FortiEDR syslog messages

The following table shows the standard format that is used for each syslog type described in this document.

Syslog Field	LEEF Field	CEF Field¹	CEF custom label value	Description	Data Type	Length
Organization	Organization	cs1	cs1Label=Organization	Name of the organization the system event belongs to.	String	100
Event ID	EventId	eventid	—	Security event ID automatically generated by the FortiEDR Manager.	Integer	10
Custom fields in CEF format (such as cs1) should be sent with the matching CEF custom label value in order to define the display label for this custom field to the consumer system. The message then includes the following two fields: CEF custom label value CEF field name (such as cs1) that holds the actual value of the field For example, for Organization “Marketing”, FortiEDR sends the following two CEF fields in the message: "cs1Label=Organization” and “cs1=Marketing”.

Syslog Field

LEEF Field

CEF Field¹

CEF custom label value

Description

Data Type

Length

Organization

cs1

cs1Label=Organization

Name of the organization the system event belongs to.

String

100

Event ID

EventId

eventid

—

Security event ID automatically generated by the FortiEDR Manager.

Integer

Custom fields in CEF format (such as cs1) should be sent with the matching CEF custom label value in order to define the display label for this custom field to the consumer system. The message then includes the following two fields:

CEF custom label value
CEF field name (such as cs1) that holds the actual value of the field

For example, for Organization “Marketing”, FortiEDR sends the following two CEF fields in the message: "cs1Label=Organization” and “cs1=Marketing”.

The following sections list the FortiEDR 7.0 syslog messages.

FortiEDR syslog messages

The following table shows the standard format that is used for each syslog type described in this document.

Syslog Field	LEEF Field	CEF Field¹	CEF custom label value	Description	Data Type	Length
Organization	Organization	cs1	cs1Label=Organization	Name of the organization the system event belongs to.	String	100
Event ID	EventId	eventid	—	Security event ID automatically generated by the FortiEDR Manager.	Integer	10
Custom fields in CEF format (such as cs1) should be sent with the matching CEF custom label value in order to define the display label for this custom field to the consumer system. The message then includes the following two fields: CEF custom label value CEF field name (such as cs1) that holds the actual value of the field For example, for Organization “Marketing”, FortiEDR sends the following two CEF fields in the message: "cs1Label=Organization” and “cs1=Marketing”.

Syslog Field

LEEF Field

CEF Field¹

CEF custom label value

Description

Data Type

Length

Organization

cs1

cs1Label=Organization

Name of the organization the system event belongs to.

String

100

Event ID

EventId

eventid

—

Security event ID automatically generated by the FortiEDR Manager.

Integer

CEF custom label value
CEF field name (such as cs1) that holds the actual value of the field

For example, for Organization “Marketing”, FortiEDR sends the following two CEF fields in the message: "cs1Label=Organization” and “cs1=Marketing”.

The following sections list the FortiEDR 7.0 syslog messages.

Secure Networking

Hybrid Mesh Firewall

NOC Management

LAN

WAN

Unified SASE

Single Vendor SASE

Cloud Network Security

Secure Endpoint Connectivity

Web Application / API Protection

Security Operations

Security Operations Automation

Identity

Early Detection & Prevention

Secure Networking

Hybrid Mesh Firewall

NOC Management

LAN

WAN

Communication & Surveillance

Unified SASE

Single Vendor SASE

Secure Endpoint Connectivity

Cloud Network Security

Cloud-Native Security

Web Application / API Protection

Security Operations

Security Operations Automation

Endpoint

Data Protection

Identity

Email

Early Detection & Prevention

Expert Services

Edge Firewall

Orchestration & management

SD Branch

Application Delivery

Single Vendor SASE

Secure Endpoint Connectivity

Secure Private Access

Thin Edge

Identity

Application Gateway

Enterprise Asset Management

Endpoint Agent

Agentless Security Posture

Identity

Wireless

Switching

Identity

Privilege Acccess Management

Next Generation Firewall

Orchestration & management

Expert Services

Web Application / API Protection

All

All

Account Management

SAAS Management

SAAS Application Security

Managed Services

Platform as a service (PAAS)

Other SAAS Services

4D Pillars

Cloud

Popular Solutions

All Products

Syslog Message Reference

FortiEDR syslog messages

FortiEDR syslog messages

FortiEDR syslog messages

FortiEDR syslog messages