Vendor Documentation
Classification
|
Rule Name |
Rule Type |
Common Event |
Classification |
|
ADC Security Logs |
Base Rule |
General Security Information |
Information |
|
Security: IP Reputation Events |
Sub Rule |
IP Reputation |
Information |
|
Security: Geo Logs |
Sub Rule |
General Security Alert |
Warning |
|
Web Application Firewall Events |
Sub Rule |
General Security Alert |
Warning |
|
Security: DDOS Synflood Attacks |
Sub Rule |
General Attack Activity |
Attack |
|
Security: Anti-virus Module |
Sub Rule |
General Antivirus Warning |
Warning |
|
Security: Intrusion Prevention System Module |
Sub Rule |
Intrusion Prevention System Alert |
Information |
Mapping with LogRhythm Scheme
|
Device Key in Log Message |
LogRhythm Schema |
Data Type |
Schema Description |
|
date |
N/A |
N/A |
Log date |
|
time |
N/A |
N/A |
Log time |
|
log_id |
<vmid> |
Number |
Log ID |
|
type |
<vendorinfo> |
Text/String |
Major Log Type |
|
subtype |
<tag1> |
Text/String |
Log Subtype |
|
pri |
N/A |
N/A |
Log level |
|
vd |
<account> |
Text/String |
Virtual domain |
|
msg_id |
N/A |
N/A |
Message ID |
|
count |
N/A |
N/A |
The Count column is only available for security logs related to DoS Protection, Geo IP Blocklist, and IP Reputation Rule match count |
|
severity |
<severity> |
Text/String |
The Service column is only available for security logs related to Anti Virus, Geo IP Blocklist, IPS and WAF Specifies the security level |
|
proto |
<protnum> |
Number |
Protocol |
|
service |
<protname> |
Text/String |
The Service column is only available for security logs related to Anti Virus and IPS Specifies the service type |
|
src |
<sip> |
Ip Address |
Source IP address in traffic received by FortiADC |
|
src_port |
<sport> |
Number |
Source port |
|
dst |
<dip> |
Ip Address |
Destination IP address in traffic received by FortiADC (IP address of the virtual server) |
|
dst_port |
<dport> |
Number |
Destination port |
|
policy |
<policy> |
Text/String |
Virtual server name |
|
action |
<action> |
Text/String |
Action type that was taken as a result |
|
srccountry |
N/A |
N/A |
Location of the source IP address |
|
dstcountry |
N/A |
N/A |
Location of the destination IP address |
|
WAF Subcategory |
<objecttype> |
Text/String |
The WAF Subcategory column is only available for security logs related to WAF Specifies the Web Application Firewall subcategory |
|
Virus Category |
<threatname> |
Text/String |
The Virus Category column is only available for security logs related to Anti Virus Specifies the virus category |
|
Rule Name |
<policy> |
Text/String |
The Rule Name column is only available for security logs related to IPS Specifies the security rule name |