Syslog Fortinet FortiGate - V 2.0 : Event : VPN
Vendor Documentation
Classification
Rule Name | Rule Type | Common Event | Classification |
|---|---|---|---|
V 2.0 : Event : VPN | Base Rule | VPN Session Information | Information |
V 2.0 : VPN Neg I P1 Error | Sub Rule | General IPSec Error | Error |
V 2.0 : VPN Neg Progress P1 Error | Sub Rule | IPSec Progress Error | Error |
V 2.0 : VPN Neg Progress P2 Error | Sub Rule | IPSec Progress Error | Error |
V 2.0 : VPN Conn Stats | Sub Rule | General IPSec Information | Information |
V 2.0 : VPN Neg Generic P2 Notif IKEV2 | Sub Rule | Notification Of An IPSec Negotiation | Information |
V 2.0 : VPN Neg I P1 Error IKEV2 | Sub Rule | IPSec Negotiation Error | Error |
V 2.0 : VPN Neg Progress P1 Notif IKEV2 | Sub Rule | IPSec Information Message | Information |
V 2.0 : VPN Neg Progress P1 Error IKEV2 | Sub Rule | IPSec Progress Error | Error |
V 2.0 : VPN Neg Progress P2 Notif IKEV2 | Sub Rule | IPSec Information Message | Information |
V 2.0 : VPN Install SA IKEV2 | Sub Rule | Installed IPSec Security Association | Information |
V 2.0 : VPN Conn Stats IKEV2 | Sub Rule | IPSec Information Message | Information |
V 2.0 : VPN Event SSL VPN User Tunnel UP | Sub Rule | General TUNNEL Message | Information |
V 2.0 : VPN Event SSL VPN User Tunnel DOWN | Sub Rule | VPN Tunnel Failure | Warning |
V 2.0 : VPN Event SSL VPN User SSL Login Fail | Sub Rule | Authentication Failure Activity | Authentication Failure |
V 2.0 : VPN Event SSL VPN Session Cert Ok | Sub Rule | Certificate Valid | Information |
V 2.0 : VPN Event SSL VPN Session New Con | Sub Rule | VPN Session Started | Network Traffic |
V 2.0 : VPN Event SSL VPN Session Tunnel Up | Sub Rule | VPN Session Started | Network Traffic |
V 2.0 : VPN Event SSL VPN Session Tunnel Down | Sub Rule | VPN Tunnel Failure | Warning |
V 2.0 : VPN Event SSL VPN Session Tunnel Stats | Sub Rule | VPN Session Information | Information |
V 2.0 : VPN Event VPN Cert Regen | Sub Rule | Certificate Renewal Request | Activity |
Mapping with LogRhythm Schema
Device Key in Log Message | LogRhythm Schema | Data Type | Schema Description |
|---|---|---|---|
date | N/A | N/A | The date of the log event. |
time | N/A | N/A | The time of the log event. |
logid | <vmid> | Number | A unique identifier for the log event. |
type | <vendorinfo> | Text/String | The type of log event. In this case, it is an event. |
subtype | N/A | N/A | The subtype of the log event. In this case, it is a VPN event. |
level | <severity> | Text/String | The severity level of the log event. In this case, it is a notice. |
vd | <sessiontype> | Text/String | The vdom in which the log event occurred. |
eventtime | N/A | N/A | The time at which the log event occurred. |
logdesc | N/A | N/A | The description of the log event. |
msg | <subject> | Text/String | The message associated with the log event. |
action | <action> | Text/String | The action that was taken. In this case, it was a negotiate. |
remip | <sip> | IP Address | The remote IP address of the VPN tunnel. |
locip | <dip> | IP Address | The local IP address of the VPN tunnel. |
remport | <sport> | Number | The remote port of the VPN tunnel. |
locport | <dport> | Number | The local port of the VPN tunnel. |
outintf | N/A | N/A | The outbound interface of the VPN tunnel. |
cookies | N/A | N/A | The cookies used for the VPN tunnel. |
user | <login> | Text/String | The user associated with the VPN tunnel. |
group | <group> | Text/String | The group associated with the VPN tunnel. |
xauthuser | N/A | N/A | The xauth user associated with the VPN tunnel. |
xauthgroup | N/A | N/A | The xauth group associated with the VPN tunnel. |
assignip | N/A | N/A | The assigned IP address for the VPN tunnel. |
vpntunnel | N/A | N/A | The name of the VPN tunnel. |
status | <status> | Text/String | The status of the VPN tunnel. |
init | N/A | N/A | The initiator of the VPN tunnel. |
mode | N/A | N/A | The mode of the VPN tunnel. |
dir | N/A | N/A | The direction of the VPN tunnel. |
stage | N/A | N/A | The stage of the VPN tunnel. |
role | N/A | N/A | The role of the VPN tunnel. |
result | <result> | Text/String | The result of the VPN tunnel. |
tunneltype | <objecttype> | Text/String | IPsec VPN tunnel type |
tunnelid | N/A | N/A | IPsec VPN tunnel ID |
tunnelip | N/A | N/A | IPsec VPN tunnel IP address |
dst_host | <dname> | Text/String | Destination Host |
duration | <seconds> | Number | Duration |
rcvdbyte | <bytesin> | Number | Received Bytes |
nextstat | N/A | N/A | Time interval in seconds for the next statistics |
reason | <reason> | Text/String | The reason for the log event. |