Fortinet FortiNAC: Fortinet FortiNAC Events 2

Vendor Documentation

Rule Name	Rule Type	Common Event	Classification
Fortinet FortiNAC Events 2	Base Rule	General Information Log Message	Information
MDM Host Compliance Failed	Sub Rule	Compliance Failure	Error
Authenticated User	Sub Rule	Authenticating User	Information
Host At Risk	Sub Rule	General Host Warning	Warning
Host Identity Fingerprint Changed	Sub Rule	General Host Information	Information
Lost Contact With Persistent Agent	Sub Rule	Cannot Contact Target Host	Warning
MDM Host Destroyed	Sub Rule	General Host Warning	Warning
Persistent Agent Communication Resumed	Sub Rule	General Information Log Message	Information
Persistent Agent Not Communicating	Sub Rule	General Information Log Message	Information
Regained Contact With Persistent Agent	Sub Rule	General Information Log Message	Information

Device Key in Log Message	LogRhthm Schema	Data Type	Schema Description
Header	N/A	N/A	Syslog category: This is the defined facility and the severity Default Facility = 4 Security message Severity = 5 Notice Note: This can value optional and it can be Syslog header
Syslog Time	N/A	N/A	Time of the syslog generation.
Log Time	N/A	N/A	Log time.
Log Type	<vmid>	Number	Log type: 1 Event 2 Alarm 3 Security Alarm
ID	<object>	Number	Database ID, AlarmID or ElementID
Event Name	<vendorinfo> <tag1>	Text/String	Name of the event that generated the syslog message.
Severity	<severity>	Number	Severity: 0 Normal 1 Minor 2 Major 3 Critical
Entity ID	N/A	N/A	Entity ID
user ID	<account>	Text/String	Unique Identifier (user ID)
Entity Name	N/A	N/A	Entity Name
Entity IP address	<dip>	IP Address	Entity IP address
Entity physical address	<dmac>	Text/String	Entity physical address
Log Message	<dname> <subject>	Text/String	Log Message