FortiADC logs
FortiAnalyzer supports normalizing FortiADC logs as Fabric logs.
The following field mapping applies:
|
FortiADC Log Field |
Normalized Fabric Log Field |
|---|---|
|
loguid,id |
loguid |
|
epid |
epid |
|
euid |
euid |
| device_id, devid | data_sourceid |
| data_source_name | data_sourcename |
|
data_sourcetype |
data_sourcetype |
| data_timestamp | data_timestamp |
| dm_appid | app_id |
| service | app_service |
| dns_req | dns_query |
| dns_resp | dns_response |
| dst | dst_domain |
| dstcountry | dst_geo |
| dst_port | dst_port |
| action | event_action |
| msg_id | event_id |
| msg | event_message |
| status | event_outcome |
| policy | event_policy |
| logdesc | event_profile |
| cfgattr | event_ref |
| level,pri | event_severity |
| subtype | event_subtype |
| type | event_type |
| quar_file_name,smtp_attachname | file_name |
| http_host,dm_orihost | host_name |
| http_cookie | http_cookie |
| http_method | http_method |
| http_referer | http_referer |
| http_url | http_url |
| http_agent | http_useragent |
| smtp_from | mail_from |
| smtp_bodylen | mail_size |
| smtp_subject | mail_subject |
| smtp_to | mail_to |
| proto | net_proto |
| ibytes | net_recvbytes |
| obytes | net_sentbytes |
| dm_sessionid | net_sessionid |
| src | src_domain |
| srccountry | src_geo |
| src_port | src_port |
| threat_action | threat_action |
| threat_direction | threat_direction |
| threat_id | threat_id |
| threat_name | threat_name |
| threat_pattern | threat_pattern |
| threat_ref | threat_ref |
| threat_score | threat_score |
| threat_severity | threat_severity |
| threat_type | threat_type |
| auth_status | user_authtype |
| usergrp | user_group |
| user | user_id |
| ftp_username | user_name |