Syslog Fortinet FortiGate - V 2.0 : Event : SDWAN
Vendor Documentation
Classification
Rule Name | Rule Type | Common Event | Classification |
|---|---|---|---|
V 2.0 : Event : SDWAN | Base Rule | General Firewall Event | Information |
V 2.0 : WAN Status | Sub Rule | WAN Module Info Msg | Information |
V 2.0 : WAN Volume Status | Sub Rule | WAN Module Info Msg | Information |
V 2.0 : WAN SLA Info | Sub Rule | WAN Module Info Msg | Information |
V 2.0 : WAN Neighbor Status | Sub Rule | WAN Module Info Msg | Information |
V 2.0 : WAN Neighbor Standalone | Sub Rule | WAN Module Info Msg | Information |
V 2.0 : WAN Neighbor Primary | Sub Rule | WAN Module Info Msg | Information |
V 2.0 : WAN Neighbor Secondary | Sub Rule | General Warning | Warning |
V 2.0 : WAN Neighbor Status Warn | Sub Rule | General Warning | Warning |
V 2.0 : WAN Neighbor SLA Info Warn | Sub Rule | General Warning | Warning |
Mapping with LogRhythm Schema
Device Key in Log Message | LogRhythm Schema | Data Type | Schema Description |
|---|---|---|---|
date | N/A | N/A | The date of the event. |
time | N/A | N/A | The time of the event. |
logid | <vmid> | Number | A unique identifier for the log event. |
type | <vendorinfo> | Text/String | The type of log event. In this case, it is an event. |
subtype | N/A | N/A | The subtype of the log event. In this case, it is an sdwan event. |
level | <severity> | Text/String | The severity level of the log event. In this case, it is a notice. |
vd | <sessiontype> | Text/String | The vdom in which the log event occurred. |
eventtime | N/A | N/A | The time at which the log event occurred. |
tz | N/A | N/A | The time zone of the log event. |
logdesc | N/A | N/A | The description of the log event. |
eventtype | <objecttype> | Text/String | The type of event. In this case, it is a health check event. |
healthcheck | <object> | Text/String | The health check that was performed. |
slatargetid | N/A | N/A | The SLA target ID. |
oldvalue | N/A | N/A | The old value of the metric. |
newvalue | N/A | N/A | The new value of the metric. |
msg | <subject> | Text/String | The message associated with the log event. |
interface | <dinterface> | Text/String | The interface that was monitored. |
status | <status> | Text/String | The status of the interface. |
latency | N/A | N/A | The latency of the interface. |
jitter | N/A | N/A | The jitter of the interface. |
packetloss | N/A | N/A | The packet loss of the interface. |
inbandwidth | N/A | N/A | The inbound bandwidth of the interface. |
outbandwidth | N/A | N/A | The outbound bandwidth of the interface. |
bibandwidth | N/A | N/A | The bidirectional bandwidth of the interface. |
slamap | N/A | N/A | The SLA map value. |
metric | N/A | N/A | The metric that triggered the SLA failure. |