Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Event 1 (node.firewall.FirewallEvent):
- Useful information - ruleId, blocked, flagged, Protocol & sessionId
- {
- "_index": "logstash-2015.04.21",
- "_type": "modify_this",
- "_id": "AUzbirgQl3tTMJhXjRTL",
- "_score": null,
- "_source": {
- "message": "<142>Apr 21 11:34:01 localhost node-17: [SyslogManagerImpl] <TCP_93650930808539> INFO uvm[0]: {\"timeStamp\":\"2015-04-21 11:34:01.384\",\"sessionId\":93650930808539,\"tag\":\"uvm[0]: \",\"ruleId\":100001,\"flagged\":true,\"class\":\"class com.untangle.node.firewall.FirewallEvent\",\"blocked\":false}",
- "@version": "1",
- "@timestamp": "2015-04-21T10:34:01.384Z",
- "host": "10.0.0.1",
- "type": "modify_this",
- "priority": "142",
- "syslogtimestamp": "Apr 21 11:34:01",
- "Protocol": "TCP_93650930808539",
- "Severity": "INFO",
- "jsonmessage": "{\"timeStamp\":\"2015-04-21 11:34:01.384\",\"sessionId\":93650930808539,\"tag\":\"uvm[0]: \",\"ruleId\":100001,\"flagged\":true,\"class\":\"class com.untangle.node.firewall.FirewallEvent\",\"blocked\":false}",
- "tags": [
- "untangle-syslog"
- ],
- "timeStamp": "2015-04-21 11:34:01.384",
- "sessionId": 93650930808539,
- "tag": "uvm[0]: ",
- "ruleId": 100001,
- "flagged": true,
- "class": "node.firewall.FirewallEvent",
- "blocked": false
- },
- "fields": {
- "@timestamp": [
- 1429612441384
- ]
- },
- "highlight": {
- "message": [
- "<142>Apr 21 11:34:01 localhost node-17: [SyslogManagerImpl] <@kibana-highlighted-field@TCP_93650930808539@/kibana-highlighted-field@> INFO uvm[0"
- ],
- "Protocol": [
- "@kibana-highlighted-field@TCP_93650930808539@/kibana-highlighted-field@"
- ]
- },
- "sort": [
- 1429612441384
- ]
- }
- Event 2 (node.http.HttpRequestEvent):
- Useful information: Requested URI, websiteHost, sessionId, Protocol, username & hostname
- {
- "_index": "logstash-2015.04.21",
- "_type": "modify_this",
- "_id": "AUzbirt8l3tTMJhXjRTZ",
- "_score": null,
- "_source": {
- "message": "<142>Apr 21 11:34:01 localhost node-17: [SyslogManagerImpl] <TCP93650930808539> INFO uvm[0]: {\"requestUri\":\"/complete/search?output=firefox&client=firefox&hl=en-GB&q=New+Look+head+office+\",\"host\":\"suggestqueries.google.com\",\"timeStamp\":\"2015-04-21 11:34:01.401\",\"requestId\":93650930717290,\"sessionId\":93650930808539,\"tag\":\"uvm[0]: \",\"class\":\"class com.untangle.node.http.HttpRequestEvent\",\"method\":\"GET\",\"sessionEvent\":{\"protocol\":6,\"timeStamp\":\"2015-04-21 11:34:01.384\",\"SClientAddr\":\"/192.168.1.11\",\"tag\":\"uvm[0]: \",\"CServerAddr\":\"/216.58.210.46\",\"protocolName\":\"TCP\",\"CClientAddr\":\"/10.0.9.30\",\"class\":\"class com.untangle.uvm.node.SessionEvent\",\"hostname\":\"SQ-G-F4\",\"SClientPort\":14150,\"serverIntf\":1,\"CServerPort\":80,\"username\":\"dpassey\",\"clientIntf\":2,\"policyId\":18,\"sessionId\":93650930808539,\"SServerPort\":80,\"SServerAddr\":\"/216.58.210.46\",\"CClientPort\":2548},\"contentLength\":0}",
- "@version": "1",
- "@timestamp": "2015-04-21T10:34:01.401Z",
- "host": "10.0.0.1",
- "type": "modify_this",
- "priority": "142",
- "syslogtimestamp": "Apr 21 11:34:01",
- "Protocol": "TCP93650930808539",
- "Severity": "INFO",
- "jsonmessage": "{\"requestUri\":\"/complete/search?output=firefox&client=firefox&hl=en-GB&q=New+Look+head+office+\",\"websiteHost\":\"suggestqueries.google.com\",\"timeStamp\":\"2015-04-21 11:34:01.401\",\"requestId\":93650930717290,\"sessionId\":93650930808539,\"tag\":\"uvm[0]: \",\"class\":\"class com.untangle.node.http.HttpRequestEvent\",\"method\":\"GET\",\"sessionEvent\":{\"protocol\":6,\"timeStamp\":\"2015-04-21 11:34:01.384\",\"SClientAddr\":\"/192.168.1.11\",\"tag\":\"uvm[0]: \",\"CServerAddr\":\"/216.58.210.46\",\"protocolName\":\"TCP\",\"CClientAddr\":\"/10.0.9.30\",\"class\":\"class com.untangle.uvm.node.SessionEvent\",\"hostname\":\"SQ-G-F4\",\"SClientPort\":14150,\"serverIntf\":1,\"CServerPort\":80,\"username\":\"dpassey\",\"clientIntf\":2,\"policyId\":18,\"sessionId\":93650930808539,\"SServerPort\":80,\"SServerAddr\":\"/216.58.210.46\",\"CClientPort\":2548},\"contentLength\":0}",
- "tags": [
- "untangle-syslog"
- ],
- "requestUri": "/complete/search?output=firefox&client=firefox&hl=en-GB&q=New+Look+head+office+",
- "websiteHost": "suggestqueries.google.com",
- "timeStamp": "2015-04-21 11:34:01.401",
- "requestId": 93650930717290,
- "sessionId": 93650930808539,
- "tag": "uvm[0]: ",
- "class": "node.http.HttpRequestEvent",
- "method": "GET",
- "sessionEvent": {
- "protocol": 6,
- "timeStamp": "2015-04-21 11:34:01.384",
- "SClientAddr": "/192.168.1.11",
- "tag": "uvm[0]: ",
- "CServerAddr": "/216.58.210.46",
- "protocolName": "TCP",
- "CClientAddr": "/10.0.9.30",
- "class": "class com.untangle.uvm.node.SessionEvent",
- "hostname": "SQ-G-F4",
- "SClientPort": 14150,
- "serverIntf": 1,
- "CServerPort": 80,
- "username": "dpassey",
- "clientIntf": 2,
- "policyId": 18,
- "sessionId": 93650930808539,
- "SServerPort": 80,
- "SServerAddr": "/216.58.210.46",
- "CClientPort": 2548
- },
- "contentLength": 0
- },
- "fields": {
- "@timestamp": [
- 1429612441401
- ]
- },
- "highlight": {
- "message": [
- "<142>Apr 21 11:34:01 localhost node-17: [SyslogManagerImpl] <@kibana-highlighted-field@TCP93650930808539@/kibana-highlighted-field@> INFO uvm[0"
- ],
- "Protocol": [
- "@kibana-highlighted-field@TCP93650930808539@/kibana-highlighted-field@"
- ]
- },
- "sort": [
- 1429612441401
- ]
- }
- Event 3 (node.webfilter.WebFilterEvent):
- Useful information: blocked, flagged, category, Protocol
- {
- "_index": "logstash-2015.04.21",
- "_type": "modify_this",
- "_id": "AUzbirt8l3tTMJhXjRTa",
- "_score": null,
- "_source": {
- "message": "<142>Apr 21 11:34:01 localhost node-17: [SyslogManagerImpl] <TCP93650930808539> INFO uvm[0]: {\"category\":\"Search Engines\",\"timeStamp\":\"2015-04-21 11:34:01.402\",\"reason\":\"BLOCK_CATEGORY\",\"tag\":\"uvm[0]: \",\"flagged\":true,\"nodeName\":\"sitefilter\",\"class\":\"class com.untangle.node.webfilter.WebFilterEvent\",\"blocked\":false}",
- "@version": "1",
- "@timestamp": "2015-04-21T10:34:01.402Z",
- "host": "10.0.0.1",
- "type": "modify_this",
- "priority": "142",
- "syslogtimestamp": "Apr 21 11:34:01",
- "Protocol": "TCP93650930808539",
- "Severity": "INFO",
- "jsonmessage": "{\"category\":\"Search Engines\",\"timeStamp\":\"2015-04-21 11:34:01.402\",\"reason\":\"BLOCK_CATEGORY\",\"tag\":\"uvm[0]: \",\"flagged\":true,\"nodeName\":\"sitefilter\",\"class\":\"class com.untangle.node.webfilter.WebFilterEvent\",\"blocked\":false}",
- "tags": [
- "untangle-syslog"
- ],
- "category": "Search Engines",
- "timeStamp": "2015-04-21 11:34:01.402",
- "reason": "BLOCK_CATEGORY",
- "tag": "uvm[0]: ",
- "flagged": true,
- "nodeName": "sitefilter",
- "class": "node.webfilter.WebFilterEvent",
- "blocked": false
- },
- "fields": {
- "@timestamp": [
- 1429612441402
- ]
- },
- "highlight": {
- "message": [
- "<142>Apr 21 11:34:01 localhost node-17: [SyslogManagerImpl] <@kibana-highlighted-field@TCP93650930808539@/kibana-highlighted-field@> INFO uvm[0"
- ],
- "Protocol": [
- "@kibana-highlighted-field@TCP93650930808539@/kibana-highlighted-field@"
- ]
- },
- "sort": [
- 1429612441402
- ]
- }
- Event 4 (node.http.HttpResponseEvent):
- Useful information: Protocol
- {
- "_index": "logstash-2015.04.21",
- "_type": "modify_this",
- "_id": "AUzbiriIl3tTMJhXjRTO",
- "_score": null,
- "_source": {
- "message": "<142>Apr 21 11:34:01 localhost node-17: [SyslogManagerImpl] <TCP93650930808539> INFO uvm[0]: {\"requestLine\":\"RequestLine length: 91 (com.untangle.node.http.RequestLine@2f4bc4e6)\",\"timeStamp\":\"2015-04-21 11:34:01.44\",\"tag\":\"uvm[0]: \",\"class\":\"class com.untangle.node.http.HttpResponseEvent\",\"contentType\":\"text/javascript\",\"contentLength\":133}",
- "@version": "1",
- "@timestamp": "2015-04-21T10:34:01.440Z",
- "host": "10.0.0.1",
- "type": "modify_this",
- "priority": "142",
- "syslogtimestamp": "Apr 21 11:34:01",
- "Protocol": "TCP93650930808539",
- "Severity": "INFO",
- "jsonmessage": "{\"requestLine\":\"RequestLine length: 91 (com.untangle.node.http.RequestLine@2f4bc4e6)\",\"timeStamp\":\"2015-04-21 11:34:01.44\",\"tag\":\"uvm[0]: \",\"class\":\"class com.untangle.node.http.HttpResponseEvent\",\"contentType\":\"text/javascript\",\"contentLength\":133}",
- "tags": [
- "untangle-syslog"
- ],
- "requestLine": "RequestLine length: 91 (com.untangle.node.http.RequestLine@2f4bc4e6)",
- "timeStamp": "2015-04-21 11:34:01.44",
- "tag": "uvm[0]: ",
- "class": "node.http.HttpResponseEvent",
- "contentType": "text/javascript",
- "contentLength": 133
- },
- "fields": {
- "@timestamp": [
- 1429612441440
- ]
- },
- "highlight": {
- "message": [
- "<142>Apr 21 11:34:01 localhost node-17: [SyslogManagerImpl] <@kibana-highlighted-field@TCP93650930808539@/kibana-highlighted-field@> INFO uvm[0"
- ],
- "Protocol": [
- "@kibana-highlighted-field@TCP93650930808539@/kibana-highlighted-field@"
- ]
- },
- "sort": [
- 1429612441440
- ]
- }
- Event 5 (node.classd.ClassDLogEvent):
- Useful information: Protocol, flagged, blocked, hostname, username
- {
- "_index": "logstash-2015.04.21",
- "_type": "modify_this",
- "_id": "AUzbiriIl3tTMJhXjRTN",
- "_score": null,
- "_source": {
- "message": "<142>Apr 21 11:34:01 localhost node-17: [SyslogManagerImpl] <TCP93650930808539> INFO uvm[0]: {\"application\":\"GOOGLE\",\"detail\":\"\",\"timeStamp\":\"2015-04-21 11:34:01.44\",\"tag\":\"uvm[0]: \",\"flagged\":false,\"state\":3,\"class\":\"class com.untangle.node.classd.ClassDLogEvent\",\"blocked\":false,\"confidence\":100,\"sessionEvent\":{\"protocol\":6,\"timeStamp\":\"2015-04-21 11:34:01.384\",\"SClientAddr\":\"/192.168.1.11\",\"tag\":\"uvm[0]: \",\"CServerAddr\":\"/216.58.210.46\",\"protocolName\":\"TCP\",\"CClientAddr\":\"/10.0.9.30\",\"class\":\"class com.untangle.uvm.node.SessionEvent\",\"hostname\":\"SQ-G-F4\",\"SClientPort\":14150,\"serverIntf\":1,\"CServerPort\":80,\"username\":\"dpassey\",\"clientIntf\":2,\"policyId\":18,\"sessionId\":93650930808539,\"SServerPort\":80,\"SServerAddr\":\"/216.58.210.46\",\"CClientPort\":2548},\"protochain\":\"/TCP/HTTP/GOOGLE\"}",
- "@version": "1",
- "@timestamp": "2015-04-21T10:34:01.440Z",
- "host": "10.0.0.1",
- "type": "modify_this",
- "priority": "142",
- "syslogtimestamp": "Apr 21 11:34:01",
- "Protocol": "TCP93650930808539",
- "Severity": "INFO",
- "jsonmessage": "{\"application\":\"GOOGLE\",\"detail\":\"\",\"timeStamp\":\"2015-04-21 11:34:01.44\",\"tag\":\"uvm[0]: \",\"flagged\":false,\"state\":3,\"class\":\"class com.untangle.node.classd.ClassDLogEvent\",\"blocked\":false,\"confidence\":100,\"sessionEvent\":{\"protocol\":6,\"timeStamp\":\"2015-04-21 11:34:01.384\",\"SClientAddr\":\"/192.168.1.11\",\"tag\":\"uvm[0]: \",\"CServerAddr\":\"/216.58.210.46\",\"protocolName\":\"TCP\",\"CClientAddr\":\"/10.0.9.30\",\"class\":\"class com.untangle.uvm.node.SessionEvent\",\"hostname\":\"SQ-G-F4\",\"SClientPort\":14150,\"serverIntf\":1,\"CServerPort\":80,\"username\":\"dpassey\",\"clientIntf\":2,\"policyId\":18,\"sessionId\":93650930808539,\"SServerPort\":80,\"SServerAddr\":\"/216.58.210.46\",\"CClientPort\":2548},\"protochain\":\"/TCP/HTTP/GOOGLE\"}",
- "tags": [
- "untangle-syslog"
- ],
- "application": "GOOGLE",
- "detail": "",
- "timeStamp": "2015-04-21 11:34:01.44",
- "tag": "uvm[0]: ",
- "flagged": false,
- "state": 3,
- "class": "node.classd.ClassDLogEvent",
- "blocked": false,
- "confidence": 100,
- "sessionEvent": {
- "protocol": 6,
- "timeStamp": "2015-04-21 11:34:01.384",
- "SClientAddr": "/192.168.1.11",
- "tag": "uvm[0]: ",
- "CServerAddr": "/216.58.210.46",
- "protocolName": "TCP",
- "CClientAddr": "/10.0.9.30",
- "class": "class com.untangle.uvm.node.SessionEvent",
- "hostname": "SQ-G-F4",
- "SClientPort": 14150,
- "serverIntf": 1,
- "CServerPort": 80,
- "username": "dpassey",
- "clientIntf": 2,
- "policyId": 18,
- "sessionId": 93650930808539,
- "SServerPort": 80,
- "SServerAddr": "/216.58.210.46",
- "CClientPort": 2548
- },
- "protochain": "/TCP/HTTP/GOOGLE"
- },
- "fields": {
- "@timestamp": [
- 1429612441440
- ]
- },
- "highlight": {
- "message": [
- "<142>Apr 21 11:34:01 localhost node-17: [SyslogManagerImpl] <@kibana-highlighted-field@TCP93650930808539@/kibana-highlighted-field@> INFO uvm[0"
- ],
- "Protocol": [
- "@kibana-highlighted-field@TCP93650930808539@/kibana-highlighted-field@"
- ]
- },
- "sort": [
- 1429612441440
- ]
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement