lang_stats = { ## ## Language Module -- Statistics ## ## This is the Statistics section of the default English language module ## # If you want to "white-label" this product so it uses another name, uncomment these and change PRODUCT_NAME. # If you want to change the support email address shown in the web interface and documentation, or the web site # URL, you can uncomment and change SUPPORT_EMAIL or PRODUCT_URL. #PRODUCT_NAME = "Product Name" #SUPPORT_EMAIL = "support@sawmill.net" #PRODUCT_URL = "http://www.sawmill.net/" # Change this to your charset if your translation does not use UTF-8. charset = "UTF-8" statistics_label = "$command_line.profile" general = { apply_button = "Apply" calendar_button = "Calendar" cancel_button = "Cancel" date_range_picker_button = "Date Range" filter_button = "Filter" filter_on_off_button = "Filter On" logout_button = "Logout" ok_button = "OK" save_and_close_button = "Save and Close" close_button = "Close" edit_button = "Edit" delete_button = "Delete" help_button = "Help" about_button = "About" table_options_button = "Table Options" export_button = "Export" search_button = "Search" refresh_button = "Refresh" move_down_button = "Down [ - ]" move_up_button = "Up [ + ]" show_examples_button = "Show Examples" printer_friendly_button = "Printer Friendly" reports_label = "Reports" config_label = "Config" profile_label = "Profile" profiles_label = "Profiles" sort_by_label = "Sort by" sort_ascending_label = "Ascending" sort_descending_label = "Descending" loading_data_info = "Loading data" database_error_info = "Database error, no database available." error_in_generating_the_report_info = "Error in generating the report or in displaying progress." loading_document_info = "Loading document, please wait." report_startup_info = "Report startup, please wait." logged_in_as_username_info = "Logged in as '$param1'" no_profile_exists_info = "Sorry, no profile exists for this user name." no_data_in_result_info = "No data in result to display." contents_label = "Contents" } # general error_handling = { label = "$PRODUCT_NAME Alert" report_it_link = "report it" report_it_info = "If you believe this is a bug in Sawmill, please $param1." } # error_handling bug_report = { label = "$PRODUCT_NAME Bug Report" instruction = "Please enter your email address, any comment and click Send Bug Report. The text below will be sent to support@flowerfire.com. If you would rather not receive a reply, you can leave the email address blank." your_email_address_label = "Your email address" comments_label = "Comments" send_button = "Send Bug Report" response_label = "$PRODUCT_NAME Bug Report Response" response_info = "Thank you, the bug report has been sent." } # bug_report licensing = { features = { # DON'T TRANSLATE features! lite = "Lite" pro = "Professional" enterprise = "Enterprise" } # features version_info = "$param1 version $param2" } # licensing calendar = { label = "Calendar" close_calendar_button = "Close Calendar" show_all_button = "Show All" statistic_data_date_time_coverage_info = "Statistic data are available from $param1 to $param2" } # calendar date_range_picker = { label = "Date Range" set_max_date_range_button = "Set Max" from_date_label = "From" to_date_label = "To" no_start_date_selected_message = "Please select a start date." no_end_date_selected_message = "Please select an end date." invalid_date_range_message = "Please define a valid date range. The start date must be smaller than the end date." } # date_range_picker table_options = { label = "Table Options" columns_label = "Columns" text_column_label = "text" number_column_label = "number" percent_column_label = "number in %" bar_graph_column_label = "bar graph" rows_label = "Rows" remainder_label = "Remainder" averages_label = "Averages" totals_label = "Totals" table_items_label = "Table items" show_only_bottom_level_items_label = "Show only bottom level items" show_parenthesized_items_label = "Show parenthesized items" maximum_number_of_rows_label = "Maximum number of rows per report element per page" maximum_number_of_rows_info = "(Maximum number of rows applies to the active user name and is valid for all reports in all profiles.)" maximum_number_of_rows_warning_message = "Please note that displaying a high number of table rows may significantly reduce your web browser performance. High row numbers should only be used on systems with high processing power." } # table_options date_filter = { on_off_button = "Date Filter" statistics_for_date_info = "Statistics for" day_word = "day" } date_time_filter = { label = "Date/Time Filter" none_info = "none" } global_filter = { label = "Filter" on_off_button = "Filter" report_is_filtered_label = "Report is filtered and shows data for" field_is_label = "is" field_is_not_label = "is NOT" field_starts_label = "starts" field_starts_not_label = "starts NOT" field_contains_label = "contains" field_contains_not_label = "contains NOT" no_filter_fields_enabled_info = "No filter fields are active. Open the filter to activate one or more filter fields." new_filter_item_form_label = "New $param1 filter item" edit_filter_item_form_label = "Edit $param1 filter item" show_empty_filter_fields_button = "Show Empty Filter Fields" hide_empty_filter_fields_button = "Hide Empty Filter Fields" add_new_filter_item_button = "Add New Filter Item" filter_item_name_label = "Name" filter_item_wildcard_expression_label = "Wildcard Expression" filter_item_regular_expression_label = "Regular Expression" filter_item_session_start_label = "Session start" filter_item_session_contains_label = "Session contains" filter_item_is_duplicate_message = "A filter item with this name already exists." filter_item_is_invalid_regexp_message = "Invalid regular expression, please correct the expression." confirm_delete_message = "Are you sure you want to delete the filter item $param1?" session_label = "Session" expression_label = "Expression" advanced_filter_label = "Advanced filter expression" add_advanced_filter_label = "Add Advanced Filter Expression" edit_advanced_filter_label = "Edit Advanced Filter Expression" advanced_filter_comment_label = "Filter comment (optional, used for user friendly filter display in reports)" advanced_filter_expression_label = "Filter expression" available_database_fields_info = "Available database fields to be used in the filter expression" missing_advanced_filter_expression_message = "Please define a filter expression." confirm_delete_advanced_filter_message = "Are you sure you want to delete the advanced filter expression?" } zoom = { tab_label = "Zoom Options" default_report_view_on_zoom_label = "Default report view on zoom when clicking on a table item" zoom_to_report_label = "Zoom to report" zoomed_into_label = "Report is zoomed and shows data for" hierarchy_label = "Hierarchy" zoom_field_session_start_label = "Session start" zoom_field_session_user_label = "Session user" } export = { label = "Export CSV" data_exported_info = "The file has been exported. Please click the download link to save the file." exporting_data_info = "Exporting CSV file" download_button = "Download CSV file" } report_builder = { hierarchy = "$report_label Hierarchy" } row_numbers = { tab_label = "Row Numbers" number_of_rows_info = "Row $param1 of $param2" start_row_label = "Start row" number_of_rows_label = "Number of rows" show_all_rows_label = "Show all" last_row_label = "last row" invalid_start_row_message = "Invalid number in start row field. Please define a number between 1 and $param1." } field_labels = { average_tag = " (average)" max_tag = " (max)" min_tag = " (min)" # Numerical field labels hits = "hits" page_views = "page views" bytes_transferred = "bytes transferred" bytes_transmitted = "bytes transmitted" bytes_xmt = "bytes transmitted" bytes_rcv = "bytes received" visitors = "visitors" unique_client_ips = "unique client IPs" unique_remote_ips = "unique remote IPs" unique_source_ips = "unique source IPs" unique_users = "unique users" sessions = "sessions" messages = "messages" spam_messages = "spam messages" events = "events" entries = "entries" transfers = "transfers" time_spent = "time spent" ### accesses = "accesses" requests = "requests" clips = "clips" bytes_sent = "bytes sent" bytes_received = "bytes received" bytes = "bytes" sent = "sent" rcvd = "received" file_size = "file size" file_time = "file time" resends = "resends" failed_resends = "failed resends" sent_time = "sent time" tcplen = "TCP length" udplen = "UDP length" connections = "connections" attacks = "attacks" counts = "counts" out_of_order = "out of order" outages = "outages" missing = "missing" early = "early" late = "late" available = "available" highest = "highest" lowest = "lowest" average = "average" requested = "requested" rebuffering = "rebuffering" resent = "resent" average_bandwidth = "average bandwidth" average_bytes = "average bytes" current_bandwidth = "current bandwidth" lost = "lost" session_time = "session time" delay_time = "delay time" viruses = "viruses" inbound_bytes = "inbound bytes" inbound_messages = "inbound messages" delivered_messages = "delivered messages" processing_time = "processing time" downloads = "downloads" total_time = "total time" tickets = "tickets" xdelay = "xdelay" chunks_read = "chunks read" chunks_written = "chunks written" frame = "frame" host_time = "host time" source_packets = "source packets" destination_packets = "destination packets" source_bytes = "source bytes" ### destination_bytes = "destination bytes" unique_source_addresses = "unique source addresses" session_id = "session ID" # Other field labels page = "page" date = "date" time = "time" date_time = "date/time" hostname = "hostname" domain_description = "domain description" country = "country" region = "region" city = "city" location = "geographic location" referrer_description = "referrer description" referrer = "referrer" search_phrase = "search phrase" search_engine = "search engine" screen_dimensions = "screen dimensions" screen_depth = "screen depth" file_type = "file type" spider = "spider" worm = "worm" url = "URL" operation = "operation" ### protocol = "protocol" direction = "direction" size = "size" size_range = "size range" response = "response" server_response = "server response" server_domain = "server domain" ### user = "user" node = "node" node_field = "node" authenticated_user = "authenticated user" authenticated_username = "authenticated username" web_browser = "web browser" operating_system = "operating system" error = "error" day_of_week = "day of week" day_of_year = "day of year" hour_of_day = "hour of day" week_of_year = "week of year" log_filename = "log filename" visitor_id = "visitor id" audiocodec = "audio codec" audio_stat = "audio stat" avgbandwidth = "average bandwidth" c_buffercount = "buffered count" c_bytes = "client bytes" c_connect_type = "client connection type" c_cpu = "client CPU" c_dns = "client hostname" c_hostexe = "host application" c_hostexever = "host application version number" c_ip = "client IP" c_os = "client OS" c_osversion = "client OS version number" c_pkts_lost_client = "client packets lost" c_pkts_lost_cont_net = "client continuous packets lost" c_pkts_lost_net = "packets lost in network" c_pkts_received = "client packets received" c_pkts_recovered_ecc = "client packets recovered ECC" c_pkts_recovered_resent = "client packets resent" c_playerid = "player GUID" c_playerlanguage = "country code" c_playerversion = "player version number" c_quality = "client quality" c_rate = "client rate" c_resendreqs = "client resend requests" c_starttime = "start time" ### c_status = "client status code" c_totalbuffertime = "buffering time" c_uri = "original URL" c_uri_address = "original URL IP" c_uri_extension = "original URL extension" c_uri_host = "original URL hostname" c_uri_hostname = "original URL resolved hostname" c_uri_port = "original URL port" c_uri_query = "original URL query" c_uri_scheme = "original URL scheme" c_uri_stem = "URL" channelurl = "channel URL" connect_time = "connect time" cs_accept = "Accept" cs_accept_charset = "Accept-Charset" cs_accept_encoding = "Accept-Encoding" cs_accept_language = "Accept-Language" cs_accept_ranges = "Accept-Ranges" cs_age = "Age" cs_allow = "Allow" cs_authentication_info = "Authentication-Info" cs_authorization = "request header: Authorization" cs_cache_control = "Cache-Control" cs_client_ip = "Client-IP" cs_connection = "Connection" cs_content_encoding = "Content-Encoding" cs_content_language = "Content-Language" cs_content_length = "Content-Length" cs_content_location = "Content-Location" cs_content_md5 = "Content-MD5" cs_content_range = "Content-Range" cs_content_type = "Content-Type" ### cs_cookie = "Cookie" cs_cookie2 = "Cookie2" cs_date = "Date" cs_etag = "Etag" cs_expect = "Expect" cs_expires = "Expires" cs_from = "From" cs_front_end_https = "Front-End-HTTPS" ### cs_host = "Host" cs_if_match = "If-Match" cs_if_modified_since = "If-Modified-Since" cs_if_none_match = "If-None-Match" cs_if_range = "If-Range" cs_if_unmodified_since = "If-Unmodified-Since" cs_last_modified = "Last-Modified" cs_location = "Location" cs_max_forwards = "Max-Forwards" cs_meter = "Meter" cs_p3p = "P3P" cs_pragma = "Pragma" cs_proxy_authenticate = "Proxy-Authenticate" cs_proxy_authorization = "Proxy-Authorization" cs_proxy_connection = "Proxy-Connection" cs_range = "Range" ### cs_referer = "referrer" cs_refresh = "Refresh" cs_retry_after = "Retry-After" cs_server = "Server" cs_set_cookie = "Set-Cookie" cs_set_cookie2 = "Set-Cookie2" cs_te = "TE" cs_trailer = "Trailer" cs_transfer_encoding = "Transfer-Encoding" cs_upgrade = "Upgrade" ### cs_user_agent = "User-Agent" cs_vary = "Vary" cs_via = "Via" cs_www_authenticate = "WWW-Authenticate" cs_warning = "Warning" cs_x_bluecoat_mc_client_ip = "X-Bluecoat-MC-Client-Ip" cs_x_bluecoat_via = "X-Bluecoat-Via" cs_x_forwarded_for = "X-Forwarded-For" cs_auth_group = "authenticated group name" cs_auth_groups = "authenticated group names" cs_auth_type = "proxy authentication type" cs_bodylength = "body bytes (client to server)" cs_bytes = "client-to-server bytes" cs_categories = "content categories" cs_categories_external = "external service content categories" cs_categories_policy = "CPL content categories" cs_categories_provider = "provider content categories" cs_categories_qualified = "qualified content categories" cs_category = "content category" cs_headerlength = "header bytes (client to server)" cs_host = "server domain" hostfield = "server domain" cs_ip = "client destination IP" cs_method = "method" method = "method" transfer_time = "transfer time" path_args = "path args" search_args = "search args" cs_protocol = "protocol" cs_realm = "authentication realm" sc_realm = "server-to-client realm" cs_request_line = "client request line" cs_uri = "URL" cs_uri_address = "URL IP" cs_uri_extension = "URL extension" cs_uri_host = "URL hostname" cs_uri_hostname = "URL resolved hostname" cs_uri_port = "URL port" cs_uri_query = "URL query" url_query = "URL query" cs_uri_scheme = "URL scheme" cs_uri_stem = "URL" cs_userdn = "authenticated full username" cs_username = "authenticated username" c_username = "authenticated username" cs_user_name = "authenticated username" cs_version = "protocol" s_session_id = "session ID" s_content_path = "content path" cs_url = "client-to-server URL" cs_media_name = "media name" c_max_bandwidth = "maximum bandwidth" cs_media_role = "media role" s_proxied = "proxied" dnslookup_time = "DNS lookup time" duration = "duration" filelength = "file length" filesize = "file size" gmttime = "UTC date/time" localtime = "local date/time" x_localtime = "local date/time" protocol = "protocol" r_dns = "server URL hostname" r_ip = "server URL IP" r_host = "server URL host" r_port = "server URL port" r_supplier_dns = "upstream hostname" r_supplier_ip = "upstream IP" r_supplier_port = "upstream port" s_object_source = "server object source" # Removed "Response header" from this section because it made names too long rs_accept = "Accept" rs_accept_charset = "Accept-Charset" rs_accept_encoding = "Accept-Encoding" rs_accept_language = "Accept-Language" rs_accept_ranges = "Accept-Ranges" rs_age = "Age" rs_allow = "Allow" rs_authentication_info = "Authentication-Info" rs_authorization = "Authorization" rs_cache_control = "Cache-Control" rs_client_ip = "Client-IP" rs_connection = "Connection" rs_content_encoding = "Content-Encoding" rs_content_language = "Content-Language" rs_content_length = "Content-Length" rs_content_location = "Content-Location" rs_content_md5 = "Content-MD5" rs_content_range = "Content-Range" rs_content_type = "Content-Type" rs_cookie = "Cookie" rs_cookie2 = "Cookie2" rs_date = "Date" rs_etag = "Etag" rs_expect = "Expect" rs_expires = "Expires" rs_from = "From" rs_front_end_https = "Front-End-HTTPS" rs_host = "Host" rs_if_match = "If-Match" rs_if_modified_since = "If-Modified-Since" rs_if_none_match = "If-None-Match" rs_if_range = "If-Range" rs_if_unmodified_since = "If-Unmodified-Since" rs_last_modified = "Last-Modified" rs_location = "Location" rs_max_forwards = "Max-Forwards" rs_meter = "Meter" rs_p3p = "P3P" rs_pragma = "Pragma" rs_proxy_authenticate = "Proxy-Authenticate" rs_proxy_authorization = "Proxy-Authorization" rs_proxy_connection = "Proxy-Connection" rs_range = "Range" rs_referer = "Referer" rs_refresh = "Refresh" rs_retry_after = "Retry-After" rs_server = "Server" rs_set_cookie = "Set-Cookie" rs_set_cookie2 = "Set-Cookie2" rs_te = "TE" rs_trailer = "Trailer" rs_transfer_encoding = "Transfer-Encoding" rs_upgrade = "Upgrade" rs_user_agent = "User-Agent" rs_vary = "Vary" rs_via = "Via" rs_www_authenticate = "WWW-Authenticate" rs_warning = "Warning" rs_x_bluecoat_mc_client_ip = "X-Bluecoat-MC-Client-Ip" rs_x_bluecoat_via = "X-Bluecoat-Via" rs_x_forwarded_for = "X-Forwarded-For" rs_bodylength = "body bytes (upstream to server)" rs_bytes = "total bytes (upstream to server)" rs_headerlength = "header bytes (upstream to server)" rs_response_line = "response status line" rs_status = "response code" rs_version = "response protocol version" s_action = "processing action" s_computername = "server name" s_connect_type = "upstream connection type" s_cpu_util = "server CPU usage" s_dns = "server hostname" s_hierarchy = "cache hierarchy" s_icap_info = "ICAP response info" s_icap_status = "ICAP response status" s_ip = "server IP" s_pkts_sent = "server packets sent" ### s_port = "server port" c_port = "client port" s_sitename = "server service used" s_supplier_ip = "upstream IP" s_supplier_name = "upstream hostname" c_totalclients = "total clients (client)" s_totalclients = "total clients (server)" s_uri = "cache URL" s_uri_address = "cache URL IP" s_uri_extension = "cache URL extension" s_uri_host = "cache URL hostname" s_uri_hostname = "cache URL resolved hostname" s_uri_port = "cache URL port" s_uri_query = "cache URL query" s_uri_scheme = "cache URL scheme" s_uri_stem = "cache URL path" sc_adapter = "server adapter used" sc_win32_status = "win32 status" sc_auth_status = "authentication status" sc_bodylength = "body bytes (server to client)" sc_bytes = "server-to-client bytes" sc_connection = "client connection ID" sc_filter_category = "content category" sc_filter_result = "content filtering result" sc_headerlength = "header bytes (server to client)" sc_status = "response code" cs_status = "response code" c_status = "client response code" sc_substatus = "server substatus" sr_bodylength = "body bytes (server to upstream)" sr_bytes = "total bytes (server to upstream)" sr_headerlength = "header bytes (server to upstream)" sr_uri = "server URL" sr_uri_address = "server URL IP" sr_uri_extension = "server URL extension" sr_uri_host = "server URL hostname" sr_uri_hostname = "server URL resolved hostname" sr_uri_port = "server URL port" sr_uri_query = "server URL query" sr_uri_scheme = "server URL scheme" sr_uri_stem = "server URL path" time_taken = "time taken" timestamp = "unix-style timestamp" transport = "transport" videocodec = "video codec" x_bluecoat_appliance_name = "appliance name" x_bluecoat_appliance_primary_address = "appliance primary address" x_bluecoat_day = "current day (local)" x_bluecoat_day_utc = "current day (UTC)" x_bluecoat_end_time_wft = "transaction end timestamp (WFT)" x_bluecoat_hour = "current hour (local)" x_bluecoat_hour_utc = "current hour (UTC)" x_bluecoat_minute = "current minute (local)" x_bluecoat_minute_utc = "current minute (UTC)" x_bluecoat_month = "current month (local)" x_bluecoat_month_utc = "current month (UTC)" x_bluecoat_monthname = "current month name (local)" x_bluecoat_monthname_utc = "current month name (UTC)" x_bluecoat_proxy_primary_address = "appliance primary address" x_bluecoat_proxy_via_http_version = "appliance HTTP Via version" x_bluecoat_redirect_location = "policy redirect location" x_bluecoat_release_id = "SGOS release ID" x_bluecoat_second = "current second (local)" x_bluecoat_second_utc = "current second (UTC)" x_bluecoat_server_connection_socket_errno = "upstream connection failure message" x_bluecoat_special_amp = "ampersand" x_bluecoat_special_apos = "apostrophe" x_bluecoat_special_gt = "greater-than" x_bluecoat_special_lt = "less-than" x_bluecoat_special_quot = "double quote" x_bluecoat_special_slash = "forward slash" x_bluecoat_ssl_failure_reason = "upstream SSL failure message" x_bluecoat_start_time_wft = "transaction start timestamp (WFT)" x_bluecoat_surfcontrol_category_id = "SurfControl content category ID" x_bluecoat_surfcontrol_is_denied = "transaction allowed boolean" x_bluecoat_surfcontrol_is_proxied = "transaction explicit boolean" x_bluecoat_surfcontrol_reporter_id = "SurfControl reporter ID" x_bluecoat_transaction_id = "transaction ID" x_bluecoat_websense_category_id = "Websense content category ID" x_bluecoat_websense_keyword = "Websense keyword" x_bluecoat_websense_reporter_id = "Websense reporter ID" x_bluecoat_websense_status = "Websense status" x_bluecoat_websense_user = "Websense username" x_bluecoat_weekday = "current weekday (local)" x_bluecoat_weekday_utc = "current weekday (UTC)" x_bluecoat_year = "current year (local)" x_bluecoat_year_utc = "current year (UTC)" x_cache_info = "caching info" x_cache_user = "authenticated username" req__vars_auth_user = "authenticated user" req__vars_pauth_user = "authenticated user" req__reqpb_method = "request method" req__reqpb_uri = "request page" req__reqpb_query = "request query" req__reqpb_protocol = "request protocol" x_client_address = "client IP" x_client_ip = "client IP" x_cookie_date = "current date/time (local)" x_cs_http_version = "HTTP request version" x_cs_socks_ip = "SOCKS destination IP" x_cs_socks_method = "SOCKS method" x_cs_socks_port = "SOCKS destination port" x_cs_socks_version = "SOCKS version" x_cs_username_or_ip = "username or client IP" x_duration = "play duration" x_exception_company_name = "company name" x_exception_contact = "exceptoin contact info" x_exception_details = "exception details" x_exception_help = "exception help info" x_exception_id = "exception ID" x_exception_last_erro = "transaction error message" x_exception_reason = "transaction termination reason" x_exception_sourcefile = "exception source file" x_exception_sourceline = "exception source line number" x_exception_summary = "exception summary" x_http_date = "current date (local)" x_im_attachments = "IM attachment names" x_im_buddy_id = "IM buddy ID" x_im_buddy_name = "IM buddy display name" x_im_buddy_state = "IM buddy state" x_im_chat_room_id = "IM chat room ID" x_im_chat_room_members = "IM chat room member Ids" x_im_chat_room_type = "IM chat room type" x_im_client_info = "IM client info" x_im_file_path = "IM file path" x_im_file_size = "IM file size" x_im_message_opcode = "IM opcode" x_im_message_route = "IM route" x_im_message_size = "IM message length" x_im_message_text = "IM message text" x_im_message_type = "IM message type" x_im_method = "IM method" x_im_user_id = "IM user ID" x_im_user_name = "IM client display name" x_im_user_state = "IM user state" x_rs_http_version = "HTTP protocol version (upstream to server)" x_rs_streaming_content = "content" x_sc_http_status = "HTTP response code" x_sc_http_version = "HTTP protocol version (server to client)" x_sr_http_version = "HTTP protocol version (server to upstream)" x_streaming_bitrate = "bitrate" x_timestamp = "local date/time" x_timestamp_unix = "current time (local)" x_timestamp_unix_utc = "current time (UTC)" x_virus_id = "ICAP virus ID" x_wm_c_dns = "client hostname" x_wm_c_ip = "client IP" sys_msgs = "system message" icmp_code = "icmp code" icmp_type = "icmp type" s_port = "source port" src_port = "source port" dst_port = "destination port" source_port = "source port" xlatedst = "translated destination" xlatesrc = "translated source" xlatesport = "translated source port" xlatedport = "translated destination port" dst = "destination" src = "source" proto = "protocol" i_f_dir = "interface direction" i_f_name = "interface name" ### req__srvhdrs_clf_status = "cookie" req__headers_user_agent = "agent" cs_cookie = "cookie" cs_user_agent = "agent" c_agent = "agent" browser = "agent" x_bytes_received = "bytes received" s_operation = "operation" server_port = "server port" user = "user" cs_referer = "referrer" referer = "referrer" cs_referred = "referrer" req__headers_referer = "referrer" afp_status = "status" afp_method = "method" req__vars_p2c_cl = "size" req__srvhdrs_content_length = "content length" len = "length" acct_output_octets = "output octets" acct_input_octets = "input octets" total_bytes = "total bytes" result = "result" req__srvhdrs_clf_status = "server response" ses__client_ip = "client IP" device_id = "device ID" security_level = "security level" message = "message" start_time = "start time" policy_id = "policy ID" service = "service" action = "action" src_zone = "source zone" dst_zone = "destination zone" translated_ip = "translated IP" port = "port" interface = "interface" source_code_location = "source code location" username = "username" authorization_method = "authorization method" ### aborted = "Aborted" recordid = "record ID" totaldownloads = "total downloads" totalconnections = "total connections" serverbandwidth = "server bandwidth" maximumconnections = "maximum connections" filesdownloadederror = "files downloaded error" currentdownloads = "current downloads" currentconnections = "current connections" connections24h = "24h connections" processortime = "processor time" bytes_second = "bytes/second" bytes_second_2_ = "bytes/second" in = "in" out = "out" pct = "percent" type = "type" from = "from" to = "to" test = "test" reason = "reason" source_side = "source side" source_ip = "source IP" destination_side = "destination side" destination_ip = "destination IP" ### destination_port = "destination port" service_ip = "service IP" totalkbdownloaded = "total kb downloaded" queuelength = "queue length" userid = "user ID" status = "status" httpstatus = "http status" record_type = "record type" record_id = "record ID" application_id = "application ID" host_id = "host ID" organization_id = "organization ID" source_direction = "source direction" destination_direction = "destination direction" alarm_level = "alarm level" signature_id = "signature ID" subsignature_id = "subsignature ID" router_ip = "router IP" attack_detail = "attack detail" bytes_incoming = "bytes incoming" bytes_outgoing = "bytes outgoing" spam = "spam" screen = "screen" msgend = "message end" virus = "virus" drive_id = "drive ID" model = "model" bus1 = "bus1" scsi_id = "scsi ID" activedevsonbus = "active devs on bus" aborted = "aborted" threadstatus = "thread status" threaderror = "thread error" disc_manufacturer = "disc manufacturer" ### authorization_method = "authorization method" client_hostname = "client hostname" client_ip = "client IP" filename = "filename" read = "read" write = "write" numopen = "num open" uid = "UID" gid = "GID" pid = "PID" source = "source" category = "category" event = "event" computer = "computer" group_name = "group name" task_name = "task name" host_name = "host name" response_time = "response time" initial_connect_time = "initial connect time" subject = "subject" encoding = "encoding" nfiles = "number of files" nbytes = "bytes" name = "name" ### attachment = "attachment" attno = "attachment number" agent = "agent" host = "host" reporter = "reporter" data_bytes = "data bytes" all_bytes = "all bytes" work_order = "work order" disc_name = "disc name" seq = "sequence" good = "good" drive = "drive" printer = "printer" last = "last" visitor_cookie = "visitor cookie" client_connects = "client connects" source_connects = "source connects" bytes_read = "bytes read" bytes_written = "bytes written" message_id = "message id" source_address = "source address" destination_address = "destination address" job_number = "job number" event_id = "event id" egroup = "egroup" cookie = "cookie" source_hostname = "source hostname" disconnect = "disconnect" file = "file" log_type = "log type" header = "header" rule = "rule" windowsmedia = "windows media" c_startime = "client star time" c_hostexec = "client host executable" c_hostexecver = "clicne host exec version" c_pkts_lost_cont = "client packets lost cont" server_ip = "server IP" serverip = "server IP" c_cpu_util = "client CPU util" cache_state = "cache state" client_info = "client info" client_guid = "client GUID" client_data = "client data" stat1 = "stat1" stat2 = "stat2" stream_components = "stream components" server_address = "server address" average_bitrate = "average bitrate" packets_sent = "packets sent" presentation_id = "presentation id" computername = "computer name" servicename = "service name" packet_type = "packet type" user_name = "username" fully_qualified_user_name = "fully qualified username" called_station_id = "called station ID" calling_station_id = "calling station ID" callback_number = "callback number" framed_ip_address = "framed IP address" nas_identifier = "nas identifier" nas_ip_address = "nas IP address" nas_port = "nas port" client_vendor = "client vendor" client_ip_address = "client IP address" client_friendly_name = "client friendly name" event_timestamp = "event timestamp" port_limit = "port limit" nas_port_type = "nas port type" connect_info = "connect info" framed_protocol = "framed protocol" service_type = "service type" authentication_type = "authentication type" np_policy_name = "np policy name" reason_code = "reason code" class = "class" session_timeout = "session timeout" idle_timeout = "idle timeout" termination_action = "termination action" eap_friendly_name = "eap friendly name" acct_status_type = "status type" acct_delay_time = "delay time" acct_input_octet = "input octet" acct_output_octet = "output octet" acct_session_id = "session id" acct_unique_session_id = "unique session ID" acct_authentic = "authentic" acct_session_time = "session time" acct_input_packet = "input packet" acct_output_packet = "output packet" acct_terminate_cause = "terminate cause" acct_multi_ssn_id = "multi ssn ID" acct_link_count = "link count" acct_interim_interval = "interim interval" tunnel_type = "tunnel type" tunnel_medium_type = "tunnel medium type" tunnel_client_endpt = "tunnel client endpoint" tunnel_server_endpt = "tunnel server endpoint" acct_tunnel_conn = "tunnel connection" tunnel_pvt_group_id = "tunnel private group ID" tunnel_assignment_id = "tunnel assignment ID" tunnel_preference = "tunnel preference" ms_acct_auth_type = "ms account auth type" ms_acct_eap_type = "ms account eap type" ms_ras_version = "ms ras version" ms_ras_vendor = "ms ras vendor" ms_chap_error = "ms chap error" ms_chap_domain = "ms chap domain" ms_ppe_encryption_type = "ms ppe encryption type" ms_mppe_encryption_policy = "ms mppe encryption policy" server_host = "server host" facility = "facility" severity = "severity" authenticated = "authenticated" source_type = "source type" destination_type = "destination type" message_code = "message code" station = "station" source_host = "source host" destination = "destination" ### group = "group" cn = "cn" sn = "sn" sa = "sa" sev = "severity" rpt = "recipient" payload = "payload" inbound_spi = "inbound spi" outbound_spi = "outbound spi" server_hostname = "server hostname" local_proxy_host = "local proxy host" local_proxy_subnet = "local proxy subnet" local_proxy_mask = "local proxy mask" remote_proxy_host = "remote proxy host" remote_proxy_subnet = "remote proxy subnet" remote_proxy_mask = "remote proxy mask" destination_host = "destination host" local_port = "local port" remote_port = "remote port" 827_ip = "827 IP" host1 = "host1" host1_ip = "host1 IP" host2 = "host2" host2_ip = "host2 IP" trash = "trash" client_port = "client port" x_bytes_sent = "bytes sent" x_src_port_id = "source port ID" x_dest_port_id = "destination port ID" details = "details" machine_name = "machine name" endpoint = "endpoint" call_type = "call type" iv_status_code = "IV status code" uuid = "UUID" group_uuid_list = "group UUID list" priority = "priority" line_number = "line number" code = "code" protected_object = "protected object" requested_permissions = "requested permissions" principals = "principals" qop = "qop" outcome = "outcome" outcome_status = "outcome status" originator_component = "originator component" originator_action = "originator action" originator_location = "originator location" originator_blade = "originator blade" accessor_principal = "accessor principal" accessor_principal_auth = "accessor principal auth" target_object = "target object" target_resource = "target resource" event_rev = "event revision" data = "data" status_code = "status code" originator_id = "originator ID" command_arguments = "command arguments" server = "server" client = "client" number_of_groups = "number of groups" event_outcome = "event outcome" authorization_status = "authorization status" item_1 = "item 1" target_host = "target host" syslog_time = "syslog time" id = "ID" fw = "firewall" pri = "priority" c = "c" m = "m" dstname = "destination name" arg = "argument" op = "operation" browsing_host = "browsing host" cache_response = "cache response" proxy_hostname = "proxy hostname" browsing_hostname = "browsing hostname" destination_hostname = "destination hostname" path = "path" owner = "owner" brick = "brick" oninterface = "on interface" list = "list" remote_hostname = "remote hostname" remote_ip = "remote IP" object_source = "object source" tcpflags = "tcp flags" document_source = "document source" address = "address" sender = "sender" recipient = "recipient" type_code = "type code" relay = "relay" state = "state" domain = "domain" rcpt_to = "recipient" helo_text = "HELO text" banned_domain = "banned domain" banned_ip = "banned IP" banned_helo = "banned HELO" invalid_helo = "invalid HELO" banned_rcpt_to = "banned recipient" relay_denied_recipient = "relay denied recipient" banned_subject = "banned subject" banned_text = "banned text" banned_body_from = "banned body from" invalid_body_to = "invalid body to" banned_received = "banned received" over_max_recipient = "over-max recipient" banned_x_mailer = "banned x-mailer" forged_message_id = "forged message ID" service_name = "service name" destination_service = "destination service" foundry_name = "foundry name" foundry_ip = "foundry IP" web_server_name = "web server name" microseconds = "microseconds" proxy = "proxy" iteration = "iteration" ethernet_address = "ethernet address" incoming_bytes = "incoming bytes" outgoing_bytes = "outgoing bytes" incoming_packets = "incoming packets" outgoing_packets = "outgoing packets" incoming_ip_packets = "incoming IP packets" outgoing_ip_packets = "outgoing IP packets" calllegtype = "call leg type" connectionid = "connection ID" setuptime = "setup time" peeraddress = "peer address" peersubaddress = "peer subaddress" disconnectcause = "disconnect cause" disconnecttext = "disconnect text" connecttime = "connect time" disconnecttime = "disconnect time" callorigin = "call origin" chargedunits = "charged units" infotype = "info type" transmitpackets = "transmitted packets" transmitbytes = "transmitted bytes" receivebytes = "receive bytes" n = "n" src_host = "source host" src_network = "source network" dst_host = "destination host" dst_network = "destination network" msg = "message" no = "number" product = "product" origin = "origin" community = "community" info = "info" translated_source = "translated source" translated_destination = "translated destination" translated_source_port = "translated source port" translated_destination_port = "translated destination port" partner = "partner" source_key_id = "source key id" destination_key_id = "destination key id" elapsed = "elapsed" cache_result = "cache result" request_method = "request method" authenticaled_user = "authenticated user" proxy_route = "proxy route" proxy_server = "proxy server" response_type = "response type" peer_status = "peer status" peer_host = "peer host" mime_type = "mime type" destination__ip = "destination IP" programerr = "program error" server_name = "server name" mode = "mode" incoming_channel = "incoming channel" outgoing_channel = "outgoing channel" receiver_before_rewriting = "receiver before rewriting" receiver_after_rewriting = "receiver after rewriting" deliveryinfo = "delivery info" complete = "complete" nrcpts = "number of recipients" smtp_server = "smtp server" antivirus_filter_result = "antivirus filter result" attachment_filter_result = "attachment filter result" mbox = "message box" msgid = "message ID" mss = "mss" msgfile = "message file" msgsize = "message size" cmd = "command" fromhost = "from host" rcpts = "recipients" desthost = "destination host" source_email = "source email" target_email = "target email" trigger = "trigger" destination_email = "destination email" in_out = "in/out" post_office = "post office" inet_user = "inet user" gateway = "gateway" remote_id = "remote ID" originator = "originator" length = "length" seconds = "seconds" cost = "cost" mts_id = "mts ID" recipients = "recipients" partner_name = "partner name" recipient_address = "recipient address" recipient_report_status = "recipient report status" number_recipients = "number of recipients" origination_time = "origination time" encryption = "encryption" service_version = "service version" linked_msgid = "linked message ID" message_subject = "message subject" sender_address = "sender address" daemon = "daemon" qp = "queue process ID" side = "side" error_message = "error message" log_pathname = "log pathname" scan_date = "scan date" scan_time = "scan time" scan_type = "scan type" scan_status = "scan status" airbill = "airbill" reference = "reference" ship_date = "ship date" gladiola = "gladiola" acct = "account" origin_name = "origin name" origin_company = "origin company" origin_address = "origin address" origin_city = "origin city" origin_state = "origin state" origin_zip = "origin zip" origin_country = "origin country" dest_name = "destination name" dest_company = "destination company" dest_address = "destination address" dest_city = "destination city" dest_state = "destination state" dest_zip = "destination zip" dest_country = "destination country" session = "session" parameter = "parameter" child = "child" rate = "rate" email = "email" suffix = "suffix" completion = "completion" notes = "notes" pathname = "pathname" password = "password" packets = "packets" partial_hostname = "partial hostname" tools_usage = "tools usage" response_time_group = "response time group" user_agent = "user agent" error_status = "error status" cache_usage = "cache usage" portal_section = "portal section" store = "store" sessionid = "session ID" attribute = "attribute" package = "package" ras_client = "ras client" full_name = "full name" auth_type = "authentication type" acct_input_packets = "input packets" acct_output_packets = "output packets" acct_termination_cause = "termination cause" acct_multi_session_id = "multi session ID" acc_err_message = "error message" annex_product_name = "annex product name" annex_sw_version = "annex software version" annex_system_disc_reason = "annex system disc reason" annex_modem_disc_reason = "annex modem disc reason" annex_disconnect_reason = "annex disconnect reason" annex_transmit_speed = "annex transmit speed" annex_receive_speed = "annex receive speed" ascend_modem_port_number = "ascend modem port number" ascend_modem_slot_number = "ascend modem slot number" ascend_modem_shelf_number = "ascend modem shelf number" ascend_xmit_rate = "ascend transmit rate" nautica_acct_sessionid = "nautica account session ID" nautica_acct_direction = "nautica account direction" nautica_acct_causeprotocol = "nautica account causeprotocol" nautica_acct_causesource = "nautica account causesource" telebit_accounting_info = "telebit accounting info" last_number_dialed_out = "last number dialed out" last_number_dialed_in_dnis = "last number dialed in dnis" last_callers_number_ani = "last callers number ani" channel = "channel" event_date_time = "event date time" call_start_date_time = "call start date time" call_end_date_time = "call end date time" default_dte_data_rate = "default dte data rate" initial_rx_link_data_rate = "initial rx link data rate" final_rx_link_data_rate = "final rx link data rate" initial_tx_link_data_rate = "initial tx link data rate" final_tx_link_data_rate = "final tx link data rate" sync_async_mode = "sync async mode" originate_answer_mode = "originate answer mode" modulation_type = "modulation type" equalization_type = "equalization type" fallback_enabled = "fallback enabled" characters_sent = "characters sent" characters_received = "characters received" blocks_sent = "blocks sent" blocks_received = "blocks received" blocks_resent = "blocks resent" retrains_requested = "retrains requested" retrains_granted = "retrains granted" line_reversals = "line reversals" number_of_characters_lost = "number of characters lost" number_of_blers = "number of blers" number_of_link_timeouts = "number of link timeouts" number_of_fallbacks = "number of fallbacks" number_of_upshifts = "number of upshifts" number_of_link_naks = "number of link naks" back_channel_data_rate = "back channel data rate" simplified_mnp_levels = "simplified mnp levels" simplified_v42bis_usage = "simplified v42bis usage" pw_vpn_id = "password VPN ID" real_name = "real name" order = "order" invoice = "invoice" shipping_method = "shipping method" total = "total" lines_since_email = "lines since email" framed_protocol_7_ = "framed protocol" framed_ip_address_8_ = "framed IP address" acct_session_time_46_ = "session time" connect_info_77_ = "connect info" acct_input_octets_42_ = "input octets" acct_output_octets_43_ = "output octets" acct_input_packets_47_ = "input packets" acct_output_packets_48_ = "output packets" acct_terminate_cause_49_ = "terminate cause" acct_authentic_45_ = "authentic" nas_port_5_ = "nas port" nas_port_type_61_ = "nas port type" calling_station_id_31_ = "calling station ID" service_type_6_ = "service type" nas_ip_address_4_ = "nas ip address" acct_delay_time_41_ = "delay time" acct_session_id_44_ = "session ID" framed_ip_netmask = "framed IP netmask" framed_routing = "framed routing" filter_id = "filter IP" framed_mtu = "framed MTU" framed_compression = "framed compression" login_ip_host = "login IP host" login_service = "login service" login_tcp_port = "login TCP port" callback_id = "callback ID" framed_route = "framed route" framed_ipx_network = "framed IPX network" proxy_state = "proxy state" tunnel_client_endpoint = "tunnel client endpoint" tunnel_server_endpoint = "tunnel server endpoint" acct_tunnel_connection = "tunnel connection" tunnel_private_group_id = "tunnel private group ID" acct_tunnel_packets_lost = "tunnel packets lost" acct_input_gigawords = "input gigawords" acct_output_gigawords = "output gigawords" nas_port_id = "nas port id" sid = "SID" program = "program" connect_host = "connect host" address_host = "address host" address_port = "address port" command = "command" arguments = "arguments" version = "version" access_event = "access event" policy_server = "policy server" resource = "resource" subevent = "subevent" description = "description" idletime = "idle time" maxtime = "maximum time" auth_level = "authentication level" transactionid = "transaction ID" site_instance = "site instance" raw_url = "raw URL" base = "base" scope = "scope" filter = "filter" err = "err" tag = "tag" nentries = "number of entries" etime = "elapsed time" dn = "DN" ### version = "version" ruid = "RUID" euid = "EUID" pgid = "PGID" fid = "FID" logid = "log ID" edomain = "e domain" srcip = "source IP" srcport = "source port" srcburb = "src burb" dstip = "destination IP" dstport = "destination port" dstburb = "destination burb" protocolname = "protocol name" netsessid = "net session ID" request_command = "request_command" bytes_written_to_client = "bytes written to client" bytes_written_to_server = "bytes written to server" type1 = "type 1" type2 = "type 2" type3 = "type 3" type4 = "type 4" ip = "ip" cat_page = "category page" cat_action = "category action" date2 = "date 2" time2 = "time 2" message_source = "message source" document = "document" profile = "profile" category_code = "category code" configuration = "configuration" error_filename = "error filename" error_line_number = "error line number" intermediate_host = "intermediate host" intermediate_port = "intermediate port" packets_received = "packets received" logging_device = "logging device" syslog_priority = "syslog priority" fac = "fac" area = "area" log = "log" logging_devide = "logging device" ### ip_address = "ip address" sport = "source port" dport = "destination port" indev = "input device" inport = "input port" rc = "RC" lvl = "LVLl" prog = "program" ### src.ip = "source IP" ### src.port = "source port" ### dst.ip = "destination IP" ### dst.port = "destination port" itype = "I type" ### side.in = "side in" ### side.out = "side out" ### side.exp = "side exp" ### cnx.state = "connection state" ### lvl.info = "LVL info" ibyte = "bytes in" ipacket = "packets in" ibyte_ack = "acknowledged bytes in" ipacket_ack = "acknowledged packets in" fw_name = "firewall name" dir = "direction" ip_address = "IP address" messageid = "message ID" report = "report" config = "config" match_method = "match method" words = "words" logical_words = "logical words" translated_port = "translated port" application = "application" process = "process" process_no = "process number" permission = "permission" port_name = "port name" packet_len = "packet length" header_len = "header length" time_to_live = "time to live" nas_ip = "nas IP" framed_ip = "framed IP" status_type = "status type" authentication = "authentication" termination_cause = "termination cause" destination_bytes = "destination bytes" flags = "flags" faddr_host = "foreign IP" faddr_port = "foreign port" faddr_service = "foreign service" gaddr_host = "global IP" gaddr_port = "global port" gaddr_service = "global service" laddr_host = "local IP" laddr_port = "local port" laddr_service = "local service" access_group = "access group" queue = "queue" in_interface = "in interface" out_interface = "out interface" mac_address = "MAC address" packet_length = "packet length" precedence = "precedence" ttl = "TTL" packet_id = "packet ID" window = "window" reserved_bits = "reserved bits" urgent_pointer = "urgent pointer" tcp_flags = "TCP flags" ip_flags = "IP flags" device_ip = "device ip" device = "device" connection_type = "connection type" classification = "classification" xref = "xref" tos = "TOS" iplen = "IP length" dmglen = "DMG length" ### ack = "ack" win = "window" ### tcplen = "TCP length" chain = "chain" ### source_interface = "source interface" destination_interface = "destination interface" event_number = "event number" event_type = "event type" logon = "logon" logon_type = "logon type" logon_process = "logon process" logon_account = "logon account" account = "account" authentication_package = "authentication package" workstation_name = "workstation name" source_workstation = "source workstation" error_code = "error code" substatus_code = "substatus code" source_mac_address = "source MAC address" log_id = "log ID" node_id = "node ID" rule_id = "rule ID" nat_source_ip = "NAT source IP" nat_destination_ip = "NAT destination IP" nat_source_port = "NAT source port" nat_destination_port = "NAT destination port" source_interface = "source interface" protocol_agent = "protocol agent" alert_name = "alert name" syslog_message = "syslog message" icmp_id = "ICMP ID" ipsec_spi = "IPSEC SPI" rtt = "RTT" time_elapsed = "time elapsed" authenticated_name = "authenticated name" source_vlan = "source VLAN" destination_vlan = "destination VLAN" firewall_engine_id = "firewall engine ID" info_message = "info message" sending_server = "sending server" receiving_server = "receiving server" l = "L" s = "S" f = "F" i = "I" t = "T" flag = "flag" pop_account = "pop account" local_account = "local account" queried_host = "queried host" snort_priority = "snort priority" device_name = "device name" source_network = "source network" destination_network = "destination network" sourcenetwork = "source network" object_name = "object name" usr_acct_reason_code = "user account reason code" usr_call_arrival_time = "user call arrival time" usr_call_end_time = "user call end time" usr_chassis_call_channel = "user chassis call channel" usr_chassis_call_slot = "user chassis call slot" stop_time = "stop time" page_info = "page info" request_id = "request ID" component_id = "component ID" recipient_list = "recipient list" origin_ip = "origin IP" inbound_interface = "inbound interface" outbound_interface = "outbound interface" virtual_device = "virtual device" attack = "attack" policy_name = "policy name" policy_version = "policy version" rulebase = "rulebase" rule_number = "rule number" user_flag = "user flag" subcategory = "subcategory" is_hidden = "is hidden" is_duplicate = "is duplicate" is_alert = "is alert" run_script = "run script" send_email = "send email" sent_snmp_trap = "sent SNMP trap" sent_syslog = "sent syslog" from_external = "from external" variable_data = "variable data" backup = "backup" actual_bytes = "actual bytes" kb_per_second = "kb per second" sql_server = "SQL server" adsm_server = "ADSM server" sql_status = "SQL status" adsm_status = "ADSM status" connecting_ip = "connecting IP" helo_ehlo_name = "HELO/EHLO name" destination_domain = "destination domain" authenticator = "authenticator" connected_ip_rdns = "connected IP RDNS" unicast_address = "unicast address" multicast_address = "multicast address" end = "end" speedmode = "speed mode" streaming = "streaming" send_user_vol = "send user volume" subtype = "subtype" attack_id = "attack ID" send = "send" received = "received" send_packets = "send packets" sent_pkts = "sent packets" received_packets = "received packets" rcvd_pkts = "received packets" catagory = "category" detail = "detail" slot = "slot" line = "line" vd = "vd" dir_disp = "dir disp" tran_disp = "tran disp" calling_number = "calling number" called_number = "called number" call = "call" cl = "CL" p = "P" transaction_id = "transaction ID" agent_name = "agent name" server_interface = "server interface" request_host = "request host" file_server_ip = "file server IP" filter_category_mask = "filter category mask" site_category = "site category" reply_message = "reply message" vendor_specific = "vendor specific" login_lat_service = "login LAT service" login_lat_node = "login LAT node" login_lat_group = "login LAT group" framed_appletalk_link = "framed appletalk link" framed_appletalk_network = "framed appletalk network" framed_appletalk_zone = "framed appletalk zone" acct_terminate_clause = "terminate clause" login_lat_port = "login LAT port" password_retry = "password retry" prompt = "prompt" configuration_token = "configuration token" ascend = "ascend" saved_radius_framed_route = "saved radius framed route" nas_manufacturer = "NAS manufacturer" sam_account_name = "SAM account name" ip_source_ip = "source IP" ip_source_port = "source port" ip_destination_ip = "destination IP" ip_destination_port = "destination port" bandwidth = "bandwidth" cache_operation = "cache operation" observation_type = "observation type" template_id = "template ID" service_id = "service ID" content_id = "content ID" content_type = "content type" content_description = "content description" rule_return_value = "rule return value" display_method = "display method" exit_method = "exit method" smart_link = "smart link" page_location = "page location" dependent_see = "dependent see" original_price = "original price" order_number = "order number" user_defined_string = "user defined string" error_number = "error number" security_context = "security context" computer_name = "computer name" query = "query" error_type = "error type" error_parameter = "error parameter" threadid = "threadid" result_code = "result code" http_code = "HTTP code" hierarchy = "hierarchy" zone = "zone" forward_bytes = "forward bytes" reverse_bytes = "reverse bytes" forward_packets = "forward packets" reverse_packets = "reverse packets" receiving_interface = "receiving interface" sending_interface = "sending interface" alert_code = "alert code" brick_source = "brick source" proxy_destination = "proxy destination" brick_port = "brick port" proxy_port = "proxy port" reflect_type = "reflect type" rel_vpn = "rel VPNn" vpn_direction = "VPN direction" spi = "SPI" user_id = "user ID" mapped_source = "mapped source" mapped_destination = "mapped destination" mapped_source_port = "mapped source port" mapped_destination_port = "mapped destination port" end_time = "end time" peer_ip = "peer IP" ### virus_name = "virus name" rbl = "RBL" spam_score = "spam score" ssl = "SSL" encrypted_time = "encrypted time" logger = "logger" virus_location = "virus location" primary_action = "primary action" secondary_action = "secondary action" action_taken = "action taken" virus_type = "virus type" scan_id = "scan ID" new_ext = "new ext" group_id = "group ID" event_data = "event data" vbin_id = "vbin ID" virus_id = "virus ID" quarantine_status = "quarantine status" operation_flags = "operation flags" send_status = "send status" compressed = "compressed" depth = "depth" still_infected = "still infected" virus_def_info = "virus definition info" virus_def_sequence = "virus definition sequence" cleanable = "cleanable" deletable = "deletable" backup_id = "backup ID" parent = "parent" guid = "GUID" client_group = "client group" domain_name = "domain name" nt_name = "NT name" software_version = "software version" syslog_event_type = "syslog event type" syslog_protocol = "syslog protocol" blocked_source_ip = "blocked source IP" rbl_list = "RBL list" kiosk_id = "kiosk ID" ntk_filename = "NTK filename" object_type = "object type" info2 = "info2" info3 = "info3" info4 = "info4" message_info = "message info" virus_host = "virus host" virus_sender = "virus sender" virus_recipient = "virus recipient" process_name = "process name" process_id = "process ID" host_machine = "host machine" message_level = "message level" message_set = "message set" octets = "octets" flows = "flows" active_time = "active time" player_type = "player type" client_id = "client ID" stat3 = "stat3" stat4 = "stat4" stat4_transport = "stat4 transport" stat4_turboplay = "stat4 turboplay" stat4_clipend = "stat4 clipend" turboplay = "turboplay" clipend = "clipend" binding_state = "binding state" next_binding_state = "next binding state" hardware_ethernet = "hardware ethernet" note = "note" client_gateway = "client gateway" lease_ip = "lease IP" mailer = "mailer" stat = "stat" reject = "reject" module = "module" return_code = "return code" link_state = "link state" v1 = "v1" v2 = "v2" v3 = "v3" v4 = "v4" num_recipients = "number of recipients" delay = "delay" origin_hostname = "origin hostname" language = "language" auth = "auth" srcif = "source interface" svsrc = "svsrc" svsrc_port = "svsrc port" dstif = "destination interface" nexthoprouter = "next hop router" nms = "NMS" switch_name = "switch name" device_type = "device type" duplex = "duplex" vlan = "vlan" speed = "speed" security = "security" rx_octets = "rx octets" tx_octets = "tx octets" elapsed_time = "elapsed time" source_channel = "source channel" destination_channel = "destination channel" http_operation = "HTTP operation" slot___port = "slot and port" other_date = "other date" evt = "event" subevt = "subevent" srcintfc = "source interface" dstintfc = "destination interface" oper = "operation" server_state = "server state" additional_info = "additional info" ping_time = "ping time" return_path = "return path" script = "script" component = "component" syslog_message_type = "syslog message type" source_country = "source country" keywords = "keywords" firebox_ip = "firebox IP" original_filename = "original filename" converted_filename = "converted filename" http_cc_guid = "http CC GUID" http_cc_session = "http CC session" remote_address = "remote address" remote_user = "remote user" uri = "uri" found_location = "found location" scanning_time = "scanning time" authentication_result = "authentication result" source_name = "source name" destination_name = "destination name" server_source = "server source" server_source_port = "server source port" program_name = "program name" event_code = "event code" logon_id = "logon ID" new_process_id = "new process ID" creator_process_id = "creator process ID" image_file_name = "image file name" current_state = "current state" previous_state = "previous state" previous_date = "previous date" previous_time = "previous time" time_difference = "time difference" realm = "realm" tarantella_server = "tarantella server" application_server = "application server" security_method = "security method" filer_name = "filer name" retry = "retry" notification_command = "notification command" contact = "contact" license = "license" scanned_message_file = "scanned message file" setup_time = "setup time" matching_rule = "matching rule" start_position = "start position" end_position = "end position" sbrs_value = "sbrs value" brightmail_result = "brightmail result" antivirus_result = "antivirus result" interface_host = "interface host" reverse_dns_host = "reverse DNS host" cat2 = "cat2" cat3 = "cat3" forwarded_recipient = "forwarded recipient" content_scan = "content scan" fail_reason = "fail reason" remote_server_ip = "remote server IP" remote_server_hostname = "remote server hostname" local_server_hostname = "local server hostname" local_file = "local file" user_address = "user address" failed_logons = "failed logons" search_terms = "search terms" match = "match" template = "template" policyid = "policy ID" srcname = "source name" src_int = "source interface" dst_int = "destination interface" source_event = "source event" sent_pkt = "sent packets" rcvd_pkt = "received packets" vpn = "VPN" tran_ip = "translated IP" tran_port = "translated port" virus_file = "virus file" virus_name_file = "virus name/file" ids_class = "IDS class" ids_reference = "IDS reference" user_domain = "user domain" ticket_options = "ticket options" ticket_encryption_type = "ticket encryption type" client_address = "client address" workstation = "workstation" file_name = "file name" protocol_type = "protocol type" event_ip = "event IP" session_type = "session type" traceback = "traceback" devicename = "device name" log_level = "log level" source_address_domain = "source domain" source_address_ip = "source IP" destination_address_domain = "destination domain" destination_address_ip = "destination IP" destination_port = "destination port" emanager_policy = "emanager policy" emanager_action = "emanager action" emanager_message = "emanager message" sub_module = "sub module" event_name = "event name" event_description = "event description" data_type = "data type" login_name = "login name" terminal_name = "terminal name" ### adapter = "adapter" ### consolidated_message = "consolidated message" ip_code = "IP code" ### count = "count" message_type = "message type" adapter = "adapter" alert_destination_mac_addr = "alert destination MAC address" alert_source_mac_addr = "alert source MAC address" consolidated_message = "consolidated message" count = "count" cve = "CVE" family = "family" flow_cookie = "flow cookie" interface_id = "interface ID" interval = "interval" ip_protocol = "IP protocol" level = "level" packet = "packet" payload_left_offset = "payload left offset" payload_right_offset = "payload right offset" policy_tag = "policy tag" reliability = "reliability" request = "request" string_value = "string value" title = "title" vendor = "vendor" vlan_id = "VLAN ID" lookups = "lookups" pkts_sent = "packets sent" pkts_rcvd = "packets received" caller_user_name = "caller user name" caller_domain = "caller domain" caller_logon_id = "caller logon ID" caller_process_id = "caller process ID" transited_services = "transited services" source_network_address = "source network address" ### handle_id = "handle ID" logon_guid = "logon GUID" primary_user_name = "primary user name" primary_domain = "primary domain" primary_logon_id = "primary logon ID" target_account_name = "target account name" target_domain = "target domain" target_account_id = "target account ID" privileges = "privileges" accesses = "accesses" restricted_sid_count = "restricted sid count" access_mask = "access mask" object_server = "object server" ### object_type = "object type" ### object_name = "object name" handle_id = "handle ID" operation_id = "operation ID" client_user_name = "client user name" client_domain = "client domain" client_logon_id = "client login ID" member_name = "member name" member_id = "member ID" url_accessed = "URL accessed" bad_ppp_slip = "bad PPP slip" const = "const" ct_hndl = "CT handle" diag = "diag" d_pad = "d pad" d_pad_comp = "d pad comp" far_end_echo_levl = "far end echo level" freq_offst = "freq offst" general_info = "general info" levl = "level" mail_lost__host = "mail lost host" naks = "naks" neg_window = "negative window" phase2 = "phase2" phase_jit__freq = "phase jit frequency" phase_roll = "phase roll" proj_max_rx_b_rate__client = "proj max rx b rate client" rbs = "rbs" reset = "reset" retrans_frames = "retransmit frames" round_trip = "round trip" rx_overruns = "rx overruns" rx_tx_levl = "rx/tx level" rx_tx_link_layer = "rx/tx link layer" rx_tx_ppp_slip = "rx/tx ppp slip" rx_tx_string = "rx/tx string" rx_tx__max_neg_i_frame = "rx/tx max neg i frame" sp = "sp" ss7_cot = "ss7/cot" state_trnsn = "state transition" string = "string" sync_lost = "sync lost" t401_timeouts = "t401 timeouts" test_err = "test err" tx = "tx" tx_window_closures = "tx window closures" v0_synch_loss = "v0 synch loss" v110__rx_good = "v110: rx good" v42bis_size__dict = "v42bis size dict" v44_size__dict = "v44 size dict" v90_sgn_ptrn = "v90 signal pattern" v90_train = "v90 train" atmp = "atmp" attempt = "attempt" init = "init" snr = "snr" sq = "sq" rx_bad = "rx bad" low = "low" high = "high" desired_client = "desired client" desired_host = "desired host" remote = "remote" remote_up_down = "remote up/down" fail = "fail" disc_reason = "disc reason" account_id = "account ID" authen = "authentication" called = "called" calling = "calling" comp__last = "comp last" conn = "connection" disc_code = "disc code" disc_subsys = "disc subsys" disc_text = "disc text" ds0_slot_port_ds1_chan = "ds0 slot/port/ds1/chan" ec__rx_tx = "ec: rx/tx" init_rx_tx_b_rate = "init rx/tx b rate" mask = "mask" phys = "phys" prot__last = "prot: last" resource_slot_port = "resource slot/port" retr__local = "retr: local" rx_tx_b_rate__last = "rx/tx b rate last" rx_tx_chars = "rx/tx chars" rx_tx__chars = "rx/tx chars" setup = "setup" speedshift__local_up_down = "speedshift local up/down" std__last = "std last" v90__stat = "v90 stat" issue_id = "issue ID" issue_name = "issue name" intruder_ip = "intruder IP" intruder_name = "intruder name" victim_ip = "victim IP" victim_name = "victim name" parameters = "parameters" response_level = "response level" intruder_port = "intruder port" victim_port = "victim port" packet_flags = "packet flags" ### presentation_id = "presentation ID" platform = "platform" distribution = "distribution" cpu = "cpu" client_stats_results = "client stats results" startup = "startup" stream_number = "stream number" codec = "codec" transport_protocol = "transport protocol" clip_end = "clip end" customer = "customer" ssvc = "ssvc" cnt = "count" url_category = "URL category" tree_name = "tree name" object_container_name = "object container name" default_file_server = "default file server" current_login_addresses = "current login addresses" current_login_count = "current login count" orig = "origin" sys_message = "system message" fw_message = "firewall message" tcp_packet_out_of_state = "TCP packet out of state" icmp = "ICMP" nat_rulenum = "NAT rule number" nat_addtnl_rulenum = "NAT additional rule number" dns_query = "DNS query" dns_type = "DNS type" cache_status = "cache status" cache_service_method = "cache service method" filter_category = "filter category" cache_decision = "cache decision" http_status = "HTTP status" enterprise = "enterprise" enterprise_mib_name = "enterprise mib name" uptime = "uptime" agent_ip = "agent IP" generic_num = "generic num" specific_num = "specific num" var01_oid = "var01 oid" var01_value = "var01 value" var01_mib_name = "var01 mib name" var01_mib_value = "var01 mib value" var02_oid = "var02 oid" var02_value = "var02 value" var02_mib_name = "var02 mib name" var02_mib_value = "var02 mib value" var03_oid = "var03 oid" var03_value = "var03 value" var03_mib_name = "var03 mib name" var03_mib_value = "var03 mib value" var04_oid = "var04 oid" var04_value = "var04 value" var04_mib_name = "var04 mib name" var04_mib_value = "var04 mib value" var05_oid = "var05 oid" var05_value = "var05 value" var05_mib_name = "var05 mib name" var05_mib_value = "var05 mib value" var06_oid = "var06 oid" var06_value = "var06 value" var06_mib_name = "var06 mib name" var06_mib_value = "var06 mib value" route = "route" database = "database" information = "information" firewall = "firewall" hwdest = "destination mac address" destip = "destination IP" destport = "destination port" enetproto = "ETH protocol number" ipproto = "IP protocol" recvif = "source interface" hwsrc = "source mac address" ack = "ACK" arp = "ARP message type" ### conn = "connection" cwr = "CWR" destif = "destination interface" ece = "ECE" fin = "FIN" icmpdestip = "ICMP destination IP" icmpsrcip = "ICMP source IP" icmptype = "ICMP type" psh = "PSH" rst = "RST" syn = "SYN" urg = "URG" ### spam_bytes = "spam bytes" machine_desc = "machine description" monitor_info = "monitor info" result_id = "result ID" result_desc = "result description" action_time = "action time" result_value = "result value" result_info = "result info" convinfo = "conversion info" dstclass = "destination class" cache = "cache" ref = "reference" policy = "policy" engine = "engine" content = "content" prio = "priority" shutdown = "shutdown" previous_shutdown = "previous shutdown" corever = "core version" cfgver = "config file version" cfgfile = "config file used" termsent = "data sent (server)" origsent = "data sent (client)" connsrcport = "source port" connsrcip = "source IP" connsrcid = "source ping ID" connrecvif = "receiving interface" connipproto = "IP protocol" conndestport = "destination port" conndestip = "destination IP" conndestif = "destination interface" conndestid = "destination ping ID" udptotlen = "UDP data length" tcphdrlen = "TCP header length" ipdatalen = "IP data length" echoseq = "ECHO sequence" echoid = "ECHO ID" dest = "destination" peer = "peer" bidir = "bi direction" ses = "SES" demo = "demonstration mode" algsesid = "algsesid" algmod = "algmod" translated_source_ip = "translated source IP" translated_destination_ip = "translated destination IP" mime_part = "MIME part" spam_bytes = "spam bytes" src_ip = "source IP" dst_ip = "destination IP" side_in = "side in" side_out = "side out" side_exp = "side exp" cnx_state = "connection state" lvl_info = "level info" ### ibyte = "I byte" ### ipacket = "ipacket" ### ibyte_ack = "acknowledged bytes in" ### ipacket_ack = "acknowledged packets in" upload_size = "upload size" fromip = "from IP" ticket = "ticket" namespace = "namespace" x_transaction = "transaction" x_username = "username" x_hiercode = "hierarchy code" x_note = "note" destenet = "destination network" hwsender = "sender mac address" srcenet = "source network" vpntunnel = "VPN tunnel" local_address = "local address" loglevel = "log level" client_destination = "client destination" policy_type = "policy type" filter_type = "filter type" filter_name = "filter name" filter_result = "filter result" virus_file_name = "virus file name" message_count = "message count" e2e_time = "end-to-end time" ### host_time = "server processing time" nw_time = "network time" ssl_time = "SSL time" average_e2e_time = "average end-to-end time" average_host_time = "average server processing time" average_nw_time = "average network time" average_ssl_time = "average SSL time" session_hash = "session hash" kilobytes = "kilobytes" throughput = "througput" average_throughput = "average througput" tcp_ooo = "out-of-order TCP segments" tcp_rtt = "TCP time" average_tcp_ooo = "average out-of-order TCP segments" average_tcp_rtt = "average TCP time" tcp_retrans = "TCP retransmissions" average_tcp_retrans = "average TCP retransmissions" http_method = "HTTP method" http_version = "HTTP version" uri_query_string = "URI query string" post_query_string = "POST query string" is_container = "is container" is_subordinate = "is container" location_code = "location code" uri_stem = "page" response_code = "response code" win32_status = "win32 status" snmp_trap_product = "snmp trap product" id_source = "ID source" url_filter = "URL filter" check_result = "scan result" message_result = "message status" virus_name = "virus name" group = "group" setting = "setting" related_id = "related ID" key = "key" revision = "revision" opcode = "opcode" question_name = "question name" media_type = "media type" infected_status = "infected status" recip = "recipients" object = "object" mailbox = "mailbox" folder = "folder" blacklist = "blacklist" bytes_in = "bytes in" bytes_out = "bytes out" cpu_time = "CPU time" actual_time = "actual time" src_addr = "source address" dest_addr = "destination address" caller_id = "caller ID" branch = "branch" email_allowed = "contact type" platforms = "platforms" trial_download_time = "download date/time" message_test_field = "message test field" virus_host_file = "virus host file" ### virus_filter = "virus filter" ### spam_filter = "spam filter" connecting_server_ip = "connecting server IP" connecting_server_name = "connecting server name" local_ip_address = "local IP address" remote_ip_address = "remote IP address" x_throughput = "througput" x_tcp_rtt_count = "TCP RTT count" x_tcp_rtt = "TCP RTT" x_tcp_ooo = "TCP OOO" x_tcp_retrx = "TCP retries" x_ssl_time = "SSL time" x_e2e_time = "end-to-end time" x_process_time = "process time" x_network_time = "network time" x_nw_error_count = "NW error count" x_cl_error_count = "CL error count" x_sv_error_count = "SV error count" x_ap_error_count = "AP error count" x_timed_out = "timed out" x_ct_error_count = "CT error count" x_cu_error_count = "CU error count" x_record_type = "record type" x_object_id = "object ID" x_page_id = "page ID" x_session_id = "session ID" sc_location = "location" x_sc_mimetype = "MIME type" x_redirect = "redirect" x_document = "document" x_container = "container" x_component = "component" x_aborted = "aborted" email_address = "email address" client_computer = "client computer" user_account = "user account" client_os = "client OS" server_os = "server OS" share_name = "share name" content_length = "content length" blocked_content = "blocked content" summary = "summary" flow = "flow" strings = "strings" eventlog = "event log" recordnumber = "record number" timegenerated = "time generated" timewritten = "time written" eventid = "event ID" eventtype = "event type" eventtypename = "event type name" eventcategory = "event category" eventcategoryname = "event category name" sourcename = "sourcename" logins = "logins" gw_id = "gateway ID" trace_type = "trace type" bip_code = "BIP code" cs_sip = "server IP" channel_id = "channel ID" channel_name = "channel name" cdn_url = "CDN URL" source_url = "source URL" proxy_used = "proxy used" last_modified_time = "last modified time" headers = "headers" x_remote_id = "remote ID" x_sc_contentlength = "server-to-client content length" x_rs_contentlength = "remote-to-server content length" x_cs_bodylength = "client-to-server body length" x_sr_bodylength = "server-to-remote body length" x_cs_headerlength = "client-to-server header length" x_sc_headerlength = "server-to-client header length" x_sr_headerlength = "server-to-remote header length" x_rs_headerlength = "remote-to-server header length" x_elapsed_seconds = "elapsed seconds" evt_ref_id = "event reference ID" evt_id = "event ID" evt_name = "event name" evt_type = "event type" evt_desc = "event description" evt_sev = "event severity" evt_subj = "event subject" evt_cat = "event category" evt_date = "event date" physical_path = "physical path" virtual_path = "virtual path" conference_server_address = "conference server address" conference_id = "conference ID" client_name = "client name" client_type = "client type" cuid = "CUID" log_date_time = "log date/time" xlated_src_ip = "translated source IP" xlated_src_port = "translated source port" xlated_dst_ip = "translated destination IP" xlated_dst_port = "translated destination port" ### virus_host_file = "virus host file" virus_filter = "virus filter" spam_filter = "spam filter" s_spam_filter = "signature spam filter" h_spam_filter = "heuristic (SPS) spam filter" spam_filter_type = "spam filter type" spam_detected = "spam detected" virus_detected = "virus detected" logging_device_country = "country" client_version = "client version" overview_all_sites = "Overview All Sites" hours_all_sites = "Hours All Sites" days_all_sites = "Days All Sites" weekdays_all_sites = "Weekdays All Sites" traffic_over_time_all_sites = "Traffic Over Time All Sites" users_all_sites = "Users All Sites" devices_all_sites = "Devices All Sites" countries_all_sites = "Countries All Sites" encryption_all_sites = "Encryption All Sites" single_des_ips = "Single Des IPs" client_versions_all_sites = "Client Versions All Sites" client_ip_all_sites = "Client IP All Sites" overview_usa = "Overview USA" overview_usa_usar = "Overview USA (USAR)" overview_singapore = "Overview Singapore" overview_uk = "Overview UK" overview_france = "Overview France" overview_germany = "Overview Germany" overview_australia = "Overview Australia" overview_denmark = "Overview Denmark" overview_netherlands = "Overview Netherlands" overview_korea = "Overview Korea" overview_south_africa = "Overview South Africa" overview_switzerland = "Overview Switzerland" logins_usa = "Logins USA" logins_usa_usar = "Logins USA (USAR)" logins_singapore = "Logins Singapore" logins_uk = "Logins UK" logins_france = "Logins France" logins_germany = "Logins Germany" logins_australia = "Logins Australia" logins_denmark = "Logins Denmark" logins_netherlands = "Logins Netherlands" logins_korea = "Logins Korea" logins_south_africa = "Logins South Africa" logins_switzerland = "Logins Switzerland" failed_logins_usa = "Failed Logins USA" failed_logins_usa_usar = "Failed Logins USA (USAR)" failed_logins_singapore = "Failed Logins Singapore" failed_logins_uk = "Failed Logins UK" failed_logins_france = "Failed Logins France" failed_logins_germany = "Failed Logins Germany" failed_logins_australia = "Failed Logins Australia" failed_logins_denmark = "Failed Logins Denmark" failed_logins_netherlands = "Failed Logins Netherlands" failed_logins_korea = "Failed Logins Korea" failed_logins_south_africa = "Failed Logins South Africa" failed_logins_switzerland = "Failed Logins Switzerland" top_hours_usa = "Top Hours USA" top_hours_usa_usar = "Top Hours USA (USAR)" top_hours_singapore = "Top Hours Singapore" top_hours_uk = "Top Hours UK" top_hours_france = "Top Hours France" top_hours_germany = "Top Hours Germany" top_hours_australia = "Top Hours Australia" top_hours_denmark = "Top Hours Denmark" top_hours_netherlands = "Top Hours Netherlands" top_hours_korea = "Top Hours Korea" top_hours_south_africa = "Top Hours South Africa" top_hours_switzerland = "Top Hours Switzerland" weekdays_usa = "Weekdays USA" weekdays_usa_usar = "Weekdays USA (USAR)" weekdays_singapore = "Weekdays Singapore" weekdays_uk = "Weekdays UK" weekdays_france = "Weekdays France" weekdays_germany = "Weekdays Germany" weekdays_australia = "Weekdays Australia" weekdays_denmark = "Weekdays Denmark" weekdays_netherlands = "Weekdays Netherlands" weekdays_korea = "Weekdays Korea" weekdays_south_africa = "Weekdays South Africa" weekdays_switzerland = "Weekdays Switzerland" cert_info = "certificate info" issuer = "issuer" af_portal_id = "AF portal ID" network_name = "network name" desktop_server = "desktop server" x_virus_details = "virus details" x_icap_error_code = "ICAP error code" x_icap_error_details = "ICAP error details" users = "users" request_bytes = "requested bytes" license_exp_date = "license expiry date" license_type = "license type" debug = "debug" ### object_type = "object type" ### object_name = "object name" key_info = "key info" feature_id = "feature ID" hierarchy_code = "hierarchy code" proxy_name = "proxy name" ### license_exp_date = "license expiry date" ### license_type = "license type" ### feature_id = "feature ID" clientip = "client IP" session_events = "session events" brick_state = "brick state" code_id = "code ID" rule_fields_table = "rule fields table" eua_result = "EUA result" sub_type = "sub type" ### eua_result = "EUA result" auth_timeout = "auth timeout" user_db = "user DB" eua_action = "EUA action" elap = "elap" vpn_vendor = "VPN vendor" local_ip = "local IP" admin_id = "admin id" option = "option" exception_type = "exception type" bandwidth_type = "bandwidth type" unit = "unit" passed_bandwidth_after_throttling = "passed bandwidth after throttling" gamer_tag = "gamer tag" product_id = "product ID" title_id = "title ID" title_name = "title name" operator_id = "operator ID" retailer_id = "retailer ID" payment_method = "payment method" terminal_type = "terminal type" totpages = "total pages" stime = "printer start time" ptime = "printer end time" ### printer = "printer name" lines = "lines printed" copies = "copies printed" print_duration = "print duration" system_message = "system message" relay_hostname = "relay hostname" relay_ip = "relay IP" ### messages_sent = "messages sent" nrcpt = "number of recipients" messages_rcvd = "messages received" counter = "counter" transport_name = "transport name" router_name = "router name" warning = "warning" hostname_ip = "hostname / IP" ### authenticated_name = "auth name" smtp_delivery_conf = "delivery conf" cert_verif_status = "cert status" dist_name_from_peer = "name from peer" shadow_transport_name = "shadow transport name" user_rfc1413 = "RFC1413 user" tls_cipher_suite = "TLS cipher" messages_sent = "messages sent" messages_received = "messages received" messages_queued = "messages queued" messages_delivered = "messages delivered" messages_bounced = "messages bounced" messages_delayed = "messages delayed" messages_aborted = "messages aborted" bounce_reason = "bounce reason" bounce_response = "bounce response" warnings = "warnings" warning_message = "warnings" rid = "RID" mid = "MID" icid = "ICID" vpn_name = "VPN name" http_accesses = "HTTP accesses" errors = "errors" worms = "worms" spiders = "spiders" broken_links = "broken links" screen_info_hits = "screen info hits" hit_type = "hit type" unique_ip_addresses = "unique IP addresses" filter_action = "filter action" filter_code = "filter code" filter_rcode = "filter rcode" base_code = "base code" threats = "threats" scans = "scans" total_files = "total files" infected_files = "infected files" threat = "threat" threat_type = "threat type" original_location = "original location" current_location = "current location" action_description = "action description" started_on = "started on" completed = "completed" # interscan_messaging_security_suite_integrated attachment = "attachment" action_on_content = "action on content" action_on_message = "action on message" quarantine_area_name = "quarantine area name" filter_content = "filter content" attachment_extension = "attachment extension" h_spam_filter_outcome = "H spam filter outcome" s_spam_filter_outcome = "S spam filter outcome" antivirus_filter_outcome = "antivirus filter outcome" content_filter_outcome = "content filter outcome" filtered_messages = "filtered messages" filtered_packets = "filtered packets" attachment_outcome = "attachment outcome" ipfilter_type = "ipfilter type" messages_processed = "messages processed" bytes_processed = "bytes processed" bytes_delivered = "bytes delivered" outbound_messages = "outbound messages" virus_processed = "virus processed" virus_delivered = "virus delivered" content_detected = "content detected" content_processed = "content processed" content_delivered = "content delivered" spam_processed = "spam processed" spam_delivered = "spam delivered" attachment_detected = "attachment detected" attachment_processed = "attachment processed" attachment_delivered = "attachment delivered" policy_violations = "policy violations" entity = "entity" # ascenlink inpkts = "packets in" outpkts = "packets out" inbytes = "bytes in" outbytes = "bytes out" totlen = "total length" link = "link" inclass = "in class" outclass = "out class" # msieser_http client_mac_address = "client MAC address" server_ip_address = "server IP address" server_mac_address = "server MAC address" # mcafee_e1000_mail_scanner app = "application" spam_rules = "broken rules" spam_audit_id = "audit ID" spam_sender = "sender" spam_rcpt = "recipients" spam_address = "source address" spam_dest_address = "destination address" # exim_4 recipient_username = "recipient username" antibody_filter = "antibody filter" messages_filtered = "messages filtered" # nessus subnet = "subnet" # java_administration_mbean Active = "active" DeploymentState = "deployment state" Destination = "destination" Durable = "durable" EJBComponent = "EJB component" HealthState = "health state" Status = "status" Transacted = "transacted" FilterDispatchedRequestsEnabled = "filter dispatched request enabled" IndexDirectoryEnabled = "index directory enabled" JSPDebug = "JSP debug" JSPKeepGenerated = "JSP keep generated" JSPVerbose = "JSP verbose" CachingDisabled = "caching disabled" ObjectName = "object name" PoolState = "pool state" Enabled = "enabled" Name = "name" ### CachingDisabled = "caching disabled" ### ObjectName = "object name" ### PoolState = "pool state" ### Enabled = "enabled" SessionMonitoringEnabled = "session monitoring enabled" # java_administration_mbean numerical fields MaxCapacity = "max capacity" CurrCapacity = "current capacity" ExecuteThreadCurrentIdleCount = "execute thread current idle count" PendingRequestCurrentCount = "pending request current count" PendingRequestOld = "old pending request" ServicedRequestTotalCount = "serviced request total count" WaitSecondsHighCount = "wait seconds high count" StatementProfileCount = "statement profile count" PrepStmtCacheHitCount = "prepared statement cache hit count" ConnectionsTotalCount = "connections total count" ConnectionLeakProfileCount = "connection leak profile count" WaitingForConnectionCurrentCount = "waiting for connection current count" ActiveConnectionsCurrentCount = "active connection current count" ActiveConnectionsAverageCount = "active connections average count" ExecuteThreadTotalCount = "execute thread total count" ActiveConnectionsHighCount = "active connections high count" LeakedConnectionCount = "leaked connection count" PrepStmtCacheMissCount = "prepared statement cache miss count" WaitingForConnectionHighCount = "waiting for connection high count" PreparedStatementCacheProfileCount = "prepared statement cache profile count" FailuresToReconnectCount = "failure to reconnect count" HighestNumAvailable = "highest num available" HighestNumUnavailable = "highest num unavailable" NumAvailable = "num available" NumUnavailable = "num unavailable" ConnectionDelayTime = "connection delay time" AccessTotalCount = "access total count" ActiveTransactionsTotalCount = "active transactions total count" BeansInUseCount = "beans in use count" BeansInUseCurrentCount = "beans in use current count" BytesCurrentCount = "bytes current count" BytesHighCount = "bytes high count" BytesPendingCount = "bytes pending count" BytesReceivedCount = "bytes received count" BytesSentCount = "bytes sent count" BytesThresholdTime = "bytes threshold count" ConnectionsCurrentCount = "connections current count" ConnectionsHighCount = "connections high count" ConsumersCurrentCount = "consumers current count" ConsumersHighCount = "consumers high count" ConsumersTotalCount = "consumers total count" DestinationsCurrentCount = "destinations current count" DestinationsHighCount = "destinations high count" DestinationsTotalCount = "destinations total count" DestroyedTotalCount = "destroyed total count" IdleBeansCount = "idle beans count" InitialRecoveredTransactionTotalCount = "initial recovered transaction total count" JMSServersCurrentCount = "JMS servers current count" JMSServersHighCount = "JMS servers high count" JMSServersTotalCount = "JSM servers total count" MessagesCurrentCount = "messages current count" MessagesHighCount = "messages high count" MessagesPendingCount = "messages pending count" MessagesReceivedCount = "messages received count" MessagesSentCount = "messages sent count" MessagesThresholdTime = "messages threshold time" MissTotalCount = "miss total count" PendingRequestOldestTime = "pending request oldest time" PooledBeansCurrentCount = "pooled beans current count" ProducersCurrentCount = "producers current count" ProducersHighCount = "producers high count" ProducersTotalCount = "producers total count" RecoveredTransactionCompletionPercent = "recovered transactions completion percent" SecondsActiveTotalCount = "seconds active total count" SessionPoolsCurrentCount = "session pools current count" SessionPoolsHighCount = "session pools high count" SessionPoolsTotalCount = "session pools total count" SessionsCurrentCount = "sessions current count" SessionsHighCount = "sessions high count" SessionsTotalCount = "sessions total count" TimeoutTotalCount = "timeout total count" TransactionAbandonedTotalCount = "transaction abandoned total count" TransactionCommittedTotalCount = "transaction committed total count" TransactionHeuristicsTotalCount = "transaction heuristics total count" TransactionRolledBackAppTotalCount = "transaction rolled back app total count" TransactionRolledBackResourceTotalCount = "transaction rolled back resource total count" TransactionRolledBackSystemTotalCount = "transaction reolled back system total count" TransactionRolledBackTimeoutTotalCount = "transaction rolled back timeout total count" TransactionRolledBackTotalCount = "transaction rolled back total count" TransactionTotalCount = "transaction total count" TransactionsCommittedTotalCount = "transactions committed total count" TransactionsRolledBackTotalCount = "transactions rolled back total count" TransactionsTimedOutTotalCount = "transactions timed out total count" WaiterCurrentCount = "waiter current count" WaiterTotalCount = "waiter total count" ConnectionPoolCount = "connection pool count" JSPPageCheckSecs = "JSP page check secs" OpenSessionsCurrentCount = "open sessions current count" OpenSessionsHighCount = "open sessions high count" ServletReloadCheckSecs = "servlet reload check secs" SessionCookieMaxAgeSecs = "session cookie max age secs" SessionIDLength = "session ID length" SessionInvalidationIntervalSecs = "session invalidation interval secs" SessionTimeoutSecs = "session timeout secs" SessionsOpenedTotalCount = "session opened total count" SingleThreadedServletPoolSize = "single threaded servlet pool size" # trend_micro_control_manager policy_settings = "policy settings" generation_time_zone = "generation time zone" generated = "generated" infect_source = "infect source" infect_destination = "infect destination" pattern = "pattern" first_action = "first action" first_action_result = "first action result" second_action = "second action" second_action_result = "second action result" file_path = "file path" login_user_name = "login user name" object_name_url = "object name URL" blocking_type = "blocking type" blocking_rule = "blocking rule" malicious_events = "malicious events" content_filtering_events = "content filtering events" virus_events = "virus events" spyware_events = "spyware events" web_spyware_events = "web spyware events" workstation_spyware_events = "workstation spyware events" web_filtering_events = "web filtering events" email_filtering_events = "email filtering events" admin_events = "admin events" download_events = "download events" workstation_virus_events = "workstation virus events" web_virus_events = "web virus events" email_virus_events = "email virus events" # postfix messages_blocked = "messages blocked" messages_expired = "messages expired" messages_deferred = "messages deferred" bytes_blocked = "bytes blocked" bytes_expired = "bytes expired" bytes_bounced = "bytes bounced" bytes_deferred = "bytes deferred" # du kb = "kilobytes" file_bytes = "bytes from files" files = "files" directory = "directory" directory_bytes_recursive = "bytes in directories (recursively duplicated)" # kasperskylabs_mailserver scan_events = "scan events" modification_time = "modification time" source1 = "source 1" # netscreen_ssl_gateway role = "role" roles = "roles" # communigate pro pop_logins = "pop logins" pop_messages_retrieved = "pop messages retrieved" pop_bytes_retrieved = "pop bytes retrieved" pop_messages_deleted = "pop messages deleted" # locayta_logging websessionid = "web session ID" searchtype = "search type" resulttype = "result type" servername = "server name" requeststarttime = "request start time" requestendtime = "request end time" requesttotalrecordcount = "request total record count" requestpagerecordcount = "request page record count" querystring = "query string" searches = "searches" gatewaysessionid = "gateway session id" searches = "searches" initialpage = "initial page" billablesearches = "billable searches" pagerequests = "page requests" classificationlist = "classification list" localitylist = "locality list" classificationargument = "classification argument" classificationselection = "classification selection" localityargument = "locality argument" localityselection = "locality selection" paidadsserved = "paid ads served" bookid = "BookID" # interscan_web_security_suite blocked_url = "blocked URL" opp_id = "opp ID" content_category = "content category" trend_category = "trend category" sub_category = "sub category" url_filtering_events_url_blocking = "URL filtering events (url_blocking log)" url_filtering_events_http = "URL filtering events (http log)" # Clickstream Technologies Plc - DataSherpa Log Format x_colour_depth = "Colour Depth" x_javascript_version = "Javascript Version" x_language = "Language" x_screen_resolution = "Screen Resolution" x_timezone_offset = "Timezone Offset" x_java_enabled = "Java Enabled" x_browser_size = "Browser Size" x_connection_type = "Connection Type (client)" x_homepage = "Homepage (current page)" x_flash_version = "Flash Version" x_plug_ins = "Plug-ins" x_form_data_raw_cookie = "form-data" x_html_title = "Page Title" x_accepting_cookies = "Accepting Cookies" x_impression_id = "Impression ID" x_client_uid = "Client User ID" x_display_id = "Page Display ID" x_new_session_flag = "New Session" x_new_user_flag = "New User" x_new_visit_flag = "New Visit" x_page_enum = "Page Enumeration" x_popup_flag = "Pop up" x_previous_page = "Previous Page" x_referer_host = "Referer Host" x_request_id = "Request ID" x_robot_name = "Robot Name" x_server_uid = "Server User ID" x_userdefined_page_name = "Page Name (custom)" x_userdefined_page_name_category = "Page Name Category (custom)" x_userdefined_page_name_categoryparent = "Page Name CategoryParent (custom)" x_visit_id = "Visit ID" x_suspicion_level = "Suspicion Level" x_extended_data_raw = "CSData" x_extended_data_error = "CSData - Error" x_download_time = "Download Time" # zeus_g orders = "orders" mml_order_id = "MML order ID" gk_order_id = "GK order ID" item_description = "item description" item_id = "item ID" items_ordered = "unique items ordered" total_amount = "order revenue" discount_amount = "discount amount" tax_amount = "tax amount" shipping_amount = "shipping amount" item_quantity = "item quantity" item_cost = "item cost" total_item_cost = "total item cost" nodelf = "node" #### paid_search_engine = "paid search engine" integrated_search_engine = "search engine" ### # bt_logging ### searches = "searches" ### gatewaysessionid = "gateway session id" # iscdhcpleases lease = "lease" leases = "leases" # terraplay fields application_name = "application name" session_name = "session name" gas_ip_address = "client GAS IP" session_profile_name = "session profile name" client_profile_name = "client profile name" client_role = "client role" client_conn = "connections" total_clients = "total clients per session" total_objects = "total objects per session" total_objects_groups = "total object groups per session" client_status = "client status" max_upstream = "max byte rate upstream" max_downstream = "max byte rate downstream" max_udp_size = "max UDP payload" term_session_reason = "termination reason (session)" client_disconn_reason = "disconn reason (client)" extra_session_info = "info (session)" extra_client_info = "info (client)" ### # interscan_web_security_suite ### blocked_url = "blocked URL" ### opp_id = "opp ID" ### content_category = "content category" ### trend_category = "trend category" ### sub_category = "sub category" ### url_filtering_events_url_blocking = "URL filtering events (url_blocking log)" ### url_filtering_events_http = "URL filtering events (http log)" ### ### # Clickstream Technologies Plc - DataSherpa Log Format ### x_colour_depth = "Colour Depth" ### x_javascript_version = "Javascript Version" ### x_language = "Language" ### x_screen_resolution = "Screen Resolution" ### x_timezone_offset = "Timezone Offset" ### x_java_enabled = "Java Enabled" ### x_browser_size = "Browser Size" ### x_connection_type = "Connection Type (client)" ### x_homepage = "Homepage (current page)" ### x_flash_version = "Flash Version" ### x_plug_ins = "Plug-ins" ### x_form_data_raw_cookie = "form-data" ### x_html_title = "Page Title" ### x_accepting_cookies = "Accepting Cookies" ### x_impression_id = "Impression ID" ### x_client_uid = "Client User ID" ### x_display_id = "Page Display ID" ### x_new_session_flag = "New Session" ### x_new_user_flag = "New User" ### x_new_visit_flag = "New Visit" ### x_page_enum = "Page Enumeration" ### x_popup_flag = "Pop up" ### x_previous_page = "Previous Page" ### x_referer_host = "Referer Host" ### x_request_id = "Request ID" ### x_robot_name = "Robot Name" ### x_server_uid = "Server User ID" ### x_userdefined_page_name = "Page Name (custom)" ### x_userdefined_page_name_category = "Page Name Category (custom)" ### x_userdefined_page_name_categoryparent = "Page Name CategoryParent (custom)" ### x_visit_id = "Visit ID" ### x_suspicion_level = "Suspicion Level" ### x_extended_data_raw = "CSData" ### x_extended_data_error = "CSData - Error" ### x_download_time = "Download Time" ### ### # zeus_g ### orders = "orders" ### mml_order_id = "MML order ID" ### gk_order_id = "GK order ID" ### item_description = "item description" ### item_id = "item ID" ### items_ordered = "unique items ordered" ### total_amount = "order revenue" ### discount_amount = "discount amount" ### tax_amount = "tax amount" ### shipping_amount = "shipping amount" ### item_quantity = "item quantity" ### item_cost = "item cost" ### total_item_cost = "total item cost" ### nodelf = "node" #### paid_search_engine = "paid search engine" ### integrated_search_engine = "search engine" ### ### # locayta_logging ### websessionid = "web session ID" ### searchtype = "search type" ### resulttype = "result type" ### servername = "server name" ### requeststarttime = "request start time" ### requestendtime = "request end time" ### requesttotalrecordcount = "request total record count" ### requestpagerecordcount = "request page record count" ### querystring = "query string" ### ### # bt_logging ### searches = "searches" ### gatewaysessionid = "gateway session id" ### ### # iscdhcpleases ### lease = "lease" ### leases = "leases" # beta_intermapper_event up_time = "up time" down_time = "down time" utilization = "utilization" index_number = "index number" # beta_sendmail ctladdr = "control address" dsn = "DSN" # beta_msieser_smtp cc = "CC" attachments = "attachments" # beta_praudit audit_event_id = "audit event ID" audit_event_id_modifier = "audit event ID modifier" invariant_audit_id = "invariant audit ID" effective_user_id = "effective user ID" effective_group_id = "effective group ID" real_user_id = "real user ID" real_group_id = "real group ID" audit_session_id = "audit session ID" terminal_id = "terminal ID" text = "text" return_message = "return message" audit_event_id = "audit event ID" audit_event_id_modifier = "audit event ID modifier" invariant_audit_id = "invariant audit ID" effective_user_id = "effective user ID" effective_group_id = "effective group ID" real_user_id = "real user ID" real_group_id = "real group ID" audit_session_id = "audit session ID" terminal_id = "terminal ID" text = "text" return_message = "return message" access_mode = "access mode" owner_user_id = "owner user ID" owner_group_id = "owner group ID" file_system_id = "file system ID" inode_id = "inode ID" exec_args = "exec args" # zyxel_firewall_welf devid = "device ID" cat = "category" protoid = "protocol ID" trans = "transfer" # beta_fortigate cat_desc = "category description" serial = "serial" # beta_symantec_gateway_security month = "month" # beta_mailman_post posting_user = "posting user" posts = "posts" # beta_watchguard_xml pckt_len = "packet length" ip_hdr_len = "IP header length" tz = "timezone" pr = "protocol" wgt = "WGT" proc_id = "process ID" disp = "displacement" src_intf = "source interface" why = "reason" recv = "received" # beta_microsoft_windows_firewall tcpsyn = "TCP SYN" tcpack = "TCP ACK" tcpwin = "TCP window" icmpcode = "ICMP code" # beta_amavis mail_id = "mail ID" # beta_cisco_as5300 slot_port = "slot port" slot_contr_chan = "slot/control/channel" call_id = "call ID" std = "standard" prot = "protocol" comp = "compression" init_rx_b_rate = "initial receive bit rate" init_tx_b_rate = "initial transfer bit rate" finl_rx_b_rate = "final receive bit rate" finl_tx_b_rate = "final transfer bit rate" retr = "retries" rx_chars = "received chars" tx_chars = "transferred chars" bad = "bad" rx_ec = "received EC" tx_ec = "transferred EC" finl_state = "final state" disc_radius_ = "disconnect (radius)" disc_modem_ = "disconnect (modem)" calls = "calls" # mc_afee_web_shield_xml utc_time = "UTC time" local_time = "local time" tz_offset = "timezone offset" os_name = "OS name" os_version = "OS version" host_ip = "host IP" host_domain_name = "host domain name" sev_type = "severity type" client_request = "client request" client_request_line = "client request line" audit_id = "audit ID" conversation_id = "conversation ID" conversation_policy = "conversation policy" neat_delta = "neat delta" neat_starttime = "neat starttime" # beta_xwall returnpath = "return path" msgdate = "message date" msgtime = "message time" sendprio = "send priority" rr = "RR" att = "ATT" history = "history" infected = "infected" virusinfo = "virus info" format = "format" bayes = "bayes" exclude = "exclude" ipaddress = "IP address" heuristic = "heuristic" atttype = "ATT type" slsservice = "SLS service" slsinfo = "SLS info" # beta_internet_security_systems_network_sensors tag_name = "tag name" event_count = "event count" target_ip = "target IP" sensor_dns_name = "sensor DNS name" algorithm_id = "algorithm ID" attacksuccessful = "attack successful" ianaprotocolid = "iana protocol ID" sourceethernetaddress = "source ethernet address" systemagent = "system agent" intruder_ip_addr = "intruder IP address" packet_destinationaddress = "packet destination address" packet_destinationport = "packet destination port" packet_destinationportname = "packet destination port name" packet_sourceaddress = "packet source address" packet_sourceport = "packet source port" packet_sourceportname = "packet source port name" victim_ip_addr = "victim IP addr" login = "login" attackorigin = "attack origin" caller_machine_name = "caller machine name" destinationethernetaddress = "destination ethernet address" serverid = "server ID" intruder_ip_addr = "intruder IP address" victim_ip_addr = "victim IP address" victimip = "victim IP" accessed = "accessed" http_server = "HTTP server" login = "login" accessed = "accessed" content_range = "content range" repeat_count = "repeat count" firstip = "first IP" secondip = "second IP" xid = "XID" http_server = "HTTP server" server_type = "server type" victimip = "victim IP" # beta_snare_aix obs1 = "obs1" obs2 = "obs2" egid = "group ID" epriv = "privileges" fd = "file descriptor" # Domino Access logs translated_uri = "translated URI" cookie_header = "cookie header" # beta_sourcefile_ids initiator_ip = "initiator IP" responder_ip = "responder IP" initiator_port = "initiator port" responder_port = "responder port" first_packet = "first packet" last_packet = "last packet" protocols = "protocols" client_application_id = "client application ID" client_application_version = "client application version" unique_initiator_ips = "unique initiators IPs" # beta_autoadmin is_error = "is error" # blue_coat_w3_c cs_uri_path = "path" # beta_symantec_antivirus logged_by = "logger" # beta_annex_term_server terminal = "terminal" port_number = "port number" # beta_kerio_mailserver sender_host = "sender host" # netscape req__headers_host = "server domain" # beta_backup_exec set_resource_name = "set resource name" tape_name = "tape name" display_volume = "display volume" backup_type = "backup type" backed_up_exchange_mailbox = "backed up exchange mailbox" new_processed_bytes = "new processed bytes" vlm_hist_rateformat2 = "vlm hist rateformat2" mail_messages_backed_up = "mail messages backed up" folders_backed_up = "folders backed up" mailboxes_backed_up = "mailboxes backed up" files_backed_up = "files backed up" directories_backed_up = "directories backed up" sets_backed_up = "sets backed up" misc = "miscellaneous" # beta_argosoft_mail_server connections_rejected = "connections rejected" bytes_queued = "bytes queued" rejection_reason = "rejection reason" spam_messages_queued = "spam messages queued" spam_messages_delivered = "spam messages delivered" # beta_mps retrieved_documents = "retrieved documents" searched_databases = "searched databases" retrieved_from_database = "retrieved from database" document_id = "document ID" item = "item" # beta_tipping_point_ips message_version = "message version" iso_start_time = "iso start time" alert_hostname = "alert hostname" alert_ip = "alert IP" sequence_id = "sequence ID" reserved = "reserved" policy_uuid = "policy UUID" signature_name = "signature name" protocol_name = "protocol name" iso_end_time = "iso end time" traffic_threshold_parameters = "traffic threshold parameters" traffic_capture_available = "traffic capture available" slot_and_segment = "slot and segment" # barracuda_spam_firewall messages_quarantined = "messages quarantined" spam_blocking_expression = "spam blocking expression" messages_tagged = "messages tagged" virus_blocking_expression = "virus blocking expression" messages_spam_blocked = "messages spam blocked" messages_virus_blocked = "messages virus blocked" queued_messages_quarantined = "queued messages quarantined" queued_messages_spam_blocked = "queued messages spam blocked" queued_messages_virus_blocked = "queued messages virus blocked" queued_messages_tagged = "queued messages tagged" delivered_messages_quarantined = "delivered messages quarantined" delivered_messages_spam_blocked = "delivered messages spam blocked" delivered_messages_virus_blocked = "delivered messages virus blocked" delivered_messages_tagged = "delivered messages tagged" # beta_juniper_ssl concurrent_users = "Concurrent Users" concurrent_users_count = "Concurrent User Events" j_date_time = "j date time" failed_logins = "failed logins" # cisco_voice_router receivepackets = "packets received" # beta_openldap search_base = "search base" search_scope = "search scope" search_filter = "search filter" search_result_tag = "search result tag" search_result_err = "search result error" search_result_txt = "search result text" bind_dn = "bind DN" bind_method = "bind method" bind_result_tag = "bind result tag" bind_result_err = "bind result error" bind_result_txt = "bind result text" # beta_barrier_group detected_by = "detected by" event_protocol = "event protocol" source_mac = "source MAC" internal_source = "internal source" blocked_source = "blocked source" dest_ip = "destination IP" dest_port = "destination port" dest_url = "destination URL" dest_mac = "destination MAC" internal_dest = "internal destination" blocked_dest = "blocked destination" good_host = "good host" bad_host = "bad host" # beta_performance_monitor machine = "machine" percent_cpu_used = "percent cpu used" load = "load" disk_usage = "disk usage" samples = "samples" packets_in_out = "packets in/out" percent_cpu_used_average = "average percent cpu used" load_average = "average load" disk_usage_average = "average disk usage" packets_in_out_average = "average packets in/out" percent_cpu_used_maximum = "maximum percent cpu used" load_maximum = "maximum load" disk_usage_maximum = "maximum disk usage" packets_in_out_maximum = "maximum packets in/out" percent_cpu_used_minimum = "minimum percent cpu used" load_minimum = "minimum load" disk_usage_minimum = "minimum disk usage" packets_in_out_minimum = "minimum packets in/out" # beta_cisco_wlan_controller source_code_filename = "source code filename" source_code_line_number = "source code line number" } # field_labels item_descriptions = { ip_address = "IP Address" no_referrer = "(no referrer)" no_search_phrase = "(no search phrase)" no_search_engine = "(no search engine)" no_file_type = "(no type)" no_spider = "(not a spider)" no_worm = "(not a worm)" spider = "(spider)" not_an_url = "(unknown--not a URL)" unknown_browser = "unknown/spider" unknown_os = "unknown" unspecified_browser = "unspecified" unspecified_os = "unspecified" not_an_ip = "(unavailable-- not an IP)" screen_info = "(screen info)" screen_depth = { 1 = "1 bit (black/white only; no gray)" 2 = "2 bit (4 colors)" 4 = "4 bit (16 colors)" 8 = "8 bit (256 colors)" 16 = "16 bit (near full color)" 24 = "24 bit (full color)" 32 = "32 bit (full color)" } # screen_depth } # item_descriptions graph = { bar_chart_title = "Graph of $numerical_field_label by $discrete_field_label" bar_chart_numerical_field_label = "{=capitalize(numerical_field_label)=}" bar_chart_multiplier_note = "x $multiplier" bar_chart_discrete_field_label = "{=capitalize(discrete_field_label)=}" remaining_items = "$param1 other items" hour_labels = { 0 = "M" 1 = "1am" 2 = "2am" 3 = "3am" 4 = "4am" 5 = "5am" 6 = "6am" 7 = "7am" 8 = "8am" 9 = "9am" 10 = "10am" 11 = "11am" 12 = "N" 13 = "1pm" 14 = "2pm" 15 = "3pm" 16 = "4pm" 17 = "5pm" 18 = "6pm" 19 = "7pm" 20 = "8pm" 21 = "9pm" 22 = "10pm" 23 = "11pm" } # hour_labels } # graph geoip = { unknown_country = "(unknown country)" unknown_region = "(unknown region)" unknown_city = "(unknown city)" } # geoip overview = { label = "Overview" date_label = "Start/End date:" days_covered_label = "Days covered:" all_days_label = "All days" average_per_day_label = "Average per day" } miscellaneous = { default_page = "(default page)" directories = "directories" days = "Days" years_months_days = "Years/months/days" } table = { total_label = "Total" subtotal_label = "Sub total" average_label = "Average" average_header_tag = "Average" cutoff_remainder_row_label = "$param1 other items" reloading_reports_page = "Reloading reports page, please wait." } # table menu = { groups = { department_group = "Department Group" traffic_group = "Traffic" date_time_group = "Date and time" content_group = "Content" referrer_group = "Referrers" visitor_demographics_group = "Visitor demographics" user_demographics_group = "User demographics" visitor_systems_group = "Visitor systems" user_systems_group = "User systems" technical_group = "Technical" sessions_group = "Sessions" accounting_group = "Process accounting" account_group = "Account" server_group = "Server" player_group = "Player" users_group = "Users" caching_group = "Caching" filtering_group = "Filtering" security_group = "Security" chat_room_group = "Chat rooms" source_group = "Source" destination_group = "Destination" translated_group = "Translated" authentication_group = "Authentication" actions_group = "Actions" processes_group = "Processes" other_group = "Other" stream_information_group = "Stream information" client_information_group = "Client information" tcp_flags_group = "TCP flags" icmp_group = "ICMP" startup_shutdown_group = "Startup/Shutdown" connections_group = "Connections" packet_logging_group = "Packet Logging" dhcp_group = "DHCP" netcon_group = "NetCon" all_sites_group = "All Sites" overview_group = "Overview" failed_logins_group = "Failed Logins" logins_group = "Logins" top_hours_group = "Top Hours" weekdays_group = "Weekdays" av_group = "AntiVirus" ip_filter = "IP Filter" event_group = "Event Log" # trend_micro_control_manager viruses_group = "Viruses" spyware_group = "Spyware" email_content_security_group = "Email Content Security" web_security_group = "Web Security" admin_group = "Admin" # interscan_web_security_suite url_filtering_group = "URL Filtering" executive_group = "Executive" # terraplay groups session_group = "Session" client_group = "Client" # beta_ias_csv tunnel_group = "Tunnel" } # groups reports = { overview = "Overview" log_detail = "Log Detail" sessions_overview = "Sessions Overview" session_paths = "Sessions Paths" session_page_paths = "Paths through a page" entry_pages = "Entry Pages" exit_pages = "Exit Pages" session_pages = "Session Pages" session_users = "Session Users" individual_sessions = "Individual Sessions" ### search_phrases_by_search_engine = "Search phrases by search engine" chat_detail = "Chat Details" broken_links = "Broken links" threat_detail = "Threat Detail" # trend_micro_control_manager computer_name_virus = "Computer names (Virus)" infect_source_virus = "Infect sources (Virus)" infect_destination_virus = "Infect destinations (Virus)" virus_virus = "Viruses (Virus)" product_virus = "Products (Virus)" pattern_virus = "Patterns (Virus)" file_name_virus = "File names (Virus)" file_path_virus = "File paths (Virus)" first_action_virus = "First actions (Virus)" first_action_result_virus = "First action results (Virus)" second_action_virus = "Second actions (Virus)" second_action_result_virus = "Second action results (Virus)" login_user_name_virus = "Login user names (Virus)" engine_virus = "Engines (Virus)" computer_name_spyware = "Computer names (Spyware)" infect_source_spyware = "Infect sources (Spyware)" infect_destination_spyware = "Infect destinations (Spyware)" virus_spyware = "Viruses (Spyware)" product_spyware = "Products (Spyware)" pattern_spyware = "Patterns (Spyware)" file_name_spyware = "File names (Spyware)" file_path_spyware = "File paths (Spyware)" first_action_spyware = "First actions (Spyware)" first_action_result_spyware = "First action results (Spyware)" second_action_spyware = "Second actions (Spyware)" second_action_result_spyware = "Second action results (Spyware)" login_user_name_spyware = "Login user names (Spyware)" engine_spyware = "Engines (Virus)" computer_name_email_content = "Computer names (Email)" message_id_email_content = "Message IDs (Email)" sender_email_content = "Senders (Email)" recipient_email_content = "Recipients (Email)" policy_name_email_content = "Policy names (Email)" policy_settings_email_content = "Policy settings (Email)" action_on_content_email_content = "Action on content (Email)" action_on_message_email_content = "Action on message (Email)" subject_email_content = "Subject (Email)" computer_name_web = "Computer names (Web)" # du filenames_directories = "Filenames/directories" # interscan_web_security_suite user_access = "Users (Access)" location_access = "Countries/Regions/Cities (Access)" domain_description_access = "Domain descriptions (Access)" user_virus = "Users (Virus)" location_virus = "Countries/Regions/Cities (Virus)" domain_description_virus = "Domain descriptions (Virus)" user_url_filtering = "Users (URL Filtering)" location_url_filtering = "Countries/Regions/Cities (URL Filtering)" domain_description_url_filtering = "Domain descriptions (URL Filtering)" executive_user = "Users" executive_domain = "Domains" executive_blocked_url = "Blocked URLs" executive_path = "Files" executive_file_type = "File types" executive_trend_category = "Trend Categories" # zeus_g search_phrases_by_search_engine = "Search phrases by search engine" search_phrases_by_paid_search_engine = "Search phrases by PPCSE" paid_search_engine = "Paid search engines" keywords_by_se_orders = "Keywords by SE/Orders" keywords_by_se_items = "Keywords by SE/Items" # beta_interscan_messaging_security_suite_integrated attachments_by_sender = "Attachments by sender" } # reports } # menu sessions_overview = { label = "Sessions overview" total_session_users = "Total session users" total_sessions = "Total sessions" total_accesses = "Total accesses" total_days = "Total days" sessions_per_day = "Sessions per day" repeat_users = "Repeat users" sessions_by_one_time_users = "Sessions by one-time users" sessions_by_repeat_users = "Sessions by repeat users" one_time_users = "One-time users" two_time_users = "Two-time users" three_time_users = "Three-time users" four_time_users = "Four-time users" five_time_users = "Five-time users" more_time_users = "Six+-time users" average_sessions_per_user = "Average sessions per user" median_sessions_per_user = "Median sessions per user" total_session_duration = "Total duration of all sessions" average_session_duration = "Average session duration" average_accesses_per_session = "Average accesses per session" } # sessions_overview session_pages = { label = "Session pages" sessions = "Sessions" page = "Page" events = "Events" time_spent = "Time spent" } # sessions_pages session_users = { label = "Session users" sessions = "Sessions" user = "User" events = "Events" time_spent = "Time spent" } # sessions_users session_paths = { label = "Session paths" of_sessions = "Out of $sessions sessions, ..." started_at = "started at" then_went_to = "then went to" then_ended = "then ended" more_sessions = "$sessions more sessions..." max_number_of_rows_label = "Maximum number of rows to add upon expand" reset_button = "Reset (Collapse All)" } # sessions_pages session_page_paths = { label = "Paths through a page" ### page_label = "Page" show_paths_button = "Show Paths" show_all_button = "Show All" unknown_page_paths_page = "Unknown page \"$internal.page_paths_page\"" no_page_paths_page_entered = "To use this view, a single page needs to be selected. Once a page is selected, the pages which were hit before and after it will be displayed. To get started, either type a page in the form above or select a single bottom level page from the \"Pages\" view and then change back to this view. If you type the name, it must exactly match the name of the page (the pathname)." page_paths_page_is_directory = "The page you chose ($internal.page_paths_page) is a directory (there are pages contained in it). You need to choose a bottom-level page, not a directory." unknown_page = "The value you chose ($internal.page_paths_page) is not a known page." no_sessions = "There are no sessions which hit the page '$internal.page_paths_page'" no_page = "No page is specified" page_paths_page_of_label = "Of the $param1 events for $param2" page_paths_page_no_events = "There are no session event on $internal.page_paths_page" page_paths_page_is_empty_message = "Please define a page name." page_names_lookup_label = "Page Lookup" page_names_lookup_search_result_label = "Page Lookup Search Result" page_label = "Page" from_label = "from" no_pages_found_info = "No pages found" page_names_lookup_search_label = "Page Lookup Search, page name or pages path contains" # used in phrase "N came from PAGE" predecessor_info = "came from" # used in phrase "N went to PAGE" successor_info = "went to" no_predecessor_info = "started at" no_successor_info = "ended at" more_rows = "more..." } # sessions_page_pages individual_sessions = { label = "Individual sessions" session_id = "Session ID" user = "User" start_time = "Start Time" end_time = "End Time" } # individual_sessions entry_pages = { label = "Entry pages" } # entry_pages # This should be a phrase or string which dividers database field names in the name of # multi-column report. E.g., if this is " by ", then the name of a report showing pages # and IPs will be "page by IP". Or if this is "/", the report name will be "page/IP". multi_column_report_divider = " by " # Obsoleted by the line above, but here for compatibility with legacy profiles search_phrases_by_search_engine.label = "Search phrases by search engine" firegen_view = { label = "FireGen™ View" } # firegen_view log_detail = { label = "Log detail" } # log_detail single_page_summary = { label = "Single-page Summary" } # single_page_summary urls_by_client_ip = { label = "URLs by client IP" } # urls_by_client_ip exit_pages = { label = "Exit pages" } # exit_pages ### session_pages = { ### ### label = "Session pages" ### ### } # exit_pages # This specified the divider to use between three-digit groups in large integers, # and the divider to use between the integer and decimal (fractional) portion of numbers. # For instance, with thousands_divider="," and decimal_divider=".", 1 million divided by three # would be represented as 333,333.333 (to three decimal points). # With thousands_divider="." and decimal_divider=",", 1 million divided by three # would be represented as 333.333,333 (to three decimal points). numbers = { thousands_divider = "," decimal_divider = "." } # These are the rules that we use to pluralize words. # These rules are based on regular expressions; see the documentation # on regular expressions for information about how to use them. In brief, # put ^ at the beginning of the word, $ and the end, (.*) where the word stem goes, # and an ending. Then put %22 -> %22, and the pluralized version, with $1 # where the word stem goes. You can have as many rules as you want; $PRODUCT_NAME will # try them all in order until it gets to an undefined rule number. # If one rule succeeds, the translation is done. If none of the rules match, # we use the word itself as its own plural. # # Note: the uncommon "Latin" pluralization which converts -us to -i (e.g. cactus->cacti) is omitted here, # because most -us words actually pluralized as -uses. If necessary, another rule can be added # if a latin pluralization is needed. # # Due to English's general lack of any sort of consistent spelling rules, # this will not work for all plurals, but it does a pretty good job for most of them. pluralize = { # English words ending in -Xy, where X is a consonant, are pluralized by replacing the y with ies. # E.g. city -> cities, party -> parties. y_to_ies = "^(.*[^aeiou])y$ -> $1ies" # English words ending in -Xs where X is a vowel, have an extra s added, followed by es. E.g. bus->busses. # Disabled for now, because it gives very strange results when the field name is already plural e.g. bytes->bytesses. # Best to leave words ending in s alone, I think, when pluralizing-- it might miss some, but overall will do better. # s_to_sses = "^(.*[aeiouy]s)$ -> $1ses" # English words ending in -s where the s does *not* follow a vowel are often pluralized by adding -es, e.g. toss->tosses. # BUT, because in many cases, field names are plural to begin with (e.g. recipients), # Words ending in -s are for the moment assumed to be plural already, and are not re-pluralized. # Words ending in -ss are assumed to be singular, and are pluralized by adding -es, e.g. address->addresses. #PLURALIZE_RULE_3 "^(.*s)$ -> $1es" ss_to_sses = "^(.*ss)$ -> $1es" s_to_s = "^(.*s)$ -> $1" # The word "data", or a phrase ending with "data", is already plural, and should not be pluralized. leave_data = "^(.*data)$ -> $1" # Most other English words are pluralized by adding -s. add_s = "^(.*)$ -> $1s" } # pluralize # These are the rules that $PRODUCT_NAME uses to capitalize words. # These rules are based on regular expressions; see the documentation # on regular expressions for information about how to use them. In brief, # put ^ at the beginning of the word, $ and the end, (.*) any place you want # to remember a section of the word to use in the capitalized version. # Then put %22 -> %22, and the pluralized version, with $1 first remembered section goes, # $2 for the second, etc. You can have as many rules as you want; $PRODUCT_NAME will # try them all in order until it gets to an undefined rule number. # If one rule succeeds, the translation is done. If none of the rules match, # $PRODUCT_NAME uses the word itself as its own capitalization. capitalize = { a = "^a(.*)$ -> A$1" b = "^b(.*)$ -> B$1" c = "^c(.*)$ -> C$1" d = "^d(.*)$ -> D$1" e = "^e(.*)$ -> E$1" f = "^f(.*)$ -> F$1" g = "^g(.*)$ -> G$1" h = "^h(.*)$ -> H$1" i = "^i(.*)$ -> I$1" j = "^j(.*)$ -> J$1" k = "^k(.*)$ -> K$1" l = "^l(.*)$ -> L$1" m = "^m(.*)$ -> M$1" n = "^n(.*)$ -> N$1" o = "^o(.*)$ -> O$1" p = "^p(.*)$ -> P$1" q = "^q(.*)$ -> Q$1" r = "^r(.*)$ -> R$1" s = "^s(.*)$ -> S$1" t = "^t(.*)$ -> T$1" u = "^u(.*)$ -> U$1" v = "^v(.*)$ -> V$1" w = "^w(.*)$ -> W$1" x = "^x(.*)$ -> X$1" y = "^y(.*)$ -> Y$1" z = "^z(.*)$ -> Z$1" } # capitalize weekdays = { 1 = "Sunday" 2 = "Monday" 3 = "Tuesday" 4 = "Wednesday" 5 = "Thursday" 6 = "Friday" 7 = "Saturday" corrupt_date_time = "corrupt date/time" } # weekdays weekdays_short = { 1 = "S" 2 = "M" 3 = "T" 4 = "W" 5 = "T" 6 = "F" 7 = "S" } # weekdays_short weekdays_twoletter = { 1 = "Su" 2 = "Mo" 3 = "Tu" 4 = "We" 5 = "Th" 6 = "Fr" 7 = "Sa" } # weekdays_twoletter hours = { 0 = "midnight - 1:00 AM" 1 = "1:00 AM - 2:00 AM" 2 = "2:00 AM - 3:00 AM" 3 = "3:00 AM - 4:00 AM" 4 = "4:00 AM - 5:00 AM" 5 = "5:00 AM - 6:00 AM" 6 = "6:00 AM - 7:00 AM" 7 = "7:00 AM - 8:00 AM" 8 = "8:00 AM - 9:00 AM" 9 = "9:00 AM - 10:00 AM" 10 = "10:00 AM - 11:00 AM" 11 = "11:00 AM - noon" 12 = "noon - 1:00 PM" 13 = "1:00 PM - 2:00 PM" 14 = "2:00 PM - 3:00 PM" 15 = "3:00 PM - 4:00 PM" 16 = "4:00 PM - 5:00 PM" 17 = "5:00 PM - 6:00 PM" 18 = "6:00 PM - 7:00 PM" 19 = "7:00 PM - 8:00 PM" 20 = "8:00 PM - 9:00 PM" 21 = "9:00 PM - 10:00 PM" 22 = "10:00 PM - 11:00 PM" 23 = "11:00 PM - midnight" } # hours hours_on_graph = { 0 = "0:00 midn." 1 = "1:00 am" 2 = "2:00 am" 3 = "3:00 am" 4 = "4:00 am" 5 = "5:00 am" 6 = "6:00 am" 7 = "7:00 am" 8 = "8:00 am" 9 = "9:00 am" 10 = "10:00 am" 11 = "11:00 am" 12 = "12:00 noon" 13 = "1:00 pm" 14 = "2:00 pm" 15 = "3:00 pm" 16 = "4:00 pm" 17 = "5:00 pm" 18 = "6:00 pm" 19 = "7:00 pm" 20 = "8:00 pm" 21 = "9:00 pm" 22 = "10:00 pm" 23 = "11:00 pm" } # hours_on_graph months = { 1 = "January" 2 = "February" 3 = "March" 4 = "April" 5 = "May" 6 = "June" 7 = "July" 8 = "August" 9 = "September" 10 = "October" 11 = "November" 12 = "December" } # months months_short = { Jan = "Jan" Feb = "Feb" Mar = "Mar" Apr = "Apr" May = "May" Jun = "Jun" Jul = "Jul" Aug = "Aug" Sep = "Sep" Oct = "Oct" Nov = "Nov" Dec = "Dec" } # months_short duration = { year = "year" month = "month" day = "day" hour = "hour" minute = "minute" second = "second" # This generates a 10y20d format for 10 years, 20 days, and 20d for 20 days. # Change this as appropriate for the language compact_year_day = "$(internal.duration.years)y $(internal.duration.days)d " compact_day = "$(internal.duration.days)d " # This calculates durations. It does not usually have to be translated. # It will display them as "Y years, D days, H hours, M minutes, S seconds", # using the unit words above. Unless this format is inappropriate for the language, # everything from here to "END calculation" can be left unmodified calculation = "{= subroutine(duration_multi(string unit, int value, bool more), ( if (value == 0) then ''; else ( if (value == 1) then print('1 $unit'); else value . ' ' . pluralize(unit); if (more) then ', '; ); )); subroutine(duration_hms(string unit, int value), ( if (length(value) == 1) then '0'; value; )); string total_duration = ''; if (internal.duration.compact) then ( if (internal.duration.years > 0) and (internal.duration.days > 0) then total_duration .= lang_stats.duration.compact_year_day; else if (internal.duration.days > 0) then total_duration .= lang_stats.duration.compact_day; ) else ( total_duration .= duration_multi(lang_stats.duration.year, internal.duration.years, true); total_duration .= duration_multi(lang_stats.duration.day, internal.duration.days, true); ); if (!internal.duration.compact) then ( total_duration .= duration_multi(lang_stats.duration.hour, internal.duration.hours, true); total_duration .= duration_multi(lang_stats.duration.minute, internal.duration.minutes, true); total_duration .= duration_multi(lang_stats.duration.second, internal.duration.seconds, false); if (length(total_duration) == 0) then total_duration = '0 ' . pluralize(lang_stats.duration.second); ) else ( total_duration .= duration_hms(lang_stats.duration.hour, internal.duration.hours); total_duration .= ':'; total_duration .= duration_hms(lang_stats.duration.minute, internal.duration.minutes); total_duration .= ':'; total_duration .= duration_hms(lang_stats.duration.second, internal.duration.seconds); ); total_duration; =}" # END calculation } # duration progress = { cancel_task_button = "Cancel Task" task_canceled_info = "Task has been cancelled." confirm_cancel_task_message = "Are you sure you want to cancel the task \"$param1\"?" progress_prediction_label = "Progress Prediction" collecting_progress_information_info = "Generating report and collecting progress information, please wait." receiving_progress_data_info = "Receiving progress information, please wait." database_is_processing_info = "Database is processing." processing_steps_label = "Processing steps" elapsed_time_label = "Elapsed time" remaining_time_label = "Remaining time" percent_complete_label = "Complete" processing_details_label = "Processing details" show_processing_details_button = "Show processing details" hide_processing_details_button = "Hide processing details" reading_command = "Reading output of command: $param1" # reading_log_file = "Reading log file: $param1" reading_log_file = "Reading log file: {=convert_local_code_page_to_utf8(param1)=}" reading_stdin = "Reading log data from standard input stream" writing_database = "Consolidating and writing database" building_indices = "Building database indices" preparing_to_consolidate = "Preparing to consolidate database" configuration_name = "Profile name" expiring_hits_before = "Expiring hits before $param1" deleting_unused_items = "Deleting unused items from database" converting_database = "Converting database segments" starting_safe_update = "Starting safe update" details_label = "Show/Hide Processing Details" log_entries_processed_label = "Log lines processed" log_bytes_processed_label = "Log bytes processed" log_entries_accepted_label = "Log entries accepted" time_elapsed_label = "Time elapsed" consolidation_time_spent_label = "Time spent consolidating database" average_processing_speed_label = "Average processing speed" current_processing_speed_label = "Current processing speed" entries_bytes_per_second_value = "$internal.progress.entries_per_second entries per second; $internal.progress.bytes_per_second per second" estimated_time_remaining_label = "Estimated time remaining" dns_lookups_attempted_label = "DNS lookups attempted" dns_lookups_succeeded_network_label = "DNS lookups succeeded (from network)" dns_lookups_succeeded_cache_label = "DNS lookups succeeded (from cache)" dns_lookups_failed_label = "DNS lookups failed" dns_lookups_timed_out_label = "DNS lookups timed out" memory_used_by_write_buffer = "Memory used by database write buffer" disk_used_by_write_buffer = "Disk space used by database write buffer" memory_used_by_visitor_info = "Memory used by visitor lists" memory_used_by_largest_segment = "Memory used by largest database segment" memory_used_by_field_names = "Memory used by $internal.field_name index" more_information = "More information" getting_http_data = "Getting data by HTTP from $volatile.log_source_http_hostname" querying_table_values = "Querying table values from the database ($total_table_rows rows)" splitting_sessions = "Splitting sessions" collecting_flattened_data = "Collecting bottom-level item data for statistics display" building_table_rows = "Building the table rows" building_xref_table = "Building cross-reference table $param1 ($param2)" building_index = "Building index for the $param1 database field" generating_subview = "Generating %22$SUBVIEWNAME%22 section ($SUBVIEWNUM of $NUMSUBVIEWS)" percent_complete = "Percent complete" processing_please_wait = "Processing--Please Wait..." skipping_previously_seen_data = "Skipping previously-seen data" combining_multisegment_xref = "Combining multisegment cross-reference table for query" querying_main_table = "Querying database main table" downloading_file = "Downloading/processing file $param1" major_task = { # label = Operation build_database = "Building database" update_database = "Updating database" remove_database_data = "Removing data from database" convert_61_database = "Converting 6.0/6.1 database" view_statistics = "Generating report" generate_html_files = "Generating HTML files" unknown = "Unknown" } # major_task step = { reading_log_data = "Reading log data" delete_unused_subitems = "Deleting unused subitems" merging_items = "Merging database items" merging_subitems = "Merging database subitems" merging_main_table = "Merging database main table" merging_xref_tables = "Merging database cross-reference tables" removing_database_data = "Removing data from main table" deleting_unused_items = "Deleting unused items" querying_log_detail = "Querying log detail from main table" collecting_table_data = "Collecting data from xref table" collecting_table_data_main_table = "Collecting data from main table" integrating_table_data = "Integrating collected data into table" querying_table_values = "Querying table values" computing_overview = "Computing Overview" generating_report_table = "Generating report table" ### generating_table_display = "Generating table display" generating_display = "Generating display" computing_session_information = "Computing session information" generating_report = "Generating report" loading_filtered_session_logfile = "Loading filtered session information" computing_filtered_session_information = "Computing filtered session information" loading_session_logfile = "Loading session information" collecting_session_information = "Collecting session information" splitting_sessions = "Splitting/eliminating sessions with timeout and maximum duration" adding_logfile_indices = "Adding indices to main table" building_xref_tables = "Building cross-reference tables" building_hierarchy_tables = "Building hierarchy tables" building_indices_simultaneously = "Building database indices simultaneously" building_indices_separately = "Building database indices" building_xrefs_simultaneously = "Building database cross-reference tables" building_xrefs_separately = "Building database cross-reference tables separately" downloading_geoip_database = "Downloading the GeoIP database (14M)" subprocesses_building_indices_and_xrefs = "Waiting for subprocesses to build indices and cross-references" erasing_database = "Erasing database" computing_subtables = "Computing subtables" computing_leading_sums = "Computing leading row sums" generating_table_display = "Generating table display" detecting_log_format = "Detecting log format" } # step details = { log_lines_processed = "Log lines processed" average_log_lines_per_second = "Average lines per second" current_log_lines_per_second = "Current lines per second" maximum_log_lines_per_second = "Maximum lines per second" log_bytes_processed = "Log bytes processed" average_log_bytes_per_second = "Average bytes per second" current_log_bytes_per_second = "Current bytes per second" maximum_log_bytes_per_second = "Maximum bytes per second" log_bytes_downloaded = "Log bytes downloaded" } # details minor_task_label = "Current sub-operation" minor_minor_task_label = "Current sub-sub-operation" task_processing_file = "Processing file $param" } # progress log_formats = { helix_universal = { turboplay = { 0|1|0 = "Off - User preference" 0|2|0 = "Off - Available bandwidth below 256 Kbps" 0|3|0 = "Off - SureStream in use" 0|4|0 = "Off - Excess rebuffering" 0|5|0 = "Off - Presentation not enabled for TurboPlay" 0|6|0 = "Off - Server not enabled for TurboPlay" 0|7|0 = "Off - Live presentation not supported" 1 = "On" "(empty)" = "(empty)" } # turboplay transport = { 0 = "IP Multicast" 1 = "UDP" 2 = "TCP" 3 = "HTTP cloaked" "(empty)" = "(empty)" } # transport clip_end = { 0 = "end of presentation reached" 1 = "stop command issued" 2 = "reconnection required" 3 = "redirection" "(empty)" = "(empty)" } # clip_end } # helix_universal snort2_syslog = { # Note to translators: these are the English versions of the Snort 2 log format rules. # They will appear only when Snort logs are analyzed. It is not necessary to translate # these unless you need Snort reports to be translated. rule = { 113 = "BACKDOOR DeepThroat access" 122 = "BACKDOOR DeepThroat 3.1 System Info Client Request" 124 = "BACKDOOR DeepThroat 3.1 FTP Status Client Request" 125 = "BACKDOOR DeepThroat 3.1 E-Mail Info From Server" 126 = "BACKDOOR DeepThroat 3.1 E-Mail Info Client Request" 127 = "BACKDOOR DeepThroat 3.1 Server Status From Server" 128 = "BACKDOOR DeepThroat 3.1 Server Status Client Request" 129 = "BACKDOOR DeepThroat 3.1 Drive Info From Server" 130 = "BACKDOOR DeepThroat 3.1 System Info From Server" 131 = "BACKDOOR DeepThroat 3.1 Drive Info Client Request" 132 = "BACKDOOR DeepThroat 3.1 Server FTP Port Change From Server" 133 = "BACKDOOR DeepThroat 3.1 Cached Passwords Client Request" 134 = "BACKDOOR DeepThroat 3.1 RAS Passwords Client Request" 135 = "BACKDOOR DeepThroat 3.1 Server Password Change Client Request" 136 = "BACKDOOR DeepThroat 3.1 Server Password Remove Client Request" 137 = "BACKDOOR DeepThroat 3.1 Rehash Client Request" 138 = "BACKDOOR DeepThroat 3.1 Server Rehash Client Request" 140 = "BACKDOOR DeepThroat 3.1 ICQ Alert OFF Client Request" 142 = "BACKDOOR DeepThroat 3.1 ICQ Alert ON Client Request" 143 = "BACKDOOR DeepThroat 3.1 Change Wallpaper Client Request" 148 = "BACKDOOR DeepThroat 3.1 Keylogger Active on Network" 149 = "BACKDOOR DeepThroat 3.1 Client Sending Data to Server on Network" 150 = "BACKDOOR DeepThroat 3.1 Server Active on Network" 154 = "BACKDOOR DeepThroat 3.1 Wrong Password" 156 = "BACKDOOR DeepThroat 3.1 Visible Window List Client Request" 160 = "BACKDOOR NetMetro Incoming Traffic" 164 = "BACKDOOR DeepThroat 3.1 Server Active on Network" 165 = "BACKDOOR DeepThroat 3.1 Keylogger on Server ON" 166 = "BACKDOOR DeepThroat 3.1 Show Picture Client Request" 167 = "BACKDOOR DeepThroat 3.1 Hide/Show Clock Client Request" 168 = "BACKDOOR DeepThroat 3.1 Hide/Show Desktop Client Request" 169 = "BACKDOOR DeepThroat 3.1 Swap Mouse Buttons Client Request" 170 = "BACKDOOR DeepThroat 3.1 Enable/Disable CTRL-ALT-DEL Client Request" 171 = "BACKDOOR DeepThroat 3.1 Freeze Mouse Client Request" 172 = "BACKDOOR DeepThroat 3.1 Show Dialog Box Client Request" 173 = "BACKDOOR DeepThroat 3.1 Show Replyable Dialog Box Client Request" 174 = "BACKDOOR DeepThroat 3.1 Hide/Show Start Button Client Request" 175 = "BACKDOOR DeepThroat 3.1 Resolution Change Client Request" 177 = "BACKDOOR DeepThroat 3.1 Keylogger on Server OFF" 179 = "BACKDOOR DeepThroat 3.1 FTP Server Port Client Request" 180 = "BACKDOOR DeepThroat 3.1 Process List Client request" 181 = "BACKDOOR DeepThroat 3.1 Close Port Scan Client Request" 182 = "BACKDOOR DeepThroat 3.1 Registry Add Client Request" 186 = "BACKDOOR DeepThroat 3.1 Monitor on/off Client Request" 187 = "BACKDOOR DeepThroat 3.1 Delete File Client Request" 188 = "BACKDOOR DeepThroat 3.1 Kill Window Client Request" 189 = "BACKDOOR DeepThroat 3.1 Disable Window Client Request" 190 = "BACKDOOR DeepThroat 3.1 Enable Window Client Request" 191 = "BACKDOOR DeepThroat 3.1 Change Window Title Client Request" 192 = "BACKDOOR DeepThroat 3.1 Hide Window Client Request" 193 = "BACKDOOR DeepThroat 3.1 Show Window Client Request" 194 = "BACKDOOR DeepThroat 3.1 Send Text to Window Client Request" 196 = "BACKDOOR DeepThroat 3.1 Hide/Show Systray Client Request" 197 = "BACKDOOR DeepThroat 3.1 Create Directory Client Request" 198 = "BACKDOOR DeepThroat 3.1 All Window List Client Request" 199 = "BACKDOOR DeepThroat 3.1 Play Sound Client Request" 200 = "BACKDOOR DeepThroat 3.1 Run Program Normal Client Request" 201 = "BACKDOOR DeepThroat 3.1 Run Program Hidden Client Request" 202 = "BACKDOOR DeepThroat 3.1 Get NET File Client Request" 203 = "BACKDOOR DeepThroat 3.1 Find File Client Request" 204 = "BACKDOOR DeepThroat 3.1 Find File Client Request" 205 = "BACKDOOR DeepThroat 3.1 HUP Modem Client Request" 206 = "BACKDOOR DeepThroat 3.1 CD ROM Open Client Request" 207 = "BACKDOOR DeepThroat 3.1 CD ROM Close Client Request" 293 = "IMAP EXPLOIT overflow" 295 = "IMAP EXPLOIT x86 linux overflow" 296 = "IMAP EXPLOIT x86 linux overflow" 297 = "IMAP EXPLOIT x86 linux overflow" 298 = "IMAP EXPLOIT x86 linux overflow" 299 = "IMAP EXPLOIT x86 linux overflow" 318 = "EXPLOIT bootp x86 bsd overfow" 319 = "EXPLOIT bootp x86 linux overflow" 338 = "FTP EXPLOIT format string" 340 = "FTP EXPLOIT overflow" 341 = "FTP EXPLOIT overflow" 342 = "FTP EXPLOIT wu-ftpd 2.6.0 site exec format string overflow Solaris 2.8" 343 = "FTP EXPLOIT wu-ftpd 2.6.0 site exec format string overflow FreeBSD" 345 = "FTP EXPLOIT wu-ftpd 2.6.0 site exec format string overflow generic" 346 = "FTP EXPLOIT wu-ftpd 2.6.0 site exec format string check" 348 = "FTP EXPLOIT wu-ftpd 2.6.0" 349 = "FTP EXPLOIT MKD overflow" 350 = "FTP EXPLOIT x86 linux overflow" 351 = "FTP EXPLOIT x86 linux overflow" 352 = "FTP EXPLOIT x86 linux overflow" 445 = "ICMP SKIP" 446 = "ICMP SKIP (Undefined Code!" 448 = "ICMP Source Quench (Undefined Code!)" 449 = "ICMP Time-To-Live Exceeded in Transit" 450 = "ICMP Time-To-Live Exceeded in Transit (Undefined Code!)" 455 = "ICMP Traceroute ipopts" 488 = "INFO Connection Closed MSG from Port 80" 490 = "INFO battle-mail traffic" 501 = "MISC source route lssre" 508 = "MISC gopher proxy" 513 = "MISC Cisco Catalyst Remote Access" 516 = "MISC SNMP NT UserList" 521 = "MISC Large UDP Packet" 529 = "NETBIOS DOS RFPoison" 534 = "NETBIOS SMB CD.." 535 = "NETBIOS SMB CD..." 536 = "NETBIOS SMB D access" 537 = "NETBIOS SMB IPC access" 538 = "NETBIOS SMB IPC access" 539 = "NETBIOS Samba clientaccess" 556 = "P2P Outbound GNUTella client request" 557 = "P2P GNUTella client request" 558 = "INFO Outbound GNUTella client request" 559 = "P2P Inbound GNUTella client request" 560 = "POLICY VNC server response" 561 = "P2P Napster Client Data" 562 = "P2P Napster Client Data" 563 = "P2P Napster Client Data" 564 = "P2P Napster Client Data" 565 = "P2P Napster Server Login" 566 = "POLICY PCAnywhere server response" 569 = "RPC snmpXdmi overflow attempt TCP" 570 = "RPC EXPLOIT ttdbserv solaris overflow" 571 = "RPC EXPLOIT ttdbserv Solaris overflow" 572 = "RPC DOS ttdbserv Solaris" 573 = "RPC AMD Overflow" 588 = "RPC portmap ttdbserv request UDP" 592 = "RPC rstatd query" 596 = "RPC portmap listing" 597 = "RPC portmap listing" 600 = "RPC EXPLOIT statdx" 601 = "RSERVICES rlogin LinuxNIS" 612 = "RPC rusers query UDP" 613 = "SCAN myscan" 615 = "SCAN SOCKS Proxy attempt" 616 = "SCAN ident version request" 617 = "SCAN ssh-research-scanner" 619 = "SCAN cybercop os probe" 622 = "SCAN ipEye SYN scan" 628 = "SCAN nmap TCP" 635 = "SCAN XTACACS logout" 636 = "SCAN cybercop udp bomb" 637 = "SCAN Webtrends Scanner UDP Probe" 647 = "SHELLCODE sparc setuid 0" 652 = "SHELLCODE Linux shellcode" 653 = "SHELLCODE x86 unicode NOOP" 656 = "SMTP EXPLOIT x86 windows CSMMail overflow" 666 = "SMTP sendmail 8.4.1 exploit" 674 = "MS-SQL xp_displayparamstmt possible buffer overflow" 675 = "MS-SQL xp_setsqlsecurity possible buffer overflow" 690 = "MS-SQL/SMB xp_printstatements possible buffer overflow" 695 = "MS-SQL/SMB xp_sprintf possible buffer overflow" 696 = "MS-SQL/SMB xp_showcolv possible buffer overflow" 697 = "MS-SQL/SMB xp_peekqueue possible buffer overflow" 698 = "MS-SQL/SMB xp_proxiedmetadata possible buffer overflow" 699 = "MS-SQL xp_printstatements possible buffer overflow" 700 = "MS-SQL/SMB xp_updatecolvbm possible buffer overflow" 701 = "MS-SQL xp_updatecolvbm possible buffer overflow" 702 = "MS-SQL/SMB xp_displayparamstmt possible buffer overflow" 703 = "MS-SQL/SMB xp_setsqlsecurity possible buffer overflow" 704 = "MS-SQL xp_sprintf possible buffer overflow" 705 = "MS-SQL xp_showcolv possible buffer overflow" 707 = "MS-SQL xp_proxiedmetadata possible buffer overflow" 709 = "TELNET 4Dgifts SGI account attempt" 710 = "TELNET EZsetup account attempt" 712 = "TELNET ld_library_path" 713 = "TELNET livingston DOS" 714 = "TELNET resolv_host_conf" 721 = "Virus - Possible pif Worm" 722 = "Virus - Possible NAVIDAD Worm" 723 = "Virus - Possible MyRomeo Worm" 729 = "Virus - Possible scr Worm" 730 = "Virus - Possible shs Worm" 732 = "Virus - Possible QAZ Worm Infection" 736 = "Virus - Successful eurocalculator execution" 737 = "Virus - Possible eurocalculator.exe file" 738 = "Virus - Possible Pikachu Pokemon Virus" 739 = "Virus - Possible Triplesix Worm" 740 = "Virus - Possible Tune.vbs" 741 = "Virus - Possible NAIL Worm" 742 = "Virus - Possible NAIL Worm" 743 = "Virus - Possible NAIL Worm" 744 = "Virus - Possible NAIL Worm" 745 = "Virus - Possible Papa Worm" 746 = "Virus - Possible Freelink Worm" 747 = "Virus - Possible Simbiosis Worm" 748 = "Virus - Possible BADASS Worm" 749 = "Virus - Possible ExploreZip.B Worm" 751 = "Virus - Possible wscript.KakWorm" 752 = "Virus Possible Suppl Worm" 753 = "Virus - Possible NewApt.Worm - theobbq.exe" 754 = "Virus - Possible Word Macro - VALE" 755 = "Virus - Possible IROK Worm" 756 = "Virus - Possible Fix2001 Worm" 757 = "Virus - Possible Y2K Zelu Trojan" 758 = "Virus - Possible The_Fly Trojan" 759 = "Virus - Possible Word Macro - VALE" 760 = "Virus - Possible Passion Worm" 761 = "Virus - Possible NewApt.Worm - cooler3.exe" 762 = "Virus - Possible NewApt.Worm - party.exe" 763 = "Virus - Possible NewApt.Worm - hog.exe" 764 = "Virus - Possible NewApt.Worm - goal1.exe" 765 = "Virus - Possible NewApt.Worm - pirate.exe" 766 = "Virus - Possible NewApt.Worm - video.exe" 767 = "Virus - Possible NewApt.Worm - baby.exe" 768 = "Virus - Possible NewApt.Worm - cooler1.exe" 769 = "Virus - Possible NewApt.Worm - boss.exe" 770 = "Virus - Possible NewApt.Worm - g-zilla.exe" 771 = "Virus - Possible ToadieE-mail Trojan" 773 = "Virus - Possible Happy99 Virus" 774 = "Virus - Possible CheckThis Trojan" 776 = "Virus - Possible NewApt.Worm - copier.exe" 777 = "Virus - Possible MyPics Worm" 778 = "Virus - Possible Babylonia - X-MAS.exe" 779 = "Virus - Possible NewApt.Worm - gadget.exe" 780 = "Virus - Possible NewApt.Worm - irnglant.exe" 781 = "Virus - Possible NewApt.Worm - casper.exe" 782 = "Virus - Possible NewApt.Worm - fborfw.exe" 783 = "Virus - Possible NewApt.Worm - saddam.exe" 784 = "Virus - Possible NewApt.Worm - bboy.exe" 785 = "Virus - Possible NewApt.Worm - monica.exe" 786 = "Virus - Possible NewApt.Worm - goal.exe" 787 = "Virus - Possible NewApt.Worm - panther.exe" 788 = "Virus - Possible NewApt.Worm - chestburst.exe" 789 = "Virus - Possible NewApt.Worm - farter.exe" 790 = "Virus - Possible Common Sense Worm" 791 = "Virus - Possible NewApt.Worm - cupid2.exe" 792 = "Virus - Possible Resume Worm" 794 = "Virus - Possible Resume Worm" 799 = "Virus - Possible Timofonica Worm" 800 = "Virus - Possible Resume Worm" 802 = "Virus - Possible Zipped Files Trojan" 808 = "WEB-CGI webdriver access" 809 = "WEB-CGI whois_raw.cgi arbitrary command execution attempt" 810 = "WEB-CGI whois_raw.cgi access" 811 = "WEB-CGI websitepro path access" 812 = "WEB-CGI webplus version access" 815 = "WEB-CGI websendmail access" 818 = "WEB-CGI dcforum.cgi access" 819 = "WEB-CGI mmstdod.cgi access" 820 = "WEB-CGI anaconda directory transversal attempt" 821 = "WEB-CGI imagemap.exe overflow attempt" 823 = "WEB-CGI cvsweb.cgi access" 825 = "WEB-CGI glimpse access" 826 = "WEB-CGI htmlscript access" 827 = "WEB-CGI info2www access" 828 = "WEB-CGI maillist.pl access" 829 = "WEB-CGI nph-test-cgi access" 830 = "WEB-CGI NPH-publish access" 832 = "WEB-CGI perl.exe access" 833 = "WEB-CGI rguest.exe access" 834 = "WEB-CGI rwwwshell.pl access" 836 = "WEB-CGI textcounter.pl access" 837 = "WEB-CGI uploader.exe access" 838 = "WEB-CGI webgais access" 839 = "WEB-CGI finger access" 840 = "WEB-CGI perlshop.cgi access" 841 = "WEB-CGI pfdisplay.cgi access" 842 = "WEB-CGI aglimpse access" 843 = "WEB-CGI anform2 access" 844 = "WEB-CGI args.bat access" 846 = "WEB-CGI bnbform.cgi access" 847 = "WEB-CGI campas access" 849 = "WEB-CGI view-source access" 850 = "WEB-CGI wais.pl access" 851 = "WEB-CGI files.pl access" 852 = "WEB-CGI wguest.exe access" 853 = "WEB-CGI wrap access" 854 = "WEB-CGI classifieds.cgi access" 855 = "WEB-CGI edit.pl access" 856 = "WEB-CGI environ.cgi access" 857 = "WEB-CGI faxsurvey access" 858 = "WEB-CGI filemail access" 859 = "WEB-CGI man.sh access" 860 = "WEB-CGI snork.bat access" 861 = "WEB-CGI w3-msql access" 862 = "WEB-CGI csh access" 863 = "WEB-CGI day5datacopier.cgi access" 864 = "WEB-CGI day5datanotifier.cgi access" 865 = "WEB-CGI ksh access" 866 = "WEB-CGI post-query access" 868 = "WEB-CGI rsh access" 869 = "WEB-CGI dumpenv.pl access" 870 = "WEB-CGI snorkerz.cmd access" 871 = "WEB-CGI survey.cgi access" 872 = "WEB-CGI tcsh access" 873 = "WEB-CGI scriptalias access" 874 = "WEB-CGI w3-msql solaris x86 access" 875 = "WEB-CGI win-c-sample.exe access" 877 = "WEB-CGI rksh access" 878 = "WEB-CGI w3tvars.pm access" 880 = "WEB-CGI LWGate access" 881 = "WEB-CGI archie access" 883 = "WEB-CGI flexform access" 884 = "WEB-CGI formmail access" 885 = "WEB-CGI bash access" 886 = "WEB-CGI phf access" 887 = "WEB-CGI www-sql access" 889 = "WEB-CGI ppdscgi.exe access" 890 = "WEB-CGI sendform.cgi access" 891 = "WEB-CGI upload.pl access" 892 = "WEB-CGI AnyForm2 access" 893 = "WEB-CGI MachineInfo access" 895 = "WEB-CGI redirect access" 896 = "WEB-CGI way-board access" 897 = "WEB-CGI pals-cgi access" 898 = "WEB-CGI commerce.cgi access" 901 = "WEB-CGI webspirs.cgi access" 902 = "WEB-CGI tstisapi.dll access" 903 = "WEB-COLDFUSION cfcache.map access" 909 = "WEB-COLDFUSION datasource username attempt" 910 = "WEB-COLDFUSION fileexists.cfm access" 911 = "WEB-COLDFUSION exprcalc access" 912 = "WEB-COLDFUSION parks access" 913 = "WEB-COLDFUSION cfappman access" 914 = "WEB-COLDFUSION beaninfo access" 915 = "WEB-COLDFUSION evaluate.cfm access" 916 = "WEB-COLDFUSION getodbcdsn access" 917 = "WEB-COLDFUSION db connections flush attempt" 918 = "WEB-COLDFUSION expeval access" 919 = "WEB-COLDFUSION datasource passwordattempt" 920 = "WEB-COLDFUSION datasource attempt" 922 = "WEB-COLDFUSION displayfile access" 923 = "WEB-COLDFUSION getodbcin attempt" 925 = "WEB-COLDFUSION mainframeset access" 926 = "WEB-COLDFUSION set odbc ini attempt" 927 = "WEB-COLDFUSION settings refresh attempt" 928 = "WEB-COLDFUSION exampleapp access" 929 = "WEB-COLDFUSION CFUSION_VERIFYMAIL access" 930 = "WEB-COLDFUSION snippets attempt" 931 = "WEB-COLDFUSION cfmlsyntaxcheck.cfm access" 932 = "WEB-COLDFUSION application.cfm access" 933 = "WEB-COLDFUSION onrequestend.cfm access" 936 = "WEB-COLDFUSION gettempdirectory.cfm access-" 937 = "WEB-FRONTPAGE _vti_rpc access" 940 = "WEB-FRONTPAGE shtml.dll access" 941 = "WEB-FRONTPAGE contents.htm access" 942 = "WEB-FRONTPAGE orders.htm access" 943 = "WEB-FRONTPAGE fpsrvadm.exe access" 944 = "WEB-FRONTPAGE fpremadm.exe access" 946 = "WEB-FRONTPAGE fpadmcgi.exe access" 947 = "WEB-FRONTPAGE orders.txt access" 949 = "WEB-FRONTPAGE registrations.htm access" 950 = "WEB-FRONTPAGE cfgwiz.exe access" 954 = "WEB-FRONTPAGE form_results.htm access" 955 = "WEB-FRONTPAGE access.cnf access" 956 = "WEB-FRONTPAGE register.txt access" 957 = "WEB-FRONTPAGE registrations.txt access" 959 = "WEB-FRONTPAGE service.pwd" 960 = "WEB-FRONTPAGE service.stp access" 961 = "WEB-FRONTPAGE services.cnf access" 962 = "WEB-FRONTPAGE shtml.exe access" 963 = "WEB-FRONTPAGE svcacl.cnf access" 964 = "WEB-FRONTPAGE users.pwd access" 965 = "WEB-FRONTPAGE writeto.cnf access" 966 = "WEB-FRONTPAGE fourdots request" 968 = "WEB-FRONTPAGE register.htm access" 984 = "WEB-IIS JET VBA access" 985 = "WEB-IIS JET VBA access" 1004 = "WEB-IIS codebrowser Exair access" 1005 = "WEB-IIS codebrowser SDK access" 1010 = "WEB-IIS encoding access" 1012 = "WEB-IIS fpcount attempt" 1013 = "WEB-IIS fpcount access" 1028 = "WEB-IIS query.asp access" 1031 = "WEB-IIS /SiteServer/Publishing/viewcode.asp access" 1032 = "WEB-IIS showcode access" 1033 = "WEB-IIS showcode access" 1034 = "WEB-IIS showcode access" 1035 = "WEB-IIS showcode access" 1036 = "WEB-IIS showcode access" 1047 = "WEB-MISC Netscape Enterprise DOS" 1048 = "WEB-MISC Netscape Enterprise directory listing attempt" 1049 = "WEB-MISC iPlanet ../../ DOS attempt" 1053 = "WEB-CGI ads.cgi command execution attempt" 1056 = "WEB-MISC Tomcat view source attempt" 1057 = "WEB-MISC ftp attempt" 1058 = "WEB-MISC xp_enumdsn attempt" 1059 = "WEB-MISC xp_filelist attempt" 1060 = "WEB-MISC xp_availablemedia attempt" 1061 = "WEB-MISC xp_cmdshell attempt" 1064 = "WEB-MISC wsh attempt" 1065 = "WEB-MISC rcmd attempt" 1068 = "WEB-MISC tftp attempt" 1069 = "WEB-MISC xp_regread attempt" 1077 = "WEB-MISC queryhit.htm access" 1078 = "WEB-MISC counter.exe access" 1081 = "WEB-MISC Netscape Servers suite DOS" 1082 = "WEB-MISC amazon 1-click cookie theft" 1083 = "WEB-MISC unify eWave ServletExec DOS" 1084 = "WEB-MISC Allaire JRUN DOS attempt" 1085 = "WEB-PHP strings overflow" 1086 = "WEB-PHP strings overflow" 1090 = "WEB-CGI Allaire Pro Web Shell attempt" 1091 = "WEB-MISC ICQ Webfront HTTP DOS" 1095 = "WEB-MISC Talentsoft Web+ Source Code view access" 1096 = "WEB-MISC Talentsoft Web+ internal IP Address access" 1097 = "WEB-CGI Talentsoft Web+ exploit attempt" 1098 = "WEB-MISC SmartWin CyberOffice Shopping Cart access" 1099 = "WEB-MISC cybercop scan" 1100 = "WEB-MISC L3retriever HTTP Probe" 1101 = "WEB-MISC Webtrends HTTP probe" 1102 = "WEB-MISC Nessus 404 probe" 1105 = "WEB-MISC BigBrother access" 1106 = "WEB-CGI Poll-it access" 1107 = "WEB-MISC ftp.pl access" 1108 = "WEB-MISC Tomcat server snoop access" 1109 = "WEB-MISC ROXEN directory list attempt" 1110 = "WEB-MISC apache source.asp file access" 1114 = "WEB-MISC prefix-get //" 1115 = "WEB-MISC ICQ webserver DOS" 1116 = "WEB-MISC Lotus DelDoc attempt" 1117 = "WEB-MISC Lotus EditDoc attempt" 1118 = "WEB-MISC ls -l" 1119 = "WEB-MISC mlog.phtml access" 1120 = "WEB-MISC mylog.phtml access" 1121 = "WEB-MISC O\\'Reilly args.bat access" 1123 = "WEB-MISC ?PageServices access" 1124 = "WEB-MISC Ecommerce check.txt access" 1125 = "WEB-MISC webcart access" 1126 = "WEB-MISC AuthChangeUrl access" 1127 = "WEB-MISC convert.bas access" 1128 = "WEB-MISC cpshost.dll access" 1130 = "WEB-MISC .wwwacl access" 1131 = "WEB-MISC .wwwacl access" 1132 = "WEB-MISC Netscape Unixware overflow" 1136 = "WEB-MISC cd.." 1138 = "WEB-MISC Cisco Web DOS attempt" 1140 = "WEB-MISC guestbook.pl access" 1141 = "WEB-MISC handler access" 1142 = "WEB-MISC /.... access" 1143 = "WEB-MISC ///cgi-bin access" 1144 = "WEB-MISC /cgi-bin/// access" 1145 = "WEB-MISC /~root access" 1146 = "WEB-MISC Ecommerce import.txt access" 1147 = "WEB-MISC cat access" 1148 = "WEB-MISC Ecommerce import.txt access" 1149 = "WEB-CGI count.cgi access" 1150 = "WEB-MISC Domino catalog.nsf access" 1151 = "WEB-MISC Domino domcfg.nsf access" 1152 = "WEB-MISC Domino domlog.nsf access" 1153 = "WEB-MISC Domino log.nsf access" 1154 = "WEB-MISC Domino names.nsf access" 1155 = "WEB-MISC Ecommerce checks.txt access" 1156 = "WEB-MISC apache DOS attempt" 1157 = "WEB-MISC Netscape PublishingXpert access" 1160 = "WEB-MISC Netscape dir index wp" 1161 = "WEB-PHP piranha passwd.php3 access" 1164 = "WEB-MISC shopping cart access access" 1165 = "WEB-MISC Novell Groupwise gwweb.exe access" 1168 = "WEB-MISC mall log order access" 1172 = "WEB-CGI bigconf.cgi access" 1173 = "WEB-MISC architext_query.pl access" 1174 = "WEB-CGI /cgi-bin/jj access" 1177 = "WEB-MISC Netscape Enterprise Server directory view" 1178 = "WEB-PHP Phorum read access" 1179 = "WEB-PHP Phorum violation access" 1180 = "WEB-MISC get32.exe access" 1181 = "WEB-MISC Annex Terminal DOS attempt" 1182 = "WEB-MISC cgitest.exe attempt" 1183 = "WEB-MISC Netscape Enterprise Server directory view" 1184 = "WEB-MISC Netscape Enterprise Server directory view" 1185 = "WEB-CGI bizdbsearch attempt" 1192 = "WEB-MISC Trend Micro OfficeScan access" 1193 = "WEB-MISC oracle web arbitrary command execution attempt" 1194 = "WEB-CGI sojourn.cgi File attempt" 1195 = "WEB-CGI sojourn.cgi access" 1197 = "WEB-PHP Phorum code access" 1200 = "ATTACK-RESPONSES Invalid URL" 1201 = "ATTACK-RESPONSES 403 Forbidden" 1202 = "WEB-MISC search.vts access" 1205 = "WEB-CGI axs.cgi access" 1206 = "WEB-CGI cachemgr.cgi access" 1207 = "WEB-MISC htgrep access" 1208 = "WEB-CGI responder.cgi access" 1209 = "WEB-MISC .nsconfig access" 1211 = "WEB-CGI web-map.cgi access" 1213 = "WEB-MISC backup access" 1214 = "WEB-MISC intranet access" 1216 = "WEB-MISC filemail access" 1217 = "WEB-MISC plusmail access" 1219 = "WEB-CGI dfire.cgi access" 1220 = "WEB-MISC ultraboard access" 1221 = "WEB-MISC musicat empower access" 1222 = "WEB-CGI pals-cgi arbitrary file access attempt" 1224 = "WEB-MISC ROADS search.pl attempt" 1230 = "WEB-MISC VirusWall FtpSave access" 1231 = "WEB-MISC VirusWall catinfo access" 1232 = "WEB-MISC VirusWall catinfo access" 1234 = "WEB-MISC VirusWall FtpSaveCSP access" 1235 = "WEB-MISC VirusWall FtpSaveCVP access" 1236 = "WEB-MISC Tomcat sourecode view" 1237 = "WEB-MISC Tomcat sourecode view" 1238 = "WEB-MISC Tomcat sourecode view" 1239 = "NETBIOS RFParalyze Attempt" 1246 = "WEB-FRONTPAGE rad overflow attempt" 1247 = "WEB-FRONTPAGE rad overflow attempt" 1248 = "WEB-FRONTPAGE rad fp30reg.dll access" 1249 = "WEB-FRONTPAGE frontpage rad fp4areg.dll access" 1252 = "TELNET bsd telnet exploit response" 1253 = "TELNET bsd exploit client finishing" 1254 = "WEB-PHP PHPLIB remote command attempt" 1255 = "WEB-PHP PHPLIB remote command attempt" 1258 = "WEB-MISC HP OpenView Manager DOS" 1259 = "WEB-MISC SWEditServlet access" 1274 = "RPC portmap ttdbserv request TCP" 1276 = "RPC portmap ypserv request TCP" 1277 = "RPC portmap ypupdated request UDP" 1278 = "RPC rstatd query" 1282 = "RPC EXPLOIT statdx" 1288 = "WEB-FRONTPAGE /_vti_bin/ access" 1291 = "WEB-MISC sml3com access" 1293 = "NETBIOS nimda .eml" 1294 = "NETBIOS nimda .nws" 1295 = "NETBIOS nimda RICHED20.DLL" 1296 = "RPC portmap request yppasswdd" 1297 = "RPC portmap request yppasswdd" 1302 = "WEB-MISC console.exe access" 1303 = "WEB-MISC cs.exe access" 1304 = "WEB-CGI txt2html.cgi access" 1307 = "WEB-CGI store.cgi access" 1308 = "WEB-CGI sendmessage.cgi access" 1309 = "WEB-CGI zsh access" 1361 = "WEB-ATTACKS nmap command attempt" 1362 = "WEB-ATTACKS xterm command attempt" 1371 = "WEB-ATTACKS /etc/motd access" 1376 = "WEB-MISC jrun directory browse attempt" 1381 = "WEB-MISC Trend Micro OfficeScan attempt" 1384 = "MISC UPnP malformed advertisement" 1386 = "MS-SQL/SMB raiserror possible buffer overflow" 1388 = "MISC UPnP Location overflow" 1390 = "SHELLCODE x86 inc ebx NOOP" 1391 = "WEB-MISC Phorecast remote code execution attempt" 1392 = "WEB-CGI lastlines.cgi access" 1393 = "MISC AIM AddGame attempt" 1395 = "WEB-CGI zml.cgi attempt" 1396 = "WEB-CGI zml.cgi access" 1403 = "WEB-MISC viewcode access" 1404 = "WEB-MISC showcode access" 1405 = "WEB-CGI AHG search.cgi access" 1406 = "WEB-CGI agora.cgi access" 1407 = "WEB-PHP smssend.php access" 1409 = "SNMP community string buffer overflow attempt" 1410 = "WEB-CGI dcboard.cgi access" 1421 = "SNMP AgentX/tcp request" 1423 = "WEB-PHP content-disposition memchr overflow" 1424 = "SHELLCODE x86 EB OC NOOP" 1425 = "WEB-PHP content-disposition" 1426 = "SNMP PROTOS test-suite-req-app attempt" 1427 = "SNMP PROTOS test-suite-trap-app attempt" 1428 = "MULTIMEDIA audio galaxy keepalive" 1429 = "POLICY poll.gotomypc.com access" 1430 = "TELNET Solaris memory mismanagement exploit attempt" 1433 = "WEB-MISC .history access" 1434 = "WEB-MISC .bash_history access" 1436 = "MULTIMEDIA Quicktime User Agent access" 1437 = "MULTIMEDIA Windows Media audio download" 1438 = "MULTIMEDIA Windows Media Video download" 1439 = "MULTIMEDIA Shoutcast playlist redirection" 1440 = "MULTIMEDIA Icecast playlist redirection" 1447 = "MISC MS Terminal server request (RDP)" 1448 = "MISC MS Terminal server request" 1451 = "WEB-CGI NPH-publish access" 1452 = "WEB-CGI args.cmd access" 1453 = "WEB-CGI AT-generated.cgi access" 1454 = "WEB-CGI wwwwais access" 1455 = "WEB-CGI calender.pl access" 1458 = "WEB-CGI user_update_passwd.pl access" 1459 = "WEB-CGI bb-histlog.sh access" 1460 = "WEB-CGI bb-histsvc.sh access" 1461 = "WEB-CGI bb-rep.sh access" 1462 = "WEB-CGI bb-replog.sh access" 1464 = "ATTACK-RESPONSES oracle one hour install" 1465 = "WEB-CGI auktion.cgi access" 1466 = "WEB-CGI cgiforum.pl access" 1467 = "WEB-CGI directorypro.cgi access" 1468 = "WEB-CGI Web Shopper shopper.cgi attempt" 1469 = "WEB-CGI Web Shopper shopper.cgi access" 1470 = "WEB-CGI listrec.pl access" 1471 = "WEB-CGI mailnews.cgi access" 1472 = "WEB-CGI book.cgi access" 1473 = "WEB-CGI newsdesk.cgi access" 1474 = "WEB-CGI cal_make.pl access" 1475 = "WEB-CGI mailit.pl access" 1476 = "WEB-CGI sdbsearch.cgi access" 1477 = "WEB-CGI swc attempt" 1478 = "WEB-CGI swc access" 1479 = "WEB-CGI ttawebtop.cgi arbitrary file attempt" 1480 = "WEB-CGI ttawebtop.cgi access" 1481 = "WEB-CGI upload.cgi access" 1482 = "WEB-CGI view_source access" 1483 = "WEB-CGI ustorekeeper.pl access" 1489 = "WEB-MISC /~nobody access" 1493 = "WEB-MISC RBS ISP /newuser access" 1494 = "WEB-CGI SIX webboard generate.cgi attempt" 1495 = "WEB-CGI SIX webboard generate.cgi access" 1496 = "WEB-CGI spin_client.cgi access" 1499 = "WEB-MISC SiteScope Service access" 1500 = "WEB-MISC ExAir access" 1502 = "WEB-CGI a1stats a1disp3.cgi access" 1505 = "WEB-CGI alchemy http server PRN arbitrary command execution attempt" 1506 = "WEB-CGI alchemy http server NUL arbitrary command execution attempt" 1507 = "WEB-CGI alibaba.pl arbitrary command execution attempt" 1508 = "WEB-CGI alibaba.pl access" 1510 = "WEB-CGI test.bat arbitrary command execution attempt" 1511 = "WEB-CGI test.bat access" 1512 = "WEB-CGI input.bat arbitrary command execution attempt" 1513 = "WEB-CGI input.bat access" 1514 = "WEB-CGI input2.bat arbitrary command execution attempt" 1515 = "WEB-CGI input2.bat access" 1516 = "WEB-CGI envout.bat arbitrary command execution attempt" 1517 = "WEB-CGI envout.bat access" 1518 = "WEB-MISC nstelemetry.adp access" 1521 = "WEB-MISC server-status access" 1522 = "WEB-MISC ans.pl attempt" 1523 = "WEB-MISC ans.pl access" 1524 = "WEB-MISC AxisStorpoint CD attempt" 1525 = "WEB-MISC Axis Storpoint CD access" 1528 = "WEB-MISC BBoard access" 1531 = "WEB-CGI bb-hist.sh attempt" 1532 = "WEB-CGI bb-hostscv.sh attempt" 1533 = "WEB-CGI bb-hostscv.sh access" 1534 = "WEB-CGI agora.cgi attempt" 1535 = "WEB-CGI bizdbsearch access" 1538 = "NNTP AUTHINFO USER overflow attempt" 1539 = "WEB-CGI /cgi-bin/ls access" 1540 = "WEB-COLDFUSION ?Mode=debug attempt" 1542 = "WEB-CGI cgimail access" 1543 = "WEB-CGI cgiwrap access" 1547 = "WEB-CGI csSearch.cgi arbitrary command execution attempt" 1548 = "WEB-CGI csSearch.cgi access" 1551 = "WEB-MISC /CVS/Entries access" 1552 = "WEB-MISC cvsweb version access" 1553 = "WEB-CGI /cart/cart.cgi access" 1554 = "WEB-CGI dbman db.cgi access" 1555 = "WEB-CGI DCShop access" 1556 = "WEB-CGI DCShop orders.txt access" 1557 = "WEB-CGI DCShop auth_user_file.txt access" 1558 = "WEB-MISC Delegate whois overflow attempt" 1559 = "WEB-MISC /doc/packages access" 1560 = "WEB-MISC /doc/ access" 1561 = "WEB-MISC ?open access" 1563 = "WEB-MISC login.htm attempt" 1564 = "WEB-MISC login.htm access" 1565 = "WEB-CGI eshop.pl arbitrary commane execution attempt" 1566 = "WEB-CGI eshop.pl access" 1570 = "WEB-CGI loadpage.cgi access" 1572 = "WEB-CGI commerce.cgi arbitrary file access attempt" 1573 = "WEB-CGI cgiforum.pl attempt" 1574 = "WEB-CGI directorypro.cgi attempt" 1575 = "WEB-MISC Domino mab.nsf access" 1576 = "WEB-MISC Domino cersvr.nsf access" 1577 = "WEB-MISC Domino setup.nsf access" 1578 = "WEB-MISC Domino statrep.nsf access" 1580 = "WEB-MISC Domino events4.nsf access" 1581 = "WEB-MISC Domino ntsync4.nsf access" 1582 = "WEB-MISC Domino collect4.nsf access" 1583 = "WEB-MISC Domino mailw46.nsf access" 1584 = "WEB-MISC Domino bookmark.nsf access" 1585 = "WEB-MISC Domino agentrunner.nsf access" 1586 = "WEB-MISC Domino mail.box access" 1587 = "WEB-MISC cgitest.exe access" 1588 = "WEB-MISC SalesLogix Eviewer access" 1589 = "WEB-MISC musicat empower attempt" 1590 = "WEB-CGI faqmanager.cgi arbitrary file access attempt" 1591 = "WEB-CGI faqmanager.cgi access" 1592 = "WEB-CGI /fcgi-bin/echo.exe access" 1593 = "WEB-CGI FormHandler.cgi external site redirection attempt" 1594 = "WEB-CGI FormHandler.cgi access" 1597 = "WEB-CGI guestbook.cgi access" 1599 = "WEB-CGI search.cgi access" 1603 = "WEB-MISC DELETE attempt" 1606 = "WEB-CGI icat access" 1608 = "WEB-CGI htmlscript attempt" 1609 = "WEB-CGI faxsurvey arbitrary file read attempt" 1611 = "WEB-CGI eXtropia webstore access" 1612 = "WEB-MISC ftp.pl attempt" 1613 = "WEB-MISC handler attempt" 1614 = "WEB-MISC Novell Groupwise gwweb.exe attempt" 1615 = "WEB-MISC htgrep attempt" 1617 = "WEB-CGI Bugzilla doeditvotes.cgi access" 1619 = "EXPERIMENTAL WEB-IIS .htr request" 1620 = "BAD TRAFFIC Non-Standard IP protocol" 1629 = "OTHER-IDS SecureNetPro traffic" 1634 = "POP3 PASS overflow attempt" 1635 = "POP3 APOP overflow attempt" 1637 = "WEB-CGI yabb.cgi access" 1642 = "WEB-CGI document.d2w access" 1643 = "WEB-CGI db2www access" 1644 = "WEB-CGI test-cgi attempt" 1646 = "WEB-CGI test.cgi access" 1647 = "WEB-CGI faxsurvey attempt (full path)" 1648 = "WEB-CGI perl.exe command attempt" 1649 = "WEB-CGI perl command attempt" 1650 = "WEB-CGI tst.bat access" 1651 = "WEB-CGI enivorn.pl access" 1652 = "WEB-CGI campus attempt" 1653 = "WEB-CGI campus access" 1654 = "WEB-CGI cart32.exe access" 1655 = "WEB-CGI pfdispaly.cgi arbitrary command execution attempt" 1656 = "WEB-CGI pfdispaly.cgi access" 1658 = "WEB-CGI pagelog.cgi access" 1659 = "WEB-COLDFUSION sendmail.cfm access" 1663 = "WEB-MISC *.pl access" 1664 = "WEB-MISC mkplog.exe access" 1665 = "WEB-MISC mkilog.exe access" 1666 = "ATTACK-RESPONSES index of /cgi-bin/ response" 1668 = "WEB-CGI /cgi-bin/ access" 1669 = "WEB-CGI /cgi-dos/ access" 1670 = "WEB-MISC /home/ftp access" 1671 = "WEB-MISC /home/www access" 1698 = "ORACLE execute_system attempt" 1700 = "WEB-CGI imagemap.exe access" 1702 = "WEB-CGI Amaya templates sendtemp.pl access" 1705 = "WEB-CGI echo.bat arbitrary command execution attempt" 1706 = "WEB-CGI echo.bat access" 1707 = "WEB-CGI hello.bat arbitrary command execution attempt" 1708 = "WEB-CGI hello.bat access" 1709 = "WEB-CGI ad.cgi access" 1710 = "WEB-CGI bbs_forum.cgi access" 1711 = "WEB-CGI bsguest.cgi access" 1712 = "WEB-CGI bslist.cgi access" 1713 = "WEB-CGI cgforum.cgi access" 1714 = "WEB-CGI newdesk access" 1715 = "WEB-CGI register.cgi access" 1716 = "WEB-CGI gbook.cgi access" 1717 = "WEB-CGI simplestguest.cgi access" 1718 = "WEB-CGI statusconfig.pl access" 1720 = "WEB-CGI talkback.cgi access" 1721 = "WEB-CGI adcycle access" 1722 = "WEB-CGI MachineInfo access" 1723 = "WEB-CGI emumail.cgi NULL attempt" 1724 = "WEB-CGI emumail.cgi access" 1727 = "WEB-CGI SGI InfoSearch fname access" 1731 = "WEB-CGI a1stats access" 1735 = "WEB-CLIENT XMLHttpRequest attempt" 1736 = "WEB-PHP squirrel mail spell-check arbitrary command attempt" 1737 = "WEB-PHP squirrel mail theme arbitrary command attempt" 1738 = "WEB-MISC global.inc access" 1740 = "WEB-PHP DNSTools authentication bypass attempt" 1741 = "WEB-PHP DNSTools access" 1742 = "WEB-PHP Blahz-DNS dostuff.php modify user attempt" 1743 = "WEB-PHP Blahz-DNS dostuff.php access" 1744 = "WEB-MISC SecureSite authentication bypass attempt" 1745 = "WEB-PHP Messagerie supp_membre.php access" 1749 = "EXPERIMENTAL WEB-IIS .NET trace.axd access" 1752 = "MISC AIM AddExternalApp attempt" 1757 = "WEB-MISC b2 arbitrary command execution attempt" 1758 = "WEB-MISC b2 access" 1760 = "OTHER-IDS ISS RealSecure 6 event collector connection attempt" 1761 = "OTHER-IDS ISS RealSecure 6 daemon connection attempt" 1762 = "WEB-CGI phf arbitrary command execution attempt" 1763 = "WEB-CGI Nortel Contivity cgiproc DOS attempt" 1764 = "WEB-CGI Nortel Contivity cgiproc DOS attempt" 1765 = "WEB-CGI Nortel Contivity cgiproc access" 1766 = "WEB-MISC search.dll directory listing attempt" 1767 = "WEB-MISC search.dll access" 1769 = "WEB-MISC .DS_Store access" 1770 = "WEB-MISC .FBCIndex access" 1771 = "POLICY IPSec PGPNet connection attempt" 1774 = "WEB-PHP bb_smilies.php access" 1780 = "IMAP EXPLOIT partial body overflow attempt" 1787 = "WEB-CGI csPassword.cgi access" 1788 = "WEB-CGI csPassword password.cgi.tmp access" 1792 = "NNTP return code buffer overflow attempt" 1801 = "WEB-IIS .asp HTTP header buffer overflow attempt" 1802 = "WEB-IIS .asa HTTP header buffer overflow attempt" 1803 = "WEB-IIS .cer HTTP header buffer overflow attempt" 1804 = "WEB-IIS .cdx HTTP header buffer overflow attempt" 1807 = "WEB-MISC Transfer-Encoding\\: chunked" 1815 = "WEB-PHP directory.php arbitrary command attempt" 1816 = "WEB-PHP directory.php access" 1819 = "MISC Alcatel PABX 4400 connection attempt" 1820 = "WEB-MISC IBM Net.Commerce orderdspc.d2w access" 1824 = "WEB-CGI alienform.cgi access" 1825 = "WEB-CGI AlienForm af.cgi access" 1826 = "WEB-MISC WEB-INF access" 1829 = "WEB-MISC Tomcat TroubleShooter servlet access" 1830 = "WEB-MISC Tomcat SnoopServlet servlet access" 1840 = "WEB-CLIENT Javascript document.domain attempt" 1846 = "POLICY vncviewer Java applet download attempt" 1847 = "WEB-MISC webalizer access" 1848 = "WEB-MISC webcart-lite access" 1849 = "WEB-MISC webfind.exe access" 1850 = "WEB-CGI way-board.cgi access" 1851 = "WEB-MISC active.log access" 1865 = "WEB-CGI webdist.cgi arbitrary command attempt" 1867 = "MISC xdmcp info query" 1868 = "WEB-CGI story.pl arbitrary file read attempt" 1869 = "WEB-CGI story.pl access" 1870 = "WEB-CGI siteUserMod.cgi access" 1872 = "WEB-MISC Oracle Dynamic Monitoring Services (dms) access" 1873 = "WEB-MISC globals.jsa access" 1874 = "WEB-MISC Oracle Java Process Manager access" 1875 = "WEB-CGI cgicso access" 1876 = "WEB-CGI nph-publish.cgi access" 1877 = "WEB-CGI printenv access" 1878 = "WEB-CGI sdbsearch.cgi access" 1879 = "WEB-CGI book.cgi arbitrary command execution attempt" 1880 = "WEB-MISC oracle web application server access" 1881 = "WEB-MISC bad HTTP/1.1 request, Potentially worm attack" 1887 = "MISC OpenSSL Worm traffic" 1889 = "MISC slapper worm admin traffic" 1893 = "SNMP missing community string attempt" 1900 = "ATTACK-RESPONSES successful kadmind buffer overflow attempt" 1901 = "ATTACK-RESPONSES successful kadmind buffer overflow attempt" 1931 = "WEB-CGI rpc-nlog.pl access" 1932 = "WEB-CGI rpc-smb.pl access" 1933 = "WEB-CGI cart.cgi access" 1934 = "POP2 FOLD overflow attempt" 1935 = "POP2 FOLD arbitrary file attempt" 1936 = "POP3 AUTH overflow attempt" 1937 = "POP3 LIST overflow attempt" 1938 = "POP3 XTND overflow attempt" 1939 = "MISC bootp hardware address length overflow" 1940 = "MISC bootp invalid hardware type" 1943 = "WEB-MISC /Carello/add.exe access" 1944 = "WEB-MISC /ecscripts/ecware.exe access" 1947 = "WEB-MISC answerbook2 arbitrary command execution attempt" 1957 = "RPC sadmind UDP PING" 1958 = "RPC sadmind TCP PING" 1959 = "RPC portmap NFS request UDP" 1960 = "RPC portmap NFS request TCP" 1961 = "RPC portmap RQUOTA request UDP" 1962 = "RPC portmap RQUOTA request TCP" 1966 = "MISC GlobalSunTech Access Point Information Disclosure attempt" 1967 = "WEB-PHP phpbb quick-reply.php arbitrary command attempt" 1968 = "WEB-PHP phpbb quick-reply.php access" 1969 = "WEB-MISC ion-p access" 1975 = "FTP DELE overflow attempt" 1977 = "WEB-MISC xp_regwrite attempt" 1978 = "WEB-MISC xp_regdeletekey attempt" 1979 = "WEB-MISC perl post attempt" 1994 = "WEB-CGI vpasswd.cgi access" 1995 = "WEB-CGI alya.cgi access" 1996 = "WEB-CGI viralator.cgi access" 1997 = "WEB-PHP read_body.php access attempt" 1998 = "WEB-PHP calendar.php access" 1999 = "WEB-PHP edit_image.php access" 2251 = "NETBIOS DCERPC Remote Activation bind attempt" 2252 = "NETBIOS SMB DCERPC Remote Activation bind attempt" 103 = "BACKDOOR subseven 22" 104 = "BACKDOOR - Dagger_1.4.0_client_connect" 105 = "BACKDOOR - Dagger_1.4.0" 106 = "BACKDOOR ACKcmdC trojan scan" 107 = "BACKDOOR subseven DEFCON8 2.1 access" 108 = "BACKDOOR QAZ Worm Client Login access" 109 = "BACKDOOR netbus active" 110 = "BACKDOOR netbus getinfo" 111 = "BACKDOOR netbus getinfo" 112 = "BACKDOOR BackOrifice access" 114 = "BACKDOOR netbus active" 115 = "BACKDOOR netbus active" 116 = "BACKDOOR BackOrifice access" 117 = "BACKDOOR Infector.1.x" 118 = "BACKDOOR SatansBackdoor.2.0.Beta" 119 = "BACKDOOR Doly 2.0 access" 120 = "BACKDOOR Infector 1.6 Server to Client" 121 = "BACKDOOR Infector 1.6 Client to Server Connection Request" 141 = "BACKDOOR HackAttack 1.20 Connect" 144 = "FTP ADMw0rm ftp login attempt" 145 = "BACKDOOR GirlFriendaccess" 146 = "BACKDOOR NetSphere access" 147 = "BACKDOOR GateCrasher" 151 = "BACKDOOR DeepThroat 3.1 Client Sending Data to Server on Network" 152 = "BACKDOOR BackConstruction 2.1 Connection" 153 = "BACKDOOR DonaldDick 1.53 Traffic" 155 = "BACKDOOR NetSphere 1.31.337 access" 157 = "BACKDOOR BackConstruction 2.1 Client FTP Open Request" 158 = "BACKDOOR BackConstruction 2.1 Server FTP Open Reply" 159 = "BACKDOOR NetMetro File List" 161 = "BACKDOOR Matrix 2.0 Client connect" 162 = "BACKDOOR Matrix 2.0 Server access" 163 = "BACKDOOR WinCrash 1.0 Server Active" 176 = "BACKDOOR DeepThroat 3.1 Hide/Show Start Button Client Request" 183 = "BACKDOOR SIGNATURE - Q ICMP" 184 = "BACKDOOR Q access" 185 = "BACKDOOR CDK" 195 = "BACKDOOR DeepThroat 3.1 Server Response" 208 = "BACKDOOR PhaseZero Server Active on Network" 209 = "BACKDOOR w00w00 attempt" 210 = "BACKDOOR attempt" 211 = "BACKDOOR MISC r00t attempt" 212 = "BACKDOOR MISC rewt attempt" 213 = "BACKDOOR MISC Linux rootkit attempt" 214 = "BACKDOOR MISC Linux rootkit attempt lrkr0x" 215 = "BACKDOOR MISC Linux rootkit attempt" 216 = "BACKDOOR MISC Linux rootkit satori attempt" 217 = "BACKDOOR MISC sm4ck attempt" 218 = "BACKDOOR MISC Solaris 2.5 attempt" 219 = "BACKDOOR HidePak backdoor attempt" 220 = "BACKDOOR HideSource backdoor attempt" 221 = "DDOS TFN Probe" 222 = "DDOS tfn2k icmp possible communication" 223 = "DDOS Trin00\\:DaemontoMaster(PONGdetected)" 224 = "DDOS Stacheldraht server spoof" 225 = "DDOS Stacheldraht gag server response" 226 = "DDOS Stacheldraht server response" 227 = "DDOS Stacheldraht client spoofworks" 228 = "DDOS TFN client command BE" 229 = "DDOS Stacheldraht client check skillz" 230 = "DDOS shaft client to handler" 231 = "DDOS Trin00\\:DaemontoMaster(messagedetected)" 232 = "DDOS Trin00\\:DaemontoMaster(*HELLO*detected)" 233 = "DDOS Trin00\\:Attacker to Master default startup password" 234 = "DDOS Trin00 Attacker to Master default password" 235 = "DDOS Trin00 Attacker to Master default mdie password" 236 = "DDOS Stacheldraht client check gag" 237 = "DDOS Trin00\\:MastertoDaemon(defaultpassdetected!)" 238 = "DDOS TFN server response" 239 = "DDOS shaft handler to agent" 240 = "DDOS shaft agent to handler" 241 = "DDOS shaft synflood" 243 = "DDOS mstream agent to handler" 244 = "DDOS mstream handler to agent" 245 = "DDOS mstream handler ping to agent" 246 = "DDOS mstream agent pong to handler" 247 = "DDOS mstream client to handler" 248 = "DDOS mstream handler to client" 249 = "DDOS mstream client to handler" 250 = "DDOS mstream handler to client" 251 = "DDOS - TFN client command LE" 252 = "DNS named iquery attempt" 253 = "DNS SPOOF query response PTR with TTL\\: 1 min. and no authority" 254 = "DNS SPOOF query response with ttl\\: 1 min. and no authority" 255 = "DNS zone transfer TCP" 256 = "DNS named authors attempt" 257 = "DNS named version attempt" 258 = "DNS EXPLOIT named 8.2 = 8.2.1" 259 = "DNS EXPLOIT named overflow (ADM)" 260 = "DNS EXPLOIT named overflow (ADMROCKS)" 261 = "DNS EXPLOIT named overflow attempt" 262 = "DNS EXPLOIT x86 Linux overflow attempt" 264 = "DNS EXPLOIT x86 Linux overflow attempt" 265 = "DNS EXPLOIT x86 Linux overflow attempt (ADMv2)" 266 = "DNS EXPLOIT x86 FreeBSD overflow attempt" 267 = "DNS EXPLOIT sparc overflow attempt" 268 = "DOS Jolt attack" 269 = "DOS Land attack" 270 = "DOS Teardrop attack" 271 = "DOS UDP echo+chargen bomb" 272 = "DOS IGMP dos attack" 273 = "DOS IGMP dos attack" 274 = "DOS ath" 275 = "DOS NAPTHA" 276 = "DOS Real Audio Server" 277 = "DOS Real Server template.html" 278 = "DOS Real Server template.html" 279 = "DOS Bay/Nortel Nautica Marlin" 281 = "DOS Ascend Route" 282 = "DOS arkiea backup" 283 = "EXPLOIT Netscape 4.7 client overflow" 284 = "POP2 x86 Linux overflow" 285 = "POP2 x86 Linux overflow" 286 = "POP3 EXPLOIT x86 BSD overflow" 287 = "POP3 EXPLOIT x86 BSD overflow" 288 = "POP3 EXPLOIT x86 Linux overflow" 289 = "POP3 EXPLOIT x86 SCO overflow" 290 = "POP3 EXPLOIT qpopper overflow" 291 = "NNTP Cassandra Overflow" 292 = "EXPLOIT x86 Linux samba overflow" 300 = "EXPLOIT nlps x86 Solaris overflow" 301 = "EXPLOIT LPRng overflow" 302 = "EXPLOIT Redhat 7.0 lprd overflow" 303 = "DNS EXPLOIT named tsig overflow attempt" 304 = "EXPLOIT SCO calserver overflow" 305 = "EXPLOIT delegate proxy overflow" 306 = "EXPLOIT VQServer admin" 307 = "EXPLOIT CHAT IRC topic overflow" 308 = "EXPLOIT NextFTP client overflow" 309 = "EXPLOIT sniffit overflow" 310 = "EXPLOIT x86 windows MailMax overflow" 311 = "EXPLOIT Netscape 4.7 unsucessful overflow" 312 = "EXPLOIT ntpdx overflow attempt" 313 = "EXPLOIT ntalkd x86 Linux overflow" 314 = "DNS EXPLOIT named tsig overflow attempt" 315 = "EXPLOIT x86 Linux mountd overflow" 316 = "EXPLOIT x86 Linux mountd overflow" 317 = "EXPLOIT x86 Linux mountd overflow" 320 = "FINGER cmd_rootsh backdoor attempt" 321 = "FINGER account enumeration attempt" 322 = "FINGER search query" 323 = "FINGER root query" 324 = "FINGER null request" 325 = "FINGER probe 0 attempt" 326 = "FINGER remote command \\; execution attempt" 327 = "FINGER remote command pipe execution attempt" 328 = "FINGER bomb attempt" 329 = "FINGER cybercop redirection" 330 = "FINGER redirection attempt" 331 = "FINGER cybercop query" 332 = "FINGER 0 query" 333 = "FINGER . query" 334 = "FTP .forward" 335 = "FTP .rhosts" 336 = "FTP CWD ~root attempt" 337 = "FTP CEL overflow attempt" 339 = "FTP EXPLOIT OpenBSD x86 ftpd" 344 = "FTP EXPLOIT wu-ftpd 2.6.0 site exec format string overflow Linux" 353 = "FTP adm scan" 354 = "FTP iss scan" 355 = "FTP pass wh00t" 356 = "FTP passwd retrieval attempt" 357 = "FTP piss scan" 358 = "FTP saint scan" 359 = "FTP satan scan" 360 = "FTP serv-u directory transversal" 361 = "FTP site exec" 362 = "FTP tar parameters" 363 = "ICMP IRDP router advertisement" 364 = "ICMP IRDP router selection" 365 = "ICMP PING (Undefined Code!)" 366 = "ICMP PING *NIX" 368 = "ICMP PING BSDtype" 369 = "ICMP PING BayRS Router" 370 = "ICMP PING BeOS4.x" 371 = "ICMP PING Cisco Type.x" 372 = "ICMP PING Delphi-Piette Windows" 373 = "ICMP PING Flowpoint2200 or Network Management Software" 374 = "ICMP PING IP NetMonitor Macintosh" 375 = "ICMP PING LINUX/*BSD" 376 = "ICMP PING Microsoft Windows" 377 = "ICMP PING Network Toolbox 3 Windows" 378 = "ICMP PING Ping-O-MeterWindows" 379 = "ICMP PING Pinger Windows" 380 = "ICMP PING Seer Windows" 381 = "ICMP PING Sun Solaris" 382 = "ICMP PING Windows" 384 = "ICMP PING" 385 = "ICMP traceroute-" 386 = "ICMP Address Mask Reply" 387 = "ICMP Address Mask Reply (Undefined Code!)" 388 = "ICMP Address Mask Request" 389 = "ICMP Address Mask Request (Undefined Code!)" 390 = "ICMP Alternate Host Address" 391 = "ICMP Alternate Host Address (Undefined Code!)" 392 = "ICMP Datagram Conversion Error" 393 = "ICMP Datagram Conversion Error (Undefined Code!)" 394 = "ICMP Destination Unreachable (Destination Host Unknown)" 395 = "ICMP Destination Unreachable (Destination Network Unknown)" 396 = "ICMP Destination Unreachable (Fragmentation Needed and DF bit was set)" 397 = "ICMP Destination Unreachable (Host Precedence Violation)" 398 = "ICMP Destination Unreachable (Host Unreachable for Type of Service)" 399 = "ICMP Destination Unreachable (Host Unreachable)" 400 = "ICMP Destination Unreachable (Network Unreachable for Type of Service)" 401 = "ICMP Destination Unreachable (Network Unreachable)" 402 = "ICMP Destination Unreachable (Port Unreachable)" 403 = "ICMP Destination Unreachable (Precedence Cutoff in effect)" 404 = "ICMP Destination Unreachable (Protocol Unreachable)" 405 = "ICMP Destination Unreachable (Source Host Isolated)" 406 = "ICMP Destination Unreachable (Source Route Failed)" 407 = "ICMP Destination Unreachable (Undefined Code!)" 408 = "ICMP Echo Reply" 409 = "ICMP Echo Reply (Undefined Code!)" 410 = "ICMP Fragment Reassembly Time Exceeded" 411 = "ICMP IPV6 I-Am-Here" 412 = "ICMP IPV6 I-Am-Here (Undefined Code!" 413 = "ICMP IPV6 Where-Are-You" 414 = "ICMP IPV6 Where-Are-You (Undefined Code!)" 415 = "ICMP Information Reply" 416 = "ICMP Information Reply (Undefined Code!)" 417 = "ICMP Information Request" 418 = "ICMP Information Request (Undefined Code!)" 419 = "ICMP Mobile Host Redirect" 420 = "ICMP Mobile Host Redirect (Undefined Code!)" 421 = "ICMP Mobile Registration Reply" 422 = "ICMP Mobile Registration Reply (Undefined Code!)" 423 = "ICMP Mobile Registration Request" 424 = "ICMP Mobile Registration Request (Undefined Code!" 425 = "ICMP Parameter Problem (Bad Length)" 426 = "ICMP Parameter Problem (Missing a Required Option)" 427 = "ICMP Parameter Problem (Unspecified Error)" 428 = "ICMP Parameter Problem (Undefined Code!)" 429 = "ICMP Photuris (Reserved)" 430 = "ICMP Photuris (Unknown Security Parameters Index)" 431 = "ICMP Photuris (Valid Security Parameters, But Authentication Failed)" 432 = "ICMP Photuris (Valid Security Parameters, But Decryption Failed)" 433 = "ICMP Photuris (Undefined Code!)" 436 = "ICMP Redirect (for TOS and Host)" 437 = "ICMP Redirect (for TOS and Network)" 438 = "ICMP Redirect (Undefined Code!)" 439 = "ICMP Reserved for Security (Type 19)" 440 = "ICMP Reserved for Security (Type 19) (Undefined Code!)" 441 = "ICMP Router Advertisement" 443 = "ICMP Router Selection" 451 = "ICMP Timestamp Reply" 452 = "ICMP Timestamp Reply (Undefined Code!)" 453 = "ICMP Timestamp Request" 454 = "ICMP Timestamp Request (Undefined Code!)" 456 = "ICMP Traceroute" 457 = "ICMP Traceroute (Undefined Code!)" 458 = "ICMP Unassigned! (Type 1)" 459 = "ICMP Unassigned! (Type 1) (Undefined Code)" 460 = "ICMP Unassigned! (Type 2)" 461 = "ICMP Unassigned! (Type 2) (Undefined Code)" 462 = "ICMP Unassigned! (Type 7)" 463 = "ICMP Unassigned! (Type 7) (Undefined Code!)" 465 = "ICMP ISS Pinger" 466 = "ICMP L3retriever Ping" 467 = "ICMP Nemesis v1.1 Echo" 469 = "ICMP PING NMAP" 471 = "ICMP icmpenum v1.1.1" 472 = "ICMP redirect host" 473 = "ICMP redirect net" 474 = "ICMP superscan echo" 475 = "ICMP traceroute ipopts" 476 = "ICMP webtrends scanner" 477 = "ICMP Source Quench" 478 = "ICMP Broadscan Smurf Scanner" 480 = "ICMP PING speedera" 481 = "ICMP TJPingPro1.1Build 2 Windows" 482 = "ICMP PING WhatsupGold Windows" 483 = "ICMP PING CyberKit 2.2 Windows" 484 = "ICMP PING Sniffer Pro/NetXRay network scan" 485 = "ICMP Destination Unreachable (Communication Administratively Prohibited)" 486 = "ICMP Destination Unreachable (Communication with Destination Host is Administratively Prohibited)" 487 = "ICMP Destination Unreachable (Communication with Destination Network is Administratively Prohibited)" 489 = "INFO FTP No Password" 491 = "INFO FTP Bad login" 492 = "INFO TELNET Bad Login" 493 = "INFO psyBNC access" 494 = "ATTACK-RESPONSES command completed" 495 = "ATTACK-RESPONSES command error" 496 = "ATTACK RESPONSES directory listing" 497 = "ATTACK-RESPONSES file copied ok" 498 = "ATTACK-RESPONSES id check returned root" 499 = "ICMP Large ICMP Packet" 500 = "MISC source route lssr" 502 = "MISC source route ssrr" 503 = "MISC Source Port 20 to <1024" 504 = "MISC source port 53 to <1024" 505 = "MISC Insecure TIMBUKTU Password" 506 = "MISC ramen worm incoming" 507 = "MISC PCAnywhere Attempted Administrator Login" 509 = "WEB-MISC PCCS mysql database admin tool access" 510 = "POLICY HP JetDirect LCD modification attempt" 511 = "MISC Invalid PCAnywhere Login" 512 = "MISC PCAnywhere Failed Login" 514 = "MISC ramen worm" 517 = "MISC xdmcp query" 518 = "TFTP Put" 519 = "TFTP parent directory" 520 = "TFTP root directory" 522 = "MISC Tiny Fragments" 523 = "BAD-TRAFFIC ip reserved bit set" 524 = "BAD-TRAFFIC tcp port 0 traffic" 525 = "BAD-TRAFFIC udp port 0 traffic" 526 = "BAD-TRAFFIC data in TCP SYN packet" 527 = "BAD-TRAFFIC same SRC/DST" 528 = "BAD-TRAFFIC loopback traffic" 530 = "NETBIOS NT NULL session" 532 = "NETBIOS SMB ADMIN access" 533 = "NETBIOS SMB C access" 540 = "CHAT MSN message" 541 = "CHAT ICQ access" 542 = "CHAT IRC nick change" 543 = "POLICY FTP \\'STOR 1MB\\' possible warez site" 544 = "POLICY FTP \\'RETR 1MB\\' possible warez site" 545 = "POLICY FTP \\'CWD / \\' possible warez site" 546 = "POLICY FTP \\'CWD \\' possible warez site" 547 = "POLICY FTP \\'MKD \\' possible warez site" 548 = "POLICY FTP \\'MKD .\\' possible warez site" 549 = "P2P napster login" 550 = "P2P napster new user login" 551 = "P2P napster download attempt" 552 = "P2P napster upload request" 553 = "POLICY FTP anonymous login attempt" 554 = "POLICY FTP \\'MKD / \\' possible warez site" 555 = "POLICY WinGate telnet server response" 567 = "POLICY SMTP relaying denied" 568 = "POLICY HP JetDirect LCD modification attempt" 574 = "RPC mountd TCP export request" 575 = "RPC portmap admind request UDP" 576 = "RPC portmap amountd request UDP" 577 = "RPC portmap bootparam request UDP" 578 = "RPC portmap cmsd request UDP" 579 = "RPC portmap mountd request UDP" 580 = "RPC portmap nisd request UDP" 581 = "RPC portmap pcnfsd request UDP" 582 = "RPC portmap rexd request UDP" 583 = "RPC portmap rstatd request UDP" 584 = "RPC portmap rusers request UDP" 585 = "RPC portmap sadmind request UDP" 586 = "RPC portmap selection_svc request UDP" 587 = "RPC portmap status request UDP" 589 = "RPC portmap yppasswd request UDP" 590 = "RPC portmap ypserv request UDP" 591 = "RPC portmap ypupdated request TCP" 593 = "RPC portmap snmpXdmi request TCP" 595 = "RPC portmap espd request TCP" 598 = "RPC portmap listing TCP 111" 599 = "RPC portmap listing TCP 32771" 602 = "RSERVICES rlogin bin" 603 = "RSERVICES rlogin echo++" 604 = "RSERVICES rsh froot" 605 = "RSERVICES rlogin login failure" 606 = "RSERVICES rlogin root" 607 = "RSERVICES rsh bin" 608 = "RSERVICES rsh echo + +" 609 = "RSERVICES rsh froot" 610 = "RSERVICES rsh root" 611 = "RSERVICES rlogin login failure" 614 = "BACKDOOR hack-a-tack attempt" 618 = "SCAN Squid Proxy attempt" 620 = "SCAN Proxy \$8080\$ attempt" 621 = "SCAN FIN" 623 = "SCAN NULL" 624 = "SCAN SYN FIN" 625 = "SCAN XMAS" 626 = "SCAN cybercop os PA12 attempt" 627 = "SCAN cybercop os SFU12 probe" 629 = "SCAN nmap fingerprint attempt" 630 = "SCAN synscan portscan" 631 = "SMTP ehlo cybercop attempt" 632 = "SMTP expn cybercop attempt" 634 = "SCAN Amanda client version request" 638 = "SHELLCODE SGI NOOP" 639 = "SHELLCODE SGI NOOP" 640 = "SHELLCODE AIX NOOP" 641 = "SHELLCODE Digital UNIX NOOP" 642 = "SHELLCODE HP-UX NOOP" 643 = "SHELLCODE HP-UX NOOP" 644 = "SHELLCODE sparc NOOP" 645 = "SHELLCODE sparc NOOP" 646 = "SHELLCODE sparc NOOP" 648 = "SHELLCODE x86 NOOP" 649 = "SHELLCODE x86 setgid 0" 650 = "SHELLCODE x86 setuid 0" 651 = "SHELLCODE x86 stealth NOOP" 654 = "SMTP RCPT TO overflow" 655 = "SMTP sendmail 8.6.9 exploit" 657 = "SMTP chameleon overflow" 658 = "SMTP exchange mime DOS" 659 = "SMTP expn decode" 660 = "SMTP expn root" 661 = "SMTP majordomo ifs" 662 = "SMTP sendmail 5.5.5 exploit" 663 = "SMTP rcpt to sed command attempt" 664 = "SMTP RCPT TO decode attempt" 665 = "SMTP sendmail 5.6.5 exploit" 667 = "SMTP sendmail 8.6.10 exploit" 668 = "SMTP sendmail 8.6.10 exploit" 669 = "SMTP sendmail 8.6.9 exploit" 670 = "SMTP sendmail 8.6.9 exploit" 671 = "SMTP sendmail 8.6.9c exploit" 672 = "SMTP vrfy decode" 673 = "MS-SQL sp_start_job - program execution" 676 = "MS-SQL/SMB sp_start_job - program execution" 677 = "MS-SQL/SMB sp_password password change" 678 = "MS-SQL/SMB sp_delete_alert log file deletion" 679 = "MS-SQL/SMB sp_adduser database user creation" 680 = "MS-SQL/SMB sa login failed" 681 = "MS-SQL/SMB xp_cmdshell program execution" 682 = "MS-SQL xp_enumresultset possible buffer overflow" 683 = "MS-SQL sp_password - password change" 684 = "MS-SQL sp_delete_alert log file deletion" 685 = "MS-SQL sp_adduser - database user creation" 686 = "MS-SQL xp_reg* - registry access" 687 = "MS-SQL xp_cmdshell - program execution" 688 = "MS-SQL sa login failed" 689 = "MS-SQL/SMB xp_reg* registry access" 691 = "MS-SQL shellcode attempt" 692 = "MS-SQL/SMB shellcode attempt" 693 = "MS-SQL shellcode attempt" 694 = "MS-SQL/SMB shellcode attempt" 706 = "MS-SQL xp_peekqueue possible buffer overflow" 708 = "MS-SQL/SMB xp_enumresultset possible buffer overflow" 711 = "TELNET SGI telnetd format bug" 715 = "TELNET Attempted SU from wrong group" 716 = "TELNET access" 717 = "TELNET not on console" 718 = "TELNET login incorrect" 719 = "TELNET root login" 720 = "Virus - SnowWhite Trojan Incoming" 724 = "Virus - Possible MyRomeo Worm" 725 = "Virus - Possible MyRomeo Worm" 726 = "Virus - Possible MyRomeo Worm" 727 = "Virus - Possible MyRomeo Worm" 728 = "Virus - Possible MyRomeo Worm" 731 = "Virus - Possible QAZ Worm" 733 = "Virus - Possible QAZ Worm Calling Home" 734 = "Virus - Possible Matrix worm" 735 = "Virus - Possible MyRomeo Worm" 772 = "Virus - Possible PrettyPark Trojan" 775 = "Virus - Possible Bubbleboy Worm" 793 = "Virus - Mail .VBS" 795 = "Virus - Possible Worm - txt.vbs file" 796 = "Virus - Possible Worm - xls.vbs file" 797 = "Virus - Possible Worm - jpg.vbs file" 798 = "Virus - Possible Worm - gif.vbs file" 801 = "Virus - Possible Worm - doc.vbs file" 803 = "WEB-CGI HyperSeek hsx.cgi directory traversal attempt" 804 = "WEB-CGI SWSoft ASPSeek Overflow attempt" 805 = "WEB-CGI webspeed access" 806 = "WEB-CGI yabb.cgi directory traversal attempt" 807 = "WEB-CGI /wwwboard/passwd.txt access" 813 = "WEB-CGI webplus directory traversal" 817 = "WEB-CGI dcboard.cgi invalid user addition attempt" 824 = "WEB-CGI php.cgi access" 835 = "WEB-CGI test-cgi access" 845 = "WEB-CGI AT-admin.cgi access" 848 = "WEB-CGI view-source directory traversal" 867 = "WEB-CGI visadmin.exe access" 879 = "WEB-CGI admin.pl access" 882 = "WEB-CGI calendar access" 888 = "WEB-CGI wwwadmin.pl access" 894 = "WEB-CGI bb-hist.sh access" 899 = "WEB-CGI Amaya templates sendtemp.pl directory traversal attempt" 900 = "WEB-CGI webspirs.cgi directory traversal attempt" 904 = "WEB-COLDFUSION exampleapp application.cfm" 905 = "WEB-COLDFUSION application.cfm access" 906 = "WEB-COLDFUSION getfile.cfm access" 907 = "WEB-COLDFUSION addcontent.cfm access" 908 = "WEB-COLDFUSION administrator access" 921 = "WEB-COLDFUSION admin encrypt attempt" 924 = "WEB-COLDFUSION admin decrypt attempt" 935 = "WEB-COLDFUSION startstop DOS access" 939 = "WEB-FRONTPAGE posting" 945 = "WEB-FRONTPAGE fpadmin.htm access" 948 = "WEB-FRONTPAGE form_results access" 951 = "WEB-FRONTPAGE authors.pwd access" 952 = "WEB-FRONTPAGE author.exe access" 953 = "WEB-FRONTPAGE administrators.pwd access" 958 = "WEB-FRONTPAGE service.cnf access" 967 = "WEB-FRONTPAGE dvwssr.dll access" 969 = "WEB-IIS WebDAV file lock attempt" 970 = "WEB-IIS multiple decode attempt" 971 = "WEB-IIS ISAPI .printer access" 972 = "WEB-IIS .-asp access" 973 = "WEB-IIS *.idc attempt" 974 = "WEB-IIS ..\\.. access" 975 = "WEB-IIS .asp\\:\\: DATA access" 976 = "WEB-IIS .bat? access" 977 = "WEB-IIS .cnf access" 978 = "WEB-IIS ASP contents view" 979 = "WEB-IIS ASP contents view" 980 = "WEB-IIS CGImail.exe access" 981 = "WEB-IIS unicode directory traversal attempt" 982 = "WEB-IIS unicode directory traversal attempt" 983 = "WEB-IIS unicode directory traversal attempt" 986 = "WEB-IIS MSProxy access" 987 = "WEB-IIS .htr access" 988 = "WEB-IIS SAM Attempt" 989 = "WEB-IIS Unicode2.pl script (File permission canonicalization)" 990 = "WEB-IIS _vti_inf access" 991 = "WEB-IIS achg.htr access" 992 = "WEB-IIS adctest.asp access" 993 = "WEB-IIS iisadmin access" 994 = "WEB-IIS /scripts/iisadmin/default.htm access" 995 = "WEB-IIS ism.dll access" 996 = "WEB-IIS anot.htr access" 997 = "WEB-IIS asp-dot attempt" 998 = "WEB-IIS asp-srch attempt" 999 = "WEB-IIS bdir access" 1000 = "WEB-IIS bdir.htr access" 1001 = "WEB-MISC carbo.dll access" 1002 = "WEB-IIS cmd.exe access" 1003 = "WEB-IIS cmd? access" 1007 = "WEB-IIS cross-site scripting attempt" 1008 = "WEB-IIS del attempt" 1009 = "WEB-IIS directory listing" 1011 = "WEB-IIS exec-src access" 1015 = "WEB-IIS getdrvs.exe access" 1016 = "WEB-IIS global.asa access" 1017 = "WEB-IIS idc-srch attempt" 1018 = "WEB-IIS iisadmpwd attempt" 1019 = "WEB-IIS index server file source code attempt" 1020 = "WEB-IIS isc data attempt" 1021 = "WEB-IIS ism.dll attempt" 1022 = "WEB-IIS jet vba access" 1023 = "WEB-IIS msadcs.dll access" 1024 = "WEB-IIS newdsn.exe access" 1025 = "WEB-IIS perl access" 1026 = "WEB-IIS perl-browse0a attempt" 1027 = "WEB-IIS perl-browse20 attempt" 1029 = "WEB-IIS scripts-browse access" 1030 = "WEB-IIS search97.vts access" 1037 = "WEB-IIS showcode.asp access" 1038 = "WEB-IIS site server config access" 1039 = "WEB-IIS srch.htm access" 1040 = "WEB-IIS srchadm access" 1041 = "WEB-IIS uploadn.asp access" 1042 = "WEB-IIS view source via translate header" 1043 = "WEB-IIS viewcode.asp access" 1044 = "WEB-IIS webhits access" 1045 = "WEB-IIS Unauthorized IP Access Attempt" 1046 = "WEB-IIS site/iisamples access" 1050 = "WEB-MISC iPlanet GETPROPERTIES attempt" 1051 = "WEB-CGI technote main.cgi file directory traversal attempt" 1052 = "WEB-CGI technote print.cgi directory traversal attempt" 1054 = "WEB-MISC weblogic view source attempt" 1055 = "WEB-MISC Tomcat directory traversal attempt" 1062 = "WEB-MISC nc.exe attempt" 1066 = "WEB-MISC telnet attempt" 1067 = "WEB-MISC net attempt" 1070 = "WEB-MISC WebDAV search access" 1071 = "WEB-MISC .htpasswd access" 1072 = "WEB-MISC Lotus Domino directory traversal" 1073 = "WEB-MISC webhits.exe access" 1075 = "WEB-IIS postinfo.asp access" 1076 = "WEB-IIS repost.asp access" 1079 = "WEB-MISC WebDAV propfind access" 1080 = "WEB-MISC unify eWave ServletExec upload" 1087 = "WEB-MISC whisker tab splice attack" 1088 = "WEB-CGI eXtropia webstore directory traversal" 1089 = "WEB-CGI shopping cart directory traversal" 1092 = "WEB-CGI Armada Style Master Index directory traversal" 1093 = "WEB-CGI cached_feed.cgi moreover shopping cart directory traversal" 1094 = "WEB-CGI webstore directory traversal" 1103 = "WEB-MISC Netscape admin passwd" 1104 = "WEB-MISC whisker space splice attack" 1111 = "WEB-MISC Tomcat server exploit access" 1112 = "WEB-MISC http directory traversal" 1113 = "WEB-MISC http directory traversal" 1122 = "WEB-MISC /etc/passwd" 1129 = "WEB-MISC .htaccess access" 1133 = "SCAN cybercop os probe" 1134 = "WEB-PHP Phorum admin access" 1137 = "WEB-PHP Phorum authentication access" 1139 = "WEB-MISC whisker HEAD/./" 1158 = "WEB-MISC windmail.exe access" 1159 = "WEB-MISC webplus access" 1162 = "WEB-MISC cart 32 AdminPwd access" 1163 = "WEB-CGI webdist.cgi access" 1166 = "WEB-MISC ws_ftp.ini access" 1167 = "WEB-MISC rpm_query access" 1171 = "WEB-MISC whisker HEAD with large datagram" 1175 = "WEB-MISC wwwboard.pl access" 1176 = "WEB-MISC order.log access" 1186 = "WEB-MISC Netscape Enterprise Server directory view" 1187 = "WEB-MISC SalesLogix Eviewer web command attempt" 1188 = "WEB-MISC Netscape Enterprise Server directory view" 1189 = "WEB-MISC Netscape Enterprise Server directory view" 1190 = "WEB-MISC Netscape Enterprise Server directory view" 1191 = "WEB-MISC Netscape Enterprise Server directory view" 1196 = "WEB-CGI SGI InfoSearch fname attempt" 1198 = "WEB-MISC Netscape Enterprise Server directory view" 1199 = "WEB-MISC Compaq Insight directory traversal" 1204 = "WEB-CGI ax-admin.cgi access" 1212 = "WEB-MISC Admin_files access" 1215 = "WEB-CGI ministats admin access" 1218 = "WEB-MISC adminlogin access" 1225 = "X11 MIT Magic Cookie detected" 1226 = "X11 xopen" 1227 = "X11 outbound client connection detected" 1228 = "SCAN nmap XMAS" 1229 = "FTP CWD ..." 1233 = "WEB-CLIENT Outlook EML access" 1240 = "EXPLOIT MDBMS overflow" 1241 = "WEB-MISC SWEditServlet directory traversal attempt" 1242 = "WEB-IIS ISAPI .ida access" 1243 = "WEB-IIS ISAPI .ida attempt" 1244 = "WEB-IIS ISAPI .idq attempt" 1245 = "WEB-IIS ISAPI .idq access" 1250 = "WEB-MISC Cisco IOS HTTP configuration attempt" 1251 = "INFO TELNET Bad Login" 1256 = "WEB-IIS CodeRed v2 root.exe access" 1257 = "DOS Winnuke attack" 1260 = "WEB-MISC long basic authorization string" 1261 = "EXPLOIT AIX pdnsd overflow" 1262 = "RPC portmap admind request TCP" 1263 = "RPC portmap amountd request TCP" 1264 = "RPC portmap bootparam request TCP" 1265 = "RPC portmap cmsd request TCP" 1266 = "RPC portmap mountd request TCP" 1267 = "RPC portmap nisd request TCP" 1268 = "RPC portmap pcnfsd request TCP" 1269 = "RPC portmap rexd request TCP" 1270 = "RPC portmap rstatd request TCP" 1271 = "RPC portmap rusers request TCP" 1272 = "RPC portmap sadmind request TCP" 1273 = "RPC portmap selection_svc request TCP" 1275 = "RPC portmap yppasswd request TCP" 1279 = "RPC portmap snmpXdmi request UDP" 1280 = "RPC portmap listing UDP 111" 1281 = "RPC portmap listing UDP 32771" 1283 = "WEB-IIS outlook web dos" 1284 = "WEB-CLIENT readme.eml download attempt" 1285 = "WEB-IIS msdac access" 1286 = "WEB-IIS _mem_bin access" 1287 = "WEB-IIS scripts access" 1289 = "TFTP GET Admin.dll" 1290 = "WEB-CLIENT readme.eml autoload attempt" 1292 = "ATTACK-RESPONSES directory listing" 1298 = "RPC portmap tooltalk request TCP" 1299 = "RPC portmap tooltalk request UDP" 1300 = "WEB-PHP admin.php file upload attempt" 1301 = "WEB-PHP admin.php access" 1305 = "WEB-CGI txt2html.cgi directory traversal attempt" 1306 = "WEB-CGI store.cgi product directory traversal attempt" 1310 = "PORN free XXX" 1311 = "PORN hardcore anal" 1312 = "PORN nude cheerleader" 1313 = "PORN up skirt" 1314 = "PORN young teen" 1315 = "PORN hot young sex" 1316 = "PORN fuck fuck fuck" 1317 = "PORN anal sex" 1318 = "PORN hardcore rape" 1319 = "PORN real snuff" 1320 = "PORN fuck movies" 1321 = "BAD-TRAFFIC 0 ttl" 1322 = "BAD-TRAFFIC bad frag bits" 1323 = "EXPLOIT rwhoisd format string attempt" 1324 = "EXPLOIT ssh CRC32 overflow /bin/sh" 1325 = "EXPLOIT ssh CRC32 overflow filler" 1326 = "EXPLOIT ssh CRC32 overflow NOOP" 1327 = "EXPLOIT ssh CRC32 overflow" 1328 = "WEB-ATTACKS ps command attempt" 1329 = "WEB-ATTACKS /bin/ps command attempt" 1330 = "WEB-ATTACKS wget command attempt" 1331 = "WEB-ATTACKS uname -a command attempt" 1332 = "WEB-ATTACKS /usr/bin/id command attempt" 1333 = "WEB-ATTACKS id command attempt" 1334 = "WEB-ATTACKS echo command attempt" 1335 = "WEB-ATTACKS kill command attempt" 1336 = "WEB-ATTACKS chmod command attempt" 1337 = "WEB-ATTACKS chgrp command attempt" 1338 = "WEB-ATTACKS chown command attempt" 1339 = "WEB-ATTACKS chsh command attempt" 1340 = "WEB-ATTACKS tftp command attempt" 1341 = "WEB-ATTACKS /usr/bin/gcc command attempt" 1342 = "WEB-ATTACKS gcc command attempt" 1343 = "WEB-ATTACKS /usr/bin/cc command attempt" 1344 = "WEB-ATTACKS cc command attempt" 1345 = "WEB-ATTACKS /usr/bin/cpp command attempt" 1346 = "WEB-ATTACKS cpp command attempt" 1347 = "WEB-ATTACKS /usr/bin/g++ command attempt" 1348 = "WEB-ATTACKS g++ command attempt" 1349 = "WEB-ATTACKS bin/python access attempt" 1350 = "WEB-ATTACKS python access attempt" 1351 = "WEB-ATTACKS bin/tclsh execution attempt" 1352 = "WEB-ATTACKS tclsh execution attempt" 1353 = "WEB-ATTACKS bin/nasm command attempt" 1354 = "WEB-ATTACKS nasm command attempt" 1355 = "WEB-ATTACKS /usr/bin/perl execution attempt" 1356 = "WEB-ATTACKS perl execution attempt" 1357 = "WEB-ATTACKS nt admin addition attempt" 1358 = "WEB-ATTACKS traceroute command attempt" 1359 = "WEB-ATTACKS ping command attempt" 1360 = "WEB-ATTACKS netcat command attempt" 1363 = "WEB-ATTACKS X application to remote host attempt" 1364 = "WEB-ATTACKS lsof command attempt" 1365 = "WEB-ATTACKS rm command attempt" 1366 = "WEB-ATTACKS mail command attempt" 1367 = "WEB-ATTACKS mail command attempt" 1368 = "WEB-ATTACKS /bin/ls command attempt" 1369 = "WEB-ATTACKS /bin/ls command attempt" 1370 = "WEB-ATTACKS /etc/inetd.conf access" 1372 = "WEB-ATTACKS /etc/shadow access" 1373 = "WEB-ATTACKS conf/httpd.conf attempt" 1374 = "WEB-ATTACKS .htgroup access" 1375 = "WEB-MISC sadmind worm access" 1377 = "FTP wu-ftp bad file completion attempt (" 1378 = "FTP wu-ftp bad file completion attempt curly-bracket" 1379 = "FTP STAT overflow attempt" 1380 = "WEB-IIS cross-site scripting attempt" 1382 = "EXPLOIT CHAT IRC Ettercap parse overflow attempt" 1383 = "P2P Fastrack (kazaa/morpheus) GET request" 1385 = "WEB-MISC mod-plsql administration access" 1387 = "MS-SQL raiserror possible buffer overflow" 1389 = "WEB-MISC viewcode.jse access" 1394 = "SHELLCODE x86 NOOP" 1397 = "WEB-CGI wayboard attempt" 1398 = "EXPLOIT CDE dtspcd exploit attempt" 1399 = "WEB-PHP PHP-Nuke remote file include attempt" 1400 = "WEB-IIS /scripts/samples/ access" 1401 = "WEB-IIS /msadc/samples/ access" 1402 = "WEB-IIS iissamples access" 1408 = "DOS MSDTC attempt" 1411 = "SNMP public access udp" 1412 = "SNMP public access tcp" 1413 = "SNMP private access udp" 1414 = "SNMP private access tcp" 1415 = "SNMP Broadcast request" 1416 = "SNMP broadcast trap" 1417 = "SNMP request udp" 1418 = "SNMP request tcp" 1419 = "SNMP trap udp" 1420 = "SNMP trap tcp" 1422 = "SNMP community string buffer overflow attempt (with evasion)" 1431 = "BAD-TRAFFIC syn to multicast address" 1432 = "P2P GNUTella GET" 1435 = "DNS named authors attempt" 1441 = "TFTP GET nc.exe" 1442 = "TFTP GET shadow" 1443 = "TFTP GET passwd" 1444 = "TFTP Get" 1445 = "POLICY FTP file_id.diz access possible warez site" 1446 = "SMTP vrfy root" 1449 = "POLICY FTP anonymous (ftp) login attempt" 1450 = "SMTP expn *@" 1456 = "WEB-CGI calender_admin.pl access" 1457 = "WEB-CGI user_update_admin.pl access" 1463 = "CHAT IRC message" 1484 = "WEB-IIS /isapi/tstisapi.dll access" 1485 = "WEB-IIS mkilog.exe access" 1486 = "WEB-IIS ctss.idc access" 1487 = "WEB-IIS /iisadmpwd/aexp2.htr access" 1488 = "WEB-CGI store.cgi directory traversal attempt" 1490 = "WEB-PHP Phorum /support/common.php attempt" 1491 = "WEB-PHP Phorum /support/common.php access" 1492 = "WEB-MISC RBS ISP /newuser directory traversal attempt" 1497 = "WEB-MISC cross site scripting attempt" 1498 = "WEB-MISC PIX firewall manager directory traversal attempt" 1501 = "WEB-CGI a1stats a1disp3.cgi directory traversal attempt" 1503 = "WEB-CGI admentor admin.asp access" 1504 = "MISC AFS access" 1509 = "WEB-CGI AltaVista Intranet Search directory traversal attempt" 1519 = "WEB-MISC apache ?M=D directory list attempt" 1520 = "WEB-MISC server-info access" 1526 = "WEB-MISC basilix sendmail.inc access" 1527 = "WEB-MISC basilix mysql.class access" 1529 = "FTP SITE overflow attempt" 1530 = "FTP format string attempt" 1536 = "WEB-CGI calendar_admin.pl arbitrary command execution attempt" 1537 = "WEB-CGI calendar_admin.pl access" 1541 = "FINGER version query" 1544 = "WEB-MISC Cisco Catalyst command execution attempt" 1545 = "DOS Cisco attempt" 1546 = "WEB-MISC Cisco /%% DOS attempt" 1549 = "SMTP HELO overflow attempt" 1550 = "SMTP ETRN overflow attempt" 1562 = "FTP SITE CHOWN overflow attempt" 1567 = "WEB-IIS /exchange/root.asp attempt" 1568 = "WEB-IIS /exchange/root.asp access" 1569 = "WEB-CGI loadpage.cgi directory traversal attempt" 1571 = "WEB-CGI dcforum.cgi directory traversal attempt" 1579 = "WEB-MISC Domino webadmin.nsf access" 1595 = "WEB-IIS htimage.exe access" 1598 = "WEB-CGI Home Free search.cgi directory traversal attempt" 1600 = "WEB-CGI htsearch arbitrary configuration file attempt" 1601 = "WEB-CGI htsearch arbitrary file read attempt" 1602 = "WEB-CGI htsearch access" 1604 = "WEB-MISC iChat directory traversal attempt" 1605 = "DOS iParty DOS attempt" 1607 = "WEB-CGI HyperSeek hsx.cgi access" 1610 = "WEB-CGI formmail arbitrary command execution attempt" 1616 = "DNS named version attempt" 1618 = "WEB-IIS .asp Transfer-Encoding\\: chunked" 1621 = "FTP CMD overflow attempt" 1622 = "FTP RNFR ././ attempt" 1623 = "FTP invalid MODE" 1624 = "FTP large PWD command" 1625 = "FTP large SYST command" 1626 = "WEB-IIS /StoreCSVS/InstantOrder.asmx request" 1627 = "BAD-TRAFFIC Unassigned/Reserved IP protocol" 1628 = "WEB-CGI FormHandler.cgi directory traversal attempt attempt" 1631 = "CHAT AIM login" 1632 = "CHAT AIM send message" 1633 = "CHAT AIM receive message" 1636 = "MISC Xtramail Username overflow attempt" 1638 = "SCAN SSH Version map attempt" 1639 = "CHAT IRC DCC file transfer request" 1640 = "CHAT IRC DCC chat request" 1641 = "DOS DB2 dos attempt" 1645 = "WEB-CGI testcgi access" 1657 = "WEB-CGI pagelog.cgi directory traversal attempt" 1660 = "WEB-IIS trace.axd access" 1661 = "WEB-IIS cmd32.exe access" 1662 = "WEB-MISC /~ftp access" 1667 = "WEB-MISC cross site scripting \$img src=javascript\$ attempt" 1672 = "FTP CWD ~ attempt" 1673 = "ORACLE EXECUTE_SYSTEM attempt" 1674 = "ORACLE connect_data\$command=version\$ attempt" 1675 = "ORACLE misparsed login response" 1676 = "ORACLE select union attempt" 1677 = "ORACLE select like \\'%\\' attempt" 1678 = "ORACLE select like \\\\'%\\\\' attempt" 1679 = "ORACLE describe attempt" 1680 = "ORACLE all_constraints access" 1681 = "ORACLE all_views access" 1682 = "ORACLE all_source access" 1683 = "ORACLE all_tables access" 1684 = "ORACLE all_tab_columns access" 1685 = "ORACLE all_tab_privs access" 1686 = "ORACLE dba_tablespace access" 1687 = "ORACLE dba_tables access" 1688 = "ORACLE user_tablespace access" 1689 = "ORACLE sys.all_users access" 1690 = "ORACLE grant attempt" 1691 = "ORACLE ALTER USER attempt" 1692 = "ORACLE drop table attempt" 1693 = "ORACLE create table attempt" 1694 = "ORACLE alter table attempt" 1695 = "ORACLE truncate table attempt" 1696 = "ORACLE create database attempt" 1697 = "ORACLE alter database attempt" 1699 = "P2P Fastrack (kazaa/morpheus) traffic" 1701 = "WEB-CGI calendar-admin.pl access" 1703 = "WEB-CGI auktion.cgi directory traversal attempt" 1704 = "WEB-CGI cal_make.pl directory traversal attempt" 1719 = "WEB-CGI talkback.cgi directory traversal attempt" 1725 = "WEB-IIS +.htr code fragment attempt" 1726 = "WEB-IIS doctodep.btr access" 1728 = "FTP CWD ~ attempt" 1729 = "CHAT IRC channel join" 1730 = "WEB-CGI ustorekeeper.pl directory traversal attempt" 1732 = "RPC portmap rwalld request UDP" 1733 = "RPC portmap rwalld request TCP" 1734 = "FTP USER overflow attempt" 1739 = "WEB-PHP DNSTools administrator authentication bypass attempt" 1746 = "RPC portmap cachefsd request UDP" 1747 = "RPC portmap cachefsd request TCP" 1748 = "FTP command overflow attempt" 1750 = "WEB-IIS users.xml access" 1751 = "EXPLOIT cachefsd buffer overflow attempt" 1753 = "WEB-IIS as_web.exe access" 1754 = "WEB-IIS as_web4.exe access" 1755 = "IMAP partial body buffer overflow attempt" 1756 = "WEB-IIS NewsPro administration authentication attempt" 1759 = "MS-SQL xp_cmdshell program execution (445)" 1768 = "WEB-IIS header field buffer overflow attempt" 1772 = "WEB-IIS pbserver access" 1773 = "WEB-PHP php.exe access" 1775 = "MYSQL root login attempt" 1776 = "MYSQL show databases attempt" 1777 = "FTP EXPLOIT STAT * dos attempt" 1778 = "FTP EXPLOIT STAT ? dos attempt" 1779 = "FTP CWD .... attempt" 1781 = "PORN dildo" 1782 = "PORN nipple clamp" 1783 = "PORN oral sex" 1784 = "PORN nude celeb" 1785 = "PORN voyeur" 1786 = "PORN raw sex" 1789 = "CHAT IRC dns request" 1790 = "CHAT IRC dns response" 1791 = "BACKDOOR fragroute trojan connection attempt" 1793 = "PORN fetish" 1794 = "PORN masturbation" 1795 = "PORN ejaculation" 1796 = "PORN virgin" 1797 = "PORN BDSM" 1798 = "PORN erotica" 1799 = "PORN fisting" 1800 = "VIRUS Klez Incoming" 1805 = "WEB-CGI Oracle reports CGI access" 1806 = "WEB-IIS .htr Transfer-Encoding\\: chunked" 1808 = "WEB-MISC apache chunked encoding memory corruption exploit attempt" 1809 = "WEB-MISC Apache Chunked-Encoding worm attempt" 1810 = "ATTACK-RESPONSES successful gobbles ssh exploit (GOBBLE)" 1811 = "ATTACK-RESPONSES successful gobbles ssh exploit (uname)" 1812 = "EXPLOIT gobbles SSH exploit attempt" 1813 = "ICMP digital island bandwidth query" 1814 = "WEB-MISC CISCO VoIP DOS ATTEMPT" 1817 = "WEB-IIS MS Site Server default login attempt" 1818 = "WEB-IIS MS Site Server admin attempt" 1821 = "EXPLOIT LPD dvips remote command execution attempt" 1822 = "WEB-CGI alienform.cgi directory traversal attempt" 1823 = "WEB-CGI AlienForm af.cgi directory traversal attempt" 1827 = "WEB-MISC Tomcat servlet mapping cross site scripting attempt" 1828 = "WEB-MISC iPlanet Search directory traversal attempt" 1831 = "WEB-MISC jigsaw dos attempt" 1832 = "CHAT ICQ forced user addition" 1833 = "PORN naked lesbians" 1834 = "WEB-PHP PHP-Wiki cross site scripting attempt" 1835 = "WEB-MISC Macromedia SiteSpring cross site scripting attempt" 1836 = "PORN alt.binaries.pictures.erotica" 1837 = "PORN alt.binaries.pictures.tinygirls" 1838 = "EXPLOIT SSH server banner overflow" 1839 = "WEB-MISC mailman cross site scripting attempt" 1841 = "WEB-CLIENT Javascript URL host spoofing attempt" 1842 = "IMAP login buffer overflow attempt" 1843 = "BACKDOOR trinity connection attempt" 1844 = "IMAP authenticate overflow attempt" 1845 = "IMAP list literal overflow attempt" 1852 = "WEB-MISC robots.txt access" 1853 = "BACKDOOR win-trin00 connection attempt" 1854 = "DDOS Stacheldraht handler = agent (niggahbitch)" 1855 = "DDOS Stacheldraht agent = handler (skillz)" 1856 = "DDOS Stacheldraht handler = agent (ficken)" 1857 = "WEB-MISC robot.txt access" 1858 = "WEB-MISC CISCO PIX Firewall Manager directory traversal attempt" 1859 = "WEB-MISC Sun JavaServer default password login attempt" 1860 = "WEB-MISC Linksys router default password login attempt \$\\:admin\$" 1861 = "WEB-MISC Linksys router default password login attempt \$admin\\:admin\$" 1862 = "WEB-CGI mrtg.cgi directory traversal attempt" 1864 = "FTP SITE NEWER attempt" 1866 = "POP3 USER overflow attempt" 1871 = "WEB-MISC Oracle XSQLConfig.xml access" 1882 = "ATTACK-RESPONSES id check returned userid" 1883 = "ATTACK-RESPONSES id check returned nobody" 1884 = "ATTACK-RESPONSES id check returned web" 1885 = "ATTACK-RESPONSES id check returned http" 1886 = "ATTACK-RESPONSES id check returned apache" 1888 = "FTP SITE CPWD overflow attempt" 1890 = "RPC status GHBN format string attack" 1891 = "RPC status GHBN format string attack" 1892 = "SNMP null community string attempt" 1894 = "EXPLOIT kadmind buffer overflow attempt" 1895 = "EXPLOIT kadmind buffer overflow attempt" 1896 = "EXPLOIT kadmind buffer overflow attempt" 1897 = "EXPLOIT kadmind buffer overflow attempt" 1898 = "EXPLOIT kadmind buffer overflow attempt" 1899 = "EXPLOIT kadmind buffer overflow attempt" 1902 = "IMAP lsub literal overflow attempt" 1903 = "IMAP rename overflow attempt" 1904 = "IMAP find overflow attempt" 1905 = "RPC AMD UDP amqproc_mount plog overflow attempt" 1906 = "RPC AMD TCP amqproc_mount plog overflow attempt" 1907 = "RPC CMSD UDP CMSD_CREATE buffer overflow attempt" 1908 = "RPC CMSD TCP CMSD_CREATE buffer overflow attempt" 1909 = "RPC CMSD TCP CMSD_INSERT buffer overflow attempt" 1910 = "RPC CMSD udp CMSD_INSERT buffer overflow attempt" 1911 = "RPC sadmind UDP NETMGT_PROC_SERVICE CLIENT_DOMAIN overflow attempt" 1912 = "RPC sadmind TCP NETMGT_PROC_SERVICE CLIENT_DOMAIN overflow attempt" 1913 = "RPC STATD UDP stat mon_name format string exploit attempt" 1914 = "RPC STATD TCP stat mon_name format string exploit attempt" 1915 = "RPC STATD UDP monitor mon_name format string exploit attempt" 1916 = "RPC STATD TCP monitor mon_name format string exploit attempt" 1917 = "SCAN UPnP service discover attempt" 1918 = "SCAN SolarWinds IP scan attempt" 1919 = "FTP CWD overflow attempt" 1920 = "FTP SITE NEWER overflow attempt" 1921 = "FTP SITE ZIPCHK attempt" 1922 = "RPC portmap proxy attempt TCP" 1923 = "RPC portmap proxy attempt UDP" 1924 = "RPC mountd UDP export request" 1925 = "RPC mountd TCP exportall request" 1926 = "RPC mountd UDP exportall request" 1927 = "FTP authorized_keys" 1928 = "FTP shadow retrieval attempt" 1929 = "BACKDOOR TCPDUMP/PCAP trojan traffic" 1930 = "IMAP auth overflow attempt" 1941 = "TFTP filename overflow attempt" 1942 = "FTP RMDIR overflow attempt" 1945 = "WEB-IIS unicode directory traversal attempt" 1946 = "WEB-MISC answerbook2 admin attempt" 1948 = "DNS zone transfer UDP" 1949 = "RPC portmap SET attempt TCP 111" 1950 = "RPC portmap SET attempt UDP 111" 1951 = "RPC mountd TCP mount request" 1952 = "RPC mountd UDP mount request" 1953 = "RPC AMD TCP pid request" 1954 = "RPC AMD UDP pid request" 1955 = "RPC AMD TCP version request" 1956 = "RPC AMD UDP version request" 1963 = "RPC RQUOTA getquota overflow attempt UDP" 1964 = "RPC tooltalk UDP overflow attempt" 1965 = "RPC tooltalk TCP overflow attempt" 1970 = "WEB-IIS MDAC Content-Type overflow attempt" 1971 = "FTP SITE EXEC format string attempt" 1972 = "FTP PASS overflow attempt" 1973 = "FTP MKD overflow attempt" 1974 = "FTP REST overflow attempt" 1976 = "FTP RMD overflow attempt" 1980 = "BACKDOOR DeepThroat 3.1 Connection attempt" 1981 = "BACKDOOR DeepThroat 3.1 Connection attempt (3150)" 1982 = "BACKDOOR DeepThroat 3.1 Server Response (3150)" 1983 = "BACKDOOR DeepThroat 3.1 Connection attempt (4120)" 1984 = "BACKDOOR DeepThroat 3.1 Server Response (4120)" 1985 = "BACKDOOR Doly 1.5 server response" 1986 = "CHAT MSN file transfer request" 1987 = "MISC xfs overflow attempt" 1988 = "CHAT MSN file transfer accept" 1989 = "CHAT MSN file transfer reject" 1990 = "CHAT MSN user search" 1991 = "CHAT MSN login attempt" 1992 = "FTP LIST directory traversal attempt" 1993 = "IMAP login literal buffer overflow attempt" 2000 = "WEB-PHP readmsg.php access" 2001 = "WEB-CGI smartsearch.cgi access" 2002 = "WEB-PHP external include path" 2003 = "MS-SQL Worm propagation attempt" 2004 = "MS-SQL Worm propagation attempt OUTBOUND" 2005 = "RPC portmap kcms_server request UDP" 2006 = "RPC portmap kcms_server request TCP" 2007 = "RPC kcms_server directory traversal attempt" 2008 = "MISC CVS invalid user authentication response" 2009 = "MISC CVS invalid repository response" 2010 = "MISC CVS double free exploit attempt response" 2011 = "MISC CVS invalid directory response" 2012 = "MISC CVS missing cvsroot response" 2013 = "MISC CVS invalid module response" 2014 = "RPC portmap UNSET attempt TCP 111" 2015 = "RPC portmap UNSET attempt UDP 111" 2016 = "RPC portmap status request TCP" 2017 = "RPC portmap espd request UDP" 2018 = "RPC mountd TCP dump request" 2019 = "RPC mountd UDP dump request" 2020 = "RPC mountd TCP unmount request" 2021 = "RPC mountd UDP unmount request" 2022 = "RPC mountd TCP unmountall request" 2023 = "RPC mountd UDP unmountall request" 2024 = "RPC RQUOTA getquota overflow attempt TCP" 2025 = "RPC yppasswd username overflow attempt UDP" 2026 = "RPC yppasswd username overflow attempt TCP" 2027 = "RPC yppasswd old password overflow attempt UDP" 2028 = "RPC yppasswd old password overflow attempt TCP" 2029 = "RPC yppasswd new password overflow attempt UDP" 2030 = "RPC yppasswd new password overflow attempt TCP" 2031 = "RPC yppasswd user update UDP" 2032 = "RPC yppasswd user update TCP" 2033 = "RPC ypserv maplist request UDP" 2034 = "RPC ypserv maplist request TCP" 2035 = "RPC portmap network-status-monitor request UDP" 2036 = "RPC portmap network-status-monitor request TCP" 2037 = "RPC network-status-monitor mon-callback request UDP" 2038 = "RPC network-status-monitor mon-callback request TCP" 2039 = "MISC bootp hostname format string attempt" 2040 = "POLICY xtacacs login attempt" 2041 = "MISC xtacacs failed login response" 2042 = "POLICY xtacacs accepted login response" 2043 = "MISC isakmp login failed" 2044 = "POLICY PPTP setup attempt" 2045 = "RPC snmpXdmi overflow attempt UDP" 2046 = "IMAP partial body.peek buffer overflow attempt" 2047 = "MISC rsyncd module list access" 2048 = "MISC rsyncd overflow attempt" 2049 = "MS-SQL ping attempt" 2050 = "MS-SQL version overflow attempt" 2051 = "WEB-CGI cached_feed.cgi moreover shopping cart access" 2052 = "WEB-CGI overflow.cgi access" 2053 = "WEB-CGI process_bug.cgi access" 2054 = "WEB-CGI enter_bug.cgi arbitrary command attempt" 2055 = "WEB-CGI enter_bug.cgi access" 2056 = "WEB-MISC TRACE attempt" 2057 = "WEB-MISC helpout.exe access" 2058 = "WEB-MISC MsmMask.exe attempt" 2059 = "WEB-MISC MsmMask.exe access" 2060 = "WEB-MISC DB4Web access" 2061 = "WEB-MISC Tomcat null byte directory listing attempt" 2062 = "WEB-MISC iPlanet .perf access" 2063 = "WEB-MISC Demarc SQL injection attempt" 2064 = "WEB-MISC Lotus Notes .csp script source download attempt" 2065 = "WEB-MISC Lotus Notes .csp script source download attempt" 2066 = "WEB-MISC Lotus Notes .pl script source download attempt" 2067 = "WEB-MISC Lotus Notes .exe script source download attempt" 2068 = "WEB-MISC BitKeeper arbitrary command attempt" 2069 = "WEB-MISC chip.ini access" 2070 = "WEB-MISC post32.exe arbitrary command attempt" 2071 = "WEB-MISC post32.exe access" 2072 = "WEB-MISC lyris.pl access" 2073 = "WEB-MISC globals.pl access" 2074 = "WEB-PHP Mambo uploadimage.php upload php file attempt" 2075 = "WEB-PHP Mambo upload.php upload php file attempt" 2076 = "WEB-PHP Mambo uploadimage.php access" 2077 = "WEB-PHP Mambo upload.php access" 2078 = "WEB-PHP phpBB privmsg.php access" 2079 = "RPC portmap nlockmgr request UDP" 2080 = "RPC portmap nlockmgr request TCP" 2081 = "RPC portmap rpc.xfsmd request UDP" 2082 = "RPC portmap rpc.xfsmd request TCP" 2083 = "RPC rpc.xfsmd xfs_export attempt UDP" 2084 = "RPC rpc.xfsmd xfs_export attempt TCP" 2085 = "WEB-CGI parse_xml.cgi access" 2086 = "WEB-CGI streaming server parse_xml.cgi access" 2087 = "SMTP >From comment overflow attempt" 2088 = "RPC ypupdated arbitrary command attempt UDP" 2089 = "RPC ypupdated arbitrary command attempt TCP" 2090 = "WEB-IIS WEBDAV exploit attempt" 2091 = "WEB-IIS WEBDAV nessus safe scan attempt" 2092 = "RPC portmap proxy integer overflow attempt UDP" 2093 = "RPC portmap proxy integer overflow attempt TCP" 2094 = "RPC CMSD UDP CMSD_CREATE array buffer overflow attempt" 2095 = "RPC CMSD TCP CMSD_CREATE array buffer overflow attempt" 2100 = "BACKDOOR SubSeven 2.1 Gold server connection response" 2101 = "NETBIOS SMB SMB_COM_TRANSACTION Max Parameter and Max Count of 0 DOS Attempt" 2102 = "NETBIOS SMB SMB_COM_TRANSACTION Max Data Count of 0 DOS Attempt" 2103 = "NETBIOS SMB trans2open buffer overflow attempt" 2104 = "ATTACK-RESPONSES rexec username too long response" 2105 = "IMAP authenticate literal overflow attempt" 2106 = "IMAP lsub overflow attempt" 2107 = "IMAP create buffer overflow attempt" 2108 = "POP3 CAPA overflow attempt" 2109 = "POP3 TOP overflow attempt" 2110 = "POP3 STAT overflow attempt" 2111 = "POP3 DELE overflow attempt" 2112 = "POP3 RSET overflow attempt" 2113 = "RSERVICES rexec username overflow attempt" 2114 = "RSERVICES rexec password overflow attempt" 2115 = "WEB-CGI album.pl access" 2116 = "WEB-CGI chipcfg.cgi access" 2117 = "WEB-IIS Battleaxe Forum login.asp access" 2118 = "IMAP list overflow attempt" 2119 = "IMAP rename literal overflow attempt" 2120 = "IMAP create literal buffer overflow attempt" 2121 = "POP3 DELE negative arguement attempt" 2122 = "POP3 UIDL negative arguement attempt" 2123 = "ATTACK-RESPONSES Microsoft cmd.exe banner" 2124 = "BACKDOOR Remote PC Access connection attempt" 2125 = "FTP CWD C:\\\\" 2126 = "MISC Microsoft PPTP Start Control Request buffer overflow attempt" 2127 = "WEB-CGI ikonboard.cgi access" 2128 = "WEB-CGI swsrv.cgi access" 2129 = "WEB-IIS nsiislog.dll access" 2130 = "WEB-IIS IISProtect siteadmin.asp access" 2131 = "WEB-IIS IISProtect access" 2132 = "WEB-IIS Synchrologic Email Accelerator userid list access attempt" 2133 = "WEB-IIS MS BizTalk server access" 2134 = "WEB-IIS register.asp access" 2135 = "WEB-MISC philboard.mdb access" 2136 = "WEB-MISC philboard_admin.asp authentication bypass attempt" 2137 = "WEB-MISC philboard_admin.asp access" 2138 = "WEB-MISC logicworks.ini access" 2139 = "WEB-MISC /*.shtml access" 2140 = "WEB-PHP p-news.php access" 2141 = "WEB-PHP shoutbox.php directory traversal attempt" 2142 = "WEB-PHP shoutbox.php access" 2143 = "WEB-PHP b2 cafelog gm-2-b2.php remote command execution attempt" 2144 = "WEB-PHP b2 cafelog gm-2-b2.php access" 2145 = "WEB-PHP TextPortal admin.php default password (admin) attempt" 2146 = "WEB-PHP TextPortal admin.php default password (12345) attempt" 2147 = "WEB-PHP BLNews objects.inc.php4 remote command execution attempt" 2148 = "WEB-PHP BLNews objects.inc.php4 access" 2149 = "WEB-PHP Turba status.php access" 2150 = "WEB-PHP ttCMS header.php remote command execution attempt" 2151 = "WEB-PHP ttCMS header.php access" 2152 = "WEB-PHP test.php access" 2153 = "WEB-PHP autohtml.php directory traversal attempt" 2154 = "WEB-PHP autohtml.php access" 2155 = "WEB-PHP ttforum remote command execution attempt" 2156 = "WEB-MISC mod_gzip_status access" 2157 = "WEB-IIS IISProtect GlobalAdmin.asp access" 2158 = "MISC BGP invalid length" 2159 = "MISC BGP invalid type (0)" 2160 = "VIRUS OUTBOUND .exe file attachment" 2161 = "VIRUS OUTBOUND .doc file attachment" 2162 = "VIRUS OUTBOUND .hta file attachment" 2163 = "VIRUS OUTBOUND .chm file attachment" 2164 = "VIRUS OUTBOUND .reg file attachment" 2165 = "VIRUS OUTBOUND .ini file attachment" 2166 = "VIRUS OUTBOUND .bat file attachment" 2167 = "VIRUS OUTBOUND .diz file attachment" 2168 = "VIRUS OUTBOUND .cpp file attachment" 2169 = "VIRUS OUTBOUND .dll file attachment" 2170 = "VIRUS OUTBOUND .vxd file attachment" 2171 = "VIRUS OUTBOUND .sys file attachment" 2172 = "VIRUS OUTBOUND .com file attachment" 2173 = "VIRUS OUTBOUND .hsq file attachment" 2174 = "NETBIOS SMB winreg access" 2175 = "NETBIOS SMB winreg access (unicode)" 2176 = "NETBIOS SMB Startup Folder access attempt" 2177 = "NETBIOS SMB Startup Folder access attempt (unicode)" 2180 = "P2P BitTorrent announce request" 2181 = "P2P BitTorrent transfer" 2183 = "SMTP Content-Transfer-Encoding overflow attempt" 2186 = "BAD-TRAFFIC IP Proto 53 (SWIPE)" 2187 = "BAD-TRAFFIC IP Proto 55 (IP Mobility)" 2188 = "BAD-TRAFFIC IP Proto 77 (Sun ND)" 2189 = "BAD-TRAFFIC IP Proto 103 (PIM)" 2190 = "NETBIOS DCERPC invalid bind attempt" 2191 = "NETBIOS SMB DCERPC invalid bind attempt" 2192 = "NETBIOS DCERPC ISystemActivator bind attempt" 2193 = "NETBIOS SMB DCERPC ISystemActivator bind attempt" } # rule } # snort2_syslog } # log_formats directory = "{=if (_PLATFORM eq \"UNIX\") then lang_stats.unix_directory else lang_stats.windows_directory;=}" directories = "{=if (_PLATFORM eq \"UNIX\") then lang_stats.unix_directories else lang_stats.windows_directories;=}" # Translate these words unix_directory = "directory" unix_directories = "directories" windows_directory = "folder" windows_directories = "folders" } # lang_stats