LSO FortiGate - Traffic: Forward
Vendor Documentation
Log Fields and Parsing
This section details the log fields available in this log message type, along with values parsed for both LogRhythm Default and LogRhythm Default v2.0 policies. A value of "N/A" (not applicable) means that there is no value parsed for a specified log field.
Log Field | LogRhythm Default | LogRhythm Default v2.0 |
|---|---|---|
date | N/A | N/A |
time | N/A | N/A |
devname | <subject> | N/A |
logid | <vmid> | <vmid> |
type | <parentprocessname> | <vendorinfo> |
subtype | <parentprocessid> | N/A |
level | <severity> | <severity> |
vd | N/A | <sessiontype> |
eventtime | N/A | N/A |
srcip | <sip> | <sip> |
srcport | <sport> | <sport> |
srcintf | <sinterface> | <sinterface> |
srcintfrole | N/A | N/A |
dstip | <dip> | <dip> |
dstname | <url> | N/A |
dstport | <dport> | <dport> |
dstintf | <dinterface> | <dinterface> |
dstinetsvc | <object> | N/A |
dstintfrole | N/A | N/A |
srcuuid | N/A | N/A |
dstuuid | N/A | N/A |
poluuid | N/A | N/A |
sessionid | <session> | <session> |
proto | <protnum> | <protnum> |
action | <action> | <action> |
policyid | <policy> | <policy> |
policytype | <process> | N/A |
service | N/A | <protname> |
user | <login> | <login> |
group | <group> | N/A |
dstcountry | N/A | N/A |
srccountry | N/A | N/A |
trandisp | N/A | N/A |
tranip | <dnatip> | N/A |
transip | <snatip> | <snatip> |
transport | N/A | <snatport> |
appid | <processid> | <object> |
app | <object> | <objectname> |
appcat | <objectname> | <objecttype> |
apprisk | <severity> | <threatname> |
applist | N/A | N/A |
appact | <status> | N/A |
url | N/A | N/A |
duration | <seconds> | <seconds> |
sentbyte | <bytesout> | <bytesout> |
rcvdbyte | <bytesin> | <bytesin> |
sentpkt | <packetsout> | <packetsout> |
rcvdpkt | <packetsin> | <packetsin> |
utmaction | <result> | <status> |
countapp | N/A | <quantity> |
osname | N/A | N/A |
mastersrcmac | N/A | N/A |
srcmac | N/A | <smac> |
srcserver | N/A | N/A |
utmref | N/A | N/A |
dstmac | <dmac> | N/A |
devtype | <objecttype> | N/A |
srcfamily | <sessiontype> | N/A |
unauthuser | <login> | N/A |
Log Processing Settings
This section details log processing changes from the LogRhythm Default policy to LogRhythm Default v2.0. In some cases, base rules are broken down into sub-rules to parse log message types by their event types appropriately.
LogRhythm Default
Regex ID | Rule Name | Rule Type | Common Event | Classification |
|---|---|---|---|---|
1010521 | Traffic: Forward | Base Rule | Network Traffic | Network Traffic |
Sniffer Traffic Accept | Sub Rule | Traffic Allowed by Network Firewall | Network Allow | |
Forwarded Traffic Blocked | Sub Rule | Traffic Denied by Network Firewall | Network Deny | |
Forwarded Traffic Timeout | Sub Rule | User Session Timeout | Information | |
Forwarded Traffic Close | Sub Rule | Connection Closed | Network Traffic | |
Forwarded Traffic Accept - Reset | Sub Rule | Connection Reset | Network Traffic | |
Local Traffic Denied | Sub Rule | Traffic Denied by Network Firewall | Network Deny | |
Forwarded Traffic Denied | Sub Rule | Traffic Denied by Network Firewall | Network Deny | |
Forward Traffic Deny | Sub Rule | Traffic Denied by Network Firewall | Network Deny | |
ICMP Traffic Allow | Sub Rule | Traffic Allowed by Network Firewall | Network Allow | |
Invalid Traffic | Sub Rule | Connection Failed | Network Traffic | |
Malware Activity Blocked | Sub Rule | Failed Botnet Activity | Failed Malware | |
Forwarded Traffic Allowed | Sub Rule | Traffic Allowed by Network Firewall | Network Allow | |
Forwarded Traffic Start | Sub Rule | Traffic Allowed by Network Firewall | Network Allow | |
Local Traffic Accepted | Sub Rule | Traffic Allowed by Network Firewall | Network Allow | |
Forwarded Traffic | Sub Rule | Traffic Allowed by Network Firewall | Network Allow | |
Forwarded Traffic Session Closed | Sub Rule | Connection Closed | Network Traffic | |
Forwarded Traffic Accept | Sub Rule | Traffic Allowed by Network Firewall | Network Allow | |
Local Traffic Accept | Sub Rule | Traffic Allowed by Network Firewall | Network Allow | |
Local Traffic Timeout | Sub Rule | Session Disconnected | Other Audit Success | |
Network/Traffic Allowed Messages | Sub Rule | Traffic Allowed by Network Firewall | Network Allow | |
LOG_ID_TRAFFIC_END_FORWARD | Sub Rule | IP Forwarding Events | Network Traffic | |
LOG_ID_TRAFFIC_START_FORWARD | Sub Rule | Session Connected | Network Traffic | |
LOG_ID_TRAFFIC_ALLOW | Sub Rule | TCP Traffic Allowed | Network Traffic | |
LOG_ID_TRAFFIC_DENY | Sub Rule | Traffic Denied by Network Firewall | Network Deny | |
LOG_ID_TRAFFIC_OTHER_START | Sub Rule | General Traffic Allowed | Network Traffic | |
LOG_ID_TRAFFIC_OTHER_ICMP_ALLOW | Sub Rule | Permitted ICMP Traffic | Network Traffic | |
LOG_ID_TRAFFIC_OTHER_ICMP_DENY | Sub Rule | Traffic Denied by Network Firewall | Network Deny | |
LOG_ID_TRAFFIC_WANOPT | Sub Rule | WAN Optimization Traffic | Network Traffic | |
LOG_ID_TRAFFIC_WEBCACHE | Sub Rule | Web Cache Traffic | Network Traffic | |
LOG_ID_TRAFFIC_EXPLICIT_PROXY | Sub Rule | Traffic Allowed by Proxy | Network Allow | |
LOG_ID_TRAFFIC_FAIL_CONN | Sub Rule | Connection Failed | Network Traffic | |
LOG_ID_TRAFFIC_STAT | Sub Rule | Statistics Collector Message | Information | |
LOG_ID_TRAFFIC_UTM_CORRELATION | Sub Rule | General Traffic Allowed | Network Traffic |
LogRhythm Default v2.0
Regex ID | Rule Name | Rule Type | Common Event | Classification |
|---|---|---|---|---|
1013233 | V 2.0 : Traffic : Forward | Base Rule | Network Traffic | Network Traffic |
V 2.0 : 20_Forward Traffic Allowed | Sub Rule | Traffic Allowed by Network Firewall | Network Allow | |
V 2.0 : LOG_ID_TRAFFIC_START_FORWARD | Sub Rule | Network Session Created | Network Traffic | |
V 2.0 : LOG_ID_TRAFFIC_ALLOW | Sub Rule | Traffic Allowed by Network Firewall | Network Allow | |
V 2.0 : LOG_ID_TRAFFIC_DENY | Sub Rule | Traffic Denied by Network Firewall | Network Deny | |
V 2.0 : LOG_ID_TRAFFIC_OTHER_START | Sub Rule | Network Session Created | Network Traffic | |
V 2.0 : LOG_ID_TRAFFIC_OTHER_ICMP_ALLOW | Sub Rule | Traffic Allowed by Network Firewall | Network Allow | |
V 2.0 : LOG_ID_TRAFFIC_OTHER_ICMP_DENY | Sub Rule | Traffic Denied by Network Firewall | Network Deny | |
V 2.0 : LOG_ID_TRAFFIC_WANOPT | Sub Rule | WAN Optimization Traffic | Network Traffic | |
V 2.0 : LOG_ID_TRAFFIC_WEBCACHE | Sub Rule | Web Cache Traffic | Network Traffic | |
V 2.0 : LOG_ID_TRAFFIC_EXPLICIT_PROXY | Sub Rule | Traffic Allowed by Proxy | Network Allow | |
V 2.0 : LOG_ID_TRAFFIC_STAT | Sub Rule | General Traffic Log | Network Traffic | |
V 2.0 : LOG_ID_TRAFFIC_UTM_CORRELATION | Sub Rule | General Traffic Log | Network Traffic | |
V 2.0 : 5_Traffic Session Denied | Sub Rule | Traffic Denied by Network Firewall | Network Deny | |
V 2.0 : 4_Traffic Session Denied | Sub Rule | Traffic Denied by Network Firewall | Network Deny | |
V 2.0 : LOG_ID_TRAFFIC_OTHER_INVALID | Sub Rule | Invalid Operation | Warning | |
V 2.0 : LOG_ID_TRAFFIC_FAIL_CONN | Sub Rule | Connection Failed | Network Traffic | |
V 2.0 : 4_Traffic Session Started | Sub Rule | Network Session Created | Network Traffic | |
V 2.0 : 4_Forward Traffic Allowed | Sub Rule | Traffic Allowed by Network Firewall | Network Allow | |
V 2.0 : 4_Traffic Session Timeout | Sub Rule | Session Timeout | Warning | |
V 2.0 : 20_Traffic Session Denied | Sub Rule | Traffic Denied by Network Firewall | Network Deny | |
V 2.0 : 20_Traffic Session Timeout | Sub Rule | Session Timeout | Warning | |
V 2.0 : 20_Traffic Session Started | Sub Rule | Network Session Created | Network Traffic | |
V 2.0 : 20_Local Traffic Session Allowed | Sub Rule | Traffic Allowed by Network Firewall | Network Allow | |
V 2.0 : 20_Traffic Blocked | Sub Rule | Traffic Denied by Network Firewall | Network Deny | |
V 2.0 : 20_Traffic Reset | Sub Rule | Connection Reset | Network Traffic | |
V 2.0 : 20_Traffic Allowed | Sub Rule | Traffic Allowed by Network Firewall | Network Allow | |
V 2.0 : 15_Traffic Session Denied | Sub Rule | Traffic Denied by Network Firewall | Network Deny | |
V 2.0 : 15_Traffic Session Timeout | Sub Rule | Session Timeout | Warning | |
V 2.0 : 15_Forward Traffic Allowed | Sub Rule | Traffic Allowed by Network Firewall | Network Allow | |
V 2.0 : 15_Traffic Session Started | Sub Rule | Network Session Created | Network Traffic | |
V 2.0 : 15_Local Traffic Session Allowed | Sub Rule | Traffic Allowed by Network Firewall | Network Allow | |
V 2.0 : 15_Traffic Blocked | Sub Rule | Traffic Denied by Network Firewall | Network Deny | |
V 2.0 : 15_Traffic Reset | Sub Rule | Connection Reset | Network Traffic | |
V 2.0 : 15_Traffic Allowed | Sub Rule | Traffic Allowed by Network Firewall | Network Allow | |
V 2.0 : 2_Traffic Session Denied | Sub Rule | Traffic Denied by Network Firewall | Network Deny | |
V 2.0 : 2_Traffic Session Timeout | Sub Rule | Session Timeout | Warning | |
V 2.0 : 2_Forward Traffic Allowed | Sub Rule | Traffic Allowed by Network Firewall | Network Allow | |
V 2.0 : 2_Traffic Session Started | Sub Rule | Network Session Created | Network Traffic | |
V 2.0 : 2_Local Traffic Session Allowed | Sub Rule | Traffic Allowed by Network Firewall | Network Allow | |
V 2.0 : 2_Traffic Blocked | Sub Rule | Traffic Denied by Network Firewall | Network Deny | |
V 2.0 : 2_Traffic Reset | Sub Rule | Connection Reset | Network Traffic | |
V 2.0 : 2_Traffic Allowed | Sub Rule | Traffic Allowed by Network Firewall | Network Allow | |
V 2.0 : 3_Traffic Session Denied | Sub Rule | Traffic Denied by Network Firewall | Network Deny | |
V 2.0 : 3_Traffic Session Timeout | Sub Rule | Session Timeout | Warning | |
V 2.0 : 3_Forward Traffic Allowed | Sub Rule | Traffic Allowed by Network Firewall | Network Allow | |
V 2.0 : 3_Traffic Session Started | Sub Rule | Network Session Created | Network Traffic | |
V 2.0 : 3_Local Traffic Session Allowed | Sub Rule | Traffic Allowed by Network Firewall | Network Allow | |
V 2.0 : 3_Traffic Blocked | Sub Rule | Traffic Denied by Network Firewall | Network Deny | |
V 2.0 : 3_Traffic Reset | Sub Rule | Connection Reset | Network Traffic | |
V 2.0 : 3_Traffic Allowed | Sub Rule | Traffic Allowed by Network Firewall | Network Allow | |
V 2.0 : 4_Local Traffic Session Allowed | Sub Rule | Traffic Allowed by Network Firewall | Network Allow | |
V 2.0 : 4_Traffic Blocked | Sub Rule | Traffic Denied by Network Firewall | Network Deny | |
V 2.0 : 4_Traffic Reset | Sub Rule | Connection Reset | Network Traffic | |
V 2.0 : 4_Traffic Allowed | Sub Rule | Traffic Allowed by Network Firewall | Network Allow | |
V 2.0 : 5_Traffic Session Timeout | Sub Rule | Session Timeout | Warning | |
V 2.0 : 5_Forward Traffic Allowed | Sub Rule | Traffic Allowed by Network Firewall | Network Allow | |
V 2.0 : 5_Traffic Session Started | Sub Rule | Network Session Created | Network Traffic | |
V 2.0 : 5_Local Traffic Session Allowed | Sub Rule | Traffic Allowed by Network Firewall | Network Allow | |
V 2.0 : 5_Traffic Blocked | Sub Rule | Traffic Denied by Network Firewall | Network Deny | |
V 2.0 : 5_Traffic Reset | Sub Rule | Connection Reset | Network Traffic | |
V 2.0 : 5_Traffic Allowed | Sub Rule | Traffic Allowed by Network Firewall | Network Allow | |
V 2.0 : 6_Traffic Session Denied | Sub Rule | Traffic Denied by Network Firewall | Network Deny | |
V 2.0 : 6_Traffic Session Timeout | Sub Rule | Session Timeout | Warning | |
V 2.0 : 6_Forward Traffic Allowed | Sub Rule | Traffic Allowed by Network Firewall | Network Allow | |
V 2.0 : 6_Traffic Session Started | Sub Rule | Network Session Created | Network Traffic | |
V 2.0 : 6_Local Traffic Session Allowed | Sub Rule | Traffic Allowed by Network Firewall | Network Allow | |
V 2.0 : 6_Traffic Blocked | Sub Rule | Traffic Denied by Network Firewall | Network Deny | |
V 2.0 : 6_Traffic Reset | Sub Rule | Connection Reset | Network Traffic | |
V 2.0 : 6_Traffic Allowed | Sub Rule | Traffic Allowed by Network Firewall | Network Allow | |
V 2.0 : 8_Traffic Session Denied | Sub Rule | Traffic Denied by Network Firewall | Network Deny | |
V 2.0 : 8_Traffic Session Timeout | Sub Rule | Session Timeout | Warning | |
V 2.0 : 8_Forward Traffic Allowed | Sub Rule | Traffic Allowed by Network Firewall | Network Allow | |
V 2.0 : 8_Traffic Session Started | Sub Rule | Network Session Created | Network Traffic | |
V 2.0 : 8_Local Traffic Session Allowed | Sub Rule | Traffic Allowed by Network Firewall | Network Allow | |
V 2.0 : 8_Traffic Blocked | Sub Rule | Traffic Denied by Network Firewall | Network Deny | |
V 2.0 : 8_Traffic Reset | Sub Rule | Connection Reset | Network Traffic | |
V 2.0 : 8_Traffic Allowed | Sub Rule | Traffic Allowed by Network Firewall | Network Allow | |
V 2.0 : 9_Traffic Session Denied | Sub Rule | Traffic Denied by Network Firewall | Network Deny | |
V 2.0 : 9_Traffic Session Timeout | Sub Rule | Session Timeout | Warning | |
V 2.0 : 9_Forward Traffic Allowed | Sub Rule | Traffic Allowed by Network Firewall | Network Allow | |
V 2.0 : 9_Traffic Session Started | Sub Rule | Network Session Created | Network Traffic | |
V 2.0 : 9_Local Traffic Session Allowed | Sub Rule | Traffic Allowed by Network Firewall | Network Allow | |
V 2.0 : 9_Traffic Blocked | Sub Rule | Traffic Denied by Network Firewall | Network Deny | |
V 2.0 : 9_Traffic Reset | Sub Rule | Connection Reset | Network Traffic | |
V 2.0 : 9_Traffic Allowed | Sub Rule | Traffic Allowed by Network Firewall | Network Allow | |
V 2.0 : 10_Traffic Session Denied | Sub Rule | Traffic Denied by Network Firewall | Network Deny | |
V 2.0 : 10_Traffic Session Timeout | Sub Rule | Session Timeout | Warning | |
V 2.0 : 10_Forward Traffic Allowed | Sub Rule | Traffic Allowed by Network Firewall | Network Allow | |
V 2.0 : 10_Traffic Session Started | Sub Rule | Network Session Created | Network Traffic | |
V 2.0 : 10_Local Traffic Session Allowed | Sub Rule | Traffic Allowed by Network Firewall | Network Allow | |
V 2.0 : 10_Traffic Blocked | Sub Rule | Traffic Denied by Network Firewall | Network Deny | |
V 2.0 : 10_Traffic Reset | Sub Rule | Connection Reset | Network Traffic | |
V 2.0 : 10_Traffic Allowed | Sub Rule | Traffic Allowed by Network Firewall | Network Allow | |
V 2.0 : 11_Traffic Session Denied | Sub Rule | Traffic Denied by Network Firewall | Network Deny | |
V 2.0 : 11_Traffic Session Timeout | Sub Rule | Session Timeout | Warning | |
V 2.0 : 11_Forward Traffic Allowed | Sub Rule | Traffic Allowed by Network Firewall | Network Allow | |
V 2.0 : 11_Traffic Session Started | Sub Rule | Network Session Created | Network Traffic | |
V 2.0 : 11_Local Traffic Session Allowed | Sub Rule | Traffic Allowed by Network Firewall | Network Allow | |
V 2.0 : 11_Traffic Blocked | Sub Rule | Traffic Denied by Network Firewall | Network Deny | |
V 2.0 : 11_Traffic Reset | Sub Rule | Connection Reset | Network Traffic | |
V 2.0 : 11_Traffic Allowed | Sub Rule | Traffic Allowed by Network Firewall | Network Allow | |
V 2.0 : 7_Traffic Session Denied | Sub Rule | Traffic Denied by Network Firewall | Network Deny | |
V 2.0 : 7_Traffic Session Timeout | Sub Rule | Session Timeout | Warning | |
V 2.0 : 7_Forward Traffic Allowed | Sub Rule | Traffic Allowed by Network Firewall | Network Allow | |
V 2.0 : 7_Traffic Session Started | Sub Rule | Network Session Created | Network Traffic | |
V 2.0 : 7_Local Traffic Session Allowed | Sub Rule | Traffic Allowed by Network Firewall | Network Allow | |
V 2.0 : 7_Traffic Blocked | Sub Rule | Traffic Denied by Network Firewall | Network Deny | |
V 2.0 : 7_Traffic Reset | Sub Rule | Connection Reset | Network Traffic | |
V 2.0 : 7_Traffic Allowed | Sub Rule | Traffic Allowed by Network Firewall | Network Allow | |
V 2.0 : 22_Traffic Session Denied | Sub Rule | Traffic Denied by Network Firewall | Network Deny | |
V 2.0 : 22_Traffic Session Timeout | Sub Rule | Session Timeout | Warning | |
V 2.0 : 22_Forward Traffic Allowed | Sub Rule | Traffic Allowed by Network Firewall | Network Allow | |
V 2.0 : 22_Traffic Session Started | Sub Rule | Network Session Created | Network Traffic | |
V 2.0 : 22_Local Traffic Session Allowed | Sub Rule | Traffic Allowed by Network Firewall | Network Allow | |
V 2.0 : 22_Traffic Blocked | Sub Rule | Traffic Denied by Network Firewall | Network Deny | |
V 2.0 : 22_Traffic Reset | Sub Rule | Connection Reset | Network Traffic | |
V 2.0 : 22_Traffic Allowed | Sub Rule | Traffic Allowed by Network Firewall | Network Allow |