Fortinet white logo
Fortinet white logo

Event Collection and Forwarding Logs

Event Collection and Forwarding Logs

This section provides logs related to event collection and forwarding via syslog, WMI/OMI and other collection methods



EventType: PH_AGENTMGR_ACI_ATTR_NOT_FOUND

Description: Agent Manager Cisco ACI monitoring module cannot find specific attribute

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_ACI_CURL_HANDLE_GET_FAILED

Description: Agent Manager Cisco ACI monitoring module unable to get curl handle

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_ACI_FILE_WRITE_ERROR

Description: Agent Manager Cisco ACI monitoring module unable to write timestamp file

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string



EventType: PH_AGENTMGR_ACI_JSON_PARSE_FAILED

Description: Agent Manager Cisco ACI monitoring module failed to parse JSON

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_ACI_SERVER_EMPTY

Description: Agent Manager Cisco ACI monitoring module found server is empty

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_ACI_TOKEN_GET_FAILED

Description: Agent Manager Cisco ACI monitoring module cannot get login token

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_ALERTLOGIC_CURL_HANDLE_GET_FAILED

Description: Agent Manager Alert Logic log parsing module unable to get curl handle

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_ALERTLOGIC_FILE_LOAD_ERROR

Description: Agent Manager Alert Logic log parsing module failed to load file

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string



EventType: PH_AGENTMGR_ALERTLOGIC_FILE_READ_ERROR

Description: Agent Manager Alert Logic log parsing module found wrong format in file

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string



EventType: PH_AGENTMGR_ALERTLOGIC_FILE_WRITE_ERROR

Description: Agent Manager Alert Logic log parsing module unable to write timestamp file

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string



EventType: PH_AGENTMGR_ALERTLOGIC_INVALID_DATA

Description: Agent Manager Alert Logic log parsing module found invalid data format

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_ALERTLOGIC_INVALID_PATH

Description: Agent Manager Alert Logic log parsing module found invalid incident path

Severity: 3 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string



EventType: PH_AGENTMGR_ALERTLOGIC_QUERY_INTERVAL_TOO_LONG

Description: Agent Manager Alert Logic log parsing module found query interval is larger, it will be narrowed in one week

Severity: 3 (Low)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_ALERTLOGIC_SERVER_EMPTY

Description: Agent Manager Alert Logic log parsing module found server is empty

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_AMPCLOUD_CURL_CONNECT_FAILED

Description: Agent Manager AMP Cloud log parsing module unable to connect server

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

infoURL

Informational URL

string

This field captures an URL if present in an event

httpStatusCode

HTTP Status

string



EventType: PH_AGENTMGR_AMPCLOUD_CURL_HANDLE_GET_FAILED

Description: Agent Manager AMP Cloud log parsing module unable to get curl handle

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_AMPCLOUD_FILE_LOAD_ERROR

Description: Agent Manager AMP Cloud log parsing module failed to load file

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string



EventType: PH_AGENTMGR_AMPCLOUD_FILE_READ_ERROR

Description: Agent Manager AMP Cloud log parsing module found wrong format in file

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string



EventType: PH_AGENTMGR_AMPCLOUD_INVALID_DATA

Description: Agent Manager AMP Cloud log parsing module found Invalid data format

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_AMPCLOUD_JSON_PARSE_FAILED

Description: Agent Manager AMP Cloud log parsing module failed to parse JSON

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errReason

Reason for Error

string

This is the reason for an error if given.



EventType: PH_AGENTMGR_AMPCLOUD_NO_DEFINE_SEVERITY

Description: Agent Manager AMP Cloud log parsing module found event severity is not defined

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_AMPCLOUD_SERVER_EMPTY

Description: Agent Manager AMP Cloud log parsing module found server is empty

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_API_PERMISSION_MISSING

Description: There is no permission

Severity: 5 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_AGENTMGR_AWSFLOWLOG_EVENT_PULL_FAILED

Description: Agent Manager AWS module failed to get AWS Flow log after 5 tries

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_AGENTMGR_AWSFLOWLOG_FILE_WRITE_ERROR

Description: Agent Manager AWS Flow log handling module unable to write timestamp file

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string



EventType: PH_AGENTMGR_AWSFLOWLOG_LOG_FORMAT_WRONG

Description: Agent Manager AWS Flow log handling module encountered wrong log format

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_AWSKINESIS_CONSUMER_START_FAILED

Description: Failed to start Kinesis consumer process

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_AGENTMGR_AWS_CACHE_FILE_ERROR

Description: Agent Manager AWS Cache file is not available

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_AWS_DELETE_OJECTKEY_FAILED

Description: Failed to delete object key from SQS

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_AGENTMGR_AWS_DOWNLOAD_OJECT_FAILED

Description: Failed to download object from bucket

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_AGENTMGR_AWS_EVT_DOWNLOAD_FAILED

Description: Agent Manager AWS module failed to download event by do_system failed

Severity: 3 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

command

Command

string



EventType: PH_AGENTMGR_AWS_EVT_SEND_FAILED

Description: Agent Manager AWS module failed to send cloudtrail event to phParser after 5 tries

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_AWS_GET_OJECTKEY_FAILED

Description: Agent Manager AWS agent failed to get object key from SQS

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_AGENTMGR_AWS_GZ_FILE_OPEN_ERROR

Description: Agent Manager AWS module gailed to open gz file, or not enough memory to open it

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string



EventType: PH_AGENTMGR_AWS_JSON_PARSE_FAILED

Description: Agent Manager AWS module failed to parse JSON

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_AWS_SQSURL_FORMAT_ERROR

Description: Agent Manager AWS Sqs Url format is wrong

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_BOX_API_CALL_FAILED

Description: Agent Manager BOX module failed to call BOX API

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_BOX_ATTR_NOT_FOUND

Description: Agent Manager BOX module cannot find attribute

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_BOX_EVENT_PULL_FAILED

Description: Agent Manager BOX module failed to pull BOX log

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

accountName

Account Name

string

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_AGENTMGR_BOX_FILE_ID_EMPTY

Description: Agent Manager BOX module found empty file ID

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_BOX_FILE_LIMIT_EXCEED

Description: Agent Manager BOX module found that the number of monitoring file exceeded limit

Severity: 3 (Low)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_BOX_FILE_NOT_MONITORED_ERROR

Description: Agent Manager BOX module found that the file is not monitored before

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string



EventType: PH_AGENTMGR_BOX_FILE_PATH_PARSE_FAILED

Description: Agent Manager BOX module could not parse file path

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string



EventType: PH_AGENTMGR_BOX_FILE_TYPE_WRONG

Description: Agent Manager BOX module found wrong file type

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

fileType

File Type

string



EventType: PH_AGENTMGR_BOX_FOLDER_TYPE_WRONG

Description: Agent Manager BOX module found wrong folder type

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_BOX_HTTP_NO_RESPONSE

Description: Agent Manager BOX module did not find response from App Server Server

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

serverName

Server Name

string



EventType: PH_AGENTMGR_BOX_JSON_PARSE_FAILED

Description: Agent Manager BOX module failed to parse JSON

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_BOX_RESPONSE_NO_SPECIAL_ATTRIBUTE

Description: Agent Manager BOX module response doesn't have special node

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_BOX_TIME_CONVERT_FAILED

Description: Agent Manager BOX module could not convert time

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

exitValue

Command exit value

int32



EventType: PH_AGENTMGR_BOX_XML_PARSE_FAILED

Description: Agent Manager BOX module failed to parse XML from App Server

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_CISCOAMP_CONSUMER_START_FAILED

Description: Failed to start Cisco AMP consumer process

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_AGENTMGR_CLOUDPASSAGE_API_CALL_FAILED

Description: CloudPassage Halo REST API call api failed

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_AGENTMGR_CLOUDPASSAGE_FILE_WRITE_ERROR

Description: Unable to write timestamp file

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string



EventType: PH_AGENTMGR_CLOUDPASSAGE_GET_EVENT_FAILED

Description: Failed to get event from CloudPassage API

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_AGENTMGR_CLOUDPASSAGE_JSON_EMPTY

Description: JSON is empty

Severity: 3 (Low)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_CLOUDPASSAGE_JSON_PARSE_FAILED

Description: Failed to parse JSON

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_CLOUDPASSAGE_TOKEN_EMPTY

Description: Token is empty

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_AGENTMGR_CLOUDTRAIL_FILE_READ_FAILED

Description: Agent Manager AWS CloudTrail module encountered error while reading Cloudtrail queue cache file

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string



EventType: PH_AGENTMGR_CONFIG_ERROR

Description: Agent Manager own configuration error

Severity: 3 (Low)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_CONFIG_VERSION_SEND_FAILED

Description: Agent Manager failed to send config version to App Server

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorNo

Error Number Unsigned

uint32

This is an unsigned integer error number



EventType: PH_AGENTMGR_CONFIG_WARNING

Description: FortiSIEM Agent Manager configuration warning

Severity: 5 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errReason

Reason for Error

string

This is the reason for an error if given.



EventType: PH_AGENTMGR_CREDENTIAL_GET_FAILED

Description: Agent Manager failed to get credentials

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

jobName

Job Name

string

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_AGENTMGR_CROWDSTRIKE_GET_DATAFEED_URL_FAILED

Description: Failed to get crowdstrike datafeed url

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_AGENTMGR_CUST_RESULT_UPLOAD_FAILED

Description: Agent Manager failed to upload test custom performance monitor result xml to App Server

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_DIR_CREATE_FAILED

Description: Could not create dir

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

dirName

Directory Name

string



EventType: PH_AGENTMGR_EVENT_PULL_FAILED

Description: Agent Manager Rapid7 InsightVM pulling engine failed to pull log

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

accountName

Account Name

string

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_AGENTMGR_FALCONDATAREP_SCRIPT_FAILED

Description: Failed to run Falcon Data Replicator script

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_AGENTMGR_FILE_PARSE_ERROR

Description: Agent Manager/module failed to parse file

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string



EventType: PH_AGENTMGR_FILE_WRITE_ERROR

Description: Agent Manager Rapid7 InsightVM pulling engine failed to write file

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string



EventType: PH_AGENTMGR_FIREAMP_CERT_DOWNLOAD_FAILED

Description: Agent Manager/FireAMP Module cannot download certificate file

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string



EventType: PH_AGENTMGR_FIREAMP_DATA_FORMAT_SET_FAILED

Description: Agent Manager/FireAMP Module encountered missing event mapping configuration

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_FIREAMP_EVENT_PULL_FAILED

Description: Agent Manager/FireAMP Module failed to pull log from server!

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

serverName

Server Name

string

exitValue

Command exit value

int32



EventType: PH_AGENTMGR_FIREAMP_EVT_TYPE_LOAD_FAILED

Description: Agent Manager/FireAMP Module encountered empty event mapping configuration

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string



EventType: PH_AGENTMGR_FIREAMP_FILE_LOAD_ERROR

Description: Agent Manager/FireAMP Module failed to load file

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string



EventType: PH_AGENTMGR_FIREAMP_FILE_OPEN_ERROR

Description: Agent Manager/FireAMP Module failed to open file

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string

exitValue

Command exit value

int32



EventType: PH_AGENTMGR_FIREAMP_INVALID_DATA

Description: Agent Manager/FireAMP Module found invalid response data

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_FIREAMP_NEW_AGENT_FAILED

Description: Agent Manager/FireAMP Module - new agent failed

Severity: 3 (Low)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_FIREAMP_NO_ATTR

Description: No configuration event attribute

Severity: 3 (Low)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_FIREAMP_NO_PROTOCOL

Description: Can't find protocol number from IANA table

Severity: 3 (Low)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_FORTICASB_GET_SERVICE_ALERT_ERROR

Description: Failed to get sevices alerts

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

serviceName

Service Name

string



EventType: PH_AGENTMGR_FORTICASB_GET_SERVICE_ERROR

Description: Failed to get sevices

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

unitId

Unit Id

string



EventType: PH_AGENTMGR_FORTINDR_GET_API_CALL_FAILED

Description: FortiNDR cloud integration failed to call API URI

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

msg

Message

string

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_AGENTMGR_FORTINDR_GET_API_CALL_NEXT_PAGE

Description: FortiNDR paginated api call being made

Severity: 4 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

msg

Message

string



EventType: PH_AGENTMGR_FORTINDR_GET_API_CALL_NO_RESULTS

Description: API call to FortiNDR api returned no results, this is normal if no results in defined time interval

Severity: 4 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

msg

Message

string



EventType: PH_AGENTMGR_FORTINDR_GET_API_CALL_RESULTS

Description: FortiNDR cloud integration called API URI successfully

Severity: 4 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

msg

Message

string



EventType: PH_AGENTMGR_FORTINDR_GET_BUCKET_KEY

Description: FortiNDR integration is processing an s3 bucket key

Severity: 4 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

bucketName

Bucket Name

string

userKey

User Key

string

categoryType

Category Type

string



EventType: PH_AGENTMGR_FORTINDR_GET_BUCKET_OBJ

Description: FortiNDR integration is downloading an object from s3 bucket

Severity: 4 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

bucketName

Bucket Name

string

userKey

User Key

string

categoryType

Category Type

string



EventType: PH_AGENTMGR_GET_SCAN_RESULTS_FAILED

Description: Failed to get the scan result

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_AGENTMGR_GITHUB_API_CALL_FAILED

Description: Agent Manager/GitHub module failed to call Github API

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_AGENTMGR_GITHUB_CREDENTIAL_GET_FAILED

Description: Agent Manager/GitHub module failed to get credential from App server

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

serverName

Server Name

string



EventType: PH_AGENTMGR_GITHUB_EVENT_PULL_FAILED

Description: Agent Manager/GitHub module failed to pull log

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

accountName

Account Name

string

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_AGENTMGR_GITHUB_FILE_OPEN_ERROR

Description: Agent Manager/GitHub module failed to open file

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string



EventType: PH_AGENTMGR_GITHUB_JSON_PARSE_FAILED

Description: Agent Manager/GitHub module failed to parse JSON response from GitHub server

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_GITHUB_TIME_CONVERT_FAILED

Description: Agent Manager/GitHub module failed to convert time in JSON response from GitHub server

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_GIT_CLONE_REPO_FAILED

Description: Failed to git clone by do_system

Severity: 3 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

command

Command

string



EventType: PH_AGENTMGR_GIT_HANDLE_ERR_FILE_FAILED

Description: Failed to handle error file

Severity: 3 (Low)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_GIT_PULL_EVT_FAILED

Description: Failed to get git log by do_system

Severity: 3 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

command

Command

string



EventType: PH_AGENTMGR_GIT_SAVE_COMMITID_FAILED

Description: Failed to save CommitId of repository

Severity: 3 (Low)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_GZ_FILE_OPEN_ERROR

Description: Failed to open gz file

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_AGENTMGR_INIT_AGENT

Description: Initialize agent

Severity: 1 (Low)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_INIT_CACHE_FILE_FAILED

Description: FortiSIEM Agent Manager failed to initialize cache

Severity: 5 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

jobName

Job Name

string



EventType: PH_AGENTMGR_INIT_NO_CRED

Description: Agent Manager/Cisco IPS log pulling module failed to initialize due to missing credentials

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

jobName

Job Name

string



EventType: PH_AGENTMGR_INVALID_MGR

Description: Invalid Agent Manager

Severity: 5 (Medium)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_IPS_AUTH_FAILED

Description: Agent Manager/Cisco IPS log pulling module found wrong user name, password for logging to IPS appliance

Severity: 3 (Low)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_IPS_EVENT_PULL_FAILED

Description: Agent Manager/Cisco IPS log pulling module failed to pull Cisco IPS log from server

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

serverName

Server Name

string

errorNo

Error Number Unsigned

uint32

This is an unsigned integer error number



EventType: PH_AGENTMGR_IPS_FILE_OPEN_ERROR

Description: Agent Manager/Cisco IPS log pulling module failed to open file

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string



EventType: PH_AGENTMGR_IPS_OBTAIN_SUBSCRIPTION_FAILED

Description: Agent Manager/Cisco IPS log pulling module failed to obtain subscription id

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_AGENTMGR_IPS_SET_SSL_FAILED

Description: SSL setting doesn't work

Severity: 5 (Medium)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_JAVA_AGENT_PIPE_WRITE_FAILED

Description: Failed to write to java agent pipe

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

exitValue

Command exit value

int32



EventType: PH_AGENTMGR_JAVA_AGENT_START_FAILED

Description: Agent Manager failed to start Java agent, will retry

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_JAVA_AGENT_TYPE_UNKNOWN

Description: Agent Manager encountered unknown java agent job type

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_JAVA_AGENT_USER_MISSING

Description: FortiSIEM Agent Manager found user name missing in java Agent configuration

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

hostIpAddr

Host IP

IP

This is the IP of the device of interest in the event.



EventType: PH_AGENTMGR_JAVA_AGENT_ZOMBIE

Description: Agent Manager found Java Agent is in zombie state

Severity: 10 (High)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_JAVA_CMD_SEND_FAILED

Description: Agent Manager failed to send commands to java agent, need to be killed

Severity: 10 (High)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_JAVA_FORK_FAILED

Description: Agent Manager failed to fork Java Agent

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

exitValue

Command exit value

int32



EventType: PH_AGENTMGR_JAVA_INCOMPLETE_DEV_INFO

Description: Agent Manager found incomplete device info for Java Agent

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_JAVA_NO_DEV_TYPE_FOR_JDBC

Description: Agent Manager encountered missing device type for Java Agent JDBC monitoring

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

serverIpAddr

Server IP

IP



EventType: PH_AGENTMGR_JAVA_NO_STATUS_FILE

Description: Agent Manager missing status file

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string



EventType: PH_AGENTMGR_JAVA_PIPE_FAILED

Description: Agent Manager failed to Pipe command for Java Agent

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

exitValue

Command exit value

int32



EventType: PH_AGENTMGR_JAVA_PROCESS_STATE_GET_FAILED

Description: Agent Manager failed to get Java Agent process state

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string



EventType: PH_AGENTMGR_JAVA_SIGKILL_SEND_FAILED

Description: Agent Manager failed to send SIGKILL to java agent

Severity: 10 (High)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

exitValue

Command exit value

int32



EventType: PH_AGENTMGR_JAVA_UNSUPPORT_DEV_TYPE_FOR_JDBC

Description: Agent Manager encountered unsupported device type for Java Agent JDBC monitoring

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

serverIpAddr

Server IP

IP



EventType: PH_AGENTMGR_JAVA_USER_PWD_GET_FAILED

Description: Agent Manager failed to get user name and password

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_AGENTMGR_JSON_PARSE_FAILED

Description: Agent Manager Rapid7 InsightVM monitoring module failed to parse JSON

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_KAFKA_CONSUME_LOG_FAILED

Description: Agent Manager / Kafka Consumer failed to pull log

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_AGENTMGR_KAFKA_CREATE_CONSUMER

Description: phKafkaConsumer creates a consumer handle successfully

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

groupName

Group Name

string

user

User

string

topicName

Topic Name

string

Kafka Topic Name



EventType: PH_AGENTMGR_KAFKA_CREATE_CONSUMER_FAILED

Description: Agent Manager / Kafka Consumer failed to create consumer

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_AGENTMGR_KAFKA_CREATE_PRODUCER_FAILED

Description: Agent Manager / Kafka Consumer failed to create producer

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_AGENTMGR_KAFKA_CREATE_TOPIC_FAILED

Description: Agent Manager / Kafka Consumer failed to create topic

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

topicName

Topic Name

string

Kafka Topic Name

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_AGENTMGR_KAFKA_ERROR

Description: Agent Manager / Kafka Consumer encountered occur

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorString

Error String

string

This is the error message, synonymous to attribute errReason

count

Count

uint32

A general count variable. A common use case is for incidents. Count represents how many times an Incident occurred in a time interval. When an Incident with the same group by parameters occurs again. The count is incremented and the Last Seen time is advanced. Count can be used for other events also.



EventType: PH_AGENTMGR_KAFKA_METADATA_FAILED

Description: Agent Manager / Kafka Consume failed to metadata

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_AGENTMGR_KAFKA_PRODUCER_ERROR

Description: Agent Manager / Kafka Consumer encountered error occurred in Kafka producer

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorString

Error String

string

This is the error message, synonymous to attribute errReason

count

Count

uint32

A general count variable. A common use case is for incidents. Count represents how many times an Incident occurred in a time interval. When an Incident with the same group by parameters occurs again. The count is incremented and the Last Seen time is advanced. Count can be used for other events also.



EventType: PH_AGENTMGR_KAFKA_PULL_JOB_FAILED

Description: Agent Manager / Kafka Consumer failed to Consume log

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_KAFKA_REBALANCE

Description: Kafka rebalanceCb

Severity: 1 (Low)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_KAFKA_RELEASE_CONSUMER

Description: phKafkaConsumer releases a consumer handle

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

groupName

Group Name

string

user

User

string

topicName

Topic Name

string

Kafka Topic Name



EventType: PH_AGENTMGR_KAFKA_START_FAILED

Description: Agent Manager / Kafka Consumer failed to start

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_AGENTMGR_KAFKA_SUBSCRIBE_FAILED

Description: Agent Manager / Kafka Consumer failed to subscribe topic

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

topicName

Topic Name

string

Kafka Topic Name

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_AGENTMGR_KAFKA_UPDATE_CONFIG_FAILED

Description: Agent Manager / Kafka Consumer failed to update attribute in config

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_AGENTMGR_KAFKA_UPDATE_ERROR

Description: Agent Manager / Kafka Consumer failed to update failed

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_AGENTMGR_KILL_PROCESS

Description: Try to kill process

Severity: 1 (Low)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_MSAZURE_CONFIG_ARM_FAILED

Description: Agent Manager / MS Azure config mode arm failed

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

exitValue

Command exit value

int32



EventType: PH_AGENTMGR_MSAZURE_DOWNLOAD_FAILED

Description: Agent Manager / MS Azure failed to download Azure audit log

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_AGENTMGR_MSAZURE_JSON_EMPTY

Description: Agent Manager / MS Azure found empty returned JSON from Azure

Severity: 3 (Low)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_MSAZURE_JSON_FILE_NAME_EMPTY

Description: Agent Manager / MS Azure JSON file name is empty from Azure

Severity: 3 (Low)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_MSAZURE_JSON_FILE_PARSE_FAILED

Description: Agent Manager / MS Azure found malformed JSON file from Azure

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_MSAZURE_JSON_PARSE_FAILED

Description: Agent Manager / MS Azure found malformed JSON from Azure

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_MSAZURE_LOGIN_FAILED

Description: Agent Manager / MS Azure failed to login to Azure

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_AGENTMGR_MSG_QUEUE_ACCESS_FAILED

Description: Agent Manager failed to access message queue

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_MSG_RECV_FAILED

Description: Agent Manager failed to receive msg

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

exitValue

Command exit value

int32



EventType: PH_AGENTMGR_OFFICE365_API_CALL_FAILED

Description: Agent Manager / Office365 log pulling engine failed to call api

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_AGENTMGR_OFFICE365_EVENT_PULL_FAILED

Description: Agent Manager / Office365 log pulling engine failed to pull log

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

accountName

Account Name

string

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_AGENTMGR_OFFICE365_FILE_WRITE_ERROR

Description: Agent Manager / Office365 log pulling engine unable to write timestamp file

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string



EventType: PH_AGENTMGR_OFFICE365_GET_SUBSCRIBE_FAILED

Description: FortiSIEM Agent Manager failed to get Office365 subscription

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_AGENTMGR_OFFICE365_JSON_PARSE_FAILED

Description: Agent Manager / Office365 log pulling engine failed to parse Office365 JSON

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_OFFICE365_START_SUBSCRIBE_FAILED

Description: FortiSIEM Agent Manager failed to start Office365 subscription

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_AGENTMGR_OFFICE365_SUBSCRIBE_EMPTY

Description: FortiSIEM Agent Manager found Office365 subscription to be empty

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_OFFICE365_SUBSCRIBE_FAILED

Description: Agent Manager / Office365 log pulling engine failed to get subscription list

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_OFFICE365_TOKEN_EMPTY

Description: Agent Manager / Office365 log pulling engine found empty Token

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_AGENTMGR_OKTA_EVT_DOWNLOAD_FAILED

Description: Agent Manager / OKTA failed to download events

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_OKTA_FILE_WRONG

Description: Agent Manager / OKTA encountered wrong Okta user list file. Please download again

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string



EventType: PH_AGENTMGR_OKTA_NO_USER_INFO

Description: Agent Manager / OKTA user list file doesn't contain any user info

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string



EventType: PH_AGENTMGR_OKTA_RESULT_UPLOAD_FAILED

Description: Agent Manager / OKTA failed to upload discovery result to App server

Severity: 5 (Medium)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_OKTA_RESULT_UPLOAD_WARNING

Description: FortiSIEM Agent Manager failed to upload OKTA User list to App Server

Severity: 3 (Low)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_PARSER_UNABLE_CONNECT

Description: Agent Manager unable to connect to parser host

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

hostIpAddr

Host IP

IP

This is the IP of the device of interest in the event.

ipPort

IP Port

uint16

IP port number



EventType: PH_AGENTMGR_PERF_OBJ_PARSE_FAILURE

Description: Agent Manager did not find any performance objects to monitor

Severity: 3 (Low)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_PROCESS_INIT_FAILED

Description: Agent Manager failed to initialize

Severity: 10 (High)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_PULLING_JOB_OUTDATE

Description: FortiSIEM Agent Manager job pull error

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

jobName

Job Name

string

serverIpAddr

Server IP

IP



EventType: PH_AGENTMGR_REST_API_CALL_FAILED

Description: Agent fails to call rest API

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorString

Error String

string

This is the error message, synonymous to attribute errReason

infoURL

Informational URL

string

This field captures an URL if present in an event

httpStatusCode

HTTP Status

string



EventType: PH_AGENTMGR_RSAS_XML_PARSE_FAILED

Description: AgentManager failed to parse XML

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_RUN_CMD_FAILED

Description: do_system failed

Severity: 5 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

command

Command

string

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_AGENTMGR_RUN_SCRIPT_FAILED

Description: AgentManager failed to run script

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_RUN_SCRIPT_WITHOUT_TASK_ID

Description: AgentManager found missing task id in run script notification

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_SALESFORCE_ATTR_NOT_FOUND

Description: Agent Manager / Salesforce log pulling engine cannot find attribute

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_SALESFORCE_COLUMN_NOT_FOUND

Description: Agent Manager / Salesforce log pulling engine can not find a specific column in Saleforce Event Log File

Severity: 5 (Medium)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_SALESFORCE_CURL_EXECUTE_FAILED

Description: Agent Manager / Salesforce log pulling engine failed to execute curl to get Salesforce log

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

infoURL

Informational URL

string

This field captures an URL if present in an event

errorNo

Error Number Unsigned

uint32

This is an unsigned integer error number



EventType: PH_AGENTMGR_SALESFORCE_CURL_HANDLE_GET_FAILED

Description: Agent Manager / Salesforce log pulling engine unable to get curl handle

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_SALESFORCE_FILE_LOAD_ERROR

Description: Agent Manager / Salesforce log pulling engine failed to load file

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string



EventType: PH_AGENTMGR_SALESFORCE_FILE_WRITE_ERROR

Description: Agent Manager / Salesforce log pulling engine unable to write timestamp file

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string



EventType: PH_AGENTMGR_SALESFORCE_INVALID_DATA

Description: Agent Manager / Salesforce log pulling engine received invalid response from Salesforce

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_SALESFORCE_INVALID_LOG_FILE

Description: Agent Manager / Salesforce log pulling engine received invalid Saleforce Event Log File csv

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_SALESFORCE_JSON_PARSE_FAILED

Description: Agent Manager / Salesforce log pulling engine received failed to parse JSON

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_SALESFORCE_LOGIN_FAILED

Description: Agent Manager / Salesforce log pulling engine failed to login to Salesforce

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorString

Error String

string

This is the error message, synonymous to attribute errReason

infoURL

Informational URL

string

This field captures an URL if present in an event



EventType: PH_AGENTMGR_SALESFORCE_SERVER_EMPTY

Description: Agent Manager / Salesforce log pulling engine found Server is empty

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_SALESFORCE_TOKEN_GET_FAILED

Description: Agent Manager / Salesforce log pulling engine can't get login token

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_SALESFORCE_TOKEN_REGET_FAILED

Description: Agent Manager / Salesforce log pulling engine login session is expired and failed to re-get token

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_SALESFORCE_VERSION_PATH_EMPTY

Description: Agent Manager / Salesforce log pulling engine found empty version path

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_SALESFORCE_XML_PARSE_FAILED

Description: Agent Manager / Salesforce log pulling engine failed to parse XML from App Server

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_SCRIPT_NOTIFICATION_SPAWN_FAILED

Description: Agent Manager encountered error in spawning run script notification thread

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_SERVER_HOST_NAME_RESOLVE_FAILED

Description: Agent Manager could not resolve server host name

Severity: 3 (Low)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_SERVER_HOST_NAME_RESOLVE_WARNING

Description: FortiSIEM Agent Manager failed to resolve Host Name to IP

Severity: 3 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

serverName

Server Name

string

jobName

Job Name

string



EventType: PH_AGENTMGR_SERVER_IP_RESOLVE_FAILED

Description: Agent Manager could not resolve server IP

Severity: 3 (Low)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_SERVER_IP_RESOLVE_WARNING

Description: FortiSIEM Agent Manager failed to resolve IP to Host Name

Severity: 3 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

serverIpAddr

Server IP

IP

jobName

Job Name

string



EventType: PH_AGENTMGR_SETUP_STREAM_FAILED

Description: Failed to setup stream connection

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_START_THREAD_FAILED

Description: Failed to start thread

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_STATUS_REPORT_FAILED

Description: Agent Manager failed to report task status to App Server

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_STATUS_REPORT_INIT_FAILED

Description: Agent Manager failed to initialize job status reporter

Severity: 10 (High)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_STOP_STREAM_FAILED

Description: Failed to stop stream connection

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_TENABLE_EXPORT_SCAN_FAILED

Description: Exported scan failed

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_AGENTMGR_TENABLE_GET_DOWNLOAD_FAILED

Description: Download exported scan failed

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_AGENTMGR_TENABLE_GET_SCANS_FAILED

Description: Get the scan list failed

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_AGENTMGR_TENABLE_GET_STATUS_FAILED

Description: Check the file status of exported scan failed

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_AGENTMGR_TENABLE_PULL_FAILED

Description: Failed to pull Tenable.io data

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_AGENTMGR_TIME_CONVERTION_FAILED

Description: Agent Manager/module failed to convert time

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_TOKEN_GET_FAILED

Description: Agent Manager monitoring module cannot get login token

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_UNPACK_FILE_FAILED

Description: Agent Manager unpack file failed

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

fileName

File Name

string



EventType: PH_AGENTMGR_UPDATE_AGENT

Description: Update agent

Severity: 1 (Low)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_WINDEFATP_API_CALL_FAILED

Description: Windows Defender ATP REST API call api failed

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_AGENTMGR_WINDEFATP_FILE_WRITE_ERROR

Description: Unable to write timestamp file

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string



EventType: PH_AGENTMGR_WINDEFATP_GET_ALERT_FAILED

Description: Failed to get alert from Windows Defender ATP

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_AGENTMGR_WINDEFATP_JSON_EMPTY

Description: JSON is empty

Severity: 3 (Low)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_WINDEFATP_JSON_PARSE_FAILED

Description: Failed to parse JSON

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_WINDEFATP_TOKEN_EMPTY

Description: Token is empty

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_AGENTMGR_WMI_EVENT_PULL_ERROR

Description: Agent Manager / Windows WMI event log pulling engine encountered error

Severity: 3 (Low)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_WMI_EVENT_PULL_WARNING

Description: FortiSIEM Agent Manager WMI event pull warning

Severity: 3 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

serverName

Server Name

string

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_AGENTMGR_WMI_FILE_OPEN_ERROR

Description: Agent Manager / Windows WMI event log pulling engineailed to open file

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string

exitValue

Command exit value

int32



EventType: PH_AGENTMGR_WMI_LOG_PULL_ERROR

Description: Faild to pull logs by WMI

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

hostName

Host Name

string

This is the hostname of the device of interest in the event

errorString

Error String

string

This is the error message, synonymous to attribute errReason

errReason

Reason for Error

string

This is the reason for an error if given.



EventType: PH_AGENTMGR_WMI_MISSING_LOG

Description: Some logs are missing

Severity: 3 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errReason

Reason for Error

string

This is the reason for an error if given.



EventType: PH_AGENTMGR_WMI_STATUS_REPORT_FAILED

Description: Agent Manager / Windows WMI event log pulling engineailed to report task status to App Server

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_WMI_USER_PWD_GET_FAILED

Description: Agent Manager / Windows WMI event log pulling engine failed to get WMI user name and password

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_AGENTMGR_WVSS_XML_PARSE_FAILED

Description: Agent Manager / Windows WMI event log pulling engineailed to parse XML

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_XML_PARSE_FAILED

Description: Agent Manager / Windows WMI event log pulling engineailed to parse XML

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_BAD_NETFLOW_PACKET

Description: Bad netflow packet

Severity: 6 (Medium)

Event Category: 3 (System Logs)


EventType: PH_BAD_NETFLOW_VER

Description: Unsupported netflow version

Severity: 6 (Medium)

Event Category: 3 (System Logs)


EventType: PH_CHECKPOINT_CERTHANDLER_ERROR

Description: Checkpoint failed to parse device certificate received from App Server

Severity: 9 (High)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errReason

Reason for Error

string

This is the reason for an error if given.



EventType: PH_CHECKPOINT_CERTPULL_ERROR

Description: Checkpoint failed to obtain certificate from App Server

Severity: 9 (High)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

serverIpAddr

Server IP

IP

errorNo

Error Number Unsigned

uint32

This is an unsigned integer error number

errReason

Reason for Error

string

This is the reason for an error if given.



EventType: PH_CHECKPOINT_CMD_USAGE_ERROR

Description: Checkpoint command usage error

Severity: 9 (High)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

command

Command

string

errReason

Reason for Error

string

This is the reason for an error if given.



EventType: PH_CHECKPOINT_CPMI_FETCH_ERROR

Description: Checkpoint CPMI fetch error. Events may miss some metadata

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

serverIpAddr

Server IP

IP

errReason

Reason for Error

string

This is the reason for an error if given.

errorString

Error String

string

This is the error message, synonymous to attribute errReason

errorNo

Error Number Unsigned

uint32

This is an unsigned integer error number



EventType: PH_CHECKPOINT_DEV_INIT_ERROR

Description: Checkpoint device initialization error. Checkpoint device can not be monitored

Severity: 10 (High)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errReason

Reason for Error

string

This is the reason for an error if given.



EventType: PH_CHECKPOINT_FILE_RENAME_FAILURE

Description: FortiSIEM Checkpoint module failed to rename file

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

srcFilePath

Source File Path

string

destFilePath

Destination File Path

string

errorNoInt

Error Number Int

int32



EventType: PH_CHECKPOINT_FWLOGHANDLER_ERROR

Description: Checkpoint LEA handler protocol error. Checkpoint device can not be monitored

Severity: 9 (High)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

serverIpAddr

Server IP

IP

errorNo

Error Number Unsigned

uint32

This is an unsigned integer error number

errReason

Reason for Error

string

This is the reason for an error if given.



EventType: PH_CHECKPOINT_FWLOGHANDLER_INIT_ERROR

Description: Checkpoint OPSEC log handler initialization error. Checkpoint device can not be monitored

Severity: 10 (High)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

serverIpAddr

Server IP

IP

fileName

File Name

string

errReason

Reason for Error

string

This is the reason for an error if given.



EventType: PH_CHECKPOINT_HTTP_ERROR

Description: Checkpoint module failed to connect to App server

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errReason

Reason for Error

string

This is the reason for an error if given.

errorNo

Error Number Unsigned

uint32

This is an unsigned integer error number



EventType: PH_CHECKPOINT_LOGHANDLER_ERROR

Description: Checkpoint OPSEC log handler internal error

Severity: 9 (High)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errReason

Reason for Error

string

This is the reason for an error if given.



EventType: PH_CHECKPOINT_PROCESS_GET_FAILED

Description: Checkpoint module failed to get its parent process

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_CHECKPOINT_TESTCONN_ERROR

Description: Checkpoint test connectivity error. Checkpoint device can not be discovered

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

serverIpAddr

Server IP

IP

errReason

Reason for Error

string

This is the reason for an error if given.

errorNo

Error Number Unsigned

uint32

This is an unsigned integer error number



EventType: PH_CHECKPOINT_UNABLE_PARSE_XML

Description: Checkpoint module unable to parse device credential XML received from App Server

Severity: 10 (High)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errReason

Reason for Error

string

This is the reason for an error if given.



EventType: PH_COLLECTOR_CLOCK_SKEW

Description: Clock skew between Collector and Super

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

collectorId

Collector ID

uint32

This field captures the ID of a FortiSIEM Collector

collectorIp

Collector IP

IP

This field captures the IP address of a FortiSIEM Collector

superTime

Supervisor Time

Date

This field represents SupervisorTime used to determine Clock Skew between Collector and Supervisor. A Clock Skew may develop if NTP is not configured correctly in both Collector and Supervisor.

collectorTime

Collector Time

Date

This field represents Collector Time used to determine Clock Skew between Collector and Supervisor. A Clock Skew may develop if NTP is not configured correctly in both Collector and Supervisor.

timeSkewSec

Time skew

uint32

Time skew between Collector and Supervisor. If there is significant time skew then rules may not trigger, since rules need to be evaluated based on a time window.



EventType: PH_COLLECTOR_DOWN

Description: Collector down

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_COLLECTOR_EVENT_ARRIVAL_DELAYED

Description: Collector event delayed

Severity: 9 (High)

Event Category: 3 (System Logs)


EventType: PH_COLLECTOR_EVENT_ARRIVAL_OK

Description: Collector event arrived on time

Severity: 1 (Low)

Event Category: 3 (System Logs)


EventType: PH_COLLECTOR_EVENT_STORE_DELAYED

Description: Collector event file delayed

Severity: 9 (High)

Event Category: 3 (System Logs)


EventType: PH_COLLECTOR_EVENT_STORE_OK

Description: Collector event file on time

Severity: 1 (Low)

Event Category: 3 (System Logs)


EventType: PH_COLLECTOR_UP

Description: Collector up

Severity: 1 (Low)

Event Category: 3 (System Logs)


EventType: PH_CYBERARK_INIT_ERROR

Description: FortiSIEM CyberArk module initialization error

Severity: 10 (High)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorString

Error String

string

This is the error message, synonymous to attribute errReason

errReason

Reason for Error

string

This is the reason for an error if given.



EventType: PH_DEV_FAIL_TO_PULL_EVENTS

Description: Fail to pull events

Severity: 6 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

hostIpAddr

Host IP

IP

This is the IP of the device of interest in the event.



EventType: PH_EVENT_FORWARDER_CHECKSUM_MISMATCH

Description: FortiSIEM Event Forwarder module encountered checksum error

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string



EventType: PH_EVENT_FORWARDER_CONNECT_ERROR

Description: FortiSIEM Event Forwarder failed to connect to forwdarding destination host

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorNoInt

Error Number Int

int32



EventType: PH_EVENT_FORWARDER_DIR_OPEN_FAILURE

Description: FortiSIEM Event Forwarder failed to open directory

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

dirName

Directory Name

string



EventType: PH_EVENT_FORWARDER_FILE_OPEN_FAILURE

Description: FortiSIEM Event Forwarder failed to open file

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string



EventType: PH_EVENT_FORWARDER_FILE_RENAME_FAILURE

Description: FortiSIEM Event Forwarder failed to rename file

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

srcFilePath

Source File Path

string

destFilePath

Destination File Path

string



EventType: PH_EVENT_FORWARDER_INIT_FAILURE

Description: FortiSIEM Event Forwarder module initialization failure

Severity: 10 (High)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

funName

Function Name

string



EventType: PH_EVENT_FORWARDER_INVALID_GZIP_FILE

Description: FortiSIEM Event Forwarder module encountered invalid gzip file

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string



EventType: PH_EVENT_FORWARDER_INVALID_PHOENIX_CONFIG

Description: FortiSIEM Event Forwarder module encountered invalid phoenix_config file

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

module

Module Name

string

configName

Config Name

string

configValue

Config Value

string



EventType: PH_EVENT_FORWARDER_INVALID_PROTOCOL

Description: FortiSIEM Event Forwarder module encountered invalid forwarding protocol

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_EVENT_FORWARDER_KAFKA_ERROR

Description: FortiSIEM Event Forwarder module encountered Kafka protocol error

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorString

Error String

string

This is the error message, synonymous to attribute errReason

actionName

Notification Action Name

string



EventType: PH_EVENT_FORWARDER_KAFKA_INIT_FAILURE

Description: FortiSIEM Event Forwarder module initialization failure

Severity: 10 (High)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_EVENT_FORWARDER_KAFKA_PRODUCE_ERROR

Description: FortiSIEM Event Forwarder module encountered error while forwarding via Kafka protocol

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_EVENT_FORWARDER_MKDIR_FAILURE

Description: FortiSIEM Event Forwarder failed to create directory

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

dirName

Directory Name

string



EventType: PH_EVENT_FORWARDER_RUN_PROCESS_ERROR

Description: FortiSIEM Event Forwarder failed to run process during execution

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_EVENT_FORWARDER_SOCKET_ERROR

Description: FortiSIEM Event Forwarder failed to create socket

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorNoInt

Error Number Int

int32



EventType: PH_EVENT_FORWARDER_SOCKET_WRITE_ERROR

Description: FortiSIEM Event Forwarder failed to write to socket

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorNoInt

Error Number Int

int32



EventType: PH_EVENT_FORWARDER_SSL_CERT_ERROR

Description: FortiSIEM Event Forwarder SSL certification error

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errReason

Reason for Error

string

This is the reason for an error if given.



EventType: PH_EVENT_FORWARDER_SSL_ERROR

Description: FortiSIEM Event Forwarder Generic SSL error

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errReason

Reason for Error

string

This is the reason for an error if given.



EventType: PH_EVENT_FWD_CERT_LOAD_FAILED

Description: Event Forwarder module failed to load certification file or key file for TLS based forwarding - forwarding via this method will not occur

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_EVENT_FWD_CERT_UNPAIRED

Description: Event Forwarder module detected unpaired certififcation file or key file - forwarding via this method will not occur

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_EVENT_FWD_DIR_MAKE_FAILED

Description: Event Forwarder module failed to create a directory during initialization

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

dirName

Directory Name

string



EventType: PH_EVENT_FWD_DIR_OPEN_FAILED

Description: Event Forwarder module failed to open a directory

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

dirName

Directory Name

string



EventType: PH_EVENT_FWD_FILE_RENAME_FAILED

Description: Event Forwarder module failed to rename a file

Severity: 3 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

srcFilePath

Source File Path

string

destFilePath

Destination File Path

string



EventType: PH_EVENT_FWD_FULL_FORWARDING_FAILED

Description: Event Forwarder failed to forward all events in one file to the destination, will retry

Severity: 3 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

destIpAddr

Destination IP

IP

Destination IP of a device as identified in the event.

destIpPort

Destination TCP/UDP Port

uint16

This is the destination TCP or UDP port as identified in the event



EventType: PH_EVENT_FWD_GET_FILE_NUM_FAILURE

Description: Event Forwarder module failed to get event file count in /opt/phoenix/cache/parser/fwd

Severity: 5 (Medium)

Event Category: 3 (System Logs)


EventType: PH_EVENT_FWD_GZ_CLOSE_ERROR

Description: Event Forwarder module cannot close gz file stored in /opt/phoenix/cache/parser/fwd - event will not be forwarded

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string



EventType: PH_EVENT_FWD_GZ_FILE_OPEN_ERROR

Description: Event Forwarder failed to open event file (gz), or not enough memory to open it

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string



EventType: PH_EVENT_FWD_GZ_MD5_ERROR

Description: Event Forwarder module cannot get md5 of event file (gz)

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string



EventType: PH_EVENT_FWD_GZ_RENAME_ERROR

Description: Event Forwarder module cannot rename event file (gz)

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_EVENT_FWD_GZ_SIZE_MISMATCH

Description: Event Forwarder found malformed event file (gz) - length mismatch

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string



EventType: PH_EVENT_FWD_KAFKA_WARNING

Description: Event Forwarder module failed on event serialization to send via Kafka

Severity: 5 (Medium)

Event Category: 3 (System Logs)


EventType: PH_EVENT_FWD_MD5_CHECKSUM_MISMATCH

Description: Event Forwarder found event file (gz) MD5 checksum

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_EVENT_FWD_NETFLOW_REGEX_IGNORED

Description: Event Forwarder ignores regex filter in forwarding rule for Netflow since Netflow is binary

Severity: 5 (Medium)

Event Category: 3 (System Logs)


EventType: PH_EVENT_FWD_PARTIAL_FORWARDING_FAILED

Description: Event Forwarder failed to forward a subset of events in one file to the destination. Those events will be lost

Severity: 8 (Medium)

Event Category: 3 (System Logs)


EventType: PH_EVENT_FWD_PARTIAL_FORWARDING_WARNING

Description: FortiSIEM Event Forwarder was able to do partial forwarding

Severity: 3 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

destIpAddr

Destination IP

IP

Destination IP of a device as identified in the event.

destIpPort

Destination TCP/UDP Port

uint16

This is the destination TCP or UDP port as identified in the event



EventType: PH_EVENT_FWD_PCRE_ERROR

Description: Event Forwarder module failed to Pcre compile - this means the regular expression in the forwarding rule is invalid

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_EVENT_FWD_PROCESS_INIT_FAILED

Description: Event Forwarder failed to initialize this process

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_EVENT_FWD_PROCESS_START_FAILED

Description: Event Forwarder failed to run

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_EVENT_FWD_PROTO_FORWARDED_WRONG

Description: Event Forwarder found incorrect proto in the forwarding rule

Severity: 8 (Medium)

Event Category: 3 (System Logs)


EventType: PH_EVENT_FWD_RENAME_GZ_ERROR

Description: FortiSIEM Event Forwarder failed to rename gz file

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string



EventType: PH_EVENT_FWD_RULE_PARSE_ERROR

Description: Event forwarder module failed to parse event forwarding rule

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_EVENT_FWD_SOCKET_CONNECT_FAILED

Description: Event Forwarder failed to connect the destination for TCP based forwarding

Severity: 8 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

exitValue

Command exit value

int32



EventType: PH_EVENT_FWD_SOCKET_GET_FAILED

Description: Event Forwarder failed to get socket for connecting the destination

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

exitValue

Command exit value

int32



EventType: PH_EVENT_FWD_SOCKET_WRITE_FAILED

Description: Event Forwarder failed to write to socket for sending events

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

exitValue

Command exit value

int32



EventType: PH_EVENT_FWD_SSL_CREATE_FAILED

Description: Event Forwarder unable to create new SSL context structure for TLS based fowarding

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_EVENT_FWD_SSL_SESSION_BUILD_FAILED

Description: Event Forwarder unable to build SSL session for TLS based fowarding

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_EVENT_FWD_UNEXPECTED_FILE_REMOVED

Description: Event Forwarder removed unexpected event file (mismatched name format)

Severity: 3 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string



EventType: PH_EVENT_PKG_ATTR_NOT_FOUND

Description: Event Packager cannot find Worker name in XML received from App Server

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_EVENT_PKG_EMPTY_FILE_REMOVED

Description: Event Packager found an empty event file - filw will be removed

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string



EventType: PH_EVENT_PKG_FILE_ADD_TO_SVN_FAILED

Description: Event Packager failed to add configuration file to svn upload queue

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string



EventType: PH_EVENT_PKG_FILE_REMOVED_ERROR

Description: Event Packager failed to remove event file after upload

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string



EventType: PH_EVENT_PKG_FILE_RENAME_FAILED

Description: Event Packager failed to rename configuration file after scanning

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

srcFilePath

Source File Path

string

destFilePath

Destination File Path

string

exitValue

Command exit value

int32



EventType: PH_EVENT_PKG_FILE_STAT_FAILED

Description: Event Packager failed to stat configuration or event file

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string

exitValue

Command exit value

int32



EventType: PH_EVENT_PKG_FILE_UPLOAD_FAILED

Description: Event Packager failed to upload event file to Worker or Super; will retry

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string

serverIpAddr

Server IP

IP



EventType: PH_EVENT_PKG_FILE_UPLOAD_SUCCESS_HIGH

Description: Event file upload success is high

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

ratio

Ratio

uint64



EventType: PH_EVENT_PKG_FILE_UPLOAD_SUCCESS_LOW

Description: Event file upload success is low

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

ratio

Ratio

uint64



EventType: PH_EVENT_PKG_GZ_CLOSE_FAILED

Description: Event Packager failed to close event file after writing

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string

exitValue

Command exit value

int32



EventType: PH_EVENT_PKG_GZ_FILE_OPEN_ERROR

Description: Event Packager failed to open gz file or not enough memory to open it

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string



EventType: PH_EVENT_PKG_HTTP_FAILED

Description: Event Packager encountered HTTPS error response code

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

serverIpAddr

Server IP

IP

errorNo

Error Number Unsigned

uint32

This is an unsigned integer error number



EventType: PH_EVENT_PKG_HTTP_INIT_FAILED

Description: Event Packager HTTP client initialization failed

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

serverIpAddr

Server IP

IP



EventType: PH_EVENT_PKG_INSERT_TASK_FAILED

Description: Failed to insert task into event file upload queue

Severity: 5 (Medium)

Event Category: 3 (System Logs)


EventType: PH_EVENT_PKG_NO_EVENT

Description: Event Packager did not upload any event in last 10 minutes

Severity: 3 (Low)

Event Category: 3 (System Logs)


EventType: PH_EVENT_PKG_OPEN_DIR_FAILED

Description: Failed to open directory

Severity: 5 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string

errorNoInt

Error Number Int

int32



EventType: PH_EVENT_PKG_PROCESS_INIT_FAILED

Description: Event Packager failed to initialize

Severity: 10 (High)

Event Category: 3 (System Logs)


EventType: PH_EVENT_PKG_PROCESS_START_FAILED

Description: Event Packager failed to run

Severity: 10 (High)

Event Category: 3 (System Logs)


EventType: PH_EVENT_PKG_QUEUE_GET_FAILED

Description: Event Packager failed to get event file from the queue

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

exitValue

Command exit value

int32



EventType: PH_EVENT_PKG_SERVER_LIST_UPLOAD_FAILED

Description: Event Packager failed to get upload server list from App Server

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

serverIpAddr

Server IP

IP



EventType: PH_EVENT_PKG_SERVICE_LIST_EMPTY

Description: Empty upload service list

Severity: 5 (Medium)

Event Category: 3 (System Logs)


EventType: PH_EVENT_PKG_TASK_ADD_TO_QUEUE_FAILED

Description: Event Packager failed to add file upload task to queue

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_EVENT_PKG_XML_PARSE_FAILED

Description: Event Packager failed to parse XML from App Server

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_EVTPKGER_FILE_UPLOAD_FAILED

Description: File upload failed

Severity: 6 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

fileName

File Name

string

destIpAddr

Destination IP

IP

Destination IP of a device as identified in the event.



EventType: PH_EVT_HANDLER_DBG

Description: Event handler debug message

Severity: 1 (Low)

Event Category: 3 (System Logs)


EventType: PH_EVT_HANDLER_ERR

Description: Event handler error message

Severity: 6 (Medium)

Event Category: 3 (System Logs)


EventType: PH_EVT_HANDLER_EVT_QUEUE_LARGE

Description: Uploaded event files size large

Severity: 6 (Medium)

Event Category: 3 (System Logs)


EventType: PH_EVT_HANDLER_EVT_QUEUE_WARNING

Description: Worker Input Event Queue large

Severity: 10 (High)

Event Category: 3 (System Logs)


EventType: PH_EVT_HANDLER_INFO

Description: Event handler information

Severity: 1 (Low)

Event Category: 3 (System Logs)


EventType: PH_EVT_HANDLER_SVN_QUEUE_LARGE

Description: Uploaded SVN files size large

Severity: 6 (Medium)

Event Category: 3 (System Logs)


EventType: PH_EVT_HANDLER_SVN_QUEUE_WARNING

Description: Worker Input Event Queue large

Severity: 10 (High)

Event Category: 3 (System Logs)


EventType: PH_EVT_PACKAGER_COND_WAIT_ERROR

Description: FortiSIEM Event Packager Conditional Wait Error

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorNoInt

Error Number Int

int32



EventType: PH_EVT_PACKAGER_FILE_CLOSE_FAILURE

Description: FortiSIEM Event Packager file close error

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string

errorNoInt

Error Number Int

int32



EventType: PH_EVT_PACKAGER_FILE_OPEN_FAILURE

Description: FortiSIEM Event Packager file open error

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string



EventType: PH_EVT_PACKAGER_FILE_REMOVE_FAILURE

Description: FortiSIEM Event Packager file remove error

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string

errorNoInt

Error Number Int

int32



EventType: PH_EVT_PACKAGER_FILE_RENAME_FAILURE

Description: FortiSIEM Event Packager file rename error

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorNoInt

Error Number Int

int32

srcFilePath

Source File Path

string

destFilePath

Destination File Path

string



EventType: PH_EVT_PACKAGER_FILE_STAT_FAILURE

Description: FortiSIEM Event Packager file stat error

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string

errorNoInt

Error Number Int

int32



EventType: PH_EVT_PACKAGER_FILE_UPLOAD_FAILURE

Description: FortiSIEM Event Packager file upload failure

Severity: 3 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string

errorNoInt

Error Number Int

int32

destName

Destination Host Name

string

Destination device's hostname as identified in the log, can also be enriched using reverse lookup of the destination IP address.



EventType: PH_EVT_PACKAGER_HTTP_RESPONSE_ERROR

Description: FortiSIEM Event Packager http response error from App Server

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorNoInt

Error Number Int

int32



EventType: PH_EVT_PACKAGER_INIT_FAILURE

Description: FortiSIEM Event Packager module initialization error

Severity: 10 (High)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

funName

Function Name

string

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_EVT_PACKAGER_REST_PARSE_ERROR

Description: FortiSIEM Event Packager module failed to parse REST output

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_EVT_PACKAGER_RUN_PROCESS_ERROR

Description: FortiSIEM Event Packager module encountered error to run process

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_JAVA_AGENT_APPSERVER_CONN_ERROR

Description: FSM FSM Java Agent failed to connect to App Server

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_JAVA_AGENT_APPSERVER_EXECUTE_ERROR

Description: FSM FSM Java Agent app server JMX Pull SQL Error

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_JAVA_AGENT_CONTROLLER_CMD_PARSE_ERROR

Description: FSM Java Agent parse file failed

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_JAVA_AGENT_CONTROLLER_CMD_READ_ERROR

Description: FSM Java Agent control channel problem, exiting ...

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_JAVA_AGENT_CONTROLLER_GENERIC_ERROR

Description: FSM Java Agent parse file failed

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_JAVA_AGENT_CONTROLLER_LINE_READ_ERROR

Description: FSM Java Agent hit exception while reading line type

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_JAVA_AGENT_CONTROLLER_XML_READ_ERROR

Description: FSM Java Agent hit exception while reading command XML from App Server

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_JAVA_AGENT_CUSTOM_JDBC_CONN_ERROR

Description: FSM Java Agent failed to execute custom JDBC monitoring job - connection error

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_JAVA_AGENT_CUSTOM_JDBC_EXEC_ERROR

Description: FSM Java Agent failed to execute custom JDBC monitoring job - execution error

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_JAVA_AGENT_DISCOVERY_TEST_ERROR

Description: FSM Java Agent failed to connect to Snort database for testing

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_JAVA_AGENT_ERROR

Description: PH java agent generic error

Severity: 6 (Medium)

Event Category: 3 (System Logs)


EventType: PH_JAVA_AGENT_GLASSFISH_MONITOR_ERROR

Description: FSM Java Agent GlassFish monitoring failure

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_JAVA_AGENT_GLASS_FISH_WARNING

Description: FSM Java Agent GlassFish monitoring warning

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_JAVA_AGENT_GOOGLEAPPS_EXEC_ERROR

Description: FSM Java Agent Google Apps Monitor Exception

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_JAVA_AGENT_IBMDB2_AUDIT_CONN_ERROR

Description: FSM Java Agent IBM DB2 connection error

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_JAVA_AGENT_IBMDB2_AUDIT_EXEC_ERROR

Description: FSM Java Agent IBM DB2 audit error

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_JAVA_AGENT_IBM_DB2_CAT_READ_ERROR

Description: FSM Java Agent IBM loading error

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_JAVA_AGENT_IBM_DB2_CONN_ERROR

Description: FSM Java Agent failed to connect to IBM DB2 for collecting audit logs

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_JAVA_AGENT_IBM_DB2_INTERNAL_ERROR

Description: FSM Java Agent IBM Sleep Interrupted error

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_JAVA_AGENT_INFO

Description: PH java agent generic info

Severity: 1 (Low)

Event Category: 3 (System Logs)


EventType: PH_JAVA_AGENT_JBOSS_CONN_ERROR

Description: FSM Java Agent app server connection error

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_JAVA_AGENT_JBOSS_EXEC_ERROR

Description: FSM Java Agent app server connection error

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_JAVA_AGENT_JBOSS_MONITOR_ERROR

Description: Fail to monitor Jboss

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_JAVA_AGENT_JDBC_PULL_UNSUPP_ERROR

Description: No connection for job when pulling JDBC

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_JAVA_AGENT_JDBC_SQL_NOT_SUPPORT_ERROR

Description: FSM Java Agent cannot support such a SQL

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_JAVA_AGENT_JMX_CONN_ERROR

Description: FSM Java Agent jmx JDBC error

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_JAVA_AGENT_JMX_EXEC_ERROR

Description: FSM Java Agent JMX monitor error

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_JAVA_AGENT_JOB_EXECUTOR_ERROR

Description: Exception in AgentJobExecutor.run error

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_JAVA_AGENT_JOB_STATUS_UPLOAD_ERROR

Description: Failed to upload job status xml

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_JAVA_AGENT_JOB_TYPE_ERROR

Description: AgentUtils createAndInitAgent serverType is not defined

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_JAVA_AGENT_JOB_XML_LOAD_ERROR

Description: Exception caught while parsing JobXml

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_JAVA_AGENT_JOB_XML_PARSE_ERROR

Description: Exception caught while parsing JobXml

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_JAVA_AGENT_MCAFEE_MYSQL_MONITOR_ERROR

Description: FSM Java Agent my sql performance monitor error

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_JAVA_AGENT_MCAFEE_VULN_SCANNER_ERROR

Description: FSM Java Agent vulnerability pulling error

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_JAVA_AGENT_MONITOR_GEN_ERROR

Description: FSM Java Agent job monitor rest error

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_JAVA_AGENT_MONITOR_TIMEOUT_ERROR

Description: FSM Java Agent job monitor execute too long

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_JAVA_AGENT_MSSQL_DDL_CONN_ERROR

Description: FSM Java Agent JDBC pull don't support dev error

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_JAVA_AGENT_MSSQL_LOGON_CONN_ERROR

Description: FSM Java Agent MySql Connection error

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_JAVA_AGENT_MSSQL_LOGON_EXEC_ERROR

Description: FSM Java Agent app server JMX Pull SQL Error

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_JAVA_AGENT_MSSQL_MONITOR_ERROR

Description: FSM Java Agent ms sql performance error

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_JAVA_AGENT_MSSQL_PERF_CONN_ERROR

Description: FSM Java Agent job connection error

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_JAVA_AGENT_MSSQL_PERF_EXECUTE_ERROR

Description: FSM Java Agent MSSQL job execution error

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_JAVA_AGENT_MYSQL_PERF_CONN_ERROR

Description: FSM Java Agent MYSQL connection error

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_JAVA_AGENT_MYSQL_PERF_EXEC_ERROR

Description: FSM Java Agent mysql audit performance error

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_JAVA_AGENT_NESSUS_REPORT_PARSE_ERROR

Description: FSM Java Agent nessus report parse error

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_JAVA_AGENT_ORACLE_DB_ERROR

Description: FSM Java Agent Oracle DB performance metrics error

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_JAVA_AGENT_ORADB_AUDIT_CONN_ERROR

Description: FSM Java Agent Oracle DB connection error

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_JAVA_AGENT_ORADB_AUDIT_EXEC_ERROR

Description: FSM Java Agent Oracle DB execution error

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_JAVA_AGENT_ORADB_LOGON_EXEC_ERROR

Description: FSM Java Agent Oracle Audit trail pull error

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_JAVA_AGENT_ORADB_PERF_CONN_ERROR

Description: FSM Java Agent Oracle Database performance metrics collection error - connection issue

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_JAVA_AGENT_ORADB_PERF_EXEC_ERROR

Description: FSM Java Agent Oracle Database performance metrics collection error - SQL exec error

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_JAVA_AGENT_SNORT_CONN_ERROR

Description: FSM Java Agent Snort IPS connect error

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_JAVA_AGENT_SNORT_EVENTID_ERROR

Description: FSM Java Agent Snort IPS alert collection error - exception in setMaxEventId function

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_JAVA_AGENT_SNORT_EXEC_ERROR

Description: FSM Java Agent Snort IPS alert collection error

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_JAVA_AGENT_SNORT_SENSORID_ERROR

Description: FSM Java Agent Snort IPS alert collection error - exception in setSensorId2MaxEventId function

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_JAVA_AGENT_SNORT_TCP_OPTION_ERROR

Description: FSM Java Agent Snort IPS alert collection error - exception in getTcpOptions functions

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_JAVA_AGENT_TOMCAT_MONITOR_ERROR

Description: FSM Java Agent Tomcat Application Server monitor error

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_JAVA_AGENT_UTILS_ERROR

Description: FSM Java Agent status file error

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_JAVA_AGENT_VMWARE_HWSTATUS_EXEC_ERROR

Description: FSM Java Agent failed to collect VMWare ESX hardware status

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_JAVA_AGENT_VMWARE_LOG_CONN_ERROR

Description: FSM Java Agent failed to connect VMWare ESX / Vcenter for collecting logs

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_JAVA_AGENT_VMWARE_LOG_EXEC_ERROR

Description: FSM Java Agent hit an exception while collecting logs from VMWare ESX / Vcenter

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_JAVA_AGENT_VMWARE_MONITOR_ERROR

Description: FSM Java Agent hit an error while connecting to VMWare ESX / Vcenter

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_JAVA_AGENT_VMWARE_PERF_COUNTER_MISSING

Description: FSM Java Agent VMWare performance pull error - missing performance counter

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_JAVA_AGENT_VMWARE_PERF_DATA_RETRIEVE_ERROR

Description: FSM Java Agent VMWare performance pull error - data retrieve error

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_JAVA_AGENT_VMWARE_PERF_ENTITY_MISSING

Description: FSM Java Agent VMWare performance pull error - missing performance entity

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_JAVA_AGENT_VMWARE_PERF_HOST_MISSING

Description: FSM Java Agent VMWare performance pull error - missing host

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_JAVA_AGENT_VMWARE_PERF_MON_EXCEPTION

Description: FSM Java Agent VMWare performance pull error - hit exception

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_JAVA_AGENT_VMWARE_PERF_ROLLUP_MISSING

Description: FSM Java Agent VMWare performance pull error - missing rollup

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_JAVA_AGENT_VMWARE_PERF_STAT_NAME_MISSING

Description: FSM Java Agent VMWare performance pull error - missing stat name

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_JAVA_AGENT_VMWARE_PERF_VM_MISSING

Description: FSM Java Agent VMWare performance pull error - missing VM

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_JAVA_AGENT_VMWARE_THREAD_EXEC_ERROR

Description: FSM Java Agent VMWare performance pull error - thread execution error

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_JAVA_AGENT_VULN_REPORT_PARSER_ERROR

Description: FSM Java Agent failed to parse external vulnerability scanner report

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_JAVA_AGENT_VULN_REPORT_VERIFY_ERROR

Description: FSM Java Agent failed to verify external vulnerability scanner report

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_JAVA_AGENT_WEBLOGIC_MONITOR_ERROR

Description: FSM Java Agent Weblogic monitor error

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_JAVA_AGENT_WEBSENSE_EMAIL_MISSING_LOGDB

Description: FSM Java Agent Websense Email Gateway log collection error - logDBName is null

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_JAVA_AGENT_WEBSENSE_JDBC_PULL_ERROR

Description: FSM Java Agent Websense WebSecurity Gateway log collection error - Event Pull SQL Error

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_JAVA_AGENT_WEBSENSE_MAIL_CONN_ERROR

Description: FSM Java Agent Websense Email Gateway connection audit error

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_JAVA_AGENT_WEBSENSE_MAIL_EXEC_ERROR

Description: FSM Java Agent Websense Email Gateway execution error

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_JAVA_AGENT_WEBSENSE_MAIL_PULL_ERROR

Description: FSM Java Agent Websense Email Gateway mail pulling error

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_JAVA_AGENT_WEBSENSE_WEB_CONN_ERROR

Description: FSM Java Agent WebSecurity Gateway connection audit error

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_JAVA_AGENT_WEBSENSE_WEB_EXEC_ERROR

Description: FSM Java Agent WebSecurity execution error

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_JAVA_AGENT_WEBSENSE_WEB_MISSING_LOGDB

Description: FSM Java Agent WebSecurity log collection error - logDBName or urlDBName or urlCategoryDBName or dispositionDBName is null

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_JAVA_AGENT_WEBSPHERE_CONN_ERROR

Description: FSM Java Agent IBM Web sphere monitor error

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_JAVA_AGENT_WEBSPHERE_EXEC_ERROR

Description: FSM Java Agent IBM Web sphere log pulling error

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_JAVA_AGENT_WEBSPHERE_MONITOR_ERROR

Description: FSM Java Agent IBM Web sphere monitor error

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_LINUX_AGENT_ACCOUT_MISSING

Description: Registration user name is missing

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_LINUX_AGENT_BIND_PORT_FAILED

Description: Socket failed to bind port

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

destIpPort

Destination TCP/UDP Port

uint16

This is the destination TCP or UDP port as identified in the event



EventType: PH_LINUX_AGENT_CONFIG_ATTR_NOT_FOUND

Description: Cannot find attribute in config file

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

fileName

File Name

string



EventType: PH_LINUX_AGENT_CONFIG_MISS_ATTR

Description: Cannot find attribute in config file

Severity: 3 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

fileName

File Name

string



EventType: PH_LINUX_AGENT_CREATE_SOCKET_FAILED

Description: Failed to create socket

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_LINUX_AGENT_EXIT

Description: Linux agent received exit signal

Severity: 3 (Low)

Event Category: 3 (System Logs)


EventType: PH_LINUX_AGENT_HOST_IP_GOT_FAILED

Description: Failed to get host ip

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_LINUX_AGENT_INCREASE_RECV_SOCK_BUF_MAX_FAILED

Description: Failed to increase Linux Agent recv socket buffe size

Severity: 3 (Low)

Event Category: 3 (System Logs)


EventType: PH_LINUX_AGENT_INIT_FIM_FAILED

Description: Linux Agent FIM Init Failed

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errReason

Reason for Error

string

This is the reason for an error if given.



EventType: PH_LINUX_AGENT_INIT_HTTP_FAILED

Description: Failed to initial http client

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

destIpAddr

Destination IP

IP

Destination IP of a device as identified in the event.



EventType: PH_LINUX_AGENT_LOG_GENERIC

Description: Linux agent generic log

Severity: 1 (Low)

Event Category: 3 (System Logs)


EventType: PH_LINUX_AGENT_NEW_FIM_LOADED

Description: Linux Agent New FIM Config Loaded

Severity: 1 (Low)

Event Category: 3 (System Logs)


EventType: PH_LINUX_AGENT_OPEN_FILE_FAILED

Description: Linux agent open file failed

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

fileName

File Name

string

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_LINUX_AGENT_OPEN_PORT_FAILED

Description: Failed to open port

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

ipPort

IP Port

uint16

IP port number



EventType: PH_LINUX_AGENT_PWD_MISSING

Description: Registration password is missing

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_LINUX_AGENT_RECV_ERROR

Description: Linux agent received error from socket

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorNo

Error Number Unsigned

uint32

This is an unsigned integer error number

recvBytes64

Received Bytes64

uint64

Number of bytes received by a host. This has 64bit resolution.



EventType: PH_LINUX_AGENT_REGISSTER_FAILED

Description: Failed to register linux agent

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_LINUX_AGENT_TEMPLATE_STATUS

Description: Linux Agent State

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

hostIpAddr

Host IP

IP

This is the IP of the device of interest in the event.

phCustId

Organization ID

uint32

This is the FortiSIEM organization ID unique to each tenant

status

Status

string



EventType: PH_LINUX_AGENT_UNINSTALL

Description: Linux agent received uninstall signal

Severity: 3 (Low)

Event Category: 3 (System Logs)


EventType: PH_LINUX_AGENT_UPLOAD_FILE_FAILED

Description: File Upload to destHost failed

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

fileName

File Name

string

destIpAddr

Destination IP

IP

Destination IP of a device as identified in the event.

errorNo

Error Number Unsigned

uint32

This is an unsigned integer error number



EventType: PH_LINUX_AGENT_UPLOAD_FILE_SUCCESS

Description: File is uploaded to collector successfully

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

fileName

File Name

string

destIpAddr

Destination IP

IP

Destination IP of a device as identified in the event.



EventType: PH_LINUX_AGENT_USER_FILE_LOG_GENERIC

Description: Linux agent generic user file log

Severity: 1 (Low)

Event Category: 3 (System Logs)


EventType: PH_LINUX_AGENT_VERIFIER_ERROR

Description: Linux agent verifier error

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

fileName

File Name

string

errorString

Error String

string

This is the error message, synonymous to attribute errReason

size

Size

uint32



EventType: PH_NETFLOW_BAD_FLOW

Description: Parser module module received a netflow packet with wrong length

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_NETFLOW_BAD_FLOW_END

Description: Parser module received a netflow packet with unsupported end of netflow datagram

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_NETFLOW_BAD_HEADER_PROTOCOL

Description: Parser module received a netflow packet with unsupported netflow header protocol

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_NETFLOW_BAD_PACKET

Description: Parser module received a incorrectly formatted netflow packet

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_NETFLOW_BAD_RECORD

Description: Parser module received a incorrectly formatted netflow flow

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_NETFLOW_BAD_TYPE

Description: Parser module received a netflow packet with unsupported netflow sample type

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_NETFLOW_BAD_VER

Description: Parser module received a netflow packet with unsupported netflow version

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

reptDevIpAddr

Reporting IP

IP

This is the device that originated the log or event packet, also known as the reporting device.



EventType: PH_NETFLOW_EXCEPTION

Description: Parser module encountered netflow parsing error

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_SYSTEM_DEVAPP_EVENTS_PER_SEC

Description: FortiSIEM per application EPS statistics

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

reptVendor

Reporting Vendor

string

This field captures the vendor of the reported event

reptModel

Reporting Model

string

This field captures the model of the reported event

hostIpAddr

Host IP

IP

This is the IP of the device of interest in the event.

hostName

Host Name

string

This is the hostname of the device of interest in the event

phCustId

Organization ID

uint32

This is the FortiSIEM organization ID unique to each tenant

eventsPerSec

Event Rate

double

A generic attribute for recording event ingestion or handling rate.



EventType: PH_SYSTEM_DEVAPP_NO_EVENTS

Description: No events from a reporting module in last 1 hour

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

reptVendor

Reporting Vendor

string

This field captures the vendor of the reported event

reptModel

Reporting Model

string

This field captures the model of the reported event

reptDevIpAddr

Reporting IP

IP

This is the device that originated the log or event packet, also known as the reporting device.

reptDevName

Reporting Device

string

This is the hostname of the device that originated the log or event packet.



EventType: PH_SYSTEM_DEVICE_NO_EVENTS

Description: No events from a device in last 1 hour

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_SYSTEM_EPS_GLOBAL

Description: FortiSIEM Global event handling statistics

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

licenseEventsPerSec

License EPS

uint64

incomingEventsPerSec

Incoming Event Rate

double

This is a FortiSIEM event ingestion rate calculated every 3 minutes, divided by 180 to generate a rolling EPS (Events Per Second) interval.

peakIncomingEventsPerSec

Peak Incoming Event Rate

double

This is the spike or max event ingestion rate seen during a 3 minute interval averaged overall data points.

dropLicenseEventsPerSec

License Dropped Event Rate

double

The number of events dropped due to exceeding license in past 3 minutes.

peakDropLicenseEventsPerSec

Peak License Dropped Event Rate

double

The max value of dropLicenseEventsPerSec over all 3-minute periods, since phParser started.

unusedEvents

Unused Event Count

uint64

The difference between licenseEventsPerSec and incomingEventsPerSec accumulated.



EventType: PH_SYSTEM_EPS_NODE

Description: FortiSIEM per Node event handling statistics

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

role

Role

string

hostName

Host Name

string

This is the hostname of the device of interest in the event

guaranteedEventsPerSec

Guaranteed EPS

uint64

incomingEventsPerSec

Incoming Event Rate

double

This is a FortiSIEM event ingestion rate calculated every 3 minutes, divided by 180 to generate a rolling EPS (Events Per Second) interval.

peakIncomingEventsPerSec

Peak Incoming Event Rate

double

This is the spike or max event ingestion rate seen during a 3 minute interval averaged overall data points.

ingestedEventsPerSec

Ingested Event Rate

double

dropPolicyEvents

Policy Dropped Events

uint64

The number of events dropped by Event Dropping Rules in the last 3 minutes.

dropPolicyEventsPerSec

Policy Droppped Event Rate

double

This is the per second count of events dropped by policy, which is calculated as dropPolicyEvents (3min interval) / 180 seconds.

peakDropPolicyEventsPerSec

Peak Policy Dropped Event Rate

double

The max value of dropPolicyEventsPerSec, over all 3-minute periods, since phParser started.

dropLicenseEvents

License Dropped Events

uint64

This is the total count of events dropped due to exceeding license over all 3 minute intervals since phParser started.

dropLicenseEventsPerSec

License Dropped Event Rate

double

The number of events dropped due to exceeding license in past 3 minutes.

peakDropLicenseEventsPerSec

Peak License Dropped Event Rate

double

The max value of dropLicenseEventsPerSec over all 3-minute periods, since phParser started.

dropLicenseEventRatio

License Dropped Event Ratio

uint16

Ratio of dropped events due to license to total incoming events in last 3 minutes.

reptDevIpAddr

Reporting IP

IP

This is the device that originated the log or event packet, also known as the reporting device.



EventType: PH_SYSTEM_EPS_ORG

Description: FortiSIEM per Organization event handling statistics

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

phCustId

Organization ID

uint32

This is the FortiSIEM organization ID unique to each tenant

customer

Organization Name

string

This is the FortiSIEM Organization Name, which is unique to each tenant. It identifies the tenant this event belongs to.

incomingEventsPerSec

Incoming Event Rate

double

This is a FortiSIEM event ingestion rate calculated every 3 minutes, divided by 180 to generate a rolling EPS (Events Per Second) interval.

peakIncomingEventsPerSec

Peak Incoming Event Rate

double

This is the spike or max event ingestion rate seen during a 3 minute interval averaged overall data points.

dropLicenseEventsPerSec

License Dropped Event Rate

double

The number of events dropped due to exceeding license in past 3 minutes.

peakDropLicenseEventsPerSec

Peak License Dropped Event Rate

double

The max value of dropLicenseEventsPerSec over all 3-minute periods, since phParser started.



EventType: PH_SYSTEM_EVENTS_FWD_STAT

Description: Forwarded EPS statistics

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

role

Role

string

phCustId

Organization ID

uint32

This is the FortiSIEM organization ID unique to each tenant

customer

Organization Name

string

This is the FortiSIEM Organization Name, which is unique to each tenant. It identifies the tenant this event belongs to.

fwdEventsPerSec

Forwarded Event Rate

double

This field represents the average rate (events per sec) over a 3 minute window, at which events are forwarded from FortiSIEM to an external system

peakFwdEventsPerSec

Peak Forwarded Event Rate

double

This field represents the maximum rate (events per sec) over a 3 minute window, at which events are forwarded from FortiSIEM to an external system

dropFwdEventsPerSec

Dropped Forwarded Event Rate

double

peakDropFwdEventsPerSec

Peak Dropped Forwarded Event Rate

double

reptDevIpAddr

Reporting IP

IP

This is the device that originated the log or event packet, also known as the reporting device.

reptDevName

Reporting Device

string

This is the hostname of the device that originated the log or event packet.



EventType: PH_SYSTEM_EVENTS_PER_SEC

Description: Received EPS statistics

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

peakEventsPerSec

Peak Event Rate

double

guaranteedEventsPerSec

Guaranteed EPS

uint64



EventType: PH_SYSTEM_EVENTS_VIA_ZMQ_EPS

Description: Events Pushed by ZMQ EPS statistics

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

totEventCount

Total Event Count

uint32

eventsPerSec

Event Rate

double

A generic attribute for recording event ingestion or handling rate.



EventType: PH_SYSTEM_INTERNAL_EVENTS_PER_SEC

Description: FortiSIEM Internal EPS statistics

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

peakEventsPerSec

Peak Event Rate

double



EventType: PH_SYSTEM_IP_EVENTS_PER_SEC

Description: FortiSIEM per device EPS statistics

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

eventsPerSec

Event Rate

double

A generic attribute for recording event ingestion or handling rate.

reptDevIpAddr

Reporting IP

IP

This is the device that originated the log or event packet, also known as the reporting device.

phCustId

Organization ID

uint32

This is the FortiSIEM organization ID unique to each tenant



EventType: PH_SYSTEM_PERF_EVENTS_PER_SEC

Description: FortiSIEM performance monitoring EPS statistics

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

peakEventsPerSec

Peak Event Rate

double



EventType: PH_SYSTEM_STORED_EVENTS_PER_SEC

Description: Stored EPS statistics

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

peakEventsPerSec

Peak Event Rate

double



EventType: PH_SYSTEM_SUMM_EVENTS_STORED_EPS

Description: Summary Events Stored EPS statistics

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

totEventCount

Total Event Count

uint32

eventsPerSec

Event Rate

double

A generic attribute for recording event ingestion or handling rate.



EventType: PH_VA_EVENTS_PER_SEC

Description: Total event rate to an FortiSIEM VA

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

peakEventsPerSec

Peak Event Rate

double


Event Collection and Forwarding Logs

Event Collection and Forwarding Logs

This section provides logs related to event collection and forwarding via syslog, WMI/OMI and other collection methods



EventType: PH_AGENTMGR_ACI_ATTR_NOT_FOUND

Description: Agent Manager Cisco ACI monitoring module cannot find specific attribute

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_ACI_CURL_HANDLE_GET_FAILED

Description: Agent Manager Cisco ACI monitoring module unable to get curl handle

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_ACI_FILE_WRITE_ERROR

Description: Agent Manager Cisco ACI monitoring module unable to write timestamp file

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string



EventType: PH_AGENTMGR_ACI_JSON_PARSE_FAILED

Description: Agent Manager Cisco ACI monitoring module failed to parse JSON

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_ACI_SERVER_EMPTY

Description: Agent Manager Cisco ACI monitoring module found server is empty

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_ACI_TOKEN_GET_FAILED

Description: Agent Manager Cisco ACI monitoring module cannot get login token

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_ALERTLOGIC_CURL_HANDLE_GET_FAILED

Description: Agent Manager Alert Logic log parsing module unable to get curl handle

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_ALERTLOGIC_FILE_LOAD_ERROR

Description: Agent Manager Alert Logic log parsing module failed to load file

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string



EventType: PH_AGENTMGR_ALERTLOGIC_FILE_READ_ERROR

Description: Agent Manager Alert Logic log parsing module found wrong format in file

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string



EventType: PH_AGENTMGR_ALERTLOGIC_FILE_WRITE_ERROR

Description: Agent Manager Alert Logic log parsing module unable to write timestamp file

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string



EventType: PH_AGENTMGR_ALERTLOGIC_INVALID_DATA

Description: Agent Manager Alert Logic log parsing module found invalid data format

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_ALERTLOGIC_INVALID_PATH

Description: Agent Manager Alert Logic log parsing module found invalid incident path

Severity: 3 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string



EventType: PH_AGENTMGR_ALERTLOGIC_QUERY_INTERVAL_TOO_LONG

Description: Agent Manager Alert Logic log parsing module found query interval is larger, it will be narrowed in one week

Severity: 3 (Low)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_ALERTLOGIC_SERVER_EMPTY

Description: Agent Manager Alert Logic log parsing module found server is empty

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_AMPCLOUD_CURL_CONNECT_FAILED

Description: Agent Manager AMP Cloud log parsing module unable to connect server

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

infoURL

Informational URL

string

This field captures an URL if present in an event

httpStatusCode

HTTP Status

string



EventType: PH_AGENTMGR_AMPCLOUD_CURL_HANDLE_GET_FAILED

Description: Agent Manager AMP Cloud log parsing module unable to get curl handle

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_AMPCLOUD_FILE_LOAD_ERROR

Description: Agent Manager AMP Cloud log parsing module failed to load file

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string



EventType: PH_AGENTMGR_AMPCLOUD_FILE_READ_ERROR

Description: Agent Manager AMP Cloud log parsing module found wrong format in file

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string



EventType: PH_AGENTMGR_AMPCLOUD_INVALID_DATA

Description: Agent Manager AMP Cloud log parsing module found Invalid data format

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_AMPCLOUD_JSON_PARSE_FAILED

Description: Agent Manager AMP Cloud log parsing module failed to parse JSON

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errReason

Reason for Error

string

This is the reason for an error if given.



EventType: PH_AGENTMGR_AMPCLOUD_NO_DEFINE_SEVERITY

Description: Agent Manager AMP Cloud log parsing module found event severity is not defined

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_AMPCLOUD_SERVER_EMPTY

Description: Agent Manager AMP Cloud log parsing module found server is empty

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_API_PERMISSION_MISSING

Description: There is no permission

Severity: 5 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_AGENTMGR_AWSFLOWLOG_EVENT_PULL_FAILED

Description: Agent Manager AWS module failed to get AWS Flow log after 5 tries

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_AGENTMGR_AWSFLOWLOG_FILE_WRITE_ERROR

Description: Agent Manager AWS Flow log handling module unable to write timestamp file

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string



EventType: PH_AGENTMGR_AWSFLOWLOG_LOG_FORMAT_WRONG

Description: Agent Manager AWS Flow log handling module encountered wrong log format

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_AWSKINESIS_CONSUMER_START_FAILED

Description: Failed to start Kinesis consumer process

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_AGENTMGR_AWS_CACHE_FILE_ERROR

Description: Agent Manager AWS Cache file is not available

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_AWS_DELETE_OJECTKEY_FAILED

Description: Failed to delete object key from SQS

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_AGENTMGR_AWS_DOWNLOAD_OJECT_FAILED

Description: Failed to download object from bucket

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_AGENTMGR_AWS_EVT_DOWNLOAD_FAILED

Description: Agent Manager AWS module failed to download event by do_system failed

Severity: 3 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

command

Command

string



EventType: PH_AGENTMGR_AWS_EVT_SEND_FAILED

Description: Agent Manager AWS module failed to send cloudtrail event to phParser after 5 tries

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_AWS_GET_OJECTKEY_FAILED

Description: Agent Manager AWS agent failed to get object key from SQS

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_AGENTMGR_AWS_GZ_FILE_OPEN_ERROR

Description: Agent Manager AWS module gailed to open gz file, or not enough memory to open it

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string



EventType: PH_AGENTMGR_AWS_JSON_PARSE_FAILED

Description: Agent Manager AWS module failed to parse JSON

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_AWS_SQSURL_FORMAT_ERROR

Description: Agent Manager AWS Sqs Url format is wrong

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_BOX_API_CALL_FAILED

Description: Agent Manager BOX module failed to call BOX API

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_BOX_ATTR_NOT_FOUND

Description: Agent Manager BOX module cannot find attribute

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_BOX_EVENT_PULL_FAILED

Description: Agent Manager BOX module failed to pull BOX log

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

accountName

Account Name

string

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_AGENTMGR_BOX_FILE_ID_EMPTY

Description: Agent Manager BOX module found empty file ID

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_BOX_FILE_LIMIT_EXCEED

Description: Agent Manager BOX module found that the number of monitoring file exceeded limit

Severity: 3 (Low)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_BOX_FILE_NOT_MONITORED_ERROR

Description: Agent Manager BOX module found that the file is not monitored before

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string



EventType: PH_AGENTMGR_BOX_FILE_PATH_PARSE_FAILED

Description: Agent Manager BOX module could not parse file path

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string



EventType: PH_AGENTMGR_BOX_FILE_TYPE_WRONG

Description: Agent Manager BOX module found wrong file type

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

fileType

File Type

string



EventType: PH_AGENTMGR_BOX_FOLDER_TYPE_WRONG

Description: Agent Manager BOX module found wrong folder type

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_BOX_HTTP_NO_RESPONSE

Description: Agent Manager BOX module did not find response from App Server Server

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

serverName

Server Name

string



EventType: PH_AGENTMGR_BOX_JSON_PARSE_FAILED

Description: Agent Manager BOX module failed to parse JSON

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_BOX_RESPONSE_NO_SPECIAL_ATTRIBUTE

Description: Agent Manager BOX module response doesn't have special node

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_BOX_TIME_CONVERT_FAILED

Description: Agent Manager BOX module could not convert time

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

exitValue

Command exit value

int32



EventType: PH_AGENTMGR_BOX_XML_PARSE_FAILED

Description: Agent Manager BOX module failed to parse XML from App Server

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_CISCOAMP_CONSUMER_START_FAILED

Description: Failed to start Cisco AMP consumer process

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_AGENTMGR_CLOUDPASSAGE_API_CALL_FAILED

Description: CloudPassage Halo REST API call api failed

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_AGENTMGR_CLOUDPASSAGE_FILE_WRITE_ERROR

Description: Unable to write timestamp file

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string



EventType: PH_AGENTMGR_CLOUDPASSAGE_GET_EVENT_FAILED

Description: Failed to get event from CloudPassage API

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_AGENTMGR_CLOUDPASSAGE_JSON_EMPTY

Description: JSON is empty

Severity: 3 (Low)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_CLOUDPASSAGE_JSON_PARSE_FAILED

Description: Failed to parse JSON

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_CLOUDPASSAGE_TOKEN_EMPTY

Description: Token is empty

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_AGENTMGR_CLOUDTRAIL_FILE_READ_FAILED

Description: Agent Manager AWS CloudTrail module encountered error while reading Cloudtrail queue cache file

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string



EventType: PH_AGENTMGR_CONFIG_ERROR

Description: Agent Manager own configuration error

Severity: 3 (Low)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_CONFIG_VERSION_SEND_FAILED

Description: Agent Manager failed to send config version to App Server

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorNo

Error Number Unsigned

uint32

This is an unsigned integer error number



EventType: PH_AGENTMGR_CONFIG_WARNING

Description: FortiSIEM Agent Manager configuration warning

Severity: 5 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errReason

Reason for Error

string

This is the reason for an error if given.



EventType: PH_AGENTMGR_CREDENTIAL_GET_FAILED

Description: Agent Manager failed to get credentials

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

jobName

Job Name

string

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_AGENTMGR_CROWDSTRIKE_GET_DATAFEED_URL_FAILED

Description: Failed to get crowdstrike datafeed url

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_AGENTMGR_CUST_RESULT_UPLOAD_FAILED

Description: Agent Manager failed to upload test custom performance monitor result xml to App Server

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_DIR_CREATE_FAILED

Description: Could not create dir

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

dirName

Directory Name

string



EventType: PH_AGENTMGR_EVENT_PULL_FAILED

Description: Agent Manager Rapid7 InsightVM pulling engine failed to pull log

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

accountName

Account Name

string

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_AGENTMGR_FALCONDATAREP_SCRIPT_FAILED

Description: Failed to run Falcon Data Replicator script

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_AGENTMGR_FILE_PARSE_ERROR

Description: Agent Manager/module failed to parse file

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string



EventType: PH_AGENTMGR_FILE_WRITE_ERROR

Description: Agent Manager Rapid7 InsightVM pulling engine failed to write file

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string



EventType: PH_AGENTMGR_FIREAMP_CERT_DOWNLOAD_FAILED

Description: Agent Manager/FireAMP Module cannot download certificate file

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string



EventType: PH_AGENTMGR_FIREAMP_DATA_FORMAT_SET_FAILED

Description: Agent Manager/FireAMP Module encountered missing event mapping configuration

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_FIREAMP_EVENT_PULL_FAILED

Description: Agent Manager/FireAMP Module failed to pull log from server!

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

serverName

Server Name

string

exitValue

Command exit value

int32



EventType: PH_AGENTMGR_FIREAMP_EVT_TYPE_LOAD_FAILED

Description: Agent Manager/FireAMP Module encountered empty event mapping configuration

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string



EventType: PH_AGENTMGR_FIREAMP_FILE_LOAD_ERROR

Description: Agent Manager/FireAMP Module failed to load file

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string



EventType: PH_AGENTMGR_FIREAMP_FILE_OPEN_ERROR

Description: Agent Manager/FireAMP Module failed to open file

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string

exitValue

Command exit value

int32



EventType: PH_AGENTMGR_FIREAMP_INVALID_DATA

Description: Agent Manager/FireAMP Module found invalid response data

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_FIREAMP_NEW_AGENT_FAILED

Description: Agent Manager/FireAMP Module - new agent failed

Severity: 3 (Low)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_FIREAMP_NO_ATTR

Description: No configuration event attribute

Severity: 3 (Low)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_FIREAMP_NO_PROTOCOL

Description: Can't find protocol number from IANA table

Severity: 3 (Low)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_FORTICASB_GET_SERVICE_ALERT_ERROR

Description: Failed to get sevices alerts

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

serviceName

Service Name

string



EventType: PH_AGENTMGR_FORTICASB_GET_SERVICE_ERROR

Description: Failed to get sevices

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

unitId

Unit Id

string



EventType: PH_AGENTMGR_FORTINDR_GET_API_CALL_FAILED

Description: FortiNDR cloud integration failed to call API URI

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

msg

Message

string

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_AGENTMGR_FORTINDR_GET_API_CALL_NEXT_PAGE

Description: FortiNDR paginated api call being made

Severity: 4 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

msg

Message

string



EventType: PH_AGENTMGR_FORTINDR_GET_API_CALL_NO_RESULTS

Description: API call to FortiNDR api returned no results, this is normal if no results in defined time interval

Severity: 4 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

msg

Message

string



EventType: PH_AGENTMGR_FORTINDR_GET_API_CALL_RESULTS

Description: FortiNDR cloud integration called API URI successfully

Severity: 4 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

msg

Message

string



EventType: PH_AGENTMGR_FORTINDR_GET_BUCKET_KEY

Description: FortiNDR integration is processing an s3 bucket key

Severity: 4 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

bucketName

Bucket Name

string

userKey

User Key

string

categoryType

Category Type

string



EventType: PH_AGENTMGR_FORTINDR_GET_BUCKET_OBJ

Description: FortiNDR integration is downloading an object from s3 bucket

Severity: 4 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

bucketName

Bucket Name

string

userKey

User Key

string

categoryType

Category Type

string



EventType: PH_AGENTMGR_GET_SCAN_RESULTS_FAILED

Description: Failed to get the scan result

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_AGENTMGR_GITHUB_API_CALL_FAILED

Description: Agent Manager/GitHub module failed to call Github API

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_AGENTMGR_GITHUB_CREDENTIAL_GET_FAILED

Description: Agent Manager/GitHub module failed to get credential from App server

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

serverName

Server Name

string



EventType: PH_AGENTMGR_GITHUB_EVENT_PULL_FAILED

Description: Agent Manager/GitHub module failed to pull log

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

accountName

Account Name

string

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_AGENTMGR_GITHUB_FILE_OPEN_ERROR

Description: Agent Manager/GitHub module failed to open file

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string



EventType: PH_AGENTMGR_GITHUB_JSON_PARSE_FAILED

Description: Agent Manager/GitHub module failed to parse JSON response from GitHub server

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_GITHUB_TIME_CONVERT_FAILED

Description: Agent Manager/GitHub module failed to convert time in JSON response from GitHub server

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_GIT_CLONE_REPO_FAILED

Description: Failed to git clone by do_system

Severity: 3 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

command

Command

string



EventType: PH_AGENTMGR_GIT_HANDLE_ERR_FILE_FAILED

Description: Failed to handle error file

Severity: 3 (Low)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_GIT_PULL_EVT_FAILED

Description: Failed to get git log by do_system

Severity: 3 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

command

Command

string



EventType: PH_AGENTMGR_GIT_SAVE_COMMITID_FAILED

Description: Failed to save CommitId of repository

Severity: 3 (Low)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_GZ_FILE_OPEN_ERROR

Description: Failed to open gz file

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_AGENTMGR_INIT_AGENT

Description: Initialize agent

Severity: 1 (Low)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_INIT_CACHE_FILE_FAILED

Description: FortiSIEM Agent Manager failed to initialize cache

Severity: 5 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

jobName

Job Name

string



EventType: PH_AGENTMGR_INIT_NO_CRED

Description: Agent Manager/Cisco IPS log pulling module failed to initialize due to missing credentials

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

jobName

Job Name

string



EventType: PH_AGENTMGR_INVALID_MGR

Description: Invalid Agent Manager

Severity: 5 (Medium)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_IPS_AUTH_FAILED

Description: Agent Manager/Cisco IPS log pulling module found wrong user name, password for logging to IPS appliance

Severity: 3 (Low)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_IPS_EVENT_PULL_FAILED

Description: Agent Manager/Cisco IPS log pulling module failed to pull Cisco IPS log from server

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

serverName

Server Name

string

errorNo

Error Number Unsigned

uint32

This is an unsigned integer error number



EventType: PH_AGENTMGR_IPS_FILE_OPEN_ERROR

Description: Agent Manager/Cisco IPS log pulling module failed to open file

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string



EventType: PH_AGENTMGR_IPS_OBTAIN_SUBSCRIPTION_FAILED

Description: Agent Manager/Cisco IPS log pulling module failed to obtain subscription id

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_AGENTMGR_IPS_SET_SSL_FAILED

Description: SSL setting doesn't work

Severity: 5 (Medium)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_JAVA_AGENT_PIPE_WRITE_FAILED

Description: Failed to write to java agent pipe

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

exitValue

Command exit value

int32



EventType: PH_AGENTMGR_JAVA_AGENT_START_FAILED

Description: Agent Manager failed to start Java agent, will retry

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_JAVA_AGENT_TYPE_UNKNOWN

Description: Agent Manager encountered unknown java agent job type

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_JAVA_AGENT_USER_MISSING

Description: FortiSIEM Agent Manager found user name missing in java Agent configuration

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

hostIpAddr

Host IP

IP

This is the IP of the device of interest in the event.



EventType: PH_AGENTMGR_JAVA_AGENT_ZOMBIE

Description: Agent Manager found Java Agent is in zombie state

Severity: 10 (High)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_JAVA_CMD_SEND_FAILED

Description: Agent Manager failed to send commands to java agent, need to be killed

Severity: 10 (High)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_JAVA_FORK_FAILED

Description: Agent Manager failed to fork Java Agent

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

exitValue

Command exit value

int32



EventType: PH_AGENTMGR_JAVA_INCOMPLETE_DEV_INFO

Description: Agent Manager found incomplete device info for Java Agent

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_JAVA_NO_DEV_TYPE_FOR_JDBC

Description: Agent Manager encountered missing device type for Java Agent JDBC monitoring

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

serverIpAddr

Server IP

IP



EventType: PH_AGENTMGR_JAVA_NO_STATUS_FILE

Description: Agent Manager missing status file

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string



EventType: PH_AGENTMGR_JAVA_PIPE_FAILED

Description: Agent Manager failed to Pipe command for Java Agent

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

exitValue

Command exit value

int32



EventType: PH_AGENTMGR_JAVA_PROCESS_STATE_GET_FAILED

Description: Agent Manager failed to get Java Agent process state

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string



EventType: PH_AGENTMGR_JAVA_SIGKILL_SEND_FAILED

Description: Agent Manager failed to send SIGKILL to java agent

Severity: 10 (High)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

exitValue

Command exit value

int32



EventType: PH_AGENTMGR_JAVA_UNSUPPORT_DEV_TYPE_FOR_JDBC

Description: Agent Manager encountered unsupported device type for Java Agent JDBC monitoring

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

serverIpAddr

Server IP

IP



EventType: PH_AGENTMGR_JAVA_USER_PWD_GET_FAILED

Description: Agent Manager failed to get user name and password

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_AGENTMGR_JSON_PARSE_FAILED

Description: Agent Manager Rapid7 InsightVM monitoring module failed to parse JSON

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_KAFKA_CONSUME_LOG_FAILED

Description: Agent Manager / Kafka Consumer failed to pull log

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_AGENTMGR_KAFKA_CREATE_CONSUMER

Description: phKafkaConsumer creates a consumer handle successfully

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

groupName

Group Name

string

user

User

string

topicName

Topic Name

string

Kafka Topic Name



EventType: PH_AGENTMGR_KAFKA_CREATE_CONSUMER_FAILED

Description: Agent Manager / Kafka Consumer failed to create consumer

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_AGENTMGR_KAFKA_CREATE_PRODUCER_FAILED

Description: Agent Manager / Kafka Consumer failed to create producer

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_AGENTMGR_KAFKA_CREATE_TOPIC_FAILED

Description: Agent Manager / Kafka Consumer failed to create topic

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

topicName

Topic Name

string

Kafka Topic Name

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_AGENTMGR_KAFKA_ERROR

Description: Agent Manager / Kafka Consumer encountered occur

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorString

Error String

string

This is the error message, synonymous to attribute errReason

count

Count

uint32

A general count variable. A common use case is for incidents. Count represents how many times an Incident occurred in a time interval. When an Incident with the same group by parameters occurs again. The count is incremented and the Last Seen time is advanced. Count can be used for other events also.



EventType: PH_AGENTMGR_KAFKA_METADATA_FAILED

Description: Agent Manager / Kafka Consume failed to metadata

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_AGENTMGR_KAFKA_PRODUCER_ERROR

Description: Agent Manager / Kafka Consumer encountered error occurred in Kafka producer

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorString

Error String

string

This is the error message, synonymous to attribute errReason

count

Count

uint32

A general count variable. A common use case is for incidents. Count represents how many times an Incident occurred in a time interval. When an Incident with the same group by parameters occurs again. The count is incremented and the Last Seen time is advanced. Count can be used for other events also.



EventType: PH_AGENTMGR_KAFKA_PULL_JOB_FAILED

Description: Agent Manager / Kafka Consumer failed to Consume log

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_KAFKA_REBALANCE

Description: Kafka rebalanceCb

Severity: 1 (Low)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_KAFKA_RELEASE_CONSUMER

Description: phKafkaConsumer releases a consumer handle

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

groupName

Group Name

string

user

User

string

topicName

Topic Name

string

Kafka Topic Name



EventType: PH_AGENTMGR_KAFKA_START_FAILED

Description: Agent Manager / Kafka Consumer failed to start

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_AGENTMGR_KAFKA_SUBSCRIBE_FAILED

Description: Agent Manager / Kafka Consumer failed to subscribe topic

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

topicName

Topic Name

string

Kafka Topic Name

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_AGENTMGR_KAFKA_UPDATE_CONFIG_FAILED

Description: Agent Manager / Kafka Consumer failed to update attribute in config

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_AGENTMGR_KAFKA_UPDATE_ERROR

Description: Agent Manager / Kafka Consumer failed to update failed

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_AGENTMGR_KILL_PROCESS

Description: Try to kill process

Severity: 1 (Low)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_MSAZURE_CONFIG_ARM_FAILED

Description: Agent Manager / MS Azure config mode arm failed

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

exitValue

Command exit value

int32



EventType: PH_AGENTMGR_MSAZURE_DOWNLOAD_FAILED

Description: Agent Manager / MS Azure failed to download Azure audit log

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_AGENTMGR_MSAZURE_JSON_EMPTY

Description: Agent Manager / MS Azure found empty returned JSON from Azure

Severity: 3 (Low)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_MSAZURE_JSON_FILE_NAME_EMPTY

Description: Agent Manager / MS Azure JSON file name is empty from Azure

Severity: 3 (Low)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_MSAZURE_JSON_FILE_PARSE_FAILED

Description: Agent Manager / MS Azure found malformed JSON file from Azure

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_MSAZURE_JSON_PARSE_FAILED

Description: Agent Manager / MS Azure found malformed JSON from Azure

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_MSAZURE_LOGIN_FAILED

Description: Agent Manager / MS Azure failed to login to Azure

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_AGENTMGR_MSG_QUEUE_ACCESS_FAILED

Description: Agent Manager failed to access message queue

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_MSG_RECV_FAILED

Description: Agent Manager failed to receive msg

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

exitValue

Command exit value

int32



EventType: PH_AGENTMGR_OFFICE365_API_CALL_FAILED

Description: Agent Manager / Office365 log pulling engine failed to call api

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_AGENTMGR_OFFICE365_EVENT_PULL_FAILED

Description: Agent Manager / Office365 log pulling engine failed to pull log

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

accountName

Account Name

string

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_AGENTMGR_OFFICE365_FILE_WRITE_ERROR

Description: Agent Manager / Office365 log pulling engine unable to write timestamp file

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string



EventType: PH_AGENTMGR_OFFICE365_GET_SUBSCRIBE_FAILED

Description: FortiSIEM Agent Manager failed to get Office365 subscription

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_AGENTMGR_OFFICE365_JSON_PARSE_FAILED

Description: Agent Manager / Office365 log pulling engine failed to parse Office365 JSON

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_OFFICE365_START_SUBSCRIBE_FAILED

Description: FortiSIEM Agent Manager failed to start Office365 subscription

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_AGENTMGR_OFFICE365_SUBSCRIBE_EMPTY

Description: FortiSIEM Agent Manager found Office365 subscription to be empty

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_OFFICE365_SUBSCRIBE_FAILED

Description: Agent Manager / Office365 log pulling engine failed to get subscription list

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_OFFICE365_TOKEN_EMPTY

Description: Agent Manager / Office365 log pulling engine found empty Token

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_AGENTMGR_OKTA_EVT_DOWNLOAD_FAILED

Description: Agent Manager / OKTA failed to download events

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_OKTA_FILE_WRONG

Description: Agent Manager / OKTA encountered wrong Okta user list file. Please download again

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string



EventType: PH_AGENTMGR_OKTA_NO_USER_INFO

Description: Agent Manager / OKTA user list file doesn't contain any user info

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string



EventType: PH_AGENTMGR_OKTA_RESULT_UPLOAD_FAILED

Description: Agent Manager / OKTA failed to upload discovery result to App server

Severity: 5 (Medium)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_OKTA_RESULT_UPLOAD_WARNING

Description: FortiSIEM Agent Manager failed to upload OKTA User list to App Server

Severity: 3 (Low)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_PARSER_UNABLE_CONNECT

Description: Agent Manager unable to connect to parser host

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

hostIpAddr

Host IP

IP

This is the IP of the device of interest in the event.

ipPort

IP Port

uint16

IP port number



EventType: PH_AGENTMGR_PERF_OBJ_PARSE_FAILURE

Description: Agent Manager did not find any performance objects to monitor

Severity: 3 (Low)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_PROCESS_INIT_FAILED

Description: Agent Manager failed to initialize

Severity: 10 (High)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_PULLING_JOB_OUTDATE

Description: FortiSIEM Agent Manager job pull error

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

jobName

Job Name

string

serverIpAddr

Server IP

IP



EventType: PH_AGENTMGR_REST_API_CALL_FAILED

Description: Agent fails to call rest API

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorString

Error String

string

This is the error message, synonymous to attribute errReason

infoURL

Informational URL

string

This field captures an URL if present in an event

httpStatusCode

HTTP Status

string



EventType: PH_AGENTMGR_RSAS_XML_PARSE_FAILED

Description: AgentManager failed to parse XML

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_RUN_CMD_FAILED

Description: do_system failed

Severity: 5 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

command

Command

string

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_AGENTMGR_RUN_SCRIPT_FAILED

Description: AgentManager failed to run script

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_RUN_SCRIPT_WITHOUT_TASK_ID

Description: AgentManager found missing task id in run script notification

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_SALESFORCE_ATTR_NOT_FOUND

Description: Agent Manager / Salesforce log pulling engine cannot find attribute

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_SALESFORCE_COLUMN_NOT_FOUND

Description: Agent Manager / Salesforce log pulling engine can not find a specific column in Saleforce Event Log File

Severity: 5 (Medium)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_SALESFORCE_CURL_EXECUTE_FAILED

Description: Agent Manager / Salesforce log pulling engine failed to execute curl to get Salesforce log

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

infoURL

Informational URL

string

This field captures an URL if present in an event

errorNo

Error Number Unsigned

uint32

This is an unsigned integer error number



EventType: PH_AGENTMGR_SALESFORCE_CURL_HANDLE_GET_FAILED

Description: Agent Manager / Salesforce log pulling engine unable to get curl handle

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_SALESFORCE_FILE_LOAD_ERROR

Description: Agent Manager / Salesforce log pulling engine failed to load file

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string



EventType: PH_AGENTMGR_SALESFORCE_FILE_WRITE_ERROR

Description: Agent Manager / Salesforce log pulling engine unable to write timestamp file

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string



EventType: PH_AGENTMGR_SALESFORCE_INVALID_DATA

Description: Agent Manager / Salesforce log pulling engine received invalid response from Salesforce

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_SALESFORCE_INVALID_LOG_FILE

Description: Agent Manager / Salesforce log pulling engine received invalid Saleforce Event Log File csv

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_SALESFORCE_JSON_PARSE_FAILED

Description: Agent Manager / Salesforce log pulling engine received failed to parse JSON

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_SALESFORCE_LOGIN_FAILED

Description: Agent Manager / Salesforce log pulling engine failed to login to Salesforce

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorString

Error String

string

This is the error message, synonymous to attribute errReason

infoURL

Informational URL

string

This field captures an URL if present in an event



EventType: PH_AGENTMGR_SALESFORCE_SERVER_EMPTY

Description: Agent Manager / Salesforce log pulling engine found Server is empty

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_SALESFORCE_TOKEN_GET_FAILED

Description: Agent Manager / Salesforce log pulling engine can't get login token

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_SALESFORCE_TOKEN_REGET_FAILED

Description: Agent Manager / Salesforce log pulling engine login session is expired and failed to re-get token

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_SALESFORCE_VERSION_PATH_EMPTY

Description: Agent Manager / Salesforce log pulling engine found empty version path

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_SALESFORCE_XML_PARSE_FAILED

Description: Agent Manager / Salesforce log pulling engine failed to parse XML from App Server

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_SCRIPT_NOTIFICATION_SPAWN_FAILED

Description: Agent Manager encountered error in spawning run script notification thread

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_SERVER_HOST_NAME_RESOLVE_FAILED

Description: Agent Manager could not resolve server host name

Severity: 3 (Low)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_SERVER_HOST_NAME_RESOLVE_WARNING

Description: FortiSIEM Agent Manager failed to resolve Host Name to IP

Severity: 3 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

serverName

Server Name

string

jobName

Job Name

string



EventType: PH_AGENTMGR_SERVER_IP_RESOLVE_FAILED

Description: Agent Manager could not resolve server IP

Severity: 3 (Low)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_SERVER_IP_RESOLVE_WARNING

Description: FortiSIEM Agent Manager failed to resolve IP to Host Name

Severity: 3 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

serverIpAddr

Server IP

IP

jobName

Job Name

string



EventType: PH_AGENTMGR_SETUP_STREAM_FAILED

Description: Failed to setup stream connection

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_START_THREAD_FAILED

Description: Failed to start thread

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_STATUS_REPORT_FAILED

Description: Agent Manager failed to report task status to App Server

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_STATUS_REPORT_INIT_FAILED

Description: Agent Manager failed to initialize job status reporter

Severity: 10 (High)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_STOP_STREAM_FAILED

Description: Failed to stop stream connection

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_TENABLE_EXPORT_SCAN_FAILED

Description: Exported scan failed

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_AGENTMGR_TENABLE_GET_DOWNLOAD_FAILED

Description: Download exported scan failed

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_AGENTMGR_TENABLE_GET_SCANS_FAILED

Description: Get the scan list failed

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_AGENTMGR_TENABLE_GET_STATUS_FAILED

Description: Check the file status of exported scan failed

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_AGENTMGR_TENABLE_PULL_FAILED

Description: Failed to pull Tenable.io data

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_AGENTMGR_TIME_CONVERTION_FAILED

Description: Agent Manager/module failed to convert time

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_TOKEN_GET_FAILED

Description: Agent Manager monitoring module cannot get login token

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_UNPACK_FILE_FAILED

Description: Agent Manager unpack file failed

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

fileName

File Name

string



EventType: PH_AGENTMGR_UPDATE_AGENT

Description: Update agent

Severity: 1 (Low)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_WINDEFATP_API_CALL_FAILED

Description: Windows Defender ATP REST API call api failed

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_AGENTMGR_WINDEFATP_FILE_WRITE_ERROR

Description: Unable to write timestamp file

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string



EventType: PH_AGENTMGR_WINDEFATP_GET_ALERT_FAILED

Description: Failed to get alert from Windows Defender ATP

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_AGENTMGR_WINDEFATP_JSON_EMPTY

Description: JSON is empty

Severity: 3 (Low)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_WINDEFATP_JSON_PARSE_FAILED

Description: Failed to parse JSON

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_WINDEFATP_TOKEN_EMPTY

Description: Token is empty

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_AGENTMGR_WMI_EVENT_PULL_ERROR

Description: Agent Manager / Windows WMI event log pulling engine encountered error

Severity: 3 (Low)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_WMI_EVENT_PULL_WARNING

Description: FortiSIEM Agent Manager WMI event pull warning

Severity: 3 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

serverName

Server Name

string

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_AGENTMGR_WMI_FILE_OPEN_ERROR

Description: Agent Manager / Windows WMI event log pulling engineailed to open file

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string

exitValue

Command exit value

int32



EventType: PH_AGENTMGR_WMI_LOG_PULL_ERROR

Description: Faild to pull logs by WMI

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

hostName

Host Name

string

This is the hostname of the device of interest in the event

errorString

Error String

string

This is the error message, synonymous to attribute errReason

errReason

Reason for Error

string

This is the reason for an error if given.



EventType: PH_AGENTMGR_WMI_MISSING_LOG

Description: Some logs are missing

Severity: 3 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errReason

Reason for Error

string

This is the reason for an error if given.



EventType: PH_AGENTMGR_WMI_STATUS_REPORT_FAILED

Description: Agent Manager / Windows WMI event log pulling engineailed to report task status to App Server

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_WMI_USER_PWD_GET_FAILED

Description: Agent Manager / Windows WMI event log pulling engine failed to get WMI user name and password

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_AGENTMGR_WVSS_XML_PARSE_FAILED

Description: Agent Manager / Windows WMI event log pulling engineailed to parse XML

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_AGENTMGR_XML_PARSE_FAILED

Description: Agent Manager / Windows WMI event log pulling engineailed to parse XML

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_BAD_NETFLOW_PACKET

Description: Bad netflow packet

Severity: 6 (Medium)

Event Category: 3 (System Logs)


EventType: PH_BAD_NETFLOW_VER

Description: Unsupported netflow version

Severity: 6 (Medium)

Event Category: 3 (System Logs)


EventType: PH_CHECKPOINT_CERTHANDLER_ERROR

Description: Checkpoint failed to parse device certificate received from App Server

Severity: 9 (High)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errReason

Reason for Error

string

This is the reason for an error if given.



EventType: PH_CHECKPOINT_CERTPULL_ERROR

Description: Checkpoint failed to obtain certificate from App Server

Severity: 9 (High)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

serverIpAddr

Server IP

IP

errorNo

Error Number Unsigned

uint32

This is an unsigned integer error number

errReason

Reason for Error

string

This is the reason for an error if given.



EventType: PH_CHECKPOINT_CMD_USAGE_ERROR

Description: Checkpoint command usage error

Severity: 9 (High)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

command

Command

string

errReason

Reason for Error

string

This is the reason for an error if given.



EventType: PH_CHECKPOINT_CPMI_FETCH_ERROR

Description: Checkpoint CPMI fetch error. Events may miss some metadata

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

serverIpAddr

Server IP

IP

errReason

Reason for Error

string

This is the reason for an error if given.

errorString

Error String

string

This is the error message, synonymous to attribute errReason

errorNo

Error Number Unsigned

uint32

This is an unsigned integer error number



EventType: PH_CHECKPOINT_DEV_INIT_ERROR

Description: Checkpoint device initialization error. Checkpoint device can not be monitored

Severity: 10 (High)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errReason

Reason for Error

string

This is the reason for an error if given.



EventType: PH_CHECKPOINT_FILE_RENAME_FAILURE

Description: FortiSIEM Checkpoint module failed to rename file

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

srcFilePath

Source File Path

string

destFilePath

Destination File Path

string

errorNoInt

Error Number Int

int32



EventType: PH_CHECKPOINT_FWLOGHANDLER_ERROR

Description: Checkpoint LEA handler protocol error. Checkpoint device can not be monitored

Severity: 9 (High)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

serverIpAddr

Server IP

IP

errorNo

Error Number Unsigned

uint32

This is an unsigned integer error number

errReason

Reason for Error

string

This is the reason for an error if given.



EventType: PH_CHECKPOINT_FWLOGHANDLER_INIT_ERROR

Description: Checkpoint OPSEC log handler initialization error. Checkpoint device can not be monitored

Severity: 10 (High)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

serverIpAddr

Server IP

IP

fileName

File Name

string

errReason

Reason for Error

string

This is the reason for an error if given.



EventType: PH_CHECKPOINT_HTTP_ERROR

Description: Checkpoint module failed to connect to App server

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errReason

Reason for Error

string

This is the reason for an error if given.

errorNo

Error Number Unsigned

uint32

This is an unsigned integer error number



EventType: PH_CHECKPOINT_LOGHANDLER_ERROR

Description: Checkpoint OPSEC log handler internal error

Severity: 9 (High)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errReason

Reason for Error

string

This is the reason for an error if given.



EventType: PH_CHECKPOINT_PROCESS_GET_FAILED

Description: Checkpoint module failed to get its parent process

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_CHECKPOINT_TESTCONN_ERROR

Description: Checkpoint test connectivity error. Checkpoint device can not be discovered

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

serverIpAddr

Server IP

IP

errReason

Reason for Error

string

This is the reason for an error if given.

errorNo

Error Number Unsigned

uint32

This is an unsigned integer error number



EventType: PH_CHECKPOINT_UNABLE_PARSE_XML

Description: Checkpoint module unable to parse device credential XML received from App Server

Severity: 10 (High)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errReason

Reason for Error

string

This is the reason for an error if given.



EventType: PH_COLLECTOR_CLOCK_SKEW

Description: Clock skew between Collector and Super

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

collectorId

Collector ID

uint32

This field captures the ID of a FortiSIEM Collector

collectorIp

Collector IP

IP

This field captures the IP address of a FortiSIEM Collector

superTime

Supervisor Time

Date

This field represents SupervisorTime used to determine Clock Skew between Collector and Supervisor. A Clock Skew may develop if NTP is not configured correctly in both Collector and Supervisor.

collectorTime

Collector Time

Date

This field represents Collector Time used to determine Clock Skew between Collector and Supervisor. A Clock Skew may develop if NTP is not configured correctly in both Collector and Supervisor.

timeSkewSec

Time skew

uint32

Time skew between Collector and Supervisor. If there is significant time skew then rules may not trigger, since rules need to be evaluated based on a time window.



EventType: PH_COLLECTOR_DOWN

Description: Collector down

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_COLLECTOR_EVENT_ARRIVAL_DELAYED

Description: Collector event delayed

Severity: 9 (High)

Event Category: 3 (System Logs)


EventType: PH_COLLECTOR_EVENT_ARRIVAL_OK

Description: Collector event arrived on time

Severity: 1 (Low)

Event Category: 3 (System Logs)


EventType: PH_COLLECTOR_EVENT_STORE_DELAYED

Description: Collector event file delayed

Severity: 9 (High)

Event Category: 3 (System Logs)


EventType: PH_COLLECTOR_EVENT_STORE_OK

Description: Collector event file on time

Severity: 1 (Low)

Event Category: 3 (System Logs)


EventType: PH_COLLECTOR_UP

Description: Collector up

Severity: 1 (Low)

Event Category: 3 (System Logs)


EventType: PH_CYBERARK_INIT_ERROR

Description: FortiSIEM CyberArk module initialization error

Severity: 10 (High)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorString

Error String

string

This is the error message, synonymous to attribute errReason

errReason

Reason for Error

string

This is the reason for an error if given.



EventType: PH_DEV_FAIL_TO_PULL_EVENTS

Description: Fail to pull events

Severity: 6 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

hostIpAddr

Host IP

IP

This is the IP of the device of interest in the event.



EventType: PH_EVENT_FORWARDER_CHECKSUM_MISMATCH

Description: FortiSIEM Event Forwarder module encountered checksum error

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string



EventType: PH_EVENT_FORWARDER_CONNECT_ERROR

Description: FortiSIEM Event Forwarder failed to connect to forwdarding destination host

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorNoInt

Error Number Int

int32



EventType: PH_EVENT_FORWARDER_DIR_OPEN_FAILURE

Description: FortiSIEM Event Forwarder failed to open directory

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

dirName

Directory Name

string



EventType: PH_EVENT_FORWARDER_FILE_OPEN_FAILURE

Description: FortiSIEM Event Forwarder failed to open file

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string



EventType: PH_EVENT_FORWARDER_FILE_RENAME_FAILURE

Description: FortiSIEM Event Forwarder failed to rename file

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

srcFilePath

Source File Path

string

destFilePath

Destination File Path

string



EventType: PH_EVENT_FORWARDER_INIT_FAILURE

Description: FortiSIEM Event Forwarder module initialization failure

Severity: 10 (High)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

funName

Function Name

string



EventType: PH_EVENT_FORWARDER_INVALID_GZIP_FILE

Description: FortiSIEM Event Forwarder module encountered invalid gzip file

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string



EventType: PH_EVENT_FORWARDER_INVALID_PHOENIX_CONFIG

Description: FortiSIEM Event Forwarder module encountered invalid phoenix_config file

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

module

Module Name

string

configName

Config Name

string

configValue

Config Value

string



EventType: PH_EVENT_FORWARDER_INVALID_PROTOCOL

Description: FortiSIEM Event Forwarder module encountered invalid forwarding protocol

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_EVENT_FORWARDER_KAFKA_ERROR

Description: FortiSIEM Event Forwarder module encountered Kafka protocol error

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorString

Error String

string

This is the error message, synonymous to attribute errReason

actionName

Notification Action Name

string



EventType: PH_EVENT_FORWARDER_KAFKA_INIT_FAILURE

Description: FortiSIEM Event Forwarder module initialization failure

Severity: 10 (High)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_EVENT_FORWARDER_KAFKA_PRODUCE_ERROR

Description: FortiSIEM Event Forwarder module encountered error while forwarding via Kafka protocol

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_EVENT_FORWARDER_MKDIR_FAILURE

Description: FortiSIEM Event Forwarder failed to create directory

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

dirName

Directory Name

string



EventType: PH_EVENT_FORWARDER_RUN_PROCESS_ERROR

Description: FortiSIEM Event Forwarder failed to run process during execution

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_EVENT_FORWARDER_SOCKET_ERROR

Description: FortiSIEM Event Forwarder failed to create socket

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorNoInt

Error Number Int

int32



EventType: PH_EVENT_FORWARDER_SOCKET_WRITE_ERROR

Description: FortiSIEM Event Forwarder failed to write to socket

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorNoInt

Error Number Int

int32



EventType: PH_EVENT_FORWARDER_SSL_CERT_ERROR

Description: FortiSIEM Event Forwarder SSL certification error

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errReason

Reason for Error

string

This is the reason for an error if given.



EventType: PH_EVENT_FORWARDER_SSL_ERROR

Description: FortiSIEM Event Forwarder Generic SSL error

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errReason

Reason for Error

string

This is the reason for an error if given.



EventType: PH_EVENT_FWD_CERT_LOAD_FAILED

Description: Event Forwarder module failed to load certification file or key file for TLS based forwarding - forwarding via this method will not occur

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_EVENT_FWD_CERT_UNPAIRED

Description: Event Forwarder module detected unpaired certififcation file or key file - forwarding via this method will not occur

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_EVENT_FWD_DIR_MAKE_FAILED

Description: Event Forwarder module failed to create a directory during initialization

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

dirName

Directory Name

string



EventType: PH_EVENT_FWD_DIR_OPEN_FAILED

Description: Event Forwarder module failed to open a directory

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

dirName

Directory Name

string



EventType: PH_EVENT_FWD_FILE_RENAME_FAILED

Description: Event Forwarder module failed to rename a file

Severity: 3 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

srcFilePath

Source File Path

string

destFilePath

Destination File Path

string



EventType: PH_EVENT_FWD_FULL_FORWARDING_FAILED

Description: Event Forwarder failed to forward all events in one file to the destination, will retry

Severity: 3 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

destIpAddr

Destination IP

IP

Destination IP of a device as identified in the event.

destIpPort

Destination TCP/UDP Port

uint16

This is the destination TCP or UDP port as identified in the event



EventType: PH_EVENT_FWD_GET_FILE_NUM_FAILURE

Description: Event Forwarder module failed to get event file count in /opt/phoenix/cache/parser/fwd

Severity: 5 (Medium)

Event Category: 3 (System Logs)


EventType: PH_EVENT_FWD_GZ_CLOSE_ERROR

Description: Event Forwarder module cannot close gz file stored in /opt/phoenix/cache/parser/fwd - event will not be forwarded

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string



EventType: PH_EVENT_FWD_GZ_FILE_OPEN_ERROR

Description: Event Forwarder failed to open event file (gz), or not enough memory to open it

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string



EventType: PH_EVENT_FWD_GZ_MD5_ERROR

Description: Event Forwarder module cannot get md5 of event file (gz)

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string



EventType: PH_EVENT_FWD_GZ_RENAME_ERROR

Description: Event Forwarder module cannot rename event file (gz)

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_EVENT_FWD_GZ_SIZE_MISMATCH

Description: Event Forwarder found malformed event file (gz) - length mismatch

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string



EventType: PH_EVENT_FWD_KAFKA_WARNING

Description: Event Forwarder module failed on event serialization to send via Kafka

Severity: 5 (Medium)

Event Category: 3 (System Logs)


EventType: PH_EVENT_FWD_MD5_CHECKSUM_MISMATCH

Description: Event Forwarder found event file (gz) MD5 checksum

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_EVENT_FWD_NETFLOW_REGEX_IGNORED

Description: Event Forwarder ignores regex filter in forwarding rule for Netflow since Netflow is binary

Severity: 5 (Medium)

Event Category: 3 (System Logs)


EventType: PH_EVENT_FWD_PARTIAL_FORWARDING_FAILED

Description: Event Forwarder failed to forward a subset of events in one file to the destination. Those events will be lost

Severity: 8 (Medium)

Event Category: 3 (System Logs)


EventType: PH_EVENT_FWD_PARTIAL_FORWARDING_WARNING

Description: FortiSIEM Event Forwarder was able to do partial forwarding

Severity: 3 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

destIpAddr

Destination IP

IP

Destination IP of a device as identified in the event.

destIpPort

Destination TCP/UDP Port

uint16

This is the destination TCP or UDP port as identified in the event



EventType: PH_EVENT_FWD_PCRE_ERROR

Description: Event Forwarder module failed to Pcre compile - this means the regular expression in the forwarding rule is invalid

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_EVENT_FWD_PROCESS_INIT_FAILED

Description: Event Forwarder failed to initialize this process

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_EVENT_FWD_PROCESS_START_FAILED

Description: Event Forwarder failed to run

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_EVENT_FWD_PROTO_FORWARDED_WRONG

Description: Event Forwarder found incorrect proto in the forwarding rule

Severity: 8 (Medium)

Event Category: 3 (System Logs)


EventType: PH_EVENT_FWD_RENAME_GZ_ERROR

Description: FortiSIEM Event Forwarder failed to rename gz file

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string



EventType: PH_EVENT_FWD_RULE_PARSE_ERROR

Description: Event forwarder module failed to parse event forwarding rule

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_EVENT_FWD_SOCKET_CONNECT_FAILED

Description: Event Forwarder failed to connect the destination for TCP based forwarding

Severity: 8 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

exitValue

Command exit value

int32



EventType: PH_EVENT_FWD_SOCKET_GET_FAILED

Description: Event Forwarder failed to get socket for connecting the destination

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

exitValue

Command exit value

int32



EventType: PH_EVENT_FWD_SOCKET_WRITE_FAILED

Description: Event Forwarder failed to write to socket for sending events

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

exitValue

Command exit value

int32



EventType: PH_EVENT_FWD_SSL_CREATE_FAILED

Description: Event Forwarder unable to create new SSL context structure for TLS based fowarding

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_EVENT_FWD_SSL_SESSION_BUILD_FAILED

Description: Event Forwarder unable to build SSL session for TLS based fowarding

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_EVENT_FWD_UNEXPECTED_FILE_REMOVED

Description: Event Forwarder removed unexpected event file (mismatched name format)

Severity: 3 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string



EventType: PH_EVENT_PKG_ATTR_NOT_FOUND

Description: Event Packager cannot find Worker name in XML received from App Server

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_EVENT_PKG_EMPTY_FILE_REMOVED

Description: Event Packager found an empty event file - filw will be removed

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string



EventType: PH_EVENT_PKG_FILE_ADD_TO_SVN_FAILED

Description: Event Packager failed to add configuration file to svn upload queue

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string



EventType: PH_EVENT_PKG_FILE_REMOVED_ERROR

Description: Event Packager failed to remove event file after upload

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string



EventType: PH_EVENT_PKG_FILE_RENAME_FAILED

Description: Event Packager failed to rename configuration file after scanning

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

srcFilePath

Source File Path

string

destFilePath

Destination File Path

string

exitValue

Command exit value

int32



EventType: PH_EVENT_PKG_FILE_STAT_FAILED

Description: Event Packager failed to stat configuration or event file

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string

exitValue

Command exit value

int32



EventType: PH_EVENT_PKG_FILE_UPLOAD_FAILED

Description: Event Packager failed to upload event file to Worker or Super; will retry

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string

serverIpAddr

Server IP

IP



EventType: PH_EVENT_PKG_FILE_UPLOAD_SUCCESS_HIGH

Description: Event file upload success is high

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

ratio

Ratio

uint64



EventType: PH_EVENT_PKG_FILE_UPLOAD_SUCCESS_LOW

Description: Event file upload success is low

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

ratio

Ratio

uint64



EventType: PH_EVENT_PKG_GZ_CLOSE_FAILED

Description: Event Packager failed to close event file after writing

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string

exitValue

Command exit value

int32



EventType: PH_EVENT_PKG_GZ_FILE_OPEN_ERROR

Description: Event Packager failed to open gz file or not enough memory to open it

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string



EventType: PH_EVENT_PKG_HTTP_FAILED

Description: Event Packager encountered HTTPS error response code

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

serverIpAddr

Server IP

IP

errorNo

Error Number Unsigned

uint32

This is an unsigned integer error number



EventType: PH_EVENT_PKG_HTTP_INIT_FAILED

Description: Event Packager HTTP client initialization failed

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

serverIpAddr

Server IP

IP



EventType: PH_EVENT_PKG_INSERT_TASK_FAILED

Description: Failed to insert task into event file upload queue

Severity: 5 (Medium)

Event Category: 3 (System Logs)


EventType: PH_EVENT_PKG_NO_EVENT

Description: Event Packager did not upload any event in last 10 minutes

Severity: 3 (Low)

Event Category: 3 (System Logs)


EventType: PH_EVENT_PKG_OPEN_DIR_FAILED

Description: Failed to open directory

Severity: 5 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string

errorNoInt

Error Number Int

int32



EventType: PH_EVENT_PKG_PROCESS_INIT_FAILED

Description: Event Packager failed to initialize

Severity: 10 (High)

Event Category: 3 (System Logs)


EventType: PH_EVENT_PKG_PROCESS_START_FAILED

Description: Event Packager failed to run

Severity: 10 (High)

Event Category: 3 (System Logs)


EventType: PH_EVENT_PKG_QUEUE_GET_FAILED

Description: Event Packager failed to get event file from the queue

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

exitValue

Command exit value

int32



EventType: PH_EVENT_PKG_SERVER_LIST_UPLOAD_FAILED

Description: Event Packager failed to get upload server list from App Server

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

serverIpAddr

Server IP

IP



EventType: PH_EVENT_PKG_SERVICE_LIST_EMPTY

Description: Empty upload service list

Severity: 5 (Medium)

Event Category: 3 (System Logs)


EventType: PH_EVENT_PKG_TASK_ADD_TO_QUEUE_FAILED

Description: Event Packager failed to add file upload task to queue

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_EVENT_PKG_XML_PARSE_FAILED

Description: Event Packager failed to parse XML from App Server

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_EVTPKGER_FILE_UPLOAD_FAILED

Description: File upload failed

Severity: 6 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

fileName

File Name

string

destIpAddr

Destination IP

IP

Destination IP of a device as identified in the event.



EventType: PH_EVT_HANDLER_DBG

Description: Event handler debug message

Severity: 1 (Low)

Event Category: 3 (System Logs)


EventType: PH_EVT_HANDLER_ERR

Description: Event handler error message

Severity: 6 (Medium)

Event Category: 3 (System Logs)


EventType: PH_EVT_HANDLER_EVT_QUEUE_LARGE

Description: Uploaded event files size large

Severity: 6 (Medium)

Event Category: 3 (System Logs)


EventType: PH_EVT_HANDLER_EVT_QUEUE_WARNING

Description: Worker Input Event Queue large

Severity: 10 (High)

Event Category: 3 (System Logs)


EventType: PH_EVT_HANDLER_INFO

Description: Event handler information

Severity: 1 (Low)

Event Category: 3 (System Logs)


EventType: PH_EVT_HANDLER_SVN_QUEUE_LARGE

Description: Uploaded SVN files size large

Severity: 6 (Medium)

Event Category: 3 (System Logs)


EventType: PH_EVT_HANDLER_SVN_QUEUE_WARNING

Description: Worker Input Event Queue large

Severity: 10 (High)

Event Category: 3 (System Logs)


EventType: PH_EVT_PACKAGER_COND_WAIT_ERROR

Description: FortiSIEM Event Packager Conditional Wait Error

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorNoInt

Error Number Int

int32



EventType: PH_EVT_PACKAGER_FILE_CLOSE_FAILURE

Description: FortiSIEM Event Packager file close error

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string

errorNoInt

Error Number Int

int32



EventType: PH_EVT_PACKAGER_FILE_OPEN_FAILURE

Description: FortiSIEM Event Packager file open error

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string



EventType: PH_EVT_PACKAGER_FILE_REMOVE_FAILURE

Description: FortiSIEM Event Packager file remove error

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string

errorNoInt

Error Number Int

int32



EventType: PH_EVT_PACKAGER_FILE_RENAME_FAILURE

Description: FortiSIEM Event Packager file rename error

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorNoInt

Error Number Int

int32

srcFilePath

Source File Path

string

destFilePath

Destination File Path

string



EventType: PH_EVT_PACKAGER_FILE_STAT_FAILURE

Description: FortiSIEM Event Packager file stat error

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string

errorNoInt

Error Number Int

int32



EventType: PH_EVT_PACKAGER_FILE_UPLOAD_FAILURE

Description: FortiSIEM Event Packager file upload failure

Severity: 3 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string

errorNoInt

Error Number Int

int32

destName

Destination Host Name

string

Destination device's hostname as identified in the log, can also be enriched using reverse lookup of the destination IP address.



EventType: PH_EVT_PACKAGER_HTTP_RESPONSE_ERROR

Description: FortiSIEM Event Packager http response error from App Server

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorNoInt

Error Number Int

int32



EventType: PH_EVT_PACKAGER_INIT_FAILURE

Description: FortiSIEM Event Packager module initialization error

Severity: 10 (High)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

funName

Function Name

string

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_EVT_PACKAGER_REST_PARSE_ERROR

Description: FortiSIEM Event Packager module failed to parse REST output

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_EVT_PACKAGER_RUN_PROCESS_ERROR

Description: FortiSIEM Event Packager module encountered error to run process

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_JAVA_AGENT_APPSERVER_CONN_ERROR

Description: FSM FSM Java Agent failed to connect to App Server

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_JAVA_AGENT_APPSERVER_EXECUTE_ERROR

Description: FSM FSM Java Agent app server JMX Pull SQL Error

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_JAVA_AGENT_CONTROLLER_CMD_PARSE_ERROR

Description: FSM Java Agent parse file failed

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_JAVA_AGENT_CONTROLLER_CMD_READ_ERROR

Description: FSM Java Agent control channel problem, exiting ...

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_JAVA_AGENT_CONTROLLER_GENERIC_ERROR

Description: FSM Java Agent parse file failed

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_JAVA_AGENT_CONTROLLER_LINE_READ_ERROR

Description: FSM Java Agent hit exception while reading line type

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_JAVA_AGENT_CONTROLLER_XML_READ_ERROR

Description: FSM Java Agent hit exception while reading command XML from App Server

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_JAVA_AGENT_CUSTOM_JDBC_CONN_ERROR

Description: FSM Java Agent failed to execute custom JDBC monitoring job - connection error

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_JAVA_AGENT_CUSTOM_JDBC_EXEC_ERROR

Description: FSM Java Agent failed to execute custom JDBC monitoring job - execution error

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_JAVA_AGENT_DISCOVERY_TEST_ERROR

Description: FSM Java Agent failed to connect to Snort database for testing

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_JAVA_AGENT_ERROR

Description: PH java agent generic error

Severity: 6 (Medium)

Event Category: 3 (System Logs)


EventType: PH_JAVA_AGENT_GLASSFISH_MONITOR_ERROR

Description: FSM Java Agent GlassFish monitoring failure

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_JAVA_AGENT_GLASS_FISH_WARNING

Description: FSM Java Agent GlassFish monitoring warning

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_JAVA_AGENT_GOOGLEAPPS_EXEC_ERROR

Description: FSM Java Agent Google Apps Monitor Exception

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_JAVA_AGENT_IBMDB2_AUDIT_CONN_ERROR

Description: FSM Java Agent IBM DB2 connection error

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_JAVA_AGENT_IBMDB2_AUDIT_EXEC_ERROR

Description: FSM Java Agent IBM DB2 audit error

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_JAVA_AGENT_IBM_DB2_CAT_READ_ERROR

Description: FSM Java Agent IBM loading error

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_JAVA_AGENT_IBM_DB2_CONN_ERROR

Description: FSM Java Agent failed to connect to IBM DB2 for collecting audit logs

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_JAVA_AGENT_IBM_DB2_INTERNAL_ERROR

Description: FSM Java Agent IBM Sleep Interrupted error

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_JAVA_AGENT_INFO

Description: PH java agent generic info

Severity: 1 (Low)

Event Category: 3 (System Logs)


EventType: PH_JAVA_AGENT_JBOSS_CONN_ERROR

Description: FSM Java Agent app server connection error

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_JAVA_AGENT_JBOSS_EXEC_ERROR

Description: FSM Java Agent app server connection error

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_JAVA_AGENT_JBOSS_MONITOR_ERROR

Description: Fail to monitor Jboss

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_JAVA_AGENT_JDBC_PULL_UNSUPP_ERROR

Description: No connection for job when pulling JDBC

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_JAVA_AGENT_JDBC_SQL_NOT_SUPPORT_ERROR

Description: FSM Java Agent cannot support such a SQL

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_JAVA_AGENT_JMX_CONN_ERROR

Description: FSM Java Agent jmx JDBC error

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_JAVA_AGENT_JMX_EXEC_ERROR

Description: FSM Java Agent JMX monitor error

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_JAVA_AGENT_JOB_EXECUTOR_ERROR

Description: Exception in AgentJobExecutor.run error

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_JAVA_AGENT_JOB_STATUS_UPLOAD_ERROR

Description: Failed to upload job status xml

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_JAVA_AGENT_JOB_TYPE_ERROR

Description: AgentUtils createAndInitAgent serverType is not defined

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_JAVA_AGENT_JOB_XML_LOAD_ERROR

Description: Exception caught while parsing JobXml

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_JAVA_AGENT_JOB_XML_PARSE_ERROR

Description: Exception caught while parsing JobXml

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_JAVA_AGENT_MCAFEE_MYSQL_MONITOR_ERROR

Description: FSM Java Agent my sql performance monitor error

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_JAVA_AGENT_MCAFEE_VULN_SCANNER_ERROR

Description: FSM Java Agent vulnerability pulling error

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_JAVA_AGENT_MONITOR_GEN_ERROR

Description: FSM Java Agent job monitor rest error

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_JAVA_AGENT_MONITOR_TIMEOUT_ERROR

Description: FSM Java Agent job monitor execute too long

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_JAVA_AGENT_MSSQL_DDL_CONN_ERROR

Description: FSM Java Agent JDBC pull don't support dev error

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_JAVA_AGENT_MSSQL_LOGON_CONN_ERROR

Description: FSM Java Agent MySql Connection error

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_JAVA_AGENT_MSSQL_LOGON_EXEC_ERROR

Description: FSM Java Agent app server JMX Pull SQL Error

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_JAVA_AGENT_MSSQL_MONITOR_ERROR

Description: FSM Java Agent ms sql performance error

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_JAVA_AGENT_MSSQL_PERF_CONN_ERROR

Description: FSM Java Agent job connection error

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_JAVA_AGENT_MSSQL_PERF_EXECUTE_ERROR

Description: FSM Java Agent MSSQL job execution error

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_JAVA_AGENT_MYSQL_PERF_CONN_ERROR

Description: FSM Java Agent MYSQL connection error

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_JAVA_AGENT_MYSQL_PERF_EXEC_ERROR

Description: FSM Java Agent mysql audit performance error

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_JAVA_AGENT_NESSUS_REPORT_PARSE_ERROR

Description: FSM Java Agent nessus report parse error

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_JAVA_AGENT_ORACLE_DB_ERROR

Description: FSM Java Agent Oracle DB performance metrics error

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_JAVA_AGENT_ORADB_AUDIT_CONN_ERROR

Description: FSM Java Agent Oracle DB connection error

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_JAVA_AGENT_ORADB_AUDIT_EXEC_ERROR

Description: FSM Java Agent Oracle DB execution error

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_JAVA_AGENT_ORADB_LOGON_EXEC_ERROR

Description: FSM Java Agent Oracle Audit trail pull error

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_JAVA_AGENT_ORADB_PERF_CONN_ERROR

Description: FSM Java Agent Oracle Database performance metrics collection error - connection issue

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_JAVA_AGENT_ORADB_PERF_EXEC_ERROR

Description: FSM Java Agent Oracle Database performance metrics collection error - SQL exec error

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_JAVA_AGENT_SNORT_CONN_ERROR

Description: FSM Java Agent Snort IPS connect error

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_JAVA_AGENT_SNORT_EVENTID_ERROR

Description: FSM Java Agent Snort IPS alert collection error - exception in setMaxEventId function

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_JAVA_AGENT_SNORT_EXEC_ERROR

Description: FSM Java Agent Snort IPS alert collection error

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_JAVA_AGENT_SNORT_SENSORID_ERROR

Description: FSM Java Agent Snort IPS alert collection error - exception in setSensorId2MaxEventId function

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_JAVA_AGENT_SNORT_TCP_OPTION_ERROR

Description: FSM Java Agent Snort IPS alert collection error - exception in getTcpOptions functions

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_JAVA_AGENT_TOMCAT_MONITOR_ERROR

Description: FSM Java Agent Tomcat Application Server monitor error

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_JAVA_AGENT_UTILS_ERROR

Description: FSM Java Agent status file error

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_JAVA_AGENT_VMWARE_HWSTATUS_EXEC_ERROR

Description: FSM Java Agent failed to collect VMWare ESX hardware status

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_JAVA_AGENT_VMWARE_LOG_CONN_ERROR

Description: FSM Java Agent failed to connect VMWare ESX / Vcenter for collecting logs

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_JAVA_AGENT_VMWARE_LOG_EXEC_ERROR

Description: FSM Java Agent hit an exception while collecting logs from VMWare ESX / Vcenter

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_JAVA_AGENT_VMWARE_MONITOR_ERROR

Description: FSM Java Agent hit an error while connecting to VMWare ESX / Vcenter

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_JAVA_AGENT_VMWARE_PERF_COUNTER_MISSING

Description: FSM Java Agent VMWare performance pull error - missing performance counter

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_JAVA_AGENT_VMWARE_PERF_DATA_RETRIEVE_ERROR

Description: FSM Java Agent VMWare performance pull error - data retrieve error

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_JAVA_AGENT_VMWARE_PERF_ENTITY_MISSING

Description: FSM Java Agent VMWare performance pull error - missing performance entity

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_JAVA_AGENT_VMWARE_PERF_HOST_MISSING

Description: FSM Java Agent VMWare performance pull error - missing host

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_JAVA_AGENT_VMWARE_PERF_MON_EXCEPTION

Description: FSM Java Agent VMWare performance pull error - hit exception

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_JAVA_AGENT_VMWARE_PERF_ROLLUP_MISSING

Description: FSM Java Agent VMWare performance pull error - missing rollup

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_JAVA_AGENT_VMWARE_PERF_STAT_NAME_MISSING

Description: FSM Java Agent VMWare performance pull error - missing stat name

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_JAVA_AGENT_VMWARE_PERF_VM_MISSING

Description: FSM Java Agent VMWare performance pull error - missing VM

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_JAVA_AGENT_VMWARE_THREAD_EXEC_ERROR

Description: FSM Java Agent VMWare performance pull error - thread execution error

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_JAVA_AGENT_VULN_REPORT_PARSER_ERROR

Description: FSM Java Agent failed to parse external vulnerability scanner report

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_JAVA_AGENT_VULN_REPORT_VERIFY_ERROR

Description: FSM Java Agent failed to verify external vulnerability scanner report

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_JAVA_AGENT_WEBLOGIC_MONITOR_ERROR

Description: FSM Java Agent Weblogic monitor error

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_JAVA_AGENT_WEBSENSE_EMAIL_MISSING_LOGDB

Description: FSM Java Agent Websense Email Gateway log collection error - logDBName is null

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_JAVA_AGENT_WEBSENSE_JDBC_PULL_ERROR

Description: FSM Java Agent Websense WebSecurity Gateway log collection error - Event Pull SQL Error

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_JAVA_AGENT_WEBSENSE_MAIL_CONN_ERROR

Description: FSM Java Agent Websense Email Gateway connection audit error

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_JAVA_AGENT_WEBSENSE_MAIL_EXEC_ERROR

Description: FSM Java Agent Websense Email Gateway execution error

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_JAVA_AGENT_WEBSENSE_MAIL_PULL_ERROR

Description: FSM Java Agent Websense Email Gateway mail pulling error

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_JAVA_AGENT_WEBSENSE_WEB_CONN_ERROR

Description: FSM Java Agent WebSecurity Gateway connection audit error

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_JAVA_AGENT_WEBSENSE_WEB_EXEC_ERROR

Description: FSM Java Agent WebSecurity execution error

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_JAVA_AGENT_WEBSENSE_WEB_MISSING_LOGDB

Description: FSM Java Agent WebSecurity log collection error - logDBName or urlDBName or urlCategoryDBName or dispositionDBName is null

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_JAVA_AGENT_WEBSPHERE_CONN_ERROR

Description: FSM Java Agent IBM Web sphere monitor error

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_JAVA_AGENT_WEBSPHERE_EXEC_ERROR

Description: FSM Java Agent IBM Web sphere log pulling error

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_JAVA_AGENT_WEBSPHERE_MONITOR_ERROR

Description: FSM Java Agent IBM Web sphere monitor error

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_LINUX_AGENT_ACCOUT_MISSING

Description: Registration user name is missing

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_LINUX_AGENT_BIND_PORT_FAILED

Description: Socket failed to bind port

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

destIpPort

Destination TCP/UDP Port

uint16

This is the destination TCP or UDP port as identified in the event



EventType: PH_LINUX_AGENT_CONFIG_ATTR_NOT_FOUND

Description: Cannot find attribute in config file

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

fileName

File Name

string



EventType: PH_LINUX_AGENT_CONFIG_MISS_ATTR

Description: Cannot find attribute in config file

Severity: 3 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

fileName

File Name

string



EventType: PH_LINUX_AGENT_CREATE_SOCKET_FAILED

Description: Failed to create socket

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_LINUX_AGENT_EXIT

Description: Linux agent received exit signal

Severity: 3 (Low)

Event Category: 3 (System Logs)


EventType: PH_LINUX_AGENT_HOST_IP_GOT_FAILED

Description: Failed to get host ip

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_LINUX_AGENT_INCREASE_RECV_SOCK_BUF_MAX_FAILED

Description: Failed to increase Linux Agent recv socket buffe size

Severity: 3 (Low)

Event Category: 3 (System Logs)


EventType: PH_LINUX_AGENT_INIT_FIM_FAILED

Description: Linux Agent FIM Init Failed

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errReason

Reason for Error

string

This is the reason for an error if given.



EventType: PH_LINUX_AGENT_INIT_HTTP_FAILED

Description: Failed to initial http client

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

destIpAddr

Destination IP

IP

Destination IP of a device as identified in the event.



EventType: PH_LINUX_AGENT_LOG_GENERIC

Description: Linux agent generic log

Severity: 1 (Low)

Event Category: 3 (System Logs)


EventType: PH_LINUX_AGENT_NEW_FIM_LOADED

Description: Linux Agent New FIM Config Loaded

Severity: 1 (Low)

Event Category: 3 (System Logs)


EventType: PH_LINUX_AGENT_OPEN_FILE_FAILED

Description: Linux agent open file failed

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

fileName

File Name

string

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_LINUX_AGENT_OPEN_PORT_FAILED

Description: Failed to open port

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

ipPort

IP Port

uint16

IP port number



EventType: PH_LINUX_AGENT_PWD_MISSING

Description: Registration password is missing

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_LINUX_AGENT_RECV_ERROR

Description: Linux agent received error from socket

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorNo

Error Number Unsigned

uint32

This is an unsigned integer error number

recvBytes64

Received Bytes64

uint64

Number of bytes received by a host. This has 64bit resolution.



EventType: PH_LINUX_AGENT_REGISSTER_FAILED

Description: Failed to register linux agent

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_LINUX_AGENT_TEMPLATE_STATUS

Description: Linux Agent State

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

hostIpAddr

Host IP

IP

This is the IP of the device of interest in the event.

phCustId

Organization ID

uint32

This is the FortiSIEM organization ID unique to each tenant

status

Status

string



EventType: PH_LINUX_AGENT_UNINSTALL

Description: Linux agent received uninstall signal

Severity: 3 (Low)

Event Category: 3 (System Logs)


EventType: PH_LINUX_AGENT_UPLOAD_FILE_FAILED

Description: File Upload to destHost failed

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

fileName

File Name

string

destIpAddr

Destination IP

IP

Destination IP of a device as identified in the event.

errorNo

Error Number Unsigned

uint32

This is an unsigned integer error number



EventType: PH_LINUX_AGENT_UPLOAD_FILE_SUCCESS

Description: File is uploaded to collector successfully

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

fileName

File Name

string

destIpAddr

Destination IP

IP

Destination IP of a device as identified in the event.



EventType: PH_LINUX_AGENT_USER_FILE_LOG_GENERIC

Description: Linux agent generic user file log

Severity: 1 (Low)

Event Category: 3 (System Logs)


EventType: PH_LINUX_AGENT_VERIFIER_ERROR

Description: Linux agent verifier error

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

fileName

File Name

string

errorString

Error String

string

This is the error message, synonymous to attribute errReason

size

Size

uint32



EventType: PH_NETFLOW_BAD_FLOW

Description: Parser module module received a netflow packet with wrong length

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_NETFLOW_BAD_FLOW_END

Description: Parser module received a netflow packet with unsupported end of netflow datagram

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_NETFLOW_BAD_HEADER_PROTOCOL

Description: Parser module received a netflow packet with unsupported netflow header protocol

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_NETFLOW_BAD_PACKET

Description: Parser module received a incorrectly formatted netflow packet

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_NETFLOW_BAD_RECORD

Description: Parser module received a incorrectly formatted netflow flow

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_NETFLOW_BAD_TYPE

Description: Parser module received a netflow packet with unsupported netflow sample type

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_NETFLOW_BAD_VER

Description: Parser module received a netflow packet with unsupported netflow version

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

reptDevIpAddr

Reporting IP

IP

This is the device that originated the log or event packet, also known as the reporting device.



EventType: PH_NETFLOW_EXCEPTION

Description: Parser module encountered netflow parsing error

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_SYSTEM_DEVAPP_EVENTS_PER_SEC

Description: FortiSIEM per application EPS statistics

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

reptVendor

Reporting Vendor

string

This field captures the vendor of the reported event

reptModel

Reporting Model

string

This field captures the model of the reported event

hostIpAddr

Host IP

IP

This is the IP of the device of interest in the event.

hostName

Host Name

string

This is the hostname of the device of interest in the event

phCustId

Organization ID

uint32

This is the FortiSIEM organization ID unique to each tenant

eventsPerSec

Event Rate

double

A generic attribute for recording event ingestion or handling rate.



EventType: PH_SYSTEM_DEVAPP_NO_EVENTS

Description: No events from a reporting module in last 1 hour

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

reptVendor

Reporting Vendor

string

This field captures the vendor of the reported event

reptModel

Reporting Model

string

This field captures the model of the reported event

reptDevIpAddr

Reporting IP

IP

This is the device that originated the log or event packet, also known as the reporting device.

reptDevName

Reporting Device

string

This is the hostname of the device that originated the log or event packet.



EventType: PH_SYSTEM_DEVICE_NO_EVENTS

Description: No events from a device in last 1 hour

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_SYSTEM_EPS_GLOBAL

Description: FortiSIEM Global event handling statistics

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

licenseEventsPerSec

License EPS

uint64

incomingEventsPerSec

Incoming Event Rate

double

This is a FortiSIEM event ingestion rate calculated every 3 minutes, divided by 180 to generate a rolling EPS (Events Per Second) interval.

peakIncomingEventsPerSec

Peak Incoming Event Rate

double

This is the spike or max event ingestion rate seen during a 3 minute interval averaged overall data points.

dropLicenseEventsPerSec

License Dropped Event Rate

double

The number of events dropped due to exceeding license in past 3 minutes.

peakDropLicenseEventsPerSec

Peak License Dropped Event Rate

double

The max value of dropLicenseEventsPerSec over all 3-minute periods, since phParser started.

unusedEvents

Unused Event Count

uint64

The difference between licenseEventsPerSec and incomingEventsPerSec accumulated.



EventType: PH_SYSTEM_EPS_NODE

Description: FortiSIEM per Node event handling statistics

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

role

Role

string

hostName

Host Name

string

This is the hostname of the device of interest in the event

guaranteedEventsPerSec

Guaranteed EPS

uint64

incomingEventsPerSec

Incoming Event Rate

double

This is a FortiSIEM event ingestion rate calculated every 3 minutes, divided by 180 to generate a rolling EPS (Events Per Second) interval.

peakIncomingEventsPerSec

Peak Incoming Event Rate

double

This is the spike or max event ingestion rate seen during a 3 minute interval averaged overall data points.

ingestedEventsPerSec

Ingested Event Rate

double

dropPolicyEvents

Policy Dropped Events

uint64

The number of events dropped by Event Dropping Rules in the last 3 minutes.

dropPolicyEventsPerSec

Policy Droppped Event Rate

double

This is the per second count of events dropped by policy, which is calculated as dropPolicyEvents (3min interval) / 180 seconds.

peakDropPolicyEventsPerSec

Peak Policy Dropped Event Rate

double

The max value of dropPolicyEventsPerSec, over all 3-minute periods, since phParser started.

dropLicenseEvents

License Dropped Events

uint64

This is the total count of events dropped due to exceeding license over all 3 minute intervals since phParser started.

dropLicenseEventsPerSec

License Dropped Event Rate

double

The number of events dropped due to exceeding license in past 3 minutes.

peakDropLicenseEventsPerSec

Peak License Dropped Event Rate

double

The max value of dropLicenseEventsPerSec over all 3-minute periods, since phParser started.

dropLicenseEventRatio

License Dropped Event Ratio

uint16

Ratio of dropped events due to license to total incoming events in last 3 minutes.

reptDevIpAddr

Reporting IP

IP

This is the device that originated the log or event packet, also known as the reporting device.



EventType: PH_SYSTEM_EPS_ORG

Description: FortiSIEM per Organization event handling statistics

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

phCustId

Organization ID

uint32

This is the FortiSIEM organization ID unique to each tenant

customer

Organization Name

string

This is the FortiSIEM Organization Name, which is unique to each tenant. It identifies the tenant this event belongs to.

incomingEventsPerSec

Incoming Event Rate

double

This is a FortiSIEM event ingestion rate calculated every 3 minutes, divided by 180 to generate a rolling EPS (Events Per Second) interval.

peakIncomingEventsPerSec

Peak Incoming Event Rate

double

This is the spike or max event ingestion rate seen during a 3 minute interval averaged overall data points.

dropLicenseEventsPerSec

License Dropped Event Rate

double

The number of events dropped due to exceeding license in past 3 minutes.

peakDropLicenseEventsPerSec

Peak License Dropped Event Rate

double

The max value of dropLicenseEventsPerSec over all 3-minute periods, since phParser started.



EventType: PH_SYSTEM_EVENTS_FWD_STAT

Description: Forwarded EPS statistics

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

role

Role

string

phCustId

Organization ID

uint32

This is the FortiSIEM organization ID unique to each tenant

customer

Organization Name

string

This is the FortiSIEM Organization Name, which is unique to each tenant. It identifies the tenant this event belongs to.

fwdEventsPerSec

Forwarded Event Rate

double

This field represents the average rate (events per sec) over a 3 minute window, at which events are forwarded from FortiSIEM to an external system

peakFwdEventsPerSec

Peak Forwarded Event Rate

double

This field represents the maximum rate (events per sec) over a 3 minute window, at which events are forwarded from FortiSIEM to an external system

dropFwdEventsPerSec

Dropped Forwarded Event Rate

double

peakDropFwdEventsPerSec

Peak Dropped Forwarded Event Rate

double

reptDevIpAddr

Reporting IP

IP

This is the device that originated the log or event packet, also known as the reporting device.

reptDevName

Reporting Device

string

This is the hostname of the device that originated the log or event packet.



EventType: PH_SYSTEM_EVENTS_PER_SEC

Description: Received EPS statistics

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

peakEventsPerSec

Peak Event Rate

double

guaranteedEventsPerSec

Guaranteed EPS

uint64



EventType: PH_SYSTEM_EVENTS_VIA_ZMQ_EPS

Description: Events Pushed by ZMQ EPS statistics

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

totEventCount

Total Event Count

uint32

eventsPerSec

Event Rate

double

A generic attribute for recording event ingestion or handling rate.



EventType: PH_SYSTEM_INTERNAL_EVENTS_PER_SEC

Description: FortiSIEM Internal EPS statistics

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

peakEventsPerSec

Peak Event Rate

double



EventType: PH_SYSTEM_IP_EVENTS_PER_SEC

Description: FortiSIEM per device EPS statistics

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

eventsPerSec

Event Rate

double

A generic attribute for recording event ingestion or handling rate.

reptDevIpAddr

Reporting IP

IP

This is the device that originated the log or event packet, also known as the reporting device.

phCustId

Organization ID

uint32

This is the FortiSIEM organization ID unique to each tenant



EventType: PH_SYSTEM_PERF_EVENTS_PER_SEC

Description: FortiSIEM performance monitoring EPS statistics

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

peakEventsPerSec

Peak Event Rate

double



EventType: PH_SYSTEM_STORED_EVENTS_PER_SEC

Description: Stored EPS statistics

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

peakEventsPerSec

Peak Event Rate

double



EventType: PH_SYSTEM_SUMM_EVENTS_STORED_EPS

Description: Summary Events Stored EPS statistics

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

totEventCount

Total Event Count

uint32

eventsPerSec

Event Rate

double

A generic attribute for recording event ingestion or handling rate.



EventType: PH_VA_EVENTS_PER_SEC

Description: Total event rate to an FortiSIEM VA

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

peakEventsPerSec

Peak Event Rate

double