It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda Firewall Insights

Custom Reports - Field Descriptions

  • Last updated on

Firewall Activity Log 

Field 

Description 

Value 

Comment 

Application 

Detected application 

string 

Application detection must be active. 

Application Protocols 

Detected application protocol (e.g.: ["HTTPS direct", "HTTPS", “DNS” ] 

string 

   

Application Rule 

Application rule name (e.g.: "<App>:ALL-APPS") 

string 

   

Contents 

Detected content types. (e.g.: [ "HTML", "Web Files"] 

string 

   

Destination Interface 

Destination interface name (e.g.:  ‘’ eth1 ‘’) 

string 

   

Destination IP 

Destination IP address 

string 

   

Destination GeoIP 

Destination country (e.g.: “US”) 

string 

   

Destination GeoLatitude 

Destination coordinates latitude (e.g.: «-98.4935») 

numeric 

   

Destination GeoLongitude 

Destination coordinates longitude (e.g.: «52.152.11») 

numeric 

   

Destination NAT IP 

Destination NAT 

string 

   

Destination MAC 

Mac address of destination   

string 

   

Destination Port 

Destination port 

numeric 

   

Duration 

Duration in milliseconds  

numeric 

See more details on browse time

Forwarded Bytes 

Number of bytes sent in the session's forward direction 

numeric 

In bytes 

Forwarded Packets 

Number of packets sent in the session's forward direction 

numeric 

   

Firewall Info 

Detailed information about the action performed by the firewall ACPF ID. 

string 

See details on Filebeat description.

Firewall Rule 

Matching firewall rule name 

string 

   

Serial/Device 

Firewall name (e.g.: 1-HQ-HQ-CGF1”) 

string 

   

Source Interface 

Source  interface name (e.g.: ‘’ eth1‘’) 

string 

   

Source IP 

Source IP address 

string 

   

Source GeoIP 

Source country (e.g.: “US”) 

string 

   

Source GeoLatitude 

Source  coordinates latitude (e.g.: «-98.4935») 

numeric 

   

Source GeoLongitude 

Source  coordinates longitude (e.g.: «52.152.11») 

numeric 

   

Source MAC 

MAC address of the source 

string 

   

Source Port 

Source port 

numeric 

   

Source NAT IP 

Source NAT IP 

string 

   

Received Bytes 

Number of bytes received in the session's forward direction 

numeric 

   

Received Packets 

Number of packets received in the session's forward direction 

numeric 

   

Timestamp / Date 

Date (e.g.: “2021-12-27 14:16:48+00:00”) 

numeric 

   

User 

Username if available  

string 

   

Web Messages

(type = ngfw-wf) 

Field 

Description 

Value 

Comment 

Action 

Action performed on the firewall Allow or Block 

numeric 

Allow = 0, Block =1 

Application Rule 

Application rule name (e.g.: "<App>:ALL-APPS") 

string 

   

Category 

Web category (e.g.: “Computing & Technology”) 

string 

   

Content Type 

The content-type response header field 

string 

   

Destination GeoIP 

Destination country (e.g.: “US”) 

string 

   

Destination GeoLatitude 

Destination coordinates latitude (e.g.: «-98.4935») 

numeric 

   

Destination GeoLongitude 

Destination coordinates longitude (e.g.: «52.152.11») 

numeric 

   

Destination Port 

Destination port 

numeric 

   

Domain 

The "Referer" request header field or the host part of the request URI 

string 

Can be compared to URL to verify if the site was requested directly or through a link from other website site.  

Firewall Rule 

Matching firewall rule name 

string 

   

Method 

The method of the request (e.g.: "GET", "POST", "PUT", "CONNECT") 

string 

   

Size 

The content-length response header field 

numeric 

   

Serial/Device 

Firewall name (e.g.: “1-HQ-HQ-CGF1”) 

string 

   

Source IP 

Source IP address 

string 

   

Source GeoIP 

Source country (e.g.: “US”) 

string 

   

Source GeoLatitude 

Source  coordinates latitude (e.g.: «-98.4935») 

numeric 

   

Source GeoLongitude 

Source  coordinates longitude (e.g.: «52.152.11») 

numeric 

   

Source Port 

Source port 

numeric 

   

Status Code 

The HTTP status code of the response 

numeric 

   

Super Category 

Web general category (e.g.: “Technology”) 

string 

   

Timestamp / Date 

Date (e.g.: “2021-12-27 14:16:48+00:00”) 

numeric 

   

Traffic Type 

N/A always 0 

numeric 

   

URI (Name) 

Name (full URI request) 

string 

   

URL 

Reserved for future use

string 

   

User 

The username of the user performing the request   or   source IP address of the request 

string 

   

User Agent 

User agent 

string 

   

User Type 

1 if "user" is a username   0 if "user" is an IP address 

numeric 

   

Threat Log 

Field 

Description 

Value 

Comment 

Application Target 

Detected application 

string 

Application detection must be active. 

Component 

Reserved for future use (“firewall”) 

string 

   

Description 

Description of the threat (e.g.: ID: 1059898 EXPLOIT Generic HTML Threat -21 ") 

string 

   

Destination IP 

Destination IP address 

string 

   

Destination GeoIP 

Destination country (e.g.: “US”) 

string 

   

Destination GeoLatitude 

Destination coordinates latitude (e.g.: «-98.4935») 

numeric 

   

Destination GeoLongitude 

Destination coordinates longitude (e.g.: «52.152.11») 

numeric 

   

IPS Category 

The category of an IPS hit  ( e.g.: “Web Attack”) 

string 

Only present for IPS hits.

Operation 

The operation that has been performed by the firewall (e.g.: “Allow”, “Block”) 

string 

   

Port 

Destination port 

numeric 

   

Severity 

Duration in milliseconds  

string 

   

Serial/Device 

Firewall name (e.g.: “1-HQ-HQ-CGF1”) 

string 

   

Source IP 

Source IP address 

string 

   

Source GeoIP 

Source country (e.g.: “US”) 

string 

   

Source GeoLatitude 

Source  coordinates latitude (e.g.: «-98.4935») 

numeric 

   

Source GeoLongitude 

Source  coordinates longitude (e.g.: «52.152.11») 

numeric 

   

Threat Severity 

A number representing the severity of the threat . 

numeric 

“0”= Info “1”=Low “2”=Medium “3”= High 

Time Zone 

Time zone (e.g.: +02:00) 

string 

   

Transport Protocol 

Transport protocol of the session that caused the threat hit (e.g.: “TCP”, “UDP” ) 

string 

   

Timestamp / Date 

Date (e.g.: “2021-12-27 14:16:48+00:00”) 

numeric 

   

Type 

Type of threat (e.g.: “Virus”, “ATD”, “IPS”, “Reputation”, …. )

string 

   

User 

Username if available  

string 

   

SD WAN Tunnels 

Field 

Description 

Value 

Comment 

Geo Latitude 

Coordinates latitude (e.g.: «-98.4935») 

numeric 

   

Geo Longitude  

Coordinates longitude (e.g.: «52.152.11») 

numeric 

   

Serial/Device 

Firewall name (e.g.: “1-HQ-HQ-CGF1”) 

string 

   

Timestamp / Date 

Date (e.g.: “2021-12-27 14:16:48+00:00”) 

numeric 

   

Tunnelname   

Tunnel name including TI ID (e.g.: FW2FW-1-HQ-BO:9”) 

string 

   

Tunnelstate 

Tunnel state (e.g.: “OK, “ERROR” ) 

string 

   

Effective Bandwidth Upstream min.  

Effective bandwidth upstream minimum (bit/s) 

numeric 

   

Effective Bandwidth Upstream  avg.  

Effective bandwidth upstream average (bit/s) 

numeric 

   

Effective Bandwidth Upstream  max.  

Effective bandwidth upstream maximum (bit/s) 

numeric 

   

Effective Bandwidth Downstream min.  

Effective bandwidth downstream minimum (bit/s) 

numeric 

   

Effective Bandwidth Downstream avg.  

Effective bandwidth downstream average (bit/s) 

numeric 

   

Effective Bandwidth Downstream  max.  

Effective bandwidth downstream maximum  (bit/s) 

numeric 

   

Latency min.  

Latency minimum (ms) 

numeric 

   

Latency avg.  

Latency average (ms) 

numeric 

   

Latency max.  

Latency maximum  (ms) 

numeric 

   

Usage Standard Upstream min.  

Usage standard upstream minimum (bytes) 

numeric 

   

Usage Standard Upstream avg.  

Usage standard upstream average (bytes) 

numeric 

   

Usage Standard Upstream max.  

Usage standard upstream minimum (bytes)   

numeric 

   

Usage Standard Downstream min.  

Usage standard downstream minimum   (bytes) 

numeric 

   

Usage Standard Downstream  avg.  

Usage standard downstream average (bytes) 

numeric 

   

Usage Standard Downstream  max.  

Usage standard downstream maximum  (bytes) 

numeric 

   

Usage NoDelay Upstream min.  

Usage NoDelay upstream minimum (bytes) 

numeric 

   

Usage NoDelay Upstream min.  

Usage NoDelay upstream  average (bytes) 

numeric 

   

Usage NoDelay Upstream min.  

Usage NoDelay upstream  maximum  (bytes) 

numeric 

   

Usage NoDelay Downstream min.  

Usage NoDelay downstream minimum   (bytes) 

numeric 

   

Usage NoDelay Downstream avg.  

Usage NoDelay downstream average (bytes) 

numeric 

   

Usage NoDelay Downstream max.  

Usage NoDelay downstream maximum (bytes) 

numeric 

   

SD WAN Tunnels Applications and Protocols 

 

Field 

Description 

Value 

Comment 

Application 

Detected application 

string 

Application detection must be active. 

Protocols 

Detected application protocol (e.g.: ["HTTPS direct", "HTTPS", “DNS” ] 

string 

   

Inbound Bytes 

Inbound traffic in bytes 

numeric 

   

Outbound Bytes 

Outbound   traffic in bytes 

numeric 

   

Serial/Device 

Firewall name (e.g.: “1-HQ-HQ-CGF1”) 

string 

   

Timestamp / Date 

Date (e.g.: “2021-12-27 14:16:48+00:00”) 

numeric 

   

Tunnelname   

Tunnel name including TI ID (e.g.: “FW2FW-BO1-CGF1-HQ-CGF1:9”) 

string