System Logs
This section provides logs related phMonitor module.
PH_GENERIC_DEBUG
Description: PH system generic debug message
Severity: 1 (Low)
Event Category: 3 (System Logs)
PH_GENERIC_INFO
Description: PH system generic info
Severity: 1 (Low)
Event Category: 3 (System Logs)
PH_GENERIC_ERROR
Description: PH system generic error
Severity: 6 (Medium)
Event Category: 3 (System Logs)
PH_GENERIC_WARNING
Description: PH system generic warning
Severity: 5 (Medium)
Event Category: 3 (System Logs)
PH_GENERIC_CRITICAL
Description: PH system generic critical message
Severity: 9 (High)
Event Category: 3 (System Logs)
PH_SSL_SHUTDOWN_ERROR
Description: PH system ssl shutdown error
Severity: 6 (Medium)
Event Category: 3 (System Logs)
PH_WS_COMM_ERROR
Description: Web service communication error
Severity: 6 (Medium)
Event Category: 3 (System Logs)
PH_OBJECT_NOT_FOUND
Description: Can not find specified object
Severity: 1 (Low)
Event Category: 3 (System Logs)
PH_FILE_NOT_FOUND
Description: Can not find the specified file
Severity: 7 (Medium)
Event Category: 3 (System Logs)
PH_INVALID_PARAM
Description: Invaid Parameter
Severity: 6 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
paraName |
Param Name |
string |
|
PH_INVALID_PARAM_CNT
Description: Invaid number of parameter
Severity: 6 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
count |
Count |
uint32 |
A general count variable. A common use case is for incidents. Count represents how many times an Incident occurred in a time interval. When an Incident with the same group by parameters occurs again. The count is incremented and the Last Seen time is advanced. Count can be used for other events also. |
PH_UNABLE_CREATE_DIR
Description: Unable to create dir
Severity: 6 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
dirName |
Directory Name |
string |
|
|
errorNo |
Error Number Unsigned |
uint32 |
This is an unsigned integer error number |
PH_UNABLE_CREATE_FILE
Description: Unable to create file
Severity: 6 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
fileName |
File Name |
string |
|
|
errorNo |
Error Number Unsigned |
uint32 |
This is an unsigned integer error number |
PH_UNABLE_RENAME_FILE
Description: Unable to rename file
Severity: 6 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
srcFilePath |
Source File Path |
string |
|
|
destFilePath |
Destination File Path |
string |
|
|
errorNo |
Error Number Unsigned |
uint32 |
This is an unsigned integer error number |
PH_UNABLE_OPEN_DIR
Description: Unable to open dir
Severity: 6 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
dirName |
Directory Name |
string |
|
|
errorNo |
Error Number Unsigned |
uint32 |
This is an unsigned integer error number |
PH_UNABLE_OPEN_FILE
Description: Unable to open file
Severity: 6 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
fileName |
File Name |
string |
|
|
errorNo |
Error Number Unsigned |
uint32 |
This is an unsigned integer error number |
PH_UNABLE_PARSE_XML
Description: Unable to parse xml
Severity: 6 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
fileName |
File Name |
string |
|
PH_UNABLE_CREATE_TIMER
Description: Unable to create timer
Severity: 6 (Medium)
Event Category: 3 (System Logs)
PH_UNABLE_ALLOC_MEMORY
Description: Unable to allocate memory
Severity: 6 (Medium)
Event Category: 3 (System Logs)
PH_READER_BLOCK_WRITE
Description: Reader is blocking writer&Restart
Severity: 6 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
reptProcName |
Reported Process Name |
string |
|
PH_DIVIDE_BY_ZERO
Description: Devide by zero
Severity: 6 (Medium)
Event Category: 3 (System Logs)
PH_FAILED_TO_EXEC
Description: Failed to execute specified command
Severity: 6 (Medium)
Event Category: 3 (System Logs)
PH_HTTP_INIT_FAILURE
Description: Http client initialization failure
Severity: 6 (Medium)
Event Category: 3 (System Logs)
PH_NOTIFICATION_ACCEPT_FAILURE
Description: failed to accept connection
Severity: 6 (Medium)
Event Category: 3 (System Logs)
PH_NOTIFICATION_NO_RESPONSE
Description: has no response on Notification
Severity: 6 (Medium)
Event Category: 3 (System Logs)
PH_NOTIFICATION_RETURN_FAILURE
Description: Notification returns failure
Severity: 6 (Medium)
Event Category: 3 (System Logs)
PH_INCIDENT_ACTION_STATUS
Description: Record action result for incident notification
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
scriptOutput |
Script Output |
string |
|
PH_THREAD_STARTING
Description: Module starting thread
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
threadName |
Thread Name |
string |
|
PH_THREAD_EXITING
Description: Module exiting thread
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
threadName |
Thread Name |
string |
|
PH_THREAD_RECVD_EXIT
Description: Thread received exit request
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
threadName |
Thread Name |
string |
|
PH_MODULE_EXITING
Description: Module exiting
Severity: 1 (Low)
Event Category: 3 (System Logs)
PH_MODULE_INITIALIZING
Description: Module initialization
Severity: 1 (Low)
Event Category: 3 (System Logs)
PH_MODULE_ACCEPTED_CONN
Description: Module accepted connection
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
PH_MODULE_RECVD_START
Description: Module received start request
Severity: 1 (Low)
Event Category: 3 (System Logs)
PH_MODULE_LOCAL_CONFIG_LOADED
Description: Module loaded local config successfully
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
configName |
Config Name |
string |
|
PH_MODULE_DB_CONFIG_LOADED
Description: Module loaded database config succesfully
Severity: 1 (Low)
Event Category: 3 (System Logs)
PH_MODULE_COMM_PORTS_OPENED
Description: Module opened Notification Service ports
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
ipProto |
IP Protocol |
uint16 |
IP Protocol, e.g. TCP, UDP, ICMP etc as defined in IP RFPs |
|
srcIpPort |
Source TCP/UDP Port |
uint16 |
This is the source TCP or UDP port as identified in the event |
PH_MODULE_COMM_HANDLER_REG
Description: Module registering notification handlers
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
notifId |
Notification ID |
uint32 |
|
|
handlerName |
Notification Handler Name |
string |
|
PH_MODULE_HEARTBEAT_INIT
Description: Module initializing heartbeat object
Severity: 1 (Low)
Event Category: 3 (System Logs)
PH_MODULE_INIT_COMPLETE
Description: Module successfully started
Severity: 1 (Low)
Event Category: 3 (System Logs)
PH_MODULE_LOG_LEVEL_CHANGE
Description: Module received log level change
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
oldLogLevel |
Old Log Level |
uint32 |
|
|
newLogLevel |
New Log Level |
uint32 |
|
PH_MODULE_RECVD_NEW_CONFIG
Description: Module received config change notification
Severity: 1 (Low)
Event Category: 3 (System Logs)
PH_MODULE_LOADED_NEW_CONFIG
Description: Module sucessfully loaded new config
Severity: 1 (Low)
Event Category: 3 (System Logs)
PH_MODULE_RECVD_EXIT_MONITOR
Description: Module received exit request from Monitor
Severity: 1 (Low)
Event Category: 3 (System Logs)
PH_MODULE_RECVD_EXIT_EXT
Description: Module received external signal to exit
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
exitValue |
Command exit value |
int32 |
|
PH_MODULE_EXIT_OK
Description: Module exited gracefully
Severity: 1 (Low)
Event Category: 3 (System Logs)
PH_MODULE_INIT_FAILURE
Description: Module initialization failure
Severity: 6 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
module |
Module Name |
string |
|
PH_MODULE_COMM_ERROR
Description: Module encountered inter-module communication error
Severity: 6 (Medium)
Event Category: 3 (System Logs)
PH_MODULE_UNABLE_OPEN_COMM_PORT
Description: Module unable to open inter-module comm port during initialization
Severity: 6 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
ipProto |
IP Protocol |
uint16 |
IP Protocol, e.g. TCP, UDP, ICMP etc as defined in IP RFPs |
|
srcIpPort |
Source TCP/UDP Port |
uint16 |
This is the source TCP or UDP port as identified in the event |
PH_MODULE_LOCAL_CONFIG_SECTION_ERROR
Description: Module failed to load local config section
Severity: 6 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
configSectName |
Config Section Name |
string |
|
PH_MODULE_LOCAL_CONFIG_VALUE_ERROR
Description: Module failed to load local config value
Severity: 6 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
configName |
Config Name |
string |
|
|
configValue |
Config Value |
string |
|
PH_MODULE_DIODE_CONFIG_ERROR
Description: Module failed to load diode collector config
Severity: 6 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
PH_MODULE_LOAD_DIODE_CRED_ERROR
Description: Failed to load diode collector agent credential.
Severity: 6 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
PH_MODULE_ABORT
Description: Module exited abnormally
Severity: 6 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
coreDumpFile |
Coredump File Name |
string |
|
PH_MODULE_UNABLE_INIT_SHARED_STORE
Description: Module unable to init shared store
Severity: 6 (Medium)
Event Category: 3 (System Logs)
PH_MODULE_SETPIDFILE_ERR
Description: Module unable to set PID file
Severity: 6 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errorNo |
Error Number Unsigned |
uint32 |
This is an unsigned integer error number |
PH_MODULE_ABORT_FOUND
Description: Module found aborted
Severity: 6 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
reptProcName |
Reported Process Name |
string |
|
|
eventTime |
Event Occur Time |
Date |
|
PH_MODULE_ACE_HANDLE_EVENT_ERROR
Description: ACE failed to handle event
Severity: 6 (Medium)
Event Category: 3 (System Logs)
PH_SER_MON_SERVICE_DOWN
Description: PH process down
Severity: 8 (Medium)
Event Category: 3 (System Logs)
PH_PDF_BUILDER_ERROR
Description: PDF builder error
Severity: 5 (Medium)
Event Category: 3 (System Logs)
PH_DISC_DATA_PROCESS_ERROR
Description: Discovery result process error
Severity: 5 (Medium)
Event Category: 3 (System Logs)
PH_WORKER_PROVISION_FAILED
Description: Phoenix worker provision failed
Severity: 7 (Medium)
Event Category: 3 (System Logs)
PH_SAAS_OP_COLLECTOR_UP
Description: Collector up
Severity: 1 (Low)
Event Category: 3 (System Logs)
PH_SAAS_OP_COLLECTOR_DOWN
Description: Collector down
Severity: 7 (Medium)
Event Category: 3 (System Logs)
PH_WORKER_DOWN
Description: Worker down
Severity: 7 (Medium)
Event Category: 3 (System Logs)
PH_WORKER_UP
Description: Worker up
Severity: 1 (Low)
Event Category: 3 (System Logs)
PH_SYS_ERROR_XML_SENT
Description: System error sent to app server
Severity: 1 (Low)
Event Category: 3 (System Logs)
PH_SYS_ERROR_XML_SEND_ERROR
Description: Error in sending system error to app server
Severity: 7 (Medium)
Event Category: 3 (System Logs)
PH_SYSTEM_STORAGE_LOW
Description: System data storage is low
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
diskName |
Disk Name |
string |
|
|
freeDiskMB |
Free Disk MB |
uint32 |
|
|
diskUtil |
Disk Capacity Util |
double |
|
PH_UNABLE_ACCESS_DIR
Description: Unable to access archive directory
Severity: 10 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
dirName |
Directory Name |
string |
|
PH_HTTP_RESPONSE_FAILURE
Description: HTTP response code failure
Severity: 3 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errorNo |
Error Number Unsigned |
uint32 |
This is an unsigned integer error number |
PH_SHAREDSTORE_ACQUIRE_ERROR
Description: A module failed to acquire shared store. The module will abort.
Severity: 10 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
PH_SHAREDSTORE_WRITE_ERROR
Description: Parser module encountered error while writing to shared store. Events will be lost.
Severity: 9 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
PH_SHAREDSTORE_WRITER_POS_UNEXPECTED_ALTERED
Description: Shared store writer position altered unexpectedly
Severity: 9 (High)
Event Category: 3 (System Logs)
PH_UTIL_BIZ_CHANGE_UPDATE_SPAWN_FAILURE
Description: phMonitor encountered error in spawning thread
Severity: 10 (High)
Event Category: 3 (System Logs)
PH_UTIL_BIZ_HTTP_REQUEST_FAILURE
Description: HTTP Request Error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
PH_UTIL_CONFIG_IP_MISSING
Description: Found empty IP address
Severity: 7 (Medium)
Event Category: 3 (System Logs)
PH_UTIL_CONFIG_LOAD_FAILURE
Description: Failed to load configuration type from the app server
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
objType |
Object Type |
string |
|
PH_UTIL_CONFIG_LOAD_FILE_ACESS_FAILURE
Description: Failed to load configuration type from the app server - tmp file not accessible
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
objType |
Object Type |
string |
|
PH_UTIL_CONFIG_PARSE_FAILURE
Description: Failed to parse system/phoenixServer xml
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
xmlBody |
XML Body |
string |
|
PH_UTIL_CONFIG_UNKNOWN_SERVER_TYPE
Description: Found unknown server type in App server returned XML
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
objType |
Object Type |
string |
|
PH_UTIL_CSV_LINE_ILLEGAL
Description: Found illegal line in csv file
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
lineContent |
Line Content |
string |
|
PH_UTIL_CSV_READ_FAILURE
Description: Failed to open CSV file
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
|
errorNoInt |
Error Number Int |
int32 |
|
PH_UTIL_CUSTOMER_COLLECTOR_MISSING
Description: Failed to parse collectors and no collector found
Severity: 7 (Medium)
Event Category: 3 (System Logs)
PH_UTIL_CUSTOMER_COLLECTOR_PARSE_FAILURE
Description: Failed to parsephCustomerDevice Collector info
Severity: 7 (Medium)
Event Category: 3 (System Logs)
PH_UTIL_CUSTOMER_DOMAIN_MISSING
Description: No domain item found in xml file
Severity: 7 (Medium)
Event Category: 3 (System Logs)
PH_UTIL_CUSTOMER_INFO_PARSE_FAILURE
Description: Failed to parse value group xml
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
xmlBody |
XML Body |
string |
|
PH_UTIL_CUSTOMER_PARSE_FAILURE
Description: Failed to parse phCustomerDevice Customer info in XML
Severity: 7 (Medium)
Event Category: 3 (System Logs)
PH_UTIL_DASHBOARD_DUPLICATE_IP
Description: Encountered duplicate ip in device info for same customer Id
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
reptDevIpAddr |
Reporting IP |
IP |
This is the device that originated the log or event packet, also known as the reporting device. |
|
phCustId |
Organization ID |
uint32 |
This is the FortiSIEM organization ID unique to each tenant |
PH_UTIL_DASHBOARD_DUPLICATE_ITEM
Description: Encountered duplicate item id in device info for same custId
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
item |
Item |
string |
|
|
phCustId |
Organization ID |
uint32 |
This is the FortiSIEM organization ID unique to each tenant |
PH_UTIL_DASHBOARD_PARSE_FAILURE
Description: Failed to parse dashboard device info xml
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
xmlBody |
XML Body |
string |
|
PH_UTIL_DEVICE_MAP_PROP_ERROR
Description: Encountered device map property error in XML
Severity: 10 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
PH_UTIL_DEVICE_PROP_ERROR
Description: Encountered device property error in XML
Severity: 10 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
PH_UTIL_DEVICE_SIMPLE_PROP_PARSE_FAILURE
Description: Failed to parse NULL element for property in XML
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
propName |
Property Name |
string |
|
PH_UTIL_DGA_FREQ_FILE_OPEN_FAILURE
Description: Failed to open DGA freq file
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
PH_UTIL_DGA_WHITELIST_FILE_OPEN_FAILURE
Description: Failed to open DGA white list file
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
PH_UTIL_DIR_CREATE_FAILURE
Description: Failed to create directory after a few attempts
Severity: 7 (Medium)
Event Category: 3 (System Logs)
PH_UTIL_DIR_CREATE_RETRIED
Description: Retried to created dir
Severity: 3 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
dirName |
Directory Name |
string |
|
|
count |
Count |
uint32 |
A general count variable. A common use case is for incidents. Count represents how many times an Incident occurred in a time interval. When an Incident with the same group by parameters occurs again. The count is incremented and the Last Seen time is advanced. Count can be used for other events also. |
PH_UTIL_DIR_OPEN_FAILURE
Description: Failed to open directory after a few attempts
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
dirName |
Directory Name |
string |
|
|
errorNoInt |
Error Number Int |
int32 |
|
PH_UTIL_DIR_REMOVE_FAILURE
Description: Failed to remove directory
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
dirName |
Directory Name |
string |
|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
PH_UTIL_DIR_PARENT_NOT_EXIST
Description: Failed to locate Parent directory
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
dirName |
Directory Name |
string |
|
PH_UTIL_DISK_USAGE_INFO_GET_FAILURE
Description: Unable to get disk usage information
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
dirName |
Directory Name |
string |
|
PH_UTIL_DISPATH_CMD_XML_ILLEGAL
Description: Encountered malformatted XML
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
xmlBody |
XML Body |
string |
|
PH_UTIL_DISPATH_CMD_XML_PARSE_FAILURE
Description: Encountered XML parsing failure
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
xmlBody |
XML Body |
string |
|
PH_UTIL_EMAIL_SEND_FAILURE
Description: Failed to send email to server
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
destName |
Destination Host Name |
string |
Destination device's hostname as identified in the log, can also be enriched using reverse lookup of the destination IP address. |
PH_UTIL_EVENT_FILE_ERROR
Description: Encountered Event file error
Severity: 10 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
PH_UTIL_EVENT_GROUP_ERROR
Description: Encountered Event Group error
Severity: 10 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
PH_UTIL_EVENT_STATUS_REPORTER_SPAWN_FAILURE
Description: Failed to initialize external event status reporter thread
Severity: 7 (Medium)
Event Category: 3 (System Logs)
PH_UTIL_EVENT_STATUS_UPLOAD_FAILURE
Description: Failed to upload external event status xml after 3 retries.
Severity: 7 (Medium)
Event Category: 3 (System Logs)
PH_UTIL_EVENT_TYPE_ERROR
Description: Encountered Event type error
Severity: 10 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
PH_UTIL_FILE_OPEN_FAILURE
Description: Failed to open file
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
|
errorNoInt |
Error Number Int |
int32 |
|
PH_UTIL_FILE_READ_FAILURE
Description: Error reading file
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
|
errorNoInt |
Error Number Int |
int32 |
|
PH_UTIL_FILE_WRITE_FAILURE
Description: Error writing file
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
|
errorNoInt |
Error Number Int |
int32 |
|
PH_UTIL_FILE_SIZE_MISMATCH
Description: File size mismatch.
Severity: 7 (Medium)
Event Category: 3 (System Logs)
PH_UTIL_FILE_SIZE_TOO_SMALL
Description: File size too small
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
|
fileSize64 |
File Size64 Bytes |
uint64 |
|
PH_UTIL_FILE_STAT_FAILURE
Description: Failed to stat file
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
|
errorNoInt |
Error Number Int |
int32 |
|
PH_UTIL_FILE_STATFS_FAILURE
Description: Failed to run statfs() command
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errorNoInt |
Error Number Int |
int32 |
|
PH_UTIL_FILE_NOT_EXIST
Description: File doesn't exsit
Severity: 3 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
PH_UTIL_FORK_FAILURE
Description: System fork failed - likely system highly utilized
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errorNoInt |
Error Number Int |
int32 |
|
PH_UTIL_GET_ADDR_FAILURE
Description: Failed to run Getaddrinfo command
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
|
destName |
Destination Host Name |
string |
Destination device's hostname as identified in the log, can also be enriched using reverse lookup of the destination IP address. |
PH_UTIL_HOSTNAME_GET_FAILURE
Description: Failed to look up Host name
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errorNoInt |
Error Number Int |
int32 |
|
PH_UTIL_INET_PTON_FAILURE
Description: Failed to run inet_ntop command
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errorNoInt |
Error Number Int |
int32 |
|
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
PH_UTIL_INODE_INFO_GET_FAILURE
Description: Unable to get inode information
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
osObjName |
Object Name |
string |
|
PH_UTIL_IOCTL_FAILURE
Description: Failed to run ioctl commands
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
PH_UTIL_IOCTL_SIOCGIFADDR_FAILURE
Description: Failed to run ioctl SIOCGIFADDR command
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
PH_UTIL_JOB_STATUS_REPORTER_SPAWN_FAILURE
Description: Failed to initialize job status reporter thread
Severity: 7 (Medium)
Event Category: 3 (System Logs)
PH_UTIL_JOB_STATUS_UPLOAD_FAILURE
Description: Failed to upload job status xml after 3 retries
Severity: 7 (Medium)
Event Category: 3 (System Logs)
PH_UTIL_JSON_GET_NODE_FAILURE
Description: Failed to get JSON node value from App Server
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
|
jsonBody |
JSON Body |
string |
|
PH_UTIL_JSON_OBJ_EMPTY
Description: JSON object empty
Severity: 7 (Medium)
Event Category: 3 (System Logs)
PH_UTIL_JSON_PARSE_FAILURE
Description: Failed to parse JSON
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
|
jsonBody |
JSON Body |
string |
|
PH_UTIL_KILLPG_FAILURE
Description: Failed to send SIGKILL to child process
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errorNoInt |
Error Number Int |
int32 |
|
PH_UTIL_LOAD_EXT_FUNC_FILE_OPEN_FAILUE
Description: Dynamic loaded function load failed
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
PH_UTIL_LOAD_EXT_FUNC_FORMAT_INVALID
Description: Dynamic loaded function name should be fileName.functionName format
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
propValue |
Property Value |
string |
|
PH_UTIL_LOAD_EXT_FUNC_GET_NAME_FAILUE
Description: Dynamic loaded function in file failed
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
funName |
Function Name |
string |
|
|
filePath |
File Path |
string |
|
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
PH_UTIL_LOCAL_IP_MISSING
Description: Failed to get ip address of this machine
Severity: 7 (Medium)
Event Category: 3 (System Logs)
PH_UTIL_MAIL_CMD_RUN_FAILURE
Description: Failed to send email to server
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
destName |
Destination Host Name |
string |
Destination device's hostname as identified in the log, can also be enriched using reverse lookup of the destination IP address. |
PH_UTIL_MAIL_SMTP_INIT_FAILURE
Description: Fail to initialize SMTP server problem.
Severity: 7 (Medium)
Event Category: 3 (System Logs)
PH_UTIL_MEM_ALLOC_FAILURE
Description: Could not allocate memory
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
fileSize64 |
File Size64 Bytes |
uint64 |
|
PH_UTIL_MKDTEMP_FAILURE
Description: Failed to create directory
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errorNoInt |
Error Number Int |
int32 |
|
|
filePath |
File Path |
string |
|
PH_UTIL_MKSTEMP_FAILURE
Description: Failed to create temporary filename
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errorNoInt |
Error Number Int |
int32 |
|
|
filePath |
File Path |
string |
|
PH_UTIL_MMAP_FAILURE
Description: Failed to mmap file
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
|
fileSize64 |
File Size64 Bytes |
uint64 |
|
|
errorNoInt |
Error Number Int |
int32 |
|
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
PH_UTIL_MOVE_FILE_FAILURE
Description: Failed to rename file
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
|
errorNoInt |
Error Number Int |
int32 |
|
PH_UTIL_NOTIFICATION_SENDER_SPAWN_FAILURE
Description: Failed to initialize notification sender thread
Severity: 7 (Medium)
Event Category: 3 (System Logs)
PH_UTIL_NOTIFICATION_SERVER_INIT_FAILURE
Description: Failed to initialize notification reporter
Severity: 7 (Medium)
Event Category: 3 (System Logs)
PH_UTIL_NOTIFICATION_UPLOAD_FAILURE
Description: Failed to Send Notification
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
msg |
Message |
string |
|
PH_UTIL_PHOENIX_CONFIG_ITEM_MISSING
Description: Could not find specific item in phoenix_config.txt
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
propName |
Property Name |
string |
|
PH_UTIL_PIPE_FAILURE
Description: The command pipe() returned error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errorNoInt |
Error Number Int |
int32 |
|
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
PH_UTIL_PROP_DEF_SET_PARSE_FAILURE
Description: Failed to parse propertyDefs xml
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
xmlBody |
XML Body |
string |
|
PH_UTIL_REGEX_PATTERN_EMPTY
Description: Regex Pattern is NULL
Severity: 7 (Medium)
Event Category: 3 (System Logs)
PH_UTIL_REGEX_PATTERN_TOO_LONG
Description: Regex Pattern too long
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
msgLen |
Message Length |
uint64 |
|
PH_UTIL_SEND_TO_UDP_PORT_FAILURE
Description: Failed to send message to udp port
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
destIpPort |
Destination TCP/UDP Port |
uint16 |
This is the destination TCP or UDP port as identified in the event |
PH_UTIL_SETPGRP_FAILURE
Description: Failed to run system comand setpgrp()
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errorNoInt |
Error Number Int |
int32 |
|
PH_UTIL_SOCKET_FAILURE
Description: Failed to run system command socket()
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
PH_UTIL_STR_TO_IP_FAILURE
Description: Failed to run system call inet_pton
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
propValue |
Property Value |
string |
|
PH_UTIL_SVN_DIFF_FAILURE
Description: Failed to execute system command svn diff
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errorNoInt |
Error Number Int |
int32 |
|
PH_UTIL_SYS_ERROR_REPORTER_INIT_FAILURE
Description: Failed to initialize system error reporter thread
Severity: 7 (Medium)
Event Category: 3 (System Logs)
PH_UTIL_TIME_RANGE_INVALID
Description: Found Invalid time range
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
propValue |
Property Value |
string |
|
PH_UTIL_TIME_STR_FORMAT_INVALID
Description: Found incorrect time string parameters
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
paraName |
Param Name |
string |
|
PH_UTIL_UNKNOWN_PHOENIX_ERROR_NUMBER
Description: Found incorrect PH error number
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
PH_UTIL_VALUE_GROUP_ERROR
Description: Encountered Value group error
Severity: 10 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
PH_UTIL_WAITPID_FAILURE
Description: Failed to run system command waitpid on child process
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errorNoInt |
Error Number Int |
int32 |
|
PH_UTIL_WAITPID_LAST_TRY_FAILUE
Description: Failed to run system command waitpid on child process after several tries
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errorNoInt |
Error Number Int |
int32 |
|
PH_UTIL_WINDOWS_BID_LOAD_FAILURE
Description: Failed to load Windows Built In SID file
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
PH_UTIL_WRITE_BIN_FILE_OPEN_FAILURE
Description: Failed to open binary file
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
PH_UTIL_WRITE_FILE_OPEN_FAILURE
Description: Failed to open file for write
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
|
errorNoInt |
Error Number Int |
int32 |
|
PH_UTIL_XML_HANDLING_ERROR
Description: Found Invalid xml from App Server
Severity: 10 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
PH_UTIL_MD5_ERROR
Description: Failed to calculate MD5
Severity: 7 (Medium)
Event Category: 3 (System Logs)
PH_UTIL_IP_TYPE_INVALID
Description: Invalid IP type
Severity: 7 (Medium)
Event Category: 3 (System Logs)
PH_UTIL_IP_TYPE_MISMATCH
Description: Mismatch IP type
Severity: 7 (Medium)
Event Category: 3 (System Logs)
PH_UTIL_GET_JOB_STATUS_FAILURE
Description: Failed to get job status to status file
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
fileName |
File Name |
string |
|
|
paraName |
Param Name |
string |
|
PH_UTIL_SET_JOB_STATUS_FAILURE
Description: Failed to set job status to status file
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
fileName |
File Name |
string |
|
|
paraName |
Param Name |
string |
|
PH_UTIL_ZIP_DECOMPRESS_FAILED
Description: Failed to decompress zip string
Severity: 3 (Low)
Event Category: 3 (System Logs)
PH_UTIL_LOOKUP_TABLES_DUPLICATE
Description: Duplicate lookup table found
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
dbTable |
Database Table |
string |
|
PH_UTIL_LOOKUP_TABLES_DUPLICATE_KEY
Description: Duplicate lookup table key found
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
dbTable |
Database Table |
string |
|
|
dbId |
DB ID |
uint32 |
|
PH_UTIL_LOOKUP_TABLES_DUPLICATE_COLUMN
Description: Duplicate lookup table column found
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
dbTable |
Database Table |
string |
|
|
dbColumn |
Database Column |
string |
|
PH_UTIL_REDIS_CONNECTION_ERROR
Description: redis connection error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
PH_BASE_PRO_AQUIRE_SHARED_STORE_FAILED
Description: Unable to aquire shared store instance
Severity: 7 (Medium)
Event Category: 3 (System Logs)
PH_BASE_PROC_BASE_AGENT_JOB_NO_THREAD_NUM_ASSIGNED
Description: FortiSIEM module error - no thread count assigned
Severity: 7 (Medium)
Event Category: 3 (System Logs)
PH_BASE_PROC_DUMP_STACK_TRACE_FAILURE
Description: FortiSIEM module error - stack trace failed
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
command |
Command |
string |
|
|
filePath |
File Path |
string |
|
PH_BASE_PROC_GET_PID_FILE_FAILED
Description: FortiSIEM module error - failed to get process id
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
|
errorNoInt |
Error Number Int |
int32 |
|
PH_BASE_PROC_HANDLE_NOTIFICATION_ERROR
Description: FortiSIEM module error - notification error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
PH_BASE_PROC_KILL_PROC_ERROR
Description: FortiSIEM module error - failed to kill process
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
PH_BASE_PROC_NO_CONN_TO_HEARTBEAT_SERVER
Description: FortiSIEM module error - no connection to heartbeat
Severity: 7 (Medium)
Event Category: 3 (System Logs)
PH_BASE_PROC_NOTIFICATION_HANDLE_CONN_ERROR
Description: FortiSIEM module error - no notification connection
Severity: 7 (Medium)
Event Category: 3 (System Logs)
PH_BASE_PROC_RENAME_MINI_DUMP_FILE_FAILURE
Description: FortiSIEM module error - minidump error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
PH_BASE_PROC_REST_CACHE_CHECKOUT_STATUS_WARNING
Description: FortiSIEM module error - REST cache access error
Severity: 3 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
infoURL |
Informational URL |
string |
This field captures an URL if present in an event |
PH_BASE_PROC_SEND_HEARTBEAT_FAILURE
Description: FortiSIEM module error - failed to send heartbeat
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
procName |
Process Name |
string |
|
PH_BASE_PROC_SEND_USER_DEFINED_SIG_FAILED
Description: FortiSIEM module error - user defined sig failed
Severity: 5 (Medium)
Event Category: 3 (System Logs)
PH_BASE_PROC_SET_PID_FILE_FAILED
Description: FortiSIEM module error - setpid failed
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
PH_BASE_PROC_STACK_TRACE
Description: FortiSIEM module stack trace
Severity: 7 (Medium)
Event Category: 3 (System Logs)
PH_BASE_PROC_STACK_TRACK_TOO_LONG
Description: FortiSIEM module erro - stack trace too large
Severity: 7 (Medium)
Event Category: 3 (System Logs)
PH_BASE_PROC_SYS_INFO_CALC_CPU_ERROR
Description: FortiSIEM module error - failed to calculate CPU
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
procName |
Process Name |
string |
|
PH_BASE_PROC_SYS_PROC_INFO_GET_FAILURE
Description: FortiSIEM module error - failed to get proc info
Severity: 5 (Medium)
Event Category: 3 (System Logs)
PH_BASE_PROC_SYS_PROC_INFO_INIT_ERROR
Description: FortiSIEM module error - proc info get error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
PH_BASE_PROC_SYS_PROC_INFO_UNABLE_OPEN_PROC_PID_FILE
Description: FortiSIEM module error - unable to open proc pid file
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
PH_BASE_PROC_SYS_PROC_INFO_UNABLE_OPEN_PROC_STAT_FILE
Description: FortiSIEM module error - unable to open proc stat file
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
|
procName |
Process Name |
string |
|
PH_BASE_PROC_THREAD_SPAWN_FAILED
Description: FortiSIEM module error - failed to spawn thread
Severity: 10 (High)
Event Category: 3 (System Logs)
PH_BASE_PROC_THREAD_WRONG_PARAM
Description: FortiSIEM module error - wrong paremeters to thread span function
Severity: 7 (Medium)
Event Category: 3 (System Logs)
PH_BASE_PROC_UPLOAD_FILE_FAILURE
Description: FortiSIEM module error - file upload failure
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
serverName |
Server Name |
string |
|
PH_BASE_PROC_VALUE_GROUP_UPDATE_FAILURE
Description: FortiSIEM module error - value group update failure
Severity: 7 (Medium)
Event Category: 3 (System Logs)
PH_HTTP_CLIENT_CURL_ERROR
Description: FortiSIEM HTTP Client failed with curl error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
infoURL |
Informational URL |
string |
This field captures an URL if present in an event |
PH_HTTP_CLIENT_COMPRESS_FAILED
Description: FortiSIEM HTTP Client failed to compress payload
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
PH_HTTP_CLIENT_GET_CACHE_FROM_MONITOR_FAILED
Description: FortiSIEM HTTP Client failed to get cache
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
PH_HTTP_CLIENT_GET_DATA_FROM_CACHE_FAILED
Description: FortiSIEM HTTP Client failed to get data from cache
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
PH_HTTP_CLIENT_GET_INIT_RESPONSE_FAILED
Description: FortiSIEM HTTP Client failed to get initialization response
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
infoURL |
Informational URL |
string |
This field captures an URL if present in an event |
|
errorNoInt |
Error Number Int |
int32 |
|
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
PH_HTTP_CLIENT_GET_INIT_RESPONSE_WARNING
Description: FortiSIEM HTTP Client encountered error getting initialization response
Severity: 3 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
infoURL |
Informational URL |
string |
This field captures an URL if present in an event |
|
errorNoInt |
Error Number Int |
int32 |
|
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
PH_HTTP_CLIENT_GET_RESPONSE_WARNING
Description: FortiSIEM HTTP Client encountered error getting response
Severity: 3 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
infoURL |
Informational URL |
string |
This field captures an URL if present in an event |
PH_HTTP_CLIENT_INIT_FAILURE
Description: FortiSIEM HTTP Client initialization failure
Severity: 10 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
serverIpAddr |
Server IP |
IP |
|
PH_HTTP_CLIENT_INIT_WARNING
Description: FortiSIEM HTTP Client initialization warning
Severity: 3 (Low)
Event Category: 3 (System Logs)
PH_HTTP_CLIENT_INVALID_FILE_SIZE
Description: FortiSIEM HTTP Client encoutered invalid file size
Severity: 7 (Medium)
Event Category: 3 (System Logs)
PH_HTTP_CLIENT_NO_FILE_PARAM
Description: FortiSIEM HTTP Client missing file paarameter
Severity: 7 (Medium)
Event Category: 3 (System Logs)
PH_HTTP_CLIENT_PREP_REQUEST_ERROR
Description: FortiSIEM HTTP Client Prep Request error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
PH_HTTP_CLIENT_PUT_REDIRECT_FAILURE
Description: FortiSIEM HTTP Client PUT Redirect error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
PH_HTTP_CLIENT_SET_HOST_WARNING
Description: FortiSIEM HTTP Client set host call failed
Severity: 3 (Low)
Event Category: 3 (System Logs)
PH_HTTP_CLIENT_SETOPT_FAILED
Description: FortiSIEM HTTP Client setopt call failed
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errorNoInt |
Error Number Int |
int32 |
|
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
PH_HTTP_CLIENT_UPLOAD_FILE_FAILED
Description: FortiSIEM HTTP Client file upload failed
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
serverIpAddr |
Server IP |
IP |
|
|
infoURL |
Informational URL |
string |
This field captures an URL if present in an event |
|
httpStatusCode |
HTTP Status |
string |
|
|
errorNoInt |
Error Number Int |
int32 |
|
PH_HTTP_CLIENT_WRITE_CACHE_NULL
Description: FortiSIEM HTTP Client cache write error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
PH_HTTP_CLIENT_MKSTEMP_FAILED
Description: FortiSIEM HTTP Client failed to mkstemp
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
fileName |
File Name |
string |
|
PH_HTTP_CLIENT_PICK_SUPER_FAILED
Description: FortiSIEM HTTP Client failed to pick super
Severity: 7 (Medium)
Event Category: 3 (System Logs)
PH_HTTP_CLIENT_HOST_IS_NULL
Description: FortiSIEM HTTP Client host is null error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
PH_NOTIFICATION_CALLBACK_ERROR
Description: FortiSIEM Notification module callback error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
PH_NOTIFICATION_CONN_FAILED
Description: FortiSIEM Notification module failed connection
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
serverName |
Server Name |
string |
|
|
ipPort |
IP Port |
uint16 |
IP port number |
|
module |
Module Name |
string |
|
PH_NOTIFICATION_INIT_FAILED
Description: FortiSIEM Notification module initialization failed
Severity: 10 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
PH_NOTIFICATION_SEND_FAILURE
Description: FortiSIEM Notification module send failure
Severity: 7 (Medium)
Event Category: 3 (System Logs)
PH_NOTIFICATION_SEND_FILE_FAILURE
Description: FortiSIEM Notification module file send failure
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
PH_BAD_ROUTE_OUTPUT
Description: FortiSIEM encountered bad route output
Severity: 7 (Medium)
Event Category: 3 (System Logs)
PH_CLI_ERROR
Description: FortiSIEM CLI error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
PH_CREATE_TEMP_FILE_FAILURE
Description: FortiSIEM temp file creation error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errorNoInt |
Error Number Int |
int32 |
|
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
PH_GET_CURL_HANDLE_FAILED
Description: FortiSIEM HTTP Client failed to get handle
Severity: 7 (Medium)
Event Category: 3 (System Logs)
PH_INVALID_IP_ADDR
Description: FortiSIEM backend module detected invalid IP address
Severity: 7 (Medium)
Event Category: 3 (System Logs)
PH_LOAD_CONFIG_CHANGE_FAILED
Description: FortiSIEM Rule/Report Master/Worker modules failed to load performance monitoring config change
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
infoURL |
Informational URL |
string |
This field captures an URL if present in an event |
|
item |
Item |
string |
|
PH_UNRESOLVABLE_HOSTNAME
Description: FortiSIEM module failed to resolve host name
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
PH_UTIL_CMD_FAILURE
Description: FortiSIEM system command execution failure
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
command |
Command |
string |
|
|
errorNoInt |
Error Number Int |
int32 |
|
PH_GET_SUPER_LEADER_FAILURE
Description: Failed to get super leader IP
Severity: 7 (Medium)
Event Category: 3 (System Logs)