UTM : SSL Messages

Vendor Documentation

https://www.fortinet.com/products.html

https://docs.fortinet.com/document/fortigate/6.0.6/fortios-log-message-reference/524940/introduction

Classification

Rule Name	Rule Type	Classification	Common Event
UTM : SSL Messages	Base Rule	Information	General SSL/VPN Session Information
Server Certificate Passed Messages	Sub Rule	Information	Server Certificate Issued
Server Certificate Blocked Messages	Sub Rule	Other Audit Failure	Server Certificate Validation Failure

Mapping with LogRhythm Schema

Device Key in Log Message	LogRhythm Schema	Data Type	Schema Description
severity	<severity>	Text/String	severity
logid	<vmid>	Number	N/A
policyid	<policy>	Number	N/A
sessionid	<session>	Number/Text/String	N/A
service	<useragent>	Text/String	N/A
srcip	<sip>	IP Address	IP Address
srcport	<sport>	Number	N/A
dstip	<dip>	IP Address	IP Address
dstport	<dport>	Number	N/A
srcintf	<sinterface>	Text/String/Number	N/A
dstintf	<dinterface>	Text/String/Number	N/A
proto	<protnum>	Number	N/A
action	<action> <tag1>	Text/String	N/A
msg	<subject>	Text/String	N/A
reason	<reason>	Text/String	N/A