Event : System

https://www.fortinet.com/products.html

https://docs.fortinet.com/document/fortigate/6.0.6/fortios-log-message-reference/524940/introduction

Rule Name	Rule Type	Classification	Common Event
Event : System	Base Rule	Information	General Event Log Information
Event Admin Login Fail	Sub Rule	Authentication Failure	Authentication Failure Activity
Event Ext Remote	Sub Rule	Information	General Remote Access Information
Event Reportd Report Success	Sub Rule	Information	Report Generation
Event VWL Volume Status	Sub Rule	Information	VLAN Manager Info Msg
Event Log Roll	Sub Rule	Information	General Disk Information
Event DHCP Stat	Sub Rule	Information	General DHCPServer Information
Event Nac Quarantine	Sub Rule	Activity	Quarantine
Event Mail Sent Fail	Sub Rule	Failed Activity	General Failed Activity
Event DSSCC Exec	Sub Rule	Other Audit	General Policy Compliance Information
Event DHCP Ack	Sub Rule	Network Traffic	DHCP ACK
Event Sys Perf	Sub Rule	Information	General Performance Statistics
Event Admin Login Logout	Sub Rule	Information	Logout Request
Event Backup Conf By Scp	Sub Rule	Information	Backup Completed
Event Upd Fsa Virdb	Sub Rule	Information	Database Update Event
Event Reportd Report Success	Sub Rule	Information	Report Deleted
Event Admin Login Succ	Sub Rule	Authentication Activity	Authentication Activity
Event Log Del Dir	Sub Rule	Access Success	Object Deleted/Removed
Event Log Del File	Sub Rule	Access Success	Object Deleted/Removed
Event Report Deleted	Sub Rule	Access Success	Object Deleted/Removed
Event Report Deleted GUI	Sub Rule	Access Success	Object Deleted/Removed
Event Delete Object	Sub Rule	Access Success	Object Deleted/Removed
Event Config Attr	Sub Rule	Access Success	Object Added
Event Add Object Attribute	Sub Rule	Access Success	Object Added
Event Auth Snmp Query Failed	Sub Rule	Error	Error : SNMP_GET_ERROR1
Event Conf Chg	Sub Rule	Configuration	Configuration Modified : System
Event Admin Login Disable	Sub Rule	Access Revoked	Account Disabled
Event Session Clash	Sub Rule	Information	Possible Address Conflict
Event Log Roll Forticron	Sub Rule	Information	Rotation Information
Event Upd Fgt Succ	Sub Rule	Information	Operation Succeeded
Event DHCP Client Lease	Sub Rule	Information	DHCP Lease Obtained

Device Key in Log Message	LogRhythm Schema	Data Type	Schema Description
severity	<severity>	Text/String	severity
logid	<vmid> <tag1>	Number	N/A
subtype	<object>	Text/String	N/A
sn	<serialnumber>	Text/String	N/A
user	<login>	Text/String/Number	N/A
method	<sessiontype>	Text/String	N/A
srcip	<sip>	IP Address	IP Address
dstip	<dip>	IP Address	IP Address
session	<account>	Text/String/Number	N/A
action	<action>	Text/String	N/A
status	<status>	Text/String	N/A
reason	<reason>	Text/String	N/A
msg	<subject>	Text/String	N/A
ui	<sip>	IP Address	N/A
src_int	<sinterface>	Text/String	N/A
dst_int	<dinterface>	Text/String	N/A
srcport	<sport>	Number	N/A
dstport	<dport>	Number	N/A
version	<version>	Text/String/Number	N/A
proto	<protnum>	Number	N/A
banned_rule	<threatname>	Text/String	N/A
sensor	<policy>	Text/String	N/A
interface	<sinterface>	Text/String	N/A
ip	<sip>	IP Address	N/A

Vendor Documentation

Classification

Mapping with LogRhythm Schema