Fortinet fieldsedit
fortinet Module
fortinetedit
Fields from fortinet FortiOS
-
fortinet.file.hash.crc32 -
CRC32 Hash of file
type: keyword
firewalledit
Module for parsing Fortinet syslog.
-
fortinet.firewall.acct_stat -
Accounting state (RADIUS)
type: keyword
-
fortinet.firewall.acktime -
Alarm Acknowledge Time
type: keyword
-
fortinet.firewall.act -
Action
type: keyword
-
fortinet.firewall.action -
Status of the session
type: keyword
-
fortinet.firewall.activity -
HA activity message
type: keyword
-
fortinet.firewall.addr -
IP Address
type: ip
-
fortinet.firewall.addr_type -
Address Type
type: keyword
-
fortinet.firewall.addrgrp -
Address Group
type: keyword
-
fortinet.firewall.adgroup -
AD Group Name
type: keyword
-
fortinet.firewall.admin -
Admin User
type: keyword
-
fortinet.firewall.age -
Time in seconds - time passed since last seen
type: integer
-
fortinet.firewall.agent -
User agent - eg. agent="Mozilla/5.0"
type: keyword
-
fortinet.firewall.alarmid -
Alarm ID
type: integer
-
fortinet.firewall.alert -
Alert
type: keyword
-
fortinet.firewall.analyticscksum -
The checksum of the file submitted for analytics
type: keyword
-
fortinet.firewall.analyticssubmit -
The flag for analytics submission
type: keyword
-
fortinet.firewall.ap -
Access Point
type: keyword
-
fortinet.firewall.app-type -
Address Type
type: keyword
-
fortinet.firewall.appact -
The security action from app control
type: keyword
-
fortinet.firewall.appid -
Application ID
type: integer
-
fortinet.firewall.applist -
Application Control profile
type: keyword
-
fortinet.firewall.apprisk -
Application Risk Level
type: keyword
-
fortinet.firewall.apscan -
The name of the AP, which scanned and detected the rogue AP
type: keyword
-
fortinet.firewall.apsn -
Access Point
type: keyword
-
fortinet.firewall.apstatus -
Access Point status
type: keyword
-
fortinet.firewall.aptype -
Access Point type
type: keyword
-
fortinet.firewall.assigned -
Assigned IP Address
type: ip
-
fortinet.firewall.assignip -
Assigned IP Address
type: ip
-
fortinet.firewall.attachment -
The flag for email attachement
type: keyword
-
fortinet.firewall.attack -
Attack Name
type: keyword
-
fortinet.firewall.attackcontext -
The trigger patterns and the packetdata with base64 encoding
type: keyword
-
fortinet.firewall.attackcontextid -
Attack context id / total
type: keyword
-
fortinet.firewall.attackid -
Attack ID
type: integer
-
fortinet.firewall.auditid -
Audit ID
type: long
-
fortinet.firewall.auditscore -
The Audit Score
type: keyword
-
fortinet.firewall.audittime -
The time of the audit
type: long
-
fortinet.firewall.authgrp -
Authorization Group
type: keyword
-
fortinet.firewall.authid -
Authentication ID
type: keyword
-
fortinet.firewall.authproto -
The protocol that initiated the authentication
type: keyword
-
fortinet.firewall.authserver -
Authentication server
type: keyword
-
fortinet.firewall.bandwidth -
Bandwidth
type: keyword
-
fortinet.firewall.banned_rule -
NAC quarantine Banned Rule Name
type: keyword
-
fortinet.firewall.banned_src -
NAC quarantine Banned Source IP
type: keyword
-
fortinet.firewall.banword -
Banned word
type: keyword
-
fortinet.firewall.botnetdomain -
Botnet Domain Name
type: keyword
-
fortinet.firewall.botnetip -
Botnet IP Address
type: ip
-
fortinet.firewall.bssid -
Service Set ID
type: keyword
-
fortinet.firewall.call_id -
Caller ID
type: keyword
-
fortinet.firewall.carrier_ep -
The FortiOS Carrier end-point identification
type: keyword
-
fortinet.firewall.cat -
DNS category ID
type: integer
-
fortinet.firewall.category -
Authentication category
type: keyword
-
fortinet.firewall.cc -
CC Email Address
type: keyword
-
fortinet.firewall.cdrcontent -
Cdrcontent
type: keyword
-
fortinet.firewall.centralnatid -
Central NAT ID
type: integer
-
fortinet.firewall.cert -
Certificate
type: keyword
-
fortinet.firewall.cert-type -
Certificate type
type: keyword
-
fortinet.firewall.certhash -
Certificate hash
type: keyword
-
fortinet.firewall.cfgattr -
Configuration attribute
type: keyword
-
fortinet.firewall.cfgobj -
Configuration object
type: keyword
-
fortinet.firewall.cfgpath -
Configuration path
type: keyword
-
fortinet.firewall.cfgtid -
Configuration transaction ID
type: keyword
-
fortinet.firewall.cfgtxpower -
Configuration TX power
type: integer
-
fortinet.firewall.channel -
Wireless Channel
type: integer
-
fortinet.firewall.channeltype -
SSH channel type
type: keyword
-
fortinet.firewall.chassisid -
Chassis ID
type: integer
-
fortinet.firewall.checksum -
The checksum of the scanned file
type: keyword
-
fortinet.firewall.chgheaders -
HTTP Headers
type: keyword
-
fortinet.firewall.cldobjid -
Connector object ID
type: keyword
-
fortinet.firewall.client_addr -
Wifi client address
type: keyword
-
fortinet.firewall.cloudaction -
Cloud Action
type: keyword
-
fortinet.firewall.clouduser -
Cloud User
type: keyword
-
fortinet.firewall.column -
VOIP Column
type: integer
-
fortinet.firewall.command -
CLI Command
type: keyword
-
fortinet.firewall.community -
SNMP Community
type: keyword
-
fortinet.firewall.configcountry -
Configuration country
type: keyword
-
fortinet.firewall.connection_type -
FortiClient Connection Type
type: keyword
-
fortinet.firewall.conserve -
Flag for conserve mode
type: keyword
-
fortinet.firewall.constraint -
WAF http protocol restrictions
type: keyword
-
fortinet.firewall.contentdisarmed -
Email scanned content
type: keyword
-
fortinet.firewall.contenttype -
Content Type from HTTP header
type: keyword
-
fortinet.firewall.cookies -
VPN Cookie
type: keyword
-
fortinet.firewall.count -
Counts of action type
type: integer
-
fortinet.firewall.countapp -
Number of App Ctrl logs associated with the session
type: integer
-
fortinet.firewall.countav -
Number of AV logs associated with the session
type: integer
-
fortinet.firewall.countcifs -
Number of CIFS logs associated with the session
type: integer
-
fortinet.firewall.countdlp -
Number of DLP logs associated with the session
type: integer
-
fortinet.firewall.countdns -
Number of DNS logs associated with the session
type: integer
-
fortinet.firewall.countemail -
Number of email logs associated with the session
type: integer
-
fortinet.firewall.countff -
Number of ff logs associated with the session
type: integer
-
fortinet.firewall.countips -
Number of IPS logs associated with the session
type: integer
-
fortinet.firewall.countssh -
Number of SSH logs associated with the session
type: integer
-
fortinet.firewall.countssl -
Number of SSL logs associated with the session
type: integer
-
fortinet.firewall.countwaf -
Number of WAF logs associated with the session
type: integer
-
fortinet.firewall.countweb -
Number of Web filter logs associated with the session
type: integer
-
fortinet.firewall.cpu -
CPU Usage
type: integer
-
fortinet.firewall.craction -
Client Reputation Action
type: integer
-
fortinet.firewall.criticalcount -
Number of critical ratings
type: integer
-
fortinet.firewall.crl -
Client Reputation Level
type: keyword
-
fortinet.firewall.crlevel -
Client Reputation Level
type: keyword
-
fortinet.firewall.crscore -
Some description
type: integer
-
fortinet.firewall.cveid -
CVE ID
type: keyword
-
fortinet.firewall.daemon -
Daemon name
type: keyword
-
fortinet.firewall.datarange -
Data range for reports
type: keyword
-
fortinet.firewall.date -
Date
type: keyword
-
fortinet.firewall.ddnsserver -
DDNS server
type: ip
-
fortinet.firewall.desc -
Description
type: keyword
-
fortinet.firewall.detectionmethod -
Detection method
type: keyword
-
fortinet.firewall.devcategory -
Device category
type: keyword
-
fortinet.firewall.devintfname -
HA device Interface Name
type: keyword
-
fortinet.firewall.devtype -
Device type
type: keyword
-
fortinet.firewall.dhcp_msg -
DHCP Message
type: keyword
-
fortinet.firewall.dintf -
Destination interface
type: keyword
-
fortinet.firewall.disk -
Assosciated disk
type: keyword
-
fortinet.firewall.disklograte -
Disk logging rate
type: long
-
fortinet.firewall.dlpextra -
DLP extra information
type: keyword
-
fortinet.firewall.docsource -
DLP fingerprint document source
type: keyword
-
fortinet.firewall.domainctrlauthstate -
CIFS domain auth state
type: integer
-
fortinet.firewall.domainctrlauthtype -
CIFS domain auth type
type: integer
-
fortinet.firewall.domainctrldomain -
CIFS domain auth domain
type: keyword
-
fortinet.firewall.domainctrlip -
CIFS Domain IP
type: ip
-
fortinet.firewall.domainctrlname -
CIFS Domain name
type: keyword
-
fortinet.firewall.domainctrlprotocoltype -
CIFS Domain connection protocol
type: integer
-
fortinet.firewall.domainctrlusername -
CIFS Domain username
type: keyword
-
fortinet.firewall.domainfilteridx -
Domain filter ID
type: integer
-
fortinet.firewall.domainfilterlist -
Domain filter name
type: keyword
-
fortinet.firewall.ds -
Direction with distribution system
type: keyword
-
fortinet.firewall.dst_int -
Destination interface
type: keyword
-
fortinet.firewall.dstintfrole -
Destination interface role
type: keyword
-
fortinet.firewall.dstcountry -
Destination country
type: keyword
-
fortinet.firewall.dstdevcategory -
Destination device category
type: keyword
-
fortinet.firewall.dstdevtype -
Destination device type
type: keyword
-
fortinet.firewall.dstfamily -
Destination OS family
type: keyword
-
fortinet.firewall.dsthwvendor -
Destination HW vendor
type: keyword
-
fortinet.firewall.dsthwversion -
Destination HW version
type: keyword
-
fortinet.firewall.dstinetsvc -
Destination interface service
type: keyword
-
fortinet.firewall.dstosname -
Destination OS name
type: keyword
-
fortinet.firewall.dstosversion -
Destination OS version
type: keyword
-
fortinet.firewall.dstserver -
Destination server
type: integer
-
fortinet.firewall.dstssid -
Destination SSID
type: keyword
-
fortinet.firewall.dstswversion -
Destination software version
type: keyword
-
fortinet.firewall.dstunauthusersource -
Destination unauthenticated source
type: keyword
-
fortinet.firewall.dstuuid -
UUID of the Destination IP address
type: keyword
-
fortinet.firewall.duid -
DHCP UID
type: keyword
-
fortinet.firewall.eapolcnt -
EAPOL packet count
type: integer
-
fortinet.firewall.eapoltype -
EAPOL packet type
type: keyword
-
fortinet.firewall.encrypt -
Whether the packet is encrypted or not
type: integer
-
fortinet.firewall.encryption -
Encryption method
type: keyword
-
fortinet.firewall.epoch -
Epoch used for locating file
type: integer
-
fortinet.firewall.espauth -
ESP Authentication
type: keyword
-
fortinet.firewall.esptransform -
ESP Transform
type: keyword
-
fortinet.firewall.exch -
Mail Exchanges from DNS response answer section
type: keyword
-
fortinet.firewall.exchange -
Mail Exchanges from DNS response answer section
type: keyword
-
fortinet.firewall.expectedsignature -
Expected SSL signature
type: keyword
-
fortinet.firewall.expiry -
FortiGuard override expiry timestamp
type: keyword
-
fortinet.firewall.fams_pause -
Fortinet Analysis and Management Service Pause
type: integer
-
fortinet.firewall.fazlograte -
FortiAnalyzer Logging Rate
type: long
-
fortinet.firewall.fctemssn -
FortiClient Endpoint SSN
type: keyword
-
fortinet.firewall.fctuid -
FortiClient UID
type: keyword
-
fortinet.firewall.field -
NTP status field
type: keyword
-
fortinet.firewall.filefilter -
The filter used to identify the affected file
type: keyword
-
fortinet.firewall.filehashsrc -
Filehash source
type: keyword
-
fortinet.firewall.filtercat -
DLP filter category
type: keyword
-
fortinet.firewall.filteridx -
DLP filter ID
type: integer
-
fortinet.firewall.filtername -
DLP rule name
type: keyword
-
fortinet.firewall.filtertype -
DLP filter type
type: keyword
-
fortinet.firewall.fortiguardresp -
Antispam ESP value
type: keyword
-
fortinet.firewall.forwardedfor -
Email address forwarded
type: keyword
-
fortinet.firewall.fqdn -
FQDN
type: keyword
-
fortinet.firewall.frametype -
Wireless frametype
type: keyword
-
fortinet.firewall.freediskstorage -
Free disk integer
type: integer
-
fortinet.firewall.from -
From email address
type: keyword
-
fortinet.firewall.from_vcluster -
Source virtual cluster number
type: integer
-
fortinet.firewall.fsaverdict -
FSA verdict
type: keyword
-
fortinet.firewall.fwserver_name -
Web proxy server name
type: keyword
-
fortinet.firewall.gateway -
Gateway ip address for PPPoE status report
type: ip
-
fortinet.firewall.green -
Memory status
type: keyword
-
fortinet.firewall.groupid -
User Group ID
type: integer
-
fortinet.firewall.ha-prio -
HA Priority
type: integer
-
fortinet.firewall.ha_group -
HA Group
type: keyword
-
fortinet.firewall.ha_role -
HA Role
type: keyword
-
fortinet.firewall.handshake -
SSL Handshake
type: keyword
-
fortinet.firewall.hash -
Hash value of downloaded file
type: keyword
-
fortinet.firewall.hbdn_reason -
Heartbeat down reason
type: keyword
-
fortinet.firewall.highcount -
Highcount fabric summary
type: integer
-
fortinet.firewall.host -
Hostname
type: keyword
-
fortinet.firewall.iaid -
DHCPv6 id
type: keyword
-
fortinet.firewall.icmpcode -
Destination Port of the ICMP message
type: keyword
-
fortinet.firewall.icmpid -
Source port of the ICMP message
type: keyword
-
fortinet.firewall.icmptype -
The type of ICMP message
type: keyword
-
fortinet.firewall.identifier -
Network traffic identifier
type: integer
-
fortinet.firewall.in_spi -
IPSEC inbound SPI
type: keyword
-
fortinet.firewall.incidentserialno -
Incident serial number
type: integer
-
fortinet.firewall.infected -
Infected MMS
type: integer
-
fortinet.firewall.infectedfilelevel -
DLP infected file level
type: integer
-
fortinet.firewall.informationsource -
Information source
type: keyword
-
fortinet.firewall.init -
IPSEC init stage
type: keyword
-
fortinet.firewall.initiator -
Original login user name for Fortiguard override
type: keyword
-
fortinet.firewall.interface -
Related interface
type: keyword
-
fortinet.firewall.intf -
Related interface
type: keyword
-
fortinet.firewall.invalidmac -
The MAC address with invalid OUI
type: keyword
-
fortinet.firewall.ip -
Related IP
type: ip
-
fortinet.firewall.iptype -
Related IP type
type: keyword
-
fortinet.firewall.keyword -
Keyword used for search
type: keyword
-
fortinet.firewall.kind -
VOIP kind
type: keyword
-
fortinet.firewall.lanin -
LAN incoming traffic in bytes
type: long
-
fortinet.firewall.lanout -
LAN outbound traffic in bytes
type: long
-
fortinet.firewall.lease -
DHCP lease
type: integer
-
fortinet.firewall.license_limit -
Maximum Number of FortiClients for the License
type: keyword
-
fortinet.firewall.limit -
Virtual Domain Resource Limit
type: integer
-
fortinet.firewall.line -
VOIP line
type: keyword
-
fortinet.firewall.live -
Time in seconds
type: integer
-
fortinet.firewall.local -
Local IP for a PPPD Connection
type: ip
-
fortinet.firewall.log -
Log message
type: keyword
-
fortinet.firewall.login -
SSH login
type: keyword
-
fortinet.firewall.lowcount -
Fabric lowcount
type: integer
-
fortinet.firewall.mac -
DHCP mac address
type: keyword
-
fortinet.firewall.malform_data -
VOIP malformed data
type: integer
-
fortinet.firewall.malform_desc -
VOIP malformed data description
type: keyword
-
fortinet.firewall.manuf -
Manufacturer name
type: keyword
-
fortinet.firewall.masterdstmac -
Master mac address for a host with multiple network interfaces
type: keyword
-
fortinet.firewall.mastersrcmac -
The master MAC address for a host that has multiple network interfaces
type: keyword
-
fortinet.firewall.mediumcount -
Fabric medium count
type: integer
-
fortinet.firewall.mem -
Memory usage system statistics
type: keyword
-
fortinet.firewall.meshmode -
Wireless mesh mode
type: keyword
-
fortinet.firewall.message_type -
VOIP message type
type: keyword
-
fortinet.firewall.method -
HTTP method
type: keyword
-
fortinet.firewall.mgmtcnt -
The number of unauthorized client flooding managemet frames
type: integer
-
fortinet.firewall.mode -
IPSEC mode
type: keyword
-
fortinet.firewall.module -
PCI-DSS module
type: keyword
-
fortinet.firewall.monitor-name -
Health Monitor Name
type: keyword
-
fortinet.firewall.monitor-type -
Health Monitor Type
type: keyword
-
fortinet.firewall.mpsk -
Wireless MPSK
type: keyword
-
fortinet.firewall.msgproto -
Message Protocol Number
type: keyword
-
fortinet.firewall.mtu -
Max Transmission Unit Value
type: integer
-
fortinet.firewall.name -
Name
type: keyword
-
fortinet.firewall.nat -
NAT IP Address
type: keyword
-
fortinet.firewall.netid -
Connector NetID
type: keyword
-
fortinet.firewall.new_status -
New status on user change
type: keyword
-
fortinet.firewall.new_value -
New Virtual Domain Name
type: keyword
-
fortinet.firewall.newchannel -
New Channel Number
type: integer
-
fortinet.firewall.newchassisid -
New Chassis ID
type: integer
-
fortinet.firewall.newslot -
New Slot Number
type: integer
-
fortinet.firewall.nextstat -
Time interval in seconds for the next statistics.
type: integer
-
fortinet.firewall.nf_type -
Notification Type
type: keyword
-
fortinet.firewall.noise -
Wifi Noise
type: integer
-
fortinet.firewall.old_status -
Original Status
type: keyword
-
fortinet.firewall.old_value -
Original Virtual Domain name
type: keyword
-
fortinet.firewall.oldchannel -
Original channel
type: integer
-
fortinet.firewall.oldchassisid -
Original Chassis Number
type: integer
-
fortinet.firewall.oldslot -
Original Slot Number
type: integer
-
fortinet.firewall.oldsn -
Old Serial number
type: keyword
-
fortinet.firewall.oldwprof -
Old Web Filter Profile
type: keyword
-
fortinet.firewall.onwire -
A flag to indicate if the AP is onwire or not
type: keyword
-
fortinet.firewall.opercountry -
Operating Country
type: keyword
-
fortinet.firewall.opertxpower -
Operating TX power
type: integer
-
fortinet.firewall.osname -
Operating System name
type: keyword
-
fortinet.firewall.osversion -
Operating System version
type: keyword
-
fortinet.firewall.out_spi -
Out SPI
type: keyword
-
fortinet.firewall.outintf -
Out interface
type: keyword
-
fortinet.firewall.passedcount -
Fabric passed count
type: integer
-
fortinet.firewall.passwd -
Changed user password information
type: keyword
-
fortinet.firewall.path -
Path of looped configuration for security fabric
type: keyword
-
fortinet.firewall.peer -
WAN optimization peer
type: keyword
-
fortinet.firewall.peer_notif -
VPN peer notification
type: keyword
-
fortinet.firewall.phase2_name -
VPN phase2 name
type: keyword
-
fortinet.firewall.phone -
VOIP Phone
type: keyword
-
fortinet.firewall.pid -
Process ID
type: integer
-
fortinet.firewall.policytype -
Policy Type
type: keyword
-
fortinet.firewall.poolname -
IP Pool name
type: keyword
-
fortinet.firewall.port -
Log upload error port
type: integer
-
fortinet.firewall.portbegin -
IP Pool port number to begin
type: integer
-
fortinet.firewall.portend -
IP Pool port number to end
type: integer
-
fortinet.firewall.probeproto -
Link Monitor Probe Protocol
type: keyword
-
fortinet.firewall.process -
URL Filter process
type: keyword
-
fortinet.firewall.processtime -
Process time for reports
type: integer
-
fortinet.firewall.profile -
Profile Name
type: keyword
-
fortinet.firewall.profile_vd -
Virtual Domain Name
type: keyword
-
fortinet.firewall.profilegroup -
Profile Group Name
type: keyword
-
fortinet.firewall.profiletype -
Profile Type
type: keyword
-
fortinet.firewall.qtypeval -
DNS question type value
type: integer
-
fortinet.firewall.quarskip -
Quarantine skip explanation
type: keyword
-
fortinet.firewall.quotaexceeded -
If quota has been exceeded
type: keyword
-
fortinet.firewall.quotamax -
Maximum quota allowed - in seconds if time-based - in bytes if traffic-based
type: long
-
fortinet.firewall.quotatype -
Quota type
type: keyword
-
fortinet.firewall.quotaused -
Quota used - in seconds if time-based - in bytes if trafficbased)
type: long
-
fortinet.firewall.radioband -
Radio band
type: keyword
-
fortinet.firewall.radioid -
Radio ID
type: integer
-
fortinet.firewall.radioidclosest -
Radio ID on the AP closest the rogue AP
type: integer
-
fortinet.firewall.radioiddetected -
Radio ID on the AP which detected the rogue AP
type: integer
-
fortinet.firewall.rate -
Wireless rogue rate value
type: keyword
-
fortinet.firewall.rawdata -
Raw data value
type: keyword
-
fortinet.firewall.rawdataid -
Raw data ID
type: keyword
-
fortinet.firewall.rcvddelta -
Received bytes delta
type: keyword
-
fortinet.firewall.reason -
Alert reason
type: keyword
-
fortinet.firewall.received -
Server key exchange received
type: integer
-
fortinet.firewall.receivedsignature -
Server key exchange received signature
type: keyword
-
fortinet.firewall.red -
Memory information in red
type: keyword
-
fortinet.firewall.referralurl -
Web filter referralurl
type: keyword
-
fortinet.firewall.remote -
Remote PPP IP address
type: ip
-
fortinet.firewall.remotewtptime -
Remote Wifi Radius authentication time
type: keyword
-
fortinet.firewall.reporttype -
Report type
type: keyword
-
fortinet.firewall.reqtype -
Request type
type: keyword
-
fortinet.firewall.request_name -
VOIP request name
type: keyword
-
fortinet.firewall.result -
VPN phase result
type: keyword
-
fortinet.firewall.role -
VPN Phase 2 role
type: keyword
-
fortinet.firewall.rssi -
Received signal strength indicator
type: integer
-
fortinet.firewall.rsso_key -
RADIUS SSO attribute value
type: keyword
-
fortinet.firewall.ruledata -
Rule data
type: keyword
-
fortinet.firewall.ruletype -
Rule type
type: keyword
-
fortinet.firewall.scanned -
Number of Scanned MMSs
type: integer
-
fortinet.firewall.scantime -
Scanned time
type: long
-
fortinet.firewall.scope -
FortiGuard Override Scope
type: keyword
-
fortinet.firewall.security -
Wireless rogue security
type: keyword
-
fortinet.firewall.sensitivity -
Sensitivity for document fingerprint
type: keyword
-
fortinet.firewall.sensor -
NAC Sensor Name
type: keyword
-
fortinet.firewall.sentdelta -
Sent bytes delta
type: keyword
-
fortinet.firewall.seq -
Sequence number
type: keyword
-
fortinet.firewall.serial -
WAN optimisation serial
type: keyword
-
fortinet.firewall.serialno -
Serial number
type: keyword
-
fortinet.firewall.server -
AD server FQDN or IP
type: keyword
-
fortinet.firewall.session_id -
Session ID
type: keyword
-
fortinet.firewall.sessionid -
WAD Session ID
type: integer
-
fortinet.firewall.setuprate -
Session Setup Rate
type: long
-
fortinet.firewall.severity -
Severity
type: keyword
-
fortinet.firewall.shaperdroprcvdbyte -
Received bytes dropped by shaper
type: integer
-
fortinet.firewall.shaperdropsentbyte -
Sent bytes dropped by shaper
type: integer
-
fortinet.firewall.shaperperipdropbyte -
Dropped bytes per IP by shaper
type: integer
-
fortinet.firewall.shaperperipname -
Traffic shaper name (per IP)
type: keyword
-
fortinet.firewall.shaperrcvdname -
Traffic shaper name for received traffic
type: keyword
-
fortinet.firewall.shapersentname -
Traffic shaper name for sent traffic
type: keyword
-
fortinet.firewall.shapingpolicyid -
Traffic shaper policy ID
type: integer
-
fortinet.firewall.signal -
Wireless rogue API signal
type: integer
-
fortinet.firewall.size -
Email size in bytes
type: long
-
fortinet.firewall.slot -
Slot number
type: integer
-
fortinet.firewall.sn -
Security fabric serial number
type: keyword
-
fortinet.firewall.snclosest -
SN of the AP closest to the rogue AP
type: keyword
-
fortinet.firewall.sndetected -
SN of the AP which detected the rogue AP
type: keyword
-
fortinet.firewall.snmeshparent -
SN of the mesh parent
type: keyword
-
fortinet.firewall.spi -
IPSEC SPI
type: keyword
-
fortinet.firewall.src_int -
Source interface
type: keyword
-
fortinet.firewall.srcintfrole -
Source interface role
type: keyword
-
fortinet.firewall.srccountry -
Source country
type: keyword
-
fortinet.firewall.srcfamily -
Source family
type: keyword
-
fortinet.firewall.srchwvendor -
Source hardware vendor
type: keyword
-
fortinet.firewall.srchwversion -
Source hardware version
type: keyword
-
fortinet.firewall.srcinetsvc -
Source interface service
type: keyword
-
fortinet.firewall.srcname -
Source name
type: keyword
-
fortinet.firewall.srcserver -
Source server
type: integer
-
fortinet.firewall.srcssid -
Source SSID
type: keyword
-
fortinet.firewall.srcswversion -
Source software version
type: keyword
-
fortinet.firewall.srcuuid -
Source UUID
type: keyword
-
fortinet.firewall.sscname -
SSC name
type: keyword
-
fortinet.firewall.ssid -
Base Service Set ID
type: keyword
-
fortinet.firewall.sslaction -
SSL Action
type: keyword
-
fortinet.firewall.ssllocal -
WAD SSL local
type: keyword
-
fortinet.firewall.sslremote -
WAD SSL remote
type: keyword
-
fortinet.firewall.stacount -
Number of stations/clients
type: integer
-
fortinet.firewall.stage -
IPSEC stage
type: keyword
-
fortinet.firewall.stamac -
802.1x station mac
type: keyword
-
fortinet.firewall.state -
Admin login state
type: keyword
-
fortinet.firewall.status -
Status
type: keyword
-
fortinet.firewall.stitch -
Automation stitch triggered
type: keyword
-
fortinet.firewall.subject -
Email subject
type: keyword
-
fortinet.firewall.submodule -
Configuration Sub-Module Name
type: keyword
-
fortinet.firewall.subservice -
AV subservice
type: keyword
-
fortinet.firewall.subtype -
Log subtype
type: keyword
-
fortinet.firewall.suspicious -
Number of Suspicious MMSs
type: integer
-
fortinet.firewall.switchproto -
Protocol change information
type: keyword
-
fortinet.firewall.sync_status -
The sync status with the master
type: keyword
-
fortinet.firewall.sync_type -
The sync type with the master
type: keyword
-
fortinet.firewall.sysuptime -
System uptime
type: keyword
-
fortinet.firewall.tamac -
the MAC address of Transmitter, if none, then Receiver
type: keyword
-
fortinet.firewall.threattype -
WIDS threat type
type: keyword
-
fortinet.firewall.time -
Time of the event
type: keyword
-
fortinet.firewall.to -
Email to field
type: keyword
-
fortinet.firewall.to_vcluster -
destination virtual cluster number
type: integer
-
fortinet.firewall.total -
Total memory
type: integer
-
fortinet.firewall.totalsession -
Total Number of Sessions
type: integer
-
fortinet.firewall.trace_id -
Session clash trace ID
type: keyword
-
fortinet.firewall.trandisp -
NAT translation type
type: keyword
-
fortinet.firewall.transid -
HTTP transaction ID
type: integer
-
fortinet.firewall.translationid -
DNS filter transaltion ID
type: keyword
-
fortinet.firewall.trigger -
Automation stitch trigger
type: keyword
-
fortinet.firewall.trueclntip -
File filter true client IP
type: ip
-
fortinet.firewall.tunnelid -
IPSEC tunnel ID
type: integer
-
fortinet.firewall.tunnelip -
IPSEC tunnel IP
type: ip
-
fortinet.firewall.tunneltype -
IPSEC tunnel type
type: keyword
-
fortinet.firewall.type -
Module type
type: keyword
-
fortinet.firewall.ui -
Admin authentication UI type
type: keyword
-
fortinet.firewall.unauthusersource -
Unauthenticated user source
type: keyword
-
fortinet.firewall.unit -
Power supply unit
type: integer
-
fortinet.firewall.urlfilteridx -
URL filter ID
type: integer
-
fortinet.firewall.urlfilterlist -
URL filter list
type: keyword
-
fortinet.firewall.urlsource -
URL filter source
type: keyword
-
fortinet.firewall.urltype -
URL filter type
type: keyword
-
fortinet.firewall.used -
Number of Used IPs
type: integer
-
fortinet.firewall.used_for_type -
Connection for the type
type: integer
-
fortinet.firewall.utmaction -
Security action performed by UTM
type: keyword
-
fortinet.firewall.vap -
Virtual AP
type: keyword
-
fortinet.firewall.vapmode -
Virtual AP mode
type: keyword
-
fortinet.firewall.vcluster -
virtual cluster id
type: integer
-
fortinet.firewall.vcluster_member -
Virtual cluster member
type: integer
-
fortinet.firewall.vcluster_state -
Virtual cluster state
type: keyword
-
fortinet.firewall.vd -
Virtual Domain Name
type: keyword
-
fortinet.firewall.vdname -
Virtual Domain Name
type: keyword
-
fortinet.firewall.vendorurl -
Vulnerability scan vendor name
type: keyword
-
fortinet.firewall.version -
Version
type: keyword
-
fortinet.firewall.vip -
Virtual IP
type: keyword
-
fortinet.firewall.virus -
Virus name
type: keyword
-
fortinet.firewall.virusid -
Virus ID (unique virus identifier)
type: integer
-
fortinet.firewall.voip_proto -
VOIP protocol
type: keyword
-
fortinet.firewall.vpn -
VPN description
type: keyword
-
fortinet.firewall.vpntunnel -
IPsec Vpn Tunnel Name
type: keyword
-
fortinet.firewall.vpntype -
The type of the VPN tunnel
type: keyword
-
fortinet.firewall.vrf -
VRF number
type: integer
-
fortinet.firewall.vulncat -
Vulnerability Category
type: keyword
-
fortinet.firewall.vulnid -
Vulnerability ID
type: integer
-
fortinet.firewall.vulnname -
Vulnerability name
type: keyword
-
fortinet.firewall.vwlid -
VWL ID
type: integer
-
fortinet.firewall.vwlquality -
VWL quality
type: keyword
-
fortinet.firewall.vwlservice -
VWL service
type: keyword
-
fortinet.firewall.vwpvlanid -
VWP VLAN ID
type: integer
-
fortinet.firewall.wanin -
WAN incoming traffic in bytes
type: long
-
fortinet.firewall.wanoptapptype -
WAN Optimization Application type
type: keyword
-
fortinet.firewall.wanout -
WAN outgoing traffic in bytes
type: long
-
fortinet.firewall.weakwepiv -
Weak Wep Initiation Vector
type: keyword
-
fortinet.firewall.xauthgroup -
XAuth Group Name
type: keyword
-
fortinet.firewall.xauthuser -
XAuth User Name
type: keyword
-
fortinet.firewall.xid -
Wireless X ID
type: integer