Traffic : Forward 1
Vendor Documentation
| https://www.fortinet.com/products.html https://docs.fortinet.com/document/fortigate/6.0.6/fortios-log-message-reference/524940/introduction |
Classification
Rule Name | Rule Type | Classification | Common Event |
|---|---|---|---|
| Traffic: Forward | Base Rule | Network Traffic | Network Traffic |
| Sniffer Traffic Accept | Sub Rule | Network Allow | Traffic Allowed by Network Firewall |
| Forwarded Traffic Blocked | Sub Rule | Network Deny | Traffic Denied by Network Firewall |
| Local Traffic Accept | Sub Rule | Network Allow | Traffic Allowed by Network Firewall |
| Local Traffic Denied | Sub Rule | Network Deny | Traffic Denied by Network Firewall |
| Local Traffic Accepted | Sub Rule | Network Allow | Traffic Allowed by Network Firewall |
| Forwarded Traffic Timeout | Sub Rule | Information | User Session Timeout |
| Forwarded Traffic Close | Sub Rule | Network Traffic | Connection Closed |
| Forwarded Traffic Accept - Reset | Sub Rule | Network Traffic | Connection Reset |
| Local Traffic Denied | Sub Rule | Network Deny | Traffic Denied by Network Firewall |
| Forwarded Traffic Denied | Sub Rule | Network Deny | Traffic Denied by Network Firewall |
| Local Traffic Deny | Sub Rule | Network Deny | Traffic Denied by Network Firewall |
| Forwarded Traffic Deny | Sub Rule | Network Deny | Traffic Denied by Network Firewall |
| Forward Traffic Deny | Sub Rule | Network Deny | Traffic Denied by Network Firewall |
| ICMP Traffic Allow | Sub Rule | Network Allow | Traffic Allowed by Network Firewall |
| Invalid Traffic | Sub Rule | Network Traffic | Connection Failed |
| Malware Activity Blocked | Sub Rule | Failed Malware | Failed Botnet Activity |
| Forwarded Traffic Allowed | Sub Rule | Network Allow | Traffic Allowed by Network Firewall |
| Forwarded Traffic Start | Sub Rule | Network Allow | Traffic Allowed by Network Firewall |
| Local Traffic Accepted | Sub Rule | Network Allow | Traffic Allowed by Network Firewall |
| Forwarded Traffic | Sub Rule | Network Allow | Traffic Allowed by Network Firewall |
| Forwarded Traffic Session Closed | Sub Rule | Network Traffic | Connection Closed |
| Forwarded Traffic Accept | Sub Rule | Network Allow | Traffic Allowed by Network Firewall |
| Forwarded Traffic Timed Out | Sub Rule | Other Audit Success | Session Disconnected |
| Local Traffic Accept | Sub Rule | Network Allow | Traffic Allowed by Network Firewall |
| Local Traffic Timeout | Sub Rule | Other Audit Success | Session Disconnected |
| Network/Traffic Allowed Messages | Sub Rule | Network Allow | Traffic Allowed by Network Firewall |
Mapping with LogRhythm Schema
| Device Key in Log Message | LogRhythm Schema | Data Type | Schema Description |
| devname | <subject> | Text/String | severity |
| logid | <vmid> <tag1> | Number | N/A |
| level | <severity> | Number/Text | N/A |
| srcip | <sip> | IP Address | IP Address |
| srcport | <sport> | Number | N/A |
| srcintf | <sinterface> | Text/String/Number | N/A |
| dstip | <dip> | IP Address | IP Address |
| dstport | <dport> | Number | N/A |
| dstintf | <dinterface> | Text/String/Number | N/A |
| sessionid | <session> | Number/Text/String | N/A |
| proto | <protnum> | Number | N/A |
| action | <action> <tag2> | Text/String | N/A |
| user | <login> | Text/String | N/A |
| group | <group> | Text/String | N/A |
| policyid | <policy> | Number | N/A |
| tranip | <dnatip> | IP Address | IP Address |
| transip | <snatip> | IP Address | IP Address |
| appid | <processid> | Number | N/A |
| app | <object> | Text/String | N/A |
| appcat | <objectname> | Text/String | N/A |
appact | <status> | Text/String | N/A |
| apprisk | <severity> | Text/String | N/A |
| url | <url> | Text/String | N/A |
| duration | <duration> | Number | N/A |
| sentbyte | <bytesout> | Number | N/A |
| rcvdbyte | <bytesin> | Number | N/A |
| utmaction | <result> <tag3> | Text/String | N/A |