Parser Logs
This section provides logs related to parsing of events/logs
PH_EVENT_ATTR_XML_ISSUE
Description: Event attribute xml issue
Severity: 6 (Medium)
Event Category: 3 (System Logs)
PH_NO_PARSER_FOR_EVENT
Description: No parser available for event
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
eventName |
Event Name |
string |
This is the eventType display name, or human readable name. In many cases the eventType is sufficiently labeled. |
PH_VULN_LOAD_ERROR
Description: Parser module failed to load external scanner-found vulnerabilities from App server
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
PH_VULN_UPDATE_ERROR
Description: Parser module failed to upload external scanner-found vulnerabilities to App server
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
PH_PARSER_FILE_NOT_EXIST
Description: File doesn't exsit.
Severity: 3 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
PH_PARSER_RAWEVENT_TOO_LARGER
Description: Raw event's size is more than 10M. Save it to tmp file and not send to parser.
Severity: 3 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
PH_PARSER_TOO_MANY_UNKNOWN_EVENTS
Description: Too many unknown events
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
relayDevIpAddr |
Relaying IP |
IP |
Relaying IP is most commonly used to specify the log relay appliance, usually a collector. |
PH_PARSER_SHARED_STORE_ERROR
Description: FortiSIEM Parser module encountered shared store error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
PH_PARSER_WRONG_EVENT_SIZE
Description: FortiSIEM module failed to load serialized event
Severity: 7 (Medium)
Event Category: 3 (System Logs)
PH_PARSER_BIND_PORT_FAILURE
Description: Parser module failed to bind to a TCP/UDP ports
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errorNoInt |
Error Number Int |
int32 |
|
PH_PARSER_DIR_OPEN_FAILURE
Description: Parser module failed to open directory
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
dirName |
Directory Name |
string |
|
PH_PARSER_EVENT_PARSER_ERROR
Description: Parser module failed to parse event parsing xml from local disk or App server
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
tagName |
Tag Name |
string |
|
|
parserName |
Event Parser Name |
string |
The name of parser that parsed the event |
|
funName |
Function Name |
string |
|
PH_PARSER_EVENT_SERIALIZE_ERROR
Description: Parser module failed to serialize event before writing to shared buffer
Severity: 7 (Medium)
Event Category: 3 (System Logs)
PH_PARSER_FILE_DELETE_FAILURE
Description: Parser module failed to delete file
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
|
errorNoInt |
Error Number Int |
int32 |
|
PH_PARSER_FILE_DELETE_FAILURE_RENAME
Description: Parser module failed to delete file but succeeded to rename. These files may fill up disk.
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
|
errorNoInt |
Error Number Int |
int32 |
|
PH_PARSER_FILE_INVALID_FORMAT
Description: Parser module failed to parse event or metadata files with invalid file format
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
PH_PARSER_FILE_INVALID_HEADER
Description: Parser module failed to parse event files with invalid file header
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
PH_PARSER_FILE_OPEN_FAILURE
Description: Parser module failed to open file
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
|
errorNoInt |
Error Number Int |
int32 |
|
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
PH_PARSER_FILE_READ_FAILURE
Description: Parser module failed to read file
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
|
errorNoInt |
Error Number Int |
int32 |
|
PH_PARSER_FILE_SIZE_MISMATCH
Description: Parser module ignored event file from collector because of file size mismatch
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
PH_PARSER_FILE_STAT_FAILURE
Description: Parser module failed to obtain file status and will skip the file
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
|
errorNoInt |
Error Number Int |
int32 |
|
PH_PARSER_FILE_WRITE_FAILURE
Description: Parser module failed to write file
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
|
errorNoInt |
Error Number Int |
int32 |
|
PH_PARSER_GEO_WRONG_ATTR_NUMBER
Description: Parser module internal error - mismatched GEO attribute count
Severity: 7 (Medium)
Event Category: 3 (System Logs)
PH_PARSER_GEO_WRONG_CACHE_NUMBER
Description: Parser module internal error - incorrect GEO cache attribute count
Severity: 7 (Medium)
Event Category: 3 (System Logs)
PH_PARSER_GET_PROCESS_ERROR
Description: Parser module failed to get own process information
Severity: 7 (Medium)
Event Category: 3 (System Logs)
PH_PARSER_HTTP_RESPONSE_ERROR
Description: Parser module failed to get response from App Server
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errorNo |
Error Number Unsigned |
uint32 |
This is an unsigned integer error number |
PH_PARSER_HTTP_UPLOAD_FAILURE
Description: Parser module failed to upload information to App Server
Severity: 7 (Medium)
Event Category: 3 (System Logs)
PH_PARSER_INIT_FAILURE
Description: Parser module failed to initialize
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
funName |
Function Name |
string |
|
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
PH_PARSER_INVALID_EXT_LOG_PROTO
Description: Parser module encountered unsupported external log receive protocol
Severity: 7 (Medium)
Event Category: 3 (System Logs)
PH_PARSER_INVALID_CSV
Description: Parser module failed to load CSV file
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
PH_PARSER_INVALID_ORG_NAME
Description: Parser module received invalid organization in event
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
customer |
Organization Name |
string |
This is the FortiSIEM Organization Name, which is unique to each tenant. It identifies the tenant this event belongs to. |
PH_PARSER_INVALID_PHOENIX_CONFIG
Description: Parser module found incorrectly formatted phoenix config file entry
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
module |
Module Name |
string |
|
|
configName |
Config Name |
string |
|
|
configValue |
Config Value |
string |
|
PH_PARSER_MALLOC_FAILURE
Description: Parser module failed to dynamically allocate memory
Severity: 7 (Medium)
Event Category: 3 (System Logs)
PH_PARSER_PACK_EVENT_ERROR
Description: Parser module failed to pack event before sending to other modules for internal communication
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
funName |
Function Name |
string |
|
PH_PARSER_REST_PARSE_ERROR
Description: Parser module failed to parse REST api from App Server
Severity: 7 (Medium)
Event Category: 3 (System Logs)
PH_PARSER_RUN_PROCESS_ERROR
Description: Parser module failed to start
Severity: 7 (Medium)
Event Category: 3 (System Logs)
PH_PARSER_SEND_TO_DISCOV_FAILURE
Description: Parser module failed to send internal event to discovery module
Severity: 7 (Medium)
Event Category: 3 (System Logs)
PH_PARSER_SEND_TO_MONITOR_FAILURE
Description: Parser module failed to send internal event to Supervisor phMonitor process
Severity: 7 (Medium)
Event Category: 3 (System Logs)
PH_PARSER_SET_USER_ID_FAILURE
Description: Parser module unable to set effective user ID
Severity: 7 (Medium)
Event Category: 3 (System Logs)
PH_PARSER_SOCKET_ERROR
Description: Parser module failed to open socket
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errorNoInt |
Error Number Int |
int32 |
|
PH_PARSER_SOCKET_RECV_ERROR
Description: Parser module failed to receive message via socket
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errorNoInt |
Error Number Int |
int32 |
|
PH_PARSER_SOCKET_SELECT_ERROR
Description: Parser module failed to select in socket API
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errorNoInt |
Error Number Int |
int32 |
|
PH_PARSER_SPAWN_THREAD_FAILURE
Description: Parser module failed to spawn thread
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
funName |
Function Name |
string |
|
PH_PARSER_SSL_ACCEPT_ERROR
Description: Parser module failed to accept SSL connection
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
PH_PARSER_SSL_CERT_LOAD_ERROR
Description: Parser module failed to load SSL certificate
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
PH_PARSER_UPDATE_FAILURE
Description: Parser module failed to update internal information from REST API
Severity: 7 (Medium)
Event Category: 3 (System Logs)
PH_PARSER_USE_ERROR_BEFORE_INIT
Description: Parser module attempted to use an object before initialization
Severity: 7 (Medium)
Event Category: 3 (System Logs)
PH_PARSER_WRONG_PARAMETER
Description: Parser module encountered wrong parameter during event parsing
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
funName |
Function Name |
string |
|
|
paraName |
Param Name |
string |
|
|
parserName |
Event Parser Name |
string |
The name of parser that parsed the event |
PH_PARSER_XML_PARSE_ERROR
Description: Parser module failed to parse generic xml document
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
tagName |
Tag Name |
string |
|
|
parserName |
Event Parser Name |
string |
The name of parser that parsed the event |
PH_PARSER_IP_TYPE_INVALID
Description: Invalid IP type
Severity: 7 (Medium)
Event Category: 3 (System Logs)
PH_PARSER_DATA_SIZE_OVERFLOW
Description: Data size exceeding capacity
Severity: 7 (Medium)
Event Category: 3 (System Logs)
PH_PARSER_WTAP_ERR_NOT_REGULAR_FILE
Description: Parser module failed to parse a special file or socket or other non-regular file.
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
PH_PARSER_WTAP_ERR_RANDOM_OPEN_PIPE
Description: Parser module can't parse a pipe or FIFO files.
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
PH_PARSER_WTAP_ERR_FILE_UNKNOWN_FORMAT
Description: Parser module doesn't support this file format.
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
PH_PARSER_WTAP_ERR_UNSUPPORTED
Description: Parser module doesn't support record data in the file.
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
PH_PARSER_WTAP_ERR_ENCAP_PER_PACKET_UNSUPPORTED
Description: Parser module doesn't support the network type in the file.
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
PH_PARSER_WTAP_ERR_BAD_FILE
Description: The file is damaged or corrupt.
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
PH_PARSER_WTAP_ERR_CANT_OPEN
Description: Parser module failed to open file.
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
PH_PARSER_WTAP_ERR_SHORT_READ
Description: The file has been cut short in the middle of a packet.
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
PH_PARSER_WTAP_ERR_SHORT_WRITE
Description: Parser module failed to write a full header in the file.
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
PH_PARSER_WTAP_ERR_COMPRESSION_NOT_SUPPORTED
Description: Parser module failed to write this file type as a compressed file.
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
PH_PARSER_WTAP_ERR_DECOMPRESS
Description: The compressed file appears to be damaged or corrupt
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
PH_PARSER_FILE_RENAME_FAILURE
Description: Parser module failed to rename file
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
|
errorNoInt |
Error Number Int |
int32 |
|
PH_PARSER_SEND_EVENT_FAILURE
Description: Parser module failed to send event
Severity: 7 (Medium)
Event Category: 3 (System Logs)
PH_PARSER_JSON_PARSE_FAILURE
Description: Parser module failed to parse Json
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
|
jsonBody |
JSON Body |
string |
|
PH_PARSER_SNMPTRAP_INIT_FAILURE
Description: Parser module failed to initialize snmptrap
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
PH_PARSER_XML_PARSE_FAILURE
Description: Parser module failed to parse XML
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
propName |
Property Name |
string |
|
|
propValue |
Property Value |
string |
|
PH_LIBEVENT_UNKNOWN_ATTR_ID
Description: Query/Report/Rule module encountered unknown event attribute id
Severity: 7 (Medium)
Event Category: 3 (System Logs)
PH_LIBEVENT_UNKNOWN_ATTR_NAME
Description: Query/Report/Rule module encountered unknown event attribute name
Severity: 7 (Medium)
Event Category: 3 (System Logs)
PH_LIBEVENT_BUFFER_OVERFLOW
Description: FortiSIEM module encountered error while reading events from shared buffer
Severity: 7 (Medium)
Event Category: 3 (System Logs)
PH_LIBEVENT_IP_TYPE_INVALID
Description: Invalid IP type
Severity: 7 (Medium)
Event Category: 3 (System Logs)
PH_PARSE_CONFIG_CHANGE_FAILED
Description: FortiSIEM bRule/Report Master/Worker modules failed to parse performance monitoring config change
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |