All Logs Page 3
Every FortiSIEM internally generated event log regardless of category
EventType: PH_DEV_MON_NETAPP_VOL_MET
Description: NETAPP volume performance metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
volName |
NetApp Volume Name |
string |
|
|
diskReadReqPerSec |
Disk Read Rate req/sec |
double |
|
|
diskWriteReqPerSec |
Disk Write Rate req/sec |
double |
|
|
nfsWriteOpsPerSec |
NFS Write Request Rate |
double |
Write Request Rate (operations/sec) using NFS storage protocol. |
|
nfsReadLatency |
NFS Read Latency |
double |
Read Latency (ms) using NFS storage protocol. |
|
nfsWriteLatency |
NFS Write Latency |
double |
Write Latency (ms) using NFS storage protocol. |
|
cifsReadOpsPerSec |
CIFS Read Request /sec |
double |
Read Request Rate (operations/sec) using CIFS storage protocol. |
|
cifsWriteOpsPerSec |
CIFS Write Request /sec |
double |
Write Request Rate (operations/sec) using CIFS storage protocol. |
|
cifsReadLatency |
CIFS Read Latency ms |
double |
Read Latency (ms) using CIFS storage protocol. |
|
cifsWriteLatency |
CIFS Write Latency ms |
double |
Write Latency (ms) using CIFS storage protocol. |
|
sanReadOpsPerSec |
SAN Read Request /sec |
double |
|
|
sanWriteOpsPerSec |
SAN Write Request /sec |
double |
|
|
sanReadLatency |
SAN Read Latency ms |
double |
|
|
sanWriteLatency |
SAN Write Latency ms |
double |
|
EventType: PH_DEV_MON_NETBOTZ_HW_EMS_STATUS
Description: NetBotz EMS Hardware Status
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
reptDevName |
Reporting Device |
string |
This is the hostname of the device that originated the log or event packet. |
|
emsHwStatus |
EMS Hardware Status |
uint16 |
EMS Hardware Status determined from SNMP based hardware monitoring (0: Normal, 1: Warning, 2: Critical) |
|
phyMachConnectionStateCode |
Physical Machine Connection State |
uint16 |
|
|
hwLogStatus |
Hardware Log Status |
uint16 |
Hardware Log Status determined from SNMP based hardware monitoring (0: Normal, 1: Warning, 2: Critical) |
EventType: PH_DEV_MON_NETBOTZ_HW_MODULE_SENSOR
Description: NetBotz Module Sensor Status
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
moduleNumber |
Module Number |
uint32 |
|
|
envSensorId |
Env Sensor Id |
string |
|
|
envSensorLabel |
Sensor Label |
string |
|
|
envSensorLoc |
Sensor Location |
string |
|
|
envTempDegC |
Temperature Celsius |
uint32 |
|
|
envHumidityRel |
Relative Humidity |
uint32 |
|
|
phyMachConnectionStateCode |
Physical Machine Connection State |
uint16 |
|
|
hwAlarmDeviceStatus |
Hardware Alarm Device Status |
uint16 |
Hardware Alarm Device Status determined from SNMP based hardware monitoring (0: Normal, 1: Warning, 2: Critical) |
|
envTempDegF |
Temperature Fahrenheit |
uint32 |
|
EventType: PH_DEV_MON_NETBOTZ_HW_PROBE
Description: NetBotz Probe Status
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
envSensorLabel |
Sensor Label |
string |
|
|
envTempDegC |
Temperature Celsius |
uint32 |
|
|
envTempHighThreshDegC |
High Temperature Threshold Celsius |
uint32 |
|
|
envHumidityRel |
Relative Humidity |
uint32 |
|
|
envHumidityRelHighThresh |
High Relative Humidity Threshold |
uint32 |
|
|
envHumidityRelLowThresh |
Low Relative Humidity Threshold |
uint32 |
|
|
serialNumber |
Serial Number |
string |
|
|
phyMachConnectionStateCode |
Physical Machine Connection State |
uint16 |
|
|
envTempDegF |
Temperature Fahrenheit |
uint32 |
|
|
envTempHighThreshDegF |
High Temperature Threshold Fahrenheit |
uint32 |
|
EventType: PH_DEV_MON_NETSCALER_APP_FW
Description: NetScaler Application Firewall metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
pollIntv |
Polling Interval |
uint32 |
|
|
totalRequests |
Total Requests |
uint64 |
|
|
totalResponses |
Total Responses |
uint64 |
|
|
totalAborts |
Total Aborts |
uint64 |
|
|
totalRedirects |
Total Redirects |
uint64 |
|
|
startURLViol |
Start URL Violations |
uint32 |
|
|
denyURLViol |
Deny URL Violations |
uint32 |
|
|
bufOverflowViol |
Buffer Overflow Violations |
uint32 |
|
|
cookieViol |
Cookie Violations |
uint32 |
|
|
xssViol |
XSS Violations |
uint32 |
|
|
sqlViol |
SQL Violations |
uint32 |
|
|
fieldFormatViol |
Field Format Violations |
uint32 |
|
|
fieldConsistViol |
Field Consistency Violations |
uint32 |
|
|
creditCardViol |
Credit Card Violations |
uint32 |
|
|
safeObjViol |
Safe Object Violations |
uint32 |
|
|
totViol |
Total Violations |
uint32 |
|
EventType: PH_DEV_MON_NETSCALER_SERVICE
Description: NetScaler Service metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
pollIntv |
Polling Interval |
uint32 |
|
|
serviceName |
Service Name |
string |
|
|
serverIpAddr |
Server IP |
IP |
|
|
destIpPort |
Destination TCP/UDP Port |
uint16 |
This is the destination TCP or UDP port as identified in the event |
|
appTransportProto |
Application Protocol |
string |
|
|
svcStatus |
Service Health |
string |
|
|
averageTransactionTime |
Average Transaction Time ms |
uint32 |
|
|
createdConn |
Created Connections |
uint64 |
|
|
activeConns |
Active Connection |
uint64 |
|
|
surgeQueue |
Surge Queue |
uint32 |
|
|
totalRequests |
Total Requests |
uint64 |
|
|
totalResponses |
Total Responses |
uint64 |
|
|
recvBytes64 |
Received Bytes64 |
uint64 |
Number of bytes received by a host. This has 64bit resolution. |
|
sentBytes64 |
Sent Bytes64 |
uint64 |
Number of bytes sent by a host. This has 64bit resolution. |
|
recvPkts64 |
Received Packets64 |
uint64 |
Number of packets received by a host. This is 64bit version. |
|
sentPkts64 |
Sent Packets64 |
uint64 |
Number of packets sent by a host. This is 64bit version. |
EventType: PH_DEV_MON_NETSCALER_VIRT_SERVER
Description: NetScaler Virtual Server metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
pollIntv |
Polling Interval |
uint32 |
|
|
serverName |
Server Name |
string |
|
|
serverIpAddr |
Server IP |
IP |
|
|
destIpPort |
Destination TCP/UDP Port |
uint16 |
This is the destination TCP or UDP port as identified in the event |
|
appTransportProto |
Application Protocol |
string |
|
|
svcStatus |
Service Health |
string |
|
|
clientConns |
Client Connections |
uint64 |
|
|
serverConns |
Server Connections |
uint64 |
|
|
surgeQueue |
Surge Queue |
uint32 |
|
|
totalRequests |
Total Requests |
uint64 |
|
|
totalResponses |
Total Responses |
uint64 |
|
|
recvBytes64 |
Received Bytes64 |
uint64 |
Number of bytes received by a host. This has 64bit resolution. |
|
sentBytes64 |
Sent Bytes64 |
uint64 |
Number of bytes sent by a host. This has 64bit resolution. |
|
recvPkts64 |
Received Packets64 |
uint64 |
Number of packets received by a host. This is 64bit version. |
|
sentPkts64 |
Sent Packets64 |
uint64 |
Number of packets sent by a host. This is 64bit version. |
|
totHits |
Total Hits |
uint64 |
|
|
serviceUp |
Services Up |
uint32 |
|
|
serviceDown |
Services Down |
uint32 |
|
|
serviceUnknown |
Services Unknown |
uint32 |
|
|
serviceOOS |
Services OutOfService |
uint32 |
|
|
serviceTransitOOS |
Services Transit OutOfService |
uint32 |
|
EventType: PH_DEV_MON_NET_INTF_UTIL
Description: Network Interface utilization stats for a device
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
intfName |
Host Interface Name |
string |
Name of a network interface in a host. |
|
intfAlias |
Host Interface Alias |
string |
|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
pollIntv |
Polling Interval |
uint32 |
|
|
recvBytes64 |
Received Bytes64 |
uint64 |
Number of bytes received by a host. This has 64bit resolution. |
|
recvBitsPerSec |
Received Bit Rate |
double |
|
|
inIntfUtil |
Recv Interface Util |
double |
Ratio of Received Bits per second (derived from recvBytes) to the received network interface speed |
|
sentBytes64 |
Sent Bytes64 |
uint64 |
Number of bytes sent by a host. This has 64bit resolution. |
|
sentBitsPerSec |
Sent Bit Rate |
double |
|
|
outIntfUtil |
Sent Interface Util |
double |
Ratio of Sent Bits per second (derived from sentBytes) to the sent network interface speed |
|
recvPkts64 |
Received Packets64 |
uint64 |
Number of packets received by a host. This is 64bit version. |
|
sentPkts64 |
Sent Packets64 |
uint64 |
Number of packets sent by a host. This is 64bit version. |
|
inIntfPktErr |
Recv Packet Errors |
uint32 |
Number of received packets that had errors. The networking stack discards these packets. |
|
inIntfPktErrPct |
Recv Packet Error Pct |
double |
Ratio of inIntfPktErr and the total number of received packets in an onterval |
|
outIntfPktErr |
Sent Packet Errors |
uint32 |
Number of sent packets that had errors. he networking stack discards these packets. |
|
outIntfPktErrPct |
Sent Packet Error Pct |
double |
Ratio of outIntfPktErr and the total number of received packets in an onterval |
|
outQLen64 |
Interface Sent Queue Length64 |
uint64 |
|
|
intfInSpeed64 |
Recv Interface Speed bps |
uint64 |
Received bits/sec through an interface |
|
intfOutSpeed64 |
Sent Interface Speed bps |
uint64 |
Sent bits/sec through an interface |
|
intfAdminStatus |
Interface Admin Status |
string |
|
|
intfOperStatus |
Interface Operational Status |
string |
|
|
daysSinceLastUse |
Days Since Last Use |
uint32 |
|
|
totIntfPktErr |
Total Packet Errors |
uint32 |
|
|
totBitsPerSec |
Total Bit Rate |
double |
Total (Sent plus Received) bits/sec through an interface |
|
linkDuplexStatus |
Link Duplex Status |
string |
|
|
alignError |
Frame Align Error |
uint32 |
|
|
fcsError |
Frame FCS Error |
uint32 |
|
|
defTransmit |
Frame Deferred Transmission |
uint32 |
|
|
multiCollision |
Frame Multi Collision |
uint32 |
|
|
lateCollision |
Frame Late Collision |
uint32 |
|
|
excessCollisionAbort |
Frame Excess Collision Abort |
uint32 |
|
|
macTxmitError |
Frame MAC Transmit Error |
uint32 |
|
|
carrierSenseError |
Frame Carrier Sense Error |
uint32 |
|
|
framesTooLong |
Frame Too Long |
uint32 |
|
|
symbolError |
Frame Symbol Error |
uint32 |
|
|
intMacRecvError |
Frame Internal MAC Receive Error |
uint32 |
|
|
vdom |
Virtual Domain |
string |
|
|
latency |
Latency |
double |
|
|
jitterMs |
Jitter |
uint32 |
|
|
pktLossPct |
Packet Loss Pct |
double |
Ratio of lost packets to the total number of sent packets. Mostly set by ping monitoring. |
|
availSentBitsPerSec |
Available Sent Rate |
double |
|
|
availRecvBitsPerSec |
Available Received Rate |
double |
|
|
realtimeLinkCost |
Real-time Link Cost |
uint32 |
|
|
transactionalLinkCost |
Transactional Link Cost |
uint32 |
|
|
backgroundLinkCost |
Background Link Cost |
uint32 |
|
|
relayDevIpAddr |
Relaying IP |
IP |
Relaying IP is most commonly used to specify the log relay appliance, usually a collector. |
|
relayDevName |
Relaying Device |
string |
This is the hostname of the relaying device, a log relay, which is most typically a FortiSIEM collector. |
EventType: PH_DEV_MON_NIMBLE_GLOBAL_STAT
Description: Nimble Storage global stats
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
ioReadsPerSec |
Total Read I/Os Rate |
double |
|
|
ioSeqReadsPerSec |
Total Sequential Read I/Os Rate |
double |
|
|
ioWritesPerSec |
Total Write I/Os Rate |
double |
|
|
ioSeqWritesPerSec |
Total Sequential Write I/Os Rate |
double |
|
|
ioReadLatency |
IO Read Latency |
uint64 |
|
|
ioWriteLatency |
IO Write Latency |
uint64 |
|
|
ioReadKBytesPerSec |
Total Read I/O Rate KBps |
double |
|
|
ioSeqReadKBytesPerSec |
Total Sequential Read I/O Rate KBps |
double |
|
|
ioWriteKBytesPerSec |
Total Write I/O Rate KBps |
double |
|
|
ioSeqWriteKBytesPerSec |
Total Sequential Write I/O Rate KBps |
double |
|
|
usedVolMB |
Used Volumes MB |
uint64 |
|
|
usedSnapMB |
Used Snapshots MB |
uint64 |
|
|
ioNonSeqCacheHitRatio |
Non-Sequential Read I/Os Hit Ratio |
double |
|
EventType: PH_DEV_MON_NUTANIX_CLUSTER_STATUS
Description: Nutanix Cluster Status
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
cluster |
Cluster |
string |
|
|
clusterVersion |
Cluster Version |
string |
|
|
clusterStatus |
Cluster Status |
string |
|
|
diskUtil |
Disk Capacity Util |
double |
|
|
totalDiskMB |
Total Disk MB |
uint32 |
|
|
usedDiskMB |
Used Disk MB |
uint32 |
|
|
diskRWReqPerSec |
Disk RW Rate req/sec |
double |
|
|
devDiskRWLatency |
Disk Read/Write Latency |
double |
|
EventType: PH_DEV_MON_NUTANIX_CONTAINER_INFO
Description: Nutanix Storage Container Info
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
cluster |
Cluster |
string |
|
|
ntxContainerId |
Nutanix Container Id |
uint64 |
|
|
ntxContainerName |
Nutanix Container Name |
string |
|
|
diskUtil |
Disk Capacity Util |
double |
|
|
totalDiskMB |
Total Disk MB |
uint32 |
|
|
usedDiskMB |
Used Disk MB |
uint32 |
|
|
diskRWReqPerSec |
Disk RW Rate req/sec |
double |
|
|
devDiskRWLatency |
Disk Read/Write Latency |
double |
|
EventType: PH_DEV_MON_NUTANIX_CTRLR_VM_RESOURCE
Description: Nutanix Controller VM Resource Info
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
ntxControllerVMId |
Nutanix Controller VM Id |
uint64 |
|
|
memTotalMB |
Total Memory MB |
uint32 |
|
|
procCount |
System Process Count |
uint32 |
|
EventType: PH_DEV_MON_NUTANIX_DISK_STATUS
Description: Nutainix Disk Status
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
cluster |
Cluster |
string |
|
|
diskId |
Disk Id |
uint64 |
|
|
ntxControllerVMId |
Nutanix Controller VM Id |
uint64 |
|
|
hwDiskSerial |
Disk Serial |
string |
|
|
diskUtil |
Disk Capacity Util |
double |
|
|
totalDiskMB |
Total Disk MB |
uint32 |
|
|
freeDiskMBNonRoot |
Free Disk MB NonRoot |
uint32 |
|
|
inodeUsedPct |
Inode Util |
double |
|
|
inodeMax |
Max Inodes |
uint32 |
|
|
inodeFreeNonRoot |
Free Inodes NonRoot |
uint32 |
|
EventType: PH_DEV_MON_NUTANIX_DISK_TEMP
Description: Nutanix Disk temperature event
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
diskId |
Disk Id |
uint64 |
|
|
ntxControllerVMId |
Nutanix Controller VM Id |
uint64 |
|
|
hwDiskSerial |
Disk Serial |
string |
|
|
envTempdDegC |
Temperature Celsius Detailed |
double |
|
EventType: PH_DEV_MON_NUTANIX_SERVICE_STATUS
Description: Nutanix Service Status
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
cluster |
Cluster |
string |
|
|
ntxControllerVMId |
Nutanix Controller VM Id |
uint64 |
|
|
ntxClusterVMStatus |
Cluster VM Status |
string |
|
|
ntxZeusStatus |
Nutanix Zeus Status |
string |
|
|
ntxStargateStatus |
Nutanix Stargate Status |
string |
|
EventType: PH_DEV_MON_NUTANIX_STORAGE_POOL_INFO
Description: Nutanix Storage Pool Info
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
cluster |
Cluster |
string |
|
|
spoolId |
Storage Pool Id |
uint64 |
|
|
spoolName |
Storage Pool Name |
string |
|
|
diskUtil |
Disk Capacity Util |
double |
|
|
totalDiskMB |
Total Disk MB |
uint32 |
|
|
usedDiskMB |
Used Disk MB |
uint32 |
|
|
diskRWReqPerSec |
Disk RW Rate req/sec |
double |
|
|
devDiskRWLatency |
Disk Read/Write Latency |
double |
|
EventType: PH_DEV_MON_OMI_PING_STAT
Description: OMI Ping Statistics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
avgDurationMSec |
Avg Round Trip Time |
uint32 |
This attribute represents Average Round Trip Time in msec. Typically used in Ping monitoring. |
|
minDurationMSec |
Min Round Trip Time |
uint32 |
This attribute represents Minimum Round Trip Time in msec. Typically used in Ping mo itoring. |
|
maxDurationMSec |
Max Round Trip Time |
uint32 |
This attribute represents Maximum Round Trip Time in msec. Typically used in Ping monitoring. |
|
pktLossPct |
Packet Loss Pct |
double |
Ratio of lost packets to the total number of sent packets. Mostly set by ping monitoring. |
|
sysDownTime |
System Downtime |
uint32 |
|
|
sysDegradedTime |
System Degraded Time |
uint32 |
|
|
pollIntv |
Polling Interval |
uint32 |
|
EventType: PH_DEV_MON_OSPF_NBR_STATUS
Description: OSPF neighbor status
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
srcName |
Source Host Name |
string |
Source device's hostname as identified in the log, can also be enriched using reverse lookup of the source IP address. |
|
srcIpAddr |
Source IP |
IP |
Source IP of a device as identified in the event. |
|
destName |
Destination Host Name |
string |
Destination device's hostname as identified in the log, can also be enriched using reverse lookup of the destination IP address. |
|
destIpAddr |
Destination IP |
IP |
Destination IP of a device as identified in the event. |
|
ospfAreaId |
OSPF Area Id |
uint32 |
|
|
ospfState |
OSPF State |
string |
|
EventType: PH_DEV_MON_PANASONIC_AERO_LOG_MON_STATUS
Description: Panasonic Aero Log Monitoring Status
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
phCustId |
Organization ID |
uint32 |
This is the FortiSIEM organization ID unique to each tenant |
|
customer |
Organization Name |
string |
This is the FortiSIEM Organization Name, which is unique to each tenant. It identifies the tenant this event belongs to. |
|
collectorId |
Collector ID |
uint32 |
This field captures the ID of a FortiSIEM Collector |
|
phCollectorName |
Collector Name |
string |
Name of the FortiSIEM Collector. The name is set in GUI. |
|
reptDevName |
Reporting Device |
string |
This is the hostname of the device that originated the log or event packet. |
|
airlineName |
Airline Name |
string |
|
|
airlineTail |
Airline Tail Number |
string |
|
|
airlineDevName |
Airline Device |
string |
|
|
filePath |
File Path |
string |
|
|
scannedFiles |
Scanned File Count |
uint32 |
|
|
totEventCount |
Total Event Count |
uint32 |
|
EventType: PH_DEV_MON_PERFMON_ALL_DEVICE_DELAY_HIGH
Description: Performance monitoring delay for all devices from a collection point crossed high water mark
Severity: 9 (High)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_PERFMON_ALL_DEVICE_DELAY_LOW
Description: Performance monitoring delay for all devices from a collection point fell below low water mark
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_PERFMON_DEVICE_DELAY_HIGH
Description: All performance metrics delay for a single device crossed high water mark
Severity: 9 (High)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_PERFMON_DEVICE_DELAY_LOW
Description: Some performance metric delay for a single device fell below water mark
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_PERFMON_JOB_DELAY_HIGH
Description: A performance metric delay for a single device crossed high water mark
Severity: 9 (High)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_PERFMON_JOB_DELAY_LOW
Description: A performance metric delay for a single device fell below water mark
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_PERF_MSSQL_BACKUP_INFO
Description: Last backup info on SQL Server
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_PERF_MSSQL_BLOCKBY_INFO
Description: Blocked process in SQL Server
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_PERF_MSSQL_CONFIG_INFO
Description: SQL Server configuration
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_PERF_MSSQL_ERROR_LOG_INFO
Description: SQL Server error log information
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_PERF_MSSQL_GEN_INFO
Description: SQL Server general information
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_PERF_MSSQL_LOCK_INFO
Description: SQL Server lock information
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_PERF_MSSQL_PERDB
Description: Metrics for per database in SQL Server
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_PERF_MSSQL_SYS
Description: Metrics for the total SQL Server
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_PERF_MSSQL_TOP_QUERIES
Description: Top queries against SQL Server database
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_PERF_MYSQLDB
Description: MySQL database performance metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_PERF_MYSQLDB_TABLESPACE
Description: MySQL tablespace metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_PERF_ORADB
Description: Oracle database performance metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_PERF_ORADB_CLUSTER
Description: Oracle Cluster performance metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_PERF_ORADB_TABLESPACE
Description: Oracle tablespace metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_PERF_ORADB_TOP_QUERIES
Description: Top queries against Oracle database
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_PING_STAT
Description: Ping Statistics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
avgDurationMSec |
Avg Round Trip Time |
uint32 |
This attribute represents Average Round Trip Time in msec. Typically used in Ping monitoring. |
|
minDurationMSec |
Min Round Trip Time |
uint32 |
This attribute represents Minimum Round Trip Time in msec. Typically used in Ping mo itoring. |
|
maxDurationMSec |
Max Round Trip Time |
uint32 |
This attribute represents Maximum Round Trip Time in msec. Typically used in Ping monitoring. |
|
pktLossPct |
Packet Loss Pct |
double |
Ratio of lost packets to the total number of sent packets. Mostly set by ping monitoring. |
|
sysDownTime |
System Downtime |
uint32 |
|
|
sysDegradedTime |
System Degraded Time |
uint32 |
|
|
pollIntv |
Polling Interval |
uint32 |
|
|
phCustId |
Organization ID |
uint32 |
This is the FortiSIEM organization ID unique to each tenant |
EventType: PH_DEV_MON_PING_STAT_SUPPRESSED
Description: Ping stat suppressed
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
avgDurationMSec |
Avg Round Trip Time |
uint32 |
This attribute represents Average Round Trip Time in msec. Typically used in Ping monitoring. |
|
minDurationMSec |
Min Round Trip Time |
uint32 |
This attribute represents Minimum Round Trip Time in msec. Typically used in Ping mo itoring. |
|
maxDurationMSec |
Max Round Trip Time |
uint32 |
This attribute represents Maximum Round Trip Time in msec. Typically used in Ping monitoring. |
|
pktLossPct |
Packet Loss Pct |
double |
Ratio of lost packets to the total number of sent packets. Mostly set by ping monitoring. |
EventType: PH_DEV_MON_PORT_CLOSE
Description: A port is closed
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
serviceName |
Service Name |
string |
|
|
ipProto |
IP Protocol |
uint16 |
IP Protocol, e.g. TCP, UDP, ICMP etc as defined in IP RFPs |
|
ipPort |
IP Port |
uint16 |
IP port number |
|
pollIntv |
Polling Interval |
uint32 |
|
EventType: PH_DEV_MON_PORT_OPEN
Description: A new port is open
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
serviceName |
Service Name |
string |
|
|
ipProto |
IP Protocol |
uint16 |
IP Protocol, e.g. TCP, UDP, ICMP etc as defined in IP RFPs |
|
ipPort |
IP Port |
uint16 |
IP port number |
|
pollIntv |
Polling Interval |
uint32 |
|
EventType: PH_DEV_MON_PRINTER_OUTPUT_STATUS
Description: Printer Output Status
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
prtDevStatus |
Printer Device Status |
string |
|
|
prtPrintStatus |
Printer Printing Status |
string |
|
|
prtErrorState |
Printer Error State |
string |
|
|
prtPrintPageCount |
Printed Page Count |
uint32 |
|
EventType: PH_DEV_MON_PRINTER_SUPPLY_STATUS
Description: Printer Supply Status
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
prtSupplyType |
Printer Supply Type |
string |
|
|
prtSupplyName |
Printer Supply Name |
string |
|
|
prtMaxSupplyLevel |
Printer Max Supply Level |
int32 |
|
|
prtCurrSupplyLevel |
Printer Current Supply Level |
int32 |
|
|
prtSupplyUnit |
Printer Supply Unit |
string |
|
|
prtCurrSupplyUsedPct |
Printer Pct Used Supply |
double |
|
EventType: PH_DEV_MON_PROC_CPU_UTIL
Description: Process CPU Utilization stats
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_PROC_MEM_UTIL
Description: Process Memory Utilization
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_PROC_RESOURCE_UTIL
Description: Process CPU and Memory Utilization stats
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
swProcName |
Software Name |
string |
|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
procOwner |
Process Owner |
string |
|
|
memUtil |
Memory Util |
double |
|
|
cpuUtil |
CPU Util |
double |
|
|
appName |
Application Name |
string |
|
|
appGroupName |
Application Group Name |
string |
|
|
pollIntv |
Polling Interval |
uint32 |
|
|
swParam |
Software Param |
string |
|
|
realMemPeakKBytes |
Real Peak Memory KB |
uint32 |
|
|
virtMemKBytes |
Virtual Memory KB |
uint32 |
|
|
peakVirtMemKBytes |
Peak Virtual Memory KB |
uint32 |
|
|
diskReadKBytesPerSec |
Disk Read Rate KBps |
double |
|
|
diskWriteKBytesPerSec |
Disk Write Rate KBps |
double |
|
|
sysUpTime |
System Uptime |
uint32 |
|
EventType: PH_DEV_MON_PROC_START
Description: Process Started
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
swProcName |
Software Name |
string |
|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
procOwner |
Process Owner |
string |
|
|
appName |
Application Name |
string |
|
|
appGroupName |
Application Group Name |
string |
|
|
pollIntv |
Polling Interval |
uint32 |
|
|
swParam |
Software Param |
string |
|
EventType: PH_DEV_MON_PROC_STOP
Description: Process Stopped
Severity: 9 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
swProcName |
Software Name |
string |
|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
procOwner |
Process Owner |
string |
|
|
appName |
Application Name |
string |
|
|
appGroupName |
Application Group Name |
string |
|
|
pollIntv |
Polling Interval |
uint32 |
|
|
swParam |
Software Param |
string |
|
EventType: PH_DEV_MON_QUALYS_WEB_APP_FW
Description: Qualys Web Application Firewall Log
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
eventTime |
Event Occur Time |
Date |
|
|
srcIpAddr |
Source IP |
IP |
Source IP of a device as identified in the event. |
|
srcIpPort |
Source TCP/UDP Port |
uint16 |
This is the source TCP or UDP port as identified in the event |
|
type |
Type |
string |
|
|
ipsConfidence |
Attack Confidence |
string |
|
|
policyName |
Policy Name |
string |
|
|
msg |
Message |
string |
|
EventType: PH_DEV_MON_RBD_BW
Description: Riverbed Steelhead appliance bandwidth metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
inLanBytes |
Inbound Optimized Bytes LAN Side |
uint32 |
|
|
inWanBytes |
Inbound Optimized Bytes WAN Side |
uint32 |
|
|
outLanBytes |
Outbound Optimized Bytes LAN Side |
uint32 |
|
|
outWanBytes |
Outbound Optimized Bytes WAN Side |
uint32 |
|
EventType: PH_DEV_MON_RBD_CONN
Description: Riverbed Steelhead appliance connection metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
optConn |
Optimized Connections |
uint32 |
|
|
passthruOptConn |
Passthrough Connections |
uint32 |
|
|
halfOpenOptConn |
Half-open Optimized Connections |
uint32 |
|
|
halfClosedOptConn |
Half-closed Optimized Connections |
uint32 |
|
|
estOptConn |
Established Optimized Connections |
uint32 |
|
|
activeOptConn |
Active Optimized Connections |
uint32 |
|
|
totalOptConn |
Total Opt Connections |
uint32 |
|
EventType: PH_DEV_MON_RBD_PEER_STAT
Description: Riverbed Steelhead appliance Peer metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
destIpAddr |
Destination IP |
IP |
Destination IP of a device as identified in the event. |
|
rbdState |
Riverbed Steelhead State |
string |
|
|
connFailure |
Connection Failures |
uint32 |
|
|
reqTimeout |
Request Timeout |
uint32 |
|
|
maxLatency |
Max Latency |
double |
|
EventType: PH_DEV_MON_RBD_PER_PORT_BW
Description: Riverbed Steelhead per port bandwidth metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
destIpPort |
Destination TCP/UDP Port |
uint16 |
This is the destination TCP or UDP port as identified in the event |
|
inLanBytes |
Inbound Optimized Bytes LAN Side |
uint32 |
|
|
inWanBytes |
Inbound Optimized Bytes WAN Side |
uint32 |
|
|
outLanBytes |
Outbound Optimized Bytes LAN Side |
uint32 |
|
|
outWanBytes |
Outbound Optimized Bytes WAN Side |
uint32 |
|
EventType: PH_DEV_MON_RBD_TOP_APP
Description: Riverbed Steelhead appliance top application metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
destIpPort |
Destination TCP/UDP Port |
uint16 |
This is the destination TCP or UDP port as identified in the event |
|
totBytes64 |
Total Bytes64 |
uint64 |
Total number of sent and received bytes by a host. This has 64bit resolution. |
EventType: PH_DEV_MON_RBD_TOP_DEST
Description: Riverbed Steelhead appliance top dest metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
destIpAddr |
Destination IP |
IP |
Destination IP of a device as identified in the event. |
|
totBytes64 |
Total Bytes64 |
uint64 |
Total number of sent and received bytes by a host. This has 64bit resolution. |
EventType: PH_DEV_MON_RBD_TOP_SRC
Description: Riverbed Steelhead appliance top src metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
srcIpAddr |
Source IP |
IP |
Source IP of a device as identified in the event. |
|
totBytes64 |
Total Bytes64 |
uint64 |
Total number of sent and received bytes by a host. This has 64bit resolution. |
EventType: PH_DEV_MON_RBD_TOP_TALKER
Description: Riverbed Steelhead appliance top talker metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
srcIpAddr |
Source IP |
IP |
Source IP of a device as identified in the event. |
|
srcIpPort |
Source TCP/UDP Port |
uint16 |
This is the source TCP or UDP port as identified in the event |
|
destIpAddr |
Destination IP |
IP |
Destination IP of a device as identified in the event. |
|
destIpPort |
Destination TCP/UDP Port |
uint16 |
This is the destination TCP or UDP port as identified in the event |
|
totBytes64 |
Total Bytes64 |
uint64 |
Total number of sent and received bytes by a host. This has 64bit resolution. |
EventType: PH_DEV_MON_RDS_METRIC
Description: AWS RDS metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
phCustId |
Organization ID |
uint32 |
This is the FortiSIEM organization ID unique to each tenant |
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
instanceName |
DB Instance Name |
string |
|
|
type |
Type |
string |
|
|
dbCpuTimeRatio |
DB CPU Time Ratio |
double |
|
|
dbUserConn |
DB User Connections |
uint32 |
|
|
diskQLen |
Disk Queue Length |
uint32 |
|
|
freeMemKB |
Free Memory |
uint32 |
|
|
freeDiskMB |
Free Disk MB |
uint32 |
|
|
usedSwapMemKB |
Used Swap Memory |
uint32 |
|
|
ioReadsPerSec |
Total Read I/Os Rate |
double |
|
|
ioWritesPerSec |
Total Write I/Os Rate |
double |
|
|
devDiskRdLatency |
Disk Read Latency ms |
double |
|
|
devDiskWrLatency |
Disk Write Latency ms |
double |
|
EventType: PH_DEV_MON_RUCKUS_ACCESS_POINT_STAT
Description: Ruckus Access Point Statistics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
description |
Description |
string |
|
|
numRadio |
Radio Count |
uint32 |
|
|
numWlanClient |
WLAN Station Count |
uint32 |
WLAN Station Count found in SNMP based WLAN monitoring |
|
knownRogueAP |
Known Rogue APs |
uint32 |
|
|
connMode |
Connection Mode |
string |
|
|
firstJoinTime |
First Join Time |
Date |
|
|
lastBootTime |
Last Boot Time |
Date |
|
|
lastUpgradeTime |
Last Upgrade Time |
Date |
|
|
sentBytes64 |
Sent Bytes64 |
uint64 |
Number of bytes sent by a host. This has 64bit resolution. |
|
recvBytes64 |
Received Bytes64 |
uint64 |
Number of bytes received by a host. This has 64bit resolution. |
|
sentBitsPerSec |
Sent Bit Rate |
double |
|
|
recvBitsPerSec |
Received Bit Rate |
double |
|
EventType: PH_DEV_MON_RUCKUS_CONTROLLER_STAT
Description: Ruckus Controller Statistics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
numAp |
AP Count |
uint32 |
|
|
numWlanClient |
WLAN Station Count |
uint32 |
WLAN Station Count found in SNMP based WLAN monitoring |
|
newRogueAP |
New Rogue APs |
uint32 |
|
|
knownRogueAP |
Known Rogue APs |
uint32 |
|
|
wlanSentBytes |
WLAN Sent Bytes |
uint64 |
WLAN Sent Bytes found in SNMP based WLAN monitoring |
|
wlanRecvBytes |
WLAN Recv Bytes |
uint64 |
WLAN Recv Bytes found in SNMP based WLAN monitoring |
|
wlanSentBitsPerSec |
WLAN Sent Rate bps |
double |
WLAN Sent Rate (in bits/sec) found in SNMP based WLAN monitoring |
|
wlanRecvBitsPerSec |
WLAN Recv Rate bps |
double |
WLAN Recv Rate (in bits/sec)s found in SNMP based WLAN monitoring |
|
lanSentBytes |
LAN Sent Bytes |
uint64 |
|
|
lanRecvBytes |
LAN Recv Bytes |
uint64 |
|
|
lanSentBitsPerSec |
LAN Sent Rate bps |
double |
|
EventType: PH_DEV_MON_RUCKUS_SSID_PERF
Description: Ruckus SSID Performance Metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
wlanSsid |
WLAN SSID |
string |
WLAN Service Set Identifier (SSID) found in SNMP based WLAN monitoring |
|
description |
Description |
string |
|
|
wlanName |
WLAN Name |
string |
WLAN Name found in SNMP based WLAN monitoring |
|
authenMethod |
Authentication Method |
string |
|
|
encryptAlgo |
Encryption Algorithm |
string |
|
|
isGuest |
Guest VLAN |
string |
|
|
srcVLAN |
Source VLAN |
uint16 |
The VLAN to which the Source Network Interface belongs. Source network interface through which a packet enters a network device. |
|
sentBytes64 |
Sent Bytes64 |
uint64 |
Number of bytes sent by a host. This has 64bit resolution. |
|
recvBytes64 |
Received Bytes64 |
uint64 |
Number of bytes received by a host. This has 64bit resolution. |
|
sentBitsPerSec |
Sent Bit Rate |
double |
|
|
recvBitsPerSec |
Received Bit Rate |
double |
|
|
authSuccess |
Auth Successes |
uint32 |
|
|
authFailure |
Auth Failures |
uint32 |
|
|
assocSuccess |
Assoc Success |
uint32 |
|
|
assocFailure |
Assoc Failure |
uint32 |
|
|
assocDeny |
Assoc Deny |
uint32 |
|
|
disassocAbnormal |
Disassoc Abnormal |
uint32 |
|
|
disassocLeave |
Disassoc Leave |
uint32 |
|
|
disassocMisc |
Disassoc Misc |
uint32 |
|
EventType: PH_DEV_MON_SERVERIRON_REAL_SERVER_STAT
Description: Brocade ServerIron ADX Real Server Stat
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
realServerIP |
Real Server IP |
IP |
|
|
realServerState |
Real Server State |
string |
|
|
failedPortExists |
Failed Port Exists |
uint16 |
|
|
openConnectionsCount |
Open Connections |
uint64 |
|
|
peakConns |
Peak Connections |
uint64 |
|
|
activeSessions |
Active Sessions |
uint64 |
|
EventType: PH_DEV_MON_SLB_METRIC
Description: Cisco Server Load Balancing metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
lbOpenConn |
LB Open Conn |
uint32 |
|
|
lbFailedConn |
LB Failed Conn |
uint32 |
|
|
lbL4Conn |
LB L4 Conn |
uint32 |
|
|
lbL7Conn |
LB L7 Conn |
uint32 |
|
|
lbDroppedL4Conn |
LB Dropped L4 Conn |
uint32 |
|
|
lbDroppedL7Conn |
LB Dropped L7 Conn |
uint32 |
|
|
lbHttpRedirectConn |
LB HTTP Redirect Conn |
uint32 |
|
|
lbDroppedHttpRedirectConn |
LB Dropped HTTP Redirect Conn |
uint32 |
|
|
lbAclDeniedConn |
LB ACL Denied Conn |
uint32 |
|
|
lbTimedoutConn |
LB Timed Out Conn |
uint32 |
|
EventType: PH_DEV_MON_SNMP_PING_STAT
Description: SNMP Ping Statistics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
avgDurationMSec |
Avg Round Trip Time |
uint32 |
This attribute represents Average Round Trip Time in msec. Typically used in Ping monitoring. |
|
minDurationMSec |
Min Round Trip Time |
uint32 |
This attribute represents Minimum Round Trip Time in msec. Typically used in Ping mo itoring. |
|
maxDurationMSec |
Max Round Trip Time |
uint32 |
This attribute represents Maximum Round Trip Time in msec. Typically used in Ping monitoring. |
|
pktLossPct |
Packet Loss Pct |
double |
Ratio of lost packets to the total number of sent packets. Mostly set by ping monitoring. |
|
sysDownTime |
System Downtime |
uint32 |
|
|
sysDegradedTime |
System Degraded Time |
uint32 |
|
|
pollIntv |
Polling Interval |
uint32 |
|
EventType: PH_DEV_MON_SRC_AD_REPL_STAT
Description: Windows Active Directory Source REPLSTAT command output
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_STATUS
Description: Status of devices monitored by FortiSIEM
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_STORAGE_PORT_DOWN_TO_UP
Description: Storage port came back up
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
spName |
SAN Storage Processor Name |
string |
|
|
spPortName |
SAN Storage Port Name |
string |
|
|
srcName |
Source Host Name |
string |
Source device's hostname as identified in the log, can also be enriched using reverse lookup of the source IP address. |
EventType: PH_DEV_MON_STORAGE_PORT_UP_TO_DOWN
Description: Storage port went down
Severity: 8 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
spName |
SAN Storage Processor Name |
string |
|
|
spPortName |
SAN Storage Port Name |
string |
|
|
srcName |
Source Host Name |
string |
Source device's hostname as identified in the log, can also be enriched using reverse lookup of the source IP address. |
EventType: PH_DEV_MON_SYS_CPU_UTIL
Description: System CPU Utilization for a device
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
cpuName |
CPU Name |
string |
|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
cpuUtil |
CPU Util |
double |
|
|
pollIntv |
Polling Interval |
uint32 |
|
|
sysCpuUtil |
System CPU Util |
double |
|
|
userCpuUtil |
User CPU Util |
double |
|
|
waitCpuUtil |
Wait CPU Util |
double |
|
|
kernCpuUtil |
Kernel CPU Util |
double |
|
|
contextSwitchPerSec |
Context Switch Rate /sec |
double |
|
|
cpuInterruptPerSec |
CPU Interrupt Rate /sec |
double |
|
|
cpuCore |
CPU Cores |
uint16 |
|
|
loadAvg1min |
Load Average 1 min |
double |
Linux Server load average (calculated over 1min ntervals). Linux load average is a metric that shows the number of tasks currently executed by the CPU and tasks waiting in the queue. |
|
loadAvg5min |
Load Average 5 min |
double |
Linux Server load average (calculated over 5min ntervals). Linux load average is a metric that shows the number of tasks currently executed by the CPU and tasks waiting in the queue. |
|
loadAvg15min |
Load Average 15 min |
double |
Linux Server load average (calculated over 15min ntervals). Linux load average is a metric that shows the number of tasks currently executed by the CPU and tasks waiting in the queue. |
|
relayDevIpAddr |
Relaying IP |
IP |
Relaying IP is most commonly used to specify the log relay appliance, usually a collector. |
|
relayDevName |
Relaying Device |
string |
This is the hostname of the relaying device, a log relay, which is most typically a FortiSIEM collector. |
EventType: PH_DEV_MON_SYS_DISK_FREE
Description: Free disk space stats for a device
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_SYS_DISK_TREND_DAY
Description: Daily Disk growth trend
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
diskName |
Disk Name |
string |
|
|
totalDiskMB |
Total Disk MB |
uint32 |
|
|
usedDiskMB |
Used Disk MB |
uint32 |
|
|
freeDiskMB |
Free Disk MB |
uint32 |
|
|
diskUtil |
Disk Capacity Util |
double |
|
|
diskGrowthMBDaily |
Current Daily Disk Growth |
double |
|
|
avgDiskGrowthMBDaily |
Avg Daily Disk Growth |
double |
|
|
timeToDiskFull |
Days To Disk Full |
int32 |
|
EventType: PH_DEV_MON_SYS_DISK_TREND_MONTH
Description: Monthly disk growth trend
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
diskName |
Disk Name |
string |
|
|
totalDiskMB |
Total Disk MB |
uint32 |
|
|
usedDiskMB |
Used Disk MB |
uint32 |
|
|
freeDiskMB |
Free Disk MB |
uint32 |
|
|
diskUtil |
Disk Capacity Util |
double |
|
|
diskGrowthMBMonthly |
Current Monthly Disk Growth |
double |
|
|
avgDiskGrowthMBMonthly |
Avg Monthly Disk Growth |
double |
|
|
timeToDiskFull |
Days To Disk Full |
int32 |
|
EventType: PH_DEV_MON_SYS_DISK_TREND_WEEK
Description: Weekly disk growth trend
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
diskName |
Disk Name |
string |
|
|
totalDiskMB |
Total Disk MB |
uint32 |
|
|
usedDiskMB |
Used Disk MB |
uint32 |
|
|
freeDiskMB |
Free Disk MB |
uint32 |
|
|
diskUtil |
Disk Capacity Util |
double |
|
|
diskGrowthMBWeekly |
Current Weekly Disk Growth |
double |
|
|
avgDiskGrowthMBWeekly |
Avg Weekly Disk Growth |
double |
|
|
timeToDiskFull |
Days To Disk Full |
int32 |
|
EventType: PH_DEV_MON_SYS_DISK_UTIL
Description: Disk Utilization stats for a device
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
diskName |
Disk Name |
string |
|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
diskUtil |
Disk Capacity Util |
double |
|
|
totalDiskMB |
Total Disk MB |
uint32 |
|
|
usedDiskMB |
Used Disk MB |
uint32 |
|
|
freeDiskMB |
Free Disk MB |
uint32 |
|
|
pollIntv |
Polling Interval |
uint32 |
|
|
inodeUsedPct |
Inode Util |
double |
|
|
inodeUsed |
Used Inodes |
uint32 |
|
|
inodeFree |
Free Inodes |
uint32 |
|
|
inodeMax |
Max Inodes |
uint32 |
|
|
fileUsedPct |
File Util |
double |
|
|
fileUsed |
Used Files |
uint32 |
|
|
fileFree |
Free Files |
uint32 |
|
|
fileMax |
Max Files |
uint32 |
|
|
maxDiskUtil |
Max Disk Util |
double |
|
|
maxInodeUsedPct |
Max Inode Util |
double |
|
|
maxFileUsedPct |
Max File Util |
double |
|
|
appTransportProto |
Application Protocol |
string |
|
|
resvDiskMB |
Reserved Disk MB |
uint32 |
|
|
availDiskMB |
Available Disk MB |
uint32 |
|
EventType: PH_DEV_MON_SYS_EXT_CMD
Description: Extensible commands status
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
appName |
Application Name |
string |
|
|
command |
Command |
string |
|
|
exitValue |
Command exit value |
int32 |
|
|
usrMsg |
User defined msg |
string |
|
|
extCmdErrStatus |
Extensible Command Error Status |
string |
|
|
errFixCmd |
Error Fix Command |
string |
|
EventType: PH_DEV_MON_SYS_MEM_FREE
Description: Free system memory stats for a device
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
memName |
Memory Name |
string |
|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
freeMemKB |
Free Memory |
uint32 |
|
|
pollIntv |
Polling Interval |
uint32 |
|
EventType: PH_DEV_MON_SYS_MEM_UTIL
Description: System memory Utilization stats for a device
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
memName |
Memory Name |
string |
|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
memUtil |
Memory Util |
double |
|
|
pollIntv |
Polling Interval |
uint32 |
|
|
freeMemKB |
Free Memory |
uint32 |
|
|
bufMemKB |
Buffer Memory |
uint32 |
|
|
cacheMemKB |
Cache Memory |
uint32 |
|
|
swapMemUtil |
Swap Memory Util |
double |
|
|
freeSwapMemKB |
Free Swap Memory |
uint32 |
|
|
swapInRate |
Swap Read Rate Pages/sec |
double |
|
|
swapOutRate |
Swap Write Rate Pages/sec |
double |
|
|
swapRate |
Total Swap Rate Pages/sec |
double |
|
|
totalMemKB |
Total Memory |
uint32 |
|
|
usedMemKB |
Used Memory |
uint32 |
|
|
relayDevIpAddr |
Relaying IP |
IP |
Relaying IP is most commonly used to specify the log relay appliance, usually a collector. |
|
relayDevName |
Relaying Device |
string |
This is the hostname of the relaying device, a log relay, which is most typically a FortiSIEM collector. |
EventType: PH_DEV_MON_SYS_PAGEFILE_USAGE
Description: Pagefile usage for Windows systems
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
pageFileUsage |
PageFile Usage |
double |
|
|
pageFilePeakUsage |
PageFile Peak Usage |
double |
|
EventType: PH_DEV_MON_SYS_PER_CPU_UTIL
Description: System per CPU Utilization for a device
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
cpuName |
CPU Name |
string |
|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
cpuUtil |
CPU Util |
double |
|
|
pollIntv |
Polling Interval |
uint32 |
|
|
sysCpuUtil |
System CPU Util |
double |
|
|
userCpuUtil |
User CPU Util |
double |
|
EventType: PH_DEV_MON_SYS_PROC_COUNT
Description: System process count for a device
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
procCount |
System Process Count |
uint32 |
|
|
pollIntv |
Polling Interval |
uint32 |
|
EventType: PH_DEV_MON_SYS_RESTART
Description: A device restarted
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
restartTime |
Restart Time |
Date |
|
EventType: PH_DEV_MON_SYS_STAT
Description: HP-UNIX logged in users and average system jobs statistics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
numUser |
System Logged In User |
uint32 |
|
|
numJob |
Average System Job |
uint32 |
|
|
pollIntv |
Polling Interval |
uint32 |
|
EventType: PH_DEV_MON_SYS_STATUS
Description: Overall System ststus
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
overallStatusCode |
Overall Health |
uint16 |
|
|
systemStatus |
System Health |
string |
|
|
svcStatus |
Service Health |
string |
|
|
envTempDegC |
Temperature Celsius |
uint32 |
|
EventType: PH_DEV_MON_SYS_SWAP_MEM_ERROR_MSG
Description: Swap memory error
Severity: 8 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
memName |
Memory Name |
string |
|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
swapMemUtil |
Swap Memory Util |
double |
|
|
freeSwapMemKB |
Free Swap Memory |
uint32 |
|
|
memMinimumSwap |
Minimum Swap Memory |
uint32 |
|
|
swapMemErrorString |
Swap Memory Error |
string |
|
EventType: PH_DEV_MON_SYS_UPTIME
Description: System uptime for a device
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
sysUpTime |
System Uptime |
uint32 |
|
|
sysUpTimePct |
System Uptime Pct |
double |
|
|
sysDownTime |
System Downtime |
uint32 |
|
|
pollIntv |
Polling Interval |
uint32 |
|
|
relayDevIpAddr |
Relaying IP |
IP |
Relaying IP is most commonly used to specify the log relay appliance, usually a collector. |
|
relayDevName |
Relaying Device |
string |
This is the hostname of the relaying device, a log relay, which is most typically a FortiSIEM collector. |
EventType: PH_DEV_MON_SYS_VIRT_MEM_UTIL
Description: System virtual memory Utilization stats for a device
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
memName |
Memory Name |
string |
|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
virtMemUsedKB |
Virtual Memory |
uint32 |
|
|
virtMemUtil |
Virtual Memory Util |
double |
|
|
pollIntv |
Polling Interval |
uint32 |
|
EventType: PH_DEV_MON_TARGET_FILE_CONTENT_CHANGE
Description: Target file hash changed from gold standard
Severity: 9 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
phCustId |
Organization ID |
uint32 |
This is the FortiSIEM organization ID unique to each tenant |
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
fileName |
File Name |
string |
|
|
hashCode |
Hash Code |
string |
|
|
oldSVNVersion |
Old SVN Version |
uint32 |
|
|
newSVNVersion |
New SVN Version |
uint32 |
|
|
deletedItem |
Deleted Item |
string |
|
|
addedItem |
Added Item |
string |
|
EventType: PH_DEV_MON_TOMCAT_CPU
Description: Tomcat cpu usage metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_TOMCAT_DB
Description: Tomcat database pool metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_TOMCAT_MEMORY
Description: Tomcat memory usage metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_TOMCAT_REQUEST_PROCESSOR
Description: Tomcat request processor metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_TOMCAT_SERVLET
Description: Tomcat servlet metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_TOMCAT_SESSION
Description: Tomcat session metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_TOMCAT_THREAD_POOL
Description: Tomcat thread pool usage metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_TRACEROUTE_STAT
Description: Trace Route statistics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
eventTime |
Event Occur Time |
Date |
|
|
jobId |
Job Id |
string |
|
|
srcIpAddr |
Source IP |
IP |
Source IP of a device as identified in the event. |
|
srcName |
Source Host Name |
string |
Source device's hostname as identified in the log, can also be enriched using reverse lookup of the source IP address. |
|
destIpAddr |
Destination IP |
IP |
Destination IP of a device as identified in the event. |
|
destName |
Destination Host Name |
string |
Destination device's hostname as identified in the log, can also be enriched using reverse lookup of the destination IP address. |
|
hopNum |
Hop Count |
uint32 |
|
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
minDurationMSec |
Min Round Trip Time |
uint32 |
This attribute represents Minimum Round Trip Time in msec. Typically used in Ping mo itoring. |
|
maxDurationMSec |
Max Round Trip Time |
uint32 |
This attribute represents Maximum Round Trip Time in msec. Typically used in Ping monitoring. |
|
avgDurationMSec |
Avg Round Trip Time |
uint32 |
This attribute represents Average Round Trip Time in msec. Typically used in Ping monitoring. |
|
pktLossPct |
Packet Loss Pct |
double |
Ratio of lost packets to the total number of sent packets. Mostly set by ping monitoring. |
EventType: PH_DEV_MON_UCS_HW_CHASSIS_STAT
Description: Cisco UCS Chassis status
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hwComponentName |
Hardware Component Name |
string |
This field represents the hardware component that has an issue when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), this field states which disk has an issue. |
|
inputPowerWatt |
Input Power Watt |
double |
|
|
inputPowerAvgWatt |
Avg Input Power Watt |
double |
|
|
inputPowerMaxWatt |
Max Input Power Watt |
double |
|
|
inputPowerMinWatt |
Min Input Power Watt |
double |
|
|
outputPowerWatt |
Output Power Watt |
double |
|
|
outputPowerAvgWatt |
Avg Output Power Watt |
double |
|
|
outputPowerMaxWatt |
Max Output Power Watt |
double |
|
|
outputPowerMinWatt |
Min Output Power Watt |
double |
|
EventType: PH_DEV_MON_UCS_HW_FAN_STAT
Description: Cisco UCS fan status
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hwComponentName |
Hardware Component Name |
string |
This field represents the hardware component that has an issue when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), this field states which disk has an issue. |
|
fanSpeed |
Fan Speed |
double |
|
|
fanSpeedAvg |
Avg Fan Speed |
double |
|
|
fanSpeedMax |
Max Fan Speed |
double |
|
|
fanSpeedMin |
Min Fan Speed |
double |
|
EventType: PH_DEV_MON_UCS_HW_MEMORY_STAT
Description: Cisco UCS memory status
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hwComponentName |
Hardware Component Name |
string |
This field represents the hardware component that has an issue when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), this field states which disk has an issue. |
|
envTempdDegC |
Temperature Celsius Detailed |
double |
|
|
envTempAvgDegC |
Avg Temperature Celsius |
double |
|
|
envTempMaxDegC |
Max Temperature Celsius |
double |
|
|
envTempMinDegC |
Min Temperature Celsius |
double |
|
EventType: PH_DEV_MON_UCS_HW_PROCESSOR_STAT
Description: Cisco UCS processor status
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hwComponentName |
Hardware Component Name |
string |
This field represents the hardware component that has an issue when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), this field states which disk has an issue. |
|
inputCurrentAmp |
Input Amp |
double |
|
|
inputCurrentAvgAmp |
Avg Input Amp |
double |
|
|
inputCurrentMaxAmp |
Max Input Amp |
double |
|
|
inputCurrentMinAmp |
Min Input Amp |
double |
|
|
envTempdDegC |
Temperature Celsius Detailed |
double |
|
|
envTempAvgDegC |
Avg Temperature Celsius |
double |
|
|
envTempMaxDegC |
Max Temperature Celsius |
double |
|
|
envTempMinDegC |
Min Temperature Celsius |
double |
|
EventType: PH_DEV_MON_UCS_HW_PSU_STAT
Description: Cisco UCS power supply status
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hwComponentName |
Hardware Component Name |
string |
This field represents the hardware component that has an issue when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), this field states which disk has an issue. |
|
envTempdDegC |
Temperature Celsius Detailed |
double |
|
|
envTempAvgDegC |
Avg Temperature Celsius |
double |
|
|
envTempMaxDegC |
Max Temperature Celsius |
double |
|
|
envTempMinDegC |
Min Temperature Celsius |
double |
|
|
input210Volt |
Input 210 Volt |
double |
|
|
input210AvgVolt |
Avg Input 210 Volt |
double |
|
|
input210MaxVolt |
Max Input 210 Volt |
double |
|
|
input210MinVolt |
Min Input 210 Power Volt |
double |
|
|
output12Volt |
Output 12 Volt |
double |
|
|
output12AvgVolt |
Avg Output Volt |
double |
|
|
output12MaxVolt |
Max Output Volt |
double |
|
|
output12MinVolt |
Min Output Volt |
double |
|
|
output3V3Volt |
Output 3V3 Volt |
double |
|
|
output3V3AvgVolt |
Avg Output 3V3 Volt |
double |
|
|
output3V3MaxVolt |
Max Output 3V3 Volt |
double |
|
|
output3V3MinVolt |
Min Output 3V3 Volt |
double |
|
|
outputCurrentAmp |
Output Amp |
double |
|
|
outputCurrentAvgAmp |
Avg Output Amp |
double |
|
|
outputCurrentMaxAmp |
Max Output Amp |
double |
|
|
outputCurrentMinAmp |
Min Output Amp |
double |
|
|
outputPowerWatt |
Output Power Watt |
double |
|
|
outputPowerAvgWatt |
Avg Output Power Watt |
double |
|
|
outputPowerMaxWatt |
Max Output Power Watt |
double |
|
|
outputPowerMinWatt |
Min Output Power Watt |
double |
|
EventType: PH_DEV_MON_UPS_METRIC
Description: UPS metric
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
upsRemainBatteryChargePct |
UPS Remaining Charge Pct |
uint32 |
|
|
upsBatteryStatus |
UPS Battery Status |
uint32 |
|
|
upsReplaceBatteryIndicator |
UPS Replace Battery Indicator |
uint32 |
|
|
upsTimeOnBattery |
UPS Time on Battery sec |
uint32 |
|
|
upsBasicOutputStatus |
UPS Output Status |
uint32 |
|
|
upsAdvOutputLoad |
UPS Output Load |
uint32 |
|
|
upsAdvOutputVoltage |
UPS Output Voltage V |
uint32 |
|
|
upsAdvOutputFreq |
UPS Output Frequency Hz |
uint32 |
|
|
upsEstSecRemain |
UPS Time Remaining sec |
uint32 |
|
|
upsBatteryVoltage |
UPS Battery Voltage |
double |
|
|
upsBatteryCurrent |
UPS Battery Current Amp |
double |
|
|
upsBatteryTempC |
UPS Battery Temperature Celsius |
uint32 |
|
|
upsBatteryTempF |
UPS Battery Temperature Fahrenheit |
uint32 |
|
|
hwComponentName |
Hardware Component Name |
string |
This field represents the hardware component that has an issue when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), this field states which disk has an issue. |
|
upsAdvInputFreq |
UPS Input FrequencyHz |
uint32 |
|
|
upsAdvInputVoltage |
UPS Input Voltage |
uint32 |
|
|
upsOutputCurrent |
UPS Output Current |
double |
|
|
upsOutputPower |
UPS Output Power |
double |
|
EventType: PH_DEV_MON_VMCLUSTER_CPU_UTIL
Description: Physical CPU usage for a VMware Cluster
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_VMCLUSTER_DATASTORE_IO
Description: Datastore IO stats for a VMware Cluster
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_VMCLUSTER_MEM_UTIL
Description: Physical memory usage for a VMware Cluster
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_VMCLUSTER_STATUS
Description: VMware cluster status
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_VMRESPOOL_CPU_UTIL
Description: Physical CPU usage for a VMware Resource Pool
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_VMRESPOOL_MEM_UTIL
Description: Physical memory usage for a VMware Resource Pool
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_VM_CPU_UTIL
Description: Physical CPU usage for a Virtual Machine
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_VM_DATASTORE_IO
Description: Datastore IO stats for a Virtual Machine
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_VM_DISK_IO
Description: Disk IO stats for a Virtual Machine
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_VM_DISK_UTIL
Description: VM datastore utilization
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_VM_MEM_UTIL
Description: Physical memory usage for a Virtual Machine
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_VM_NET_INTF_UTIL
Description: Network IO stats for a Virtual Machine
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_VM_PER_CPU_UTIL
Description: Physical CPU utilization for a Virtual Machine's virtual CPU
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_VM_SNAPSHOT
Description: Virtual Machine Snapshot
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_VM_STATE
Description: Virtual Machine State
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_VM_TOOLS_STATUS
Description: VMware tools status
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_VM_UPTIME
Description: Virtual Machine's up time
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_VPN_CONN
Description: VPN Statistics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
vpnConnCount |
VPN Conn Count |
uint32 |
|
EventType: PH_DEV_MON_VPN_STATUS
Description: VPN Performance metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
vpnStatus |
VPN Status |
string |
|
|
vpnConnCount |
VPN Conn Count |
uint32 |
|
|
sslVpnStatus |
SSL VPN Status |
string |
|
|
sslVpnConnCount |
SSL VPN Conn Count |
uint32 |
|
|
vpnTunnelName |
VPN Tunnel Name |
string |
|
|
vpnConnType |
VPN Conn Type |
string |
|
|
remoteVpnIpAddr |
Remote VPN Tunnel IP |
IP |
|
|
sentBitsPerSec |
Sent Bit Rate |
double |
|
|
recvBitsPerSec |
Received Bit Rate |
double |
|
|
sentBytes64 |
Sent Bytes64 |
uint64 |
Number of bytes sent by a host. This has 64bit resolution. |
|
recvBytes64 |
Received Bytes64 |
uint64 |
Number of bytes received by a host. This has 64bit resolution. |
|
pollIntv |
Polling Interval |
uint32 |
|
EventType: PH_DEV_MON_WATCHGUARD_POLICY_STAT
Description: Watchguard Firebox Policy Statistics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
policyName |
Policy Name |
string |
|
|
recvDecryptFail |
Recv Decrypt Fail |
uint64 |
|
|
authFailure |
Auth Failures |
uint32 |
|
|
failureCount |
Failure Count |
uint32 |
|
|
activeSessions |
Active Sessions |
uint64 |
|
|
totalNum |
Total Number of Items |
uint32 |
|
|
totBytesPerSec |
Total Byte Rate |
double |
|
|
totPktsPerSec |
Total Packet Rate |
double |
|
|
pollIntv |
Polling Interval |
uint32 |
|
EventType: PH_DEV_MON_WEBLOGIC_APP
Description: Weblogic app server configuration and metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_WEBLOGIC_DB_POOL
Description: Weblogic database pool metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_WEBLOGIC_EJB
Description: Weblogic EJB metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_WEBLOGIC_GEN
Description: Weblogic generic settings
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_WEBLOGIC_MEMORY
Description: Weblogic memory usage metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_WEBLOGIC_SERVLET
Description: Weblogic servlet metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_WEBLOGIC_SESSION
Description: Weblogic session metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_WEBLOGIC_THREAD_POOL
Description: Weblogic thread pool usage metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_WEBSPHERE_APP
Description: Websphere app server configuration and metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_WEBSPHERE_AUTHENTICATION
Description: Websphere app server authentication metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_WEBSPHERE_CPU
Description: Websphere CPU usage metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_WEBSPHERE_DB_POOL
Description: Websphere database pool metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_WEBSPHERE_EJB
Description: Websphere EJB metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_WEBSPHERE_MEMORY
Description: Websphere memory usage metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_WEBSPHERE_SERVLET
Description: Websphere servlet metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_WEBSPHERE_THREAD_POOL
Description: Websphere thread pool usage metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_WEBSPHERE_TRANSACTION
Description: Websphere app server transaction metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_WMI_PING_STAT
Description: WMI Ping Statistics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
avgDurationMSec |
Avg Round Trip Time |
uint32 |
This attribute represents Average Round Trip Time in msec. Typically used in Ping monitoring. |
|
minDurationMSec |
Min Round Trip Time |
uint32 |
This attribute represents Minimum Round Trip Time in msec. Typically used in Ping mo itoring. |
|
maxDurationMSec |
Max Round Trip Time |
uint32 |
This attribute represents Maximum Round Trip Time in msec. Typically used in Ping monitoring. |
|
pktLossPct |
Packet Loss Pct |
double |
Ratio of lost packets to the total number of sent packets. Mostly set by ping monitoring. |
|
sysDownTime |
System Downtime |
uint32 |
|
|
sysDegradedTime |
System Degraded Time |
uint32 |
|
|
pollIntv |
Polling Interval |
uint32 |
|
EventType: PH_DISCOVERY_COMPLETE
Description: Discovery completed
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DISCOVERY_RESULT_SENT
Description: Discovery results sent to app server
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DISCOV_ACCESS_IP_PARSE_ERROR
Description: Discovery module failed to parse device Access IP from App Server
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_DISCOV_ADS_ACCOUNT_TO_EXPIRE
Description: Active Directory account to excpire in 2 weeks
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
user |
User |
string |
|
|
userFullName |
User Full Name |
string |
|
|
userDN |
User Distinguishing Name |
string |
|
|
daysToAccountExpiry |
Days To Account Expiry |
uint32 |
|
EventType: PH_DISCOV_ADS_ACCT_DISABLED
Description: Accounts Disabled
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
user |
User |
string |
|
|
userFullName |
User Full Name |
string |
|
|
userDN |
User Distinguishing Name |
string |
|
EventType: PH_DISCOV_ADS_DORMANT_ACCT
Description: Dormant User Acounts - not log on in last 30 days
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
user |
User |
string |
|
|
userFullName |
User Full Name |
string |
|
|
userDN |
User Distinguishing Name |
string |
|
|
lastLogon |
Last Logon Time |
Date |
|
|
daysSinceLastLogon |
Days Since Last Logon |
uint32 |
|
EventType: PH_DISCOV_ADS_PASSWORD_NEVER_EXPIRES
Description: Active Directory user password never expires
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
user |
User |
string |
|
|
userFullName |
User Full Name |
string |
|
|
userDN |
User Distinguishing Name |
string |
|
|
passwordAge |
Password Age |
uint32 |
|
|
passwordLastSet |
Password Last Set |
Date |
|
EventType: PH_DISCOV_ADS_PASSWORD_NOT_REQD
Description: Active Directory user password not required
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
user |
User |
string |
|
|
userFullName |
User Full Name |
string |
|
|
userDN |
User Distinguishing Name |
string |
|
EventType: PH_DISCOV_ADS_PASSWORD_STALE
Description: Active Directory user password stale - more than 90 days
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
user |
User |
string |
|
|
userFullName |
User Full Name |
string |
|
|
userDN |
User Distinguishing Name |
string |
|
|
passwordAge |
Password Age |
uint32 |
|
|
passwordLastSet |
Password Last Set |
Date |
|
EventType: PH_DISCOV_ADS_PASSWORD_TO_EXPIRE
Description: Active Directory user password to excpire in 2 weeks
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
user |
User |
string |
|
|
userFullName |
User Full Name |
string |
|
|
userDN |
User Distinguishing Name |
string |
|
|
daysToPasswordExpiry |
Days To Password Expiry |
uint32 |
|
|
passwordLastSet |
Password Last Set |
Date |
|
EventType: PH_DISCOV_ARUBA_WLAN_HOST_LOCATION
Description: Aruba WLAN AP connected Host Identity and Location
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hostMACAddr |
Host MAC |
string |
Host Layer 2 MAC Address in the log |
|
user |
User |
string |
|
|
domain |
Domain |
string |
|
|
nepDevIpAddr |
Network Access Device IP |
IP |
|
|
nepDevName |
Network Access Device |
string |
|
|
nepDevPort |
Network Access Device Port |
string |
|
|
wlanSsid |
WLAN SSID |
string |
WLAN Service Set Identifier (SSID) found in SNMP based WLAN monitoring |
|
wlanChannelId |
WLAN Channel Id |
uint32 |
WLAN Channel Id found in SNMP based WLAN monitoring |
|
wlanApAssocUpTime |
WLAN AP Association Uptime |
uint32 |
WLAN AP Association Uptime found in SNMP based WLAN monitoring |
|
wlanMaxHostTxmitRate |
WLAN Max Host Txmit Rate Mbps |
uint32 |
WLAN Max Host Txmit Rate Mbps found in SNMP based WLAN monitoring |
|
wlanContrIpAddr |
WLAN Controller IP |
IP |
WLAN Controller IP found in SNMP based WLAN monitoring |
|
wlanContrHostName |
WLAN Controller Host Name |
string |
WLAN Controller Host Name found in SNMP based WLAN monitoring |
|
wlanRssi |
WLAN RSSI dB |
int32 |
WLAN RSSI dB found in SNMP based WLAN monitoring |
|
wlanProtocol |
WLAN Protocol |
string |
WLAN Protocol found in SNMP based WLAN monitoring |
EventType: PH_DISCOV_AWS_DEVICE_DELETED
Description: FortiSIEM AWS Discovery discovered a terminated device - this device will be deleted from CMDB
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
ec2InstanceId |
EC2 Instance Id |
string |
|
|
accountId |
Account Id |
string |
|
|
awsRegion |
AWS Region |
string |
|
|
status |
Status |
string |
|
EventType: PH_DISCOV_AWS_DEVICE_UNKNOWN
Description: Discovery module failed to recognize AWS device type
Severity: 5 (Medium)
Event Category: 3 (System Logs)
EventType: PH_DISCOV_AWS_DISCOV_FAILED
Description: Discovery module failed to discover AWS environment
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_DISCOV_AZURE_DISCOV_FAILED
Description: Discovery module failed to discover AZURE environment
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_DISCOV_BASIC_FAILED
Description: Basic discovery completely failed for a device
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
destIpAddr |
Destination IP |
IP |
Destination IP of a device as identified in the event. |
|
phDiscovFailCode |
PH Discovery Failure Code |
string |
|
EventType: PH_DISCOV_BASIC_SKIPPED
Description: Device discovery skipped because of device type discovery exclusion policy
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
destIpAddr |
Destination IP |
IP |
Destination IP of a device as identified in the event. |
|
phDiscovFailCode |
PH Discovery Failure Code |
string |
|
EventType: PH_DISCOV_BASIC_SNMP_DETAIL
Description: Device discovery via SNMP details
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
phDiscovSuccessCode |
PH Discovery Success Code |
string |
|
|
destIpAddr |
Destination IP |
IP |
Destination IP of a device as identified in the event. |
EventType: PH_DISCOV_BASIC_SNMP_ERROR
Description: Device discovery encountered errors
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
destIpAddr |
Destination IP |
IP |
Destination IP of a device as identified in the event. |
|
phDiscovFailCode |
PH Discovery Failure Code |
string |
|
EventType: PH_DISCOV_BASIC_SNMP_FAILED
Description: Basic device discovery via SNMP completely failed
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
destIpAddr |
Destination IP |
IP |
Destination IP of a device as identified in the event. |
|
phDiscovFailCode |
PH Discovery Failure Code |
string |
|
EventType: PH_DISCOV_BASIC_SNMP_STARTED
Description: Starting device discovery for a device via SNMP
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
destIpAddr |
Destination IP |
IP |
Destination IP of a device as identified in the event. |
EventType: PH_DISCOV_BASIC_SNMP_SUCCESS
Description: Device discovery via SNMP succeeded for a device
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
destName |
Destination Host Name |
string |
Destination device's hostname as identified in the log, can also be enriched using reverse lookup of the destination IP address. |
|
destIpAddr |
Destination IP |
IP |
Destination IP of a device as identified in the event. |
EventType: PH_DISCOV_BASIC_SSH_DETAIL
Description: Device discovery via SSH details
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
phDiscovSuccessCode |
PH Discovery Success Code |
string |
|
|
destIpAddr |
Destination IP |
IP |
Destination IP of a device as identified in the event. |
EventType: PH_DISCOV_BASIC_SSH_ERROR
Description: Basic device discovery via SSH encountered errors
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
destIpAddr |
Destination IP |
IP |
Destination IP of a device as identified in the event. |
|
phDiscovFailCode |
PH Discovery Failure Code |
string |
|
EventType: PH_DISCOV_BASIC_SSH_FAILED
Description: Basic device discovery via SSH completely failed
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
destIpAddr |
Destination IP |
IP |
Destination IP of a device as identified in the event. |
|
phDiscovFailCode |
PH Discovery Failure Code |
string |
|
EventType: PH_DISCOV_BASIC_SSH_STARTED
Description: Device discovery via SSH started for a device
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
destIpAddr |
Destination IP |
IP |
Destination IP of a device as identified in the event. |
EventType: PH_DISCOV_BASIC_SSH_SUCCESS
Description: Device discovery via SSH succeeded for a device
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
destName |
Destination Host Name |
string |
Destination device's hostname as identified in the log, can also be enriched using reverse lookup of the destination IP address. |
|
destIpAddr |
Destination IP |
IP |
Destination IP of a device as identified in the event. |
EventType: PH_DISCOV_BASIC_STARTED
Description: Starting device discovery for a device
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
destIpAddr |
Destination IP |
IP |
Destination IP of a device as identified in the event. |
EventType: PH_DISCOV_BGP_OSPF_FAILED
Description: Failed to send discovery task request for BGP/OSPF change
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_DISCOV_BROCADE_SERVER_IRON_HW_INFO_WARNING
Description: Failed to discover Brocade server iron hardware status
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
module |
Module Name |
string |
|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_DISCOV_CANCEL_UNKNOWN_REQ
Description: Discovery module received discovery cancel request with unknown request ID
Severity: 5 (Medium)
Event Category: 3 (System Logs)
EventType: PH_DISCOV_CERT_FILE_DOWNLOAD_FAILURE
Description: Discovery module failed to download certificate file
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
EventType: PH_DISCOV_CHECKPOINT_TEST_CONN_FAILED
Description: Discovery module failed to test connectivity for a Checkpoint device
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_DISCOV_CISCO_ASA_GET_CONTEXT_FAILED
Description: Discovery module failed to discover Cisco ASA device
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
virtContext |
Virtualization Context |
string |
|
EventType: PH_DISCOV_CISCO_ASA_IPSEC_VPN_FAILED
Description: Discovery module failed to discover IPSEC VPN for Cisco ASA via SNMP
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
EventType: PH_DISCOV_CISCO_ASA_RAS_VPN_FAILED
Description: Discovery module failed to discover RAS VPN for Cisco ASA via SNMP
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
EventType: PH_DISCOV_CISCO_ASA_RUN_CONFIG_FAILED
Description: Discovery module failed to discover running config for Cisco ASA via Login
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
virtContext |
Virtualization Context |
string |
|
EventType: PH_DISCOV_CISCO_ASA_SET_CONTEXT_FAILED
Description: Discovery module failed to set context for Cisco ASA
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
virtContext |
Virtualization Context |
string |
|
EventType: PH_DISCOV_CISCO_ASA_STARTUP_CONFIG_FAILED
Description: Discovery module failed to discover startup config for Cisco ASA via Login
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
virtContext |
Virtualization Context |
string |
|
EventType: PH_DISCOV_CISCO_CALL_MANAGER_WARNING
Description: Discovery module failed to obtain Cisco Call Manager statistics
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
module |
Module Name |
string |
|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_DISCOV_CISCO_CATOS_INTF_FAILED
Description: Discovery module failed to find interface by id and name for Cisco CatOS device
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
intfName |
Host Interface Name |
string |
Name of a network interface in a host. |
EventType: PH_DISCOV_CISCO_CDP_ERROR
Description: Discovery module failed to find local interface in CDP
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
EventType: PH_DISCOV_CISCO_IOS_L2_WARNING
Description: Discovery module failed to discover Layer 2 for Cisco IOS device - no directly connected host entries
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
EventType: PH_DISCOV_CISCO_IOS_TRUNK_PORT_ERROR
Description: Discovery module encountered SNMP index lookup error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
EventType: PH_DISCOV_CISCO_JUNOS_L2_WARNING
Description: Discovery module failed to discover Layer 2 for JUNOS device - no directly connected host entries
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
EventType: PH_DISCOV_CISCO_NXOS_HW_STATUS_WARNING
Description: Discovery module failed to obtain Cisco NxOS hardware status
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
module |
Module Name |
string |
|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_DISCOV_CISCO_NXOS_INTF_SHORT_NAME_NOT_FOUND
Description: Discovery module failed to find interface short name for Cisco NxOS
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
EventType: PH_DISCOV_CISCO_NXOS_L2_WARNING
Description: Discovery module failed to discover Layer 2 for Cisco NxOS device - no directly connected host entries
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
EventType: PH_DISCOV_CISCO_WLAN_HOST_LOCATION
Description: Cisco WLAN AP connected Host Identity and Location
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hostMACAddr |
Host MAC |
string |
Host Layer 2 MAC Address in the log |
|
user |
User |
string |
|
|
domain |
Domain |
string |
|
|
nepDevIpAddr |
Network Access Device IP |
IP |
|
|
nepDevName |
Network Access Device |
string |
|
|
nepDevPort |
Network Access Device Port |
string |
|
|
wlanSsid |
WLAN SSID |
string |
WLAN Service Set Identifier (SSID) found in SNMP based WLAN monitoring |
|
wlanContrIpAddr |
WLAN Controller IP |
IP |
WLAN Controller IP found in SNMP based WLAN monitoring |
|
wlanContrHostName |
WLAN Controller Host Name |
string |
WLAN Controller Host Name found in SNMP based WLAN monitoring |
|
wlanRssi |
WLAN RSSI dB |
int32 |
WLAN RSSI dB found in SNMP based WLAN monitoring |
|
wlanSnr |
WLAN SNR dB |
uint32 |
WLAN SNR dB found in SNMP based WLAN monitoring |
|
wlanProtocol |
WLAN Protocol |
string |
WLAN Protocol found in SNMP based WLAN monitoring |
EventType: PH_DISCOV_CLOCK_ROLLS_BACK
Description: FortiSIEM Discovery module discovers excessive clock skew dusing BGP/OSPF discovery
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_DISCOV_CONTACT_APP_SERVER
Description: Discovery module contacting app server
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
destIpAddr |
Destination IP |
IP |
Destination IP of a device as identified in the event. |
|
destIpPort |
Destination TCP/UDP Port |
uint16 |
This is the destination TCP or UDP port as identified in the event |
EventType: PH_DISCOV_CREDEN_INSERT_ERROR
Description: Discovery module failed to insert device credential into its memory - discovery may fail
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_DISCOV_CUSTOM_MAP_LOAD_FAILED
Description: Discovery module failed to load customer map from App Server
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_DISCOV_DATA_DOMAIN_HW_STATUS_WARNING
Description: Discovery module failed to obtain hardware status from Data Domain device
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
module |
Module Name |
string |
|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_DISCOV_DELL_BLADE_CHASSIS_WARNING
Description: Discovery module failed to discover Dell Blade Chassis
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_DISCOV_DELL_COMPELLENT_STORAGE_WARNING
Description: Discovery module failed to discover volume info for Dell Compellent Storage device
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_DISCOV_DISCOV_REQ_GET_FAILED
Description: Discovery module failed to get discovery request from App server
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_DISCOV_DISCOV_RESULT_SENDER_THREADS_SPAWN_FAILED
Description: Discovery module failed to spawn discovery result sender threads
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_DISCOV_DISCOV_THREADS_SPAWN_FAILED
Description: Discovery module failed to spawn discover threads
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_DISCOV_EC2_INSTANCE_PARSE_FAILED
Description: Discovery module failed to parse EC2 instance xml
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_DISCOV_EMC_CLARION_ERROR
Description: Discovery module failed to discover EMC Clarion
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
EventType: PH_DISCOV_EMC_VNX_DISCOV_FAILED
Description: Discovery module failed to discover EMC VNX via navisec client
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
filePath |
File Path |
string |
|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_DISCOV_EMC_VNX_PING_FAILED
Description: Discovery module failed to ping EMC VNX
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
filePath |
File Path |
string |
|
EventType: PH_DISCOV_EQLOGIC_CONN_FAILED
Description: Discovery module failed to obtain EqualLogic connection info
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
module |
Module Name |
string |
|
|
oid |
Object Identifier |
string |
|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_DISCOV_EQLOGIC_HW_INFO_FAILED
Description: Discovery module failed to obtain EqualLogic metric
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
module |
Module Name |
string |
|
|
oid |
Object Identifier |
string |
|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_DISCOV_ESX_HOST_PING_ONLY_DISCOV_ERROR
Description: Ping only discovery for ESX host/vCenter failed
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_DISCOV_FAILED_INVALID_REQUEST
Description: Discovery failed - invalid discovery request from App Server
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_DISCOV_FAILED_INVALID_REQUEST_XML
Description: FortiSIEM discovery module received invalid XML from App Server - discovery will fail
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_DISCOV_FAILED_XML_ERROR
Description: Discovery XML request parse error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
phDiscovFailCode |
PH Discovery Failure Code |
string |
|
EventType: PH_DISCOV_FAIL_CMDB_DEV
Description: Existing CMDB device (re)discovery failed
Severity: 5 (Medium)
Event Category: 3 (System Logs)
EventType: PH_DISCOV_FILE_BASED_DISCOV_DIR_NOT_CONFIGURED
Description: File based discovery failed - discover_file_dir missing in phoenix_config.txt
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_DISCOV_FILE_BASED_DISCOV_FAILED
Description: File based discovery failed - cannot open discovery file
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
filePath |
File Path |
string |
|
EventType: PH_DISCOV_FORTINET_CPU_INFO_WARNING
Description: Discovery module failed to discover cpu info for Fortinet appliance
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_DISCOV_FORTINET_LINK_STAT_WARNING
Description: Discovery module failed to discover link stat for Fortinet appliance
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_DISCOV_FORTINET_SYS_UPDATE_VERSION_WARNING
Description: Discovery module failed to discover system auto update versions for Fortinet appliance
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_DISCOV_GENERIC_ERROR
Description: Device discovery encountered generic errors
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
destIpAddr |
Destination IP |
IP |
Destination IP of a device as identified in the event. |
|
phDiscovFailCode |
PH Discovery Failure Code |
string |
|
EventType: PH_DISCOV_GEN_WLAN_HOST_LOCATION
Description: Generic WLAN AP connected Host Identity and Location
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hostMACAddr |
Host MAC |
string |
Host Layer 2 MAC Address in the log |
|
user |
User |
string |
|
|
domain |
Domain |
string |
|
|
nepDevIpAddr |
Network Access Device IP |
IP |
|
|
nepDevName |
Network Access Device |
string |
|
|
nepDevPort |
Network Access Device Port |
string |
|
|
wlanSsid |
WLAN SSID |
string |
WLAN Service Set Identifier (SSID) found in SNMP based WLAN monitoring |
|
wlanContrIpAddr |
WLAN Controller IP |
IP |
WLAN Controller IP found in SNMP based WLAN monitoring |
|
wlanContrHostName |
WLAN Controller Host Name |
string |
WLAN Controller Host Name found in SNMP based WLAN monitoring |
EventType: PH_DISCOV_GET_SNMP_ENGINE_ID_FAILED
Description: Failed to get snmp engine ID
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
destIpAddr |
Destination IP |
IP |
Destination IP of a device as identified in the event. |
EventType: PH_DISCOV_HOST_CONVERT_PROCESS_UPTIME_ERROR
Description: Discovery module failed to convert process uptime
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
EventType: PH_DISCOV_HOST_ERROR
Description: Discovery module failed to discover device
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
destIpAddr |
Destination IP |
IP |
Destination IP of a device as identified in the event. |
|
phDiscovFailCode |
PH Discovery Failure Code |
string |
|
EventType: PH_DISCOV_HOST_INSTALL_SW_WARNING
Description: Discovery module failed to discover installed software
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_DISCOV_HOST_LOCATE_PROCESS_ERROR
Description: Discovery module failed to locate running process by SNMP id
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
EventType: PH_DISCOV_HOST_LOCATION
Description: Wired Host IP location message
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DISCOV_HOST_NET_INTF
Description: Host network interface identity message
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hostMACAddr |
Host MAC |
string |
Host Layer 2 MAC Address in the log |
|
computer |
Computer |
string |
|
EventType: PH_DISCOV_HOST_STARTED
Description: Host discovery started for a device
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
destName |
Destination Host Name |
string |
Destination device's hostname as identified in the log, can also be enriched using reverse lookup of the destination IP address. |
|
destIpAddr |
Destination IP |
IP |
Destination IP of a device as identified in the event. |
EventType: PH_DISCOV_HOST_SUCCESS
Description: Host discovery succeeded for a device
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
destName |
Destination Host Name |
string |
Destination device's hostname as identified in the log, can also be enriched using reverse lookup of the destination IP address. |
|
destIpAddr |
Destination IP |
IP |
Destination IP of a device as identified in the event. |
EventType: PH_DISCOV_HOST_SUCCESS_DETAIL
Description: Host discovery success details
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
phDiscovSuccessCode |
PH Discovery Success Code |
string |
|
|
destIpAddr |
Destination IP |
IP |
Destination IP of a device as identified in the event. |
EventType: PH_DISCOV_HOST_WARNING
Description: Discovery module failed to discover device
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
module |
Module Name |
string |
|
EventType: PH_DISCOV_HP3COM_HW_WARNING
Description: Discovery module failed to discover hardware info for HP3Com
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_DISCOV_HP_BLADE_HW_STATUS_WARNING
Description: Discovery module failed to obtain hardware status from HP Blade device
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
module |
Module Name |
string |
|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_DISCOV_INIT_MODULE_FAILED
Description: Discovery module failed to initialize
Severity: 10 (High)
Event Category: 3 (System Logs)
EventType: PH_DISCOV_INTERFACE_VIA_SNMP_FAILED
Description: Discovery module failed to discover network interfaces vis SNMP
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_DISCOV_IP_TYPE_INVALID
Description: Invalid IP type
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_DISCOV_ISILON_HW_STATUS_WARNING
Description: Discovery module failed to obtain hardware status from Isilon device
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
module |
Module Name |
string |
|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_DISCOV_JMX_TEST_CONN_FAILED
Description: Discovery module failed to test conn for JMX server
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_DISCOV_JUNIPER_SSG_HW_INFO_WARNING
Description: Juniper SSG hardware warning
Severity: 3 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
module |
Module Name |
string |
|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_DISCOV_L2_FAILED
Description: Layer 2 device discovery completely failed
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
destName |
Destination Host Name |
string |
Destination device's hostname as identified in the log, can also be enriched using reverse lookup of the destination IP address. |
|
destIpAddr |
Destination IP |
IP |
Destination IP of a device as identified in the event. |
|
phDiscovFailCode |
PH Discovery Failure Code |
string |
|
EventType: PH_DISCOV_L2_STARTED
Description: Layer 2 device discovery started for a device
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
destName |
Destination Host Name |
string |
Destination device's hostname as identified in the log, can also be enriched using reverse lookup of the destination IP address. |
EventType: PH_DISCOV_L2_SUCCESS
Description: Layer 2 device discovery succeeded for a device
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
destName |
Destination Host Name |
string |
Destination device's hostname as identified in the log, can also be enriched using reverse lookup of the destination IP address. |
|
destIpAddr |
Destination IP |
IP |
Destination IP of a device as identified in the event. |
EventType: PH_DISCOV_LDAP_ERROR
Description: LDAP discovery failed
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
destIpAddr |
Destination IP |
IP |
Destination IP of a device as identified in the event. |
|
phDiscovFailCode |
PH Discovery Failure Code |
string |
|
EventType: PH_DISCOV_LDAP_OU_ERROR
Description: Discovery module failed to lookup LDAP OU in its memory
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_DISCOV_LINUX_DSKTABLE_NOT_CONFIG
Description: Linux disk discovery imcomplete - Dsktable MIB not configured on Linux server
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
diskName |
Disk Name |
string |
|
EventType: PH_DISCOV_LOGIN_ERROR
Description: Discovery / Perf monitoring module failed to execute command via SSH/TELNET
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
destIpAddr |
Destination IP |
IP |
Destination IP of a device as identified in the event. |
|
phDiscovFailCode |
PH Discovery Failure Code |
string |
|
|
script |
Script |
string |
|
|
command |
Command |
string |
|
EventType: PH_DISCOV_NEXT_HOP_VIA_SNMP_FAILED
Description: Discovery module failed to discover next hop address vis SNMP
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
EventType: PH_DISCOV_NIMBLE_VOLUME_WARNING
Description: Failed to discover volume for Nimble storage
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_DISCOV_NOZOMI_DISCOV_FAILED
Description: Discovery module failed to discover Nozomi environment
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_DISCOV_PARAM_PARSE_FAILED
Description: Discovery module failed to parse parameters in discovery XML from App server
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_DISCOV_PARSER_MSG_EXCEEDS_THRESHOLD
Description: Number of parser-to-discover messages to be processed exceeds threshold, discard the oldest one
Severity: 5 (Medium)
Event Category: 3 (System Logs)
EventType: PH_DISCOV_PARSER_MSG_THREAD_SPAWN_FAILED
Description: Discovery module failed to spawn processParserMessage thread
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_DISCOV_PERF_TEMPLATE_LOAD_FAILED
Description: Discovery module failed to load performance template from App Server
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_DISCOV_PING_ONLY_LIST_NOT_MATCH
Description: Discovery module found that ping-only-discover device list does not match include-ip device list. Ping-only-discovery is not effective
Severity: 5 (Medium)
Event Category: 3 (System Logs)
EventType: PH_DISCOV_READ_COMPRESS_THRESHOLD_FAILED
Description: Discovery module failed to read discover_compress_threshold from phoenix configuration, will set it to 2048 bytes
Severity: 5 (Medium)
Event Category: 3 (System Logs)
EventType: PH_DISCOV_RECVD_VALID_REQUEST
Description: Received valid discovery request from app server
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
destIpAddr |
Destination IP |
IP |
Destination IP of a device as identified in the event. |
EventType: PH_DISCOV_RESULT_SEND_FAILED
Description: Discovery module failed to send discovery result to App server after many retries; discovery will fail
Severity: 8 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
phDiscovFailCode |
PH Discovery Failure Code |
string |
|
EventType: PH_DISCOV_RESULT_SEND_WARNING
Description: Discovery module failed to upload discovery result to App Server, will retry
Severity: 5 (Medium)
Event Category: 3 (System Logs)
EventType: PH_DISCOV_RESULT_XML_WRITE_FAILURE
Description: Discovery module failed to create discovery result XML file
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
EventType: PH_DISCOV_RUNNING_SERVICE
Description: Found running service on host
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
ipProto |
IP Protocol |
uint16 |
IP Protocol, e.g. TCP, UDP, ICMP etc as defined in IP RFPs |
|
destIpPort |
Destination TCP/UDP Port |
uint16 |
This is the destination TCP or UDP port as identified in the event |
|
appName |
Application Name |
string |
|
EventType: PH_DISCOV_RUN_JAVA_PROBE_ERROR
Description: Discovery module failed to execute runJavaProbe.sh
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
exitValue |
Command exit value |
int32 |
|
EventType: PH_DISCOV_RUN_SW_FILTER_LOAD_FAILED
Description: Discovery module failed to load Running Software Filter from App Server - running software filter may not be discovered correctly
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_DISCOV_RUN_SW_FILTER_PARSE_FAILED
Description: Discovery module failed to parse running software filter xml from App Server - running software filter may not be discovered correctly
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_DISCOV_RUN_VM_TEST_CONN_ERROR
Description: Discovery module failed to execute VMWare Test Connectivity (runVmTestConn.sh)
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
exitValue |
Command exit value |
int32 |
|
EventType: PH_DISCOV_SKIPPED
Description: Skipping device discovery by discovery request policy
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DISCOV_SKIP_DEV
Description: Discovery skipped a device for discovery
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
msg |
Message |
string |
|
EventType: PH_DISCOV_SNMP_ERROR
Description: Discovery module failed to get data via SNMP
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
destIpAddr |
Destination IP |
IP |
Destination IP of a device as identified in the event. |
|
phDiscovFailCode |
PH Discovery Failure Code |
string |
|
EventType: PH_DISCOV_SSH_ERROR
Description: Discovery module failed to execute command via SSH
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
destIpAddr |
Destination IP |
IP |
Destination IP of a device as identified in the event. |
|
phDiscovFailCode |
PH Discovery Failure Code |
string |
|
|
script |
Script |
string |
|
|
command |
Command |
string |
|
EventType: PH_DISCOV_START
Description: Discovery module starting
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DISCOV_TELNET_ERROR
Description: Discovery module failed to execute command via TELNET
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
destIpAddr |
Destination IP |
IP |
Destination IP of a device as identified in the event. |
|
phDiscovFailCode |
PH Discovery Failure Code |
string |
|
|
script |
Script |
string |
|
|
command |
Command |
string |
|
EventType: PH_DISCOV_TEST_CONN_GET_REQ_FAILED
Description: Discovery module failed to get test connectivity request from App server
Severity: 9 (High)
Event Category: 3 (System Logs)
EventType: PH_DISCOV_TEST_CONN_MSRPC_ERROR
Description: Discovery module failed to test connection to a Windows Server via MSRPC
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
filePath |
File Path |
string |
|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_DISCOV_TEST_CONN_NO_UCSAPI_CRED
Description: Discovery module failed to test connection to a Cisco UCS Server via UCS API
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_DISCOV_TEST_CONN_RESULT_SENDER_THREADS_SPAWN_FAILED
Description: Discovery module failed to spawn test connectivity result sender threads
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_DISCOV_TEST_CONN_RESULT_SEND_ERROR
Description: Discovery module encountered error in sending Test Connectivity result to app server
Severity: 9 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
phDiscovFailCode |
PH Discovery Failure Code |
string |
|
EventType: PH_DISCOV_TEST_CONN_RESULT_SEND_WARNING
Description: Discovery module failed to upload test connectivity result to App Server
Severity: 9 (High)
Event Category: 3 (System Logs)
EventType: PH_DISCOV_TEST_CONN_THREADS_SPAWN_FAILED
Description: Discovery module failed to spawn test connectivity threads
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_DISCOV_TEST_CONN_VMSDK_ERROR
Description: Discovery module encountered VMSDK test connection error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_DISCOV_TRIPP_UPS_HW_STATUS_WARNING
Description: Discovery module failed to obtain hardware status from Tripp UPS device
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
module |
Module Name |
string |
|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_DISCOV_TRUNK_PORTS_ERROR
Description: Discovery module failed to get network device trunk port information from App server
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_DISCOV_UNHANDLED_ACCESS_PROTO
Description: Discovery module encountered unhandled device access method
Severity: 4 (Low)
Event Category: 3 (System Logs)
EventType: PH_DISCOV_UPLOAD_DATA_FAILED
Description: Discovery module failed to upload discovery results to App Server
Severity: 9 (High)
Event Category: 3 (System Logs)
EventType: PH_DISCOV_VMWARE_DUP_DEV_ID
Description: Discovery module encoutered VMSDK discovery error because of duplicated device id
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
filePath |
File Path |
string |
|
EventType: PH_DISCOV_VMWARE_ERROR
Description: Discovery module failed to discover device via VMSDK
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_DISCOV_VOIP_PHONE_ID
Description: VoIP phone identity message
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
computer |
Computer |
string |
|
|
hostMACAddr |
Host MAC |
string |
Host Layer 2 MAC Address in the log |
|
user |
User |
string |
|
|
domain |
Domain |
string |
|
|
voIPPhoneStatus |
VoIP Phone Status |
string |
|
EventType: PH_DISCOV_WMI_PULL_ERROR
Description: Windows WMI pulling error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_DISC_DATA_PROCESS_ERROR
Description: Discovery result process error
Severity: 5 (Medium)
Event Category: 3 (System Logs)
EventType: PH_DIVIDE_BY_ZERO
Description: Devide by zero
Severity: 6 (Medium)
Event Category: 3 (System Logs)
EventType: PH_DROP_EVENT_FROM_SHARED_BUFFER
Description: Event dropped from shared buffer
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
phCustId |
Organization ID |
uint32 |
This is the FortiSIEM organization ID unique to each tenant |
|
collectorId |
Collector ID |
uint32 |
This field captures the ID of a FortiSIEM Collector |
|
count |
Count |
uint32 |
A general count variable. A common use case is for incidents. Count represents how many times an Incident occurred in a time interval. When an Incident with the same group by parameters occurs again. The count is incremented and the Last Seen time is advanced. Count can be used for other events also. |
EventType: PH_DROP_INCIDENT
Description: Incident dropped
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
ruleId |
Rule ID |
uint64 |
Unique ID of a FortiSIEM rule. |
|
ruleName |
Rule Name |
string |
FortiSIEM rule name. |
|
incidentId |
Incident ID |
uint64 |
Unique ID of a FortiSIEM Incident |
|
details |
Details |
string |
|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_DROP_INCIDENT_COUNT
Description: Dropped incident count
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
phCustId |
Organization ID |
uint32 |
This is the FortiSIEM organization ID unique to each tenant |
|
ruleId |
Rule ID |
uint64 |
Unique ID of a FortiSIEM rule. |
|
incidentCount |
Triggered Event Count |
uint32 |
This field represents the number of Triggering events in an Incident. |
|
policyName |
Policy Name |
string |
|
EventType: PH_ES_ARCHIVE_STORAGE_CHECK_ERROR
Description: Failed to get disk usage of Elasticsearch Cluster archive
Severity: 10 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_ES_ARCHIVE_STORAGE_LOW
Description: The available storage of archive for Elasticsearch Cluster is low
Severity: 3 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
totalDiskMB |
Total Disk MB |
uint32 |
|
|
freeDiskMB |
Free Disk MB |
uint32 |
|
EventType: PH_ES_ARCHIVE_STORAGE_PURGING_FAILED
Description: Failed purge snapshot from archive on Elasticsearch Cluster
Severity: 10 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_ES_ARCHIVE_STORAGE_PURGING_FINISHED
Description: Finished purge snapshot from archive on Elasticsearch Cluster
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
totBytes64 |
Total Bytes64 |
uint64 |
Total number of sent and received bytes by a host. This has 64bit resolution. |
EventType: PH_ES_ARCHIVE_STORAGE_PURGING_STARTED
Description: Start purge snapshots from archive on Elasticsearch Cluster
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
totBytes64 |
Total Bytes64 |
uint64 |
Total number of sent and received bytes by a host. This has 64bit resolution. |
EventType: PH_ES_ARCHIVE_STORAGE_PURGING_SUCCESS
Description: Succeed purge snapshots from archive on Elasticsearch Cluster
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
totBytes64 |
Total Bytes64 |
uint64 |
Total number of sent and received bytes by a host. This has 64bit resolution. |
EventType: PH_ES_ARCHIVE_STORAGE_USAGE
Description: Disk usage of Elasticsearch Cluster archive
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
totalDiskMB |
Total Disk MB |
uint32 |
|
|
freeDiskMB |
Free Disk MB |
uint32 |
|
EventType: PH_ES_CCR_DELAY
Description: Elasticsearch CCR delay detail
Severity: 5 (Medium)
Event Category: 3 (System Logs)
EventType: PH_ES_COLD_STORAGE_ARCHIVING_FAILED
Description: Failed to archive indices from cold nodes on Elasticsearch Cluster
Severity: 10 (High)
Event Category: 3 (System Logs)
EventType: PH_ES_COLD_STORAGE_ARCHIVING_FINISHED
Description: Finished archive indices from cold nodes on Elasticsearch Cluster
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
totBytes64 |
Total Bytes64 |
uint64 |
Total number of sent and received bytes by a host. This has 64bit resolution. |
EventType: PH_ES_COLD_STORAGE_ARCHIVING_STARTED
Description: Start archive indices from cold nodes on Elasticsearch Cluster
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
totBytes64 |
Total Bytes64 |
uint64 |
Total number of sent and received bytes by a host. This has 64bit resolution. |
EventType: PH_ES_COLD_STORAGE_ARCHIVING_SUCCESS
Description: Successfully archived indices from cold nodes on Elasticsearch Cluster
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
totBytes64 |
Total Bytes64 |
uint64 |
Total number of sent and received bytes by a host. This has 64bit resolution. |
EventType: PH_ES_COLD_STORAGE_CHECK_ERROR
Description: Failed to get disk usage of Elasticsearch Cluster cold nodes
Severity: 10 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_ES_COLD_STORAGE_LOW
Description: The available storage of cold nodes on Elasticsearch Cluster is low
Severity: 3 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
totalDiskMB |
Total Disk MB |
uint32 |
|
|
freeDiskMB |
Free Disk MB |
uint32 |
|
EventType: PH_ES_COLD_STORAGE_PURGING_FAILED
Description: Failed purge indices from cold nodes on Elasticsearch Cluster
Severity: 10 (High)
Event Category: 3 (System Logs)
EventType: PH_ES_COLD_STORAGE_PURGING_FINISHED
Description: Finished purge indices from cold nodes on Elasticsearch Cluster
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
totBytes64 |
Total Bytes64 |
uint64 |
Total number of sent and received bytes by a host. This has 64bit resolution. |
EventType: PH_ES_COLD_STORAGE_PURGING_STARTED
Description: Start purge indices from cold nodes on Elasticsearch Cluster
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
totBytes64 |
Total Bytes64 |
uint64 |
Total number of sent and received bytes by a host. This has 64bit resolution. |
EventType: PH_ES_COLD_STORAGE_PURGING_SUCCESS
Description: Succeed purge indices from cold nodes on Elasticsearch Cluster
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
totBytes64 |
Total Bytes64 |
uint64 |
Total number of sent and received bytes by a host. This has 64bit resolution. |
EventType: PH_ES_COLD_STORAGE_USAGE
Description: Disk usage of Elasticsearch Cold nodes
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
totalDiskMB |
Total Disk MB |
uint32 |
|
|
freeDiskMB |
Free Disk MB |
uint32 |
|
EventType: PH_ES_HOTCOLD_STORAGE_MOVING_FAILED
Description: Failed move indices from Hot to cold nodes on Elasticsearch Cluster
Severity: 10 (High)
Event Category: 3 (System Logs)
EventType: PH_ES_HOTCOLD_STORAGE_MOVING_FINISHED
Description: Finished moved indices from Hot to cold nodes on Elasticsearch Cluster
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
totBytes64 |
Total Bytes64 |
uint64 |
Total number of sent and received bytes by a host. This has 64bit resolution. |
EventType: PH_ES_HOTCOLD_STORAGE_MOVING_STARTED
Description: Start move indices from Hot to cold nodes on Elasticsearch Cluster
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
totBytes64 |
Total Bytes64 |
uint64 |
Total number of sent and received bytes by a host. This has 64bit resolution. |
EventType: PH_ES_HOTCOLD_STORAGE_MOVING_SUCCESS
Description: Succeed moved indices from Hot to cold nodes on Elasticsearch Cluster
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
totBytes64 |
Total Bytes64 |
uint64 |
Total number of sent and received bytes by a host. This has 64bit resolution. |
EventType: PH_ES_HOT_STORAGE_ARCHIVING_FAILED
Description: Failed archive indices from hot nodes on Elasticsearch Cluster
Severity: 10 (High)
Event Category: 3 (System Logs)
EventType: PH_ES_HOT_STORAGE_ARCHIVING_FINISHED
Description: Finished archive indices from hot nodes on Elasticsearch Cluster
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
totBytes64 |
Total Bytes64 |
uint64 |
Total number of sent and received bytes by a host. This has 64bit resolution. |
EventType: PH_ES_HOT_STORAGE_ARCHIVING_STARTED
Description: Start archive indices from hot nodes on Elasticsearch Cluster
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
totBytes64 |
Total Bytes64 |
uint64 |
Total number of sent and received bytes by a host. This has 64bit resolution. |
EventType: PH_ES_HOT_STORAGE_ARCHIVING_SUCCESS
Description: Succeed archive indices from hot nodes on Elasticsearch Cluster
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
totBytes64 |
Total Bytes64 |
uint64 |
Total number of sent and received bytes by a host. This has 64bit resolution. |
EventType: PH_ES_HOT_STORAGE_CHECK_ERROR
Description: Failed to get disk usage of Elasticsearch Cluster Hot Nodes
Severity: 10 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_ES_HOT_STORAGE_LOW
Description: The available storage of Hot Nodes on Elasticsearch Cluster is low
Severity: 3 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
totalDiskMB |
Total Disk MB |
uint32 |
|
|
freeDiskMB |
Free Disk MB |
uint32 |
|
EventType: PH_ES_HOT_STORAGE_MOVING_FAILED
Description: Failed move indices from Hot to warm nodes on Elasticsearch Cluster
Severity: 10 (High)
Event Category: 3 (System Logs)
EventType: PH_ES_HOT_STORAGE_MOVING_FINISHED
Description: Finished moved indices from Hot to warm nodes on Elasticsearch Cluster
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
totBytes64 |
Total Bytes64 |
uint64 |
Total number of sent and received bytes by a host. This has 64bit resolution. |
EventType: PH_ES_HOT_STORAGE_MOVING_STARTED
Description: Start move indices from Hot to warm nodes on Elasticsearch Cluster
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
totBytes64 |
Total Bytes64 |
uint64 |
Total number of sent and received bytes by a host. This has 64bit resolution. |
EventType: PH_ES_HOT_STORAGE_MOVING_SUCCESS
Description: Succeed moved indices from Hot to warm nodes on Elasticsearch Cluster
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
totBytes64 |
Total Bytes64 |
uint64 |
Total number of sent and received bytes by a host. This has 64bit resolution. |
EventType: PH_ES_HOT_STORAGE_PURGING_FAILED
Description: Failed purge indices from hot nodes on Elasticsearch Cluster
Severity: 10 (High)
Event Category: 3 (System Logs)
EventType: PH_ES_HOT_STORAGE_PURGING_FINISHED
Description: Finished purge indices from hot nodes on Elasticsearch Cluster
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
totBytes64 |
Total Bytes64 |
uint64 |
Total number of sent and received bytes by a host. This has 64bit resolution. |
EventType: PH_ES_HOT_STORAGE_PURGING_STARTED
Description: Start purge indices from hot nodes on Elasticsearch Cluster
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
totBytes64 |
Total Bytes64 |
uint64 |
Total number of sent and received bytes by a host. This has 64bit resolution. |
EventType: PH_ES_HOT_STORAGE_PURGING_SUCCESS
Description: Succeed purge indices from hot nodes on Elasticsearch Cluster
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
totBytes64 |
Total Bytes64 |
uint64 |
Total number of sent and received bytes by a host. This has 64bit resolution. |
EventType: PH_ES_HOT_STORAGE_USAGE
Description: Disk usage of Elasticsearch Hot Nodes
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
totalDiskMB |
Total Disk MB |
uint32 |
|
|
freeDiskMB |
Free Disk MB |
uint32 |
|
EventType: PH_ES_INDEX_SEGMENT_MERGE_FAILED
Description: Elasticsearch index segment merge failed
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_ES_REST_FAILED
Description: ES REST returns error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_ES_SM_ADD_INDEX_FAILED
Description: Failed to add ShardManager Index
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_ES_SM_HOURCHECK_FAILED
Description: Failed ShardManager hourcheck
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_ES_SM_INIT_FAILED
Description: Failed to init ShardManager
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_ES_SM_INIT_INDEX_FAILED
Description: Failed to init ShardManager Index
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_ES_SNAPSHOT_FAILED
Description: Failed to do snapshot for ES
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_ES_TO_NFS_ARCHIVE_FAILED_ADD_INDEX
Description: ES TO NFS Archive failed to add an index
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_ES_WARM_STORAGE_ARCHIVING_FAILED
Description: Failed to archive indices from warm nodes on Elasticsearch Cluster
Severity: 10 (High)
Event Category: 3 (System Logs)
EventType: PH_ES_WARM_STORAGE_ARCHIVING_FINISHED
Description: Finished archive indices from warm nodes on Elasticsearch Cluster
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
totBytes64 |
Total Bytes64 |
uint64 |
Total number of sent and received bytes by a host. This has 64bit resolution. |
EventType: PH_ES_WARM_STORAGE_ARCHIVING_STARTED
Description: Start archive indices from warm nodes on Elasticsearch Cluster
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
totBytes64 |
Total Bytes64 |
uint64 |
Total number of sent and received bytes by a host. This has 64bit resolution. |
EventType: PH_ES_WARM_STORAGE_ARCHIVING_SUCCESS
Description: Successfully archived indices from warm nodes on Elasticsearch Cluster
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
totBytes64 |
Total Bytes64 |
uint64 |
Total number of sent and received bytes by a host. This has 64bit resolution. |
EventType: PH_ES_WARM_STORAGE_CHECK_ERROR
Description: Failed to get disk usage of Elasticsearch Cluster warm nodes
Severity: 10 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_ES_WARM_STORAGE_LOW
Description: The available storage of warm nodes on Elasticsearch Cluster is low
Severity: 3 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
totalDiskMB |
Total Disk MB |
uint32 |
|
|
freeDiskMB |
Free Disk MB |
uint32 |
|
EventType: PH_ES_WARM_STORAGE_MOVING_FAILED
Description: Failed move indices from Warm to cold nodes on Elasticsearch Cluster
Severity: 10 (High)
Event Category: 3 (System Logs)
EventType: PH_ES_WARM_STORAGE_MOVING_FINISHED
Description: Finished moved indices from Warm to cold nodes on Elasticsearch Cluster
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
totBytes64 |
Total Bytes64 |
uint64 |
Total number of sent and received bytes by a host. This has 64bit resolution. |
EventType: PH_ES_WARM_STORAGE_MOVING_STARTED
Description: Start move indices from Warm to cold nodes on Elasticsearch Cluster
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
totBytes64 |
Total Bytes64 |
uint64 |
Total number of sent and received bytes by a host. This has 64bit resolution. |
EventType: PH_ES_WARM_STORAGE_MOVING_SUCCESS
Description: Succeed moved indices from Warm to cold nodes on Elasticsearch Cluster
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
totBytes64 |
Total Bytes64 |
uint64 |
Total number of sent and received bytes by a host. This has 64bit resolution. |
EventType: PH_ES_WARM_STORAGE_PURGING_FAILED
Description: Failed purge indices from warm nodes on Elasticsearch Cluster
Severity: 10 (High)
Event Category: 3 (System Logs)
EventType: PH_ES_WARM_STORAGE_PURGING_FINISHED
Description: Finished purge indices from warm nodes on Elasticsearch Cluster
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
totBytes64 |
Total Bytes64 |
uint64 |
Total number of sent and received bytes by a host. This has 64bit resolution. |
EventType: PH_ES_WARM_STORAGE_PURGING_STARTED
Description: Start purge indices from warm nodes on Elasticsearch Cluster
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
totBytes64 |
Total Bytes64 |
uint64 |
Total number of sent and received bytes by a host. This has 64bit resolution. |
EventType: PH_ES_WARM_STORAGE_PURGING_SUCCESS
Description: Succeed purge indices from warm nodes on Elasticsearch Cluster
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
totBytes64 |
Total Bytes64 |
uint64 |
Total number of sent and received bytes by a host. This has 64bit resolution. |
EventType: PH_ES_WARM_STORAGE_USAGE
Description: Disk usage of Elasticsearch Warm nodes
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
totalDiskMB |
Total Disk MB |
uint32 |
|
|
freeDiskMB |
Free Disk MB |
uint32 |
|
EventType: PH_EVENT_ATTR_XML_ISSUE
Description: Event attribute xml issue
Severity: 6 (Medium)
Event Category: 3 (System Logs)
EventType: PH_EVENT_FORWARDER_CHECKSUM_MISMATCH
Description: FortiSIEM Event Forwarder module encountered checksum error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
EventType: PH_EVENT_FORWARDER_CONNECT_ERROR
Description: FortiSIEM Event Forwarder failed to connect to forwdarding destination host
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errorNoInt |
Error Number Int |
int32 |
|
EventType: PH_EVENT_FORWARDER_DIR_OPEN_FAILURE
Description: FortiSIEM Event Forwarder failed to open directory
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
dirName |
Directory Name |
string |
|
EventType: PH_EVENT_FORWARDER_FILE_OPEN_FAILURE
Description: FortiSIEM Event Forwarder failed to open file
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
EventType: PH_EVENT_FORWARDER_FILE_RENAME_FAILURE
Description: FortiSIEM Event Forwarder failed to rename file
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
srcFilePath |
Source File Path |
string |
|
|
destFilePath |
Destination File Path |
string |
|
EventType: PH_EVENT_FORWARDER_INIT_FAILURE
Description: FortiSIEM Event Forwarder module initialization failure
Severity: 10 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
funName |
Function Name |
string |
|
EventType: PH_EVENT_FORWARDER_INVALID_GZIP_FILE
Description: FortiSIEM Event Forwarder module encountered invalid gzip file
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
EventType: PH_EVENT_FORWARDER_INVALID_PHOENIX_CONFIG
Description: FortiSIEM Event Forwarder module encountered invalid phoenix_config file
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
module |
Module Name |
string |
|
|
configName |
Config Name |
string |
|
|
configValue |
Config Value |
string |
|
EventType: PH_EVENT_FORWARDER_INVALID_PROTOCOL
Description: FortiSIEM Event Forwarder module encountered invalid forwarding protocol
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_EVENT_FORWARDER_KAFKA_ERROR
Description: FortiSIEM Event Forwarder module encountered Kafka protocol error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
|
actionName |
Notification Action Name |
string |
|
EventType: PH_EVENT_FORWARDER_KAFKA_INIT_FAILURE
Description: FortiSIEM Event Forwarder module initialization failure
Severity: 10 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_EVENT_FORWARDER_KAFKA_PRODUCE_ERROR
Description: FortiSIEM Event Forwarder module encountered error while forwarding via Kafka protocol
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_EVENT_FORWARDER_MKDIR_FAILURE
Description: FortiSIEM Event Forwarder failed to create directory
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
dirName |
Directory Name |
string |
|
EventType: PH_EVENT_FORWARDER_RUN_PROCESS_ERROR
Description: FortiSIEM Event Forwarder failed to run process during execution
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_EVENT_FORWARDER_SOCKET_ERROR
Description: FortiSIEM Event Forwarder failed to create socket
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errorNoInt |
Error Number Int |
int32 |
|
EventType: PH_EVENT_FORWARDER_SOCKET_WRITE_ERROR
Description: FortiSIEM Event Forwarder failed to write to socket
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errorNoInt |
Error Number Int |
int32 |
|
EventType: PH_EVENT_FORWARDER_SSL_CERT_ERROR
Description: FortiSIEM Event Forwarder SSL certification error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_EVENT_FORWARDER_SSL_ERROR
Description: FortiSIEM Event Forwarder Generic SSL error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_EVENT_FWD_CERT_LOAD_FAILED
Description: Event Forwarder module failed to load certification file or key file for TLS based forwarding - forwarding via this method will not occur
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_EVENT_FWD_CERT_UNPAIRED
Description: Event Forwarder module detected unpaired certififcation file or key file - forwarding via this method will not occur
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_EVENT_FWD_DIR_MAKE_FAILED
Description: Event Forwarder module failed to create a directory during initialization
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
dirName |
Directory Name |
string |
|
EventType: PH_EVENT_FWD_DIR_OPEN_FAILED
Description: Event Forwarder module failed to open a directory
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
dirName |
Directory Name |
string |
|
EventType: PH_EVENT_FWD_FILE_RENAME_FAILED
Description: Event Forwarder module failed to rename a file
Severity: 3 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
srcFilePath |
Source File Path |
string |
|
|
destFilePath |
Destination File Path |
string |
|
EventType: PH_EVENT_FWD_FULL_FORWARDING_FAILED
Description: Event Forwarder failed to forward all events in one file to the destination, will retry
Severity: 3 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
destIpAddr |
Destination IP |
IP |
Destination IP of a device as identified in the event. |
|
destIpPort |
Destination TCP/UDP Port |
uint16 |
This is the destination TCP or UDP port as identified in the event |
EventType: PH_EVENT_FWD_GET_FILE_NUM_FAILURE
Description: Event Forwarder module failed to get event file count in /opt/phoenix/cache/parser/fwd
Severity: 5 (Medium)
Event Category: 3 (System Logs)
EventType: PH_EVENT_FWD_GZ_CLOSE_ERROR
Description: Event Forwarder module cannot close gz file stored in /opt/phoenix/cache/parser/fwd - event will not be forwarded
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
EventType: PH_EVENT_FWD_GZ_FILE_OPEN_ERROR
Description: Event Forwarder failed to open event file (gz), or not enough memory to open it
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
EventType: PH_EVENT_FWD_GZ_MD5_ERROR
Description: Event Forwarder module cannot get md5 of event file (gz)
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
EventType: PH_EVENT_FWD_GZ_RENAME_ERROR
Description: Event Forwarder module cannot rename event file (gz)
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_EVENT_FWD_GZ_SIZE_MISMATCH
Description: Event Forwarder found malformed event file (gz) - length mismatch
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
EventType: PH_EVENT_FWD_KAFKA_WARNING
Description: Event Forwarder module failed on event serialization to send via Kafka
Severity: 5 (Medium)
Event Category: 3 (System Logs)
EventType: PH_EVENT_FWD_MD5_CHECKSUM_MISMATCH
Description: Event Forwarder found event file (gz) MD5 checksum
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_EVENT_FWD_NETFLOW_REGEX_IGNORED
Description: Event Forwarder ignores regex filter in forwarding rule for Netflow since Netflow is binary
Severity: 5 (Medium)
Event Category: 3 (System Logs)
EventType: PH_EVENT_FWD_PARTIAL_FORWARDING_FAILED
Description: Event Forwarder failed to forward a subset of events in one file to the destination. Those events will be lost
Severity: 8 (Medium)
Event Category: 3 (System Logs)
EventType: PH_EVENT_FWD_PARTIAL_FORWARDING_WARNING
Description: FortiSIEM Event Forwarder was able to do partial forwarding
Severity: 3 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
destIpAddr |
Destination IP |
IP |
Destination IP of a device as identified in the event. |
|
destIpPort |
Destination TCP/UDP Port |
uint16 |
This is the destination TCP or UDP port as identified in the event |
EventType: PH_EVENT_FWD_PCRE_ERROR
Description: Event Forwarder module failed to Pcre compile - this means the regular expression in the forwarding rule is invalid
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_EVENT_FWD_PROCESS_INIT_FAILED
Description: Event Forwarder failed to initialize this process
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_EVENT_FWD_PROCESS_START_FAILED
Description: Event Forwarder failed to run
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_EVENT_FWD_PROTO_FORWARDED_WRONG
Description: Event Forwarder found incorrect proto in the forwarding rule
Severity: 8 (Medium)
Event Category: 3 (System Logs)
EventType: PH_EVENT_FWD_RENAME_GZ_ERROR
Description: FortiSIEM Event Forwarder failed to rename gz file
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
EventType: PH_EVENT_FWD_RULE_PARSE_ERROR
Description: Event forwarder module failed to parse event forwarding rule
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_EVENT_FWD_SOCKET_CONNECT_FAILED
Description: Event Forwarder failed to connect the destination for TCP based forwarding
Severity: 8 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
exitValue |
Command exit value |
int32 |
|
EventType: PH_EVENT_FWD_SOCKET_GET_FAILED
Description: Event Forwarder failed to get socket for connecting the destination
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
exitValue |
Command exit value |
int32 |
|
EventType: PH_EVENT_FWD_SOCKET_WRITE_FAILED
Description: Event Forwarder failed to write to socket for sending events
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
exitValue |
Command exit value |
int32 |
|
EventType: PH_EVENT_FWD_SSL_CREATE_FAILED
Description: Event Forwarder unable to create new SSL context structure for TLS based fowarding
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_EVENT_FWD_SSL_SESSION_BUILD_FAILED
Description: Event Forwarder unable to build SSL session for TLS based fowarding
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_EVENT_FWD_UNEXPECTED_FILE_REMOVED
Description: Event Forwarder removed unexpected event file (mismatched name format)
Severity: 3 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
EventType: PH_EVENT_PKG_ATTR_NOT_FOUND
Description: Event Packager cannot find Worker name in XML received from App Server
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_EVENT_PKG_EMPTY_FILE_REMOVED
Description: Event Packager found an empty event file - filw will be removed
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
EventType: PH_EVENT_PKG_FILE_ADD_TO_SVN_FAILED
Description: Event Packager failed to add configuration file to svn upload queue
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
EventType: PH_EVENT_PKG_FILE_REMOVED_ERROR
Description: Event Packager failed to remove event file after upload
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
EventType: PH_EVENT_PKG_FILE_RENAME_FAILED
Description: Event Packager failed to rename configuration file after scanning
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
srcFilePath |
Source File Path |
string |
|
|
destFilePath |
Destination File Path |
string |
|
|
exitValue |
Command exit value |
int32 |
|
EventType: PH_EVENT_PKG_FILE_STAT_FAILED
Description: Event Packager failed to stat configuration or event file
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
|
exitValue |
Command exit value |
int32 |
|
EventType: PH_EVENT_PKG_FILE_UPLOAD_FAILED
Description: Event Packager failed to upload event file to Worker or Super; will retry
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
|
serverIpAddr |
Server IP |
IP |
|
EventType: PH_EVENT_PKG_FILE_UPLOAD_SUCCESS_HIGH
Description: Event file upload success is high
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
ratio |
Ratio |
uint64 |
|
EventType: PH_EVENT_PKG_FILE_UPLOAD_SUCCESS_LOW
Description: Event file upload success is low
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
ratio |
Ratio |
uint64 |
|
EventType: PH_EVENT_PKG_GZ_CLOSE_FAILED
Description: Event Packager failed to close event file after writing
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
|
exitValue |
Command exit value |
int32 |
|
EventType: PH_EVENT_PKG_GZ_FILE_OPEN_ERROR
Description: Event Packager failed to open gz file or not enough memory to open it
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
EventType: PH_EVENT_PKG_HTTP_FAILED
Description: Event Packager encountered HTTPS error response code
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
serverIpAddr |
Server IP |
IP |
|
|
errorNo |
Error Number Unsigned |
uint32 |
This is an unsigned integer error number |
EventType: PH_EVENT_PKG_HTTP_INIT_FAILED
Description: Event Packager HTTP client initialization failed
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
serverIpAddr |
Server IP |
IP |
|
EventType: PH_EVENT_PKG_INSERT_TASK_FAILED
Description: Failed to insert task into event file upload queue
Severity: 5 (Medium)
Event Category: 3 (System Logs)
EventType: PH_EVENT_PKG_NO_EVENT
Description: Event Packager did not upload any event in last 10 minutes
Severity: 3 (Low)
Event Category: 3 (System Logs)
EventType: PH_EVENT_PKG_OPEN_DIR_FAILED
Description: Failed to open directory
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
|
errorNoInt |
Error Number Int |
int32 |
|
EventType: PH_EVENT_PKG_PROCESS_INIT_FAILED
Description: Event Packager failed to initialize
Severity: 10 (High)
Event Category: 3 (System Logs)
EventType: PH_EVENT_PKG_PROCESS_START_FAILED
Description: Event Packager failed to run
Severity: 10 (High)
Event Category: 3 (System Logs)
EventType: PH_EVENT_PKG_QUEUE_GET_FAILED
Description: Event Packager failed to get event file from the queue
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
exitValue |
Command exit value |
int32 |
|
EventType: PH_EVENT_PKG_SERVER_LIST_UPLOAD_FAILED
Description: Event Packager failed to get upload server list from App Server
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
serverIpAddr |
Server IP |
IP |
|
EventType: PH_EVENT_PKG_SERVICE_LIST_EMPTY
Description: Empty upload service list
Severity: 5 (Medium)
Event Category: 3 (System Logs)
EventType: PH_EVENT_PKG_TASK_ADD_TO_QUEUE_FAILED
Description: Event Packager failed to add file upload task to queue
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_EVENT_PKG_XML_PARSE_FAILED
Description: Event Packager failed to parse XML from App Server
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_EVTPKGER_FILE_UPLOAD_FAILED
Description: File upload failed
Severity: 6 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
fileName |
File Name |
string |
|
|
destIpAddr |
Destination IP |
IP |
Destination IP of a device as identified in the event. |
EventType: PH_EVT_HANDLER_DBG
Description: Event handler debug message
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_EVT_HANDLER_ERR
Description: Event handler error message
Severity: 6 (Medium)
Event Category: 3 (System Logs)
EventType: PH_EVT_HANDLER_EVT_QUEUE_LARGE
Description: Uploaded event files size large
Severity: 6 (Medium)
Event Category: 3 (System Logs)
EventType: PH_EVT_HANDLER_EVT_QUEUE_WARNING
Description: Worker Input Event Queue large
Severity: 10 (High)
Event Category: 3 (System Logs)
EventType: PH_EVT_HANDLER_INFO
Description: Event handler information
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_EVT_HANDLER_SVN_QUEUE_LARGE
Description: Uploaded SVN files size large
Severity: 6 (Medium)
Event Category: 3 (System Logs)
EventType: PH_EVT_HANDLER_SVN_QUEUE_WARNING
Description: Worker Input Event Queue large
Severity: 10 (High)
Event Category: 3 (System Logs)
EventType: PH_EVT_PACKAGER_COND_WAIT_ERROR
Description: FortiSIEM Event Packager Conditional Wait Error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errorNoInt |
Error Number Int |
int32 |
|
EventType: PH_EVT_PACKAGER_FILE_CLOSE_FAILURE
Description: FortiSIEM Event Packager file close error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
|
errorNoInt |
Error Number Int |
int32 |
|
EventType: PH_EVT_PACKAGER_FILE_OPEN_FAILURE
Description: FortiSIEM Event Packager file open error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
EventType: PH_EVT_PACKAGER_FILE_REMOVE_FAILURE
Description: FortiSIEM Event Packager file remove error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
|
errorNoInt |
Error Number Int |
int32 |
|
EventType: PH_EVT_PACKAGER_FILE_RENAME_FAILURE
Description: FortiSIEM Event Packager file rename error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errorNoInt |
Error Number Int |
int32 |
|
|
srcFilePath |
Source File Path |
string |
|
|
destFilePath |
Destination File Path |
string |
|
EventType: PH_EVT_PACKAGER_FILE_STAT_FAILURE
Description: FortiSIEM Event Packager file stat error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
|
errorNoInt |
Error Number Int |
int32 |
|
EventType: PH_EVT_PACKAGER_FILE_UPLOAD_FAILURE
Description: FortiSIEM Event Packager file upload failure
Severity: 3 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
|
errorNoInt |
Error Number Int |
int32 |
|
|
destName |
Destination Host Name |
string |
Destination device's hostname as identified in the log, can also be enriched using reverse lookup of the destination IP address. |
EventType: PH_EVT_PACKAGER_HTTP_RESPONSE_ERROR
Description: FortiSIEM Event Packager http response error from App Server
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errorNoInt |
Error Number Int |
int32 |
|
EventType: PH_EVT_PACKAGER_INIT_FAILURE
Description: FortiSIEM Event Packager module initialization error
Severity: 10 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
funName |
Function Name |
string |
|
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_EVT_PACKAGER_REST_PARSE_ERROR
Description: FortiSIEM Event Packager module failed to parse REST output
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_EVT_PACKAGER_RUN_PROCESS_ERROR
Description: FortiSIEM Event Packager module encountered error to run process
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_FAILED_TO_EXEC
Description: Failed to execute specified command
Severity: 6 (Medium)
Event Category: 3 (System Logs)
EventType: PH_FILE_NOT_FOUND
Description: Can not find the specified file
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_GENERIC_CRITICAL
Description: PH system generic critical message
Severity: 9 (High)
Event Category: 3 (System Logs)
EventType: PH_GENERIC_DEBUG
Description: PH system generic debug message
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_GENERIC_ERROR
Description: PH system generic error
Severity: 6 (Medium)
Event Category: 3 (System Logs)
EventType: PH_GENERIC_INFO
Description: PH system generic info
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_GENERIC_WARNING
Description: PH system generic warning
Severity: 5 (Medium)
Event Category: 3 (System Logs)
EventType: PH_GET_CURL_HANDLE_FAILED
Description: FortiSIEM HTTP Client failed to get handle
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_GET_SUPER_LEADER_FAILURE
Description: Failed to get super leader IP
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_GRPC_CERT_CREATE_SUCCESS
Description: Create gRPC certificate files
Severity: 3 (Low)
Event Category: 3 (System Logs)
EventType: PH_GRPC_CERT_ERROR
Description: 700-Grpc: Grpc cert error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_GRPC_CERT_LOADED_FAILED
Description: Failed to load certs file
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_GRPC_CERT_UPDATE_FAILED
Description: Failed to update gRPC certificate file
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
fileName |
File Name |
string |
|
EventType: PH_GRPC_CERT_UPDATE_SUCCESS
Description: Updated gRPC certificate file
Severity: 3 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
fileName |
File Name |
string |
|
EventType: PH_GRPC_FORTMAT_JSON_FAILED
Description: Failed to format Json response
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_GRPC_TASK_DATA_EMPTY
Description: GRPC task is empty
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_HDFS_ARCHIVE_STORAGE_LOW
Description: The available storage of HDFS Archive database is low
Severity: 3 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
totalDiskMB |
Total Disk MB |
uint32 |
|
|
freeDiskMB |
Free Disk MB |
uint32 |
|
EventType: PH_HDFS_ARCHIVE_STORAGE_USAGE
Description: Storage usage of HDFS Archive database
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
totalDiskMB |
Total Disk MB |
uint32 |
|
|
freeDiskMB |
Free Disk MB |
uint32 |
|
EventType: PH_HDFS_PURGING_FAILED
Description: Failed purging from HDFS Archive database
Severity: 10 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_HDFS_PURGING_FINISHED
Description: Finished purging from HDFS Archive database - triggered by low space
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
totBytes64 |
Total Bytes64 |
uint64 |
Total number of sent and received bytes by a host. This has 64bit resolution. |
EventType: PH_HDFS_PURGING_STARTED
Description: Started purging from HDFS Archive database - triggered by low space
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
totBytes64 |
Total Bytes64 |
uint64 |
Total number of sent and received bytes by a host. This has 64bit resolution. |
EventType: PH_HDFS_PURGING_SUCCESS
Description: Successfully purged from HDFS Archive database - triggered by low space
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
totBytes64 |
Total Bytes64 |
uint64 |
Total number of sent and received bytes by a host. This has 64bit resolution. |
EventType: PH_HTTP_CLIENT_COMPRESS_FAILED
Description: FortiSIEM HTTP Client failed to compress payload
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_HTTP_CLIENT_CURL_ERROR
Description: FortiSIEM HTTP Client failed with curl error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
infoURL |
Informational URL |
string |
This field captures an URL if present in an event |
EventType: PH_HTTP_CLIENT_GET_CACHE_FROM_MONITOR_FAILED
Description: FortiSIEM HTTP Client failed to get cache
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_HTTP_CLIENT_GET_DATA_FROM_CACHE_FAILED
Description: FortiSIEM HTTP Client failed to get data from cache
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_HTTP_CLIENT_GET_INIT_RESPONSE_FAILED
Description: FortiSIEM HTTP Client failed to get initialization response
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
infoURL |
Informational URL |
string |
This field captures an URL if present in an event |
|
errorNoInt |
Error Number Int |
int32 |
|
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_HTTP_CLIENT_GET_INIT_RESPONSE_WARNING
Description: FortiSIEM HTTP Client encountered error getting initialization response
Severity: 3 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
infoURL |
Informational URL |
string |
This field captures an URL if present in an event |
|
errorNoInt |
Error Number Int |
int32 |
|
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_HTTP_CLIENT_GET_RESPONSE_WARNING
Description: FortiSIEM HTTP Client encountered error getting response
Severity: 3 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
infoURL |
Informational URL |
string |
This field captures an URL if present in an event |
EventType: PH_HTTP_CLIENT_HOST_IS_NULL
Description: FortiSIEM HTTP Client host is null error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_HTTP_CLIENT_INIT_FAILURE
Description: FortiSIEM HTTP Client initialization failure
Severity: 10 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
serverIpAddr |
Server IP |
IP |
|
EventType: PH_HTTP_CLIENT_INIT_WARNING
Description: FortiSIEM HTTP Client initialization warning
Severity: 3 (Low)
Event Category: 3 (System Logs)
EventType: PH_HTTP_CLIENT_INVALID_FILE_SIZE
Description: FortiSIEM HTTP Client encoutered invalid file size
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_HTTP_CLIENT_MKSTEMP_FAILED
Description: FortiSIEM HTTP Client failed to mkstemp
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
fileName |
File Name |
string |
|
EventType: PH_HTTP_CLIENT_NO_FILE_PARAM
Description: FortiSIEM HTTP Client missing file paarameter
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_HTTP_CLIENT_PICK_SUPER_FAILED
Description: FortiSIEM HTTP Client failed to pick super
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_HTTP_CLIENT_PREP_REQUEST_ERROR
Description: FortiSIEM HTTP Client Prep Request error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_HTTP_CLIENT_PUT_REDIRECT_FAILURE
Description: FortiSIEM HTTP Client PUT Redirect error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_HTTP_CLIENT_SETOPT_FAILED
Description: FortiSIEM HTTP Client setopt call failed
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errorNoInt |
Error Number Int |
int32 |
|
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_HTTP_CLIENT_SET_HOST_WARNING
Description: FortiSIEM HTTP Client set host call failed
Severity: 3 (Low)
Event Category: 3 (System Logs)
EventType: PH_HTTP_CLIENT_UPLOAD_FILE_FAILED
Description: FortiSIEM HTTP Client file upload failed
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
serverIpAddr |
Server IP |
IP |
|
|
infoURL |
Informational URL |
string |
This field captures an URL if present in an event |
|
httpStatusCode |
HTTP Status |
string |
|
|
errorNoInt |
Error Number Int |
int32 |
|
EventType: PH_HTTP_CLIENT_WRITE_CACHE_NULL
Description: FortiSIEM HTTP Client cache write error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_HTTP_INIT_FAILURE
Description: Http client initialization failure
Severity: 6 (Medium)
Event Category: 3 (System Logs)
EventType: PH_HTTP_RESPONSE_FAILURE
Description: HTTP response code failure
Severity: 3 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errorNo |
Error Number Unsigned |
uint32 |
This is an unsigned integer error number |
EventType: PH_IDENTITYMASTER_HTTP_UPLOAD_ERROR
Description: Identity Master failed to upload identity location information to App server
Severity: 10 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errorNo |
Error Number Unsigned |
uint32 |
This is an unsigned integer error number |
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_IDENTITYMASTER_INIT_ERROR
Description: Identity Master initialization error
Severity: 10 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_IDENTITYWORKER_ATTRIB_ERROR
Description: Identity Worker found invalid event attribute in identyDef.xml
Severity: 9 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_IDENTITYWORKER_EVT_LOAD_ERROR
Description: Identity Worker failed to load event from shared store
Severity: 10 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_IDENTITYWORKER_EVT_SEND_ERROR
Description: Identity Worker failed to send event to Identity Master
Severity: 10 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
|
sentBytes64 |
Sent Bytes64 |
uint64 |
Number of bytes sent by a host. This has 64bit resolution. |
EventType: PH_IDENTITYWORKER_INIT_ERROR
Description: Identity Worker initialization error
Severity: 10 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_IDENTITYWORKER_PARAM_ERROR
Description: Identity Worker configuration parameter undefined in phoenix_config.txt
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_IDENTITYWORKER_PROCESSING_EPS
Description: IP Identity Worker EPS statistics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
eventsPerSec |
Event Rate |
double |
A generic attribute for recording event ingestion or handling rate. |
EventType: PH_IDENTITYWORKER_SS_OBTAIN_ERROR
Description: Identity Worker failed to create shared store
Severity: 10 (High)
Event Category: 3 (System Logs)
EventType: PH_INCIDENT_ACTION_STATUS
Description: Record action result for incident notification
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
scriptOutput |
Script Output |
string |
|
EventType: PH_INVALID_IP_ADDR
Description: FortiSIEM backend module detected invalid IP address
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_INVALID_PARAM
Description: Invaid Parameter
Severity: 6 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
paraName |
Param Name |
string |
|
EventType: PH_INVALID_PARAM_CNT
Description: Invaid number of parameter
Severity: 6 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
count |
Count |
uint32 |
A general count variable. A common use case is for incidents. Count represents how many times an Incident occurred in a time interval. When an Incident with the same group by parameters occurs again. The count is incremented and the Last Seen time is advanced. Count can be used for other events also. |
EventType: PH_INVALID_PARAM_VAL_EMPTY
Description: Invalid empty parameter value
Severity: 6 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
paraName |
Param Name |
string |
|
EventType: PH_JAVA_AGENT_APPSERVER_CONN_ERROR
Description: FSM FSM Java Agent failed to connect to App Server
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_JAVA_AGENT_APPSERVER_EXECUTE_ERROR
Description: FSM FSM Java Agent app server JMX Pull SQL Error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_JAVA_AGENT_CONTROLLER_CMD_PARSE_ERROR
Description: FSM Java Agent parse file failed
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_JAVA_AGENT_CONTROLLER_CMD_READ_ERROR
Description: FSM Java Agent control channel problem, exiting ...
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_JAVA_AGENT_CONTROLLER_GENERIC_ERROR
Description: FSM Java Agent parse file failed
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_JAVA_AGENT_CONTROLLER_LINE_READ_ERROR
Description: FSM Java Agent hit exception while reading line type
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_JAVA_AGENT_CONTROLLER_XML_READ_ERROR
Description: FSM Java Agent hit exception while reading command XML from App Server
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_JAVA_AGENT_CUSTOM_JDBC_CONN_ERROR
Description: FSM Java Agent failed to execute custom JDBC monitoring job - connection error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_JAVA_AGENT_CUSTOM_JDBC_EXEC_ERROR
Description: FSM Java Agent failed to execute custom JDBC monitoring job - execution error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_JAVA_AGENT_DISCOVERY_TEST_ERROR
Description: FSM Java Agent failed to connect to Snort database for testing
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_JAVA_AGENT_ERROR
Description: PH java agent generic error
Severity: 6 (Medium)
Event Category: 3 (System Logs)
EventType: PH_JAVA_AGENT_GLASSFISH_MONITOR_ERROR
Description: FSM Java Agent GlassFish monitoring failure
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_JAVA_AGENT_GLASS_FISH_WARNING
Description: FSM Java Agent GlassFish monitoring warning
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_JAVA_AGENT_GOOGLEAPPS_EXEC_ERROR
Description: FSM Java Agent Google Apps Monitor Exception
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_JAVA_AGENT_IBMDB2_AUDIT_CONN_ERROR
Description: FSM Java Agent IBM DB2 connection error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_JAVA_AGENT_IBMDB2_AUDIT_EXEC_ERROR
Description: FSM Java Agent IBM DB2 audit error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_JAVA_AGENT_IBM_DB2_CAT_READ_ERROR
Description: FSM Java Agent IBM loading error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_JAVA_AGENT_IBM_DB2_CONN_ERROR
Description: FSM Java Agent failed to connect to IBM DB2 for collecting audit logs
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_JAVA_AGENT_IBM_DB2_INTERNAL_ERROR
Description: FSM Java Agent IBM Sleep Interrupted error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_JAVA_AGENT_INFO
Description: PH java agent generic info
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_JAVA_AGENT_JBOSS_CONN_ERROR
Description: FSM Java Agent app server connection error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_JAVA_AGENT_JBOSS_EXEC_ERROR
Description: FSM Java Agent app server connection error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_JAVA_AGENT_JBOSS_MONITOR_ERROR
Description: Fail to monitor Jboss
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_JAVA_AGENT_JDBC_PULL_UNSUPP_ERROR
Description: No connection for job when pulling JDBC
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_JAVA_AGENT_JDBC_SQL_NOT_SUPPORT_ERROR
Description: FSM Java Agent cannot support such a SQL
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_JAVA_AGENT_JMX_CONN_ERROR
Description: FSM Java Agent jmx JDBC error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_JAVA_AGENT_JMX_EXEC_ERROR
Description: FSM Java Agent JMX monitor error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_JAVA_AGENT_JOB_EXECUTOR_ERROR
Description: Exception in AgentJobExecutor.run error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_JAVA_AGENT_JOB_STATUS_UPLOAD_ERROR
Description: Failed to upload job status xml
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_JAVA_AGENT_JOB_TYPE_ERROR
Description: AgentUtils createAndInitAgent serverType is not defined
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_JAVA_AGENT_JOB_XML_LOAD_ERROR
Description: Exception caught while parsing JobXml
Severity: 7 (Medium)
Event Category: 3 (System Logs)