Event : System
Vendor Documentation
| https://www.fortinet.com/products.html https://docs.fortinet.com/document/fortigate/6.0.6/fortios-log-message-reference/524940/introduction |
Classification
Rule Name | Rule Type | Classification | Common Event |
|---|---|---|---|
| Event : System | Base Rule | Information | General Event Log Information |
| Event Admin Login Fail | Sub Rule | Authentication Failure | Authentication Failure Activity |
| Event Ext Remote | Sub Rule | Information | General Remote Access Information |
| Event Reportd Report Success | Sub Rule | Information | Report Generation |
| Event VWL Volume Status | Sub Rule | Information | VLAN Manager Info Msg |
| Event Log Roll | Sub Rule | Information | General Disk Information |
| Event DHCP Stat | Sub Rule | Information | General DHCPServer Information |
| Event Nac Quarantine | Sub Rule | Activity | Quarantine |
| Event Mail Sent Fail | Sub Rule | Failed Activity | General Failed Activity |
| Event DSSCC Exec | Sub Rule | Other Audit | General Policy Compliance Information |
| Event DHCP Ack | Sub Rule | Network Traffic | DHCP ACK |
| Event Sys Perf | Sub Rule | Information | General Performance Statistics |
| Event Admin Login Logout | Sub Rule | Information | Logout Request |
| Event Backup Conf By Scp | Sub Rule | Information | Backup Completed |
| Event Upd Fsa Virdb | Sub Rule | Information | Database Update Event |
| Event Reportd Report Success | Sub Rule | Information | Report Deleted |
| Event Admin Login Succ | Sub Rule | Authentication Activity | Authentication Activity |
| Event Log Del Dir | Sub Rule | Access Success | Object Deleted/Removed |
| Event Log Del File | Sub Rule | Access Success | Object Deleted/Removed |
| Event Report Deleted | Sub Rule | Access Success | Object Deleted/Removed |
| Event Report Deleted GUI | Sub Rule | Access Success | Object Deleted/Removed |
| Event Delete Object | Sub Rule | Access Success | Object Deleted/Removed |
| Event Config Attr | Sub Rule | Access Success | Object Added |
| Event Add Object Attribute | Sub Rule | Access Success | Object Added |
| Event Auth Snmp Query Failed | Sub Rule | Error | Error : SNMP_GET_ERROR1 |
| Event Conf Chg | Sub Rule | Configuration | Configuration Modified : System |
| Event Admin Login Disable | Sub Rule | Access Revoked | Account Disabled |
| Event Session Clash | Sub Rule | Information | Possible Address Conflict |
| Event Log Roll Forticron | Sub Rule | Information | Rotation Information |
| Event Upd Fgt Succ | Sub Rule | Information | Operation Succeeded |
| Event DHCP Client Lease | Sub Rule | Information | DHCP Lease Obtained |
Mapping with LogRhythm Schema
| Device Key in Log Message | LogRhythm Schema | Data Type | Schema Description |
| severity | <severity> | Text/String | severity |
| logid | <vmid> <tag1> | Number | N/A |
| subtype | <object> | Text/String | N/A |
| sn | <serialnumber> | Text/String | N/A |
| user | <login> | Text/String/Number | N/A |
| method | <sessiontype> | Text/String | N/A |
| srcip | <sip> | IP Address | IP Address |
| dstip | <dip> | IP Address | IP Address |
| session | <account> | Text/String/Number | N/A |
| action | <action> | Text/String | N/A |
| status | <status> | Text/String | N/A |
| reason | <reason> | Text/String | N/A |
| msg | <subject> | Text/String | N/A |
| ui | <sip> | IP Address | N/A |
| src_int | <sinterface> | Text/String | N/A |
| dst_int | <dinterface> | Text/String | N/A |
| srcport | <sport> | Number | N/A |
| dstport | <dport> | Number | N/A |
| version | <version> | Text/String/Number | N/A |
| proto | <protnum> | Number | N/A |
| banned_rule | <threatname> | Text/String | N/A |
| sensor | <policy> | Text/String | N/A |
| interface | <sinterface> | Text/String | N/A |
| ip | <sip> | IP Address | N/A |