Audit trail
The following table describes the fields in audit trails. The order that the fields are listed reflects the order of the fields in audit trails syslog messages.
Syslog Field |
Description |
Data Type |
Length |
---|---|---|---|
Organization |
Name of the organization the system event belongs to. |
String |
100 |
Date |
Time of the occurrence of the audited action in UTC format: DD-MM-YYYY, hh:mm:ss. FortiEDR uses the Central Manager’s time when tracking audit trails. |
Timestamp |
18 |
Sub-system |
Name of the FortiEDR module where the audited action was performed. For example: Administration, System, System Events. |
String |
25 |
User Name |
Name of the user performing the audited action. |
String |
250 |
Description |
Details of the audited action. |
String |
1500 |