Device Details
|
Vendor |
Fortinet |
|---|---|
|
Device Type |
Network Security |
|
Supported Model Name/Number |
N/A |
|
Supported Software Version(s) |
N/A |
|
Collection Method |
Syslog |
|
Configurable Log Output? |
N/A |
|
Log Source Type |
Syslog – Fortinet FortiDDoS |
|
Log Processing Policy |
LogRhythm Default |
|
Exceptions |
N/A |
|
Additional Information |
Configuration guide: https://help.fortinet.com/fddos/4-3-0/FortiDDoS/Configuring_remote_log_server_settings_for_event_l.htm Description of fields: https://help.fortinet.com/fddos/4-7-0/fortiddos/Appendix_B-Remote-Syslog-Reference.htm |
Currently Supported Log Types
|
Type |
Product Version |
Supported Schema Fields
|
|---|---|---|
|
FortiDDoS Message |
N/A |
<threatname>, <vmid>, <subject>, <sip>, <dip>, <dport>, <amount>, <severity> |
|
Catch-all |
N/A |
<severity> |
Parsed Metadata Fields
|
Product Field Name |
LogRhythm Metadata Field |
Value/Data Type |
|---|---|---|
|
Description |
<subject> |
Text/String |
|
Dip |
<dip> |
Ip address |
|
Dport |
<dport> |
Numeric |
|
Dropcount |
<amount> |
Numeric |
|
Level |
<severity> |
Text/String |
|
Sip |
<sip> |
IP address |
|
Spp |
<vmid> |
Numeric |
|
Type |
<threatname> |
Text/String |