Skip to main content
Skip table of contents

Syslog Fortinet FortiGate - V 2.0 : Traffic : Local

Vendor Documentation

Classification

Rule Name

Rule Type

Common Event

Classification

V 2.0 : Traffic : Local

Base Rule

General Traffic Log

Network Traffic

V 2.0 : 14_Forward Traffic Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

V 2.0 : 14_Traffic Session Denied

Sub Rule

Traffic Denied by Network Firewall

Network Deny

V 2.0 : 14_Local Traffic Session Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

V 2.0 : 14_Traffic Session Timeout

Sub Rule

Session Timeout

Warning

V 2.0 : LOG_ID_TRAFFIC_END_LOCAL

Sub Rule

Disconnect Session

Network Traffic

V 2.0 : 14_Traffic Session Started

Sub Rule

Network Session Created

Network Traffic

V 2.0 : LOG_ID_TRAFFIC_START_LOCAL

Sub Rule

Network Session Created

Network Traffic

V 2.0 : 16_Traffic Session Denied

Sub Rule

Traffic Denied by Network Firewall

Network Deny

V 2.0 : 16_Traffic Session Timeout

Sub Rule

Session Timeout

Warning

V 2.0 : 16_Forward Traffic Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

V 2.0 : 16_Traffic Session Started

Sub Rule

Network Session Created

Network Traffic

V 2.0 : 16_Local Traffic Session Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

Mapping with LogRhythm Schema

Device Key in Log Message

LogRhythm Schema

Data Type

Schema Description

date

N/A

N/A

The date of the event.

time

N/A

N/A

The time of the event.

logid

<vmid>

Number

A unique identifier for the log event.

type

<vendorinfo>

Text/String

The type of traffic event. In this case, it is a local traffic event.

subtype

N/A

N/A

The subtype of the traffic event. In this case, it is a local traffic event.

level

<severity>

Text/String

The severity level of the log event. In this case, it is a notice.

vd

N/A

N/A

The vdom in which the log event occurred.

eventtime

N/A

N/A

The time at which the log event occurred.

srcip

<sip>

IP Address

The source IP address of the traffic event.

srcport

<sport>

Number

The source port of the traffic event.

dstip

<dip>

IP Address

The destination IP address of the traffic event.

dstport

<dport>

Number

The destination port of the traffic event.

dstcountry

N/A

N/A

The country code of the destination IP address.

srccountry

N/A

N/A

The country code of the source IP address.

trandisp

N/A

N/A

The traffic disposition. In this case, it is a noop, which means that the traffic was not intercepted.

proto

<protnum>

Number

The transport protocol of the traffic event. In this case, it is TCP.

action

<action>
<tag1>

Text/String

N/A

policyid

<policy>

Number

N/A

duration

<seconds>

Number

The duration of the traffic event in seconds.

sentbyte

<bytesin>

Number

The number of bytes sent during the traffic event.

rcvdbyte

<bytesout>

Number

The number of bytes received during the traffic event.

sentpkt

<packetsin>

Number

The number of packets sent during the traffic event.

rcvdpkt

<packetsout>

Number

The number of packets received during the traffic event.

app

<object>

Text/String

The application associated with the traffic event.

appcat

<objecttype>

Text/String

The application category of the traffic event. In this case, the application has not been scanned by FortiGate.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.