Database activity monitoring (DAM) : Sending alert notifications : FortiDB event to ArcSight data field mapping
 
FortiDB event to ArcSight data field mapping
The following table displays the corresponding ArcSight remote logging format field for each FortiDB event:
FortiDB event
ArcSight Event Data Field
Hostname
dhost
Source Hostname
shost
Alert Timestamp
rt
FortDB Hostname
dvchost
Severity
cat
Action
act
Return Code
cn1
Display ID
externalId
DB Type
cs1
System User
suser
DB User
duser
Login Name
cs3
DB Object
fname
Description
cs4
Target Database Name
cs5
Policy Name
cs6
Source Application
requestClientApplication
SQL Statement
msg
See also
Sending alert notifications