Syslog Fortinet FortiGate - V 2.0 : Event : WAD

https://docs.fortinet.com/document/fortigate/7.0.12/administration-guide/986892/sample-logs-by-log-type

V 2.0 : Event : WAD

Base Rule

General Firewall Event

Information

V 2.0 : WAD SSL DECRY FAIL

Sub Rule

Decryption Failure

Error

V 2.0 : WAD SSL NOT SUPPORT CS

Sub Rule

Module Not Supported

Warning

V 2.0 : WAD SSL RCV ALERT

Sub Rule

SSL Information-Only Event

Information

V 2.0 : WAD SSL RCV FATAL ALERT

Sub Rule

SSL Connection Error

Error

V 2.0 : WAD SSL SENT FATAL ALERT

Sub Rule

SSL Key Information

Information

date

N/A

N/A

The date of the log event.

time

N/A

N/A

The time of the log event.

logid

<vmid>

Number

A unique identifier for the log event.

type

<vendorinfo>

Text/String

The type of log event. In this case, it is an event.

subtype

N/A

N/A

The subtype of the log event. In this case, it is a wad event.

level

<severity>

Text/String

The severity level of the log event. In this case, it is an error.

vd

<sessiontype>

Text/String

The vdom in which the log event occurred.

eventtime

N/A

N/A

The time at which the log event occurred.

logdesc

N/A

N/A

The description of the log event.

session_id

<session>

Text/String

The session ID of the SSL connection.

policyid

<policy>

Number

The policy ID that was used for the SSL connection.

srcip

<sip>

IP Address

The source IP address of the SSL connection.

srcport

<sport>

Number

The source port of the SSL connection.

dstip

<dip>

IP Address

The destination IP address of the SSL connection.

dstport

<dport>

Number

The destination port of the SSL connection.

action

<action>

Text/String

The action that was taken. In this case, it was a receive.

alert

<threatid>

Number

The alert code that was received.

desc

<threatname>

Text/String

The description of the alert code.

msg

<subject>

Text/String

The message associated with the log event.