Help
FortiSIEM
FortiSIEM provides Security Information and Event Management (SIEM) and User and Entity Behavior Analytics (UEBA)
Andy_G
Staff
Staff

Created on ‎10-05-2016 01:25 AM Edited on ‎03-23-2022 01:08 PM By Anonymous

Article Id 195758

Technical Note: [Accelops KB] Problem - Why are syslog events parsed with Event Type = Unknown_EventType?

Description

Summary of Topic

You have syslog events from a device that AccelOps supports yet the Event Type is being assigned Unknown_EventType.

 

Solution Steps

Currently AO parsers require a PRID in the syslog header in order to be parsed correctly.

Example of a syslog event with a PRID:

Aug 22 12:31:07.418: %SYS-5-CONFIG_I: Configured from console by joeadmin on vty0 (10.10.10.10)

And here is how AO parses this event:

agodwin_FD39560_tn_FD39560-1.jpg

Example of a syslog event without a PRID:

<187>47258: Aug 22 12:31:07.418: %SYS-5-CONFIG_I: Configured from console by joeadmin on vty0 (10.10.10.10)

And here is how AO parses this event:

agodwin_FD39560_tn_FD39560-2.jpg

NOTE:

This will be optional starting in version 3.7.1.

Version Application

All < 3.7.1

 

 

 

Labels:
602
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.