Fortinet black logo

Fabric Normalization Reference

Home FortiAnalyzer 7.4.1 Fabric Normalization Reference
7.4.1
7.4.2
7.4.1
7.4.0
7.2.5
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0

FortiFirewall logs

FortiFirewall logs

FortiAnalyzer supports normalizing FortiFirewall logs as Fabric logs.

The following field mapping applies:

FortiFirewall Log Field

Normalized Fabric Log Field
loguid,id loguid
epid epid
euid euid
devid,device_id data_sourceid
data_source_name data_sourcename
data_sourcetype data_sourcetype
data_timestamp data_timestamp
appcat,app_cat,app-type app_cat
appid app_id
app app_name
service app_service
appact,app_action app_state
dns_name dns_querytype
dstname dst_domain
dstcountry,dst_country dst_geo
dstintf,dst_int dst_intf
dstip,dst dst_ip
dstmac dst_mac
dstport,dst_port dst_port
action,status event_action
msg event_message
policyid event_policy
alert,error event_profile
level event_severity
subtype event_subtype
type event_type
processtime file_accessetime
hash file_hash
file file_name
filesize file_size
srchwvendor host_hwvendor
srchwversion host_hwver
mac host_mac
hostname host_name
srcfamily host_osfamily
osname host_osname
osversion host_osver
devtype host_type
vpntype http_method
vpn http_referer
url http_url
agent http_useragent
from mail_from
to mail_to
direction net_direction
rcvdpkt,rcvd_pkt net_rcvdpkts
rcvdbyte,rcvd net_recvbytes
sentbyte,sent net_sentbytes
sentpkt,sent_pkt net_sentpkts
duration net_sessionduration
sessionid,SN net_sessionid
srcssid,ssid net_ssid
srcname,srcdomain src_domain
srccountry,src_country src_geo
srcintf,src_int src_intf
srcip,src src_ip
srcmac src_mac
srcport,src_port src_port
utmaction threat_action
virus,attack,attackname,attack_name,vulnname threat_name
securitymode threat_pattern
security threat_severity
group user_group
user,carrier_ep user_id
unauthuser,dstunauthuser user_name
Previous
Next

FortiFirewall logs

FortiAnalyzer supports normalizing FortiFirewall logs as Fabric logs.

The following field mapping applies:

FortiFirewall Log Field

Normalized Fabric Log Field
loguid,id loguid
epid epid
euid euid
devid,device_id data_sourceid
data_source_name data_sourcename
data_sourcetype data_sourcetype
data_timestamp data_timestamp
appcat,app_cat,app-type app_cat
appid app_id
app app_name
service app_service
appact,app_action app_state
dns_name dns_querytype
dstname dst_domain
dstcountry,dst_country dst_geo
dstintf,dst_int dst_intf
dstip,dst dst_ip
dstmac dst_mac
dstport,dst_port dst_port
action,status event_action
msg event_message
policyid event_policy
alert,error event_profile
level event_severity
subtype event_subtype
type event_type
processtime file_accessetime
hash file_hash
file file_name
filesize file_size
srchwvendor host_hwvendor
srchwversion host_hwver
mac host_mac
hostname host_name
srcfamily host_osfamily
osname host_osname
osversion host_osver
devtype host_type
vpntype http_method
vpn http_referer
url http_url
agent http_useragent
from mail_from
to mail_to
direction net_direction
rcvdpkt,rcvd_pkt net_rcvdpkts
rcvdbyte,rcvd net_recvbytes
sentbyte,sent net_sentbytes
sentpkt,sent_pkt net_sentpkts
duration net_sessionduration
sessionid,SN net_sessionid
srcssid,ssid net_ssid
srcname,srcdomain src_domain
srccountry,src_country src_geo
srcintf,src_int src_intf
srcip,src src_ip
srcmac src_mac
srcport,src_port src_port
utmaction threat_action
virus,attack,attackname,attack_name,vulnname threat_name
securitymode threat_pattern
security threat_severity
group user_group
user,carrier_ep user_id
unauthuser,dstunauthuser user_name
Previous
Next