Access log fields

The following log fields are in the ETP Proxy Access log (etp_Proxy_Access.csv) and ETP Client Access log (etp_Client_Access.csv) files.

ETP Proxy Access Log

The etp_Proxy_Access.csv file contains logs of web traffic forwarded from ETP Client to ETP Proxy. This file contains these fields.
Log Field Definition
log_time The time the log was recorded.
req_time The time the request occurred.
app_port The port for the application.
req_id The ID associated with the request.
domain Fully qualified domain name (FQDN) that was requested.
ssl_proto The TLS protocol that’s used.
resp_txt Text record that contains response information.
route If ETP proxy is enabled, indicates whether the request is directed to the origin or the proxy.
connect_ms The time that it takes to connect to the proxy.
tunnel_ms The time that it takes to establish a tunnel to the proxy.
user_agent Header that indicates which application is executing the transaction. For example, this may be the browser, email client, or more.
xff_ip The X-Forwarder-For header. This header identifies the client IP address.
status_code Codes for the response.
status_text Text representation of the HTTP response status code.

ETP Client Access Log

The etp_Client_Access.csv file contains logs of DNS traffic forwarded from ETP Client to ETP DNS resolvers. This log file contains these fields.
Log Field Definition
log_time The time the log was recorded.
req_time The time the request occurred.
req_id Internal request identifier.
req_size_b The size of the request in bytes.
app_port Source port of the application that initiated the request.
app_txid Identifier of the application that initiated the request.
req_domain Fully qualified domain name of the request.
req_type DNS record type (for example, AAAA an NS)
cli_state Status of ETP Client when the transaction (request and response) takes place.
pkt_proto The protocol used for domain name resolution. For example, this may be DNS over TLS (DoT) or DNS over UDP.
dot_mode The mode that is configured for DoT in the ETP policy.
dot_config_epoch The time DoT was configured. This timestamp is in epoch time format and is correlated to the time that ETP Client was last configured.
dot_txid Identifier for the DoT transaction.
pkt_state The state of the transaction (response and request). For example, if the transaction completed without an error, the state appears as Done.
pkt_error If there is an error with a transaction, the specific error is logged in this field.
pkt_flags Flags that are used for internal debugging.
resp_itf_id Identifier of the response
resp_itf_epoch The time of the response. The timestamp is in epoch time format.
resp_resolver_ip IP address of the DNS resolver. This is the IP address of the ETP DNS servers or the IP address of your internal name resolvers.
resp_size_b Size of the response in bytes.
resp_txt Description of the response. Indicates how ETP Client handled the request. One of these values may appear in this field:
  • ETPI. Indicates the request was directed to ETP Proxy.
  • ETPA. Indicates the request was allowed to the origin.
  • ETPB. Indicates the request was blocked.
  • ETPI-E. Indicates that the user was shown an error page for a request that was blocked by ETP Proxy.
  • ETPA-E. Indicates that the user was shown an error page for a blocked request. ETP Proxy is not enabled in this case.
resp_state State of the response. Indicates whether the response is external or part of an internal network configuration an administrator configured in ETP.
resp_answers The response from the name resolver.
resp_rtt_ms Indicates the time in milliseconds until ETP Client gets a response from the name resolver.
app_rtt_ms Indicates the time in milliseconds until a response is sent back to the application. The application may be a browser, email client, or more.