Subtypes
Each log message contains a Sub Type (subtype
) field that further subdivides its category according to the feature involved with the cause of the log message.
For example:
- In event logs, some may have a
subtype
ofadmin
,system
, or other subtypes. - In attack logs, they have main type and subtypes to reflect the classification of the attacks.
- In traffic logs, the
subtype
is always http even if the service is HTTPS.