DATE

Event date, in the format YYYY-MM-DD

TIME

Event time, in the format HH:MM:SS

SYSTEM

The source system

TABLE

FortiGateAnomaly

CRITICALITY

LOGID  

Unique 10-digit identifier (log type, subtype/event type and message ID) for that specific log and includes information about the log entry

TYPE  

Represented by the first two digits of the log ID

SUBTYPE  

Represented by the first/second two digits of the log ID

EVENTTYPE  

Represented by the second two digits of the log ID

DEVNAME  

DEVID  

Serial number of the device for the traffic's origin

LEVEL  

Security level rating

VD  

Name of the virtual domain in which the log message was recorded

EVENTTIME  

Epoch time the log was triggered by FortiGate

SEVERITY

Severity

SRCIP

Source IP

SRCCOUNTRY

DSTIP

Destination IP

SRCINTF

Source interface

SRCINTFROLE

SESSIONID

Session ID

ACTION

Action

PROTO

Protocol

SERVICE

Name of service

COUNT

Count

ATTACK

Attack

ICMPID

ICMP ID

ICMPTYPE

ICMP type

ICMPCODE

ICMP code

ATTACKID

Attack ID

POLICYID

Policy ID

POLICYTYPE

REF

Reference

MSG

Log Message

CRSCORE

Client Reputation score

CRACTION

Client Reputation action

CRLEVEL

Client Reputation level

SNAREDATAMAP

All other data in the event will be pushed to this field