Skip to main content
Skip table of contents

Syslog Fortinet FortiGate - V 2.0 : UTM : DNS

Vendor Documentation

Classification

Rule Name

Rule Type

Common Event

Classification

V 2.0 : UTM : DNS

Base Rule

General DNS Information

Information

V 2.0 : Log_Id_Dns_Url_Filter_Allow

Sub Rule

General DNS Information

Information

V 2.0 : Log_Id_Dns_Botnet_Ip

Sub Rule

Blocked Message

Failed Activity

V 2.0 : Log_Id_Dns_Botnet_Domain

Sub Rule

Blocked Message

Failed Activity

V 2.0 : Log_Id_Dns_Ftgd_Warning

Sub Rule

Rating Error

Error

V 2.0 : Log_Id_Dns_Ftgd_Error

Sub Rule

Rating Error

Error

V 2.0 : Log_Id_Dns_Ftgd_Cat_Allow

Sub Rule

General DNS Information

Information

V 2.0 : Log_Id_Dns_Ftgd_Cat_Block

Sub Rule

Blocked Message

Failed Activity

V 2.0 : LOG_ID_DNS_QUERY

Sub Rule

DNS Query

Information

V 2.0 : LOG_ID_DNS_RESOLV_ERROR

Sub Rule

General DNS Error

Error

V 2.0 : LOG_ID_DNS_URL_FILTER_BLOCK

Sub Rule

Blocked Message

Failed Activity

V 2.0 : LOG_ID_DNS_SAFE_SEARCH

Sub Rule

Redirected For Safe Search

Information

V 2.0 : LOG_ID_DNS_LOCAL

Sub Rule

DNS Query

Information

Mapping with LogRhythm Schema

Device Key in Log Message

LogRhythm Schema

Data Type

Schema Description

date

N/A

N/A

The date of the log entry.

time

N/A

N/A

The time of the log entry.

logid

<vmid>

Number

The unique identifier for the log entry.

type

<vendorinfo>

Text/String

The type of log event.

subtype

N/A

N/A

The subtype of the log event.

eventtype

N/A

N/A

The type of DNS event (DNS response in this case).

level

<severity>

Text/String

The severity level of the log event.

vd

N/A

N/A

The virtual domain associated with the log event.

eventtime

N/A

N/A

The timestamp of the event.

policyid

<policy>

Number

The ID of the policy associated with the log event.

sessionid

<session>

Number

The ID of the session associated with the log event.

srcip

<sip>

IP Address

The source IP address of the communication.

srcport

<sport>

Number

The source port number.

srcintf

<sinterface>

Text/String

The source interface.

srcintfrole

N/A

N/A

The role of the source interface.

dstip

<dip>

IP Address

The destination IP address of the communication.

dstport

<dport>

Number

The destination port number.

dstintf

<dinterface>

Text/String

The destination interface.

dstintfrole

N/A

N/A

The role of the destination interface.

proto

<protnum>

Number

The protocol number (UDP in this case).

profile

N/A

N/A

The profile applied to the log event.

srcmac

<smac>

Text/String

The source MAC address.

xid

N/A

N/A

The transaction ID of the DNS query.

qname

N/A

N/A

The queried domain name.

qtype

N/A

N/A

The queried record type (AAAA in this case).

qtypeval

N/A

N/A

The numerical value of the queried record type.

qclass

N/A

N/A

The queried record class.

ipaddr

N/A

N/A

The resolved IP address for the queried domain.

msg

<subject>

Text/String

Additional message or description of the log event.

action

<action>

Text/String

The action taken by the system (pass in this case).

cat

<object>

Number

The ID of the category associated with the log event.

catdesc

<objectname>

Text/String

The description of the category.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.