Print Download Documentation Send Feedback

Previous

Next

Field Keywords

You can use predefined field names as keywords in filter criteria. The query result only shows log records that match the criteria in the specified field. If you do not use field names, the query result shows records that match the criteria in all fields.

This table shows the predefined field keywords. Some fields also support keyword aliases that you can type as alternatives to the primary keyword.

Keyword

Keyword Alias

Description

severity

 

Severity of the event

app_risk

 

Potential risk from the application, of the event

protection

 

Name of the protection

protection_type

 

Type of protection

confidence_level

 

Level of confidence that an event is malicious

action

 

Action taken by a security rule

blade

product

Software Blade

destination

dst

Traffic destination IP address, DNS name or Check Point network object name

origin

orig

Name of originating Security Gateway

service

 

Service that generated the log entry

source

src

Traffic source IP address, DNS name or Check Point network object name

user

 

User name

Syntax for a field name query:

<field name>:<values>

To search for rule number, use the Rule field name. For example:

rule:7.1

If you use the rule number as a filter, rules in all the Layers with that number are matched.

To search for a rule name, you must not use the Rule field. Use free text. For example:

"Block Credit Cards"

Best practice: Do a free text search for the rule name. Make sure rule names are unique and not reused in different Layers.

Examples:

Important - When you use fields with multiple values, you must: