Fortinet FortiNAC: Fortinet FortiNAC Events 2

https://docs.fortinet.com/document/fortinac-f/7.2.0/administration-guide/499308/log-events-to-an-external-log-host

https://docs.fortinet.com/document/fortinac-f/7.2.0/administration-guide/338223/examples-of-syslog-messages

Fortinet FortiNAC Events 2

Base Rule

General Information Log Message

Information

MDM Host Compliance Failed

Sub Rule

Compliance Failure

Error

Authenticated User

Sub Rule

Authenticating User

Information

Host At Risk

Sub Rule

General Host Warning

Warning

Host Identity Fingerprint Changed

Sub Rule

General Host Information

Information

Lost Contact With Persistent Agent

Sub Rule

Cannot Contact Target Host

Warning

MDM Host Destroyed

Sub Rule

General Host Warning

Warning

Persistent Agent Communication Resumed

Sub Rule

General Information Log Message

Information

Persistent Agent Not Communicating

Sub Rule

General Information Log Message

Information

Regained Contact With Persistent Agent

Sub Rule

General Information Log Message

Information

Header

N/A

N/A

Syslog category: This is the defined facility and the severity
Default Facility = 4 Security message
Severity = 5 Notice
Note: This can value optional and it can be Syslog header

Syslog Time

N/A

N/A

Time of the syslog generation.

Log Time

N/A

N/A

Log time.

Log Type

<vmid>

Number

Log type:
1 Event
2 Alarm
3 Security Alarm

ID

<object>

Number

Database ID, AlarmID or ElementID

Event Name

<vendorinfo>
<tag1>

Text/String

Name of the event that generated the syslog message.

Severity

<severity>

Number

Severity:
0 Normal
1 Minor
2 Major
3 Critical

Entity ID

N/A

N/A

Entity ID

user ID

<account>

Text/String

Unique Identifier (user ID)

Entity Name

N/A

N/A

Entity Name

Entity IP address

<dip>

IP Address

Entity IP address

Entity physical address

<dmac>

Text/String

Entity physical address

Log Message

<dname>
<subject>

Text/String

Log Message