Skip to main content
Skip table of contents

Syslog Fortinet FortiGate - V 2.0 : UTM : App-Ctrl

Vendor Documentation

Classification

Rule Name

Rule Type

Common Event

Classification

V 2.0 : UTM : App-Ctrl

Base Rule

General Application Control Message

Information

V 2.0 : UTM App Ctrl IPS Pass

Sub Rule

Traffic Allowed by IDS/IPS

Network Allow

V 2.0 : UTM App Ctrl IPS Block

Sub Rule

Traffic Denied by IDS/IPS

Network Deny

V 2.0 : UTM App Ctrl IPS Reset

Sub Rule

General IPS Message

Information

V 2.0 : Logid_App_Ctrl_Im_Basic

Sub Rule

Application Control IM Message

Information

V 2.0 : Logid_App_Ctrl_Im_Basic_With_Status

Sub Rule

Application Control IM Message

Information

V 2.0 : Logid_App_Ctrl_Im_Basic_With_Count

Sub Rule

Application Control IM Message

Information

V 2.0 : Logid_App_Ctrl_Im_File

Sub Rule

Application Control IM Message

Information

V 2.0 : Logid_App_Ctrl_Im_Chat

Sub Rule

Application Control IM Message

Information

V 2.0 : Logid_App_Ctrl_Im_Chat_Block

Sub Rule

Application Control IM Message

Information

V 2.0 : Logid_App_Ctrl_Im_Block

Sub Rule

Application Control IM Message

Information

V 2.0 : Logid_App_Ctrl_Ssh_Pass

Sub Rule

SSH Session Opened

Network Traffic

V 2.0 : Logid_App_Ctrl_Ssh_Block

Sub Rule

Denied SSH Session

Warning

Mapping with LogRhythm Schema

Device Key in Log Message

LogRhythm Schema

Data Type

Schema Description

date

N/A

N/A

The date of the log entry.

time

N/A

N/A

The time of the log entry.

logid

<vmid>

Number

The unique identifier for the log entry.

type

<vendorinfo>

Text/String

The type of log event.

subtype

N/A

N/A

The subtype of the log event.

eventtype

N/A

N/A

The type of application control event (all applications in this case).

level

<severity>

Text/String

The severity level of the log event.

vd

N/A

N/A

The virtual domain associated with the log event.

eventtime

N/A

N/A

The timestamp of the event.

appid

<object>

Number

The application ID.

user

<login>

Text/String

N/A

srcip

<sip>

IP Address

The source IP address of the communication.

dstip

<dip>

IP Address

The destination IP address of the communication.

srcport

<sport>

Number

The source port number.

dstport

<dport>

Number

The destination port number.

srcintf

<sinterface>

Text/String

The source interface.

srcintfrole

N/A

N/A

The role of the source interface.

dstintf

<dinterface>

Text/String

The destination interface.

dstintfrole

N/A

N/A

The role of the destination interface.

proto

<protnum>

Number

The protocol number (TCP in this case).

service

<protname>

Text/String

The service or protocol being used.

direction

N/A

N/A

The direction of the communication (outgoing in this case).

policyid

<policy>

Number

The ID of the policy associated with the log event.

sessionid

<session>

Number

The ID of the session associated with the log event.

applist

N/A

N/A

The application list.

appcat

<objectype>

Text/String

The category of the application.

app

<objectname>

Text/String

The name of the application.

action

<action>

Text/String

The action taken by the system (pass in this case).

hostname

<dname>

Text/String

The hostname of the communication.

incidentserialno

<serialnumber>

Number

The serial number of the incident.

url

<url>

Text/String

The URL of the communication.

msg

<subject>

Text/String

Additional message or description of the log event.

apprisk

N/A

N/A

The risk level associated with the application.

scertcname

N/A

N/A

The common name of the server certificate.

scertissuer

N/A

N/A

The issuer of the server certificate.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.