FortiClient logs
FortiAnalyzer supports normalizing FortiClient logs as Fabric logs.
The following field mapping applies:
FortiClient Log Field |
Normalized Fabric Log Field |
---|---|
device_id | data_sourceid |
data_source_name | data_sourcename |
fctver | data_sourceversion |
data_timestamp | data_timestamp |
cat | app_cat |
appid | app_id |
app | app_name |
srcproduct | app_proc |
fgtserial,appvendor | app_ref |
service,ae_api,ems_service_info | app_service |
endpoint_status | app_state |
appversion,fctver | app_ver |
remotename | dst_domain |
dstip,remoteip,destinationip | dst_ip |
dstport,remoteport,destinationport | dst_port |
action | event_action |
logid | event_id |
msg,affected_prod_list | event_message |
status,epenfeatures | event_outcome |
ruleid,policyname | event_policy |
usingpolicy | event_profile |
endpoint_features_info,clientfeature | event_ref |
level | event_severity |
event_subtype | event_subtype |
type | event_type |
filetype | file_ext |
checksum | file_hash |
file | file_name |
path | file_path |
host_classification | host_classification |
host_hwvendor | host_hwvendor |
host_hwver | host_hwver |
device_ip,regip,host_ip | host_ip |
devicemac,mac,host_mac | host_mac |
hostname,device_name,host_name | host_name |
os,host_osname | host_osname |
host_osver | host_osver |
host_type | host_type |
host_uid | host_uid |
vpntype | http_method |
social_srvc | http_referer |
url | http_url |
direction | net_direction |
proto | net_proto |
rcvdbyte | net_recvbytes |
sentbyte | net_sentbytes |
sessionid | net_sessionid |
domain | src_domain |
srcip | src_ip |
devicemac,mac | src_mac |
srcport | src_port |
threat_action | threat_action |
threat_id | threat_id |
threat_name | threat_name |
threat_pattern | threat_pattern |
threat_ref | threat_ref |
threat_severity | threat_severity |
threat_type | threat_type |
social_srvc | user_authtype |
domain | user_domain |
social_email | user_email |
uid,vpnuser | user_id |
user | user_name |
pcdomain | user_org |
social_phone | user_phone |
social_user | user_social |