Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

External Systems Configuration Guide

Lastline

The Lastline parser collects syslog log events in CEF format.

What is Discovered and Monitored

Protocol

Information Discovered

Metrics collected

Used for

Syslog Device Type Endpoint activity such as file download, email attachments, network connections. Security and Compliance

Event Types

In ADMIN > Device Support > Event Types, search for "Lastline" to see the event types associated with this device.

Rules

There are no specific rules for Lastline, however rules that match the Event Type Groups associated with Lastline Events may trigger.

Reports

There are no specific Reports for Lastline, however reports that match the Event Type Groups associated with Lastline Events may return results.

Syslog

FortiSIEM processes events from this device via syslog. Configure the device to send syslog to FortiSIEM on port 514 using CEF formatting.

Sample Events

Aug 13 14:48:37 fortisiem CEF:0|Lastline|Enterprise|7.10|appliance-status|Appliance Status|1|cat=Online cs1=SENSOR cs1Label=deviceType cs2=https://example/portal#/appliances/config/status/76b80c7ac11a4d37bc6b29e66726b01d cs2Label=deviceStatusLink deviceExternalId=76b80c7ac11a4d37bc6b29e66726b01d dvc=10.31.61.152 dvchost=example.com end=Aug 13 2018 16:48:37 CEST rt=Aug 13 2018 16:48:37 CEST start=Aug 13 2018 16:48:37 CEST

Lastline

The Lastline parser collects syslog log events in CEF format.

What is Discovered and Monitored

Protocol

Information Discovered

Metrics collected

Used for

Syslog Device Type Endpoint activity such as file download, email attachments, network connections. Security and Compliance

Event Types

In ADMIN > Device Support > Event Types, search for "Lastline" to see the event types associated with this device.

Rules

There are no specific rules for Lastline, however rules that match the Event Type Groups associated with Lastline Events may trigger.

Reports

There are no specific Reports for Lastline, however reports that match the Event Type Groups associated with Lastline Events may return results.

Syslog

FortiSIEM processes events from this device via syslog. Configure the device to send syslog to FortiSIEM on port 514 using CEF formatting.

Sample Events

Aug 13 14:48:37 fortisiem CEF:0|Lastline|Enterprise|7.10|appliance-status|Appliance Status|1|cat=Online cs1=SENSOR cs1Label=deviceType cs2=https://example/portal#/appliances/config/status/76b80c7ac11a4d37bc6b29e66726b01d cs2Label=deviceStatusLink deviceExternalId=76b80c7ac11a4d37bc6b29e66726b01d dvc=10.31.61.152 dvchost=example.com end=Aug 13 2018 16:48:37 CEST rt=Aug 13 2018 16:48:37 CEST start=Aug 13 2018 16:48:37 CEST