Submit Search

Analyzing Custom Log Files

Custom CSV formatted log files can be uploaded from the FortiSIEM GUI for detailed analysis. For this, a mapping has to be defined from the CSV file columns to the event attributes. This generates a FortiSIEM event that can be searched, similar to an externally received event.

Complete these steps to upload a custom log file for analysis:

Set up a Parsing template:
1. Go to ADMIN > Device Support > Upload File.
2. Click New.
3. Upload the log file under Step 1: CSV file:
  1. Browse to select the Sample File to upload.
  2. Enter the Separator used in the CSV file.
  3. To include the header, select Header.
  4. Click Next.
4. Map the CSV file columns to the event attributes under Step 2: Attribute Mapping:
  1. Select the event attributes to map to the CSV file columns.
  2. Click Next.
5. Set the template details under Step 3: Template Details:
  1. Enter a Name for the Template.
  2. The Event Type is automatically updated based on the name.
  3. Enter any Description about the Template.
  4. Click Save.
Upload the file.
Run Reports.

FortiSIEM 6.1.1

Analyzing Custom Log Files