Parser Logs

This section provides logs related to parsing of events/logs

• PH_EVENT_ATTR_XML_ISSUE

• PH_LIBEVENT_BUFFER_OVERFLOW

• PH_LIBEVENT_IP_TYPE_INVALID

• PH_LIBEVENT_UNKNOWN_ATTR_ID

• PH_LIBEVENT_UNKNOWN_ATTR_NAME

• PH_NO_PARSER_FOR_EVENT

• PH_PARSER_BIND_PORT_FAILURE

• PH_PARSER_DATA_SIZE_OVERFLOW

• PH_PARSER_DIR_OPEN_FAILURE

• PH_PARSER_EVENT_PARSER_ERROR

• PH_PARSER_EVENT_SERIALIZE_ERROR

• PH_PARSER_FILE_DELETE_FAILURE

• PH_PARSER_FILE_DELETE_FAILURE_RENAME

• PH_PARSER_FILE_INVALID_FORMAT

• PH_PARSER_FILE_INVALID_HEADER

• PH_PARSER_FILE_NOT_EXIST

• PH_PARSER_FILE_OPEN_FAILURE

• PH_PARSER_FILE_READ_FAILURE

• PH_PARSER_FILE_RENAME_FAILURE

• PH_PARSER_FILE_SIZE_MISMATCH

• PH_PARSER_FILE_STAT_FAILURE

• PH_PARSER_FILE_WRITE_FAILURE

• PH_PARSER_GEO_WRONG_ATTR_NUMBER

• PH_PARSER_GEO_WRONG_CACHE_NUMBER

• PH_PARSER_GET_PROCESS_ERROR

• PH_PARSER_HTTP_RESPONSE_ERROR

• PH_PARSER_HTTP_UPLOAD_FAILURE

• PH_PARSER_INIT_FAILURE

• PH_PARSER_INVALID_CSV

• PH_PARSER_INVALID_EXT_LOG_PROTO

• PH_PARSER_INVALID_ORG_NAME

• PH_PARSER_INVALID_PHOENIX_CONFIG

• PH_PARSER_IP_TYPE_INVALID

• PH_PARSER_JSON_PARSE_FAILURE

• PH_PARSER_MALLOC_FAILURE

• PH_PARSER_PACK_EVENT_ERROR

• PH_PARSER_RAWEVENT_TOO_LARGER

• PH_PARSER_REST_PARSE_ERROR

• PH_PARSER_RUN_PROCESS_ERROR

• PH_PARSER_SEND_EVENT_FAILURE

• PH_PARSER_SEND_TO_DISCOV_FAILURE

• PH_PARSER_SEND_TO_MONITOR_FAILURE

• PH_PARSER_SET_USER_ID_FAILURE

• PH_PARSER_SHARED_STORE_ERROR

• PH_PARSER_SNMPTRAP_INIT_FAILURE

• PH_PARSER_SOCKET_ERROR

• PH_PARSER_SOCKET_RECV_ERROR

• PH_PARSER_SOCKET_SELECT_ERROR

• PH_PARSER_SPAWN_THREAD_FAILURE

• PH_PARSER_SSL_ACCEPT_ERROR

• PH_PARSER_SSL_CERT_LOAD_ERROR

• PH_PARSER_TEST_RULES_PARSE_ALL_EVENTS_BEGIN

• PH_PARSER_TEST_RULES_PARSE_ALL_EVENTS_END

• PH_PARSER_TEST_RULES_PARSE_ONE_EVENT_BEGIN

• PH_PARSER_TEST_RULES_PARSE_ONE_EVENT_END

• PH_PARSER_TOO_MANY_UNKNOWN_EVENTS

• PH_PARSER_UPDATE_FAILURE

• PH_PARSER_USE_ERROR_BEFORE_INIT

• PH_PARSER_WRONG_EVENT_SIZE

• PH_PARSER_WRONG_PARAMETER

• PH_PARSER_WTAP_ERR_BAD_FILE

• PH_PARSER_WTAP_ERR_CANT_OPEN

• PH_PARSER_WTAP_ERR_COMPRESSION_NOT_SUPPORTED

• PH_PARSER_WTAP_ERR_DECOMPRESS

• PH_PARSER_WTAP_ERR_ENCAP_PER_PACKET_UNSUPPORTED

• PH_PARSER_WTAP_ERR_FILE_UNKNOWN_FORMAT

• PH_PARSER_WTAP_ERR_NOT_REGULAR_FILE

• PH_PARSER_WTAP_ERR_RANDOM_OPEN_PIPE

• PH_PARSER_WTAP_ERR_SHORT_READ

• PH_PARSER_WTAP_ERR_SHORT_WRITE

• PH_PARSER_WTAP_ERR_UNSUPPORTED

• PH_PARSER_XML_PARSE_ERROR

• PH_PARSER_XML_PARSE_FAILURE

• PH_PARSE_CONFIG_CHANGE_FAILED

• PH_VULN_LOAD_ERROR

• PH_VULN_UPDATE_ERROR

EventType: PH_EVENT_ATTR_XML_ISSUE

Description: Event attribute xml issue

Severity: 6 (Medium)

Event Category: 3 (System Logs)

EventType: PH_LIBEVENT_BUFFER_OVERFLOW

Description: FortiSIEM module encountered error while reading events from shared buffer

Severity: 7 (Medium)

Event Category: 3 (System Logs)

EventType: PH_LIBEVENT_IP_TYPE_INVALID

Description: Invalid IP type

Severity: 7 (Medium)

Event Category: 3 (System Logs)

EventType: PH_LIBEVENT_UNKNOWN_ATTR_ID

Description: Query/Report/Rule module encountered unknown event attribute id

Severity: 7 (Medium)

Event Category: 3 (System Logs)

EventType: PH_LIBEVENT_UNKNOWN_ATTR_NAME

Description: Query/Report/Rule module encountered unknown event attribute name

Severity: 7 (Medium)

Event Category: 3 (System Logs)

EventType: PH_NO_PARSER_FOR_EVENT

Description: No parser available for event

Severity: 5 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id	Display name	Type	Description
eventName	Event Name	string	This is the eventType display name, or human readable name. In many cases the eventType is sufficiently labeled.

EventType: PH_PARSER_BIND_PORT_FAILURE

Description: Parser module failed to bind to a TCP/UDP ports

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id	Display name	Type	Description
errorNoInt	Error Number Int	int32

EventType: PH_PARSER_DATA_SIZE_OVERFLOW

Description: Data size exceeding capacity

Severity: 7 (Medium)

Event Category: 3 (System Logs)

EventType: PH_PARSER_DIR_OPEN_FAILURE

Description: Parser module failed to open directory

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id	Display name	Type	Description
dirName	Directory Name	string

EventType: PH_PARSER_EVENT_PARSER_ERROR

Description: Parser module failed to parse event parsing xml from local disk or App server

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id	Display name	Type	Description
tagName	Tag Name	string
parserName	Event Parser Name	string	The name of parser that parsed the event
funName	Function Name	string

EventType: PH_PARSER_EVENT_SERIALIZE_ERROR

Description: Parser module failed to serialize event before writing to shared buffer

Severity: 7 (Medium)

Event Category: 3 (System Logs)

EventType: PH_PARSER_FILE_DELETE_FAILURE

Description: Parser module failed to delete file

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id	Display name	Type	Description
filePath	File Path	string
errorNoInt	Error Number Int	int32

EventType: PH_PARSER_FILE_DELETE_FAILURE_RENAME

Description: Parser module failed to delete file but succeeded to rename. These files may fill up disk

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id	Display name	Type	Description
filePath	File Path	string
errorNoInt	Error Number Int	int32

EventType: PH_PARSER_FILE_INVALID_FORMAT

Description: Parser module failed to parse event or metadata files with invalid file format

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id	Display name	Type	Description
filePath	File Path	string
errorString	Error String	string	This is the error message, synonymous to attribute errReason

EventType: PH_PARSER_FILE_INVALID_HEADER

Description: Parser module failed to parse event files with invalid file header

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id	Display name	Type	Description
filePath	File Path	string
errorString	Error String	string	This is the error message, synonymous to attribute errReason

EventType: PH_PARSER_FILE_NOT_EXIST

Description: File doesn't exsit

Severity: 3 (Low)

Event Category: 3 (System Logs)

Attributes:

Id	Display name	Type	Description
filePath	File Path	string

EventType: PH_PARSER_FILE_OPEN_FAILURE

Description: Parser module failed to open file

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id	Display name	Type	Description
filePath	File Path	string
errorNoInt	Error Number Int	int32
errorString	Error String	string	This is the error message, synonymous to attribute errReason

EventType: PH_PARSER_FILE_READ_FAILURE

Description: Parser module failed to read file

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id	Display name	Type	Description
filePath	File Path	string
errorNoInt	Error Number Int	int32

EventType: PH_PARSER_FILE_RENAME_FAILURE

Description: Parser module failed to rename file

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id	Display name	Type	Description
filePath	File Path	string
errorNoInt	Error Number Int	int32

EventType: PH_PARSER_FILE_SIZE_MISMATCH

Description: Parser module ignored event file from collector because of file size mismatch

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id	Display name	Type	Description
filePath	File Path	string

EventType: PH_PARSER_FILE_STAT_FAILURE

Description: Parser module failed to obtain file status and will skip the file

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id	Display name	Type	Description
filePath	File Path	string
errorNoInt	Error Number Int	int32

EventType: PH_PARSER_FILE_WRITE_FAILURE

Description: Parser module failed to write file

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id	Display name	Type	Description
filePath	File Path	string
errorNoInt	Error Number Int	int32

EventType: PH_PARSER_GEO_WRONG_ATTR_NUMBER

Description: Parser module internal error - mismatched GEO attribute count

Severity: 7 (Medium)

Event Category: 3 (System Logs)

EventType: PH_PARSER_GEO_WRONG_CACHE_NUMBER

Description: Parser module internal error - incorrect GEO cache attribute count

Severity: 7 (Medium)

Event Category: 3 (System Logs)

EventType: PH_PARSER_GET_PROCESS_ERROR

Description: Parser module failed to get own process information

Severity: 7 (Medium)

Event Category: 3 (System Logs)

EventType: PH_PARSER_HTTP_RESPONSE_ERROR

Description: Parser module failed to get response from App Server

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id	Display name	Type	Description
errorNo	Error Number Unsigned	uint32	This is an unsigned integer error number

EventType: PH_PARSER_HTTP_UPLOAD_FAILURE

Description: Parser module failed to upload information to App Server

Severity: 7 (Medium)

Event Category: 3 (System Logs)

EventType: PH_PARSER_INIT_FAILURE

Description: Parser module failed to initialize

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id	Display name	Type	Description
funName	Function Name	string
errorString	Error String	string	This is the error message, synonymous to attribute errReason

EventType: PH_PARSER_INVALID_CSV

Description: Parser module failed to load CSV file

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id	Display name	Type	Description
filePath	File Path	string

EventType: PH_PARSER_INVALID_EXT_LOG_PROTO

Description: Parser module encountered unsupported external log receive protocol

Severity: 7 (Medium)

Event Category: 3 (System Logs)

EventType: PH_PARSER_INVALID_ORG_NAME

Description: Parser module received invalid organization in event

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id	Display name	Type	Description
customer	Organization Name	string	This is the FortiSIEM Organization Name, which is unique to each tenant. It identifies the tenant this event belongs to.

EventType: PH_PARSER_INVALID_PHOENIX_CONFIG

Description: Parser module found incorrectly formatted phoenix config file entry

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id	Display name	Type	Description
module	Module Name	string
configName	Config Name	string
configValue	Config Value	string

EventType: PH_PARSER_IP_TYPE_INVALID

Description: Invalid IP type

Severity: 7 (Medium)

Event Category: 3 (System Logs)

EventType: PH_PARSER_JSON_PARSE_FAILURE

Description: Parser module failed to parse Json

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id	Display name	Type	Description
errorString	Error String	string	This is the error message, synonymous to attribute errReason
jsonBody	JSON Body	string

EventType: PH_PARSER_MALLOC_FAILURE

Description: Parser module failed to dynamically allocate memory

Severity: 7 (Medium)

Event Category: 3 (System Logs)

EventType: PH_PARSER_PACK_EVENT_ERROR

Description: Parser module failed to pack event before sending to other modules for internal communication

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id	Display name	Type	Description
funName	Function Name	string

EventType: PH_PARSER_RAWEVENT_TOO_LARGER

Description: Raw event's size is more than 10M. Save it to tmp file and not send to parser

Severity: 3 (Low)

Event Category: 3 (System Logs)

Attributes:

Id	Display name	Type	Description
filePath	File Path	string

EventType: PH_PARSER_REST_PARSE_ERROR

Description: Parser module failed to parse REST api from App Server

Severity: 7 (Medium)

Event Category: 3 (System Logs)

EventType: PH_PARSER_RUN_PROCESS_ERROR

Description: Parser module failed to start

Severity: 7 (Medium)

Event Category: 3 (System Logs)

EventType: PH_PARSER_SEND_EVENT_FAILURE

Description: Parser module failed to send event

Severity: 7 (Medium)

Event Category: 3 (System Logs)

EventType: PH_PARSER_SEND_TO_DISCOV_FAILURE

Description: Parser module failed to send internal event to discovery module

Severity: 7 (Medium)

Event Category: 3 (System Logs)

EventType: PH_PARSER_SEND_TO_MONITOR_FAILURE

Description: Parser module failed to send internal event to Supervisor phMonitor process

Severity: 7 (Medium)

Event Category: 3 (System Logs)

EventType: PH_PARSER_SET_USER_ID_FAILURE

Description: Parser module unable to set effective user ID

Severity: 7 (Medium)

Event Category: 3 (System Logs)

EventType: PH_PARSER_SHARED_STORE_ERROR

Description: FortiSIEM Parser module encountered shared store error

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id	Display name	Type	Description
errorString	Error String	string	This is the error message, synonymous to attribute errReason

EventType: PH_PARSER_SNMPTRAP_INIT_FAILURE

Description: Parser module failed to initialize snmptrap

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id	Display name	Type	Description
errorString	Error String	string	This is the error message, synonymous to attribute errReason

EventType: PH_PARSER_SOCKET_ERROR

Description: Parser module failed to open socket

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id	Display name	Type	Description
errorNoInt	Error Number Int	int32

EventType: PH_PARSER_SOCKET_RECV_ERROR

Description: Parser module failed to receive message via socket

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id	Display name	Type	Description
errorNoInt	Error Number Int	int32

EventType: PH_PARSER_SOCKET_SELECT_ERROR

Description: Parser module failed to select in socket API

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id	Display name	Type	Description
errorNoInt	Error Number Int	int32

EventType: PH_PARSER_SPAWN_THREAD_FAILURE

Description: Parser module failed to spawn thread

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id	Display name	Type	Description
funName	Function Name	string

EventType: PH_PARSER_SSL_ACCEPT_ERROR

Description: Parser module failed to accept SSL connection

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id	Display name	Type	Description
errorString	Error String	string	This is the error message, synonymous to attribute errReason

EventType: PH_PARSER_SSL_CERT_LOAD_ERROR

Description: Parser module failed to load SSL certificate

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id	Display name	Type	Description
filePath	File Path	string
errorString	Error String	string	This is the error message, synonymous to attribute errReason

EventType: PH_PARSER_TEST_RULES_PARSE_ALL_EVENTS_BEGIN

Description: Parser beginning to parse all events

Severity: 1 (Low)

Event Category: 3 (System Logs)

EventType: PH_PARSER_TEST_RULES_PARSE_ALL_EVENTS_END

Description: Parser finished parsing all events

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id	Display name	Type	Description
ruleId	Rule ID	uint64	Unique ID of a FortiSIEM rule.

EventType: PH_PARSER_TEST_RULES_PARSE_ONE_EVENT_BEGIN

Description: Event parsing begins

Severity: 1 (Low)

Event Category: 3 (System Logs)

EventType: PH_PARSER_TEST_RULES_PARSE_ONE_EVENT_END

Description: Event parsing ends

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id	Display name	Type	Description
eventId	Event ID	uint64	This is a globally unique ID assigned to every raw event ingested into the SIEM. This is used by the system for tying events to incidents, and is typically not needed by end users.

EventType: PH_PARSER_TOO_MANY_UNKNOWN_EVENTS

Description: Too many unknown events

Notes: This event is generated by the phParser process running on a FortiSIEM node when too many unknown events are received from a single source IP (Reporting IP). Unknown events implies that there is no matching parser to parse those events. The thresholds are defined in /opt/phoenix/config/phoenix_config.txt. [BEGIN PHPARSER] unknown_event_skip_eps=20 unknown_event_skip_size=10240 # 10kB [END PHPARSER] The explanation of these attributes is as follows. The attribute unknown_event_skip_eps is used to calculate the maximum number of allowed unparsed events from a source. The attribute unknown_event_skip_size is used to calculate the maximum size of allowed unparsed raw events from a source. The window for detecting excessive unknown events in 3 minutes (or 180 seconds). In this window: - the maximum number of allowed unparsed events from a single source is unknown_event_skip_eps times 180, and - the maximum cumulative raw event size (in bytes) of all unparsed events from a single source is unknown_event_skip_size. For example: For unknown_event_skip_eps=20 and unknown_event_skip_size=10240, if either 3600 unknown events is received from one source or the total size of unknown events from one source reaches 10kB in a 3 minute window, then the event PH_PARSER_TOO_MANY_UNKNOWN_EVENTS is generated and parsing stops for that reporting IP for the remainder of the 3 minute window. Once the 3 minute window expires, the restriction is lifted and events from that IP are parsed again. If the condition happens again in the new window, then the same action is taken as the previous window. This action is taken to reduce the load on the parser module in the case of excessive unknown events. Increasing the values of unknown_event_skip_eps and unknown_event_skip_size may have a performance impact on the CPU and memory consumption by the parser module on that FortiSIEM node.

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id	Display name	Type	Description
relayDevIpAddr	Relaying IP	IP	Relaying IP is most commonly used to specify the log relay appliance, usually a collector.

EventType: PH_PARSER_UPDATE_FAILURE

Description: Parser module failed to update internal information from REST API

Severity: 7 (Medium)

Event Category: 3 (System Logs)

EventType: PH_PARSER_USE_ERROR_BEFORE_INIT

Description: Parser module attempted to use an object before initialization

Severity: 7 (Medium)

Event Category: 3 (System Logs)

EventType: PH_PARSER_WRONG_EVENT_SIZE

Description: FortiSIEM module failed to load serialized event

Severity: 7 (Medium)

Event Category: 3 (System Logs)

EventType: PH_PARSER_WRONG_PARAMETER

Description: Parser module encountered wrong parameter during event parsing

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id	Display name	Type	Description
funName	Function Name	string
paraName	Param Name	string
parserName	Event Parser Name	string	The name of parser that parsed the event

EventType: PH_PARSER_WTAP_ERR_BAD_FILE

Description: The file is damaged or corrupt

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id	Display name	Type	Description
filePath	File Path	string
errorString	Error String	string	This is the error message, synonymous to attribute errReason

EventType: PH_PARSER_WTAP_ERR_CANT_OPEN

Description: Parser module failed to open file

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id	Display name	Type	Description
filePath	File Path	string

EventType: PH_PARSER_WTAP_ERR_COMPRESSION_NOT_SUPPORTED

Description: Parser module failed to write this file type as a compressed file

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id	Display name	Type	Description
filePath	File Path	string

EventType: PH_PARSER_WTAP_ERR_DECOMPRESS

Description: The compressed file appears to be damaged or corrupt

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id	Display name	Type	Description
filePath	File Path	string
errorString	Error String	string	This is the error message, synonymous to attribute errReason

EventType: PH_PARSER_WTAP_ERR_ENCAP_PER_PACKET_UNSUPPORTED

Description: Parser module doesn't support the network type in the file

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id	Display name	Type	Description
filePath	File Path	string

EventType: PH_PARSER_WTAP_ERR_FILE_UNKNOWN_FORMAT

Description: Parser module doesn't support this file format

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id	Display name	Type	Description
filePath	File Path	string

EventType: PH_PARSER_WTAP_ERR_NOT_REGULAR_FILE

Description: Parser module failed to parse a special file or socket or other non-regular file

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id	Display name	Type	Description
filePath	File Path	string

EventType: PH_PARSER_WTAP_ERR_RANDOM_OPEN_PIPE

Description: Parser module can't parse a pipe or FIFO files

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id	Display name	Type	Description
filePath	File Path	string

EventType: PH_PARSER_WTAP_ERR_SHORT_READ

Description: The file has been cut short in the middle of a packet

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id	Display name	Type	Description
filePath	File Path	string

EventType: PH_PARSER_WTAP_ERR_SHORT_WRITE

Description: Parser module failed to write a full header in the file

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id	Display name	Type	Description
filePath	File Path	string

EventType: PH_PARSER_WTAP_ERR_UNSUPPORTED

Description: Parser module doesn't support record data in the file

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id	Display name	Type	Description
filePath	File Path	string
errorString	Error String	string	This is the error message, synonymous to attribute errReason

EventType: PH_PARSER_XML_PARSE_ERROR

Description: Parser module failed to parse generic xml document

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id	Display name	Type	Description
tagName	Tag Name	string
parserName	Event Parser Name	string	The name of parser that parsed the event

EventType: PH_PARSER_XML_PARSE_FAILURE

Description: Parser module failed to parse XML

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id	Display name	Type	Description
propName	Property Name	string
propValue	Property Value	string

EventType: PH_PARSE_CONFIG_CHANGE_FAILED

Description: FortiSIEM bRule/Report Master/Worker modules failed to parse performance monitoring config change

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id	Display name	Type	Description
errReason	Reason for Error	string	This is the reason for an error if given.

EventType: PH_VULN_LOAD_ERROR

Description: Parser module failed to load external scanner-found vulnerabilities from App server

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id	Display name	Type	Description
errReason	Reason for Error	string	This is the reason for an error if given.

EventType: PH_VULN_UPDATE_ERROR

Description: Parser module failed to upload external scanner-found vulnerabilities to App server

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id	Display name	Type	Description
errReason	Reason for Error	string	This is the reason for an error if given.