Skip to main content
Skip table of contents

ADC Traffic Logs

Vendor Documentation

Classification

Rule Name

Rule Type

Common Event

Classification

ADC Traffic Logs

Base Rule

General Traffic Log

Network Traffic

Server Load Balance Layer4

Sub Rule

SLB-4-WARNING

Warning

Server Load Balance HTTP

Sub Rule

General HTTP Information

Information

Server Load Balance TCPS

Sub Rule

General TCP/IP Information

Information

Server Load Balance RADIUS

Sub Rule

RADIUS Information

Information

Global Load Balance

Sub Rule

General Load Balancing Message

Information

Server Load Balance SIP

Sub Rule

VoIP SIP Message

Information

Server Load Balance RDP

Sub Rule

Network Traffic

Network Traffic

Server Load Balance DNS

Sub Rule

General DNS Information

Information

Server Load Balance RTSP

Sub Rule

Network Traffic

Network Traffic

Server Load Balance SMTP

Sub Rule

SMTP Request

Network Traffic

Server Load Balance RTMP

Sub Rule

Network Traffic

Network Traffic

Server Load Balance MySQL

Sub Rule

General MySQL Information

Information

Server Load Balance DIAMETER

Sub Rule

Network Traffic

Network Traffic

Link Load Balance

Sub Rule

Network Traffic

Network Traffic

Server Load Balance FTP

Sub Rule

General FTP Information

Information

Server Load Balance ISO8583

Sub Rule

Network Traffic

Network Traffic

Server Load Balance MSSQL

Sub Rule

General MSSQLSERVER Information

Information

Mapping with LogRhythm Scheme

Device Key in Log Message

LogRhythm Schema

Data Type

Schema Description

date

N/A

N/A

Log date

time

N/A

N/A

Log time

log_id

<vmid> 

Number

Log ID

type

<vendorinfo>

Text/String

Major Log Type

subtype

<tag1>

Text/String

Log Subtype

pri

<severity>

Text/String

Log level

vd

<account>

Text/String

Virtual domain

msg_id

N/A

N/A

Message ID

duration

N/A

N/A

Session duration

ibytes

<bytesin>

Number

Bytes in

obytes

<bytesout>

Number

Bytes out

proto

<protnum>

Number

Protocol

service

<protname>

Text/String

Service

src

<sip>

Ip Address

Source IP address in traffic received by FortiADC

src_port

<sport>

Number

Source port

dst

<dip>

Ip Address

Destination IP address in traffic received by FortiADC (IP address of the virtual server)

dst_port

<dport>

Number

Destination port

trans_src

N/A

N/A

Source IP address in packet sent from FortiADC Address might have been translated

trans_src_port

N/A

N/A

 Source port in packet sent from FortiADC

trans_dst

N/A

N/A

Destination IP address in packet sent from FortiADC (IP address of the real server)

trans_dst_port

N/A

N/A

Destination port in packet sent from FortiADC

policy

<policy>

Text/String

Virtual server name

action

<action>

Text/String

For most logs, action=none

http_method

<command>

Text/String

HTTP method

http_host

<dname>

Text/String

Host IP address

http_agent

<useragent>

Text/String

HTTP agent

http_url

<url>

Text/String

Base URL.

http_qry

N/A

N/A

URL parameters after the base URL

http_referer

N/A

N/A

 

http_cookie

N/A

N/A

Cookie name

http_retcode

<responsecode>

Number

HTTP return code

user

<login>

Text/String

User name

usrgrp

<group>

Text/String

User group

auth_status

<status>

Text/String

Authentication success/failure

srccountry

N/A

N/A

Location of the source IP address

dstcountry

N/A

N/A

Location of the destination IP address

real_server

N/A

N/A

Real server configured name

sip_method

N/A

N/A

Invite sent from

sip_uri

N/A

N/A

SIP server IP address.

sip_from

N/A

N/A

SIP call ID

sip_to

N/A

N/A

 

sip_callid

N/A

N/A

Reserved

sip_retcode

N/A

N/A

Reserved

fqdn

N/A

N/A

FQDN from client request

resip

N/A

N/A

DNS response IP address

srrcountry

N/A

N/A

Location of the source IP address

gateway

N/A

N/A

Gateway in Link Group

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.