docs/reference/filebeat/exported-fields-fortinet.md
% This file is generated! See dev-tools/mage/generate_fields_docs.go
fortinet Module
Fields from fortinet FortiOS
fortinet.file.hash.crc32
: CRC32 Hash of file
type: keyword
stack: beta
Module for parsing Fortinet syslog.
fortinet.firewall.acct_stat
: Accounting state (RADIUS)
type: keyword
fortinet.firewall.acktime
: Alarm Acknowledge Time
type: keyword
fortinet.firewall.act
: Action
type: keyword
fortinet.firewall.action
: Status of the session
type: keyword
fortinet.firewall.activity
: HA activity message
type: keyword
fortinet.firewall.addr
: IP Address
type: ip
fortinet.firewall.addr_type
: Address Type
type: keyword
fortinet.firewall.addrgrp
: Address Group
type: keyword
fortinet.firewall.adgroup
: AD Group Name
type: keyword
fortinet.firewall.admin
: Admin User
type: keyword
fortinet.firewall.age
: Time in seconds - time passed since last seen
type: integer
fortinet.firewall.agent
: User agent - eg. agent="Mozilla/5.0"
type: keyword
fortinet.firewall.alarmid
: Alarm ID
type: integer
fortinet.firewall.alert
: Alert
type: keyword
fortinet.firewall.analyticscksum
: The checksum of the file submitted for analytics
type: keyword
fortinet.firewall.analyticssubmit
: The flag for analytics submission
type: keyword
fortinet.firewall.ap
: Access Point
type: keyword
fortinet.firewall.app-type
: Address Type
type: keyword
fortinet.firewall.appact
: The security action from app control
type: keyword
fortinet.firewall.appid
: Application ID
type: integer
fortinet.firewall.applist
: Application Control profile
type: keyword
fortinet.firewall.apprisk
: Application Risk Level
type: keyword
fortinet.firewall.apscan
: The name of the AP, which scanned and detected the rogue AP
type: keyword
fortinet.firewall.apsn
: Access Point
type: keyword
fortinet.firewall.apstatus
: Access Point status
type: keyword
fortinet.firewall.aptype
: Access Point type
type: keyword
fortinet.firewall.assigned
: Assigned IP Address
type: ip
fortinet.firewall.assignip
: Assigned IP Address
type: ip
fortinet.firewall.attachment
: The flag for email attachement
type: keyword
fortinet.firewall.attack
: Attack Name
type: keyword
fortinet.firewall.attackcontext
: The trigger patterns and the packetdata with base64 encoding
type: keyword
fortinet.firewall.attackcontextid
: Attack context id / total
type: keyword
fortinet.firewall.attackid
: Attack ID
type: integer
fortinet.firewall.auditid
: Audit ID
type: long
fortinet.firewall.auditscore
: The Audit Score
type: keyword
fortinet.firewall.audittime
: The time of the audit
type: long
fortinet.firewall.authgrp
: Authorization Group
type: keyword
fortinet.firewall.authid
: Authentication ID
type: keyword
fortinet.firewall.authproto
: The protocol that initiated the authentication
type: keyword
fortinet.firewall.authserver
: Authentication server
type: keyword
fortinet.firewall.bandwidth
: Bandwidth
type: keyword
fortinet.firewall.banned_rule
: NAC quarantine Banned Rule Name
type: keyword
fortinet.firewall.banned_src
: NAC quarantine Banned Source IP
type: keyword
fortinet.firewall.banword
: Banned word
type: keyword
fortinet.firewall.botnetdomain
: Botnet Domain Name
type: keyword
fortinet.firewall.botnetip
: Botnet IP Address
type: ip
fortinet.firewall.bssid
: Service Set ID
type: keyword
fortinet.firewall.call_id
: Caller ID
type: keyword
fortinet.firewall.carrier_ep
: The FortiOS Carrier end-point identification
type: keyword
fortinet.firewall.cat
: DNS category ID
type: integer
fortinet.firewall.category
: Authentication category
type: keyword
fortinet.firewall.cc
: CC Email Address
type: keyword
fortinet.firewall.cdrcontent
: Cdrcontent
type: keyword
fortinet.firewall.centralnatid
: Central NAT ID
type: integer
fortinet.firewall.cert
: Certificate
type: keyword
fortinet.firewall.cert-type
: Certificate type
type: keyword
fortinet.firewall.certhash
: Certificate hash
type: keyword
fortinet.firewall.cfgattr
: Configuration attribute
type: keyword
fortinet.firewall.cfgobj
: Configuration object
type: keyword
fortinet.firewall.cfgpath
: Configuration path
type: keyword
fortinet.firewall.cfgtid
: Configuration transaction ID
type: keyword
fortinet.firewall.cfgtxpower
: Configuration TX power
type: integer
fortinet.firewall.channel
: Wireless Channel
type: integer
fortinet.firewall.channeltype
: SSH channel type
type: keyword
fortinet.firewall.chassisid
: Chassis ID
type: integer
fortinet.firewall.checksum
: The checksum of the scanned file
type: keyword
fortinet.firewall.chgheaders
: HTTP Headers
type: keyword
fortinet.firewall.cldobjid
: Connector object ID
type: keyword
fortinet.firewall.client_addr
: Wifi client address
type: keyword
fortinet.firewall.cloudaction
: Cloud Action
type: keyword
fortinet.firewall.clouduser
: Cloud User
type: keyword
fortinet.firewall.column
: VOIP Column
type: integer
fortinet.firewall.command
: CLI Command
type: keyword
fortinet.firewall.community
: SNMP Community
type: keyword
fortinet.firewall.configcountry
: Configuration country
type: keyword
fortinet.firewall.connection_type
: FortiClient Connection Type
type: keyword
fortinet.firewall.conserve
: Flag for conserve mode
type: keyword
fortinet.firewall.constraint
: WAF http protocol restrictions
type: keyword
fortinet.firewall.contentdisarmed
: Email scanned content
type: keyword
fortinet.firewall.contenttype
: Content Type from HTTP header
type: keyword
fortinet.firewall.cookies
: VPN Cookie
type: keyword
fortinet.firewall.count
: Counts of action type
type: integer
fortinet.firewall.countapp
: Number of App Ctrl logs associated with the session
type: integer
fortinet.firewall.countav
: Number of AV logs associated with the session
type: integer
fortinet.firewall.countcifs
: Number of CIFS logs associated with the session
type: integer
fortinet.firewall.countdlp
: Number of DLP logs associated with the session
type: integer
fortinet.firewall.countdns
: Number of DNS logs associated with the session
type: integer
fortinet.firewall.countemail
: Number of email logs associated with the session
type: integer
fortinet.firewall.countff
: Number of ff logs associated with the session
type: integer
fortinet.firewall.countips
: Number of IPS logs associated with the session
type: integer
fortinet.firewall.countssh
: Number of SSH logs associated with the session
type: integer
fortinet.firewall.countssl
: Number of SSL logs associated with the session
type: integer
fortinet.firewall.countwaf
: Number of WAF logs associated with the session
type: integer
fortinet.firewall.countweb
: Number of Web filter logs associated with the session
type: integer
fortinet.firewall.cpu
: CPU Usage
type: integer
fortinet.firewall.craction
: Client Reputation Action
type: integer
fortinet.firewall.criticalcount
: Number of critical ratings
type: integer
fortinet.firewall.crl
: Client Reputation Level
type: keyword
fortinet.firewall.crlevel
: Client Reputation Level
type: keyword
fortinet.firewall.crscore
: Some description
type: integer
fortinet.firewall.cveid
: CVE ID
type: keyword
fortinet.firewall.daemon
: Daemon name
type: keyword
fortinet.firewall.datarange
: Data range for reports
type: keyword
fortinet.firewall.date
: Date
type: keyword
fortinet.firewall.ddnsserver
: DDNS server
type: ip
fortinet.firewall.desc
: Description
type: keyword
fortinet.firewall.detectionmethod
: Detection method
type: keyword
fortinet.firewall.devcategory
: Device category
type: keyword
fortinet.firewall.devintfname
: HA device Interface Name
type: keyword
fortinet.firewall.devtype
: Device type
type: keyword
fortinet.firewall.dhcp_msg
: DHCP Message
type: keyword
fortinet.firewall.dintf
: Destination interface
type: keyword
fortinet.firewall.disk
: Assosciated disk
type: keyword
fortinet.firewall.disklograte
: Disk logging rate
type: long
fortinet.firewall.dlpextra
: DLP extra information
type: keyword
fortinet.firewall.docsource
: DLP fingerprint document source
type: keyword
fortinet.firewall.domainctrlauthstate
: CIFS domain auth state
type: integer
fortinet.firewall.domainctrlauthtype
: CIFS domain auth type
type: integer
fortinet.firewall.domainctrldomain
: CIFS domain auth domain
type: keyword
fortinet.firewall.domainctrlip
: CIFS Domain IP
type: ip
fortinet.firewall.domainctrlname
: CIFS Domain name
type: keyword
fortinet.firewall.domainctrlprotocoltype
: CIFS Domain connection protocol
type: integer
fortinet.firewall.domainctrlusername
: CIFS Domain username
type: keyword
fortinet.firewall.domainfilteridx
: Domain filter ID
type: integer
fortinet.firewall.domainfilterlist
: Domain filter name
type: keyword
fortinet.firewall.ds
: Direction with distribution system
type: keyword
fortinet.firewall.dst_int
: Destination interface
type: keyword
fortinet.firewall.dstintfrole
: Destination interface role
type: keyword
fortinet.firewall.dstcountry
: Destination country
type: keyword
fortinet.firewall.dstdevcategory
: Destination device category
type: keyword
fortinet.firewall.dstdevtype
: Destination device type
type: keyword
fortinet.firewall.dstfamily
: Destination OS family
type: keyword
fortinet.firewall.dsthwvendor
: Destination HW vendor
type: keyword
fortinet.firewall.dsthwversion
: Destination HW version
type: keyword
fortinet.firewall.dstinetsvc
: Destination interface service
type: keyword
fortinet.firewall.dstosname
: Destination OS name
type: keyword
fortinet.firewall.dstosversion
: Destination OS version
type: keyword
fortinet.firewall.dstserver
: Destination server
type: integer
fortinet.firewall.dstssid
: Destination SSID
type: keyword
fortinet.firewall.dstswversion
: Destination software version
type: keyword
fortinet.firewall.dstunauthusersource
: Destination unauthenticated source
type: keyword
fortinet.firewall.dstuuid
: UUID of the Destination IP address
type: keyword
fortinet.firewall.duid
: DHCP UID
type: keyword
fortinet.firewall.eapolcnt
: EAPOL packet count
type: integer
fortinet.firewall.eapoltype
: EAPOL packet type
type: keyword
fortinet.firewall.encrypt
: Whether the packet is encrypted or not
type: integer
fortinet.firewall.encryption
: Encryption method
type: keyword
fortinet.firewall.epoch
: Epoch used for locating file
type: integer
fortinet.firewall.espauth
: ESP Authentication
type: keyword
fortinet.firewall.esptransform
: ESP Transform
type: keyword
fortinet.firewall.eventtype
: UTM Event Type
type: keyword
fortinet.firewall.exch
: Mail Exchanges from DNS response answer section
type: keyword
fortinet.firewall.exchange
: Mail Exchanges from DNS response answer section
type: keyword
fortinet.firewall.expectedsignature
: Expected SSL signature
type: keyword
fortinet.firewall.expiry
: FortiGuard override expiry timestamp
type: keyword
fortinet.firewall.fams_pause
: Fortinet Analysis and Management Service Pause
type: integer
fortinet.firewall.fazlograte
: FortiAnalyzer Logging Rate
type: long
fortinet.firewall.fctemssn
: FortiClient Endpoint SSN
type: keyword
fortinet.firewall.fctuid
: FortiClient UID
type: keyword
fortinet.firewall.field
: NTP status field
type: keyword
fortinet.firewall.filefilter
: The filter used to identify the affected file
type: keyword
fortinet.firewall.filehashsrc
: Filehash source
type: keyword
fortinet.firewall.filtercat
: DLP filter category
type: keyword
fortinet.firewall.filteridx
: DLP filter ID
type: integer
fortinet.firewall.filtername
: DLP rule name
type: keyword
fortinet.firewall.filtertype
: DLP filter type
type: keyword
fortinet.firewall.fortiguardresp
: Antispam ESP value
type: keyword
fortinet.firewall.forwardedfor
: Email address forwarded
type: keyword
fortinet.firewall.fqdn
: FQDN
type: keyword
fortinet.firewall.frametype
: Wireless frametype
type: keyword
fortinet.firewall.freediskstorage
: Free disk integer
type: integer
fortinet.firewall.from
: From email address
type: keyword
fortinet.firewall.from_vcluster
: Source virtual cluster number
type: integer
fortinet.firewall.fsaverdict
: FSA verdict
type: keyword
fortinet.firewall.fwserver_name
: Web proxy server name
type: keyword
fortinet.firewall.gateway
: Gateway ip address for PPPoE status report
type: ip
fortinet.firewall.green
: Memory status
type: keyword
fortinet.firewall.groupid
: User Group ID
type: integer
fortinet.firewall.ha-prio
: HA Priority
type: integer
fortinet.firewall.ha_group
: HA Group
type: keyword
fortinet.firewall.ha_role
: HA Role
type: keyword
fortinet.firewall.handshake
: SSL Handshake
type: keyword
fortinet.firewall.hash
: Hash value of downloaded file
type: keyword
fortinet.firewall.hbdn_reason
: Heartbeat down reason
type: keyword
fortinet.firewall.highcount
: Highcount fabric summary
type: integer
fortinet.firewall.host
: Hostname
type: keyword
fortinet.firewall.iaid
: DHCPv6 id
type: keyword
fortinet.firewall.icmpcode
: Destination Port of the ICMP message
type: keyword
fortinet.firewall.icmpid
: Source port of the ICMP message
type: keyword
fortinet.firewall.icmptype
: The type of ICMP message
type: keyword
fortinet.firewall.identifier
: Network traffic identifier
type: integer
fortinet.firewall.in_spi
: IPSEC inbound SPI
type: keyword
fortinet.firewall.incidentserialno
: Incident serial number
type: integer
fortinet.firewall.infected
: Infected MMS
type: integer
fortinet.firewall.infectedfilelevel
: DLP infected file level
type: integer
fortinet.firewall.informationsource
: Information source
type: keyword
fortinet.firewall.init
: IPSEC init stage
type: keyword
fortinet.firewall.initiator
: Original login user name for Fortiguard override
type: keyword
fortinet.firewall.interface
: Related interface
type: keyword
fortinet.firewall.intf
: Related interface
type: keyword
fortinet.firewall.invalidmac
: The MAC address with invalid OUI
type: keyword
fortinet.firewall.ip
: Related IP
type: ip
fortinet.firewall.iptype
: Related IP type
type: keyword
fortinet.firewall.keyword
: Keyword used for search
type: keyword
fortinet.firewall.kind
: VOIP kind
type: keyword
fortinet.firewall.lanin
: LAN incoming traffic in bytes
type: long
fortinet.firewall.lanout
: LAN outbound traffic in bytes
type: long
fortinet.firewall.lease
: DHCP lease
type: integer
fortinet.firewall.license_limit
: Maximum Number of FortiClients for the License
type: keyword
fortinet.firewall.limit
: Virtual Domain Resource Limit
type: integer
fortinet.firewall.line
: VOIP line
type: keyword
fortinet.firewall.live
: Time in seconds
type: integer
fortinet.firewall.local
: Local IP for a PPPD Connection
type: ip
fortinet.firewall.log
: Log message
type: keyword
fortinet.firewall.login
: SSH login
type: keyword
fortinet.firewall.lowcount
: Fabric lowcount
type: integer
fortinet.firewall.mac
: DHCP mac address
type: keyword
fortinet.firewall.malform_data
: VOIP malformed data
type: integer
fortinet.firewall.malform_desc
: VOIP malformed data description
type: keyword
fortinet.firewall.manuf
: Manufacturer name
type: keyword
fortinet.firewall.masterdstmac
: Master mac address for a host with multiple network interfaces
type: keyword
fortinet.firewall.mastersrcmac
: The master MAC address for a host that has multiple network interfaces
type: keyword
fortinet.firewall.mediumcount
: Fabric medium count
type: integer
fortinet.firewall.mem
: Memory usage system statistics
type: integer
fortinet.firewall.meshmode
: Wireless mesh mode
type: keyword
fortinet.firewall.message_type
: VOIP message type
type: keyword
fortinet.firewall.method
: HTTP method
type: keyword
fortinet.firewall.mgmtcnt
: The number of unauthorized client flooding managemet frames
type: integer
fortinet.firewall.mode
: IPSEC mode
type: keyword
fortinet.firewall.module
: PCI-DSS module
type: keyword
fortinet.firewall.monitor-name
: Health Monitor Name
type: keyword
fortinet.firewall.monitor-type
: Health Monitor Type
type: keyword
fortinet.firewall.mpsk
: Wireless MPSK
type: keyword
fortinet.firewall.msgproto
: Message Protocol Number
type: keyword
fortinet.firewall.mtu
: Max Transmission Unit Value
type: integer
fortinet.firewall.name
: Name
type: keyword
fortinet.firewall.nat
: NAT IP Address
type: keyword
fortinet.firewall.netid
: Connector NetID
type: keyword
fortinet.firewall.new_status
: New status on user change
type: keyword
fortinet.firewall.new_value
: New Virtual Domain Name
type: keyword
fortinet.firewall.newchannel
: New Channel Number
type: integer
fortinet.firewall.newchassisid
: New Chassis ID
type: integer
fortinet.firewall.newslot
: New Slot Number
type: integer
fortinet.firewall.nextstat
: Time interval in seconds for the next statistics.
type: integer
fortinet.firewall.nf_type
: Notification Type
type: keyword
fortinet.firewall.noise
: Wifi Noise
type: integer
fortinet.firewall.old_status
: Original Status
type: keyword
fortinet.firewall.old_value
: Original Virtual Domain name
type: keyword
fortinet.firewall.oldchannel
: Original channel
type: integer
fortinet.firewall.oldchassisid
: Original Chassis Number
type: integer
fortinet.firewall.oldslot
: Original Slot Number
type: integer
fortinet.firewall.oldsn
: Old Serial number
type: keyword
fortinet.firewall.oldwprof
: Old Web Filter Profile
type: keyword
fortinet.firewall.onwire
: A flag to indicate if the AP is onwire or not
type: keyword
fortinet.firewall.opercountry
: Operating Country
type: keyword
fortinet.firewall.opertxpower
: Operating TX power
type: integer
fortinet.firewall.osname
: Operating System name
type: keyword
fortinet.firewall.osversion
: Operating System version
type: keyword
fortinet.firewall.out_spi
: Out SPI
type: keyword
fortinet.firewall.outintf
: Out interface
type: keyword
fortinet.firewall.passedcount
: Fabric passed count
type: integer
fortinet.firewall.passwd
: Changed user password information
type: keyword
fortinet.firewall.path
: Path of looped configuration for security fabric
type: keyword
fortinet.firewall.peer
: WAN optimization peer
type: keyword
fortinet.firewall.peer_notif
: VPN peer notification
type: keyword
fortinet.firewall.phase2_name
: VPN phase2 name
type: keyword
fortinet.firewall.phone
: VOIP Phone
type: keyword
fortinet.firewall.pid
: Process ID
type: integer
fortinet.firewall.policytype
: Policy Type
type: keyword
fortinet.firewall.poolname
: IP Pool name
type: keyword
fortinet.firewall.port
: Log upload error port
type: integer
fortinet.firewall.portbegin
: IP Pool port number to begin
type: integer
fortinet.firewall.portend
: IP Pool port number to end
type: integer
fortinet.firewall.probeproto
: Link Monitor Probe Protocol
type: keyword
fortinet.firewall.process
: URL Filter process
type: keyword
fortinet.firewall.processtime
: Process time for reports
type: integer
fortinet.firewall.profile
: Profile Name
type: keyword
fortinet.firewall.profile_vd
: Virtual Domain Name
type: keyword
fortinet.firewall.profilegroup
: Profile Group Name
type: keyword
fortinet.firewall.profiletype
: Profile Type
type: keyword
fortinet.firewall.qtypeval
: DNS question type value
type: integer
fortinet.firewall.quarskip
: Quarantine skip explanation
type: keyword
fortinet.firewall.quotaexceeded
: If quota has been exceeded
type: keyword
fortinet.firewall.quotamax
: Maximum quota allowed - in seconds if time-based - in bytes if traffic-based
type: long
fortinet.firewall.quotatype
: Quota type
type: keyword
fortinet.firewall.quotaused
: Quota used - in seconds if time-based - in bytes if trafficbased)
type: long
fortinet.firewall.radioband
: Radio band
type: keyword
fortinet.firewall.radioid
: Radio ID
type: integer
fortinet.firewall.radioidclosest
: Radio ID on the AP closest the rogue AP
type: integer
fortinet.firewall.radioiddetected
: Radio ID on the AP which detected the rogue AP
type: integer
fortinet.firewall.rate
: Wireless rogue rate value
type: keyword
fortinet.firewall.rawdata
: Raw data value
type: keyword
fortinet.firewall.rawdataid
: Raw data ID
type: keyword
fortinet.firewall.rcvddelta
: Received bytes delta
type: keyword
fortinet.firewall.reason
: Alert reason
type: keyword
fortinet.firewall.received
: Server key exchange received
type: integer
fortinet.firewall.receivedsignature
: Server key exchange received signature
type: keyword
fortinet.firewall.red
: Memory information in red
type: keyword
fortinet.firewall.referralurl
: Web filter referralurl
type: keyword
fortinet.firewall.remote
: Remote PPP IP address
type: ip
fortinet.firewall.remotewtptime
: Remote Wifi Radius authentication time
type: keyword
fortinet.firewall.reporttype
: Report type
type: keyword
fortinet.firewall.reqtype
: Request type
type: keyword
fortinet.firewall.request_name
: VOIP request name
type: keyword
fortinet.firewall.result
: VPN phase result
type: keyword
fortinet.firewall.role
: VPN Phase 2 role
type: keyword
fortinet.firewall.rssi
: Received signal strength indicator
type: integer
fortinet.firewall.rsso_key
: RADIUS SSO attribute value
type: keyword
fortinet.firewall.ruledata
: Rule data
type: keyword
fortinet.firewall.ruletype
: Rule type
type: keyword
fortinet.firewall.scanned
: Number of Scanned MMSs
type: integer
fortinet.firewall.scantime
: Scanned time
type: long
fortinet.firewall.scope
: FortiGuard Override Scope
type: keyword
fortinet.firewall.security
: Wireless rogue security
type: keyword
fortinet.firewall.sensitivity
: Sensitivity for document fingerprint
type: keyword
fortinet.firewall.sensor
: NAC Sensor Name
type: keyword
fortinet.firewall.sentdelta
: Sent bytes delta
type: keyword
fortinet.firewall.seq
: Sequence number
type: keyword
fortinet.firewall.serial
: WAN optimisation serial
type: keyword
fortinet.firewall.serialno
: Serial number
type: keyword
fortinet.firewall.server
: AD server FQDN or IP
type: keyword
fortinet.firewall.session_id
: Session ID
type: keyword
fortinet.firewall.sessionid
: WAD Session ID
type: integer
fortinet.firewall.setuprate
: Session Setup Rate
type: long
fortinet.firewall.severity
: Severity
type: keyword
fortinet.firewall.shaperdroprcvdbyte
: Received bytes dropped by shaper
type: integer
fortinet.firewall.shaperdropsentbyte
: Sent bytes dropped by shaper
type: integer
fortinet.firewall.shaperperipdropbyte
: Dropped bytes per IP by shaper
type: integer
fortinet.firewall.shaperperipname
: Traffic shaper name (per IP)
type: keyword
fortinet.firewall.shaperrcvdname
: Traffic shaper name for received traffic
type: keyword
fortinet.firewall.shapersentname
: Traffic shaper name for sent traffic
type: keyword
fortinet.firewall.shapingpolicyid
: Traffic shaper policy ID
type: integer
fortinet.firewall.signal
: Wireless rogue API signal
type: integer
fortinet.firewall.size
: Email size in bytes
type: long
fortinet.firewall.slot
: Slot number
type: integer
fortinet.firewall.sn
: Security fabric serial number
type: keyword
fortinet.firewall.snclosest
: SN of the AP closest to the rogue AP
type: keyword
fortinet.firewall.sndetected
: SN of the AP which detected the rogue AP
type: keyword
fortinet.firewall.snmeshparent
: SN of the mesh parent
type: keyword
fortinet.firewall.spi
: IPSEC SPI
type: keyword
fortinet.firewall.src_int
: Source interface
type: keyword
fortinet.firewall.srcintfrole
: Source interface role
type: keyword
fortinet.firewall.srccountry
: Source country
type: keyword
fortinet.firewall.srcfamily
: Source family
type: keyword
fortinet.firewall.srchwvendor
: Source hardware vendor
type: keyword
fortinet.firewall.srchwversion
: Source hardware version
type: keyword
fortinet.firewall.srcinetsvc
: Source interface service
type: keyword
fortinet.firewall.srcname
: Source name
type: keyword
fortinet.firewall.srcserver
: Source server
type: integer
fortinet.firewall.srcssid
: Source SSID
type: keyword
fortinet.firewall.srcswversion
: Source software version
type: keyword
fortinet.firewall.srcuuid
: Source UUID
type: keyword
fortinet.firewall.sscname
: SSC name
type: keyword
fortinet.firewall.ssid
: Base Service Set ID
type: keyword
fortinet.firewall.sslaction
: SSL Action
type: keyword
fortinet.firewall.ssllocal
: WAD SSL local
type: keyword
fortinet.firewall.sslremote
: WAD SSL remote
type: keyword
fortinet.firewall.stacount
: Number of stations/clients
type: integer
fortinet.firewall.stage
: IPSEC stage
type: keyword
fortinet.firewall.stamac
: 802.1x station mac
type: keyword
fortinet.firewall.state
: Admin login state
type: keyword
fortinet.firewall.status
: Status
type: keyword
fortinet.firewall.stitch
: Automation stitch triggered
type: keyword
fortinet.firewall.subject
: Email subject
type: keyword
fortinet.firewall.submodule
: Configuration Sub-Module Name
type: keyword
fortinet.firewall.subservice
: AV subservice
type: keyword
fortinet.firewall.subtype
: Log subtype
type: keyword
fortinet.firewall.suspicious
: Number of Suspicious MMSs
type: integer
fortinet.firewall.switchproto
: Protocol change information
type: keyword
fortinet.firewall.sync_status
: The sync status with the master
type: keyword
fortinet.firewall.sync_type
: The sync type with the master
type: keyword
fortinet.firewall.sysuptime
: System uptime
type: keyword
fortinet.firewall.tamac
: the MAC address of Transmitter, if none, then Receiver
type: keyword
fortinet.firewall.threattype
: WIDS threat type
type: keyword
fortinet.firewall.time
: Time of the event
type: keyword
fortinet.firewall.to
: Email to field
type: keyword
fortinet.firewall.to_vcluster
: destination virtual cluster number
type: integer
fortinet.firewall.total
: Total memory
type: integer
fortinet.firewall.totalsession
: Total Number of Sessions
type: integer
fortinet.firewall.trace_id
: Session clash trace ID
type: keyword
fortinet.firewall.trandisp
: NAT translation type
type: keyword
fortinet.firewall.transid
: HTTP transaction ID
type: integer
fortinet.firewall.translationid
: DNS filter transaltion ID
type: keyword
fortinet.firewall.trigger
: Automation stitch trigger
type: keyword
fortinet.firewall.trueclntip
: File filter true client IP
type: ip
fortinet.firewall.tunnelid
: IPSEC tunnel ID
type: integer
fortinet.firewall.tunnelip
: IPSEC tunnel IP
type: ip
fortinet.firewall.tunneltype
: IPSEC tunnel type
type: keyword
fortinet.firewall.type
: Module type
type: keyword
fortinet.firewall.ui
: Admin authentication UI type
type: keyword
fortinet.firewall.unauthusersource
: Unauthenticated user source
type: keyword
fortinet.firewall.unit
: Power supply unit
type: integer
fortinet.firewall.urlfilteridx
: URL filter ID
type: integer
fortinet.firewall.urlfilterlist
: URL filter list
type: keyword
fortinet.firewall.urlsource
: URL filter source
type: keyword
fortinet.firewall.urltype
: URL filter type
type: keyword
fortinet.firewall.used
: Number of Used IPs
type: integer
fortinet.firewall.used_for_type
: Connection for the type
type: integer
fortinet.firewall.utmaction
: Security action performed by UTM
type: keyword
fortinet.firewall.utmref
: Reference to UTM
type: keyword
fortinet.firewall.vap
: Virtual AP
type: keyword
fortinet.firewall.vapmode
: Virtual AP mode
type: keyword
fortinet.firewall.vcluster
: virtual cluster id
type: integer
fortinet.firewall.vcluster_member
: Virtual cluster member
type: integer
fortinet.firewall.vcluster_state
: Virtual cluster state
type: keyword
fortinet.firewall.vd
: Virtual Domain Name
type: keyword
fortinet.firewall.vdname
: Virtual Domain Name
type: keyword
fortinet.firewall.vendorurl
: Vulnerability scan vendor name
type: keyword
fortinet.firewall.version
: Version
type: keyword
fortinet.firewall.vip
: Virtual IP
type: keyword
fortinet.firewall.virus
: Virus name
type: keyword
fortinet.firewall.virusid
: Virus ID (unique virus identifier)
type: integer
fortinet.firewall.voip_proto
: VOIP protocol
type: keyword
fortinet.firewall.vpn
: VPN description
type: keyword
fortinet.firewall.vpntunnel
: IPsec Vpn Tunnel Name
type: keyword
fortinet.firewall.vpntype
: The type of the VPN tunnel
type: keyword
fortinet.firewall.vrf
: VRF number
type: integer
fortinet.firewall.vulncat
: Vulnerability Category
type: keyword
fortinet.firewall.vulnid
: Vulnerability ID
type: integer
fortinet.firewall.vulnname
: Vulnerability name
type: keyword
fortinet.firewall.vwlid
: VWL ID
type: integer
fortinet.firewall.vwlquality
: VWL quality
type: keyword
fortinet.firewall.vwlservice
: VWL service
type: keyword
fortinet.firewall.vwpvlanid
: VWP VLAN ID
type: integer
fortinet.firewall.wanin
: WAN incoming traffic in bytes
type: long
fortinet.firewall.wanoptapptype
: WAN Optimization Application type
type: keyword
fortinet.firewall.wanout
: WAN outgoing traffic in bytes
type: long
fortinet.firewall.weakwepiv
: Weak Wep Initiation Vector
type: keyword
fortinet.firewall.xauthgroup
: XAuth Group Name
type: keyword
fortinet.firewall.xauthuser
: XAuth User Name
type: keyword
fortinet.firewall.xid
: Wireless X ID
type: integer