FortiCache logs
FortiAnalyzer supports normalizing FortiCache logs as Fabric logs.
The following field mapping applies:
FortiCache Log Field |
Normalized Fabric Log Field |
---|---|
devid | data_sourceid |
data_source_name | data_sourcename |
data_timestamp | data_timestamp |
appcat,app_cat,monitor-type,webfilter_catdesc | app_cat |
appid,webfilter_cat_id | app_id |
app,applist,app_list,monitor-name,webfilter_mode | app_name |
appact,app_action,cloudaction | app_state |
request_info | dns_query |
scheme | dns_querytype |
response_info | dns_response |
dst_int | dst_domain |
dstcountry | dst_geo |
dstintf | dst_intf |
dstip | dst_ip |
tranip | dst_natip |
dstport | dst_port |
action | event_action |
logid | event_id |
msg,logdesc | event_message |
log_rate_info | event_outcome |
ips_attack_id | event_policy |
ips_profile,spam_profile | event_profile |
level,ips_severity | event_severity |
subtype,messagetype,message_type | event_subtype |
type,eventtype | event_type |
filetype,spam_file_type | file_ext |
checksum | file_hash |
virus_file_hashtype | file_hashtype |
filename,spam_subject,filesize | file_name |
spam_file_size,filesize | file_size |
host_info,host_classification | host_classification |
osgen,os_gen,osvendor,host_hwvendor | host_hwvendor |
host_hwver | host_hwver |
ip,host_ip | host_ip |
srccountry | host_location |
mastersrcmac,host_mac | host_mac |
hostname,host_name | host_name |
osfamily | host_osfamily |
osname,os,host_osname | host_osname |
osversion,host_osver | host_osver |
hostname | host_owner |
devtype,host_type | host_type |
host_uid | host_uid |
method | http_method |
url,webfilter_url_list | http_url |
agent | http_useragent |
collectedemail,from | mail_from |
spam_file_size | mail_size |
spam_subject | mail_subject |
to | mail_to |
vpntype,direction | net_direction |
vpn | net_name |
policyid | net_payloadid |
proto | net_proto |
rcvdpkt | net_rcvdpkts |
rcvdbyte | net_recvbytes |
sentbyte,bandwidth | net_sentbytes |
sentpkt | net_sentpkts |
duration | net_sessionduration |
sessionid | net_sessionid |
srcssid | net_ssid |
src_int | src_domain |
srcintf | src_intf |
srcip | src_ip |
srcmac | src_mac |
transip | src_natip |
transport | src_natport |
srcport | src_port |
threat_action | threat_action |
threat_id | threat_id |
threat_name | threat_name |
threat_pattern | threat_pattern |
threat_ref | threat_ref |
threat_severity | threat_severity |
threat_type | threat_type |
group | user_group |
custom,clouduser | user_id |
user | user_name |