Device Details
|
Device Name |
Fortinet Fortigate v6.0 |
|---|---|
|
Vendor |
Fortinet |
|
Device Type |
Firewall |
|
Supported Model Name/Number |
V6.0 |
|
Supported Software Version |
V6 |
|
Collection Method |
Syslog |
|
Configurable Log Output |
N/A |
|
Log Source Type |
Syslog - Fortinet Fortigate v6.0 |
|
Log Processing Policy |
Logrhythm Default |
|
Exceptions |
N/A |
|
Additional Information |
https://www.fortinet.com/products.html https://docs.fortinet.com/document/fortigate/6.0.6/fortios-log-message-reference/524940/introduction |
Supported Log Messages
(List of LR Tags used to parse the log information for each message type)
|
Type |
Product Version |
Supported Schema Fields
|
|---|---|---|
|
All |
<action>, <dinterface>, <dip>, <dport>, <policy>, <protnum>, <session>, <severity>, <sinterface>, <sip>, <sport>, <subject>, <threatname>, <url>, <vmid>, <tag1> |
|
|
Catch All : Level 3 |
All |
<vmid> |
|
All |
<severity>, <vmid>, <tag1>, <session>, <account>, <sip>, <sport>, <sinterface>, <dip>, <dport>, <dinterface>, <protnum>, <dname>, <subject>, <reason> |
|
|
All |
<severity>, <vmid>, <tag1>, <action>, <result>, <reason>, <status>, <subject> |
|
|
Event : Endpoint |
All |
<domainorigin>, <vmid>, <policy>, <subject>, <severity>, <vendorinfo>, <action>, <tag1>, <status>, <sessiontype>, <quantity>, <login>, <sip>, <sname>, <smac>, <objectname>, <objecttype>, <url>, <result> |
|
All |
<severity>, <vmid>, <tag1>, <status>, <subject> |
|
|
All |
<severity>, <vmid>, <tag1>, <account>, <status>, <subject> |
|
|
All |
<severity>, <vmid>, <tag1>, <object>, <serialnumber>, <login>, <sessiontype>, <sip>, <dip>, <account>, <action>, <status>, <reason>, <subject>, <sinterface>, <dinterface>, <sport>, <dport>, <version>, <protnum>, <threatname>, <policy>, |
|
|
All |
<severity>, <vmid>, <tag1>, <status>, <sip>, <dip>, <login>, <group>, <action>, <reason>, <object>, <objecttype>, <subject> |
|
|
All |
<severity>, <vmid>, <tag1>, <status>, <action>, <session>, <sip>, <account>, <group>, <dname>, <reason>, <seconds>, <bytesout>, <bytesin>, <subject>, <dip>, <sport>, <dport>, <sinterface> |
|
|
All |
<severity>, <vmid>, <tag1>, <status>, <session>, <subject>, <sip>, <sport>, <dip>, <dport>, <action> |
|
|
All |
<severity>, <vmid>, <tag1>, <status>, <serialnumber>, <object>, <sip>, <sname>, <smac>, <action>, <reason>, <subject> |
|
|
Failed Window AD Network Messages |
All |
<severity>, <dname>, <login>, <domainorigin>, <vmid>, <tag1>, <action>, <status>, <subject>, <url> |
|
Gateway Logs |
All |
<severity>, <version>, <dname>, <login>, <vmid>, <tag1>, <domainorigin>, <subject>, <sip>, <dip> |
|
All |
<subject>, <vmid>, <tag1>, <severity>, <sip>, <sport>, <sinterface>, <dip>, <dport>, <dinterface>, <session>, <protnum>, <action>, <tag2>, <login> , <group>, <policy>, <dnatip>, <snatip>, <processid>, <object>, <objectname>, <status>, <url>, <duration>, <bytesout>, <bytesin>, <result>, <tag3> |
|
|
All |
<subject>, <vmid>, <tag1>, <sip>, <sport>, <sinterface>, <dip>, <dport>, <dinterface>, <session>, <protnum>, <action>, <tag2>, <policy>, <bytesout>, <bytesin>, <packetsout>, <packetsin>, <objectname> |
|
|
All |
<vmid>, <tag1>, <severity>, <sip>, <sport>, <sinterface>, <dip>, <dport>, <dinterface>, <session>, <protnum>, <action>, <tag2>, <policy>, <bytesout>, <bytesin>, <packetsout>, <packetsin> |
|
| Traffic : Sniffer |
All |
<subject>, <vmid>, <tag1>, <severity>, <domain>, <sip>, <sport>, <sinterface>, <dip>, <dport>, <dinterface>, <session>, <protnum>, <action>, <tag2>, <policy>, <protname>, <snatip>, <bytesout>, <bytesin>, <itemsout>, <itemsin>, <object>, <objectname>, <tag3> |
|
All |
<severity>, <vmid>, <tag1>, <processid>, <account>, <group>, <sip>, <sport>, <sinterface>, <dip>, <dport>, <dinterface>, <protnum>, <session>, <action>, <objectname>, <object>, <url>, |
|
|
All |
<severity>, <vmid>, <tag1>, <session>, <account>, <group>, <sip>, <sport>, <sinterface>, <dip>, <dport>, <dinterface>, <protnum>, <objecttype>, <action>, <sname>, <url>, <useragent>, <object>, <sender>, <recipient>, <subject> |
|
|
UTM : DNS |
All |
<severity>, <vmid>, <tag1>, <policy>, <session>, <account>, <sport>, <sinterface>, <dport>, <dinterface>, <protnum>, <dname>, <subject>, <reason> |
|
All |
<severity>, <sinterface>, <sip>, <subject>, <vmid> , <tag1>, <object>, <dip>, <dinterface>, <session>, <action>, <protnum>, <protname>, <threatname>, <threatid>, <domainorigin>, <login>, <group>, <subject> |
|
|
UTM : SSL Messages |
All |
<severity>, <vmid>, <policy>, <session>, <useragent>, <sip>, <sport>, <dip>, <dport>, <sinterface>, <dinterface>, <protnum>, <action>, <tag1>, <subject>, <reason> |
|
All |
<severity>, <vmid>, <tag1>, <subject>, <session>, <action>, <sip>, <dip>, <sport>, <dport>, <sinterface>, <dinterface>, <protnum>, <object>, <threatname>, <objecttype>, <url> |
|
|
All |
<severity>, <vmid>, <tag1>, <session>, <sip>, <sport>, <dip>, <dport>, <protnum>, <sinterface>, <dinterface>, <action>, <status>, <seconds>, <sender>, <recipient> |
|
|
All |
<severity>, <vmid>, <tag1>, <session>, <login>, <group>, <sip>, <sport>, <sinterface>, <dip>, <dport>, <dinterface>, <protnum>, <action>, <sessiontype>, <sname>, <url>, <bytesin>, <bytesout>, <object>, <subject>, <policy>, <size>, <group>
|
Revision History
|
KB Version |
Log Type |
Change Type |
Details |
|---|---|---|---|
|
KB 7.1.601.0 |
N/A |
Documentation |
Initial documentation in new DCG format |