Skip to main content
Skip table of contents

Syslog Fortinet FortiGate - V 2.0 : Event : VPN

Vendor Documentation

Classification

Rule Name

Rule Type

Common Event

Classification

V 2.0: Event: VPN

Base Rule

VPN Session Information

Information

V 2.0: VPN Neg I P1 Error

Sub Rule

General IPSec Error

Error

V 2.0: VPN Neg Progress P1 Error

Sub Rule

IPSec Progress Error

Error

V 2.0: VPN Neg Progress P2 Error

Sub Rule

IPSec Progress Error

Error

V 2.0: VPN Conn Stats

Sub Rule

General IPSec Information

Information

V 2.0: VPN Neg Generic P2 Notif IKEV2

Sub Rule

Notification Of An IPSec Negotiation

Information

V 2.0: VPN Neg I P1 Error IKEV2

Sub Rule

IPSec Negotiation Error

Error

V 2.0: VPN Neg Progress P1 Notif IKEV2

Sub Rule

IPSec Information Message

Information

V 2.0: VPN Neg Progress P1 Error IKEV2

Sub Rule

IPSec Progress Error

Error

V 2.0: VPN Neg Progress P2 Notif IKEV2

Sub Rule

IPSec Information Message

Information

V 2.0: VPN Install SA IKEV2

Sub Rule

Installed IPSec Security Association

Information

V 2.0: VPN Conn Stats IKEV2

Sub Rule

IPSec Information Message

Information

V 2.0: VPN Event SSL VPN User Tunnel UP

Sub Rule

General TUNNEL Message

Information

V 2.0: VPN Event SSL VPN User Tunnel DOWN

Sub Rule

VPN Tunnel Failure

Warning

V 2.0: VPN Event SSL VPN User SSL Login Fail

Sub Rule

Authentication Failure Activity

Authentication Failure

V 2.0: VPN Event SSL VPN Session Cert Ok

Sub Rule

Certificate Valid

Information

V 2.0: VPN Event SSL VPN Session New Con

Sub Rule

VPN Session Started

Network Traffic

V 2.0: VPN Event SSL VPN Session Tunnel Up

Sub Rule

VPN Session Started

Network Traffic

V 2.0: VPN Event SSL VPN Session Tunnel Down

Sub Rule

VPN Tunnel Failure

Warning

V 2.0: VPN Event SSL VPN Session Tunnel Stats

Sub Rule

VPN Session Information

Information

V 2.0: VPN Event VPN Cert Regen

Sub Rule

Certificate Renewal Request

Activity

V 2.0 : VPN Event NEG GENERIC P1 NOTIF

Sub Rule

Notification Of An IPSec Negotiation

Information

V 2.0 : VPN Event NEG GENERIC P1 ERROR

Sub Rule

IPSec Negotiation Error

Error

V 2.0 : VPN Event NEG GENERIC P2 NOTIF

Sub Rule

Notification Of An IPSec Negotiation

Information

V 2.0 : VPN Event NEG PROGRESS P1 NOTIF

Sub Rule

Notification Of An IPSec Negotiation

Information

V 2.0 : VPN Event NEG PROGRESS P2 NOTIF

Sub Rule

Notification Of An IPSec Negotiation

Information

V 2.0 : VPN Event ESP ERROR

Sub Rule

IPSec ESP Error

Error

V 2.0 : VPN Event INSTALL SA

Sub Rule

Installed IPSec Security Association

Information

V 2.0 : VPN Event DELETE P1 SA

Sub Rule

IPSEC SA Delete Request Received

Network Traffic

V 2.0 : VPN Event DELETE P2 SA

Sub Rule

IPSEC SA Delete Request Received

Network Traffic

V 2.0 : VPN Event DPD FAILURE

Sub Rule

IPSec DPD Failure

Error

V 2.0 : VPN Event CONN UPDOWN

Sub Rule

IPSec Status Changed

Information

V 2.0 : VPN Event P2 UPDOWN

Sub Rule

IPSec Status Changed

Information

V 2.0 : VPN Event SSL VPN SESSION ALERT

Sub Rule

General SSLVPN Session Alert

Critical

V 2.0 : VPN Event SSL VPN SESSION EXIT ERR

Sub Rule

General SSLVPN Session Error

Error

V 2.0 : VPN Event VPN CERT UPDATE FAILED

Sub Rule

Update Failed

Error

Mapping with LogRhythm Schema

Device Key in Log Message

LogRhythm Schema

Data Type

Schema Description

date

N/A

N/A

The date of the log event.

time

N/A

N/A

The time of the log event.

logid

<vmid>

Number

A unique identifier for the log event.

type

<vendorinfo>

Text/String

The type of log event. In this case, it is an event.

subtype

N/A

N/A

The subtype of the log event. In this case, it is a VPN event.

level

<severity>

Text/String

The severity level of the log event. In this case, it is a notice.

vd

<sessiontype>

Text/String

The vdom in which the log event occurred.

eventtime

N/A

N/A

The time at which the log event occurred.

logdesc

N/A

N/A

The description of the log event.

msg

<subject>

Text/String

The message associated with the log event.

action

<action>

Text/String

The action that was taken. In this case, it was a negotiate.

remip

<sip>

IP Address

The remote IP address of the VPN tunnel.

locip

<dip>

IP Address

The local IP address of the VPN tunnel.

remport

<sport>

Number

The remote port of the VPN tunnel.

locport

<dport>

Number

The local port of the VPN tunnel.

outintf

N/A

N/A

The outbound interface of the VPN tunnel.

cookies

N/A

N/A

The cookies used for the VPN tunnel.

user

<login>

Text/String

The user associated with the VPN tunnel.

group

<group>

Text/String

The group associated with the VPN tunnel.

xauthuser

<login>

N/A

The xauth user associated with the VPN tunnel.

xauthgroup

N/A

N/A

The xauth group associated with the VPN tunnel.

assignip

N/A

N/A

The assigned IP address for the VPN tunnel.

vpntunnel

N/A

N/A

The name of the VPN tunnel.

status

<status>

Text/String

The status of the VPN tunnel.

init

N/A

N/A

The initiator of the VPN tunnel.

mode

N/A

N/A

The mode of the VPN tunnel.

dir

N/A

N/A

The direction of the VPN tunnel.

stage

N/A

N/A

The stage of the VPN tunnel.

role

N/A

N/A

The role of the VPN tunnel.

result

<result>

Text/String

The result of the VPN tunnel.

tunneltype

<objecttype>

Text/String

IPsec VPN tunnel type

tunnelid

 N/A

N/A

IPsec VPN tunnel ID

tunnelip

N/A 

N/A

IPsec VPN tunnel IP address

dst_host

<dname>

Text/String

Destination Host 

duration

<seconds>

Number

Duration

rcvdbyte

<bytesin>

Number

Received Bytes

nextstat

N/A 

N/A

Time interval in seconds for the next statistics

reason

<reason>

Text/String

The reason for the log event.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.