diff --git a/bin/tsg_log_field.conf b/bin/tsg_log_field.conf
index 0708690..6a49614 100644
--- a/bin/tsg_log_field.conf
+++ b/bin/tsg_log_field.conf
@@ -108,3 +108,4 @@ LONG		l2tp_access_concentrator_port	95
 LONG		l2tp_network_server_port	96
 STRING		l2tp_version		97
 STRING		common_packet_capture_file	98
+STRING		common_app_behavior	99
diff --git a/inc/tsg_label.h b/inc/tsg_label.h
index 5f8b232..cbfe451 100644
--- a/inc/tsg_label.h
+++ b/inc/tsg_label.h
@@ -144,4 +144,9 @@ struct tsg_notify_execution_result
 	struct mirrored_stat stat_mirrored[MAX_RESULT_NUM];
 };
 
+struct application_behavior
+{
+	char *stream_behavior;
+};
+
 #endif
diff --git a/src/tsg_entry.cpp b/src/tsg_entry.cpp
index 6dccd94..9faeb5b 100644
--- a/src/tsg_entry.cpp
+++ b/src/tsg_entry.cpp
@@ -476,9 +476,9 @@ static int master_send_log(const struct streaminfo *a_stream, struct Maat_rule_t
 	log_msg.result=p_result;
 	log_msg.result_num=result_num;
 
-	if(proto==PROTO_SSH && p_result[0].action==TSG_ACTION_MONITOR && g_tsg_para.recv_notification_data_bridge_id>=0)
+	if(proto==PROTO_SSH && p_result[0].action==TSG_ACTION_MONITOR && g_tsg_para.bridge_id[BRIDGE_TYPE_RECV_CONN_SKETCH_DATA]>=0)
 	{
-		notify=(struct tsg_conn_sketch_notify_data *)stream_bridge_async_data_get(a_stream, g_tsg_para.recv_notification_data_bridge_id);
+		notify=(struct tsg_conn_sketch_notify_data *)stream_bridge_async_data_get(a_stream, g_tsg_para.bridge_id[BRIDGE_TYPE_RECV_CONN_SKETCH_DATA]);
 		if (notify != NULL && notify->protocol== PROTO_SSH && notify->pdata.TLD_handle!=NULL)
 		{
 			TLD_handle = TLD_duplicate(notify->pdata.TLD_handle);
@@ -1951,40 +1951,32 @@ extern "C" int TSG_MASTER_INIT()
 		MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_FATAL, "PROJECT_REGISTER", "Register %s failed.", label_buff);
 	}
 
-	MESA_load_profile_string_def(tsg_conffile, "SYSTEM", "APP_BRIDGE_NAME", label_buff, sizeof(label_buff), "APP_BRIDGE");
-	g_tsg_para.app_bridge_id=stream_bridge_build(label_buff, "w");
-	if(g_tsg_para.app_bridge_id<0)
+	MESA_load_profile_string_def(tsg_conffile, "SYSTEM", "APP_IDENTIFY_BRIDGE_NAME", g_tsg_para.bridge_name[BRIDGE_TYPE_APP_IDENTIFY_RESULT],_MAX_TABLE_NAME_LEN, "APP_BRIDGE");
+	MESA_load_profile_string_def(tsg_conffile, "SYSTEM", "SKETCH_NOTIFY_BRIDGE_NAME", g_tsg_para.bridge_name[BRIDGE_TYPE_RECV_CONN_SKETCH_DATA],_MAX_TABLE_NAME_LEN, "TSG_CONN_SKETCH_NOTIFY_DATA");
+	MESA_load_profile_string_def(tsg_conffile, "SYSTEM", "MASTER_NOTIFY_BRIDGE_NAME", g_tsg_para.bridge_name[BRIDGE_TYPE_SEND_CONN_SKETCH_DATA],_MAX_TABLE_NAME_LEN, "TSG_MASTER_NOTIFY_DATA");
+	MESA_load_profile_string_def(tsg_conffile, "SYSTEM", "NOTIFY_EXEC_RESULT_BRIDGE_NAME", g_tsg_para.bridge_name[BRIDGE_TYPE_CONN_SKETCH_EXEC_RESULT],_MAX_TABLE_NAME_LEN, "TSG_NOTIFICATION_EXECUTION_RESULT");
+	MESA_load_profile_string_def(tsg_conffile, "SYSTEM", "APP_BEHAVIOR_BRIDGE_NAME", g_tsg_para.bridge_name[BRIDGE_TYPE_APP_IDENTIFY_RESULT],_MAX_TABLE_NAME_LEN, "TSG_APPLICATION_BEHAVIOR");
+
+	for(i=0; i<BRIDGE_TYPE_MAX; i++)
 	{
-		MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_FATAL, "APP_BRIDGE", "stream_bridge_build is error, app_bridge_name: %s", label_buff);	
+		g_tsg_para.bridge_id[i]=stream_bridge_build(g_tsg_para.bridge_name[i], "w");
+		if(g_tsg_para.bridge_id[i]<0)
+		{
+			MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_FATAL, "INIT_BRIDGE", "stream_bridge_build is error, bridge_name: %s", g_tsg_para.bridge_name[i]);	
+		}
 	}
 
-	ret=stream_bridge_register_data_sync_cb(g_tsg_para.app_bridge_id, app_identify_result_cb);
+	ret=stream_bridge_register_data_sync_cb(g_tsg_para.bridge_id[BRIDGE_TYPE_APP_IDENTIFY_RESULT], app_identify_result_cb);
 	if(ret<0)
 	{		
-		MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_FATAL, "APP_BRIDGE", "Register callback failed, app_bridge_id: %d", g_tsg_para.app_bridge_id);	
+		MESA_handle_runtime_log(g_tsg_para.logger,
+									RLOG_LV_FATAL,
+									"APP_BRIDGE",
+									"Register callback failed, bridge_name: %d",
+									g_tsg_para.bridge_name[BRIDGE_TYPE_APP_IDENTIFY_RESULT]
+								);	
 		return -1;
 	}
-	
-	MESA_load_profile_string_def(tsg_conffile, "SYSTEM", "TSG_CONN_SKETCH_NOTIFY_BRIDGE_NAME", label_buff, sizeof(label_buff), "TSG_CONN_SKETCH_NOTIFY_DATA");
-	g_tsg_para.send_notification_data_bridge_id=stream_bridge_build(label_buff,  "w");
-	if(g_tsg_para.send_notification_data_bridge_id<0)
-	{
-        MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_FATAL, "TSG_BRIDGE", "stream_bridge_build failed, bridge_name: %s", label_buff);
-	}
-
-	MESA_load_profile_string_def(tsg_conffile, "SYSTEM", "TSG_MASTER_NOTIFY_BRIDGE_NAME", label_buff, sizeof(label_buff), "TSG_MASTER_NOTIFY_DATA");
-	g_tsg_para.recv_notification_data_bridge_id=stream_bridge_build(label_buff,  "w");
-	if(g_tsg_para.recv_notification_data_bridge_id<0)
-	{
-        MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_FATAL, "TSG_BRIDGE", "stream_bridge_build failed, bridge_name: %s", label_buff);
-	}
-
-	MESA_load_profile_string_def(tsg_conffile, "SYSTEM", "TSG_NOTIFICATION_EXECUTION_RESULT_BRIDGE_NAME", label_buff, sizeof(label_buff), "TSG_NOTIFICATION_EXECUTION_RESULT");
-	g_tsg_para.notify_execution_result_bridge_id=stream_bridge_build(label_buff,  "w");
-	if(g_tsg_para.notify_execution_result_bridge_id<0)
-	{
-        MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_FATAL, "TSG_BRIDGE", "stream_bridge_build failed, bridge_name: %s", label_buff);
-	}
 
 	g_tsg_para.context_project_id=project_producer_register("TSG_MASTER_CONTEXT", PROJECT_VAL_TYPE_STRUCT, free_context_label);
 	if(g_tsg_para.context_project_id<0)
diff --git a/src/tsg_entry.h b/src/tsg_entry.h
index 254f5eb..fe11495 100644
--- a/src/tsg_entry.h
+++ b/src/tsg_entry.h
@@ -142,6 +142,16 @@ enum HTTP_RESPONSE_FORMAT
 	HTTP_RESPONSE_FORMAT_HTML
 };
 
+enum BRIDGE_TYPE
+{
+	BRIDGE_TYPE_SEND_CONN_SKETCH_DATA=0,
+	BRIDGE_TYPE_RECV_CONN_SKETCH_DATA,
+	BRIDGE_TYPE_CONN_SKETCH_EXEC_RESULT,
+	BRIDGE_TYPE_APP_IDENTIFY_RESULT,
+	BRIDGE_TYPE_APP_BEHAVIOR_RESULT,
+	BRIDGE_TYPE_MAX
+};
+
 struct _str2index
 {
 	int index;
@@ -241,10 +251,7 @@ typedef	struct tsg_para
 	int context_project_id;
 	int tcpall_project_id;
 	int gather_app_project_id;	
-	int notify_execution_result_bridge_id;
-	int send_notification_data_bridge_id;
-	int recv_notification_data_bridge_id;
-	int app_bridge_id;
+	int bridge_id[BRIDGE_TYPE_MAX];
 	int proto_flag; //tsg_protocol_t
 	int fs2_field_id[TSG_FS2_MAX];
 	char device_sn[MAX_DOMAIN_LEN/8];
@@ -253,6 +260,7 @@ typedef	struct tsg_para
 	char data_center[_MAX_TABLE_NAME_LEN];
 	char device_tag[MAX_DOMAIN_LEN/2];
 	char table_name[TABLE_MAX][_MAX_TABLE_NAME_LEN];
+	char bridge_name[BRIDGE_TYPE_MAX][_MAX_TABLE_NAME_LEN];
 	void *logger;
 	void *maat_logger;
 	struct reset_argv reset;
diff --git a/src/tsg_rule.cpp b/src/tsg_rule.cpp
index 16f2cde..8556035 100644
--- a/src/tsg_rule.cpp
+++ b/src/tsg_rule.cpp
@@ -2677,7 +2677,7 @@ int tsg_notify_hited_monitor_result(const struct streaminfo *a_stream, struct Ma
 				notify_data.type=NOTIFY_TYPE_MIRRORED;
 				notify_data.vlan=&(mirror_profile->vlan);
 				
-				stream_bridge_sync_data_put(a_stream, g_tsg_para.send_notification_data_bridge_id, (void *)&(notify_data));
+				stream_bridge_sync_data_put(a_stream, g_tsg_para.bridge_id[BRIDGE_TYPE_SEND_CONN_SKETCH_DATA], (void *)&(notify_data));
 				mirrored_profile_free(0, (MAAT_PLUGIN_EX_DATA *)&mirror_profile, 0, NULL);
 			}
 		}
@@ -2687,7 +2687,7 @@ int tsg_notify_hited_monitor_result(const struct streaminfo *a_stream, struct Ma
 			notify_data.compile_id=result[i].config_id;
 			notify_data.type=NOTIFY_TYPE_CAPTURE;
 			notify_data.capture_depth=user_region->capture.depth;
-			stream_bridge_sync_data_put(a_stream, g_tsg_para.send_notification_data_bridge_id, (void *)&(notify_data));
+			stream_bridge_sync_data_put(a_stream, g_tsg_para.bridge_id[BRIDGE_TYPE_SEND_CONN_SKETCH_DATA], (void *)&(notify_data));
 		}
 		
 		tsg_free_compile_user_region(&(result[i]), user_region);
diff --git a/src/tsg_send_log.cpp b/src/tsg_send_log.cpp
index 62d9122..4f19132 100644
--- a/src/tsg_send_log.cpp
+++ b/src/tsg_send_log.cpp
@@ -1240,11 +1240,25 @@ static int set_common_sub_action(struct TLD_handle_t *handle, char *field_name,
 	return 0;
 }
 
-int set_notification_execution_result(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, struct streaminfo *a_stream, struct Maat_rule_t *p_result)
+int set_application_behavior(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, struct streaminfo *a_stream)
+{
+	struct application_behavior *behavior_result=NULL;
+	behavior_result=(struct application_behavior *)stream_bridge_async_data_get(a_stream, g_tsg_para.bridge_id[BRIDGE_TYPE_APP_BEHAVIOR_RESULT]);
+	if(behavior_result==NULL)
+	{
+		return 0;
+	}
+
+	TLD_append(_handle, _instance->id2field[LOG_COMMON_APPLICATION_BEHAVIOR].name, (void *)(behavior_result->stream_behavior), TLD_TYPE_STRING);			
+
+	return 1;
+}
+
+int set_notify_execution_result(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, struct streaminfo *a_stream, struct Maat_rule_t *p_result)
 {
 	int i=0;
 	struct tsg_notify_execution_result *execution_result=NULL;
-	execution_result=(struct tsg_notify_execution_result *)stream_bridge_async_data_get(a_stream, g_tsg_para.notify_execution_result_bridge_id);
+	execution_result=(struct tsg_notify_execution_result *)stream_bridge_async_data_get(a_stream, g_tsg_para.bridge_id[BRIDGE_TYPE_CONN_SKETCH_EXEC_RESULT]);
 	if(execution_result==NULL)
 	{
 		return 0;
@@ -1638,6 +1652,8 @@ int tsg_send_log(struct tsg_log_instance_t *instance, struct TLD_handle_t *handl
 	{
 		TLD_append(_handle, _instance->id2field[LOG_COMMON_DEVICE_TAG].name, (void *)(g_tsg_para.device_tag), TLD_TYPE_STRING);
 	}
+	
+	set_application_behavior(_instance, _handle, log_msg->a_stream);
 		
 	for(i=0;i<log_msg->result_num; i++)
 	{
@@ -1695,7 +1711,7 @@ int tsg_send_log(struct tsg_log_instance_t *instance, struct TLD_handle_t *handl
 		TLD_append(_handle, _instance->id2field[LOG_COMMON_SERVICE].name, (void *)(long)(log_msg->result[i].service_id), TLD_TYPE_LONG);
 		TLD_append(_handle, _instance->id2field[LOG_COMMON_ACTION].name, (void *)(long)((unsigned char)log_msg->result[i].action), TLD_TYPE_LONG);
 
-		set_notification_execution_result(_instance, _handle, log_msg->a_stream, &(log_msg->result[i]));
+		set_notify_execution_result(_instance, _handle, log_msg->a_stream, &(log_msg->result[i]));
 		
 		if(_instance->send_user_region==1)
 		{
diff --git a/src/tsg_send_log_internal.h b/src/tsg_send_log_internal.h
index f8e6c86..822da67 100644
--- a/src/tsg_send_log_internal.h
+++ b/src/tsg_send_log_internal.h
@@ -124,6 +124,7 @@ typedef enum _tsg_log_field_id
 	LOG_COMMON_L2TP_NETWORK_SERVER_PORT,	
 	LOG_COMMON_L2TP_VERSION,
 	LOG_COMMON_PACKET_CAPTURE_FILE,
+	LOG_COMMON_APPLICATION_BEHAVIOR,
 	LOG_COMMON_MAX
 }tsg_log_field_id_t;