The Lastline parser collects syslog log events in CEF format.
What is Discovered and Monitored
|Syslog||Device Type||Endpoint activity such as file download, email attachments, network connections.||Security and Compliance|
In ADMIN > Device Support > Event, search for "Lastline" in the Name and Description columns to see the event types associated with this device.
There are no specific rules for Lastline, however rules that match the Event Type Groups associated with Lastline Events may trigger.
There are no specific Reports for Lastline, however reports that match the Event Type Groups associated with Lastline Events may return results.
FortiSIEM processes events from this device via syslog. Configure the device to send syslog to FortiSIEM on port 514 using CEF formatting.
Aug 13 14:48:37 fortisiem CEF:0|Lastline|Enterprise|7.10|appliance-status|Appliance Status|1|cat=Online cs1=SENSOR cs1Label=deviceType cs2=https://example/portal#/appliances/config/status/76b80c7ac11a4d37bc6b29e66726b01d cs2Label=deviceStatusLink deviceExternalId=76b80c7ac11a4d37bc6b29e66726b01d dvc=10.31.61.152 dvchost=example.com end=Aug 13 2018 16:48:37 CEST rt=Aug 13 2018 16:48:37 CEST start=Aug 13 2018 16:48:37 CEST