como leo el log
Publicado: 07 Nov 2019, 15:51
Buenos dias, soy nuevo en el grupo y no entiendo bien como leer el log, tengo una aplicacion o alguien que esta intentando hacer login, me llegan las alertas por email pero no se como leerlas bien, les pongo un fragmento para ver si me pueden orientar por favor.
Message meets Alert condition
The following critical firewall event was detected: Admin login failed.
date=2019-11-07 time=08:02:31 devname=FortiGate_01 devid=FG100E4Q17004262 logid="0100032002" type="event" subtype="system" level="alert" vd="root" eventtime=1573128151 logdesc="Admin login failed" sn="0" user="Cisco" ui="ssh(192.168.1.1)" method="ssh" srcip=192.168.1.1 dstip=192.168.1.99 action="login" status="failed" reason="name_invalid" msg="Administrator Cisco login failed from ssh(192.168.1.1) because of invalid user name"
Message meets Alert condition
The following critical firewall event was detected: Admin login failed.
date=2019-11-07 time=08:02:28 devname=FortiGate_01 devid=FG100E4Q17004262 logid="0100032002" type="event" subtype="system" level="alert" vd="root" eventtime=1573128147 logdesc="Admin login failed" sn="0" user="admin" ui="ssh(192.168.1.1)" method="ssh" srcip=192.168.1.1 dstip=192.168.1.99 action="login" status="failed" reason="passwd_invalid" msg="Administrator admin login failed from ssh(192.168.1.1) because of invalid password"
Message meets Alert condition
The following critical firewall event was detected: Admin login failed.
date=2019-11-07 time=08:02:24 devname=FortiGate_01 devid=FG100E4Q17004262 logid="0100032002" type="event" subtype="system" level="alert" vd="root" eventtime=1573128144 logdesc="Admin login failed" sn="0" user="admin" ui="ssh(192.168.1.1)" method="ssh" srcip=192.168.1.1 dstip=192.168.1.99 action="login" status="failed" reason="passwd_invalid" msg="Administrator admin login failed from ssh(192.168.1.1) because of invalid password"
Message meets Alert condition
date=2019-11-07 time=08:25:43 devname=FortiGate_01 devid=FG100E4Q17004262 logid="0101037124" type="event" subtype="vpn" level="error" vd="root" eventtime=1573129542 logdesc="IPsec phase 1 error" msg="IPsec phase 1 error" action="negotiate" remip=190.94.211.12 locip=76.76.203.98 remport=500 locport=500 outintf="wan1" cookies="983b850a5474c08b/0000000000000000" user="N/A" group="N/A" xauthuser="N/A" xauthgroup="N/A" assignip=N/A vpntunnel="N/A" status="negotiate_error" reason="peer SA proposal not match local policy" peer_notif="NOT-APPLICABLE"
Message meets Alert condition
date=2019-11-07 time=08:25:41 devname=FortiGate_01 devid=FG100E4Q17004262 logid="0101037128" type="event" subtype="vpn" level="error" vd="root" eventtime=1573129541 logdesc="Progress IPsec phase 1" msg="progress IPsec phase 1" action="negotiate" remip=66.231.231.12 locip=76.76.203.98 remport=500 locport=500 outintf="wan1" cookies="b2fbe06128af5587/0000000000000000" user="N/A" group="N/A" xauthuser="N/A" xauthgroup="N/A" assignip=N/A vpntunnel="N/A" status="failure" init="remote" mode="main" dir="inbound" stage=1 role="responder" result="ERROR"
Message meets Alert condition
The following critical firewall event was detected: Admin login failed.
date=2019-11-07 time=08:02:31 devname=FortiGate_01 devid=FG100E4Q17004262 logid="0100032002" type="event" subtype="system" level="alert" vd="root" eventtime=1573128151 logdesc="Admin login failed" sn="0" user="Cisco" ui="ssh(192.168.1.1)" method="ssh" srcip=192.168.1.1 dstip=192.168.1.99 action="login" status="failed" reason="name_invalid" msg="Administrator Cisco login failed from ssh(192.168.1.1) because of invalid user name"
Message meets Alert condition
The following critical firewall event was detected: Admin login failed.
date=2019-11-07 time=08:02:28 devname=FortiGate_01 devid=FG100E4Q17004262 logid="0100032002" type="event" subtype="system" level="alert" vd="root" eventtime=1573128147 logdesc="Admin login failed" sn="0" user="admin" ui="ssh(192.168.1.1)" method="ssh" srcip=192.168.1.1 dstip=192.168.1.99 action="login" status="failed" reason="passwd_invalid" msg="Administrator admin login failed from ssh(192.168.1.1) because of invalid password"
Message meets Alert condition
The following critical firewall event was detected: Admin login failed.
date=2019-11-07 time=08:02:24 devname=FortiGate_01 devid=FG100E4Q17004262 logid="0100032002" type="event" subtype="system" level="alert" vd="root" eventtime=1573128144 logdesc="Admin login failed" sn="0" user="admin" ui="ssh(192.168.1.1)" method="ssh" srcip=192.168.1.1 dstip=192.168.1.99 action="login" status="failed" reason="passwd_invalid" msg="Administrator admin login failed from ssh(192.168.1.1) because of invalid password"
Message meets Alert condition
date=2019-11-07 time=08:25:43 devname=FortiGate_01 devid=FG100E4Q17004262 logid="0101037124" type="event" subtype="vpn" level="error" vd="root" eventtime=1573129542 logdesc="IPsec phase 1 error" msg="IPsec phase 1 error" action="negotiate" remip=190.94.211.12 locip=76.76.203.98 remport=500 locport=500 outintf="wan1" cookies="983b850a5474c08b/0000000000000000" user="N/A" group="N/A" xauthuser="N/A" xauthgroup="N/A" assignip=N/A vpntunnel="N/A" status="negotiate_error" reason="peer SA proposal not match local policy" peer_notif="NOT-APPLICABLE"
Message meets Alert condition
date=2019-11-07 time=08:25:41 devname=FortiGate_01 devid=FG100E4Q17004262 logid="0101037128" type="event" subtype="vpn" level="error" vd="root" eventtime=1573129541 logdesc="Progress IPsec phase 1" msg="progress IPsec phase 1" action="negotiate" remip=66.231.231.12 locip=76.76.203.98 remport=500 locport=500 outintf="wan1" cookies="b2fbe06128af5587/0000000000000000" user="N/A" group="N/A" xauthuser="N/A" xauthgroup="N/A" assignip=N/A vpntunnel="N/A" status="failure" init="remote" mode="main" dir="inbound" stage=1 role="responder" result="ERROR"