Traffic : Local

Vendor Documentation

https://www.fortinet.com/products.html

https://docs.fortinet.com/document/fortigate/6.0.6/fortios-log-message-reference/524940/introduction

Classification

Rule Name	Rule Type	Classification	Common Event
Traffic : Local	Base Rule	Network Traffic	General Traffic Log
Traffic Local Closed	Sub Rule	Information	General Traffic Other Notice
Local Traffic Timeout	Sub Rule	Information	Session Disconnected
Traffic Local Accepted	Sub Rule	Network Allow	Traffic Allowed by Network Firewall
Local Traffic Accepted	Sub Rule	Network Allow	Traffic Allowed by Network Firewall
Traffic Local Deny	Sub Rule	Network Deny	Traffic Denied by Network Firewall
Forward Traffic Deny	Sub Rule	Network Deny	Traffic Denied by Network Firewall

Mapping with LogRhythm Schema

Device Key in Log Message	LogRhythm Schema	Data Type	Schema Description
devname	<subject>	Text/String	severity
logid	<vmid> <tag1>	Number	N/A
severity		Number/Text	N/A
srcip	<sip>	IP Address	IP Address
srcport	<sport>	Number	N/A
srcintf	<sinterface>	Text/String/Number	N/A
dstip	<dip>	IP Address	IP Address
dstport	<dport>	Number	N/A
dstintf	<dinterface>	Text/String/Number	N/A
sessionid	<session>	Number/Text/String	N/A
proto	<protnum>	Number	N/A
action	<action> <tag2>	Text/String	N/A
policyid	<policy>	Number	N/A
sentbyte	<bytesout>	Number	N/A
rcvdbyte	<bytesin>	Number	N/A
sentpkt	<packetsout>	Number	N/A
rcvdpkt	<packetsin>	Number	N/A
appcat	<objectname>	Text/String	N/A