Traffic : Sniffer

Vendor Documentation

https://www.fortinet.com/products.html

https://docs.fortinet.com/document/fortigate/6.0.6/fortios-log-message-reference/524940/introduction

Classification

Rule Name	Rule Type	Classification	Common Event
Traffic: Sniffer	Base Rule	Network Traffic	General Network Traffic Log Message
VMID 00017: Sniffer Traffic Accept	Sub Rule	Network Allow	Traffic Allowed by Network Firewall
VMID 00021: Sniffer Traffic Accept	Sub Rule	Network Allow	Traffic Allowed by Network Firewall

Mapping with LogRhythm Schema

Device Key in Log Message	LogRhythm Schema	Data Type	Schema Description
devname	<subject>	Text/String	N/A
logid	<vmid> <tag1>	Number	N/A
level	<severity>	Number/Text	N/A
vd	<domain>	Text/String	N/A
srcip	<sip>	IP Address	IP Address
srcport	<sport>	Number	N/A
srcintf	<sinterface>	Text/String/Number	N/A
dstip	<dip>	IP Address	IP Address
dstport	<dport>	Number	N/A
dstintf	<dinterface>	Text/String/Number	N/A
sessionid	<session>	Number/Text/String	N/A
proto	<protnum>	Number	N/A
action	<action> <tag2>	Text/String	N/A
policyid	<policy>	Number	N/A
service	<protname>	Text/String	N/A
tranSip	<snatip>	IP Address	IP Address
sentbyte	<bytesout>	Number	N/A
rcvdbyte	<bytesin>	Number	N/A
sentpkt	<itemsout>	Number	N/A
rcvdpkt	<itemsin>	Number	N/A
app	<object>	Text/String	N/A
appcat	<objectname>	Text/String	N/A
utmaction	<tag3>	Text/String	N/A

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.