DATE

Event date, in the format YYYY-MM-DD

TIME

Event time, in the format HH:MM:SS

SYSTEM

The source system

TABLE

FortiGateDLP

CRITICALITY

LOGID  

Unique 10-digit identifier (log type, subtype/event type and message ID) for that specific log and includes information about the log entry

TYPE  

Represented by the first two digits of the log ID

SUBTYPE  

Represented by the first/second two digits of the log ID

EVENTTYPE  

Represented by the second two digits of the log ID

DEVNAME  

DEVID  

Serial number of the device for the traffic's origin

LEVEL  

Security level rating

VD  

Name of the virtual domain in which the log message was recorded

EVENTTIME  

Epoch time the log was triggered by FortiGate

TZ

FILTERIDX

DLP filter ID

DLPEXTRA

DLP extra information

FILTERTYPE

File type

FILTERCAT

DLP filter category

SEVERITY

Severity level of a DLP rule

POLICYID

Policy ID

SESSIONID

Session ID

EPOCH

Epoch used for locating file

EVENTID

The serial number of the dlparchive file in the same epoch

USER

User name

GROUP

User group name

SRCIP

Source IP

SRCPORT

Source port

SRCINTF

Source interface

SRCINTFROLE

DSTIP

Destination IP

DSTPORT

Destination port

DSTINTF

Destination interface

DSTINTFROLE

PROTO

Protocol number

VRF

SERVICE

Service name

FILETYPE

DLP filter type

DIRECTION

Direction of packets

ACTION

Security action performed by DLP

HOSTNAME

The host name of a URL

URL

The URL address

AGENT

User agent - eg. agent="Mozilla/5.0"

FROM

Email address from the Email Headers (IMAP/POP3/SMTP)

TO

Email address(es) from the Email Headers (IMAP/POP3/SMTP)

SENDER

Email address from the SMTP envelope

RECIPIENT

Email addresses from the SMTP envelope

SUBJECT

The subject title of the email message

FILENAME

File name

FILESIZE

File size in bytes

PROFILE

DLP profile name

SNAREDATAMAP

All other data in the event will be pushed to this field