Fortinet black logo

Administration Guide

Home FortiNAC-F 7.4.0 Administration Guide
7.4.0
7.4.0
7.2.0

Examples of syslog messages

Examples of syslog messages

Here are some examples of syslog messages that are returned from FortiNAC. In these examples, the Syslog server is configured as follows:

  • Type: Syslog
  • IP address: a.b.c.d
  • Port: 514
  • Facility: Authorization

Event

Description

Syslog Message

Login Success

This is the event that is logged with a user logs into the admin UI.

02-28-2014 08:16:04 Auth.Notice 192.168.34.31 Feb 27 22:16:14 : 2014/02/27 22:16:14 EST,1,545570,Login Success,0,12,,,,,User root logged in.

Map IP To MAC Failure

This is a legacy event logged when a scheduled task runs (these are no longer used for IP-MAC) and the ARP is not read.

--

Probe - Map IP To MAC Failure

This is the event when we fail to poll and L3 device for IP->MAC (reading Arp Cache) L3 Polling

02-28-2014 09:00:14 Auth.Notice 192.168.34.31 Feb 27 23:00:24 : 2014/02/27 23:00:24 EST,1,545702,Probe - MAP IP To MAC Failure,0,28,,Switch,192.168.34.1,,Failed to read IP address mappings from device Switch.

User Logged Out

This is the event that is logs when a user logs out of the admin UI.

02-28-2014 08:48:55 Auth.Notice 192.168.34.31 Feb 27 22:49:04 : 2014/02/27 22:49:04 EST,1,545670,User Logged Out,0,12,,,,,User root Logged Out.

User Logged off Host

This event is logged when a user logs off a host

02-28-2014 08:44:25 Auth.Notice 192.168.34.31 Feb 27 22:44:34 : 2014/02/27 22:44:34 EST,1,545655,User Logged off Host,0,4155,,,,,"User Man, Bat logged off session 1 on host BRADSUPP7-LT

User Logged onto Host

This event is logged when a user logs onto a host

02-28-2014 08:37:58 Auth.Notice 192.168.34.31 Feb 27 22:38:07 : 2014/02/27 22:38:07 EST,1,545633,User Logged onto Host,0,4155,,,,,"User Man, Bat logged onto session 1 on host BRADSUPP7-LT"

User Remotely Connected to Host

An event that is logged when a user remotely connected to a terminal session on a host using the PA

--

User Locked Session

This event is logged when a user locks his workstation

02-28-2014 08:49:53 Auth.Notice 192.168.34.31 Feb 27 22:50:03 : 2014/02/27 22:50:03 EST,1,545681,User Locked Session,0,4155,,,,,"User Man, Bat locked session 2 on host BRADSUPP7-LT"

User Unlocked Session

This event is logged when a user unlocks his workstation

02-28-2014 08:52:07 Auth.Notice 192.168.34.31 Feb 27 22:52:16 : 2014/02/27 22:52:16 EST,1,545691,User Unlocked Session,0,4155,,,,,"User Man, Bat unlocked session 2 on host BRADSUPP7-LT"

Previous
Next

Examples of syslog messages

Here are some examples of syslog messages that are returned from FortiNAC. In these examples, the Syslog server is configured as follows:

  • Type: Syslog
  • IP address: a.b.c.d
  • Port: 514
  • Facility: Authorization

Event

Description

Syslog Message

Login Success

This is the event that is logged with a user logs into the admin UI.

02-28-2014 08:16:04 Auth.Notice 192.168.34.31 Feb 27 22:16:14 : 2014/02/27 22:16:14 EST,1,545570,Login Success,0,12,,,,,User root logged in.

Map IP To MAC Failure

This is a legacy event logged when a scheduled task runs (these are no longer used for IP-MAC) and the ARP is not read.

--

Probe - Map IP To MAC Failure

This is the event when we fail to poll and L3 device for IP->MAC (reading Arp Cache) L3 Polling

02-28-2014 09:00:14 Auth.Notice 192.168.34.31 Feb 27 23:00:24 : 2014/02/27 23:00:24 EST,1,545702,Probe - MAP IP To MAC Failure,0,28,,Switch,192.168.34.1,,Failed to read IP address mappings from device Switch.

User Logged Out

This is the event that is logs when a user logs out of the admin UI.

02-28-2014 08:48:55 Auth.Notice 192.168.34.31 Feb 27 22:49:04 : 2014/02/27 22:49:04 EST,1,545670,User Logged Out,0,12,,,,,User root Logged Out.

User Logged off Host

This event is logged when a user logs off a host

02-28-2014 08:44:25 Auth.Notice 192.168.34.31 Feb 27 22:44:34 : 2014/02/27 22:44:34 EST,1,545655,User Logged off Host,0,4155,,,,,"User Man, Bat logged off session 1 on host BRADSUPP7-LT

User Logged onto Host

This event is logged when a user logs onto a host

02-28-2014 08:37:58 Auth.Notice 192.168.34.31 Feb 27 22:38:07 : 2014/02/27 22:38:07 EST,1,545633,User Logged onto Host,0,4155,,,,,"User Man, Bat logged onto session 1 on host BRADSUPP7-LT"

User Remotely Connected to Host

An event that is logged when a user remotely connected to a terminal session on a host using the PA

--

User Locked Session

This event is logged when a user locks his workstation

02-28-2014 08:49:53 Auth.Notice 192.168.34.31 Feb 27 22:50:03 : 2014/02/27 22:50:03 EST,1,545681,User Locked Session,0,4155,,,,,"User Man, Bat locked session 2 on host BRADSUPP7-LT"

User Unlocked Session

This event is logged when a user unlocks his workstation

02-28-2014 08:52:07 Auth.Notice 192.168.34.31 Feb 27 22:52:16 : 2014/02/27 22:52:16 EST,1,545691,User Unlocked Session,0,4155,,,,,"User Man, Bat unlocked session 2 on host BRADSUPP7-LT"

Previous
Next