FORWARD_TRAFFIC

Logs files identified as type=traffic and subtype=forward (FortiOs 5.4). <189>date=2019-04-09 time=04:27:29 devname=fw01 devid=FG800D0123456789 logid=0000000013 type=traffic subtype=forward level=notice vd=root srcip=1.1.1.1 srcport=19982 srcintf=”port1” dstip=10.10.10.10 dstport=179 dstintf=”port3” poluuid=d4954a18-3b72-51e9-1163-77fc436ef3c9 sessionid=1768791677 proto=6 action=timeout policyid=34 policytype=policy dstcountry=”Reserved” srccountry=”Reserved” trandisp=noop service=”BGP” duration=25 sentbyte=300 rcvdbyte=0 sentpkt=5 rcvdpkt=0 appcat=”unscanned” crscore=5 craction=262144 crlevel=low

There is no YANG model available yet to map this class of messages. Please check the Structured message example section to see the structure.

Implemented for

• fortinet

Syslog message example

<189>date=2019-04-09 time=04:27:29 devname=fw01 devid=FG800D0123456789 logid=0000000013 type=traffic subtype=forward level=notice vd=root srcip=1.1.1.1 srcport=19982 srcintf="port1" dstip=10.10.10.10 dstport=179 dstintf="port3" poluuid=d4954a18-3b72-51e9-1163-77fc436ef3c9 sessionid=1768791677 proto=6 action=timeout policyid=34 policytype=policy dstcountry="Reserved" srccountry="Reserved" trandisp=noop service="BGP" duration=25 sentbyte=300 rcvdbyte=0 sentpkt=5 rcvdpkt=0 appcat="unscanned" crscore=5 craction=262144 crlevel=low

Structured message example

{
  "error": "FORWARD_TRAFFIC",
  "facility": 23,
  "host": "fw01",
  "ip": "127.0.0.1",
  "message_details": {
      "date": "2019-04-09",
      "devid": "FG800D0123456789",
      "facility": 23,
      "host": "fw01",
      "logid": "0000000013",
      "message": "level=notice vd=root srcip=1.1.1.1 srcport=19982 srcintf=\"port1\" dstip=10.10.10.10 dstport=179 dstintf=\"port3\" poluuid=d4954a18-3b72-51e9-1163-77fc436ef3c9 sessionid=1768791677 proto=6 action=timeout policyid=34 policytype=policy dstcountry=\"Reserved\" srccountry=\"Reserved\" trandisp=noop service=\"BGP\" duration=25 sentbyte=300 rcvdbyte=0 sentpkt=5 rcvdpkt=0 appcat=\"unscanned\" crscore=5 craction=262144 crlevel=low",
      "pri": "189",
      "processName": "traffic",
      "severity": 5,
      "tag": "forward",
      "time": "04:27:29"
  },
  "os": "fortinet",
  "severity": 5,
  "timestamp": 1554786149,
  "yang_message": {
      "session": {
          "traffic": {
              "forward": {
                  "action": "timeout",
                  "destination_address": "10.10.10.10",
                  "destination_interface": "\"port3\"",
                  "destination_port": "179",
                  "level": "notice",
                  "misc_data": "policyid=34 policytype=policy dstcountry=\"Reserved\" srccountry=\"Reserved\" trandisp=noop service=\"BGP\" duration=25 sentbyte=300 rcvdbyte=0 sentpkt=5 rcvdpkt=0 appcat=\"unscanned\" crscore=5 craction=262144 crlevel=low",
                  "poluu_id": "d4954a18-3b72-51e9-1163-77fc436ef3c9",
                  "protocol_id": "6",
                  "session_id": "1768791677",
                  "source_address": "1.1.1.1",
                  "source_interface": "\"port1\"",
                  "source_port": "19982",
                  "vdom": "root"
              }
          }
      }
  },
  "yang_model": "NO_MODEL"
}