Vendor Documentation
Classification
|
Rule Name |
Rule Type |
Common Event |
Classification |
|---|---|---|---|
|
Spanning Tree Protocol Messages |
Base Rule |
General STP Message |
Information |
|
ID 8000: Interface Shut Down BPDUs Detected |
Sub Rule |
Interface Turned Down |
Information |
|
ID 8001: BPDU Guard: Resetting Interface |
Sub Rule |
Connection Reset |
Network Traffic |
|
ID 8100: BPDU Loss On Port |
Sub Rule |
SPANTREE -6-PORT_STATE |
Information |
|
ID 8101: BPDU Resumed On Port |
Sub Rule |
SPANTREE -6-PORT_STATE |
Information |
|
ID 8102: STP Root Guard - Unblocked Port |
Sub Rule |
SPANTREE-2-ROOTGUARD_UNBLOCK |
Information |
|
ID 8103: STP Root Guard - Blocked Role Transition |
Sub Rule |
SPANTREE-2-ROOTGUARD_BLOCK |
Warning |
|
ID 8150: STP Root Guard - BPDU Received |
Sub Rule |
Spanning Tree Info Msg |
Information |
|
ID 8151: STP Root Guard - Stopped Receiving BPDU |
Sub Rule |
BPDU Not Received |
Information |
|
ID 8250: STP Enabled On Interface |
Sub Rule |
Enabled |
Information |
|
ID 8251: STP Disabled On Interface |
Sub Rule |
Protocol Disabled |
Information |
|
ID 8252: STP Edge Port Enabled |
Sub Rule |
Enabled |
Information |
|
ID 8253: STP Edge Port Disabled |
Sub Rule |
Switch Port Disabled |
Warning |
|
ID 8254: STP Instance State Changed |
Sub Rule |
General STP Message |
Information |
|
ID 8255: STP Instance Role Changed |
Sub Rule |
General STP Message |
Information |
|
ID 8256: Port Changed State |
Sub Rule |
SPANTREE -6-PORT_STATE |
Information |
Mapping with LogRhythm Schema
|
Device Key in Log Message |
LogRhythm Schema |
Data Type |
Schema Description |
|---|---|---|---|
|
date |
N/A |
N/A |
N/A |
|
time |
N/A |
N/A |
N/A |
|
devname |
<sname> |
Text/String |
The is the host name of the FortiSwitch unit. |
|
device_id |
N/A |
N/A |
This is the serial number of the FortiSwitch unit. |
|
log_id |
<vmid>
|
Number |
This is the identifier for this log type. |
|
type |
<object> |
Text/String |
N/A |
|
subtype |
<objecttype> |
Text/String |
N/A |
|
pri |
<severity> |
Text/String |
This is the log priority filtered by the severity. |
|
vd |
N/A |
N/A |
This is the virtual domain, which is always root on the FortiSwitch unit. |
|
user |
<login> |
Text/String |
N/A |
|
action |
<action> |
Text/String |
This is the action taken. |
|
unit |
N/A |
N/A |
N/A |
|
Host1ical-port |
N/A |
N/A |
N/A |
|
instanceid |
N/A |
N/A |
N/A |
|
event |
<session> |
Text/String |
N/A |
|
oldrole |
N/A |
N/A |
N/A |
|
newrole |
N/A |
N/A |
N/A |
|
status |
<status> |
Text/String |
N/A |
|
msg |
<subject> |
Text/String |
N/A |