Syslog Fortinet FortiGate - V 2.0 : Traffic : Forward
Vendor Documentation
Classification
Rule Name | Rule Type | Common Event | Classification |
|---|---|---|---|
V 2.0 : Traffic : Forward | Base Rule | Network Traffic | Network Traffic |
V 2.0 : 20_Forward Traffic Allowed | Sub Rule | Traffic Allowed by Network Firewall | Network Allow |
V 2.0 : LOG_ID_TRAFFIC_END_FORWARD | Sub Rule | Disconnect Session | Network Traffic |
V 2.0 : LOG_ID_TRAFFIC_START_FORWARD | Sub Rule | Network Session Created | Network Traffic |
V 2.0 : LOG_ID_TRAFFIC_ALLOW | Sub Rule | Traffic Allowed by Network Firewall | Network Allow |
V 2.0 : LOG_ID_TRAFFIC_DENY | Sub Rule | Traffic Denied by Network Firewall | Network Deny |
V 2.0 : LOG_ID_TRAFFIC_OTHER_START | Sub Rule | Network Session Created | Network Traffic |
V 2.0 : LOG_ID_TRAFFIC_OTHER_ICMP_ALLOW | Sub Rule | Traffic Allowed by Network Firewall | Network Allow |
V 2.0 : LOG_ID_TRAFFIC_OTHER_ICMP_DENY | Sub Rule | Traffic Denied by Network Firewall | Network Deny |
V 2.0 : LOG_ID_TRAFFIC_WANOPT | Sub Rule | WAN Optimization Traffic | Network Traffic |
V 2.0 : LOG_ID_TRAFFIC_WEBCACHE | Sub Rule | Web Cache Traffic | Network Traffic |
V 2.0 : LOG_ID_TRAFFIC_EXPLICIT_PROXY | Sub Rule | Traffic Allowed by Proxy | Network Allow |
V 2.0 : LOG_ID_TRAFFIC_STAT | Sub Rule | General Traffic Log | Network Traffic |
V 2.0 : LOG_ID_TRAFFIC_UTM_CORRELATION | Sub Rule | General Traffic Log | Network Traffic |
V 2.0 : 5_Traffic Session Denied | Sub Rule | Traffic Denied by Network Firewall | Network Deny |
V 2.0 : 13_Traffic Blocked | Sub Rule | Traffic Denied by Network Firewall | Network Deny |
V 2.0 : 13_Traffic Session Timeout | Sub Rule | Session Timeout | Warning |
V 2.0 : 13_Local Traffic Session Allowed | Sub Rule | Traffic Allowed by Network Firewall | Network Allow |
V 2.0 : 13_Traffic Session Started | Sub Rule | Network Session Created | Network Traffic |
V 2.0 : 4_Traffic Session Denied | Sub Rule | Traffic Denied by Network Firewall | Network Deny |
V 2.0 : 13_Traffic Session Denied | Sub Rule | Traffic Denied by Network Firewall | Network Deny |
V 2.0 : LOG_ID_TRAFFIC_OTHER_INVALID | Sub Rule | Invalid Operation | Warning |
V 2.0 : LOG_ID_TRAFFIC_FAIL_CONN | Sub Rule | Connection Failed | Network Traffic |
V 2.0 : 13_Traffic Allowed | Sub Rule | Traffic Allowed by Network Firewall | Network Allow |
V 2.0 : 4_Traffic Session Started | Sub Rule | Network Session Created | Network Traffic |
V 2.0 : 13_Forward Traffic Allowed | Sub Rule | Traffic Allowed by Network Firewall | Network Allow |
V 2.0 : 4_Forward Traffic Allowed | Sub Rule | Traffic Allowed by Network Firewall | Network Allow |
V 2.0 : 4_Traffic Session Timeout | Sub Rule | Session Timeout | Warning |
V 2.0 : 20_Traffic Session Denied | Sub Rule | Traffic Denied by Network Firewall | Network Deny |
V 2.0 : 20_Traffic Session Timeout | Sub Rule | Session Timeout | Warning |
V 2.0 : 20_Traffic Session Started | Sub Rule | Network Session Created | Network Traffic |
V 2.0 : 20_Local Traffic Session Allowed | Sub Rule | Traffic Allowed by Network Firewall | Network Allow |
V 2.0 : 20_Traffic Blocked | Sub Rule | Traffic Denied by Network Firewall | Network Deny |
V 2.0 : 20_Traffic Reset | Sub Rule | Connection Reset | Network Traffic |
V 2.0 : 20_Traffic Allowed | Sub Rule | Traffic Allowed by Network Firewall | Network Allow |
V 2.0 : 13_Traffic Reset | Sub Rule | Connection Reset | Network Traffic |
V 2.0 : 15_Traffic Session Denied | Sub Rule | Traffic Denied by Network Firewall | Network Deny |
V 2.0 : 15_Traffic Session Timeout | Sub Rule | Session Timeout | Warning |
V 2.0 : 15_Forward Traffic Allowed | Sub Rule | Traffic Allowed by Network Firewall | Network Allow |
V 2.0 : 15_Traffic Session Started | Sub Rule | Network Session Created | Network Traffic |
V 2.0 : 15_Local Traffic Session Allowed | Sub Rule | Traffic Allowed by Network Firewall | Network Allow |
V 2.0 : 15_Traffic Blocked | Sub Rule | Traffic Denied by Network Firewall | Network Deny |
V 2.0 : 15_Traffic Reset | Sub Rule | Connection Reset | Network Traffic |
V 2.0 : 15_Traffic Allowed | Sub Rule | Traffic Allowed by Network Firewall | Network Allow |
V 2.0 : 2_Traffic Session Denied | Sub Rule | Traffic Denied by Network Firewall | Network Deny |
V 2.0 : 2_Traffic Session Timeout | Sub Rule | Session Timeout | Warning |
V 2.0 : 2_Forward Traffic Allowed | Sub Rule | Traffic Allowed by Network Firewall | Network Allow |
V 2.0 : 2_Traffic Session Started | Sub Rule | Network Session Created | Network Traffic |
V 2.0 : 2_Local Traffic Session Allowed | Sub Rule | Traffic Allowed by Network Firewall | Network Allow |
V 2.0 : 2_Traffic Blocked | Sub Rule | Traffic Denied by Network Firewall | Network Deny |
V 2.0 : 2_Traffic Reset | Sub Rule | Connection Reset | Network Traffic |
V 2.0 : 2_Traffic Allowed | Sub Rule | Traffic Allowed by Network Firewall | Network Allow |
V 2.0 : 3_Traffic Session Denied | Sub Rule | Traffic Denied by Network Firewall | Network Deny |
V 2.0 : 3_Traffic Session Timeout | Sub Rule | Session Timeout | Warning |
V 2.0 : 3_Forward Traffic Allowed | Sub Rule | Traffic Allowed by Network Firewall | Network Allow |
V 2.0 : 3_Traffic Session Started | Sub Rule | Network Session Created | Network Traffic |
V 2.0 : 3_Local Traffic Session Allowed | Sub Rule | Traffic Allowed by Network Firewall | Network Allow |
V 2.0 : 3_Traffic Blocked | Sub Rule | Traffic Denied by Network Firewall | Network Deny |
V 2.0 : 3_Traffic Reset | Sub Rule | Connection Reset | Network Traffic |
V 2.0 : 3_Traffic Allowed | Sub Rule | Traffic Allowed by Network Firewall | Network Allow |
V 2.0 : 4_Local Traffic Session Allowed | Sub Rule | Traffic Allowed by Network Firewall | Network Allow |
V 2.0 : 4_Traffic Blocked | Sub Rule | Traffic Denied by Network Firewall | Network Deny |
V 2.0 : 4_Traffic Reset | Sub Rule | Connection Reset | Network Traffic |
V 2.0 : 4_Traffic Allowed | Sub Rule | Traffic Allowed by Network Firewall | Network Allow |
V 2.0 : 5_Traffic Session Timeout | Sub Rule | Session Timeout | Warning |
V 2.0 : 5_Forward Traffic Allowed | Sub Rule | Traffic Allowed by Network Firewall | Network Allow |
V 2.0 : 5_Traffic Session Started | Sub Rule | Network Session Created | Network Traffic |
V 2.0 : 5_Local Traffic Session Allowed | Sub Rule | Traffic Allowed by Network Firewall | Network Allow |
V 2.0 : 5_Traffic Blocked | Sub Rule | Traffic Denied by Network Firewall | Network Deny |
V 2.0 : 5_Traffic Reset | Sub Rule | Connection Reset | Network Traffic |
V 2.0 : 5_Traffic Allowed | Sub Rule | Traffic Allowed by Network Firewall | Network Allow |
V 2.0 : 6_Traffic Session Denied | Sub Rule | Traffic Denied by Network Firewall | Network Deny |
V 2.0 : 6_Traffic Session Timeout | Sub Rule | Session Timeout | Warning |
V 2.0 : 6_Forward Traffic Allowed | Sub Rule | Traffic Allowed by Network Firewall | Network Allow |
V 2.0 : 6_Traffic Session Started | Sub Rule | Network Session Created | Network Traffic |
V 2.0 : 6_Local Traffic Session Allowed | Sub Rule | Traffic Allowed by Network Firewall | Network Allow |
V 2.0 : 6_Traffic Blocked | Sub Rule | Traffic Denied by Network Firewall | Network Deny |
V 2.0 : 6_Traffic Reset | Sub Rule | Connection Reset | Network Traffic |
V 2.0 : 6_Traffic Allowed | Sub Rule | Traffic Allowed by Network Firewall | Network Allow |
V 2.0 : 8_Traffic Session Denied | Sub Rule | Traffic Denied by Network Firewall | Network Deny |
V 2.0 : 8_Traffic Session Timeout | Sub Rule | Session Timeout | Warning |
V 2.0 : 8_Forward Traffic Allowed | Sub Rule | Traffic Allowed by Network Firewall | Network Allow |
V 2.0 : 8_Traffic Session Started | Sub Rule | Network Session Created | Network Traffic |
V 2.0 : 8_Local Traffic Session Allowed | Sub Rule | Traffic Allowed by Network Firewall | Network Allow |
V 2.0 : 8_Traffic Blocked | Sub Rule | Traffic Denied by Network Firewall | Network Deny |
V 2.0 : 8_Traffic Reset | Sub Rule | Connection Reset | Network Traffic |
V 2.0 : 8_Traffic Allowed | Sub Rule | Traffic Allowed by Network Firewall | Network Allow |
V 2.0 : 9_Traffic Session Denied | Sub Rule | Traffic Denied by Network Firewall | Network Deny |
V 2.0 : 9_Traffic Session Timeout | Sub Rule | Session Timeout | Warning |
V 2.0 : 9_Forward Traffic Allowed | Sub Rule | Traffic Allowed by Network Firewall | Network Allow |
V 2.0 : 9_Traffic Session Started | Sub Rule | Network Session Created | Network Traffic |
V 2.0 : 9_Local Traffic Session Allowed | Sub Rule | Traffic Allowed by Network Firewall | Network Allow |
V 2.0 : 9_Traffic Blocked | Sub Rule | Traffic Denied by Network Firewall | Network Deny |
V 2.0 : 9_Traffic Reset | Sub Rule | Connection Reset | Network Traffic |
V 2.0 : 9_Traffic Allowed | Sub Rule | Traffic Allowed by Network Firewall | Network Allow |
V 2.0 : 10_Traffic Session Denied | Sub Rule | Traffic Denied by Network Firewall | Network Deny |
V 2.0 : 10_Traffic Session Timeout | Sub Rule | Session Timeout | Warning |
V 2.0 : 10_Forward Traffic Allowed | Sub Rule | Traffic Allowed by Network Firewall | Network Allow |
V 2.0 : 10_Traffic Session Started | Sub Rule | Network Session Created | Network Traffic |
V 2.0 : 10_Local Traffic Session Allowed | Sub Rule | Traffic Allowed by Network Firewall | Network Allow |
V 2.0 : 10_Traffic Blocked | Sub Rule | Traffic Denied by Network Firewall | Network Deny |
V 2.0 : 10_Traffic Reset | Sub Rule | Connection Reset | Network Traffic |
V 2.0 : 10_Traffic Allowed | Sub Rule | Traffic Allowed by Network Firewall | Network Allow |
V 2.0 : 11_Traffic Session Denied | Sub Rule | Traffic Denied by Network Firewall | Network Deny |
V 2.0 : 11_Traffic Session Timeout | Sub Rule | Session Timeout | Warning |
V 2.0 : 11_Forward Traffic Allowed | Sub Rule | Traffic Allowed by Network Firewall | Network Allow |
V 2.0 : 11_Traffic Session Started | Sub Rule | Network Session Created | Network Traffic |
V 2.0 : 11_Local Traffic Session Allowed | Sub Rule | Traffic Allowed by Network Firewall | Network Allow |
V 2.0 : 11_Traffic Blocked | Sub Rule | Traffic Denied by Network Firewall | Network Deny |
V 2.0 : 11_Traffic Reset | Sub Rule | Connection Reset | Network Traffic |
V 2.0 : 11_Traffic Allowed | Sub Rule | Traffic Allowed by Network Firewall | Network Allow |
V 2.0 : 7_Traffic Session Denied | Sub Rule | Traffic Denied by Network Firewall | Network Deny |
V 2.0 : 7_Traffic Session Timeout | Sub Rule | Session Timeout | Warning |
V 2.0 : 7_Forward Traffic Allowed | Sub Rule | Traffic Allowed by Network Firewall | Network Allow |
V 2.0 : 7_Traffic Session Started | Sub Rule | Network Session Created | Network Traffic |
V 2.0 : 7_Local Traffic Session Allowed | Sub Rule | Traffic Allowed by Network Firewall | Network Allow |
V 2.0 : 7_Traffic Blocked | Sub Rule | Traffic Denied by Network Firewall | Network Deny |
V 2.0 : 7_Traffic Reset | Sub Rule | Connection Reset | Network Traffic |
V 2.0 : 7_Traffic Allowed | Sub Rule | Traffic Allowed by Network Firewall | Network Allow |
V 2.0 : 22_Traffic Session Denied | Sub Rule | Traffic Denied by Network Firewall | Network Deny |
V 2.0 : 22_Traffic Session Timeout | Sub Rule | Session Timeout | Warning |
V 2.0 : 22_Forward Traffic Allowed | Sub Rule | Traffic Allowed by Network Firewall | Network Allow |
V 2.0 : 22_Traffic Session Started | Sub Rule | Network Session Created | Network Traffic |
V 2.0 : 22_Local Traffic Session Allowed | Sub Rule | Traffic Allowed by Network Firewall | Network Allow |
V 2.0 : 22_Traffic Blocked | Sub Rule | Traffic Denied by Network Firewall | Network Deny |
V 2.0 : 22_Traffic Reset | Sub Rule | Connection Reset | Network Traffic |
V 2.0 : 22_Traffic Allowed | Sub Rule | Traffic Allowed by Network Firewall | Network Allow |
V 2.0 : 13_Forward Traffic Client-rst | Sub Rule | Connection Reset | Network Traffic |
V 2.0 : 13_Forward Traffic Server-rst | Sub Rule | Connection Reset | Network Traffic |
Mapping with LogRhythm Schema
Device Key in Log Message | LogRhythm Schema | Data Type | Schema Description |
|---|---|---|---|
date | N/A | N/A | The date of the event. |
time | N/A | N/A | The time of the event. |
logid | <vmid> | Number | The log ID. |
type | <vendorinfo> | Text/String | The type of event. |
subtype | N/A | N/A | The subtype of the event. |
level | <severity> | Text/String | The level of the event. |
vd | <sessiontype> | Text/String | The virtual domain. |
eventtime | N/A | N/A | The event time in epoch format. |
srcip | <sip> | IP Address | The source IP address. |
srcport | <sport> | Number | The source port. |
srcintf | <sinterface> | Text/String | The source interface. |
srcintfrole | N/A | N/A | The role of the source interface. |
dstip | <dip> | IP Address | The destination IP address. |
dstport | <dport> | Number | The destination port. |
dstintf | <dinterface> | Text/String | The destination interface. |
dstintfrole | N/A | N/A | The role of the destination interface. |
srcuuid | N/A | N/A | The source UUID. |
dstuuid | N/A | N/A | The destination UUID. |
poluuid | N/A | N/A | The policy UUID. |
sessionid | <session> | Number | The session ID. |
proto | <protnum> | Number | The protocol. |
action | <action> | Text/String | The action taken by the firewall. |
policyid | <policy> | Number | The policy ID. |
policytype | N/A | N/A | The type of policy. |
service | <protname> | Text/String | The service. |
dstcountry | N/A | N/A | The destination country. |
srccountry | N/A | N/A | The source country. |
trandisp | N/A | N/A | The traffic disposition. |
transip | <snatip> | IP Address | The translated IP address. |
transport | <snatport> | Number | The transport. |
appid | <object> | Number | The application ID. |
app | <objectname> | Text/String | The application. |
appcat | <objecttype> | Text/String | The application category. |
apprisk | <threatname> | Text/String | The application risk. |
applist | N/A | N/A | The application list. |
duration | <seconds> | Number | The duration of the event. |
sentbyte | <bytesin> | Number | The number of sent bytes. |
rcvdbyte | <bytesout> | Number | The number of received bytes. |
sentpkt | <packetsin> | Number | The number of sent packets. |
rcvdpkt | <packetsout> | Number | The number of received packets. |
utmaction | <status> | Text/String | The UTM action. |
countapp | <quantity> | Number | The number of applications. |
osname | N/A | N/A | The operating system name. |
mastersrcmac | N/A | N/A | The master source MAC address. |
srcmac | <smac> | Text/String | The source MAC address. |
srcserver | N/A | N/A | The source server. |
utmref | N/A | N/A | The UTM reference. |
user | <login> <domainorigin> | Text/String | User name |