Spanning Tree Protocol Messages
Vendor Documentation
Classification
Rule Name | Rule Type | Common Event | Classification |
|---|---|---|---|
Spanning Tree Protocol Messages | Base Rule | General STP Message | Information |
ID 8000: Interface Shut Down BPDUs Detected | Sub Rule | Interface Turned Down | Information |
ID 8001: BPDU Guard: Resetting Interface | Sub Rule | Connection Reset | Network Traffic |
ID 8100: BPDU Loss On Port | Sub Rule | SPANTREE -6-PORT_STATE | Information |
ID 8101: BPDU Resumed On Port | Sub Rule | SPANTREE -6-PORT_STATE | Information |
ID 8102: STP Root Guard - Unblocked Port | Sub Rule | SPANTREE-2-ROOTGUARD_UNBLOCK | Information |
ID 8103: STP Root Guard - Blocked Role Transition | Sub Rule | SPANTREE-2-ROOTGUARD_BLOCK | Warning |
ID 8150: STP Root Guard - BPDU Received | Sub Rule | Spanning Tree Info Msg | Information |
ID 8151: STP Root Guard - Stopped Receiving BPDU | Sub Rule | BPDU Not Received | Information |
ID 8250: STP Enabled On Interface | Sub Rule | Enabled | Information |
ID 8251: STP Disabled On Interface | Sub Rule | Protocol Disabled | Information |
ID 8252: STP Edge Port Enabled | Sub Rule | Enabled | Information |
ID 8253: STP Edge Port Disabled | Sub Rule | Switch Port Disabled | Warning |
ID 8254: STP Instance State Changed | Sub Rule | General STP Message | Information |
ID 8255: STP Instance Role Changed | Sub Rule | General STP Message | Information |
ID 8256: Port Changed State | Sub Rule | SPANTREE -6-PORT_STATE | Information |
Mapping with LogRhythm Schema
Device Key in Log Message | LogRhythm Schema | Data Type | Schema Description |
|---|---|---|---|
date | N/A | N/A | N/A |
time | N/A | N/A | N/A |
devname | <sname> | Text/String | The is the host name of the FortiSwitch unit. |
device_id | N/A | N/A | This is the serial number of the FortiSwitch unit. |
log_id | <vmid> | Number | This is the identifier for this log type. |
type | <object> | Text/String | N/A |
subtype | <objecttype> | Text/String | N/A |
pri | <severity> | Text/String | This is the log priority filtered by the severity. |
vd | N/A | N/A | This is the virtual domain, which is always root on the FortiSwitch unit. |
user | <login> | Text/String | N/A |
action | <action> | Text/String | This is the action taken. |
unit | N/A | N/A | N/A |
Host1ical-port | N/A | N/A | N/A |
instanceid | N/A | N/A | N/A |
event | <session> | Text/String | N/A |
oldrole | N/A | N/A | N/A |
newrole | N/A | N/A | N/A |
status | <status> | Text/String | N/A |
msg | <subject> | Text/String | N/A |