Vendor Documentation
Classification
|
Rule Name |
Rule Type |
Common Event |
Classification |
|---|---|---|---|
|
Link Log Messages |
Base Rule |
Link Status |
Information |
|
ID 1000: Physical Port Changed |
Sub Rule |
Port Connection Information |
Information |
|
ID 1001: Physical Port Active |
Sub Rule |
Port Is Online |
Information |
|
ID 1002: Physical Port Inactive |
Sub Rule |
Port Is Offline |
Information |
|
ID 1003: Trunk Failed To Add Port |
Sub Rule |
Trunk Port Information |
Information |
|
ID 1004: Trunk Failed To Remove Port |
Sub Rule |
Trunk Port Information |
Information |
|
ID 1050: DMI Port Changed |
Sub Rule |
Port Connection Information |
Information |
|
ID 1057: DMI Port Changed |
Sub Rule |
Port Connection Information |
Information |
|
ID 1200: Trunk Status |
Sub Rule |
Trunk Port Information |
Information |
|
ID 1250: Loopback Error |
Sub Rule |
Loopback Error |
Error |
|
ID 1251: Entering LACP Fallback Mode |
Sub Rule |
General LACP Message |
Information |
|
ID 1252: Exiting LACP Fallback Mode |
Sub Rule |
General LACP Message |
Information |
|
ID 1300: ICL ACL Change |
Sub Rule |
General ACL Message |
Information |
|
ID 1301: MCLAG Peer Lost |
Sub Rule |
Peer May Be Down |
Other Operations |
|
ID 1302: MCLAG Peer Model Mismatch |
Sub Rule |
Configuration Mismatch |
Error |
|
ID 1303: MCLAG Peer Model Mismatch Fixed |
Sub Rule |
Application Peering Protocol Information |
Information |
|
ID 1304: MCLAG Peer Software Mismatch |
Sub Rule |
Software Version Mismatch |
Error |
|
ID 1305: MCLAG Peer Software Mismatch Fixed |
Sub Rule |
Application Peering Protocol Information |
Information |
|
ID 1306: One MCLAG Peer Link Up |
Sub Rule |
Network Link Status Is Up |
Information |
|
ID 1307: All MCLAG Peer Link Down |
Sub Rule |
Network Link Status Is Down |
Error |
|
ID 1308: MCLAG Peer Misconfigured |
Sub Rule |
Network Misconfiguration Detected On Port |
Warning |
|
ID 1309: MCLAG Peer Misconfigured Fixed |
Sub Rule |
Application Peering Protocol Information |
Information |
|
ID 1310: MCLAG Misconfigured |
Sub Rule |
Network Misconfiguration Detected On Port |
Warning |
|
ID 1311: Unsynchronized MAC In MCLAG |
Sub Rule |
Synchronization Information Mismatch |
Error |
|
ID 1312: ACL Failure |
Sub Rule |
ACL Set Failure |
Error |
|
ID 1313: MCLAG Peer Joined |
Sub Rule |
Application Peering Protocol Information |
Information |
|
ID 1314: Split-brain State Detected |
Sub Rule |
General State Information |
Information |
|
ID 1315: VLAN Configuration Failure |
Sub Rule |
VLAN Configuration Failed |
Error |
|
ID 1316: Peer Switch Reboot |
Sub Rule |
Reboot The Switch |
Critical |
|
ID 1400: Switch Port Up |
Sub Rule |
Ethernet Port Up |
Information |
|
ID 1401: Switch Port Down |
Sub Rule |
Ethernet Port Down |
Warning |
|
ID 1450: Switch Interface Link Changed |
Sub Rule |
Network Interface Changed State |
Information |
Mapping with LogRhythm Schema
|
Device Key in Log Message |
LogRhythm Schema |
Data Type |
Schema Description |
|---|---|---|---|
|
date |
N/A |
N/A |
N/A |
|
time |
N/A |
N/A |
N/A |
|
devname |
<sname> |
Text/String |
The is the host name of the FortiSwitch unit. |
|
device_id |
N/A |
N/A |
This is the serial number of the FortiSwitch unit. |
|
log_id |
<vmid>
|
Number |
This is the identifier for this log type. |
|
type |
<object> |
Text/String |
N/A |
|
subtype |
<objecttype> |
Text/String |
N/A |
|
pri |
<severity> |
Text/String |
This is the log priority filtered by the severity. |
|
vd |
N/A |
N/A |
This is the virtual domain, which is always root on the FortiSwitch unit. |
|
action |
<action> |
Text/String |
This is the action taken. |
|
user |
<login> |
Text/String |
N/A |
|
unit |
N/A |
N/A |
N/A |
|
Host1ical-port |
N/A |
N/A |
N/A |
|
status |
<status> |
Text/String |
N/A |
|
msg |
<subject> |
Text/String |
N/A |