Skip to main content
Skip table of contents

LSO FortiGate - Traffic: Forward (2)

Vendor Documentation

Log Fields and Parsing

This section details the log fields available in this log message type, along with values parsed for both LogRhythm Default and LogRhythm Default v2.0 policies. A value of "N/A" (not applicable) means that there is no value parsed for a specified log field.

Log Field

LogRhythm Default

LogRhythm Default v2.0

date

N/A

N/A

time

N/A

N/A

devname

<subject>

N/A

logid

<vmid>
<tag1>

<vmid>

type

<parentprocessname>

<vendorinfo>

subtype

<parentprocessid>

N/A

level

<severity>

<severity>

vd

N/A

N/A

eventtime

N/A

N/A

srcip

<sip>

<sip>

srcport

<sport>

<sport>

srcintf

<sinterface>

<sinterface>

srcintfrole

N/A

N/A

dstip

<dip>

<dip>

dstname

<url>

N/A

dstport

<dport>

<dport>

dstintf

<dinterface>

<dinterface>

dstinetsvc

<object>

N/A

dstintfrole

N/A

N/A

srcuuid

N/A

N/A

dstuuid

N/A

N/A

poluuid

N/A

N/A

sessionid

<session>

<session>

proto

<protnum>

<protnum>

action

<action>
<tag2>

<action>
<tag1>

policyid

<policy>

<policy>

policytype

<process>

N/A

service

N/A

<protname>

user

<login>

<login>
<domainorigin>

group

<group>

N/A

dstcountry

N/A

N/A

srccountry

N/A

N/A

trandisp

N/A

N/A

tranip

<dnatip>

N/A

transip

<snatip>

<snatip>

transport

N/A

<snatport>

appid

<processid>

<object>

app

<object>

<objectname>

appcat

<objectname>

<objecttype>

apprisk

<severity>

<threatname>

applist

N/A

N/A

appact

<status>

N/A

url

N/A

N/A

duration

<seconds>

<seconds>

sentbyte

<bytesout>

<bytesin>

rcvdbyte

<bytesin>

<bytesout>

sentpkt

<packetsout>

<packetsin>

rcvdpkt

<packetsin>

<packetsout>

utmaction

<result>
<tag3>

<status>
<tag2>

countapp

N/A

<quantity>

osname

N/A

N/A

mastersrcmac

N/A

N/A

srcmac

N/A

<smac>

srcserver

N/A

N/A

utmref

N/A

N/A

dstmac

<dmac>

<dmac>

devtype

<objecttype>

N/A

srcfamily

<sessiontype>

N/A

unauthuser

<login>

N/A

Log Processing Settings

This section details log processing changes made from the LogRhythm Default policy to LogRhythm Default v2.0. In some cases, base rules are broken down into sub-rules to appropriately parse log message types by their event types.

LogRhythm Default

Regex ID

Rule Name

Rule Type

Common Event

Classification

1010521

Traffic: Forward

Base Rule

Network Traffic

Network Traffic

Sniffer Traffic Accept

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

Forwarded Traffic Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

Forwarded Traffic Timeout

Sub Rule

User Session Timeout

Information

Forwarded Traffic Close

Sub Rule

Connection Closed

Network Traffic

Forwarded Traffic Accept - Reset

Sub Rule

Connection Reset

Network Traffic

Local Traffic Denied

Sub Rule

Traffic Denied by Network Firewall

Network Deny

Forwarded Traffic Denied

Sub Rule

Traffic Denied by Network Firewall

Network Deny

Forward Traffic Deny

Sub Rule

Traffic Denied by Network Firewall

Network Deny

ICMP Traffic Allow

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

Invalid Traffic

Sub Rule

Connection Failed

Network Traffic

Malware Activity Blocked

Sub Rule

Failed Botnet Activity

Failed Malware

Forwarded Traffic Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

Forwarded Traffic Start

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

Local Traffic Accepted

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

Forwarded Traffic

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

Forwarded Traffic Session Closed

Sub Rule

Connection Closed

Network Traffic

Forwarded Traffic Accept

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

Local Traffic Accept

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

Local Traffic Timeout

Sub Rule

Session Disconnected

Other Audit Success

Network/Traffic Allowed Messages

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

LOG_ID_TRAFFIC_END_FORWARD

Sub Rule

IP Forwarding Events

Network Traffic

LOG_ID_TRAFFIC_START_FORWARD

Sub Rule

Session Connected

Network Traffic

LOG_ID_TRAFFIC_ALLOW

Sub Rule

TCP Traffic Allowed

Network Traffic

LOG_ID_TRAFFIC_DENY

Sub Rule

Traffic Denied by Network Firewall

Network Deny

LOG_ID_TRAFFIC_OTHER_START

Sub Rule

General Traffic Allowed

Network Traffic

LOG_ID_TRAFFIC_OTHER_ICMP_ALLOW

Sub Rule

Permitted ICMP Traffic

Network Traffic

LOG_ID_TRAFFIC_OTHER_ICMP_DENY

Sub Rule

Traffic Denied by Network Firewall

Network Deny

LOG_ID_TRAFFIC_WANOPT

Sub Rule

WAN Optimization Traffic

Network Traffic

LOG_ID_TRAFFIC_WEBCACHE

Sub Rule

Web Cache Traffic

Network Traffic

LOG_ID_TRAFFIC_EXPLICIT_PROXY

Sub Rule

Traffic Allowed by Proxy

Network Allow

LOG_ID_TRAFFIC_FAIL_CONN

Sub Rule

Connection Failed

Network Traffic

LOG_ID_TRAFFIC_STAT

Sub Rule

Statistics Collector Message

Information

LOG_ID_TRAFFIC_UTM_CORRELATION

Sub Rule

General Traffic Allowed

Network Traffic

LogRhythm Default v2.0

Regex ID

Rule Name

Rule Type

Common Event

Classification

1013575

V 2.0 : Traffic : Forward : VMID13

Base Rule

Traffic Allowed by Network Firewall

Network Allow

V 2.0 : 13_Traffic Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

V 2.0 : 13_Traffic Session Timeout

Sub Rule

Session Timeout

Warning

V 2.0 : 13_Local Traffic Session Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

V 2.0 : 13_Traffic Session Started

Sub Rule

Network Session Created

Network Traffic

V 2.0 : 13_Traffic Session Denied

Sub Rule

Traffic Denied by Network Firewall

Network Deny

V 2.0 : 13_Traffic Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

V 2.0 : 13_Forward Traffic Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

V 2.0 : 13_Traffic Reset

Sub Rule

Connection Reset

Network Traffic

V 2.0 : 13_Forward Traffic Client-rst

Sub Rule

Connection Reset

Network Traffic

V 2.0 : 13_Forward Traffic Servert-rst

Sub Rule

Connection Reset

Network Traffic

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.