UTM : Voip

Vendor Documentation

https://www.fortinet.com/products.html

https://docs.fortinet.com/document/fortigate/6.0.6/fortios-log-message-reference/524940/introduction

Classification

Rule Name	Rule Type	Classification	Common Event
UTM : Voip	Base Rule	Information	General VOIP Message
Voip SIP	Sub Rule	Information	VoIP SIP Message

Mapping with LogRhythm Schema

Device Key in Log Message	LogRhythm Schema	Data Type	Schema Description
severity	<severity>	Text/String	severity
logid	<vmid> <tag1>	Number	N/A
session_id	<session>	Number/Text/String	N/A
src_ip	<sip>	IP Address	IP Address
src_port	<sport>	Number	N/A
dst_ip	<dip>	IP Address	IP Address
dst_port	<dport>	Number	N/A
proto	<protnum>	Number	N/A
src_int	<sinterface>	Text/String/Number	N/A
dst_int	<dinterface>	Text/String/Number	N/A
action	<action>	Text/String	N/A
status	<status>	Text/String	N/A
duration	<seconds>	Number	N/A
from	<sender>	Text/String	N/A
to	<recipient>	Text/String	N/A