LSO : Syslog - Fortinet FortiGate (Mapping Doc)
This document explains the changes required to apply new Message Processing Engine (MPE) rules developed during the Log Source Optimization (LSO) project for the Syslog - Fortinet FortiGate log source type.
Vendor Documentation
Prerequisites
Download and apply the Knowledge Base. For more information, see KB Synchronization Settings for LSO.
Enable the new MPE rules in the LogRhythm System Monitor.
Select log source type Syslog - Fortinet FortiGate.
Enable log processing policy LogRhythm Default v2.0.
For details on how to enable LogRhythm Default v2.0, see Apply LogRhythm Default v2.0 on a Log Source.
Supported Log Messages
The following table lists the log message types supported in the current MPE rules. Each page contains detailed information on parsing changes and new log processing settings.
Log Message Type | Event Type |
|---|---|
Anomaly : Anomaly | General Traffic Other Alert |
Catch All : Level 1 | General Information |
Catch All : Level 3 | General Information |
DNS : Messages | General DNS Information |
Event : Compliance | General Policy Compliance Information |
Event : Connector | Get Address Information |
Event : Endpoint | Endpoint Profiling Activity |
Event : HA | General HA Information |
Event : Router | General Router Information |
Event : Router : Gateway Logs | General Information |
Event : SDWAN : SLA Information | General Network Traffic |
Event : Security Rating | General Security Note |
Event : Switch-Contoller | Switch Information |
Event : System | General Event Log Information |
Event : System : Attribute Configured : NTP Info | General NTP Message |
Event : System : Failed Window AD Network Messages | Failed Network Denial Of Service |
Event : System : VMID 32002 Admin Login Failed | Authentication Failure Activity |
Event : User | General User Information |
Event : VPN | General VPN Traffic Event |
Event : Wad | SSL Information-Only Event |
Event : Wireless | General Wireless Management Message |
Traffic: Forward | Network Traffic |
Traffic : Local | General Traffic Log |
Traffic : Multicast | General IP Multicast Information |
Traffic: Sniffer | General Network Traffic Log Message |
UTM : App | General Application Control Message |
UTM : DLP | General DLP Message |
UTM : DNS | DNS Server Timed Out |
UTM : Email Filter | General Email Filter IMAP |
UTM : File Filter | General Information |
UTM : IPS | General IPS/IDS Message |
UTM : SSH | General SSL-VPN Debug |
UTM : SSL Messages | General SSL/VPN Session Information |
UTM : Virus | General Virus Filename Information |
UTM : Voip | General VOIP Message |
UTM : WebFilter | General WebFilter Event |
Log Processing Policy Updates
This section details log processing policy updates made to AIE Rules, system reports, system investigations, system report templates, and system tails as part of LSO.
Updates to AIE Rules
No changes
Updates to System Reports
No changes
Updates to System Investigations
No changes
Updates to System Report Templates
No changes
Updates to System Tails
No changes