FortiManager/FortiAnalyzer logs
FortiAnalyzer supports normalizing FortiManager/FortiAnalyzer logs as Fabric logs.
The following field mapping applies:
FortiManager/FortiAnalyzer Log Field |
Normalized Fabric Log Field |
---|---|
loguid,id |
loguid |
epid |
epid |
euid |
euid |
devid,device_id | data_sourceid |
data_source_name | data_sourcename |
data_sourcetype |
data_sourcetype |
data_timestamp | data_timestamp |
script | app_ref |
service | app_service |
state | app_state |
action,event_action | event_action |
event_id | event_id |
msg,constmsg | event_message |
desc | event_outcome |
desc | event_profile |
event_message,authmsg | event_ref |
level,pri | event_severity |
subtype | event_subtype |
type,eventtype | event_type |
file,remote_filename | file_name |
log_path | file_path |
log_size | file_size |
host_classification | host_classification |
host_hwvendor | host_hwvendor |
host_hwver | host_hwver |
host_ip | host_ip |
userfrom | host_location |
host_mac | host_mac |
device,remote_host,host_name | host_name |
host_osname | host_osname |
sw_version | host_osver |
host_type | host_type |
dev_oid | host_uid |
url | http_url |
session_id,sid | net_sessionid |
remote_ip | src_ip |
remote_port | src_port |
user_type | user_classification |
use_mb | user_group |
userid | user_id |
address | user_location |
user | user_name |
adminprof | user_role |