SYSlog message description

Forum|Forum|5 years ago
December 24, 2020
1 reply
8509 views

hello guys

we configure fortigate device to send logs to Splunk Server via syslog, for future log analyzing.

what are this message meaning and when they happen:

Action

Ftnt_action

Vendor_action

thanks

syslog

emnoc

New Member

We would need to see the context of the logtype to give you and exact answer but have you studied the log references for your version of fortios?

e.g

FortiOS Log Message Reference | FortiGate / FortiOS 6.4.4 | Fortinet Documentation Library

Ken Felix

soheil_amiriAuthor

New Member

Hello emnoc

i need to understand these log to create good report.

i read FortiOS log message as i understand ( fortios 6.2.4):

Action filed is for traffic log type include : allow, block, teardown ftnt_actoin filed is for UTM log type :pass, dropped, clear_session,Close, Accept, Client-rst, server-rst, deny, time out, ip-conn, dns, allow, block vendor_action filed did not fing any answer : pass, dropped, clear_session, Close, Accept, Client-rst, server-rst, deny ,time out, ip-conn, dns, allow, block

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded