Syslog Fortinet FortiGate - V 2.0 : Event : FortiExtender
Vendor Documentation
Classification
Rule Name | Rule Type | Common Event | Classification |
|---|---|---|---|
V 2.0 : Event : FortiExtender | Base Rule | General Firewall Event | Information |
V 2.0 : LOG_ID_EVENT_EXT_SYS | Sub Rule | General System Information | Information |
V 2.0 : LOG_ID_EVENT_EXT_LOCAL | Sub Rule | General System Information | Information |
V 2.0 : LOG_ID_EVENT_EXT_LOCAL_ERROR | Sub Rule | General Error | Error |
V 2.0 : LOG_ID_EVENT_EXT_REMOTE_EMERG | Sub Rule | General Emergency Condition | Critical |
V 2.0 : LOG_ID_EVENT_EXT_REMOTE_ALERT | Sub Rule | General Alert | Warning |
V 2.0 : LOG_ID_EVENT_EXT_REMOTE_ALERT | Sub Rule | General Critical | Critical |
V 2.0 : LOG_ID_EVENT_EXT_REMOTE_ERROR | Sub Rule | General Error | Error |
V 2.0 : LOG_ID_EVENT_EXT_REMOTE_WARNING | Sub Rule | General Warning | Warning |
V 2.0 : LOG_ID_EVENT_EXT_REMOTE_NOTIF | Sub Rule | General Notice | Information |
V 2.0 : LOG_ID_EVENT_EXT_REMOTE_INFO | Sub Rule | General Information | Information |
V 2.0 : LOG_ID_EVENT_EXT_REMOTE_DEBUG | Sub Rule | General Debug Message | Information |
Mapping with LogRhythm Schema
Device Key in Log Message | LogRhythm Schema | Data Type | Schema Description |
|---|---|---|---|
date | N/A | N/A | The date of the log entry. |
time | N/A | N/A | The time of the log entry. |
logid | <vmid> | Number | The unique identifier for the log entry. |
type | <vendorinfo> | Text/String | The type of log event. |
subtype | N/A | N/A | The subtype of the log event. |
level | <severity> | Text/String | The severity level of the log event. |
vd | <sessiontype> | Text/String | The virtual domain associated with the log event. |
eventtime | N/A | N/A | The timestamp of the event. |
logdesc | N/A | N/A | Description of the log event. |
action | <action> | Text/String | The action performed in the log event. |
msg | <subject> | Text/String | Additional message or details of the log event. |
sn | <serialnumber> | Text/String | Serial number or identifier. |
ip | <sip> | IP Address | IP address associated with the log event. |
imei | N/A | N/A | Serial number or identifier. |
imsi | N/A | N/A | IMEI number associated with the log event. |
iccid | N/A | N/A | IMSI number associated with the log event. |
phonenumber | N/A | N/A | ICCID associated with the log event. |
carrier | N/A | N/A | Phone number associated with the log event. |
plan | N/A | N/A | The mobile carrier associated with the log event. |
apn | N/A | N/A | The plan associated with the log event. |
service | <protname> | Text/String | Access Point Name associated with the log event. |
reason | <reason> | Text/String | The type of cellular service associated with the log event. |
sinr | N/A | N/A | Reason for the SIM switch failure. |
rsrp | N/A | N/A | Signal-to-Interference-plus-Noise Ratio measurement. |
rsrq | N/A | N/A | Reference Signal Received Power measurement. |
signalstrength | N/A | N/A | Signal Strength measurement. |
rssi | N/A | N/A | Reference Signal Received Quality measurement. |
temperature | N/A | N/A | Temperature measurement. |
rcvdbyte | <bytesin> | Number | Number of bytes received. |
sentbyte | <bytesout> | Number | Number of bytes sent. |
rx_diff | N/A | N/A | Difference in received bytes. |
tx_diff | N/A | N/A | Difference in sent bytes. |