Device Details

Device NameFortinet Fortigate v6.0
VendorFortinet
Device TypeFirewall
Supported Model Name/NumberV6.0
Supported Software VersionV6
Collection MethodSyslog
Configurable Log OutputN/A
Log Source TypeSyslog - Fortinet Fortigate v6.0
Log Processing PolicyLogrhythm Default
ExceptionsN/A
Additional Information

https://www.fortinet.com/products.html

https://docs.fortinet.com/document/fortigate/6.0.6/fortios-log-message-reference/524940/introduction

Supported Log Messages

(List of LR Tags used to parse the log information for each message type)

TypeProduct VersionSupported Schema Fields

Anomaly : Anomaly

All

<action>, <dinterface>, <dip>, <dport>, <policy>, <protnum>, <session>, <severity>, <sinterface>, <sip>, <sport>, <subject>, <threatname>, <url>, <vmid>, <tag1>

Catch All : Level 3All<vmid>

DNS : Messages

All

<severity>, <vmid>, <tag1>, <session>, <account>, <sip>, <sport>, <sinterface>, <dip>, <dport>, <dinterface>, <protnum>, <dname>, <subject>, <reason>

Event : Compliance

All

<severity>, <vmid>, <tag1>, <action>, <result>, <reason>, <status>, <subject>

Event : EndpointAll<domainorigin>, <vmid>, <policy>, <subject>, <severity>, <vendorinfo>, <action>, <tag1>, <status>, <sessiontype>, <quantity>, <login>, <sip>, <sname>, <smac>, <objectname>, <objecttype>, <url>, <result>

Event : HA

All

<severity>, <vmid>, <tag1>, <status>, <subject>

Event : Router

All

<severity>, <vmid>, <tag1>, <account>, <status>, <subject>

Event : System

All

<severity>, <vmid>, <tag1>, <object>, <serialnumber>, <login>, <sessiontype>, <sip>, <dip>, <account>, <action>, <status>, <reason>, <subject>, <sinterface>, <dinterface>, <sport>, <dport>, <version>, <protnum>, <threatname>, <policy>,

Event : User

All

<severity>, <vmid>, <tag1>, <status>, <sip>, <dip>, <login>, <group>, <action>, <reason>, <object>, <objecttype>, <subject>

Event : VPN

All

<severity>, <vmid>, <tag1>, <status>, <action>, <session>, <sip>, <account>, <group>, <dname>, <reason>, <seconds>, <bytesout>, <bytesin>, <subject>, <dip>, <sport>, <dport>, <sinterface>

Event : Wad

All

<severity>, <vmid>, <tag1>, <status>, <session>, <subject>, <sip>, <sport>, <dip>, <dport>, <action>

Event : Wireless

All

<severity>, <vmid>, <tag1>, <status>, <serialnumber>, <object>, <sip>, <sname>, <smac>, <action>, <reason>, <subject>

Failed Window AD Network MessagesAll<severity>, <dname>, <login>, <domainorigin>, <vmid>, <tag1>, <action>, <status>, <subject>, <url>
Gateway LogsAll<severity>, <version>, <dname>, <login>, <vmid>, <tag1>, <domainorigin>, <subject>, <sip>, <dip>

Traffic : Forward

All

<subject>, <vmid>, <tag1>, <severity>, <sip>, <sport>, <sinterface>, <dip>, <dport>, <dinterface>, <session>, <protnum>, <action>, <tag2>, <login> , <group>, <policy>, <dnatip>, <snatip>, <processid>, <object>, <objectname>, <status>, <url>, <duration>, <bytesout>, <bytesin>, <result>, <tag3>

Traffic : Local

All

<subject>, <vmid>, <tag1>, <sip>, <sport>, <sinterface>, <dip>, <dport>, <dinterface>, <session>, <protnum>, <action>, <tag2>, <policy>, <bytesout>, <bytesin>, <packetsout>, <packetsin>, <objectname>

Traffic : Multicast

All

<vmid>, <tag1>, <severity>, <sip>, <sport>, <sinterface>, <dip>, <dport>, <dinterface>, <session>, <protnum>, <action>, <tag2>, <policy>, <bytesout>, <bytesin>, <packetsout>, <packetsin>

Traffic: SnifferAll<subject>, <vmid>, <tag1>, <severity>, <domain>, <sip>, <sport>, <sinterface>, <dip>, <dport>, <dinterface>, <session>, <protnum>, <action>, <tag2>, <policy>, <protname>, <snatip>, <bytesout>, <bytesin>, <itemsout>, <itemsin>, <object>, <objectname>, <tag3>

UTM : App

All

<severity>, <vmid>, <tag1>, <processid>, <account>, <group>, <sip>, <sport>, <sinterface>, <dip>, <dport>, <dinterface>, <protnum>, <session>, <action>, <objectname>, <object>, <url>,

UTM : DLP

All

<severity>, <vmid>, <tag1>, <session>, <account>, <group>, <sip>, <sport>, <sinterface>, <dip>, <dport>, <dinterface>, <protnum>, <objecttype>, <action>, <sname>, <url>, <useragent>, <object>, <sender>, <recipient>, <subject>

UTM : DNSAll

<severity>, <vmid>, <tag1>, <policy>, <session>, <account>, <sport>, <sinterface>, <dport>, <dinterface>, <protnum>, <dname>, <subject>, <reason>

UTM : IPS

All

<severity>, <sinterface>, <sip>, <subject>, <vmid> , <tag1>, <object>, <dip>, <dinterface>, <session>, <action>, <protnum>, <protname>, <threatname>, <threatid>, <domainorigin>, <login>, <group>, <subject>

UTM : SSL MessagesAll<severity>, <vmid>, <policy>, <session>, <useragent>, <sip>, <sport>, <dip>, <dport>, <sinterface>, <dinterface>, <protnum>, <action>, <tag1>, <subject>, <reason>

UTM : VIRUS

All

<severity>, <vmid>, <tag1>, <subject>, <session>, <action>, <sip>, <dip>, <sport>, <dport>, <sinterface>, <dinterface>, <protnum>, <object>, <threatname>, <objecttype>, <url>

UTM : VOIP

All

<severity>, <vmid>, <tag1>, <session>, <sip>, <sport>, <dip>, <dport>, <protnum>, <sinterface>, <dinterface>, <action>, <status>, <seconds>, <sender>, <recipient>

UTM : WEBFILTER

All

<severity>, <vmid>, <tag1>, <session>, <login>, <group>, <sip>, <sport>, <sinterface>, <dip>, <dport>, <dinterface>, <protnum>, <action>, <sessiontype>, <sname>, <url>, <bytesin>, <bytesout>, <object>, <subject>, <policy>, <size>, <group>


Revision History

KB Version

Log Type

Change Type

Details

KB 7.1.601.0N/ADocumentationInitial documentation in new DCG format