Skip to main content
Skip table of contents

Syslog Fortinet FortiGate - V 2.0 : Event : Wireless

Vendor Documentation

Classification

Rule Name

Rule Type

Common Event

Classification

V 2.0 : Event : Wireless

Base Rule

Wireless Activity

Other Operations

V 2.0 : Wireless STA Locate

Sub Rule

Interference Detected For Wireless Station

Warning

V 2.0 : Wireless Rogue Detect

Sub Rule

General Wireless Channel Warning

Warning

V 2.0 : Wireless Rogue Offair

Sub Rule

Wireless Disassociation

Other Audit Success

V 2.0 : Wireless Rogue Detect Chg

Sub Rule

General Wireless Channel Warning

Warning

V 2.0 : Wireless STA Auth

Sub Rule

Authentication Activity

Authentication Success

V 2.0 : Wireless STA Idle

Sub Rule

Idle Timeout

Information

V 2.0 : Wireless STA IP

Sub Rule

IP Address Assigned

Information

V 2.0 : Wireless STA Leave WTP

Sub Rule

Received Disconnect

Other Operations

V 2.0 : Wireless WTPR DARRP Chan

Sub Rule

Wireless Physical AP Activity

Information

V 2.0 : Wireless WTPR OPER Chan

Sub Rule

Wireless Physical AP Activity

Information

V 2.0 : Wireless WTPR Cfg Txpower

Sub Rule

Wireless Physical AP Activity

Information

V 2.0 : Wireless WTPR OPER Txpower

Sub Rule

Wireless Physical AP Activity

Information

V 2.0 : Wireless CLB Deny

Sub Rule

General Load Balancing Message

Information

V 2.0 : Wireless CLB Retry

Sub Rule

General Load Balancing Message

Information

V 2.0 : Wireless Sys AC DARRP Start

Sub Rule

Wireless Activity

Information

V 2.0 : Wireless Sys AC DARRP Stop

Sub Rule

Wireless Activity

Information

V 2.0 : Wireless Sys AC CFG Loaded

Sub Rule

Configuration Information

Information

Mapping with LogRhythm Schema

Device Key in Log Message

LogRhythm Schema

Data Type

Schema Description

date

N/A

N/A

The date of the log event.

time

N/A

N/A

The time of the log event.

logid

<vmid>

Number

A unique identifier for the log event.

type

<vendorinfo>

Text/String

The type of log event. In this case, it is an event.

subtype

N/A

N/A

The subtype of the log event. In this case, it is a wireless event.

level

<severity>

Text/String

The severity level of the log event. In this case, it is a warning.

vd

N/A

N/A

The vdom in which the log event occurred.

eventtime

N/A

N/A

The time at which the log event occurred.

logdesc

N/A

N/A

The description of the log event.

ssid

N/A

N/A

The SSID of the fake AP.

bssid

N/A

N/A

The BSSID of the fake AP.

aptype

N/A

N/A

The AP type of the fake AP.

rate

N/A

N/A

The data rate of the fake AP.

radioband

N/A

N/A

The radio band of the fake AP.

channel

N/A

N/A

The channel of the fake AP.

action

<action>

Text/String

The action that was taken. In this case, it was a fake-ap-on-air.

manuf

<object>

Text/String

The manufacturer of the fake AP.

security

<objectname>

Text/String

The security of the fake AP.

encryption

<objecttype>

Text/String

The encryption of the fake AP.

signal

N/A

N/A

The signal strength of the fake AP.

noise

N/A

N/A

The noise level of the fake AP.

live

N/A

N/A

The number of seconds that the fake AP has been alive.

age

N/A

N/A

The age of the fake AP in seconds.

onwire

N/A

N/A

Whether the fake AP is on the wire.

detectionmethod

N/A

N/A

The detection method used to detect the fake AP.

stamac

<smac>

Text/String

The MAC address of the station associated with the fake AP.

apscan

N/A

N/A

Whether the fake AP was detected by a scan.

sndetected

N/A

N/A

The serial number of the FortiGate that detected the fake AP.

radioiddetected

N/A

N/A

The radio ID of the FortiGate that detected the fake AP.

stacount

<quantity>

Number

The number of stations associated with the fake AP.

snclosest

N/A

N/A

The serial number of the FortiGate that is closest to the fake AP.

radioidclosest

N/A

N/A

The radio ID of the FortiGate that is closest to the fake AP.

apstatus

<status>

Number

The status of the fake AP.

user

<login>
<domainorigin>

Text/String

N/A

srcip

<sip>

IP Address

N/A

reason

<reason>

Text/String

N/A

msg

<subject>

Text/String

The message associated with the log event.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.