FortiWeb logs
FortiAnalyzer supports normalizing FortiWeb logs as Fabric logs.
The following field mapping applies:
FortiWeb Log Field |
Normalized Fabric Log Field |
---|---|
loguid,id |
loguid |
epid |
epid |
euid |
euid |
devid,device_id | data_sourceid |
data_source_name | data_sourcename |
data_sourcetype |
data_sourcetype |
data_timestamp | data_timestamp |
service,backend_service,server_pool_name | app_service |
http_host | dst_domain |
srccountry | dst_geo |
dst_info | dst_intf |
dst | dst_ip |
dstport,dst_port | dst_port |
action | event_action |
logid,log_id | event_id |
msg | event_message |
status | event_outcome |
trigger_policy,policy | event_policy |
pri,severity_level | event_severity |
subtype | event_subtype |
type | event_type |
host_classification | host_classification |
host_hwvendor | host_hwvendor |
host_hwver | host_hwver |
host_ip | host_ip |
host_mac | host_mac |
host_name | host_name |
host_osname | host_osname |
host_osver | host_osver |
devtype,host_type | host_type |
host_uid | host_uid |
http_method | http_method |
http_refer | http_referer |
http_url | http_url |
http_agent | http_useragent |
proto | net_proto |
srccountry,original_srccountry | src_geo |
ui | src_intf |
src | src_ip |
srcport,src_port | src_port |
threat_action | threat_action |
direction | threat_direction |
main_type | threat_name |
signature_info,bot_info | threat_pattern |
threat_weight | threat_score |
threat_level | threat_severity |
threat_type | threat_type |
user | user_id |
user_name | user_name |