FortiIsolator logs
FortiAnalyzer supports normalizing FortiIsolator logs as Fabric logs.
The following field mapping applies:
|
FortiIsolator Log Field |
Normalized Fabric Log Field |
|---|---|
| loguid,id | loguid |
| epid | epid |
| euid | euid |
| devid | data_sourceid |
| data_sourcename | data_sourcename |
| data_sourcetype | data_sourcetype |
| data_timestamp | data_timestamp |
| browsertype | app_name |
| pid | app_proc |
| browserver | app_ver |
| avaction,wfaction | event_action |
| msg | event_message |
| avresult | event_outcome |
| avblockreason | event_policy |
| avengine,wfprofile,icapprofile,iprofile,clicmd | event_profile |
| event_severity | event_severity |
| subtype | event_subtype |
| type | event_type |
| filepath | file_path |
| filesize | file_size |
| protocol | http_method |
| dsturl | http_url |
| sessionid | net_sessionid |
| clientip | src_ip |
| usertype | user_classification |
| user | user_id |