FortiProxy logs

FortiAnalyzer supports normalizing FortiProxy logs as Fabric logs.

The following field mapping applies:

FortiProxy Log Field	Normalized Fabric Log Field
loguid,id	loguid
epid	epid
euid	euid
devid,device_id	data_sourceid
data_source_name	data_sourcename
data_sourcetype	data_sourcetype
dtime	data_timestamp
appcat	app_cat
appid	app_id
app	app_name
daemon,pid	app_proc
service	app_service
state	app_state
qname	dns_query
qtype	dns_querytype
hostname	dst_domain
dstcountry	dst_geo
dst_info	dst_intf
dstip	dst_ip
dstmac	dst_mac
tranip	dst_natip
tranport	dst_natport
dstport,dst_port	dst_port
action	event_action
logid,log_id	event_id
msg	event_message
error	event_outcome
policyid	event_policy
applist	event_profile
level	event_severity
subtype	event_subtype
type	event_type
filetype	file_ext
hash,checksum	file_hash
file,filename	file_name
path	file_path
filesize	file_size
host_classification	host_classification
host_hwvendor	host_hwvendor
host_hwver	host_hwver
host_ip	host_ip
mastersrcmac,host_mac	host_mac
srcname,host_name	host_name
osname,host_osname	host_osname
osversion,host_osver	host_osver
devtype,host_type	host_type
srcuuid	host_uid
url	http_url
agent	http_useragent
from	mail_from
size	mail_size
subject	mail_subject
to	mail_to
direction	net_direction
srcssid	net_name
proto	net_proto
rcvdpkt	net_rcvdpkts
rcvdbyte	net_recvbytes
sentbyte	net_sentbytes
sentpkt	net_sentpkts
duration	net_sessionduration
sessionid,session_id	net_sessionid
ssid	net_ssid
srcname	src_domain
srccountry	src_geo
src_info	src_intf
srcip	src_ip
srcmac,source_mac	src_mac
transip	src_natip
transport	src_natport
srcport,src_port	src_port
sslaction	threat_action
direction	threat_direction
vulnid,virusid,attackid	threat_id
vulnname,virus,attack	threat_name
attackcontext	threat_pattern
ref,cveid	threat_ref
auditscore	threat_score
severity	threat_severity
threattype	threat_type
group,unauthusersource	user_group
user,unauthuser,clouduser	user_id