|Protocol||Information Discovered||Used For|
|Syslog||User network admission control events||Security and Compliance|
Follow PacketFence NAC documentation to send syslog to FortiSIEM.
FortiSIEM automatically recognizes PacketFence NAC syslog as long it follows the following format as shown in the sample syslog:
Oct 9 11:29:34 10.2.204.81 1 2018-10-09T11:29:34.04189+01:00 example.com packetfence.log - - - Oct 11 15:42:00 httpd.aaa(4765) WARN: [mac:40:83:1d:12:2a:cb] Calling match with empty/invalid rule class. Defaulting to 'authentication' (pf::authentication::match)
Over 20 events are parsed – see event Types in Resources > Event Types and search for “PacketFence-NAC-“.