Fortinet black logo

Fabric Normalization Reference

Home FortiAnalyzer 7.2.1 Fabric Normalization Reference
7.2.1
7.4.2
7.4.1
7.4.0
7.2.5
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0

FortiGate logs

FortiGate logs

FortiAnalyzer supports normalizing FortiGate logs as Fabric logs.

The following field mapping applies:

FortiGate Log Field

Normalized Fabric Log Field
devid,device_id data_sourceid
data_source_name data_sourcename
data_timestamp data_timestamp
appcat app_cat
appid app_id
app app_name
service app_service
qname dns_query
dns_querytype dns_querytype
ipaddr dns_response
hostname dst_domain
dstcountry dst_geo
dst_info dst_intf
dstip,dst_ip dst_ip
dstmac dst_mac
dst_natip,tranip dst_natip
dst_natport,tranport dst_natport
dstport,dst_port dst_port
action event_action
event_id event_id
event_message event_message
error event_outcome
event_policy event_policy
applist event_profile
level event_severity
subtype event_subtype
type event_type
analyticscksum file_hash
filename file_name
host_classification host_classification
host_hwvendor host_hwvendor
host_hwver host_hwver
host_ip host_ip
srccountry host_location
host_mac host_mac
host_name host_name
srcfamily host_osfamily
host_osname host_osname
host_osver host_osver
user host_owner
host_type host_type
srcuuid host_uid
referralurl http_referer
url http_url
srcssid net_name
proto net_proto
rcvdpkt,rcvdp net_rcvdpkts
rcvdbyte,rcvdb net_recvbytes
sentbyte,sentb net_sentbytes
sentpkt,sentp net_sentpkts
duration,dur net_sessionduration
sessionid net_sessionid
srcssid net_ssid
srcname src_domain
srccountry src_geo
source_info src_intf
srcip,src_ip src_ip
srcmac src_mac
src_natip,transip src_natip
src_natport,transport src_natport
srcport,src_port src_port
threat_action threat_action
threat_direction threat_direction
threat_id threat_id
threat_name threat_name
threat_pattern threat_pattern
threat_ref threat_ref
threat_severity threat_severity
threat_type threat_type
group,unauthusersource user_group
user,unauthuser user_id
Previous
Next

FortiGate logs

FortiAnalyzer supports normalizing FortiGate logs as Fabric logs.

The following field mapping applies:

FortiGate Log Field

Normalized Fabric Log Field
devid,device_id data_sourceid
data_source_name data_sourcename
data_timestamp data_timestamp
appcat app_cat
appid app_id
app app_name
service app_service
qname dns_query
dns_querytype dns_querytype
ipaddr dns_response
hostname dst_domain
dstcountry dst_geo
dst_info dst_intf
dstip,dst_ip dst_ip
dstmac dst_mac
dst_natip,tranip dst_natip
dst_natport,tranport dst_natport
dstport,dst_port dst_port
action event_action
event_id event_id
event_message event_message
error event_outcome
event_policy event_policy
applist event_profile
level event_severity
subtype event_subtype
type event_type
analyticscksum file_hash
filename file_name
host_classification host_classification
host_hwvendor host_hwvendor
host_hwver host_hwver
host_ip host_ip
srccountry host_location
host_mac host_mac
host_name host_name
srcfamily host_osfamily
host_osname host_osname
host_osver host_osver
user host_owner
host_type host_type
srcuuid host_uid
referralurl http_referer
url http_url
srcssid net_name
proto net_proto
rcvdpkt,rcvdp net_rcvdpkts
rcvdbyte,rcvdb net_recvbytes
sentbyte,sentb net_sentbytes
sentpkt,sentp net_sentpkts
duration,dur net_sessionduration
sessionid net_sessionid
srcssid net_ssid
srcname src_domain
srccountry src_geo
source_info src_intf
srcip,src_ip src_ip
srcmac src_mac
src_natip,transip src_natip
src_natport,transport src_natport
srcport,src_port src_port
threat_action threat_action
threat_direction threat_direction
threat_id threat_id
threat_name threat_name
threat_pattern threat_pattern
threat_ref threat_ref
threat_severity threat_severity
threat_type threat_type
group,unauthusersource user_group
user,unauthuser user_id
Previous
Next