FortiManager/FortiAnalyzer logs
FortiAnalyzer supports normalizing FortiManager/FortiAnalyzer logs as Fabric logs.
The following field mapping applies:
|
FortiManager/FortiAnalyzer Log Field |
Normalized Fabric Log Field |
|---|---|
|
loguid,id |
loguid |
|
epid |
epid |
|
euid |
euid |
| devid,device_id | data_sourceid |
| data_source_name | data_sourcename |
|
data_sourcetype |
data_sourcetype |
| data_timestamp | data_timestamp |
| script | app_ref |
| service | app_service |
| state | app_state |
| action,event_action | event_action |
| event_id | event_id |
| msg,constmsg | event_message |
| desc | event_outcome |
| desc | event_profile |
| event_message,authmsg | event_ref |
| level,pri | event_severity |
| subtype | event_subtype |
| type,eventtype | event_type |
| file,remote_filename | file_name |
| log_path | file_path |
| log_size | file_size |
| host_classification | host_classification |
| host_hwvendor | host_hwvendor |
| host_hwver | host_hwver |
| host_ip | host_ip |
| userfrom | host_location |
| host_mac | host_mac |
| device,remote_host,host_name | host_name |
| host_osname | host_osname |
| sw_version | host_osver |
| host_type | host_type |
| dev_oid | host_uid |
| url | http_url |
| session_id,sid | net_sessionid |
| remote_ip | src_ip |
| remote_port | src_port |
| user_type | user_classification |
| use_mb | user_group |
| userid | user_id |
| address | user_location |
| user | user_name |
| adminprof | user_role |