Syslog Fortinet FortiGate - V 2.0 : Event : System

https://docs.fortinet.com/document/fortigate/7.0.12/administration-guide/986892/sample-logs-by-log-type

V 2.0: Event: System

Base Rule

General System Message

Information

V 2.0: Event Mail Sent Fail

Sub Rule

General Failed Activity

Failed Activity

V 2.0: Event Reportd Report Success

Sub Rule

Report Generation

Information

V 2.0: Event Reportd Report Failure

Sub Rule

Report Deleted

Information

V 2.0: Event Session Clash

Sub Rule

Session Information

Information

V 2.0: Event VWL Volume Status

Sub Rule

WAN Module Info Msg

Information

V 2.0: Event DHCP Ack

Sub Rule

DHCP ACK

Network Traffic

V 2.0: Event DHCP Stat

Sub Rule

General DHCPServer Information

Information

V 2.0: Event DHCP Client Lease

Sub Rule

DHCP Lease Obtained

Information

V 2.0: Event Auth Snmp Query Failed

Sub Rule

General Failed Activity

Failed Activity

V 2.0: Event Admin Login Succ

Sub Rule

User Logon

Authentication Success

V 2.0: Event Admin Login Fail

Sub Rule

User Logon Failure

Authentication Failure

V 2.0: Event Admin Login Logout

Sub Rule

Logout Request

Information

V 2.0: Event Log Roll

Sub Rule

General Disk Information

Information

V 2.0: Event Admin Login Disable

Sub Rule

Account Disabled

Access Revoked

V 2.0: Event Log Del Dir

Sub Rule

Object Deleted/Removed

Access Success

V 2.0: Event Log Del File

Sub Rule

Object Deleted/Removed

Access Success

V 2.0: Event Log Roll Forticron

Sub Rule

Rotation Information

Information

V 2.0: Event Report Deleted

Sub Rule

Object Deleted/Removed

Access Success

V 2.0: Event Report Deleted GUI

Sub Rule

Object Deleted/Removed

Access Success

V 2.0: Event Backup Conf By Scp

Sub Rule

Backup Completed

Information

V 2.0: Event Conf Chg

Sub Rule

Configuration Modified: System

Configuration

V 2.0: Event Sys Perf

Sub Rule

General Performance Statistics

Information

V 2.0: Event Upd Fgt Succ

Sub Rule

Update Successful

Information

V 2.0: Event Upd Fsa Virdb

Sub Rule

Database Update Event

Information

V 2.0: Event Nac Quarantine

Sub Rule

Quarantine

Activity

V 2.0: Event Delete Object

Sub Rule

Object Deleted/Removed

Access Success

V 2.0: Event Config Attr

Sub Rule

Object Added

Access Success

V 2.0: Event Add Object Attribute

Sub Rule

Object Modified

Access Success

V 2.0: Event DSSCC Exec

Sub Rule

General Policy Compliance Information

Other Audit

V 2.0: Event Ext Remote

Sub Rule

General Error

Error

date

N/A

N/A

The date of the log event.

time

N/A

N/A

The time of the log event.

logid

<vmid>

Number

A unique identifier for the log event.

type

<vendorinfo>

Text/String

The type of log event. In this case, it is an event.

subtype

N/A

N/A

The subtype of the log event. In this case, it is a system event.

level

<severity>

Text/String

The severity level of the log event. In this case, it is an information.

vd

<sessiontype>

Text/String

The vdom in which the log event occurred.

eventtime

N/A

N/A

The time at which the log event occurred.

logdesc

N/A

N/A

The description of the log event.

sn

<serialnumber>

Number

The serial number of the log event.

user

<login>

Text/String

The user who logged in.

ui

N/A

N/A

The user interface that was used to log in. In this case, it was SSH from the IP address 172.16.200.254.

method

N/A

N/A

The method that was used to log in. In this case, it was SSH.

srcip

<sip>

IP Address

The source IP address of the log event.

dstip

<dip>

IP Address

The destination IP address of the log event.

action

<action>

Text/String

The action that was taken. In this case, it was a login.

status

<status>

Text/String

The status of the log event. In this case, it was a success.

reason

<reason>

Text/String

The reason for the log event. In this case, there was no reason.

profile

N/A

N/A

The profile of the user who logged in. In this case, it was the super_admin profile.

cfgattr

<result>

Text/String

N/A

msg

<subject>

Text/String

The message associated with the log event.