Fortinet white logo
Fortinet white logo

System Logs

System Logs

This section provides logs related phMonitor module.



EventType: PH_BAD_ROUTE_OUTPUT

Description: FortiSIEM encountered bad route output

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_BASE_PROC_BASE_AGENT_JOB_NO_THREAD_NUM_ASSIGNED

Description: FortiSIEM module error - no thread count assigned

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_BASE_PROC_DUMP_STACK_TRACE_FAILURE

Description: FortiSIEM module error - stack trace failed

Severity: 5 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

command

Command

string

filePath

File Path

string



EventType: PH_BASE_PROC_GET_PID_FILE_FAILED

Description: FortiSIEM module error - failed to get process id

Severity: 5 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string

errorNoInt

Error Number Int

int32



EventType: PH_BASE_PROC_HANDLE_NOTIFICATION_ERROR

Description: FortiSIEM module error - notification error

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_BASE_PROC_KILL_PROC_ERROR

Description: FortiSIEM module error - failed to kill process

Severity: 5 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_BASE_PROC_NOTIFICATION_HANDLE_CONN_ERROR

Description: FortiSIEM module error - no notification connection

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_BASE_PROC_NO_CONN_TO_HEARTBEAT_SERVER

Description: FortiSIEM module error - no connection to heartbeat

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_BASE_PROC_RENAME_MINI_DUMP_FILE_FAILURE

Description: FortiSIEM module error - minidump error

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_BASE_PROC_REST_CACHE_CHECKOUT_STATUS_WARNING

Description: FortiSIEM module error - REST cache access error

Severity: 3 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

infoURL

Informational URL

string

This field captures an URL if present in an event



EventType: PH_BASE_PROC_SEND_HEARTBEAT_FAILURE

Description: FortiSIEM module error - failed to send heartbeat

Severity: 5 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

procName

Process Name

string



EventType: PH_BASE_PROC_SEND_USER_DEFINED_SIG_FAILED

Description: FortiSIEM module error - user defined sig failed

Severity: 5 (Medium)

Event Category: 3 (System Logs)


EventType: PH_BASE_PROC_SET_PID_FILE_FAILED

Description: FortiSIEM module error - setpid failed

Severity: 5 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_BASE_PROC_STACK_TRACE

Description: FortiSIEM module stack trace

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_BASE_PROC_STACK_TRACK_TOO_LONG

Description: FortiSIEM module erro - stack trace too large

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_BASE_PROC_SYS_INFO_CALC_CPU_ERROR

Description: FortiSIEM module error - failed to calculate CPU

Severity: 5 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

procName

Process Name

string



EventType: PH_BASE_PROC_SYS_PROC_INFO_GET_FAILURE

Description: FortiSIEM module error - failed to get proc info

Severity: 5 (Medium)

Event Category: 3 (System Logs)


EventType: PH_BASE_PROC_SYS_PROC_INFO_INIT_ERROR

Description: FortiSIEM module error - proc info get error

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_BASE_PROC_SYS_PROC_INFO_UNABLE_OPEN_PROC_PID_FILE

Description: FortiSIEM module error - unable to open proc pid file

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string



EventType: PH_BASE_PROC_SYS_PROC_INFO_UNABLE_OPEN_PROC_STAT_FILE

Description: FortiSIEM module error - unable to open proc stat file

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string

procName

Process Name

string



EventType: PH_BASE_PROC_THREAD_SPAWN_FAILED

Description: FortiSIEM module error - failed to spawn thread

Severity: 10 (High)

Event Category: 3 (System Logs)


EventType: PH_BASE_PROC_THREAD_WRONG_PARAM

Description: FortiSIEM module error - wrong paremeters to thread span function

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_BASE_PROC_UPLOAD_FILE_FAILURE

Description: FortiSIEM module error - file upload failure

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

serverName

Server Name

string



EventType: PH_BASE_PROC_VALUE_GROUP_UPDATE_FAILURE

Description: FortiSIEM module error - value group update failure

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_BASE_PRO_AQUIRE_SHARED_STORE_FAILED

Description: Unable to aquire shared store instance

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_CLIKCHOUSE_BUILD_QUERY_DIST_SQL_COMMAND_FAILURE

Description: Failed to build query dist sql command

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_CLI_ERROR

Description: FortiSIEM CLI error

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_CREATE_TEMP_FILE_FAILURE

Description: FortiSIEM temp file creation error

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorNoInt

Error Number Int

int32

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_DISC_DATA_PROCESS_ERROR

Description: Discovery result process error

Severity: 5 (Medium)

Event Category: 3 (System Logs)


EventType: PH_DIVIDE_BY_ZERO

Description: Devide by zero

Severity: 6 (Medium)

Event Category: 3 (System Logs)


EventType: PH_FAILED_TO_EXEC

Description: Failed to execute specified command

Severity: 6 (Medium)

Event Category: 3 (System Logs)


EventType: PH_FILE_NOT_FOUND

Description: Can not find the specified file

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_GCS_BUCKET_ACCESS_FAILURE

Description: Failed to access GCS Bucket

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_GENERIC_CRITICAL

Description: PH system generic critical message

Severity: 9 (High)

Event Category: 3 (System Logs)


EventType: PH_GENERIC_DEBUG

Description: PH system generic debug message

Severity: 1 (Low)

Event Category: 3 (System Logs)


EventType: PH_GENERIC_ERROR

Description: PH system generic error

Severity: 6 (Medium)

Event Category: 3 (System Logs)


EventType: PH_GENERIC_INFO

Description: PH system generic info

Severity: 1 (Low)

Event Category: 3 (System Logs)


EventType: PH_GENERIC_WARNING

Description: PH system generic warning

Severity: 5 (Medium)

Event Category: 3 (System Logs)


EventType: PH_GET_CURL_HANDLE_FAILED

Description: FortiSIEM HTTP Client failed to get handle

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_GET_SUPER_LEADER_FAILURE

Description: Failed to get super leader IP

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_GRPC_CERT_CREATE_SUCCESS

Description: Create gRPC certificate files

Severity: 3 (Low)

Event Category: 3 (System Logs)


EventType: PH_GRPC_CERT_ERROR

Description: 700-Grpc: Grpc cert error

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_GRPC_CERT_LOADED_FAILED

Description: Failed to load certs file

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_GRPC_CERT_UPDATE_FAILED

Description: Failed to update gRPC certificate file

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

fileName

File Name

string



EventType: PH_GRPC_CERT_UPDATE_SUCCESS

Description: Updated gRPC certificate file

Severity: 3 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

fileName

File Name

string



EventType: PH_GRPC_FORTMAT_JSON_FAILED

Description: Failed to format Json response

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_GRPC_TASK_DATA_EMPTY

Description: GRPC task is empty

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_HTTP_CLIENT_COMPRESS_FAILED

Description: FortiSIEM HTTP Client failed to compress payload

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errReason

Reason for Error

string

This is the reason for an error if given.



EventType: PH_HTTP_CLIENT_CURL_ERROR

Description: FortiSIEM HTTP Client failed with curl error

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

infoURL

Informational URL

string

This field captures an URL if present in an event



EventType: PH_HTTP_CLIENT_GET_CACHE_FROM_MONITOR_FAILED

Description: FortiSIEM HTTP Client failed to get cache

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errReason

Reason for Error

string

This is the reason for an error if given.



EventType: PH_HTTP_CLIENT_GET_DATA_FROM_CACHE_FAILED

Description: FortiSIEM HTTP Client failed to get data from cache

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errReason

Reason for Error

string

This is the reason for an error if given.



EventType: PH_HTTP_CLIENT_GET_INIT_RESPONSE_FAILED

Description: FortiSIEM HTTP Client failed to get initialization response

Severity: 5 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

infoURL

Informational URL

string

This field captures an URL if present in an event

errorNoInt

Error Number Int

int32

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_HTTP_CLIENT_GET_INIT_RESPONSE_WARNING

Description: FortiSIEM HTTP Client encountered error getting initialization response

Severity: 3 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

infoURL

Informational URL

string

This field captures an URL if present in an event

errorNoInt

Error Number Int

int32

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_HTTP_CLIENT_GET_RESPONSE_WARNING

Description: FortiSIEM HTTP Client encountered error getting response

Severity: 3 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

infoURL

Informational URL

string

This field captures an URL if present in an event



EventType: PH_HTTP_CLIENT_HOST_IS_NULL

Description: FortiSIEM HTTP Client host is null error

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_HTTP_CLIENT_INIT_FAILURE

Description: FortiSIEM HTTP Client initialization failure

Severity: 10 (High)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

serverIpAddr

Server IP

IP



EventType: PH_HTTP_CLIENT_INIT_WARNING

Description: FortiSIEM HTTP Client initialization warning

Severity: 3 (Low)

Event Category: 3 (System Logs)


EventType: PH_HTTP_CLIENT_INVALID_FILE_SIZE

Description: FortiSIEM HTTP Client encoutered invalid file size

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_HTTP_CLIENT_MKSTEMP_FAILED

Description: FortiSIEM HTTP Client failed to mkstemp

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

fileName

File Name

string



EventType: PH_HTTP_CLIENT_NO_FILE_PARAM

Description: FortiSIEM HTTP Client missing file paarameter

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_HTTP_CLIENT_PICK_SUPER_FAILED

Description: FortiSIEM HTTP Client failed to pick super

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_HTTP_CLIENT_PREP_REQUEST_ERROR

Description: FortiSIEM HTTP Client Prep Request error

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errReason

Reason for Error

string

This is the reason for an error if given.



EventType: PH_HTTP_CLIENT_PUT_REDIRECT_FAILURE

Description: FortiSIEM HTTP Client PUT Redirect error

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errReason

Reason for Error

string

This is the reason for an error if given.



EventType: PH_HTTP_CLIENT_SETOPT_FAILED

Description: FortiSIEM HTTP Client setopt call failed

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorNoInt

Error Number Int

int32

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_HTTP_CLIENT_SET_HOST_WARNING

Description: FortiSIEM HTTP Client set host call failed

Severity: 3 (Low)

Event Category: 3 (System Logs)


EventType: PH_HTTP_CLIENT_UPLOAD_FILE_FAILED

Description: FortiSIEM HTTP Client file upload failed

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

serverIpAddr

Server IP

IP

infoURL

Informational URL

string

This field captures an URL if present in an event

httpStatusCode

HTTP Status

string

errorNoInt

Error Number Int

int32



EventType: PH_HTTP_CLIENT_WRITE_CACHE_NULL

Description: FortiSIEM HTTP Client cache write error

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_HTTP_INIT_FAILURE

Description: Http client initialization failure

Severity: 6 (Medium)

Event Category: 3 (System Logs)


EventType: PH_HTTP_RESPONSE_FAILURE

Description: HTTP response code failure

Severity: 3 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorNo

Error Number Unsigned

uint32

This is an unsigned integer error number



EventType: PH_INCIDENT_ACTION_STATUS

Description: Record action result for incident notification

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

scriptOutput

Script Output

string



EventType: PH_INVALID_IP_ADDR

Description: FortiSIEM backend module detected invalid IP address

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_INVALID_PARAM

Description: Invaid Parameter

Severity: 6 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

paraName

Param Name

string



EventType: PH_INVALID_PARAM_CNT

Description: Invaid number of parameter

Severity: 6 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

count

Count

uint32

A general count variable. A common use case is for incidents. Count represents how many times an Incident occurred in a time interval. When an Incident with the same group by parameters occurs again. The count is incremented and the Last Seen time is advanced. Count can be used for other events also.



EventType: PH_INVALID_PARAM_VAL_EMPTY

Description: Invalid empty parameter value

Severity: 6 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

paraName

Param Name

string



EventType: PH_LOAD_CONFIG_CHANGE_FAILED

Description: FortiSIEM Rule/Report Master/Worker modules failed to load performance monitoring config change

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

infoURL

Informational URL

string

This field captures an URL if present in an event

item

Item

string



EventType: PH_MODULE_ABORT

Description: Module exited abnormally

Severity: 6 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

coreDumpFile

Coredump File Name

string



EventType: PH_MODULE_ABORT_FOUND

Description: Module found aborted

Severity: 6 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

reptProcName

Reported Process Name

string

eventTime

Event Occur Time

Date



EventType: PH_MODULE_ACCEPTED_CONN

Description: Module accepted connection

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

hostIpAddr

Host IP

IP

This is the IP of the device of interest in the event.



EventType: PH_MODULE_ACE_HANDLE_EVENT_ERROR

Description: ACE failed to handle event

Severity: 6 (Medium)

Event Category: 3 (System Logs)


EventType: PH_MODULE_COMM_ERROR

Description: Module encountered inter-module communication error

Severity: 6 (Medium)

Event Category: 3 (System Logs)


EventType: PH_MODULE_COMM_HANDLER_REG

Description: Module registering notification handlers

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

notifId

Notification ID

uint32

handlerName

Notification Handler Name

string



EventType: PH_MODULE_COMM_PORTS_OPENED

Description: Module opened Notification Service ports

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

ipProto

IP Protocol

uint16

IP Protocol, e.g. TCP, UDP, ICMP etc as defined in IP RFPs

srcIpPort

Source TCP/UDP Port

uint16

This is the source TCP or UDP port as identified in the event



EventType: PH_MODULE_DB_CONFIG_LOADED

Description: Module loaded database config succesfully

Severity: 1 (Low)

Event Category: 3 (System Logs)


EventType: PH_MODULE_DIODE_CONFIG_ERROR

Description: Module failed to load diode collector config

Severity: 6 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errReason

Reason for Error

string

This is the reason for an error if given.



EventType: PH_MODULE_EXCEPTION_NOT_CAUGHT

Description: Exception not caught

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_MODULE_EXITING

Description: Module exiting

Severity: 1 (Low)

Event Category: 3 (System Logs)


EventType: PH_MODULE_EXIT_OK

Description: Module exited gracefully

Severity: 1 (Low)

Event Category: 3 (System Logs)


EventType: PH_MODULE_HEARTBEAT_INIT

Description: Module initializing heartbeat object

Severity: 1 (Low)

Event Category: 3 (System Logs)


EventType: PH_MODULE_INITIALIZING

Description: Module initialization

Severity: 1 (Low)

Event Category: 3 (System Logs)


EventType: PH_MODULE_INIT_COMPLETE

Description: Module successfully started

Severity: 1 (Low)

Event Category: 3 (System Logs)


EventType: PH_MODULE_INIT_FAILURE

Description: Module initialization failure

Severity: 6 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

module

Module Name

string



EventType: PH_MODULE_LOADED_NEW_CONFIG

Description: Module sucessfully loaded new config

Severity: 1 (Low)

Event Category: 3 (System Logs)


EventType: PH_MODULE_LOAD_DIODE_CRED_ERROR

Description: Failed to load diode collector agent credential

Severity: 6 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_MODULE_LOCAL_CONFIG_LOADED

Description: Module loaded local config successfully

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

configName

Config Name

string



EventType: PH_MODULE_LOCAL_CONFIG_SECTION_ERROR

Description: Module failed to load local config section

Severity: 6 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

configSectName

Config Section Name

string



EventType: PH_MODULE_LOCAL_CONFIG_VALUE_ERROR

Description: Module failed to load local config value

Severity: 6 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

configName

Config Name

string

configValue

Config Value

string



EventType: PH_MODULE_LOG_LEVEL_CHANGE

Description: Module received log level change

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

oldLogLevel

Old Log Level

uint32

newLogLevel

New Log Level

uint32



EventType: PH_MODULE_RECVD_EXIT_EXT

Description: Module received external signal to exit

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

exitValue

Command exit value

int32



EventType: PH_MODULE_RECVD_EXIT_MONITOR

Description: Module received exit request from Monitor

Severity: 1 (Low)

Event Category: 3 (System Logs)


EventType: PH_MODULE_RECVD_NEW_CONFIG

Description: Module received config change notification

Severity: 1 (Low)

Event Category: 3 (System Logs)


EventType: PH_MODULE_RECVD_START

Description: Module received start request

Severity: 1 (Low)

Event Category: 3 (System Logs)


EventType: PH_MODULE_SETPIDFILE_ERR

Description: Module unable to set PID file

Severity: 6 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorNo

Error Number Unsigned

uint32

This is an unsigned integer error number



EventType: PH_MODULE_UNABLE_INIT_SHARED_STORE

Description: Module unable to init shared store

Severity: 6 (Medium)

Event Category: 3 (System Logs)


EventType: PH_MODULE_UNABLE_OPEN_COMM_PORT

Description: Module unable to open inter-module comm port during initialization

Severity: 6 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

ipProto

IP Protocol

uint16

IP Protocol, e.g. TCP, UDP, ICMP etc as defined in IP RFPs

srcIpPort

Source TCP/UDP Port

uint16

This is the source TCP or UDP port as identified in the event



EventType: PH_NOTIFICATION_ACCEPT_FAILURE

Description: failed to accept connection

Severity: 6 (Medium)

Event Category: 3 (System Logs)


EventType: PH_NOTIFICATION_CALLBACK_ERROR

Description: FortiSIEM Notification module callback error

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_NOTIFICATION_CONN_FAILED

Description: FortiSIEM Notification module failed connection

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

serverName

Server Name

string

ipPort

IP Port

uint16

IP port number

module

Module Name

string



EventType: PH_NOTIFICATION_INIT_FAILED

Description: FortiSIEM Notification module initialization failed

Severity: 10 (High)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errReason

Reason for Error

string

This is the reason for an error if given.



EventType: PH_NOTIFICATION_NO_RESPONSE

Description: has no response on Notification

Severity: 6 (Medium)

Event Category: 3 (System Logs)


EventType: PH_NOTIFICATION_RETURN_FAILURE

Description: Notification returns failure

Severity: 6 (Medium)

Event Category: 3 (System Logs)


EventType: PH_NOTIFICATION_SEND_FAILURE

Description: FortiSIEM Notification module send failure

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_NOTIFICATION_SEND_FILE_FAILURE

Description: FortiSIEM Notification module file send failure

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string



EventType: PH_OBJECT_NOT_FOUND

Description: Can not find specified object

Severity: 1 (Low)

Event Category: 3 (System Logs)


EventType: PH_PDF_BUILDER_ERROR

Description: PDF builder error

Severity: 5 (Medium)

Event Category: 3 (System Logs)


EventType: PH_READER_BLOCK_WRITE

Description: Reader is blocking writer&Restart

Severity: 6 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

reptProcName

Reported Process Name

string



EventType: PH_Rule_AbuseCH_Botnetc2_MalwareIP_Inbound

Description: Permitted Traffic from AbuseCH Botnet C2 Malware IP List

Severity: 10 (High)

Event Category: 3 (System Logs)


EventType: PH_Rule_AbuseCH_Botnetc2_MalwareIP_Outbound

Description: Traffic to AbuseCH Botnet C2 Malware IP List

Severity: 10 (High)

Event Category: 3 (System Logs)


EventType: PH_Rule_Blocklist_MalwareIP_Inbound

Description: Permitted Traffic from Blocklist DE Malware IP List

Severity: 10 (High)

Event Category: 3 (System Logs)


EventType: PH_Rule_Blocklist_MalwareIP_Outbound

Description: Traffic to Blocklist DE Malware IP List

Severity: 10 (High)

Event Category: 3 (System Logs)


EventType: PH_Rule_C2_Tracker_MalwareIP_Inbound

Description: Permitted Traffic from C2 Tracker Malware IP List

Severity: 10 (High)

Event Category: 3 (System Logs)


EventType: PH_Rule_C2_Tracker_MalwareIP_Outbound

Description: Traffic to C2 Tracker Malware IP List

Severity: 10 (High)

Event Category: 3 (System Logs)


EventType: PH_Rule_CINSScore_MalwareIP_Inbound

Description: Permitted Traffic from CINS Score Malware IP List

Severity: 10 (High)

Event Category: 3 (System Logs)


EventType: PH_Rule_CINSScore_MalwareIP_Outbound

Description: Traffic to CINS Score Malware IP List

Severity: 10 (High)

Event Category: 3 (System Logs)


EventType: PH_Rule_Cisco_Talos_MalwareIP_Inbound

Description: Permitted Traffic from Cisco Talos Malware IP List

Severity: 10 (High)

Event Category: 3 (System Logs)


EventType: PH_Rule_Cisco_Talos_MalwareIP_Outbound

Description: Traffic to Cisco Talos Malware IP List

Severity: 10 (High)

Event Category: 3 (System Logs)


EventType: PH_Rule_DigitalSide_MalwareDomain_Inbound

Description: Permitted Traffic from DigitalSide Malware Domain List

Severity: 10 (High)

Event Category: 3 (System Logs)


EventType: PH_Rule_DigitalSide_MalwareDomain_Outbound

Description: Traffic to DigitalSide Malware Domain List

Severity: 10 (High)

Event Category: 3 (System Logs)


EventType: PH_Rule_DigitalSide_MalwareIP_Inbound

Description: Permitted Traffic from DigitalSide Malware IP List

Severity: 10 (High)

Event Category: 3 (System Logs)


EventType: PH_Rule_DigitalSide_MalwareIP_Outbound

Description: Traffic to DigitalSide Malware IP List

Severity: 10 (High)

Event Category: 3 (System Logs)


EventType: PH_Rule_DigitalSide_MalwareURL_Outbound

Description: Traffic to DigitalSide Malware URL List

Severity: 10 (High)

Event Category: 3 (System Logs)


EventType: PH_Rule_FML_Antispam_Malicious_File

Description: FortiMail: Malicious Spam File Attachment Found

Severity: 9 (High)

Event Category: 3 (System Logs)


EventType: PH_Rule_FML_Antispam_Malicious_Url

Description: FortiMail: Antispam Malicious URL found

Severity: 9 (High)

Event Category: 3 (System Logs)


EventType: PH_Rule_FireHol_MalwareIP_Inbound

Description: Permitted Traffic from FireHol Malware IP List

Severity: 10 (High)

Event Category: 3 (System Logs)


EventType: PH_Rule_FireHol_MalwareIP_Outbound

Description: Traffic to FireHol Malware IP List

Severity: 10 (High)

Event Category: 3 (System Logs)


EventType: PH_Rule_FortiRecon_MalwareDomain_Inbound

Description: Permitted Traffic from FortiRecon Malware Domain List

Severity: 10 (High)

Event Category: 3 (System Logs)


EventType: PH_Rule_FortiRecon_MalwareDomain_Outbound

Description: Traffic to FortiRecon Malware Domain List

Severity: 10 (High)

Event Category: 3 (System Logs)


EventType: PH_Rule_FortiRecon_MalwareIP_Inbound

Description: Permitted Traffic from FortiRecon Malware IP List

Severity: 10 (High)

Event Category: 3 (System Logs)


EventType: PH_Rule_FortiRecon_MalwareIP_Outbound

Description: Traffic to FortiRecon Malware IP List

Severity: 10 (High)

Event Category: 3 (System Logs)


EventType: PH_Rule_FortiRecon_MalwareURL_Outbound

Description: Traffic to FortiRecon Malware URL List

Severity: 10 (High)

Event Category: 3 (System Logs)


EventType: PH_Rule_FortiSOAR_MalwareDomain_Inbound

Description: Permitted Traffic from FortiSOAR Malware Domain List

Severity: 10 (High)

Event Category: 3 (System Logs)


EventType: PH_Rule_FortiSOAR_MalwareDomain_Outbound

Description: Traffic to FortiSOAR Malware Domain List

Severity: 10 (High)

Event Category: 3 (System Logs)


EventType: PH_Rule_FortiSOAR_MalwareIP_Inbound

Description: Permitted Traffic from FortiSOAR Malware IP List

Severity: 10 (High)

Event Category: 3 (System Logs)


EventType: PH_Rule_FortiSOAR_MalwareIP_Outbound

Description: Traffic to FortiSOAR Malware IP List

Severity: 10 (High)

Event Category: 3 (System Logs)


EventType: PH_Rule_FortiSOAR_MalwareURL_Outbound

Description: Traffic to FortiSOAR Malware URL List

Severity: 10 (High)

Event Category: 3 (System Logs)


EventType: PH_Rule_Greensnow_MalwareIP_Inbound

Description: Permitted Traffic from Greensnow Malware IP List

Severity: 10 (High)

Event Category: 3 (System Logs)


EventType: PH_Rule_Greensnow_MalwareIP_Outbound

Description: Traffic to Greensnow Malware IP List

Severity: 10 (High)

Event Category: 3 (System Logs)


EventType: PH_Rule_IPSum_MalwareIP_Inbound

Description: Permitted Traffic from IPSum Malware IP List

Severity: 10 (High)

Event Category: 3 (System Logs)


EventType: PH_Rule_IPSum_MalwareIP_Outbound

Description: Traffic to IPSum Malware IP List

Severity: 10 (High)

Event Category: 3 (System Logs)


EventType: PH_Rule_MISP_MalwareDomain_Inbound

Description: Permitted Traffic from MISP Malware Domain List

Severity: 10 (High)

Event Category: 3 (System Logs)


EventType: PH_Rule_MISP_MalwareDomain_Outbound

Description: Traffic to MISP Malware Domain List

Severity: 10 (High)

Event Category: 3 (System Logs)


EventType: PH_Rule_MISP_MalwareIP_Inbound

Description: Permitted Traffic from MISP Malware IP List

Severity: 10 (High)

Event Category: 3 (System Logs)


EventType: PH_Rule_MISP_MalwareIP_Outbound

Description: Traffic to MISP Malware IP List

Severity: 10 (High)

Event Category: 3 (System Logs)


EventType: PH_Rule_MISP_MalwareURL_Outbound

Description: Traffic to MISP Malware URL List

Severity: 10 (High)

Event Category: 3 (System Logs)


EventType: PH_Rule_OPENCTI_MalDomain_Inbound

Description: Permitted Traffic from OpenCTI Malware Domain List

Severity: 10 (High)

Event Category: 3 (System Logs)


EventType: PH_Rule_OPENCTI_MalDomain_Outbound

Description: Traffic to OpenCTI Malware Domain List

Severity: 10 (High)

Event Category: 3 (System Logs)


EventType: PH_Rule_OPENCTI_MalwareIP_Inbound

Description: Permitted Traffic from OpenCTI Malware IP List

Severity: 10 (High)

Event Category: 3 (System Logs)


EventType: PH_Rule_OPENCTI_MalwareIP_Outbound

Description: Traffic to OpenCTI Malware IP List

Severity: 10 (High)

Event Category: 3 (System Logs)


EventType: PH_Rule_OPENCTI_MalwareURL_Outbound

Description: Traffic to OpenCTI Malware URL List

Severity: 10 (High)

Event Category: 3 (System Logs)


EventType: PH_Rule_OpenPhish_MalwareURL_Outbound

Description: Traffic to OpenPhish Malware URL List

Severity: 10 (High)

Event Category: 3 (System Logs)


EventType: PH_Rule_Proofpoint_MalwareIP_Inbound

Description: Permitted Traffic from Proofpoint Malware IP List

Severity: 10 (High)

Event Category: 3 (System Logs)


EventType: PH_Rule_Proofpoint_MalwareIP_Outbound

Description: Traffic to Proofpoint Malware IP List

Severity: 10 (High)

Event Category: 3 (System Logs)


EventType: PH_Rule_Snort_MalwareIP_Inbound

Description: Permitted Traffic from Snort Malware IP List

Severity: 10 (High)

Event Category: 3 (System Logs)


EventType: PH_Rule_Snort_MalwareIP_Outbound

Description: Traffic to Snort Malware IP List

Severity: 10 (High)

Event Category: 3 (System Logs)


EventType: PH_Rule_ThreatFox_MalwareURL_Outbound

Description: Traffic to ThreatFox Malware URL List

Severity: 10 (High)

Event Category: 3 (System Logs)


EventType: PH_Rule_TweetFeed_MalwareDomain_Inbound

Description: Permitted Traffic from TweetFeed Malware Domain List

Severity: 10 (High)

Event Category: 3 (System Logs)


EventType: PH_Rule_TweetFeed_MalwareDomain_Outbound

Description: Traffic to TweetFeed Malware Domain List

Severity: 10 (High)

Event Category: 3 (System Logs)


EventType: PH_Rule_TweetFeed_MalwareURL_Outbound

Description: Traffic to TweetFeed Malware URL List

Severity: 10 (High)

Event Category: 3 (System Logs)


EventType: PH_Rule_Tweetfeed_MalwareIP_Inbound

Description: Permitted Traffic from TweetFeed Malware IP List

Severity: 10 (High)

Event Category: 3 (System Logs)


EventType: PH_Rule_Tweetfeed_MalwareIP_Outbound

Description: Traffic to TweetFeed Malware IP List

Severity: 10 (High)

Event Category: 3 (System Logs)


EventType: PH_SAAS_OP_COLLECTOR_DOWN

Description: Collector down

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_SAAS_OP_COLLECTOR_UP

Description: Collector up

Severity: 1 (Low)

Event Category: 3 (System Logs)


EventType: PH_SER_MON_SERVICE_DOWN

Description: PH process down

Severity: 8 (Medium)

Event Category: 3 (System Logs)


EventType: PH_SHAREDSTORE_ACQUIRE_ERROR

Description: A module failed to acquire shared store. The module will abort

Severity: 10 (High)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errReason

Reason for Error

string

This is the reason for an error if given.



EventType: PH_SHAREDSTORE_WRITER_POS_UNEXPECTED_ALTERED

Description: Shared store writer position altered unexpectedly

Severity: 9 (High)

Event Category: 3 (System Logs)


EventType: PH_SHAREDSTORE_WRITE_ERROR

Description: Parser module encountered error while writing to shared store. Events will be lost

Severity: 9 (High)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errReason

Reason for Error

string

This is the reason for an error if given.



EventType: PH_SSL_SHUTDOWN_ERROR

Description: PH system ssl shutdown error

Severity: 6 (Medium)

Event Category: 3 (System Logs)


EventType: PH_SYSTEM_DROP_UNKNOWN_ORG

Description: Dropped events which belong to unknown organization

Severity: 3 (Low)

Event Category: 3 (System Logs)


EventType: PH_SYSTEM_STORAGE_LOW

Description: System data storage is low

Severity: 5 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

diskName

Disk Name

string

freeDiskMB

Free Disk MB

uint32

diskUtil

Disk Capacity Util

double



EventType: PH_SYS_ERROR_XML_SEND_ERROR

Description: Error in sending system error to app server

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_SYS_ERROR_XML_SENT

Description: System error sent to app server

Severity: 1 (Low)

Event Category: 3 (System Logs)


EventType: PH_THREAD_EXITING

Description: Module exiting thread

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

threadName

Thread Name

string



EventType: PH_THREAD_RECVD_EXIT

Description: Thread received exit request

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

threadName

Thread Name

string



EventType: PH_THREAD_STARTING

Description: Module starting thread

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

threadName

Thread Name

string



EventType: PH_UNABLE_ACCESS_DIR

Description: Unable to access archive directory

Severity: 10 (High)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

dirName

Directory Name

string



EventType: PH_UNABLE_ALLOC_MEMORY

Description: Unable to allocate memory

Severity: 6 (Medium)

Event Category: 3 (System Logs)


EventType: PH_UNABLE_CREATE_DIR

Description: Unable to create dir

Severity: 6 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

dirName

Directory Name

string

errorNo

Error Number Unsigned

uint32

This is an unsigned integer error number



EventType: PH_UNABLE_CREATE_FILE

Description: Unable to create file

Severity: 6 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

fileName

File Name

string

errorNo

Error Number Unsigned

uint32

This is an unsigned integer error number



EventType: PH_UNABLE_CREATE_TIMER

Description: Unable to create timer

Severity: 6 (Medium)

Event Category: 3 (System Logs)


EventType: PH_UNABLE_OPEN_DIR

Description: Unable to open dir

Severity: 6 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

dirName

Directory Name

string

errorNo

Error Number Unsigned

uint32

This is an unsigned integer error number



EventType: PH_UNABLE_OPEN_FILE

Description: Unable to open file

Severity: 6 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

fileName

File Name

string

errorNo

Error Number Unsigned

uint32

This is an unsigned integer error number



EventType: PH_UNABLE_PARSE_XML

Description: Unable to parse xml

Severity: 6 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

fileName

File Name

string



EventType: PH_UNABLE_RENAME_FILE

Description: Unable to rename file

Severity: 6 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

srcFilePath

Source File Path

string

destFilePath

Destination File Path

string

errorNo

Error Number Unsigned

uint32

This is an unsigned integer error number



EventType: PH_UNRESOLVABLE_HOSTNAME

Description: FortiSIEM module failed to resolve host name

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

hostName

Host Name

string

This is the hostname of the device of interest in the event



EventType: PH_UTIL_BIZ_CHANGE_UPDATE_SPAWN_FAILURE

Description: phMonitor encountered error in spawning thread

Severity: 10 (High)

Event Category: 3 (System Logs)


EventType: PH_UTIL_BIZ_HTTP_REQUEST_FAILURE

Description: HTTP Request Error

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_UTIL_CMD_FAILURE

Description: FortiSIEM system command execution failure

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

command

Command

string

errorNoInt

Error Number Int

int32



EventType: PH_UTIL_CONFIG_IP_MISSING

Description: Found empty IP address

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_UTIL_CONFIG_LOAD_FAILURE

Description: Failed to load configuration type from the app server

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

objType

Object Type

string



EventType: PH_UTIL_CONFIG_LOAD_FILE_ACESS_FAILURE

Description: Failed to load configuration type from the app server - tmp file not accessible

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

objType

Object Type

string



EventType: PH_UTIL_CONFIG_PARSE_FAILURE

Description: Failed to parse system/phoenixServer xml

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

xmlBody

XML Body

string



EventType: PH_UTIL_CONFIG_UNKNOWN_SERVER_TYPE

Description: Found unknown server type in App server returned XML

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

objType

Object Type

string



EventType: PH_UTIL_CSV_LINE_ILLEGAL

Description: Found illegal line in csv file

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

lineContent

Line Content

string



EventType: PH_UTIL_CSV_READ_FAILURE

Description: Failed to open CSV file

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string

errorNoInt

Error Number Int

int32



EventType: PH_UTIL_CUSTOMER_COLLECTOR_MISSING

Description: Failed to parse collectors and no collector found

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_UTIL_CUSTOMER_COLLECTOR_PARSE_FAILURE

Description: Failed to parsephCustomerDevice Collector info

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_UTIL_CUSTOMER_DOMAIN_MISSING

Description: No domain item found in xml file

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_UTIL_CUSTOMER_INFO_PARSE_FAILURE

Description: Failed to parse value group xml

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

xmlBody

XML Body

string



EventType: PH_UTIL_CUSTOMER_PARSE_FAILURE

Description: Failed to parse phCustomerDevice Customer info in XML

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_UTIL_DASHBOARD_DUPLICATE_IP

Description: Encountered duplicate ip in device info for same customer Id

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

reptDevIpAddr

Reporting IP

IP

This is the device that originated the log or event packet, also known as the reporting device.

phCustId

Organization ID

uint32

This is the FortiSIEM organization ID unique to each tenant



EventType: PH_UTIL_DASHBOARD_DUPLICATE_ITEM

Description: Encountered duplicate item id in device info for same custId

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

item

Item

string

phCustId

Organization ID

uint32

This is the FortiSIEM organization ID unique to each tenant



EventType: PH_UTIL_DASHBOARD_PARSE_FAILURE

Description: Failed to parse dashboard device info xml

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

xmlBody

XML Body

string



EventType: PH_UTIL_DEVICE_MAP_PROP_ERROR

Description: Encountered device map property error in XML

Severity: 10 (High)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errReason

Reason for Error

string

This is the reason for an error if given.



EventType: PH_UTIL_DEVICE_PROP_ERROR

Description: Encountered device property error in XML

Severity: 10 (High)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errReason

Reason for Error

string

This is the reason for an error if given.



EventType: PH_UTIL_DEVICE_SIMPLE_PROP_PARSE_FAILURE

Description: Failed to parse NULL element for property in XML

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

propName

Property Name

string



EventType: PH_UTIL_DGA_FREQ_FILE_OPEN_FAILURE

Description: Failed to open DGA freq file

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string



EventType: PH_UTIL_DGA_WHITELIST_FILE_OPEN_FAILURE

Description: Failed to open DGA white list file

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string



EventType: PH_UTIL_DIR_CREATE_FAILURE

Description: Failed to create directory after a few attempts

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_UTIL_DIR_CREATE_RETRIED

Description: Retried to created dir

Severity: 3 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

dirName

Directory Name

string

count

Count

uint32

A general count variable. A common use case is for incidents. Count represents how many times an Incident occurred in a time interval. When an Incident with the same group by parameters occurs again. The count is incremented and the Last Seen time is advanced. Count can be used for other events also.



EventType: PH_UTIL_DIR_OPEN_FAILURE

Description: Failed to open directory after a few attempts

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

dirName

Directory Name

string

errorNoInt

Error Number Int

int32



EventType: PH_UTIL_DIR_PARENT_NOT_EXIST

Description: Failed to locate Parent directory

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

dirName

Directory Name

string



EventType: PH_UTIL_DIR_REMOVE_FAILURE

Description: Failed to remove directory

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

dirName

Directory Name

string

errReason

Reason for Error

string

This is the reason for an error if given.

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_UTIL_DISK_USAGE_INFO_GET_FAILURE

Description: Unable to get disk usage information

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

dirName

Directory Name

string



EventType: PH_UTIL_DISPATH_CMD_XML_ILLEGAL

Description: Encountered malformatted XML

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

xmlBody

XML Body

string



EventType: PH_UTIL_DISPATH_CMD_XML_PARSE_FAILURE

Description: Encountered XML parsing failure

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

xmlBody

XML Body

string



EventType: PH_UTIL_EMAIL_SEND_FAILURE

Description: Failed to send email to server

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

destName

Destination Host Name

string

Destination device's hostname as identified in the log, can also be enriched using reverse lookup of the destination IP address.



EventType: PH_UTIL_EVENT_FILE_ERROR

Description: Encountered Event file error

Severity: 10 (High)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errReason

Reason for Error

string

This is the reason for an error if given.



EventType: PH_UTIL_EVENT_GROUP_ERROR

Description: Encountered Event Group error

Severity: 10 (High)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errReason

Reason for Error

string

This is the reason for an error if given.



EventType: PH_UTIL_EVENT_STATUS_REPORTER_SPAWN_FAILURE

Description: Failed to initialize external event status reporter thread

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_UTIL_EVENT_STATUS_UPLOAD_FAILURE

Description: Failed to upload external event status xml after 3 retries

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_UTIL_EVENT_TYPE_ERROR

Description: Encountered Event type error

Severity: 10 (High)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errReason

Reason for Error

string

This is the reason for an error if given.



EventType: PH_UTIL_FILE_NOT_EXIST

Description: File doesn't exsit

Severity: 3 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string



EventType: PH_UTIL_FILE_OPEN_FAILURE

Description: Failed to open file

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string

errorNoInt

Error Number Int

int32



EventType: PH_UTIL_FILE_READ_FAILURE

Description: Error reading file

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string

errorNoInt

Error Number Int

int32



EventType: PH_UTIL_FILE_SIZE_MISMATCH

Description: File size mismatch

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_UTIL_FILE_SIZE_TOO_SMALL

Description: File size too small

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string

fileSize64

File Size64 Bytes

uint64



EventType: PH_UTIL_FILE_STATFS_FAILURE

Description: Failed to run statfs() command

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorNoInt

Error Number Int

int32



EventType: PH_UTIL_FILE_STAT_FAILURE

Description: Failed to stat file

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string

errorNoInt

Error Number Int

int32



EventType: PH_UTIL_FILE_WRITE_FAILURE

Description: Error writing file

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string

errorNoInt

Error Number Int

int32



EventType: PH_UTIL_FORK_FAILURE

Description: System fork failed - likely system highly utilized

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorNoInt

Error Number Int

int32



EventType: PH_UTIL_GET_ADDR_FAILURE

Description: Failed to run Getaddrinfo command

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorString

Error String

string

This is the error message, synonymous to attribute errReason

destName

Destination Host Name

string

Destination device's hostname as identified in the log, can also be enriched using reverse lookup of the destination IP address.



EventType: PH_UTIL_GET_JOB_STATUS_FAILURE

Description: Failed to get job status to status file

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

fileName

File Name

string

paraName

Param Name

string



EventType: PH_UTIL_HOSTNAME_GET_FAILURE

Description: Failed to look up Host name

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorNoInt

Error Number Int

int32



EventType: PH_UTIL_INET_PTON_FAILURE

Description: Failed to run inet_ntop command

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorNoInt

Error Number Int

int32

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_UTIL_INODE_INFO_GET_FAILURE

Description: Unable to get inode information

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

osObjName

Object Name

string



EventType: PH_UTIL_IOCTL_FAILURE

Description: Failed to run ioctl commands

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_UTIL_IOCTL_SIOCGIFADDR_FAILURE

Description: Failed to run ioctl SIOCGIFADDR command

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_UTIL_IP_TYPE_INVALID

Description: Invalid IP type

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_UTIL_IP_TYPE_MISMATCH

Description: Mismatch IP type

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_UTIL_JOB_STATUS_REPORTER_SPAWN_FAILURE

Description: Failed to initialize job status reporter thread

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_UTIL_JOB_STATUS_UPLOAD_FAILURE

Description: Failed to upload job status xml after 3 retries

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_UTIL_JSON_GET_NODE_FAILURE

Description: Failed to get JSON node value from App Server

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorString

Error String

string

This is the error message, synonymous to attribute errReason

jsonBody

JSON Body

string



EventType: PH_UTIL_JSON_GET_TOTAL_COUNT_FAILURE

Description: Failed to fetch total_count

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_UTIL_JSON_OBJ_EMPTY

Description: JSON object empty

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_UTIL_JSON_PARSE_FAILURE

Description: Failed to parse JSON

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorString

Error String

string

This is the error message, synonymous to attribute errReason

jsonBody

JSON Body

string



EventType: PH_UTIL_KILLPG_FAILURE

Description: Failed to send SIGKILL to child process

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorNoInt

Error Number Int

int32



EventType: PH_UTIL_LOAD_EXT_FUNC_FILE_OPEN_FAILUE

Description: Dynamic loaded function load failed

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_UTIL_LOAD_EXT_FUNC_FORMAT_INVALID

Description: Dynamic loaded function name should be fileName.functionName format

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

propValue

Property Value

string



EventType: PH_UTIL_LOAD_EXT_FUNC_GET_NAME_FAILUE

Description: Dynamic loaded function in file failed

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

funName

Function Name

string

filePath

File Path

string

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_UTIL_LOCAL_IP_MISSING

Description: Failed to get ip address of this machine

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_UTIL_LOOKUP_TABLES_DUPLICATE

Description: Duplicate lookup table found

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

dbTable

Database Table

string



EventType: PH_UTIL_LOOKUP_TABLES_DUPLICATE_COLUMN

Description: Duplicate lookup table column found

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

dbTable

Database Table

string

dbColumn

Database Column

string



EventType: PH_UTIL_LOOKUP_TABLES_DUPLICATE_KEY

Description: Duplicate lookup table key found

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

dbTable

Database Table

string

dbId

DB ID

uint32



EventType: PH_UTIL_MAIL_CMD_RUN_FAILURE

Description: Failed to send email to server

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

destName

Destination Host Name

string

Destination device's hostname as identified in the log, can also be enriched using reverse lookup of the destination IP address.



EventType: PH_UTIL_MAIL_SMTP_INIT_FAILURE

Description: Fail to initialize SMTP server problem

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_UTIL_MD5_ERROR

Description: Failed to calculate MD5

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_UTIL_MEM_ALLOC_FAILURE

Description: Could not allocate memory

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

fileSize64

File Size64 Bytes

uint64



EventType: PH_UTIL_MKDTEMP_FAILURE

Description: Failed to create directory

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorNoInt

Error Number Int

int32

filePath

File Path

string



EventType: PH_UTIL_MKSTEMP_FAILURE

Description: Failed to create temporary filename

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorNoInt

Error Number Int

int32

filePath

File Path

string



EventType: PH_UTIL_MMAP_FAILURE

Description: Failed to mmap file

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string

fileSize64

File Size64 Bytes

uint64

errorNoInt

Error Number Int

int32

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_UTIL_MOVE_FILE_FAILURE

Description: Failed to rename file

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string

errorNoInt

Error Number Int

int32



EventType: PH_UTIL_NOTIFICATION_SENDER_SPAWN_FAILURE

Description: Failed to initialize notification sender thread

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_UTIL_NOTIFICATION_SERVER_INIT_FAILURE

Description: Failed to initialize notification reporter

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_UTIL_NOTIFICATION_UPLOAD_FAILURE

Description: Failed to Send Notification

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

msg

Message

string



EventType: PH_UTIL_PHOENIX_CONFIG_ITEM_MISSING

Description: Could not find specific item in phoenix_config.txt

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

propName

Property Name

string



EventType: PH_UTIL_PIPE_FAILURE

Description: The command pipe() returned error

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorNoInt

Error Number Int

int32

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_UTIL_PROP_DEF_SET_PARSE_FAILURE

Description: Failed to parse propertyDefs xml

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

xmlBody

XML Body

string



EventType: PH_UTIL_REDIS_CONNECTION_ERROR

Description: redis connection error

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_UTIL_REGEX_PATTERN_EMPTY

Description: Regex Pattern is NULL

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_UTIL_REGEX_PATTERN_TOO_LONG

Description: Regex Pattern too long

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

msgLen

Message Length

uint64



EventType: PH_UTIL_SEND_TO_UDP_PORT_FAILURE

Description: Failed to send message to udp port

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

destIpPort

Destination TCP/UDP Port

uint16

This is the destination TCP or UDP port as identified in the event



EventType: PH_UTIL_SETPGRP_FAILURE

Description: Failed to run system comand setpgrp()

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorNoInt

Error Number Int

int32



EventType: PH_UTIL_SET_JOB_STATUS_FAILURE

Description: Failed to set job status to status file

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

fileName

File Name

string

paraName

Param Name

string



EventType: PH_UTIL_SOCKET_FAILURE

Description: Failed to run system command socket()

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_UTIL_STR_TO_IP_FAILURE

Description: Failed to run system call inet_pton

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

propValue

Property Value

string



EventType: PH_UTIL_SVN_DIFF_FAILURE

Description: Failed to execute system command svn diff

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorNoInt

Error Number Int

int32



EventType: PH_UTIL_SYS_ERROR_REPORTER_INIT_FAILURE

Description: Failed to initialize system error reporter thread

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_UTIL_TIME_RANGE_INVALID

Description: Found Invalid time range

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

propValue

Property Value

string



EventType: PH_UTIL_TIME_STR_FORMAT_INVALID

Description: Found incorrect time string parameters

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

paraName

Param Name

string



EventType: PH_UTIL_UNKNOWN_PHOENIX_ERROR_NUMBER

Description: Found incorrect PH error number

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string



EventType: PH_UTIL_VALUE_GROUP_ERROR

Description: Encountered Value group error

Severity: 10 (High)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errReason

Reason for Error

string

This is the reason for an error if given.



EventType: PH_UTIL_WAITPID_FAILURE

Description: Failed to run system command waitpid on child process

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorNoInt

Error Number Int

int32



EventType: PH_UTIL_WAITPID_LAST_TRY_FAILUE

Description: Failed to run system command waitpid on child process after several tries

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorNoInt

Error Number Int

int32



EventType: PH_UTIL_WINDOWS_BID_LOAD_FAILURE

Description: Failed to load Windows Built In SID file

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string



EventType: PH_UTIL_WRITE_BIN_FILE_OPEN_FAILURE

Description: Failed to open binary file

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string



EventType: PH_UTIL_WRITE_FILE_OPEN_FAILURE

Description: Failed to open file for write

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string

errorNoInt

Error Number Int

int32



EventType: PH_UTIL_XML_HANDLING_ERROR

Description: Found Invalid xml from App Server

Severity: 10 (High)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errReason

Reason for Error

string

This is the reason for an error if given.



EventType: PH_UTIL_ZIP_DECOMPRESS_FAILED

Description: Failed to decompress zip string

Severity: 3 (Low)

Event Category: 3 (System Logs)


EventType: PH_WORKER_DOWN

Description: Worker down

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_WORKER_PROVISION_FAILED

Description: Phoenix worker provision failed

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_WORKER_UP

Description: Worker up

Severity: 1 (Low)

Event Category: 3 (System Logs)


EventType: PH_WS_COMM_ERROR

Description: Web service communication error

Severity: 6 (Medium)

Event Category: 3 (System Logs)

System Logs

System Logs

This section provides logs related phMonitor module.



EventType: PH_BAD_ROUTE_OUTPUT

Description: FortiSIEM encountered bad route output

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_BASE_PROC_BASE_AGENT_JOB_NO_THREAD_NUM_ASSIGNED

Description: FortiSIEM module error - no thread count assigned

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_BASE_PROC_DUMP_STACK_TRACE_FAILURE

Description: FortiSIEM module error - stack trace failed

Severity: 5 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

command

Command

string

filePath

File Path

string



EventType: PH_BASE_PROC_GET_PID_FILE_FAILED

Description: FortiSIEM module error - failed to get process id

Severity: 5 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string

errorNoInt

Error Number Int

int32



EventType: PH_BASE_PROC_HANDLE_NOTIFICATION_ERROR

Description: FortiSIEM module error - notification error

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_BASE_PROC_KILL_PROC_ERROR

Description: FortiSIEM module error - failed to kill process

Severity: 5 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_BASE_PROC_NOTIFICATION_HANDLE_CONN_ERROR

Description: FortiSIEM module error - no notification connection

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_BASE_PROC_NO_CONN_TO_HEARTBEAT_SERVER

Description: FortiSIEM module error - no connection to heartbeat

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_BASE_PROC_RENAME_MINI_DUMP_FILE_FAILURE

Description: FortiSIEM module error - minidump error

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_BASE_PROC_REST_CACHE_CHECKOUT_STATUS_WARNING

Description: FortiSIEM module error - REST cache access error

Severity: 3 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

infoURL

Informational URL

string

This field captures an URL if present in an event



EventType: PH_BASE_PROC_SEND_HEARTBEAT_FAILURE

Description: FortiSIEM module error - failed to send heartbeat

Severity: 5 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

procName

Process Name

string



EventType: PH_BASE_PROC_SEND_USER_DEFINED_SIG_FAILED

Description: FortiSIEM module error - user defined sig failed

Severity: 5 (Medium)

Event Category: 3 (System Logs)


EventType: PH_BASE_PROC_SET_PID_FILE_FAILED

Description: FortiSIEM module error - setpid failed

Severity: 5 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_BASE_PROC_STACK_TRACE

Description: FortiSIEM module stack trace

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_BASE_PROC_STACK_TRACK_TOO_LONG

Description: FortiSIEM module erro - stack trace too large

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_BASE_PROC_SYS_INFO_CALC_CPU_ERROR

Description: FortiSIEM module error - failed to calculate CPU

Severity: 5 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

procName

Process Name

string



EventType: PH_BASE_PROC_SYS_PROC_INFO_GET_FAILURE

Description: FortiSIEM module error - failed to get proc info

Severity: 5 (Medium)

Event Category: 3 (System Logs)


EventType: PH_BASE_PROC_SYS_PROC_INFO_INIT_ERROR

Description: FortiSIEM module error - proc info get error

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_BASE_PROC_SYS_PROC_INFO_UNABLE_OPEN_PROC_PID_FILE

Description: FortiSIEM module error - unable to open proc pid file

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string



EventType: PH_BASE_PROC_SYS_PROC_INFO_UNABLE_OPEN_PROC_STAT_FILE

Description: FortiSIEM module error - unable to open proc stat file

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string

procName

Process Name

string



EventType: PH_BASE_PROC_THREAD_SPAWN_FAILED

Description: FortiSIEM module error - failed to spawn thread

Severity: 10 (High)

Event Category: 3 (System Logs)


EventType: PH_BASE_PROC_THREAD_WRONG_PARAM

Description: FortiSIEM module error - wrong paremeters to thread span function

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_BASE_PROC_UPLOAD_FILE_FAILURE

Description: FortiSIEM module error - file upload failure

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

serverName

Server Name

string



EventType: PH_BASE_PROC_VALUE_GROUP_UPDATE_FAILURE

Description: FortiSIEM module error - value group update failure

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_BASE_PRO_AQUIRE_SHARED_STORE_FAILED

Description: Unable to aquire shared store instance

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_CLIKCHOUSE_BUILD_QUERY_DIST_SQL_COMMAND_FAILURE

Description: Failed to build query dist sql command

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_CLI_ERROR

Description: FortiSIEM CLI error

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_CREATE_TEMP_FILE_FAILURE

Description: FortiSIEM temp file creation error

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorNoInt

Error Number Int

int32

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_DISC_DATA_PROCESS_ERROR

Description: Discovery result process error

Severity: 5 (Medium)

Event Category: 3 (System Logs)


EventType: PH_DIVIDE_BY_ZERO

Description: Devide by zero

Severity: 6 (Medium)

Event Category: 3 (System Logs)


EventType: PH_FAILED_TO_EXEC

Description: Failed to execute specified command

Severity: 6 (Medium)

Event Category: 3 (System Logs)


EventType: PH_FILE_NOT_FOUND

Description: Can not find the specified file

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_GCS_BUCKET_ACCESS_FAILURE

Description: Failed to access GCS Bucket

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_GENERIC_CRITICAL

Description: PH system generic critical message

Severity: 9 (High)

Event Category: 3 (System Logs)


EventType: PH_GENERIC_DEBUG

Description: PH system generic debug message

Severity: 1 (Low)

Event Category: 3 (System Logs)


EventType: PH_GENERIC_ERROR

Description: PH system generic error

Severity: 6 (Medium)

Event Category: 3 (System Logs)


EventType: PH_GENERIC_INFO

Description: PH system generic info

Severity: 1 (Low)

Event Category: 3 (System Logs)


EventType: PH_GENERIC_WARNING

Description: PH system generic warning

Severity: 5 (Medium)

Event Category: 3 (System Logs)


EventType: PH_GET_CURL_HANDLE_FAILED

Description: FortiSIEM HTTP Client failed to get handle

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_GET_SUPER_LEADER_FAILURE

Description: Failed to get super leader IP

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_GRPC_CERT_CREATE_SUCCESS

Description: Create gRPC certificate files

Severity: 3 (Low)

Event Category: 3 (System Logs)


EventType: PH_GRPC_CERT_ERROR

Description: 700-Grpc: Grpc cert error

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_GRPC_CERT_LOADED_FAILED

Description: Failed to load certs file

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_GRPC_CERT_UPDATE_FAILED

Description: Failed to update gRPC certificate file

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

fileName

File Name

string



EventType: PH_GRPC_CERT_UPDATE_SUCCESS

Description: Updated gRPC certificate file

Severity: 3 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

fileName

File Name

string



EventType: PH_GRPC_FORTMAT_JSON_FAILED

Description: Failed to format Json response

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_GRPC_TASK_DATA_EMPTY

Description: GRPC task is empty

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_HTTP_CLIENT_COMPRESS_FAILED

Description: FortiSIEM HTTP Client failed to compress payload

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errReason

Reason for Error

string

This is the reason for an error if given.



EventType: PH_HTTP_CLIENT_CURL_ERROR

Description: FortiSIEM HTTP Client failed with curl error

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

infoURL

Informational URL

string

This field captures an URL if present in an event



EventType: PH_HTTP_CLIENT_GET_CACHE_FROM_MONITOR_FAILED

Description: FortiSIEM HTTP Client failed to get cache

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errReason

Reason for Error

string

This is the reason for an error if given.



EventType: PH_HTTP_CLIENT_GET_DATA_FROM_CACHE_FAILED

Description: FortiSIEM HTTP Client failed to get data from cache

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errReason

Reason for Error

string

This is the reason for an error if given.



EventType: PH_HTTP_CLIENT_GET_INIT_RESPONSE_FAILED

Description: FortiSIEM HTTP Client failed to get initialization response

Severity: 5 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

infoURL

Informational URL

string

This field captures an URL if present in an event

errorNoInt

Error Number Int

int32

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_HTTP_CLIENT_GET_INIT_RESPONSE_WARNING

Description: FortiSIEM HTTP Client encountered error getting initialization response

Severity: 3 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

infoURL

Informational URL

string

This field captures an URL if present in an event

errorNoInt

Error Number Int

int32

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_HTTP_CLIENT_GET_RESPONSE_WARNING

Description: FortiSIEM HTTP Client encountered error getting response

Severity: 3 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

infoURL

Informational URL

string

This field captures an URL if present in an event



EventType: PH_HTTP_CLIENT_HOST_IS_NULL

Description: FortiSIEM HTTP Client host is null error

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_HTTP_CLIENT_INIT_FAILURE

Description: FortiSIEM HTTP Client initialization failure

Severity: 10 (High)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

serverIpAddr

Server IP

IP



EventType: PH_HTTP_CLIENT_INIT_WARNING

Description: FortiSIEM HTTP Client initialization warning

Severity: 3 (Low)

Event Category: 3 (System Logs)


EventType: PH_HTTP_CLIENT_INVALID_FILE_SIZE

Description: FortiSIEM HTTP Client encoutered invalid file size

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_HTTP_CLIENT_MKSTEMP_FAILED

Description: FortiSIEM HTTP Client failed to mkstemp

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

fileName

File Name

string



EventType: PH_HTTP_CLIENT_NO_FILE_PARAM

Description: FortiSIEM HTTP Client missing file paarameter

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_HTTP_CLIENT_PICK_SUPER_FAILED

Description: FortiSIEM HTTP Client failed to pick super

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_HTTP_CLIENT_PREP_REQUEST_ERROR

Description: FortiSIEM HTTP Client Prep Request error

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errReason

Reason for Error

string

This is the reason for an error if given.



EventType: PH_HTTP_CLIENT_PUT_REDIRECT_FAILURE

Description: FortiSIEM HTTP Client PUT Redirect error

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errReason

Reason for Error

string

This is the reason for an error if given.



EventType: PH_HTTP_CLIENT_SETOPT_FAILED

Description: FortiSIEM HTTP Client setopt call failed

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorNoInt

Error Number Int

int32

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_HTTP_CLIENT_SET_HOST_WARNING

Description: FortiSIEM HTTP Client set host call failed

Severity: 3 (Low)

Event Category: 3 (System Logs)


EventType: PH_HTTP_CLIENT_UPLOAD_FILE_FAILED

Description: FortiSIEM HTTP Client file upload failed

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

serverIpAddr

Server IP

IP

infoURL

Informational URL

string

This field captures an URL if present in an event

httpStatusCode

HTTP Status

string

errorNoInt

Error Number Int

int32



EventType: PH_HTTP_CLIENT_WRITE_CACHE_NULL

Description: FortiSIEM HTTP Client cache write error

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_HTTP_INIT_FAILURE

Description: Http client initialization failure

Severity: 6 (Medium)

Event Category: 3 (System Logs)


EventType: PH_HTTP_RESPONSE_FAILURE

Description: HTTP response code failure

Severity: 3 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorNo

Error Number Unsigned

uint32

This is an unsigned integer error number



EventType: PH_INCIDENT_ACTION_STATUS

Description: Record action result for incident notification

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

scriptOutput

Script Output

string



EventType: PH_INVALID_IP_ADDR

Description: FortiSIEM backend module detected invalid IP address

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_INVALID_PARAM

Description: Invaid Parameter

Severity: 6 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

paraName

Param Name

string



EventType: PH_INVALID_PARAM_CNT

Description: Invaid number of parameter

Severity: 6 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

count

Count

uint32

A general count variable. A common use case is for incidents. Count represents how many times an Incident occurred in a time interval. When an Incident with the same group by parameters occurs again. The count is incremented and the Last Seen time is advanced. Count can be used for other events also.



EventType: PH_INVALID_PARAM_VAL_EMPTY

Description: Invalid empty parameter value

Severity: 6 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

paraName

Param Name

string



EventType: PH_LOAD_CONFIG_CHANGE_FAILED

Description: FortiSIEM Rule/Report Master/Worker modules failed to load performance monitoring config change

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

infoURL

Informational URL

string

This field captures an URL if present in an event

item

Item

string



EventType: PH_MODULE_ABORT

Description: Module exited abnormally

Severity: 6 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

coreDumpFile

Coredump File Name

string



EventType: PH_MODULE_ABORT_FOUND

Description: Module found aborted

Severity: 6 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

reptProcName

Reported Process Name

string

eventTime

Event Occur Time

Date



EventType: PH_MODULE_ACCEPTED_CONN

Description: Module accepted connection

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

hostIpAddr

Host IP

IP

This is the IP of the device of interest in the event.



EventType: PH_MODULE_ACE_HANDLE_EVENT_ERROR

Description: ACE failed to handle event

Severity: 6 (Medium)

Event Category: 3 (System Logs)


EventType: PH_MODULE_COMM_ERROR

Description: Module encountered inter-module communication error

Severity: 6 (Medium)

Event Category: 3 (System Logs)


EventType: PH_MODULE_COMM_HANDLER_REG

Description: Module registering notification handlers

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

notifId

Notification ID

uint32

handlerName

Notification Handler Name

string



EventType: PH_MODULE_COMM_PORTS_OPENED

Description: Module opened Notification Service ports

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

ipProto

IP Protocol

uint16

IP Protocol, e.g. TCP, UDP, ICMP etc as defined in IP RFPs

srcIpPort

Source TCP/UDP Port

uint16

This is the source TCP or UDP port as identified in the event



EventType: PH_MODULE_DB_CONFIG_LOADED

Description: Module loaded database config succesfully

Severity: 1 (Low)

Event Category: 3 (System Logs)


EventType: PH_MODULE_DIODE_CONFIG_ERROR

Description: Module failed to load diode collector config

Severity: 6 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errReason

Reason for Error

string

This is the reason for an error if given.



EventType: PH_MODULE_EXCEPTION_NOT_CAUGHT

Description: Exception not caught

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_MODULE_EXITING

Description: Module exiting

Severity: 1 (Low)

Event Category: 3 (System Logs)


EventType: PH_MODULE_EXIT_OK

Description: Module exited gracefully

Severity: 1 (Low)

Event Category: 3 (System Logs)


EventType: PH_MODULE_HEARTBEAT_INIT

Description: Module initializing heartbeat object

Severity: 1 (Low)

Event Category: 3 (System Logs)


EventType: PH_MODULE_INITIALIZING

Description: Module initialization

Severity: 1 (Low)

Event Category: 3 (System Logs)


EventType: PH_MODULE_INIT_COMPLETE

Description: Module successfully started

Severity: 1 (Low)

Event Category: 3 (System Logs)


EventType: PH_MODULE_INIT_FAILURE

Description: Module initialization failure

Severity: 6 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

module

Module Name

string



EventType: PH_MODULE_LOADED_NEW_CONFIG

Description: Module sucessfully loaded new config

Severity: 1 (Low)

Event Category: 3 (System Logs)


EventType: PH_MODULE_LOAD_DIODE_CRED_ERROR

Description: Failed to load diode collector agent credential

Severity: 6 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_MODULE_LOCAL_CONFIG_LOADED

Description: Module loaded local config successfully

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

configName

Config Name

string



EventType: PH_MODULE_LOCAL_CONFIG_SECTION_ERROR

Description: Module failed to load local config section

Severity: 6 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

configSectName

Config Section Name

string



EventType: PH_MODULE_LOCAL_CONFIG_VALUE_ERROR

Description: Module failed to load local config value

Severity: 6 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

configName

Config Name

string

configValue

Config Value

string



EventType: PH_MODULE_LOG_LEVEL_CHANGE

Description: Module received log level change

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

oldLogLevel

Old Log Level

uint32

newLogLevel

New Log Level

uint32



EventType: PH_MODULE_RECVD_EXIT_EXT

Description: Module received external signal to exit

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

exitValue

Command exit value

int32



EventType: PH_MODULE_RECVD_EXIT_MONITOR

Description: Module received exit request from Monitor

Severity: 1 (Low)

Event Category: 3 (System Logs)


EventType: PH_MODULE_RECVD_NEW_CONFIG

Description: Module received config change notification

Severity: 1 (Low)

Event Category: 3 (System Logs)


EventType: PH_MODULE_RECVD_START

Description: Module received start request

Severity: 1 (Low)

Event Category: 3 (System Logs)


EventType: PH_MODULE_SETPIDFILE_ERR

Description: Module unable to set PID file

Severity: 6 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorNo

Error Number Unsigned

uint32

This is an unsigned integer error number



EventType: PH_MODULE_UNABLE_INIT_SHARED_STORE

Description: Module unable to init shared store

Severity: 6 (Medium)

Event Category: 3 (System Logs)


EventType: PH_MODULE_UNABLE_OPEN_COMM_PORT

Description: Module unable to open inter-module comm port during initialization

Severity: 6 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

ipProto

IP Protocol

uint16

IP Protocol, e.g. TCP, UDP, ICMP etc as defined in IP RFPs

srcIpPort

Source TCP/UDP Port

uint16

This is the source TCP or UDP port as identified in the event



EventType: PH_NOTIFICATION_ACCEPT_FAILURE

Description: failed to accept connection

Severity: 6 (Medium)

Event Category: 3 (System Logs)


EventType: PH_NOTIFICATION_CALLBACK_ERROR

Description: FortiSIEM Notification module callback error

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_NOTIFICATION_CONN_FAILED

Description: FortiSIEM Notification module failed connection

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

serverName

Server Name

string

ipPort

IP Port

uint16

IP port number

module

Module Name

string



EventType: PH_NOTIFICATION_INIT_FAILED

Description: FortiSIEM Notification module initialization failed

Severity: 10 (High)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errReason

Reason for Error

string

This is the reason for an error if given.



EventType: PH_NOTIFICATION_NO_RESPONSE

Description: has no response on Notification

Severity: 6 (Medium)

Event Category: 3 (System Logs)


EventType: PH_NOTIFICATION_RETURN_FAILURE

Description: Notification returns failure

Severity: 6 (Medium)

Event Category: 3 (System Logs)


EventType: PH_NOTIFICATION_SEND_FAILURE

Description: FortiSIEM Notification module send failure

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_NOTIFICATION_SEND_FILE_FAILURE

Description: FortiSIEM Notification module file send failure

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string



EventType: PH_OBJECT_NOT_FOUND

Description: Can not find specified object

Severity: 1 (Low)

Event Category: 3 (System Logs)


EventType: PH_PDF_BUILDER_ERROR

Description: PDF builder error

Severity: 5 (Medium)

Event Category: 3 (System Logs)


EventType: PH_READER_BLOCK_WRITE

Description: Reader is blocking writer&Restart

Severity: 6 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

reptProcName

Reported Process Name

string



EventType: PH_Rule_AbuseCH_Botnetc2_MalwareIP_Inbound

Description: Permitted Traffic from AbuseCH Botnet C2 Malware IP List

Severity: 10 (High)

Event Category: 3 (System Logs)


EventType: PH_Rule_AbuseCH_Botnetc2_MalwareIP_Outbound

Description: Traffic to AbuseCH Botnet C2 Malware IP List

Severity: 10 (High)

Event Category: 3 (System Logs)


EventType: PH_Rule_Blocklist_MalwareIP_Inbound

Description: Permitted Traffic from Blocklist DE Malware IP List

Severity: 10 (High)

Event Category: 3 (System Logs)


EventType: PH_Rule_Blocklist_MalwareIP_Outbound

Description: Traffic to Blocklist DE Malware IP List

Severity: 10 (High)

Event Category: 3 (System Logs)


EventType: PH_Rule_C2_Tracker_MalwareIP_Inbound

Description: Permitted Traffic from C2 Tracker Malware IP List

Severity: 10 (High)

Event Category: 3 (System Logs)


EventType: PH_Rule_C2_Tracker_MalwareIP_Outbound

Description: Traffic to C2 Tracker Malware IP List

Severity: 10 (High)

Event Category: 3 (System Logs)


EventType: PH_Rule_CINSScore_MalwareIP_Inbound

Description: Permitted Traffic from CINS Score Malware IP List

Severity: 10 (High)

Event Category: 3 (System Logs)


EventType: PH_Rule_CINSScore_MalwareIP_Outbound

Description: Traffic to CINS Score Malware IP List

Severity: 10 (High)

Event Category: 3 (System Logs)


EventType: PH_Rule_Cisco_Talos_MalwareIP_Inbound

Description: Permitted Traffic from Cisco Talos Malware IP List

Severity: 10 (High)

Event Category: 3 (System Logs)


EventType: PH_Rule_Cisco_Talos_MalwareIP_Outbound

Description: Traffic to Cisco Talos Malware IP List

Severity: 10 (High)

Event Category: 3 (System Logs)


EventType: PH_Rule_DigitalSide_MalwareDomain_Inbound

Description: Permitted Traffic from DigitalSide Malware Domain List

Severity: 10 (High)

Event Category: 3 (System Logs)


EventType: PH_Rule_DigitalSide_MalwareDomain_Outbound

Description: Traffic to DigitalSide Malware Domain List

Severity: 10 (High)

Event Category: 3 (System Logs)


EventType: PH_Rule_DigitalSide_MalwareIP_Inbound

Description: Permitted Traffic from DigitalSide Malware IP List

Severity: 10 (High)

Event Category: 3 (System Logs)


EventType: PH_Rule_DigitalSide_MalwareIP_Outbound

Description: Traffic to DigitalSide Malware IP List

Severity: 10 (High)

Event Category: 3 (System Logs)


EventType: PH_Rule_DigitalSide_MalwareURL_Outbound

Description: Traffic to DigitalSide Malware URL List

Severity: 10 (High)

Event Category: 3 (System Logs)


EventType: PH_Rule_FML_Antispam_Malicious_File

Description: FortiMail: Malicious Spam File Attachment Found

Severity: 9 (High)

Event Category: 3 (System Logs)


EventType: PH_Rule_FML_Antispam_Malicious_Url

Description: FortiMail: Antispam Malicious URL found

Severity: 9 (High)

Event Category: 3 (System Logs)


EventType: PH_Rule_FireHol_MalwareIP_Inbound

Description: Permitted Traffic from FireHol Malware IP List

Severity: 10 (High)

Event Category: 3 (System Logs)


EventType: PH_Rule_FireHol_MalwareIP_Outbound

Description: Traffic to FireHol Malware IP List

Severity: 10 (High)

Event Category: 3 (System Logs)


EventType: PH_Rule_FortiRecon_MalwareDomain_Inbound

Description: Permitted Traffic from FortiRecon Malware Domain List

Severity: 10 (High)

Event Category: 3 (System Logs)


EventType: PH_Rule_FortiRecon_MalwareDomain_Outbound

Description: Traffic to FortiRecon Malware Domain List

Severity: 10 (High)

Event Category: 3 (System Logs)


EventType: PH_Rule_FortiRecon_MalwareIP_Inbound

Description: Permitted Traffic from FortiRecon Malware IP List

Severity: 10 (High)

Event Category: 3 (System Logs)


EventType: PH_Rule_FortiRecon_MalwareIP_Outbound

Description: Traffic to FortiRecon Malware IP List

Severity: 10 (High)

Event Category: 3 (System Logs)


EventType: PH_Rule_FortiRecon_MalwareURL_Outbound

Description: Traffic to FortiRecon Malware URL List

Severity: 10 (High)

Event Category: 3 (System Logs)


EventType: PH_Rule_FortiSOAR_MalwareDomain_Inbound

Description: Permitted Traffic from FortiSOAR Malware Domain List

Severity: 10 (High)

Event Category: 3 (System Logs)


EventType: PH_Rule_FortiSOAR_MalwareDomain_Outbound

Description: Traffic to FortiSOAR Malware Domain List

Severity: 10 (High)

Event Category: 3 (System Logs)


EventType: PH_Rule_FortiSOAR_MalwareIP_Inbound

Description: Permitted Traffic from FortiSOAR Malware IP List

Severity: 10 (High)

Event Category: 3 (System Logs)


EventType: PH_Rule_FortiSOAR_MalwareIP_Outbound

Description: Traffic to FortiSOAR Malware IP List

Severity: 10 (High)

Event Category: 3 (System Logs)


EventType: PH_Rule_FortiSOAR_MalwareURL_Outbound

Description: Traffic to FortiSOAR Malware URL List

Severity: 10 (High)

Event Category: 3 (System Logs)


EventType: PH_Rule_Greensnow_MalwareIP_Inbound

Description: Permitted Traffic from Greensnow Malware IP List

Severity: 10 (High)

Event Category: 3 (System Logs)


EventType: PH_Rule_Greensnow_MalwareIP_Outbound

Description: Traffic to Greensnow Malware IP List

Severity: 10 (High)

Event Category: 3 (System Logs)


EventType: PH_Rule_IPSum_MalwareIP_Inbound

Description: Permitted Traffic from IPSum Malware IP List

Severity: 10 (High)

Event Category: 3 (System Logs)


EventType: PH_Rule_IPSum_MalwareIP_Outbound

Description: Traffic to IPSum Malware IP List

Severity: 10 (High)

Event Category: 3 (System Logs)


EventType: PH_Rule_MISP_MalwareDomain_Inbound

Description: Permitted Traffic from MISP Malware Domain List

Severity: 10 (High)

Event Category: 3 (System Logs)


EventType: PH_Rule_MISP_MalwareDomain_Outbound

Description: Traffic to MISP Malware Domain List

Severity: 10 (High)

Event Category: 3 (System Logs)


EventType: PH_Rule_MISP_MalwareIP_Inbound

Description: Permitted Traffic from MISP Malware IP List

Severity: 10 (High)

Event Category: 3 (System Logs)


EventType: PH_Rule_MISP_MalwareIP_Outbound

Description: Traffic to MISP Malware IP List

Severity: 10 (High)

Event Category: 3 (System Logs)


EventType: PH_Rule_MISP_MalwareURL_Outbound

Description: Traffic to MISP Malware URL List

Severity: 10 (High)

Event Category: 3 (System Logs)


EventType: PH_Rule_OPENCTI_MalDomain_Inbound

Description: Permitted Traffic from OpenCTI Malware Domain List

Severity: 10 (High)

Event Category: 3 (System Logs)


EventType: PH_Rule_OPENCTI_MalDomain_Outbound

Description: Traffic to OpenCTI Malware Domain List

Severity: 10 (High)

Event Category: 3 (System Logs)


EventType: PH_Rule_OPENCTI_MalwareIP_Inbound

Description: Permitted Traffic from OpenCTI Malware IP List

Severity: 10 (High)

Event Category: 3 (System Logs)


EventType: PH_Rule_OPENCTI_MalwareIP_Outbound

Description: Traffic to OpenCTI Malware IP List

Severity: 10 (High)

Event Category: 3 (System Logs)


EventType: PH_Rule_OPENCTI_MalwareURL_Outbound

Description: Traffic to OpenCTI Malware URL List

Severity: 10 (High)

Event Category: 3 (System Logs)


EventType: PH_Rule_OpenPhish_MalwareURL_Outbound

Description: Traffic to OpenPhish Malware URL List

Severity: 10 (High)

Event Category: 3 (System Logs)


EventType: PH_Rule_Proofpoint_MalwareIP_Inbound

Description: Permitted Traffic from Proofpoint Malware IP List

Severity: 10 (High)

Event Category: 3 (System Logs)


EventType: PH_Rule_Proofpoint_MalwareIP_Outbound

Description: Traffic to Proofpoint Malware IP List

Severity: 10 (High)

Event Category: 3 (System Logs)


EventType: PH_Rule_Snort_MalwareIP_Inbound

Description: Permitted Traffic from Snort Malware IP List

Severity: 10 (High)

Event Category: 3 (System Logs)


EventType: PH_Rule_Snort_MalwareIP_Outbound

Description: Traffic to Snort Malware IP List

Severity: 10 (High)

Event Category: 3 (System Logs)


EventType: PH_Rule_ThreatFox_MalwareURL_Outbound

Description: Traffic to ThreatFox Malware URL List

Severity: 10 (High)

Event Category: 3 (System Logs)


EventType: PH_Rule_TweetFeed_MalwareDomain_Inbound

Description: Permitted Traffic from TweetFeed Malware Domain List

Severity: 10 (High)

Event Category: 3 (System Logs)


EventType: PH_Rule_TweetFeed_MalwareDomain_Outbound

Description: Traffic to TweetFeed Malware Domain List

Severity: 10 (High)

Event Category: 3 (System Logs)


EventType: PH_Rule_TweetFeed_MalwareURL_Outbound

Description: Traffic to TweetFeed Malware URL List

Severity: 10 (High)

Event Category: 3 (System Logs)


EventType: PH_Rule_Tweetfeed_MalwareIP_Inbound

Description: Permitted Traffic from TweetFeed Malware IP List

Severity: 10 (High)

Event Category: 3 (System Logs)


EventType: PH_Rule_Tweetfeed_MalwareIP_Outbound

Description: Traffic to TweetFeed Malware IP List

Severity: 10 (High)

Event Category: 3 (System Logs)


EventType: PH_SAAS_OP_COLLECTOR_DOWN

Description: Collector down

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_SAAS_OP_COLLECTOR_UP

Description: Collector up

Severity: 1 (Low)

Event Category: 3 (System Logs)


EventType: PH_SER_MON_SERVICE_DOWN

Description: PH process down

Severity: 8 (Medium)

Event Category: 3 (System Logs)


EventType: PH_SHAREDSTORE_ACQUIRE_ERROR

Description: A module failed to acquire shared store. The module will abort

Severity: 10 (High)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errReason

Reason for Error

string

This is the reason for an error if given.



EventType: PH_SHAREDSTORE_WRITER_POS_UNEXPECTED_ALTERED

Description: Shared store writer position altered unexpectedly

Severity: 9 (High)

Event Category: 3 (System Logs)


EventType: PH_SHAREDSTORE_WRITE_ERROR

Description: Parser module encountered error while writing to shared store. Events will be lost

Severity: 9 (High)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errReason

Reason for Error

string

This is the reason for an error if given.



EventType: PH_SSL_SHUTDOWN_ERROR

Description: PH system ssl shutdown error

Severity: 6 (Medium)

Event Category: 3 (System Logs)


EventType: PH_SYSTEM_DROP_UNKNOWN_ORG

Description: Dropped events which belong to unknown organization

Severity: 3 (Low)

Event Category: 3 (System Logs)


EventType: PH_SYSTEM_STORAGE_LOW

Description: System data storage is low

Severity: 5 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

diskName

Disk Name

string

freeDiskMB

Free Disk MB

uint32

diskUtil

Disk Capacity Util

double



EventType: PH_SYS_ERROR_XML_SEND_ERROR

Description: Error in sending system error to app server

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_SYS_ERROR_XML_SENT

Description: System error sent to app server

Severity: 1 (Low)

Event Category: 3 (System Logs)


EventType: PH_THREAD_EXITING

Description: Module exiting thread

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

threadName

Thread Name

string



EventType: PH_THREAD_RECVD_EXIT

Description: Thread received exit request

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

threadName

Thread Name

string



EventType: PH_THREAD_STARTING

Description: Module starting thread

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

threadName

Thread Name

string



EventType: PH_UNABLE_ACCESS_DIR

Description: Unable to access archive directory

Severity: 10 (High)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

dirName

Directory Name

string



EventType: PH_UNABLE_ALLOC_MEMORY

Description: Unable to allocate memory

Severity: 6 (Medium)

Event Category: 3 (System Logs)


EventType: PH_UNABLE_CREATE_DIR

Description: Unable to create dir

Severity: 6 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

dirName

Directory Name

string

errorNo

Error Number Unsigned

uint32

This is an unsigned integer error number



EventType: PH_UNABLE_CREATE_FILE

Description: Unable to create file

Severity: 6 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

fileName

File Name

string

errorNo

Error Number Unsigned

uint32

This is an unsigned integer error number



EventType: PH_UNABLE_CREATE_TIMER

Description: Unable to create timer

Severity: 6 (Medium)

Event Category: 3 (System Logs)


EventType: PH_UNABLE_OPEN_DIR

Description: Unable to open dir

Severity: 6 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

dirName

Directory Name

string

errorNo

Error Number Unsigned

uint32

This is an unsigned integer error number



EventType: PH_UNABLE_OPEN_FILE

Description: Unable to open file

Severity: 6 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

fileName

File Name

string

errorNo

Error Number Unsigned

uint32

This is an unsigned integer error number



EventType: PH_UNABLE_PARSE_XML

Description: Unable to parse xml

Severity: 6 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

fileName

File Name

string



EventType: PH_UNABLE_RENAME_FILE

Description: Unable to rename file

Severity: 6 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

srcFilePath

Source File Path

string

destFilePath

Destination File Path

string

errorNo

Error Number Unsigned

uint32

This is an unsigned integer error number



EventType: PH_UNRESOLVABLE_HOSTNAME

Description: FortiSIEM module failed to resolve host name

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

hostName

Host Name

string

This is the hostname of the device of interest in the event



EventType: PH_UTIL_BIZ_CHANGE_UPDATE_SPAWN_FAILURE

Description: phMonitor encountered error in spawning thread

Severity: 10 (High)

Event Category: 3 (System Logs)


EventType: PH_UTIL_BIZ_HTTP_REQUEST_FAILURE

Description: HTTP Request Error

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_UTIL_CMD_FAILURE

Description: FortiSIEM system command execution failure

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

command

Command

string

errorNoInt

Error Number Int

int32



EventType: PH_UTIL_CONFIG_IP_MISSING

Description: Found empty IP address

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_UTIL_CONFIG_LOAD_FAILURE

Description: Failed to load configuration type from the app server

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

objType

Object Type

string



EventType: PH_UTIL_CONFIG_LOAD_FILE_ACESS_FAILURE

Description: Failed to load configuration type from the app server - tmp file not accessible

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

objType

Object Type

string



EventType: PH_UTIL_CONFIG_PARSE_FAILURE

Description: Failed to parse system/phoenixServer xml

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

xmlBody

XML Body

string



EventType: PH_UTIL_CONFIG_UNKNOWN_SERVER_TYPE

Description: Found unknown server type in App server returned XML

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

objType

Object Type

string



EventType: PH_UTIL_CSV_LINE_ILLEGAL

Description: Found illegal line in csv file

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

lineContent

Line Content

string



EventType: PH_UTIL_CSV_READ_FAILURE

Description: Failed to open CSV file

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string

errorNoInt

Error Number Int

int32



EventType: PH_UTIL_CUSTOMER_COLLECTOR_MISSING

Description: Failed to parse collectors and no collector found

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_UTIL_CUSTOMER_COLLECTOR_PARSE_FAILURE

Description: Failed to parsephCustomerDevice Collector info

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_UTIL_CUSTOMER_DOMAIN_MISSING

Description: No domain item found in xml file

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_UTIL_CUSTOMER_INFO_PARSE_FAILURE

Description: Failed to parse value group xml

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

xmlBody

XML Body

string



EventType: PH_UTIL_CUSTOMER_PARSE_FAILURE

Description: Failed to parse phCustomerDevice Customer info in XML

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_UTIL_DASHBOARD_DUPLICATE_IP

Description: Encountered duplicate ip in device info for same customer Id

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

reptDevIpAddr

Reporting IP

IP

This is the device that originated the log or event packet, also known as the reporting device.

phCustId

Organization ID

uint32

This is the FortiSIEM organization ID unique to each tenant



EventType: PH_UTIL_DASHBOARD_DUPLICATE_ITEM

Description: Encountered duplicate item id in device info for same custId

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

item

Item

string

phCustId

Organization ID

uint32

This is the FortiSIEM organization ID unique to each tenant



EventType: PH_UTIL_DASHBOARD_PARSE_FAILURE

Description: Failed to parse dashboard device info xml

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

xmlBody

XML Body

string



EventType: PH_UTIL_DEVICE_MAP_PROP_ERROR

Description: Encountered device map property error in XML

Severity: 10 (High)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errReason

Reason for Error

string

This is the reason for an error if given.



EventType: PH_UTIL_DEVICE_PROP_ERROR

Description: Encountered device property error in XML

Severity: 10 (High)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errReason

Reason for Error

string

This is the reason for an error if given.



EventType: PH_UTIL_DEVICE_SIMPLE_PROP_PARSE_FAILURE

Description: Failed to parse NULL element for property in XML

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

propName

Property Name

string



EventType: PH_UTIL_DGA_FREQ_FILE_OPEN_FAILURE

Description: Failed to open DGA freq file

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string



EventType: PH_UTIL_DGA_WHITELIST_FILE_OPEN_FAILURE

Description: Failed to open DGA white list file

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string



EventType: PH_UTIL_DIR_CREATE_FAILURE

Description: Failed to create directory after a few attempts

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_UTIL_DIR_CREATE_RETRIED

Description: Retried to created dir

Severity: 3 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

dirName

Directory Name

string

count

Count

uint32

A general count variable. A common use case is for incidents. Count represents how many times an Incident occurred in a time interval. When an Incident with the same group by parameters occurs again. The count is incremented and the Last Seen time is advanced. Count can be used for other events also.



EventType: PH_UTIL_DIR_OPEN_FAILURE

Description: Failed to open directory after a few attempts

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

dirName

Directory Name

string

errorNoInt

Error Number Int

int32



EventType: PH_UTIL_DIR_PARENT_NOT_EXIST

Description: Failed to locate Parent directory

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

dirName

Directory Name

string



EventType: PH_UTIL_DIR_REMOVE_FAILURE

Description: Failed to remove directory

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

dirName

Directory Name

string

errReason

Reason for Error

string

This is the reason for an error if given.

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_UTIL_DISK_USAGE_INFO_GET_FAILURE

Description: Unable to get disk usage information

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

dirName

Directory Name

string



EventType: PH_UTIL_DISPATH_CMD_XML_ILLEGAL

Description: Encountered malformatted XML

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

xmlBody

XML Body

string



EventType: PH_UTIL_DISPATH_CMD_XML_PARSE_FAILURE

Description: Encountered XML parsing failure

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

xmlBody

XML Body

string



EventType: PH_UTIL_EMAIL_SEND_FAILURE

Description: Failed to send email to server

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

destName

Destination Host Name

string

Destination device's hostname as identified in the log, can also be enriched using reverse lookup of the destination IP address.



EventType: PH_UTIL_EVENT_FILE_ERROR

Description: Encountered Event file error

Severity: 10 (High)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errReason

Reason for Error

string

This is the reason for an error if given.



EventType: PH_UTIL_EVENT_GROUP_ERROR

Description: Encountered Event Group error

Severity: 10 (High)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errReason

Reason for Error

string

This is the reason for an error if given.



EventType: PH_UTIL_EVENT_STATUS_REPORTER_SPAWN_FAILURE

Description: Failed to initialize external event status reporter thread

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_UTIL_EVENT_STATUS_UPLOAD_FAILURE

Description: Failed to upload external event status xml after 3 retries

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_UTIL_EVENT_TYPE_ERROR

Description: Encountered Event type error

Severity: 10 (High)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errReason

Reason for Error

string

This is the reason for an error if given.



EventType: PH_UTIL_FILE_NOT_EXIST

Description: File doesn't exsit

Severity: 3 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string



EventType: PH_UTIL_FILE_OPEN_FAILURE

Description: Failed to open file

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string

errorNoInt

Error Number Int

int32



EventType: PH_UTIL_FILE_READ_FAILURE

Description: Error reading file

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string

errorNoInt

Error Number Int

int32



EventType: PH_UTIL_FILE_SIZE_MISMATCH

Description: File size mismatch

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_UTIL_FILE_SIZE_TOO_SMALL

Description: File size too small

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string

fileSize64

File Size64 Bytes

uint64



EventType: PH_UTIL_FILE_STATFS_FAILURE

Description: Failed to run statfs() command

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorNoInt

Error Number Int

int32



EventType: PH_UTIL_FILE_STAT_FAILURE

Description: Failed to stat file

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string

errorNoInt

Error Number Int

int32



EventType: PH_UTIL_FILE_WRITE_FAILURE

Description: Error writing file

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string

errorNoInt

Error Number Int

int32



EventType: PH_UTIL_FORK_FAILURE

Description: System fork failed - likely system highly utilized

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorNoInt

Error Number Int

int32



EventType: PH_UTIL_GET_ADDR_FAILURE

Description: Failed to run Getaddrinfo command

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorString

Error String

string

This is the error message, synonymous to attribute errReason

destName

Destination Host Name

string

Destination device's hostname as identified in the log, can also be enriched using reverse lookup of the destination IP address.



EventType: PH_UTIL_GET_JOB_STATUS_FAILURE

Description: Failed to get job status to status file

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

fileName

File Name

string

paraName

Param Name

string



EventType: PH_UTIL_HOSTNAME_GET_FAILURE

Description: Failed to look up Host name

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorNoInt

Error Number Int

int32



EventType: PH_UTIL_INET_PTON_FAILURE

Description: Failed to run inet_ntop command

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorNoInt

Error Number Int

int32

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_UTIL_INODE_INFO_GET_FAILURE

Description: Unable to get inode information

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

osObjName

Object Name

string



EventType: PH_UTIL_IOCTL_FAILURE

Description: Failed to run ioctl commands

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_UTIL_IOCTL_SIOCGIFADDR_FAILURE

Description: Failed to run ioctl SIOCGIFADDR command

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_UTIL_IP_TYPE_INVALID

Description: Invalid IP type

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_UTIL_IP_TYPE_MISMATCH

Description: Mismatch IP type

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_UTIL_JOB_STATUS_REPORTER_SPAWN_FAILURE

Description: Failed to initialize job status reporter thread

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_UTIL_JOB_STATUS_UPLOAD_FAILURE

Description: Failed to upload job status xml after 3 retries

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_UTIL_JSON_GET_NODE_FAILURE

Description: Failed to get JSON node value from App Server

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorString

Error String

string

This is the error message, synonymous to attribute errReason

jsonBody

JSON Body

string



EventType: PH_UTIL_JSON_GET_TOTAL_COUNT_FAILURE

Description: Failed to fetch total_count

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_UTIL_JSON_OBJ_EMPTY

Description: JSON object empty

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_UTIL_JSON_PARSE_FAILURE

Description: Failed to parse JSON

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorString

Error String

string

This is the error message, synonymous to attribute errReason

jsonBody

JSON Body

string



EventType: PH_UTIL_KILLPG_FAILURE

Description: Failed to send SIGKILL to child process

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorNoInt

Error Number Int

int32



EventType: PH_UTIL_LOAD_EXT_FUNC_FILE_OPEN_FAILUE

Description: Dynamic loaded function load failed

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_UTIL_LOAD_EXT_FUNC_FORMAT_INVALID

Description: Dynamic loaded function name should be fileName.functionName format

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

propValue

Property Value

string



EventType: PH_UTIL_LOAD_EXT_FUNC_GET_NAME_FAILUE

Description: Dynamic loaded function in file failed

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

funName

Function Name

string

filePath

File Path

string

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_UTIL_LOCAL_IP_MISSING

Description: Failed to get ip address of this machine

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_UTIL_LOOKUP_TABLES_DUPLICATE

Description: Duplicate lookup table found

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

dbTable

Database Table

string



EventType: PH_UTIL_LOOKUP_TABLES_DUPLICATE_COLUMN

Description: Duplicate lookup table column found

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

dbTable

Database Table

string

dbColumn

Database Column

string



EventType: PH_UTIL_LOOKUP_TABLES_DUPLICATE_KEY

Description: Duplicate lookup table key found

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

dbTable

Database Table

string

dbId

DB ID

uint32



EventType: PH_UTIL_MAIL_CMD_RUN_FAILURE

Description: Failed to send email to server

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

destName

Destination Host Name

string

Destination device's hostname as identified in the log, can also be enriched using reverse lookup of the destination IP address.



EventType: PH_UTIL_MAIL_SMTP_INIT_FAILURE

Description: Fail to initialize SMTP server problem

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_UTIL_MD5_ERROR

Description: Failed to calculate MD5

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_UTIL_MEM_ALLOC_FAILURE

Description: Could not allocate memory

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

fileSize64

File Size64 Bytes

uint64



EventType: PH_UTIL_MKDTEMP_FAILURE

Description: Failed to create directory

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorNoInt

Error Number Int

int32

filePath

File Path

string



EventType: PH_UTIL_MKSTEMP_FAILURE

Description: Failed to create temporary filename

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorNoInt

Error Number Int

int32

filePath

File Path

string



EventType: PH_UTIL_MMAP_FAILURE

Description: Failed to mmap file

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string

fileSize64

File Size64 Bytes

uint64

errorNoInt

Error Number Int

int32

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_UTIL_MOVE_FILE_FAILURE

Description: Failed to rename file

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string

errorNoInt

Error Number Int

int32



EventType: PH_UTIL_NOTIFICATION_SENDER_SPAWN_FAILURE

Description: Failed to initialize notification sender thread

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_UTIL_NOTIFICATION_SERVER_INIT_FAILURE

Description: Failed to initialize notification reporter

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_UTIL_NOTIFICATION_UPLOAD_FAILURE

Description: Failed to Send Notification

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

msg

Message

string



EventType: PH_UTIL_PHOENIX_CONFIG_ITEM_MISSING

Description: Could not find specific item in phoenix_config.txt

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

propName

Property Name

string



EventType: PH_UTIL_PIPE_FAILURE

Description: The command pipe() returned error

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorNoInt

Error Number Int

int32

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_UTIL_PROP_DEF_SET_PARSE_FAILURE

Description: Failed to parse propertyDefs xml

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

xmlBody

XML Body

string



EventType: PH_UTIL_REDIS_CONNECTION_ERROR

Description: redis connection error

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_UTIL_REGEX_PATTERN_EMPTY

Description: Regex Pattern is NULL

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_UTIL_REGEX_PATTERN_TOO_LONG

Description: Regex Pattern too long

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

msgLen

Message Length

uint64



EventType: PH_UTIL_SEND_TO_UDP_PORT_FAILURE

Description: Failed to send message to udp port

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

destIpPort

Destination TCP/UDP Port

uint16

This is the destination TCP or UDP port as identified in the event



EventType: PH_UTIL_SETPGRP_FAILURE

Description: Failed to run system comand setpgrp()

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorNoInt

Error Number Int

int32



EventType: PH_UTIL_SET_JOB_STATUS_FAILURE

Description: Failed to set job status to status file

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

fileName

File Name

string

paraName

Param Name

string



EventType: PH_UTIL_SOCKET_FAILURE

Description: Failed to run system command socket()

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_UTIL_STR_TO_IP_FAILURE

Description: Failed to run system call inet_pton

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

propValue

Property Value

string



EventType: PH_UTIL_SVN_DIFF_FAILURE

Description: Failed to execute system command svn diff

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorNoInt

Error Number Int

int32



EventType: PH_UTIL_SYS_ERROR_REPORTER_INIT_FAILURE

Description: Failed to initialize system error reporter thread

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_UTIL_TIME_RANGE_INVALID

Description: Found Invalid time range

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

propValue

Property Value

string



EventType: PH_UTIL_TIME_STR_FORMAT_INVALID

Description: Found incorrect time string parameters

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

paraName

Param Name

string



EventType: PH_UTIL_UNKNOWN_PHOENIX_ERROR_NUMBER

Description: Found incorrect PH error number

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string



EventType: PH_UTIL_VALUE_GROUP_ERROR

Description: Encountered Value group error

Severity: 10 (High)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errReason

Reason for Error

string

This is the reason for an error if given.



EventType: PH_UTIL_WAITPID_FAILURE

Description: Failed to run system command waitpid on child process

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorNoInt

Error Number Int

int32



EventType: PH_UTIL_WAITPID_LAST_TRY_FAILUE

Description: Failed to run system command waitpid on child process after several tries

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorNoInt

Error Number Int

int32



EventType: PH_UTIL_WINDOWS_BID_LOAD_FAILURE

Description: Failed to load Windows Built In SID file

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string



EventType: PH_UTIL_WRITE_BIN_FILE_OPEN_FAILURE

Description: Failed to open binary file

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string



EventType: PH_UTIL_WRITE_FILE_OPEN_FAILURE

Description: Failed to open file for write

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string

errorNoInt

Error Number Int

int32



EventType: PH_UTIL_XML_HANDLING_ERROR

Description: Found Invalid xml from App Server

Severity: 10 (High)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errReason

Reason for Error

string

This is the reason for an error if given.



EventType: PH_UTIL_ZIP_DECOMPRESS_FAILED

Description: Failed to decompress zip string

Severity: 3 (Low)

Event Category: 3 (System Logs)


EventType: PH_WORKER_DOWN

Description: Worker down

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_WORKER_PROVISION_FAILED

Description: Phoenix worker provision failed

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_WORKER_UP

Description: Worker up

Severity: 1 (Low)

Event Category: 3 (System Logs)


EventType: PH_WS_COMM_ERROR

Description: Web service communication error

Severity: 6 (Medium)

Event Category: 3 (System Logs)