Syslog information
Syslog types
Each syslog message contains a Type (type) field that indicates its source.
Type |
Description |
---|---|
Security event |
FortiEDR security events. |
System event |
System events regarding FortiEDR deployment health. |
Audit trail |
Audit records of the FortiEDR console audit log. |
Syslog message format
The FortiEDR syslog messages contain the following sections:
- Facility Code: All messages have the value 16 (Custom App).
- Severity: All messages have the value 5 (Notice).
- MessageType: Enables you to differentiate between syslog message categories – Security event, System event, or Audit trail.
- Message Text: Contains the name and value of all the selected fields.
For example,
Device name: Laptop123
. Each field is separated by a semi-colon (;). - Time: Syslog events time in UTC format.