Configuring JSA to Categorize App Ctrl Events for Fortinet Fortigate Security Gateway

If you want to categorize App Ctrl events based on the Action field in JSA, use the DSM Editor to enable the App Ctrl events.

By default, Fortinet Fortigate Security Gateway App Ctrl events are categorized as notice/informational.

In JSA 7.3.0, you can enable the mapping by using the command line. For more information, see Configuring JSA 7.3.0 to Categorize App Ctrl Events from Fortinet Fortigate Security Gateway.

On the Admin tab, in the Data Sources section, click DSM Editor.
From the Select Log Source Type window, select Fortinet FortiGate Security Gateway from the list, and click Select.
On the Configuration tab, set Display DSM Parameters Configuration to On.
From the Event Collector list, select the event collector for the log source, and click Select.
Set Categorize App Ctrl Logs Based on Action Field to On.
Click Save and close the DSM Editor.

Configuring JSA 7.3.0 to Categorize App Ctrl Events from Fortinet Fortigate Security Gateway

If you want to categorize App Ctrl events based on the Action field in JSA 7.3.0, use the command line to enable the mapping.

By default, Fortinet Fortigate Security Gateway App Ctrl events are categorized as notice/informational.

Using SSH, log in to your JSA Console as the root user.
To create a new properties file or to edit an existing properties file, type the following command:
To enable categorization based on the Action field in App Ctrl logs, add the following line in the text file:
To disable the categorization based on the Action field in App Ctrl logs, choose one of the following options:
- Delete the following line:
- Change useActionFieldForAppCtrlLogs=true to useActionFieldForAppCtrlLogs=false.
Save your changes and then exit the terminal.
Restart the event collection service. For more information, see Restarting the event collection service.