Skip to main content
Skip table of contents

Syslog Fortinet FortiGate - V 2.0 : Event : VPN

Vendor Documentation

Classification

Rule Name

Rule Type

Common Event

Classification

V 2.0 : Event : VPN

Base Rule

VPN Session Information

Information

V 2.0 : VPN Neg I P1 Error

Sub Rule

General IPSec Error

Error

V 2.0 : VPN Neg Progress P1 Error

Sub Rule

IPSec Progress Error

Error

V 2.0 : VPN Neg Progress P2 Error

Sub Rule

IPSec Progress Error

Error

V 2.0 : VPN Conn Stats

Sub Rule

General IPSec Information

Information

V 2.0 : VPN Neg Generic P2 Notif IKEV2

Sub Rule

Notification Of An IPSec Negotiation

Information

V 2.0 : VPN Neg I P1 Error IKEV2

Sub Rule

IPSec Negotiation Error

Error

V 2.0 : VPN Neg Progress P1 Notif IKEV2

Sub Rule

IPSec Information Message

Information

V 2.0 : VPN Neg Progress P1 Error IKEV2

Sub Rule

IPSec Progress Error

Error

V 2.0 : VPN Neg Progress P2 Notif IKEV2

Sub Rule

IPSec Information Message

Information

V 2.0 : VPN Install SA IKEV2

Sub Rule

Installed IPSec Security Association

Information

V 2.0 : VPN Conn Stats IKEV2

Sub Rule

IPSec Information Message

Information

V 2.0 : VPN Event SSL VPN User Tunnel UP

Sub Rule

General TUNNEL Message

Information

V 2.0 : VPN Event SSL VPN User Tunnel DOWN

Sub Rule

VPN Tunnel Failure

Warning

V 2.0 : VPN Event SSL VPN User SSL Login Fail

Sub Rule

Authentication Failure Activity

Authentication Failure

V 2.0 : VPN Event SSL VPN Session Cert Ok

Sub Rule

Certificate Valid

Information

V 2.0 : VPN Event SSL VPN Session New Con

Sub Rule

VPN Session Started

Network Traffic

V 2.0 : VPN Event SSL VPN Session Tunnel Up

Sub Rule

VPN Session Started

Network Traffic

V 2.0 : VPN Event SSL VPN Session Tunnel Down

Sub Rule

VPN Tunnel Failure

Warning

V 2.0 : VPN Event SSL VPN Session Tunnel Stats

Sub Rule

VPN Session Information

Information

V 2.0 : VPN Event VPN Cert Regen

Sub Rule

Certificate Renewal Request

Activity

Mapping with LogRhythm Schema

Device Key in Log Message

LogRhythm Schema

Data Type

Schema Description

date

N/A

N/A

The date of the log event.

time

N/A

N/A

The time of the log event.

logid

<vmid>

Number

A unique identifier for the log event.

type

<vendorinfo>

Text/String

The type of log event. In this case, it is an event.

subtype

N/A

N/A

The subtype of the log event. In this case, it is a VPN event.

level

<severity>

Text/String

The severity level of the log event. In this case, it is a notice.

vd

N/A

N/A

The vdom in which the log event occurred.

eventtime

N/A

N/A

The time at which the log event occurred.

logdesc

N/A

N/A

The description of the log event.

msg

<subject>

Text/String

The message associated with the log event.

action

<action>

Text/String

The action that was taken. In this case, it was a negotiate.

remip

<sip>

IP Address

The remote IP address of the VPN tunnel.

locip

<dip>

IP Address

The local IP address of the VPN tunnel.

remport

<sport>

Number

The remote port of the VPN tunnel.

locport

<dport>

Number

The local port of the VPN tunnel.

outintf

N/A

N/A

The outbound interface of the VPN tunnel.

cookies

N/A

N/A

The cookies used for the VPN tunnel.

user

<login>

Text/String

The user associated with the VPN tunnel.

group

<group>

Text/String

The group associated with the VPN tunnel.

xauthuser

N/A

N/A

The xauth user associated with the VPN tunnel.

xauthgroup

N/A

N/A

The xauth group associated with the VPN tunnel.

assignip

N/A

N/A

The assigned IP address for the VPN tunnel.

vpntunnel

N/A

N/A

The name of the VPN tunnel.

status

<status>

Text/String

The status of the VPN tunnel.

init

N/A

N/A

The initiator of the VPN tunnel.

mode

N/A

N/A

The mode of the VPN tunnel.

dir

N/A

N/A

The direction of the VPN tunnel.

stage

N/A

N/A

The stage of the VPN tunnel.

role

N/A

N/A

The role of the VPN tunnel.

result

<result>

Text/String

The result of the VPN tunnel.

tunneltype

<objecttype>

Text/String

IPsec VPN tunnel type

tunnelid

 N/A

N/A

IPsec VPN tunnel ID

tunnelip

N/A 

N/A

IPsec VPN tunnel IP address

dst_host

<dname>

Text/String

Destination Host 

duration

<seconds>

Number

Duration

rcvdbyte

<bytesin>

Number

Received Bytes

nextstat

N/A 

N/A

Time interval in seconds for the next statistics

reason

<reason>

Text/String

The reason for the log event.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.