Syslog Fortinet FortiGate - V 2.0 : Event : Rest-Api
Vendor Documentation
Classification
Rule Name | Rule Type | Common Event | Classification |
|---|---|---|---|
V 2.0 : Event : Rest-Api | Base Rule | General Firewall Event | Information |
V 2.0 : LOG_ID_EVENT_REST_API_OK | Sub Rule | Request Received | Information |
V 2.0 : LOG_ID_EVENT_REST_API_ERR | Sub Rule | Request Rejected | Error |
Mapping with LogRhythm Schema
Device Key in Log Message | LogRhythm Schema | Data Type | Schema Description |
|---|---|---|---|
date | N/A | N/A | The date of the log event. |
time | N/A | N/A | The time of the log event. |
eventtime | N/A | N/A | The time at which the log event occurred. |
tz | N/A | N/A | The time zone of the log event. |
logid | <vmid> | Number | A unique identifier for the log event. |
type | <vendorinfo> | Text/String | The type of log event. In this case, it is an event. |
subtype | N/A | N/A | The subtype of the log event. In this case, it is a REST API event. |
level | <severity> | Text/String | The severity level of the log event. In this case, it is an information. |
vd | <sessiontype> | Text/String | The vdom in which the log event occurred. |
logdesc | N/A | N/A | The description of the log event. |
user | <login> | Text/String | The user who made the REST API request. |
ui | <sinterface> | Text/String | The user interface that was used to make the REST API request. |
method | <command> | Text/String | The HTTP method that was used to make the REST API request. |
path | N/A | N/A | The path of the REST API endpoint that was called. |
status | <status> | Number | The status code of the REST API response. |
url | <url> | Text/String | The URL of the REST API request. |