FortiMail logs
FortiAnalyzer supports normalizing FortiMail logs as Fabric logs.
The following field mapping applies:
|
FortiMail Log Field |
Normalized Fabric Log Field |
|---|---|
| loguid,id | loguid |
| epid | epid |
| euid | euid |
| devid,device_id | data_sourceid |
| data_sourcename | data_sourcename |
| data_sourcetype | data_sourcetype |
| dtime | data_timestamp |
| dst_ip | dst_ip |
| concat_eventaction,disposition | event_action |
| logid,log_id | event_id |
| msg | event_message |
| polid | event_policy |
| classifier | event_profile |
| event_message | event_ref |
| pri | event_severity |
| subtype | event_subtype |
| type | event_type |
| file_hash | file_hash |
| file_hash_type | file_hashtype |
| file_name | file_name |
| host_classification | host_classification |
| host_hwvendor | host_hwvendor |
| host_hwver | host_hwver |
| host_ip | host_ip |
| host_mac | host_mac |
| host_name | host_name |
| host_osname | host_osname |
| host_osver | host_osver |
| host_type | host_type |
| mail_from | mail_from |
| message_length | mail_size |
| subject | mail_subject |
| to | mail_to |
| direction | net_direction |
| session_id | net_sessionid |
| client_name | src_domain |
| location | src_geo |
| client_ip | src_ip |
| threat_name | threat_name |
| threat_pattern | threat_pattern |
| ui,domain_name | user_domain |
| user,user_name | user_id |