Fortinet fields
Stack
fortinet Module
Fields from fortinet FortiOS
fortinet.file.hash.crc32-
CRC32 Hash of file
type: keyword
Stack
Module for parsing Fortinet syslog.
fortinet.firewall.acct_stat-
Accounting state (RADIUS)
type: keyword
fortinet.firewall.acktime-
Alarm Acknowledge Time
type: keyword
fortinet.firewall.act-
Action
type: keyword
fortinet.firewall.action-
Status of the session
type: keyword
fortinet.firewall.activity-
HA activity message
type: keyword
fortinet.firewall.addr-
IP Address
type: ip
fortinet.firewall.addr_type-
Address Type
type: keyword
fortinet.firewall.addrgrp-
Address Group
type: keyword
fortinet.firewall.adgroup-
AD Group Name
type: keyword
fortinet.firewall.admin-
Admin User
type: keyword
fortinet.firewall.age-
Time in seconds - time passed since last seen
type: integer
fortinet.firewall.agent-
User agent - eg. agent="Mozilla/5.0"
type: keyword
fortinet.firewall.alarmid-
Alarm ID
type: integer
fortinet.firewall.alert-
Alert
type: keyword
fortinet.firewall.analyticscksum-
The checksum of the file submitted for analytics
type: keyword
fortinet.firewall.analyticssubmit-
The flag for analytics submission
type: keyword
fortinet.firewall.ap-
Access Point
type: keyword
fortinet.firewall.app-type-
Address Type
type: keyword
fortinet.firewall.appact-
The security action from app control
type: keyword
fortinet.firewall.appid-
Application ID
type: integer
fortinet.firewall.applist-
Application Control profile
type: keyword
fortinet.firewall.apprisk-
Application Risk Level
type: keyword
fortinet.firewall.apscan-
The name of the AP, which scanned and detected the rogue AP
type: keyword
fortinet.firewall.apsn-
Access Point
type: keyword
fortinet.firewall.apstatus-
Access Point status
type: keyword
fortinet.firewall.aptype-
Access Point type
type: keyword
fortinet.firewall.assigned-
Assigned IP Address
type: ip
fortinet.firewall.assignip-
Assigned IP Address
type: ip
fortinet.firewall.attachment-
The flag for email attachement
type: keyword
fortinet.firewall.attack-
Attack Name
type: keyword
fortinet.firewall.attackcontext-
The trigger patterns and the packetdata with base64 encoding
type: keyword
fortinet.firewall.attackcontextid-
Attack context id / total
type: keyword
fortinet.firewall.attackid-
Attack ID
type: integer
fortinet.firewall.auditid-
Audit ID
type: long
fortinet.firewall.auditscore-
The Audit Score
type: keyword
fortinet.firewall.audittime-
The time of the audit
type: long
fortinet.firewall.authgrp-
Authorization Group
type: keyword
fortinet.firewall.authid-
Authentication ID
type: keyword
fortinet.firewall.authproto-
The protocol that initiated the authentication
type: keyword
fortinet.firewall.authserver-
Authentication server
type: keyword
fortinet.firewall.bandwidth-
Bandwidth
type: keyword
fortinet.firewall.banned_rule-
NAC quarantine Banned Rule Name
type: keyword
fortinet.firewall.banned_src-
NAC quarantine Banned Source IP
type: keyword
fortinet.firewall.banword-
Banned word
type: keyword
fortinet.firewall.botnetdomain-
Botnet Domain Name
type: keyword
fortinet.firewall.botnetip-
Botnet IP Address
type: ip
fortinet.firewall.bssid-
Service Set ID
type: keyword
fortinet.firewall.call_id-
Caller ID
type: keyword
fortinet.firewall.carrier_ep-
The FortiOS Carrier end-point identification
type: keyword
fortinet.firewall.cat-
DNS category ID
type: integer
fortinet.firewall.category-
Authentication category
type: keyword
fortinet.firewall.cc-
CC Email Address
type: keyword
fortinet.firewall.cdrcontent-
Cdrcontent
type: keyword
fortinet.firewall.centralnatid-
Central NAT ID
type: integer
fortinet.firewall.cert-
Certificate
type: keyword
fortinet.firewall.cert-type-
Certificate type
type: keyword
fortinet.firewall.certhash-
Certificate hash
type: keyword
fortinet.firewall.cfgattr-
Configuration attribute
type: keyword
fortinet.firewall.cfgobj-
Configuration object
type: keyword
fortinet.firewall.cfgpath-
Configuration path
type: keyword
fortinet.firewall.cfgtid-
Configuration transaction ID
type: keyword
fortinet.firewall.cfgtxpower-
Configuration TX power
type: integer
fortinet.firewall.channel-
Wireless Channel
type: integer
fortinet.firewall.channeltype-
SSH channel type
type: keyword
fortinet.firewall.chassisid-
Chassis ID
type: integer
fortinet.firewall.checksum-
The checksum of the scanned file
type: keyword
fortinet.firewall.chgheaders-
HTTP Headers
type: keyword
fortinet.firewall.cldobjid-
Connector object ID
type: keyword
fortinet.firewall.client_addr-
Wifi client address
type: keyword
fortinet.firewall.cloudaction-
Cloud Action
type: keyword
fortinet.firewall.clouduser-
Cloud User
type: keyword
fortinet.firewall.column-
VOIP Column
type: integer
fortinet.firewall.command-
CLI Command
type: keyword
fortinet.firewall.community-
SNMP Community
type: keyword
fortinet.firewall.configcountry-
Configuration country
type: keyword
fortinet.firewall.connection_type-
FortiClient Connection Type
type: keyword
fortinet.firewall.conserve-
Flag for conserve mode
type: keyword
fortinet.firewall.constraint-
WAF http protocol restrictions
type: keyword
fortinet.firewall.contentdisarmed-
Email scanned content
type: keyword
fortinet.firewall.contenttype-
Content Type from HTTP header
type: keyword
fortinet.firewall.cookies-
VPN Cookie
type: keyword
fortinet.firewall.count-
Counts of action type
type: integer
fortinet.firewall.countapp-
Number of App Ctrl logs associated with the session
type: integer
fortinet.firewall.countav-
Number of AV logs associated with the session
type: integer
fortinet.firewall.countcifs-
Number of CIFS logs associated with the session
type: integer
fortinet.firewall.countdlp-
Number of DLP logs associated with the session
type: integer
fortinet.firewall.countdns-
Number of DNS logs associated with the session
type: integer
fortinet.firewall.countemail-
Number of email logs associated with the session
type: integer
fortinet.firewall.countff-
Number of ff logs associated with the session
type: integer
fortinet.firewall.countips-
Number of IPS logs associated with the session
type: integer
fortinet.firewall.countssh-
Number of SSH logs associated with the session
type: integer
fortinet.firewall.countssl-
Number of SSL logs associated with the session
type: integer
fortinet.firewall.countwaf-
Number of WAF logs associated with the session
type: integer
fortinet.firewall.countweb-
Number of Web filter logs associated with the session
type: integer
fortinet.firewall.cpu-
CPU Usage
type: integer
fortinet.firewall.craction-
Client Reputation Action
type: integer
fortinet.firewall.criticalcount-
Number of critical ratings
type: integer
fortinet.firewall.crl-
Client Reputation Level
type: keyword
fortinet.firewall.crlevel-
Client Reputation Level
type: keyword
fortinet.firewall.crscore-
Some description
type: integer
fortinet.firewall.cveid-
CVE ID
type: keyword
fortinet.firewall.daemon-
Daemon name
type: keyword
fortinet.firewall.datarange-
Data range for reports
type: keyword
fortinet.firewall.date-
Date
type: keyword
fortinet.firewall.ddnsserver-
DDNS server
type: ip
fortinet.firewall.desc-
Description
type: keyword
fortinet.firewall.detectionmethod-
Detection method
type: keyword
fortinet.firewall.devcategory-
Device category
type: keyword
fortinet.firewall.devintfname-
HA device Interface Name
type: keyword
fortinet.firewall.devtype-
Device type
type: keyword
fortinet.firewall.dhcp_msg-
DHCP Message
type: keyword
fortinet.firewall.dintf-
Destination interface
type: keyword
fortinet.firewall.disk-
Assosciated disk
type: keyword
fortinet.firewall.disklograte-
Disk logging rate
type: long
fortinet.firewall.dlpextra-
DLP extra information
type: keyword
fortinet.firewall.docsource-
DLP fingerprint document source
type: keyword
fortinet.firewall.domainctrlauthstate-
CIFS domain auth state
type: integer
fortinet.firewall.domainctrlauthtype-
CIFS domain auth type
type: integer
fortinet.firewall.domainctrldomain-
CIFS domain auth domain
type: keyword
fortinet.firewall.domainctrlip-
CIFS Domain IP
type: ip
fortinet.firewall.domainctrlname-
CIFS Domain name
type: keyword
fortinet.firewall.domainctrlprotocoltype-
CIFS Domain connection protocol
type: integer
fortinet.firewall.domainctrlusername-
CIFS Domain username
type: keyword
fortinet.firewall.domainfilteridx-
Domain filter ID
type: integer
fortinet.firewall.domainfilterlist-
Domain filter name
type: keyword
fortinet.firewall.ds-
Direction with distribution system
type: keyword
fortinet.firewall.dst_int-
Destination interface
type: keyword
fortinet.firewall.dstintfrole-
Destination interface role
type: keyword
fortinet.firewall.dstcountry-
Destination country
type: keyword
fortinet.firewall.dstdevcategory-
Destination device category
type: keyword
fortinet.firewall.dstdevtype-
Destination device type
type: keyword
fortinet.firewall.dstfamily-
Destination OS family
type: keyword
fortinet.firewall.dsthwvendor-
Destination HW vendor
type: keyword
fortinet.firewall.dsthwversion-
Destination HW version
type: keyword
fortinet.firewall.dstinetsvc-
Destination interface service
type: keyword
fortinet.firewall.dstosname-
Destination OS name
type: keyword
fortinet.firewall.dstosversion-
Destination OS version
type: keyword
fortinet.firewall.dstserver-
Destination server
type: integer
fortinet.firewall.dstssid-
Destination SSID
type: keyword
fortinet.firewall.dstswversion-
Destination software version
type: keyword
fortinet.firewall.dstunauthusersource-
Destination unauthenticated source
type: keyword
fortinet.firewall.dstuuid-
UUID of the Destination IP address
type: keyword
fortinet.firewall.duid-
DHCP UID
type: keyword
fortinet.firewall.eapolcnt-
EAPOL packet count
type: integer
fortinet.firewall.eapoltype-
EAPOL packet type
type: keyword
fortinet.firewall.encrypt-
Whether the packet is encrypted or not
type: integer
fortinet.firewall.encryption-
Encryption method
type: keyword
fortinet.firewall.epoch-
Epoch used for locating file
type: integer
fortinet.firewall.espauth-
ESP Authentication
type: keyword
fortinet.firewall.esptransform-
ESP Transform
type: keyword
fortinet.firewall.eventtype-
UTM Event Type
type: keyword
fortinet.firewall.exch-
Mail Exchanges from DNS response answer section
type: keyword
fortinet.firewall.exchange-
Mail Exchanges from DNS response answer section
type: keyword
fortinet.firewall.expectedsignature-
Expected SSL signature
type: keyword
fortinet.firewall.expiry-
FortiGuard override expiry timestamp
type: keyword
fortinet.firewall.fams_pause-
Fortinet Analysis and Management Service Pause
type: integer
fortinet.firewall.fazlograte-
FortiAnalyzer Logging Rate
type: long
fortinet.firewall.fctemssn-
FortiClient Endpoint SSN
type: keyword
fortinet.firewall.fctuid-
FortiClient UID
type: keyword
fortinet.firewall.field-
NTP status field
type: keyword
fortinet.firewall.filefilter-
The filter used to identify the affected file
type: keyword
fortinet.firewall.filehashsrc-
Filehash source
type: keyword
fortinet.firewall.filtercat-
DLP filter category
type: keyword
fortinet.firewall.filteridx-
DLP filter ID
type: integer
fortinet.firewall.filtername-
DLP rule name
type: keyword
fortinet.firewall.filtertype-
DLP filter type
type: keyword
fortinet.firewall.fortiguardresp-
Antispam ESP value
type: keyword
fortinet.firewall.forwardedfor-
Email address forwarded
type: keyword
fortinet.firewall.fqdn-
FQDN
type: keyword
fortinet.firewall.frametype-
Wireless frametype
type: keyword
fortinet.firewall.freediskstorage-
Free disk integer
type: integer
fortinet.firewall.from-
From email address
type: keyword
fortinet.firewall.from_vcluster-
Source virtual cluster number
type: integer
fortinet.firewall.fsaverdict-
FSA verdict
type: keyword
fortinet.firewall.fwserver_name-
Web proxy server name
type: keyword
fortinet.firewall.gateway-
Gateway ip address for PPPoE status report
type: ip
fortinet.firewall.green-
Memory status
type: keyword
fortinet.firewall.groupid-
User Group ID
type: integer
fortinet.firewall.ha-prio-
HA Priority
type: integer
fortinet.firewall.ha_group-
HA Group
type: keyword
fortinet.firewall.ha_role-
HA Role
type: keyword
fortinet.firewall.handshake-
SSL Handshake
type: keyword
fortinet.firewall.hash-
Hash value of downloaded file
type: keyword
fortinet.firewall.hbdn_reason-
Heartbeat down reason
type: keyword
fortinet.firewall.highcount-
Highcount fabric summary
type: integer
fortinet.firewall.host-
Hostname
type: keyword
fortinet.firewall.iaid-
DHCPv6 id
type: keyword
fortinet.firewall.icmpcode-
Destination Port of the ICMP message
type: keyword
fortinet.firewall.icmpid-
Source port of the ICMP message
type: keyword
fortinet.firewall.icmptype-
The type of ICMP message
type: keyword
fortinet.firewall.identifier-
Network traffic identifier
type: integer
fortinet.firewall.in_spi-
IPSEC inbound SPI
type: keyword
fortinet.firewall.incidentserialno-
Incident serial number
type: integer
fortinet.firewall.infected-
Infected MMS
type: integer
fortinet.firewall.infectedfilelevel-
DLP infected file level
type: integer
fortinet.firewall.informationsource-
Information source
type: keyword
fortinet.firewall.init-
IPSEC init stage
type: keyword
fortinet.firewall.initiator-
Original login user name for Fortiguard override
type: keyword
fortinet.firewall.interface-
Related interface
type: keyword
fortinet.firewall.intf-
Related interface
type: keyword
fortinet.firewall.invalidmac-
The MAC address with invalid OUI
type: keyword
fortinet.firewall.ip-
Related IP
type: ip
fortinet.firewall.iptype-
Related IP type
type: keyword
fortinet.firewall.keyword-
Keyword used for search
type: keyword
fortinet.firewall.kind-
VOIP kind
type: keyword
fortinet.firewall.lanin-
LAN incoming traffic in bytes
type: long
fortinet.firewall.lanout-
LAN outbound traffic in bytes
type: long
fortinet.firewall.lease-
DHCP lease
type: integer
fortinet.firewall.license_limit-
Maximum Number of FortiClients for the License
type: keyword
fortinet.firewall.limit-
Virtual Domain Resource Limit
type: integer
fortinet.firewall.line-
VOIP line
type: keyword
fortinet.firewall.live-
Time in seconds
type: integer
fortinet.firewall.local-
Local IP for a PPPD Connection
type: ip
fortinet.firewall.log-
Log message
type: keyword
fortinet.firewall.login-
SSH login
type: keyword
fortinet.firewall.lowcount-
Fabric lowcount
type: integer
fortinet.firewall.mac-
DHCP mac address
type: keyword
fortinet.firewall.malform_data-
VOIP malformed data
type: integer
fortinet.firewall.malform_desc-
VOIP malformed data description
type: keyword
fortinet.firewall.manuf-
Manufacturer name
type: keyword
fortinet.firewall.masterdstmac-
Master mac address for a host with multiple network interfaces
type: keyword
fortinet.firewall.mastersrcmac-
The master MAC address for a host that has multiple network interfaces
type: keyword
fortinet.firewall.mediumcount-
Fabric medium count
type: integer
fortinet.firewall.mem-
Memory usage system statistics
type: integer
fortinet.firewall.meshmode-
Wireless mesh mode
type: keyword
fortinet.firewall.message_type-
VOIP message type
type: keyword
fortinet.firewall.method-
HTTP method
type: keyword
fortinet.firewall.mgmtcnt-
The number of unauthorized client flooding managemet frames
type: integer
fortinet.firewall.mode-
IPSEC mode
type: keyword
fortinet.firewall.module-
PCI-DSS module
type: keyword
fortinet.firewall.monitor-name-
Health Monitor Name
type: keyword
fortinet.firewall.monitor-type-
Health Monitor Type
type: keyword
fortinet.firewall.mpsk-
Wireless MPSK
type: keyword
fortinet.firewall.msgproto-
Message Protocol Number
type: keyword
fortinet.firewall.mtu-
Max Transmission Unit Value
type: integer
fortinet.firewall.name-
Name
type: keyword
fortinet.firewall.nat-
NAT IP Address
type: keyword
fortinet.firewall.netid-
Connector NetID
type: keyword
fortinet.firewall.new_status-
New status on user change
type: keyword
fortinet.firewall.new_value-
New Virtual Domain Name
type: keyword
fortinet.firewall.newchannel-
New Channel Number
type: integer
fortinet.firewall.newchassisid-
New Chassis ID
type: integer
fortinet.firewall.newslot-
New Slot Number
type: integer
fortinet.firewall.nextstat-
Time interval in seconds for the next statistics.
type: integer
fortinet.firewall.nf_type-
Notification Type
type: keyword
fortinet.firewall.noise-
Wifi Noise
type: integer
fortinet.firewall.old_status-
Original Status
type: keyword
fortinet.firewall.old_value-
Original Virtual Domain name
type: keyword
fortinet.firewall.oldchannel-
Original channel
type: integer
fortinet.firewall.oldchassisid-
Original Chassis Number
type: integer
fortinet.firewall.oldslot-
Original Slot Number
type: integer
fortinet.firewall.oldsn-
Old Serial number
type: keyword
fortinet.firewall.oldwprof-
Old Web Filter Profile
type: keyword
fortinet.firewall.onwire-
A flag to indicate if the AP is onwire or not
type: keyword
fortinet.firewall.opercountry-
Operating Country
type: keyword
fortinet.firewall.opertxpower-
Operating TX power
type: integer
fortinet.firewall.osname-
Operating System name
type: keyword
fortinet.firewall.osversion-
Operating System version
type: keyword
fortinet.firewall.out_spi-
Out SPI
type: keyword
fortinet.firewall.outintf-
Out interface
type: keyword
fortinet.firewall.passedcount-
Fabric passed count
type: integer
fortinet.firewall.passwd-
Changed user password information
type: keyword
fortinet.firewall.path-
Path of looped configuration for security fabric
type: keyword
fortinet.firewall.peer-
WAN optimization peer
type: keyword
fortinet.firewall.peer_notif-
VPN peer notification
type: keyword
fortinet.firewall.phase2_name-
VPN phase2 name
type: keyword
fortinet.firewall.phone-
VOIP Phone
type: keyword
fortinet.firewall.pid-
Process ID
type: integer
fortinet.firewall.policytype-
Policy Type
type: keyword
fortinet.firewall.poolname-
IP Pool name
type: keyword
fortinet.firewall.port-
Log upload error port
type: integer
fortinet.firewall.portbegin-
IP Pool port number to begin
type: integer
fortinet.firewall.portend-
IP Pool port number to end
type: integer
fortinet.firewall.probeproto-
Link Monitor Probe Protocol
type: keyword
fortinet.firewall.process-
URL Filter process
type: keyword
fortinet.firewall.processtime-
Process time for reports
type: integer
fortinet.firewall.profile-
Profile Name
type: keyword
fortinet.firewall.profile_vd-
Virtual Domain Name
type: keyword
fortinet.firewall.profilegroup-
Profile Group Name
type: keyword
fortinet.firewall.profiletype-
Profile Type
type: keyword
fortinet.firewall.qtypeval-
DNS question type value
type: integer
fortinet.firewall.quarskip-
Quarantine skip explanation
type: keyword
fortinet.firewall.quotaexceeded-
If quota has been exceeded
type: keyword
fortinet.firewall.quotamax-
Maximum quota allowed - in seconds if time-based - in bytes if traffic-based
type: long
fortinet.firewall.quotatype-
Quota type
type: keyword
fortinet.firewall.quotaused-
Quota used - in seconds if time-based - in bytes if trafficbased)
type: long
fortinet.firewall.radioband-
Radio band
type: keyword
fortinet.firewall.radioid-
Radio ID
type: integer
fortinet.firewall.radioidclosest-
Radio ID on the AP closest the rogue AP
type: integer
fortinet.firewall.radioiddetected-
Radio ID on the AP which detected the rogue AP
type: integer
fortinet.firewall.rate-
Wireless rogue rate value
type: keyword
fortinet.firewall.rawdata-
Raw data value
type: keyword
fortinet.firewall.rawdataid-
Raw data ID
type: keyword
fortinet.firewall.rcvddelta-
Received bytes delta
type: keyword
fortinet.firewall.reason-
Alert reason
type: keyword
fortinet.firewall.received-
Server key exchange received
type: integer
fortinet.firewall.receivedsignature-
Server key exchange received signature
type: keyword
fortinet.firewall.red-
Memory information in red
type: keyword
fortinet.firewall.referralurl-
Web filter referralurl
type: keyword
fortinet.firewall.remote-
Remote PPP IP address
type: ip
fortinet.firewall.remotewtptime-
Remote Wifi Radius authentication time
type: keyword
fortinet.firewall.reporttype-
Report type
type: keyword
fortinet.firewall.reqtype-
Request type
type: keyword
fortinet.firewall.request_name-
VOIP request name
type: keyword
fortinet.firewall.result-
VPN phase result
type: keyword
fortinet.firewall.role-
VPN Phase 2 role
type: keyword
fortinet.firewall.rssi-
Received signal strength indicator
type: integer
fortinet.firewall.rsso_key-
RADIUS SSO attribute value
type: keyword
fortinet.firewall.ruledata-
Rule data
type: keyword
fortinet.firewall.ruletype-
Rule type
type: keyword
fortinet.firewall.scanned-
Number of Scanned MMSs
type: integer
fortinet.firewall.scantime-
Scanned time
type: long
fortinet.firewall.scope-
FortiGuard Override Scope
type: keyword
fortinet.firewall.security-
Wireless rogue security
type: keyword
fortinet.firewall.sensitivity-
Sensitivity for document fingerprint
type: keyword
fortinet.firewall.sensor-
NAC Sensor Name
type: keyword
fortinet.firewall.sentdelta-
Sent bytes delta
type: keyword
fortinet.firewall.seq-
Sequence number
type: keyword
fortinet.firewall.serial-
WAN optimisation serial
type: keyword
fortinet.firewall.serialno-
Serial number
type: keyword
fortinet.firewall.server-
AD server FQDN or IP
type: keyword
fortinet.firewall.session_id-
Session ID
type: keyword
fortinet.firewall.sessionid-
WAD Session ID
type: integer
fortinet.firewall.setuprate-
Session Setup Rate
type: long
fortinet.firewall.severity-
Severity
type: keyword
fortinet.firewall.shaperdroprcvdbyte-
Received bytes dropped by shaper
type: integer
fortinet.firewall.shaperdropsentbyte-
Sent bytes dropped by shaper
type: integer
fortinet.firewall.shaperperipdropbyte-
Dropped bytes per IP by shaper
type: integer
fortinet.firewall.shaperperipname-
Traffic shaper name (per IP)
type: keyword
fortinet.firewall.shaperrcvdname-
Traffic shaper name for received traffic
type: keyword
fortinet.firewall.shapersentname-
Traffic shaper name for sent traffic
type: keyword
fortinet.firewall.shapingpolicyid-
Traffic shaper policy ID
type: integer
fortinet.firewall.signal-
Wireless rogue API signal
type: integer
fortinet.firewall.size-
Email size in bytes
type: long
fortinet.firewall.slot-
Slot number
type: integer
fortinet.firewall.sn-
Security fabric serial number
type: keyword
fortinet.firewall.snclosest-
SN of the AP closest to the rogue AP
type: keyword
fortinet.firewall.sndetected-
SN of the AP which detected the rogue AP
type: keyword
fortinet.firewall.snmeshparent-
SN of the mesh parent
type: keyword
fortinet.firewall.spi-
IPSEC SPI
type: keyword
fortinet.firewall.src_int-
Source interface
type: keyword
fortinet.firewall.srcintfrole-
Source interface role
type: keyword
fortinet.firewall.srccountry-
Source country
type: keyword
fortinet.firewall.srcfamily-
Source family
type: keyword
fortinet.firewall.srchwvendor-
Source hardware vendor
type: keyword
fortinet.firewall.srchwversion-
Source hardware version
type: keyword
fortinet.firewall.srcinetsvc-
Source interface service
type: keyword
fortinet.firewall.srcname-
Source name
type: keyword
fortinet.firewall.srcserver-
Source server
type: integer
fortinet.firewall.srcssid-
Source SSID
type: keyword
fortinet.firewall.srcswversion-
Source software version
type: keyword
fortinet.firewall.srcuuid-
Source UUID
type: keyword
fortinet.firewall.sscname-
SSC name
type: keyword
fortinet.firewall.ssid-
Base Service Set ID
type: keyword
fortinet.firewall.sslaction-
SSL Action
type: keyword
fortinet.firewall.ssllocal-
WAD SSL local
type: keyword
fortinet.firewall.sslremote-
WAD SSL remote
type: keyword
fortinet.firewall.stacount-
Number of stations/clients
type: integer
fortinet.firewall.stage-
IPSEC stage
type: keyword
fortinet.firewall.stamac-
802.1x station mac
type: keyword
fortinet.firewall.state-
Admin login state
type: keyword
fortinet.firewall.status-
Status
type: keyword
fortinet.firewall.stitch-
Automation stitch triggered
type: keyword
fortinet.firewall.subject-
Email subject
type: keyword
fortinet.firewall.submodule-
Configuration Sub-Module Name
type: keyword
fortinet.firewall.subservice-
AV subservice
type: keyword
fortinet.firewall.subtype-
Log subtype
type: keyword
fortinet.firewall.suspicious-
Number of Suspicious MMSs
type: integer
fortinet.firewall.switchproto-
Protocol change information
type: keyword
fortinet.firewall.sync_status-
The sync status with the master
type: keyword
fortinet.firewall.sync_type-
The sync type with the master
type: keyword
fortinet.firewall.sysuptime-
System uptime
type: keyword
fortinet.firewall.tamac-
the MAC address of Transmitter, if none, then Receiver
type: keyword
fortinet.firewall.threattype-
WIDS threat type
type: keyword
fortinet.firewall.time-
Time of the event
type: keyword
fortinet.firewall.to-
Email to field
type: keyword
fortinet.firewall.to_vcluster-
destination virtual cluster number
type: integer
fortinet.firewall.total-
Total memory
type: integer
fortinet.firewall.totalsession-
Total Number of Sessions
type: integer
fortinet.firewall.trace_id-
Session clash trace ID
type: keyword
fortinet.firewall.trandisp-
NAT translation type
type: keyword
fortinet.firewall.transid-
HTTP transaction ID
type: integer
fortinet.firewall.translationid-
DNS filter transaltion ID
type: keyword
fortinet.firewall.trigger-
Automation stitch trigger
type: keyword
fortinet.firewall.trueclntip-
File filter true client IP
type: ip
fortinet.firewall.tunnelid-
IPSEC tunnel ID
type: integer
fortinet.firewall.tunnelip-
IPSEC tunnel IP
type: ip
fortinet.firewall.tunneltype-
IPSEC tunnel type
type: keyword
fortinet.firewall.type-
Module type
type: keyword
fortinet.firewall.ui-
Admin authentication UI type
type: keyword
fortinet.firewall.unauthusersource-
Unauthenticated user source
type: keyword
fortinet.firewall.unit-
Power supply unit
type: integer
fortinet.firewall.urlfilteridx-
URL filter ID
type: integer
fortinet.firewall.urlfilterlist-
URL filter list
type: keyword
fortinet.firewall.urlsource-
URL filter source
type: keyword
fortinet.firewall.urltype-
URL filter type
type: keyword
fortinet.firewall.used-
Number of Used IPs
type: integer
fortinet.firewall.used_for_type-
Connection for the type
type: integer
fortinet.firewall.utmaction-
Security action performed by UTM
type: keyword
fortinet.firewall.utmref-
Reference to UTM
type: keyword
fortinet.firewall.vap-
Virtual AP
type: keyword
fortinet.firewall.vapmode-
Virtual AP mode
type: keyword
fortinet.firewall.vcluster-
virtual cluster id
type: integer
fortinet.firewall.vcluster_member-
Virtual cluster member
type: integer
fortinet.firewall.vcluster_state-
Virtual cluster state
type: keyword
fortinet.firewall.vd-
Virtual Domain Name
type: keyword
fortinet.firewall.vdname-
Virtual Domain Name
type: keyword
fortinet.firewall.vendorurl-
Vulnerability scan vendor name
type: keyword
fortinet.firewall.version-
Version
type: keyword
fortinet.firewall.vip-
Virtual IP
type: keyword
fortinet.firewall.virus-
Virus name
type: keyword
fortinet.firewall.virusid-
Virus ID (unique virus identifier)
type: integer
fortinet.firewall.voip_proto-
VOIP protocol
type: keyword
fortinet.firewall.vpn-
VPN description
type: keyword
fortinet.firewall.vpntunnel-
IPsec Vpn Tunnel Name
type: keyword
fortinet.firewall.vpntype-
The type of the VPN tunnel
type: keyword
fortinet.firewall.vrf-
VRF number
type: integer
fortinet.firewall.vulncat-
Vulnerability Category
type: keyword
fortinet.firewall.vulnid-
Vulnerability ID
type: integer
fortinet.firewall.vulnname-
Vulnerability name
type: keyword
fortinet.firewall.vwlid-
VWL ID
type: integer
fortinet.firewall.vwlquality-
VWL quality
type: keyword
fortinet.firewall.vwlservice-
VWL service
type: keyword
fortinet.firewall.vwpvlanid-
VWP VLAN ID
type: integer
fortinet.firewall.wanin-
WAN incoming traffic in bytes
type: long
fortinet.firewall.wanoptapptype-
WAN Optimization Application type
type: keyword
fortinet.firewall.wanout-
WAN outgoing traffic in bytes
type: long
fortinet.firewall.weakwepiv-
Weak Wep Initiation Vector
type: keyword
fortinet.firewall.xauthgroup-
XAuth Group Name
type: keyword
fortinet.firewall.xauthuser-
XAuth User Name
type: keyword
fortinet.firewall.xid-
Wireless X ID
type: integer