Syslog Fortinet FortiGate - V 2.0 : Event : Switch-Controller
Vendor Documentation
Classification
Rule Name | Rule Type | Common Event | Classification |
|---|---|---|---|
V 2.0 : Event : Switch-Controller | Base Rule | General Firewall Event | Information |
V 2.0 : LOG_ID_FGT_SWITCH_LOG_DISCOVER | Sub Rule | Switch Information | Information |
V 2.0 : LOG_ID_FGT_SWITCH_LOG_AUTH | Sub Rule | Authentication Activity | Authentication Success |
V 2.0 : LOG_ID_FGT_SWITCH_LOG_DEAUTH | Sub Rule | Privilege Revoked | Access Revoked |
V 2.0 : LOG_ID_FGT_SWITCH_LOG_DELETE | Sub Rule | Object Deleted/Removed | Access Success |
V 2.0 : LOG_ID_FGT_SWITCH_LOG_TUNNEL_UP | Sub Rule | General TUNNEL Message | Information |
V 2.0 : LOG_ID_FGT_SWITCH_LOG_TUNNEL_DOWN | Sub Rule | Connection Is Down | Error |
V 2.0 : LOG_ID_FGT_SWITCH_PUSH_IMAGE | Sub Rule | Switch Information | Information |
V 2.0 : LOG_ID_FGT_SWITCH_STAGE_IMAGE | Sub Rule | Switch Information | Information |
V 2.0 : LOG_ID_FGT_SWITCH_DISABLE_DISCOVERY | Sub Rule | Feature Disabled | Information |
V 2.0 : LOG_ID_FGT_SWITCH_LOG_WARNING | Sub Rule | General Warning | Warning |
V 2.0 : LOG_ID_FGT_SWITCH_EXPORT_POOL | Sub Rule | Switch Information | Information |
V 2.0 : LOG_ID_FGT_SWITCH_EXPORT_VDOM | Sub Rule | Switch Information | Information |
V 2.0 : LOG_ID_FGT_SWITCH_REQUEST_PORT | Sub Rule | Switch Information | Information |
V 2.0 : LOG_ID_FGT_SWITCH_RETURN_PORT | Sub Rule | Switch Information | Information |
V 2.0 : LOG_ID_FGT_SWITCH_MAC_ADD | Sub Rule | Object Added | Access Success |
V 2.0 : LOG_ID_FGT_SWITCH_MAC_DEL | Sub Rule | Object Deleted/Removed | Access Success |
V 2.0 : LOG_ID_FGT_SWITCH_MAC_MOVE | Sub Rule | MAC Move Notification Feature Info Msg | Information |
V 2.0 : LOG_ID_FGT_SWITCH_GROUP_SWC | Sub Rule | Switch Information | Information |
V 2.0 : LOG_ID_FGT_SWITCH_GROUP_POE | Sub Rule | General Critical | Critical |
V 2.0 : LOG_ID_FGT_SWITCH_GROUP_LINK | Sub Rule | General Critical | Critical |
V 2.0 : LOG_ID_FGT_SWITCH_GROUP_STP | Sub Rule | Spanning Tree Alert | Critical |
V 2.0 : LOG_ID_FGT_SWITCH_GROUP_SWITCH | Sub Rule | General Critical | Critical |
V 2.0 : LOG_ID_FGT_SWITCH_GROUP_ROUTER | Sub Rule | General Critical | Critical |
V 2.0 : LOG_ID_FGT_SWITCH_GROUP_SYSTEM | Sub Rule | General Critical | Critical |
Mapping with LogRhythm Schema
Device Key in Log Message | LogRhythm Schema | Data Type | Schema Description |
|---|---|---|---|
date | N/A | N/A | The date of the log entry. |
time | N/A | N/A | The time of the log entry. |
eventtime | N/A | N/A | The timestamp of the event. |
tz | N/A | N/A | Timezone offset. |
logid | <vmid> | Number | The unique identifier for the log entry. |
type | <vendorinfo> | Text/String | The type of log event. |
subtype | N/A | N/A | The subtype of the log event. |
level | <severity> | Text/String | The severity level of the log event. |
vd | <sessiontype> | Text/String | The virtual domain associated with the log event. |
logdesc | N/A | N/A | Description of the log event. |
user | <login> | Text/String | User associated with the log event. |
sn | <serialnumber> | Text/String | Serial number or identifier. |
name | N/A | N/A | Name associated with the log event. |
msg | <subject> | Text/String | Additional message or details of the log event. |
ui | <sinterface> | Text/String | User interface associated with the log event. |