Fortinet black logo

Fabric Normalization Reference

Home FortiAnalyzer 7.2.0 Fabric Normalization Reference
7.2.0
7.4.2
7.4.1
7.4.0
7.2.5
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0

FortiClient logs

FortiClient logs

FortiAnalyzer supports normalizing FortiClient logs as Fabric logs.

The following field mapping applies:

FortiClient Log Field

Normalized Fabric Log Field
device_id data_sourceid
data_source_name data_sourcename
fctver data_sourceversion
data_timestamp data_timestamp
cat app_cat
appid app_id
app app_name
srcproduct app_proc
fgtserial,appvendor app_ref
service,ae_api,ems_service_info app_service
endpoint_status app_state
appversion,fctver app_ver
remotename dst_domain
dstip,remoteip,destinationip dst_ip
dstport,remoteport,destinationport dst_port
action event_action
logid event_id
msg,affected_prod_list event_message
status,epenfeatures event_outcome
ruleid,policyname event_policy
usingpolicy event_profile
endpoint_features_info,clientfeature event_ref
level event_severity
event_subtype event_subtype
type event_type
filetype file_ext
checksum file_hash
file file_name
path file_path
host_classification host_classification
host_hwvendor host_hwvendor
host_hwver host_hwver
device_ip,regip,host_ip host_ip
devicemac,mac,host_mac host_mac
hostname,device_name,host_name host_name
os,host_osname host_osname
host_osver host_osver
host_type host_type
host_uid host_uid
vpntype http_method
social_srvc http_referer
url http_url
direction net_direction
proto net_proto
rcvdbyte net_recvbytes
sentbyte net_sentbytes
sessionid net_sessionid
domain src_domain
srcip src_ip
devicemac,mac src_mac
srcport src_port
threat_action threat_action
threat_id threat_id
threat_name threat_name
threat_pattern threat_pattern
threat_ref threat_ref
threat_severity threat_severity
threat_type threat_type
social_srvc user_authtype
domain user_domain
social_email user_email
uid,vpnuser user_id
user user_name
pcdomain user_org
social_phone user_phone
social_user user_social
Previous
Next

FortiClient logs

FortiAnalyzer supports normalizing FortiClient logs as Fabric logs.

The following field mapping applies:

FortiClient Log Field

Normalized Fabric Log Field
device_id data_sourceid
data_source_name data_sourcename
fctver data_sourceversion
data_timestamp data_timestamp
cat app_cat
appid app_id
app app_name
srcproduct app_proc
fgtserial,appvendor app_ref
service,ae_api,ems_service_info app_service
endpoint_status app_state
appversion,fctver app_ver
remotename dst_domain
dstip,remoteip,destinationip dst_ip
dstport,remoteport,destinationport dst_port
action event_action
logid event_id
msg,affected_prod_list event_message
status,epenfeatures event_outcome
ruleid,policyname event_policy
usingpolicy event_profile
endpoint_features_info,clientfeature event_ref
level event_severity
event_subtype event_subtype
type event_type
filetype file_ext
checksum file_hash
file file_name
path file_path
host_classification host_classification
host_hwvendor host_hwvendor
host_hwver host_hwver
device_ip,regip,host_ip host_ip
devicemac,mac,host_mac host_mac
hostname,device_name,host_name host_name
os,host_osname host_osname
host_osver host_osver
host_type host_type
host_uid host_uid
vpntype http_method
social_srvc http_referer
url http_url
direction net_direction
proto net_proto
rcvdbyte net_recvbytes
sentbyte net_sentbytes
sessionid net_sessionid
domain src_domain
srcip src_ip
devicemac,mac src_mac
srcport src_port
threat_action threat_action
threat_id threat_id
threat_name threat_name
threat_pattern threat_pattern
threat_ref threat_ref
threat_severity threat_severity
threat_type threat_type
social_srvc user_authtype
domain user_domain
social_email user_email
uid,vpnuser user_id
user user_name
pcdomain user_org
social_phone user_phone
social_user user_social
Previous
Next