All Logs Page 4
Every FortiSIEM internally generated event log regardless of category
EventType: PH_JAVA_AGENT_SNORT_TCP_OPTION_ERROR
Description: FSM Java Agent Snort IPS alert collection error - exception in getTcpOptions functions
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_JAVA_AGENT_TOMCAT_MONITOR_ERROR
Description: FSM Java Agent Tomcat Application Server monitor error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_JAVA_AGENT_UTILS_ERROR
Description: FSM Java Agent status file error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_JAVA_AGENT_VMWARE_HWSTATUS_EXEC_ERROR
Description: FSM Java Agent failed to collect VMWare ESX hardware status
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_JAVA_AGENT_VMWARE_LOG_CONN_ERROR
Description: FSM Java Agent failed to connect VMWare ESX / Vcenter for collecting logs
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_JAVA_AGENT_VMWARE_LOG_EXEC_ERROR
Description: FSM Java Agent hit an exception while collecting logs from VMWare ESX / Vcenter
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_JAVA_AGENT_VMWARE_MONITOR_ERROR
Description: FSM Java Agent hit an error while connecting to VMWare ESX / Vcenter
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_JAVA_AGENT_VMWARE_PERF_COUNTER_MISSING
Description: FSM Java Agent VMWare performance pull error - missing performance counter
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_JAVA_AGENT_VMWARE_PERF_DATA_RETRIEVE_ERROR
Description: FSM Java Agent VMWare performance pull error - data retrieve error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_JAVA_AGENT_VMWARE_PERF_ENTITY_MISSING
Description: FSM Java Agent VMWare performance pull error - missing performance entity
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_JAVA_AGENT_VMWARE_PERF_HOST_MISSING
Description: FSM Java Agent VMWare performance pull error - missing host
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_JAVA_AGENT_VMWARE_PERF_MON_EXCEPTION
Description: FSM Java Agent VMWare performance pull error - hit exception
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_JAVA_AGENT_VMWARE_PERF_ROLLUP_MISSING
Description: FSM Java Agent VMWare performance pull error - missing rollup
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_JAVA_AGENT_VMWARE_PERF_STAT_NAME_MISSING
Description: FSM Java Agent VMWare performance pull error - missing stat name
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_JAVA_AGENT_VMWARE_PERF_VM_MISSING
Description: FSM Java Agent VMWare performance pull error - missing VM
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_JAVA_AGENT_VMWARE_THREAD_EXEC_ERROR
Description: FSM Java Agent VMWare performance pull error - thread execution error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_JAVA_AGENT_VULN_REPORT_PARSER_ERROR
Description: FSM Java Agent failed to parse external vulnerability scanner report
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_JAVA_AGENT_VULN_REPORT_VERIFY_ERROR
Description: FSM Java Agent failed to verify external vulnerability scanner report
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_JAVA_AGENT_WEBLOGIC_MONITOR_ERROR
Description: FSM Java Agent Weblogic monitor error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_JAVA_AGENT_WEBSENSE_EMAIL_MISSING_LOGDB
Description: FSM Java Agent Websense Email Gateway log collection error - logDBName is null
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_JAVA_AGENT_WEBSENSE_JDBC_PULL_ERROR
Description: FSM Java Agent Websense WebSecurity Gateway log collection error - Event Pull SQL Error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_JAVA_AGENT_WEBSENSE_MAIL_CONN_ERROR
Description: FSM Java Agent Websense Email Gateway connection audit error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_JAVA_AGENT_WEBSENSE_MAIL_EXEC_ERROR
Description: FSM Java Agent Websense Email Gateway execution error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_JAVA_AGENT_WEBSENSE_MAIL_PULL_ERROR
Description: FSM Java Agent Websense Email Gateway mail pulling error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_JAVA_AGENT_WEBSENSE_WEB_CONN_ERROR
Description: FSM Java Agent WebSecurity Gateway connection audit error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_JAVA_AGENT_WEBSENSE_WEB_EXEC_ERROR
Description: FSM Java Agent WebSecurity execution error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_JAVA_AGENT_WEBSENSE_WEB_MISSING_LOGDB
Description: FSM Java Agent WebSecurity log collection error - logDBName or urlDBName or urlCategoryDBName or dispositionDBName is null
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_JAVA_AGENT_WEBSPHERE_CONN_ERROR
Description: FSM Java Agent IBM Web sphere monitor error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_JAVA_AGENT_WEBSPHERE_EXEC_ERROR
Description: FSM Java Agent IBM Web sphere log pulling error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_JAVA_AGENT_WEBSPHERE_MONITOR_ERROR
Description: FSM Java Agent IBM Web sphere monitor error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_JAVA_QUERYSERVER_ACTION_UNSUPPORTED_ERROR
Description: Java Query Server unsupported action
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_JAVA_QUERYSERVER_ELASTIC_ERROR
Description: Java Query Server Elasticsearch error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_JAVA_QUERYSERVER_ERROR
Description: Java Query Server error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_JAVA_QUERYSERVER_INFO
Description: Java Query Server Query informational log
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_JAVA_QUERYSERVER_QUERYID_ERROR
Description: Java Query Server unknown or expired Query ID error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_JAVA_QUERYSERVER_QUERY_SYNTAX_ERROR
Description: Java Query Server Query syntax error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_JAVA_QUERYSERVER_REDIS_ERROR
Description: Java Query Server Redis error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_JAVA_QUERYSERVER_WARN
Description: Java Query Server Query warning
Severity: 3 (Low)
Event Category: 3 (System Logs)
EventType: PH_JMS_QUEUE_SIZE_WARNING
Description: JMS Queue large
Severity: 10 (High)
Event Category: 3 (System Logs)
EventType: PH_JOB_STAT
Description: Performance Monitor job status
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
jobId |
Job Id |
string |
|
|
jobType |
Job Type |
uint16 |
|
|
jobDetail |
Job Detail |
string |
|
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
jobName |
Job Name |
string |
|
|
jobDesc |
Job Description |
string |
|
|
jobStatus |
Job Status |
uint16 |
|
|
pollIntv |
Polling Interval |
uint32 |
|
|
eventTime |
Event Occur Time |
Date |
|
EventType: PH_JOB_STATUS_XML_SEND_ERROR
Description: Error in sending Performance Monitor job status to app server
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_JOB_STATUS_XML_SENT
Description: Performance Monitor job status sent to app server
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_JOB_STAT_SUPPRESSED
Description: Performance monitor job status sending suppressed because of no change
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
jobId |
Job Id |
string |
|
|
jobType |
Job Type |
uint16 |
|
|
jobDetail |
Job Detail |
string |
|
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
jobName |
Job Name |
string |
|
|
jobDesc |
Job Description |
string |
|
|
jobStatus |
Job Status |
uint16 |
|
|
pollIntv |
Polling Interval |
uint32 |
|
|
eventTime |
Event Occur Time |
Date |
|
EventType: PH_LIBEVENT_BUFFER_OVERFLOW
Description: FortiSIEM module encountered error while reading events from shared buffer
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_LIBEVENT_IP_TYPE_INVALID
Description: Invalid IP type
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_LIBEVENT_UNKNOWN_ATTR_ID
Description: Query/Report/Rule module encountered unknown event attribute id
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_LIBEVENT_UNKNOWN_ATTR_NAME
Description: Query/Report/Rule module encountered unknown event attribute name
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_LIB_TOPO_APACHE_PING_FAILED
Description: Discovery module failed to ping apache server
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_LIB_TOPO_APP_GROUP_FILTER_PARSE_ERROR
Description: Discovery module failed to parse Application Group filter
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_LIB_TOPO_APP_GROUP_FILTER_PUSH_ERROR
Description: Discovery module found empty group name in App Group Filter
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_LIB_TOPO_AWS_NEW_INSTANCE_NOT_RUN
Description: Discovery module found new AWS instance but it is not running
Severity: 5 (Medium)
Event Category: 3 (System Logs)
EventType: PH_LIB_TOPO_AWS_OBTAIN_INSTANCE_FAILURE
Description: FortiSIEM Discovery failed to obtain AWS instance
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_LIB_TOPO_CHECK_APP_LIST_WARNING
Description: Discovery module failed to checking monitorability for windows servers
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
module |
Module Name |
string |
|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_LIB_TOPO_CISCO_IOS_CBQOS_ERROR
Description: Discovery module encountered CBQoS monitoring error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_LIB_TOPO_CISCO_MERAKI_GET_CHILD_DEVICE_WARNING
Description: Discovery module failed to get Cisco Meraki child devices
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_LIB_TOPO_CISCO_MERAKI_GET_INTFS_WARNING
Description: Discovery module failed to get Cisco Meraki interfaces
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_LIB_TOPO_CISCO_MERAKI_GET_INTF_WARNING
Description: Discovery module failed to get Cisco Meraki interface
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
intfName |
Host Interface Name |
string |
Name of a network interface in a host. |
EventType: PH_LIB_TOPO_CISCO_MERAKI_MAC_2_HOST_LOOKUP_FAILED
Description: Discovery module failed to get prev found Meraki device by MAC in mac-to-host table
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
EventType: PH_LIB_TOPO_CISCO_MERAKI_MAC_2_INTF_LOOKUP_FAILED
Description: Discovery module failed to get prev found Meraki device by MAC in mac-to-interface table
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
EventType: PH_LIB_TOPO_CISCO_UCS_LOGIN_FAILED
Description: Discovery module failed to login to Cisco UCS
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_LIB_TOPO_CISCO_UCS_REQUEST_ERROR
Description: Discovery module failed to send request to Cisco UCS
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
EventType: PH_LIB_TOPO_CPU_TOO_HIGH
Description: Discovery / Perf Monitoring module found CPU util for device to be too high
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
cpuUtil |
CPU Util |
double |
|
EventType: PH_LIB_TOPO_CUST_CONFIG_JOB_DOWNLOAD_SCRIPT_FAILED
Description: Discovery / Perf Monitoring module failed to download expect script from app server for custom config job
Severity: 9 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
jobName |
Job Name |
string |
|
|
filePath |
File Path |
string |
|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_LIB_TOPO_CUST_FIM_JOB_CHECK_PATH_ERROR
Description: Discovery / Perf Monitoring module failed to check configured path name for custom FIM job
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
jobName |
Job Name |
string |
|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_LIB_TOPO_CUST_FIM_JOB_DEVICE_UNAVAILABLE
Description: Discovery / Perf Monitoring module found that device is not available for custom FIM job
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
jobName |
Job Name |
string |
|
|
command |
Command |
string |
|
|
exitValue |
Command exit value |
int32 |
|
EventType: PH_LIB_TOPO_CUST_FIM_JOB_FILE_TOO_LARGE
Description: Discovery / Perf Monitoring FIM module found that file is too large to be pulled
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
jobName |
Job Name |
string |
|
|
filePath |
File Path |
string |
|
|
fileSize64 |
File Size64 Bytes |
uint64 |
|
EventType: PH_LIB_TOPO_CUST_FIM_JOB_GET_DATA_FAILED
Description: Discovery / Perf Monitoring failed to get data for custom FIM job
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
jobName |
Job Name |
string |
|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_LIB_TOPO_CUST_FIM_JOB_GET_FILE_INFO_FAILED
Description: Discovery / Perf Monitoring failed to get general file info for FIM job
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
jobName |
Job Name |
string |
|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_LIB_TOPO_CUST_FIM_JOB_GET_MD5_FAILED
Description: Discovery / Perf Monitoring failed to get file MD5 for FIM job
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
jobName |
Job Name |
string |
|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_LIB_TOPO_CUST_FIM_JOB_GET_REMOTE_FILE_ERROR
Description: Discovery / Perf Monitoring failed to get remote file for FIM
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
jobName |
Job Name |
string |
|
|
filePath |
File Path |
string |
|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_LIB_TOPO_CUST_FIM_JOB_INCORRECT_CRED
Description: Discovery / Perf Monitoring found incorrect username or password for custom FIM job
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
jobName |
Job Name |
string |
|
|
command |
Command |
string |
|
|
exitValue |
Command exit value |
int32 |
|
EventType: PH_LIB_TOPO_CUST_FIM_JOB_RUN_SCP_FAILED
Description: Discovery / Perf Monitoring module failed to runScp.exp for FIM job
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
jobName |
Job Name |
string |
|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_LIB_TOPO_CUST_FIM_JOB_TOO_MANY_FILES
Description: Discovery / Perf Monitoring module found that files count exceeds the max files count limitation under one directory for custom FIM job
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
jobName |
Job Name |
string |
|
|
dirName |
Directory Name |
string |
|
EventType: PH_LIB_TOPO_CUST_LOGIN_JOB_CREATE_EVENT_FAILED
Description: Discovery / Perf Monitoring module failed to create event for custom LOGIN job
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
jobName |
Job Name |
string |
|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_LIB_TOPO_CUST_LOGIN_JOB_GET_DATA_FAILED
Description: Discovery / Perf Monitoring module failed to get data for custom LOGIN job
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
jobName |
Job Name |
string |
|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_LIB_TOPO_CUST_SNMP_JOB_CREATE_EVENT_FAILED
Description: Discovery / Perf Monitoring module failed to create event for custom SNMP job
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
jobName |
Job Name |
string |
|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_LIB_TOPO_CUST_SNMP_JOB_GET_DATA_FAILED
Description: Discovery / Perf Monitoring module failed to get data for custom SNMP job
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
jobName |
Job Name |
string |
|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_LIB_TOPO_CUST_WMI_JOB_CREATE_EVENT_FAILED
Description: Discovery / Perf Monitoring module failed to create event for custom WMIjob
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
jobName |
Job Name |
string |
|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_LIB_TOPO_CUST_WMI_JOB_GET_DATA_FAILED
Description: Discovery / Perf Monitoring module failed to get data for custom WMI job
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
jobName |
Job Name |
string |
|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_LIB_TOPO_ETHERMIB_STAT_LOOKUP_ERROR
Description: Discovery / Perf Monitoring module failed to get ethermib stat for interface
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
srcSnmpIntfIndex |
Source Interface SNMP Index |
uint16 |
SNMP index of the network interface through which a packet enters a network device. This information is typically present in Firewall logs. |
EventType: PH_LIB_TOPO_EVENT_DROP_RULE_ENCODE_VALUE_GROUP_ERROR
Description: Discovery / Perf Monitoring module failed to encode value group
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_LIB_TOPO_EVENT_DROP_RULE_PARSE_ERROR
Description: Parser module failed to parse event dropping rule
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_LIB_TOPO_EXCLUDED_DISK_PARSE_ERROR
Description: Discovery / Perf Monitoring module failed to parse excluded disks
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_LIB_TOPO_FCT_DEV_MAPPING_ENTRY_INVALID
Description: FortiClient device type mapping in /opt/phoenix/data-definition/FortiClientOSVersionMap.csv is invalid.
Severity: 6 (Medium)
Event Category: 3 (System Logs)
EventType: PH_LIB_TOPO_FGT_FABRIC_DISCOV_FAIL
Description: FortiGate Fabric Discovery Failure, if security fabric not enabled, this may be normal
Severity: 6 (Medium)
Event Category: 3 (System Logs)
EventType: PH_LIB_TOPO_FGT_GET_CONFIG_BACKUP_FAILED
Description: Failed to get config backup for FortiGate. Ensure that the FortiGate's rest api user role allows WRITE for System -> Administrator Users access permissions.
Severity: 6 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_LIB_TOPO_FGT_GET_USER_DEV_STORE_FAIL
Description: FortiGate User Device Store record retrieval failed. This is optional data
Severity: 6 (Medium)
Event Category: 3 (System Logs)
EventType: PH_LIB_TOPO_FGT_GET_USER_DEV_UNKNOWN
Description: FortiGate User Device Store identified an unknown device type. Add mapping to /opt/phoenix/data-definition/FortiClientOSVersionMap.csv
Severity: 6 (Medium)
Event Category: 3 (System Logs)
EventType: PH_LIB_TOPO_FGT_INSTALLED_SW_FAIL
Description: FortiGate failed to collect software module status via /api/v2/monitor/license/status.
Severity: 6 (Medium)
Event Category: 3 (System Logs)
EventType: PH_LIB_TOPO_FGT_SEC_POSTURE_RPT_API_FAIL
Description: FortiGate security posture report could not be retrieved via API on root fabric firewall.
Severity: 6 (Medium)
Event Category: 3 (System Logs)
EventType: PH_LIB_TOPO_FILE_READ_ERROR
Description: Discovery / Perf Monitoring module failed to read file
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
EventType: PH_LIB_TOPO_FOUNDRY_HW_STATUS_ERROR
Description: Discovery / Perf Monitoring module failed to get hardware status for Foundry Iron device
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
oid |
Object Identifier |
string |
|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_LIB_TOPO_GEN_UPS_STATUS_GET_ERROR
Description: Discovery / Perf Monitoring module failed to get hardware status via SNMP for GEN UPS device
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
EventType: PH_LIB_TOPO_GET_NETAPP_NFS_FAILED
Description: Discovery / Perf Monitoring module failed to get NFS metrics via SNMP or ONTAP SDK for NetApp Filer
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_LIB_TOPO_H3C_CPU_UTIL_ERROR
Description: Discovery / Perf Monitoring module failed to get CPU Util of H3C via SNMP
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
oid |
Object Identifier |
string |
|
EventType: PH_LIB_TOPO_HP3COM_CPU_UTIL_ERROR
Description: Discovery / Perf Monitoring module failed to get CPU Util of Hp3Com via SNMP
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
oid |
Object Identifier |
string |
|
EventType: PH_LIB_TOPO_HP3COM_MEM_UTIL_ERROR
Description: Discovery / Perf Monitoring module failed to get CPU Util of Hp3Com device via SNMP
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
oid |
Object Identifier |
string |
|
EventType: PH_LIB_TOPO_HPUX_PROC_CPU_MEM_TOO_HIGH
Description: Discovery / Perf Monitoring module found HPUX Process CPU Util or Mem Util too high
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
procName |
Process Name |
string |
|
|
cpuUtil |
CPU Util |
double |
|
|
memUtil |
Memory Util |
double |
|
EventType: PH_LIB_TOPO_HYPERV_METRICS_GET_ERROR
Description: Discovery / Perf Monitoring module failed to get HyperV metrics
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_LIB_TOPO_IMPORTANT_INTF_PARSE_ERROR
Description: Discovery / Perf Monitoring module failed to parse important interfaces
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_LIB_TOPO_INTF_UTIL_ERROR
Description: Discovery / Perf Monitoring module found interface util monitoring data inconsistency
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
intfName |
Host Interface Name |
string |
Name of a network interface in a host. |
EventType: PH_LIB_TOPO_JSON_PARSE_FAILED
Description: Failed to parse JSON
Severity: 5 (Medium)
Event Category: 3 (System Logs)
EventType: PH_LIB_TOPO_JUNIPER_INTF_SPEED_GET_ERROR
Description: Discovery / Perf Monitoring module failed to get interface speed from Juniper firewall
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
intfName |
Host Interface Name |
string |
Name of a network interface in a host. |
EventType: PH_LIB_TOPO_LIEBERT_HVAC_STATUS_GET_ERROR
Description: Discovery / Perf Monitoring module failed to get hardware status via SNMP for LIEBERT HAVC device
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
EventType: PH_LIB_TOPO_LOGIN_PING_FAILED
Description: Discovery / Perf Monitoring module failed to execute a login command for discovery pruposes
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
ipPort |
IP Port |
uint16 |
IP port number |
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_LIB_TOPO_MAINTENANCE_DURATION_INCORRECT
Description: Perf Monitoring module failed to properly parse device maintenance duration from App Server
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
jobName |
Job Name |
string |
|
EventType: PH_LIB_TOPO_MEM_TOO_HIGH
Description: Discovery / Perf Monitoring module memory util for device to be too high
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
memUtil |
Memory Util |
double |
|
EventType: PH_LIB_TOPO_NETAPP_AGGREGATE_STAT_ERROR
Description: Discovery / Perf Monitoring module failed to get NetApp Aggregate Stat via ONTAP SDK
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_LIB_TOPO_NETAPP_ANALYZE_VERSION_ERROR
Description: Discovery / Perf Monitoring module failed to analyze NetApp version via ONTAP SDK
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_LIB_TOPO_NETAPP_DISK_STAT_ERROR
Description: Discovery / Perf Monitoring module failed to get NetApp Disk Stat via ONTAP SDK
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_LIB_TOPO_NETAPP_GET_NFS_METRIC_ERROR
Description: Discovery / Perf Monitoring module failed to obtain NetApp NFS V3 metrics via ONTAPI
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_LIB_TOPO_NETAPP_GET_VERSION_ERROR
Description: Discovery / Perf Monitoring module failed to get NetApp version -- volume latencies may not be correct
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
EventType: PH_LIB_TOPO_NETAPP_LUN_STAT_ERROR
Description: Discovery / Perf Monitoring module failed to get NetApp LUN Stat via ONTAP SDK
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_LIB_TOPO_NETAPP_PROTO_STAT_ERROR
Description: Discovery / Perf Monitoring module failed to get NetApp Protocol Stat via ONTAP SDK
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_LIB_TOPO_NETAPP_VOLUME_STAT_ERROR
Description: Discovery / Perf Monitoring module failed to get NetApp Volume Stat via ONTAP SDK
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_LIB_TOPO_NOT_SUPPORT_REST_API
Description: Rest API doesn't support in this fortigate version
Severity: 5 (Medium)
Event Category: 3 (System Logs)
EventType: PH_LIB_TOPO_PARSE_INTF_MAP_FAILURE
Description: Discovery / Perf Monitoring module failed to parse device interface map
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_LIB_TOPO_PERF_JOB_EXEC_FAILED
Description: Perf Monitoring module failed to execute a specific performance monitoring job
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
jobName |
Job Name |
string |
|
|
jobId |
Job Id |
string |
|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_LIB_TOPO_PERF_JOB_INIT_FAILED
Description: Perf Monitoring module failed to initialize the performance monitoring job
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
jobName |
Job Name |
string |
|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_LIB_TOPO_PERF_JOB_REMOVE_FAILED
Description: Perf Monitoring module failed to remove performance monitoring job by JOB ID
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
jobId |
Job Id |
string |
|
EventType: PH_LIB_TOPO_PERF_TEMPLATE_LOAD_ERROR
Description: Perf Monitoring module failed to load performance monitor template xml
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_LIB_TOPO_PERF_TEMPLATE_PARSE_FAILURE
Description: Perf Monitoring module failed to parse performance monitor template xml
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_LIB_TOPO_PERF_TEMPLATE_PARSE_WARNING
Description: Perf Monitoring module skipped one device type while loading Performance Monitor template xml
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_LIB_TOPO_PORT_FILTER_PARSE_ERROR
Description: Perf Monitoring module failed to parse port filter
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_LIB_TOPO_PORT_FILTER_PUSH_ERROR
Description: Perf Monitoring module found empty protocol name in Port Filter
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_LIB_TOPO_PROC_CPU_MEM_TOO_HIGH
Description: Perf Monitoring module found process CPU Util or Mem Util to be too high
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
procName |
Process Name |
string |
|
|
cpuUtil |
CPU Util |
double |
|
|
memUtil |
Memory Util |
double |
|
EventType: PH_LIB_TOPO_REST_API_FAILED
Description: Failed to call a REST API
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
infoURL |
Informational URL |
string |
This field captures an URL if present in an event |
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_LIB_TOPO_RUN_SW_FILTER_PARSE_ERROR
Description: Discovery / Perf Monitoring module found failed to parse running software filter
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_LIB_TOPO_RUN_SW_FILTER_PUSH_ERROR
Description: Discovery / Perf Monitoring module found empty name and path in running software Filter
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_LIB_TOPO_SNMPWALK_ERROR
Description: Discovery / Perf Monitoring module found found empty or incomplete snmpwalk response
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
jobName |
Job Name |
string |
|
|
oid |
Object Identifier |
string |
|
EventType: PH_LIB_TOPO_STM_JOB_EXEC_FAILED
Description: Discovery / Perf Monitoring module failed to execute STM job for device
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
jobName |
Job Name |
string |
|
EventType: PH_LIB_TOPO_STM_JOB_INIT_FAILED
Description: Perf Monitoring module failed to initialize the STM job
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
jobName |
Job Name |
string |
|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_LIB_TOPO_TEST_CONN_HTTP_AGENT_FAILED
Description: Discovery module failed to test connectivity for http java agent
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_LIB_TOPO_TEST_CONN_JDBC_AGENT_FAILED
Description: Discovery module failed to test connectivity for jdbc java agent
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_LIB_TOPO_TEST_CONN_JMX_AGENT_FAILED
Description: Discovery module failed to test connectivity for jmx java agent
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_LIB_TOPO_TRUNK_PORT_MAP_PARSE_ERROR
Description: Discovery module failed to parse trunk port map
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_LIB_TOPO_VALIDATE_ACCESS_FAILED
Description: Perf Monitor module found device credential issues during initialization
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
EventType: PH_LIB_TOPO_WIN_GET_EXCH_DATABASE_INSTANCE_WARNING
Description: Discovery/Perf Monitor module failed to get Exchange Database instance metrics via WMI
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_LIB_TOPO_WIN_GET_EXCH_DATABASE_WARNING
Description: Discovery/Perf Monitor module failed to get Exchange Database metrics via WMI
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_LIB_TOPO_WIN_GET_EXCH_MAIL_SUBMISSION_WARNING
Description: Discovery/Perf Monitor module failed to get Exchange mail submission metrics via WMI
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_LIB_TOPO_WIN_GET_EXCH_PUB_MAILBOX_WARNING
Description: Discovery/Perf Monitor module failed to get Exchange public mailbox metrics via WMI
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_LIB_TOPO_WIN_GET_EXCH_REG_MAILBOX_WARNING
Description: Discovery/Perf Monitor module failed to get Exchange regular mailbox metrics via WMI
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_LIB_TOPO_WIN_GET_EXCH_REPLICATION_WARNING
Description: Discovery/Perf Monitor module failed to get Exchange replication metrics via WMI
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_LIB_TOPO_WIN_GET_EXCH_RPC_WARNING
Description: Discovery/Perf Monitor module failed to get Exchange RPC metrics via WMI
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_LIB_TOPO_WIN_GET_EXCH_SMTP_WARNING
Description: Discovery/Perf Monitor module failed to get Exchange SMTP metrics via WMI
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_LIB_TOPO_WIN_GET_EXCH_STORE_INTF_WARNING
Description: Discovery/Perf Monitor module failed to get Exchange store interface metrics via WMI
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_LIB_TOPO_WIN_GET_EXCH_TRANSPORT_QUEUE_WARNING
Description: Discovery/Perf Monitor module failed to get Exchange transport queue metrics via WMI
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_LIB_TOPO_WMI_GET_CPU_COUNT_ERROR
Description: Discovery/Perf Monitor module failed to get Windows CPU count via WMI
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_LIB_TOPO_WMI_GET_CPU_WARNING
Description: Discovery/Perf Monitor module failed to get CPU info for Windows device
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_LIB_TOPO_WMI_GET_PAGE_ACTIVITY_ERROR
Description: Discovery/Perf Monitor module failed to get Windows paging activity via WMI
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_LIB_TOPO_WMI_GET_REAL_MEM_ERROR
Description: Discovery/Perf Monitor module failed to get Windows real memory via WMI
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_LIB_TOPO_WMI_GET_RUN_SW_PERF_ERROR
Description: Discovery/Perf Monitor module failed to get Windows running software performance via WMI
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_LICENSE_ERROR
Description: FortiSIEM discovered license parsing error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_LICENSE_INFO_FAILURE
Description: Failed to get license info
Severity: 6 (Medium)
Event Category: 3 (System Logs)
EventType: PH_LICENSE_INFO_INVALIDATED
Description: Invalid license
Severity: 6 (Medium)
Event Category: 3 (System Logs)
EventType: PH_LINUX_AGENT_ACCOUT_MISSING
Description: Registration user name is missing
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_LINUX_AGENT_BIND_PORT_FAILED
Description: Socket failed to bind port
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
destIpPort |
Destination TCP/UDP Port |
uint16 |
This is the destination TCP or UDP port as identified in the event |
EventType: PH_LINUX_AGENT_CONFIG_ATTR_DECRYPTED_FAILED
Description: Failed to decrypt attr in config file.
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
fileName |
File Name |
string |
|
EventType: PH_LINUX_AGENT_CONFIG_ATTR_ENCRYPTED_FAILED
Description: Failed to encrypt attr in config file.
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
fileName |
File Name |
string |
|
EventType: PH_LINUX_AGENT_CONFIG_ATTR_NOT_FOUND
Description: Cannot find attribute in config file
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
fileName |
File Name |
string |
|
EventType: PH_LINUX_AGENT_CONFIG_MISS_ATTR
Description: Cannot find attribute in config file
Severity: 3 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
fileName |
File Name |
string |
|
EventType: PH_LINUX_AGENT_CREATE_SOCKET_FAILED
Description: Failed to create socket
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_LINUX_AGENT_EXIT
Description: Linux agent received exit signal
Severity: 3 (Low)
Event Category: 3 (System Logs)
EventType: PH_LINUX_AGENT_HOST_IP_GOT_FAILED
Description: Failed to get host ip
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_LINUX_AGENT_INCREASE_RECV_SOCK_BUF_MAX_FAILED
Description: Failed to increase Linux Agent recv socket buffe size
Severity: 3 (Low)
Event Category: 3 (System Logs)
EventType: PH_LINUX_AGENT_INIT_FIM_FAILED
Description: Linux Agent FIM Init Failed
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_LINUX_AGENT_INIT_HTTP_FAILED
Description: Failed to initial http client
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
destIpAddr |
Destination IP |
IP |
Destination IP of a device as identified in the event. |
EventType: PH_LINUX_AGENT_LOG_GENERIC
Description: Linux agent generic log
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_LINUX_AGENT_NEW_FIM_LOADED
Description: Linux Agent New FIM Config Loaded
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_LINUX_AGENT_OPEN_FILE_FAILED
Description: Linux agent open file failed
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
fileName |
File Name |
string |
|
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_LINUX_AGENT_OPEN_PORT_FAILED
Description: Failed to open port
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
ipPort |
IP Port |
uint16 |
IP port number |
EventType: PH_LINUX_AGENT_PWD_MISSING
Description: Registration password is missing
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_LINUX_AGENT_RECV_ERROR
Description: Linux agent received error from socket
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errorNo |
Error Number Unsigned |
uint32 |
This is an unsigned integer error number |
|
recvBytes64 |
Received Bytes64 |
uint64 |
Number of bytes received by a host. This has 64bit resolution. |
EventType: PH_LINUX_AGENT_REGISSTER_FAILED
Description: Failed to register linux agent
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_LINUX_AGENT_TEMPLATE_STATUS
Description: Linux Agent State
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
phCustId |
Organization ID |
uint32 |
This is the FortiSIEM organization ID unique to each tenant |
|
status |
Status |
string |
|
EventType: PH_LINUX_AGENT_UNINSTALL
Description: Linux agent received uninstall signal
Severity: 3 (Low)
Event Category: 3 (System Logs)
EventType: PH_LINUX_AGENT_UPLOAD_FILE_FAILED
Description: File Upload to destHost failed
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
fileName |
File Name |
string |
|
|
destIpAddr |
Destination IP |
IP |
Destination IP of a device as identified in the event. |
|
errorNo |
Error Number Unsigned |
uint32 |
This is an unsigned integer error number |
EventType: PH_LINUX_AGENT_UPLOAD_FILE_SUCCESS
Description: File is uploaded to collector successfully
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
fileName |
File Name |
string |
|
|
destIpAddr |
Destination IP |
IP |
Destination IP of a device as identified in the event. |
EventType: PH_LINUX_AGENT_USER_FILE_LOG_GENERIC
Description: Linux agent generic user file log
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_LINUX_AGENT_VERIFIER_ERROR
Description: Linux agent verifier error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
fileName |
File Name |
string |
|
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
|
size |
Size |
uint32 |
|
EventType: PH_LOAD_CONFIG_CHANGE_FAILED
Description: FortiSIEM Rule/Report Master/Worker modules failed to load performance monitoring config change
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
infoURL |
Informational URL |
string |
This field captures an URL if present in an event |
|
item |
Item |
string |
|
EventType: PH_MAX_DEVICES_EXCEEDED
Description: Max number of devices exceeded license
Severity: 9 (High)
Event Category: 3 (System Logs)
EventType: PH_MAX_DEVICES_LIMIT_REACHED
Description: Max number of devices exceeded license
Severity: 9 (High)
Event Category: 3 (System Logs)
EventType: PH_ML_ANOMALY_DETECTED
Description: Machine Learning Anomaly Detected
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_MODULE_ABORT
Description: Module exited abnormally
Severity: 6 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
coreDumpFile |
Coredump File Name |
string |
|
EventType: PH_MODULE_ABORT_FOUND
Description: Module found aborted
Severity: 6 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
reptProcName |
Reported Process Name |
string |
|
|
eventTime |
Event Occur Time |
Date |
|
EventType: PH_MODULE_ACCEPTED_CONN
Description: Module accepted connection
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
EventType: PH_MODULE_ACE_HANDLE_EVENT_ERROR
Description: ACE failed to handle event
Severity: 6 (Medium)
Event Category: 3 (System Logs)
EventType: PH_MODULE_COMM_ERROR
Description: Module encountered inter-module communication error
Severity: 6 (Medium)
Event Category: 3 (System Logs)
EventType: PH_MODULE_COMM_HANDLER_REG
Description: Module registering notification handlers
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
notifId |
Notification ID |
uint32 |
|
|
handlerName |
Notification Handler Name |
string |
|
EventType: PH_MODULE_COMM_PORTS_OPENED
Description: Module opened Notification Service ports
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
ipProto |
IP Protocol |
uint16 |
IP Protocol, e.g. TCP, UDP, ICMP etc as defined in IP RFPs |
|
srcIpPort |
Source TCP/UDP Port |
uint16 |
This is the source TCP or UDP port as identified in the event |
EventType: PH_MODULE_DB_CONFIG_LOADED
Description: Module loaded database config succesfully
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_MODULE_DIODE_CONFIG_ERROR
Description: Module failed to load diode collector config
Severity: 6 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_MODULE_EXCEPTION_NOT_CAUGHT
Description: Exception not caught
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_MODULE_EXITING
Description: Module exiting
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_MODULE_EXIT_OK
Description: Module exited gracefully
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_MODULE_HEARTBEAT_INIT
Description: Module initializing heartbeat object
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_MODULE_INITIALIZING
Description: Module initialization
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_MODULE_INIT_COMPLETE
Description: Module successfully started
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_MODULE_INIT_FAILURE
Description: Module initialization failure
Severity: 6 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
module |
Module Name |
string |
|
EventType: PH_MODULE_LICENSE_FAILURE
Description: Module failed to get license
Severity: 6 (Medium)
Event Category: 3 (System Logs)
EventType: PH_MODULE_LOADED_NEW_CONFIG
Description: Module sucessfully loaded new config
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_MODULE_LOAD_DIODE_CRED_ERROR
Description: Failed to load diode collector agent credential
Severity: 6 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_MODULE_LOCAL_CONFIG_LOADED
Description: Module loaded local config successfully
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
configName |
Config Name |
string |
|
EventType: PH_MODULE_LOCAL_CONFIG_SECTION_ERROR
Description: Module failed to load local config section
Severity: 6 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
configSectName |
Config Section Name |
string |
|
EventType: PH_MODULE_LOCAL_CONFIG_VALUE_ERROR
Description: Module failed to load local config value
Severity: 6 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
configName |
Config Name |
string |
|
|
configValue |
Config Value |
string |
|
EventType: PH_MODULE_LOG_LEVEL_CHANGE
Description: Module received log level change
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
oldLogLevel |
Old Log Level |
uint32 |
|
|
newLogLevel |
New Log Level |
uint32 |
|
EventType: PH_MODULE_RECVD_EXIT_EXT
Description: Module received external signal to exit
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
exitValue |
Command exit value |
int32 |
|
EventType: PH_MODULE_RECVD_EXIT_MONITOR
Description: Module received exit request from Monitor
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_MODULE_RECVD_NEW_CONFIG
Description: Module received config change notification
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_MODULE_RECVD_START
Description: Module received start request
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_MODULE_SETPIDFILE_ERR
Description: Module unable to set PID file
Severity: 6 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errorNo |
Error Number Unsigned |
uint32 |
This is an unsigned integer error number |
EventType: PH_MODULE_UNABLE_INIT_SHARED_STORE
Description: Module unable to init shared store
Severity: 6 (Medium)
Event Category: 3 (System Logs)
EventType: PH_MODULE_UNABLE_OPEN_COMM_PORT
Description: Module unable to open inter-module comm port during initialization
Severity: 6 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
ipProto |
IP Protocol |
uint16 |
IP Protocol, e.g. TCP, UDP, ICMP etc as defined in IP RFPs |
|
srcIpPort |
Source TCP/UDP Port |
uint16 |
This is the source TCP or UDP port as identified in the event |
EventType: PH_MONITOR_ARCHIVE_GET_WORKER_FAILURE
Description: phMonitor Failed to get worker list for archive change
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_MONITOR_ARCHIVE_UPDATE_WORKER_FAILURE
Description: phMonitor Failed to update worker archive
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_MONITOR_BEACONING_REGISTER_FAILURE
Description: Beaconing Registration Failed
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_MONITOR_CHECK_DEPENDENCY_FAILED
Description: Failed to check dependency
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_MONITOR_CMD_FAILURE
Description: phMonitor failed to run command
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
command |
Command |
string |
|
|
errorNoInt |
Error Number Int |
int32 |
|
EventType: PH_MONITOR_CMD_SEND_FAILURE
Description: FortiSIEM Monitor module failed to send command to other FortiSIEM modules
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
command |
Command |
string |
|
|
targetProcName |
Target Process Name |
string |
|
EventType: PH_MONITOR_COLLECTOR_REGISTER_FAILURE
Description: phMonitor failed to register collector
Severity: 10 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_MONITOR_COLLECTOR_UPDATE_STATUS_FAILURE
Description: FortiSIEM Monitor module failed to update Collector status
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
msg |
Message |
string |
|
EventType: PH_MONITOR_CONFIG_DOWNLOAD_FAILURE
Description: phMonitor failed to download config from App Server
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_MONITOR_DELETE_SECONDARY_ON_WORKER_FAILED
Description: Failed to remove DR configuration on secondary worker
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
destIpAddr |
Destination IP |
IP |
Destination IP of a device as identified in the event. |
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_MONITOR_DELETE_SUPER_FOLLOWER_FAILED
Description: Failed to remove configuration of follower super
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_MONITOR_DISPATCH_CMD_MISMATCH
Description: phMonitor failed to dispatch wrong command to other processes
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
command |
Command |
string |
|
EventType: PH_MONITOR_DOMAIN_CHANGE_XML_PARSE_FAILURE
Description: phMonitor failed to parse AppDefn object from App Server
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_MONITOR_ENT_OR_SP_MODE_MISSING
Description: phMonitor failed to identfy Service Provider or Enterprise installation
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_MONITOR_EXCESSIVE_DB_LOGIN_FAILURE
Description: phMonitor failed to login to PostGreSQL
Severity: 10 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
serverName |
Server Name |
string |
|
EventType: PH_MONITOR_FAILED_CONN_QUERYMASTER
Description: Unable to send status query to QueryMaster
Severity: 6 (Medium)
Event Category: 3 (System Logs)
EventType: PH_MONITOR_FILE_IO_ERROR
Description: phMonitor encountered empty or unreadable file
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
|
filePath |
File Path |
string |
|
|
errorNoInt |
Error Number Int |
int32 |
|
EventType: PH_MONITOR_FILE_PERMISSION_ERROR
Description: File Permssion error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_MONITOR_FILE_PERMISSION_WARNING
Description: File permission warning
Severity: 3 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
details |
Details |
string |
|
EventType: PH_MONITOR_FLIP_PRIMARY_FAILURE
Description: phMonitor failed to flip primary server
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_MONITOR_FSM_AGENT_UPDATE_PWD_ERROR
Description: phMonitor failed to update FortiSIEM Agent upload password
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_MONITOR_GET_REPLICATION_PROGRESS_FAILED
Description: Failed to get replication progress
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_MONITOR_GET_UPTIME_ERROR
Description: FortiSIEM Monitor module failed to get system uptime
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_MONITOR_HANDLE_TASK
Description: Monitor handles task
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_MONITOR_HARDWARE_SN_FORK_FAILURE
Description: phMonitor failed to fork to determine hardware Serial Number
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errorNoInt |
Error Number Int |
int32 |
|
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_MONITOR_HOST_UUID_READ_FAILURE
Description: phMonitor on Collector failed to read CSI
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_MONITOR_HTTP_PULL_ERROR
Description: phMonitor failed to pull information via HTTP from App Server
Severity: 10 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_MONITOR_INIT_PROC_MODULE_NOT_FOUND
Description: phMonitor failed to initialize - Module not found
Severity: 10 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
module |
Module Name |
string |
|
EventType: PH_MONITOR_INIT_SECONDARY_ON_WORKER_FAILED
Description: Failed to update configuration on secondary worker
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
destIpAddr |
Destination IP |
IP |
Destination IP of a device as identified in the event. |
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_MONITOR_INIT_SUPER_FOLLOWER_FAILED
Description: Failed to update configuration of follower super
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_MONITOR_INIT_SYSTEM_XML_PARSE_FAILURE
Description: phMonitor failed to initialize - Wrong System Services XML in Config file
Severity: 10 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
xmlBody |
XML Body |
string |
|
EventType: PH_MONITOR_LIB_DEPENDENCY_WARNING
Description: Library dependency warning
Severity: 3 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
details |
Details |
string |
|
EventType: PH_MONITOR_LICENSE_ERROR
Description: phMonitor encountered license file error
Severity: 10 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_MONITOR_LOCAL_HOSTNAME_GET_FAILURE
Description: phMonitor cannot get local machine host name
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_MONITOR_MEM_FILE_OPEN_FAILURE
Description: phMonitor failed on mem file open
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errorNoInt |
Error Number Int |
int32 |
|
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
|
userId |
User Id |
string |
|
EventType: PH_MONITOR_MISSING_MONITOR
Description: No running phMonitor process
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_MONITOR_MMAP_FAILURE
Description: phMonitor encountered MMAP failed
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errorNoInt |
Error Number Int |
int32 |
|
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_MONITOR_MOTNIROR_REGISTER_FAILURE
Description: phMonitor failed to register other monitors
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_MONITOR_NOTIFICATION_CLIENT_CONTACT_FAILURE
Description: phMonitor Notification Client failed to contact another process
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
destIpAddr |
Destination IP |
IP |
Destination IP of a device as identified in the event. |
EventType: PH_MONITOR_NOTIFICATION_CMD_EMPTY
Description: phMonitor Notification client encountered invalid argument
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_MONITOR_NOTIFICATION_CMD_MISMATCH
Description: phMonitor Notification client encountered unknown command type
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
notifEvtId |
Notification Event Id |
uint32 |
|
EventType: PH_MONITOR_NOTIFICATION_RETURN_FAILURE
Description: phMonitor Notification client encountered returns failure
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
destIpAddr |
Destination IP |
IP |
Destination IP of a device as identified in the event. |
|
xmlBody |
XML Body |
string |
|
|
errorNo |
Error Number Unsigned |
uint32 |
This is an unsigned integer error number |
EventType: PH_MONITOR_PHOENIX_CONFIG_GLOBAL_MISSING
Description: phMonitor found GLOBAL phoenix_config section missing
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_MONITOR_PHOENIX_CONFIG_INVALID
Description: phMonitor found Invalid phoenix config file
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_MONITOR_PROCESS_OWNER_NOT_ADMIN_ERROR
Description: FortiSIEM Monitor module detected that a file owner is not admin
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
userId |
User Id |
string |
|
|
groupID |
Group ID |
string |
|
EventType: PH_MONITOR_RECVD_CONFIG_CHANGE
Description: Monitor received config change notification
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_MONITOR_RECVD_HEARTBEAT
Description: Monitor received heartbeat from module
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
reptProcName |
Reported Process Name |
string |
|
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
usrMsg |
User defined msg |
string |
|
EventType: PH_MONITOR_REGISTER_MONITOR_GET_WORKER_FAILURE
Description: phMonitor failed to get workers
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_MONITOR_REGISTER_NODE
Description: Register node
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_MONITOR_REGISTER_SUPER_FOLLOWER
Description: Register follower super
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_MONITOR_REGISTER_WORKER
Description: Register worker
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_MONITOR_REMOVE_NODE
Description: Remove node
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_MONITOR_REMOVE_SUPER_FOLLOWER
Description: Remove follower super
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_MONITOR_REMOVE_WORKER
Description: Remove worker
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_MONITOR_REPORTSERVER_LICENSE_INVALID
Description: phMonitor found invalid Report Server license
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errorNoInt |
Error Number Int |
int32 |
|
EventType: PH_MONITOR_REPORTSERVER_NOTIFICATION_CLIENT_CONTACT_FAILURE
Description: phMonitor Notification client failed to contact report server
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
serverName |
Server Name |
string |
|
EventType: PH_MONITOR_REPORTSERVER_NOTIFICATION_CLIENT_INIT_FAILURE
Description: phMonitor Notification client failed to contact report server
Severity: 10 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
serverName |
Server Name |
string |
|
EventType: PH_MONITOR_REPORTSERVER_NOTIFICATION_SERVER_RETURN_FAILURE
Description: phMonitor Notification client encountered report server return failure
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
serverName |
Server Name |
string |
|
EventType: PH_MONITOR_RESET_STORAGE_CONFIG_FAILED
Description: Failed to reset storage configuration
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
type |
Type |
string |
|
EventType: PH_MONITOR_RESTART_MODULES
Description: Monitor restarting all modules
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_MONITOR_REST_CACHE_REQUEST_EMPTY
Description: phMonitor found empty REST Cache Request
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_MONITOR_REST_CACHE_REQUEST_FAILURE
Description: phMonitor failed to get response to Cache REST API request
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
requestBody |
Request Body |
string |
|
EventType: PH_MONITOR_REST_CACHE_REQUEST_FORMAT_ILLEGAL
Description: phMonitor encountered Invalid REST Request
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
requestBody |
Request Body |
string |
|
EventType: PH_MONITOR_REST_CACHE_SERVER_INIT_FAILURE
Description: phMonitor failed to initialize HTTP cache server
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_MONITOR_REST_CALL_FAILURE
Description: phMonitor REST API call failed
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
uriStem |
URI Stem |
string |
|
EventType: PH_MONITOR_ROLE_UNDEFINED
Description: phMonitor found undefined Monitor Rolein phoenix_config.txt
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_MONITOR_SEND_CMD_TO_MODULE
Description: Monitor sending command to module
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
command |
Command |
string |
|
|
destName |
Destination Host Name |
string |
Destination device's hostname as identified in the log, can also be enriched using reverse lookup of the destination IP address. |
EventType: PH_MONITOR_SEND_VG_UPDATE_CMD_TO_MODULE
Description: Monitor sending value group update command to module
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
command |
Command |
string |
|
|
destName |
Destination Host Name |
string |
Destination device's hostname as identified in the log, can also be enriched using reverse lookup of the destination IP address. |
EventType: PH_MONITOR_SETUID_FAILURE
Description: phMonito failed to raise privilege via setuid()
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errorNoInt |
Error Number Int |
int32 |
|
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_MONITOR_START_MODULE
Description: Monitor starting a module
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
reptProcName |
Reported Process Name |
string |
|
EventType: PH_MONITOR_START_MODULES
Description: Monitor starting all modules
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_MONITOR_STATFS_FAILURE
Description: phMonitor statfs() return failure
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errorNoInt |
Error Number Int |
int32 |
|
EventType: PH_MONITOR_STATUS_PUSHER_SPAWN_FAILURE
Description: phMonitor encountered error in spawning statusPusher thread
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_MONITOR_STOP_MODULES
Description: Monitor stopping all modules
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_MONITOR_STOP_READER
Description: Deactivating shared store reader
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
reptProcName |
Reported Process Name |
string |
|
EventType: PH_MONITOR_STORAGE_ES_CUSTOMIZED_TEMPLATE_DEPLOYED
Description: Monitor deployed customized ES templated
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_MONITOR_STORAGE_GET_WORKER_FAILURE
Description: phMonitor Failed to get worker list for storage change
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_MONITOR_STORAGE_LOCAL_GET_FAILURE
Description: FortiSIEM Monitor module failed to get local disk configuration for event database storage
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_MONITOR_STORAGE_NFS_GET_FAILURE
Description: phMonitor failed to get nfs
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
dirName |
Directory Name |
string |
|
EventType: PH_MONITOR_STORAGE_TYPE_GET_FAILURE
Description: phMonitor failed to get storage type
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_MONITOR_STORAGE_TYPE_UNKNOWN
Description: phMonitor encountered unknown storage type
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
type |
Type |
string |
|
EventType: PH_MONITOR_STORAGE_UPDATE_WORKER_FAILURE
Description: phMonitor Failed to update worker storage
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_MONITOR_SVC_PASSWORD_DISTRIBUTION_ERROR
Description: phMonitor failed to contact one or more processes with changed svc passwd - so restarting all processes
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_MONITOR_SYSINFO_FAILURE
Description: phMonitor could not get system uptime via sysinfo - assuming uptime of 1 day
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errorNoInt |
Error Number Int |
int32 |
|
EventType: PH_MONITOR_SYSTEM_DB_LOGIN_ERROR
Description: DB login failure
Severity: 6 (Medium)
Event Category: 3 (System Logs)
EventType: PH_MONITOR_SYSTEM_HEALTH_CPU
Description: PH system health issue: high CPU usage
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
reptProcName |
Reported Process Name |
string |
|
EventType: PH_MONITOR_SYSTEM_HEALTH_ISSUE
Description: PH system health issue: high CPU and/or memory usage
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
reptProcName |
Reported Process Name |
string |
|
EventType: PH_MONITOR_SYSTEM_HEALTH_MEM
Description: PH system health issue: memory usage
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
reptProcName |
Reported Process Name |
string |
|
EventType: PH_MONITOR_SYSTEM_STATUS_SPAWN_FAILURE
Description: phMonitor encountered error in spawning systemStatus thread
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_MONITOR_THREAD_SPAWN_FAILED
Description: Failed to spawn thread
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
funName |
Function Name |
string |
|
EventType: PH_MONITOR_TUNNEL_ERROR
Description: phMonitor encountered Tunnel XML error
Severity: 10 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_MONITOR_UMOUNT_NFS_FAILURE
Description: phMonitor failed to umount nfs
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errorNoInt |
Error Number Int |
int32 |
|
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_MONITOR_UNABLE_CONTACT_APPSVR
Description: phMonitor uable to contact App Server - see respnse code
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
httpStatusCode |
HTTP Status |
string |
|
EventType: PH_MONITOR_UPLOAD_LOG_SPAWN_FAILURE
Description: phMonitor encountered error in spawning logUploader thread
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_MONITOR_WINAGENT_DELETE_PWD_SPAWN_FAILURE
Description: phMonitor encountered error in spawning removeHttpdPassword thread
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_MONITOR_WINAGENT_UPDATE_PWD_ERROR
Description: phMonitor encountered failed to update windows agent upload password
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_MONITOR_WIN_LINUX_AGENT_PWD_UPDATE_SUCCESS
Description: Windows/Linux Agent password is update successfully
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
phAgentId |
Agent ID |
string |
Unique ID of Linux or Windows Agents in FortiSIEM. This is assigned by App Server when an agent registers. |
EventType: PH_MONITOR_WORKER_NODECONFIG_UPDATE_FAILED
Description: Failed to update nodejs config file with auth info on worker
Severity: 10 (High)
Event Category: 3 (System Logs)
EventType: PH_MONITOR_WORKER_REDIS_ADDSLAVE_UPDATE_FAILED
Description: Failed to update redis config file with addslave info on worker
Severity: 10 (High)
Event Category: 3 (System Logs)
EventType: PH_MONITOR_WORKER_REDIS_CONF_UPDATE_FAILED
Description: Failed to update redis config file with auth info on worker
Severity: 10 (High)
Event Category: 3 (System Logs)
EventType: PH_NETFLOW_BAD_FLOW
Description: Parser module module received a netflow packet with wrong length
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_NETFLOW_BAD_FLOW_END
Description: Parser module received a netflow packet with unsupported end of netflow datagram
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_NETFLOW_BAD_HEADER_PROTOCOL
Description: Parser module received a netflow packet with unsupported netflow header protocol
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_NETFLOW_BAD_PACKET
Description: Parser module received a incorrectly formatted netflow packet
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_NETFLOW_BAD_RECORD
Description: Parser module received a incorrectly formatted netflow flow
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_NETFLOW_BAD_TYPE
Description: Parser module received a netflow packet with unsupported netflow sample type
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_NETFLOW_BAD_VER
Description: Parser module received a netflow packet with unsupported netflow version
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
reptDevIpAddr |
Reporting IP |
IP |
This is the device that originated the log or event packet, also known as the reporting device. |
EventType: PH_NETFLOW_EXCEPTION
Description: Parser module encountered netflow parsing error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_NOTIFICATION_ACCEPT_FAILURE
Description: failed to accept connection
Severity: 6 (Medium)
Event Category: 3 (System Logs)
EventType: PH_NOTIFICATION_CALLBACK_ERROR
Description: FortiSIEM Notification module callback error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_NOTIFICATION_CONN_FAILED
Description: FortiSIEM Notification module failed connection
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
serverName |
Server Name |
string |
|
|
ipPort |
IP Port |
uint16 |
IP port number |
|
module |
Module Name |
string |
|
EventType: PH_NOTIFICATION_INIT_FAILED
Description: FortiSIEM Notification module initialization failed
Severity: 10 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_NOTIFICATION_NO_RESPONSE
Description: has no response on Notification
Severity: 6 (Medium)
Event Category: 3 (System Logs)
EventType: PH_NOTIFICATION_RETURN_FAILURE
Description: Notification returns failure
Severity: 6 (Medium)
Event Category: 3 (System Logs)
EventType: PH_NOTIFICATION_SEND_FAILURE
Description: FortiSIEM Notification module send failure
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_NOTIFICATION_SEND_FILE_FAILURE
Description: FortiSIEM Notification module file send failure
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
EventType: PH_NO_PARSER_FOR_EVENT
Description: No parser available for event
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
eventName |
Event Name |
string |
This is the eventType display name, or human readable name. In many cases the eventType is sufficiently labeled. |
EventType: PH_OBJECT_NOT_FOUND
Description: Can not find specified object
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_PARSER_BIND_PORT_FAILURE
Description: Parser module failed to bind to a TCP/UDP ports
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errorNoInt |
Error Number Int |
int32 |
|
EventType: PH_PARSER_DATA_SIZE_OVERFLOW
Description: Data size exceeding capacity
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_PARSER_DIR_OPEN_FAILURE
Description: Parser module failed to open directory
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
dirName |
Directory Name |
string |
|
EventType: PH_PARSER_EVENT_PARSER_ERROR
Description: Parser module failed to parse event parsing xml from local disk or App server
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
tagName |
Tag Name |
string |
|
|
parserName |
Event Parser Name |
string |
The name of parser that parsed the event |
|
funName |
Function Name |
string |
|
EventType: PH_PARSER_EVENT_SERIALIZE_ERROR
Description: Parser module failed to serialize event before writing to shared buffer
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_PARSER_FILE_DELETE_FAILURE
Description: Parser module failed to delete file
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
|
errorNoInt |
Error Number Int |
int32 |
|
EventType: PH_PARSER_FILE_DELETE_FAILURE_RENAME
Description: Parser module failed to delete file but succeeded to rename. These files may fill up disk
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
|
errorNoInt |
Error Number Int |
int32 |
|
EventType: PH_PARSER_FILE_INVALID_FORMAT
Description: Parser module failed to parse event or metadata files with invalid file format
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_PARSER_FILE_INVALID_HEADER
Description: Parser module failed to parse event files with invalid file header
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_PARSER_FILE_NOT_EXIST
Description: File doesn't exsit
Severity: 3 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
EventType: PH_PARSER_FILE_OPEN_FAILURE
Description: Parser module failed to open file
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
|
errorNoInt |
Error Number Int |
int32 |
|
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_PARSER_FILE_READ_FAILURE
Description: Parser module failed to read file
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
|
errorNoInt |
Error Number Int |
int32 |
|
EventType: PH_PARSER_FILE_RENAME_FAILURE
Description: Parser module failed to rename file
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
|
errorNoInt |
Error Number Int |
int32 |
|
EventType: PH_PARSER_FILE_SIZE_MISMATCH
Description: Parser module ignored event file from collector because of file size mismatch
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
EventType: PH_PARSER_FILE_STAT_FAILURE
Description: Parser module failed to obtain file status and will skip the file
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
|
errorNoInt |
Error Number Int |
int32 |
|
EventType: PH_PARSER_FILE_WRITE_FAILURE
Description: Parser module failed to write file
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
|
errorNoInt |
Error Number Int |
int32 |
|
EventType: PH_PARSER_GEO_WRONG_ATTR_NUMBER
Description: Parser module internal error - mismatched GEO attribute count
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_PARSER_GEO_WRONG_CACHE_NUMBER
Description: Parser module internal error - incorrect GEO cache attribute count
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_PARSER_GET_PROCESS_ERROR
Description: Parser module failed to get own process information
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_PARSER_GLOBAL_LICENSE_EXCEED
Description: Global EPS license exceeded and events will be dropped
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
licenseEventsPerSec |
License EPS |
uint64 |
|
EventType: PH_PARSER_HTTP_RESPONSE_ERROR
Description: Parser module failed to get response from App Server
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errorNo |
Error Number Unsigned |
uint32 |
This is an unsigned integer error number |
EventType: PH_PARSER_HTTP_UPLOAD_FAILURE
Description: Parser module failed to upload information to App Server
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_PARSER_INIT_FAILURE
Description: Parser module failed to initialize
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
funName |
Function Name |
string |
|
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_PARSER_INVALID_CSV
Description: Parser module failed to load CSV file
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
EventType: PH_PARSER_INVALID_EXT_LOG_PROTO
Description: Parser module encountered unsupported external log receive protocol
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_PARSER_INVALID_ORG_NAME
Description: Parser module received invalid organization in event
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
customer |
Organization Name |
string |
This is the FortiSIEM Organization Name, which is unique to each tenant. It identifies the tenant this event belongs to. |
EventType: PH_PARSER_INVALID_PHOENIX_CONFIG
Description: Parser module found incorrectly formatted phoenix config file entry
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
module |
Module Name |
string |
|
|
configName |
Config Name |
string |
|
|
configValue |
Config Value |
string |
|
EventType: PH_PARSER_IP_TYPE_INVALID
Description: Invalid IP type
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_PARSER_JSON_PARSE_FAILURE
Description: Parser module failed to parse Json
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
|
jsonBody |
JSON Body |
string |
|
EventType: PH_PARSER_MALLOC_FAILURE
Description: Parser module failed to dynamically allocate memory
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_PARSER_PACK_EVENT_ERROR
Description: Parser module failed to pack event before sending to other modules for internal communication
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
funName |
Function Name |
string |
|
EventType: PH_PARSER_RAWEVENT_TOO_LARGER
Description: Raw event's size is more than 10M. Save it to tmp file and not send to parser
Severity: 3 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
EventType: PH_PARSER_REST_PARSE_ERROR
Description: Parser module failed to parse REST api from App Server
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_PARSER_RUN_PROCESS_ERROR
Description: Parser module failed to start
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_PARSER_SEND_EVENT_FAILURE
Description: Parser module failed to send event
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_PARSER_SEND_TO_DISCOV_FAILURE
Description: Parser module failed to send internal event to discovery module
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_PARSER_SEND_TO_MONITOR_FAILURE
Description: Parser module failed to send internal event to Supervisor phMonitor process
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_PARSER_SET_USER_ID_FAILURE
Description: Parser module unable to set effective user ID
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_PARSER_SHARED_STORE_ERROR
Description: FortiSIEM Parser module encountered shared store error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_PARSER_SNMPTRAP_INIT_FAILURE
Description: Parser module failed to initialize snmptrap
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_PARSER_SOCKET_ERROR
Description: Parser module failed to open socket
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errorNoInt |
Error Number Int |
int32 |
|
EventType: PH_PARSER_SOCKET_RECV_ERROR
Description: Parser module failed to receive message via socket
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errorNoInt |
Error Number Int |
int32 |
|
EventType: PH_PARSER_SOCKET_SELECT_ERROR
Description: Parser module failed to select in socket API
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errorNoInt |
Error Number Int |
int32 |
|
EventType: PH_PARSER_SPAWN_THREAD_FAILURE
Description: Parser module failed to spawn thread
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
funName |
Function Name |
string |
|
EventType: PH_PARSER_SSL_ACCEPT_ERROR
Description: Parser module failed to accept SSL connection
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_PARSER_SSL_CERT_LOAD_ERROR
Description: Parser module failed to load SSL certificate
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_PARSER_TEST_RULES_PARSE_ALL_EVENTS_BEGIN
Description: Parser beginning to parse all events
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_PARSER_TEST_RULES_PARSE_ALL_EVENTS_END
Description: Parser finished parsing all events
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
ruleId |
Rule ID |
uint64 |
Unique ID of a FortiSIEM rule. |
EventType: PH_PARSER_TEST_RULES_PARSE_ONE_EVENT_BEGIN
Description: Event parsing begins
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_PARSER_TEST_RULES_PARSE_ONE_EVENT_END
Description: Event parsing ends
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
eventId |
Event ID |
uint64 |
This is a globally unique ID assigned to every raw event ingested into the SIEM. This is used by the system for tying events to incidents, and is typically not needed by end users. |
EventType: PH_PARSER_TOO_MANY_UNKNOWN_EVENTS
Description: Too many unknown events
Notes: This event is generated by the phParser process running on a FortiSIEM node when too many unknown events are received from a single source IP (Reporting IP). Unknown events implies that there is no matching parser to parse those events. The thresholds are defined in /opt/phoenix/config/phoenix_config.txt. [BEGIN PHPARSER] unknown_event_skip_eps=20 unknown_event_skip_size=10240 # 10kB [END PHPARSER] The explanation of these attributes is as follows. The attribute unknown_event_skip_eps is used to calculate the maximum number of allowed unparsed events from a source. The attribute unknown_event_skip_size is used to calculate the maximum size of allowed unparsed raw events from a source. The window for detecting excessive unknown events in 3 minutes (or 180 seconds). In this window: - the maximum number of allowed unparsed events from a single source is unknown_event_skip_eps times 180, and - the maximum cumulative raw event size (in bytes) of all unparsed events from a single source is unknown_event_skip_size. For example: For unknown_event_skip_eps=20 and unknown_event_skip_size=10240, if either 3600 unknown events is received from one source or the total size of unknown events from one source reaches 10kB in a 3 minute window, then the event PH_PARSER_TOO_MANY_UNKNOWN_EVENTS is generated and parsing stops for that reporting IP for the remainder of the 3 minute window. Once the 3 minute window expires, the restriction is lifted and events from that IP are parsed again. If the condition happens again in the new window, then the same action is taken as the previous window. This action is taken to reduce the load on the parser module in the case of excessive unknown events. Increasing the values of unknown_event_skip_eps and unknown_event_skip_size may have a performance impact on the CPU and memory consumption by the parser module on that FortiSIEM node.
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
relayDevIpAddr |
Relaying IP |
IP |
Relaying IP is most commonly used to specify the log relay appliance, usually a collector. |
EventType: PH_PARSER_UPDATE_FAILURE
Description: Parser module failed to update internal information from REST API
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_PARSER_USE_ERROR_BEFORE_INIT
Description: Parser module attempted to use an object before initialization
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_PARSER_WRONG_EVENT_SIZE
Description: FortiSIEM module failed to load serialized event
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_PARSER_WRONG_PARAMETER
Description: Parser module encountered wrong parameter during event parsing
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
funName |
Function Name |
string |
|
|
paraName |
Param Name |
string |
|
|
parserName |
Event Parser Name |
string |
The name of parser that parsed the event |
EventType: PH_PARSER_WTAP_ERR_BAD_FILE
Description: The file is damaged or corrupt
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_PARSER_WTAP_ERR_CANT_OPEN
Description: Parser module failed to open file
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
EventType: PH_PARSER_WTAP_ERR_COMPRESSION_NOT_SUPPORTED
Description: Parser module failed to write this file type as a compressed file
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
EventType: PH_PARSER_WTAP_ERR_DECOMPRESS
Description: The compressed file appears to be damaged or corrupt
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_PARSER_WTAP_ERR_ENCAP_PER_PACKET_UNSUPPORTED
Description: Parser module doesn't support the network type in the file
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
EventType: PH_PARSER_WTAP_ERR_FILE_UNKNOWN_FORMAT
Description: Parser module doesn't support this file format
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
EventType: PH_PARSER_WTAP_ERR_NOT_REGULAR_FILE
Description: Parser module failed to parse a special file or socket or other non-regular file
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
EventType: PH_PARSER_WTAP_ERR_RANDOM_OPEN_PIPE
Description: Parser module can't parse a pipe or FIFO files
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
EventType: PH_PARSER_WTAP_ERR_SHORT_READ
Description: The file has been cut short in the middle of a packet
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
EventType: PH_PARSER_WTAP_ERR_SHORT_WRITE
Description: Parser module failed to write a full header in the file
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
EventType: PH_PARSER_WTAP_ERR_UNSUPPORTED
Description: Parser module doesn't support record data in the file
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_PARSER_XML_PARSE_ERROR
Description: Parser module failed to parse generic xml document
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
tagName |
Tag Name |
string |
|
|
parserName |
Event Parser Name |
string |
The name of parser that parsed the event |
EventType: PH_PARSER_XML_PARSE_FAILURE
Description: Parser module failed to parse XML
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
propName |
Property Name |
string |
|
|
propValue |
Property Value |
string |
|
EventType: PH_PARSE_CONFIG_CHANGE_FAILED
Description: FortiSIEM bRule/Report Master/Worker modules failed to parse performance monitoring config change
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_PDF_BUILDER_ERROR
Description: PDF builder error
Severity: 5 (Medium)
Event Category: 3 (System Logs)
EventType: PH_PERFMON_COMMIT_FILE_FAILED
Description: Perf Monitoring module failed to commit file into svn - may due to race condition - will retry
Severity: 3 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
EventType: PH_PERFMON_CONFIG_SEND_FAILED
Description: Perf Monitoring module found unexpected http return code when sending config version to App Server
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errorNo |
Error Number Unsigned |
uint32 |
This is an unsigned integer error number |
EventType: PH_PERFMON_CONFIG_VERSION_ERROR
Description: Perf Monitoring module encountered wrong config version
Severity: 3 (Low)
Event Category: 3 (System Logs)
EventType: PH_PERFMON_CONFIG_VERSION_WARNING
Description: FortiSIEM Performance monitoring module detected Monitoring Config version out of sync with App server
Severity: 3 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_PERFMON_CUST_JOB_ADD_FAILED
Description: Perf Monitoring module failed to add custom monitoring job
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_PERFMON_INIT_ERROR
Description: Perf Monitoring module failed to initialize
Severity: 10 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_PERFMON_INST_SW_MAP_EMPTY
Description: Perf Monitoring module found that downloaded Installed software map from App Server is empty
Severity: 3 (Low)
Event Category: 3 (System Logs)
EventType: PH_PERFMON_INST_SW_NO_NAME
Description: Perf Monitoring module found that downloaded Installed software from App Server has no name
Severity: 3 (Low)
Event Category: 3 (System Logs)
EventType: PH_PERFMON_JOB_ADD_FAILED
Description: Perf Monitoring module failed to add monitoring job
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_PERFMON_MASS_PING_WARNING
Description: Perf Monitoring MassPing module found invalid IP
Severity: 3 (Low)
Event Category: 3 (System Logs)
EventType: PH_PERFMON_MONITEE_BAD
Description: Perf Monitoring module encountered bad monitee map entry
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_PERFMON_MONITEE_NOT_FOUND
Description: Perf Monitoring module failed to find a monitee
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_PERFMON_NO_DEV_TYPE
Description: Perf Monitoring module encountered internal error - devTypeToJobItemMap find failed
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_PERFMON_PERF_OBJ_PARSE_FAILURE
Description: Perf Monitoring module did not find performance object definition in XML received from App Server
Severity: 3 (Low)
Event Category: 3 (System Logs)
EventType: PH_PERFMON_PING_RESULT_OPEN_FAILED
Description: Perf Monitoring module failed to open Ping result file
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_PERFMON_PROC_RUN_FAILED
Description: Perf Monitoring module failed to run process
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_PERFMON_REAL_TIME_JOB_RUN_FAILED
Description: Perf Monitoring module failed to run real time job
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_PERFMON_ROUTE_LOAD_ERROR
Description: Perf Monitoring module failed to load network dependency from app server
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_PERFMON_STATUS_REPORTER_INIT_FAILED
Description: Perf Monitoring module failed to initialize job status reporter
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_PERFMON_STATUS_REPORT_FAILED
Description: Perf Monitoring module failed to report task status to App Server
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_PERFMON_SVN_CHECKOUT_FAILED
Description: Perf / Config Monitoring module failed to check out SVN directory
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
dirName |
Directory Name |
string |
|
EventType: PH_PERFMON_SVN_CONFIG_MISSING
Description: Perf / Config Monitoring module failed to find running or startup config
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_PERFMON_SVN_DIR_CREATE_FAILED
Description: Perf / Config Monitoring module failed to create svn root dir
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
dirName |
Directory Name |
string |
|
EventType: PH_PERFMON_SVN_DIR_UPDATE_FAILED
Description: Perf / Config Monitoring module failed to update dir
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
dirName |
Directory Name |
string |
|
EventType: PH_PERFMON_SVN_FILE_COPY_FAILED
Description: Perf / Config Monitoring module failed to copy file
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
srcFilePath |
Source File Path |
string |
|
|
destFilePath |
Destination File Path |
string |
|
EventType: PH_PERFMON_SVN_FILE_EMPTY
Description: Perf / Config Monitoring module config file is empty
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
EventType: PH_PERFMON_SVN_FILE_MARK_FAILED
Description: Perf / Config Monitoring module failed to mark file for add to svn
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
EventType: PH_PERFMON_SVN_FILE_OPEN_FAILED
Description: Perf / Config Monitoring module cannot open file
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
|
exitValue |
Command exit value |
int32 |
|
EventType: PH_PERFMON_SVN_FILE_PARSE_FAILED
Description: Perf / Config Monitoring module failed to parse file
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
EventType: PH_PERFMON_SVN_FILE_REMOVE_FAILED
Description: Perf / Config Monitoring module failed to remove file
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
|
exitValue |
Command exit value |
int32 |
|
EventType: PH_PERFMON_SVN_FILE_RENAME_FAILED
Description: Perf / Config Monitoring module fannot rename file
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
srcFilePath |
Source File Path |
string |
|
|
destFilePath |
Destination File Path |
string |
|
EventType: PH_PERFMON_SVN_FIM_FILE_MISSING
Description: Perf / Config Monitoring module failed to find FIM file
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_PERFMON_SVN_FIRSTFILELINES_EMPTY
Description: Perf / Config Monitoring module found that FIRSTFILENAME is empty in file
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
EventType: PH_PERFMON_SVN_FIRSTFILELINES_NOT_IN_FILE
Description: Perf / Config Monitoring module found that FIRSTFILELINES is not in file
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
EventType: PH_PERFMON_SVN_GET_DEVICE_ID_FAILED
Description: Perf / Config Monitoring module failed to get device ID via hostname and IP from App Server
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
EventType: PH_PERFMON_SVN_GET_DISCOV_TIME_FAILED
Description: Perf / Config Monitoring module failed to get discover time
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_PERFMON_SVN_INFO_GET_FAILED
Description: Perf / Config Monitoring module failed to get svn info on file
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
EventType: PH_PERFMON_SVN_INST_SW_BAD
Description: Perf / Config Monitoring module found that Installed Software xml is incorrectly formatted
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_PERFMON_SVN_INVALID_FILE_FORMAT
Description: Perf / Config Monitoring module found file format error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
EventType: PH_PERFMON_SVN_INVALID_HEADER_IN_FILE
Description: Perf / Config Monitoring module found that file has incomplete header
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
EventType: PH_PERFMON_SVN_INVALID_SECONDFILENAME
Description: Perf / Config Monitoring module found that SECONDFILENAME is invalid
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
EventType: PH_PERFMON_SVN_LINE_MISMATCH
Description: Perf / Config Monitoring module found that line number not matched with the expected value
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_PERFMON_SVN_SECONDFILENAME_EMPTY
Description: Perf / Configuration Monitoring module found that SECONDFILENAME is empty in file
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
EventType: PH_PERFMON_SVN_SOFTWARE_MISSING
Description: Perf / Configuration Monitoring module found missing installed software
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_PERFMON_TOPO_CONFIG_ERROR
Description: Perf Monitoring module failed to parse topo xml from App Server
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_PERFMON_TOPO_FILE_OPEN_FAILED
Description: Perf Monitoring module failed to open file
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
|
exitValue |
Command exit value |
int32 |
|
EventType: PH_PERFMON_TOPO_LOAD_ERROR
Description: Perf Monitoring module failed toload topology from app server
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_PERFMON_TRACERT_FILE_OPEN_FAILED
Description: Perf Monitoring module cannot open file
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
EventType: PH_PERFMON_UNKNOWN_CUST_PERF_JOB_ID
Description: Perf Monitoring module encountered unknown custom performance monitoring job id from App Server
Severity: 3 (Low)
Event Category: 3 (System Logs)
EventType: PH_PERFMON_UNKNOWN_PERF_JOB_ID
Description: Perf Monitoring module encountered unknown performance monitoring job id from App Server
Severity: 3 (Low)
Event Category: 3 (System Logs)
EventType: PH_PERFMON_UNKNOWN_PROBE_JOB_ID
Description: Perf Monitoring module encountered unknown probe job id from App Server
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_PERFMON_UPDATE_CONFIG_ERROR
Description: Perf Monitoring module failed to update monitoring config from App Server
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_PERFMON_UPDATE_FILTERS_ERROR
Description: Perf Monitoring module failed to update interface filter Perf Monitoring module
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_PERFMON_UPDATE_ROUTE_DEPENDENCY_FAILED
Description: Perf Monitoring module failed to upload network dependency to app server - Unexpected http response code
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errorNo |
Error Number Unsigned |
uint32 |
This is an unsigned integer error number |
EventType: PH_PERFMON_USER_PWD_GET_FAILED
Description: Perf Monitoring module failed to get user and password
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_PERFORM_MONITOR_ERROR
Description: FortiSIEM Performance Monitor generic error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
fileName |
File Name |
string |
|
EventType: PH_PER_MON_CONFIG_ERROR
Description: Config discover error occured
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_PER_MON_FETCH
Description: Performance Monitoring module doing SNMP fetch for an OID
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
comm |
Community String |
string |
|
|
oid |
Object Identifier |
string |
|
EventType: PH_PER_MON_FUNCTION
Description: Entering Performance Monitoring Debug Function
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
funName |
Function Name |
string |
|
EventType: PH_PER_MON_SNMP_DONE
Description: Performance Monitoring module successfully did SNMP fetch
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
comm |
Community String |
string |
|
|
oid |
Object Identifier |
string |
|
EventType: PH_PER_MON_WALK
Description: Performance Monitoring module starting SNMP walk for an OID
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
comm |
Community String |
string |
|
|
oid |
Object Identifier |
string |
|
EventType: PH_PER_MON_WALK_ERROR
Description: FortiSIEM Performance Monitor SNMP Walk error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
comm |
Community String |
string |
|
|
oid |
Object Identifier |
string |
|
EventType: PH_QUERYSRV_DUPLICATED_QUERYID
Description: Duplicated query id
Severity: 6 (Medium)
Event Category: 3 (System Logs)
EventType: PH_QUERYSRV_INVALID_QUERYXML
Description: Invalid query xml
Severity: 6 (Medium)
Event Category: 3 (System Logs)
EventType: PH_QUERY_AGGR_RESULTS_POST_PROCESS_FAILED
Description: Query Master failed to post-process aggregate query results - query will fail
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
queryId |
Query Id |
string |
|
EventType: PH_QUERY_ATTR_UNDEFINED
Description: Query Master/Worker found undefined attribute in Query XML - query will fail
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_QUERY_BAD_RESULT_STATUS
Description: Bad Query Result Status
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
queryId |
Query Id |
string |
|
EventType: PH_QUERY_CACHE_GET_FAILED
Description: FortiSIEM Query Master failed to get cache results
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
task |
Task |
string |
|
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_QUERY_CACHE_RESULT_GET_FAILED
Description: Query Master failed to get query results from its own cache - query will be resubmitted
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
queryId |
Query Id |
string |
|
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_QUERY_CACHE_TRIGGER_EVENT_GET_FAILED
Description: Query Master failed to get trigger event query from Data Manager - Query Master will attempt to get trigger events from event database
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_QUERY_CHAR_UNEXPECTED
Description: Query Master/Worker found unexpected character in expression in a Query XML - query will fail
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
task |
Task |
string |
|
EventType: PH_QUERY_CH_PARSE_FAILED
Description: Query Master failed to parse CLICKHOUSE query result
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_QUERY_CH_POST_FAILED
Description: Query Master failed to post query to CLICKHOUSE
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
task |
Task |
string |
|
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
|
httpStatusCode |
HTTP Status |
string |
|
EventType: PH_QUERY_CLICKHOUSE_DATA_FAILED
Description: FortiSIEM ClickHouse DATA failure
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
queryId |
Query Id |
string |
|
EventType: PH_QUERY_CLICKHOUSE_EXEC_FAILED
Description: Failed to exec query from ClickHouse
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
queryId |
Query Id |
string |
|
EventType: PH_QUERY_CLICKHOUSE_STARTS
Description: ClickHouse query starts
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
queryId |
Query Id |
string |
|
EventType: PH_QUERY_CLICKHOUSE_STOP_FAILED
Description: Failed to stop ClickHouse query
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
queryId |
Query Id |
string |
|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_QUERY_CLICKHOUSE_WAITING_QUEUE_FULL
Description: ClickHouse query waiting queue is full
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
queryId |
Query Id |
string |
|
EventType: PH_QUERY_COMMAND_BAD
Description: Internal error - unsupported query control command - expected Stop, pause and resume
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_QUERY_COMPLETION_NOTIFICATION_SEND_FAILED
Description: Query Master failed to send query completion notification to App server
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
queryId |
Query Id |
string |
|
EventType: PH_QUERY_CONFIG_UNDEFINED
Description: Query Master/Worker found undefined phoenix_config item
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
configName |
Config Name |
string |
|
EventType: PH_QUERY_CONVERT_FAILED
Description: Query Master/Worker failed to convert a particular query to certain format - query will fail
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
queryId |
Query Id |
string |
|
EventType: PH_QUERY_DATA_ENUM_FAILED
Description: Query Master failed to enumerate inline report results for a particular report - inline report will fail
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_QUERY_DATA_MANAGER_NODES_GET_FAILED
Description: Query Master failed to get Data Manager IP addresses - queries will be done by Query Master until the next attempt to get this list of IP addresses
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_QUERY_DATA_SEND_FAILED
Description: Query Master failed to send query-related data to App Server
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_QUERY_DATA_SIZE_MISMATCH
Description: Query Master found size mismatch between two data entries while loading a particular inline query - this inline report will fail
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_QUERY_DATA_SIZE_UNEXPECTED
Description: Query Master found unexpected data size while returning results to App server - inline report will not have results
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_QUERY_DATA_TYPE_UNEXPECTED
Description: Query Master found unexpected data types while returning results to App server - inline report will not have results
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_QUERY_DB_SERVER_HOST_UNDEFINED
Description: Database server host not defined for query master
Severity: 3 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
configName |
Config Name |
string |
|
EventType: PH_QUERY_DIR_CREATE_FAILED
Description: Query Master/Worker/Data Manager failed to create directory
Severity: 10 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
|
errorNoInt |
Error Number Int |
int32 |
|
EventType: PH_QUERY_DIR_RENAME_FAILED
Description: Query Master/Worker/Data Manager failed to rename directory
Severity: 10 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
srcFilePath |
Source File Path |
string |
|
|
destFilePath |
Destination File Path |
string |
|
|
errorNoInt |
Error Number Int |
int32 |
|
EventType: PH_QUERY_DISTRIBUTION
Description: Query distribution (Worker IP: Workload)
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
queryId |
Query Id |
string |
|
|
oldDistrib |
Old Distribution |
string |
|
|
newDistrib |
New Distribution |
string |
|
EventType: PH_QUERY_DURATION
Description: Query statistics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
reportName |
Report Name |
string |
FortiSIEM report name. |
EventType: PH_QUERY_ES_PARSE_FAILED
Description: Query Master failed to parse Elastic Search Summary query result - query will fail
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_QUERY_ES_POST_FAILED
Description: Query Master failed to provide Elastic Search Summary query results to App Server - query results will not be available
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
task |
Task |
string |
|
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
|
httpStatusCode |
HTTP Status |
string |
|
EventType: PH_QUERY_ES_SCROLL_FAILED
Description: ES Query scroll failed
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_QUERY_EVENT_COLLECTOR_UNAVAILABLE
Description: Query Master/Worker failed to get event collector for a particular query - query will fail
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
queryId |
Query Id |
string |
|
EventType: PH_QUERY_EVENT_ID_GET_FAILED
Description: Query Master failed to get triggered event ID for a particular triggered event query - query will fail
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
eventId |
Event ID |
uint64 |
This is a globally unique ID assigned to every raw event ingested into the SIEM. This is used by the system for tying events to incidents, and is typically not needed by end users. |
|
queryId |
Query Id |
string |
|
EventType: PH_QUERY_EVENT_PARSE_FAILED
Description: Query Master failed to parse events from Data Manager - query will fail
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
seqNum |
Sequence Number |
uint64 |
TCP Sequence number field in TCP header. |
|
queryId |
Query Id |
string |
|
EventType: PH_QUERY_EVENT_PAYLOAD_READ_FAILED
Description: Query Master failed to read events - some real time events may be missed
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_QUERY_EXCEPTION_CAUGHT
Description: Query Worker encountered corrupt event index or data - query will fail
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_QUERY_EXPORT_TASK_CREAT_FAILED
Description: FortiSIEM Query Engine failed to export query result
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
task |
Task |
string |
|
EventType: PH_QUERY_EXPORT_TASK_INSERT_FAILED
Description: FortiSIEM Query Engine failed to start query result export task
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
task |
Task |
string |
|
EventType: PH_QUERY_EXPR_INCOMPLETE
Description: Query Master failed to handle Query XML during internal processing- Incomplete expression
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
task |
Task |
string |
|
EventType: PH_QUERY_FILE_CONTENT_BAD
Description: Query Master / Worker found invalid content in Query XML file - query will fail
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
EventType: PH_QUERY_FILE_CONTENT_MISSING
Description: Query Master / Worker found certain content missing in Query XML file - query will fail
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
EventType: PH_QUERY_FILE_COPY_FAILED
Description: Query Master failed to copy query XML file from completed/active to eventdb directory - XXX
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
srcFilePath |
Source File Path |
string |
|
|
destFilePath |
Destination File Path |
string |
|
|
errorNoInt |
Error Number Int |
int32 |
|
EventType: PH_QUERY_FILE_CORRUPT
Description: Query Master found corrupt query status file for a particular query - query will not be completed
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
EventType: PH_QUERY_FILE_CREATE_FAILED
Description: Query Master / Worker failed to create query result file - query will fail
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
|
errorNoInt |
Error Number Int |
int32 |
|
EventType: PH_QUERY_FILE_EMPTY
Description: Query Master/Worker found empty query status backup file - system loses redundancy for this query
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
EventType: PH_QUERY_FILE_HEADER_GET_FAILED
Description: Query Master failed to read query related file header from query result file - query will fail
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_QUERY_FILE_LINK_FAILED
Description: Query Master / Worker failed to hard link query result file - query cache will not be used
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
srcFilePath |
Source File Path |
string |
|
|
destFilePath |
Destination File Path |
string |
|
|
errorNoInt |
Error Number Int |
int32 |
|
EventType: PH_QUERY_FILE_MAGIC_BAD
Description: Query Master found bad query-related file magic inside query status or result file - query will fail
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_QUERY_FILE_MMAP_FAILED
Description: Query Master failed to memory-map summary event cache file - summary event query will fail
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
|
errorNoInt |
Error Number Int |
int32 |
|
EventType: PH_QUERY_FILE_NAME_BAD
Description: Query Master found invalidly formatted summary event cache file - summary event query will fail
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
EventType: PH_QUERY_FILE_OPEN_FAILED
Description: Query Master / Worker/ Data Manager failed to open query related file - related operation will fail
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
|
errorNoInt |
Error Number Int |
int32 |
|
EventType: PH_QUERY_FILE_READ_FAILED
Description: Query Master / Worker/ Data Manager failed to read query related file - related operation will fail
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
|
errorNoInt |
Error Number Int |
int32 |
|
EventType: PH_QUERY_FILE_REMOVE_FAILED
Description: Query Master failed to remove cached query result file - disk may eventually get full
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
|
errorNoInt |
Error Number Int |
int32 |
|
EventType: PH_QUERY_FILE_SEEK_FAILED
Description: Query Master failed to seek trend file to offset for a specific inline report - that inline report will fail
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
|
seqNum |
Sequence Number |
uint64 |
TCP Sequence number field in TCP header. |
EventType: PH_QUERY_FILE_STAT_FAILED
Description: Query Master / Worker/ Data Manager failed to stat query related file - related operation will fail
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
|
errorNoInt |
Error Number Int |
int32 |
|
EventType: PH_QUERY_FORMAT_UNSUPPORTED
Description: Query Master received unsupported report export file format from App Server - export will fail
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_QUERY_FUNC_ERROR
Description: Query Master / Worker encountered internal function error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
funName |
Function Name |
string |
|
|
errorNoInt |
Error Number Int |
int32 |
|
EventType: PH_QUERY_ID_DUPLICATE
Description: Query Master / Worker encountered duplicate query ID assigned by App server - query will fail
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
queryId |
Query Id |
string |
|
EventType: PH_QUERY_ID_INACTIVE
Description: Query Master / Worker failed to retrieve supposedly active query - query will fail
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
queryId |
Query Id |
string |
|
EventType: PH_QUERY_ID_NOT_FOUND
Description: Query Master / Worker failed to find Query ID not found in task queue - query will fail
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
queryId |
Query Id |
string |
|
EventType: PH_QUERY_ID_REMOVE_FAILED
Description: Query Master failed to remove trigger event query ID from task queue - partial results will be returned
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
queryId |
Query Id |
string |
|
EventType: PH_QUERY_ID_UNSUPPORTED
Description: Query Master found unsupported query type hint from App Server - query will fail
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
queryId |
Query Id |
string |
|
EventType: PH_QUERY_INLINEREQUEST_BAD
Description: Query Master received bad inline query request via TCP socket - query will fail
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_QUERY_IPC_EVENT_SEND_FAILED
Description: Query Master failed to send IPC event (containing heartbeat data) to Data Manager - trigger event queries may be slow
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
destIpAddr |
Destination IP |
IP |
Destination IP of a device as identified in the event. |
EventType: PH_QUERY_IP_GET_FAILED
Description: Query Master failed to get Supervisor IP - Query Master will not be able to communicate with Super data Manager
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
EventType: PH_QUERY_IP_INVALID
Description: Query Worker got invalid Query Master IP - queries will fail
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
EventType: PH_QUERY_IP_TYPE_INVALID
Description: Invalid IP type
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_QUERY_LOGINTEGRITYEXPORT_TASK_CREAT_FAILED
Description: Data Manager failed to create task for exporting log integrity check request from App Server - request will fail
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_QUERY_LOGINTEGRITYEXPORT_TASK_INSERT_FAILED
Description: Data Manager failed to insert task for exporting log integrity check request from App Server into internal task queue - request will fail
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_QUERY_LOG_INTEGRITY_EXPORT_DIR_UNCONFIGURED
Description: Query Master failed to obtain log integrity export directory - particular request will fail
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_QUERY_LOG_INTEGRITY_EXPORT_FAILED
Description: Query Master failed to export bad event blocks from file - log integrity query from App server will fail
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
EventType: PH_QUERY_LONG_RUNNING_STOPPED
Description: Long running query stopped
Severity: 3 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
queryId |
Query Id |
string |
|
|
reportName |
Report Name |
string |
FortiSIEM report name. |
EventType: PH_QUERY_MEM_ALLOC_FAILED
Description: Query Master / Worker failed to allocate memory during event / rule processing
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
totBytes64 |
Total Bytes64 |
uint64 |
Total number of sent and received bytes by a host. This has 64bit resolution. |
EventType: PH_QUERY_MESSAGE_SEND_FAILED
Description: FortiSIEM Query Engine failed to send message
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
type |
Type |
string |
|
|
destIpPort |
Destination TCP/UDP Port |
uint16 |
This is the destination TCP or UDP port as identified in the event |
EventType: PH_QUERY_MODULE_INIT_FAILED
Description: Query Master / Worker module failed to initialize
Severity: 10 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
module |
Module Name |
string |
|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_QUERY_MODULE_UNCONFIGURED
Description: Query Master / Worker module failed to obtain some parameters during phoenix_config.txt during initialization - module likely will not start
Severity: 10 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
module |
Module Name |
string |
|
EventType: PH_QUERY_ONLINE_WORKER_CHANGED
Description: FortiSIEM Online Query Worker number changed
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
count |
Count |
uint32 |
A general count variable. A common use case is for incidents. Count represents how many times an Incident occurred in a time interval. When an Incident with the same group by parameters occurs again. The count is incremented and the Last Seen time is advanced. Count can be used for other events also. |
EventType: PH_QUERY_PARSED_EVENT_LOAD_FAILED
Description: Query Worker failed to load parsed event from shared buffer during real time query which may not show events from this Query Worker node
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_QUERY_PARTIAL_WORKER_FAILURE
Description: Partial query results due to worker failure
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
queryId |
Query Id |
string |
|
|
reportName |
Report Name |
string |
FortiSIEM report name. |