The following table lists packet filter log fields.
| Field Position |
Descriptive Name (Field Name) |
Description |
| 1 |
Date (date) |
Date the packet was received. |
| 2 |
Time (time) |
The time the packet was received (service info
fields). |
| 3 |
Source IP (r-ip) |
The Internet protocol (IP) address of the source
(remote) computer. The source computer is the computer from which
the data packets originated. |
| 4 |
Destination IP (s-ip) |
The IP address of the destination (local) computer.
The destination computer is usually the ISA Server computer. |
| 5 |
Protocol (protocol) |
The particular transport level protocol that is
used during the connection, such as Transmission Control Protocol
(TCP), User Datagram Protocol (UDP), or Internet Control Message
Protocol (ICMP). |
| 6 |
Source port (or protocol type, if ICMP)
(param#1) |
For TCP and UDP protocols, the remote port used to
create a connection. For ICMP protocol, the type used when creating
the connection. |
| 7 |
Destination port (or protocol code, if ICMP)
(param#2) |
For TCP and UDP protocols, the local port used to
create a connection. For ICMP protocol, the code used when creating
the connection. |
| 8 |
TCP flags (tcp-flags) |
For a TCP data packet, represents the TCP flag
value in the IP header. The possible values are FIN, SYN, RST, PSH,
ACK, and URG. |
| 9 |
Interface (s-filter-rule) |
Indicates whether the packet was accepted (1) or
dropped (0). By default, only dropped packets are logged. |
| 10 |
Interface IP address (s-interface) |
Interface on which the packet was received; usually
only one interface. |
| 11 |
Header (rs-ip-header) |
The entire IP header of the data packet that
generated the alert event. The IP header is logged in hexadecimal
format. |
| 12 |
Payload (rs-payload) |
A listing of a portion of the data packet (after
the IP header) that generated the alert event. The IP packet is
logged in hexadecimal format. |