Fortinet black logo

FortiOS Log Message Reference

Event log system subtype support for CEF

Event log system subtype support for CEF

Following is an example of a system subtype log on the FortiGate disk:

date=2016-02-12 time=10:48:12 logid=0100032001 type=event subtype=system level=information vd="vdom1" logdesc="Admin login successful" sn=1455302892 user="admin" ui=console action=login status=success reason=none profile="super_admin" msg="Administrator admin logged in successfully from console"

Following is an example of a system subtype log sent in CEF format to a syslog server:

Feb 12 10:48:12 syslog-800c CEF:0|Fortinet|Fortigate|v5.6.0|32001|event:system login success|2|FTNTFGTlogid=0100032001 cat=event:system FTNTFGTsubtype=system FTNTFGTlevel=information FTNTFGTvd=vdom1 FTNTFGTlogdesc=Admin login successful FTNTFGTsn=1455302892 duser=admin sproc=console act=login outcome=success reason=none FTNTFGTprofile=super_admin msg=Administrator admin logged in successfully from console

The following table maps FortiOS log field names to CEF field names.

FortiOS Log Field Name

CEF Field Name

msg

msg

cookies

requestCookies

user

duser

group

cs6

status

outcome

role

sourceServiceName

ui

sproc

reason

reason

Event log system subtype support for CEF

Following is an example of a system subtype log on the FortiGate disk:

date=2016-02-12 time=10:48:12 logid=0100032001 type=event subtype=system level=information vd="vdom1" logdesc="Admin login successful" sn=1455302892 user="admin" ui=console action=login status=success reason=none profile="super_admin" msg="Administrator admin logged in successfully from console"

Following is an example of a system subtype log sent in CEF format to a syslog server:

Feb 12 10:48:12 syslog-800c CEF:0|Fortinet|Fortigate|v5.6.0|32001|event:system login success|2|FTNTFGTlogid=0100032001 cat=event:system FTNTFGTsubtype=system FTNTFGTlevel=information FTNTFGTvd=vdom1 FTNTFGTlogdesc=Admin login successful FTNTFGTsn=1455302892 duser=admin sproc=console act=login outcome=success reason=none FTNTFGTprofile=super_admin msg=Administrator admin logged in successfully from console

The following table maps FortiOS log field names to CEF field names.

FortiOS Log Field Name

CEF Field Name

msg

msg

cookies

requestCookies

user

duser

group

cs6

status

outcome

role

sourceServiceName

ui

sproc

reason

reason