Fortinet black logo

Administration Guide

Examples of syslog messages

Copy Link
Copy Doc ID 825689eb-200d-11e9-b6f6-f8bc1258b856:338223
Download PDF

Here are some examples of syslog messages that are returned from FortiNAC. In these examples, the Syslog server is configured as follows:

  • Type: Syslog
  • IP Address: a.b.c.d
  • Port: 514
  • Facility: Authorization

Event

Description

Syslog Message

Login Success

This is the event that is logged with a user logs into the Admin UI.

02-28-2014 08:16:04 Auth.Notice 192.168.34.31 Feb 27 22:16:14 : 2014/02/27 22:16:14 EST,1,545570,Login Success,0,12,,,,,User root logged in.

Map IP To MAC Failure

This is a legacy event logged when a scheduled task runs (these are no longer used for IP-MAC) and the ARP is not read.

--

Probe - Map IP To MAC Failure

This is the event when we fail to poll and L3 device for IP->MAC (reading Arp Cache) L3 Polling

02-28-2014 09:00:14 Auth.Notice 192.168.34.31 Feb 27 23:00:24 : 2014/02/27 23:00:24 EST,1,545702,Probe - MAP IP To MAC Failure,0,28,,Switch,192.168.34.1,,Failed to read IP Address mappings from device Switch.

User Logged Out

This is the event that is logs when a user logs out of the Admin UI.

02-28-2014 08:48:55 Auth.Notice 192.168.34.31 Feb 27 22:49:04 : 2014/02/27 22:49:04 EST,1,545670,User Logged Out,0,12,,,,,User root Logged Out.

User Logged off Host

This event is logged when a user logs off a host

02-28-2014 08:44:25 Auth.Notice 192.168.34.31 Feb 27 22:44:34 : 2014/02/27 22:44:34 EST,1,545655,User Logged off Host,0,4155,,,,,"User Man, Bat logged off session 1 on host BRADSUPP7-LT

User Logged onto Host

This event is logged when a user logs onto a host

02-28-2014 08:37:58 Auth.Notice 192.168.34.31 Feb 27 22:38:07 : 2014/02/27 22:38:07 EST,1,545633,User Logged onto Host,0,4155,,,,,"User Man, Bat logged onto session 1 on host BRADSUPP7-LT"

User Remotely Connected to Host

An event that is logged when a user remotely connected to a terminal session on a host using the PA

--

User Locked Session

This event is logged when a user locks his workstation

02-28-2014 08:49:53 Auth.Notice 192.168.34.31 Feb 27 22:50:03 : 2014/02/27 22:50:03 EST,1,545681,User Locked Session,0,4155,,,,,"User Man, Bat locked session 2 on host BRADSUPP7-LT"

User Unlocked Session

This event is logged when a user unlocks his workstation

02-28-2014 08:52:07 Auth.Notice 192.168.34.31 Feb 27 22:52:16 : 2014/02/27 22:52:16 EST,1,545691,User Unlocked Session,0,4155,,,,,"User Man, Bat unlocked session 2 on host BRADSUPP7-LT"

Here are some examples of syslog messages that are returned from FortiNAC. In these examples, the Syslog server is configured as follows:

  • Type: Syslog
  • IP Address: a.b.c.d
  • Port: 514
  • Facility: Authorization

Event

Description

Syslog Message

Login Success

This is the event that is logged with a user logs into the Admin UI.

02-28-2014 08:16:04 Auth.Notice 192.168.34.31 Feb 27 22:16:14 : 2014/02/27 22:16:14 EST,1,545570,Login Success,0,12,,,,,User root logged in.

Map IP To MAC Failure

This is a legacy event logged when a scheduled task runs (these are no longer used for IP-MAC) and the ARP is not read.

--

Probe - Map IP To MAC Failure

This is the event when we fail to poll and L3 device for IP->MAC (reading Arp Cache) L3 Polling

02-28-2014 09:00:14 Auth.Notice 192.168.34.31 Feb 27 23:00:24 : 2014/02/27 23:00:24 EST,1,545702,Probe - MAP IP To MAC Failure,0,28,,Switch,192.168.34.1,,Failed to read IP Address mappings from device Switch.

User Logged Out

This is the event that is logs when a user logs out of the Admin UI.

02-28-2014 08:48:55 Auth.Notice 192.168.34.31 Feb 27 22:49:04 : 2014/02/27 22:49:04 EST,1,545670,User Logged Out,0,12,,,,,User root Logged Out.

User Logged off Host

This event is logged when a user logs off a host

02-28-2014 08:44:25 Auth.Notice 192.168.34.31 Feb 27 22:44:34 : 2014/02/27 22:44:34 EST,1,545655,User Logged off Host,0,4155,,,,,"User Man, Bat logged off session 1 on host BRADSUPP7-LT

User Logged onto Host

This event is logged when a user logs onto a host

02-28-2014 08:37:58 Auth.Notice 192.168.34.31 Feb 27 22:38:07 : 2014/02/27 22:38:07 EST,1,545633,User Logged onto Host,0,4155,,,,,"User Man, Bat logged onto session 1 on host BRADSUPP7-LT"

User Remotely Connected to Host

An event that is logged when a user remotely connected to a terminal session on a host using the PA

--

User Locked Session

This event is logged when a user locks his workstation

02-28-2014 08:49:53 Auth.Notice 192.168.34.31 Feb 27 22:50:03 : 2014/02/27 22:50:03 EST,1,545681,User Locked Session,0,4155,,,,,"User Man, Bat locked session 2 on host BRADSUPP7-LT"

User Unlocked Session

This event is logged when a user unlocks his workstation

02-28-2014 08:52:07 Auth.Notice 192.168.34.31 Feb 27 22:52:16 : 2014/02/27 22:52:16 EST,1,545691,User Unlocked Session,0,4155,,,,,"User Man, Bat unlocked session 2 on host BRADSUPP7-LT"