Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
soheil_amiri
New Contributor

SYSlog message description

hello guys

we configure fortigate device to send logs to Splunk Server via syslog, for future log analyzing.

what are this message meaning and when they happen:

Action

Ftnt_action

Vendor_action

thanks

2 REPLIES 2
emnoc
Esteemed Contributor III

We would need to see the context of the logtype to give you and exact answer but have you studied the log references for your version of fortios?

 

e.g

 

FortiOS Log Message Reference | FortiGate / FortiOS 6.4.4 | Fortinet Documentation Library

 

Ken Felix

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
soheil_amiri

Hello emnoc

i need to understand these log to create good report.

 i read FortiOS log message as i understand ( fortios 6.2.4):

Action filed is for traffic log type include : allow, block, teardown ftnt_actoin filed is for UTM log type :pass, dropped, clear_session,Close, Accept, Client-rst, server-rst, deny, time out, ip-conn, dns, allow, block vendor_action filed did not fing any answer : pass, dropped, clear_session, Close, Accept, Client-rst, server-rst, deny ,time out, ip-conn, dns, allow, block

Labels
Top Kudoed Authors