FortiNAC logs
FortiAnalyzer supports normalizing FortiNAC logs as Fabric logs.
The following field mapping applies:
|
FortiNAC Log Field |
Normalized Fabric Log Field |
|---|---|
| loguid,id | loguid |
| epid | epid |
| euid | euid |
| devid,device_id | data_sourceid |
| data_source_name | data_sourcename |
| data_sourcetype | data_sourcetype |
| dtime | data_timestamp |
| sn | app_name |
| agentplat | app_service |
| mailstate | app_state |
| agentver,fwver | app_ver |
| action | event_action |
| msg | event_message |
| severity | event_severity |
| subtype | event_subtype |
| type | event_type |
| lastactivitytime | file_accessetime |
| createtime | file_createtime |
| imagetype | file_ext |
| element,label,host_classification | host_classification |
| vendorname,vendoroid,host_hwvendor | host_hwvendor |
| hwtype,host_hwver | host_hwver |
| ip,host_ip | host_ip |
| location | host_location |
| mac,host_mac | host_mac |
| hostname,name,host_name | host_name |
| os,host_osname | host_osname |
| fwver,host_osver | host_osver |
| owner | host_owner |
| endpointtype,devtype,cat,host_type | host_type |
| endpointid,vendoroid | host_uid |
| portid | src_port |
| usertype | user_classification |
| adminprofile | user_domain |
| user_email | |
| userid,user | user_id |
| user_geo | user_location |
| user_username | user_name |
| org | user_org |
| user_phone | user_phone |
| position | user_role |
| user_social | user_social |