Skip to main content
Skip table of contents

Syslog Fortinet FortiGate - V 2.0 : Event : User

Vendor Documentation

Classification

Rule Name

Rule Type

Common Event

Classification

V 2.0 : Event : User

Base Rule

General User Information

Information

V 2.0 : User FSSO SVR Status

Sub Rule

General Active Directory Information

Information

V 2.0 : User Event Auth Time Out

Sub Rule

Authentication Timeout

Other Audit

V 2.0 : User Event Auth FSAE Logon

Sub Rule

User Logon

Authentication Success

V 2.0 : User Event Auth FSAE Logoff

Sub Rule

User Logoff

Authentication Success

V 2.0 : User Event Auth Logon

Sub Rule

User Logon

Authentication Success

V 2.0 : User Event Auth Logout

Sub Rule

User Logoff

Authentication Success

V 2.0 : User Event Auth FGOVRD Success

Sub Rule

Successful Activity

Other Audit Success

Mapping with LogRhythm Schema

Device Key in Log Message

LogRhythm Schema

Data Type

Schema Description

date

N/A

N/A

The date of the log event.

time

N/A

N/A

The time of the log event.

logid

<vmid>

Number

A unique identifier for the log event.

type

<vendorinfo>

Text/String

The type of log event. In this case, it is an event.

subtype

N/A

N/A

The subtype of the log event. In this case, it is a user event.

level

<severity>

Text/String

The severity level of the log event. In this case, it is a notice.

vd

<sessiontype>

Text/String

The vdom in which the log event occurred.

eventtime

N/A

N/A

The time at which the log event occurred.

logdesc

N/A

N/A

The description of the log event.

srcip

<sip>

IP Address

The source IP address of the log event.

dstip

<dip>

IP Address

The destination IP address of the log event.

policyid

N/A

N/A

The policy ID that was used for the authentication.

interface

<sinterface>

Text/String

The interface that was used for the authentication.

user

<login>

Text/String

The user who was authenticated.

group

<group>

Text/String

The group that the user belongs to.

authproto

N/A

N/A

The authentication protocol that was used.

action

<action>

Text/String

The action that was taken. In this case, it was an authentication.

status

<status>

Text/String

The status of the authentication.

reason

<reason>

Text/String

The reason for the authentication.

msg

<subject>

Text/String

The message associated with the log event.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.