LSO FortiAnalyzer - Event : Wireless
Vendor Documentation
Log Fields and Parsing
This section details the log fields available in this log message type, along with values parsed for both LogRhythm Default and LogRhythm Default v2.0 policies. A value of "N/A" (not applicable) means that there is no value parsed for a specified log field.
Log Field | LogRhythm Default | LogRhythm Default v2.0 |
|---|---|---|
Header: Severity | <severity> | N/A |
logid | <vmid> | N/A |
logdesc | <status> | N/A |
sn | <serialnumber> | N/A |
ap | <object> | N/A |
ip | <sip> | N/A |
ssid | <sname> | N/A |
stamac | <smac> | N/A |
action | <action> | N/A |
reason | <reason> | N/A |
msg | <subject> | N/A |
Log Processing Settings
This section details log processing changes made from the LogRhythm Default policy to LogRhythm Default v2.0. In some cases, base rules are broken down into sub-rules to appropriately parse log message types by their event types.
LogRhythm Default
Regex ID | Rule Name | Rule Type | Common Event | Classification |
|---|---|---|---|---|
1010176 | Event : Wireless | Base Rule | General Wireless Management Message | Other Operations |
Wireless STA Locate | Sub Rule | Interference Detected For Wireless Station | Warning | |
Wireless Rogue Detect | Sub Rule | General Wireless Channel Warning | Warning | |
Wireless Rogue Offair | Sub Rule | Wireless Disassociation | Other Audit Success | |
Wireless Rogue Detect Chg | Sub Rule | General Wireless Channel Warning | Warning | |
Wireless STA Auth | Sub Rule | Authentication Activity | Authentication Success | |
Wireless STA Idle | Sub Rule | Idle Timeout | Information | |
Wireless STA IP | Sub Rule | IP Address Assigned | Information | |
Wireless STA Leave WTP | Sub Rule | Received Disconnect | Other Operations | |
Wireless WTPR DARRP Chan | Sub Rule | Wireless Physical AP Activity | Information | |
Wireless WTPR OPER Chan | Sub Rule | Wireless Physical AP Activity | Information | |
Wireless WTPR Cfg Txpower | Sub Rule | Wireless Physical AP Activity | Information | |
Wireless WTPR OPER Txpower | Sub Rule | Wireless Physical AP Activity | Information | |
Wireless CLB Deny | Sub Rule | General Load Balancing Message | Information | |
Wireless CLB Retry | Sub Rule | General Load Balancing Message | Information | |
Wireless Sys AC DARRP Start | Sub Rule | Wireless Activity | Information | |
Wireless Sys AC DARRP Stop | Sub Rule | Wireless Activity | Information | |
Wireless Sys AC CFG Loaded | Sub Rule | Configuration Information | Information |
LogRhythm Default v2.0
N/A