| Microsoft Internet Security and Acceleration Server 2004 SDK |
The following table lists the log fields that can be included in Firewall service log entries by setting the corresponding bit in the LogFieldSelection property of the FPCLog object for Firewall service logging.
| Bit number | Field name (Log Viewer) | Field name (SQL files) | Description |
|---|---|---|---|
| 0 | Server Name | servername | The name of the ISA Server computer. This is the computer name assigned in Microsoft Windows. |
| 1 | Log Date | LogDate | The date on which the logged event occurred. |
| 2 | Log Time | LogTime | The time when the logged event occurred. In W3C format, this is the Coordinated Universal Time (UTC). |
| 3 | Transport | protocol | The transport protocol used for the connection. Common values are Transmission Control Protocol (TCP) and User Datagram Protocol (UDP). |
| 4 | Client IP and Port | Source | The Internet Protocol (IP) address of the requesting client and the source port used. |
| 5 | Destination IP and Port | Destination | The network IP address and the reserved port number on the remote computer that provides service to the current connection. The port number is used by the client application initiating the request. |
| 6 | Original Client IP | OriginalClientIP | The original IP address of the requesting client. |
| 7 | Source Network | SourceNetwork | The network from which the request originated. |
| 8 | Destination Network | DestinationNetwork | The network to which the request was sent. |
| 9 | Action | Action | The action performed by the Microsoft Firewall service for the current session or connection. The possible values are defined in the FpcAction enumerated type. |
| 10 | Result Code | resultcode | A Windows error code or an ISA Server error code in HRESULT format. |
| 11 | Rule | rule | The rule that either allowed or denied access to the request,
as follows:
|
| 12 | Protocol | ApplicationProtocol | The name of the application protocol used for the connection as defined in the colletion of protocol definitions. |
| 13 | Bidirectional | Bidirectional | A value from the FpcBidirectional enumerated type that indicates whether the connection was bidirectional. |
| 14 | Bytes Sent | bytessent | The total number of bytes sent from the client to the destination host during the current connection. A hyphen (-), a zero (0), or a negative number in this field indicates that this information was not provided by the destination host or that no bytes were sent to the destination host. |
| 15 | Bytes Sent Delta | bytessentDelta | The number of bytes sent from the client to the destination host since the previous log entry for the current connection. A hyphen (-), a zero (0), or a negative number in this field indicates that this information was not provided by the destination host or that no bytes were sent to the destination host. |
| 16 | Bytes Received | bytesrecvd | The total number of bytes sent from the remote computer and received by the client during the current connection. A hyphen (-), a zero (0), or a negative number in this field indicates that this information was not provided by the remote computer or that no bytes were received from the remote computer. |
| 17 | Bytes Received Delta | bytesrecvdDelta | The number of bytes sent from the remote computer and received by the client since the previous log entry for the current connection. A hyphen (-), a zero (0), or a negative number in this field indicates that this information was not provided by the remote computer or that no bytes were received from the remote computer. |
| 18 | Processing Time | connectiontime | The total time, in milliseconds, that was needed by ISA Server to process the current connection. It measures the time elapsed from the time when the ISA Server computer first received the request to the time when final processing occurred on the ISA Server computer—when results were returned to the client and the connection was closed. |
| 19 | Processing Time Delta | connectiontimeDelta | The time, in milliseconds, that has elapsed since the previous log entry for the current connection. |
| 20 | Source Proxy | SourceProxy | Reserved for future use. |
| 21 | Destination Proxy | DestinationProxy | Reserved for future use. |
| 22 | Client Host Name | SourceName | Reserved for future use. |
| 23 | Destination Host Name | DestinationName | The domain name for the remote computer that provides service to the current connection. |
| 24 | Client Username | ClientUserName | The account of the user making the request. A question mark (?) next to the user name indicates that the user name was sent but the user was not authenticated by ISA Server. If ISA Server access control is not being used, ISA Server uses Anonymous. |
| 25 | Client Agent | ClientAgent | The name and version of the operating system that is running on
the Firewall client that created the session, as indicated by the
Hypertext
Transfer Protocol (HTTP) User-Agent header sent by the
client's browser application. This field is not applicable to
SecureNAT sessions.
For the supported strings, see Client Agent Values. A User-Agent header that is not supported is regarded as an unknown operating system. |
| 26 | Session ID | sessionid | An identifier that identifies a session's connections. For Firewall clients, each process that connects through the Microsoft Firewall service initiates a session. For secure network address translation (SecureNAT) clients, a single session is opened for all the connections that originate from the same IP address. |
| 27 | Connection ID | connectionid | An identifier that identifies entries belonging to the same socket. Outbound TCP usually has two entries for each connection: when the connection is established and when the connection is terminated. UDP usually has two entries for each remote address. |
| 28 | Network Interface | Interface | The network adapter with which the connection was established on the ISA Server computer. |
| 29 | Raw IP Header | IPHeader | The IP header of the current packet. Information is supplied to this field only for packets that are denied passage and are dropped by ISA Server. |
| 30 | Raw Payload | Payload | The protocol header of the current packet. Information is supplied to this field only for packets that are denied passage and are dropped by ISA Server. |
| User-Agent header | Client Agent value |
|---|---|
| Windows NT 5.2 | Windows Server 2003 |
| Windows NT 5.1 | Windows XP |
| windows nt 5 | Windows 2000 |
| windows 2000 | Windows 2000 |
| win2000 | Windows 2000 |
| winnt | Windows NT |
| windows nt | Windows NT |
| win98 | Windows 98 |
| windows 98 | Windows 98 |
| win95 | Windows 95 |
| windows 95 | Windows 95 |
| win32 | Windows 32-bit |
| win16 | Windows 16-bit |
| windows ce | Windows CE |
| windows | Windows |
| aix | aix |
| amiga | amiga |
| hp | hp |
| irix | irix |
| linux | linux |
| mac | mac |
| solaris | solaris |
| sun | sun |
| unix | unix |
| vax | vax |