FortiProxy: Protects from internet threats like malware, phishing, and data loss by inspecting web traffic, filtering content, controlling applications, and enforcing security policies
To send logs from FortiProxy to AxoRouter, configure remote logging to a syslog server on FortiProxy. Use the IP address of AxoRouter as the syslog server IP address. Set FortiProxy to send logs in the default format. (If you need to send the logs in CEF format, contact our support team). For details, see Generic tips.
Labels
Axoflow automatically adds the following labels to data collected from this source:
| Analytics label | Message field | value |
|---|---|---|
vendor |
meta.vendor |
fortinet |
product |
meta.product |
fortiproxy |
service |
meta.service.name |
fortigate |
You can use the labels as:
- Filter labels on the Analytics page,
- in the Filter By Label field during log tapping.
You can use the message fields
- in Flow Processing steps, for example, in the Query field of Select Messages steps,
- in AQL expressions in the search bars.
Sending data to Splunk
When sending the data collected from this source to Splunk, Axoflow uses the following sourcetype and index settings:
| sourcetype | index |
|---|---|
fortiproxy_anomaly |
netfw |
fortiproxy_event |
netops |
fortiproxy_traffic |
netfw |
fortiproxy_utm |
netfw |
Sending data to Google SecOps
When sending the data collected from this source to a dynamic Google SecOps destination, Axoflow sets the following log type: FORTINET_WEBPROXY.