c. User
- Svetlana Sheptiy
- Karein Directo (Unlicensed)
Sample Event
date=2019-05-13 time=15:55:56 logid="0102043008" type="event" subtype="user" level="notice" vd="root" eventtime=1557788156913809277 logdesc="Authentication success" srcip=10.1.100.11 dstip=172.16.200.55 policyid=1 interface="port10" user="bob" group="local-group1" authproto="TELNET(10.1.100.11)" action="authentication" status="success" reason="N/A" msg="User bob succeeded in authentication"
Fields
Field | Description |
|---|---|
DATE | Event date, in the format YYYY-MM-DD |
TIME | Event time, in the format HH:MM:SS |
SYSTEM | The source system |
TABLE | FortiGateEventUser |
CRITICALITY |
|
LOGID | Unique 10-digit identifier (log type, subtype/event type and message ID) for that specific log and includes information about the log entry |
TYPE | Represented by the first two digits of the log ID |
SUBTYPE | Represented by the first/second two digits of the log ID |
EVENTTYPE | Represented by the second two digits of the log ID |
DEVNAME |
|
DEVID | Serial number of the device for the traffic's origin |
LEVEL | Security level rating |
VD | Name of the virtual domain in which the log message was recorded |
EVENTTIME | Epoch time the log was triggered by FortiGate |
LOGDESC | Log description |
SRCIP | Source IP |
DSTIP | Destination IP |
ACTION | Status of the session |
STATUS | Status |
POLICYID | Policy ID |
INTERFACE |
|
USER | User name |
GROUP | User group name |
AUTHPROTO | The protocol that initiated the authentication |
REASON | Reason |
MSG | Message text |
SNAREDATAMAP | All other data in the event will be pushed to this field. |
Notes
Log Message Reference Documentation: https://docs.fortinet.com/document/fortigate/6.4.2/fortios-log-message-reference