Date/Time host CEF:Version|Device Vendor|Device Product|DeviceDisplays as following in FortiOS logs with CEF enabled:
Version|Signature ID|Name|Severity|[Extension]
"MMM dd HH:mm:ss" "hostname of the fortigate" CEF:0|Fortinet|Fortigate|version|logid|type:subtype +[eventtype] +[action] +[status]|reversed level|...The SignatureId field in FortiOS logs maps to the logid field in CEF and have to be last 5 digits of logid.
type:subtype + [eventtype] + [action] + [status]Following is an example of the header and one key-value pair for extension from the Event VPN log in CEF:
#Feb 12 10:31:04 syslog-800c CEF:0|Fortinet|Fortigate|v5.6.0|37127|event:vpn negotiateThe type:subtype field in FortiOS logs maps to the cat field in CEF.
success|3|FTNTFGTlogid=0101037127
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.