Skip to main content
Skip table of contents

Syslog Fortinet FortiGate - V 2.0 : UTM : Anomaly

Vendor Documentation

Classification

Rule Name

Rule Type

Common Event

Classification

V 2.0 : UTM : Anomaly

Base Rule

General Firewall Event

Information

V 2.0 : Anomaly Attack Anomaly Tcp Udp

Sub Rule

General Attack Activity

Attack

V 2.0 : Logid_Attck_Anomaly_Icmp

Sub Rule

General Attack Activity

Attack

V 2.0 : Logid_Attck_Anomaly_Others

Sub Rule

General Attack Activity

Attack

Mapping with LogRhythm Schema

Device Key in Log Message

LogRhythm Schema

Data Type

Schema Description

date

N/A

N/A

The date of the log entry.

time

N/A

N/A

The time of the log entry.

logid

<vmid>

Number

The unique identifier for the log entry.

type

<vendorinfo>

Text/String

The type of log event.

subtype

N/A

N/A

The subtype of the log event.

eventtype

N/A

N/A

The specific type of anomaly event.

level

N/A

N/A

The severity level of the log event.

vd

N/A

N/A

The virtual domain associated with the log event.

eventtime

N/A

N/A

The timestamp of the event.

severity

<severity>

Text/String

The severity level of the anomaly event.

srcip

<sip>

IP Address

The source IP address of the communication.

srccountry

N/A

N/A

The country associated with the source IP address.

dstip

<dip>

IP Address

The destination IP address of the communication.

srcintf

<sinterface>

Text/String

The source interface.

srcintfrole

N/A

N/A

The role of the source interface.

sessionid

<session>

Number

The ID of the session associated with the log event.

action

<action>

Text/String

The action taken by the system (clearing the session in this case).

proto

<protnum>

Number

The protocol number (ICMP in this case).

service

<protname>

Text/String

The service or protocol being used.

count

<quantity>

Number

The count of ICMP packets observed.

attack

<threatname>

Text/String

The name of the detected attack.

icmpid

N/A

N/A

The ICMP packet identifier.

icmptype

N/A

N/A

The ICMP packet type.

icmpcode

N/A

N/A

The ICMP packet code.

attackid

<threatid>

Number

The ID of the detected attack.

policyid

<policy>

Number

The ID of the policy associated with the log event.

policytype

N/A

N/A

The type of policy associated with the log event.

ref

<url>

Text/String

Reference link for more information about the attack.

msg

<subject>

Text/String

Additional message or description of the log event.

crscore

N/A

N/A

The risk score associated with the event.

craction

N/A

N/A

The action taken based on the risk score (4096 in this case).

crlevel

N/A

N/A

The risk level associated with the event.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.