cgfw-firewall-activity DROP|DENY|REJECT Blocked traffic detected: srcIP=$(srcip) -> dstIP=$(dstip) protocol=$(L4Protocol) rule=$(FirewallRule) user=$(User) cgfw-firewall-activity ALLOW Allowed traffic detected: srcIP=$(srcip) -> dstIP=$(dstip) protocol=$(L4Protocol) rule=$(FirewallRule) user=$(User) cgfw-firewall-activity [1-9][0-9]{7,} High bandwidth usage detected: srcIP=$(srcip) -> dstIP=$(dstip) sentBytes=$(SentBytes) application=$(Application) cgfw-firewall-activity [1-9][0-9]{5,} Large number of packets sent: srcIP=$(srcip) -> dstIP=$(dstip) sentPackets=$(SentPackets) application=$(Application) cgfw-firewall-activity FTP|Telnet Unauthorized protocol detected: srcIP=$(srcip) -> dstIP=$(dstip) protocol=$(L4Protocol) user=$(User) cgfw-firewall-activity BLOCKED-ACCESS Unauthorized access attempt detected: srcIP=$(srcip) -> dstIP=$(dstip) rule=$(FirewallRule) user=$(User) cgfw-firewall-activity Malware|Phishing|Proxy Avoidance Traffic to high-risk URL category detected: srcIP=$(srcip) -> dstIP=$(dstip) category=$(URLCategory) content=$(Content) cgfw-firewall-activity Internal External Internal to external traffic: srcIP=$(srcip) -> dstIP=$(dstip) interface=$(SourceInterface) -> $(DestinationInterface) user=$(User) cgfw-firewall-activity [3-9][0-9]{3,} Suspicious long session duration: srcIP=$(srcip) -> dstIP=$(dstip) duration=$(Duration) seconds application=$(Application) cgfw-firewall-activity Barracuda Firewall general event: srcIP=$(srcip) -> dstIP=$(dstip) protocol=$(L4Protocol) rule=$(FirewallRule) application=$(Application)