 bit (4 colors)" 4 = "4 bit (16 colors)" 8 = "8 bit (256 colors)" 16 = "16 bit (near full color)" 24 = "24 bit (full color)" 32 = "32 bit (full color)" } # screen_depth } # item_descriptions graph = { bar_chart_title = "Graph of $numerical_field_label by $discrete_field_label" bar_chart_numerical_field_label = "{=capitalize(numerical_field_label)=}" bar_chart_multiplier_note = "x $multiplier" bar_chart_discrete_field_label = "{=capitalize(discrete_field_label)=}" remaining_items = "$param1 other items" hour_labels = { 0 = "M" 1 = "1am" 2 = "2am" 3 = "3am" 4 = "4am" 5 = "5am" 6 = "6am" 7 = "7am" 8 = "8am" 9 = "9am" 10 = "10am" 11 = "11am" 12 = "N" 13 = "1pm" 14 = "2pm" 15 = "3pm" 16 = "4pm" 17 = "5pm" 18 = "6pm" 19 = "7pm" 20 = "8pm" 21 = "9pm" 22 = "10pm" 23 = "11pm" } # hour_labels } # graph geoip = { unknown_country = "(unknown country)" unknown_region = "(unknown region)" unknown_city = "(unknown city)" unknown_organization = "(unknown organization)" unknown_isp = "(unknown ISP)" unknown_domain = "(unknown domain)" } # geoip overview = { label = "Overview" date_label = "Start/End date:" days_covered_label = "Days covered:" all_days_label = "All days" average_per_day_label = "Avg/day" not_a_report_field_warning = "Not a report field!" } miscellaneous = { default_page = "(default page)" directory = "directory" directories = "directories" days = "Days" years_months_days = "Years/months/days" pages_directories = "Pages/directories" } table = { total_label = "Total" subtotal_label = "Sub total" average_label = "Average" min_label = "Min" max_label = "Max" average_header_tag = "Average" cutoff_remainder_row_label = "$param1 other items" reloading_reports_page = "Reloading reports page, please wait." } # table menu = { groups = { department_group = "Department Group" traffic_group = "Traffic" date_time_group = "Date and time" content_group = "Content" referrer_group = "Referrers" visitor_demographics_group = "Visitor demographics" user_demographics_group = "User demographics" visitor_systems_group = "Visitor systems" user_systems_group = "User systems" technical_group = "Technical" sessions_group = "Sessions" accounting_group = "Process accounting" account_group = "Account" server_group = "Server" player_group = "Player" users_group = "Users" caching_group = "Caching" filtering_group = "Filtering" security_group = "Security" chat_room_group = "Chat rooms" source_group = "Source" destination_group = "Destination" translated_group = "Translated" authentication_group = "Authentication" actions_group = "Actions" processes_group = "Processes" other_group = "Other" stream_information_group = "Stream information" client_information_group = "Client information" tcp_flags_group = "TCP flags" tcp_group = "TCP" snmp_group = "SNMP" icmp_group = "ICMP" ntp_group = "NTP" dns_group = "DNS" startup_shutdown_group = "Startup/Shutdown" connections_group = "Connections" packet_logging_group = "Packet Logging" dhcp_group = "DHCP" netcon_group = "NetCon" all_sites_group = "All Sites" overview_group = "Overview" failed_logins_group = "Failed Logins" logins_group = "Logins" top_hours_group = "Top Hours" weekdays_group = "Weekdays" av_group = "AntiVirus" ip_filter = "IP Filter" event_group = "Event Log" partner_group = "Partner" meta_group = "Meta" # autodesk_network_license_manager product_information_group = "Product Information" information_group = "Information" authentication_group = "Authentication" date_time_reports_group = "Date / Time Reports" # cisco_waas_tcp_proxy results_group = "Results" # trend_micro_control_manager (groups) viruses_group = "Viruses" spyware_group = "Spyware" email_content_security_group = "Email Content Security" web_security_group = "Web Security" admin_group = "Admin" # interscan_web_security_suite url_filtering_group = "URL Filtering" executive_group = "Executive" # terraplay groups session_group = "Session" client_group = "Client" # ias_csv tunnel_group = "Tunnel" # microsoft_exchange2000 sender_group = "Sender" recipient_group = "Recipient" message_group = "Message" # tfs_mailreport_extended attachments_group = "Attachments" policies_group = "Policies" messages_group = "Messages" # nortel_ssl_vpn vpn_group = "VPN" syslog_group = "Syslog" # juniper_netscreen_secure_access meeting_group = "Meetings" # centricity_pacs physician_group = "Physicians" procedure_group = "Procedures" patient_group = "Patients" # cwat (this is now cwat_alert and has different groups) alerts_group = "Alerts" suspicious_events_group = "Suspicious Events" #actions_group = "Actions" mail_group = "Mail" viruses_group = "Viruses" alerts_by_priority_group = "Alerts by Priority" alerts_by_usergroup_group = "Alerts by Usergroup" alerts_by_month_group = "Alerts by Month" # aventail_client_server_access (groups) connect_tunnel_group = "Connect Tunnel" backend_server_flows_group = "Backend Server Flows" connect_proxy_group = "Connect Proxy" # tivoli_access_manager_webseal target_group = "Targets" resource_group = "Resources" outcome_group = "Outcomes" accessor_group = "Accessors" originator_group = "Originators" # forti_gate policy_change_group = "Policy Change" # juniper_secure_access_vpn_ssl host_checker_group = "Host Checker" # iron_port compliance_group = "Compliance" resources_group = "Resources" # sun_one_directory_server_audit changes_group = "Changes" # oracle_audit system_group = "System" # tfs_mailreport_extended attachments_group = "Attachments" policies_group = "Policies" messages_group = "Messages" # aruba_wireless_switch ap_group = "AP" vlan_group = "VLAN" # microsoft_exchange_2007_csv agent_group = "Agent" send_receive_group = "Send/Receive" message_tracking_group = "Message Tracking" # bomgar_box permissions_group = "Permissions" main_group = "Main" # unreal_media_server accesses_group = "Accesses" # cisco_pix crypto_group = "Crypto" # cisco_vpnconcentrator remote_group = "Remote" local_group = "Local" # site_guard cache_group = "Cache" # email_security_appliance senders_group = "Senders" recipients_group = "Recipients" # clavister_sg connection_group = "Connections" # gateway_reports snapon gateway_usage_group = "Usage" # mail_server_report snapon mail_server_reports_group = "Mail Server Usage" # media_usage snapon media_usage_group = "Media Usage" # coradiant_object_v2 error_group = "Errors" geo_group = "Geo" custom_group = "Custom" # forefront_thread_management_gateway filter_group = "Filtering" threat_group = "Threats" } # groups reports = { overview = "Overview" dashboard = "Dashboard" log_detail = "Log Detail" sessions_overview = "Sessions Overview" session_paths = "Sessions Paths" session_page_paths = "Paths Through a Page" entry_pages = "Entry Pages" exit_pages = "Exit Pages" session_pages = "Session Pages" session_users = "Session Users" individual_sessions = "Individual Sessions" search_phrase_by_search_engine = "Search phrases by search engine" chat_detail = "Chat Details" broken_links = "Broken links" threat_detail = "Threat Detail" # trend_micro_control_manager (reports) computer_name_virus = "Computer names (Virus)" infect_source_virus = "Infect sources (Virus)" infect_destination_virus = "Infect destinations (Virus)" virus_virus = "Viruses (Virus)" product_virus = "Products (Virus)" pattern_virus = "Patterns (Virus)" file_name_virus = "File names (Virus)" file_path_virus = "File paths (Virus)" first_action_virus = "First actions (Virus)" first_action_result_virus = "First action results (Virus)" second_action_virus = "Second actions (Virus)" second_action_result_virus = "Second action results (Virus)" login_user_name_virus = "Login user names (Virus)" engine_virus = "Engines (Virus)" computer_name_spyware = "Computer names (Spyware)" infect_source_spyware = "Infect sources (Spyware)" infect_destination_spyware = "Infect destinations (Spyware)" virus_spyware = "Viruses (Spyware)" product_spyware = "Products (Spyware)" pattern_spyware = "Patterns (Spyware)" file_name_spyware = "File names (Spyware)" file_path_spyware = "File paths (Spyware)" first_action_spyware = "First actions (Spyware)" first_action_result_spyware = "First action results (Spyware)" second_action_spyware = "Second actions (Spyware)" second_action_result_spyware = "Second action results (Spyware)" login_user_name_spyware = "Login user names (Spyware)" engine_spyware = "Engines (Virus)" computer_name_email_content = "Computer names (Email)" message_id_email_content = "Message IDs (Email)" sender_email_content = "Senders (Email)" recipient_email_content = "Recipients (Email)" policy_name_email_content = "Policy names (Email)" policy_settings_email_content = "Policy settings (Email)" action_on_content_email_content = "Action on content (Email)" action_on_message_email_content = "Action on message (Email)" subject_email_content = "Subject (Email)" computer_name_web = "Computer names (Web)" # du (reports) filenames_directories = "Filenames/directories" # interscan_web_security_suite user_access = "Users (Access)" location_access = "Countries/Regions/Cities (Access)" domain_description_access = "Domain descriptions (Access)" user_virus = "Users (Virus)" location_virus = "Countries/Regions/Cities (Virus)" domain_description_virus = "Domain descriptions (Virus)" user_url_filtering = "Users (URL Filtering)" location_url_filtering = "Countries/Regions/Cities (URL Filtering)" domain_description_url_filtering = "Domain descriptions (URL Filtering)" executive_user = "Users" executive_domain = "Domains" executive_blocked_url = "Blocked URLs" executive_path = "Files" executive_file_type = "File types" executive_trend_category = "Trend Categories" # zeus_g (reports) search_phrases_by_search_engine = "Search phrases by search engine" search_phrases_by_paid_search_engine = "Search phrases by PPCSE" paid_search_engine = "Paid search engines" keywords_by_se_orders = "Keywords by SE/Orders" keywords_by_se_items = "Keywords by SE/Items" # interscan_messaging_security_suite_integrated attachments_by_sender = "Attachments by sender" # aventail_client_server_access aventail_client_server_access = { overview = "Overview" date_time = "Date/time" days = "Days" day_of_week = "Day of week" hour_of_day = "Hour of day" source_host = "Source host" location = "Source location" dest_host = "Destination host" dest_port = "Destination port" user_name = "Username" auth_method = "Authentication method" status = "Status" realm = "Realm" group_report = "Group" sessions_overview = "Sessions overview" session_users = "Session users" individual_sessions = "Individual sessions" connect_tunnel_overview = "Overview (CT)" connect_tunnel_date_time = "Date/time (CT)" connect_tunnel_days = "Days (CT)" connect_tunnel_day_of_week = "Day of week (CT)" connect_tunnel_hour_of_day = "Hour of day (CT)" connect_tunnel_source_host = "Source host (CT)" connect_tunnel_location = "Source location (CT)" connect_tunnel_dest_host = "Destination host (CT)" connect_tunnel_dest_port = "Destination port (CT)" connect_tunnel_user_name = "Username (CT)" connect_tunnel_dn = "DN (CT)" connect_tunnel_auth_method = "Authentication method (CT)" connect_tunnel_protocol = "Protocol (CT)" connect_tunnel_status = "Status (CT)" connect_tunnel_realm = "Realm (CT)" connect_tunnel_equipment_id = "Equipment ID (CT)" connect_tunnel_group_report = "Group (CT)" connect_tunnel_sessions_overview = "Sessions overview (CT)" connect_tunnel_session_users = "Session users (CT)" connect_tunnel_individual_sessions = "Individual sessions (CT)" connect_proxy_overview = "Overview (CP)" connect_proxy_date_time = "Date/time (CP)" connect_proxy_days = "Days (CP)" connect_proxy_day_of_week = "Day of week (CP)" connect_proxy_hour_of_day = "Hour of day (CP)" connect_proxy_source_host = "Source host (CP)" connect_proxy_location = "Source location (CP)" connect_proxy_dest_host = "Destination host (CP)" connect_proxy_dest_port = "Destination port (CP)" connect_proxy_user_name = "Username (CP)" connect_proxy_dn = "DN (CP)" connect_proxy_auth_method = "Authentication method (CP)" connect_proxy_status = "Status (CP)" connect_proxy_realm = "Realm (CP)" connect_proxy_equipment_id = "Equipment ID (CP)" connect_proxy_group_report = "Group (CP)" connect_proxy_sessions_overview = "Sessions overview (CP)" connect_proxy_session_users = "Session users (CP)" connect_proxy_individual_sessions = "Individual sessions (CP)" backend_server_flows_overview = "Overview (BSF)" backend_server_flows_date_time = "Date/time (BSF)" backend_server_flows_days = "Days (BSF)" backend_server_flows_day_of_week = "Day of week (BSF)" backend_server_flows_hour_of_day = "Hour of day (BSF)" backend_server_flows_source_host = "Source host (BSF)" backend_server_flows_location = "Source location (BSF)" backend_server_flows_dest_host = "Destination host (BSF)" backend_server_flows_dest_port = "Destination port (BSF)" backend_server_flows_user_name = "Username (BSF)" backend_server_flows_dn = "DN (BSF)" backend_server_flows_auth_method = "Authentication method (BSF)" backend_server_flows_protocol = "Protocol (BSF)" backend_server_flows_status = "Status (BSF)" backend_server_flows_realm = "Realm (BSF)" backend_server_flows_equipment_id = "Equipment ID (BSF)" backend_server_flows_group_report = "Group (BSF)" backend_server_flows_sessions_overview = "Sessions overview (BSF)" backend_server_flows_session_users = "Session users (BSF)" backend_server_flows_individual_sessions = "Individual sessions (BSF)" } # aventail_client_server_access # zyxel_firewall_welf idp = "IDP" anti_virus = "Anti-virus" anti_spam = "Anti-spam" vpn = "VPN" web_block = "Web-block" # ironport_sseries_full internet_tools = "Internet Tools" legal_liability = "Legal Liability" productivity_loss = "Productivity Loss" business_usage = "Business Usage" warning_security_risks = "Warning Security Risks" critical_security_risks = "Critical Security Risks" bandwidth_loss = "Bandwidth Loss" bandwidth_gain = "Bandwidth Gain" date_time = "Date/time" days = "Days" day_of_week = "Day of week" top_malware = "Top Malware ID" malware_by_user = "Malware By User" malware_by_client = "Malware By Client" malware_by_category = "Malware By Category" malware_by_site = "Malware By Site" top_sites = "Top Sites" top_clients = "Top Clients" top_users = "Top Users" top_categories = "Top Categories" time_per_site = "Time Per Site" time_per_client = "Time Per Client" url_categories_problems = "URL Categories Problems" # ironport antispam_result = "antispam result" antivirus_result = "antivirus result" # cell_ips category_detail = "category detail" # aar_report zone_placement = "Zone Placement" failed_device_profile = "Failed Device Profile" concurrent_users_day = "Maximum Concurrent Users (Past Day)" concurrent_users_week = "Maximum Concurrent Users (Past Week)" concurrent_users_month = "Maximum Concurrent Users (Past Month)" failed_user_authentication = "Failed User Authentication" } # reports } # menu sessions_overview = { label = "Sessions overview" total_session_users = "Total session users" total_sessions = "Total sessions" total_session_events = "Total session events" total_days = "Total days" sessions_per_day = "Sessions per day" repeat_users = "Repeat users" sessions_by_one_time_users = "Sessions by one-time users" sessions_by_repeat_users = "Sessions by repeat users" one_time_users = "One-time users" two_time_users = "Two-time users" three_time_users = "Three-time users" four_time_users = "Four-time users" five_time_users = "Five-time users" more_time_users = "Six+-time users" average_sessions_per_user = "Average sessions per user" median_sessions_per_user = "Median sessions per user" total_session_duration = "Total duration of all sessions" average_session_duration = "Average session duration" average_accesses_per_session = "Average accesses per session" maximum_concurrent_sessions = "Maximum concurrent sessions" } # sessions_overview session_pages = { label = "Session pages" sessions = "Sessions" page = "Page" events = "Events" time_spent = "Time spent" } # sessions_pages session_users = { label = "Session users" sessions = "Sessions" user = "User" events = "Events" time_spent = "Time spent" } # sessions_users session_paths = { label = "Session paths" of_sessions = "Out of $param1 sessions, ..." started_at = "started at" then_went_to = "then went to" then_ended = "then ended" more_sessions = "$sessions more sessions..." max_number_of_rows_label = "Maximum number of rows to add upon expand" reset_collapse_all = "Reset/Collapse All" more_rows = "more rows" zero_events_no_data_returned = "0 events, no data returned in query" } # sessions_pages session_page_paths = { label = "Paths through a page" pages = "Pages" show_paths_button = "Show Paths" page_paths_page_of_label = "Of the $param1 events for $param2" page_paths_page_is_empty_message = "Please define a page name." page_names_lookup_label = "Page Lookup" lookup_pages = "Lookup Pages" page_names_lookup_search_result_label = "Page Lookup Search Result" page_label = "Page" from_label = "from" no_pages_found_info = "No pages found" page_names_lookup_search_label = "Page name or pages path contains:" predecessor_info = "came from" no_predecessor_info = "started at" successor_info = "went to" no_successor_info = "ended at" more_rows = "more..." n_more_pages = "$pages_remaining more pages" n_is_unknown_page = "$page is an unknown page or there are no events on this page." loading_info = "Loading ..." pages_from_to_of_total_rows = "Pages $param1 - $param2 of $param3" } # session_page_paths individual_sessions = { label = "Individual sessions" session_id = "Session ID" user = "User" start_time = "Start Time" end_time = "End Time" } # individual_sessions entry_pages = { label = "Entry pages" } # entry_pages # This should be a phrase or string which dividers database field names in the name of # multi-column report. E.g., if this is " by ", then the name of a report showing pages # and IPs will be "page by IP". Or if this is "/", the report name will be "page/IP". multi_column_report_divider = " by " # Obsoleted by the line above, but here for compatibility with legacy profiles search_phrases_by_search_engine.label = "Search phrases by search engine" firegen_view = { label = "FireGen™ View" } # firegen_view log_detail = { label = "Log detail" } # log_detail single_page_summary = { label = "Single-page Summary" } # single_page_summary urls_by_client_ip = { label = "URLs by client IP" } # urls_by_client_ip exit_pages = { label = "Exit pages" } # exit_pages # This specifies the divider to use between three-digit groups in large integers, # and the divider to use between the integer and decimal (fractional) portion of numbers. # For instance, with thousands_divider="," and decimal_divider=".", 1 million divided by three # would be represented as 333,333.333 (to three decimal points). # With thousands_divider="." and decimal_divider=",", 1 million divided by three # would be represented as 333.333,333 (to three decimal points). numbers = { thousands_divider = "," decimal_divider = "." } # This specifies the date/time text representation in reports # and messages. # # Date/time Format # token specifier Description # ---------------------------------------------------------------------------- # Day %e The day of the month, from 1 through 31. # Day %d The day of the month, from 01 through 31. # Month %b The abbreviated name of the month (Jan, Feb, Mar, ...). # Month %B The full name of the month (January, February, March, ...) # Month %m The month, from 01 through 12. # Year %y The year, from 00 to 99. # Year %Y The year as a four-digit number. # Hour %I The hour, using a 12-hour clock from 01 to 12. # Hour %H The hour, using a 24-hour clock from 00 to 23. # Minute %M The minute, from 00 through 59. # Second %S The second, from 00 through 59. # AM/PM %p The AM/PM designator. # date_time_format examples Date/time text representation # %e/%b/%Y %H:%M:%S 5/Feb/2012 18:30:24 # %d/%b/%Y %H:%M:%S 05/Feb/2012 18:30:24 # %d-%m-%y %H:%M:%S 28-4-12 15:30:24 # %Y/%m/%d %I:%M:%s %p 2012/4/28 3:30:24 PM # %B %Y April 2012 date_time_format = { # This specifies the date/time format in reports and messages. year = "%Y" # used for raw dates like __/___/2012 __:__:__ month_year = "%b/%Y" # used for raw dates like __/Apr/2012 __:__:__ date = "%d/%b/%Y" # used for raw dates like 09/Apr/2012 __:__:__ date_time = "%d/%b/%Y %H:%M:%S" # used for raw dates like 09/Apr/2012 18:30:02 date_hours = "%d/%b/%Y %H" # used for raw dates like 09/Apr/2012 18:__:__ date_hours_minutes = "%d/%b/%Y %H:%M" # used for raw dates like 09/Apr/2012 18:30:__ } # date_time_format # These are the rules that we use to pluralize words. # These rules are based on regular expressions; see the documentation # on regular expressions for information about how to use them. In brief, # put ^ at the beginning of the word, $ and the end, (.*) where the word stem goes, # and an ending. Then put " -> ", and the pluralized version, with $1 # where the word stem goes. You can have as many rules as you want; $PRODUCT_NAME will # try them all in order until it gets to an undefined rule number. # If one rule succeeds, the translation is done. If none of the rules match, # we use the word itself as its own plural. # # Note: the uncommon "Latin" pluralization which converts -us to -i (e.g. cactus->cacti) is omitted here, # because most -us words actually pluralized as -uses. If necessary, another rule can be added # if a latin pluralization is needed. # # Due to English's general lack of any sort of consistent spelling rules, # this will not work for all plurals, but it does a pretty good job for most of them. pluralize = { # Special case for the phrases "hour of day" and "day of week", which should be pluralized as "hours of day" and "days of week" x_of_y = "^([^ ]+) of ([^ ]+)$ -> $1s of $2" # English words ending in -Xy, where X is a consonant, are pluralized by replacing the y with ies. # E.g. city -> cities, party -> parties. y_to_ies = "^(.*[^aeiou])y$ -> $1ies" # English words ending in -Xs where X is a vowel, have an extra s added, followed by es. E.g. bus->busses. # Disabled for now, because it gives very strange results when the field name is already plural e.g. bytes->bytesses. # Best to leave words ending in s alone, I think, when pluralizing-- it might miss some, but overall will do better. # s_to_sses = "^(.*[aeiouy]s)$ -> $1ses" # English words ending in -s where the s does *not* follow a vowel are often pluralized by adding -es, e.g. toss->tosses. # BUT, because in many cases, field names are plural to begin with (e.g. recipients), # Words ending in -s are for the moment assumed to be plural already, and are not re-pluralized. # Words ending in -ss or -x are assumed to be singular, and are pluralized by adding -es, e.g. address->addresses, mailbox->mailboxes. #PLURALIZE_RULE_3 "^(.*s)$ -> $1es" ss_to_sses = "^(.*ss)$ -> $1es" x_to_xes = "^(.*x)$ -> $1es" s_to_s = "^(.*s)$ -> $1" # A phrase ending with "elapsed" should not be pluralized. leave_elapsed = "^(.*elapsed)$ -> $1" # The word "data", or a phrase ending with "data", is already plural, and should not be pluralized. leave_data = "^(.*data)$ -> $1" # The word "information", or a phrase ending with "information", should be left alone by the pluralizer. leave_information = "^(.*information)$ -> $1" # Most other English words are pluralized by adding -s. add_s = "^(.*)$ -> $1s" } # pluralize # These are the rules that $PRODUCT_NAME uses to capitalize words. # These rules are based on regular expressions; see the documentation # on regular expressions for information about how to use them. In brief, # put ^ at the beginning of the word, $ and the end, (.*) any place you want # to remember a section of the word to use in the capitalized version. # Then put %22 -> %22, and the pluralized version, with $1 first remembered section goes, # $2 for the second, etc. You can have as many rules as you want; $PRODUCT_NAME will # try them all in order until it gets to an undefined rule number. # If one rule succeeds, the translation is done. If none of the rules match, # $PRODUCT_NAME uses the word itself as its own capitalization. capitalize = { a = "^a(.*)$ -> A$1" b = "^b(.*)$ -> B$1" c = "^c(.*)$ -> C$1" d = "^d(.*)$ -> D$1" e = "^e(.*)$ -> E$1" f = "^f(.*)$ -> F$1" g = "^g(.*)$ -> G$1" h = "^h(.*)$ -> H$1" i = "^i(.*)$ -> I$1" j = "^j(.*)$ -> J$1" k = "^k(.*)$ -> K$1" l = "^l(.*)$ -> L$1" m = "^m(.*)$ -> M$1" n = "^n(.*)$ -> N$1" o = "^o(.*)$ -> O$1" p = "^p(.*)$ -> P$1" q = "^q(.*)$ -> Q$1" r = "^r(.*)$ -> R$1" s = "^s(.*)$ -> S$1" t = "^t(.*)$ -> T$1" u = "^u(.*)$ -> U$1" v = "^v(.*)$ -> V$1" w = "^w(.*)$ -> W$1" x = "^x(.*)$ -> X$1" y = "^y(.*)$ -> Y$1" z = "^z(.*)$ -> Z$1" } # capitalize # first_weekday and marked_weekday specify default # values for the calendar, date picker and chronological # graphs weekday display. # first_weekday defines the weekday which is displayed as # first day in the month display. marked_weekday specifies # the day which is displayed in a more prominent color # than the other weekdays. Define a letter from 1 - 7 for first_weekday # and marked_weekday. (1 = Sunday, 2 = Monday, ..., 7 = Saturday) first_weekday = 1 marked_weekday = 1 weekdays = { 1 = "Sunday" 2 = "Monday" 3 = "Tuesday" 4 = "Wednesday" 5 = "Thursday" 6 = "Friday" 7 = "Saturday" corrupt_date_time = "corrupt date/time" } # weekdays weekdays_short = { 1 = "S" 2 = "M" 3 = "T" 4 = "W" 5 = "T" 6 = "F" 7 = "S" } # weekdays_short weekdays_twoletter = { 1 = "Su" 2 = "Mo" 3 = "Tu" 4 = "We" 5 = "Th" 6 = "Fr" 7 = "Sa" } # weekdays_twoletter hours = { 0 = "midnight - 1:00 AM" 1 = "1:00 AM - 2:00 AM" 2 = "2:00 AM - 3:00 AM" 3 = "3:00 AM - 4:00 AM" 4 = "4:00 AM - 5:00 AM" 5 = "5:00 AM - 6:00 AM" 6 = "6:00 AM - 7:00 AM" 7 = "7:00 AM - 8:00 AM" 8 = "8:00 AM - 9:00 AM" 9 = "9:00 AM - 10:00 AM" 10 = "10:00 AM - 11:00 AM" 11 = "11:00 AM - noon" 12 = "noon - 1:00 PM" 13 = "1:00 PM - 2:00 PM" 14 = "2:00 PM - 3:00 PM" 15 = "3:00 PM - 4:00 PM" 16 = "4:00 PM - 5:00 PM" 17 = "5:00 PM - 6:00 PM" 18 = "6:00 PM - 7:00 PM" 19 = "7:00 PM - 8:00 PM" 20 = "8:00 PM - 9:00 PM" 21 = "9:00 PM - 10:00 PM" 22 = "10:00 PM - 11:00 PM" 23 = "11:00 PM - midnight" } # hours hours_on_graph = { 0 = "0:00 midn." 1 = "1:00 am" 2 = "2:00 am" 3 = "3:00 am" 4 = "4:00 am" 5 = "5:00 am" 6 = "6:00 am" 7 = "7:00 am" 8 = "8:00 am" 9 = "9:00 am" 10 = "10:00 am" 11 = "11:00 am" 12 = "12:00 noon" 13 = "1:00 pm" 14 = "2:00 pm" 15 = "3:00 pm" 16 = "4:00 pm" 17 = "5:00 pm" 18 = "6:00 pm" 19 = "7:00 pm" 20 = "8:00 pm" 21 = "9:00 pm" 22 = "10:00 pm" 23 = "11:00 pm" } # hours_on_graph quarter_short = "Q" months = { 1 = "January" 2 = "February" 3 = "March" 4 = "April" 5 = "May" 6 = "June" 7 = "July" 8 = "August" 9 = "September" 10 = "October" 11 = "November" 12 = "December" } # months months_short = { Jan = "Jan" Feb = "Feb" Mar = "Mar" Apr = "Apr" May = "May" Jun = "Jun" Jul = "Jul" Aug = "Aug" Sep = "Sep" Oct = "Oct" Nov = "Nov" Dec = "Dec" } # months_short duration = { year = "year" month = "month" day = "day" hour = "hour" minute = "minute" second = "second" # This generates a 10y20d format for 10 years, 20 days, and 20d for 20 days. # Change this as appropriate for the language compact_year_day = "$(internal.duration.years)y $(internal.duration.days)d " compact_day = "$(internal.duration.days)d " # This calculates durations. It does not usually have to be translated. # It will display them as "Y years, D days, H hours, M minutes, S seconds", # using the unit words above. Unless this format is inappropriate for the language, # everything from here to "END calculation" can be left unmodified calculation = "{= subroutine(duration_multi(string unit, int value, bool more), ( if (value == 0) then ''; else ( if (value == 1) then print('1 $unit'); else value . ' ' . pluralize(unit); if (more) then ', '; ); )); subroutine(duration_hms(string unit, int value), ( if (length(value) == 1) then '0'; value; )); string total_duration = ''; if (internal.duration.compact) then ( if (internal.duration.years > 0) and (internal.duration.days > 0) then total_duration .= lang_stats.duration.compact_year_day; else if (internal.duration.days > 0) then total_duration .= lang_stats.duration.compact_day; ) else ( total_duration .= duration_multi(lang_stats.duration.year, internal.duration.years, true); total_duration .= duration_multi(lang_stats.duration.day, internal.duration.days, true); ); if (!internal.duration.compact) then ( total_duration .= duration_multi(lang_stats.duration.hour, internal.duration.hours, true); total_duration .= duration_multi(lang_stats.duration.minute, internal.duration.minutes, true); total_duration .= duration_multi(lang_stats.duration.second, internal.duration.seconds, false); if (length(total_duration) == 0) then total_duration = '0 ' . pluralize(lang_stats.duration.second); ) else ( total_duration .= duration_hms(lang_stats.duration.hour, internal.duration.hours); total_duration .= ':'; total_duration .= duration_hms(lang_stats.duration.minute, internal.duration.minutes); total_duration .= ':'; total_duration .= duration_hms(lang_stats.duration.second, internal.duration.seconds); ); total_duration; =}" # END calculation } # duration progress = { step_number_info = "(Step $param1 of $param2)" canceling_task_info = "Canceling task, please wait." task_canceled_info = "The task has been cancelled." confirm_cancel_task = "Confirm Cancel Task" confirm_cancel_task_message = "Are you sure you want to cancel the current task?" progress_label = "Progress" receiving_progress_information = "Receiving progress information. Please wait..." loading_report = "Loading report" loading_document = "Loading document" loading = "Loading" receiving_data = "Receiving data; please wait." progress_prediction_minor_label = "Collecting progress information" progress_prediction_description = "Progress predection might take several minutes, please wait." checking_for_progress_info = "Checking for progress information, please wait." progress_prediction_label = "Progress Prediction" collecting_progress_information_info = "Generating report and collecting progress information, please wait." receiving_progress_data_info = "Receiving progress information, please wait." database_is_processing_info = "Database is processing." processing_steps_label = "Processing steps" elapsed_time_label = "Elapsed time" remaining_time_label = "Remaining time" percent_complete_label = "Complete" processing_one_of_many_steps_label = "Processing step $param1 of $param2" # processing_details_label = "Processing details" # show_processing_details_button = "Show processing details" # hide_processing_details_button = "Hide processing details" show_details = "Show Details" hide_details = "Hide Details" warnings = "Warnings" reading_command = "Reading output of command: $param1" reading_odbc = "Reading log data using ODBC" # reading_log_file = "Reading log file: $param1" reading_log_file = "Reading log file: {=convert_local_code_page_to_utf8(param1)=}" reading_stdin = "Reading log data from standard input stream" writing_database = "Consolidating and writing database" building_indices = "Building database indices" preparing_to_consolidate = "Preparing to consolidate database" configuration_name = "Profile name" expiring_hits_before = "Expiring hits before $param1" deleting_unused_items = "Deleting unused items from database" converting_database = "Converting database segments" starting_safe_update = "Starting safe update" details_label = "Show/Hide Processing Details" log_entries_processed_label = "Log lines processed" log_bytes_processed_label = "Log bytes processed" log_entries_accepted_label = "Log entries accepted" time_elapsed_label = "Time elapsed" consolidation_time_spent_label = "Time spent consolidating database" average_processing_speed_label = "Average processing speed" current_processing_speed_label = "Current processing speed" entries_bytes_per_second_value = "$internal.progress.entries_per_second entries per second; $internal.progress.bytes_per_second per second" estimated_time_remaining_label = "Estimated time remaining" dns_lookups_attempted_label = "DNS lookups attempted" dns_lookups_succeeded_network_label = "DNS lookups succeeded (from network)" dns_lookups_succeeded_cache_label = "DNS lookups succeeded (from cache)" dns_lookups_failed_label = "DNS lookups failed" dns_lookups_timed_out_label = "DNS lookups timed out" memory_used_by_write_buffer = "Memory used by database write buffer" disk_used_by_write_buffer = "Disk space used by database write buffer" memory_used_by_visitor_info = "Memory used by visitor lists" memory_used_by_largest_segment = "Memory used by largest database segment" memory_used_by_field_names = "Memory used by $internal.field_name index" more_information = "More information" getting_http_data = "Getting data by HTTP from $volatile.log_source_http_hostname" querying_table_values = "Querying table values from the database ($total_table_rows rows)" creating_session_table = "Creating session table" collecting_new_session_events = "Collecting new session events from main table" computing_new_session_users = "Computing new session users" transferring_new_session_events = "Transferring old events from new users to update table" removing_updated_sessions = "Removing old session events from new users from session table" removing_updated_sessions_join = "Removing old session events from new users from session join table" analyzing_new_session_events = "Analyzing new sessions" adding_new_events_to_sessions = "Adding new session events to sessions table" adding_new_events_to_sessions_join = "Adding new session events to sessions join table" indexing_sessions_join = "Indexing sessions join table" building_hierarchy_table = "Building hierarchy table for $param1" collecting_flattened_data = "Collecting bottom-level item data for statistics display" building_table_rows = "Building the table rows" building_xref_table = "Building cross-reference table $param1 of $param3 ($param2)" updating_xref_table = "Updating cross-reference table $param1 ($param2)" building_index = "Building index $param1 of $param3 ($param2)" updating_normalization_table = "Updating normalization (itemnum) table ($param1)" generating_subview = "Generating %22$SUBVIEWNAME%22 section ($SUBVIEWNUM of $NUMSUBVIEWS)" percent_complete = "Percent complete" processing_please_wait = "Processing--Please Wait..." skipping_previously_seen_data = "Skipping previously-seen data" combining_multisegment_xref = "Combining multisegment cross-reference table for query" querying_main_table = "Querying database main table" downloading_file = "Downloading/processing file $param1" scanning_log_source = "Scanning log source $lang_stats.directory: $param1" preparing_update_database = "Preparing update database" preparing_build_database = "Preparing build database" init_database = "Initializing database" erasing_existing_database_data = "Erasing existing database data." generating_report = "Generating report" waiting_for_database = "Waiting for database (real-time)" scanning_itemnum_table_for_hierarchy = "Scanning itemnum table ($hierarchydbfield)" creating_bottomlevelitems_table = "Creating bottom-level items table ($hierarchydbfield)" creating_subitems_table = "Creating subitems table ($hierarchydbfield)" indexing_bli_bli = "Indexing bottom-level items field of bottom-level items table ($hierarchydbfield)" indexing_bli_superitem = "Indexing subitems field of bottom-level items table ($hierarchydbfield)" indexing_subitems_superitem = "Indexing superitems field of subitems table ($hierarchydbfield)" indexing_subitems_subitems = "Indexing subitems field of subitems table ($hierarchydbfield)" computing_hierarchical_xref_table = "Writing hierarchical xref table: $xrefgrouplabel" writing_xref_table = "Writing xref table: $xrefgrouplabel" querying_database_filter_partition = "Running database filters, partition $partitionnum [0%]" # querying_database_filter_substep_sorting = "sorting {0%}" percent_substep_querying = "querying" percent_substep_sorting = "sorting" percent_substep_merging = "merging" percent_substep_filtering = "filtering" major_task = { # label = Operation build_database = "Building database" update_database = "Updating database" remove_database_data = "Removing data from database" convert_61_database = "Converting 6.0/6.1 database" view_statistics = "Generating report" generate_html_files = "Generating HTML files" start_parsing_server = "Parsing server (multiprocessor log parsing)" unknown = "Unknown" process_logs = "Processing logs" update_database_filters = "Updating database filters" export_database = "Exporting database" import_database = "Importing database" attaching_snapon = "Attaching snapon" detaching_snapon = "Detaching snapon" } # major_task step = { reading_log_data = "Reading log data" delete_unused_subitems = "Deleting unused subitems" merging_items = "Merging database items" merging_subitems = "Merging database subitems" merging_main_table = "Merging database main table" merging_xref_tables = "Merging database cross-reference tables" creating_hierarchical_xref_tables = "Creating hierarchical xref tables" removing_database_data = "Removing data from main table" deleting_unused_items = "Deleting unused items" querying_log_detail = "Querying log detail from main table" collecting_table_data = "Collecting data from xref table" collecting_table_data_main_table = "Collecting data from main table" integrating_table_data = "Integrating collected data into table" querying_table_values = "Querying table values" computing_overview = "Computing Overview" generating_report_table = "Generating report table" ### generating_table_display = "Generating table display" generating_display = "Generating display" computing_session_information = "Computing session information" generating_report = "Generating report" loading_filtered_session_logfile = "Loading filtered session information" computing_filtered_session_information = "Computing filtered session information" loading_session_logfile = "Loading session information" collecting_session_information = "Collecting session information" splitting_sessions = "Splitting/eliminating sessions with timeout and maximum duration" adding_logfile_indices = "Adding indices to main table" building_xref_tables = "Building cross-reference tables" building_hierarchy_tables = "Building hierarchy tables" applying_database_filters = "Applying database filters" scanning_log_source = "Scanning log source for matching files" scanning_itemnum_table_for_hierarchy = "Scanning itemnum table" creating_bottomlevelitems_table = "Creating bottom-level items table" creating_subitems_table = "Creating subitems table" indexing_bli_bli = "Indexing bottom-level items field of bottom-level items table" indexing_bli_superitem = "Indexing subitems field of bottom-level items table" indexing_subitems_superitem = "Indexing superitems field of subitems table" indexing_subitems_subitems = "Indexing subitems field of subitems table" building_indices_simultaneously = "Building database indices simultaneously" building_indices_separately = "Building database indices" building_xrefs_simultaneously = "Building database cross-reference tables" building_xrefs_separately = "Building database cross-reference tables" downloading_geoip_database = "Downloading the GeoIP database (14M)" subprocesses_building_indices_and_xrefs = "Waiting for subprocesses to build indices and cross-references" erasing_database = "Erasing database" computing_subtables = "Computing subtables" computing_leading_sums = "Computing leading row sums" generating_table_display = "Generating table display" detecting_log_format = "Detecting log format" indexing_main_table = "Indexing main table" updating_normalization_tables = "Updating normalization tables" computing_report_table_rows = "Computing report table rows" querying_main_table = "Querying main table for report" querying_xref_table = "Querying cross-reference table ($param1) for report" caching_report_from_query_result = "Caching report from query result" generating_report_from_cache = "Generating report from cache" exporting_itemnums = "Exporting itemnums" exporting_main_table = "Exporting main table" importing_itemnums = "Importing itemnums" importing_main_table = "Importing main table" } # step details = { log_lines_processed = "Log lines processed" average_log_lines_per_second = "Average lines per second" current_log_lines_per_second = "Current lines per second" maximum_log_lines_per_second = "Maximum lines per second" log_bytes_processed = "Log bytes processed" log_bytes_downloaded = "Log bytes downloaded" average_log_bytes_per_second = "Average bytes per second" current_log_bytes_per_second = "Current bytes per second" maximum_log_bytes_per_second = "Maximum bytes per second" log_bytes_downloaded = "Log bytes downloaded" } # details minor_task_label = "Current sub-operation" minor_minor_task_label = "Current sub-sub-operation" task_processing_file = "Processing file $param" error_in_get_progress_state = "Error in get_progress_state.cfv when reporting report progress!" error_in_get_progress_state_database = "Error in get_progress_state.cfv when reporting database progress!" report_has_been_sent = "The report has been sent." close_window = "Close Window" } # progress log_formats = { helix_universal = { turboplay = { 0|1|0 = "Off - User preference" 0|2|0 = "Off - Available bandwidth below 256 Kbps" 0|3|0 = "Off - SureStream in use" 0|4|0 = "Off - Excess rebuffering" 0|5|0 = "Off - Presentation not enabled for TurboPlay" 0|6|0 = "Off - Server not enabled for TurboPlay" 0|7|0 = "Off - Live presentation not supported" 1 = "On" "(empty)" = "(empty)" } # turboplay transport = { 0 = "IP Multicast" 1 = "UDP" 2 = "TCP" 3 = "HTTP cloaked" "(empty)" = "(empty)" } # transport clip_end = { 0 = "end of presentation reached" 1 = "stop command issued" 2 = "reconnection required" 3 = "redirection" "(empty)" = "(empty)" } # clip_end } # helix_universal snort2_syslog = { # Note to translators: these are the English versions of the Snort 2 log format rules. # They will appear only when Snort logs are analyzed. It is not necessary to translate # these unless you need Snort reports to be translated. rule = { 113 = "BACKDOOR DeepThroat access" 122 = "BACKDOOR DeepThroat 3.1 System Info Client Request" 124 = "BACKDOOR DeepThroat 3.1 FTP Status Client Request" 125 = "BACKDOOR DeepThroat 3.1 E-Mail Info From Server" 126 = "BACKDOOR DeepThroat 3.1 E-Mail Info Client Request" 127 = "BACKDOOR DeepThroat 3.1 Server Status From Server" 128 = "BACKDOOR DeepThroat 3.1 Server Status Client Request" 129 = "BACKDOOR DeepThroat 3.1 Drive Info From Server" 130 = "BACKDOOR DeepThroat 3.1 System Info From Server" 131 = "BACKDOOR DeepThroat 3.1 Drive Info Client Request" 132 = "BACKDOOR DeepThroat 3.1 Server FTP Port Change From Server" 133 = "BACKDOOR DeepThroat 3.1 Cached Passwords Client Request" 134 = "BACKDOOR DeepThroat 3.1 RAS Passwords Client Request" 135 = "BACKDOOR DeepThroat 3.1 Server Password Change Client Request" 136 = "BACKDOOR DeepThroat 3.1 Server Password Remove Client Request" 137 = "BACKDOOR DeepThroat 3.1 Rehash Client Request" 138 = "BACKDOOR DeepThroat 3.1 Server Rehash Client Request" 140 = "BACKDOOR DeepThroat 3.1 ICQ Alert OFF Client Request" 142 = "BACKDOOR DeepThroat 3.1 ICQ Alert ON Client Request" 143 = "BACKDOOR DeepThroat 3.1 Change Wallpaper Client Request" 148 = "BACKDOOR DeepThroat 3.1 Keylogger Active on Network" 149 = "BACKDOOR DeepThroat 3.1 Client Sending Data to Server on Network" 150 = "BACKDOOR DeepThroat 3.1 Server Active on Network" 154 = "BACKDOOR DeepThroat 3.1 Wrong Password" 156 = "BACKDOOR DeepThroat 3.1 Visible Window List Client Request" 160 = "BACKDOOR NetMetro Incoming Traffic" 164 = "BACKDOOR DeepThroat 3.1 Server Active on Network" 165 = "BACKDOOR DeepThroat 3.1 Keylogger on Server ON" 166 = "BACKDOOR DeepThroat 3.1 Show Picture Client Request" 167 = "BACKDOOR DeepThroat 3.1 Hide/Show Clock Client Request" 168 = "BACKDOOR DeepThroat 3.1 Hide/Show Desktop Client Request" 169 = "BACKDOOR DeepThroat 3.1 Swap Mouse Buttons Client Request" 170 = "BACKDOOR DeepThroat 3.1 Enable/Disable CTRL-ALT-DEL Client Request" 171 = "BACKDOOR DeepThroat 3.1 Freeze Mouse Client Request" 172 = "BACKDOOR DeepThroat 3.1 Show Dialog Box Client Request" 173 = "BACKDOOR DeepThroat 3.1 Show Replyable Dialog Box Client Request" 174 = "BACKDOOR DeepThroat 3.1 Hide/Show Start Button Client Request" 175 = "BACKDOOR DeepThroat 3.1 Resolution Change Client Request" 177 = "BACKDOOR DeepThroat 3.1 Keylogger on Server OFF" 179 = "BACKDOOR DeepThroat 3.1 FTP Server Port Client Request" 180 = "BACKDOOR DeepThroat 3.1 Process List Client request" 181 = "BACKDOOR DeepThroat 3.1 Close Port Scan Client Request" 182 = "BACKDOOR DeepThroat 3.1 Registry Add Client Request" 186 = "BACKDOOR DeepThroat 3.1 Monitor on/off Client Request" 187 = "BACKDOOR DeepThroat 3.1 Delete File Client Request" 188 = "BACKDOOR DeepThroat 3.1 Kill Window Client Request" 189 = "BACKDOOR DeepThroat 3.1 Disable Window Client Request" 190 = "BACKDOOR DeepThroat 3.1 Enable Window Client Request" 191 = "BACKDOOR DeepThroat 3.1 Change Window Title Client Request" 192 = "BACKDOOR DeepThroat 3.1 Hide Window Client Request" 193 = "BACKDOOR DeepThroat 3.1 Show Window Client Request" 194 = "BACKDOOR DeepThroat 3.1 Send Text to Window Client Request" 196 = "BACKDOOR DeepThroat 3.1 Hide/Show Systray Client Request" 197 = "BACKDOOR DeepThroat 3.1 Create Directory Client Request" 198 = "BACKDOOR DeepThroat 3.1 All Window List Client Request" 199 = "BACKDOOR DeepThroat 3.1 Play Sound Client Request" 200 = "BACKDOOR DeepThroat 3.1 Run Program Normal Client Request" 201 = "BACKDOOR DeepThroat 3.1 Run Program Hidden Client Request" 202 = "BACKDOOR DeepThroat 3.1 Get NET File Client Request" 203 = "BACKDOOR DeepThroat 3.1 Find File Client Request" 204 = "BACKDOOR DeepThroat 3.1 Find File Client Request" 205 = "BACKDOOR DeepThroat 3.1 HUP Modem Client Request" 206 = "BACKDOOR DeepThroat 3.1 CD ROM Open Client Request" 207 = "BACKDOOR DeepThroat 3.1 CD ROM Close Client Request" 293 = "IMAP EXPLOIT overflow" 295 = "IMAP EXPLOIT x86 linux overflow" 296 = "IMAP EXPLOIT x86 linux overflow" 297 = "IMAP EXPLOIT x86 linux overflow" 298 = "IMAP EXPLOIT x86 linux overflow" 299 = "IMAP EXPLOIT x86 linux overflow" 318 = "EXPLOIT bootp x86 bsd overfow" 319 = "EXPLOIT bootp x86 linux overflow" 338 = "FTP EXPLOIT format string" 340 = "FTP EXPLOIT overflow" 341 = "FTP EXPLOIT overflow" 342 = "FTP EXPLOIT wu-ftpd 2.6.0 site exec format string overflow Solaris 2.8" 343 = "FTP EXPLOIT wu-ftpd 2.6.0 site exec format string overflow FreeBSD" 345 = "FTP EXPLOIT wu-ftpd 2.6.0 site exec format string overflow generic" 346 = "FTP EXPLOIT wu-ftpd 2.6.0 site exec format string check" 348 = "FTP EXPLOIT wu-ftpd 2.6.0" 349 = "FTP EXPLOIT MKD overflow" 350 = "FTP EXPLOIT x86 linux overflow" 351 = "FTP EXPLOIT x86 linux overflow" 352 = "FTP EXPLOIT x86 linux overflow" 445 = "ICMP SKIP" 446 = "ICMP SKIP (Undefined Code!" 448 = "ICMP Source Quench (Undefined Code!)" 449 = "ICMP Time-To-Live Exceeded in Transit" 450 = "ICMP Time-To-Live Exceeded in Transit (Undefined Code!)" 455 = "ICMP Traceroute ipopts" 488 = "INFO Connection Closed MSG from Port 80" 490 = "INFO battle-mail traffic" 501 = "MISC source route lssre" 508 = "MISC gopher proxy" 513 = "MISC Cisco Catalyst Remote Access" 516 = "MISC SNMP NT UserList" 521 = "MISC Large UDP Packet" 529 = "NETBIOS DOS RFPoison" 534 = "NETBIOS SMB CD.." 535 = "NETBIOS SMB CD..." 536 = "NETBIOS SMB D access" 537 = "NETBIOS SMB IPC access" 538 = "NETBIOS SMB IPC access" 539 = "NETBIOS Samba clientaccess" 556 = "P2P Outbound GNUTella client request" 557 = "P2P GNUTella client request" 558 = "INFO Outbound GNUTella client request" 559 = "P2P Inbound GNUTella client request" 560 = "POLICY VNC server response" 561 = "P2P Napster Client Data" 562 = "P2P Napster Client Data" 563 = "P2P Napster Client Data" 564 = "P2P Napster Client Data" 565 = "P2P Napster Server Login" 566 = "POLICY PCAnywhere server response" 569 = "RPC snmpXdmi overflow attempt TCP" 570 = "RPC EXPLOIT ttdbserv solaris overflow" 571 = "RPC EXPLOIT ttdbserv Solaris overflow" 572 = "RPC DOS ttdbserv Solaris" 573 = "RPC AMD Overflow" 588 = "RPC portmap ttdbserv request UDP" 592 = "RPC rstatd query" 596 = "RPC portmap listing" 597 = "RPC portmap listing" 600 = "RPC EXPLOIT statdx" 601 = "RSERVICES rlogin LinuxNIS" 612 = "RPC rusers query UDP" 613 = "SCAN myscan" 615 = "SCAN SOCKS Proxy attempt" 616 = "SCAN ident version request" 617 = "SCAN ssh-research-scanner" 619 = "SCAN cybercop os probe" 622 = "SCAN ipEye SYN scan" 628 = "SCAN nmap TCP" 635 = "SCAN XTACACS logout" 636 = "SCAN cybercop udp bomb" 637 = "SCAN Webtrends Scanner UDP Probe" 647 = "SHELLCODE sparc setuid 0" 652 = "SHELLCODE Linux shellcode" 653 = "SHELLCODE x86 unicode NOOP" 656 = "SMTP EXPLOIT x86 windows CSMMail overflow" 666 = "SMTP sendmail 8.4.1 exploit" 674 = "MS-SQL xp_displayparamstmt possible buffer overflow" 675 = "MS-SQL xp_setsqlsecurity possible buffer overflow" 690 = "MS-SQL/SMB xp_printstatements possible buffer overflow" 695 = "MS-SQL/SMB xp_sprintf possible buffer overflow" 696 = "MS-SQL/SMB xp_showcolv possible buffer overflow" 697 = "MS-SQL/SMB xp_peekqueue possible buffer overflow" 698 = "MS-SQL/SMB xp_proxiedmetadata possible buffer overflow" 699 = "MS-SQL xp_printstatements possible buffer overflow" 700 = "MS-SQL/SMB xp_updatecolvbm possible buffer overflow" 701 = "MS-SQL xp_updatecolvbm possible buffer overflow" 702 = "MS-SQL/SMB xp_displayparamstmt possible buffer overflow" 703 = "MS-SQL/SMB xp_setsqlsecurity possible buffer overflow" 704 = "MS-SQL xp_sprintf possible buffer overflow" 705 = "MS-SQL xp_showcolv possible buffer overflow" 707 = "MS-SQL xp_proxiedmetadata possible buffer overflow" 709 = "TELNET 4Dgifts SGI account attempt" 710 = "TELNET EZsetup account attempt" 712 = "TELNET ld_library_path" 713 = "TELNET livingston DOS" 714 = "TELNET resolv_host_conf" 721 = "Virus - Possible pif Worm" 722 = "Virus - Possible NAVIDAD Worm" 723 = "Virus - Possible MyRomeo Worm" 729 = "Virus - Possible scr Worm" 730 = "Virus - Possible shs Worm" 732 = "Virus - Possible QAZ Worm Infection" 736 = "Virus - Successful eurocalculator execution" 737 = "Virus - Possible eurocalculator.exe file" 738 = "Virus - Possible Pikachu Pokemon Virus" 739 = "Virus - Possible Triplesix Worm" 740 = "Virus - Possible Tune.vbs" 741 = "Virus - Possible NAIL Worm" 742 = "Virus - Possible NAIL Worm" 743 = "Virus - Possible NAIL Worm" 744 = "Virus - Possible NAIL Worm" 745 = "Virus - Possible Papa Worm" 746 = "Virus - Possible Freelink Worm" 747 = "Virus - Possible Simbiosis Worm" 748 = "Virus - Possible BADASS Worm" 749 = "Virus - Possible ExploreZip.B Worm" 751 = "Virus - Possible wscript.KakWorm" 752 = "Virus Possible Suppl Worm" 753 = "Virus - Possible NewApt.Worm - theobbq.exe" 754 = "Virus - Possible Word Macro - VALE" 755 = "Virus - Possible IROK Worm" 756 = "Virus - Possible Fix2001 Worm" 757 = "Virus - Possible Y2K Zelu Trojan" 758 = "Virus - Possible The_Fly Trojan" 759 = "Virus - Possible Word Macro - VALE" 760 = "Virus - Possible Passion Worm" 761 = "Virus - Possible NewApt.Worm - cooler3.exe" 762 = "Virus - Possible NewApt.Worm - party.exe" 763 = "Virus - Possible NewApt.Worm - hog.exe" 764 = "Virus - Possible NewApt.Worm - goal1.exe" 765 = "Virus - Possible NewApt.Worm - pirate.exe" 766 = "Virus - Possible NewApt.Worm - video.exe" 767 = "Virus - Possible NewApt.Worm - baby.exe" 768 = "Virus - Possible NewApt.Worm - cooler1.exe" 769 = "Virus - Possible NewApt.Worm - boss.exe" 770 = "Virus - Possible NewApt.Worm - g-zilla.exe" 771 = "Virus - Possible ToadieE-mail Trojan" 773 = "Virus - Possible Happy99 Virus" 774 = "Virus - Possible CheckThis Trojan" 776 = "Virus - Possible NewApt.Worm - copier.exe" 777 = "Virus - Possible MyPics Worm" 778 = "Virus - Possible Babylonia - X-MAS.exe" 779 = "Virus - Possible NewApt.Worm - gadget.exe" 780 = "Virus - Possible NewApt.Worm - irnglant.exe" 781 = "Virus - Possible NewApt.Worm - casper.exe" 782 = "Virus - Possible NewApt.Worm - fborfw.exe" 783 = "Virus - Possible NewApt.Worm - saddam.exe" 784 = "Virus - Possible NewApt.Worm - bboy.exe" 785 = "Virus - Possible NewApt.Worm - monica.exe" 786 = "Virus - Possible NewApt.Worm - goal.exe" 787 = "Virus - Possible NewApt.Worm - panther.exe" 788 = "Virus - Possible NewApt.Worm - chestburst.exe" 789 = "Virus - Possible NewApt.Worm - farter.exe" 790 = "Virus - Possible Common Sense Worm" 791 = "Virus - Possible NewApt.Worm - cupid2.exe" 792 = "Virus - Possible Resume Worm" 794 = "Virus - Possible Resume Worm" 799 = "Virus - Possible Timofonica Worm" 800 = "Virus - Possible Resume Worm" 802 = "Virus - Possible Zipped Files Trojan" 808 = "WEB-CGI webdriver access" 809 = "WEB-CGI whois_raw.cgi arbitrary command execution attempt" 810 = "WEB-CGI whois_raw.cgi access" 811 = "WEB-CGI websitepro path access" 812 = "WEB-CGI webplus version access" 815 = "WEB-CGI websendmail access" 818 = "WEB-CGI dcforum.cgi access" 819 = "WEB-CGI mmstdod.cgi access" 820 = "WEB-CGI anaconda directory transversal attempt" 821 = "WEB-CGI imagemap.exe overflow attempt" 823 = "WEB-CGI cvsweb.cgi access" 825 = "WEB-CGI glimpse access" 826 = "WEB-CGI htmlscript access" 827 = "WEB-CGI info2www access" 828 = "WEB-CGI maillist.pl access" 829 = "WEB-CGI nph-test-cgi access" 830 = "WEB-CGI NPH-publish access" 832 = "WEB-CGI perl.exe access" 833 = "WEB-CGI rguest.exe access" 834 = "WEB-CGI rwwwshell.pl access" 836 = "WEB-CGI textcounter.pl access" 837 = "WEB-CGI uploader.exe access" 838 = "WEB-CGI webgais access" 839 = "WEB-CGI finger access" 840 = "WEB-CGI perlshop.cgi access" 841 = "WEB-CGI pfdisplay.cgi access" 842 = "WEB-CGI aglimpse access" 843 = "WEB-CGI anform2 access" 844 = "WEB-CGI args.bat access" 846 = "WEB-CGI bnbform.cgi access" 847 = "WEB-CGI campas access" 849 = "WEB-CGI view-source access" 850 = "WEB-CGI wais.pl access" 851 = "WEB-CGI files.pl access" 852 = "WEB-CGI wguest.exe access" 853 = "WEB-CGI wrap access" 854 = "WEB-CGI classifieds.cgi access" 855 = "WEB-CGI edit.pl access" 856 = "WEB-CGI environ.cgi access" 857 = "WEB-CGI faxsurvey access" 858 = "WEB-CGI filemail access" 859 = "WEB-CGI man.sh access" 860 = "WEB-CGI snork.bat access" 861 = "WEB-CGI w3-msql access" 862 = "WEB-CGI csh access" 863 = "WEB-CGI day5datacopier.cgi access" 864 = "WEB-CGI day5datanotifier.cgi access" 865 = "WEB-CGI ksh access" 866 = "WEB-CGI post-query access" 868 = "WEB-CGI rsh access" 869 = "WEB-CGI dumpenv.pl access" 870 = "WEB-CGI snorkerz.cmd access" 871 = "WEB-CGI survey.cgi access" 872 = "WEB-CGI tcsh access" 873 = "WEB-CGI scriptalias access" 874 = "WEB-CGI w3-msql solaris x86 access" 875 = "WEB-CGI win-c-sample.exe access" 877 = "WEB-CGI rksh access" 878 = "WEB-CGI w3tvars.pm access" 880 = "WEB-CGI LWGate access" 881 = "WEB-CGI archie access" 883 = "WEB-CGI flexform access" 884 = "WEB-CGI formmail access" 885 = "WEB-CGI bash access" 886 = "WEB-CGI phf access" 887 = "WEB-CGI www-sql access" 889 = "WEB-CGI ppdscgi.exe access" 890 = "WEB-CGI sendform.cgi access" 891 = "WEB-CGI upload.pl access" 892 = "WEB-CGI AnyForm2 access" 893 = "WEB-CGI MachineInfo access" 895 = "WEB-CGI redirect access" 896 = "WEB-CGI way-board access" 897 = "WEB-CGI pals-cgi access" 898 = "WEB-CGI commerce.cgi access" 901 = "WEB-CGI webspirs.cgi access" 902 = "WEB-CGI tstisapi.dll access" 903 = "WEB-COLDFUSION cfcache.map access" 909 = "WEB-COLDFUSION datasource username attempt" 910 = "WEB-COLDFUSION fileexists.cfm access" 911 = "WEB-COLDFUSION exprcalc access" 912 = "WEB-COLDFUSION parks access" 913 = "WEB-COLDFUSION cfappman access" 914 = "WEB-COLDFUSION beaninfo access" 915 = "WEB-COLDFUSION evaluate.cfm access" 916 = "WEB-COLDFUSION getodbcdsn access" 917 = "WEB-COLDFUSION db connections flush attempt" 918 = "WEB-COLDFUSION expeval access" 919 = "WEB-COLDFUSION datasource passwordattempt" 920 = "WEB-COLDFUSION datasource attempt" 922 = "WEB-COLDFUSION displayfile access" 923 = "WEB-COLDFUSION getodbcin attempt" 925 = "WEB-COLDFUSION mainframeset access" 926 = "WEB-COLDFUSION set odbc ini attempt" 927 = "WEB-COLDFUSION settings refresh attempt" 928 = "WEB-COLDFUSION exampleapp access" 929 = "WEB-COLDFUSION CFUSION_VERIFYMAIL access" 930 = "WEB-COLDFUSION snippets attempt" 931 = "WEB-COLDFUSION cfmlsyntaxcheck.cfm access" 932 = "WEB-COLDFUSION application.cfm access" 933 = "WEB-COLDFUSION onrequestend.cfm access" 936 = "WEB-COLDFUSION gettempdirectory.cfm access-" 937 = "WEB-FRONTPAGE _vti_rpc access" 940 = "WEB-FRONTPAGE shtml.dll access" 941 = "WEB-FRONTPAGE contents.htm access" 942 = "WEB-FRONTPAGE orders.htm access" 943 = "WEB-FRONTPAGE fpsrvadm.exe access" 944 = "WEB-FRONTPAGE fpremadm.exe access" 946 = "WEB-FRONTPAGE fpadmcgi.exe access" 947 = "WEB-FRONTPAGE orders.txt access" 949 = "WEB-FRONTPAGE registrations.htm access" 950 = "WEB-FRONTPAGE cfgwiz.exe access" 954 = "WEB-FRONTPAGE form_results.htm access" 955 = "WEB-FRONTPAGE access.cnf access" 956 = "WEB-FRONTPAGE register.txt access" 957 = "WEB-FRONTPAGE registrations.txt access" 959 = "WEB-FRONTPAGE service.pwd" 960 = "WEB-FRONTPAGE service.stp access" 961 = "WEB-FRONTPAGE services.cnf access" 962 = "WEB-FRONTPAGE shtml.exe access" 963 = "WEB-FRONTPAGE svcacl.cnf access" 964 = "WEB-FRONTPAGE users.pwd access" 965 = "WEB-FRONTPAGE writeto.cnf access" 966 = "WEB-FRONTPAGE fourdots request" 968 = "WEB-FRONTPAGE register.htm access" 984 = "WEB-IIS JET VBA access" 985 = "WEB-IIS JET VBA access" 1004 = "WEB-IIS codebrowser Exair access" 1005 = "WEB-IIS codebrowser SDK access" 1010 = "WEB-IIS encoding access" 1012 = "WEB-IIS fpcount attempt" 1013 = "WEB-IIS fpcount access" 1028 = "WEB-IIS query.asp access" 1031 = "WEB-IIS /SiteServer/Publishing/viewcode.asp access" 1032 = "WEB-IIS showcode access" 1033 = "WEB-IIS showcode access" 1034 = "WEB-IIS showcode access" 1035 = "WEB-IIS showcode access" 1036 = "WEB-IIS showcode access" 1047 = "WEB-MISC Netscape Enterprise DOS" 1048 = "WEB-MISC Netscape Enterprise directory listing attempt" 1049 = "WEB-MISC iPlanet ../../ DOS attempt" 1053 = "WEB-CGI ads.cgi command execution attempt" 1056 = "WEB-MISC Tomcat view source attempt" 1057 = "WEB-MISC ftp attempt" 1058 = "WEB-MISC xp_enumdsn attempt" 1059 = "WEB-MISC xp_filelist attempt" 1060 = "WEB-MISC xp_availablemedia attempt" 1061 = "WEB-MISC xp_cmdshell attempt" 1064 = "WEB-MISC wsh attempt" 1065 = "WEB-MISC rcmd attempt" 1068 = "WEB-MISC tftp attempt" 1069 = "WEB-MISC xp_regread attempt" 1077 = "WEB-MISC queryhit.htm access" 1078 = "WEB-MISC counter.exe access" 1081 = "WEB-MISC Netscape Servers suite DOS" 1082 = "WEB-MISC amazon 1-click cookie theft" 1083 = "WEB-MISC unify eWave ServletExec DOS" 1084 = "WEB-MISC Allaire JRUN DOS attempt" 1085 = "WEB-PHP strings overflow" 1086 = "WEB-PHP strings overflow" 1090 = "WEB-CGI Allaire Pro Web Shell attempt" 1091 = "WEB-MISC ICQ Webfront HTTP DOS" 1095 = "WEB-MISC Talentsoft Web+ Source Code view access" 1096 = "WEB-MISC Talentsoft Web+ internal IP Address access" 1097 = "WEB-CGI Talentsoft Web+ exploit attempt" 1098 = "WEB-MISC SmartWin CyberOffice Shopping Cart access" 1099 = "WEB-MISC cybercop scan" 1100 = "WEB-MISC L3retriever HTTP Probe" 1101 = "WEB-MISC Webtrends HTTP probe" 1102 = "WEB-MISC Nessus 404 probe" 1105 = "WEB-MISC BigBrother access" 1106 = "WEB-CGI Poll-it access" 1107 = "WEB-MISC ftp.pl access" 1108 = "WEB-MISC Tomcat server snoop access" 1109 = "WEB-MISC ROXEN directory list attempt" 1110 = "WEB-MISC apache source.asp file access" 1114 = "WEB-MISC prefix-get //" 1115 = "WEB-MISC ICQ webserver DOS" 1116 = "WEB-MISC Lotus DelDoc attempt" 1117 = "WEB-MISC Lotus EditDoc attempt" 1118 = "WEB-MISC ls -l" 1119 = "WEB-MISC mlog.phtml access" 1120 = "WEB-MISC mylog.phtml access" 1121 = "WEB-MISC O\\'Reilly args.bat access" 1123 = "WEB-MISC ?PageServices access" 1124 = "WEB-MISC Ecommerce check.txt access" 1125 = "WEB-MISC webcart access" 1126 = "WEB-MISC AuthChangeUrl access" 1127 = "WEB-MISC convert.bas access" 1128 = "WEB-MISC cpshost.dll access" 1130 = "WEB-MISC .wwwacl access" 1131 = "WEB-MISC .wwwacl access" 1132 = "WEB-MISC Netscape Unixware overflow" 1136 = "WEB-MISC cd.." 1138 = "WEB-MISC Cisco Web DOS attempt" 1140 = "WEB-MISC guestbook.pl access" 1141 = "WEB-MISC handler access" 1142 = "WEB-MISC /.... access" 1143 = "WEB-MISC ///cgi-bin access" 1144 = "WEB-MISC /cgi-bin/// access" 1145 = "WEB-MISC /~root access" 1146 = "WEB-MISC Ecommerce import.txt access" 1147 = "WEB-MISC cat access" 1148 = "WEB-MISC Ecommerce import.txt access" 1149 = "WEB-CGI count.cgi access" 1150 = "WEB-MISC Domino catalog.nsf access" 1151 = "WEB-MISC Domino domcfg.nsf access" 1152 = "WEB-MISC Domino domlog.nsf access" 1153 = "WEB-MISC Domino log.nsf access" 1154 = "WEB-MISC Domino names.nsf access" 1155 = "WEB-MISC Ecommerce checks.txt access" 1156 = "WEB-MISC apache DOS attempt" 1157 = "WEB-MISC Netscape PublishingXpert access" 1160 = "WEB-MISC Netscape dir index wp" 1161 = "WEB-PHP piranha passwd.php3 access" 1164 = "WEB-MISC shopping cart access access" 1165 = "WEB-MISC Novell Groupwise gwweb.exe access" 1168 = "WEB-MISC mall log order access" 1172 = "WEB-CGI bigconf.cgi access" 1173 = "WEB-MISC architext_query.pl access" 1174 = "WEB-CGI /cgi-bin/jj access" 1177 = "WEB-MISC Netscape Enterprise Server directory view" 1178 = "WEB-PHP Phorum read access" 1179 = "WEB-PHP Phorum violation access" 1180 = "WEB-MISC get32.exe access" 1181 = "WEB-MISC Annex Terminal DOS attempt" 1182 = "WEB-MISC cgitest.exe attempt" 1183 = "WEB-MISC Netscape Enterprise Server directory view" 1184 = "WEB-MISC Netscape Enterprise Server directory view" 1185 = "WEB-CGI bizdbsearch attempt" 1192 = "WEB-MISC Trend Micro OfficeScan access" 1193 = "WEB-MISC oracle web arbitrary command execution attempt" 1194 = "WEB-CGI sojourn.cgi File attempt" 1195 = "WEB-CGI sojourn.cgi access" 1197 = "WEB-PHP Phorum code access" 1200 = "ATTACK-RESPONSES Invalid URL" 1201 = "ATTACK-RESPONSES 403 Forbidden" 1202 = "WEB-MISC search.vts access" 1205 = "WEB-CGI axs.cgi access" 1206 = "WEB-CGI cachemgr.cgi access" 1207 = "WEB-MISC htgrep access" 1208 = "WEB-CGI responder.cgi access" 1209 = "WEB-MISC .nsconfig access" 1211 = "WEB-CGI web-map.cgi access" 1213 = "WEB-MISC backup access" 1214 = "WEB-MISC intranet access" 1216 = "WEB-MISC filemail access" 1217 = "WEB-MISC plusmail access" 1219 = "WEB-CGI dfire.cgi access" 1220 = "WEB-MISC ultraboard access" 1221 = "WEB-MISC musicat empower access" 1222 = "WEB-CGI pals-cgi arbitrary file access attempt" 1224 = "WEB-MISC ROADS search.pl attempt" 1230 = "WEB-MISC VirusWall FtpSave access" 1231 = "WEB-MISC VirusWall catinfo access" 1232 = "WEB-MISC VirusWall catinfo access" 1234 = "WEB-MISC VirusWall FtpSaveCSP access" 1235 = "WEB-MISC VirusWall FtpSaveCVP access" 1236 = "WEB-MISC Tomcat sourecode view" 1237 = "WEB-MISC Tomcat sourecode view" 1238 = "WEB-MISC Tomcat sourecode view" 1239 = "NETBIOS RFParalyze Attempt" 1246 = "WEB-FRONTPAGE rad overflow attempt" 1247 = "WEB-FRONTPAGE rad overflow attempt" 1248 = "WEB-FRONTPAGE rad fp30reg.dll access" 1249 = "WEB-FRONTPAGE frontpage rad fp4areg.dll access" 1252 = "TELNET bsd telnet exploit response" 1253 = "TELNET bsd exploit client finishing" 1254 = "WEB-PHP PHPLIB remote command attempt" 1255 = "WEB-PHP PHPLIB remote command attempt" 1258 = "WEB-MISC HP OpenView Manager DOS" 1259 = "WEB-MISC SWEditServlet access" 1274 = "RPC portmap ttdbserv request TCP" 1276 = "RPC portmap ypserv request TCP" 1277 = "RPC portmap ypupdated request UDP" 1278 = "RPC rstatd query" 1282 = "RPC EXPLOIT statdx" 1288 = "WEB-FRONTPAGE /_vti_bin/ access" 1291 = "WEB-MISC sml3com access" 1293 = "NETBIOS nimda .eml" 1294 = "NETBIOS nimda .nws" 1295 = "NETBIOS nimda RICHED20.DLL" 1296 = "RPC portmap request yppasswdd" 1297 = "RPC portmap request yppasswdd" 1302 = "WEB-MISC console.exe access" 1303 = "WEB-MISC cs.exe access" 1304 = "WEB-CGI txt2html.cgi access" 1307 = "WEB-CGI store.cgi access" 1308 = "WEB-CGI sendmessage.cgi access" 1309 = "WEB-CGI zsh access" 1361 = "WEB-ATTACKS nmap command attempt" 1362 = "WEB-ATTACKS xterm command attempt" 1371 = "WEB-ATTACKS /etc/motd access" 1376 = "WEB-MISC jrun directory browse attempt" 1381 = "WEB-MISC Trend Micro OfficeScan attempt" 1384 = "MISC UPnP malformed advertisement" 1386 = "MS-SQL/SMB raiserror possible buffer overflow" 1388 = "MISC UPnP Location overflow" 1390 = "SHELLCODE x86 inc ebx NOOP" 1391 = "WEB-MISC Phorecast remote code execution attempt" 1392 = "WEB-CGI lastlines.cgi access" 1393 = "MISC AIM AddGame attempt" 1395 = "WEB-CGI zml.cgi attempt" 1396 = "WEB-CGI zml.cgi access" 1403 = "WEB-MISC viewcode access" 1404 = "WEB-MISC showcode access" 1405 = "WEB-CGI AHG search.cgi access" 1406 = "WEB-CGI agora.cgi access" 1407 = "WEB-PHP smssend.php access" 1409 = "SNMP community string buffer overflow attempt" 1410 = "WEB-CGI dcboard.cgi access" 1421 = "SNMP AgentX/tcp request" 1423 = "WEB-PHP content-disposition memchr overflow" 1424 = "SHELLCODE x86 EB OC NOOP" 1425 = "WEB-PHP content-disposition" 1426 = "SNMP PROTOS test-suite-req-app attempt" 1427 = "SNMP PROTOS test-suite-trap-app attempt" 1428 = "MULTIMEDIA audio galaxy keepalive" 1429 = "POLICY poll.gotomypc.com access" 1430 = "TELNET Solaris memory mismanagement exploit attempt" 1433 = "WEB-MISC .history access" 1434 = "WEB-MISC .bash_history access" 1436 = "MULTIMEDIA Quicktime User Agent access" 1437 = "MULTIMEDIA Windows Media audio download" 1438 = "MULTIMEDIA Windows Media Video download" 1439 = "MULTIMEDIA Shoutcast playlist redirection" 1440 = "MULTIMEDIA Icecast playlist redirection" 1447 = "MISC MS Terminal server request (RDP)" 1448 = "MISC MS Terminal server request" 1451 = "WEB-CGI NPH-publish access" 1452 = "WEB-CGI args.cmd access" 1453 = "WEB-CGI AT-generated.cgi access" 1454 = "WEB-CGI wwwwais access" 1455 = "WEB-CGI calender.pl access" 1458 = "WEB-CGI user_update_passwd.pl access" 1459 = "WEB-CGI bb-histlog.sh access" 1460 = "WEB-CGI bb-histsvc.sh access" 1461 = "WEB-CGI bb-rep.sh access" 1462 = "WEB-CGI bb-replog.sh access" 1464 = "ATTACK-RESPONSES oracle one hour install" 1465 = "WEB-CGI auktion.cgi access" 1466 = "WEB-CGI cgiforum.pl access" 1467 = "WEB-CGI directorypro.cgi access" 1468 = "WEB-CGI Web Shopper shopper.cgi attempt" 1469 = "WEB-CGI Web Shopper shopper.cgi access" 1470 = "WEB-CGI listrec.pl access" 1471 = "WEB-CGI mailnews.cgi access" 1472 = "WEB-CGI book.cgi access" 1473 = "WEB-CGI newsdesk.cgi access" 1474 = "WEB-CGI cal_make.pl access" 1475 = "WEB-CGI mailit.pl access" 1476 = "WEB-CGI sdbsearch.cgi access" 1477 = "WEB-CGI swc attempt" 1478 = "WEB-CGI swc access" 1479 = "WEB-CGI ttawebtop.cgi arbitrary file attempt" 1480 = "WEB-CGI ttawebtop.cgi access" 1481 = "WEB-CGI upload.cgi access" 1482 = "WEB-CGI view_source access" 1483 = "WEB-CGI ustorekeeper.pl access" 1489 = "WEB-MISC /~nobody access" 1493 = "WEB-MISC RBS ISP /newuser access" 1494 = "WEB-CGI SIX webboard generate.cgi attempt" 1495 = "WEB-CGI SIX webboard generate.cgi access" 1496 = "WEB-CGI spin_client.cgi access" 1499 = "WEB-MISC SiteScope Service access" 1500 = "WEB-MISC ExAir access" 1502 = "WEB-CGI a1stats a1disp3.cgi access" 1505 = "WEB-CGI alchemy http server PRN arbitrary command execution attempt" 1506 = "WEB-CGI alchemy http server NUL arbitrary command execution attempt" 1507 = "WEB-CGI alibaba.pl arbitrary command execution attempt" 1508 = "WEB-CGI alibaba.pl access" 1510 = "WEB-CGI test.bat arbitrary command execution attempt" 1511 = "WEB-CGI test.bat access" 1512 = "WEB-CGI input.bat arbitrary command execution attempt" 1513 = "WEB-CGI input.bat access" 1514 = "WEB-CGI input2.bat arbitrary command execution attempt" 1515 = "WEB-CGI input2.bat access" 1516 = "WEB-CGI envout.bat arbitrary command execution attempt" 1517 = "WEB-CGI envout.bat access" 1518 = "WEB-MISC nstelemetry.adp access" 1521 = "WEB-MISC server-status access" 1522 = "WEB-MISC ans.pl attempt" 1523 = "WEB-MISC ans.pl access" 1524 = "WEB-MISC AxisStorpoint CD attempt" 1525 = "WEB-MISC Axis Storpoint CD access" 1528 = "WEB-MISC BBoard access" 1531 = "WEB-CGI bb-hist.sh attempt" 1532 = "WEB-CGI bb-hostscv.sh attempt" 1533 = "WEB-CGI bb-hostscv.sh access" 1534 = "WEB-CGI agora.cgi attempt" 1535 = "WEB-CGI bizdbsearch access" 1538 = "NNTP AUTHINFO USER overflow attempt" 1539 = "WEB-CGI /cgi-bin/ls access" 1540 = "WEB-COLDFUSION ?Mode=debug attempt" 1542 = "WEB-CGI cgimail access" 1543 = "WEB-CGI cgiwrap access" 1547 = "WEB-CGI csSearch.cgi arbitrary command execution attempt" 1548 = "WEB-CGI csSearch.cgi access" 1551 = "WEB-MISC /CVS/Entries access" 1552 = "WEB-MISC cvsweb version access" 1553 = "WEB-CGI /cart/cart.cgi access" 1554 = "WEB-CGI dbman db.cgi access" 1555 = "WEB-CGI DCShop access" 1556 = "WEB-CGI DCShop orders.txt access" 1557 = "WEB-CGI DCShop auth_user_file.txt access" 1558 = "WEB-MISC Delegate whois overflow attempt" 1559 = "WEB-MISC /doc/packages access" 1560 = "WEB-MISC /doc/ access" 1561 = "WEB-MISC ?open access" 1563 = "WEB-MISC login.htm attempt" 1564 = "WEB-MISC login.htm access" 1565 = "WEB-CGI eshop.pl arbitrary commane execution attempt" 1566 = "WEB-CGI eshop.pl access" 1570 = "WEB-CGI loadpage.cgi access" 1572 = "WEB-CGI commerce.cgi arbitrary file access attempt" 1573 = "WEB-CGI cgiforum.pl attempt" 1574 = "WEB-CGI directorypro.cgi attempt" 1575 = "WEB-MISC Domino mab.nsf access" 1576 = "WEB-MISC Domino cersvr.nsf access" 1577 = "WEB-MISC Domino setup.nsf access" 1578 = "WEB-MISC Domino statrep.nsf access" 1580 = "WEB-MISC Domino events4.nsf access" 1581 = "WEB-MISC Domino ntsync4.nsf access" 1582 = "WEB-MISC Domino collect4.nsf access" 1583 = "WEB-MISC Domino mailw46.nsf access" 1584 = "WEB-MISC Domino bookmark.nsf access" 1585 = "WEB-MISC Domino agentrunner.nsf access" 1586 = "WEB-MISC Domino mail.box access" 1587 = "WEB-MISC cgitest.exe access" 1588 = "WEB-MISC SalesLogix Eviewer access" 1589 = "WEB-MISC musicat empower attempt" 1590 = "WEB-CGI faqmanager.cgi arbitrary file access attempt" 1591 = "WEB-CGI faqmanager.cgi access" 1592 = "WEB-CGI /fcgi-bin/echo.exe access" 1593 = "WEB-CGI FormHandler.cgi external site redirection attempt" 1594 = "WEB-CGI FormHandler.cgi access" 1597 = "WEB-CGI guestbook.cgi access" 1599 = "WEB-CGI search.cgi access" 1603 = "WEB-MISC DELETE attempt" 1606 = "WEB-CGI icat access" 1608 = "WEB-CGI htmlscript attempt" 1609 = "WEB-CGI faxsurvey arbitrary file read attempt" 1611 = "WEB-CGI eXtropia webstore access" 1612 = "WEB-MISC ftp.pl attempt" 1613 = "WEB-MISC handler attempt" 1614 = "WEB-MISC Novell Groupwise gwweb.exe attempt" 1615 = "WEB-MISC htgrep attempt" 1617 = "WEB-CGI Bugzilla doeditvotes.cgi access" 1619 = "EXPERIMENTAL WEB-IIS .htr request" 1620 = "BAD TRAFFIC Non-Standard IP protocol" 1629 = "OTHER-IDS SecureNetPro traffic" 1634 = "POP3 PASS overflow attempt" 1635 = "POP3 APOP overflow attempt" 1637 = "WEB-CGI yabb.cgi access" 1642 = "WEB-CGI document.d2w access" 1643 = "WEB-CGI db2www access" 1644 = "WEB-CGI test-cgi attempt" 1646 = "WEB-CGI test.cgi access" 1647 = "WEB-CGI faxsurvey attempt (full path)" 1648 = "WEB-CGI perl.exe command attempt" 1649 = "WEB-CGI perl command attempt" 1650 = "WEB-CGI tst.bat access" 1651 = "WEB-CGI enivorn.pl access" 1652 = "WEB-CGI campus attempt" 1653 = "WEB-CGI campus access" 1654 = "WEB-CGI cart32.exe access" 1655 = "WEB-CGI pfdispaly.cgi arbitrary command execution attempt" 1656 = "WEB-CGI pfdispaly.cgi access" 1658 = "WEB-CGI pagelog.cgi access" 1659 = "WEB-COLDFUSION sendmail.cfm access" 1663 = "WEB-MISC *.pl access" 1664 = "WEB-MISC mkplog.exe access" 1665 = "WEB-MISC mkilog.exe access" 1666 = "ATTACK-RESPONSES index of /cgi-bin/ response" 1668 = "WEB-CGI /cgi-bin/ access" 1669 = "WEB-CGI /cgi-dos/ access" 1670 = "WEB-MISC /home/ftp access" 1671 = "WEB-MISC /home/www access" 1698 = "ORACLE execute_system attempt" 1700 = "WEB-CGI imagemap.exe access" 1702 = "WEB-CGI Amaya templates sendtemp.pl access" 1705 = "WEB-CGI echo.bat arbitrary command execution attempt" 1706 = "WEB-CGI echo.bat access" 1707 = "WEB-CGI hello.bat arbitrary command execution attempt" 1708 = "WEB-CGI hello.bat access" 1709 = "WEB-CGI ad.cgi access" 1710 = "WEB-CGI bbs_forum.cgi access" 1711 = "WEB-CGI bsguest.cgi access" 1712 = "WEB-CGI bslist.cgi access" 1713 = "WEB-CGI cgforum.cgi access" 1714 = "WEB-CGI newdesk access" 1715 = "WEB-CGI register.cgi access" 1716 = "WEB-CGI gbook.cgi access" 1717 = "WEB-CGI simplestguest.cgi access" 1718 = "WEB-CGI statusconfig.pl access" 1720 = "WEB-CGI talkback.cgi access" 1721 = "WEB-CGI adcycle access" 1722 = "WEB-CGI MachineInfo access" 1723 = "WEB-CGI emumail.cgi NULL attempt" 1724 = "WEB-CGI emumail.cgi access" 1727 = "WEB-CGI SGI InfoSearch fname access" 1731 = "WEB-CGI a1stats access" 1735 = "WEB-CLIENT XMLHttpRequest attempt" 1736 = "WEB-PHP squirrel mail spell-check arbitrary command attempt" 1737 = "WEB-PHP squirrel mail theme arbitrary command attempt" 1738 = "WEB-MISC global.inc access" 1740 = "WEB-PHP DNSTools authentication bypass attempt" 1741 = "WEB-PHP DNSTools access" 1742 = "WEB-PHP Blahz-DNS dostuff.php modify user attempt" 1743 = "WEB-PHP Blahz-DNS dostuff.php access" 1744 = "WEB-MISC SecureSite authentication bypass attempt" 1745 = "WEB-PHP Messagerie supp_membre.php access" 1749 = "EXPERIMENTAL WEB-IIS .NET trace.axd access" 1752 = "MISC AIM AddExternalApp attempt" 1757 = "WEB-MISC b2 arbitrary command execution attempt" 1758 = "WEB-MISC b2 access" 1760 = "OTHER-IDS ISS RealSecure 6 event collector connection attempt" 1761 = "OTHER-IDS ISS RealSecure 6 daemon connection attempt" 1762 = "WEB-CGI phf arbitrary command execution attempt" 1763 = "WEB-CGI Nortel Contivity cgiproc DOS attempt" 1764 = "WEB-CGI Nortel Contivity cgiproc DOS attempt" 1765 = "WEB-CGI Nortel Contivity cgiproc access" 1766 = "WEB-MISC search.dll directory listing attempt" 1767 = "WEB-MISC search.dll access" 1769 = "WEB-MISC .DS_Store access" 1770 = "WEB-MISC .FBCIndex access" 1771 = "POLICY IPSec PGPNet connection attempt" 1774 = "WEB-PHP bb_smilies.php access" 1780 = "IMAP EXPLOIT partial body overflow attempt" 1787 = "WEB-CGI csPassword.cgi access" 1788 = "WEB-CGI csPassword password.cgi.tmp access" 1792 = "NNTP return code buffer overflow attempt" 1801 = "WEB-IIS .asp HTTP header buffer overflow attempt" 1802 = "WEB-IIS .asa HTTP header buffer overflow attempt" 1803 = "WEB-IIS .cer HTTP header buffer overflow attempt" 1804 = "WEB-IIS .cdx HTTP header buffer overflow attempt" 1807 = "WEB-MISC Transfer-Encoding\\: chunked" 1815 = "WEB-PHP directory.php arbitrary command attempt" 1816 = "WEB-PHP directory.php access" 1819 = "MISC Alcatel PABX 4400 connection attempt" 1820 = "WEB-MISC IBM Net.Commerce orderdspc.d2w access" 1824 = "WEB-CGI alienform.cgi access" 1825 = "WEB-CGI AlienForm af.cgi access" 1826 = "WEB-MISC WEB-INF access" 1829 = "WEB-MISC Tomcat TroubleShooter servlet access" 1830 = "WEB-MISC Tomcat SnoopServlet servlet access" 1840 = "WEB-CLIENT Javascript document.domain attempt" 1846 = "POLICY vncviewer Java applet download attempt" 1847 = "WEB-MISC webalizer access" 1848 = "WEB-MISC webcart-lite access" 1849 = "WEB-MISC webfind.exe access" 1850 = "WEB-CGI way-board.cgi access" 1851 = "WEB-MISC active.log access" 1865 = "WEB-CGI webdist.cgi arbitrary command attempt" 1867 = "MISC xdmcp info query" 1868 = "WEB-CGI story.pl arbitrary file read attempt" 1869 = "WEB-CGI story.pl access" 1870 = "WEB-CGI siteUserMod.cgi access" 1872 = "WEB-MISC Oracle Dynamic Monitoring Services (dms) access" 1873 = "WEB-MISC globals.jsa access" 1874 = "WEB-MISC Oracle Java Process Manager access" 1875 = "WEB-CGI cgicso access" 1876 = "WEB-CGI nph-publish.cgi access" 1877 = "WEB-CGI printenv access" 1878 = "WEB-CGI sdbsearch.cgi access" 1879 = "WEB-CGI book.cgi arbitrary command execution attempt" 1880 = "WEB-MISC oracle web application server access" 1881 = "WEB-MISC bad HTTP/1.1 request, Potentially worm attack" 1887 = "MISC OpenSSL Worm traffic" 1889 = "MISC slapper worm admin traffic" 1893 = "SNMP missing community string attempt" 1900 = "ATTACK-RESPONSES successful kadmind buffer overflow attempt" 1901 = "ATTACK-RESPONSES successful kadmind buffer overflow attempt" 1931 = "WEB-CGI rpc-nlog.pl access" 1932 = "WEB-CGI rpc-smb.pl access" 1933 = "WEB-CGI cart.cgi access" 1934 = "POP2 FOLD overflow attempt" 1935 = "POP2 FOLD arbitrary file attempt" 1936 = "POP3 AUTH overflow attempt" 1937 = "POP3 LIST overflow attempt" 1938 = "POP3 XTND overflow attempt" 1939 = "MISC bootp hardware address length overflow" 1940 = "MISC bootp invalid hardware type" 1943 = "WEB-MISC /Carello/add.exe access" 1944 = "WEB-MISC /ecscripts/ecware.exe access" 1947 = "WEB-MISC answerbook2 arbitrary command execution attempt" 1957 = "RPC sadmind UDP PING" 1958 = "RPC sadmind TCP PING" 1959 = "RPC portmap NFS request UDP" 1960 = "RPC portmap NFS request TCP" 1961 = "RPC portmap RQUOTA request UDP" 1962 = "RPC portmap RQUOTA request TCP" 1966 = "MISC GlobalSunTech Access Point Information Disclosure attempt" 1967 = "WEB-PHP phpbb quick-reply.php arbitrary command attempt" 1968 = "WEB-PHP phpbb quick-reply.php access" 1969 = "WEB-MISC ion-p access" 1975 = "FTP DELE overflow attempt" 1977 = "WEB-MISC xp_regwrite attempt" 1978 = "WEB-MISC xp_regdeletekey attempt" 1979 = "WEB-MISC perl post attempt" 1994 = "WEB-CGI vpasswd.cgi access" 1995 = "WEB-CGI alya.cgi access" 1996 = "WEB-CGI viralator.cgi access" 1997 = "WEB-PHP read_body.php access attempt" 1998 = "WEB-PHP calendar.php access" 1999 = "WEB-PHP edit_image.php access" 2251 = "NETBIOS DCERPC Remote Activation bind attempt" 2252 = "NETBIOS SMB DCERPC Remote Activation bind attempt" 103 = "BACKDOOR subseven 22" 104 = "BACKDOOR - Dagger_1.4.0_client_connect" 105 = "BACKDOOR - Dagger_1.4.0" 106 = "BACKDOOR ACKcmdC trojan scan" 107 = "BACKDOOR subseven DEFCON8 2.1 access" 108 = "BACKDOOR QAZ Worm Client Login access" 109 = "BACKDOOR netbus active" 110 = "BACKDOOR netbus getinfo" 111 = "BACKDOOR netbus getinfo" 112 = "BACKDOOR BackOrifice access" 114 = "BACKDOOR netbus active" 115 = "BACKDOOR netbus active" 116 = "BACKDOOR BackOrifice access" 117 = "BACKDOOR Infector.1.x" 118 = "BACKDOOR SatansBackdoor.2.0.Beta" 119 = "BACKDOOR Doly 2.0 access" 120 = "BACKDOOR Infector 1.6 Server to Client" 121 = "BACKDOOR Infector 1.6 Client to Server Connection Request" 141 = "BACKDOOR HackAttack 1.20 Connect" 144 = "FTP ADMw0rm ftp login attempt" 145 = "BACKDOOR GirlFriendaccess" 146 = "BACKDOOR NetSphere access" 147 = "BACKDOOR GateCrasher" 151 = "BACKDOOR DeepThroat 3.1 Client Sending Data to Server on Network" 152 = "BACKDOOR BackConstruction 2.1 Connection" 153 = "BACKDOOR DonaldDick 1.53 Traffic" 155 = "BACKDOOR NetSphere 1.31.337 access" 157 = "BACKDOOR BackConstruction 2.1 Client FTP Open Request" 158 = "BACKDOOR BackConstruction 2.1 Server FTP Open Reply" 159 = "BACKDOOR NetMetro File List" 161 = "BACKDOOR Matrix 2.0 Client connect" 162 = "BACKDOOR Matrix 2.0 Server access" 163 = "BACKDOOR WinCrash 1.0 Server Active" 176 = "BACKDOOR DeepThroat 3.1 Hide/Show Start Button Client Request" 183 = "BACKDOOR SIGNATURE - Q ICMP" 184 = "BACKDOOR Q access" 185 = "BACKDOOR CDK" 195 = "BACKDOOR DeepThroat 3.1 Server Response" 208 = "BACKDOOR PhaseZero Server Active on Network" 209 = "BACKDOOR w00w00 attempt" 210 = "BACKDOOR attempt" 211 = "BACKDOOR MISC r00t attempt" 212 = "BACKDOOR MISC rewt attempt" 213 = "BACKDOOR MISC Linux rootkit attempt" 214 = "BACKDOOR MISC Linux rootkit attempt lrkr0x" 215 = "BACKDOOR MISC Linux rootkit attempt" 216 = "BACKDOOR MISC Linux rootkit satori attempt" 217 = "BACKDOOR MISC sm4ck attempt" 218 = "BACKDOOR MISC Solaris 2.5 attempt" 219 = "BACKDOOR HidePak backdoor attempt" 220 = "BACKDOOR HideSource backdoor attempt" 221 = "DDOS TFN Probe" 222 = "DDOS tfn2k icmp possible communication" 223 = "DDOS Trin00\\:DaemontoMaster(PONGdetected)" 224 = "DDOS Stacheldraht server spoof" 225 = "DDOS Stacheldraht gag server response" 226 = "DDOS Stacheldraht server response" 227 = "DDOS Stacheldraht client spoofworks" 228 = "DDOS TFN client command BE" 229 = "DDOS Stacheldraht client check skillz" 230 = "DDOS shaft client to handler" 231 = "DDOS Trin00\\:DaemontoMaster(messagedetected)" 232 = "DDOS Trin00\\:DaemontoMaster(*HELLO*detected)" 233 = "DDOS Trin00\\:Attacker to Master default startup password" 234 = "DDOS Trin00 Attacker to Master default password" 235 = "DDOS Trin00 Attacker to Master default mdie password" 236 = "DDOS Stacheldraht client check gag" 237 = "DDOS Trin00\\:MastertoDaemon(defaultpassdetected!)" 238 = "DDOS TFN server response" 239 = "DDOS shaft handler to agent" 240 = "DDOS shaft agent to handler" 241 = "DDOS shaft synflood" 243 = "DDOS mstream agent to handler" 244 = "DDOS mstream handler to agent" 245 = "DDOS mstream handler ping to agent" 246 = "DDOS mstream agent pong to handler" 247 = "DDOS mstream client to handler" 248 = "DDOS mstream handler to client" 249 = "DDOS mstream client to handler" 250 = "DDOS mstream handler to client" 251 = "DDOS - TFN client command LE" 252 = "DNS named iquery attempt" 253 = "DNS SPOOF query response PTR with TTL\\: 1 min. and no authority" 254 = "DNS SPOOF query response with ttl\\: 1 min. and no authority" 255 = "DNS zone transfer TCP" 256 = "DNS named authors attempt" 257 = "DNS named version attempt" 258 = "DNS EXPLOIT named 8.2 = 8.2.1" 259 = "DNS EXPLOIT named overflow (ADM)" 260 = "DNS EXPLOIT named overflow (ADMROCKS)" 261 = "DNS EXPLOIT named overflow attempt" 262 = "DNS EXPLOIT x86 Linux overflow attempt" 264 = "DNS EXPLOIT x86 Linux overflow attempt" 265 = "DNS EXPLOIT x86 Linux overflow attempt (ADMv2)" 266 = "DNS EXPLOIT x86 FreeBSD overflow attempt" 267 = "DNS EXPLOIT sparc overflow attempt" 268 = "DOS Jolt attack" 269 = "DOS Land attack" 270 = "DOS Teardrop attack" 271 = "DOS UDP echo+chargen bomb" 272 = "DOS IGMP dos attack" 273 = "DOS IGMP dos attack" 274 = "DOS ath" 275 = "DOS NAPTHA" 276 = "DOS Real Audio Server" 277 = "DOS Real Server template.html" 278 = "DOS Real Server template.html" 279 = "DOS Bay/Nortel Nautica Marlin" 281 = "DOS Ascend Route" 282 = "DOS arkiea backup" 283 = "EXPLOIT Netscape 4.7 client overflow" 284 = "POP2 x86 Linux overflow" 285 = "POP2 x86 Linux overflow" 286 = "POP3 EXPLOIT x86 BSD overflow" 287 = "POP3 EXPLOIT x86 BSD overflow" 288 = "POP3 EXPLOIT x86 Linux overflow" 289 = "POP3 EXPLOIT x86 SCO overflow" 290 = "POP3 EXPLOIT qpopper overflow" 291 = "NNTP Cassandra Overflow" 292 = "EXPLOIT x86 Linux samba overflow" 300 = "EXPLOIT nlps x86 Solaris overflow" 301 = "EXPLOIT LPRng overflow" 302 = "EXPLOIT Redhat 7.0 lprd overflow" 303 = "DNS EXPLOIT named tsig overflow attempt" 304 = "EXPLOIT SCO calserver overflow" 305 = "EXPLOIT delegate proxy overflow" 306 = "EXPLOIT VQServer admin" 307 = "EXPLOIT CHAT IRC topic overflow" 308 = "EXPLOIT NextFTP client overflow" 309 = "EXPLOIT sniffit overflow" 310 = "EXPLOIT x86 windows MailMax overflow" 311 = "EXPLOIT Netscape 4.7 unsucessful overflow" 312 = "EXPLOIT ntpdx overflow attempt" 313 = "EXPLOIT ntalkd x86 Linux overflow" 314 = "DNS EXPLOIT named tsig overflow attempt" 315 = "EXPLOIT x86 Linux mountd overflow" 316 = "EXPLOIT x86 Linux mountd overflow" 317 = "EXPLOIT x86 Linux mountd overflow" 320 = "FINGER cmd_rootsh backdoor attempt" 321 = "FINGER account enumeration attempt" 322 = "FINGER search query" 323 = "FINGER root query" 324 = "FINGER null request" 325 = "FINGER probe 0 attempt" 326 = "FINGER remote command \\; execution attempt" 327 = "FINGER remote command pipe execution attempt" 328 = "FINGER bomb attempt" 329 = "FINGER cybercop redirection" 330 = "FINGER redirection attempt" 331 = "FINGER cybercop query" 332 = "FINGER 0 query" 333 = "FINGER . query" 334 = "FTP .forward" 335 = "FTP .rhosts" 336 = "FTP CWD ~root attempt" 337 = "FTP CEL overflow attempt" 339 = "FTP EXPLOIT OpenBSD x86 ftpd" 344 = "FTP EXPLOIT wu-ftpd 2.6.0 site exec format string overflow Linux" 353 = "FTP adm scan" 354 = "FTP iss scan" 355 = "FTP pass wh00t" 356 = "FTP passwd retrieval attempt" 357 = "FTP piss scan" 358 = "FTP saint scan" 359 = "FTP satan scan" 360 = "FTP serv-u directory transversal" 361 = "FTP site exec" 362 = "FTP tar parameters" 363 = "ICMP IRDP router advertisement" 364 = "ICMP IRDP router selection" 365 = "ICMP PING (Undefined Code!)" 366 = "ICMP PING *NIX" 368 = "ICMP PING BSDtype" 369 = "ICMP PING BayRS Router" 370 = "ICMP PING BeOS4.x" 371 = "ICMP PING Cisco Type.x" 372 = "ICMP PING Delphi-Piette Windows" 373 = "ICMP PING Flowpoint2200 or Network Management Software" 374 = "ICMP PING IP NetMonitor Macintosh" 375 = "ICMP PING LINUX/*BSD" 376 = "ICMP PING Microsoft Windows" 377 = "ICMP PING Network Toolbox 3 Windows" 378 = "ICMP PING Ping-O-MeterWindows" 379 = "ICMP PING Pinger Windows" 380 = "ICMP PING Seer Windows" 381 = "ICMP PING Sun Solaris" 382 = "ICMP PING Windows" 384 = "ICMP PING" 385 = "ICMP traceroute-" 386 = "ICMP Address Mask Reply" 387 = "ICMP Address Mask Reply (Undefined Code!)" 388 = "ICMP Address Mask Request" 389 = "ICMP Address Mask Request (Undefined Code!)" 390 = "ICMP Alternate Host Address" 391 = "ICMP Alternate Host Address (Undefined Code!)" 392 = "ICMP Datagram Conversion Error" 393 = "ICMP Datagram Conversion Error (Undefined Code!)" 394 = "ICMP Destination Unreachable (Destination Host Unknown)" 395 = "ICMP Destination Unreachable (Destination Network Unknown)" 396 = "ICMP Destination Unreachable (Fragmentation Needed and DF bit was set)" 397 = "ICMP Destination Unreachable (Host Precedence Violation)" 398 = "ICMP Destination Unreachable (Host Unreachable for Type of Service)" 399 = "ICMP Destination Unreachable (Host Unreachable)" 400 = "ICMP Destination Unreachable (Network Unreachable for Type of Service)" 401 = "ICMP Destination Unreachable (Network Unreachable)" 402 = "ICMP Destination Unreachable (Port Unreachable)" 403 = "ICMP Destination Unreachable (Precedence Cutoff in effect)" 404 = "ICMP Destination Unreachable (Protocol Unreachable)" 405 = "ICMP Destination Unreachable (Source Host Isolated)" 406 = "ICMP Destination Unreachable (Source Route Failed)" 407 = "ICMP Destination Unreachable (Undefined Code!)" 408 = "ICMP Echo Reply" 409 = "ICMP Echo Reply (Undefined Code!)" 410 = "ICMP Fragment Reassembly Time Exceeded" 411 = "ICMP IPV6 I-Am-Here" 412 = "ICMP IPV6 I-Am-Here (Undefined Code!" 413 = "ICMP IPV6 Where-Are-You" 414 = "ICMP IPV6 Where-Are-You (Undefined Code!)" 415 = "ICMP Information Reply" 416 = "ICMP Information Reply (Undefined Code!)" 417 = "ICMP Information Request" 418 = "ICMP Information Request (Undefined Code!)" 419 = "ICMP Mobile Host Redirect" 420 = "ICMP Mobile Host Redirect (Undefined Code!)" 421 = "ICMP Mobile Registration Reply" 422 = "ICMP Mobile Registration Reply (Undefined Code!)" 423 = "ICMP Mobile Registration Request" 424 = "ICMP Mobile Registration Request (Undefined Code!" 425 = "ICMP Parameter Problem (Bad Length)" 426 = "ICMP Parameter Problem (Missing a Required Option)" 427 = "ICMP Parameter Problem (Unspecified Error)" 428 = "ICMP Parameter Problem (Undefined Code!)" 429 = "ICMP Photuris (Reserved)" 430 = "ICMP Photuris (Unknown Security Parameters Index)" 431 = "ICMP Photuris (Valid Security Parameters, But Authentication Failed)" 432 = "ICMP Photuris (Valid Security Parameters, But Decryption Failed)" 433 = "ICMP Photuris (Undefined Code!)" 436 = "ICMP Redirect (for TOS and Host)" 437 = "ICMP Redirect (for TOS and Network)" 438 = "ICMP Redirect (Undefined Code!)" 439 = "ICMP Reserved for Security (Type 19)" 440 = "ICMP Reserved for Security (Type 19) (Undefined Code!)" 441 = "ICMP Router Advertisement" 443 = "ICMP Router Selection" 451 = "ICMP Timestamp Reply" 452 = "ICMP Timestamp Reply (Undefined Code!)" 453 = "ICMP Timestamp Request" 454 = "ICMP Timestamp Request (Undefined Code!)" 456 = "ICMP Traceroute" 457 = "ICMP Traceroute (Undefined Code!)" 458 = "ICMP Unassigned! (Type 1)" 459 = "ICMP Unassigned! (Type 1) (Undefined Code)" 460 = "ICMP Unassigned! (Type 2)" 461 = "ICMP Unassigned! (Type 2) (Undefined Code)" 462 = "ICMP Unassigned! (Type 7)" 463 = "ICMP Unassigned! (Type 7) (Undefined Code!)" 465 = "ICMP ISS Pinger" 466 = "ICMP L3retriever Ping" 467 = "ICMP Nemesis v1.1 Echo" 469 = "ICMP PING NMAP" 471 = "ICMP icmpenum v1.1.1" 472 = "ICMP redirect host" 473 = "ICMP redirect net" 474 = "ICMP superscan echo" 475 = "ICMP traceroute ipopts" 476 = "ICMP webtrends scanner" 477 = "ICMP Source Quench" 478 = "ICMP Broadscan Smurf Scanner" 480 = "ICMP PING speedera" 481 = "ICMP TJPingPro1.1Build 2 Windows" 482 = "ICMP PING WhatsupGold Windows" 483 = "ICMP PING CyberKit 2.2 Windows" 484 = "ICMP PING Sniffer Pro/NetXRay network scan" 485 = "ICMP Destination Unreachable (Communication Administratively Prohibited)" 486 = "ICMP Destination Unreachable (Communication with Destination Host is Administratively Prohibited)" 487 = "ICMP Destination Unreachable (Communication with Destination Network is Administratively Prohibited)" 489 = "INFO FTP No Password" 491 = "INFO FTP Bad login" 492 = "INFO TELNET Bad Login" 493 = "INFO psyBNC access" 494 = "ATTACK-RESPONSES command completed" 495 = "ATTACK-RESPONSES command error" 496 = "ATTACK RESPONSES directory listing" 497 = "ATTACK-RESPONSES file copied ok" 498 = "ATTACK-RESPONSES id check returned root" 499 = "ICMP Large ICMP Packet" 500 = "MISC source route lssr" 502 = "MISC source route ssrr" 503 = "MISC Source Port 20 to <1024" 504 = "MISC source port 53 to <1024" 505 = "MISC Insecure TIMBUKTU Password" 506 = "MISC ramen worm incoming" 507 = "MISC PCAnywhere Attempted Administrator Login" 509 = "WEB-MISC PCCS mysql database admin tool access" 510 = "POLICY HP JetDirect LCD modification attempt" 511 = "MISC Invalid PCAnywhere Login" 512 = "MISC PCAnywhere Failed Login" 514 = "MISC ramen worm" 517 = "MISC xdmcp query" 518 = "TFTP Put" 519 = "TFTP parent directory" 520 = "TFTP root directory" 522 = "MISC Tiny Fragments" 523 = "BAD-TRAFFIC ip reserved bit set" 524 = "BAD-TRAFFIC tcp port 0 traffic" 525 = "BAD-TRAFFIC udp port 0 traffic" 526 = "BAD-TRAFFIC data in TCP SYN packet" 527 = "BAD-TRAFFIC same SRC/DST" 528 = "BAD-TRAFFIC loopback traffic" 530 = "NETBIOS NT NULL session" 532 = "NETBIOS SMB ADMIN access" 533 = "NETBIOS SMB C access" 540 = "CHAT MSN message" 541 = "CHAT ICQ access" 542 = "CHAT IRC nick change" 543 = "POLICY FTP \\'STOR 1MB\\' possible warez site" 544 = "POLICY FTP \\'RETR 1MB\\' possible warez site" 545 = "POLICY FTP \\'CWD / \\' possible warez site" 546 = "POLICY FTP \\'CWD \\' possible warez site" 547 = "POLICY FTP \\'MKD \\' possible warez site" 548 = "POLICY FTP \\'MKD .\\' possible warez site" 549 = "P2P napster login" 550 = "P2P napster new user login" 551 = "P2P napster download attempt" 552 = "P2P napster upload request" 553 = "POLICY FTP anonymous login attempt" 554 = "POLICY FTP \\'MKD / \\' possible warez site" 555 = "POLICY WinGate telnet server response" 567 = "POLICY SMTP relaying denied" 568 = "POLICY HP JetDirect LCD modification attempt" 574 = "RPC mountd TCP export request" 575 = "RPC portmap admind request UDP" 576 = "RPC portmap amountd request UDP" 577 = "RPC portmap bootparam request UDP" 578 = "RPC portmap cmsd request UDP" 579 = "RPC portmap mountd request UDP" 580 = "RPC portmap nisd request UDP" 581 = "RPC portmap pcnfsd request UDP" 582 = "RPC portmap rexd request UDP" 583 = "RPC portmap rstatd request UDP" 584 = "RPC portmap rusers request UDP" 585 = "RPC portmap sadmind request UDP" 586 = "RPC portmap selection_svc request UDP" 587 = "RPC portmap status request UDP" 589 = "RPC portmap yppasswd request UDP" 590 = "RPC portmap ypserv request UDP" 591 = "RPC portmap ypupdated request TCP" 593 = "RPC portmap snmpXdmi request TCP" 595 = "RPC portmap espd request TCP" 598 = "RPC portmap listing TCP 111" 599 = "RPC portmap listing TCP 32771" 602 = "RSERVICES rlogin bin" 603 = "RSERVICES rlogin echo++" 604 = "RSERVICES rsh froot" 605 = "RSERVICES rlogin login failure" 606 = "RSERVICES rlogin root" 607 = "RSERVICES rsh bin" 608 = "RSERVICES rsh echo + +" 609 = "RSERVICES rsh froot" 610 = "RSERVICES rsh root" 611 = "RSERVICES rlogin login failure" 614 = "BACKDOOR hack-a-tack attempt" 618 = "SCAN Squid Proxy attempt" 620 = "SCAN Proxy \\(8080\\) attempt" 621 = "SCAN FIN" 623 = "SCAN NULL" 624 = "SCAN SYN FIN" 625 = "SCAN XMAS" 626 = "SCAN cybercop os PA12 attempt" 627 = "SCAN cybercop os SFU12 probe" 629 = "SCAN nmap fingerprint attempt" 630 = "SCAN synscan portscan" 631 = "SMTP ehlo cybercop attempt" 632 = "SMTP expn cybercop attempt" 634 = "SCAN Amanda client version request" 638 = "SHELLCODE SGI NOOP" 639 = "SHELLCODE SGI NOOP" 640 = "SHELLCODE AIX NOOP" 641 = "SHELLCODE Digital UNIX NOOP" 642 = "SHELLCODE HP-UX NOOP" 643 = "SHELLCODE HP-UX NOOP" 644 = "SHELLCODE sparc NOOP" 645 = "SHELLCODE sparc NOOP" 646 = "SHELLCODE sparc NOOP" 648 = "SHELLCODE x86 NOOP" 649 = "SHELLCODE x86 setgid 0" 650 = "SHELLCODE x86 setuid 0" 651 = "SHELLCODE x86 stealth NOOP" 654 = "SMTP RCPT TO overflow" 655 = "SMTP sendmail 8.6.9 exploit" 657 = "SMTP chameleon overflow" 658 = "SMTP exchange mime DOS" 659 = "SMTP expn decode" 660 = "SMTP expn root" 661 = "SMTP majordomo ifs" 662 = "SMTP sendmail 5.5.5 exploit" 663 = "SMTP rcpt to sed command attempt" 664 = "SMTP RCPT TO decode attempt" 665 = "SMTP sendmail 5.6.5 exploit" 667 = "SMTP sendmail 8.6.10 exploit" 668 = "SMTP sendmail 8.6.10 exploit" 669 = "SMTP sendmail 8.6.9 exploit" 670 = "SMTP sendmail 8.6.9 exploit" 671 = "SMTP sendmail 8.6.9c exploit" 672 = "SMTP vrfy decode" 673 = "MS-SQL sp_start_job - program execution" 676 = "MS-SQL/SMB sp_start_job - program execution" 677 = "MS-SQL/SMB sp_password password change" 678 = "MS-SQL/SMB sp_delete_alert log file deletion" 679 = "MS-SQL/SMB sp_adduser database user creation" 680 = "MS-SQL/SMB sa login failed" 681 = "MS-SQL/SMB xp_cmdshell program execution" 682 = "MS-SQL xp_enumresultset possible buffer overflow" 683 = "MS-SQL sp_password - password change" 684 = "MS-SQL sp_delete_alert log file deletion" 685 = "MS-SQL sp_adduser - database user creation" 686 = "MS-SQL xp_reg* - registry access" 687 = "MS-SQL xp_cmdshell - program execution" 688 = "MS-SQL sa login failed" 689 = "MS-SQL/SMB xp_reg* registry access" 691 = "MS-SQL shellcode attempt" 692 = "MS-SQL/SMB shellcode attempt" 693 = "MS-SQL shellcode attempt" 694 = "MS-SQL/SMB shellcode attempt" 706 = "MS-SQL xp_peekqueue possible buffer overflow" 708 = "MS-SQL/SMB xp_enumresultset possible buffer overflow" 711 = "TELNET SGI telnetd format bug" 715 = "TELNET Attempted SU from wrong group" 716 = "TELNET access" 717 = "TELNET not on console" 718 = "TELNET login incorrect" 719 = "TELNET root login" 720 = "Virus - SnowWhite Trojan Incoming" 724 = "Virus - Possible MyRomeo Worm" 725 = "Virus - Possible MyRomeo Worm" 726 = "Virus - Possible MyRomeo Worm" 727 = "Virus - Possible MyRomeo Worm" 728 = "Virus - Possible MyRomeo Worm" 731 = "Virus - Possible QAZ Worm" 733 = "Virus - Possible QAZ Worm Calling Home" 734 = "Virus - Possible Matrix worm" 735 = "Virus - Possible MyRomeo Worm" 772 = "Virus - Possible PrettyPark Trojan" 775 = "Virus - Possible Bubbleboy Worm" 793 = "Virus - Mail .VBS" 795 = "Virus - Possible Worm - txt.vbs file" 796 = "Virus - Possible Worm - xls.vbs file" 797 = "Virus - Possible Worm - jpg.vbs file" 798 = "Virus - Possible Worm - gif.vbs file" 801 = "Virus - Possible Worm - doc.vbs file" 803 = "WEB-CGI HyperSeek hsx.cgi directory traversal attempt" 804 = "WEB-CGI SWSoft ASPSeek Overflow attempt" 805 = "WEB-CGI webspeed access" 806 = "WEB-CGI yabb.cgi directory traversal attempt" 807 = "WEB-CGI /wwwboard/passwd.txt access" 813 = "WEB-CGI webplus directory traversal" 817 = "WEB-CGI dcboard.cgi invalid user addition attempt" 824 = "WEB-CGI php.cgi access" 835 = "WEB-CGI test-cgi access" 845 = "WEB-CGI AT-admin.cgi access" 848 = "WEB-CGI view-source directory traversal" 867 = "WEB-CGI visadmin.exe access" 879 = "WEB-CGI admin.pl access" 882 = "WEB-CGI calendar access" 888 = "WEB-CGI wwwadmin.pl access" 894 = "WEB-CGI bb-hist.sh access" 899 = "WEB-CGI Amaya templates sendtemp.pl directory traversal attempt" 900 = "WEB-CGI webspirs.cgi directory traversal attempt" 904 = "WEB-COLDFUSION exampleapp application.cfm" 905 = "WEB-COLDFUSION application.cfm access" 906 = "WEB-COLDFUSION getfile.cfm access" 907 = "WEB-COLDFUSION addcontent.cfm access" 908 = "WEB-COLDFUSION administrator access" 921 = "WEB-COLDFUSION admin encrypt attempt" 924 = "WEB-COLDFUSION admin decrypt attempt" 935 = "WEB-COLDFUSION startstop DOS access" 939 = "WEB-FRONTPAGE posting" 945 = "WEB-FRONTPAGE fpadmin.htm access" 948 = "WEB-FRONTPAGE form_results access" 951 = "WEB-FRONTPAGE authors.pwd access" 952 = "WEB-FRONTPAGE author.exe access" 953 = "WEB-FRONTPAGE administrators.pwd access" 958 = "WEB-FRONTPAGE service.cnf access" 967 = "WEB-FRONTPAGE dvwssr.dll access" 969 = "WEB-IIS WebDAV file lock attempt" 970 = "WEB-IIS multiple decode attempt" 971 = "WEB-IIS ISAPI .printer access" 972 = "WEB-IIS .-asp access" 973 = "WEB-IIS *.idc attempt" 974 = "WEB-IIS ..\\.. access" 975 = "WEB-IIS .asp\\:\\: DATA access" 976 = "WEB-IIS .bat? access" 977 = "WEB-IIS .cnf access" 978 = "WEB-IIS ASP contents view" 979 = "WEB-IIS ASP contents view" 980 = "WEB-IIS CGImail.exe access" 981 = "WEB-IIS unicode directory traversal attempt" 982 = "WEB-IIS unicode directory traversal attempt" 983 = "WEB-IIS unicode directory traversal attempt" 986 = "WEB-IIS MSProxy access" 987 = "WEB-IIS .htr access" 988 = "WEB-IIS SAM Attempt" 989 = "WEB-IIS Unicode2.pl script (File permission canonicalization)" 990 = "WEB-IIS _vti_inf access" 991 = "WEB-IIS achg.htr access" 992 = "WEB-IIS adctest.asp access" 993 = "WEB-IIS iisadmin access" 994 = "WEB-IIS /scripts/iisadmin/default.htm access" 995 = "WEB-IIS ism.dll access" 996 = "WEB-IIS anot.htr access" 997 = "WEB-IIS asp-dot attempt" 998 = "WEB-IIS asp-srch attempt" 999 = "WEB-IIS bdir access" 1000 = "WEB-IIS bdir.htr access" 1001 = "WEB-MISC carbo.dll access" 1002 = "WEB-IIS cmd.exe access" 1003 = "WEB-IIS cmd? access" 1007 = "WEB-IIS cross-site scripting attempt" 1008 = "WEB-IIS del attempt" 1009 = "WEB-IIS directory listing" 1011 = "WEB-IIS exec-src access" 1015 = "WEB-IIS getdrvs.exe access" 1016 = "WEB-IIS global.asa access" 1017 = "WEB-IIS idc-srch attempt" 1018 = "WEB-IIS iisadmpwd attempt" 1019 = "WEB-IIS index server file source code attempt" 1020 = "WEB-IIS isc data attempt" 1021 = "WEB-IIS ism.dll attempt" 1022 = "WEB-IIS jet vba access" 1023 = "WEB-IIS msadcs.dll access" 1024 = "WEB-IIS newdsn.exe access" 1025 = "WEB-IIS perl access" 1026 = "WEB-IIS perl-browse0a attempt" 1027 = "WEB-IIS perl-browse20 attempt" 1029 = "WEB-IIS scripts-browse access" 1030 = "WEB-IIS search97.vts access" 1037 = "WEB-IIS showcode.asp access" 1038 = "WEB-IIS site server config access" 1039 = "WEB-IIS srch.htm access" 1040 = "WEB-IIS srchadm access" 1041 = "WEB-IIS uploadn.asp access" 1042 = "WEB-IIS view source via translate header" 1043 = "WEB-IIS viewcode.asp access" 1044 = "WEB-IIS webhits access" 1045 = "WEB-IIS Unauthorized IP Access Attempt" 1046 = "WEB-IIS site/iisamples access" 1050 = "WEB-MISC iPlanet GETPROPERTIES attempt" 1051 = "WEB-CGI technote main.cgi file directory traversal attempt" 1052 = "WEB-CGI technote print.cgi directory traversal attempt" 1054 = "WEB-MISC weblogic view source attempt" 1055 = "WEB-MISC Tomcat directory traversal attempt" 1062 = "WEB-MISC nc.exe attempt" 1066 = "WEB-MISC telnet attempt" 1067 = "WEB-MISC net attempt" 1070 = "WEB-MISC WebDAV search access" 1071 = "WEB-MISC .htpasswd access" 1072 = "WEB-MISC Lotus Domino directory traversal" 1073 = "WEB-MISC webhits.exe access" 1075 = "WEB-IIS postinfo.asp access" 1076 = "WEB-IIS repost.asp access" 1079 = "WEB-MISC WebDAV propfind access" 1080 = "WEB-MISC unify eWave ServletExec upload" 1087 = "WEB-MISC whisker tab splice attack" 1088 = "WEB-CGI eXtropia webstore directory traversal" 1089 = "WEB-CGI shopping cart directory traversal" 1092 = "WEB-CGI Armada Style Master Index directory traversal" 1093 = "WEB-CGI cached_feed.cgi moreover shopping cart directory traversal" 1094 = "WEB-CGI webstore directory traversal" 1103 = "WEB-MISC Netscape admin passwd" 1104 = "WEB-MISC whisker space splice attack" 1111 = "WEB-MISC Tomcat server exploit access" 1112 = "WEB-MISC http directory traversal" 1113 = "WEB-MISC http directory traversal" 1122 = "WEB-MISC /etc/passwd" 1129 = "WEB-MISC .htaccess access" 1133 = "SCAN cybercop os probe" 1134 = "WEB-PHP Phorum admin access" 1137 = "WEB-PHP Phorum authentication access" 1139 = "WEB-MISC whisker HEAD/./" 1158 = "WEB-MISC windmail.exe access" 1159 = "WEB-MISC webplus access" 1162 = "WEB-MISC cart 32 AdminPwd access" 1163 = "WEB-CGI webdist.cgi access" 1166 = "WEB-MISC ws_ftp.ini access" 1167 = "WEB-MISC rpm_query access" 1171 = "WEB-MISC whisker HEAD with large datagram" 1175 = "WEB-MISC wwwboard.pl access" 1176 = "WEB-MISC order.log access" 1186 = "WEB-MISC Netscape Enterprise Server directory view" 1187 = "WEB-MISC SalesLogix Eviewer web command attempt" 1188 = "WEB-MISC Netscape Enterprise Server directory view" 1189 = "WEB-MISC Netscape Enterprise Server directory view" 1190 = "WEB-MISC Netscape Enterprise Server directory view" 1191 = "WEB-MISC Netscape Enterprise Server directory view" 1196 = "WEB-CGI SGI InfoSearch fname attempt" 1198 = "WEB-MISC Netscape Enterprise Server directory view" 1199 = "WEB-MISC Compaq Insight directory traversal" 1204 = "WEB-CGI ax-admin.cgi access" 1212 = "WEB-MISC Admin_files access" 1215 = "WEB-CGI ministats admin access" 1218 = "WEB-MISC adminlogin access" 1225 = "X11 MIT Magic Cookie detected" 1226 = "X11 xopen" 1227 = "X11 outbound client connection detected" 1228 = "SCAN nmap XMAS" 1229 = "FTP CWD ..." 1233 = "WEB-CLIENT Outlook EML access" 1240 = "EXPLOIT MDBMS overflow" 1241 = "WEB-MISC SWEditServlet directory traversal attempt" 1242 = "WEB-IIS ISAPI .ida access" 1243 = "WEB-IIS ISAPI .ida attempt" 1244 = "WEB-IIS ISAPI .idq attempt" 1245 = "WEB-IIS ISAPI .idq access" 1250 = "WEB-MISC Cisco IOS HTTP configuration attempt" 1251 = "INFO TELNET Bad Login" 1256 = "WEB-IIS CodeRed v2 root.exe access" 1257 = "DOS Winnuke attack" 1260 = "WEB-MISC long basic authorization string" 1261 = "EXPLOIT AIX pdnsd overflow" 1262 = "RPC portmap admind request TCP" 1263 = "RPC portmap amountd request TCP" 1264 = "RPC portmap bootparam request TCP" 1265 = "RPC portmap cmsd request TCP" 1266 = "RPC portmap mountd request TCP" 1267 = "RPC portmap nisd request TCP" 1268 = "RPC portmap pcnfsd request TCP" 1269 = "RPC portmap rexd request TCP" 1270 = "RPC portmap rstatd request TCP" 1271 = "RPC portmap rusers request TCP" 1272 = "RPC portmap sadmind request TCP" 1273 = "RPC portmap selection_svc request TCP" 1275 = "RPC portmap yppasswd request TCP" 1279 = "RPC portmap snmpXdmi request UDP" 1280 = "RPC portmap listing UDP 111" 1281 = "RPC portmap listing UDP 32771" 1283 = "WEB-IIS outlook web dos" 1284 = "WEB-CLIENT readme.eml download attempt" 1285 = "WEB-IIS msdac access" 1286 = "WEB-IIS _mem_bin access" 1287 = "WEB-IIS scripts access" 1289 = "TFTP GET Admin.dll" 1290 = "WEB-CLIENT readme.eml autoload attempt" 1292 = "ATTACK-RESPONSES directory listing" 1298 = "RPC portmap tooltalk request TCP" 1299 = "RPC portmap tooltalk request UDP" 1300 = "WEB-PHP admin.php file upload attempt" 1301 = "WEB-PHP admin.php access" 1305 = "WEB-CGI txt2html.cgi directory traversal attempt" 1306 = "WEB-CGI store.cgi product directory traversal attempt" 1310 = "PORN free XXX" 1311 = "PORN hardcore anal" 1312 = "PORN nude cheerleader" 1313 = "PORN up skirt" 1314 = "PORN young teen" 1315 = "PORN hot young sex" 1316 = "PORN fuck fuck fuck" 1317 = "PORN anal sex" 1318 = "PORN hardcore rape" 1319 = "PORN real snuff" 1320 = "PORN fuck movies" 1321 = "BAD-TRAFFIC 0 ttl" 1322 = "BAD-TRAFFIC bad frag bits" 1323 = "EXPLOIT rwhoisd format string attempt" 1324 = "EXPLOIT ssh CRC32 overflow /bin/sh" 1325 = "EXPLOIT ssh CRC32 overflow filler" 1326 = "EXPLOIT ssh CRC32 overflow NOOP" 1327 = "EXPLOIT ssh CRC32 overflow" 1328 = "WEB-ATTACKS ps command attempt" 1329 = "WEB-ATTACKS /bin/ps command attempt" 1330 = "WEB-ATTACKS wget command attempt" 1331 = "WEB-ATTACKS uname -a command attempt" 1332 = "WEB-ATTACKS /usr/bin/id command attempt" 1333 = "WEB-ATTACKS id command attempt" 1334 = "WEB-ATTACKS echo command attempt" 1335 = "WEB-ATTACKS kill command attempt" 1336 = "WEB-ATTACKS chmod command attempt" 1337 = "WEB-ATTACKS chgrp command attempt" 1338 = "WEB-ATTACKS chown command attempt" 1339 = "WEB-ATTACKS chsh command attempt" 1340 = "WEB-ATTACKS tftp command attempt" 1341 = "WEB-ATTACKS /usr/bin/gcc command attempt" 1342 = "WEB-ATTACKS gcc command attempt" 1343 = "WEB-ATTACKS /usr/bin/cc command attempt" 1344 = "WEB-ATTACKS cc command attempt" 1345 = "WEB-ATTACKS /usr/bin/cpp command attempt" 1346 = "WEB-ATTACKS cpp command attempt" 1347 = "WEB-ATTACKS /usr/bin/g++ command attempt" 1348 = "WEB-ATTACKS g++ command attempt" 1349 = "WEB-ATTACKS bin/python access attempt" 1350 = "WEB-ATTACKS python access attempt" 1351 = "WEB-ATTACKS bin/tclsh execution attempt" 1352 = "WEB-ATTACKS tclsh execution attempt" 1353 = "WEB-ATTACKS bin/nasm command attempt" 1354 = "WEB-ATTACKS nasm command attempt" 1355 = "WEB-ATTACKS /usr/bin/perl execution attempt" 1356 = "WEB-ATTACKS perl execution attempt" 1357 = "WEB-ATTACKS nt admin addition attempt" 1358 = "WEB-ATTACKS traceroute command attempt" 1359 = "WEB-ATTACKS ping command attempt" 1360 = "WEB-ATTACKS netcat command attempt" 1363 = "WEB-ATTACKS X application to remote host attempt" 1364 = "WEB-ATTACKS lsof command attempt" 1365 = "WEB-ATTACKS rm command attempt" 1366 = "WEB-ATTACKS mail command attempt" 1367 = "WEB-ATTACKS mail command attempt" 1368 = "WEB-ATTACKS /bin/ls command attempt" 1369 = "WEB-ATTACKS /bin/ls command attempt" 1370 = "WEB-ATTACKS /etc/inetd.conf access" 1372 = "WEB-ATTACKS /etc/shadow access" 1373 = "WEB-ATTACKS conf/httpd.conf attempt" 1374 = "WEB-ATTACKS .htgroup access" 1375 = "WEB-MISC sadmind worm access" 1377 = "FTP wu-ftp bad file completion attempt (" 1378 = "FTP wu-ftp bad file completion attempt curly-bracket" 1379 = "FTP STAT overflow attempt" 1380 = "WEB-IIS cross-site scripting attempt" 1382 = "EXPLOIT CHAT IRC Ettercap parse overflow attempt" 1383 = "P2P Fastrack (kazaa/morpheus) GET request" 1385 = "WEB-MISC mod-plsql administration access" 1387 = "MS-SQL raiserror possible buffer overflow" 1389 = "WEB-MISC viewcode.jse access" 1394 = "SHELLCODE x86 NOOP" 1397 = "WEB-CGI wayboard attempt" 1398 = "EXPLOIT CDE dtspcd exploit attempt" 1399 = "WEB-PHP PHP-Nuke remote file include attempt" 1400 = "WEB-IIS /scripts/samples/ access" 1401 = "WEB-IIS /msadc/samples/ access" 1402 = "WEB-IIS iissamples access" 1408 = "DOS MSDTC attempt" 1411 = "SNMP public access udp" 1412 = "SNMP public access tcp" 1413 = "SNMP private access udp" 1414 = "SNMP private access tcp" 1415 = "SNMP Broadcast request" 1416 = "SNMP broadcast trap" 1417 = "SNMP request udp" 1418 = "SNMP request tcp" 1419 = "SNMP trap udp" 1420 = "SNMP trap tcp" 1422 = "SNMP community string buffer overflow attempt (with evasion)" 1431 = "BAD-TRAFFIC syn to multicast address" 1432 = "P2P GNUTella GET" 1435 = "DNS named authors attempt" 1441 = "TFTP GET nc.exe" 1442 = "TFTP GET shadow" 1443 = "TFTP GET passwd" 1444 = "TFTP Get" 1445 = "POLICY FTP file_id.diz access possible warez site" 1446 = "SMTP vrfy root" 1449 = "POLICY FTP anonymous (ftp) login attempt" 1450 = "SMTP expn *@" 1456 = "WEB-CGI calender_admin.pl access" 1457 = "WEB-CGI user_update_admin.pl access" 1463 = "CHAT IRC message" 1484 = "WEB-IIS /isapi/tstisapi.dll access" 1485 = "WEB-IIS mkilog.exe access" 1486 = "WEB-IIS ctss.idc access" 1487 = "WEB-IIS /iisadmpwd/aexp2.htr access" 1488 = "WEB-CGI store.cgi directory traversal attempt" 1490 = "WEB-PHP Phorum /support/common.php attempt" 1491 = "WEB-PHP Phorum /support/common.php access" 1492 = "WEB-MISC RBS ISP /newuser directory traversal attempt" 1497 = "WEB-MISC cross site scripting attempt" 1498 = "WEB-MISC PIX firewall manager directory traversal attempt" 1501 = "WEB-CGI a1stats a1disp3.cgi directory traversal attempt" 1503 = "WEB-CGI admentor admin.asp access" 1504 = "MISC AFS access" 1509 = "WEB-CGI AltaVista Intranet Search directory traversal attempt" 1519 = "WEB-MISC apache ?M=D directory list attempt" 1520 = "WEB-MISC server-info access" 1526 = "WEB-MISC basilix sendmail.inc access" 1527 = "WEB-MISC basilix mysql.class access" 1529 = "FTP SITE overflow attempt" 1530 = "FTP format string attempt" 1536 = "WEB-CGI calendar_admin.pl arbitrary command execution attempt" 1537 = "WEB-CGI calendar_admin.pl access" 1541 = "FINGER version query" 1544 = "WEB-MISC Cisco Catalyst command execution attempt" 1545 = "DOS Cisco attempt" 1546 = "WEB-MISC Cisco /%% DOS attempt" 1549 = "SMTP HELO overflow attempt" 1550 = "SMTP ETRN overflow attempt" 1562 = "FTP SITE CHOWN overflow attempt" 1567 = "WEB-IIS /exchange/root.asp attempt" 1568 = "WEB-IIS /exchange/root.asp access" 1569 = "WEB-CGI loadpage.cgi directory traversal attempt" 1571 = "WEB-CGI dcforum.cgi directory traversal attempt" 1579 = "WEB-MISC Domino webadmin.nsf access" 1595 = "WEB-IIS htimage.exe access" 1598 = "WEB-CGI Home Free search.cgi directory traversal attempt" 1600 = "WEB-CGI htsearch arbitrary configuration file attempt" 1601 = "WEB-CGI htsearch arbitrary file read attempt" 1602 = "WEB-CGI htsearch access" 1604 = "WEB-MISC iChat directory traversal attempt" 1605 = "DOS iParty DOS attempt" 1607 = "WEB-CGI HyperSeek hsx.cgi access" 1610 = "WEB-CGI formmail arbitrary command execution attempt" 1616 = "DNS named version attempt" 1618 = "WEB-IIS .asp Transfer-Encoding\\: chunked" 1621 = "FTP CMD overflow attempt" 1622 = "FTP RNFR ././ attempt" 1623 = "FTP invalid MODE" 1624 = "FTP large PWD command" 1625 = "FTP large SYST command" 1626 = "WEB-IIS /StoreCSVS/InstantOrder.asmx request" 1627 = "BAD-TRAFFIC Unassigned/Reserved IP protocol" 1628 = "WEB-CGI FormHandler.cgi directory traversal attempt attempt" 1631 = "CHAT AIM login" 1632 = "CHAT AIM send message" 1633 = "CHAT AIM receive message" 1636 = "MISC Xtramail Username overflow attempt" 1638 = "SCAN SSH Version map attempt" 1639 = "CHAT IRC DCC file transfer request" 1640 = "CHAT IRC DCC chat request" 1641 = "DOS DB2 dos attempt" 1645 = "WEB-CGI testcgi access" 1657 = "WEB-CGI pagelog.cgi directory traversal attempt" 1660 = "WEB-IIS trace.axd access" 1661 = "WEB-IIS cmd32.exe access" 1662 = "WEB-MISC /~ftp access" 1667 = "WEB-MISC cross site scripting \\(img src=javascript\\) attempt" 1672 = "FTP CWD ~ attempt" 1673 = "ORACLE EXECUTE_SYSTEM attempt" 1674 = "ORACLE connect_data\\(command=version\\) attempt" 1675 = "ORACLE misparsed login response" 1676 = "ORACLE select union attempt" 1677 = "ORACLE select like \\'%\\' attempt" 1678 = "ORACLE select like \\\\'%\\\\' attempt" 1679 = "ORACLE describe attempt" 1680 = "ORACLE all_constraints access" 1681 = "ORACLE all_views access" 1682 = "ORACLE all_source access" 1683 = "ORACLE all_tables access" 1684 = "ORACLE all_tab_columns access" 1685 = "ORACLE all_tab_privs access" 1686 = "ORACLE dba_tablespace access" 1687 = "ORACLE dba_tables access" 1688 = "ORACLE user_tablespace access" 1689 = "ORACLE sys.all_users access" 1690 = "ORACLE grant attempt" 1691 = "ORACLE ALTER USER attempt" 1692 = "ORACLE drop table attempt" 1693 = "ORACLE create table attempt" 1694 = "ORACLE alter table attempt" 1695 = "ORACLE truncate table attempt" 1696 = "ORACLE create database attempt" 1697 = "ORACLE alter database attempt" 1699 = "P2P Fastrack (kazaa/morpheus) traffic" 1701 = "WEB-CGI calendar-admin.pl access" 1703 = "WEB-CGI auktion.cgi directory traversal attempt" 1704 = "WEB-CGI cal_make.pl directory traversal attempt" 1719 = "WEB-CGI talkback.cgi directory traversal attempt" 1725 = "WEB-IIS +.htr code fragment attempt" 1726 = "WEB-IIS doctodep.btr access" 1728 = "FTP CWD ~ attempt" 1729 = "CHAT IRC channel join" 1730 = "WEB-CGI ustorekeeper.pl directory traversal attempt" 1732 = "RPC portmap rwalld request UDP" 1733 = "RPC portmap rwalld request TCP" 1734 = "FTP USER overflow attempt" 1739 = "WEB-PHP DNSTools administrator authentication bypass attempt" 1746 = "RPC portmap cachefsd request UDP" 1747 = "RPC portmap cachefsd request TCP" 1748 = "FTP command overflow attempt" 1750 = "WEB-IIS users.xml access" 1751 = "EXPLOIT cachefsd buffer overflow attempt" 1753 = "WEB-IIS as_web.exe access" 1754 = "WEB-IIS as_web4.exe access" 1755 = "IMAP partial body buffer overflow attempt" 1756 = "WEB-IIS NewsPro administration authentication attempt" 1759 = "MS-SQL xp_cmdshell program execution (445)" 1768 = "WEB-IIS header field buffer overflow attempt" 1772 = "WEB-IIS pbserver access" 1773 = "WEB-PHP php.exe access" 1775 = "MYSQL root login attempt" 1776 = "MYSQL show databases attempt" 1777 = "FTP EXPLOIT STAT * dos attempt" 1778 = "FTP EXPLOIT STAT ? dos attempt" 1779 = "FTP CWD .... attempt" 1781 = "PORN dildo" 1782 = "PORN nipple clamp" 1783 = "PORN oral sex" 1784 = "PORN nude celeb" 1785 = "PORN voyeur" 1786 = "PORN raw sex" 1789 = "CHAT IRC dns request" 1790 = "CHAT IRC dns response" 1791 = "BACKDOOR fragroute trojan connection attempt" 1793 = "PORN fetish" 1794 = "PORN masturbation" 1795 = "PORN ejaculation" 1796 = "PORN virgin" 1797 = "PORN BDSM" 1798 = "PORN erotica" 1799 = "PORN fisting" 1800 = "VIRUS Klez Incoming" 1805 = "WEB-CGI Oracle reports CGI access" 1806 = "WEB-IIS .htr Transfer-Encoding\\: chunked" 1808 = "WEB-MISC apache chunked encoding memory corruption exploit attempt" 1809 = "WEB-MISC Apache Chunked-Encoding worm attempt" 1810 = "ATTACK-RESPONSES successful gobbles ssh exploit (GOBBLE)" 1811 = "ATTACK-RESPONSES successful gobbles ssh exploit (uname)" 1812 = "EXPLOIT gobbles SSH exploit attempt" 1813 = "ICMP digital island bandwidth query" 1814 = "WEB-MISC CISCO VoIP DOS ATTEMPT" 1817 = "WEB-IIS MS Site Server default login attempt" 1818 = "WEB-IIS MS Site Server admin attempt" 1821 = "EXPLOIT LPD dvips remote command execution attempt" 1822 = "WEB-CGI alienform.cgi directory traversal attempt" 1823 = "WEB-CGI AlienForm af.cgi directory traversal attempt" 1827 = "WEB-MISC Tomcat servlet mapping cross site scripting attempt" 1828 = "WEB-MISC iPlanet Search directory traversal attempt" 1831 = "WEB-MISC jigsaw dos attempt" 1832 = "CHAT ICQ forced user addition" 1833 = "PORN naked lesbians" 1834 = "WEB-PHP PHP-Wiki cross site scripting attempt" 1835 = "WEB-MISC Macromedia SiteSpring cross site scripting attempt" 1836 = "PORN alt.binaries.pictures.erotica" 1837 = "PORN alt.binaries.pictures.tinygirls" 1838 = "EXPLOIT SSH server banner overflow" 1839 = "WEB-MISC mailman cross site scripting attempt" 1841 = "WEB-CLIENT Javascript URL host spoofing attempt" 1842 = "IMAP login buffer overflow attempt" 1843 = "BACKDOOR trinity connection attempt" 1844 = "IMAP authenticate overflow attempt" 1845 = "IMAP list literal overflow attempt" 1852 = "WEB-MISC robots.txt access" 1853 = "BACKDOOR win-trin00 connection attempt" 1854 = "DDOS Stacheldraht handler = agent (niggahbitch)" 1855 = "DDOS Stacheldraht agent = handler (skillz)" 1856 = "DDOS Stacheldraht handler = agent (ficken)" 1857 = "WEB-MISC robot.txt access" 1858 = "WEB-MISC CISCO PIX Firewall Manager directory traversal attempt" 1859 = "WEB-MISC Sun JavaServer default password login attempt" 1860 = "WEB-MISC Linksys router default password login attempt \\(\\:admin\\)" 1861 = "WEB-MISC Linksys router default password login attempt \\(admin\\:admin\\)" 1862 = "WEB-CGI mrtg.cgi directory traversal attempt" 1864 = "FTP SITE NEWER attempt" 1866 = "POP3 USER overflow attempt" 1871 = "WEB-MISC Oracle XSQLConfig.xml access" 1882 = "ATTACK-RESPONSES id check returned userid" 1883 = "ATTACK-RESPONSES id check returned nobody" 1884 = "ATTACK-RESPONSES id check returned web" 1885 = "ATTACK-RESPONSES id check returned http" 1886 = "ATTACK-RESPONSES id check returned apache" 1888 = "FTP SITE CPWD overflow attempt" 1890 = "RPC status GHBN format string attack" 1891 = "RPC status GHBN format string attack" 1892 = "SNMP null community string attempt" 1894 = "EXPLOIT kadmind buffer overflow attempt" 1895 = "EXPLOIT kadmind buffer overflow attempt" 1896 = "EXPLOIT kadmind buffer overflow attempt" 1897 = "EXPLOIT kadmind buffer overflow attempt" 1898 = "EXPLOIT kadmind buffer overflow attempt" 1899 = "EXPLOIT kadmind buffer overflow attempt" 1902 = "IMAP lsub literal overflow attempt" 1903 = "IMAP rename overflow attempt" 1904 = "IMAP find overflow attempt" 1905 = "RPC AMD UDP amqproc_mount plog overflow attempt" 1906 = "RPC AMD TCP amqproc_mount plog overflow attempt" 1907 = "RPC CMSD UDP CMSD_CREATE buffer overflow attempt" 1908 = "RPC CMSD TCP CMSD_CREATE buffer overflow attempt" 1909 = "RPC CMSD TCP CMSD_INSERT buffer overflow attempt" 1910 = "RPC CMSD udp CMSD_INSERT buffer overflow attempt" 1911 = "RPC sadmind UDP NETMGT_PROC_SERVICE CLIENT_DOMAIN overflow attempt" 1912 = "RPC sadmind TCP NETMGT_PROC_SERVICE CLIENT_DOMAIN overflow attempt" 1913 = "RPC STATD UDP stat mon_name format string exploit attempt" 1914 = "RPC STATD TCP stat mon_name format string exploit attempt" 1915 = "RPC STATD UDP monitor mon_name format string exploit attempt" 1916 = "RPC STATD TCP monitor mon_name format string exploit attempt" 1917 = "SCAN UPnP service discover attempt" 1918 = "SCAN SolarWinds IP scan attempt" 1919 = "FTP CWD overflow attempt" 1920 = "FTP SITE NEWER overflow attempt" 1921 = "FTP SITE ZIPCHK attempt" 1922 = "RPC portmap proxy attempt TCP" 1923 = "RPC portmap proxy attempt UDP" 1924 = "RPC mountd UDP export request" 1925 = "RPC mountd TCP exportall request" 1926 = "RPC mountd UDP exportall request" 1927 = "FTP authorized_keys" 1928 = "FTP shadow retrieval attempt" 1929 = "BACKDOOR TCPDUMP/PCAP trojan traffic" 1930 = "IMAP auth overflow attempt" 1941 = "TFTP filename overflow attempt" 1942 = "FTP RMDIR overflow attempt" 1945 = "WEB-IIS unicode directory traversal attempt" 1946 = "WEB-MISC answerbook2 admin attempt" 1948 = "DNS zone transfer UDP" 1949 = "RPC portmap SET attempt TCP 111" 1950 = "RPC portmap SET attempt UDP 111" 1951 = "RPC mountd TCP mount request" 1952 = "RPC mountd UDP mount request" 1953 = "RPC AMD TCP pid request" 1954 = "RPC AMD UDP pid request" 1955 = "RPC AMD TCP version request" 1956 = "RPC AMD UDP version request" 1963 = "RPC RQUOTA getquota overflow attempt UDP" 1964 = "RPC tooltalk UDP overflow attempt" 1965 = "RPC tooltalk TCP overflow attempt" 1970 = "WEB-IIS MDAC Content-Type overflow attempt" 1971 = "FTP SITE EXEC format string attempt" 1972 = "FTP PASS overflow attempt" 1973 = "FTP MKD overflow attempt" 1974 = "FTP REST overflow attempt" 1976 = "FTP RMD overflow attempt" 1980 = "BACKDOOR DeepThroat 3.1 Connection attempt" 1981 = "BACKDOOR DeepThroat 3.1 Connection attempt (3150)" 1982 = "BACKDOOR DeepThroat 3.1 Server Response (3150)" 1983 = "BACKDOOR DeepThroat 3.1 Connection attempt (4120)" 1984 = "BACKDOOR DeepThroat 3.1 Server Response (4120)" 1985 = "BACKDOOR Doly 1.5 server response" 1986 = "CHAT MSN file transfer request" 1987 = "MISC xfs overflow attempt" 1988 = "CHAT MSN file transfer accept" 1989 = "CHAT MSN file transfer reject" 1990 = "CHAT MSN user search" 1991 = "CHAT MSN login attempt" 1992 = "FTP LIST directory traversal attempt" 1993 = "IMAP login literal buffer overflow attempt" 2000 = "WEB-PHP readmsg.php access" 2001 = "WEB-CGI smartsearch.cgi access" 2002 = "WEB-PHP external include path" 2003 = "MS-SQL Worm propagation attempt" 2004 = "MS-SQL Worm propagation attempt OUTBOUND" 2005 = "RPC portmap kcms_server request UDP" 2006 = "RPC portmap kcms_server request TCP" 2007 = "RPC kcms_server directory traversal attempt" 2008 = "MISC CVS invalid user authentication response" 2009 = "MISC CVS invalid repository response" 2010 = "MISC CVS double free exploit attempt response" 2011 = "MISC CVS invalid directory response" 2012 = "MISC CVS missing cvsroot response" 2013 = "MISC CVS invalid module response" 2014 = "RPC portmap UNSET attempt TCP 111" 2015 = "RPC portmap UNSET attempt UDP 111" 2016 = "RPC portmap status request TCP" 2017 = "RPC portmap espd request UDP" 2018 = "RPC mountd TCP dump request" 2019 = "RPC mountd UDP dump request" 2020 = "RPC mountd TCP unmount request" 2021 = "RPC mountd UDP unmount request" 2022 = "RPC mountd TCP unmountall request" 2023 = "RPC mountd UDP unmountall request" 2024 = "RPC RQUOTA getquota overflow attempt TCP" 2025 = "RPC yppasswd username overflow attempt UDP" 2026 = "RPC yppasswd username overflow attempt TCP" 2027 = "RPC yppasswd old password overflow attempt UDP" 2028 = "RPC yppasswd old password overflow attempt TCP" 2029 = "RPC yppasswd new password overflow attempt UDP" 2030 = "RPC yppasswd new password overflow attempt TCP" 2031 = "RPC yppasswd user update UDP" 2032 = "RPC yppasswd user update TCP" 2033 = "RPC ypserv maplist request UDP" 2034 = "RPC ypserv maplist request TCP" 2035 = "RPC portmap network-status-monitor request UDP" 2036 = "RPC portmap network-status-monitor request TCP" 2037 = "RPC network-status-monitor mon-callback request UDP" 2038 = "RPC network-status-monitor mon-callback request TCP" 2039 = "MISC bootp hostname format string attempt" 2040 = "POLICY xtacacs login attempt" 2041 = "MISC xtacacs failed login response" 2042 = "POLICY xtacacs accepted login response" 2043 = "MISC isakmp login failed" 2044 = "POLICY PPTP setup attempt" 2045 = "RPC snmpXdmi overflow attempt UDP" 2046 = "IMAP partial body.peek buffer overflow attempt" 2047 = "MISC rsyncd module list access" 2048 = "MISC rsyncd overflow attempt" 2049 = "MS-SQL ping attempt" 2050 = "MS-SQL version overflow attempt" 2051 = "WEB-CGI cached_feed.cgi moreover shopping cart access" 2052 = "WEB-CGI overflow.cgi access" 2053 = "WEB-CGI process_bug.cgi access" 2054 = "WEB-CGI enter_bug.cgi arbitrary command attempt" 2055 = "WEB-CGI enter_bug.cgi access" 2056 = "WEB-MISC TRACE attempt" 2057 = "WEB-MISC helpout.exe access" 2058 = "WEB-MISC MsmMask.exe attempt" 2059 = "WEB-MISC MsmMask.exe access" 2060 = "WEB-MISC DB4Web access" 2061 = "WEB-MISC Tomcat null byte directory listing attempt" 2062 = "WEB-MISC iPlanet .perf access" 2063 = "WEB-MISC Demarc SQL injection attempt" 2064 = "WEB-MISC Lotus Notes .csp script source download attempt" 2065 = "WEB-MISC Lotus Notes .csp script source download attempt" 2066 = "WEB-MISC Lotus Notes .pl script source download attempt" 2067 = "WEB-MISC Lotus Notes .exe script source download attempt" 2068 = "WEB-MISC BitKeeper arbitrary command attempt" 2069 = "WEB-MISC chip.ini access" 2070 = "WEB-MISC post32.exe arbitrary command attempt" 2071 = "WEB-MISC post32.exe access" 2072 = "WEB-MISC lyris.pl access" 2073 = "WEB-MISC globals.pl access" 2074 = "WEB-PHP Mambo uploadimage.php upload php file attempt" 2075 = "WEB-PHP Mambo upload.php upload php file attempt" 2076 = "WEB-PHP Mambo uploadimage.php access" 2077 = "WEB-PHP Mambo upload.php access" 2078 = "WEB-PHP phpBB privmsg.php access" 2079 = "RPC portmap nlockmgr request UDP" 2080 = "RPC portmap nlockmgr request TCP" 2081 = "RPC portmap rpc.xfsmd request UDP" 2082 = "RPC portmap rpc.xfsmd request TCP" 2083 = "RPC rpc.xfsmd xfs_export attempt UDP" 2084 = "RPC rpc.xfsmd xfs_export attempt TCP" 2085 = "WEB-CGI parse_xml.cgi access" 2086 = "WEB-CGI streaming server parse_xml.cgi access" 2087 = "SMTP >From comment overflow attempt" 2088 = "RPC ypupdated arbitrary command attempt UDP" 2089 = "RPC ypupdated arbitrary command attempt TCP" 2090 = "WEB-IIS WEBDAV exploit attempt" 2091 = "WEB-IIS WEBDAV nessus safe scan attempt" 2092 = "RPC portmap proxy integer overflow attempt UDP" 2093 = "RPC portmap proxy integer overflow attempt TCP" 2094 = "RPC CMSD UDP CMSD_CREATE array buffer overflow attempt" 2095 = "RPC CMSD TCP CMSD_CREATE array buffer overflow attempt" 2100 = "BACKDOOR SubSeven 2.1 Gold server connection response" 2101 = "NETBIOS SMB SMB_COM_TRANSACTION Max Parameter and Max Count of 0 DOS Attempt" 2102 = "NETBIOS SMB SMB_COM_TRANSACTION Max Data Count of 0 DOS Attempt" 2103 = "NETBIOS SMB trans2open buffer overflow attempt" 2104 = "ATTACK-RESPONSES rexec username too long response" 2105 = "IMAP authenticate literal overflow attempt" 2106 = "IMAP lsub overflow attempt" 2107 = "IMAP create buffer overflow attempt" 2108 = "POP3 CAPA overflow attempt" 2109 = "POP3 TOP overflow attempt" 2110 = "POP3 STAT overflow attempt" 2111 = "POP3 DELE overflow attempt" 2112 = "POP3 RSET overflow attempt" 2113 = "RSERVICES rexec username overflow attempt" 2114 = "RSERVICES rexec password overflow attempt" 2115 = "WEB-CGI album.pl access" 2116 = "WEB-CGI chipcfg.cgi access" 2117 = "WEB-IIS Battleaxe Forum login.asp access" 2118 = "IMAP list overflow attempt" 2119 = "IMAP rename literal overflow attempt" 2120 = "IMAP create literal buffer overflow attempt" 2121 = "POP3 DELE negative arguement attempt" 2122 = "POP3 UIDL negative arguement attempt" 2123 = "ATTACK-RESPONSES Microsoft cmd.exe banner" 2124 = "BACKDOOR Remote PC Access connection attempt" 2125 = "FTP CWD C:\\\\" 2126 = "MISC Microsoft PPTP Start Control Request buffer overflow attempt" 2127 = "WEB-CGI ikonboard.cgi access" 2128 = "WEB-CGI swsrv.cgi access" 2129 = "WEB-IIS nsiislog.dll access" 2130 = "WEB-IIS IISProtect siteadmin.asp access" 2131 = "WEB-IIS IISProtect access" 2132 = "WEB-IIS Synchrologic Email Accelerator userid list access attempt" 2133 = "WEB-IIS MS BizTalk server access" 2134 = "WEB-IIS register.asp access" 2135 = "WEB-MISC philboard.mdb access" 2136 = "WEB-MISC philboard_admin.asp authentication bypass attempt" 2137 = "WEB-MISC philboard_admin.asp access" 2138 = "WEB-MISC logicworks.ini access" 2139 = "WEB-MISC /*.shtml access" 2140 = "WEB-PHP p-news.php access" 2141 = "WEB-PHP shoutbox.php directory traversal attempt" 2142 = "WEB-PHP shoutbox.php access" 2143 = "WEB-PHP b2 cafelog gm-2-b2.php remote command execution attempt" 2144 = "WEB-PHP b2 cafelog gm-2-b2.php access" 2145 = "WEB-PHP TextPortal admin.php default password (admin) attempt" 2146 = "WEB-PHP TextPortal admin.php default password (12345) attempt" 2147 = "WEB-PHP BLNews objects.inc.php4 remote command execution attempt" 2148 = "WEB-PHP BLNews objects.inc.php4 access" 2149 = "WEB-PHP Turba status.php access" 2150 = "WEB-PHP ttCMS header.php remote command execution attempt" 2151 = "WEB-PHP ttCMS header.php access" 2152 = "WEB-PHP test.php access" 2153 = "WEB-PHP autohtml.php directory traversal attempt" 2154 = "WEB-PHP autohtml.php access" 2155 = "WEB-PHP ttforum remote command execution attempt" 2156 = "WEB-MISC mod_gzip_status access" 2157 = "WEB-IIS IISProtect GlobalAdmin.asp access" 2158 = "MISC BGP invalid length" 2159 = "MISC BGP invalid type (0)" 2160 = "VIRUS OUTBOUND .exe file attachment" 2161 = "VIRUS OUTBOUND .doc file attachment" 2162 = "VIRUS OUTBOUND .hta file attachment" 2163 = "VIRUS OUTBOUND .chm file attachment" 2164 = "VIRUS OUTBOUND .reg file attachment" 2165 = "VIRUS OUTBOUND .ini file attachment" 2166 = "VIRUS OUTBOUND .bat file attachment" 2167 = "VIRUS OUTBOUND .diz file attachment" 2168 = "VIRUS OUTBOUND .cpp file attachment" 2169 = "VIRUS OUTBOUND .dll file attachment" 2170 = "VIRUS OUTBOUND .vxd file attachment" 2171 = "VIRUS OUTBOUND .sys file attachment" 2172 = "VIRUS OUTBOUND .com file attachment" 2173 = "VIRUS OUTBOUND .hsq file attachment" 2174 = "NETBIOS SMB winreg access" 2175 = "NETBIOS SMB winreg access (unicode)" 2176 = "NETBIOS SMB Startup Folder access attempt" 2177 = "NETBIOS SMB Startup Folder access attempt (unicode)" 2180 = "P2P BitTorrent announce request" 2181 = "P2P BitTorrent transfer" 2183 = "SMTP Content-Transfer-Encoding overflow attempt" 2186 = "BAD-TRAFFIC IP Proto 53 (SWIPE)" 2187 = "BAD-TRAFFIC IP Proto 55 (IP Mobility)" 2188 = "BAD-TRAFFIC IP Proto 77 (Sun ND)" 2189 = "BAD-TRAFFIC IP Proto 103 (PIM)" 2190 = "NETBIOS DCERPC invalid bind attempt" 2191 = "NETBIOS SMB DCERPC invalid bind attempt" 2192 = "NETBIOS DCERPC ISystemActivator bind attempt" 2193 = "NETBIOS SMB DCERPC ISystemActivator bind attempt" } # rule } # snort2_syslog http_server_responses = { 100 = "Continue" 101 = "Switching Protocols" 102 = "Processing" 200 = "OK" 201 = "Created" 202 = "Accepted" 203 = "Non-Authoritative Information" 204 = "No Content" 205 = "Reset Content" 206 = "Partial Content" 207 = "Multi-Status" 226 = "IM Used" 300 = "Multiple Choices" 301 = "Moved Permanently" 302 = "Found" 303 = "See Other" 304 = "Not Modified" 305 = "Use Proxy" 306 = "(Reserved)" 307 = "Temporary Redirect" 400 = "Bad Request" 401 = "Unauthorized" 402 = "Payment Required" 403 = "Forbidden" 404 = "Not Found" 405 = "Method Not Allowed" 406 = "Not Acceptable" 407 = "Proxy Authentication Required" 408 = "Request Timeout" 409 = "Conflict" 410 = "Gone" 411 = "Length Required" 412 = "Precondition Failed" 413 = "Request Entity Too Large" 414 = "Request-URI Too Long" 415 = "Unsupported Media Type" 416 = "Requested Range Not Satisfiable" 417 = "Expectation Failed" 422 = "Unprocessable Entity" 423 = "Locked" 424 = "Failed Dependency" 426 = "Upgrade Required" 500 = "Internal Server Error" 501 = "Not Implemented" 502 = "Bad Gateway" 503 = "Service Unavailable" 504 = "Gateway Timeout" 505 = "HTTP Version Not Supported" 507 = "Insufficient Storage" 510 = "Not Extended" } # http_server_responses sonic_wall = { ipspri = { 1 = "high" 2 = "medium" 3 = "low" "(empty)" = "(empty)" } event_type = { gateway_antivirus_alert = "Gateway Anti-Virus Alert" ips_detection_alert = "IPS Detection Alert" found_rogue_access_point = "Found Rogue Access Point" } } # sonic_wall net_continuum = { level = { ALER = 'Alert' WARN = 'Warning' NOTI = 'Notice' } # level } # net_continuum vbrick_ethernetv_portal_server = { broadcast_type = { presentation = "Presentation" video_on_demand = "Video on Demand" live_broadcast = "Live Broadcast" } # broadcast_type } # vbrick_ethernetv_portal_server aventail_client_server_access = { equipment_type = { W = "Windows" M = "Mac" L = "Linux" P = "PDA" A = "ActiveSync Mobile Phone" X = "Default/Unknown" unspecified = "Mobile Phone" } # equipment_type } barracuda_spam_firewall = { reasons = { 0 = "Message Allowed" 1 = "Virus" 2 = "Banned Attachment" 3 = "RBL Match" 4 = "Rate Control" 5 = "Too Many Message In Session" 6 = "Timeout Exceeded" 7 = "No Such Domain" 8 = "No Such User" 9 = "Subject Filter Match" 11 = "Client IP" 12 = "Recipient Address Rejected" 13 = "No Valid Recipients" 14 = "Domain Not Found" 15 = "Sender Address Rejected" 17 = "Need Fully Qualified Recipient" 18 = "Need Gully Qualified Send" 20 = "MAIL FROM Syntax Error" 21 = "Bad Address Syntax" 22 = "RCPT TO Syntax Error" 23 = "Send EHLO/HELO First" 24 = "Need MAIL Command" 25 = "Nested MAIL Command" 27 = "EHLO/HELO Syntax Error" 30 = "Mail Protocol Error" 31 = "Score" 34 = "Header Filter Match" 35 = "Sender Block/Accept" 36 = "Recipient Block/Accept" 37 = "Body Filter Match" 38 = "Message Size Bypass" 39 = "Intention Analysis Match" 40 = "SPF/Caller-ID" 41 = "Client Host Rejected" 44 = "Authentication Not Enabled" 45 = "Allowed Message Size Exceeded" 46 = "Too Many Recipients" 47 = "Need RCPT Command" 48 = "DATA Syntax Error" 49 = "Internal Error" 50 = "Too Many Hops" 55 = "Invalid Parameter Syntax" 56 = "STARTTLS Syntax Error" 57 = "TLS Already Active" 58 = "Too Many Errors" 59 = "Need STARTTLS First" 60 = "Spam Fingerprint Found" 61 = "Barracuda Whitelist" 62 = "Barracuda Blacklist" } # reasons } # barracuda_spam_firewall firepass_ssl_vpn = { session_status = { 0 = "Server session in progress" 1 = "Logged out from server" 2 = "Server session timed out" 7 = "Session handed off to failover box" } # session_status } # firepass_ssl_vpn tipping_point_sms = { action_type = { 7 = "Permit" 8 = "Block" 9 = "P2P" } # action_type severity = { 0 = "Normal" 1 = "Low" 2 = "Minor" 3 = "Major" 4 = "Critical" } # severity } # tipping_point_sms autodesk_network_license_manager = { # For translation action = { IN = "IN (license returned)" OUT = "OUT (license granted)" DENIED = "DENIED" } } # autodesk_network_license_manager } # log_formats # This is nowhere near a complete list of Windows event codes, but we gotta start somewhere. # If you add your own codes here, please email them to support@sawmill.net, so we can add them to # this list. windows_event_codes = { 515 = { category = "System Events" description = "A trusted logon process has registered with the Local Security Authority" } 517 = { category = "System Events" description = "The audit log was cleared" } 528 = { category = "Logon/Logoff" description = "Successful Logon" } 538 = { category = "Logon/Logoff" description = "User Logoff" } 540 = { category = "Logon/Logoff" description = "Successful Network Logon" } 552 = { category = "Logon/Logoff" description = "Logon attempt using explicit credentials" } 560 = { category = "Object Access" description = "Object Open" } 562 = { category = "Object Access" description = "Handle Closed" } 564 = { category = "Object Access" description = "Object Deleted" } 565 = { category = "Directory Service" description = "Object Open (Active Directory)" } 566 = { category = "Directory Service" description = "Object Operation (W3 Active Directory)" } 567 = { category = "Object Access" description = "Object Access Attempt" } 576 = { category = "Privilege Use" description = "Special privileges assigned to new logon" } 578 = { category = "Privilege Use" description = "Privileged object operation" } 672 = { category = "Account Logon" description = "Authentication Ticket Granted" } 673 = { category = "Account Logon" description = "Service Ticket Granted" } 675 = { category = "Account Logon" description = "Pre-authentication failed" } 680 = { category = "Account Logon" description = "Account Used for Logon by" } } # windows_event_codes directory = "{=if (_PLATFORM eq \"UNIX\") then lang_stats.unix_directory else lang_stats.windows_directory;=}" directories = "{=if (_PLATFORM eq \"UNIX\") then lang_stats.unix_directories else lang_stats.windows_directories;=}" directory_capitalized = "{=if (_PLATFORM eq \"UNIX\") then capitalize(lang_stats.unix_directory) else capitalize(lang_stats.windows_directory);=}" directories_capitalized = "{=if (_PLATFORM eq \"UNIX\") then capitalize(lang_stats.unix_directories) else capitalize(lang_stats.windows_directories);=}" # Translate these words unix_directory = "directory" unix_directories = "directories" windows_directory = "folder" windows_directories = "folders" } # lang_stats