Skip to main content
Skip table of contents

LSO : Syslog - Fortinet FortiAnalyzer (Mapping Doc)

This document explains the changes required to apply new Message Processing Engine (MPE) rules developed during the Log Source Optimization (LSO) project for the Syslog - Fortinet FortiAnalyzer log source type.

Vendor Documentation


  • Download and apply the Knowledge Base. For more information, see KB Synchronization Settings for LSO.

  • Enable the new MPE rules in the LogRhythm System Monitor.

    • Select log source type Syslog - Fortinet FortiAnalyzer.

    • Enable log processing policy LogRhythm Default v2.0.

For details on how to enable LogRhythm Default v2.0, see Apply LogRhythm Default v2.0 on a Log Source.

Support for Fortinet FortiGate Events

Log Source Stabilization (LSS) does not support Fortinet Fortigate Events with the updated MPE rules and log processing policy (LogRhythm Default v2.0). Fortinet Fortigate Events are supported separately with Syslog - Fortinet FortiGate. If you are using Fortinet Fortigate and streaming Fortinet FortiGate logs through Fortinet FortiAnalyzer log source types, we recommend using log source virtualization to stream Syslog - Fortinet FortiGate.

For more information, see Log Source Virtualization.

Supported Log Messages

The following table lists the log message types supported in the current MPE rules. Each page contains detailed information on parsing changes and new log processing settings.

Log Message Type

Event Type

Anomaly : Anomaly

General Traffic Other Alert

Attack : Webattack Messages

General Alert

Attack Message

General Attack Activity

Catch All

General Information

Catch All : Level 3

General Information

CFG : Object Change Messages

Object Operation

DNS : Messages

General DNS Information

Event : Compliance

General Policy Compliance Information

Event : Connector

Get Address Information

Event : DVM

General DVMRP Warning

Event : Endpoint

General Endpoint Message

Event : General Information

General Information

Event : HA

General HA Information

Event : Link

Link Status

Event : LogDB

Database Query

Event : LogDev

Logs Per Day Info Message

Event : LogFile

Size Of HTTP Logfile Exceeds Maximum Limit

Event : Logging

VACL Logging Alert

Event : Router

General Router Information

Event : Security Rating

General Security Note

Event : SMTP

CyberCop Scanner SMTP

Event : Spanning Tree

Spanning Tree Info Msg

Event : System

General Event Log Information

Event : User

General User Information

Event : VPN

General VPN Traffic Event

Event : Wad

SSL Information-Only Event

Event : Wireless

General Wireless Management Message

General Process Messages

General Message Information

KEvent : Update

System Events

Spam : Default

Matched Default Rule


Log Statistics

Traffic : Forward

Network Traffic

Traffic : Https/Http Mesages

General HTTP Information

Traffic : Local

General Traffic Log

Traffic : Multicast

General IP Multicast Information

Traffic : Sniffer

General Network Traffic Log Message

Traffic : System

Traffic Information

Traffic Messages

Traffic Information

Traffic/UTM Messages

General Traffic Log

UTM : App

General Application Control Message


General DLP Message


General IPS/IDS Message

UTM : Virus

General Virus Filename Information

UTM : Voip

General VOIP Message


Traffic Allowed by WAF

UTM : WebFilter

General WebFilter Event

Virus : Fortisandbox

Possible Virus Activity

Virus : Infected

General Virus Infected Alert

Virus : Malware - Outbreak

Detected Malware Activity

Log Processing Policy Updates

This section details log processing policy updates made to AIE Rules, system reports, system investigations, system report templates, and system tails as part of LSO.

Updates to AIE Rules

  • No changes

Updates to System Reports

  • No changes

Updates to System Investigations

  • No changes

Updates to System Report Templates

  • No changes

Updates to System Tails

  • No changes

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.