Skip to main content
Skip table of contents

LSO : Syslog - Fortinet FortiGate (Mapping Doc)

This document explains the changes required to apply new Message Processing Engine (MPE) rules developed during the Log Source Optimization (LSO) project for the Syslog - Fortinet FortiGate log source type.

Vendor Documentation


  • Download and apply the Knowledge Base. For more information, see KB Synchronization Settings for LSO.

  • Enable the new MPE rules in the LogRhythm System Monitor.

    • Select log source type Syslog - Fortinet FortiGate.

    • Enable log processing policy LogRhythm Default v2.0.

For details on how to enable LogRhythm Default v2.0, see Apply LogRhythm Default v2.0 on a Log Source.

Supported Log Messages

The following table lists the log message types supported in the current MPE rules. Each page contains detailed information on parsing changes and new log processing settings.

Log Message Type

Event Type

Anomaly : Anomaly

General Traffic Other Alert

Catch All : Level 1

General Information

Catch All : Level 3

General Information

DNS : Messages

General DNS Information

Event : Compliance

General Policy Compliance Information

Event : Connector

Get Address Information

Event : Endpoint

Endpoint Profiling Activity

Event : HA

General HA Information

Event : Router

General Router Information

Event : Router : Gateway Logs

General Information

Event : SDWAN : SLA Information

General Network Traffic

Event : Security Rating

General Security Note

Event : Switch-Contoller

Switch Information

Event : System

General Event Log Information

Event : System : Attribute Configured : NTP Info

General NTP Message

Event : System : Failed Window AD Network Messages

Failed Network Denial Of Service

Event : System : VMID 32002 Admin Login Failed

Authentication Failure Activity

Event : User

General User Information

Event : VPN

General VPN Traffic Event

Event : Wad

SSL Information-Only Event

Event : Wireless

General Wireless Management Message

Traffic: Forward

Network Traffic

Traffic : Local

General Traffic Log

Traffic : Multicast

General IP Multicast Information

Traffic: Sniffer

General Network Traffic Log Message

UTM : App

General Application Control Message


General DLP Message


DNS Server Timed Out

UTM : Email Filter

General Email Filter IMAP

UTM : File Filter

General Information


General IPS/IDS Message


General SSL-VPN Debug

UTM : SSL Messages

General SSL/VPN Session Information

UTM : Virus

General Virus Filename Information

UTM : Voip

General VOIP Message

UTM : WebFilter

General WebFilter Event

Log Processing Policy Updates

This section details log processing policy updates made to AIE Rules, system reports, system investigations, system report templates, and system tails as part of LSO.

Updates to AIE Rules

  • No changes

Updates to System Reports

  • No changes

Updates to System Investigations

  • No changes

Updates to System Report Templates

  • No changes

Updates to System Tails

  • No changes

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.