IPS Log Files need the IPS Rule ID
To create an IPS exception, the system administrator must know the rule number. But there is no way to determine a rule number, so the exception capability is useless. The GUI does not provide a rule review tool. The log files contain: reason (test), group (number), class (text), and sid (number), but not a rule number. My attempts to correlate UTM field values with the Snort product documentation have also been unsuccessful. The Snort documentation refers to SIDs, but they are fewer digits than the UTM SIDs, with no discernible matching technique. Level 1 Support was also unable to add any insight into the problem.
Well, it seems I just did not understand the log file layout.
sid="" is the code and reason="" is the text that goes with that code. https://lists.astaro.com has the master list of codes and descriptions.