Skip to main content
Skip table of contents

System/HA Statistical Messages

Vendor Documentation

https://www.fortinet.com/products.html

Classification

Rule Name

Rule Type

Common Event

Classification

System/HA Statistical MessagesBase RuleLog StatisticsInformation
Admin Login FailureSub RuleUser Logon FailureAuthentication Failure
Admin Login SuccessfulSub RuleUser LogonAuthentication Success
Email Send Status : FailedSub RuleEmail Message Routing ErrorError
Admin Logout SuccessfulSub RuleUser LogoffAuthentication Success
Admin Add ObjectSub RuleObject AddedAccess Success
Admin Edit ObjectSub RuleObject ModifiedAccess Success
Admin Delete ObjectSub RuleObject Deleted/RemovedAccess Success
Ban IPSub RuleQuarantined Message BlocklistFailed Activity
Warning MessagesSub RuleGeneral Application WarningWarning
Object MovedSub RuleObject MovedAccess Success

Mapping with LogRhythm Schema  

Device Key in Log MessageLogRhythm SchemaData TypeSchema Description
level<severity>Text/StringEach log entry contains a Level (level) field that indicates the estimated severity of the event that caused the log entry.
logid

<vmid>

NumberThe ID (logid) is a 10-digit field. It is a unique identifier for that specific log.
srcip<sip>IP AddressIP address of the traffic’s origin
ui<sname>Text/StringN/A
dstip<dip>IP AddressDestination IP address for the web.
srcport<sport>NumberPort number of the traffic's origin
dstport<dport>NumberPort number of the traffic's destination.
interface<sinterface>Text/StringN/A
proto<protnum>NumberN/A
user<login>Text/StringN/A
service<session>Text/String/NumberN/A
subtype<object>Text/StringN/A
msg<subject>Text/StringN/A
banned_rule<threatname>Text/StringN/A
logdesc<command>Text/StringN/A
action

<action>

<tag1>

Text/StringN/A
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close