Fortinet black logo

Fabric Normalization Reference

Home FortiAnalyzer 7.2.0 Fabric Normalization Reference
7.2.0
7.4.2
7.4.1
7.4.0
7.2.5
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0

FortiCache logs

FortiCache logs

FortiAnalyzer supports normalizing FortiCache logs as Fabric logs.

The following field mapping applies:

FortiCache Log Field

Normalized Fabric Log Field
devid data_sourceid
data_source_name data_sourcename
data_timestamp data_timestamp
appcat,app_cat,monitor-type,webfilter_catdesc app_cat
appid,webfilter_cat_id app_id
app,applist,app_list,monitor-name,webfilter_mode app_name
appact,app_action,cloudaction app_state
request_info dns_query
scheme dns_querytype
response_info dns_response
dst_int dst_domain
dstcountry dst_geo
dstintf dst_intf
dstip dst_ip
tranip dst_natip
dstport dst_port
action event_action
logid event_id
msg,logdesc event_message
log_rate_info event_outcome
ips_attack_id event_policy
ips_profile,spam_profile event_profile
level,ips_severity event_severity
subtype,messagetype,message_type event_subtype
type,eventtype event_type
filetype,spam_file_type file_ext
checksum file_hash
virus_file_hashtype file_hashtype
filename,spam_subject,filesize file_name
spam_file_size,filesize file_size
host_info,host_classification host_classification
osgen,os_gen,osvendor,host_hwvendor host_hwvendor
host_hwver host_hwver
ip,host_ip host_ip
srccountry host_location
mastersrcmac,host_mac host_mac
hostname,host_name host_name
osfamily host_osfamily
osname,os,host_osname host_osname
osversion,host_osver host_osver
hostname host_owner
devtype,host_type host_type
host_uid host_uid
method http_method
url,webfilter_url_list http_url
agent http_useragent
collectedemail,from mail_from
spam_file_size mail_size
spam_subject mail_subject
to mail_to
vpntype,direction net_direction
vpn net_name
policyid net_payloadid
proto net_proto
rcvdpkt net_rcvdpkts
rcvdbyte net_recvbytes
sentbyte,bandwidth net_sentbytes
sentpkt net_sentpkts
duration net_sessionduration
sessionid net_sessionid
srcssid net_ssid
src_int src_domain
srcintf src_intf
srcip src_ip
srcmac src_mac
transip src_natip
transport src_natport
srcport src_port
threat_action threat_action
threat_id threat_id
threat_name threat_name
threat_pattern threat_pattern
threat_ref threat_ref
threat_severity threat_severity
threat_type threat_type
group user_group
custom,clouduser user_id
user user_name
Previous
Next

FortiCache logs

FortiAnalyzer supports normalizing FortiCache logs as Fabric logs.

The following field mapping applies:

FortiCache Log Field

Normalized Fabric Log Field
devid data_sourceid
data_source_name data_sourcename
data_timestamp data_timestamp
appcat,app_cat,monitor-type,webfilter_catdesc app_cat
appid,webfilter_cat_id app_id
app,applist,app_list,monitor-name,webfilter_mode app_name
appact,app_action,cloudaction app_state
request_info dns_query
scheme dns_querytype
response_info dns_response
dst_int dst_domain
dstcountry dst_geo
dstintf dst_intf
dstip dst_ip
tranip dst_natip
dstport dst_port
action event_action
logid event_id
msg,logdesc event_message
log_rate_info event_outcome
ips_attack_id event_policy
ips_profile,spam_profile event_profile
level,ips_severity event_severity
subtype,messagetype,message_type event_subtype
type,eventtype event_type
filetype,spam_file_type file_ext
checksum file_hash
virus_file_hashtype file_hashtype
filename,spam_subject,filesize file_name
spam_file_size,filesize file_size
host_info,host_classification host_classification
osgen,os_gen,osvendor,host_hwvendor host_hwvendor
host_hwver host_hwver
ip,host_ip host_ip
srccountry host_location
mastersrcmac,host_mac host_mac
hostname,host_name host_name
osfamily host_osfamily
osname,os,host_osname host_osname
osversion,host_osver host_osver
hostname host_owner
devtype,host_type host_type
host_uid host_uid
method http_method
url,webfilter_url_list http_url
agent http_useragent
collectedemail,from mail_from
spam_file_size mail_size
spam_subject mail_subject
to mail_to
vpntype,direction net_direction
vpn net_name
policyid net_payloadid
proto net_proto
rcvdpkt net_rcvdpkts
rcvdbyte net_recvbytes
sentbyte,bandwidth net_sentbytes
sentpkt net_sentpkts
duration net_sessionduration
sessionid net_sessionid
srcssid net_ssid
src_int src_domain
srcintf src_intf
srcip src_ip
srcmac src_mac
transip src_natip
transport src_natport
srcport src_port
threat_action threat_action
threat_id threat_id
threat_name threat_name
threat_pattern threat_pattern
threat_ref threat_ref
threat_severity threat_severity
threat_type threat_type
group user_group
custom,clouduser user_id
user user_name
Previous
Next