Lastline
The Lastline parser collects syslog log events in CEF format.
What is Discovered and Monitored
Protocol |
Information Discovered |
Metrics collected |
Used for |
---|---|---|---|
Syslog | Device Type | Endpoint activity such as file download, email attachments, network connections. | Security and Compliance |
Event Types
In ADMIN > Device Support > Event, search for "Lastline" in the Name and Description columns to see the event types associated with this device.
Rules
There are no specific rules for Lastline, however rules that match the Event Type Groups associated with Lastline Events may trigger.
Reports
There are no specific Reports for Lastline, however reports that match the Event Type Groups associated with Lastline Events may return results.
Syslog
FortiSIEM processes events from this device via syslog. Configure the device to send syslog to FortiSIEM on port 514 using CEF formatting.
Sample Events
Aug 13 14:48:37 fortisiem CEF:0|Lastline|Enterprise|7.10|appliance-status|Appliance Status|1|cat=Online cs1=SENSOR cs1Label=deviceType cs2=https://example/portal#/appliances/config/status/76b80c7ac11a4d37bc6b29e66726b01d cs2Label=deviceStatusLink deviceExternalId=76b80c7ac11a4d37bc6b29e66726b01d dvc=10.31.61.152 dvchost=example.com end=Aug 13 2018 16:48:37 CEST rt=Aug 13 2018 16:48:37 CEST start=Aug 13 2018 16:48:37 CEST