The following table lists packet filter log fields.
||Descriptive Name (Field Name)
||Date the packet was received.
||The time the packet was received (service info
||Source IP (r-ip)
||The Internet protocol (IP) address of the source
(remote) computer. The source computer is the computer from which
the data packets originated.
||Destination IP (s-ip)
||The IP address of the destination (local) computer.
The destination computer is usually the ISA Server computer.
||The particular transport level protocol that is
used during the connection, such as Transmission Control Protocol
(TCP), User Datagram Protocol (UDP), or Internet Control Message
||Source port (or protocol type, if ICMP)
||For TCP and UDP protocols, the remote port used to
create a connection. For ICMP protocol, the type used when creating
||Destination port (or protocol code, if ICMP)
||For TCP and UDP protocols, the local port used to
create a connection. For ICMP protocol, the code used when creating
||TCP flags (tcp-flags)
||For a TCP data packet, represents the TCP flag
value in the IP header. The possible values are FIN, SYN, RST, PSH,
ACK, and URG.
||Indicates whether the packet was accepted (1) or
dropped (0). By default, only dropped packets are logged.
||Interface IP address (s-interface)
||Interface on which the packet was received; usually
only one interface.
||The entire IP header of the data packet that
generated the alert event. The IP header is logged in hexadecimal
||A listing of a portion of the data packet (after
the IP header) that generated the alert event. The IP packet is
logged in hexadecimal format.