Fortinet black logo

Log Reference Guide

Home FortiSIEM 6.7.0 Log Reference Guide
6.7.0
7.1.3
7.1.2
7.1.1
7.1.0
7.0.3
7.0.2
7.0.1
7.0.0
6.7.9
6.7.8
6.7.7
6.7.6
6.7.5
6.7.4
6.7.3
6.7.2
6.7.1
6.7.0

Parser Logs

Parser Logs

This section provides logs related to parsing of events/logs

PH_EVENT_ATTR_XML_ISSUE

Description: Event attribute xml issue

Severity: 6 (Medium)

Event Category: 3 (System Logs)

PH_NO_PARSER_FOR_EVENT

Description: No parser available for event

Severity: 5 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

eventName

Event Name

string

This is the eventType display name, or human readable name. In many cases the eventType is sufficiently labeled.

PH_VULN_LOAD_ERROR

Description: Parser module failed to load external scanner-found vulnerabilities from App server

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errReason

Reason for Error

string

This is the reason for an error if given.

PH_VULN_UPDATE_ERROR

Description: Parser module failed to upload external scanner-found vulnerabilities to App server

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errReason

Reason for Error

string

This is the reason for an error if given.

PH_PARSER_FILE_NOT_EXIST

Description: File doesn't exsit.

Severity: 3 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string

PH_PARSER_RAWEVENT_TOO_LARGER

Description: Raw event's size is more than 10M. Save it to tmp file and not send to parser.

Severity: 3 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string

PH_PARSER_TOO_MANY_UNKNOWN_EVENTS

Description: Too many unknown events

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

relayDevIpAddr

Relaying IP

IP

Relaying IP is most commonly used to specify the log relay appliance, usually a collector.

PH_PARSER_SHARED_STORE_ERROR

Description: FortiSIEM Parser module encountered shared store error

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorString

Error String

string

This is the error message, synonymous to attribute errReason

PH_PARSER_WRONG_EVENT_SIZE

Description: FortiSIEM module failed to load serialized event

Severity: 7 (Medium)

Event Category: 3 (System Logs)

PH_PARSER_BIND_PORT_FAILURE

Description: Parser module failed to bind to a TCP/UDP ports

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorNoInt

Error Number Int

int32

PH_PARSER_DIR_OPEN_FAILURE

Description: Parser module failed to open directory

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

dirName

Directory Name

string

PH_PARSER_EVENT_PARSER_ERROR

Description: Parser module failed to parse event parsing xml from local disk or App server

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

tagName

Tag Name

string

parserName

Event Parser Name

string

The name of parser that parsed the event

funName

Function Name

string

PH_PARSER_EVENT_SERIALIZE_ERROR

Description: Parser module failed to serialize event before writing to shared buffer

Severity: 7 (Medium)

Event Category: 3 (System Logs)

PH_PARSER_FILE_DELETE_FAILURE

Description: Parser module failed to delete file

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string

errorNoInt

Error Number Int

int32

PH_PARSER_FILE_DELETE_FAILURE_RENAME

Description: Parser module failed to delete file but succeeded to rename. These files may fill up disk.

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string

errorNoInt

Error Number Int

int32

PH_PARSER_FILE_INVALID_FORMAT

Description: Parser module failed to parse event or metadata files with invalid file format

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string

errorString

Error String

string

This is the error message, synonymous to attribute errReason

PH_PARSER_FILE_INVALID_HEADER

Description: Parser module failed to parse event files with invalid file header

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string

errorString

Error String

string

This is the error message, synonymous to attribute errReason

PH_PARSER_FILE_OPEN_FAILURE

Description: Parser module failed to open file

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string

errorNoInt

Error Number Int

int32

errorString

Error String

string

This is the error message, synonymous to attribute errReason

PH_PARSER_FILE_READ_FAILURE

Description: Parser module failed to read file

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string

errorNoInt

Error Number Int

int32

PH_PARSER_FILE_SIZE_MISMATCH

Description: Parser module ignored event file from collector because of file size mismatch

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string

PH_PARSER_FILE_STAT_FAILURE

Description: Parser module failed to obtain file status and will skip the file

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string

errorNoInt

Error Number Int

int32

PH_PARSER_FILE_WRITE_FAILURE

Description: Parser module failed to write file

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string

errorNoInt

Error Number Int

int32

PH_PARSER_GEO_WRONG_ATTR_NUMBER

Description: Parser module internal error - mismatched GEO attribute count

Severity: 7 (Medium)

Event Category: 3 (System Logs)

PH_PARSER_GEO_WRONG_CACHE_NUMBER

Description: Parser module internal error - incorrect GEO cache attribute count

Severity: 7 (Medium)

Event Category: 3 (System Logs)

PH_PARSER_GET_PROCESS_ERROR

Description: Parser module failed to get own process information

Severity: 7 (Medium)

Event Category: 3 (System Logs)

PH_PARSER_HTTP_RESPONSE_ERROR

Description: Parser module failed to get response from App Server

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorNo

Error Number Unsigned

uint32

This is an unsigned integer error number

PH_PARSER_HTTP_UPLOAD_FAILURE

Description: Parser module failed to upload information to App Server

Severity: 7 (Medium)

Event Category: 3 (System Logs)

PH_PARSER_INIT_FAILURE

Description: Parser module failed to initialize

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

funName

Function Name

string

errorString

Error String

string

This is the error message, synonymous to attribute errReason

PH_PARSER_INVALID_EXT_LOG_PROTO

Description: Parser module encountered unsupported external log receive protocol

Severity: 7 (Medium)

Event Category: 3 (System Logs)

PH_PARSER_INVALID_CSV

Description: Parser module failed to load CSV file

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string

PH_PARSER_INVALID_ORG_NAME

Description: Parser module received invalid organization in event

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

customer

Organization Name

string

This is the FortiSIEM Organization Name, which is unique to each tenant. It identifies the tenant this event belongs to.

PH_PARSER_INVALID_PHOENIX_CONFIG

Description: Parser module found incorrectly formatted phoenix config file entry

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

module

Module Name

string

configName

Config Name

string

configValue

Config Value

string

PH_PARSER_MALLOC_FAILURE

Description: Parser module failed to dynamically allocate memory

Severity: 7 (Medium)

Event Category: 3 (System Logs)

PH_PARSER_PACK_EVENT_ERROR

Description: Parser module failed to pack event before sending to other modules for internal communication

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

funName

Function Name

string

PH_PARSER_REST_PARSE_ERROR

Description: Parser module failed to parse REST api from App Server

Severity: 7 (Medium)

Event Category: 3 (System Logs)

PH_PARSER_RUN_PROCESS_ERROR

Description: Parser module failed to start

Severity: 7 (Medium)

Event Category: 3 (System Logs)

PH_PARSER_SEND_TO_DISCOV_FAILURE

Description: Parser module failed to send internal event to discovery module

Severity: 7 (Medium)

Event Category: 3 (System Logs)

PH_PARSER_SEND_TO_MONITOR_FAILURE

Description: Parser module failed to send internal event to Supervisor phMonitor process

Severity: 7 (Medium)

Event Category: 3 (System Logs)

PH_PARSER_SET_USER_ID_FAILURE

Description: Parser module unable to set effective user ID

Severity: 7 (Medium)

Event Category: 3 (System Logs)

PH_PARSER_SOCKET_ERROR

Description: Parser module failed to open socket

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorNoInt

Error Number Int

int32

PH_PARSER_SOCKET_RECV_ERROR

Description: Parser module failed to receive message via socket

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorNoInt

Error Number Int

int32

PH_PARSER_SOCKET_SELECT_ERROR

Description: Parser module failed to select in socket API

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorNoInt

Error Number Int

int32

PH_PARSER_SPAWN_THREAD_FAILURE

Description: Parser module failed to spawn thread

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

funName

Function Name

string

PH_PARSER_SSL_ACCEPT_ERROR

Description: Parser module failed to accept SSL connection

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorString

Error String

string

This is the error message, synonymous to attribute errReason

PH_PARSER_SSL_CERT_LOAD_ERROR

Description: Parser module failed to load SSL certificate

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string

errorString

Error String

string

This is the error message, synonymous to attribute errReason

PH_PARSER_UPDATE_FAILURE

Description: Parser module failed to update internal information from REST API

Severity: 7 (Medium)

Event Category: 3 (System Logs)

PH_PARSER_USE_ERROR_BEFORE_INIT

Description: Parser module attempted to use an object before initialization

Severity: 7 (Medium)

Event Category: 3 (System Logs)

PH_PARSER_WRONG_PARAMETER

Description: Parser module encountered wrong parameter during event parsing

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

funName

Function Name

string

paraName

Param Name

string

parserName

Event Parser Name

string

The name of parser that parsed the event

PH_PARSER_XML_PARSE_ERROR

Description: Parser module failed to parse generic xml document

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

tagName

Tag Name

string

parserName

Event Parser Name

string

The name of parser that parsed the event

PH_PARSER_IP_TYPE_INVALID

Description: Invalid IP type

Severity: 7 (Medium)

Event Category: 3 (System Logs)

PH_PARSER_DATA_SIZE_OVERFLOW

Description: Data size exceeding capacity

Severity: 7 (Medium)

Event Category: 3 (System Logs)

PH_PARSER_WTAP_ERR_NOT_REGULAR_FILE

Description: Parser module failed to parse a special file or socket or other non-regular file.

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string

PH_PARSER_WTAP_ERR_RANDOM_OPEN_PIPE

Description: Parser module can't parse a pipe or FIFO files.

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string

PH_PARSER_WTAP_ERR_FILE_UNKNOWN_FORMAT

Description: Parser module doesn't support this file format.

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string

PH_PARSER_WTAP_ERR_UNSUPPORTED

Description: Parser module doesn't support record data in the file.

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string

errorString

Error String

string

This is the error message, synonymous to attribute errReason

PH_PARSER_WTAP_ERR_ENCAP_PER_PACKET_UNSUPPORTED

Description: Parser module doesn't support the network type in the file.

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string

PH_PARSER_WTAP_ERR_BAD_FILE

Description: The file is damaged or corrupt.

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string

errorString

Error String

string

This is the error message, synonymous to attribute errReason

PH_PARSER_WTAP_ERR_CANT_OPEN

Description: Parser module failed to open file.

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string

PH_PARSER_WTAP_ERR_SHORT_READ

Description: The file has been cut short in the middle of a packet.

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string

PH_PARSER_WTAP_ERR_SHORT_WRITE

Description: Parser module failed to write a full header in the file.

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string

PH_PARSER_WTAP_ERR_COMPRESSION_NOT_SUPPORTED

Description: Parser module failed to write this file type as a compressed file.

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string

PH_PARSER_WTAP_ERR_DECOMPRESS

Description: The compressed file appears to be damaged or corrupt

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string

errorString

Error String

string

This is the error message, synonymous to attribute errReason

PH_PARSER_FILE_RENAME_FAILURE

Description: Parser module failed to rename file

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string

errorNoInt

Error Number Int

int32

PH_PARSER_SEND_EVENT_FAILURE

Description: Parser module failed to send event

Severity: 7 (Medium)

Event Category: 3 (System Logs)

PH_PARSER_JSON_PARSE_FAILURE

Description: Parser module failed to parse Json

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorString

Error String

string

This is the error message, synonymous to attribute errReason

jsonBody

JSON Body

string

PH_PARSER_SNMPTRAP_INIT_FAILURE

Description: Parser module failed to initialize snmptrap

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorString

Error String

string

This is the error message, synonymous to attribute errReason

PH_PARSER_XML_PARSE_FAILURE

Description: Parser module failed to parse XML

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

propName

Property Name

string

propValue

Property Value

string

PH_LIBEVENT_UNKNOWN_ATTR_ID

Description: Query/Report/Rule module encountered unknown event attribute id

Severity: 7 (Medium)

Event Category: 3 (System Logs)

PH_LIBEVENT_UNKNOWN_ATTR_NAME

Description: Query/Report/Rule module encountered unknown event attribute name

Severity: 7 (Medium)

Event Category: 3 (System Logs)

PH_LIBEVENT_BUFFER_OVERFLOW

Description: FortiSIEM module encountered error while reading events from shared buffer

Severity: 7 (Medium)

Event Category: 3 (System Logs)

PH_LIBEVENT_IP_TYPE_INVALID

Description: Invalid IP type

Severity: 7 (Medium)

Event Category: 3 (System Logs)

PH_PARSE_CONFIG_CHANGE_FAILED

Description: FortiSIEM bRule/Report Master/Worker modules failed to parse performance monitoring config change

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errReason

Reason for Error

string

This is the reason for an error if given.

Previous
Next

Parser Logs

This section provides logs related to parsing of events/logs

PH_EVENT_ATTR_XML_ISSUE

Description: Event attribute xml issue

Severity: 6 (Medium)

Event Category: 3 (System Logs)

PH_NO_PARSER_FOR_EVENT

Description: No parser available for event

Severity: 5 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

eventName

Event Name

string

This is the eventType display name, or human readable name. In many cases the eventType is sufficiently labeled.

PH_VULN_LOAD_ERROR

Description: Parser module failed to load external scanner-found vulnerabilities from App server

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errReason

Reason for Error

string

This is the reason for an error if given.

PH_VULN_UPDATE_ERROR

Description: Parser module failed to upload external scanner-found vulnerabilities to App server

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errReason

Reason for Error

string

This is the reason for an error if given.

PH_PARSER_FILE_NOT_EXIST

Description: File doesn't exsit.

Severity: 3 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string

PH_PARSER_RAWEVENT_TOO_LARGER

Description: Raw event's size is more than 10M. Save it to tmp file and not send to parser.

Severity: 3 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string

PH_PARSER_TOO_MANY_UNKNOWN_EVENTS

Description: Too many unknown events

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

relayDevIpAddr

Relaying IP

IP

Relaying IP is most commonly used to specify the log relay appliance, usually a collector.

PH_PARSER_SHARED_STORE_ERROR

Description: FortiSIEM Parser module encountered shared store error

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorString

Error String

string

This is the error message, synonymous to attribute errReason

PH_PARSER_WRONG_EVENT_SIZE

Description: FortiSIEM module failed to load serialized event

Severity: 7 (Medium)

Event Category: 3 (System Logs)

PH_PARSER_BIND_PORT_FAILURE

Description: Parser module failed to bind to a TCP/UDP ports

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorNoInt

Error Number Int

int32

PH_PARSER_DIR_OPEN_FAILURE

Description: Parser module failed to open directory

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

dirName

Directory Name

string

PH_PARSER_EVENT_PARSER_ERROR

Description: Parser module failed to parse event parsing xml from local disk or App server

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

tagName

Tag Name

string

parserName

Event Parser Name

string

The name of parser that parsed the event

funName

Function Name

string

PH_PARSER_EVENT_SERIALIZE_ERROR

Description: Parser module failed to serialize event before writing to shared buffer

Severity: 7 (Medium)

Event Category: 3 (System Logs)

PH_PARSER_FILE_DELETE_FAILURE

Description: Parser module failed to delete file

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string

errorNoInt

Error Number Int

int32

PH_PARSER_FILE_DELETE_FAILURE_RENAME

Description: Parser module failed to delete file but succeeded to rename. These files may fill up disk.

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string

errorNoInt

Error Number Int

int32

PH_PARSER_FILE_INVALID_FORMAT

Description: Parser module failed to parse event or metadata files with invalid file format

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string

errorString

Error String

string

This is the error message, synonymous to attribute errReason

PH_PARSER_FILE_INVALID_HEADER

Description: Parser module failed to parse event files with invalid file header

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string

errorString

Error String

string

This is the error message, synonymous to attribute errReason

PH_PARSER_FILE_OPEN_FAILURE

Description: Parser module failed to open file

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string

errorNoInt

Error Number Int

int32

errorString

Error String

string

This is the error message, synonymous to attribute errReason

PH_PARSER_FILE_READ_FAILURE

Description: Parser module failed to read file

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string

errorNoInt

Error Number Int

int32

PH_PARSER_FILE_SIZE_MISMATCH

Description: Parser module ignored event file from collector because of file size mismatch

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string

PH_PARSER_FILE_STAT_FAILURE

Description: Parser module failed to obtain file status and will skip the file

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string

errorNoInt

Error Number Int

int32

PH_PARSER_FILE_WRITE_FAILURE

Description: Parser module failed to write file

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string

errorNoInt

Error Number Int

int32

PH_PARSER_GEO_WRONG_ATTR_NUMBER

Description: Parser module internal error - mismatched GEO attribute count

Severity: 7 (Medium)

Event Category: 3 (System Logs)

PH_PARSER_GEO_WRONG_CACHE_NUMBER

Description: Parser module internal error - incorrect GEO cache attribute count

Severity: 7 (Medium)

Event Category: 3 (System Logs)

PH_PARSER_GET_PROCESS_ERROR

Description: Parser module failed to get own process information

Severity: 7 (Medium)

Event Category: 3 (System Logs)

PH_PARSER_HTTP_RESPONSE_ERROR

Description: Parser module failed to get response from App Server

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorNo

Error Number Unsigned

uint32

This is an unsigned integer error number

PH_PARSER_HTTP_UPLOAD_FAILURE

Description: Parser module failed to upload information to App Server

Severity: 7 (Medium)

Event Category: 3 (System Logs)

PH_PARSER_INIT_FAILURE

Description: Parser module failed to initialize

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

funName

Function Name

string

errorString

Error String

string

This is the error message, synonymous to attribute errReason

PH_PARSER_INVALID_EXT_LOG_PROTO

Description: Parser module encountered unsupported external log receive protocol

Severity: 7 (Medium)

Event Category: 3 (System Logs)

PH_PARSER_INVALID_CSV

Description: Parser module failed to load CSV file

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string

PH_PARSER_INVALID_ORG_NAME

Description: Parser module received invalid organization in event

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

customer

Organization Name

string

This is the FortiSIEM Organization Name, which is unique to each tenant. It identifies the tenant this event belongs to.

PH_PARSER_INVALID_PHOENIX_CONFIG

Description: Parser module found incorrectly formatted phoenix config file entry

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

module

Module Name

string

configName

Config Name

string

configValue

Config Value

string

PH_PARSER_MALLOC_FAILURE

Description: Parser module failed to dynamically allocate memory

Severity: 7 (Medium)

Event Category: 3 (System Logs)

PH_PARSER_PACK_EVENT_ERROR

Description: Parser module failed to pack event before sending to other modules for internal communication

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

funName

Function Name

string

PH_PARSER_REST_PARSE_ERROR

Description: Parser module failed to parse REST api from App Server

Severity: 7 (Medium)

Event Category: 3 (System Logs)

PH_PARSER_RUN_PROCESS_ERROR

Description: Parser module failed to start

Severity: 7 (Medium)

Event Category: 3 (System Logs)

PH_PARSER_SEND_TO_DISCOV_FAILURE

Description: Parser module failed to send internal event to discovery module

Severity: 7 (Medium)

Event Category: 3 (System Logs)

PH_PARSER_SEND_TO_MONITOR_FAILURE

Description: Parser module failed to send internal event to Supervisor phMonitor process

Severity: 7 (Medium)

Event Category: 3 (System Logs)

PH_PARSER_SET_USER_ID_FAILURE

Description: Parser module unable to set effective user ID

Severity: 7 (Medium)

Event Category: 3 (System Logs)

PH_PARSER_SOCKET_ERROR

Description: Parser module failed to open socket

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorNoInt

Error Number Int

int32

PH_PARSER_SOCKET_RECV_ERROR

Description: Parser module failed to receive message via socket

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorNoInt

Error Number Int

int32

PH_PARSER_SOCKET_SELECT_ERROR

Description: Parser module failed to select in socket API

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorNoInt

Error Number Int

int32

PH_PARSER_SPAWN_THREAD_FAILURE

Description: Parser module failed to spawn thread

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

funName

Function Name

string

PH_PARSER_SSL_ACCEPT_ERROR

Description: Parser module failed to accept SSL connection

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorString

Error String

string

This is the error message, synonymous to attribute errReason

PH_PARSER_SSL_CERT_LOAD_ERROR

Description: Parser module failed to load SSL certificate

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string

errorString

Error String

string

This is the error message, synonymous to attribute errReason

PH_PARSER_UPDATE_FAILURE

Description: Parser module failed to update internal information from REST API

Severity: 7 (Medium)

Event Category: 3 (System Logs)

PH_PARSER_USE_ERROR_BEFORE_INIT

Description: Parser module attempted to use an object before initialization

Severity: 7 (Medium)

Event Category: 3 (System Logs)

PH_PARSER_WRONG_PARAMETER

Description: Parser module encountered wrong parameter during event parsing

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

funName

Function Name

string

paraName

Param Name

string

parserName

Event Parser Name

string

The name of parser that parsed the event

PH_PARSER_XML_PARSE_ERROR

Description: Parser module failed to parse generic xml document

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

tagName

Tag Name

string

parserName

Event Parser Name

string

The name of parser that parsed the event

PH_PARSER_IP_TYPE_INVALID

Description: Invalid IP type

Severity: 7 (Medium)

Event Category: 3 (System Logs)

PH_PARSER_DATA_SIZE_OVERFLOW

Description: Data size exceeding capacity

Severity: 7 (Medium)

Event Category: 3 (System Logs)

PH_PARSER_WTAP_ERR_NOT_REGULAR_FILE

Description: Parser module failed to parse a special file or socket or other non-regular file.

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string

PH_PARSER_WTAP_ERR_RANDOM_OPEN_PIPE

Description: Parser module can't parse a pipe or FIFO files.

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string

PH_PARSER_WTAP_ERR_FILE_UNKNOWN_FORMAT

Description: Parser module doesn't support this file format.

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string

PH_PARSER_WTAP_ERR_UNSUPPORTED

Description: Parser module doesn't support record data in the file.

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string

errorString

Error String

string

This is the error message, synonymous to attribute errReason

PH_PARSER_WTAP_ERR_ENCAP_PER_PACKET_UNSUPPORTED

Description: Parser module doesn't support the network type in the file.

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string

PH_PARSER_WTAP_ERR_BAD_FILE

Description: The file is damaged or corrupt.

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string

errorString

Error String

string

This is the error message, synonymous to attribute errReason

PH_PARSER_WTAP_ERR_CANT_OPEN

Description: Parser module failed to open file.

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string

PH_PARSER_WTAP_ERR_SHORT_READ

Description: The file has been cut short in the middle of a packet.

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string

PH_PARSER_WTAP_ERR_SHORT_WRITE

Description: Parser module failed to write a full header in the file.

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string

PH_PARSER_WTAP_ERR_COMPRESSION_NOT_SUPPORTED

Description: Parser module failed to write this file type as a compressed file.

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string

PH_PARSER_WTAP_ERR_DECOMPRESS

Description: The compressed file appears to be damaged or corrupt

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string

errorString

Error String

string

This is the error message, synonymous to attribute errReason

PH_PARSER_FILE_RENAME_FAILURE

Description: Parser module failed to rename file

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string

errorNoInt

Error Number Int

int32

PH_PARSER_SEND_EVENT_FAILURE

Description: Parser module failed to send event

Severity: 7 (Medium)

Event Category: 3 (System Logs)

PH_PARSER_JSON_PARSE_FAILURE

Description: Parser module failed to parse Json

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorString

Error String

string

This is the error message, synonymous to attribute errReason

jsonBody

JSON Body

string

PH_PARSER_SNMPTRAP_INIT_FAILURE

Description: Parser module failed to initialize snmptrap

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorString

Error String

string

This is the error message, synonymous to attribute errReason

PH_PARSER_XML_PARSE_FAILURE

Description: Parser module failed to parse XML

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

propName

Property Name

string

propValue

Property Value

string

PH_LIBEVENT_UNKNOWN_ATTR_ID

Description: Query/Report/Rule module encountered unknown event attribute id

Severity: 7 (Medium)

Event Category: 3 (System Logs)

PH_LIBEVENT_UNKNOWN_ATTR_NAME

Description: Query/Report/Rule module encountered unknown event attribute name

Severity: 7 (Medium)

Event Category: 3 (System Logs)

PH_LIBEVENT_BUFFER_OVERFLOW

Description: FortiSIEM module encountered error while reading events from shared buffer

Severity: 7 (Medium)

Event Category: 3 (System Logs)

PH_LIBEVENT_IP_TYPE_INVALID

Description: Invalid IP type

Severity: 7 (Medium)

Event Category: 3 (System Logs)

PH_PARSE_CONFIG_CHANGE_FAILED

Description: FortiSIEM bRule/Report Master/Worker modules failed to parse performance monitoring config change

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errReason

Reason for Error

string

This is the reason for an error if given.

Previous
Next