184 lines
No EOL
2.1 KiB
Text
184 lines
No EOL
2.1 KiB
Text
= Fortianalyzer SQL tables list
|
|
Author: Yuri Slobodyanyuk, https://www.linkedin.com/in/yurislobodyanyuk/
|
|
:homepage: https://yurisk.info
|
|
|
|
|
|
Reference: https://docs.fortinet.com/document/fortigate/6.4.0/fortios-log-message-reference/384955/traffic
|
|
|
|
|
|
.Table columns for Traffic Log
|
|
[cols=2, options="header"]
|
|
|===
|
|
|Column Name
|
|
|Description
|
|
|
|
|id
|
|
|Numerical, 28 number, differ per row e.g. 1612273830 epoch time, the rest unclear
|
|
|
|
|bid
|
|
|Numerical, 9 numbers, same for the table for all rows
|
|
|
|
|dvid
|
|
| Numerical, 4 numbers,
|
|
|
|
|itime
|
|
|Numerical, epoch time, e.g. 1612273830, stays the same for all rows (?)
|
|
|
|
|dtime
|
|
|Numerical, epoch, e.g. 1612281024, changes but not with each row, every few rows, probably end time
|
|
|
|
|euid
|
|
|Numerical, 1 number
|
|
|
|
|epid
|
|
|Numerical, varies
|
|
|
|
|dsteuid
|
|
|Numerical, all = 0
|
|
|
|
|dstepid
|
|
| Numerical, the same for all rows
|
|
|
|
|logflag
|
|
|Numerical, differes but not each row, some rows are missing it
|
|
|
|
|logver
|
|
|Numerical, the same for all rows, e.g. 60
|
|
|
|
|proto
|
|
|Numerical, IP/TCP protocol number
|
|
|
|
|vrf
|
|
|Empty
|
|
|
|
|logid
|
|
|Numerical, log type, e.g. 0000000015, 000000013
|
|
|
|
|type
|
|
|String, e.g. traffic
|
|
|
|
|subtype
|
|
|String, e.g. forward
|
|
|
|
|level
|
|
|String, e.g. notice
|
|
|
|
|action
|
|
|String, e.g `deny`, `start`, `close`
|
|
|
|
|policyid
|
|
|Numerical, e.g. 2
|
|
|
|
|sentbyte
|
|
|Numerical, variable
|
|
|
|
|rcvdbyte
|
|
|Numerical
|
|
|
|
|sessionid
|
|
|Numerical
|
|
|
|
|srcport
|
|
|Numerical
|
|
|
|
|dstport
|
|
|Numerical
|
|
|
|
|transport
|
|
|EMpty
|
|
|
|
|trandisp
|
|
|String, `snat`
|
|
|
|
|duration
|
|
|Numerical
|
|
|
|
|sentpkt
|
|
|Numerical
|
|
|
|
|rcvdpkt
|
|
|Numerical
|
|
|
|
|utmaction
|
|
|String, `block`
|
|
|
|
|slot
|
|
|Empty
|
|
|
|
|srcip
|
|
|IP address
|
|
|
|
|dstip
|
|
|IP address
|
|
|
|
|srcname
|
|
|Empry
|
|
|
|
|dstname
|
|
|Empty
|
|
|
|
|service
|
|
|String, `HTTP`
|
|
|
|
|user
|
|
|empty
|
|
|
|
|poluuid
|
|
|Hex long number
|
|
|
|
|app
|
|
|String, `HTTP`, `HTTPS`, `DNS`, `TeamViewer`
|
|
|
|
|appcat
|
|
|String, `unknown`, `Remote.Access`
|
|
|
|
|tranip
|
|
|{}
|
|
|
|
|unauthuser
|
|
|{}
|
|
|
|
|unauthusersource
|
|
|{}
|
|
|
|
|vpn
|
|
|{}
|
|
|
|
|srcintf
|
|
|String, `bla_INT`
|
|
|
|
|dstintf
|
|
|String, `bla_EXT`
|
|
|
|
|group
|
|
|{}
|
|
|
|
|custom_field1
|
|
|{}
|
|
|
|
|srcintfrole
|
|
|`undefined`
|
|
|
|
|dstintfrole
|
|
|`undefined`
|
|
|
|
|fctuid
|
|
|{}
|
|
|
|
|wanoptapptype
|
|
|{}
|
|
|
|
|wanin
|
|
|Numerical, `3317`, `0`
|
|
|
|
|wanout
|
|
|Numerical, differs from _wanin_
|
|
|
|
|lanin\
|
|
|Numerical, `164`
|
|
|
|
|lanout
|
|
|Numerical, equals to _lanin_
|
|
|
|
|
|
|=== |