Syslog - Fortinet FortiAuthenticator

Device Details

Vendor	Fortinet FortiAuthenticator
Device Type	Protected Network
Supported Model Name/Number	Fortinet Enterprise
Supported Software Version(s)	N/A
Collection Method	Syslog
Configurable Log Output?	N/A
Log Source Type	Syslog - Fortinet FortiAuthenticator
Log Processing Policy	LogRhythm Default
Exceptions	N/A
Additional Information	FortiAuthenticator 6.1.1 Administration Guide FortiAuthenticator 6.0.0 Administration Guide

Prerequisites

To access the Fortinet FortiAuthenticator Syslog, you will need one of the following web browsers:

Microsoft Internet Explorer 11 or higher
Mozilla Firefox
Apple Safari
Google Chrome

Device Configuration Checklist

For more detailed information on your FortiAuthenticator device, see the following resources:

Currently Supported Log Types

Type	Product Version	Supported Schema Fields
Admin Configuration Messages	All	<vmid>, <severity>, <login>, <sip>, <action>, <status>, <tag1>, <subject>, <reason>, <tag2>
Authentication Messages	All	<vmid>, <severity>, <login>, <sip>, <action>, <tag3>, <tag1>, <status>, <tag2>, <subject>, <reason>, <object>
System Messages	All	<vmid>, <severity>, <tag1>, <login>, <sip>, <action>, <tag2>, <status>, <subject>, <tag3>, <policy>
High Availability Messages	All	<vmid>, <severity>, <sip>, <action>, <status>, <subject>
User Portal Messages	All	<vmid>, <severity>, <sip>, <action>, <status>, <subject>
Web Service Messages	All	<vmid>, <severity>, <sip>, <action>, <status>, <tag1>, <subject>
Catch All	All	<severity>

Parsed Metadata Fields

Device Field Name	LogRhythm Metadata Field	Value/Data Type
Action	<action>	Text/String
Level	<severity>	Text/String
NAS / IP	<sip>	IP Address
N/A	<policy>	Text/String
N/A	<reason>	Text/String
N/A	<subject>	Text/String
Status	<status>	Text/String
Typeid	<vmid>	Numeric
User	<login>	Text/String