Skip to content

[sonicwall] Add new fields to pipeline #2729

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
jhaugh0 wants to merge 12 commits into from
Closed

[sonicwall] Add new fields to pipeline #2729

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
12 commits
Select commit Hold shift + click to select a range
b0fdf2d
Update default.yml
jhaugh0 Feb 22, 2022
94b3ec9
Update fields.yml
jhaugh0 Feb 22, 2022
3e9af42
Update test-general.log-expected.json
jhaugh0 Feb 24, 2022
17e6948
Update test-general.log-expected.json
jhaugh0 Feb 24, 2022
a19a237
Update test-general.log-expected.json
jhaugh0 Feb 24, 2022
c9bd252
Update changelog.yml
jhaugh0 Feb 24, 2022
1c55398
fixed formatting, added fields
jhaugh0 Feb 28, 2022
1c9ab02
readded the desination geo processor that was accidentally removed
jhaugh0 Mar 1, 2022
b737d19
Pipeline now based on KV
jhaugh0 Mar 10, 2022
4d6a9b3
Fixed some bugs from some less common log types
jhaugh0 Mar 11, 2022
cc8fe0b
Update packages/sonicwall/changelog.yml
jhaugh0 Mar 15, 2022
319a11f
Added descriptions, changed initial grok processor
jhaugh0 Mar 15, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions packages/sonicwall/_dev/deploy/docker/sample_logs/sonicwall-firewall-general.log
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,3 +19,6 @@ Jan 3 13:45:47 192.168.5.1 id=firewall sn=000SERIAL time="2007-01-03 14:48:18"
Jan 3 13:45:49 192.168.5.1 id=firewall sn=000SERIAL time="2007-01-03 14:48:20" fw=1.1.1.1 pri=6 c=1024 m=537 msg="Connection Closed" n=568002 src=192.168.5.10:3417:LAN dst=192.168.1.100:53:WAN proto=udp/dns sent=401 rcvd=254 vpnpolicy="name"
Jan 3 13:45:50 192.168.5.1 id=firewall sn=000SERIAL time="2007-01-03 14:48:20" fw=1.1.1.1 pri=6 c=262144 m=98 msg="Connection Opened" n=23426 src=192.168.125.75:524:WAN dst=192.168.5.10:3582:LAN proto=udp/3582
Jan 3 13:45:50 192.168.5.1 id=firewall sn=000SERIAL time="2007-01-03 14:48:21" fw=1.1.1.1 pri=6 c=262144 m=98 msg="Connection Opened" n=23427 src=192.168.6.10:28503:WAN dst=192.168.5.10:53:LAN proto=tcp/dns
10.0.0.1 id=firewall sn=123456789 time="2022-02-22 18:24:30 UTC" fw=10.0.0.2 pri=6 c=262144 gcat=6 m=98 msg="Connection Opened" src=10.0.0.3:52379:X0 natSrc=10.0.0.2:48245 dst=8.8.8.8:443:X1 natDst=8.8.8.8:443 usr="Unknown (SSO failed)" proto=tcp/https sent=52 app=49177 appName='General HTTPS' n=123456789 fw_action="NA" dpi=0
10.0.0.1 id=firewall sn=123456789 time="2022-02-22 18:29:37 UTC" fw=10.0.0.2 pri=6 c=1024 gcat=2 m=97 msg="Web site hit" srcMac=12:34:56:78:90:ab src=10.0.0.3:64828:X0 srcZone=Trusted natSrc=10.0.0.2:47621 dstMac=ab:09:87:65:43:21 dst=8.8.8.8:443:X1 dstZone=Untrusted natDst=8.8.8.8:443 usr="Unknown (SSO failed)" proto=tcp/https sent=3523 rcvd=14226 app=7927 dstname=chat-pa.clients6.google.com arg=/ code=29 Category="Search Engines and Portals" note="Policy: cfsZonePolicy0, Info: 6148 " n=123456789 fw_action="NA" dpi=1
10.0.0.1 id=firewall sn=2CB8ED17E180 time="2022-02-22 18:34:21 UTC" fw=10.0.0.2 pri=6 c=1024 gcat=2 m=97 msg="Web site hit" srcMac=12:34:56:78:90:ab src=10.0.0.3:49217:X0 srcZone=Trusted natSrc=10.0.0.2:53466 dstMac=ab:09:87:65:43:21 dst=8.8.8.8:443:X1 dstZone=Untrusted natDst=8.8.8.8:443 usr="Unknown (SSO failed)" proto=tcp/https sent=2079 rcvd=6642 app=7927 dstname=seg.ad.gt arg=/ code=15 Category="Business and Economy" note="Policy: cfsZonePolicy0, Info: 6148 " n=123456789 fw_action="NA" dpi=1
6 changes: 6 additions & 0 deletions packages/sonicwall/changelog.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,10 @@
# newer versions go on top

- version: "0.8.0"
changes:
- description: Add fields to be parsed
type: enhancement
link: https://github.com/elastic/integrations/pull/2729
- version: "0.7.0"
changes:
- description: Update to ECS 8.0.0
Expand Down
50 changes: 29 additions & 21 deletions packages/sonicwall/data_stream/firewall/_dev/test/pipeline/test-general.log
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,21 +1,29 @@
Jan 3 13:45:36 192.168.5.1 id=firewall sn=000SERIAL time="2007-01-03 14:48:06" fw=1.1.1.1 pri=6 c=262144 m=98 msg="Connection Opened" n=23419 src=2.2.2.2:36701:WAN dst=1.1.1.1:50000:WAN proto=tcp/50000
Jan 3 13:45:36 192.168.5.1 id=firewall sn=000SERIAL time="2007-01-03 14:48:07" fw=1.1.1.1 pri=1 c=32 m=30 msg="Administrator login denied due to bad credentials" n=7 src=2.2.2.2:36701:WAN dst=1.1.1.1:50000:WAN
Jan 3 13:45:36 192.168.5.1 id=firewall sn=000SERIAL time="2007-01-03 14:48:07" fw=1.1.1.1 pri=6 c=262144 m=98 msg="Connection Opened" n=23420 src=2.2.2.2:36702:WAN dst=1.1.1.1:50000:WAN proto=tcp/50000
Jan 3 13:45:37 192.168.5.1 id=firewall sn=000SERIAL time="2007-01-03 14:48:07" fw=1.1.1.1 pri=6 c=1024 m=537 msg="Connection Closed" n=567996 src=192.168.4.10:27577:WAN dst=192.168.5.10:53:LAN proto=tcp/dns sent=257 rcvd=242
Jan 3 13:45:37 192.168.5.1 id=firewall sn=000SERIAL time="2007-01-03 14:48:08" fw=1.1.1.1 pri=6 c=1024 m=537 msg="Connection Closed" n=567997 src=192.168.5.56:4277:LAN dst=192.168.1.100:1026:WAN proto=tcp/1026 sent=3590 rcvd=13042 vpnpolicy="name"
Jan 3 13:45:39 192.168.5.1 id=firewall sn=000SERIAL time="2007-01-03 14:48:10" fw=1.1.1.1 pri=6 c=1024 m=537 msg="Connection Closed" n=567999 src=192.168.5.56:4280:LAN dst=192.168.2.81:41850:WAN proto=tcp/41850 sent=386026 rcvd=454118 vpnpolicy="name"
Jan 3 13:45:39 192.168.5.1 id=firewall sn=000SERIAL time="2007-01-03 14:48:10" fw=1.1.1.1 pri=6 c=1024 m=537 msg="Connection Closed" n=567999 src=1.1.1.1:500:WAN dst=2.2.2.2:500:WAN proto=udp/500 sent=344 rcvd=152
Jan 3 13:45:40 192.168.5.1 id=firewall sn=000SERIAL time="2007-01-03 14:48:10" fw=1.1.1.1 pri=6 c=262144 m=98 msg="Connection Opened" n=23421 src=2.2.2.2:36703:WAN dst=1.1.1.1:50000:WAN proto=tcp/50000
Jan 3 13:45:40 192.168.5.1 id=firewall sn=000SERIAL time="2007-01-03 14:48:10" fw=1.1.1.1 pri=1 c=32 m=30 msg="Administrator login denied due to bad credentials" n=8 src=2.2.2.2:36703:WAN dst=1.1.1.1:50000:WAN
Jan 3 13:45:40 192.168.5.1 id=firewall sn=000SERIAL time="2007-01-03 14:48:11" fw=1.1.1.1 pri=6 c=262144 m=98 msg="Connection Opened" n=23422 src=2.2.2.2:36704:WAN dst=1.1.1.1:50000:WAN proto=tcp/50000
Jan 3 13:45:43 192.168.5.1 id=firewall sn=000SERIAL time="2007-01-03 14:48:14" fw=1.1.1.1 pri=5 c=256 m=38 msg="ICMP packet dropped" n=22070 src=219.89.19.223:1026:WAN dst=1.1.1.1:6822:WAN type=3 code=3
Jan 3 13:45:43 192.168.5.1 id=firewall sn=000SERIAL time="2007-01-03 14:48:14" fw=1.1.1.1 pri=6 c=1024 m=537 msg="Connection Closed" n=568000 src=219.89.19.223:1026:WAN dst=1.1.1.1:0:WAN proto=udp/0
Jan 3 13:45:44 192.168.5.1 id=firewall sn=000SERIAL time="2007-01-03 14:48:15" fw=1.1.1.1 pri=6 c=16 m=346 msg="IKE Initiator: Start Quick Mode (Phase 2)." n=171872 src=2.2.2.2:500 dst=1.1.1.1:500
Jan 3 13:45:44 192.168.5.1 id=firewall sn=000SERIAL time="2007-01-03 14:48:15" fw=1.1.1.1 pri=6 c=262144 m=98 msg="Connection Opened" n=23423 src=1.1.1.1:500:WAN dst=2.2.2.2:500:WAN proto=udp/500
Jan 3 13:45:44 192.168.5.1 id=firewall sn=000SERIAL time="2007-01-03 14:48:15" fw=1.1.1.1 pri=4 c=16 m=483 msg="Received notify: INVALID_ID_INFO" n=171625 src=2.2.2.2:500 dst=1.1.1.1:500
Jan 3 13:45:45 192.168.5.1 id=firewall sn=000SERIAL time="2007-01-03 14:48:15" fw=1.1.1.1 pri=6 c=262144 m=98 msg="Connection Opened" n=23424 src=192.168.115.10:11549:WAN dst=192.168.5.10:53:LAN proto=tcp/dns
Jan 3 13:45:46 192.168.5.1 id=firewall sn=000SERIAL time="2007-01-03 14:48:17" fw=1.1.1.1 pri=6 c=262144 m=98 msg="Connection Opened" n=23425 src=192.168.5.64:3182:LAN dst=192.168.1.100:445:WAN proto=tcp/445
Jan 3 13:45:47 192.168.5.1 id=firewall sn=000SERIAL time="2007-01-03 14:48:18" fw=1.1.1.1 pri=6 c=1024 m=537 msg="Connection Closed" n=568001 src=2.2.2.2:36699:WAN dst=1.1.1.1:50000:WAN proto=tcp/50000 sent=1557 rcvd=957
Jan 3 13:45:49 192.168.5.1 id=firewall sn=000SERIAL time="2007-01-03 14:48:20" fw=1.1.1.1 pri=6 c=1024 m=537 msg="Connection Closed" n=568002 src=192.168.5.10:3417:LAN dst=192.168.1.100:53:WAN proto=udp/dns sent=401 rcvd=254 vpnpolicy="name"
Jan 3 13:45:50 192.168.5.1 id=firewall sn=000SERIAL time="2007-01-03 14:48:20" fw=1.1.1.1 pri=6 c=262144 m=98 msg="Connection Opened" n=23426 src=192.168.125.75:524:WAN dst=192.168.5.10:3582:LAN proto=udp/3582
Jan 3 13:45:50 192.168.5.1 id=firewall sn=000SERIAL time="2007-01-03 14:48:21" fw=1.1.1.1 pri=6 c=262144 m=98 msg="Connection Opened" n=23427 src=192.168.6.10:28503:WAN dst=192.168.5.10:53:LAN proto=tcp/dns
Jan 3 13:45:36 192.168.5.1 id=firewall sn=000SERIAL time="2007-01-03 14:48:06" fw=1.128.3.4 pri=6 c=262144 m=98 msg="Connection Opened" n=23419 src=175.16.199.1:36701:WAN dst=1.128.3.4:50000:WAN proto=tcp/50000
Jan 3 13:45:36 192.168.5.1 id=firewall sn=000SERIAL time="2007-01-03 14:48:07" fw=1.128.3.4 pri=1 c=32 m=30 msg="Administrator login denied due to bad credentials" n=7 src=175.16.199.1:36701:WAN dst=1.128.3.4:50000:WAN
Jan 3 13:45:36 192.168.5.1 id=firewall sn=000SERIAL time="2007-01-03 14:48:07" fw=1.128.3.4 pri=6 c=262144 m=98 msg="Connection Opened" n=23420 src=175.16.199.1:36702:WAN dst=1.128.3.4:50000:WAN proto=tcp/50000
Jan 3 13:45:37 192.168.5.1 id=firewall sn=000SERIAL time="2007-01-03 14:48:07" fw=1.128.3.4 pri=6 c=1024 m=537 msg="Connection Closed" n=567996 src=192.168.4.10:27577:WAN dst=192.168.5.10:53:LAN proto=tcp/dns sent=257 rcvd=242
Jan 3 13:45:37 192.168.5.1 id=firewall sn=000SERIAL time="2007-01-03 14:48:08" fw=1.128.3.4 pri=6 c=1024 m=537 msg="Connection Closed" n=567997 src=192.168.5.56:4277:LAN dst=192.168.1.100:1026:WAN proto=tcp/1026 sent=3590 rcvd=13042 vpnpolicy="name"
Jan 3 13:45:39 192.168.5.1 id=firewall sn=000SERIAL time="2007-01-03 14:48:10" fw=1.128.3.4 pri=6 c=1024 m=537 msg="Connection Closed" n=567999 src=192.168.5.56:4280:LAN dst=192.168.2.81:41850:WAN proto=tcp/41850 sent=386026 rcvd=454118 vpnpolicy="name"
Jan 3 13:45:39 192.168.5.1 id=firewall sn=000SERIAL time="2007-01-03 14:48:10" fw=1.128.3.4 pri=6 c=1024 m=537 msg="Connection Closed" n=567999 src=1.128.3.4:500:WAN dst=175.16.199.1:500:WAN proto=udp/500 sent=344 rcvd=152
Jan 3 13:45:40 192.168.5.1 id=firewall sn=000SERIAL time="2007-01-03 14:48:10" fw=1.128.3.4 pri=6 c=262144 m=98 msg="Connection Opened" n=23421 src=175.16.199.1:36703:WAN dst=1.128.3.4:50000:WAN proto=tcp/50000
Jan 3 13:45:40 192.168.5.1 id=firewall sn=000SERIAL time="2007-01-03 14:48:10" fw=1.128.3.4 pri=1 c=32 m=30 msg="Administrator login denied due to bad credentials" n=8 src=175.16.199.1:36703:WAN dst=1.128.3.4:50000:WAN
Jan 3 13:45:40 192.168.5.1 id=firewall sn=000SERIAL time="2007-01-03 14:48:11" fw=1.128.3.4 pri=6 c=262144 m=98 msg="Connection Opened" n=23422 src=175.16.199.1:36704:WAN dst=1.128.3.4:50000:WAN proto=tcp/50000
Jan 3 13:45:43 192.168.5.1 id=firewall sn=000SERIAL time="2007-01-03 14:48:14" fw=1.128.3.4 pri=5 c=256 m=38 msg="ICMP packet dropped" n=22070 src=216.160.83.57:1026:WAN dst=1.128.3.4:6822:WAN type=3 code=3
Jan 3 13:45:43 192.168.5.1 id=firewall sn=000SERIAL time="2007-01-03 14:48:14" fw=1.128.3.4 pri=6 c=1024 m=537 msg="Connection Closed" n=568000 src=216.160.83.57:1026:WAN dst=1.128.3.4:0:WAN proto=udp/0
Jan 3 13:45:44 192.168.5.1 id=firewall sn=000SERIAL time="2007-01-03 14:48:15" fw=1.128.3.4 pri=6 c=16 m=346 msg="IKE Initiator: Start Quick Mode (Phase 2)." n=171872 src=175.16.199.1:500 dst=1.128.3.4:500
Jan 3 13:45:44 192.168.5.1 id=firewall sn=000SERIAL time="2007-01-03 14:48:15" fw=1.128.3.4 pri=6 c=262144 m=98 msg="Connection Opened" n=23423 src=1.128.3.4:500:WAN dst=175.16.199.1:500:WAN proto=udp/500
Jan 3 13:45:44 192.168.5.1 id=firewall sn=000SERIAL time="2007-01-03 14:48:15" fw=1.128.3.4 pri=4 c=16 m=483 msg="Received notify: INVALID_ID_INFO" n=171625 src=175.16.199.1:500 dst=1.128.3.4:500
Jan 3 13:45:45 192.168.5.1 id=firewall sn=000SERIAL time="2007-01-03 14:48:15" fw=1.128.3.4 pri=6 c=262144 m=98 msg="Connection Opened" n=23424 src=192.168.115.10:11549:WAN dst=192.168.5.10:53:LAN proto=tcp/dns
Jan 3 13:45:46 192.168.5.1 id=firewall sn=000SERIAL time="2007-01-03 14:48:17" fw=1.128.3.4 pri=6 c=262144 m=98 msg="Connection Opened" n=23425 src=192.168.5.64:3182:LAN dst=192.168.1.100:445:WAN proto=tcp/445
Jan 3 13:45:47 192.168.5.1 id=firewall sn=000SERIAL time="2007-01-03 14:48:18" fw=1.128.3.4 pri=6 c=1024 m=537 msg="Connection Closed" n=568001 src=175.16.199.1:36699:WAN dst=1.128.3.4:50000:WAN proto=tcp/50000 sent=1557 rcvd=957
Jan 3 13:45:49 192.168.5.1 id=firewall sn=000SERIAL time="2007-01-03 14:48:20" fw=1.128.3.4 pri=6 c=1024 m=537 msg="Connection Closed" n=568002 src=192.168.5.10:3417:LAN dst=192.168.1.100:53:WAN proto=udp/dns sent=401 rcvd=254 vpnpolicy="name"
Jan 3 13:45:50 192.168.5.1 id=firewall sn=000SERIAL time="2007-01-03 14:48:20" fw=1.128.3.4 pri=6 c=262144 m=98 msg="Connection Opened" n=23426 src=192.168.125.75:524:WAN dst=192.168.5.10:3582:LAN proto=udp/3582
Jan 3 13:45:50 192.168.5.1 id=firewall sn=000SERIAL time="2007-01-03 14:48:21" fw=1.128.3.4 pri=6 c=262144 m=98 msg="Connection Opened" n=23427 src=192.168.6.10:28503:WAN dst=192.168.5.10:53:LAN proto=tcp/dns
10.0.0.1 id=firewall sn=123456789 time="2022-02-22 18:24:30 UTC" fw=10.0.0.2 pri=6 c=262144 gcat=6 m=98 msg="Connection Opened" src=10.0.0.3:52379:X0 natSrc=10.0.0.2:48245 dst=216.160.83.61:443:X1 natDst=216.160.83.61:443 usr="Unknown (SSO failed)" proto=tcp/https sent=52 app=49177 appName='General HTTPS' n=123456789 fw_action="NA" dpi=0
10.0.0.1 id=firewall sn=123456789 time="2022-02-22 18:29:37 UTC" fw=10.0.0.2 pri=6 c=1024 gcat=2 m=97 msg="Web site hit" srcMac=12:34:56:78:90:ab src=10.0.0.3:64828:X0 srcZone=Trusted natSrc=10.0.0.2:47621 dstMac=ab:09:87:65:43:21 dst=216.160.83.61:443:X1 dstZone=Untrusted natDst=216.160.83.61:443 usr="Unknown (SSO failed)" proto=tcp/https sent=3523 rcvd=14226 app=7927 dstname=chat-pa.clients6.google.com arg=/ code=29 Category="Search Engines and Portals" note="Policy: cfsZonePolicy0, Info: 6148 " n=123456789 fw_action="NA" dpi=1
10.0.0.1 id=firewall sn=12345678 time="2022-02-22 18:34:21 UTC" fw=10.0.0.2 pri=6 c=1024 gcat=2 m=97 msg="Web site hit" srcMac=12:34:56:78:90:ab src=10.0.0.3:49217:X0 srcZone=Trusted natSrc=10.0.0.2:53466 dstMac=ab:09:87:65:43:21 dst=216.160.83.61:443:X1 dstZone=Untrusted natDst=216.160.83.61:443 usr="Unknown (SSO failed)" proto=tcp/https sent=2079 rcvd=6642 app=7927 dstname=seg.ad.gt arg=/ code=15 Category="Business and Economy" note="Policy: cfsZonePolicy0, Info: 6148 " n=123456789 fw_action="NA" dpi=1
10.0.0.1 id=firewall sn=12345678 time="2022-03-09 14:58:44 UTC" fw=10.0.0.2 pri=6 c=1024 gcat=2 m=97 msg="Web site hit" srcMac=12:34:56:78:90:ab src=10.0.0.3:56242:X0 srcZone=Trusted natSrc=10.0.0.2:18447 dstMac=ab:09:87:65:43:21 dst=67.43.156.13:443:X1 dstZone=Untrusted natDst=67.43.156.13:443 usr="Unknown (SSO failed)" proto=tcp/https sent=1749 rcvd=968 app=7927 dstname=rcs-us-east-1.neoservice-aws.com arg=/ code=27 Category="Information Technology/Computers" note="Policy: cfsZonePolicy0, Info: 6148 " n=368203630 fw_action="NA" dpi=1
10.0.0.1 id=firewall sn=12345678 time="2022-03-09 05:29:32 UTC" fw=10.0.0.2 pri=6 c=1024 gcat=2 m=97 msg="Web site hit" srcMac=12:34:56:78:90:ab src=10.0.0.3:56502:X0 srcZone=Trusted natSrc=10.0.0.2:15926 dstMac=ab:09:87:65:43:21 dst=67.43.156.14:80:X1 dstZone=Untrusted natDst=67.43.156.14:80 usr="Unknown (SSO failed)" proto=tcp/http sent=510 rcvd=955 app=5147 op=1 dstname=ocsp.digicert.com arg=/abcd code=27 Category="Information Technology/Computers" note="Policy: cfsZonePolicy0, Info: 6147 " n=367895985 fw_action="NA" dpi=1
10.0.0.1 id=firewall sn=12345678 time="2022-03-09 18:44:05 UTC" fw=10.0.0.2 pri=6 c=1024 gcat=6 m=537 msg="Connection Closed" src=10.0.0.4:37153:X0 natSrc=10.0.0.2:12325 dst=89.160.20.112:8800:X1 natDst=89.160.20.112:8800 proto=udp/8800 sent=284 spkt=1 app=49202 appName='General UDP' n=1846613339 fw_action="NA" dpi=0
10.0.0.1 id=firewall sn=12345678 time="2022-03-09 18:57:05 UTC" fw=10.0.0.2 pri=1 c=32 gcat=3 m=608 src=67.43.156.15:8:X1 dst=10.0.0.3:1850:X0 msg="IPS Detection Alert: ICMP Echo Reply, SID: 316, Priority: Low" msg="IPS Detection Alert: ICMP Echo Reply" sid=316 ipscat="ICMP Echo Reply" ipspri=3 n=174072 fw_action="NA"
10.0.0.1 id=firewall sn=12345678 time="2022-03-11 14:17:52 UTC" fw=10.0.0.2 pri=6 c=1024 gcat=2 m=97 srcMac=12:34:56:78:90:ab src=10.0.0.4:41856:X0 srcZone=Trusted natSrc=10.0.0.2:8689 dstMac=ab:09:87:65:43:21 dst=89.160.20.112:443:X1 dstZone=Untrusted natDst=89.160.20.112:443 usr="Unknown (SSO failed)" proto=tcp/https sent=104 rcvd=230 rule="15 (LAN->WAN)" app=5 af_polid=4 ipscat=N/A appcat="PROXY-ACCESS" appid=2900 dstname=89.160.20.112 arg=/ code=64 Category="Not Rated" note="Policy: cfsZonePolicy0, Info: 6148 " n=2520325 fw_action="NA" dpi=1
Loading