FortiProxy logs
FortiAnalyzer supports normalizing FortiProxy logs as Fabric logs.
The following field mapping applies:
FortiProxy Log Field |
Normalized Fabric Log Field |
---|---|
loguid,id | loguid |
epid | epid |
euid | euid |
devid,device_id | data_sourceid |
data_source_name | data_sourcename |
data_sourcetype | data_sourcetype |
dtime | data_timestamp |
appcat | app_cat |
appid | app_id |
app | app_name |
daemon,pid | app_proc |
service | app_service |
state | app_state |
qname | dns_query |
qtype | dns_querytype |
hostname | dst_domain |
dstcountry | dst_geo |
dst_info | dst_intf |
dstip | dst_ip |
dstmac | dst_mac |
tranip | dst_natip |
tranport | dst_natport |
dstport,dst_port | dst_port |
action | event_action |
logid,log_id | event_id |
msg | event_message |
error | event_outcome |
policyid | event_policy |
applist | event_profile |
level | event_severity |
subtype | event_subtype |
type | event_type |
filetype | file_ext |
hash,checksum | file_hash |
file,filename | file_name |
path | file_path |
filesize | file_size |
host_classification | host_classification |
host_hwvendor | host_hwvendor |
host_hwver | host_hwver |
host_ip | host_ip |
mastersrcmac,host_mac | host_mac |
srcname,host_name | host_name |
osname,host_osname | host_osname |
osversion,host_osver | host_osver |
devtype,host_type | host_type |
srcuuid | host_uid |
url | http_url |
agent | http_useragent |
from | mail_from |
size | mail_size |
subject | mail_subject |
to | mail_to |
direction | net_direction |
srcssid | net_name |
proto | net_proto |
rcvdpkt | net_rcvdpkts |
rcvdbyte | net_recvbytes |
sentbyte | net_sentbytes |
sentpkt | net_sentpkts |
duration | net_sessionduration |
sessionid,session_id | net_sessionid |
ssid | net_ssid |
srcname | src_domain |
srccountry | src_geo |
src_info | src_intf |
srcip | src_ip |
srcmac,source_mac | src_mac |
transip | src_natip |
transport | src_natport |
srcport,src_port | src_port |
sslaction | threat_action |
direction | threat_direction |
vulnid,virusid,attackid | threat_id |
vulnname,virus,attack | threat_name |
attackcontext | threat_pattern |
ref,cveid | threat_ref |
auditscore | threat_score |
severity | threat_severity |
threattype | threat_type |
group,unauthusersource | user_group |
user,unauthuser,clouduser | user_id |