Analyzing Custom Log Files
Custom CSV formatted log files can be uploaded from the FortiSIEM GUI for detailed analysis. For this, a mapping has to be defined from the CSV file columns to the event attributes. This generates a FortiSIEM event that can be searched, similar to an externally received event.
Complete these steps to upload a custom log file for analysis:
- Set up a Parsing template:
- Go to ADMIN > Device Support > Upload File.
- Click New.
- Upload the log file under Step 1: CSV file:
- Browse to select the Sample File to upload.
- Enter the Separator used in the CSV file.
- To include the header, select Header.
- Click Next.
- Map the CSV file columns to the event attributes under Step 2: Attribute Mapping:
- Select the event attributes to map to the CSV file columns.
- Click Next.
- Set the template details under Step 3: Template Details:
- Enter a Name for the Template.
- The Event Type is automatically updated based on the name.
- Enter any Description about the Template.
- Click Save.
- Upload the file.
- Run Reports.