Global Fields (4)
| Field | Type |
|---|---|
ngs.createdAt Timestamp when the event was created locally. | pdate |
ngs.id Unique identifier for the log entry. | string |
ngs.indexedAt Timestamp when the log was indexed into the SIEM. | pdate |
ngs.source Origin or source system of the log. | string |
Generic Fields (7)
These are common fields that appear across multiple namespaces. They represent attributes that are inherited or reused from a global schema— things like timestamps, unique identifiers, user IDs, or status codes that every namespace needs. By sharing these fields, we ensure consistency and make it easy to run cross-namespace searches and reports.
| Field | Reference-Specific Fields | Type |
|---|---|---|
gen.firewall.action Firewall action taken (e.g., allow, block, drop). | genuaPf.action | strings |
gen.firewall.direction Traffic direction (e.g., inbound, outbound). | genuaPf.direction | strings |
gen.dest.ip Destination IP address. | genuaPf.dstIp | text_general |
gen.dest.port Destination port number. | genuaPf.dstPort | pint |
gen.firewall.rule Firewall rule that triggered the event. | genuaPf.ruleNumber | strings |
gen.src.ip Source IP address. | genuaPf.srcIp | text_general |
gen.src.port Source port number. | genuaPf.srcPort | pint |
Reference-Specific Fields (17)
| Field | Type |
|---|---|
genuaPf.action Actual action taken on the packet (e.g., pass, block). | string |
genuaPf.direction Direction of the packet (in/out). | string |
genuaPf.dstIp Destination IP address of the packet. | text_general |
genuaPf.dstPort Destination port number of the packet. | pint |
genuaPf.id Unique identifier for this log entry. | plong |
genuaPf.interface Network interface on which the packet was seen. | string |
genuaPf.len Length of the packet in bytes. | plong |
genuaPf.msg Human-readable log message describing the event. | text_general |
genuaPf.pid Process ID that generated the log entry (if applicable). | plong |
genuaPf.reason Reason code or description for why the packet was matched or blocked. | text_general |
genuaPf.ruleAction Action configured in the rule (e.g., pass, block). | string |
genuaPf.ruleNumber Sequential number of the matching rule in the ruleset. | plong |
genuaPf.ruleTarget The filter rule's target table or anchor. | string |
genuaPf.srcIp Source IP address of the packet. | text_general |
genuaPf.srcPort Source port number of the packet. | pint |
genuaPf.ttl Time-to-live value of the packet. | plong |
genuaPf.uid Numeric user ID associated with the connection. | plong |
Sample Log Event
Below is a representative JSON log entry showing key fields as they're emitted by the system. Depending on the context of the event, some fields may be omitted if they're not applicable.