Log fields

The request summary consists of the following fields. Some fields may be left out when there is no value available, others may write "<n/a>" instead.

Field Name
Description
Examples
req_id
ID of the request
X4asK6znLjlW-3ZhEhrCOgAAADY
sess_id
ID of the session the request belongs to
e36a8ba0dc23afc17210311a4a2246a7
corr_id
Request correlation ID
corr_id_2
Second request correlation ID
corr_id_3
Third request correlation ID
mapping
Mapping name used to handle the request
ExternalOWA
audit_token
Audit token set by the authentication server. This usually represents an individual user.
<n/a> smueller@intra.com
tenant
Tenant of the requested mapping or virtual host
entry_url
Entry URL of the request
https://docs.airlock.com/iam/latest/
tech_client_id
Technical client ID extracted from request.
tech_client_display_name
Display name of the technical client.
tech_client_label
Label of the technical client.
tech_client_subscription_id
Subscription ID of the technical client.
vhost
The FQDN of the virtual host
docs.airlock.com
vhost_ip
The IP address the virtual host is listening on
10.11.12.13
vhost_port
The port the virtual host is listening on
443
vhost_proto
The HTTP protocol used in the request
https
http_method
The HTTP method used in the request
GET
DELETE
http_status
The HTTP status code delivered to the client
200
404
entry_path
Entry path of the request
/iam/latest/
entry_query
Query parameters of the entry URL
a=b&c=d&since=%233327
vhost_proto_vers
The HTTP protocol version used in the request
sess_auth
Flag indicating whether the session was authenticated or not
false
backend_url
Back-end URL of the request
http://intra.local.net:8080/iam/latest/resources/js/src/dom.js
http_redirect_url
The redirect URL delivered to the client
/test/
http_referrer
The referrer URL sent by the client
https://docs.airlock.com/iam/latest/ <n/a>
req_size
The number of bytes received from the client
Kibana: 454B
JSON: 454
resp_size
The number of bytes received from the back-end
Kibana: 11.07KB
JSON: 11336
time_total
The total time taken to handle the request, in microseconds
Kibana (ms): 1005.871
JSON (μs): 1005871
time_filter
The time taken to filter the request, in microseconds
Kibana (ms): 0.334
JSON (μs): 334
time_req_icap
The time taken by ICAP services for processing the request, in microseconds
See "time_total"
time_backend
The time waited until the back-end sent an answer, in microseconds
See "time_total"
time_resp
The time taken to process the response from the back-end, in microseconds
See "time_total"
time_resp_icap
The time taken by ICAP services for processing the response, in microseconds
See "time_total"
client_ip
The IP address of the client. Usually, this is the connection IP address (front_src_ip). If a reverse proxy or load balancer is in place and sets the X-Forwarded-For header, Airlock Gateway can be configured to use the X-Forwarded-For value as client_ip
118.12.110.137
front_src_ip
The IP address from which the front-end TCP connection was established
192.168.110.137
front_src_port
The port from which the front-end TCP connection was established
geoip_continent
Continent code resolved for the client IP address (client_ip)
EU
geoip_country
Country code resolved for the client IP address (client_ip)
CH
geoip_location
Latitude and longitude resolved for the client IP address (client_ip)
47.38250,8.14420
action
Action taken by Airlock Gateway for this request
allowed
blocked
ml_app
Anomaly Shield application
ml_anomaly
Anomaly Shield session anomaly tag
attack_type
Type of the blocked attack
HTML injection
block_type
Technology used to block the attack
Deny Rule
message
Message describing the log event
Request processed