Fortinet Fortianalyzer¶
Description¶
Constructor : Fortinet
Product : Fortianalyzer
Log type(s) : FW, PRX
Theoretical injector performance¶
14861 EPS
Log sample¶
1 | date=2016-01-01 time=10:35:54 clusterid=GHA00081279259040_CID logver=52 clusterid=GHA0008127925_CID devname=fi-essa-fg-inetfw01a devid=GHA0008127925_CID logid=0000000009 type=traffic subtype=forward level=notice vd=proxy srcip=143.41.142.75 srcport=57361 srcintf="int-prxy-office" dstip=163.87.162.107 dstport=57092 dstintf="npu0_vlink1" sessionid=949003901 poluuid=e9e00144-4032-51e5-9040-e9ed1146a344 dstcountry="United States" srccountry="Reserved" service=HTTPS wanoptapptype=web-cache proto=6 duration=643 policyid=1 wanin=5062 rcvdbyte=46281 wanout=850 lanin=1023 sentbyte=3497 lanout=5134 |
1 | date=2016-01-02 time=10:38:19 clusterid=GHA00081279258886_CID logver=52 clusterid=GHA0008127925_CID devname=fi-essa-fg-inetfw01a devid=GHA0008127925_CID logid=0000000015 type=utm subtype=webfilter eventtype=urlfilter level=notice vd=proxy sessionid=822906153 user="" srcip=100.160.25.223 srcport=57491 srcintf="int-prxy-office" dstip=3.56.134.140 dstport=57464 dstintf="npu0_vlink1" proto=6 service=HTTP hostname="ctldl.windowsupdate.com" profile="URL-Log" action=passthrough reqtype=direct url="/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?f4836fe57897b015" sentbyte=55405 rcvdbyte=23308 direction=outgoing msg="URL has been visited" method=ip cat=0 |
Fields normalization¶
Mandatory :
| Normalized fields | Parsed fields |
|---|---|
| [type] | |
| [action] | [kv][action] |
| [alarm][sev] | [kv][level] |
| [app][proto][name] | [kv][service] |
| [app][proto][num] | [kv][proto] |
| [init][host][ip] | [kv][srcip] |
| [init][host][port] | [kv][srcport] |
| [init][host][if] | [kv][srcintf] |
| [obs][host][name] | [kv][devname] |
| [obs][ts] | [kv][date] & [kv][time] |
| [rule][uid] | [kv][poluuid] |
| [session][id] | [kv][sessionid] |
| [session][in][byte] | [kv][sentbyte] |
| [session][out][byte] | [kv][rcvdbyte] |
Optional :
| Normalized fields | Parsed fields |
|---|---|
| [obs][process][status] | [kv][status] |
| [session][out][packet] | [kv][sentpkt] |
| [session][in][packet] | [kv][rcvdpkt] |
| [session][duration] | [kv][duration] |
| [target][uri][url] | [kv][url] |