LOCAL_TRAFFIC

Logs files for traffic identified as type=traffic and subtype=local (FortiOs 5.4). <189>date=2019-04-04 time=09:19:21 devname=fw01 devid=FG800D0123456789 logid=0001000014 type=traffic subtype=local level=notice vd=root srcip=172.30.0.1 srcport=48770 srcintf=”wan1” dstip=172.16.0.1 dstport=443 dstintf=”root” sessionid=3841389285 proto=6 action=close policyid=0 policytype=local-in-policy dstcountry=”France” srccountry=”France” trandisp=noop service=”HTTPS” app=”Web Management(HTTPS)” duration=3 sentbyte=28187 rcvdbyte=334857 sentpkt=183 rcvdpkt=242 appcat=”unscanned”

There is no YANG model available yet to map this class of messages. Please check the Structured message example section to see the structure.

Implemented for

• fortinet

Syslog message example

<189>date=2019-04-04 time=09:19:21 devname=fw01 devid=FG800D0123456789 logid=0001000014 type=traffic subtype=local level=notice vd=root srcip=172.30.0.1 srcport=48770 srcintf="wan1" dstip=172.16.0.1 dstport=443 dstintf="root" sessionid=3841389285 proto=6 action=close policyid=0 policytype=local-in-policy dstcountry="France" srccountry="France" trandisp=noop service="HTTPS" app="Web Management(HTTPS)" duration=3 sentbyte=28187 rcvdbyte=334857 sentpkt=183 rcvdpkt=242 appcat="unscanned"

Structured message example

{
  "error": "LOCAL_TRAFFIC",
  "facility": 23,
  "host": "fw01",
  "ip": "127.0.0.1",
  "message_details": {
      "date": "2019-04-04",
      "devid": "FG800D0123456789",
      "facility": 23,
      "host": "fw01",
      "logid": "0001000014",
      "message": "level=notice vd=root srcip=172.30.0.1 srcport=48770 srcintf=\"wan1\" dstip=172.16.0.1 dstport=443 dstintf=\"root\" sessionid=3841389285 proto=6 action=close policyid=0 policytype=local-in-policy dstcountry=\"France\" srccountry=\"France\" trandisp=noop service=\"HTTPS\" app=\"Web Management(HTTPS)\" duration=3 sentbyte=28187 rcvdbyte=334857 sentpkt=183 rcvdpkt=242 appcat=\"unscanned\"",
      "pri": "189",
      "processName": "traffic",
      "severity": 5,
      "tag": "local",
      "time": "09:19:21"
  },
  "os": "fortinet",
  "severity": 5,
  "timestamp": 1552629390,
  "yang_message": {
      "session": {
          "traffic": {
              "local": {
                  "action": "close",
                  "destination_address": "172.16.0.1",
                  "destination_interface": "\"root\"",
                  "destination_port": "443",
                  "level": "notice",
                  "misc_data": "policyid=0 policytype=local-in-policy dstcountry=\"France\" srccountry=\"France\" trandisp=noop service=\"HTTPS\" app=\"Web Management(HTTPS)\" duration=3 sentbyte=28187 rcvdbyte=334857 sentpkt=183 rcvdpkt=242 appcat=\"unscanned\"",
                  "protocol_id": "6",
                  "session_id": "3841389285",
                  "source_address": "172.30.0.1",
                  "source_interface": "\"wan1\"",
                  "source_port": "48770",
                  "vdom": "root"
              }
          }
      }
  },
  "yang_model": "NO_MODEL"
}