Each log message contains a Sub Type (
subtype) field that further subdivides its category according to the feature involved with the cause of the log message.
- In event logs, some may have a
system, or other subtypes.
- In attack logs, they have main type and subtypes to reflect the classification of the attacks.
- In traffic logs, the
subtypeis always http even if the service is HTTPS.