LSO FortiAnalyzer - Traffic : System
Vendor Documentation
FortiAnalyzer event log message example | Log Message Reference FortiAnalyzer application log message example | Log Message Reference |
Log Fields and Parsing
This section details the log fields available in this log message type, along with values parsed for both LogRhythm Default and LogRhythm Default v2.0 policies. A value of "N/A" (not applicable) means that there is no value parsed for a specified log field.
Log Field | LogRhythm Default | LogRhythm Default v2.0 |
---|---|---|
id | <vmid> | N/A |
level | <severity> | N/A |
hostname | <sname> | N/A |
pcdomain | <login> | N/A |
deviceip | <snatip> | N/A |
devicemac | <smac> | N/A |
emsserial | <serialnumber> | N/A |
usingpolicy | <policy> | N/A |
os | <useragent> | N/A |
user | <account> | N/A |
msg | <subject> | N/A |
sessionid | <session> | N/A |
srcname | <parentprocessname> | N/A |
srcproduct | <objectname> | N/A |
srcip | <sip> | N/A |
srcport | <sport> | N/A |
direction | <command> | N/A |
dstip | <dip> | N/A |
dstport | <dport> | N/A |
proto | <protnum> | N/A |
rcvdbyte | <bytesin> | N/A |
sentbyte | <bytesout> | N/A |
utmaction | <action> | N/A |
threat | <threatname> | N/A |
service | <protname> | N/A |
url | <url> | N/A |
Log Processing Settings
This section details log processing changes made from the LogRhythm Default policy to LogRhythm Default v2.0. In some cases, base rules are broken down into sub-rules to appropriately parse log message types by their event types.
LogRhythm Default
Regex ID | Rule Name | Rule Type | Common Event | Classification |
---|---|---|---|---|
1012027 | Traffic : System | Base Rule | Traffic Information | Information |
LogRhythm Default v2.0
N/A