Fortinet black logo

Fabric Normalization Reference

Home FortiAnalyzer 7.2.2 Fabric Normalization Reference
7.2.2
7.4.2
7.4.1
7.4.0
7.2.5
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0

FortiSwitch logs

FortiSwitch logs

FortiAnalyzer supports normalizing FortiSwitch logs as Fabric logs.

The following field mapping applies:

FortiSwitch Log Field

Normalized Fabric Log Field

loguid,id

loguid

epid

epid

euid

euid
device_id,devid data_sourceid
data_source_name data_sourcename

data_sourcetype

data_sourcetype
data_timestamp data_timestamp
dstip dst_ip
action event_action
logid,log_id event_id
msg event_message
status event_outcome
profile,reason event_profile
level,pri event_severity
subtype event_subtype
type event_type
ui http_url
mirror-session net_sessionid
switch.interface src_intf
srcip,auto-ip src_ip
switch.physical-port,port src_port
userfrom user_group
user user_id
Previous
Next

FortiSwitch logs

FortiAnalyzer supports normalizing FortiSwitch logs as Fabric logs.

The following field mapping applies:

FortiSwitch Log Field

Normalized Fabric Log Field

loguid,id

loguid

epid

epid

euid

euid
device_id,devid data_sourceid
data_source_name data_sourcename

data_sourcetype

data_sourcetype
data_timestamp data_timestamp
dstip dst_ip
action event_action
logid,log_id event_id
msg event_message
status event_outcome
profile,reason event_profile
level,pri event_severity
subtype event_subtype
type event_type
ui http_url
mirror-session net_sessionid
switch.interface src_intf
srcip,auto-ip src_ip
switch.physical-port,port src_port
userfrom user_group
user user_id
Previous
Next