SonicWall

SonicWall firewall logs covering traffic flows, threat prevention events, user auth and hardware status.

Global Fields (4)

FieldType
ngs.id
Unique identifier for the log entry.
string
ngs.createdAt
Timestamp when the event was created locally.
pdate
ngs.indexedAt
Timestamp when the log was indexed into the SIEM.
pdate
ngs.source
Origin or source system of the log.
string

Reference-Specific Fields (90)

FieldType
sonicwall.app
SonicWall application identifier field.
string
sonicwall.appName
SonicWall application name field.
text_general
sonicwall.c
SonicWall connection count field.
string
sonicwall.category
SonicWall category identifier field.
string
sonicwall.category_legacy
SonicWall legacy category field.
string
sonicwall.cdur
SonicWall connection duration in milliseconds.
plong
sonicwall.dpi
SonicWall DPI policy applied field.
string
sonicwall.dst
SonicWall destination IP address field.
text_general
sonicwall.dstMac
SonicWall destination MAC address field.
text_general
sonicwall.dstZone
SonicWall destination zone name field.
text_general
sonicwall.event_message
SonicWall event message detail field.
text_general
sonicwall.event_name
SonicWall event name field.
text_general
sonicwall.fw
SonicWall firewall identifier field.
text_general
sonicwall.fw_action
SonicWall firewall action taken field.
string
sonicwall.gcat
SonicWall global category field.
string
sonicwall.group_name
SonicWall user or network group name field.
text_general
sonicwall.id
SonicWall event or session identifier field.
string
sonicwall.m
SonicWall message code field.
string
sonicwall.msg
SonicWall log message text field.
string
sonicwall.n
SonicWall numeric code or count field.
plong
sonicwall.natDst
SonicWall NAT destination address field.
string
sonicwall.natSrc
SonicWall NAT source address field.
string
sonicwall.note
SonicWall note or comment field.
text_general
sonicwall.opId
SonicWall operator identifier field.
string
sonicwall.pri
SonicWall priority level field.
plong
sonicwall.proto
SonicWall protocol name or number field.
string
sonicwall.rcvd
SonicWall bytes received count field.
plong
sonicwall.rpkt
SonicWall packets received count field.
plong
sonicwall.rule
SonicWall firewall rule name or ID field.
text_general
sonicwall.sent
SonicWall bytes sent count field.
plong
sonicwall.sn
SonicWall serial number field.
string
sonicwall.spkt
SonicWall packets sent count field.
plong
sonicwall.src
SonicWall source IP address field.
text_general
sonicwall.srcMac
SonicWall source MAC address field.
text_general
sonicwall.srcZone
SonicWall source zone name field.
text_general
sonicwall.sub
SonicWall subcategory identifier field.
string
sonicwall.uuid
SonicWall universally unique identifier field.
string
sonicwall.vpnpolicy
SonicWall VPN policy name field.
text_general
sonicwall.af_polid
SonicWall AppFlow policy ID field.
string
sonicwall.af_policy
SonicWall AppFlow policy name field.
string
sonicwall.af_type
SonicWall AppFlow policy type field.
string
sonicwall.af_service
SonicWall AppFlow service name field.
string
sonicwall.af_action
SonicWall AppFlow action taken field.
string
sonicwall.ai
SonicWall attack intelligence identifier field.
string
sonicwall.appcat
SonicWall application category field.
string
sonicwall.appid
SonicWall application ID field.
string
sonicwall.arg
SonicWall argument or parameter field.
string
sonicwall.bytesRx
SonicWall bytes received count (duplicate of rcvd).
plong
sonicwall.catid
SonicWall category ID field (duplicate of category).
string
sonicwall.change
SonicWall configuration change description field.
string
sonicwall.code
SonicWall numeric event code field.
string
sonicwall.conns
SonicWall active connections count field.
plong
sonicwall.contentObject
SonicWall content object identifier field.
string
sonicwall.dstname
SonicWall destination host name field.
string
sonicwall.dur
SonicWall duration in seconds field.
plong
sonicwall.dyn
SonicWall dynamic object name field.
string
sonicwall.fileid
SonicWall file transfer identifier field.
string
sonicwall.filetxstatus
SonicWall file transfer status code field.
pint
sonicwall.filetxstatus_name
SonicWall file transfer status name field.
string
sonicwall.fwlan
SonicWall LAN firewall interface identifier field.
string
sonicwall.i
SonicWall generic integer field.
plong
sonicwall.icmpCode
SonicWall ICMP code field.
plong
sonicwall.ipscat
SonicWall IPS category field.
string
sonicwall.ipspri
SonicWall IPS priority field.
string
sonicwall.lic
SonicWall license usage count field.
plong
sonicwall.mailFrom
SonicWall email sender address field.
string
sonicwall.npcs
SonicWall NPCS category field.
string
sonicwall.op
SonicWall operation code field.
string
sonicwall.rcptTo
SonicWall email recipient address field.
string
sonicwall.referer
SonicWall HTTP referrer URL field.
string
sonicwall.result
SonicWall result status field.
string
sonicwall.sess
SonicWall session identifier field.
string
sonicwall.spycat
SonicWall spyware category field.
string
sonicwall.spypri
SonicWall spyware priority field.
string
sonicwall.station
SonicWall station identifier field.
string
sonicwall.time
SonicWall event timestamp field.
pdate
sonicwall.type
SonicWall event type field.
string
sonicwall.ucastRx
SonicWall unicast packets received count field.
plong
sonicwall.ucastTx
SonicWall unicast packets sent count field.
plong
sonicwall.unsynched
SonicWall unsynchronized sessions count field.
plong
sonicwall.usestandbysa
SonicWall use default by source address flag field.
boolean
sonicwall.user
SonicWall username field.
string
sonicwall.vpnpolicyDst
SonicWall VPN policy destination field.
string
sonicwall.auditId
SonicWall audit trail identifier field.
string
sonicwall.userMode
SonicWall user mode field (e.g., admin, guest).
string
sonicwall.auditTime
SonicWall audit event timestamp field.
pdate
sonicwall.auditPath
SonicWall audit log file path field.
string
sonicwall.grpIndex
SonicWall group index field.
string
sonicwall.oldValue
SonicWall old configuration value field.
string
sonicwall.newValue
SonicWall new configuration value field.
string

Sample Log Event

Below is a representative JSON log entry showing key fields as they’re emitted by the system. Depending on the context of the event, some fields may be omitted if they’re not applicable.