Syslog Fortinet FortiGate - V 2.0 : Event : WAD

Rule Name	Rule Type	Common Event	Classification
V 2.0 : Event : WAD	Base Rule	General Firewall Event	Information
V 2.0 : WAD SSL DECRY FAIL	Sub Rule	Decryption Failure	Error
V 2.0 : WAD SSL NOT SUPPORT CS	Sub Rule	Module Not Supported	Warning
V 2.0 : WAD SSL RCV ALERT	Sub Rule	SSL Information-Only Event	Information
V 2.0 : WAD SSL RCV FATAL ALERT	Sub Rule	SSL Connection Error	Error
V 2.0 : WAD SSL SENT FATAL ALERT	Sub Rule	SSL Key Information	Information

Device Key in Log Message	LogRhythm Schema	Data Type	Schema Description
date	N/A	N/A	The date of the log event.
time	N/A	N/A	The time of the log event.
logid	<vmid>	Number	A unique identifier for the log event.
type	<vendorinfo>	Text/String	The type of log event. In this case, it is an event.
subtype	N/A	N/A	The subtype of the log event. In this case, it is a wad event.
level	<severity>	Text/String	The severity level of the log event. In this case, it is an error.
vd	<sessiontype>	Text/String	The vdom in which the log event occurred.
eventtime	N/A	N/A	The time at which the log event occurred.
logdesc	N/A	N/A	The description of the log event.
session_id	<session>	Text/String	The session ID of the SSL connection.
policyid	<policy>	Number	The policy ID that was used for the SSL connection.
srcip	<sip>	IP Address	The source IP address of the SSL connection.
srcport	<sport>	Number	The source port of the SSL connection.
dstip	<dip>	IP Address	The destination IP address of the SSL connection.
dstport	<dport>	Number	The destination port of the SSL connection.
action	<action>	Text/String	The action that was taken. In this case, it was a receive.
alert	<threatid>	Number	The alert code that was received.
desc	<threatname>	Text/String	The description of the alert code.
msg	<subject>	Text/String	The message associated with the log event.

Vendor Documentation