Version:

Expected Log Samples

Key=value pair format

<13>date=2015-06-03 time=10:14:15 devname=FGxxxDxxxxxxxxxxx-LogPoint devid=XXxxxXxxxxxxxxxx logid=000000110013 type=traffic subtype=forward level=notice vd=root srcip=1.1.1.1 srcname="abc" srcport=573045 srcintf="port4" dstip=1.1.1.2 dstport=80 dstintf="port13" poluuid=4f744435637c-029e-5132e4-773451-48634f548cc847 sessionid=10192343328701 action=close policyid=27 dstcountry="XXXXXX" srccountry="Reserved" trandisp= noop service="HTTP" proto=6 duration=120 sentbyte=0 rcvdbyte=216 sentpkt=0 rcvdpkt=4 devtype="Windows PC" osname="Windows 7 / Windows" mastersrcmac=XX:XX:XX:XX:XX:XX  srcmac=XX:XX:XX:XX:8X:XX

<189>date=2015-06-29,time=06:20:02,devname=NL_xxx__xxxxxxx_xx,devid=XXXXX,logid=0XXXXXX, type=traffic,subtype=forward, level=notice, vd=root,srcip=1.1.1.1,srcname="Apple-xx",srcport=123,srcintf="internal7",dstip=1.1.1.2,dstport=123,dstintf="wan1", poluuid= 963bjsadfjjk3764-fksafhdjba6-51jasfdje4-f6sadkfjsdk11-1d8fc22600lkasdf1f,sessionid=106370,proto=17,action=deny, policyid=12, dstcountry="XXXXXXX", srccountry="Reserved",trandisp=noop, service="NTP", duration=0, sentbyte=0, rcvdbyte=0, sentpkt=0, crscore=30, craction=133421072,crlevel=high, devtype="Streaming", osname="iOS", osversion="5.x",mastersrcmac=XX:XX:XX:XX:XX:XX,srcmac=XX:XX:XX:XX:XX:X1

CEF (Common Event Format)

Jul 08 18:17:21 FGT-PBNB CEF:0|Fortinet|FortiGate-500E|6.2.2,build1010 (GA)|0000000013|forward traffic server-rst|5|start=Jul 08 2020 18:17:21 logver=602021010 deviceExternalId=FGxxxxxxxxxxxxxx dvchost=FGT-ABCD-X ad.vd=root ad.logid=0000000013 cat=traffic ad.subtype=forward deviceSeverity=notice ad.eventtime=1594225041601689640 ad.tz=+0200 src=1.1.1. shost=xyz spt=12345 deviceInboundInterface=vlan-xxxx ad.srcintfrole=lan dst=1.1.1.2 dpt=123 deviceOutboundInterface=Agg01 ad.dstintfrole=lan ad.poluuid=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx externalID=111110000 proto=6 act=server-rst duser=VCABRILLAT ad.authserver=fsso-collector ad.policyid=95 ad.policytype=policy app=LDAP ad.dstcountry=Reserved ad.srccountry=Reserved ad.trandisp=noop ad.duration=6 out=2861 in=5638 ad.sentpkt=11 ad.rcvdpkt=22 ad.appcat=unscanned ad.srchwvendor=VMware ad.osname=Windows ad.srcswversion=8.1 ad.mastersrcmac=xx:xx:xx:xx:xx:xx ad.srcmac=xx:xx:xx:xx:xx:xx ad.srcserver=0 ad.dsthwvendor=VMware ad.dstosname=Windows ad.dstswversion=8.1 ad.dstunauthuser=svc-fortinet ad.dstunauthusersource=adc ad.masterdstmac=xx:xx:xx:xx:xx:xx ad.dstmac=xx:xx:xx:xx:xx:xx ad.dstserver=1
Helpful?

We are glad this guide helped.


Please don't include any personal information in your comment

Contact Support