Edge Firewall Log Search
API to perform search on Edge Firewall logs
Unique identifier of the customer for which logs are being requested
Number of logs to skip in paginated results, defaults to 0
Maximum number of logs to return
Start time of logs to search on
End time of logs to search on
Action that was performed on the packets when the condition of the rule met (applies to the flow the packet is part of)
Unique identifier that identifies a firewall rule
Unique session or flow ID
Unique identifier of the segment which the flow is part of
Interface name through which the packets of the flow entered the edge (applies only to the flows which was initiated from the LAN side. Empty string in case of overlay inbound flows)
L4 protocol of the flow
Source IP of the packets
Destination IP for the packets
Source port number of the session
Destination port number of the session
Name of the remote-end device of the session
Domain name of the destination IP address
Name of the firewall policy applied to the session
Name of the segment to which the session belongs to
Includes the extension header details in case of IPv6 session
Application the firewall rule was applied. It could be of "Any" or an application that was selected with Differentiated Services Code Point (DSCP) flag to apply a specific firewall rule
Duration for which the session has been active
Amount of data sent in bytes in the session
Amount of data received in bytes in the session
Reason for the session closureseReason
Suricata signature ID
Tells allowed or blocked in case of IDPS rules
Signature name/title
Classification description for the rule
ruleVersion
Source IP of the attack
Target IP for the attack
One of the severity levels (Critical/High/Medium/Low/Suspicious) identified for the traffic after subjecting the traffic through IDPS engine
Unique identifier for the edge
Unique identifier for the enterprise
Name of the edge that generated the log
Indicates whether or not Intrusion Detection System alert was generated
Indicates whether or not Intrusion Prevention System alert was generated
Successfully retrieved Edge Firewall logs
{
"metaData": {
"limit": "number",
"more": false,
"nextPageLink": "string",
"prevPageLink": "string"
},
"data": [
{
"_source": {
"@timestamp": "string",
"logType": "string",
"enterpriseLogicalId": "string",
"edgeName": "string",
"ruleId": "string",
"edgeLogicalId": "string",
"actionTaken": "string",
"sessionId": "number",
"segmentLogicalId": "string",
"inputInterface": "string",
"protocol": "number",
"sourceIp": "string",
"destinationIp": "string",
"sourcePort": "number",
"destinationPort": "number",
"destination": "string",
"domainName": "string",
"firewallPolicyName": "string",
"segmentName": "string",
"extensionHeader": "string",
"application": "string",
"sessionDurationSecs": "number",
"bytesSent": "number",
"bytesReceived": "number",
"closeReason": "string",
"signatureId": "number",
"verdict": "string",
"signature": "string",
"category": "string",
"ruleVersion": "number",
"attackSource": "string",
"attackTarget": "string",
"severity": "number",
"idsAlert": "number",
"ipsAlert": "number"
}
}
],
"count": "number"
}Data which contains logs for the log search response
Total log count for the log search query
Invalid Input
{
"errors": [
{
"message": "pop(s) for vni: 1 do not exist",
"path": "object.path",
"key": "INVALID_PARAMS"
}
],
"code": "INVALID_PARAMS"
}Error code for the message
Unauthorized Access
{
"errors": [
{
"message": "pop(s) for vni: 1 do not exist",
"path": "object.path",
"key": "INVALID_PARAMS"
}
],
"code": "INVALID_PARAMS"
}Error code for the message
Internal Server Error
{
"errors": [
{
"message": "pop(s) for vni: 1 do not exist",
"path": "object.path",
"key": "INVALID_PARAMS"
}
],
"code": "INVALID_PARAMS"
}Error code for the message