Fortinet fields

edit

fortinet Module

fortinet

edit

Fields from fortinet FortiOS

fortinet.file.hash.crc32

CRC32 Hash of file

type: keyword

firewall

edit

Module for parsing Fortinet syslog.

fortinet.firewall.acct_stat

Accounting state (RADIUS)

type: keyword

fortinet.firewall.acktime

Alarm Acknowledge Time

type: keyword

fortinet.firewall.act

Action

type: keyword

fortinet.firewall.action

Status of the session

type: keyword

fortinet.firewall.activity

HA activity message

type: keyword

fortinet.firewall.addr

IP Address

type: ip

fortinet.firewall.addr_type

Address Type

type: keyword

fortinet.firewall.addrgrp

Address Group

type: keyword

fortinet.firewall.adgroup

AD Group Name

type: keyword

fortinet.firewall.admin

Admin User

type: keyword

fortinet.firewall.age

Time in seconds - time passed since last seen

type: integer

fortinet.firewall.agent

User agent - eg. agent="Mozilla/5.0"

type: keyword

fortinet.firewall.alarmid

Alarm ID

type: integer

fortinet.firewall.alert

Alert

type: keyword

fortinet.firewall.analyticscksum

The checksum of the file submitted for analytics

type: keyword

fortinet.firewall.analyticssubmit

The flag for analytics submission

type: keyword

fortinet.firewall.ap

Access Point

type: keyword

fortinet.firewall.app-type

Address Type

type: keyword

fortinet.firewall.appact

The security action from app control

type: keyword

fortinet.firewall.appid

Application ID

type: integer

fortinet.firewall.applist

Application Control profile

type: keyword

fortinet.firewall.apprisk

Application Risk Level

type: keyword

fortinet.firewall.apscan

The name of the AP, which scanned and detected the rogue AP

type: keyword

fortinet.firewall.apsn

Access Point

type: keyword

fortinet.firewall.apstatus

Access Point status

type: keyword

fortinet.firewall.aptype

Access Point type

type: keyword

fortinet.firewall.assigned

Assigned IP Address

type: ip

fortinet.firewall.assignip

Assigned IP Address

type: ip

fortinet.firewall.attachment

The flag for email attachement

type: keyword

fortinet.firewall.attack

Attack Name

type: keyword

fortinet.firewall.attackcontext

The trigger patterns and the packetdata with base64 encoding

type: keyword

fortinet.firewall.attackcontextid

Attack context id / total

type: keyword

fortinet.firewall.attackid

Attack ID

type: integer

fortinet.firewall.auditid

Audit ID

type: long

fortinet.firewall.auditscore

The Audit Score

type: keyword

fortinet.firewall.audittime

The time of the audit

type: long

fortinet.firewall.authgrp

Authorization Group

type: keyword

fortinet.firewall.authid

Authentication ID

type: keyword

fortinet.firewall.authproto

The protocol that initiated the authentication

type: keyword

fortinet.firewall.authserver

Authentication server

type: keyword

fortinet.firewall.bandwidth

Bandwidth

type: keyword

fortinet.firewall.banned_rule

NAC quarantine Banned Rule Name

type: keyword

fortinet.firewall.banned_src

NAC quarantine Banned Source IP

type: keyword

fortinet.firewall.banword

Banned word

type: keyword

fortinet.firewall.botnetdomain

Botnet Domain Name

type: keyword

fortinet.firewall.botnetip

Botnet IP Address

type: ip

fortinet.firewall.bssid

Service Set ID

type: keyword

fortinet.firewall.call_id

Caller ID

type: keyword

fortinet.firewall.carrier_ep

The FortiOS Carrier end-point identification

type: keyword

fortinet.firewall.cat

DNS category ID

type: integer

fortinet.firewall.category

Authentication category

type: keyword

fortinet.firewall.cc

CC Email Address

type: keyword

fortinet.firewall.cdrcontent

Cdrcontent

type: keyword

fortinet.firewall.centralnatid

Central NAT ID

type: integer

fortinet.firewall.cert

Certificate

type: keyword

fortinet.firewall.cert-type

Certificate type

type: keyword

fortinet.firewall.certhash

Certificate hash

type: keyword

fortinet.firewall.cfgattr

Configuration attribute

type: keyword

fortinet.firewall.cfgobj

Configuration object

type: keyword

fortinet.firewall.cfgpath

Configuration path

type: keyword

fortinet.firewall.cfgtid

Configuration transaction ID

type: keyword

fortinet.firewall.cfgtxpower

Configuration TX power

type: integer

fortinet.firewall.channel

Wireless Channel

type: integer

fortinet.firewall.channeltype

SSH channel type

type: keyword

fortinet.firewall.chassisid

Chassis ID

type: integer

fortinet.firewall.checksum

The checksum of the scanned file

type: keyword

fortinet.firewall.chgheaders

HTTP Headers

type: keyword

fortinet.firewall.cldobjid

Connector object ID

type: keyword

fortinet.firewall.client_addr

Wifi client address

type: keyword

fortinet.firewall.cloudaction

Cloud Action

type: keyword

fortinet.firewall.clouduser

Cloud User

type: keyword

fortinet.firewall.column

VOIP Column

type: integer

fortinet.firewall.command

CLI Command

type: keyword

fortinet.firewall.community

SNMP Community

type: keyword

fortinet.firewall.configcountry

Configuration country

type: keyword

fortinet.firewall.connection_type

FortiClient Connection Type

type: keyword

fortinet.firewall.conserve

Flag for conserve mode

type: keyword

fortinet.firewall.constraint

WAF http protocol restrictions

type: keyword

fortinet.firewall.contentdisarmed

Email scanned content

type: keyword

fortinet.firewall.contenttype

Content Type from HTTP header

type: keyword

fortinet.firewall.cookies

VPN Cookie

type: keyword

fortinet.firewall.count

Counts of action type

type: integer

fortinet.firewall.countapp

Number of App Ctrl logs associated with the session

type: integer

fortinet.firewall.countav

Number of AV logs associated with the session

type: integer

fortinet.firewall.countcifs

Number of CIFS logs associated with the session

type: integer

fortinet.firewall.countdlp

Number of DLP logs associated with the session

type: integer

fortinet.firewall.countdns

Number of DNS logs associated with the session

type: integer

fortinet.firewall.countemail

Number of email logs associated with the session

type: integer

fortinet.firewall.countff

Number of ff logs associated with the session

type: integer

fortinet.firewall.countips

Number of IPS logs associated with the session

type: integer

fortinet.firewall.countssh

Number of SSH logs associated with the session

type: integer

fortinet.firewall.countssl

Number of SSL logs associated with the session

type: integer

fortinet.firewall.countwaf

Number of WAF logs associated with the session

type: integer

fortinet.firewall.countweb

Number of Web filter logs associated with the session

type: integer

fortinet.firewall.cpu

CPU Usage

type: integer

fortinet.firewall.craction

Client Reputation Action

type: integer

fortinet.firewall.criticalcount

Number of critical ratings

type: integer

fortinet.firewall.crl

Client Reputation Level

type: keyword

fortinet.firewall.crlevel

Client Reputation Level

type: keyword

fortinet.firewall.crscore

Some description

type: integer

fortinet.firewall.cveid

CVE ID

type: keyword

fortinet.firewall.daemon

Daemon name

type: keyword

fortinet.firewall.datarange

Data range for reports

type: keyword

fortinet.firewall.date

Date

type: keyword

fortinet.firewall.ddnsserver

DDNS server

type: ip

fortinet.firewall.desc

Description

type: keyword

fortinet.firewall.detectionmethod

Detection method

type: keyword

fortinet.firewall.devcategory

Device category

type: keyword

fortinet.firewall.devintfname

HA device Interface Name

type: keyword

fortinet.firewall.devtype

Device type

type: keyword

fortinet.firewall.dhcp_msg

DHCP Message

type: keyword

fortinet.firewall.dintf

Destination interface

type: keyword

fortinet.firewall.disk

Assosciated disk

type: keyword

fortinet.firewall.disklograte

Disk logging rate

type: long

fortinet.firewall.dlpextra

DLP extra information

type: keyword

fortinet.firewall.docsource

DLP fingerprint document source

type: keyword

fortinet.firewall.domainctrlauthstate

CIFS domain auth state

type: integer

fortinet.firewall.domainctrlauthtype

CIFS domain auth type

type: integer

fortinet.firewall.domainctrldomain

CIFS domain auth domain

type: keyword

fortinet.firewall.domainctrlip

CIFS Domain IP

type: ip

fortinet.firewall.domainctrlname

CIFS Domain name

type: keyword

fortinet.firewall.domainctrlprotocoltype

CIFS Domain connection protocol

type: integer

fortinet.firewall.domainctrlusername

CIFS Domain username

type: keyword

fortinet.firewall.domainfilteridx

Domain filter ID

type: integer

fortinet.firewall.domainfilterlist

Domain filter name

type: keyword

fortinet.firewall.ds

Direction with distribution system

type: keyword

fortinet.firewall.dst_int

Destination interface

type: keyword

fortinet.firewall.dstintfrole

Destination interface role

type: keyword

fortinet.firewall.dstcountry

Destination country

type: keyword

fortinet.firewall.dstdevcategory

Destination device category

type: keyword

fortinet.firewall.dstdevtype

Destination device type

type: keyword

fortinet.firewall.dstfamily

Destination OS family

type: keyword

fortinet.firewall.dsthwvendor

Destination HW vendor

type: keyword

fortinet.firewall.dsthwversion

Destination HW version

type: keyword

fortinet.firewall.dstinetsvc

Destination interface service

type: keyword

fortinet.firewall.dstosname

Destination OS name

type: keyword

fortinet.firewall.dstosversion

Destination OS version

type: keyword

fortinet.firewall.dstserver

Destination server

type: integer

fortinet.firewall.dstssid

Destination SSID

type: keyword

fortinet.firewall.dstswversion

Destination software version

type: keyword

fortinet.firewall.dstunauthusersource

Destination unauthenticated source

type: keyword

fortinet.firewall.dstuuid

UUID of the Destination IP address

type: keyword

fortinet.firewall.duid

DHCP UID

type: keyword

fortinet.firewall.eapolcnt

EAPOL packet count

type: integer

fortinet.firewall.eapoltype

EAPOL packet type

type: keyword

fortinet.firewall.encrypt

Whether the packet is encrypted or not

type: integer

fortinet.firewall.encryption

Encryption method

type: keyword

fortinet.firewall.epoch

Epoch used for locating file

type: integer

fortinet.firewall.espauth

ESP Authentication

type: keyword

fortinet.firewall.esptransform

ESP Transform

type: keyword

fortinet.firewall.exch

Mail Exchanges from DNS response answer section

type: keyword

fortinet.firewall.exchange

Mail Exchanges from DNS response answer section

type: keyword

fortinet.firewall.expectedsignature

Expected SSL signature

type: keyword

fortinet.firewall.expiry

FortiGuard override expiry timestamp

type: keyword

fortinet.firewall.fams_pause

Fortinet Analysis and Management Service Pause

type: integer

fortinet.firewall.fazlograte

FortiAnalyzer Logging Rate

type: long

fortinet.firewall.fctemssn

FortiClient Endpoint SSN

type: keyword

fortinet.firewall.fctuid

FortiClient UID

type: keyword

fortinet.firewall.field

NTP status field

type: keyword

fortinet.firewall.filefilter

The filter used to identify the affected file

type: keyword

fortinet.firewall.filehashsrc

Filehash source

type: keyword

fortinet.firewall.filtercat

DLP filter category

type: keyword

fortinet.firewall.filteridx

DLP filter ID

type: integer

fortinet.firewall.filtername

DLP rule name

type: keyword

fortinet.firewall.filtertype

DLP filter type

type: keyword

fortinet.firewall.fortiguardresp

Antispam ESP value

type: keyword

fortinet.firewall.forwardedfor

Email address forwarded

type: keyword

fortinet.firewall.fqdn

FQDN

type: keyword

fortinet.firewall.frametype

Wireless frametype

type: keyword

fortinet.firewall.freediskstorage

Free disk integer

type: integer

fortinet.firewall.from

From email address

type: keyword

fortinet.firewall.from_vcluster

Source virtual cluster number

type: integer

fortinet.firewall.fsaverdict

FSA verdict

type: keyword

fortinet.firewall.fwserver_name

Web proxy server name

type: keyword

fortinet.firewall.gateway

Gateway ip address for PPPoE status report

type: ip

fortinet.firewall.green

Memory status

type: keyword

fortinet.firewall.groupid

User Group ID

type: integer

fortinet.firewall.ha-prio

HA Priority

type: integer

fortinet.firewall.ha_group

HA Group

type: keyword

fortinet.firewall.ha_role

HA Role

type: keyword

fortinet.firewall.handshake

SSL Handshake

type: keyword

fortinet.firewall.hash

Hash value of downloaded file

type: keyword

fortinet.firewall.hbdn_reason

Heartbeat down reason

type: keyword

fortinet.firewall.highcount

Highcount fabric summary

type: integer

fortinet.firewall.host

Hostname

type: keyword

fortinet.firewall.iaid

DHCPv6 id

type: keyword

fortinet.firewall.icmpcode

Destination Port of the ICMP message

type: keyword

fortinet.firewall.icmpid

Source port of the ICMP message

type: keyword

fortinet.firewall.icmptype

The type of ICMP message

type: keyword

fortinet.firewall.identifier

Network traffic identifier

type: integer

fortinet.firewall.in_spi

IPSEC inbound SPI

type: keyword

fortinet.firewall.incidentserialno

Incident serial number

type: integer

fortinet.firewall.infected

Infected MMS

type: integer

fortinet.firewall.infectedfilelevel

DLP infected file level

type: integer

fortinet.firewall.informationsource

Information source

type: keyword

fortinet.firewall.init

IPSEC init stage

type: keyword

fortinet.firewall.initiator

Original login user name for Fortiguard override

type: keyword

fortinet.firewall.interface

Related interface

type: keyword

fortinet.firewall.intf

Related interface

type: keyword

fortinet.firewall.invalidmac

The MAC address with invalid OUI

type: keyword

fortinet.firewall.ip

Related IP

type: ip

fortinet.firewall.iptype

Related IP type

type: keyword

fortinet.firewall.keyword

Keyword used for search

type: keyword

fortinet.firewall.kind

VOIP kind

type: keyword

fortinet.firewall.lanin

LAN incoming traffic in bytes

type: long

fortinet.firewall.lanout

LAN outbound traffic in bytes

type: long

fortinet.firewall.lease

DHCP lease

type: integer

fortinet.firewall.license_limit

Maximum Number of FortiClients for the License

type: keyword

fortinet.firewall.limit

Virtual Domain Resource Limit

type: integer

fortinet.firewall.line

VOIP line

type: keyword

fortinet.firewall.live

Time in seconds

type: integer

fortinet.firewall.local

Local IP for a PPPD Connection

type: ip

fortinet.firewall.log

Log message

type: keyword

fortinet.firewall.login

SSH login

type: keyword

fortinet.firewall.lowcount

Fabric lowcount

type: integer

fortinet.firewall.mac

DHCP mac address

type: keyword

fortinet.firewall.malform_data

VOIP malformed data

type: integer

fortinet.firewall.malform_desc

VOIP malformed data description

type: keyword

fortinet.firewall.manuf

Manufacturer name

type: keyword

fortinet.firewall.masterdstmac

Master mac address for a host with multiple network interfaces

type: keyword

fortinet.firewall.mastersrcmac

The master MAC address for a host that has multiple network interfaces

type: keyword

fortinet.firewall.mediumcount

Fabric medium count

type: integer

fortinet.firewall.mem

Memory usage system statistics

type: keyword

fortinet.firewall.meshmode

Wireless mesh mode

type: keyword

fortinet.firewall.message_type

VOIP message type

type: keyword

fortinet.firewall.method

HTTP method

type: keyword

fortinet.firewall.mgmtcnt

The number of unauthorized client flooding managemet frames

type: integer

fortinet.firewall.mode

IPSEC mode

type: keyword

fortinet.firewall.module

PCI-DSS module

type: keyword

fortinet.firewall.monitor-name

Health Monitor Name

type: keyword

fortinet.firewall.monitor-type

Health Monitor Type

type: keyword

fortinet.firewall.mpsk

Wireless MPSK

type: keyword

fortinet.firewall.msgproto

Message Protocol Number

type: keyword

fortinet.firewall.mtu

Max Transmission Unit Value

type: integer

fortinet.firewall.name

Name

type: keyword

fortinet.firewall.nat

NAT IP Address

type: keyword

fortinet.firewall.netid

Connector NetID

type: keyword

fortinet.firewall.new_status

New status on user change

type: keyword

fortinet.firewall.new_value

New Virtual Domain Name

type: keyword

fortinet.firewall.newchannel

New Channel Number

type: integer

fortinet.firewall.newchassisid

New Chassis ID

type: integer

fortinet.firewall.newslot

New Slot Number

type: integer

fortinet.firewall.nextstat

Time interval in seconds for the next statistics.

type: integer

fortinet.firewall.nf_type

Notification Type

type: keyword

fortinet.firewall.noise

Wifi Noise

type: integer

fortinet.firewall.old_status

Original Status

type: keyword

fortinet.firewall.old_value

Original Virtual Domain name

type: keyword

fortinet.firewall.oldchannel

Original channel

type: integer

fortinet.firewall.oldchassisid

Original Chassis Number

type: integer

fortinet.firewall.oldslot

Original Slot Number

type: integer

fortinet.firewall.oldsn

Old Serial number

type: keyword

fortinet.firewall.oldwprof

Old Web Filter Profile

type: keyword

fortinet.firewall.onwire

A flag to indicate if the AP is onwire or not

type: keyword

fortinet.firewall.opercountry

Operating Country

type: keyword

fortinet.firewall.opertxpower

Operating TX power

type: integer

fortinet.firewall.osname

Operating System name

type: keyword

fortinet.firewall.osversion

Operating System version

type: keyword

fortinet.firewall.out_spi

Out SPI

type: keyword

fortinet.firewall.outintf

Out interface

type: keyword

fortinet.firewall.passedcount

Fabric passed count

type: integer

fortinet.firewall.passwd

Changed user password information

type: keyword

fortinet.firewall.path

Path of looped configuration for security fabric

type: keyword

fortinet.firewall.peer

WAN optimization peer

type: keyword

fortinet.firewall.peer_notif

VPN peer notification

type: keyword

fortinet.firewall.phase2_name

VPN phase2 name

type: keyword

fortinet.firewall.phone

VOIP Phone

type: keyword

fortinet.firewall.pid

Process ID

type: integer

fortinet.firewall.policytype

Policy Type

type: keyword

fortinet.firewall.poolname

IP Pool name

type: keyword

fortinet.firewall.port

Log upload error port

type: integer

fortinet.firewall.portbegin

IP Pool port number to begin

type: integer

fortinet.firewall.portend

IP Pool port number to end

type: integer

fortinet.firewall.probeproto

Link Monitor Probe Protocol

type: keyword

fortinet.firewall.process

URL Filter process

type: keyword

fortinet.firewall.processtime

Process time for reports

type: integer

fortinet.firewall.profile

Profile Name

type: keyword

fortinet.firewall.profile_vd

Virtual Domain Name

type: keyword

fortinet.firewall.profilegroup

Profile Group Name

type: keyword

fortinet.firewall.profiletype

Profile Type

type: keyword

fortinet.firewall.qtypeval

DNS question type value

type: integer

fortinet.firewall.quarskip

Quarantine skip explanation

type: keyword

fortinet.firewall.quotaexceeded

If quota has been exceeded

type: keyword

fortinet.firewall.quotamax

Maximum quota allowed - in seconds if time-based - in bytes if traffic-based

type: long

fortinet.firewall.quotatype

Quota type

type: keyword

fortinet.firewall.quotaused

Quota used - in seconds if time-based - in bytes if trafficbased)

type: long

fortinet.firewall.radioband

Radio band

type: keyword

fortinet.firewall.radioid

Radio ID

type: integer

fortinet.firewall.radioidclosest

Radio ID on the AP closest the rogue AP

type: integer

fortinet.firewall.radioiddetected

Radio ID on the AP which detected the rogue AP

type: integer

fortinet.firewall.rate

Wireless rogue rate value

type: keyword

fortinet.firewall.rawdata

Raw data value

type: keyword

fortinet.firewall.rawdataid

Raw data ID

type: keyword

fortinet.firewall.rcvddelta

Received bytes delta

type: keyword

fortinet.firewall.reason

Alert reason

type: keyword

fortinet.firewall.received

Server key exchange received

type: integer

fortinet.firewall.receivedsignature

Server key exchange received signature

type: keyword

fortinet.firewall.red

Memory information in red

type: keyword

fortinet.firewall.referralurl

Web filter referralurl

type: keyword

fortinet.firewall.remote

Remote PPP IP address

type: ip

fortinet.firewall.remotewtptime

Remote Wifi Radius authentication time

type: keyword

fortinet.firewall.reporttype

Report type

type: keyword

fortinet.firewall.reqtype

Request type

type: keyword

fortinet.firewall.request_name

VOIP request name

type: keyword

fortinet.firewall.result

VPN phase result

type: keyword

fortinet.firewall.role

VPN Phase 2 role

type: keyword

fortinet.firewall.rssi

Received signal strength indicator

type: integer

fortinet.firewall.rsso_key

RADIUS SSO attribute value

type: keyword

fortinet.firewall.ruledata

Rule data

type: keyword

fortinet.firewall.ruletype

Rule type

type: keyword

fortinet.firewall.scanned

Number of Scanned MMSs

type: integer

fortinet.firewall.scantime

Scanned time

type: long

fortinet.firewall.scope

FortiGuard Override Scope

type: keyword

fortinet.firewall.security

Wireless rogue security

type: keyword

fortinet.firewall.sensitivity

Sensitivity for document fingerprint

type: keyword

fortinet.firewall.sensor

NAC Sensor Name

type: keyword

fortinet.firewall.sentdelta

Sent bytes delta

type: keyword

fortinet.firewall.seq

Sequence number

type: keyword

fortinet.firewall.serial

WAN optimisation serial

type: keyword

fortinet.firewall.serialno

Serial number

type: keyword

fortinet.firewall.server

AD server FQDN or IP

type: keyword

fortinet.firewall.session_id

Session ID

type: keyword

fortinet.firewall.sessionid

WAD Session ID

type: integer

fortinet.firewall.setuprate

Session Setup Rate

type: long

fortinet.firewall.severity

Severity

type: keyword

fortinet.firewall.shaperdroprcvdbyte

Received bytes dropped by shaper

type: integer

fortinet.firewall.shaperdropsentbyte

Sent bytes dropped by shaper

type: integer

fortinet.firewall.shaperperipdropbyte

Dropped bytes per IP by shaper

type: integer

fortinet.firewall.shaperperipname

Traffic shaper name (per IP)

type: keyword

fortinet.firewall.shaperrcvdname

Traffic shaper name for received traffic

type: keyword

fortinet.firewall.shapersentname

Traffic shaper name for sent traffic

type: keyword

fortinet.firewall.shapingpolicyid

Traffic shaper policy ID

type: integer

fortinet.firewall.signal

Wireless rogue API signal

type: integer

fortinet.firewall.size

Email size in bytes

type: long

fortinet.firewall.slot

Slot number

type: integer

fortinet.firewall.sn

Security fabric serial number

type: keyword

fortinet.firewall.snclosest

SN of the AP closest to the rogue AP

type: keyword

fortinet.firewall.sndetected

SN of the AP which detected the rogue AP

type: keyword

fortinet.firewall.snmeshparent

SN of the mesh parent

type: keyword

fortinet.firewall.spi

IPSEC SPI

type: keyword

fortinet.firewall.src_int

Source interface

type: keyword

fortinet.firewall.srcintfrole

Source interface role

type: keyword

fortinet.firewall.srccountry

Source country

type: keyword

fortinet.firewall.srcfamily

Source family

type: keyword

fortinet.firewall.srchwvendor

Source hardware vendor

type: keyword

fortinet.firewall.srchwversion

Source hardware version

type: keyword

fortinet.firewall.srcinetsvc

Source interface service

type: keyword

fortinet.firewall.srcname

Source name

type: keyword

fortinet.firewall.srcserver

Source server

type: integer

fortinet.firewall.srcssid

Source SSID

type: keyword

fortinet.firewall.srcswversion

Source software version

type: keyword

fortinet.firewall.srcuuid

Source UUID

type: keyword

fortinet.firewall.sscname

SSC name

type: keyword

fortinet.firewall.ssid

Base Service Set ID

type: keyword

fortinet.firewall.sslaction

SSL Action

type: keyword

fortinet.firewall.ssllocal

WAD SSL local

type: keyword

fortinet.firewall.sslremote

WAD SSL remote

type: keyword

fortinet.firewall.stacount

Number of stations/clients

type: integer

fortinet.firewall.stage

IPSEC stage

type: keyword

fortinet.firewall.stamac

802.1x station mac

type: keyword

fortinet.firewall.state

Admin login state

type: keyword

fortinet.firewall.status

Status

type: keyword

fortinet.firewall.stitch

Automation stitch triggered

type: keyword

fortinet.firewall.subject

Email subject

type: keyword

fortinet.firewall.submodule

Configuration Sub-Module Name

type: keyword

fortinet.firewall.subservice

AV subservice

type: keyword

fortinet.firewall.subtype

Log subtype

type: keyword

fortinet.firewall.suspicious

Number of Suspicious MMSs

type: integer

fortinet.firewall.switchproto

Protocol change information

type: keyword

fortinet.firewall.sync_status

The sync status with the master

type: keyword

fortinet.firewall.sync_type

The sync type with the master

type: keyword

fortinet.firewall.sysuptime

System uptime

type: keyword

fortinet.firewall.tamac

the MAC address of Transmitter, if none, then Receiver

type: keyword

fortinet.firewall.threattype

WIDS threat type

type: keyword

fortinet.firewall.time

Time of the event

type: keyword

fortinet.firewall.to

Email to field

type: keyword

fortinet.firewall.to_vcluster

destination virtual cluster number

type: integer

fortinet.firewall.total

Total memory

type: integer

fortinet.firewall.totalsession

Total Number of Sessions

type: integer

fortinet.firewall.trace_id

Session clash trace ID

type: keyword

fortinet.firewall.trandisp

NAT translation type

type: keyword

fortinet.firewall.transid

HTTP transaction ID

type: integer

fortinet.firewall.translationid

DNS filter transaltion ID

type: keyword

fortinet.firewall.trigger

Automation stitch trigger

type: keyword

fortinet.firewall.trueclntip

File filter true client IP

type: ip

fortinet.firewall.tunnelid

IPSEC tunnel ID

type: integer

fortinet.firewall.tunnelip

IPSEC tunnel IP

type: ip

fortinet.firewall.tunneltype

IPSEC tunnel type

type: keyword

fortinet.firewall.type

Module type

type: keyword

fortinet.firewall.ui

Admin authentication UI type

type: keyword

fortinet.firewall.unauthusersource

Unauthenticated user source

type: keyword

fortinet.firewall.unit

Power supply unit

type: integer

fortinet.firewall.urlfilteridx

URL filter ID

type: integer

fortinet.firewall.urlfilterlist

URL filter list

type: keyword

fortinet.firewall.urlsource

URL filter source

type: keyword

fortinet.firewall.urltype

URL filter type

type: keyword

fortinet.firewall.used

Number of Used IPs

type: integer

fortinet.firewall.used_for_type

Connection for the type

type: integer

fortinet.firewall.utmaction

Security action performed by UTM

type: keyword

fortinet.firewall.vap

Virtual AP

type: keyword

fortinet.firewall.vapmode

Virtual AP mode

type: keyword

fortinet.firewall.vcluster

virtual cluster id

type: integer

fortinet.firewall.vcluster_member

Virtual cluster member

type: integer

fortinet.firewall.vcluster_state

Virtual cluster state

type: keyword

fortinet.firewall.vd

Virtual Domain Name

type: keyword

fortinet.firewall.vdname

Virtual Domain Name

type: keyword

fortinet.firewall.vendorurl

Vulnerability scan vendor name

type: keyword

fortinet.firewall.version

Version

type: keyword

fortinet.firewall.vip

Virtual IP

type: keyword

fortinet.firewall.virus

Virus name

type: keyword

fortinet.firewall.virusid

Virus ID (unique virus identifier)

type: integer

fortinet.firewall.voip_proto

VOIP protocol

type: keyword

fortinet.firewall.vpn

VPN description

type: keyword

fortinet.firewall.vpntunnel

IPsec Vpn Tunnel Name

type: keyword

fortinet.firewall.vpntype

The type of the VPN tunnel

type: keyword

fortinet.firewall.vrf

VRF number

type: integer

fortinet.firewall.vulncat

Vulnerability Category

type: keyword

fortinet.firewall.vulnid

Vulnerability ID

type: integer

fortinet.firewall.vulnname

Vulnerability name

type: keyword

fortinet.firewall.vwlid

VWL ID

type: integer

fortinet.firewall.vwlquality

VWL quality

type: keyword

fortinet.firewall.vwlservice

VWL service

type: keyword

fortinet.firewall.vwpvlanid

VWP VLAN ID

type: integer

fortinet.firewall.wanin

WAN incoming traffic in bytes

type: long

fortinet.firewall.wanoptapptype

WAN Optimization Application type

type: keyword

fortinet.firewall.wanout

WAN outgoing traffic in bytes

type: long

fortinet.firewall.weakwepiv

Weak Wep Initiation Vector

type: keyword

fortinet.firewall.xauthgroup

XAuth Group Name

type: keyword

fortinet.firewall.xauthuser

XAuth User Name

type: keyword

fortinet.firewall.xid

Wireless X ID

type: integer