Exportable alert log entry fields
Alert log entry fields are described in the following table. Because the fields are exportable, the table includes the syslog export field.
| Field | Syslog export field | Description |
|---|---|---|
| Acknowledged | ACK | Acknowledged alert. |
| Alert Type | ALERT | Type of alert. |
| Component ID | COMP_ID | The identifier of the creator of the log entry. |
| Creation Time | TIMESTAMP | Log entry creation time. |
| Dst Addr | DST | Packet destination IP address. |
| Dst Port | DPORT | TCP or UDP destination port in the packet header. |
| Event ID | EVENT_ID | Event identifier, unique within one sender. |
| Information message | INFO_MSG | A description of the log event that further explains the entry. |
| Protocol | PROTOCOL | Connection IP protocol. |
| Reception time | RECEPTION_TIME | Time when the entry was received by the Log Server. |
| Reference event ID | REF_EVENT | Reference to a related event. |
| Rule Tag | RULE_ID | Rule tag of the rule that triggered the log event. |
| Sender | NODE_ID | IP address of the engine or server that sent the log entry. |
| Sender type | SENDER_TYPE | The type of engine or server that sent the log entry. |
| Severity | ALERT_SEVERITY | Severity of the situation related to the alert event. |
| Situation | SITUATION | The identifier of the situation that triggered the log event. |
| Src Port | SPORT | TCP or UDP source port in the packet header. |