DNS : Messages

Vendor Documentation

https://www.fortinet.com/products.html

https://docs.fortinet.com/document/fortigate/6.0.6/fortios-log-message-reference/524940/introduction

Classification

Rule Name	Rule Type	Classification	Common Event
DNS : Messages	Base Rule	Information	General DNS Information
Dns Ftgd Cat Allow	Sub Rule	Information	General DNS Server Information
DNS Query Type Out	Sub Rule	Error	DNS Server Timed Out
Dns Query	Sub Rule	Information	DNS Query

Mapping with LogRhythm Schema

Device Key in Log Message	LogRhythm Schema	Data Type	Schema Description
severity	<severity>	Text/String	N/A
logid	<vmid> <tag1>	Number	N/A
sessionid	<session>	Number/Text/String	N/A
user	<account>	Text/String	N/A
srcip	<sip>	IP Address	IP Address
srcport	<sport>	Number	N/A
srcintf	<sinterface>	Number/Text/String	N/A
dstip	<dip>	IP Address	IP Address
dstport	<dport>	Number	N/A
dstintf	<dinterface>	Number/Text/String	N/A
proto	<protnum>	Number	N/A
qname	<dname>	Text/String	N/A
msg	<subject>	Text/String	N/A
error	<reason>	Text/String	N/A