Fortinet FortiNAC: Fortinet FortiNAC Events

Vendor Documentation

Rule Name	Rule Type	Common Event	Classification
Admin User Timed Out	Sub Rule	User Disconnected Due To Time Out	Information
Database Backup Success	Sub Rule	Backup Succeeded	Information
Directory Synchronization Success	Sub Rule	Synchronization Finished	Information
Directory User Disabled	Sub Rule	Account Disabled	Access Revoked
Disable Host Success	Sub Rule	Host Disabled	Other Audit
Entitlement Polling Success	Sub Rule	Successful Activity	Other Audit Success
Fortinet FortiNAC Events	Base Rule	General Information Log Message	Information
L2 Poll Failed	Sub Rule	General Failed Activity	Failed Activity
MDM Host Compliance Failed	Sub Rule	Compliance Failure	Error
MDM Poll Success	Sub Rule	Successful Activity	Other Audit Success
SSH Session Failure	Sub Rule	Authentication Failure Activity	Authentication Failure
Synchronize Users With Directory Success	Sub Rule	Synchronization Finished	Information
Telnet Server Timeout	Sub Rule	Server Timed Out	Information

Device Key in Log Message	LogRhthm Schema	Data Type	Schema Description
Entity ID	N/A	N/A	Entity ID
Entity IP address	<dip>	IP Address	Entity IP address
Entity Name	<dname>	Text/String	Entity Name
Entity physical address	<dmac>	Text/String	Entity physical address
Event Name	<vendorinfo> <tag1>	Text/String	Name of the event that generated the syslog message.
Header	N/A	N/A	Syslog category: This is the defined facility and the severity Default Facility = 4 Security message Severity = 5 Notice Note: This can value optional and it can be Syslog header
ID	<object>	Number	Database ID, AlarmID or ElementID
Log Message	<subject>	Text/String	Log Message
Log Time	N/A	N/A	Log time.
Log Type	<vmid>	Number	Log type: 1 Event 2 Alarm 3 Security Alarm
Severity	<severity>	Number	Severity: 0 Normal 1 Minor 2 Major 3 Critical
Syslog Time	N/A	N/A	Time of the syslog generation.
user ID	<account>	Text/String	Unique Identifier (user ID)