What specific firewall log fields would you analyze to investigate a suspected data exfiltration event at bet365?