LSO FortiAnalyzer - Traffic : Forward
Vendor Documentation
Log Fields and Parsing
This section details the log fields available in this log message type, along with values parsed for both LogRhythm Default and LogRhythm Default v2.0 policies. A value of "N/A" (not applicable) means that there is no value parsed for a specified log field.
Log Field | LogRhythm Default | LogRhythm Default v2.0 |
|---|---|---|
devname | <subject> | N/A |
logid | <vmid> | N/A |
type | N/A | N/A |
subtype | N/A | N/A |
level | <severity> | N/A |
srcip | <sip> | N/A |
srcport | <sport> | N/A |
srcintf | <sinterface> | N/A |
dstip | <dip> | N/A |
dstname | <url> | N/A |
dstport | <dport> | N/A |
dstintf | <dinterface> | N/A |
dstinetsvc | <object> | N/A |
appcat | <objectname> | N/A |
sessionid | <session> | N/A |
proto | <protnum> | N/A |
action | <action> | N/A |
policyid | <policy> | N/A |
user | <login> | N/A |
group | <group> | N/A |
tranip | <dnatip> | N/A |
transip | <snatip> | N/A |
appid | <processid> | N/A |
app | <object> | N/A |
appact | <status> | N/A |
apprisk | <severity> | N/A |
url | <url> | N/A |
duration | <seconds> | N/A |
sentbyte | <bytesout> | N/A |
rcvdbyte | <bytesin> | N/A |
utmaction | <result> | N/A |
dstmac | <dmac> | N/A |
Log Processing Settings
This section details log processing changes made from the LogRhythm Default policy to LogRhythm Default v2.0. In some cases, base rules are broken down into sub-rules to appropriately parse log message types by their event types.
LogRhythm Default
Regex ID | Rule Name | Rule Type | Common Event | Classification |
|---|---|---|---|---|
1012446 | Traffic : Forward | Base Rule | Network Traffic | Network Traffic |
Local Traffic Timeout | Sub Rule | Session Disconnected | Other Audit Success | |
Local Traffic Accept | Sub Rule | Traffic Allowed by Network Firewall | Network Allow | |
Forwarded Traffic Accept | Sub Rule | Traffic Allowed by Network Firewall | Network Allow | |
Forwarded Traffic Session Closed | Sub Rule | Connection Closed | Network Traffic | |
Forwarded Traffic | Sub Rule | Traffic Allowed by Network Firewall | Network Allow | |
Local Traffic Accepted | Sub Rule | Traffic Allowed by Network Firewall | Network Allow | |
Forwarded Traffic Start | Sub Rule | Traffic Allowed by Network Firewall | Network Allow | |
Forwarded Traffic Allowed | Sub Rule | Traffic Allowed by Network Firewall | Network Allow | |
Malware Activity Blocked | Sub Rule | Failed Botnet Activity | Failed Malware | |
Invalid Traffic | Sub Rule | Connection Failed | Network Traffic | |
ICMP Traffic Allow | Sub Rule | Traffic Allowed by Network Firewall | Network Allow | |
Forward Traffic Deny | Sub Rule | Traffic Denied by Network Firewall | Network Deny | |
Forwarded Traffic Denied | Sub Rule | Traffic Denied by Network Firewall | Network Deny | |
Local Traffic Denied | Sub Rule | Traffic Denied by Network Firewall | Network Deny | |
Forwarded Traffic Accept - Reset | Sub Rule | Connection Reset | Network Traffic | |
Forwarded Traffic Close | Sub Rule | Connection Closed | Network Traffic | |
Forwarded Traffic Timeout | Sub Rule | User Session Timeout | Information | |
Forwarded Traffic Blocked | Sub Rule | Traffic Denied by Network Firewall | Network Deny | |
Sniffer Traffic Accept | Sub Rule | Traffic Allowed by Network Firewall | Network Allow | |
LOG_ID_TRAFFIC_UTM_CORRELATION | Sub Rule | General Traffic Allowed | Network Traffic | |
LOG_ID_TRAFFIC_STAT | Sub Rule | Statistics Collector Message | Information | |
LOG_ID_TRAFFIC_FAIL_CONN | Sub Rule | Connection Failed | Network Traffic | |
LOG_ID_TRAFFIC_EXPLICIT_PROXY | Sub Rule | Traffic Allowed by Proxy | Network Allow | |
LOG_ID_TRAFFIC_WEBCACHE | Sub Rule | Web Cache Traffic | Network Traffic | |
LOG_ID_TRAFFIC_WANOPT | Sub Rule | WAN Optimization Traffic | Network Traffic | |
LOG_ID_TRAFFIC_OTHER_ICMP_DENY | Sub Rule | Traffic Denied by Network Firewall | Network Deny | |
LOG_ID_TRAFFIC_OTHER_ICMP_ALLOW | Sub Rule | Permitted ICMP Traffic | Network Traffic | |
LOG_ID_TRAFFIC_OTHER_START | Sub Rule | General Traffic Allowed | Network Traffic | |
LOG_ID_TRAFFIC_DENY | Sub Rule | Traffic Denied by Network Firewall | Network Deny | |
LOG_ID_TRAFFIC_ALLOW | Sub Rule | TCP Traffic Allowed | Network Traffic | |
LOG_ID_TRAFFIC_START_FORWARD | Sub Rule | Session Connected | Network Traffic | |
LOG_ID_TRAFFIC_END_FORWARD | Sub Rule | IP Forwarding Events | Network Traffic | |
Network/Traffic Allowed Messages | Sub Rule | Traffic Allowed by Network Firewall | Network Allow |
LogRhythm Default v2.0
N/A