WatchGuard Firebox
WatchGuard Firebox logs detail policy matches, IPS results, interface stats and authentication events.
EnginsightGlobal Fields (4)
| Field | Type |
|---|---|
ngs.id Unique identifier for the log entry. | string |
ngs.createdAt Timestamp when the event was created locally. | pdate |
ngs.indexedAt Timestamp when the log was indexed into the SIEM. | pdate |
ngs.source Origin or source system of the log. | string |
Reference-Specific Fields (195)
| Field | Type |
|---|---|
watchguard.app_cat_id | plong |
watchguard.app_id | plong |
watchguard.fqdn_dst_match | text_general |
watchguard.geo_dst | string |
watchguard.geo_src | string |
watchguard.msg | text_general |
watchguard.sig_vers | text_general |
watchguard.route_type | text_general |
watchguard.src_user | text_general |
watchguard.record_type | string |
watchguard.question | text_general |
watchguard.duration | plong |
watchguard.sent_bytes | plong |
watchguard.rcvd_bytes | plong |
watchguard.ttl | plong |
watchguard.disposition | string |
watchguard.dst_ip | text_general |
watchguard.dst_user | text_general |
watchguard.id | text_general |
watchguard.inif | string |
watchguard.ip_pkt_len | plong |
watchguard.iph_len | plong |
watchguard.outif | string |
watchguard.policy_name | text_general |
watchguard.protocol | string |
watchguard.src_ip | text_general |
watchguard.offset | plong |
watchguard.sequence | plong |
watchguard.window | plong |
watchguard.src_port | pint |
watchguard.dst_port | pint |
watchguard.mac | string |
watchguard.old | string |
watchguard.user_type | string |
watchguard.auth_method | string |
watchguard.status | string |
watchguard.content | string |
watchguard.master | string |
watchguard.ver_number | plong |
watchguard.time | pdate |
watchguard.size | plong |
watchguard.update | string |
watchguard.event.name | text_general |
watchguard.peer_port | pint |
watchguard.vpn_type | string |
watchguard.error | text_general |
watchguard.property_name | string |
watchguard.tunnel_type | string |
watchguard.response | text_general |
watchguard.srv_ip | string |
watchguard.tunnel | string |
watchguard.group | string |
watchguard.quota_info | text_general |
watchguard.action | text_general |
watchguard.user | string |
watchguard.ret_code | pint |
watchguard.local_ip | string |
watchguard.peer_ip | string |
watchguard.in_sa | string |
watchguard.event.area | string |
watchguard.event.sub_area | string |
watchguard.role | string |
watchguard.gap | plong |
watchguard.reason | text_general |
watchguard.session_id | plong |
watchguard.event.level | string |
watchguard.gateway | string |
watchguard.link | string |
watchguard.mask | string |
watchguard.num | plong |
watchguard.max_value | plong |
watchguard.local_time | pdate |
watchguard.sa_id | string |
watchguard.device_id | string |
watchguard.ifname | string |
watchguard.new | string |
watchguard.event.msg_id | string |
watchguard.remote | string |
watchguard.pool_name | string |
watchguard.state | string |
watchguard.reply | string |
watchguard.ip | string |
watchguard.member | string |
watchguard.limit | plong |
watchguard.domain | string |
watchguard.client_name | string |
watchguard.local_port | pint |
watchguard.out_sa | string |
watchguard.dev_name | string |
watchguard.logical | string |
watchguard.local | string |
watchguard.exchange_type | string |
watchguard.vpn_user_type | string |
watchguard.auth_server | string |
watchguard.object | string |
watchguard.group_name | string |
watchguard.nego_mode | string |
watchguard.operation | string |
watchguard.bounce_ip | string |
watchguard.codec | string |
watchguard.seq | plong |
watchguard.content_src | string |
watchguard.virus | string |
watchguard.content_type | string |
watchguard.authtype | string |
watchguard.tls_profile | string |
watchguard.pad_error | pint |
watchguard.rcvd_pkts | plong |
watchguard.encoding | string |
watchguard.proxy_act | string |
watchguard.from | string |
watchguard.exception_rule | string |
watchguard.keyword | string |
watchguard.reputation | plong |
watchguard.headers_size | plong |
watchguard.wgrd_spam_id | string |
watchguard.line | text_general |
watchguard.scheme | string |
watchguard.hostname | string |
watchguard.ctl_src | string |
watchguard.host | string |
watchguard.mbx | string |
watchguard.query_opcode | string |
watchguard.dlp_sensor | string |
watchguard.severity | pint |
watchguard.md5 | string |
watchguard.srv_port | pint |
watchguard.file | string |
watchguard.authenticated_user | string |
watchguard.op | string |
watchguard.num_recipients | plong |
watchguard.threat_level | string |
watchguard.client_ssl | string |
watchguard.type | string |
watchguard.tls_version | string |
watchguard.signature_id | plong |
watchguard.content_inspection | string |
watchguard.cert_subject | string |
watchguard.new_action | string |
watchguard.to | string |
watchguard.out_port | pint |
watchguard.method | string |
watchguard.ssl_offload | pint |
watchguard.src_ctid | string |
watchguard.rule_name | string |
watchguard.arg | string |
watchguard.address | string |
watchguard.app_beh_name | string |
watchguard.signature_name | text_general |
watchguard.sent_pkts | plong |
watchguard.to_header | string |
watchguard.cert_issuer | string |
watchguard.data | string |
watchguard.app_name | string |
watchguard.cats | text_general |
watchguard.dstname | string |
watchguard.dlp_rule | string |
watchguard.from_header | string |
watchguard.ctl_dst | string |
watchguard.sni | string |
watchguard.cn | string |
watchguard.app_beh_id | plong |
watchguard.message | text_general |
watchguard.sender | string |
watchguard.response_size | plong |
watchguard.path | string |
watchguard.header | string |
watchguard.details | text_general |
watchguard.server_ssl | string |
watchguard.recipients | string |
watchguard.subj_tag | string |
watchguard.attachment | string |
watchguard.version | string |
watchguard.service | string |
watchguard.file_name | string |
watchguard.filename | string |
watchguard.timeout | plong |
watchguard.line_length | plong |
watchguard.task_uuid | string |
watchguard.call_from | string |
watchguard.ipaddress | string |
watchguard.dst_ctid | string |
watchguard.email_len | plong |
watchguard.call_to | string |
watchguard.signature_cat | string |
watchguard.port | pint |
watchguard.length | plong |
watchguard.query_class | string |
watchguard.cat_name | string |
watchguard.app_ctl_disp | plong |
watchguard.app_cat_name | text_general |
watchguard.inspect_action | string |
watchguard.redirect_action | string |
watchguard.command | string |
watchguard.query_type | string |
Sample Log Event
Below is a representative JSON log entry showing key fields as they’re emitted by the system. Depending on the context of the event, some fields may be omitted if they’re not applicable.