FortiADC logs
FortiAnalyzer supports normalizing FortiADC logs as Fabric logs.
The following field mapping applies:
FortiADC Log Field |
Normalized Fabric Log Field |
---|---|
loguid,id |
loguid |
epid |
epid |
euid |
euid |
device_id, devid | data_sourceid |
data_source_name | data_sourcename |
data_sourcetype |
data_sourcetype |
data_timestamp | data_timestamp |
dm_appid | app_id |
service | app_service |
dns_req | dns_query |
dns_resp | dns_response |
dst | dst_domain |
dstcountry | dst_geo |
dst_port | dst_port |
action | event_action |
msg_id | event_id |
msg | event_message |
status | event_outcome |
policy | event_policy |
logdesc | event_profile |
cfgattr | event_ref |
level,pri | event_severity |
subtype | event_subtype |
type | event_type |
quar_file_name,smtp_attachname | file_name |
http_host,dm_orihost | host_name |
http_cookie | http_cookie |
http_method | http_method |
http_referer | http_referer |
http_url | http_url |
http_agent | http_useragent |
smtp_from | mail_from |
smtp_bodylen | mail_size |
smtp_subject | mail_subject |
smtp_to | mail_to |
proto | net_proto |
ibytes | net_recvbytes |
obytes | net_sentbytes |
dm_sessionid | net_sessionid |
src | src_domain |
srccountry | src_geo |
src_port | src_port |
threat_action | threat_action |
threat_direction | threat_direction |
threat_id | threat_id |
threat_name | threat_name |
threat_pattern | threat_pattern |
threat_ref | threat_ref |
threat_score | threat_score |
threat_severity | threat_severity |
threat_type | threat_type |
auth_status | user_authtype |
usergrp | user_group |
user | user_id |
ftp_username | user_name |