Traffic : Forward 1

https://www.fortinet.com/products.html

https://docs.fortinet.com/document/fortigate/6.0.6/fortios-log-message-reference/524940/introduction

Rule Name	Rule Type	Classification	Common Event
Traffic: Forward	Base Rule	Network Traffic	Network Traffic
Sniffer Traffic Accept	Sub Rule	Network Allow	Traffic Allowed by Network Firewall
Forwarded Traffic Blocked	Sub Rule	Network Deny	Traffic Denied by Network Firewall
Local Traffic Accept	Sub Rule	Network Allow	Traffic Allowed by Network Firewall
Local Traffic Denied	Sub Rule	Network Deny	Traffic Denied by Network Firewall
Local Traffic Accepted	Sub Rule	Network Allow	Traffic Allowed by Network Firewall
Forwarded Traffic Timeout	Sub Rule	Information	User Session Timeout
Forwarded Traffic Close	Sub Rule	Network Traffic	Connection Closed
Forwarded Traffic Accept - Reset	Sub Rule	Network Traffic	Connection Reset
Local Traffic Denied	Sub Rule	Network Deny	Traffic Denied by Network Firewall
Forwarded Traffic Denied	Sub Rule	Network Deny	Traffic Denied by Network Firewall
Local Traffic Deny	Sub Rule	Network Deny	Traffic Denied by Network Firewall
Forwarded Traffic Deny	Sub Rule	Network Deny	Traffic Denied by Network Firewall
Forward Traffic Deny	Sub Rule	Network Deny	Traffic Denied by Network Firewall
ICMP Traffic Allow	Sub Rule	Network Allow	Traffic Allowed by Network Firewall
Invalid Traffic	Sub Rule	Network Traffic	Connection Failed
Malware Activity Blocked	Sub Rule	Failed Malware	Failed Botnet Activity
Forwarded Traffic Allowed	Sub Rule	Network Allow	Traffic Allowed by Network Firewall
Forwarded Traffic Start	Sub Rule	Network Allow	Traffic Allowed by Network Firewall
Local Traffic Accepted	Sub Rule	Network Allow	Traffic Allowed by Network Firewall
Forwarded Traffic	Sub Rule	Network Allow	Traffic Allowed by Network Firewall
Forwarded Traffic Session Closed	Sub Rule	Network Traffic	Connection Closed
Forwarded Traffic Accept	Sub Rule	Network Allow	Traffic Allowed by Network Firewall
Forwarded Traffic Timed Out	Sub Rule	Other Audit Success	Session Disconnected
Local Traffic Accept	Sub Rule	Network Allow	Traffic Allowed by Network Firewall
Local Traffic Timeout	Sub Rule	Other Audit Success	Session Disconnected
Network/Traffic Allowed Messages	Sub Rule	Network Allow	Traffic Allowed by Network Firewall

Device Key in Log Message	LogRhythm Schema	Data Type	Schema Description
devname	<subject>	Text/String	severity
logid	<vmid> <tag1>	Number	N/A
level	<severity>	Number/Text	N/A
srcip	<sip>	IP Address	IP Address
srcport	<sport>	Number	N/A
srcintf	<sinterface>	Text/String/Number	N/A
dstip	<dip>	IP Address	IP Address
dstport	<dport>	Number	N/A
dstintf	<dinterface>	Text/String/Number	N/A
sessionid	<session>	Number/Text/String	N/A
proto	<protnum>	Number	N/A
action	<action> <tag2>	Text/String	N/A
user	<login>	Text/String	N/A
group	<group>	Text/String	N/A
policyid	<policy>	Number	N/A
tranip	<dnatip>	IP Address	IP Address
transip	<snatip>	IP Address	IP Address
appid	<processid>	Number	N/A
app	<object>	Text/String	N/A
appcat	<objectname>	Text/String	N/A
appact	<status>	Text/String	N/A
apprisk	<severity>	Text/String	N/A
url	<url>	Text/String	N/A
duration	<duration>	Number	N/A
sentbyte	<bytesout>	Number	N/A
rcvdbyte	<bytesin>	Number	N/A
utmaction	<result> <tag3>	Text/String	N/A

Vendor Documentation

Classification

Mapping with LogRhythm Schema