RSA Admin

'Type' field in Firewall Accounting

Discussion created by RSA Admin Employee on Sep 5, 2008
Latest reply on Sep 5, 2008 by RSA Admin

Can anyone out there tell me with an accuracy of say...  hell its friday... 70% or better, just exactly what the "Type" field found within the Firewall Accouting Address Symmary and Firewall Acccounting Port Summary tables is used for, and more specifically what the values found therein represent?

 

The 3.5.2 help file renders this fine explanation: "Displays integer values.  Integer values represent various categories device messages fall into.  Type values vary from table to table and can represent different categories for different devices."

 

Ok, so without usage of vague terms like "Various categories" and "vary from table to table", does anyone out there have any idea?

 

So far I'm finding numeric values of either 1 or 2 in my Checkpoint FW1 log data, but am at a loss as to what they mean.   I even found an instance of a default out of the box Checkpoint Firewall-1 Report who's SQL clause started out with "Type = 1 AND ..."  but nothing to explain what that '1' means.

 

Any help much appreciated.

ryan

Outcomes