Link Log Messages
Vendor Documentation
Classification
Rule Name | Rule Type | Common Event | Classification |
|---|---|---|---|
Link Log Messages | Base Rule | Link Status | Information |
ID 1000: Physical Port Changed | Sub Rule | Port Connection Information | Information |
ID 1001: Physical Port Active | Sub Rule | Port Is Online | Information |
ID 1002: Physical Port Inactive | Sub Rule | Port Is Offline | Information |
ID 1003: Trunk Failed To Add Port | Sub Rule | Trunk Port Information | Information |
ID 1004: Trunk Failed To Remove Port | Sub Rule | Trunk Port Information | Information |
ID 1050: DMI Port Changed | Sub Rule | Port Connection Information | Information |
ID 1057: DMI Port Changed | Sub Rule | Port Connection Information | Information |
ID 1200: Trunk Status | Sub Rule | Trunk Port Information | Information |
ID 1250: Loopback Error | Sub Rule | Loopback Error | Error |
ID 1251: Entering LACP Fallback Mode | Sub Rule | General LACP Message | Information |
ID 1252: Exiting LACP Fallback Mode | Sub Rule | General LACP Message | Information |
ID 1300: ICL ACL Change | Sub Rule | General ACL Message | Information |
ID 1301: MCLAG Peer Lost | Sub Rule | Peer May Be Down | Other Operations |
ID 1302: MCLAG Peer Model Mismatch | Sub Rule | Configuration Mismatch | Error |
ID 1303: MCLAG Peer Model Mismatch Fixed | Sub Rule | Application Peering Protocol Information | Information |
ID 1304: MCLAG Peer Software Mismatch | Sub Rule | Software Version Mismatch | Error |
ID 1305: MCLAG Peer Software Mismatch Fixed | Sub Rule | Application Peering Protocol Information | Information |
ID 1306: One MCLAG Peer Link Up | Sub Rule | Network Link Status Is Up | Information |
ID 1307: All MCLAG Peer Link Down | Sub Rule | Network Link Status Is Down | Error |
ID 1308: MCLAG Peer Misconfigured | Sub Rule | Network Misconfiguration Detected On Port | Warning |
ID 1309: MCLAG Peer Misconfigured Fixed | Sub Rule | Application Peering Protocol Information | Information |
ID 1310: MCLAG Misconfigured | Sub Rule | Network Misconfiguration Detected On Port | Warning |
ID 1311: Unsynchronized MAC In MCLAG | Sub Rule | Synchronization Information Mismatch | Error |
ID 1312: ACL Failure | Sub Rule | ACL Set Failure | Error |
ID 1313: MCLAG Peer Joined | Sub Rule | Application Peering Protocol Information | Information |
ID 1314: Split-brain State Detected | Sub Rule | General State Information | Information |
ID 1315: VLAN Configuration Failure | Sub Rule | VLAN Configuration Failed | Error |
ID 1316: Peer Switch Reboot | Sub Rule | Reboot The Switch | Critical |
ID 1400: Switch Port Up | Sub Rule | Ethernet Port Up | Information |
ID 1401: Switch Port Down | Sub Rule | Ethernet Port Down | Warning |
ID 1450: Switch Interface Link Changed | Sub Rule | Network Interface Changed State | Information |
Mapping with LogRhythm Schema
Device Key in Log Message | LogRhythm Schema | Data Type | Schema Description |
|---|---|---|---|
date | N/A | N/A | N/A |
time | N/A | N/A | N/A |
devname | <sname> | Text/String | The is the host name of the FortiSwitch unit. |
device_id | N/A | N/A | This is the serial number of the FortiSwitch unit. |
log_id | <vmid> | Number | This is the identifier for this log type. |
type | <object> | Text/String | N/A |
subtype | <objecttype> | Text/String | N/A |
pri | <severity> | Text/String | This is the log priority filtered by the severity. |
vd | N/A | N/A | This is the virtual domain, which is always root on the FortiSwitch unit. |
action | <action> | Text/String | This is the action taken. |
user | <login> | Text/String | N/A |
unit | N/A | N/A | N/A |
Host1ical-port | N/A | N/A | N/A |
status | <status> | Text/String | N/A |
msg | <subject> | Text/String | N/A |