Vendor Documentation
Classification
|
Rule Name |
Rule Type |
Common Event |
Classification |
|---|---|---|---|
|
V 2.0 : Event : FortiExtender |
Base Rule |
General Firewall Event |
Information |
|
V 2.0 : LOG_ID_EVENT_EXT_SYS |
Sub Rule |
General System Information |
Information |
|
V 2.0 : LOG_ID_EVENT_EXT_LOCAL |
Sub Rule |
General System Information |
Information |
|
V 2.0 : LOG_ID_EVENT_EXT_LOCAL_ERROR |
Sub Rule |
General Error |
Error |
|
V 2.0 : LOG_ID_EVENT_EXT_REMOTE_EMERG |
Sub Rule |
General Emergency Condition |
Critical |
|
V 2.0 : LOG_ID_EVENT_EXT_REMOTE_ALERT |
Sub Rule |
General Alert |
Warning |
|
V 2.0 : LOG_ID_EVENT_EXT_REMOTE_ALERT |
Sub Rule |
General Critical |
Critical |
|
V 2.0 : LOG_ID_EVENT_EXT_REMOTE_ERROR |
Sub Rule |
General Error |
Error |
|
V 2.0 : LOG_ID_EVENT_EXT_REMOTE_WARNING |
Sub Rule |
General Warning |
Warning |
|
V 2.0 : LOG_ID_EVENT_EXT_REMOTE_NOTIF |
Sub Rule |
General Notice |
Information |
|
V 2.0 : LOG_ID_EVENT_EXT_REMOTE_INFO |
Sub Rule |
General Information |
Information |
|
V 2.0 : LOG_ID_EVENT_EXT_REMOTE_DEBUG |
Sub Rule |
General Debug Message |
Information |
Mapping with LogRhythm Schema
|
Device Key in Log Message |
LogRhythm Schema |
Data Type |
Schema Description |
|---|---|---|---|
|
date |
N/A |
N/A |
The date of the log entry. |
|
time |
N/A |
N/A |
The time of the log entry. |
|
logid |
<vmid> |
Number |
The unique identifier for the log entry. |
|
type |
<vendorinfo> |
Text/String |
The type of log event. |
|
subtype |
N/A |
N/A |
The subtype of the log event. |
|
level |
<severity> |
Text/String |
The severity level of the log event. |
|
vd |
<sessiontype> |
Text/String |
The virtual domain associated with the log event. |
|
eventtime |
N/A |
N/A |
The timestamp of the event. |
|
logdesc |
N/A |
N/A |
Description of the log event. |
|
action |
<action> |
Text/String |
The action performed in the log event. |
|
msg |
<subject> |
Text/String |
Additional message or details of the log event. |
|
sn |
<serialnumber> |
Text/String |
Serial number or identifier. |
|
ip |
<sip> |
IP Address |
IP address associated with the log event. |
|
imei |
N/A |
N/A |
Serial number or identifier. |
|
imsi |
N/A |
N/A |
IMEI number associated with the log event. |
|
iccid |
N/A |
N/A |
IMSI number associated with the log event. |
|
phonenumber |
N/A |
N/A |
ICCID associated with the log event. |
|
carrier |
N/A |
N/A |
Phone number associated with the log event. |
|
plan |
N/A |
N/A |
The mobile carrier associated with the log event. |
|
apn |
N/A |
N/A |
The plan associated with the log event. |
|
service |
<parentprocessname> |
Text/String |
Access Point Name associated with the log event. |
|
reason |
<reason> |
Text/String |
The type of cellular service associated with the log event. |
|
sinr |
N/A |
N/A |
Reason for the SIM switch failure. |
|
rsrp |
N/A |
N/A |
Signal-to-Interference-plus-Noise Ratio measurement. |
|
rsrq |
N/A |
N/A |
Reference Signal Received Power measurement. |
|
signalstrength |
N/A |
N/A |
Signal Strength measurement. |
|
rssi |
N/A |
N/A |
Reference Signal Received Quality measurement. |
|
temperature |
N/A |
N/A |
Temperature measurement. |
|
rcvdbyte |
<bytesin> |
Number |
Number of bytes received. |
|
sentbyte |
<bytesout> |
Number |
Number of bytes sent. |
|
rx_diff |
N/A |
N/A |
Difference in received bytes. |
|
tx_diff |
N/A |
N/A |
Difference in sent bytes. |