Event Collection and Forwarding Logs
This section provides logs related to event collection and forwarding via syslog, WMI/OMI and other collection methods
EventType: PH_AGENTMGR_ACI_ATTR_NOT_FOUND
Description: Agent Manager Cisco ACI monitoring module cannot find specific attribute
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_ACI_CURL_HANDLE_GET_FAILED
Description: Agent Manager Cisco ACI monitoring module unable to get curl handle
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_ACI_FILE_WRITE_ERROR
Description: Agent Manager Cisco ACI monitoring module unable to write timestamp file
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
EventType: PH_AGENTMGR_ACI_JSON_PARSE_FAILED
Description: Agent Manager Cisco ACI monitoring module failed to parse JSON
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_ACI_SERVER_EMPTY
Description: Agent Manager Cisco ACI monitoring module found server is empty
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_ACI_TOKEN_GET_FAILED
Description: Agent Manager Cisco ACI monitoring module cannot get login token
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_ALERTLOGIC_CURL_HANDLE_GET_FAILED
Description: Agent Manager Alert Logic log parsing module unable to get curl handle
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_ALERTLOGIC_FILE_LOAD_ERROR
Description: Agent Manager Alert Logic log parsing module failed to load file
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
EventType: PH_AGENTMGR_ALERTLOGIC_FILE_READ_ERROR
Description: Agent Manager Alert Logic log parsing module found wrong format in file
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
EventType: PH_AGENTMGR_ALERTLOGIC_FILE_WRITE_ERROR
Description: Agent Manager Alert Logic log parsing module unable to write timestamp file
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
EventType: PH_AGENTMGR_ALERTLOGIC_INVALID_DATA
Description: Agent Manager Alert Logic log parsing module found invalid data format
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_ALERTLOGIC_INVALID_PATH
Description: Agent Manager Alert Logic log parsing module found invalid incident path
Severity: 3 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
EventType: PH_AGENTMGR_ALERTLOGIC_QUERY_INTERVAL_TOO_LONG
Description: Agent Manager Alert Logic log parsing module found query interval is larger, it will be narrowed in one week
Severity: 3 (Low)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_ALERTLOGIC_SERVER_EMPTY
Description: Agent Manager Alert Logic log parsing module found server is empty
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_AMPCLOUD_CURL_CONNECT_FAILED
Description: Agent Manager AMP Cloud log parsing module unable to connect server
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
infoURL |
Informational URL |
string |
This field captures an URL if present in an event |
|
httpStatusCode |
HTTP Status |
string |
|
EventType: PH_AGENTMGR_AMPCLOUD_CURL_HANDLE_GET_FAILED
Description: Agent Manager AMP Cloud log parsing module unable to get curl handle
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_AMPCLOUD_FILE_LOAD_ERROR
Description: Agent Manager AMP Cloud log parsing module failed to load file
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
EventType: PH_AGENTMGR_AMPCLOUD_FILE_READ_ERROR
Description: Agent Manager AMP Cloud log parsing module found wrong format in file
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
EventType: PH_AGENTMGR_AMPCLOUD_INVALID_DATA
Description: Agent Manager AMP Cloud log parsing module found Invalid data format
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_AMPCLOUD_JSON_PARSE_FAILED
Description: Agent Manager AMP Cloud log parsing module failed to parse JSON
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_AGENTMGR_AMPCLOUD_NO_DEFINE_SEVERITY
Description: Agent Manager AMP Cloud log parsing module found event severity is not defined
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_AMPCLOUD_SERVER_EMPTY
Description: Agent Manager AMP Cloud log parsing module found server is empty
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_API_PERMISSION_MISSING
Description: There is no permission
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_AGENTMGR_AWSCLOUDWATCH_GETLOGS
Description: Attempting to get cloudwatch logs from log group and stream
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
groupName |
Group Name |
string |
|
|
streamName |
AWS Stream Name |
string |
|
|
startTime |
Start Time |
Date |
This is the start time of a given item or task, and is stored in epoch milliseconds |
|
endTime |
End Time |
Date |
This is the end time of a given item or task, stored in epoch milliseconds. |
EventType: PH_AGENTMGR_AWSFLOWLOG_EVENT_PULL_FAILED
Description: Agent Manager AWS module failed to get AWS Flow log after 5 tries
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_AGENTMGR_AWSFLOWLOG_FILE_WRITE_ERROR
Description: Agent Manager AWS Flow log handling module unable to write timestamp file
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
EventType: PH_AGENTMGR_AWSFLOWLOG_LOG_FORMAT_WRONG
Description: Agent Manager AWS Flow log handling module encountered wrong log format
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_AWSKINESIS_CONSUMER_START_FAILED
Description: Failed to start Kinesis consumer process
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_AGENTMGR_AWS_CACHE_FILE_ERROR
Description: Agent Manager AWS Cache file is not available
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_AWS_DELETE_OJECTKEY_FAILED
Description: Failed to delete object key from SQS
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_AGENTMGR_AWS_DOWNLOAD_OJECT_FAILED
Description: Failed to download object from bucket
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_AGENTMGR_AWS_EVT_DOWNLOAD_FAILED
Description: Agent Manager AWS module failed to download event by do_system failed
Severity: 3 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
command |
Command |
string |
|
EventType: PH_AGENTMGR_AWS_EVT_SEND_FAILED
Description: Agent Manager AWS module failed to send cloudtrail event to phParser after 5 tries
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_AWS_GET_OJECTKEY_FAILED
Description: Agent Manager AWS agent failed to get object key from SQS
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_AGENTMGR_AWS_GZ_FILE_OPEN_ERROR
Description: Agent Manager AWS module gailed to open gz file, or not enough memory to open it
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
EventType: PH_AGENTMGR_AWS_JSON_PARSE_FAILED
Description: Agent Manager AWS module failed to parse JSON
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_AWS_SQSURL_FORMAT_ERROR
Description: Agent Manager AWS Sqs Url format is wrong
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_BOX_API_CALL_FAILED
Description: Agent Manager BOX module failed to call BOX API
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_BOX_ATTR_NOT_FOUND
Description: Agent Manager BOX module cannot find attribute
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_BOX_EVENT_PULL_FAILED
Description: Agent Manager BOX module failed to pull BOX log
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
accountName |
Account Name |
string |
|
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_AGENTMGR_BOX_FILE_ID_EMPTY
Description: Agent Manager BOX module found empty file ID
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_BOX_FILE_LIMIT_EXCEED
Description: Agent Manager BOX module found that the number of monitoring file exceeded limit
Severity: 3 (Low)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_BOX_FILE_NOT_MONITORED_ERROR
Description: Agent Manager BOX module found that the file is not monitored before
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
EventType: PH_AGENTMGR_BOX_FILE_PATH_PARSE_FAILED
Description: Agent Manager BOX module could not parse file path
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
EventType: PH_AGENTMGR_BOX_FILE_TYPE_WRONG
Description: Agent Manager BOX module found wrong file type
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
fileType |
File Type |
string |
|
EventType: PH_AGENTMGR_BOX_FOLDER_TYPE_WRONG
Description: Agent Manager BOX module found wrong folder type
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_BOX_HTTP_NO_RESPONSE
Description: Agent Manager BOX module did not find response from App Server Server
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
serverName |
Server Name |
string |
|
EventType: PH_AGENTMGR_BOX_JSON_PARSE_FAILED
Description: Agent Manager BOX module failed to parse JSON
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_BOX_RESPONSE_NO_SPECIAL_ATTRIBUTE
Description: Agent Manager BOX module response doesn't have special node
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_BOX_TIME_CONVERT_FAILED
Description: Agent Manager BOX module could not convert time
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
exitValue |
Command exit value |
int32 |
|
EventType: PH_AGENTMGR_BOX_XML_PARSE_FAILED
Description: Agent Manager BOX module failed to parse XML from App Server
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_CISCOAMP_CONSUMER_START_FAILED
Description: Failed to start Cisco AMP consumer process
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_AGENTMGR_CLOUDPASSAGE_API_CALL_FAILED
Description: CloudPassage Halo REST API call api failed
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_AGENTMGR_CLOUDPASSAGE_FILE_WRITE_ERROR
Description: Unable to write timestamp file
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
EventType: PH_AGENTMGR_CLOUDPASSAGE_GET_EVENT_FAILED
Description: Failed to get event from CloudPassage API
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_AGENTMGR_CLOUDPASSAGE_JSON_EMPTY
Description: JSON is empty
Severity: 3 (Low)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_CLOUDPASSAGE_JSON_PARSE_FAILED
Description: Failed to parse JSON
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_CLOUDPASSAGE_TOKEN_EMPTY
Description: Token is empty
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_AGENTMGR_CLOUDTRAIL_FILE_READ_FAILED
Description: Agent Manager AWS CloudTrail module encountered error while reading Cloudtrail queue cache file
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
EventType: PH_AGENTMGR_CONFIG_ERROR
Description: Agent Manager own configuration error
Severity: 3 (Low)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_CONFIG_VERSION_SEND_FAILED
Description: Agent Manager failed to send config version to App Server
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errorNo |
Error Number Unsigned |
uint32 |
This is an unsigned integer error number |
EventType: PH_AGENTMGR_CONFIG_WARNING
Description: FortiSIEM Agent Manager configuration warning
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_AGENTMGR_CREDENTIAL_GET_FAILED
Description: Agent Manager failed to get credentials
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
jobName |
Job Name |
string |
|
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_AGENTMGR_CROWDSTRIKE_GET_DATAFEED_URL_FAILED
Description: Failed to get crowdstrike datafeed url
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_AGENTMGR_CUST_RESULT_UPLOAD_FAILED
Description: Agent Manager failed to upload test custom performance monitor result xml to App Server
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_DIR_CREATE_FAILED
Description: Could not create dir
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
dirName |
Directory Name |
string |
|
EventType: PH_AGENTMGR_EVENT_PULL_FAILED
Description: Agent Manager Rapid7 InsightVM pulling engine failed to pull log
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
accountName |
Account Name |
string |
|
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_AGENTMGR_FALCONDATAREP_SCRIPT_FAILED
Description: Failed to run Falcon Data Replicator script
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_AGENTMGR_FILE_PARSE_ERROR
Description: Agent Manager/module failed to parse file
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
EventType: PH_AGENTMGR_FILE_WRITE_ERROR
Description: Agent Manager Rapid7 InsightVM pulling engine failed to write file
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
EventType: PH_AGENTMGR_FIREAMP_CERT_DOWNLOAD_FAILED
Description: Agent Manager/FireAMP Module cannot download certificate file
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
EventType: PH_AGENTMGR_FIREAMP_DATA_FORMAT_SET_FAILED
Description: Agent Manager/FireAMP Module encountered missing event mapping configuration
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_FIREAMP_EVENT_PULL_FAILED
Description: Agent Manager/FireAMP Module failed to pull log from server!
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
serverName |
Server Name |
string |
|
|
exitValue |
Command exit value |
int32 |
|
EventType: PH_AGENTMGR_FIREAMP_EVT_TYPE_LOAD_FAILED
Description: Agent Manager/FireAMP Module encountered empty event mapping configuration
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
EventType: PH_AGENTMGR_FIREAMP_FILE_LOAD_ERROR
Description: Agent Manager/FireAMP Module failed to load file
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
EventType: PH_AGENTMGR_FIREAMP_FILE_OPEN_ERROR
Description: Agent Manager/FireAMP Module failed to open file
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
|
exitValue |
Command exit value |
int32 |
|
EventType: PH_AGENTMGR_FIREAMP_INVALID_DATA
Description: Agent Manager/FireAMP Module found invalid response data
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_FIREAMP_NEW_AGENT_FAILED
Description: Agent Manager/FireAMP Module - new agent failed
Severity: 3 (Low)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_FIREAMP_NO_ATTR
Description: No configuration event attribute
Severity: 3 (Low)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_FIREAMP_NO_PROTOCOL
Description: Can't find protocol number from IANA table
Severity: 3 (Low)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_FORTICASB_GET_SERVICE_ALERT_ERROR
Description: Failed to get sevices alerts
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
serviceName |
Service Name |
string |
|
EventType: PH_AGENTMGR_FORTICASB_GET_SERVICE_ERROR
Description: Failed to get sevices
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
unitId |
Unit Id |
string |
|
EventType: PH_AGENTMGR_FORTINDR_GET_API_CALL_FAILED
Description: FortiNDR cloud integration failed to call API URI
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
msg |
Message |
string |
|
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_AGENTMGR_FORTINDR_GET_API_CALL_NEXT_PAGE
Description: FortiNDR paginated api call being made
Severity: 4 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
msg |
Message |
string |
|
EventType: PH_AGENTMGR_FORTINDR_GET_API_CALL_NO_RESULTS
Description: API call to FortiNDR api returned no results, this is normal if no results in defined time interval
Severity: 4 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
msg |
Message |
string |
|
EventType: PH_AGENTMGR_FORTINDR_GET_API_CALL_RESULTS
Description: FortiNDR cloud integration called API URI successfully
Severity: 4 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
msg |
Message |
string |
|
EventType: PH_AGENTMGR_FORTINDR_GET_BUCKET_KEY
Description: FortiNDR integration is processing an s3 bucket key
Severity: 4 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
bucketName |
Bucket Name |
string |
|
|
userKey |
User Key |
string |
|
|
categoryType |
Category Type |
string |
|
EventType: PH_AGENTMGR_FORTINDR_GET_BUCKET_OBJ
Description: FortiNDR integration is downloading an object from s3 bucket
Severity: 4 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
bucketName |
Bucket Name |
string |
|
|
userKey |
User Key |
string |
|
|
categoryType |
Category Type |
string |
|
EventType: PH_AGENTMGR_GET_SCAN_RESULTS_FAILED
Description: Failed to get the scan result
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_AGENTMGR_GITHUB_API_CALL_FAILED
Description: Agent Manager/GitHub module failed to call Github API
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_AGENTMGR_GITHUB_CREDENTIAL_GET_FAILED
Description: Agent Manager/GitHub module failed to get credential from App server
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
serverName |
Server Name |
string |
|
EventType: PH_AGENTMGR_GITHUB_EVENT_PULL_FAILED
Description: Agent Manager/GitHub module failed to pull log
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
accountName |
Account Name |
string |
|
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_AGENTMGR_GITHUB_FILE_OPEN_ERROR
Description: Agent Manager/GitHub module failed to open file
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
EventType: PH_AGENTMGR_GITHUB_JSON_PARSE_FAILED
Description: Agent Manager/GitHub module failed to parse JSON response from GitHub server
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_GITHUB_TIME_CONVERT_FAILED
Description: Agent Manager/GitHub module failed to convert time in JSON response from GitHub server
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_GIT_CLONE_REPO_FAILED
Description: Failed to git clone by do_system
Severity: 3 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
command |
Command |
string |
|
EventType: PH_AGENTMGR_GIT_HANDLE_ERR_FILE_FAILED
Description: Failed to handle error file
Severity: 3 (Low)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_GIT_PULL_EVT_FAILED
Description: Failed to get git log by do_system
Severity: 3 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
command |
Command |
string |
|
EventType: PH_AGENTMGR_GIT_SAVE_COMMITID_FAILED
Description: Failed to save CommitId of repository
Severity: 3 (Low)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_GZ_FILE_OPEN_ERROR
Description: Failed to open gz file
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_AGENTMGR_INIT_AGENT
Description: Initialize agent
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_INIT_CACHE_FILE_FAILED
Description: FortiSIEM Agent Manager failed to initialize cache
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
jobName |
Job Name |
string |
|
EventType: PH_AGENTMGR_INIT_NO_CRED
Description: Agent Manager/Cisco IPS log pulling module failed to initialize due to missing credentials
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
jobName |
Job Name |
string |
|
EventType: PH_AGENTMGR_INVALID_MGR
Description: Invalid Agent Manager
Severity: 5 (Medium)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_IPS_AUTH_FAILED
Description: Agent Manager/Cisco IPS log pulling module found wrong user name, password for logging to IPS appliance
Severity: 3 (Low)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_IPS_EVENT_PULL_FAILED
Description: Agent Manager/Cisco IPS log pulling module failed to pull Cisco IPS log from server
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
serverName |
Server Name |
string |
|
|
errorNo |
Error Number Unsigned |
uint32 |
This is an unsigned integer error number |
EventType: PH_AGENTMGR_IPS_FILE_OPEN_ERROR
Description: Agent Manager/Cisco IPS log pulling module failed to open file
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
EventType: PH_AGENTMGR_IPS_OBTAIN_SUBSCRIPTION_FAILED
Description: Agent Manager/Cisco IPS log pulling module failed to obtain subscription id
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_AGENTMGR_IPS_SET_SSL_FAILED
Description: SSL setting doesn't work
Severity: 5 (Medium)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_JAVA_AGENT_PIPE_WRITE_FAILED
Description: Failed to write to java agent pipe
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
exitValue |
Command exit value |
int32 |
|
EventType: PH_AGENTMGR_JAVA_AGENT_START_FAILED
Description: Agent Manager failed to start Java agent, will retry
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_JAVA_AGENT_TYPE_UNKNOWN
Description: Agent Manager encountered unknown java agent job type
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_JAVA_AGENT_USER_MISSING
Description: FortiSIEM Agent Manager found user name missing in java Agent configuration
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
EventType: PH_AGENTMGR_JAVA_AGENT_ZOMBIE
Description: Agent Manager found Java Agent is in zombie state
Severity: 10 (High)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_JAVA_CMD_SEND_FAILED
Description: Agent Manager failed to send commands to java agent, need to be killed
Severity: 10 (High)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_JAVA_FORK_FAILED
Description: Agent Manager failed to fork Java Agent
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
exitValue |
Command exit value |
int32 |
|
EventType: PH_AGENTMGR_JAVA_INCOMPLETE_DEV_INFO
Description: Agent Manager found incomplete device info for Java Agent
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_JAVA_NO_DEV_TYPE_FOR_JDBC
Description: Agent Manager encountered missing device type for Java Agent JDBC monitoring
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
serverIpAddr |
Server IP |
IP |
|
EventType: PH_AGENTMGR_JAVA_NO_STATUS_FILE
Description: Agent Manager missing status file
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
EventType: PH_AGENTMGR_JAVA_PIPE_FAILED
Description: Agent Manager failed to Pipe command for Java Agent
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
exitValue |
Command exit value |
int32 |
|
EventType: PH_AGENTMGR_JAVA_PROCESS_STATE_GET_FAILED
Description: Agent Manager failed to get Java Agent process state
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
EventType: PH_AGENTMGR_JAVA_SIGKILL_SEND_FAILED
Description: Agent Manager failed to send SIGKILL to java agent
Severity: 10 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
exitValue |
Command exit value |
int32 |
|
EventType: PH_AGENTMGR_JAVA_UNSUPPORT_DEV_TYPE_FOR_JDBC
Description: Agent Manager encountered unsupported device type for Java Agent JDBC monitoring
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
serverIpAddr |
Server IP |
IP |
|
EventType: PH_AGENTMGR_JAVA_USER_PWD_GET_FAILED
Description: Agent Manager failed to get user name and password
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_AGENTMGR_JSON_PARSE_FAILED
Description: Agent Manager Rapid7 InsightVM monitoring module failed to parse JSON
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_KAFKA_CONSUME_LOG_FAILED
Description: Agent Manager / Kafka Consumer failed to pull log
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_AGENTMGR_KAFKA_CREATE_CONSUMER
Description: phKafkaConsumer creates a consumer handle successfully
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
groupName |
Group Name |
string |
|
|
user |
User |
string |
|
|
topicName |
Topic Name |
string |
Kafka Topic Name |
EventType: PH_AGENTMGR_KAFKA_CREATE_CONSUMER_FAILED
Description: Agent Manager / Kafka Consumer failed to create consumer
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_AGENTMGR_KAFKA_CREATE_PRODUCER_FAILED
Description: Agent Manager / Kafka Consumer failed to create producer
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_AGENTMGR_KAFKA_CREATE_TOPIC_FAILED
Description: Agent Manager / Kafka Consumer failed to create topic
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
topicName |
Topic Name |
string |
Kafka Topic Name |
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_AGENTMGR_KAFKA_ERROR
Description: Agent Manager / Kafka Consumer encountered occur
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
|
count |
Count |
uint32 |
A general count variable. A common use case is for incidents. Count represents how many times an Incident occurred in a time interval. When an Incident with the same group by parameters occurs again. The count is incremented and the Last Seen time is advanced. Count can be used for other events also. |
EventType: PH_AGENTMGR_KAFKA_METADATA_FAILED
Description: Agent Manager / Kafka Consumer failed to get metadata
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_AGENTMGR_KAFKA_PRODUCER_ERROR
Description: Event Forwarder failed to write events into Kafka
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
|
count |
Count |
uint32 |
A general count variable. A common use case is for incidents. Count represents how many times an Incident occurred in a time interval. When an Incident with the same group by parameters occurs again. The count is incremented and the Last Seen time is advanced. Count can be used for other events also. |
EventType: PH_AGENTMGR_KAFKA_PULL_JOB_FAILED
Description: Agent Manager / Kafka Consumer failed to Consume log
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_KAFKA_REBALANCE
Description: Kafka rebalanceCb
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_KAFKA_RELEASE_CONSUMER
Description: phKafkaConsumer releases a consumer handle
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
groupName |
Group Name |
string |
|
|
user |
User |
string |
|
|
topicName |
Topic Name |
string |
Kafka Topic Name |
EventType: PH_AGENTMGR_KAFKA_START_FAILED
Description: Agent Manager / Kafka Consumer failed to start
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_AGENTMGR_KAFKA_SUBSCRIBE_FAILED
Description: Agent Manager / Kafka Consumer failed to subscribe topic
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
topicName |
Topic Name |
string |
Kafka Topic Name |
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_AGENTMGR_KAFKA_UPDATE_CONFIG_FAILED
Description: Agent Manager / Kafka Consumer failed to update attribute in config
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_AGENTMGR_KAFKA_UPDATE_ERROR
Description: Agent Manager / Kafka Consumer failed to update failed
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_AGENTMGR_KILL_PROCESS
Description: Try to kill process
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_MSAZURE_CONFIG_ARM_FAILED
Description: Agent Manager / MS Azure config mode arm failed
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
exitValue |
Command exit value |
int32 |
|
EventType: PH_AGENTMGR_MSAZURE_DOWNLOAD_FAILED
Description: Agent Manager / MS Azure failed to download Azure audit log
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_AGENTMGR_MSAZURE_JSON_EMPTY
Description: Agent Manager / MS Azure found empty returned JSON from Azure
Severity: 3 (Low)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_MSAZURE_JSON_FILE_NAME_EMPTY
Description: Agent Manager / MS Azure JSON file name is empty from Azure
Severity: 3 (Low)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_MSAZURE_JSON_FILE_PARSE_FAILED
Description: Agent Manager / MS Azure found malformed JSON file from Azure
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_MSAZURE_JSON_PARSE_FAILED
Description: Agent Manager / MS Azure found malformed JSON from Azure
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_MSAZURE_LOGIN_FAILED
Description: Agent Manager / MS Azure failed to login to Azure
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_AGENTMGR_MSG_QUEUE_ACCESS_FAILED
Description: Agent Manager failed to access message queue
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_MSG_RECV_FAILED
Description: Agent Manager failed to receive msg
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
exitValue |
Command exit value |
int32 |
|
EventType: PH_AGENTMGR_OFFICE365_API_CALL_FAILED
Description: Agent Manager / Office365 log pulling engine failed to call api
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_AGENTMGR_OFFICE365_EVENT_PULL_FAILED
Description: Agent Manager / Office365 log pulling engine failed to pull log
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
accountName |
Account Name |
string |
|
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_AGENTMGR_OFFICE365_FILE_WRITE_ERROR
Description: Agent Manager / Office365 log pulling engine unable to write timestamp file
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
EventType: PH_AGENTMGR_OFFICE365_GET_SUBSCRIBE_FAILED
Description: FortiSIEM Agent Manager failed to get Office365 subscription
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_AGENTMGR_OFFICE365_JSON_PARSE_FAILED
Description: Agent Manager / Office365 log pulling engine failed to parse Office365 JSON
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_OFFICE365_START_SUBSCRIBE_FAILED
Description: FortiSIEM Agent Manager failed to start Office365 subscription
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_AGENTMGR_OFFICE365_SUBSCRIBE_EMPTY
Description: FortiSIEM Agent Manager found Office365 subscription to be empty
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_OFFICE365_SUBSCRIBE_FAILED
Description: Agent Manager / Office365 log pulling engine failed to get subscription list
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_OFFICE365_TOKEN_EMPTY
Description: Agent Manager / Office365 log pulling engine found empty Token
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_AGENTMGR_OKTA_EVT_DOWNLOAD_FAILED
Description: Agent Manager / OKTA failed to download events
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_OKTA_FILE_WRONG
Description: Agent Manager / OKTA encountered wrong Okta user list file. Please download again
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
EventType: PH_AGENTMGR_OKTA_NO_USER_INFO
Description: Agent Manager / OKTA user list file doesn't contain any user info
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
EventType: PH_AGENTMGR_OKTA_RESULT_UPLOAD_FAILED
Description: Agent Manager / OKTA failed to upload discovery result to App server
Severity: 5 (Medium)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_OKTA_RESULT_UPLOAD_WARNING
Description: FortiSIEM Agent Manager failed to upload OKTA User list to App Server
Severity: 3 (Low)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_PARSER_UNABLE_CONNECT
Description: Agent Manager unable to connect to parser host
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
ipPort |
IP Port |
uint16 |
IP port number |
EventType: PH_AGENTMGR_PERF_OBJ_PARSE_FAILURE
Description: Agent Manager did not find any performance objects to monitor
Severity: 3 (Low)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_PROCESS_INIT_FAILED
Description: Agent Manager failed to initialize
Severity: 10 (High)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_PULLING_JOB_OUTDATE
Description: FortiSIEM Agent Manager job pull error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
jobName |
Job Name |
string |
|
|
serverIpAddr |
Server IP |
IP |
|
EventType: PH_AGENTMGR_REST_API_CALL_FAILED
Description: Agent fails to call rest API
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
|
infoURL |
Informational URL |
string |
This field captures an URL if present in an event |
|
httpStatusCode |
HTTP Status |
string |
|
EventType: PH_AGENTMGR_RSAS_XML_PARSE_FAILED
Description: AgentManager failed to parse XML
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_RUN_CMD_FAILED
Description: do_system failed
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
command |
Command |
string |
|
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_AGENTMGR_RUN_SCRIPT_FAILED
Description: AgentManager failed to run script
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_RUN_SCRIPT_WITHOUT_TASK_ID
Description: AgentManager found missing task id in run script notification
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_SALESFORCE_ATTR_NOT_FOUND
Description: Agent Manager / Salesforce log pulling engine cannot find attribute
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_SALESFORCE_COLUMN_NOT_FOUND
Description: Agent Manager / Salesforce log pulling engine can not find a specific column in Saleforce Event Log File
Severity: 5 (Medium)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_SALESFORCE_CURL_EXECUTE_FAILED
Description: Agent Manager / Salesforce log pulling engine failed to execute curl to get Salesforce log
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
infoURL |
Informational URL |
string |
This field captures an URL if present in an event |
|
errorNo |
Error Number Unsigned |
uint32 |
This is an unsigned integer error number |
EventType: PH_AGENTMGR_SALESFORCE_CURL_HANDLE_GET_FAILED
Description: Agent Manager / Salesforce log pulling engine unable to get curl handle
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_SALESFORCE_FILE_LOAD_ERROR
Description: Agent Manager / Salesforce log pulling engine failed to load file
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
EventType: PH_AGENTMGR_SALESFORCE_FILE_WRITE_ERROR
Description: Agent Manager / Salesforce log pulling engine unable to write timestamp file
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
EventType: PH_AGENTMGR_SALESFORCE_INVALID_DATA
Description: Agent Manager / Salesforce log pulling engine received invalid response from Salesforce
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_SALESFORCE_INVALID_LOG_FILE
Description: Agent Manager / Salesforce log pulling engine received invalid Saleforce Event Log File csv
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_SALESFORCE_JSON_PARSE_FAILED
Description: Agent Manager / Salesforce log pulling engine received failed to parse JSON
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_SALESFORCE_LOGIN_FAILED
Description: Agent Manager / Salesforce log pulling engine failed to login to Salesforce
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
|
infoURL |
Informational URL |
string |
This field captures an URL if present in an event |
EventType: PH_AGENTMGR_SALESFORCE_SERVER_EMPTY
Description: Agent Manager / Salesforce log pulling engine found Server is empty
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_SALESFORCE_TOKEN_GET_FAILED
Description: Agent Manager / Salesforce log pulling engine can't get login token
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_SALESFORCE_TOKEN_REGET_FAILED
Description: Agent Manager / Salesforce log pulling engine login session is expired and failed to re-get token
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_SALESFORCE_VERSION_PATH_EMPTY
Description: Agent Manager / Salesforce log pulling engine found empty version path
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_SALESFORCE_XML_PARSE_FAILED
Description: Agent Manager / Salesforce log pulling engine failed to parse XML from App Server
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_SCRIPT_NOTIFICATION_SPAWN_FAILED
Description: Agent Manager encountered error in spawning run script notification thread
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_SERVER_HOST_NAME_RESOLVE_FAILED
Description: Agent Manager could not resolve server host name
Severity: 3 (Low)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_SERVER_HOST_NAME_RESOLVE_WARNING
Description: FortiSIEM Agent Manager failed to resolve Host Name to IP
Severity: 3 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
serverName |
Server Name |
string |
|
|
jobName |
Job Name |
string |
|
EventType: PH_AGENTMGR_SERVER_IP_RESOLVE_FAILED
Description: Agent Manager could not resolve server IP
Severity: 3 (Low)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_SERVER_IP_RESOLVE_WARNING
Description: FortiSIEM Agent Manager failed to resolve IP to Host Name
Severity: 3 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
serverIpAddr |
Server IP |
IP |
|
|
jobName |
Job Name |
string |
|
EventType: PH_AGENTMGR_SETUP_STREAM_FAILED
Description: Failed to setup stream connection
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_START_THREAD_FAILED
Description: Failed to start thread
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_STATUS_REPORT_FAILED
Description: Agent Manager failed to report task status to App Server
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_STATUS_REPORT_INIT_FAILED
Description: Agent Manager failed to initialize job status reporter
Severity: 10 (High)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_STOP_STREAM_FAILED
Description: Failed to stop stream connection
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_TENABLE_EXPORT_SCAN_FAILED
Description: Exported scan failed
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_AGENTMGR_TENABLE_GET_DOWNLOAD_FAILED
Description: Download exported scan failed
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_AGENTMGR_TENABLE_GET_SCANS_FAILED
Description: Get the scan list failed
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_AGENTMGR_TENABLE_GET_STATUS_FAILED
Description: Check the file status of exported scan failed
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_AGENTMGR_TENABLE_PULL_FAILED
Description: Failed to pull Tenable.io data
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_AGENTMGR_TIME_CONVERTION_FAILED
Description: Agent Manager/module failed to convert time
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_TOKEN_GET_FAILED
Description: Agent Manager monitoring module cannot get login token
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_UNPACK_FILE_FAILED
Description: Agent Manager unpack file failed
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
fileName |
File Name |
string |
|
EventType: PH_AGENTMGR_UPDATE_AGENT
Description: Update agent
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_UPDATE_BOOKMARK_FAILED
Description: Failed to update bookmark
Severity: 3 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_AGENTMGR_UPDATE_WEBHOOK_CRED_FAILED
Description: Failed to update Webhook credential
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_AGENTMGR_UPDATE_WEBHOOK_CRED_SUCCESS
Description: Update Webhook credential successfully
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_WINDEFATP_API_CALL_FAILED
Description: Windows Defender ATP REST API call api failed
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_AGENTMGR_WINDEFATP_FILE_WRITE_ERROR
Description: Unable to write timestamp file
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
EventType: PH_AGENTMGR_WINDEFATP_GET_ALERT_FAILED
Description: Failed to get alert from Windows Defender ATP
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_AGENTMGR_WINDEFATP_JSON_EMPTY
Description: JSON is empty
Severity: 3 (Low)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_WINDEFATP_JSON_PARSE_FAILED
Description: Failed to parse JSON
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_WINDEFATP_TOKEN_EMPTY
Description: Token is empty
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_AGENTMGR_WMI_EVENT_PULL_ERROR
Description: Agent Manager / Windows WMI event log pulling engine encountered error
Severity: 3 (Low)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_WMI_EVENT_PULL_WARNING
Description: FortiSIEM Agent Manager WMI event pull warning
Severity: 3 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
serverName |
Server Name |
string |
|
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_AGENTMGR_WMI_FILE_OPEN_ERROR
Description: Agent Manager / Windows WMI event log pulling engineailed to open file
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
|
exitValue |
Command exit value |
int32 |
|
EventType: PH_AGENTMGR_WMI_LOG_PULL_ERROR
Description: Faild to pull logs by WMI
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_AGENTMGR_WMI_MISSING_LOG
Description: Some logs are missing
Severity: 3 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_AGENTMGR_WMI_STATUS_REPORT_FAILED
Description: Agent Manager / Windows WMI event log pulling engineailed to report task status to App Server
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_WMI_USER_PWD_GET_FAILED
Description: Agent Manager / Windows WMI event log pulling engine failed to get WMI user name and password
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_AGENTMGR_WVSS_XML_PARSE_FAILED
Description: Agent Manager / Windows WMI event log pulling engineailed to parse XML
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_XML_PARSE_FAILED
Description: Agent Manager / Windows WMI event log pulling engineailed to parse XML
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_BAD_NETFLOW_PACKET
Description: Bad netflow packet
Severity: 6 (Medium)
Event Category: 3 (System Logs)
EventType: PH_BAD_NETFLOW_VER
Description: Unsupported netflow version
Severity: 6 (Medium)
Event Category: 3 (System Logs)
EventType: PH_CHECKPOINT_CERTHANDLER_ERROR
Description: Checkpoint failed to parse device certificate received from App Server
Severity: 9 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_CHECKPOINT_CERTPULL_ERROR
Description: Checkpoint failed to obtain certificate from App Server
Severity: 9 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
serverIpAddr |
Server IP |
IP |
|
|
errorNo |
Error Number Unsigned |
uint32 |
This is an unsigned integer error number |
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_CHECKPOINT_CMD_USAGE_ERROR
Description: Checkpoint command usage error
Severity: 9 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
command |
Command |
string |
|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_CHECKPOINT_CPMI_FETCH_ERROR
Description: Checkpoint CPMI fetch error. Events may miss some metadata
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
serverIpAddr |
Server IP |
IP |
|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
|
errorNo |
Error Number Unsigned |
uint32 |
This is an unsigned integer error number |
EventType: PH_CHECKPOINT_DEV_INIT_ERROR
Description: Checkpoint device initialization error. Checkpoint device can not be monitored
Severity: 10 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_CHECKPOINT_FILE_RENAME_FAILURE
Description: FortiSIEM Checkpoint module failed to rename file
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
srcFilePath |
Source File Path |
string |
|
|
destFilePath |
Destination File Path |
string |
|
|
errorNoInt |
Error Number Int |
int32 |
|
EventType: PH_CHECKPOINT_FWLOGHANDLER_ERROR
Description: Checkpoint LEA handler protocol error. Checkpoint device can not be monitored
Severity: 9 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
serverIpAddr |
Server IP |
IP |
|
|
errorNo |
Error Number Unsigned |
uint32 |
This is an unsigned integer error number |
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_CHECKPOINT_FWLOGHANDLER_INIT_ERROR
Description: Checkpoint OPSEC log handler initialization error. Checkpoint device can not be monitored
Severity: 10 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
serverIpAddr |
Server IP |
IP |
|
|
fileName |
File Name |
string |
|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_CHECKPOINT_HTTP_ERROR
Description: Checkpoint module failed to connect to App server
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
|
errorNo |
Error Number Unsigned |
uint32 |
This is an unsigned integer error number |
EventType: PH_CHECKPOINT_LOGHANDLER_ERROR
Description: Checkpoint OPSEC log handler internal error
Severity: 9 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_CHECKPOINT_PROCESS_GET_FAILED
Description: Checkpoint module failed to get its parent process
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_CHECKPOINT_TESTCONN_ERROR
Description: Checkpoint test connectivity error. Checkpoint device can not be discovered
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
serverIpAddr |
Server IP |
IP |
|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
|
errorNo |
Error Number Unsigned |
uint32 |
This is an unsigned integer error number |
EventType: PH_CHECKPOINT_UNABLE_PARSE_XML
Description: Checkpoint module unable to parse device credential XML received from App Server
Severity: 10 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_COLLECTOR_CLOCK_SKEW
Description: Clock skew between Collector and Super
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
collectorId |
Collector ID |
uint32 |
This field captures the ID of a FortiSIEM Collector |
|
collectorIp |
Collector IP |
IP |
This field captures the IP address of a FortiSIEM Collector |
|
superTime |
Supervisor Time |
Date |
This field represents SupervisorTime used to determine Clock Skew between Collector and Supervisor. A Clock Skew may develop if NTP is not configured correctly in both Collector and Supervisor. |
|
collectorTime |
Collector Time |
Date |
This field represents Collector Time used to determine Clock Skew between Collector and Supervisor. A Clock Skew may develop if NTP is not configured correctly in both Collector and Supervisor. |
|
timeSkewSec |
Time skew |
uint32 |
Time skew between Collector and Supervisor. If there is significant time skew then rules may not trigger, since rules need to be evaluated based on a time window. |
EventType: PH_COLLECTOR_DOWN
Description: Collector down
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_COLLECTOR_EVENT_ARRIVAL_DELAYED
Description: Collector event delayed
Severity: 9 (High)
Event Category: 3 (System Logs)
EventType: PH_COLLECTOR_EVENT_ARRIVAL_OK
Description: Collector event arrived on time
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_COLLECTOR_EVENT_STORE_DELAYED
Description: Collector event file delayed
Severity: 9 (High)
Event Category: 3 (System Logs)
EventType: PH_COLLECTOR_EVENT_STORE_OK
Description: Collector event file on time
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_COLLECTOR_UP
Description: Collector up
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_CYBERARK_INIT_ERROR
Description: FortiSIEM CyberArk module initialization error
Severity: 10 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_DEV_FAIL_TO_PULL_EVENTS
Description: Fail to pull events
Severity: 6 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
EventType: PH_EVENT_FORWARDER_CHECKSUM_MISMATCH
Description: FortiSIEM Event Forwarder module encountered checksum error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
EventType: PH_EVENT_FORWARDER_CONNECT_ERROR
Description: FortiSIEM Event Forwarder failed to connect to forwdarding destination host
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errorNoInt |
Error Number Int |
int32 |
|
EventType: PH_EVENT_FORWARDER_DIR_OPEN_FAILURE
Description: FortiSIEM Event Forwarder failed to open directory
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
dirName |
Directory Name |
string |
|
EventType: PH_EVENT_FORWARDER_FILE_OPEN_FAILURE
Description: FortiSIEM Event Forwarder failed to open file
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
EventType: PH_EVENT_FORWARDER_FILE_RENAME_FAILURE
Description: FortiSIEM Event Forwarder failed to rename file
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
srcFilePath |
Source File Path |
string |
|
|
destFilePath |
Destination File Path |
string |
|
EventType: PH_EVENT_FORWARDER_INIT_FAILURE
Description: FortiSIEM Event Forwarder module initialization failure
Severity: 10 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
funName |
Function Name |
string |
|
EventType: PH_EVENT_FORWARDER_INVALID_GZIP_FILE
Description: FortiSIEM Event Forwarder module encountered invalid gzip file
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
EventType: PH_EVENT_FORWARDER_INVALID_PHOENIX_CONFIG
Description: FortiSIEM Event Forwarder module encountered invalid phoenix_config file
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
module |
Module Name |
string |
|
|
configName |
Config Name |
string |
|
|
configValue |
Config Value |
string |
|
EventType: PH_EVENT_FORWARDER_INVALID_PROTOCOL
Description: FortiSIEM Event Forwarder module encountered invalid forwarding protocol
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_EVENT_FORWARDER_KAFKA_ERROR
Description: FortiSIEM Event Forwarder module encountered Kafka protocol error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
|
actionName |
Notification Action Name |
string |
|
EventType: PH_EVENT_FORWARDER_KAFKA_INIT_FAILURE
Description: FortiSIEM Event Forwarder module initialization failure
Severity: 10 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_EVENT_FORWARDER_KAFKA_PRODUCE_ERROR
Description: FortiSIEM Event Forwarder module encountered error while forwarding via Kafka protocol
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_EVENT_FORWARDER_MKDIR_FAILURE
Description: FortiSIEM Event Forwarder failed to create directory
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
dirName |
Directory Name |
string |
|
EventType: PH_EVENT_FORWARDER_RUN_PROCESS_ERROR
Description: FortiSIEM Event Forwarder failed to run process during execution
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_EVENT_FORWARDER_SOCKET_ERROR
Description: FortiSIEM Event Forwarder failed to create socket
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errorNoInt |
Error Number Int |
int32 |
|
EventType: PH_EVENT_FORWARDER_SOCKET_WRITE_ERROR
Description: FortiSIEM Event Forwarder failed to write to socket
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errorNoInt |
Error Number Int |
int32 |
|
EventType: PH_EVENT_FORWARDER_SSL_CERT_ERROR
Description: FortiSIEM Event Forwarder SSL certification error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_EVENT_FORWARDER_SSL_ERROR
Description: FortiSIEM Event Forwarder Generic SSL error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_EVENT_FWD_CERT_LOAD_FAILED
Description: Event Forwarder module failed to load certification file or key file for TLS based forwarding - forwarding via this method will not occur
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_EVENT_FWD_CERT_UNPAIRED
Description: Event Forwarder module detected unpaired certififcation file or key file - forwarding via this method will not occur
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_EVENT_FWD_DIR_MAKE_FAILED
Description: Event Forwarder module failed to create a directory during initialization
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
dirName |
Directory Name |
string |
|
EventType: PH_EVENT_FWD_DIR_OPEN_FAILED
Description: Event Forwarder module failed to open a directory
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
dirName |
Directory Name |
string |
|
EventType: PH_EVENT_FWD_FILE_RENAME_FAILED
Description: Event Forwarder module failed to rename a file
Severity: 3 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
srcFilePath |
Source File Path |
string |
|
|
destFilePath |
Destination File Path |
string |
|
EventType: PH_EVENT_FWD_FULL_FORWARDING_FAILED
Description: Event Forwarder failed to forward all events in one file to the destination, will retry
Severity: 3 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
destIpAddr |
Destination IP |
IP |
Destination IP of a device as identified in the event. |
|
destIpPort |
Destination TCP/UDP Port |
uint16 |
This is the destination TCP or UDP port as identified in the event |
EventType: PH_EVENT_FWD_GET_FILE_NUM_FAILURE
Description: Event Forwarder module failed to get event file count in /opt/phoenix/cache/parser/fwd
Severity: 5 (Medium)
Event Category: 3 (System Logs)
EventType: PH_EVENT_FWD_GZ_CLOSE_ERROR
Description: Event Forwarder module cannot close gz file stored in /opt/phoenix/cache/parser/fwd - event will not be forwarded
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
EventType: PH_EVENT_FWD_GZ_FILE_OPEN_ERROR
Description: Event Forwarder failed to open event file (gz), or not enough memory to open it
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
EventType: PH_EVENT_FWD_GZ_MD5_ERROR
Description: Event Forwarder module cannot get md5 of event file (gz)
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
EventType: PH_EVENT_FWD_GZ_RENAME_ERROR
Description: Event Forwarder module cannot rename event file (gz)
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_EVENT_FWD_GZ_SIZE_MISMATCH
Description: Event Forwarder found malformed event file (gz) - length mismatch
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
EventType: PH_EVENT_FWD_KAFKA_WARNING
Description: Event Forwarder module failed on event serialization to send via Kafka
Severity: 5 (Medium)
Event Category: 3 (System Logs)
EventType: PH_EVENT_FWD_MD5_CHECKSUM_MISMATCH
Description: Event Forwarder found event file (gz) MD5 checksum
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_EVENT_FWD_NETFLOW_REGEX_IGNORED
Description: Event Forwarder ignores regex filter in forwarding rule for Netflow since Netflow is binary
Severity: 5 (Medium)
Event Category: 3 (System Logs)
EventType: PH_EVENT_FWD_PARTIAL_FORWARDING_FAILED
Description: Event Forwarder failed to forward a subset of events in one file to the destination. Those events will be lost
Severity: 8 (Medium)
Event Category: 3 (System Logs)
EventType: PH_EVENT_FWD_PARTIAL_FORWARDING_WARNING
Description: FortiSIEM Event Forwarder was able to do partial forwarding
Severity: 3 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
destIpAddr |
Destination IP |
IP |
Destination IP of a device as identified in the event. |
|
destIpPort |
Destination TCP/UDP Port |
uint16 |
This is the destination TCP or UDP port as identified in the event |
EventType: PH_EVENT_FWD_PCRE_ERROR
Description: Event Forwarder module failed to Pcre compile - this means the regular expression in the forwarding rule is invalid
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_EVENT_FWD_PROCESS_INIT_FAILED
Description: Event Forwarder failed to initialize this process
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_EVENT_FWD_PROCESS_START_FAILED
Description: Event Forwarder failed to run
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_EVENT_FWD_PROTO_FORWARDED_WRONG
Description: Event Forwarder found incorrect proto in the forwarding rule
Severity: 8 (Medium)
Event Category: 3 (System Logs)
EventType: PH_EVENT_FWD_RENAME_GZ_ERROR
Description: FortiSIEM Event Forwarder failed to rename gz file
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
EventType: PH_EVENT_FWD_RULE_PARSE_ERROR
Description: Event forwarder module failed to parse event forwarding rule
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_EVENT_FWD_SOCKET_CONNECT_FAILED
Description: Event Forwarder failed to connect the destination for TCP based forwarding
Severity: 8 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
exitValue |
Command exit value |
int32 |
|
EventType: PH_EVENT_FWD_SOCKET_GET_FAILED
Description: Event Forwarder failed to get socket for connecting the destination
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
exitValue |
Command exit value |
int32 |
|
EventType: PH_EVENT_FWD_SOCKET_WRITE_FAILED
Description: Event Forwarder failed to write to socket for sending events
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
exitValue |
Command exit value |
int32 |
|
EventType: PH_EVENT_FWD_SSL_CREATE_FAILED
Description: Event Forwarder unable to create new SSL context structure for TLS based fowarding
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_EVENT_FWD_SSL_SESSION_BUILD_FAILED
Description: Event Forwarder unable to build SSL session for TLS based fowarding
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_EVENT_FWD_UNEXPECTED_FILE_REMOVED
Description: Event Forwarder removed unexpected event file (mismatched name format)
Severity: 3 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
EventType: PH_EVENT_PKG_ATTR_NOT_FOUND
Description: Event Packager cannot find Worker name in XML received from App Server
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_EVENT_PKG_EMPTY_FILE_REMOVED
Description: Event Packager found an empty event file - filw will be removed
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
EventType: PH_EVENT_PKG_FILE_ADD_TO_SVN_FAILED
Description: Event Packager failed to add configuration file to svn upload queue
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
EventType: PH_EVENT_PKG_FILE_REMOVED_ERROR
Description: Event Packager failed to remove event file after upload
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
EventType: PH_EVENT_PKG_FILE_RENAME_FAILED
Description: Event Packager failed to rename configuration file after scanning
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
srcFilePath |
Source File Path |
string |
|
|
destFilePath |
Destination File Path |
string |
|
|
exitValue |
Command exit value |
int32 |
|
EventType: PH_EVENT_PKG_FILE_STAT_FAILED
Description: Event Packager failed to stat configuration or event file
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
|
exitValue |
Command exit value |
int32 |
|
EventType: PH_EVENT_PKG_FILE_UPLOAD_FAILED
Description: Event Packager failed to upload event file to Worker or Super; will retry
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
|
serverIpAddr |
Server IP |
IP |
|
EventType: PH_EVENT_PKG_FILE_UPLOAD_SUCCESS_HIGH
Description: Event file upload success is high
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
ratio |
Ratio |
uint64 |
|
EventType: PH_EVENT_PKG_FILE_UPLOAD_SUCCESS_LOW
Description: Event file upload success is low
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
ratio |
Ratio |
uint64 |
|
EventType: PH_EVENT_PKG_GZ_CLOSE_FAILED
Description: Event Packager failed to close event file after writing
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
|
exitValue |
Command exit value |
int32 |
|
EventType: PH_EVENT_PKG_GZ_FILE_OPEN_ERROR
Description: Event Packager failed to open gz file or not enough memory to open it
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
EventType: PH_EVENT_PKG_HTTP_FAILED
Description: Event Packager encountered HTTPS error response code
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
serverIpAddr |
Server IP |
IP |
|
|
errorNo |
Error Number Unsigned |
uint32 |
This is an unsigned integer error number |
EventType: PH_EVENT_PKG_HTTP_INIT_FAILED
Description: Event Packager HTTP client initialization failed
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
serverIpAddr |
Server IP |
IP |
|
EventType: PH_EVENT_PKG_INSERT_TASK_FAILED
Description: Failed to insert task into event file upload queue
Severity: 5 (Medium)
Event Category: 3 (System Logs)
EventType: PH_EVENT_PKG_NO_EVENT
Description: Event Packager did not upload any event in last 10 minutes
Severity: 3 (Low)
Event Category: 3 (System Logs)
EventType: PH_EVENT_PKG_OPEN_DIR_FAILED
Description: Failed to open directory
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
|
errorNoInt |
Error Number Int |
int32 |
|
EventType: PH_EVENT_PKG_PROCESS_INIT_FAILED
Description: Event Packager failed to initialize
Severity: 10 (High)
Event Category: 3 (System Logs)
EventType: PH_EVENT_PKG_PROCESS_START_FAILED
Description: Event Packager failed to run
Severity: 10 (High)
Event Category: 3 (System Logs)
EventType: PH_EVENT_PKG_QUEUE_GET_FAILED
Description: Event Packager failed to get event file from the queue
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
exitValue |
Command exit value |
int32 |
|
EventType: PH_EVENT_PKG_SERVER_LIST_UPLOAD_FAILED
Description: Event Packager failed to get upload server list from App Server
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
serverIpAddr |
Server IP |
IP |
|
EventType: PH_EVENT_PKG_SERVICE_LIST_EMPTY
Description: Empty upload service list
Severity: 5 (Medium)
Event Category: 3 (System Logs)
EventType: PH_EVENT_PKG_TASK_ADD_TO_QUEUE_FAILED
Description: Event Packager failed to add file upload task to queue
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_EVENT_PKG_XML_PARSE_FAILED
Description: Event Packager failed to parse XML from App Server
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_EVTPKGER_FILE_UPLOAD_FAILED
Description: File upload failed
Severity: 6 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
fileName |
File Name |
string |
|
|
destIpAddr |
Destination IP |
IP |
Destination IP of a device as identified in the event. |
EventType: PH_EVT_HANDLER_DBG
Description: Event handler debug message
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_EVT_HANDLER_ERR
Description: Event handler error message
Severity: 6 (Medium)
Event Category: 3 (System Logs)
EventType: PH_EVT_HANDLER_EVT_QUEUE_LARGE
Description: Uploaded event files on Worker has a size of more than 100MB
Severity: 6 (Medium)
Event Category: 3 (System Logs)
EventType: PH_EVT_HANDLER_EVT_QUEUE_WARNING
Description: Worker Input Event Queue large
Severity: 10 (High)
Event Category: 3 (System Logs)
EventType: PH_EVT_HANDLER_INFO
Description: Event handler information
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_EVT_HANDLER_SVN_QUEUE_LARGE
Description: Uploaded SVN files size large
Severity: 6 (Medium)
Event Category: 3 (System Logs)
EventType: PH_EVT_HANDLER_SVN_QUEUE_WARNING
Description: Worker Input Event Queue large
Severity: 10 (High)
Event Category: 3 (System Logs)
EventType: PH_EVT_PACKAGER_COND_WAIT_ERROR
Description: FortiSIEM Event Packager Conditional Wait Error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errorNoInt |
Error Number Int |
int32 |
|
EventType: PH_EVT_PACKAGER_FILE_CLOSE_FAILURE
Description: FortiSIEM Event Packager file close error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
|
errorNoInt |
Error Number Int |
int32 |
|
EventType: PH_EVT_PACKAGER_FILE_OPEN_FAILURE
Description: FortiSIEM Event Packager file open error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
EventType: PH_EVT_PACKAGER_FILE_REMOVE_FAILURE
Description: FortiSIEM Event Packager file remove error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
|
errorNoInt |
Error Number Int |
int32 |
|
EventType: PH_EVT_PACKAGER_FILE_RENAME_FAILURE
Description: FortiSIEM Event Packager file rename error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errorNoInt |
Error Number Int |
int32 |
|
|
srcFilePath |
Source File Path |
string |
|
|
destFilePath |
Destination File Path |
string |
|
EventType: PH_EVT_PACKAGER_FILE_STAT_FAILURE
Description: FortiSIEM Event Packager file stat error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
|
errorNoInt |
Error Number Int |
int32 |
|
EventType: PH_EVT_PACKAGER_FILE_UPLOAD_FAILURE
Description: FortiSIEM Event Packager file upload failure
Severity: 3 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
|
errorNoInt |
Error Number Int |
int32 |
|
|
destName |
Destination Host Name |
string |
Destination device's hostname as identified in the log, can also be enriched using reverse lookup of the destination IP address. |
EventType: PH_EVT_PACKAGER_HTTP_RESPONSE_ERROR
Description: FortiSIEM Event Packager http response error from App Server
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errorNoInt |
Error Number Int |
int32 |
|
EventType: PH_EVT_PACKAGER_INIT_FAILURE
Description: FortiSIEM Event Packager module initialization error
Severity: 10 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
funName |
Function Name |
string |
|
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_EVT_PACKAGER_REST_PARSE_ERROR
Description: FortiSIEM Event Packager module failed to parse REST output
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_EVT_PACKAGER_RUN_PROCESS_ERROR
Description: FortiSIEM Event Packager module encountered error to run process
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_JAVA_AGENT_APPSERVER_CONN_ERROR
Description: FSM FSM Java Agent failed to connect to App Server
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_JAVA_AGENT_APPSERVER_EXECUTE_ERROR
Description: FSM FSM Java Agent app server JMX Pull SQL Error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_JAVA_AGENT_CONTROLLER_CMD_PARSE_ERROR
Description: FSM Java Agent parse file failed
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_JAVA_AGENT_CONTROLLER_CMD_READ_ERROR
Description: FSM Java Agent control channel problem, exiting ...
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_JAVA_AGENT_CONTROLLER_GENERIC_ERROR
Description: FSM Java Agent parse file failed
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_JAVA_AGENT_CONTROLLER_LINE_READ_ERROR
Description: FSM Java Agent hit exception while reading line type
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_JAVA_AGENT_CONTROLLER_XML_READ_ERROR
Description: FSM Java Agent hit exception while reading command XML from App Server
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_JAVA_AGENT_CUSTOM_JDBC_CONN_ERROR
Description: FSM Java Agent failed to execute custom JDBC monitoring job - connection error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_JAVA_AGENT_CUSTOM_JDBC_EXEC_ERROR
Description: FSM Java Agent failed to execute custom JDBC monitoring job - execution error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_JAVA_AGENT_DISCOVERY_TEST_ERROR
Description: FSM Java Agent failed to connect to Snort database for testing
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_JAVA_AGENT_ERROR
Description: PH java agent generic error
Severity: 6 (Medium)
Event Category: 3 (System Logs)
EventType: PH_JAVA_AGENT_GLASSFISH_MONITOR_ERROR
Description: FSM Java Agent GlassFish monitoring failure
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_JAVA_AGENT_GLASS_FISH_WARNING
Description: FSM Java Agent GlassFish monitoring warning
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_JAVA_AGENT_GOOGLEAPPS_EXEC_ERROR
Description: FSM Java Agent Google Apps Monitor Exception
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_JAVA_AGENT_IBMDB2_AUDIT_CONN_ERROR
Description: FSM Java Agent IBM DB2 connection error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_JAVA_AGENT_IBMDB2_AUDIT_EXEC_ERROR
Description: FSM Java Agent IBM DB2 audit error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_JAVA_AGENT_IBM_DB2_CAT_READ_ERROR
Description: FSM Java Agent IBM loading error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_JAVA_AGENT_IBM_DB2_CONN_ERROR
Description: FSM Java Agent failed to connect to IBM DB2 for collecting audit logs
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_JAVA_AGENT_IBM_DB2_INTERNAL_ERROR
Description: FSM Java Agent IBM Sleep Interrupted error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_JAVA_AGENT_INFO
Description: PH java agent generic info
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_JAVA_AGENT_JBOSS_CONN_ERROR
Description: FSM Java Agent app server connection error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_JAVA_AGENT_JBOSS_EXEC_ERROR
Description: FSM Java Agent app server connection error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_JAVA_AGENT_JBOSS_MONITOR_ERROR
Description: Fail to monitor Jboss
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_JAVA_AGENT_JDBC_PULL_UNSUPP_ERROR
Description: No connection for job when pulling JDBC
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_JAVA_AGENT_JDBC_SQL_NOT_SUPPORT_ERROR
Description: FSM Java Agent cannot support such a SQL
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_JAVA_AGENT_JMX_CONN_ERROR
Description: FSM Java Agent jmx JDBC error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_JAVA_AGENT_JMX_EXEC_ERROR
Description: FSM Java Agent JMX monitor error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_JAVA_AGENT_JOB_EXECUTOR_ERROR
Description: Exception in AgentJobExecutor.run error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_JAVA_AGENT_JOB_STATUS_UPLOAD_ERROR
Description: Failed to upload job status xml
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_JAVA_AGENT_JOB_TYPE_ERROR
Description: AgentUtils createAndInitAgent serverType is not defined
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_JAVA_AGENT_JOB_XML_LOAD_ERROR
Description: Exception caught while parsing JobXml
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_JAVA_AGENT_JOB_XML_PARSE_ERROR
Description: Exception caught while parsing JobXml
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_JAVA_AGENT_MCAFEE_MYSQL_MONITOR_ERROR
Description: FSM Java Agent my sql performance monitor error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_JAVA_AGENT_MCAFEE_VULN_SCANNER_ERROR
Description: FSM Java Agent vulnerability pulling error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_JAVA_AGENT_MONITOR_GEN_ERROR
Description: FSM Java Agent job monitor rest error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_JAVA_AGENT_MONITOR_TIMEOUT_ERROR
Description: FSM Java Agent job monitor execute too long
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_JAVA_AGENT_MSSQL_DDL_CONN_ERROR
Description: FSM Java Agent JDBC pull don't support dev error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_JAVA_AGENT_MSSQL_LOGON_CONN_ERROR
Description: FSM Java Agent MySql Connection error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_JAVA_AGENT_MSSQL_LOGON_EXEC_ERROR
Description: FSM Java Agent app server JMX Pull SQL Error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_JAVA_AGENT_MSSQL_MONITOR_ERROR
Description: FSM Java Agent ms sql performance error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_JAVA_AGENT_MSSQL_PERF_CONN_ERROR
Description: FSM Java Agent job connection error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_JAVA_AGENT_MSSQL_PERF_EXECUTE_ERROR
Description: FSM Java Agent MSSQL job execution error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_JAVA_AGENT_MYSQL_PERF_CONN_ERROR
Description: FSM Java Agent MYSQL connection error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_JAVA_AGENT_MYSQL_PERF_EXEC_ERROR
Description: FSM Java Agent mysql audit performance error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_JAVA_AGENT_NESSUS_REPORT_PARSE_ERROR
Description: FSM Java Agent nessus report parse error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_JAVA_AGENT_ORACLE_DB_ERROR
Description: FSM Java Agent Oracle DB performance metrics error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_JAVA_AGENT_ORADB_AUDIT_CONN_ERROR
Description: FSM Java Agent Oracle DB connection error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_JAVA_AGENT_ORADB_AUDIT_EXEC_ERROR
Description: FSM Java Agent Oracle DB execution error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_JAVA_AGENT_ORADB_LOGON_EXEC_ERROR
Description: FSM Java Agent Oracle Audit trail pull error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_JAVA_AGENT_ORADB_PERF_CONN_ERROR
Description: FSM Java Agent Oracle Database performance metrics collection error - connection issue
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_JAVA_AGENT_ORADB_PERF_EXEC_ERROR
Description: FSM Java Agent Oracle Database performance metrics collection error - SQL exec error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_JAVA_AGENT_SNORT_CONN_ERROR
Description: FSM Java Agent Snort IPS connect error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_JAVA_AGENT_SNORT_EVENTID_ERROR
Description: FSM Java Agent Snort IPS alert collection error - exception in setMaxEventId function
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_JAVA_AGENT_SNORT_EXEC_ERROR
Description: FSM Java Agent Snort IPS alert collection error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_JAVA_AGENT_SNORT_SENSORID_ERROR
Description: FSM Java Agent Snort IPS alert collection error - exception in setSensorId2MaxEventId function
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_JAVA_AGENT_SNORT_TCP_OPTION_ERROR
Description: FSM Java Agent Snort IPS alert collection error - exception in getTcpOptions functions
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_JAVA_AGENT_TOMCAT_MONITOR_ERROR
Description: FSM Java Agent Tomcat Application Server monitor error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_JAVA_AGENT_UTILS_ERROR
Description: FSM Java Agent status file error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_JAVA_AGENT_VMWARE_HWSTATUS_EXEC_ERROR
Description: FSM Java Agent failed to collect VMWare ESX hardware status
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_JAVA_AGENT_VMWARE_LOG_CONN_ERROR
Description: FSM Java Agent failed to connect VMWare ESX / Vcenter for collecting logs
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_JAVA_AGENT_VMWARE_LOG_EXEC_ERROR
Description: FSM Java Agent hit an exception while collecting logs from VMWare ESX / Vcenter
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_JAVA_AGENT_VMWARE_MONITOR_ERROR
Description: FSM Java Agent hit an error while connecting to VMWare ESX / Vcenter
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_JAVA_AGENT_VMWARE_PERF_COUNTER_MISSING
Description: FSM Java Agent VMWare performance pull error - missing performance counter
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_JAVA_AGENT_VMWARE_PERF_DATA_RETRIEVE_ERROR
Description: FSM Java Agent VMWare performance pull error - data retrieve error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_JAVA_AGENT_VMWARE_PERF_ENTITY_MISSING
Description: FSM Java Agent VMWare performance pull error - missing performance entity
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_JAVA_AGENT_VMWARE_PERF_HOST_MISSING
Description: FSM Java Agent VMWare performance pull error - missing host
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_JAVA_AGENT_VMWARE_PERF_MON_EXCEPTION
Description: FSM Java Agent VMWare performance pull error - hit exception
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_JAVA_AGENT_VMWARE_PERF_ROLLUP_MISSING
Description: FSM Java Agent VMWare performance pull error - missing rollup
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_JAVA_AGENT_VMWARE_PERF_STAT_NAME_MISSING
Description: FSM Java Agent VMWare performance pull error - missing stat name
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_JAVA_AGENT_VMWARE_PERF_VM_MISSING
Description: FSM Java Agent VMWare performance pull error - missing VM
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_JAVA_AGENT_VMWARE_THREAD_EXEC_ERROR
Description: FSM Java Agent VMWare performance pull error - thread execution error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_JAVA_AGENT_VULN_REPORT_PARSER_ERROR
Description: FSM Java Agent failed to parse external vulnerability scanner report
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_JAVA_AGENT_VULN_REPORT_VERIFY_ERROR
Description: FSM Java Agent failed to verify external vulnerability scanner report
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_JAVA_AGENT_WEBLOGIC_MONITOR_ERROR
Description: FSM Java Agent Weblogic monitor error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_JAVA_AGENT_WEBSENSE_EMAIL_MISSING_LOGDB
Description: FSM Java Agent Websense Email Gateway log collection error - logDBName is null
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_JAVA_AGENT_WEBSENSE_JDBC_PULL_ERROR
Description: FSM Java Agent Websense WebSecurity Gateway log collection error - Event Pull SQL Error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_JAVA_AGENT_WEBSENSE_MAIL_CONN_ERROR
Description: FSM Java Agent Websense Email Gateway connection audit error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_JAVA_AGENT_WEBSENSE_MAIL_EXEC_ERROR
Description: FSM Java Agent Websense Email Gateway execution error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_JAVA_AGENT_WEBSENSE_MAIL_PULL_ERROR
Description: FSM Java Agent Websense Email Gateway mail pulling error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_JAVA_AGENT_WEBSENSE_WEB_CONN_ERROR
Description: FSM Java Agent WebSecurity Gateway connection audit error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_JAVA_AGENT_WEBSENSE_WEB_EXEC_ERROR
Description: FSM Java Agent WebSecurity execution error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_JAVA_AGENT_WEBSENSE_WEB_MISSING_LOGDB
Description: FSM Java Agent WebSecurity log collection error - logDBName or urlDBName or urlCategoryDBName or dispositionDBName is null
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_JAVA_AGENT_WEBSPHERE_CONN_ERROR
Description: FSM Java Agent IBM Web sphere monitor error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_JAVA_AGENT_WEBSPHERE_EXEC_ERROR
Description: FSM Java Agent IBM Web sphere log pulling error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_JAVA_AGENT_WEBSPHERE_MONITOR_ERROR
Description: FSM Java Agent IBM Web sphere monitor error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_LINUX_AGENT_ACCOUT_MISSING
Description: Registration user name is missing
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_LINUX_AGENT_BIND_PORT_FAILED
Description: Socket failed to bind port
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
destIpPort |
Destination TCP/UDP Port |
uint16 |
This is the destination TCP or UDP port as identified in the event |
EventType: PH_LINUX_AGENT_CONFIG_ATTR_DECRYPTED_FAILED
Description: Failed to decrypt attr in config file.
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
fileName |
File Name |
string |
|
EventType: PH_LINUX_AGENT_CONFIG_ATTR_ENCRYPTED_FAILED
Description: Failed to encrypt attr in config file.
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
fileName |
File Name |
string |
|
EventType: PH_LINUX_AGENT_CONFIG_ATTR_NOT_FOUND
Description: Cannot find attribute in config file
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
fileName |
File Name |
string |
|
EventType: PH_LINUX_AGENT_CONFIG_MISS_ATTR
Description: Cannot find attribute in config file
Severity: 3 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
fileName |
File Name |
string |
|
EventType: PH_LINUX_AGENT_CREATE_SOCKET_FAILED
Description: Failed to create socket
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_LINUX_AGENT_EXIT
Description: Linux agent received exit signal
Severity: 3 (Low)
Event Category: 3 (System Logs)
EventType: PH_LINUX_AGENT_HOST_IP_GOT_FAILED
Description: Failed to get host ip
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_LINUX_AGENT_INCREASE_RECV_SOCK_BUF_MAX_FAILED
Description: Failed to increase Linux Agent recv socket buffe size
Severity: 3 (Low)
Event Category: 3 (System Logs)
EventType: PH_LINUX_AGENT_INIT_FIM_FAILED
Description: Linux Agent FIM Init Failed
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_LINUX_AGENT_INIT_HTTP_FAILED
Description: Failed to initial http client
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
destIpAddr |
Destination IP |
IP |
Destination IP of a device as identified in the event. |
EventType: PH_LINUX_AGENT_LOG_GENERIC
Description: Linux agent generic log
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_LINUX_AGENT_NEW_FIM_LOADED
Description: Linux Agent New FIM Config Loaded
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_LINUX_AGENT_OPEN_FILE_FAILED
Description: Linux agent open file failed
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
fileName |
File Name |
string |
|
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_LINUX_AGENT_OPEN_PORT_FAILED
Description: Failed to open port
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
ipPort |
IP Port |
uint16 |
IP port number |
EventType: PH_LINUX_AGENT_PWD_MISSING
Description: Registration password is missing
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_LINUX_AGENT_RECV_ERROR
Description: Linux agent received error from socket
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errorNo |
Error Number Unsigned |
uint32 |
This is an unsigned integer error number |
|
recvBytes64 |
Received Bytes64 |
uint64 |
Number of bytes received by a host. This has 64bit resolution. |
EventType: PH_LINUX_AGENT_REGISSTER_FAILED
Description: Failed to register linux agent
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_LINUX_AGENT_TEMPLATE_STATUS
Description: Linux Agent State
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
phCustId |
Organization ID |
uint32 |
This is the FortiSIEM organization ID unique to each tenant |
|
status |
Status |
string |
|
EventType: PH_LINUX_AGENT_UNINSTALL
Description: Linux agent received uninstall signal
Severity: 3 (Low)
Event Category: 3 (System Logs)
EventType: PH_LINUX_AGENT_UPLOAD_FILE_FAILED
Description: File Upload to destHost failed
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
fileName |
File Name |
string |
|
|
destIpAddr |
Destination IP |
IP |
Destination IP of a device as identified in the event. |
|
errorNo |
Error Number Unsigned |
uint32 |
This is an unsigned integer error number |
EventType: PH_LINUX_AGENT_UPLOAD_FILE_SUCCESS
Description: File is uploaded to collector successfully
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
fileName |
File Name |
string |
|
|
destIpAddr |
Destination IP |
IP |
Destination IP of a device as identified in the event. |
EventType: PH_LINUX_AGENT_USER_FILE_LOG_GENERIC
Description: Linux agent generic user file log
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_LINUX_AGENT_VERIFIER_ERROR
Description: Linux agent verifier error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
fileName |
File Name |
string |
|
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
|
size |
Size |
uint32 |
|
EventType: PH_NETFLOW_BAD_FLOW
Description: Parser module module received a netflow packet with wrong length
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_NETFLOW_BAD_FLOW_END
Description: Parser module received a netflow packet with unsupported end of netflow datagram
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_NETFLOW_BAD_HEADER_PROTOCOL
Description: Parser module received a netflow packet with unsupported netflow header protocol
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_NETFLOW_BAD_PACKET
Description: Parser module received a incorrectly formatted netflow packet
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_NETFLOW_BAD_RECORD
Description: Parser module received a incorrectly formatted netflow flow
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_NETFLOW_BAD_TYPE
Description: Parser module received a netflow packet with unsupported netflow sample type
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_NETFLOW_BAD_VER
Description: Parser module received a netflow packet with unsupported netflow version
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
reptDevIpAddr |
Reporting IP |
IP |
This is the device that originated the log or event packet, also known as the reporting device. |
EventType: PH_NETFLOW_EXCEPTION
Description: Parser module encountered netflow parsing error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_SYSTEM_DEVAPP_EVENTS_PER_SEC
Description: FortiSIEM per application EPS statistics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
reptVendor |
Reporting Vendor |
string |
This field captures the vendor of the reported event |
|
reptModel |
Reporting Model |
string |
This field captures the model of the reported event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
phCustId |
Organization ID |
uint32 |
This is the FortiSIEM organization ID unique to each tenant |
|
eventsPerSec |
Event Rate |
double |
A generic attribute for recording event ingestion or handling rate. |
EventType: PH_SYSTEM_DEVAPP_NO_EVENTS
Description: No events from a reporting module in last 1 hour
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
reptVendor |
Reporting Vendor |
string |
This field captures the vendor of the reported event |
|
reptModel |
Reporting Model |
string |
This field captures the model of the reported event |
|
reptDevIpAddr |
Reporting IP |
IP |
This is the device that originated the log or event packet, also known as the reporting device. |
|
reptDevName |
Reporting Device |
string |
This is the hostname of the device that originated the log or event packet. |
EventType: PH_SYSTEM_DEVICE_NO_EVENTS
Description: No events from a device in last 1 hour
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_SYSTEM_EPS_GLOBAL
Description: FortiSIEM Global event handling statistics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
licenseEventsPerSec |
License EPS |
uint64 |
|
|
incomingEventsPerSec |
Incoming Event Rate |
double |
This is a FortiSIEM event ingestion rate calculated every 3 minutes, divided by 180 to generate a rolling EPS (Events Per Second) interval. |
|
peakIncomingEventsPerSec |
Peak Incoming Event Rate |
double |
This is the spike or max event ingestion rate seen during a 3 minute interval averaged overall data points. |
|
dropLicenseEventsPerSec |
License Dropped Event Rate |
double |
The number of events dropped due to exceeding license in past 3 minutes. |
|
peakDropLicenseEventsPerSec |
Peak License Dropped Event Rate |
double |
The max value of dropLicenseEventsPerSec over all 3-minute periods, since phParser started. |
|
unusedEvents |
Unused Event Count |
uint64 |
The difference between licenseEventsPerSec and incomingEventsPerSec accumulated. |
EventType: PH_SYSTEM_EPS_NODE
Description: FortiSIEM per Node event handling statistics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
role |
Role |
string |
|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
guaranteedEventsPerSec |
Guaranteed EPS |
uint64 |
|
|
incomingEventsPerSec |
Incoming Event Rate |
double |
This is a FortiSIEM event ingestion rate calculated every 3 minutes, divided by 180 to generate a rolling EPS (Events Per Second) interval. |
|
peakIncomingEventsPerSec |
Peak Incoming Event Rate |
double |
This is the spike or max event ingestion rate seen during a 3 minute interval averaged overall data points. |
|
ingestedEventsPerSec |
Ingested Event Rate |
double |
|
|
dropPolicyEvents |
Policy Dropped Events |
uint64 |
The number of events dropped by Event Dropping Rules in the last 3 minutes. |
|
dropPolicyEventsPerSec |
Policy Droppped Event Rate |
double |
This is the per second count of events dropped by policy, which is calculated as dropPolicyEvents (3min interval) / 180 seconds. |
|
peakDropPolicyEventsPerSec |
Peak Policy Dropped Event Rate |
double |
The max value of dropPolicyEventsPerSec, over all 3-minute periods, since phParser started. |
|
dropLicenseEvents |
License Dropped Events |
uint64 |
This is the total count of events dropped due to exceeding license over all 3 minute intervals since phParser started. |
|
dropLicenseEventsPerSec |
License Dropped Event Rate |
double |
The number of events dropped due to exceeding license in past 3 minutes. |
|
peakDropLicenseEventsPerSec |
Peak License Dropped Event Rate |
double |
The max value of dropLicenseEventsPerSec over all 3-minute periods, since phParser started. |
|
dropLicenseEventRatio |
License Dropped Event Ratio |
uint16 |
Ratio of dropped events due to license to total incoming events in last 3 minutes. |
|
reptDevIpAddr |
Reporting IP |
IP |
This is the device that originated the log or event packet, also known as the reporting device. |
EventType: PH_SYSTEM_EPS_ORG
Description: FortiSIEM per Organization event handling statistics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
phCustId |
Organization ID |
uint32 |
This is the FortiSIEM organization ID unique to each tenant |
|
customer |
Organization Name |
string |
This is the FortiSIEM Organization Name, which is unique to each tenant. It identifies the tenant this event belongs to. |
|
incomingEventsPerSec |
Incoming Event Rate |
double |
This is a FortiSIEM event ingestion rate calculated every 3 minutes, divided by 180 to generate a rolling EPS (Events Per Second) interval. |
|
peakIncomingEventsPerSec |
Peak Incoming Event Rate |
double |
This is the spike or max event ingestion rate seen during a 3 minute interval averaged overall data points. |
|
dropLicenseEventsPerSec |
License Dropped Event Rate |
double |
The number of events dropped due to exceeding license in past 3 minutes. |
|
peakDropLicenseEventsPerSec |
Peak License Dropped Event Rate |
double |
The max value of dropLicenseEventsPerSec over all 3-minute periods, since phParser started. |
EventType: PH_SYSTEM_EVENTS_FWD_STAT
Description: Forwarded EPS statistics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
role |
Role |
string |
|
|
phCustId |
Organization ID |
uint32 |
This is the FortiSIEM organization ID unique to each tenant |
|
customer |
Organization Name |
string |
This is the FortiSIEM Organization Name, which is unique to each tenant. It identifies the tenant this event belongs to. |
|
fwdEventsPerSec |
Forwarded Event Rate |
double |
This field represents the average rate (events per sec) over a 3 minute window, at which events are forwarded from FortiSIEM to an external system |
|
peakFwdEventsPerSec |
Peak Forwarded Event Rate |
double |
This field represents the maximum rate (events per sec) over a 3 minute window, at which events are forwarded from FortiSIEM to an external system |
|
dropFwdEventsPerSec |
Dropped Forwarded Event Rate |
double |
|
|
peakDropFwdEventsPerSec |
Peak Dropped Forwarded Event Rate |
double |
|
|
reptDevIpAddr |
Reporting IP |
IP |
This is the device that originated the log or event packet, also known as the reporting device. |
|
reptDevName |
Reporting Device |
string |
This is the hostname of the device that originated the log or event packet. |
EventType: PH_SYSTEM_EVENTS_PER_SEC
Description: Received EPS statistics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
peakEventsPerSec |
Peak Event Rate |
double |
|
|
guaranteedEventsPerSec |
Guaranteed EPS |
uint64 |
|
EventType: PH_SYSTEM_EVENTS_VIA_ZMQ_EPS
Description: Events Pushed by ZMQ EPS statistics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
totEventCount |
Total Event Count |
uint32 |
|
|
eventsPerSec |
Event Rate |
double |
A generic attribute for recording event ingestion or handling rate. |
EventType: PH_SYSTEM_INTERNAL_EVENTS_PER_SEC
Description: FortiSIEM Internal EPS statistics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
peakEventsPerSec |
Peak Event Rate |
double |
|
EventType: PH_SYSTEM_IP_EVENTS_PER_SEC
Description: FortiSIEM per device EPS statistics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
eventsPerSec |
Event Rate |
double |
A generic attribute for recording event ingestion or handling rate. |
|
reptDevIpAddr |
Reporting IP |
IP |
This is the device that originated the log or event packet, also known as the reporting device. |
|
phCustId |
Organization ID |
uint32 |
This is the FortiSIEM organization ID unique to each tenant |
EventType: PH_SYSTEM_PERF_EVENTS_PER_SEC
Description: FortiSIEM performance monitoring EPS statistics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
peakEventsPerSec |
Peak Event Rate |
double |
|
EventType: PH_SYSTEM_STORED_EVENTS_PER_SEC
Description: Stored EPS statistics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
peakEventsPerSec |
Peak Event Rate |
double |
|
EventType: PH_SYSTEM_SUMM_EVENTS_STORED_EPS
Description: Summary Events Stored EPS statistics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
totEventCount |
Total Event Count |
uint32 |
|
|
eventsPerSec |
Event Rate |
double |
A generic attribute for recording event ingestion or handling rate. |
EventType: PH_VA_EVENTS_PER_SEC
Description: Total event rate to an FortiSIEM VA
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
peakEventsPerSec |
Peak Event Rate |
double |
|