Syslog - Fortinet FortiGate v6.0
Device Details
| Device Name | Fortinet Fortigate v6.0 |
|---|---|
| Vendor | Fortinet |
| Device Type | Firewall |
| Supported Model Name/Number | V6.0 |
| Supported Software Version | V6 |
| Collection Method | Syslog |
| Configurable Log Output | N/A |
| Log Source Type | Syslog - Fortinet Fortigate v6.0 |
| Log Processing Policy | Logrhythm Default |
| Exceptions | N/A |
| Additional Information | https://www.fortinet.com/products.html https://docs.fortinet.com/document/fortigate/6.0.6/fortios-log-message-reference/524940/introduction |
Supported Log Messages
(List of LR Tags used to parse the log information for each message type)
| Type | Product Version | Supported Schema Fields |
|---|---|---|
All | <action>, <dinterface>, <dip>, <dport>, <policy>, <protnum>, <session>, <severity>, <sinterface>, <sip>, <sport>, <subject>, <threatname>, <url>, <vmid>, <tag1> | |
| Catch All : Level 3 | All | <vmid> |
All | <severity>, <vmid>, <tag1>, <session>, <account>, <sip>, <sport>, <sinterface>, <dip>, <dport>, <dinterface>, <protnum>, <dname>, <subject>, <reason> | |
All | <severity>, <vmid>, <tag1>, <action>, <result>, <reason>, <status>, <subject> | |
| Event : Endpoint | All | <domainorigin>, <vmid>, <policy>, <subject>, <severity>, <vendorinfo>, <action>, <tag1>, <status>, <sessiontype>, <quantity>, <login>, <sip>, <sname>, <smac>, <objectname>, <objecttype>, <url>, <result> |
All | <severity>, <vmid>, <tag1>, <status>, <subject> | |
All | <severity>, <vmid>, <tag1>, <account>, <status>, <subject> | |
All | <severity>, <vmid>, <tag1>, <object>, <serialnumber>, <login>, <sessiontype>, <sip>, <dip>, <account>, <action>, <status>, <reason>, <subject>, <sinterface>, <dinterface>, <sport>, <dport>, <version>, <protnum>, <threatname>, <policy>, | |
All | <severity>, <vmid>, <tag1>, <status>, <sip>, <dip>, <login>, <group>, <action>, <reason>, <object>, <objecttype>, <subject> | |
All | <severity>, <vmid>, <tag1>, <status>, <action>, <session>, <sip>, <account>, <group>, <dname>, <reason>, <seconds>, <bytesout>, <bytesin>, <subject>, <dip>, <sport>, <dport>, <sinterface> | |
All | <severity>, <vmid>, <tag1>, <status>, <session>, <subject>, <sip>, <sport>, <dip>, <dport>, <action> | |
All | <severity>, <vmid>, <tag1>, <status>, <serialnumber>, <object>, <sip>, <sname>, <smac>, <action>, <reason>, <subject> | |
| Failed Window AD Network Messages | All | <severity>, <dname>, <login>, <domainorigin>, <vmid>, <tag1>, <action>, <status>, <subject>, <url> |
| Gateway Logs | All | <severity>, <version>, <dname>, <login>, <vmid>, <tag1>, <domainorigin>, <subject>, <sip>, <dip> |
All | <subject>, <vmid>, <tag1>, <severity>, <sip>, <sport>, <sinterface>, <dip>, <dport>, <dinterface>, <session>, <protnum>, <action>, <tag2>, <login> , <group>, <policy>, <dnatip>, <snatip>, <processid>, <object>, <objectname>, <status>, <url>, <duration>, <bytesout>, <bytesin>, <result>, <tag3> | |
All | <subject>, <vmid>, <tag1>, <sip>, <sport>, <sinterface>, <dip>, <dport>, <dinterface>, <session>, <protnum>, <action>, <tag2>, <policy>, <bytesout>, <bytesin>, <packetsout>, <packetsin>, <objectname> | |
All | <vmid>, <tag1>, <severity>, <sip>, <sport>, <sinterface>, <dip>, <dport>, <dinterface>, <session>, <protnum>, <action>, <tag2>, <policy>, <bytesout>, <bytesin>, <packetsout>, <packetsin> | |
| Traffic : Sniffer | All | <subject>, <vmid>, <tag1>, <severity>, <domain>, <sip>, <sport>, <sinterface>, <dip>, <dport>, <dinterface>, <session>, <protnum>, <action>, <tag2>, <policy>, <protname>, <snatip>, <bytesout>, <bytesin>, <itemsout>, <itemsin>, <object>, <objectname>, <tag3> |
All | <severity>, <vmid>, <tag1>, <processid>, <account>, <group>, <sip>, <sport>, <sinterface>, <dip>, <dport>, <dinterface>, <protnum>, <session>, <action>, <objectname>, <object>, <url>, | |
All | <severity>, <vmid>, <tag1>, <session>, <account>, <group>, <sip>, <sport>, <sinterface>, <dip>, <dport>, <dinterface>, <protnum>, <objecttype>, <action>, <sname>, <url>, <useragent>, <object>, <sender>, <recipient>, <subject> | |
| UTM : DNS | All | <severity>, <vmid>, <tag1>, <policy>, <session>, <account>, <sport>, <sinterface>, <dport>, <dinterface>, <protnum>, <dname>, <subject>, <reason> |
All | <severity>, <sinterface>, <sip>, <subject>, <vmid> , <tag1>, <object>, <dip>, <dinterface>, <session>, <action>, <protnum>, <protname>, <threatname>, <threatid>, <domainorigin>, <login>, <group>, <subject> | |
| UTM : SSL Messages | All | <severity>, <vmid>, <policy>, <session>, <useragent>, <sip>, <sport>, <dip>, <dport>, <sinterface>, <dinterface>, <protnum>, <action>, <tag1>, <subject>, <reason> |
All | <severity>, <vmid>, <tag1>, <subject>, <session>, <action>, <sip>, <dip>, <sport>, <dport>, <sinterface>, <dinterface>, <protnum>, <object>, <threatname>, <objecttype>, <url> | |
All | <severity>, <vmid>, <tag1>, <session>, <sip>, <sport>, <dip>, <dport>, <protnum>, <sinterface>, <dinterface>, <action>, <status>, <seconds>, <sender>, <recipient> | |
All | <severity>, <vmid>, <tag1>, <session>, <login>, <group>, <sip>, <sport>, <sinterface>, <dip>, <dport>, <dinterface>, <protnum>, <action>, <sessiontype>, <sname>, <url>, <bytesin>, <bytesout>, <object>, <subject>, <policy>, <size>, <group> |
Revision History
KB Version | Log Type | Change Type | Details |
|---|---|---|---|
| KB 7.1.601.0 | N/A | Documentation | Initial documentation in new DCG format |