Skip to content

Fortinet Fortianalyzer

Description

Constructor : Fortinet

Product : Fortianalyzer

Log type(s) : FW, PRX

Theoretical injector performance

14861 EPS

Log sample

1
date=2016-01-01 time=10:35:54 clusterid=GHA00081279259040_CID logver=52 clusterid=GHA0008127925_CID devname=fi-essa-fg-inetfw01a devid=GHA0008127925_CID logid=0000000009 type=traffic subtype=forward level=notice vd=proxy srcip=143.41.142.75 srcport=57361 srcintf="int-prxy-office" dstip=163.87.162.107 dstport=57092 dstintf="npu0_vlink1" sessionid=949003901 poluuid=e9e00144-4032-51e5-9040-e9ed1146a344 dstcountry="United States" srccountry="Reserved" service=HTTPS wanoptapptype=web-cache proto=6 duration=643 policyid=1 wanin=5062 rcvdbyte=46281 wanout=850 lanin=1023 sentbyte=3497 lanout=5134
1
date=2016-01-02 time=10:38:19 clusterid=GHA00081279258886_CID logver=52 clusterid=GHA0008127925_CID devname=fi-essa-fg-inetfw01a devid=GHA0008127925_CID logid=0000000015 type=utm subtype=webfilter eventtype=urlfilter level=notice vd=proxy sessionid=822906153 user="" srcip=100.160.25.223 srcport=57491 srcintf="int-prxy-office" dstip=3.56.134.140 dstport=57464 dstintf="npu0_vlink1" proto=6 service=HTTP hostname="ctldl.windowsupdate.com" profile="URL-Log" action=passthrough reqtype=direct url="/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?f4836fe57897b015" sentbyte=55405 rcvdbyte=23308 direction=outgoing msg="URL has been visited" method=ip cat=0

Fields normalization

Mandatory :

Normalized fields Parsed fields
[type]
[action] [kv][action]
[alarm][sev] [kv][level]
[app][proto][name] [kv][service]
[app][proto][num] [kv][proto]
[init][host][ip] [kv][srcip]
[init][host][port] [kv][srcport]
[init][host][if] [kv][srcintf]
[obs][host][name] [kv][devname]
[obs][ts] [kv][date] & [kv][time]
[rule][uid] [kv][poluuid]
[session][id] [kv][sessionid]
[session][in][byte] [kv][sentbyte]
[session][out][byte] [kv][rcvdbyte]

Optional :

Normalized fields Parsed fields
[obs][process][status] [kv][status]
[session][out][packet] [kv][sentpkt]
[session][in][packet] [kv][rcvdpkt]
[session][duration] [kv][duration]
[target][uri][url] [kv][url]