Skip to main content
Skip table of contents

Syslog Fortinet FortiGate - V 2.0 : Event : System

Vendor Documentation

Classification

Rule Name

Rule Type

Common Event

Classification

V 2.0 : Event : System

Base Rule

General System Message

Information

V 2.0 : Event Mail Sent Fail

Sub Rule

General Failed Activity

Failed Activity

V 2.0 : Event Reportd Report Success

Sub Rule

Report Generation

Information

V 2.0 : Event Reportd Report Failure

Sub Rule

Report Deleted

Information

V 2.0 : Event Session Clash

Sub Rule

Session Information

Information

V 2.0 : Event VWL Volume Status

Sub Rule

WAN Module Info Msg

Information

V 2.0 : Event DHCP Ack

Sub Rule

DHCP ACK

Network Traffic

V 2.0 : Event DHCP Stat

Sub Rule

General DHCPServer Information

Information

V 2.0 : Event DHCP Client Lease

Sub Rule

DHCP Lease Obtained

Information

V 2.0 : Event Auth Snmp Query Failed

Sub Rule

General Failed Activity

Failed Activity

V 2.0 : Event Admin Login Succ

Sub Rule

Authentication Activity

Authentication Success

V 2.0 : Event Admin Login Fail

Sub Rule

Authentication Failure Activity

Authentication Failure

V 2.0 : Event Admin Login Logout

Sub Rule

Logout Request

Information

V 2.0 : Event Log Roll

Sub Rule

General Disk Information

Information

V 2.0 : Event Admin Login Disable

Sub Rule

Account Disabled

Access Revoked

V 2.0 : Event Log Del Dir

Sub Rule

Object Deleted/Removed

Access Success

V 2.0 : Event Log Del File

Sub Rule

Object Deleted/Removed

Access Success

V 2.0 : Event Log Roll Forticron

Sub Rule

Rotation Information

Information

V 2.0 : Event Report Deleted

Sub Rule

Object Deleted/Removed

Access Success

V 2.0 : Event Report Deleted GUI

Sub Rule

Object Deleted/Removed

Access Success

V 2.0 : Event Backup Conf By Scp

Sub Rule

Backup Completed

Information

V 2.0 : Event Conf Chg

Sub Rule

Configuration Modified : System

Configuration

V 2.0 : Event Sys Perf

Sub Rule

General Performance Statistics

Information

V 2.0 : Event Upd Fgt Succ

Sub Rule

Update Successful

Information

V 2.0 : Event Upd Fsa Virdb

Sub Rule

Database Update Event

Information

V 2.0 : Event Nac Quarantine

Sub Rule

Quarantine

Activity

V 2.0 : Event Delete Object

Sub Rule

Object Deleted/Removed

Access Success

V 2.0 : Event Config Attr

Sub Rule

Object Added

Access Success

V 2.0 : Event Add Object Attribute

Sub Rule

Object Added

Access Success

V 2.0 : Event DSSCC Exec

Sub Rule

General Policy Compliance Information

Other Audit

V 2.0 : Event Ext Remote

Sub Rule

General Error

Error

Mapping with LogRhythm Schema

Device Key in Log Message

LogRhythm Schema

Data Type

Schema Description

date

N/A

N/A

The date of the log event.

time

N/A

N/A

The time of the log event.

logid

<vmid>

Number

A unique identifier for the log event.

type

<vendorinfo>

Text/String

The type of log event. In this case, it is an event.

subtype

N/A

N/A

The subtype of the log event. In this case, it is a system event.

level

<severity>

Text/String

The severity level of the log event. In this case, it is an information.

vd

N/A

N/A

The vdom in which the log event occurred.

eventtime

N/A

N/A

The time at which the log event occurred.

logdesc

N/A

N/A

The description of the log event.

sn

<serialnumber>

Number

The serial number of the log event.

user

<login>

Text/String

The user who logged in.

ui

N/A

N/A

The user interface that was used to log in. In this case, it was SSH from the IP address 172.16.200.254.

method

N/A

N/A

The method that was used to log in. In this case, it was SSH.

srcip

<sip>

IP Address

The source IP address of the log event.

dstip

<dip>

IP Address

The destination IP address of the log event.

action

<action>

Text/String

The action that was taken. In this case, it was a login.

status

<status>

Text/String

The status of the log event. In this case, it was a success.

reason

<reason>

Text/String

The reason for the log event. In this case, there was no reason.

profile

N/A

N/A

The profile of the user who logged in. In this case, it was the super_admin profile.

cfgattr

<result>

Text/String

N/A

msg

<subject>

Text/String

The message associated with the log event.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.