FortiWeb logs
FortiAnalyzer supports normalizing FortiWeb logs as Fabric logs.
The following field mapping applies:
|
FortiWeb Log Field |
Normalized Fabric Log Field |
|---|---|
|
loguid,id |
loguid |
|
epid |
epid |
|
euid |
euid |
| devid,device_id | data_sourceid |
| data_source_name | data_sourcename |
|
data_sourcetype |
data_sourcetype |
| data_timestamp | data_timestamp |
| service,backend_service,server_pool_name | app_service |
| http_host | dst_domain |
| srccountry | dst_geo |
| dst_info | dst_intf |
| dst | dst_ip |
| dstport,dst_port | dst_port |
| action | event_action |
| logid,log_id | event_id |
| msg | event_message |
| status | event_outcome |
| trigger_policy,policy | event_policy |
| pri,severity_level | event_severity |
| subtype | event_subtype |
| type | event_type |
| host_classification | host_classification |
| host_hwvendor | host_hwvendor |
| host_hwver | host_hwver |
| host_ip | host_ip |
| host_mac | host_mac |
| host_name | host_name |
| host_osname | host_osname |
| host_osver | host_osver |
| devtype,host_type | host_type |
| host_uid | host_uid |
| http_method | http_method |
| http_refer | http_referer |
| http_url | http_url |
| http_agent | http_useragent |
| proto | net_proto |
| srccountry,original_srccountry | src_geo |
| ui | src_intf |
| src | src_ip |
| srcport,src_port | src_port |
| threat_action | threat_action |
| direction | threat_direction |
| main_type | threat_name |
| signature_info,bot_info | threat_pattern |
| threat_weight | threat_score |
| threat_level | threat_severity |
| threat_type | threat_type |
| user | user_id |
| user_name | user_name |