Understanding the index field values

This section lists information about the various fields logged for the Protection, Policy, Application, Audit, Kernel, Security, and Verification logs. It helps you understand the information that is contained in the logs and is useful for troubleshooting the system.

Common Logging Information

These logging fields are common with the different log types generated by Protegrity products.

Note: These common fields are used across all log types.

Field	Data Type	Description	Source	Example
cnt	Integer	The aggregated count for a specific log.	Protector	5
logtype	String	The type of log. For example, Protection, Policy, Application, Audit, Kernel, System, or Verification. For more examples about the log types, refer here.	Protector	Protection
level	String	The level of severity. For example, SUCCESS, WARNING, ERROR, or INFO. These are the results of the logging operation. For more information about the log levels, refer here.	Protector	SUCCESS
starttime	Date	This is an unused field.	Protector
endtime	Date	This is an unused field.	Protector
index_time_utc	Date	The time the log was inserted into the Audit Store.	Audit Store	Mar 8, 2025 @ 12:55:24.733
ingest_time_utc	Date	The time the Log Forwarder processed the logs.	Log Forwarder	Mar 8, 2025 @ 12:56:22.027
uri	String	The URI for the log. This is an unused field.
correlationid	String	A unique ID that is generated when the policy is deployed.	Hubcontroller	clo5nyx470bi59p22fdrsr7k3
filetype	String	This is the file type, such as, regular file, directory, or device, when operations are performed on the file. This displays the value ISREG for files and ISDIR for directories. This is only used in File Protector.	File Protector	ISDIR
index_node	String	The index node that ingested the log.	Audit Store	protegrity-ppc746/192.168.2.20
operation	String	This is an unused field.
path	String	This field is provided for Protector-related data.	File Protector	/hmount/source_dir/postmark_dir/postmark/1
system_nano_time	Long	This displays the time in nano seconds for the Signature Verification job.	Signature Verification	255073580723571
tiebreaker	Long	This is an internal field that is used with the index time to make a record unique across nodes for sorting.	Protector, Signature Verification	2590230
_id	String	This is the entry id for the record stored in the Audit Store.	Log Forwarder, td-agent	NDgyNzAwMDItZDI5Yi00NjU1LWJhN2UtNzJhNWRkOWYwOGY3
_index	String	This is the index name of the Audit Store where the log is stored.	Log Forwarder, td-agent	pty_insight_analytics_audits_10.0-2026.08.30-000001

Additional_Info

These descriptions are used for all types of logs.

Field	Data Type	Description	Source	Example
description	String	Description about the log generated.	All modules	Data protect operation was successful, Executing attempt_rollover for , and so on.
module	String	The module that generated the log.	All modules	.signature.job_runner
procedure	String	The method in the module that generated the log.	All modules	create_job
title	String	The title for the audit log.	Feature

Process

This section describes the properties of the process that created the log. For example, the protector or the rputils.

Field	Data Type	Description	Source	Example
thread_id	String	The thread_id of the process that generated the log.	PEP Server	3382487360
id	String	The id of the process that generated the log.	PEP Server	41710
user	String	The user that runs the program that generated the log.	All modules	service_admin
version	String	The version of the program or Protector that generated the log.	All modules	1.2.2+49.g126b2.1.2
platform	String	The platform that the program that generated the log is running on.	PEP Server	Linux_x64
module	String	The module that generated the log.	PPC, Protector	rpstatus
name	String	The name of the process that generated the log.	All modules	Protegrity PEP Server
pcc_version	String	The core pcc version.	PEP Server	3.4.0.20

Origin

This section describes the origin of the log, that is, from where the log came from and when it was generated.

Field	Data Type	Description	Source	Example
time_utc	Date	The time in the Coordinated Universal Time (UTC) format when the log was generated.	All modules	Mar 8, 2026 @ 12:56:29.000
hostname	String	The hostname of the machine where the log was generated.	All modules	ip-192-16-1-20.protegrity.com
ip	IP	The IP of the machine where the log was generated.	All modules	192.168.1.20

Protector

This section describes the Protector that generated the log. For example, the vendor and the version of the Protector.

Note: For more information about the Protector vendor, family, and version, refer here.

Field	Data Type	Description	Source	Example
vendor	String	The vendor of the Protector that generated the log. This is specified by the Protector.	Protector
family	String	The Protector family of the Protector that generated the logs. This is specified by the Protector. For more information about the family, refer here.	Protector	gwp
version	String	The version of the Protector that generated the logs. This is specified by the Protector.	Protector	1.2.2+49.g126b2.1.2
core_version	String	This is the Core component version of the product.	Protector	1.2.2+49.g126b2.1.2
pcc_version	String	This is the PCC version.	Protector	3.4.0.20

Protection

This section describes the protection that was done, what was done, the result of the operation, where it was done, and so on.

Field	Data Type	Description	Source	Example
policy	String	The name of the policy. This is only used in File Protector.	Protector	aes1-rcwd
role	String	This field is not used and will be deprecated.	Protector
datastore	String	The name of the datastore used for the security operation.	Protector	Testdatastore
audit_code	Integer	The return code for the operation. For more information about the return codes, refer to Log return codes.	Protector	6
session_id	String	The identifier for the session.	Protector
request_id	String	The ID of the request that generated the log.	Protector
old_dataelement	String	The old dataelement value before the reprotect to a new dataelement.	Protector	AES128
mask_setting	String	The mask setting used to protect data.	Protector	Mask Left:4 Mask Right:4 Mark Character:
dataelement	String	The dataelement used when protecting or unprotecting data. This is passed by the Protector performing the operation.	Protector	PTY_DE_CCN
operation	String	The operation, for example Protect, Unprotect, or Reprotect. This is passed in by the Protector performing the operation.	Protector	Protect
policy_user	String	The policy user for which the operation is being performed. This is passed in by the Protector performing the operation.	Protector	exampleuser1
devicepath	String	The path to the device. This is only used in File Protector.	Protector	/hmount/fuse_mount
filetype	String	The type of file that was protected or unprotected. This displays the value ISREG for files and ISDIR for directories. This is only used in File Protector.	Protector	ISREG
path	String	The path to the file protected or unprotected by the File Protector. This is only used in File Protector.	Protector	/testdata/src/ez/audit_log(13).csv

Client

This section describes from where the log came from.

Field	Data Type	Description	Source	Example
ip	String	The IP of the client that generated the log.	Protector	192.168.2.10
username	String	The username that ran the Protector or Server on the client that created the log.	Hubcontroller	johndoe

Policy

This section describes the information about the policy.

Field	Data Type	Description	Source	Example
audit_code	Integer	This is the policy audit code for the policy log.	PEP Server	198
policy_name	String	This is the policy name for the policy log.	PEP Server	AutomationPolicy
severity	String	This is the severity level for the policy log entry.	PEP Server	Low
username	String	This is the user who modified the policy.	PEP Server	johndoe

Signature

This section handles the signing of the log. The key that was used to sign the log and the actual checksum that was generated.

Field	Data Type	Description	Source	Example
key_id	String	The key ID of the signingkey that signed the log record.	Protector	cc93c930-2ba5-47e1-9341-56a8d67d55d4
checksum	String	The checksum that was the result of signing the log.	Protector	438FE13078719ACD4B8853AE215488ACF701ECDA2882A043791CDF99576DC0A0
counter	Double	This is the chain of custody value. It helps maintain the integrity of the log data.	Protector	50321

Verification

This section describes the log information generated for a failed signature verification job.

Field	Data Type	Description	Source	Example
doc_id	String	This is the document ID for the audit log where the signature verification failed.	Signature Verification	N2U2N2JkM2QtMDhmYy00OGJmLTkyOGYtNmRhYzhhMGExMTFh
index_name	String	This is the index name where the log signature verification failed.	Signature Verification	pty_insight_analytics_audits_10.0-2026.08.30-000001
job_id	String	This is the job ID of the signature verification job.	Signature Verification	1T2RaosBEEC_iPz-zPjl
job_name	String	This is the job name of the signature verification job.	Signature Verification	System Job
reason	String	This is the audit log specifying the reason of the signature verification failure.	Signature Verification	INVALID_CHECKSUM \| INVALID_KEY_ID \| NO_KEY_AND_DOC_UPDATED

Feedback

Was this page helpful?

Last modified : April 06, 2026