The following table describes the fields in the QIPFILTER output file:
| Field Name | Field Length | Numeric | Description | Comments |
|---|---|---|---|---|
| TFENTL | 5 | Y | Length of entry | |
| TFSEQN | 10 | Y | Sequence number | |
| TFCODE | 1 | N | Journal code | Always M |
| TFENTT | 2 | N | Entry type | Always TF |
| TFTIME | 26 | N | SAA timestamp | |
| TFJOB | 10 | N | Job name | |
| TFUSER | 10 | N | User profile | |
| TFNBR | 6 | Y | Job number | |
| TFPGM | 10 | N | Program name | |
| TFRES1 | 51 | N | Reserved | |
| TFUSPF | 10 | N | User | |
| TFSYMN | 8 | N | System name | |
| TFRES2 | 20 | N | Reserved | |
| TFRESA | 50 | N | Reserved | |
| TFLINE | 10 | N | Line description | *ALL if TFREVT is U* , Blank if TFREVT is L*, Line name if TFREVT is L |
| TFREVT | 2 | N | Rule event | L* or L when rules are loaded. U* when rules are unloaded, A when filter action |
| TFPDIR | 1 | N | IP Packet direction | O is outbound, I is inbound |
| TFRNUM | 5 | N | Rule number | Applies to the rule number in the active rules file |
| TFACT | 6 | N | Filter action taken | PERMIT, DENY, or IPSEC |
| TFPROT | 4 | N | Transport protocol | 1 is ICMP
6 is TCP 17 is UDP 50 is ESP 51 is AH |
| TFSRCA | 15 | N | Source IP address | |
| TFSRCP | 5 | N | Source port | Garbage if TFPROT= 1 (ICMP) |
| TFDSTA | 15 | N | Destination IP address | |
| TFDSTP | 5 | N | Destination port | Garbage if TFPROT= 1 (ICMP) |
| TFTEXT | 76 | N | Additional text | Contains description if TFREVT= L* or U* |