Scribd
Upload
790 views

FortiOS 6.4.7 Log Reference

Uploaded by

vivailgusto
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
790 views

FortiOS 6.4.7 Log Reference

Uploaded by

vivailgusto
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 1376

FortiOS - Log Reference

Version 6.4.7
FORTINET DOCUMENT LIBRARY
https://docs.fortinet.com

FORTINET VIDEO GUIDE


https://video.fortinet.com

FORTINET BLOG
https://blog.fortinet.com

CUSTOMER SERVICE & SUPPORT


https://support.fortinet.com

FORTINET TRAINING & CERTIFICATION PROGRAM


https://www.fortinet.com/support-and-training/training.html

NSE INSTITUTE
https://training.fortinet.com

FORTIGUARD CENTER
https://www.fortiguard.com

END USER LICENSE AGREEMENT


https://www.fortinet.com/doc/legal/EULA.pdf

FEEDBACK
Email: techdoc@fortinet.com

August 26, 2021


FortiOS 6.4.7 Log Reference
01-647-619093-20210826
TABLE OF CONTENTS

Change Log 29
Introduction 30
Before you begin 30
What's new 31
FortiOS 6.4.7 31
FortiOS 6.4.6 31
FortiOS 6.4.5 31
FortiOS 6.4.4 32
FortiOS 6.4.3 32
FortiOS 6.4.2 34
FortiOS 6.4.1 36
FortiOS 6.4.0 37
Log Types and Subtypes 44
Type 44
Subtype 44
List of log types and subtypes 44
UTM log subtypes 45
FortiOS priority levels 46
Log field format 47
Log Schema Structure 48
Log message fields 48
Log ID numbers 51
Log ID definitions 52
FortiGuard Web Filter Categories 55
CEF Support 58
FortiOS to CEF log field mapping guidelines 58
CEF priority levels 58
Examples of CEF support 59
Traffic log support for CEF 59
Event log support for CEF 61
Antivirus log support for CEF 62
Webfilter log support for CEF 63
IPS log support for CEF 64
Email Spamfilter log support for CEF 64
Anomaly log support for CEF 65
VoIP log support for CEF 65
DLP log support for CEF 66
Application log support for CEF 67
WAF log support for CEF 67
DNS log support for CEF 67
SSH log support for CEF 68
UTM Extended Logging 69
Enabling extended logging 69

FortiOS 6.4.7 Log Reference 3


Fortinet, Inc.
Extended logging option in UTM profiles 69
Syslog server mode 70
Example of an extended log 70
Log Messages 71
Anomaly 71
18432 - LOGID_ATTCK_ANOMALY_TCP_UDP 71
18433 - LOGID_ATTCK_ANOMALY_ICMP 72
18434 - LOGID_ATTCK_ANOMALY_OTHERS 74
App 76
28672 - LOGID_APP_CTRL_IM_BASIC 76
28673 - LOGID_APP_CTRL_IM_BASIC_WITH_STATUS 77
28674 - LOGID_APP_CTRL_IM_BASIC_WITH_COUNT 79
28675 - LOGID_APP_CTRL_IM_FILE 81
28676 - LOGID_APP_CTRL_IM_CHAT 82
28677 - LOGID_APP_CTRL_IM_CHAT_BLOCK 84
28678 - LOGID_APP_CTRL_IM_BLOCK 86
28704 - LOGID_APP_CTRL_IPS_PASS 87
28705 - LOGID_APP_CTRL_IPS_BLOCK 89
28706 - LOGID_APP_CTRL_IPS_RESET 92
28720 - LOGID_APP_CTRL_SSH_PASS 94
28721 - LOGID_APP_CTRL_SSH_BLOCK 96
28736 - LOGID_APP_CTRL_PORT_ENF 97
28737 - LOGID_APP_CTRL_PROTO_ENF 100
AV 102
8192 - MESGID_INFECT_WARNING 102
8193 - MESGID_INFECT_NOTIF 105
8194 - MESGID_INFECT_MIME_WARNING 107
8195 - MESGID_INFECT_MIME_NOTIF 110
8200 - MESGID_MIME_FILETYPE_EXE_WARNING 112
8201 - MESGID_MIME_FILETYPE_EXE_NOTIF 114
8202 - MESGID_AVQUERY_WARNING 117
8203 - MESGID_AVQUERY_NOTIF 119
8204 - MESGID_MIME_AVQUERY_WARNING 122
8205 - MESGID_MIME_AVQUERY_NOTIF 124
8212 - MESGID_MALWARE_LIST_WARNING 127
8213 - MESGID_MALWARE_LIST_NOTIF 129
8214 - MESGID_MIME_MALWARE_LIST_WARNING 132
8215 - MESGID_MIME_MALWARE_LIST_NOTIF 134
8448 - MESGID_BLOCK_WARNING 137
8450 - MESGID_BLOCK_MIME_WARNING 139
8451 - MESGID_BLOCK_MIME_NOTIF 141
8452 - MESGID_BLOCK_COMMAND 143
8704 - MESGID_OVERSIZE_WARNING 145
8705 - MESGID_OVERSIZE_NOTIF 147
8706 - MESGID_OVERSIZE_MIME_WARNING 149
8707 - MESGID_OVERSIZE_MIME_NOTIF 151
8708 - MESGID_OVERSIZE_STREAM_UNCOMP_WARNING 153
8709 - MESGID_OVERSIZE_STREAM_UNCOMP_NOTIF 155
8720 - MESGID_SWITCH_PROTO_WARNING 157

FortiOS 6.4.7 Log Reference 4


Fortinet, Inc.
8721 - MESGID_SWITCH_PROTO_NOTIF 159
8960 - MESGID_SCAN_UNCOMPSIZELIMIT_WARNING 161
8961 - MESGID_SCAN_UNCOMPSIZELIMIT_NOTIF 163
8962 - MESGID_SCAN_ARCHIVE_ENCRYPTED_WARNING 166
8963 - MESGID_SCAN_ARCHIVE_ENCRYPTED_NOTIF 168
8964 - MESGID_SCAN_ARCHIVE_CORRUPTED_WARNING 171
8965 - MESGID_SCAN_ARCHIVE_CORRUPTED_NOTIF 173
8966 - MESGID_SCAN_ARCHIVE_MULTIPART_WARNING 176
8967 - MESGID_SCAN_ARCHIVE_MULTIPART_NOTIF 178
8968 - MESGID_SCAN_ARCHIVE_NESTED_WARNING 181
8969 - MESGID_SCAN_ARCHIVE_NESTED_NOTIF 183
8970 - MESGID_SCAN_ARCHIVE_OVERSIZE_WARNING 186
8971 - MESGID_SCAN_ARCHIVE_OVERSIZE_NOTIF 189
8972 - MESGID_SCAN_ARCHIVE_UNHANDLED_WARNING 191
8973 - MESGID_SCAN_ARCHIVE_UNHANDLED_NOTIF 194
8974 - MESGID_SCAN_AV_ENGINE_LOAD_FAILED_ERROR 196
8975 - MESGID_SCAN_ARCHIVE_PARTIALLYCORRUPTED_WARNING 199
8976 - MESGID_SCAN_ARCHIVE_PARTIALLYCORRUPTED_NOTIF 201
8977 - MESGID_SCAN_ARCHIVE_FILESLIMIT_WARNING 204
8978 - MESGID_SCAN_ARCHIVE_FILESLIMIT_NOTIF 206
8979 - MESGID_SCAN_ARCHIVE_TIMEOUT_WARNING 209
8980 - MESGID_SCAN_ARCHIVE_TIMEOUT_NOTIF 211
8981 - MESGID_SCAN_AV_CDR_INTERNAL_ERROR 214
9233 - MESGID_ANALYTICS_SUBMITTED 217
9234 - MESGID_ANALYTICS_INFECT_WARNING 219
9235 - MESGID_ANALYTICS_INFECT_NOTIF 222
9236 - MESGID_ANALYTICS_INFECT_MIME_WARNING 224
9237 - MESGID_ANALYTICS_INFECT_MIME_NOTIF 227
9238 - MESGID_ANALYTICS_FSA_RESULT 229
9239 - MESGID_CONTENT_DISARM_NOTIF 231
9240 - MESGID_CONTENT_DISARM_WARNING 233
CIFS 235
63000 - LOG_ID_CIFS_FILE_BLOCK 235
63001 - LOG_ID_CIFS_FILE_PASS 236
63002 - LOG_ID_CIFS_CONN_FAIL 238
63003 - LOG_ID_CIFS_AUTH_FAIL 239
63004 - LOG_ID_CIFS_AUTH_INTERNAL_ERROR 241
63005 - LOG_ID_CIFS_AUTH_KRB_ERROR 242
DLP 244
24576 - LOG_ID_DLP_WARN 244
24577 - LOG_ID_DLP_NOTIF 246
24578 - LOG_ID_DLP_DOC_SOURCE 249
24579 - LOG_ID_DLP_DOC_SOURCE_ERROR 250
DNS 250
54000 - LOG_ID_DNS_QUERY 250
54200 - LOG_ID_DNS_RESOLV_ERROR 252
54400 - LOG_ID_DNS_URL_FILTER_BLOCK 254
54401 - LOG_ID_DNS_URL_FILTER_ALLOW 256
54600 - LOG_ID_DNS_BOTNET_IP 257

FortiOS 6.4.7 Log Reference 5


Fortinet, Inc.
54601 - LOG_ID_DNS_BOTNET_DOMAIN 259
54800 - LOG_ID_DNS_FTGD_WARNING 261
54801 - LOG_ID_DNS_FTGD_ERROR 263
54802 - LOG_ID_DNS_FTGD_CAT_ALLOW 265
54803 - LOG_ID_DNS_FTGD_CAT_BLOCK 267
54804 - LOG_ID_DNS_SAFE_SEARCH 269
Email 271
20480 - LOGID_ANTISPAM_EMAIL_NOTIF 271
20481 - LOGID_EMAIL_GENERAL_NOTIF 273
20482 - LOGID_ANTISPAM_EMAIL_BWORD_NOTIF 275
20509 - LOGID_ANTISPAM_FTGD_ERR 277
20510 - LOGID_ANTISPAM_EMAIL_WEBMAIL_NOTIF 279
Event 280
20002 - LOG_ID_DOMAIN_UNRESOLVABLE 280
20003 - LOG_ID_MAIL_SENT_FAIL 281
20004 - LOG_ID_POLICY_TOO_BIG 282
20005 - LOG_ID_PPP_LINK_UP 283
20006 - LOG_ID_PPP_LINK_DOWN 284
20007 - LOG_ID_SOCKET_EXHAUSTED 284
20008 - LOG_ID_POLICY6_TOO_BIG 285
20010 - LOG_ID_KERNEL_ERROR 286
20016 - LOG_ID_MODEM_EXCEED_REDIAL_COUNT 287
20017 - LOG_ID_MODEM_FAIL_TO_OPEN 287
20020 - LOG_ID_MODEM_USB_DETECTED 288
20021 - LOG_ID_MAIL_RESENT 289
20022 - LOG_ID_MODEM_USB_REMOVED 290
20023 - LOG_ID_MODEM_USBLTE_DETECTED 290
20024 - LOG_ID_MODEM_USBLTE_REMOVED 291
20025 - LOG_ID_REPORTD_REPORT_SUCCESS 292
20026 - LOG_ID_REPORTD_REPORT_FAILURE 293
20027 - LOG_ID_REPORT_DEL_OLD_REC 293
20028 - LOG_ID_REPORT_RECREATE_DB 294
20031 - LOG_ID_RAD_OUT_OF_MEM 295
20032 - LOG_ID_RAD_NOT_FOUND 295
20033 - LOG_ID_RAD_MOBILE_IPV6 296
20034 - LOG_ID_RAD_IPV6_OUT_OF_RANGE 297
20035 - LOG_ID_RAD_MIN_OUT_OF_RANGE 297
20036 - LOG_ID_RAD_MAX_OUT_OF_RANGE 298
20037 - LOG_ID_RAD_MAX_ADV_OUT_OF_RANGE 299
20039 - LOG_ID_RAD_MTU_TOO_SMALL 299
20040 - LOG_ID_RAD_TIME_TOO_SMALL 300
20041 - LOG_ID_RAD_HOP_OUT_OF_RANGE 301
20042 - LOG_ID_RAD_DFT_HOP_OUT_OF_RANGE 301
20043 - LOG_ID_RAD_AGENT_OUT_OF_RANGE 302
20044 - LOG_ID_RAD_AGENT_FLAG_NOT_SET 303
20045 - LOG_ID_RAD_PREFIX_TOO_LONG 303
20046 - LOG_ID_RAD_PREF_TIME_TOO_SMALL 304
20047 - LOG_ID_RAD_FAIL_IPV6_SOCKET 305
20048 - LOG_ID_RAD_FAIL_OPT_IPV6_PKTINFO 305

FortiOS 6.4.7 Log Reference 6


Fortinet, Inc.
20049 - LOG_ID_RAD_FAIL_OPT_IPV6_CHECKSUM 306
20050 - LOG_ID_RAD_FAIL_OPT_IPV6_UNICAST_HOPS 307
20051 - LOG_ID_RAD_FAIL_OPT_IPV6_MULTICAST_HOPS 307
20052 - LOG_ID_RAD_FAIL_OPT_IPV6_HOPLIMIT 308
20053 - LOG_ID_RAD_FAIL_OPT_IPPROTO_ICMPV6 309
20054 - LOG_ID_RAD_EXIT_BY_SIGNAL 309
20055 - LOG_ID_RAD_FAIL_CMDB_QUERY 310
20056 - LOG_ID_RAD_FAIL_CMDB_FOR_EACH 311
20057 - LOG_ID_RAD_FAIL_FIND_VIRT_INTF 311
20058 - LOG_ID_RAD_UNLOAD_INTF 312
20061 - LOG_ID_RAD_INV_ICMPV6_TYPE 313
20062 - LOG_ID_RAD_INV_ICMPV6_RA_LEN 313
20063 - LOG_ID_RAD_ICMPV6_NO_SRC_ADDR 314
20064 - LOG_ID_RAD_INV_ICMPV6_RS_LEN 315
20065 - LOG_ID_RAD_INV_ICMPV6_CODE 315
20066 - LOG_ID_RAD_INV_ICMPV6_HOP 316
20067 - LOG_ID_RAD_MISMATCH_HOP 317
20068 - LOG_ID_RAD_MISMATCH_MGR_FLAG 317
20069 - LOG_ID_RAD_MISMATCH_OTH_FLAG 318
20070 - LOG_ID_RAD_MISMATCH_TIME 319
20071 - LOG_ID_RAD_MISMATCH_TIMER 319
20072 - LOG_ID_RAD_EXTRA_DATA 320
20073 - LOG_ID_RAD_NO_OPT_DATA 321
20074 - LOG_ID_RAD_INV_OPT_LEN 321
20075 - LOG_ID_RAD_MISMATCH_MTU 322
20077 - LOG_ID_RAD_MISMATCH_PREF_TIME 323
20078 - LOG_ID_RAD_INV_OPT 323
20080 - LOG_ID_RAD_FAIL_TO_RCV 324
20081 - LOG_ID_RAD_INV_HOP 325
20082 - LOG_ID_RAD_INV_PKTINFO 325
20083 - LOG_ID_RAD_FAIL_TO_CHECK 326
20084 - LOG_ID_RAD_FAIL_TO_SEND 327
20085 - LOG_ID_SESSION_CLASH 327
20090 - LOG_ID_INTF_LINK_STA_CHG 328
20099 - LOG_ID_INTF_STA_CHG 329
20100 - LOG_ID_WEB_CAT_UPDATED 330
20101 - LOG_ID_WEB_LIC_EXPIRE 330
20102 - LOG_ID_SPAM_LIC_EXPIRE 331
20103 - LOG_ID_AV_LIC_EXPIRE 332
20104 - LOG_ID_IPS_LIC_EXPIRE 332
20107 - LOG_ID_LOG_UPLOAD_ERR 333
20108 - LOG_ID_LOG_UPLOAD_DONE 334
20109 - LOG_ID_WEB_LIC_EXPIRED 335
20113 - LOG_ID_IPSA_DOWNLOAD_FAIL 335
20114 - LOG_ID_IPSA_SELFTEST_FAIL 336
20115 - LOG_ID_IPSA_STATUSUPD_FAIL 337
20116 - LOG_ID_SPAM_LIC_EXPIRED 337
20117 - LOG_ID_AV_LIC_EXPIRED 338
20118 - LOG_ID_WEBF_STATUS_REACH 339

FortiOS 6.4.7 Log Reference 7


Fortinet, Inc.
20119 - LOG_ID_WEBF_STATUS_UNREACH 339
20200 - LOG_ID_FIPS_SELF_TEST 340
20201 - LOG_ID_FIPS_SELF_ALL_TEST 341
20202 - LOG_ID_DISK_FORMAT_ERROR 342
20203 - LOG_ID_DAEMON_SHUTDOWN 342
20204 - LOG_ID_DAEMON_START 343
20205 - LOG_ID_DISK_FORMAT_REQ 344
20206 - LOG_ID_DISK_SCAN_REQ 345
20207 - LOG_ID_RAD_MISMATCH_VALID_TIME 345
20208 - LOG_ID_ZOMBIE_DAEMON_CLEANUP 346
20209 - LOG_ID_DISK_UNAVAIL 347
20210 - LOG_ID_DISK_TRIM_START 347
20211 - LOG_ID_DISK_TRIM_END 348
20212 - LOG_ID_DISK_SCAN_NEEDED 349
20213 - LOG_ID_DISK_LOG_CORRUPTED 350
20220 - LOGID_EVENT_SHAPER_OUTBOUND_MAXED_OUT 350
20221 - LOGID_EVENT_SHAPER_INBOUND_MAXED_OUT 351
20300 - LOG_ID_BGP_NB_STAT_CHG 352
20301 - LOG_ID_VZ_LOG 353
20302 - LOG_ID_OSPF_NB_STAT_CHG 353
20303 - LOG_ID_OSPF6_NB_STAT_CHG 354
20401 - LOG_ID_ROUTER_CLEAR 355
22000 - LOG_ID_INV_PKT_LEN 355
22001 - LOG_ID_UNSUPPORTED_PROT_VER 356
22002 - LOG_ID_INV_REQ_TYPE 357
22003 - LOG_ID_FAIL_SET_SIG_HANDLER 357
22004 - LOG_ID_FAIL_CREATE_SOCKET 358
22005 - LOG_ID_FAIL_CREATE_SOCKET_RETRY 359
22006 - LOG_ID_FAIL_REG_CMDB_EVENT 359
22009 - LOG_ID_FAIL_FIND_AV_PROFILE 360
22010 - LOG_ID_SENDTO_FAIL 361
22011 - LOG_ID_ENTER_MEM_CONSERVE_MODE 361
22012 - LOG_ID_LEAVE_MEM_CONSERVE_MODE 362
22013 - LOG_ID_IPPOOLPBA_BLOCK_EXHAUSTED 363
22014 - LOG_ID_IPPOOLPBA_NATIP_EXHAUSTED 364
22015 - LOG_ID_IPPOOLPBA_CREATE 365
22016 - LOG_ID_IPPOOLPBA_DEALLOCATE 366
22017 - LOG_ID_EXCEED_GLOB_RES_LIMIT 367
22018 - LOG_ID_EXCEED_VD_RES_LIMIT 367
22019 - LOG_ID_LOGRATE_OVER_LIMIT 368
22020 - LOG_ID_FAIL_CREATE_HA_SOCKET 369
22021 - LOG_ID_FAIL_CREATE_HA_SOCKET_RETRY 369
22031 - LOG_ID_SUCCESS_CSF_LOG_SYNC_CONFIG_CHANGED 370
22032 - LOG_ID_CSF_LOOP_FOUND 371
22035 - LOG_ID_CSF_UPSTREAM_SN_CHANGED 372
22036 - LOG_ID_CSF_FGT_CONNECTED 372
22037 - LOG_ID_CSF_FGT_DISCONNECTED 373
22038 - LOG_ID_CSF_GLOBAL_SYNC_FAILED 374
22039 - LOG_ID_CSF_GLOBAL_SYNC_REPORT 375

FortiOS 6.4.7 Log Reference 8


Fortinet, Inc.
22050 - LOG_ID_IPAMD_ADDRESS_ALLOCATED 376
22051 - LOG_ID_IPAMD_ADDRESS_SET_FAILED 377
22052 - LOG_ID_IPAMD_ADDRESS_INVALIDATED 377
22053 - LOG_ID_IPAMD_VALIDATION_COMPLETE 378
22100 - LOG_ID_QUAR_DROP_TRAN_JOB 379
22101 - LOG_ID_QUAR_DROP_TLL_JOB 380
22102 - LOG_ID_LOG_DISK_FAILURE 380
22103 - LOG_ID_QUAR_LIMIT_REACHED 381
22104 - LOG_ID_POWER_RESTORE 382
22105 - LOG_ID_POWER_FAILURE 383
22106 - LOG_ID_POWER_OPTIONAL_NOT_DETECTED 384
22107 - LOG_ID_VOLT_ANOM 384
22108 - LOG_ID_FAN_ANOM 385
22109 - LOG_ID_TEMP_TOO_HIGH 386
22110 - LOG_ID_SPARE_BLOCK_LOW 387
22113 - LOG_ID_FNBAM_FAILURE 387
22150 - LOG_ID_VOLT_NOM 388
22151 - LOG_ID_FAN_NOM 389
22152 - LOG_ID_TEMP_TOO_LOW 389
22153 - LOG_ID_TEMP_NORM 390
22200 - LOG_ID_AUTO_UPT_CERT 391
22201 - LOG_ID_AUTO_GEN_CERT 392
22203 - LOG_ID_AUTO_GEN_CERT_FAIL 393
22204 - LOG_ID_AUTO_GEN_CERT_PENDING 393
22205 - LOG_ID_AUTO_GEN_CERT_SUCC 394
22206 - LOG_ID_CRL_EXPIRED 395
22220 - LOG_ID_EXT_RESOURCE 396
22221 - LOG_ID_EXT_RESOURCE_FAIL 396
22222 - LOG_ID_EXT_RESOURCE_LOAD 397
22223 - LOG_ID_EXT_RESOURCE_DEBUG 398
22700 - LOG_ID_IPS_FAIL_OPEN 399
22701 - LOG_ID_IPS_FAIL_OPEN_END 400
22800 - LOG_ID_SCAN_SERV_FAIL 401
22802 - LOG_ID_ENTER_FD_CONSERVE_MODE 401
22803 - LOG_ID_LEAVE_FD_CONSERVE_MODE 402
22804 - LOG_ID_LIC_STATUS_CHG 403
22805 - LOG_ID_FAIL_TO_VALIDATE_LIC 404
22806 - LOG_ID_DUP_LIC 405
22808 - LOG_ID_LIC_EXPIRE 405
22809 - LOG_ID_LIC_WILL_EXPIRE 406
22810 - LOG_ID_SCANUNIT_ERROR_BLOCK 407
22811 - LOG_ID_SCANUNIT_ERROR_PASS 408
22812 - LOG_ID_SCANUNIT_AVENG_RELOAD 409
22813 - LOG_ID_SCANUNIT_AVDB_RELOAD 410
22814 - LOG_ID_SCANUNIT_AVDB_RELOAD_ERROR 410
22815 - LOG_ID_SCANUNIT_AVDB_LOAD 411
22816 - LOG_ID_SCANUNIT_AVDB_LOAD_ERROR 412
22850 - LOG_ID_USER_QUARANTINE_MAC_ADD 413
22851 - LOG_ID_USER_QUARANTINE_MAC_DELETE 413

FortiOS 6.4.7 Log Reference 9


Fortinet, Inc.
22852 - LOG_ID_USER_QUARANTINE_MAC_BOUNCE_PORT_HIT 414
22853 - LOG_ID_USER_QUARANTINE_MAC_BOUNCE_PORT_MISS 415
22890 - LOG_ID_FORTILINKD 416
22891 - LOG_ID_FLCFGD_SYNC_ERROR 417
22892 - LOG_ID_FLCFGD_SYNC_COMPLETE 417
22893 - LOG_ID_FLCFGD_SYNC_STATE 418
22894 - LOG_ID_FLCFGD_UPGRADE_ERROR 419
22895 - LOG_ID_FLCFGD_UPGRADE_STATUS 420
22896 - LOG_ID_FORTILINKD_CRITICAL 421
22897 - LOG_ID_FLCFGD_NAC_ADD 422
22898 - LOG_ID_FLCFGD_NAC_DELETE 422
22899 - LOG_ID_FLCFGD_NAC_MODIFY 423
22900 - LOG_ID_CAPUTP_SESSION 424
22901 - LOG_ID_FAZ_CON 425
22902 - LOG_ID_FAZ_DISCON 425
22903 - LOG_ID_FAZ_CON_ERR 426
22904 - LOG_ID_CAPUTP_SESSION_NOTIF 427
22912 - LOG_ID_FDS_SRV_ERRCON 428
22913 - LOG_ID_FDS_SRV_DISCON 429
22914 - LOG_ID_FDS_SRV_CHG 430
22915 - LOG_ID_FDS_SRV_CON 430
22916 - LOG_ID_FDS_STATUS 431
22917 - LOG_ID_FDS_SMS_QUOTA 432
22918 - LOG_ID_FDS_CTRL_STATUS 432
22919 - LOG_ID_SVR_LOG_STATUS_CHANGED 433
22921 - LOG_ID_EVENT_ROUTE_INFO_CHANGED 434
22922 - LOG_ID_EVENT_LINK_MONITOR_STATUS 435
22923 - LOG_ID_EVENT_VWL_LQTY_STATUS 435
22924 - LOG_ID_EVENT_VWL_VOLUME_STATUS 436
22925 - LOG_ID_EVENT_VWL_SLA_INFO 437
22926 - LOG_ID_EVENT_VWL_NEIGHBOR_STATUS 438
22927 - LOG_ID_EVENT_VWL_NEIGHBOR_STANDALONE 439
22928 - LOG_ID_EVENT_VWL_NEIGHBOR_PRIMARY 440
22929 - LOG_ID_EVENT_VWL_NEIGHBOR_SECONDARY 441
22949 - LOG_ID_FDS_JOIN 441
22950 - LOG_ID_FDS_LOGIN_SUCC 442
22951 - LOG_ID_FDS_LOGOUT 443
22952 - LOG_ID_FDS_LOGIN_FAIL 444
22953 - LOG_ID_IOC_DETECTED 444
22954 - LOG_ID_INET_SVC_OBSOLETE 445
22955 - LOG_ID_INET_SVC_NAME_FAILURE 446
22956 - LOG_ID_INET_SVC_NAME_UPDATE 446
23101 - LOG_ID_IPSEC_TUNNEL_UP 447
23102 - LOG_ID_IPSEC_TUNNEL_DOWN 448
23103 - LOG_ID_IPSEC_TUNNEL_STAT 449
26001 - LOG_ID_DHCP_ACK 450
26002 - LOG_ID_DHCP_RELEASE 451
26003 - LOG_ID_DHCP_STAT 452
26004 - LOG_ID_DHCP_CLIENT_LEASE 452

FortiOS 6.4.7 Log Reference 10


Fortinet, Inc.
26005 - LOG_ID_DHCP_LEASE_USAGE_HIGH 453
26006 - LOG_ID_DHCP_LEASE_USAGE_FULL 454
26007 - LOG_ID_DHCP_BLOCKED_MAC 455
26008 - LOG_ID_DHCP_DDNS_ADD 455
26009 - LOG_ID_DHCP_DDNS_DELETE 456
26010 - LOG_ID_DHCP_DDNS_COMPLETED 457
26011 - LOG_ID_DHCPV6_REPLY 458
26012 - LOG_ID_DHCPV6_RELEASE 459
27001 - LOG_ID_VRRP_STATE_CHG 460
29001 - LOG_ID_PPPD_MSG 460
29002 - LOG_ID_PPPD_AUTH_SUC 461
29003 - LOG_ID_PPPD_AUTH_FAIL 462
29010 - LOG_ID_PPPOE_STATUS_REPORT_NOTIF 463
29011 - LOG_ID_PPPD_FAIL_TO_EXEC 464
29012 - LOG_ID_PPP_OPT_ERR 464
29013 - LOG_ID_PPPD_START 465
29014 - LOG_ID_PPPD_EXIT 466
29015 - LOG_ID_PPP_RCV_BAD_PEER_IP 466
29016 - LOG_ID_PPP_RCV_BAD_LOCAL_IP 467
29017 - LOG_ID_PPP_OPT_NOTIF 468
29021 - LOG_ID_EVENT_AUTH_SNMP_QUERY_FAILED 468
29022 - LOG_ID_DDNS_UPDATE_FAIL 469
32001 - LOG_ID_ADMIN_LOGIN_SUCC 470
32002 - LOG_ID_ADMIN_LOGIN_FAIL 471
32003 - LOG_ID_ADMIN_LOGOUT 472
32005 - LOG_ID_ADMIN_OVERIDE_VDOM 473
32006 - LOG_ID_ADMIN_ENTER_VDOM 474
32007 - LOG_ID_ADMIN_LEFT_VDOM 475
32008 - LOG_ID_VIEW_DISK_LOG_FAIL 475
32009 - LOG_ID_SYSTEM_START 476
32010 - LOG_ID_DISK_LOG_FULL 477
32011 - LOG_ID_LOG_ROLL 478
32014 - LOG_ID_CS_LIC_EXPIRE 478
32015 - LOG_ID_DISK_LOG_USAGE 479
32017 - LOG_ID_FDS_DAILY_QUOTA_FULL 480
32018 - LOG_ID_FIPS_ENTER_ERR_MOD 480
32019 - LOG_ID_CC_ENTER_ERR_MOD 481
32020 - LOG_ID_SSH_CORRPUT_MAC 482
32021 - LOG_ID_ADMIN_LOGIN_DISABLE 483
32022 - LOG_ID_VDOM_ENABLED 483
32023 - LOG_ID_MEM_LOG_FIRST_FULL 484
32024 - LOG_ID_ADMIN_PASSWD_EXPIRE 485
32025 - LOG_ID_SSH_REKEY 486
32026 - LOG_ID_SSH_BAD_PACKET_LENGTH 486
32027 - LOG_ID_VIEW_DISK_LOG_SUCC 487
32028 - LOG_ID_LOG_DEL_DIR 488
32029 - LOG_ID_LOG_DEL_FILE 488
32030 - LOG_ID_SEND_FDS_STAT 489
32031 - LOG_ID_VIEW_MEM_LOG_FAIL 490

FortiOS 6.4.7 Log Reference 11


Fortinet, Inc.
32032 - LOG_ID_DISK_DLP_ARCH_FULL 491
32033 - LOG_ID_DISK_QUAR_FULL 491
32034 - LOG_ID_DISK_REPORT_FULL 492
32035 - LOG_ID_VDOM_DISABLED 493
32036 - LOG_ID_DISK_IPS_ARCH_FULL 493
32037 - LOG_ID_DISK_LOG_FIRST_FULL 494
32038 - LOG_ID_LOG_ROLL_FORTICRON 495
32039 - LOG_ID_VIEW_MEM_LOG_SUCC 496
32040 - LOG_ID_REPORT_DELETED 496
32041 - LOG_ID_REPORT_DELETED_GUI 497
32042 - LOG_ID_MEM_LOG_SECOND_FULL 498
32043 - LOG_ID_MEM_LOG_FINAL_FULL 498
32044 - LOG_ID_LOG_DELETE 499
32045 - LOG_ID_MGR_LIC_EXPIRE 500
32048 - LOG_ID_SCHEDULE_EXPIRE 501
32049 - LOG_ID_FC_EXPIRE 501
32050 - LOG_ID_POL_PKT_CAPTURE_FULL 502
32051 - LOG_ID_LOG_UPLOAD 503
32052 - LOG_ID_UPLOAD_RUN_SCRIPT 503
32053 - LOG_ID_ADMIN_MTNER_LOGIN_SUCC 504
32054 - LOG_ID_ADMIN_MTNER_LOGOUT 505
32057 - LOG_ID_VIEW_FAZ_LOG_FAIL 506
32058 - LOG_ID_VIEW_FAZ_LOG_SUCC 507
32095 - LOG_ID_GUI_CHG_SUB_MODULE 508
32096 - LOG_ID_GUI_DOWNLOAD_LOG 508
32097 - LOG_ID_DELETE_CAPTURE_PKT 509
32100 - LOG_ID_FORTI_TOKEN_SYNC 510
32102 - LOG_ID_CHG_CONFIG 511
32103 - LOG_ID_NEW_FIRMWARE 512
32104 - LOG_ID_CHG_CONFIG_GUI 512
32105 - LOG_ID_NTP_SVR_STAUS_CHG_REACHABLE 513
32106 - LOG_ID_NTP_SVR_STAUS_CHG_RESOLVABLE 514
32107 - LOG_ID_NTP_SVR_STAUS_CHG_UNRESOLVABLE 515
32108 - LOG_ID_NTP_SVR_STAUS_CHG_UNREACHABLE 516
32109 - LOG_ID_UPD_SIGN_AV_DB 516
32110 - LOG_ID_UPD_SIGN_IPS_DB 517
32111 - LOG_ID_UPD_SIGN_AVIPS_DB 518
32113 - LOG_ID_UPD_SIGN_SRCVIS_DB 519
32114 - LOG_ID_UPD_SIGN_GEOIP_DB 519
32116 - LOG_ID_UPD_SIGN_AVPKG_FAILURE 520
32117 - LOG_ID_UPD_SIGN_AVPKG_SUCCESS 521
32118 - LOG_ID_UPD_ADMIN_AV_DB 522
32119 - LOG_ID_UPD_SCANUNIT_AV_DB 523
32120 - LOG_ID_RPT_ADD_DATASET 523
32122 - LOG_ID_RPT_DEL_DATASET 524
32125 - LOG_ID_RPT_ADD_CHART 525
32126 - LOG_ID_RPT_DEL_CHART 526
32129 - LOG_ID_ADD_GUEST 526
32130 - LOG_ID_CHG_USER 527

FortiOS 6.4.7 Log Reference 12


Fortinet, Inc.
32131 - LOG_ID_DEL_GUEST 528
32132 - LOG_ID_ADD_USER 529
32138 - LOG_ID_REBOOT 530
32139 - LOG_ID_WAKE_ON_LAN 531
32140 - LOG_ID_TIME_USER_SETTING_CHG 531
32141 - LOG_ID_TIME_NTP_SETTING_CHG 532
32142 - LOG_ID_BACKUP_CONF 533
32143 - LOG_ID_BACKUP_CONF_BY_SCP 534
32144 - LOG_ID_BACKUP_CONF_ERROR 535
32145 - LOG_ID_BACKUP_CONF_ALERT 535
32146 - LOG_ID_TIME_PTP_SETTING_CHG 536
32148 - LOG_ID_GET_CRL 537
32149 - LOG_ID_COMMAND_FAIL 538
32151 - LOG_ID_ADD_IP6_LOCAL_POL 538
32152 - LOG_ID_CHG_IP6_LOCAL_POL 539
32153 - LOG_ID_DEL_IP6_LOCAL_POL 540
32155 - LOG_ID_ACT_FTOKEN_REQ 541
32156 - LOG_ID_ACT_FTOKEN_SUCC 541
32157 - LOG_ID_SYNC_FTOKEN_SUCC 542
32158 - LOG_ID_SYNC_FTOKEN_FAIL 543
32159 - LOG_ID_ACT_FTOKEN_FAIL 544
32160 - LOG_ID_FTM_PUSH_SUCC 545
32161 - LOG_ID_FTM_PUSH_FAIL 545
32168 - LOG_ID_REACH_VDOM_LIMIT 546
32169 - LOG_ID_ALARM_DLP_DB 547
32170 - LOG_ID_ALARM_MSG 548
32171 - LOG_ID_ALARM_ACK 548
32172 - LOG_ID_ADD_IP4_LOCAL_POL 549
32173 - LOG_ID_CHG_IP4_LOCAL_POL 550
32174 - LOG_ID_DEL_IP4_LOCAL_POL 551
32190 - LOG_ID_UPT_INVALID_IMG 552
32191 - LOG_ID_UPT_INVALID_IMG_CC 552
32192 - LOG_ID_UPT_INVALID_IMG_RSA 553
32193 - LOG_ID_UPT_IMG_RSA 554
32194 - LOG_ID_UPT_IMG_FAIL 555
32199 - LOG_ID_RESTORE_IMG_USB 555
32200 - LOG_ID_SHUTDOWN 556
32201 - LOG_ID_LOAD_IMG_SUCC 557
32202 - LOG_ID_RESTORE_IMG 558
32203 - LOG_ID_RESTORE_CONF 559
32204 - LOG_ID_RESTORE_FGD_SVR 559
32205 - LOG_ID_RESTORE_VDOM_LIC 560
32206 - LOG_ID_RESTORE_SCRIPT 561
32207 - LOG_ID_RETRIEVE_CONF_LIST 562
32208 - LOG_ID_IMP_PKCS12_CERT 563
32209 - LOG_ID_RESTORE_USR_DEF_IPS 563
32210 - LOG_ID_BACKUP_IMG_SUCC 564
32211 - LOG_ID_UPLOAD_REVISION 565
32212 - LOG_ID_DEL_REVISION 566

FortiOS 6.4.7 Log Reference 13


Fortinet, Inc.
32213 - LOG_ID_RESTORE_TEMPLATE 567
32214 - LOG_ID_RESTORE_FILE 567
32215 - LOG_ID_UPT_IMG 568
32217 - LOG_ID_UPD_IPS 569
32218 - LOG_ID_UPD_DLP 570
32219 - LOG_ID_BACKUP_OUTPUT 570
32220 - LOG_ID_BACKUP_COMMAND 571
32221 - LOG_ID_UPD_VDOM_LIC 572
32222 - LOG_ID_GLB_SETTING_CHG 573
32223 - LOG_ID_BACKUP_USER_DEF_IPS 574
32224 - LOG_ID_BACKUP_DISK_LOG 574
32225 - LOG_ID_DEL_ALL_REVISION 575
32226 - LOG_ID_LOAD_IMG_FAIL 576
32227 - LOG_ID_UPD_DLP_FAIL 577
32228 - LOG_ID_LOAD_IMG_FAIL_WRONG_IMG 578
32229 - LOG_ID_LOAD_IMG_FAIL_NO_RSA 578
32230 - LOG_ID_LOAD_IMG_FAIL_INVALID_RSA 579
32231 - LOG_ID_RESTORE_FGD_SVR_FAIL 580
32232 - LOG_ID_RESTORE_VDOM_LIC_FAIL 581
32233 - LOG_ID_BACKUP_IMG_FAIL 581
32234 - LOG_ID_RESTORE_IMG_INVALID_CC 582
32235 - LOG_ID_RESTORE_IMG_FORTIGUARD 583
32236 - LOG_ID_BACKUP_MEM_LOG 584
32237 - LOG_ID_BACKUP_MEM_LOG_FAIL 584
32238 - LOG_ID_BACKUP_DISK_LOG_FAIL 585
32239 - LOG_ID_BACKUP_DISK_LOG_USB 586
32240 - LOG_ID_SYS_USB_MODE 587
32241 - LOG_ID_BACKUP_DISK_LOG_USB_FAIL 588
32242 - LOG_ID_UPD_VDOM_LIC_FAIL 588
32243 - LOG_ID_UPD_IPS_SCP 589
32244 - LOG_ID_UPD_IPS_SCP_FAIL 590
32245 - LOG_ID_BACKUP_USER_DEF_IPS_FAIL 591
32246 - LOG_ID_RESTORE_USR_DEF_IPS_CRITICAL 591
32247 - LOG_ID_SSH_NEGOTIATION_FAILURE 592
32252 - LOG_ID_FACTORY_RESET 593
32253 - LOG_ID_FORMAT_RAID 594
32254 - LOG_ID_ENABLE_RAID 595
32255 - LOG_ID_DISABLE_RAID 595
32300 - LOG_ID_UPLOAD_RPT_IMG 596
32301 - LOG_ID_ADD_VDOM 597
32302 - LOG_ID_DEL_VDOM 598
32545 - LOG_ID_SYS_RESTART 599
32546 - LOG_ID_APPLICATION_CRASH 599
32547 - LOG_ID_AUTOSCRIPT_START 600
32548 - LOG_ID_AUTOSCRIPT_STOP 601
32549 - LOG_ID_AUTOSCRIPT_STOP_AUTO 602
32550 - LOG_ID_AUTOSCRIPT_DELETE_RSLT 602
32551 - LOG_ID_AUTOSCRIPT_BACKUP_RSLT 603
32552 - LOG_ID_AUTOSCRIPT_CHECK_STATUS 604

FortiOS 6.4.7 Log Reference 14


Fortinet, Inc.
32553 - LOG_ID_AUTOSCRIPT_STOP_REACH_LIMIT 605
32561 - LOG_ID_ADMIN_LOGOUT_DISCONNECT 605
32562 - LOG_ID_STORE_CONF_FAIL_SPACE 606
32564 - LOG_ID_RESTORE_CONF_FAIL 607
32565 - LOG_ID_RESTORE_CONF_BY_MGMT 608
32566 - LOG_ID_RESTORE_CONF_BY_SCP 609
32567 - LOG_ID_RESTORE_CONF_BY_USB 609
32568 - LOG_ID_DEL_REVISION_DB 610
32569 - LOG_ID_FSW_SWITCH_LOG_EVENT 611
32570 - LOG_ID_ADMIN_MTNER_LOGOUT_DISCONNECT 612
32601 - LOG_ID_FGT_SWITCH_LOG_DISCOVER 613
32602 - LOG_ID_FGT_SWITCH_LOG_AUTH 614
32603 - LOG_ID_FGT_SWITCH_LOG_DEAUTH 615
32604 - LOG_ID_FGT_SWITCH_LOG_DELETE 615
32605 - LOG_ID_FGT_SWITCH_LOG_TUNNEL_UP 616
32606 - LOG_ID_FGT_SWITCH_LOG_TUNNEL_DOWN 617
32607 - LOG_ID_FGT_SWITCH_PUSH_IMAGE 618
32608 - LOG_ID_FGT_SWITCH_STAGE_IMAGE 619
32609 - LOG_ID_FGT_SWITCH_DISABLE_DISCOVERY 619
32610 - LOG_ID_FGT_SWITCH_LOG_WARNING 620
32611 - LOG_ID_FGT_SWITCH_EXPORT_POOL 621
32612 - LOG_ID_FGT_SWITCH_EXPORT_VDOM 622
32613 - LOG_ID_FGT_SWITCH_REQUEST_PORT 622
32614 - LOG_ID_FGT_SWITCH_RETURN_PORT 623
32615 - LOG_ID_FGT_SWITCH_MAC_ADD 624
32616 - LOG_ID_FGT_SWITCH_MAC_DEL 625
32617 - LOG_ID_FGT_SWITCH_MAC_MOVE 626
32693 - LOG_ID_FGT_SWITCH_GROUP_SWC 626
32694 - LOG_ID_FGT_SWITCH_GROUP_POE 627
32695 - LOG_ID_FGT_SWITCH_GROUP_LINK 628
32696 - LOG_ID_FGT_SWITCH_GROUP_STP 629
32697 - LOG_ID_FGT_SWITCH_GROUP_SWITCH 630
32698 - LOG_ID_FGT_SWITCH_GROUP_ROUTER 631
32699 - LOG_ID_FGT_SWITCH_GROUP_SYSTEM 632
32700 - LOG_ID_DPDK_EARLY_INIT_FAIL 633
34415 - LOG_ID_NP6_IPSEC_ENGINE_BUSY 634
34416 - LOG_ID_NP6_IPSEC_ENGINE_POSSIBLY_LOCKUP 634
34417 - LOG_ID_NP6_IPSEC_ENGINE_LOCKUP 635
34418 - LOG_ID_NP6_HPE_PACKET_DROP 636
34419 - LOG_ID_NP6_HPE_PACKET_FLOOD 636
35001 - LOG_ID_HA_SYNC_VIRDB 637
35002 - LOG_ID_HA_SYNC_ETDB 638
35003 - LOG_ID_HA_SYNC_EXDB 638
35004 - LOG_ID_HA_SYNC_FLDB 639
35005 - LOG_ID_HA_SYNC_IPS 640
35007 - LOG_ID_HA_SYNC_AV 641
35009 - LOG_ID_HA_SYNC_CID 641
35011 - LOG_ID_HA_SYNC_FAIL 642
35012 - LOG_ID_CONF_SYNC_FAIL 643

FortiOS 6.4.7 Log Reference 15


Fortinet, Inc.
35013 - LOG_ID_HA_FAILOVER_FAIL 643
35014 - LOG_ID_HA_RESET_UPTIME 644
35015 - LOG_ID_HA_CLEAR_HISTORY 645
35016 - LOG_ID_HA_FAILOVER_SUCCESS 645
36881 - LOG_ID_EVENT_SYSTEM_CFG_REVERT 646
36882 - LOG_ID_EVENT_SYSTEM_CFG_MANUALLY_SAVED 647
37120 - MESGID_NEG_GENERIC_P1_NOTIF 648
37121 - MESGID_NEG_GENERIC_P1_ERROR 649
37122 - MESGID_NEG_GENERIC_P2_NOTIF 650
37123 - MESGID_NEG_GENERIC_P2_ERROR 651
37124 - MESGID_NEG_I_P1_ERROR 653
37125 - MESGID_NEG_I_P2_ERROR 654
37126 - MESGID_NEG_NO_STATE_ERROR 655
37127 - MESGID_NEG_PROGRESS_P1_NOTIF 656
37128 - MESGID_NEG_PROGRESS_P1_ERROR 658
37129 - MESGID_NEG_PROGRESS_P2_NOTIF 659
37130 - MESGID_NEG_PROGRESS_P2_ERROR 661
37131 - MESGID_ESP_ERROR 662
37132 - MESGID_ESP_CRITICAL 663
37133 - MESGID_INSTALL_SA 665
37134 - MESGID_DELETE_P1_SA 666
37135 - MESGID_DELETE_P2_SA 667
37136 - MESGID_DPD_FAILURE 668
37137 - MESGID_CONN_FAILURE 669
37138 - MESGID_CONN_UPDOWN 670
37139 - MESGID_P2_UPDOWN 672
37141 - MESGID_CONN_STATS 673
37889 - MESGID_VC_DELETE 674
37890 - MESGID_VC_MOVE_VDOM 675
37891 - MESGID_VC_ADD_VDOM 676
37892 - MESGID_VC_MOVE_MEMB_STATE 677
37893 - MESGID_VC_DETECT_MEMB_DEAD 677
37894 - MESGID_VC_DETECT_MEMB_JOIN 678
37895 - MESGID_VC_ADD_HADEV 679
37896 - MESGID_VC_DEL_HADEV 680
37897 - MESGID_HADEV_READY 680
37898 - MESGID_HADEV_FAIL 681
37899 - MESGID_HADEV_PEERINFO 682
37900 - MESGID_HBDEV_DELETE 683
37901 - MESGID_HBDEV_DOWN 683
37902 - MESGID_HBDEV_UP 684
37903 - MESGID_SYNC_STATUS 685
37904 - MESGID_HA_ACTIVITY 686
37907 - MESGID_VLAN_HB_UP 686
37908 - MESGID_VLAN_HB_DOWN 687
37909 - MESGID_VLAN_HB_DOWN_SUM 688
37910 - MESGID_HB_PACKET_LOST 688
38010 - LOG_ID_FIPS_ENCRY_FAIL 689
38011 - LOG_ID_FIPS_DECRY_FAIL 690

FortiOS 6.4.7 Log Reference 16


Fortinet, Inc.
38012 - LOG_ID_ENTROPY_TOKEN 691
38031 - LOG_ID_FSSO_LOGON 691
38032 - LOG_ID_FSSO_LOGOFF 692
38033 - LOG_ID_FSSO_SVR_STATUS 693
38403 - LOGID_EVENT_NOTIF_INSUFFICIENT_RESOURCE 694
38404 - LOGID_EVENT_NOTIF_HOSTNAME_ERROR 695
38405 - LOGID_NOTIF_CODE_SENDTO_SMS_PHONE 695
38406 - LOGID_NOTIF_CODE_SENDTO_SMS_TO 696
38407 - LOGID_NOTIF_CODE_SENDTO_EMAIL 697
38408 - LOGID_EVENT_OFTP_SSL_CONNECTED 698
38409 - LOGID_EVENT_OFTP_SSL_DISCONNECTED 698
38410 - LOGID_EVENT_OFTP_SSL_FAILED 699
38411 - LOGID_EVENT_TWO_F_AUTH_CODE_SENDTO 700
38412 - LOGID_EVENT_TOKEN_CODE_SENDTO 701
38656 - LOGID_EVENT_RAD_RPT_PROTO_ERROR 701
38657 - LOGID_EVENT_RAD_RPT_PROF_NOT_FOUND 702
38658 - LOGID_EVENT_RAD_RPT_CTX_NOT_FOUND 703
38659 - LOGID_EVENT_RAD_RPT_ACCT_STOP_MISSED 704
38660 - LOGID_EVENT_RAD_RPT_ACCT_EVENT 704
38661 - LOGID_EVENT_RAD_RPT_OTHER 705
38662 - LOGID_EVENT_RAD_STAT_PROTO_ERROR 706
38663 - LOGID_EVENT_RAD_STAT_PROF_NOT_FOUND 707
38665 - LOGID_EVENT_RAD_STAT_ACCT_STOP_MISSED 708
38666 - LOGID_EVENT_RAD_STAT_ACCT_EVENT 709
38667 - LOGID_EVENT_RAD_STAT_OTHER 709
38668 - LOGID_EVENT_RAD_STAT_EP_BLK 710
39424 - LOG_ID_EVENT_SSL_VPN_USER_TUNNEL_UP 711
39425 - LOG_ID_EVENT_SSL_VPN_USER_TUNNEL_DOWN 712
39426 - LOG_ID_EVENT_SSL_VPN_USER_SSL_LOGIN_FAIL 713
39936 - LOG_ID_EVENT_SSL_VPN_SESSION_WEB_TUNNEL_STATS 714
39937 - LOG_ID_EVENT_SSL_VPN_SESSION_WEBAPP_DENY 715
39938 - LOG_ID_EVENT_SSL_VPN_SESSION_WEBAPP_PASS 716
39939 - LOG_ID_EVENT_SSL_VPN_SESSION_WEBAPP_TIMEOUT 717
39940 - LOG_ID_EVENT_SSL_VPN_SESSION_WEBAPP_CLOSE 718
39941 - LOG_ID_EVENT_SSL_VPN_SESSION_SYS_BUSY 719
39942 - LOG_ID_EVENT_SSL_VPN_SESSION_CERT_OK 720
39943 - LOG_ID_EVENT_SSL_VPN_SESSION_NEW_CON 721
39944 - LOG_ID_EVENT_SSL_VPN_SESSION_ALERT 722
39945 - LOG_ID_EVENT_SSL_VPN_SESSION_EXIT_FAIL 723
39946 - LOG_ID_EVENT_SSL_VPN_SESSION_EXIT_ERR 724
39947 - LOG_ID_EVENT_SSL_VPN_SESSION_TUNNEL_UP 725
39948 - LOG_ID_EVENT_SSL_VPN_SESSION_TUNNEL_DOWN 726
39949 - LOG_ID_EVENT_SSL_VPN_SESSION_TUNNEL_STATS 727
39950 - LOG_ID_EVENT_SSL_VPN_SESSION_TUNNEL_UNKNOWNTAG 728
39951 - LOG_ID_EVENT_SSL_VPN_SESSION_TUNNEL_ERROR 729
39952 - LOG_ID_EVENT_SSL_VPN_SESSION_ENTER_CONSERVE_MODE 730
39953 - LOG_ID_EVENT_SSL_VPN_SESSION_LEAVE_CONSERVE_MODE 731
40001 - LOG_ID_PPTP_TUNNEL_UP 732
40002 - LOG_ID_PPTP_TUNNEL_DOWN 733

FortiOS 6.4.7 Log Reference 17


Fortinet, Inc.
40003 - LOG_ID_PPTP_TUNNEL_STAT 734
40014 - LOG_ID_PPTP_REACH_MAX_CON 735
40017 - LOG_ID_L2TPD_CLIENT_CON_FAIL 735
40019 - LOG_ID_L2TPD_CLIENT_DISCON 736
40021 - LOG_ID_PPTP_NOT_CONIG 737
40022 - LOG_ID_PPTP_NO_IP_AVAIL 738
40024 - LOG_ID_PPTP_OUT_MEM 738
40034 - LOG_ID_PPTP_START 739
40035 - LOG_ID_PPTP_START_FAIL 740
40036 - LOG_ID_PPTP_EXIT 741
40037 - LOG_ID_PPTPD_SVR_DISCON 741
40038 - LOG_ID_PPTPD_CLIENT_CON 742
40039 - LOG_ID_PPTPD_CLIENT_DISCON 743
40101 - LOG_ID_L2TP_TUNNEL_UP 744
40102 - LOG_ID_L2TP_TUNNEL_DOWN 744
40103 - LOG_ID_L2TP_TUNNEL_STAT 745
40114 - LOG_ID_L2TPD_START 746
40115 - LOG_ID_L2TPD_EXIT 747
40118 - LOG_ID_L2TPD_CLIENT_CON 748
40704 - LOG_ID_EVENT_SYS_PERF 748
40705 - LOG_ID_EVENT_SYS_CPU_USAGE 750
40706 - LOG_ID_EVENT_SYS_BROKEN_SYMBOLIC_LINK 750
40960 - LOGID_EVENT_WAD_WEBPROXY_FWD_SRV_ERROR 751
41000 - LOG_ID_UPD_FGT_SUCC 752
41001 - LOG_ID_UPD_FGT_FAIL 753
41002 - LOG_ID_UPD_SRC_VIS 753
41006 - LOG_ID_UPD_FSA_VIRDB 754
41984 - LOG_ID_EVENT_VPN_CERT_LOAD 755
41985 - LOG_ID_EVENT_VPN_CERT_REMOVAL 756
41986 - LOG_ID_EVENT_VPN_CERT_REGEN 756
41987 - LOG_ID_EVENT_VPN_CERT_UPDATE 757
41988 - LOG_ID_EVENT_SSL_VPN_SETTING_UPDATE 758
41989 - LOG_ID_EVENT_VPN_CERT_ERR 759
41990 - LOG_ID_EVENT_VPN_CERT_UPDATE_FAILED 760
41991 - LOG_ID_EVENT_VPN_CERT_EXPORT 761
41992 - LOG_ID_EVENT_VPN_CERT_CRL_EXPIRED 762
42201 - LOG_ID_NETX_VMX_ATTACH 762
42202 - LOG_ID_NETX_VMX_DETACH 763
42203 - LOG_ID_NETX_VMX_DENIED 764
43008 - LOG_ID_EVENT_AUTH_SUCCESS 764
43009 - LOG_ID_EVENT_AUTH_FAILED 765
43010 - LOG_ID_EVENT_AUTH_LOCKOUT 766
43011 - LOG_ID_EVENT_AUTH_TIME_OUT 767
43014 - LOG_ID_EVENT_AUTH_FSAE_LOGON 768
43015 - LOG_ID_EVENT_AUTH_FSAE_LOGOFF 769
43016 - LOG_ID_EVENT_AUTH_NTLM_AUTH_SUCCESS 770
43017 - LOG_ID_EVENT_AUTH_NTLM_AUTH_FAIL 771
43018 - LOG_ID_EVENT_AUTH_FGOVRD_FAIL 772
43020 - LOG_ID_EVENT_AUTH_FGOVRD_SUCCESS 773

FortiOS 6.4.7 Log Reference 18


Fortinet, Inc.
43025 - LOG_ID_EVENT_AUTH_PROXY_SUCCESS 774
43026 - LOG_ID_EVENT_AUTH_PROXY_FAILED 775
43027 - LOG_ID_EVENT_AUTH_PROXY_TIME_OUT 776
43028 - LOG_ID_EVENT_AUTH_PROXY_GROUP_INFO_FAILED 777
43029 - LOG_ID_EVENT_AUTH_WARNING_SUCCESS 778
43030 - LOG_ID_EVENT_AUTH_WARNING_TBL_FULL 779
43032 - LOG_ID_EVENT_AUTH_PROXY_USER_LIMIT_REACHED 780
43033 - LOG_ID_EVENT_AUTH_PROXY_MULTIPLE_LOGIN 781
43034 - LOG_ID_EVENT_AUTH_PROXY_NO_RESP 782
43037 - LOG_ID_EVENT_AUTH_IPV4_FLUSH 783
43038 - LOG_ID_EVENT_AUTH_IPV6_FLUSH 783
43039 - LOG_ID_EVENT_AUTH_LOGON 784
43040 - LOG_ID_EVENT_AUTH_LOGOUT 785
43041 - LOG_ID_EVENT_AUTH_DISCLAIMER_ACCEPT 786
43042 - LOG_ID_EVENT_AUTH_DISCLAIMER_DECLINE 787
43043 - LOG_ID_EVENT_AUTH_EMAIL_COLLECTING_SUCCESS 788
43044 - LOG_ID_EVENT_AUTH_EMAIL_COLLECTING_FAIL 789
43045 - LOG_ID_EVENT_AUTH_8021X_SUCCESS 790
43046 - LOG_ID_EVENT_AUTH_8021X_FAIL 791
43050 - LOG_ID_EVENT_AUTH_FSAE_CONNECT 792
43051 - LOG_ID_EVENT_AUTH_FSAE_DISCONNECT 792
43520 - LOG_ID_EVENT_WIRELESS_SYS 793
43521 - LOG_ID_EVENT_WIRELESS_ROGUE 794
43522 - LOG_ID_EVENT_WIRELESS_WTP 795
43524 - LOG_ID_EVENT_WIRELESS_STA 796
43525 - LOG_ID_EVENT_WIRELESS_ONWIRE 798
43526 - LOG_ID_EVENT_WIRELESS_WTPR 799
43527 - LOG_ID_EVENT_WIRELESS_ROGUE_CFG 800
43528 - LOG_ID_EVENT_WIRELESS_WTPR_ERROR 801
43529 - LOG_ID_EVENT_WIRELESS_CLB 802
43530 - LOG_ID_EVENT_WIRELESS_WIDS_WL_BRIDGE 803
43531 - LOG_ID_EVENT_WIRELESS_WIDS_BR_DEAUTH 804
43532 - LOG_ID_EVENT_WIRELESS_WIDS_NL_PBRESP 805
43533 - LOG_ID_EVENT_WIRELESS_WIDS_MAC_OUI 807
43534 - LOG_ID_EVENT_WIRELESS_WIDS_LONG_DUR 808
43535 - LOG_ID_EVENT_WIRELESS_WIDS_WEP_IV 809
43542 - LOG_ID_EVENT_WIRELESS_WIDS_EAPOL_FLOOD 810
43544 - LOG_ID_EVENT_WIRELESS_WIDS_MGMT_FLOOD 811
43546 - LOG_ID_EVENT_WIRELESS_WIDS_SPOOF_DEAUTH 812
43548 - LOG_ID_EVENT_WIRELESS_WIDS_ASLEAP 813
43550 - LOG_ID_EVENT_WIRELESS_STA_LOCATE 815
43551 - LOG_ID_EVENT_WIRELESS_WTP_JOIN 815
43552 - LOG_ID_EVENT_WIRELESS_WTP_LEAVE 816
43553 - LOG_ID_EVENT_WIRELESS_WTP_FAIL 817
43554 - LOG_ID_EVENT_WIRELESS_WTP_UPDATE 818
43555 - LOG_ID_EVENT_WIRELESS_WTP_RESET 819
43556 - LOG_ID_EVENT_WIRELESS_WTP_KICK 820
43557 - LOG_ID_EVENT_WIRELESS_WTP_ADD_FAILURE 821
43558 - LOG_ID_EVENT_WIRELESS_WTP_CFG_ERR 822

FortiOS 6.4.7 Log Reference 19


Fortinet, Inc.
43559 - LOG_ID_EVENT_WIRELESS_WTP_SN_MISMATCH 823
43560 - LOG_ID_EVENT_WIRELESS_SYS_AC_RESTARTED 824
43561 - LOG_ID_EVENT_WIRELESS_SYS_AC_HOSTAPD_UP 825
43562 - LOG_ID_EVENT_WIRELESS_SYS_AC_HOSTAPD_DOWN 825
43563 - LOG_ID_EVENT_WIRELESS_ROGUE_DETECT 826
43564 - LOG_ID_EVENT_WIRELESS_ROGUE_OFFAIR 828
43565 - LOG_ID_EVENT_WIRELESS_ROGUE_ONAIR 829
43566 - LOG_ID_EVENT_WIRELESS_ROGUE_OFFWIRE 831
43567 - LOG_ID_EVENT_WIRELESS_FAKEAP_DETECT 832
43568 - LOG_ID_EVENT_WIRELESS_FAKEAP_ONAIR 834
43569 - LOG_ID_EVENT_WIRELESS_ROGUE_SUPPRESSED 835
43570 - LOG_ID_EVENT_WIRELESS_ROGUE_UNSUPPRESSED 837
43571 - LOG_ID_EVENT_WIRELESS_ROGUE_DETECT_CHG 838
43572 - LOG_ID_EVENT_WIRELESS_STA_ASSO 840
43573 - LOG_ID_EVENT_WIRELESS_STA_AUTH 841
43574 - LOG_ID_EVENT_WIRELESS_STA_DASS 842
43575 - LOG_ID_EVENT_WIRELESS_STA_DAUT 844
43576 - LOG_ID_EVENT_WIRELESS_STA_IDLE 845
43577 - LOG_ID_EVENT_WIRELESS_STA_DENY 846
43578 - LOG_ID_EVENT_WIRELESS_STA_KICK 847
43579 - LOG_ID_EVENT_WIRELESS_STA_IP 849
43580 - LOG_ID_EVENT_WIRELESS_STA_LEAVE_WTP 850
43581 - LOG_ID_EVENT_WIRELESS_STA_WTP_DISCONN 851
43582 - LOG_ID_EVENT_WIRELESS_ROGUE_CFG_UNCLASSIFIED 853
43583 - LOG_ID_EVENT_WIRELESS_ROGUE_CFG_ACCEPTED 853
43584 - LOG_ID_EVENT_WIRELESS_ROGUE_CFG_ROGUE 854
43585 - LOG_ID_EVENT_WIRELESS_ROGUE_CFG_SUPPRESSED 855
43586 - LOG_ID_EVENT_WIRELESS_WTPR_DARRP_CHAN 856
43587 - LOG_ID_EVENT_WIRELESS_WTPR_DARRP_START 857
43588 - LOG_ID_EVENT_WIRELESS_WTPR_OPER_CHAN 858
43589 - LOG_ID_EVENT_WIRELESS_WTPR_RADAR 859
43590 - LOG_ID_EVENT_WIRELESS_WTPR_NOL 860
43591 - LOG_ID_EVENT_WIRELESS_WTPR_COUNTRY_CFG_SUCCESS 862
43592 - LOG_ID_EVENT_WIRELESS_WTPR_OPER_COUNTRY 863
43593 - LOG_ID_EVENT_WIRELESS_WTPR_CFG_TXPOWER 864
43594 - LOG_ID_EVENT_WIRELESS_WTPR_OPER_TXPOWER 865
43595 - LOG_ID_EVENT_WIRELESS_CLB_DENY 866
43596 - LOG_ID_EVENT_WIRELESS_CLB_RETRY 867
43597 - LOG_ID_EVENT_WIRELESS_WTP_ADD 868
43598 - LOG_ID_EVENT_WIRELESS_WTP_ADD_XSS 869
43599 - LOG_ID_EVENT_WIRELESS_WTP_DEL 870
43600 - LOG_ID_EVENT_WIRELESS_WTPR_DARRP_STOP 871
43601 - LOG_ID_EVENT_WIRELESS_STA_CAP_SIGNON 872
43602 - LOG_ID_EVENT_WIRELESS_STA_CAP_SIGNON_SUCCESS 874
43603 - LOG_ID_EVENT_WIRELESS_STA_CAP_SIGNON_FAILURE 875
43604 - LOG_ID_EVENT_WIRELESS_STA_CAP_EMAIL_REQUEST 876
43605 - LOG_ID_EVENT_WIRELESS_STA_CAP_EMAIL_SUCCESS 877
43606 - LOG_ID_EVENT_WIRELESS_STA_CAP_EMAIL_FAILURE 879
43607 - LOG_ID_EVENT_WIRELESS_STA_CAP_DISCLAIMER_CHECK 880

FortiOS 6.4.7 Log Reference 20


Fortinet, Inc.
43608 - LOG_ID_EVENT_WIRELESS_STA_CAP_DISCLAIMER_DECLINE 881
43609 - LOG_ID_EVENT_WIRELESS_WTPR_DARRP_OPTIMIZATION_START 882
43610 - LOG_ID_EVENT_WIRELESS_WTPR_DARRP_OPTIMIZATION_STOP 883
43611 - LOG_ID_EVENT_WIRELESS_SYS_AC_UP 885
43612 - LOG_ID_EVENT_WIRELESS_SYS_AC_CFG_LOADED 885
43613 - LOG_ID_EVENT_WIRELESS_WTP_ERR 886
43614 - LOG_ID_EVENT_WIRELESS_DHCP_STAVATION 887
43615 - LOG_ID_EVENT_WIRELESS_SYS_AC_IPSEC_FAIL 888
43616 - LOG_ID_EVENT_WIRELESS_WTPR_NOL_ADD 889
43618 - LOG_ID_EVENT_WIRELESS_WTP_IMAGE_RC_SUCCESS 890
43619 - LOG_ID_EVENT_WIRELESS_OFFENDINGAP_DETECT 891
43620 - LOG_ID_EVENT_WIRELESS_OFFENDINGAP_ONAIR 892
43621 - LOG_ID_EVENT_WIRELESS_WTP_DATA_CHAN_CHG 894
43622 - LOG_ID_EVENT_WIRELESS_WTP_VLAN_PROBE 895
43623 - LOG_ID_EVENT_WIRELESS_WTP_VLAN_MISSING 896
43624 - LOG_ID_EVENT_WIRELESS_WTP_VLAN_DETECTED 897
43625 - LOG_ID_EVENT_WIRELESS_STA_CAP_CMCC_SUCCESS 898
43626 - LOG_ID_EVENT_WIRELESS_STA_CAP_CMCC_FAILURE 899
43627 - LOG_ID_EVENT_WIRELESS_STA_CAP_CMCC_TIMEOUT 900
43628 - LOG_ID_EVENT_WIRELESS_STA_CAP_CMCC_MAC_AUTH_SUCCESS902
43629 - LOG_ID_EVENT_WIRELESS_STA_RADIUS_AUTH_FAILURE 903
43630 - LOG_ID_EVENT_WIRELESS_STA_RADIUS_AUTH_SUCCESS 904
43631 - LOG_ID_EVENT_WIRELESS_STA_RADIUS_AUTH_NO_RESP 905
43632 - LOG_ID_EVENT_WIRELESS_STA_RADIUS_MAC_AUTH_FAILURE 906
43633 - LOG_ID_EVENT_WIRELESS_STA_RADIUS_MAC_AUTH_SUCCESS 907
43634 - LOG_ID_EVENT_WIRELESS_STA_RADIUS_MAC_AUTH_NO_RESP 908
43635 - LOG_ID_EVENT_WIRELESS_STA_OKC_NO_MATCH 909
43636 - LOG_ID_EVENT_WIRELESS_STA_OKC_LOCAL_MATCH 910
43637 - LOG_ID_EVENT_WIRELESS_STA_OKC_INTER_AC_MATCH 912
43638 - LOG_ID_EVENT_WIRELESS_STA_OKC_INTER_AP_MATCH 913
43639 - LOG_ID_EVENT_WIRELESS_STA_FT_INVALID_ACTION_REQ 914
43640 - LOG_ID_EVENT_WIRELESS_STA_FT_INVALID_AUTH_REQ 915
43641 - LOG_ID_EVENT_WIRELESS_STA_FT_INVALID_REASSOC_REQ 916
43642 - LOG_ID_EVENT_WIRELESS_STA_FT_ACTION_REQ 917
43643 - LOG_ID_EVENT_WIRELESS_STA_FT_ACTION_RESP 918
43644 - LOG_ID_EVENT_WIRELESS_STA_FT_AUTH_REQ 919
43645 - LOG_ID_EVENT_WIRELESS_STA_FT_AUTH_RESP 920
43646 - LOG_ID_EVENT_WIRELESS_STA_FT_REASSOC_REQ 921
43647 - LOG_ID_EVENT_WIRELESS_STA_FT_REASSOC_RESP 923
43648 - LOG_ID_EVENT_WIRELESS_STA_WPA_MSG_INVALID_SECOND_
MSG 924
43649 - LOG_ID_EVENT_WIRELESS_STA_WPA_MSG_INVALID_FOURTH_MSG925
43650 - LOG_ID_EVENT_WIRELESS_STA_WPA_MSG_FIRST_MSG 926
43651 - LOG_ID_EVENT_WIRELESS_STA_WPA_MSG_SECOND_MSG 927
43652 - LOG_ID_EVENT_WIRELESS_STA_WPA_MSG_THIRD_MSG 928
43653 - LOG_ID_EVENT_WIRELESS_STA_WPA_MSG_FOURTH_MSG 929
43654 - LOG_ID_EVENT_WIRELESS_STA_WPA_MSG_FIRST_GROUP_MSG 930
43655 - LOG_ID_EVENT_WIRELESS_STA_WPA_MSG_SECOND_GROUP_MSG931
43656 - LOG_ID_EVENT_WIRELESS_STA_WPA_MSG_MAX_STA_CNT 932

FortiOS 6.4.7 Log Reference 21


Fortinet, Inc.
43657 - LOG_ID_EVENT_WIRELESS_STA_ASSOC_FAIL 934
43658 - LOG_ID_EVENT_WIRELESS_STA_DHCP_NO_RESP 935
43659 - LOG_ID_EVENT_WIRELESS_STA_DHCP_DIFF_OFFER 936
43660 - LOG_ID_EVENT_WIRELESS_STA_DHCP_NO_ACK 937
43661 - LOG_ID_EVENT_WIRELESS_STA_DHCP_NAK 938
43662 - LOG_ID_EVENT_WIRELESS_STA_DHCP_DUP_IP 939
43663 - LOG_ID_EVENT_WIRELESS_STA_DHCP_DISCOVER 940
43664 - LOG_ID_EVENT_WIRELESS_STA_DHCP_OFFER 941
43665 - LOG_ID_EVENT_WIRELESS_STA_DHCP_DECLINE 942
43666 - LOG_ID_EVENT_WIRELESS_STA_DHCP_REQUEST 943
43667 - LOG_ID_EVENT_WIRELESS_STA_DHCP_ACK 944
43668 - LOG_ID_EVENT_WIRELESS_STA_DHCP_RELEASE 945
43669 - LOG_ID_EVENT_WIRELESS_STA_DHCP_INFORM 946
43670 - LOG_ID_EVENT_WIRELESS_STA_DHCP_SELF_ASSIGNED 947
43671 - LOG_ID_EVENT_WIRELESS_STA_DNS_NO_RESP 948
43672 - LOG_ID_EVENT_WIRELESS_STA_DNS_SERVER_FAILURE 949
43673 - LOG_ID_EVENT_WIRELESS_STA_DNS_NO_DOMAIN 950
43674 - LOG_ID_EVENT_WIRELESS_STA_WPA_KRACK_FT_REASSOC 951
43675 - LOG_ID_EVENT_WIRELESS_STA_AUTH_REQ 952
43676 - LOG_ID_EVENT_WIRELESS_STA_AUTH_RESP 953
43677 - LOG_ID_EVENT_WIRELESS_STA_ASSOC_REQ 954
43678 - LOG_ID_EVENT_WIRELESS_STA_REASSOC_REQ 955
43679 - LOG_ID_EVENT_WIRELESS_STA_ASSOC_RESP 957
43680 - LOG_ID_EVENT_WIRELESS_STA_REASSOC_RESP 958
43681 - LOG_ID_EVENT_WIRELESS_STA_PROBE_REQ 959
43682 - LOG_ID_EVENT_WIRELESS_STA_PROBE_RESP 960
43683 - LOG_ID_EVENT_WIRELESS_BLE_DEV_LOCATE 961
43684 - LOG_ID_EVENT_WIRELESS_ADDRGRP_DUPLICATE_MAC 962
43685 - LOG_ID_EVENT_WIRELESS_ADDRGRP_ADDR_APPLY 963
43686 - LOG_ID_EVENT_WIRELESS_STA_WPA_MSG_INVALID_SCHEDULE 963
43687 - LOG_ID_EVENT_WIRELESS_STA_WL_BRIDGE_TRAFFIC_STATS 964
43688 - LOG_ID_EVENT_WIRELESS_APCFG_RECEIVE 966
43689 - LOG_ID_EVENT_WIRELESS_APCFG_VALIDATING 966
43690 - LOG_ID_EVENT_WIRELESS_APCFG_APPLY 967
43691 - LOG_ID_EVENT_WIRELESS_APCFG_REJECT 968
43692 - LOG_ID_EVENT_WIRELESS_WTPR_ANTENNA_DEFECT_DETECT 969
43693 - LOG_ID_EVENT_WIRELESS_STA_WNM_ACTION_BSTM_REQ 970
43694 - LOG_ID_EVENT_WIRELESS_STA_WNM_ACTION_BSTM_RESP_
ACCEPT 971
43695 - LOG_ID_EVENT_WIRELESS_STA_WNM_ACTION_BSTM_RESP_
REJECT 972
43696 - LOG_ID_EVENT_WIRELESS_WTPR_DRMA_START 973
43697 - LOG_ID_EVENT_WIRELESS_WTPR_DRMA_STOP 974
43698 - LOG_ID_EVENT_WIRELESS_WTPR_DRMA_MODE 976
43699 - LOG_ID_EVENT_WIRELESS_STA_DHCP6_SOLICIT 977
43700 - LOG_ID_EVENT_WIRELESS_STA_DHCP6_ADVERTISE 978
43701 - LOG_ID_EVENT_WIRELESS_STA_DHCP6_REQUEST 979
43702 - LOG_ID_EVENT_WIRELESS_STA_DHCP6_CONFIRM 980
43703 - LOG_ID_EVENT_WIRELESS_STA_DHCP6_RENEW 981

FortiOS 6.4.7 Log Reference 22


Fortinet, Inc.
43704 - LOG_ID_EVENT_WIRELESS_STA_DHCP6_REPLY 982
43705 - LOG_ID_EVENT_WIRELESS_STA_DHCP6_RELEASE 983
43706 - LOG_ID_EVENT_WIRELESS_STA_DHCP6_RECONFIGURE 984
43707 - LOG_ID_EVENT_WIRELESS_WTPR_SSID_UP 985
43708 - LOG_ID_EVENT_WIRELESS_WTPR_SSID_DOWN 986
43776 - LOG_ID_EVENT_NAC_QUARANTINE 987
43777 - LOG_ID_EVENT_NAC_ANOMALY_QUARANTINE 988
43800 - LOG_ID_EVENT_ELBC_BLADE_JOIN 990
43801 - LOG_ID_EVENT_ELBC_BLADE_LEAVE 990
43802 - LOG_ID_EVENT_ELBC_MASTER_BLADE_FOUND 991
43803 - LOG_ID_EVENT_ELBC_MASTER_BLADE_LOST 992
43804 - LOG_ID_EVENT_ELBC_MASTER_BLADE_CHANGE 993
43805 - LOG_ID_EVENT_ELBC_ACTIVE_CHANNEL_FOUND 994
43806 - LOG_ID_EVENT_ELBC_ACTIVE_CHANNEL_LOST 995
43807 - LOG_ID_EVENT_ELBC_ACTIVE_CHANNEL_CHANGE 995
43808 - LOG_ID_EVENT_ELBC_CHASSIS_ACTIVE 996
43809 - LOG_ID_EVENT_ELBC_CHASSIS_INACTIVE 997
44544 - LOGID_EVENT_CONFIG_PATH 998
44545 - LOGID_EVENT_CONFIG_OBJ 999
44546 - LOGID_EVENT_CONFIG_ATTR 1000
44547 - LOGID_EVENT_CONFIG_OBJATTR 1000
44548 - LOGID_EVENT_CONFIG_EXEC 1001
44549 - LOGID_EVENT_CONFIG_OBJATTR_MTNER 1002
44550 - LOGID_EVENT_CONFIG_OBJ_MTNER 1003
44551 - LOGID_EVENT_CONFIG_ATTR_MTNER 1004
44552 - LOGID_EVENT_CONFIG_PATH_MTNER 1005
44553 - LOGID_EVENT_CONFIG_FIXEDPORT_DIS 1006
44554 - LOGID_EVENT_CONFIG_POL_CHANGED 1006
44555 - LOGID_EVENT_CMDB_DEADLOCK_DETECTED 1007
45057 - LOG_ID_FCC_ADD 1008
45058 - LOG_ID_FCC_CLOSE 1009
45061 - LOG_ID_FCC_CLOSE_BY_TYPE 1009
45071 - LOG_ID_FCC_VULN_SCAN 1010
45114 - LOG_ID_EC_REG_QUARANTINE 1011
45115 - LOG_ID_EC_REG_UNQUARANTINE 1012
46000 - LOG_ID_VIP_REAL_SVR_ENA 1013
46001 - LOG_ID_VIP_REAL_SVR_DISA 1014
46002 - LOG_ID_VIP_REAL_SVR_UP 1015
46003 - LOG_ID_VIP_REAL_SVR_DOWN 1016
46004 - LOG_ID_VIP_REAL_SVR_ENT_HOLDDOWN 1017
46005 - LOG_ID_VIP_REAL_SVR_FAIL_HOLDDOWN 1017
46006 - LOG_ID_VIP_REAL_SVR_FAIL 1018
46400 - LOG_ID_EVENT_EXT_SYS 1019
46401 - LOG_ID_EVENT_EXT_LOCAL 1020
46402 - LOG_ID_EVENT_EXT_LOCAL_ERROR 1020
46403 - LOG_ID_EVENT_EXT_REMOTE_EMERG 1021
46404 - LOG_ID_EVENT_EXT_REMOTE_ALERT 1022
46405 - LOG_ID_EVENT_EXT_REMOTE_CRITICAL 1023
46406 - LOG_ID_EVENT_EXT_REMOTE_ERROR 1023

FortiOS 6.4.7 Log Reference 23


Fortinet, Inc.
46407 - LOG_ID_EVENT_EXT_REMOTE_WARNING 1024
46408 - LOG_ID_EVENT_EXT_REMOTE_NOTIF 1025
46409 - LOG_ID_EVENT_EXT_REMOTE_INFO 1026
46410 - LOG_ID_EVENT_EXT_REMOTE_DEBUG 1026
46501 - LOG_ID_INTERNAL_LTE_MODEM_DETECTION 1027
46502 - LOG_ID_INTERNAL_LTE_MODEM_GPSD 1028
46503 - LOG_ID_INTERNAL_LTE_MODEM_GPS_LOC_ACQUISITION 1028
46504 - LOG_ID_INTERNAL_LTE_MODEM_BILLD 1029
46505 - LOG_ID_INTERNAL_LTE_MODEM_BILLING_PURGED 1030
46506 - LOG_ID_INTERNAL_LTE_MODEM_BILLING_DAILY_LOG 1030
46507 - LOG_ID_INTERNAL_LTE_MODEM_FW_UPGRADE 1031
46508 - LOG_ID_INTERNAL_LTE_MODEM_QDL_DETECTION 1032
46509 - LOG_ID_INTERNAL_LTE_MODEM_REBOOT 1032
46510 - LOG_ID_INTERNAL_LTE_MODEM_OP_MODE 1033
46511 - LOG_ID_INTERNAL_LTE_MODEM_POWER_ON_OFF 1034
46512 - LOG_ID_INTERNAL_LTE_MODEM_SIM_STATE 1035
46513 - LOG_ID_INTERNAL_LTE_MODEM_LINK_CONNECTION 1035
46514 - LOG_ID_INTERNAL_LTE_MODEM_MANUAL_HANDOVER 1036
46515 - LOG_ID_INTERNAL_LTE_MODEM_IP_ADDR 1037
46516 - LOG_ID_INTERNAL_LTE_MODEM_BEARER_TECH_CHANGE 1037
46600 - LOG_ID_EVENT_AUTOMATION_TRIGGERED 1038
46900 - LOG_ID_POE_STATUS_REPORT 1039
47000 - LOG_ID_MALWARE_LIST_TRUNCATED_ENTER 1039
47001 - LOG_ID_MALWARE_LIST_TRUNCATED_EXIT 1040
47203 - LOG_ID_ENTER_BYPASS 1041
47204 - LOG_ID_EXIT_BYPASS 1041
48000 - LOG_ID_WAD_SSL_RCV_HS 1042
48001 - LOG_ID_WAD_SSL_RCV_WRG_HS 1043
48002 - LOG_ID_WAD_SSL_SENT_HS 1044
48003 - LOG_ID_WAD_SSL_WRG_HS_LEN 1045
48004 - LOG_ID_WAD_SSL_RCV_CCS 1046
48005 - LOG_ID_WAD_SSL_RSA_DH_FAIL 1047
48006 - LOG_ID_WAD_SSL_SENT_CCS 1048
48007 - LOG_ID_WAD_SSL_BAD_HASH 1049
48009 - LOG_ID_WAD_SSL_DECRY_FAIL 1050
48011 - LOG_ID_WAD_SSL_LESS_MINOR 1051
48013 - LOG_ID_WAD_SSL_NOT_SUPPORT_CS 1052
48016 - LOG_ID_WAD_SSL_HS_FIN 1053
48017 - LOG_ID_WAD_SSL_HS_TOO_LONG 1053
48019 - LOG_ID_WAD_SSL_SENT_ALERT 1054
48023 - LOG_ID_WAD_SSL_RCV_ALERT 1055
48027 - LOG_ID_WAD_SSL_INVALID_CONT_TYPE 1056
48029 - LOG_ID_WAD_SSL_BAD_CCS_LEN 1057
48031 - LOG_ID_WAD_SSL_BAD_DH 1058
48032 - LOG_ID_WAD_SSL_PUB_KEY_TOO_BIG 1059
48034 - LOG_ID_WAD_SSL_SERVER_KEY_HASH_ALGORITHM_MISMATCH 1060
48035 - LOG_ID_WAD_SSL_SERVER_KEY_SIGNATURE_ALGORITHM_
MISMATCH 1061
48038 - LOG_ID_WAD_SSL_RCV_FATAL_ALERT 1062

FortiOS 6.4.7 Log Reference 24


Fortinet, Inc.
48039 - LOG_ID_WAD_SSL_SENT_FATAL_ALERT 1063
48101 - LOG_ID_WAD_AUTH_FAIL_PSK 1064
48102 - LOG_ID_WAD_AUTH_FAIL_OTH 1065
48301 - LOG_ID_UNEXP_APP_TYPE 1066
49002 - LOG_ID_VNP_DPDK_PRIMARY_RESTART 1067
49004 - LOGID_EVENT_HYPERV_SRIOV_SHOW_UP 1068
49005 - LOGID_EVENT_HYPERV_SRIOV_DISAPPEAR 1068
51000 - LOG_ID_NB_TBL_CHG 1069
52000 - LOG_ID_EVENT_SECURITY_AUDIT_FABRIC_SUMMARY 1070
52001 - LOG_ID_EVENT_SECURITY_AUDIT_FABRIC_CHANGE 1071
53000 - LOG_ID_SDNC_CONNECTED 1072
53001 - LOG_ID_SDNC_DISCONNECTED 1072
53002 - LOG_ID_SDNC_SUBSCRIBE 1073
53003 - LOG_ID_SDNC_UNSUBSCRIBE 1074
53100 - LOG_ID_VPN_OCVPN_REGISTERED 1075
53101 - LOG_ID_VPN_OCVPN_UNREGISTERED 1075
53102 - LOG_ID_VPN_OCVPN_COMM_ESTABLISHED 1076
53103 - LOG_ID_VPN_OCVPN_COMM_ERROR 1077
53104 - LOG_ID_VPN_OCVPN_DNS_ERROR 1077
53105 - LOG_ID_VPN_OCVPN_ROUTE_ERROR 1078
53200 - LOG_ID_CONNECTOR_OBJECT_ADD 1079
53201 - LOG_ID_CONNECTOR_OBJECT_REMOVE 1080
53202 - LOG_ID_CONNECTOR_API_FAILED 1081
53203 - LOG_ID_CONNECTOR_OBJECT_UPDATE 1081
53204 - LOG_ID_CONNECTOR_OBJECT_CANT_ADD 1082
53205 - LOG_ID_CONNECTOR_OBJECT_CANT_REMOVE 1083
53300 - LOG_ID_VNE_PRO_UPDATE_COMPLETED 1084
53301 - LOG_ID_VNE_PRO_UPDATE_FAILED 1084
53312 - LOG_ID_NPD_INFO 1085
53313 - LOG_ID_NPD_WARNING 1086
53314 - LOG_ID_NPD_ERROR 1086
FILE-FILTER 1087
64000 - LOG_ID_FILE_FILTER_BLOCK 1087
64001 - LOG_ID_FILE_FILTER_LOG 1089
GTP 1091
41216 - LOGID_GTP_FORWARD 1091
41217 - LOGID_GTP_DENY 1093
41218 - LOGID_GTP_RATE_LIMIT 1095
41219 - LOGID_GTP_STATE_INVALID 1097
41220 - LOGID_GTP_TUNNEL_LIMIT 1099
41221 - LOGID_GTP_TRAFFIC_COUNT 1100
41222 - LOGID_GTP_USER_DATA 1102
41223 - LOGID_GTPV2_FORWARD 1103
41224 - LOGID_GTPV2_DENY 1105
41225 - LOGID_GTPV2_RATE_LIMIT 1107
41226 - LOGID_GTPV2_STATE_INVALID 1108
41227 - LOGID_GTPV2_TUNNEL_LIMIT 1110
41228 - LOGID_GTPV2_TRAFFIC_COUNT 1112
41229 - LOGID_GTPU_FORWARD 1113

FortiOS 6.4.7 Log Reference 25


Fortinet, Inc.
41230 - LOGID_GTPU_DENY 1114
ICAP 1116
60000 - LOG_ID_ICAP_SERVER_ERROR 1116
IPS 1117
16384 - LOGID_ATTCK_SIGNATURE_TCP_UDP 1117
16385 - LOGID_ATTCK_SIGNATURE_ICMP 1119
16386 - LOGID_ATTCK_SIGNATURE_OTHERS 1121
16399 - LOGID_ATTACK_MALICIOUS_URL 1123
16400 - LOGID_ATTACK_BOTNET_WARNING 1125
16401 - LOGID_ATTACK_BOTNET_NOTIF 1127
SSH 1129
61000 - LOG_ID_SSH_COMMAND_BLOCK 1129
61001 - LOG_ID_SSH_COMMAND_BLOCK_ALERT 1131
61002 - LOG_ID_SSH_COMMAND_PASS 1132
61003 - LOG_ID_SSH_COMMAND_PASS_ALERT 1134
61010 - LOG_ID_SSH_CHANNEL_BLOCK 1135
61011 - LOG_ID_SSH_CHANNEL_PASS 1137
SSL 1138
62004 - LOG_ID_SSL_EXEMPT_ADDR 1138
62006 - LOG_ID_SSL_EXEMPT_WHITELIST 1140
62007 - LOG_ID_SSL_EXEMPT_FTGD_CATEGORY 1141
62008 - LOG_ID_SSL_EXEMPT_LOCAL_CATEGORY 1143
62009 - LOG_ID_SSL_EXEMPT_USER_CATEGORY 1144
62100 - LOG_ID_SSL_NEGOTIATION_INSPECT 1146
62101 - LOG_ID_SSL_NEGOTIATION_BLOCK 1147
62102 - LOG_ID_SSL_NEGOTIATION_BYPASS 1149
62300 - LOG_ID_SSL_ANOMALY_CERT_BLACKLISTED 1150
62301 - LOG_ID_SSL_ANOMALY_CERT_RESIGN_TRUSTED 1152
62302 - LOG_ID_SSL_ANOMALY_CERT_RESIGN_UNTRUSTED 1153
62303 - LOG_ID_SSL_ANOMALY_CERT_BLOCKED 1155
62304 - LOG_ID_SSL_ANOMALY_CERT_SNI_MISMATCHED 1156
Traffic 1158
2 - LOG_ID_TRAFFIC_ALLOW 1158
3 - LOG_ID_TRAFFIC_DENY 1162
4 - LOG_ID_TRAFFIC_OTHER_START 1167
5 - LOG_ID_TRAFFIC_OTHER_ICMP_ALLOW 1172
6 - LOG_ID_TRAFFIC_OTHER_ICMP_DENY 1176
7 - LOG_ID_TRAFFIC_OTHER_INVALID 1181
8 - LOG_ID_TRAFFIC_WANOPT 1185
9 - LOG_ID_TRAFFIC_WEBCACHE 1190
10 - LOG_ID_TRAFFIC_EXPLICIT_PROXY 1195
11 - LOG_ID_TRAFFIC_FAIL_CONN 1200
12 - LOG_ID_TRAFFIC_MULTICAST 1205
13 - LOG_ID_TRAFFIC_END_FORWARD 1209
14 - LOG_ID_TRAFFIC_END_LOCAL 1214
15 - LOG_ID_TRAFFIC_START_FORWARD 1219
16 - LOG_ID_TRAFFIC_START_LOCAL 1223
17 - LOG_ID_TRAFFIC_SNIFFER 1228
19 - LOG_ID_TRAFFIC_BROADCAST 1233

FortiOS 6.4.7 Log Reference 26


Fortinet, Inc.
20 - LOG_ID_TRAFFIC_STAT 1238
21 - LOG_ID_TRAFFIC_SNIFFER_STAT 1242
22 - LOG_ID_TRAFFIC_UTM_CORRELATION 1247
VoIP 1252
44032 - LOGID_EVENT_VOIP_SIP 1252
44033 - LOGID_EVENT_VOIP_SIP_BLOCK 1253
44034 - LOGID_EVENT_VOIP_SIP_FUZZING 1255
44035 - LOGID_EVENT_VOIP_SCCP_REGISTER 1256
44036 - LOGID_EVENT_VOIP_SCCP_UNREGISTER 1257
44037 - LOGID_EVENT_VOIP_SCCP_CALL_BLOCK 1259
44038 - LOGID_EVENT_VOIP_SCCP_CALL_INFO 1260
WAF 1261
30248 - LOGID_WAF_SIGNATURE_BLOCK 1261
30249 - LOGID_WAF_SIGNATURE_PASS 1263
30250 - LOGID_WAF_SIGNATURE_ERASE 1265
30251 - LOGID_WAF_CUSTOM_SIGNATURE_BLOCK 1267
30252 - LOGID_WAF_CUSTOM_SIGNATURE_PASS 1268
30253 - LOGID_WAF_METHOD_BLOCK 1270
30255 - LOGID_WAF_ADDRESS_LIST_BLOCK 1272
30257 - LOGID_WAF_CONSTRAINTS_BLOCK 1274
30258 - LOGID_WAF_CONSTRAINTS_PASS 1275
30259 - LOGID_WAF_URL_ACCESS_PERMIT 1277
30260 - LOGID_WAF_URL_ACCESS_BYPASS 1279
30261 - LOGID_WAF_URL_ACCESS_BLOCK 1281
Web 1282
12288 - LOG_ID_WEB_CONTENT_BANWORD 1282
12290 - LOG_ID_WEB_CONTENT_EXEMPTWORD 1284
12292 - LOG_ID_WEB_CONTENT_KEYWORD 1286
12293 - LOG_ID_WEB_CONTENT_SEARCH 1288
12544 - LOG_ID_URL_FILTER_BLOCK 1291
12545 - LOG_ID_URL_FILTER_EXEMPT 1293
12546 - LOG_ID_URL_FILTER_ALLOW 1295
12547 - LOG_ID_URL_FILTER_INVALID_HOSTNAME_HTTP_BLK 1297
12548 - LOG_ID_URL_FILTER_INVALID_HOSTNAME_HTTPS_BLK 1298
12549 - LOG_ID_URL_FILTER_INVALID_HOSTNAME_HTTP_PASS 1300
12550 - LOG_ID_URL_FILTER_INVALID_HOSTNAME_HTTPS_PASS 1302
12551 - LOG_ID_URL_FILTER_INVALID_HOSTNAME_SNI_BLK 1304
12552 - LOG_ID_URL_FILTER_INVALID_HOSTNAME_SNI_PASS 1306
12553 - LOG_ID_URL_FILTER_INVALID_CERT 1308
12554 - LOG_ID_URL_FILTER_INVALID_SESSION 1309
12555 - LOG_ID_URL_FILTER_SRV_CERT_ERR_BLK 1311
12556 - LOG_ID_URL_FILTER_SRV_CERT_ERR_PASS 1313
12557 - LOG_ID_URL_FILTER_FAMS_NOT_ACTIVE 1315
12558 - LOG_ID_URL_FILTER_RATING_ERR 1316
12559 - LOG_ID_URL_FILTER_PASS 1317
12560 - LOG_ID_URL_WISP_BLOCK 1319
12561 - LOG_ID_URL_WISP_REDIR 1321
12562 - LOG_ID_URL_WISP_ALLOW 1323
12688 - LOG_ID_WEB_SSL_EXEMPT 1325

FortiOS 6.4.7 Log Reference 27


Fortinet, Inc.
12800 - LOG_ID_WEB_FTGD_ERR 1327
12801 - LOG_ID_WEB_FTGD_WARNING 1329
12802 - LOG_ID_WEB_FTGD_QUOTA 1331
13056 - LOG_ID_WEB_FTGD_CAT_BLK 1332
13057 - LOG_ID_WEB_FTGD_CAT_WARN 1334
13312 - LOG_ID_WEB_FTGD_CAT_ALLOW 1336
13315 - LOG_ID_WEB_FTGD_QUOTA_COUNTING 1338
13316 - LOG_ID_WEB_FTGD_QUOTA_EXPIRED 1340
13317 - LOG_ID_WEB_URL 1343
13568 - LOG_ID_WEB_SCRIPTFILTER_ACTIVEX 1345
13573 - LOG_ID_WEB_SCRIPTFILTER_COOKIE 1347
13584 - LOG_ID_WEB_SCRIPTFILTER_APPLET 1349
13600 - LOG_ID_WEB_SCRIPTFILTER_OTHER 1351
13601 - LOG_ID_WEB_WF_COOKIE 1352
13602 - LOG_ID_WEB_WF_REFERER 1354
13603 - LOG_ID_WEB_WF_COMMAND_BLOCK 1356
13616 - LOG_ID_CONTENT_TYPE_BLOCK 1358
13632 - LOGID_HTTP_HDR_CHG_REQ 1360
13633 - LOGID_HTTP_HDR_CHG_RESP 1362
13648 - LOG_ID_WEB_WF_ANTIPHISH_MATCH_URL_ALLOW 1363
13649 - LOG_ID_WEB_WF_ANTIPHISH_MATCH_FTGD_ALLOW 1365
13650 - LOG_ID_WEB_WF_ANTIPHISH_MATCH_DEFAULT_ALLOW 1367
13651 - LOG_ID_WEB_WF_ANTIPHISH_MATCH_URL_BLOCK 1369
13652 - LOG_ID_WEB_WF_ANTIPHISH_MATCH_FTGD_BLOCK 1371
13653 - LOG_ID_WEB_WF_ANTIPHISH_MATCH_DEFAULT_BLOCK 1373

FortiOS 6.4.7 Log Reference 28


Fortinet, Inc.
Change Log

Date Change Description

2021-08-26 Initial release.

FortiOS 6.4.7 Log Reference 29


Fortinet, Inc.
Introduction

This document provides information about all the log messages applicable to the FortiGate devices running FortiOS
version 6.4.7 or higher. The logs are intended for administrators to use as reference for more information about a specific
log entry and message generated by FortiOS.
This document also provides information about log fields when FortiOS sends log messages to remote syslog servers in
Common Event Format (CEF). See CEF Support on page 58. It also describes how to enable extended logging. See
UTM Extended Logging on page 69.

Performance statistics are not logged to disk. Performance statistics can be received by a
syslog server or by FortiAnalyzer.

Before you begin

Before you begin using this reference, read the following notes:
l Information in this document applies to all FortiGate units that are currently running FortiOS 6.4.7 or higher.
l Ensure that you have enabled logging for the FortiOS unit.
l Each log message is displayed in the Log & Report pane of the GUI. You can also download the RAW format from
the Log & Report pane.
l Each log message is documented similar to how it appears in the RAW format.

This reference contains detailed information for each log type and subtype; however, this
reference contains only information gathered at publication and, as a result, not every log
message field contains detailed information.

FortiOS 6.4.7 Log Reference 30


Fortinet, Inc.
Introduction

What's new

This section identifies major changes in the Log Reference from version 6.4.0 and later. For more information about new
features, please see the FortiOS 6.4 New Features Guide.

FortiOS 6.4.7

Log ID changes

The following log IDs are changed.


Event logs:

LogID Message Change

53312 LOG_ID_NPD_INFO Log ID Added

53313 LOG_ID_NPD_WARNING Log ID Added

53314 LOG_ID_NPD_ERROR Log ID Added

FortiOS 6.4.6

Log ID changes

The following log IDs are changed.


Event logs:

LogID Message Change

34418 LOG_ID_NP6_HPE_PACKET_DROP Log ID Added

34419 LOG_ID_NP6_HPE_PACKET_FLOOD Log ID Added

43707 LOG_ID_EVENT_WIRELESS_WTPR_SSID_UP Log ID Added

43708 LOG_ID_EVENT_WIRELESS_WTPR_SSID_DOWN Log ID Added

FortiOS 6.4.5

Log ID changes

The following log IDs are changed.


Event logs:

FortiOS 6.4.7 Log Reference 31


Fortinet, Inc.
Introduction

LogID Message Change

45120 LOG_ID_EC_INVALID_EMS_TAG_REFERENCED Log ID Removed

53203 LOG_ID_CONNECTOR_OBJECT_UPDATE Log ID Added

53204 LOG_ID_CONNECTOR_OBJECT_CANT_ADD Log ID Added

53205 LOG_ID_CONNECTOR_OBJECT_CANT_REMOVE Log ID Added

FortiOS 6.4.4

There are no major log changes between FortiOS 6.4.3 and 6.4.4.

FortiOS 6.4.3

Log field values

The following log field values are changed.


AV logs:

Field Change

attachment Field Added

cc Field Added

subject Field Added

DLP logs:

Field Change

attachment Field Added

cc Field Added

Event logs:

Field Change

operdrmamode Field Added

slctdrmamode Field Added

useralt Field Added

FILE-FILTER logs:

FortiOS 6.4.7 Log Reference 32


Fortinet, Inc.
Introduction

Field Change

attachment Field Added

cc Field Added

Traffic logs:

Field Change

vwlname Field Added

Log ID changes

The following log IDs are changed.


Event logs:

LogID Message Change

22954 LOG_ID_INET_SVC_OBSOLETE Log ID Added

32096 LOG_ID_GUI_DOWNLOAD_LOG Log ID Added

40706 LOG_ID_EVENT_SYS_BROKEN_SYMBOLIC_LINK Log ID Added

43693 LOG_ID_EVENT_WIRELESS_STA_WNM_ACTION_BSTM_REQ Log ID Added

43694 LOG_ID_EVENT_WIRELESS_STA_WNM_ACTION_BSTM_RESP_ Log ID Added


ACCEPT

43695 LOG_ID_EVENT_WIRELESS_STA_WNM_ACTION_BSTM_RESP_ Log ID Added


REJECT

43696 LOG_ID_EVENT_WIRELESS_WTPR_DRMA_START Log ID Added

43697 LOG_ID_EVENT_WIRELESS_WTPR_DRMA_STOP Log ID Added

43698 LOG_ID_EVENT_WIRELESS_WTPR_DRMA_MODE Log ID Added

43699 LOG_ID_EVENT_WIRELESS_STA_DHCP6_SOLICIT Log ID Added

43700 LOG_ID_EVENT_WIRELESS_STA_DHCP6_ADVERTISE Log ID Added

43701 LOG_ID_EVENT_WIRELESS_STA_DHCP6_REQUEST Log ID Added

43702 LOG_ID_EVENT_WIRELESS_STA_DHCP6_CONFIRM Log ID Added

43703 LOG_ID_EVENT_WIRELESS_STA_DHCP6_RENEW Log ID Added

43704 LOG_ID_EVENT_WIRELESS_STA_DHCP6_REPLY Log ID Added

43705 LOG_ID_EVENT_WIRELESS_STA_DHCP6_RELEASE Log ID Added

43706 LOG_ID_EVENT_WIRELESS_STA_DHCP6_RECONFIGURE Log ID Added

53202 LOG_ID_CONNECTOR_API_FAILED Log ID Added

FortiOS 6.4.7 Log Reference 33


Fortinet, Inc.
Introduction

FortiOS 6.4.2

Log field values

The following log field values are changed.


Event logs:

Field Change

bibandwidthused Field Added

inbandwidthused Field Added

outbandwidthused Field Added

Email logs:

Field Change

webmailprovider Field Added

GTP logs:

Field Change

cggsn6 Field Added

cgsn6 Field Added

cpaddr6 Field Added

cpdladdr6 Field Added

cpdlisraddr6 Field Added

cpuladdr6 Field Added

csgsn6 Field Added

from6 Field Added

to6 Field Added

uggsn6 Field Added

ugsn6 Field Added

usgsn6 Field Added

DNS logs:

Field Change

rcode Field Added

Traffic logs:

FortiOS 6.4.7 Log Reference 34


Fortinet, Inc.
Introduction

Field Change

dstgroup Field Removed

tunnelid Field Added

Log ID changes

The following log IDs are changed.


AV logs:

LogID Message Change

8981 MESGID_SCAN_AV_CDR_INTERNAL_ERROR Log ID Added

Event logs:

LogID Message Change

43692 LOG_ID_EVENT_WIRELESS_WTPR_ANTENNA_DEFECT_DETECT Log ID Added

49002 LOG_ID_VNP_DPDK_PRIMARY_RESTART Log ID Added

49004 LOGID_EVENT_HYPERV_SRIOV_SHOW_UP Log ID Added

49005 LOGID_EVENT_HYPERV_SRIOV_DISAPPEAR Log ID Added

Email logs:

LogID Message Change

20480 LOGID_ANTISPAM_EMAIL_SMTP_NOTIF Log ID Removed

20481 LOGID_ANTISPAM_EMAIL_SMTP_BWORD_NOTIF Log ID Removed

20482 LOGID_ANTISPAM_EMAIL_POP3_NOTIF Log ID Removed

20483 LOGID_ANTISPAM_EMAIL_POP3_BWORD_NOTIF Log ID Removed

20484 LOGID_ANTISPAM_EMAIL_IMAP_NOTIF Log ID Removed

20491 LOGID_ANTISPAM_EMAIL_IMAP_BWORD_NOTIF Log ID Removed

20500 LOGID_ANTISPAM_EMAIL_MSN_NOTIF Log ID Removed

20501 LOGID_ANTISPAM_EMAIL_YAHOO_NOTIF Log ID Removed

20502 LOGID_ANTISPAM_EMAIL_GOOGLE_NOTIF Log ID Removed

20503 LOGID_EMAIL_SMTP_GENERAL_NOTIF Log ID Removed

20504 LOGID_EMAIL_POP3_GENERAL_NOTIF Log ID Removed

20505 LOGID_EMAIL_IMAP_GENERAL_NOTIF Log ID Removed

20506 LOGID_EMAIL_MAPI_GENERAL_NOTIF Log ID Removed

FortiOS 6.4.7 Log Reference 35


Fortinet, Inc.
Introduction

LogID Message Change

20507 LOGID_ANTISPAM_EMAIL_MAPI_BWORD_NOTIF Log ID Removed

20508 LOGID_ANTISPAM_EMAIL_MAPI_NOTIF Log ID Removed

20480 LOGID_ANTISPAM_EMAIL_NOTIF Log ID Added

20481 LOGID_EMAIL_GENERAL_NOTIF Log ID Added

20482 LOGID_ANTISPAM_EMAIL_BWORD_NOTIF Log ID Added

20510 LOGID_ANTISPAM_EMAIL_WEBMAIL_NOTIF Log ID Added

FortiOS 6.4.1

Log field values

The following log field values are changed.


App logs:

Field Change

parameters Field Added

Event logs:

Field Change

snr Field Added

Traffic logs:

Field Change

dstauthserver Field Added

dstgroup Field Added

dstuser Field Added

signal Field Added

snr Field Added

Log ID changes

The following log IDs are changed.


Event logs:

FortiOS 6.4.7 Log Reference 36


Fortinet, Inc.
Introduction

LogID Message Change

20114 LOG_ID_IPSA_SELFTEST_FAIL Log ID Added

46516 LOG_ID_INTERNAL_LTE_MODEM_BEARER_TECH_CHANGE Log ID Added

53300 LOG_ID_VNE_PRO_UPDATE_COMPLETED Log ID Added

53301 LOG_ID_VNE_PRO_UPDATE_FAILED Log ID Added

SSL logs:

LogID Message Change

62005 LOG_ID_SSL_EXEMPT_CATEGORY Log ID Removed

62007 LOG_ID_SSL_EXEMPT_FTGD_CATEGORY Log ID Added

62008 LOG_ID_SSL_EXEMPT_LOCAL_CATEGORY Log ID Added

62009 LOG_ID_SSL_EXEMPT_USER_CATEGORY Log ID Added

FortiOS 6.4.0

Log type and subtype changes

l Internet Content Adaptation Protocol (ICAP) is added as a new log type with a log category ID of 20.
l SD-WAN is added as a new Event log subtype.

Log field values

The following log field values are changed.


Event logs:

Field Change

auditreporttype Field Added

bibandwidth Field Added

checksum Field Removed

created Field Added

eventtype Field Added

hbdn_reason Field Removed

healthcheck Field Added

inbandwidth Field Added

infected Field Removed

FortiOS 6.4.7 Log Reference 37


Fortinet, Inc.
Introduction

Field Change

jitter Field Added

latency Field Added

member Field Added

msgproto Field Removed

neighbor Field Added

newvalue Field Added

nf_type Field Removed

numpassmember Field Added

oldvalue Field Added

outbandwidth Field Added

packetloss Field Added

profile_vd Field Removed

profilegroup Field Removed

profiletype Field Removed

scanned Field Removed

serviceid Field Added

sess_duration Field Removed

slamap Field Added

slatargetid Field Added

stitchaction Field Added

suspicious Field Removed

to Field Removed

virus Field Removed

waninfo Field Added

ICAP logs:

Field Change

action Field Added

date Field Added

devid Field Added

dstintf Field Added

FortiOS 6.4.7 Log Reference 38


Fortinet, Inc.
Introduction

Field Change

dstintfrole Field Added

dstip Field Added

dstport Field Added

eventtime Field Added

eventtype Field Added

level Field Added

logid Field Added

msg Field Added

policyid Field Added

profile Field Added

proto Field Added

service Field Added

sessionid Field Added

srcintf Field Added

srcintfrole Field Added

srcip Field Added

srcport Field Added

subtype Field Added

time Field Added

type Field Added

tz Field Added

url Field Added

vd Field Added

SSL logs:

Field Change

certdesc Field Added

eventsubtype Field Added

reason Field Removed

vrf Field Added

Traffic logs:

FortiOS 6.4.7 Log Reference 39


Fortinet, Inc.
Introduction

Field Change

counticap Field Added

dstcity Field Added

dstregion Field Added

srccity Field Added

srcregion Field Added

Web logs:

Field Change

antiphishdc Field Added

antiphishrule Field Added

Log ID changes

The following log IDs are changed.


AV logs:

Log ID Message Change

8457 MESGID_MMS_CHECKSUM Log ID Removed

8458 MESGID_MMS_CHECKSUM_NOTIF Log ID Removed

CIFS logs:

Log ID Message Change

63002 LOG_ID_CIFS_CONN_FAIL Log ID Added

63003 LOG_ID_CIFS_AUTH_FAIL Log ID Added

63004 LOG_ID_CIFS_AUTH_INTERNAL_ERROR Log ID Added

63005 LOG_ID_CIFS_AUTH_KRB_ERROR Log ID Added

Email logs:

LogID Message Change

20485 LOGID_ANTISPAM_ENDPOINT_FILTER_WARNING Log ID Removed

20486 LOGID_ANTISPAM_ENDPOINT_FILTER_NOTIF Log ID Removed

20487 LOGID_ANTISPAM_ENDPOINT_MM7_WARNING Log ID Removed

20488 LOGID_ANTISPAM_ENDPOINT_MM7_NOTIF Log ID Removed

FortiOS 6.4.7 Log Reference 40


Fortinet, Inc.
Introduction

LogID Message Change

20489 LOGID_ANTISPAM_ENDPOINT_MM1_WARNING Log ID Removed

20490 LOGID_ANTISPAM_ENDPOINT_MM1_NOTIF Log ID Removed

20492 LOGID_ANTISPAM_MM1_FLOOD_WARNING Log ID Removed

20493 LOGID_ANTISPAM_MM1_FLOOD_NOTIF Log ID Removed

20494 LOGID_ANTISPAM_MM4_FLOOD_WARNING Log ID Removed

20495 LOGID_ANTISPAM_MM4_FLOOD_NOTIF Log ID Removed

20496 LOGID_ANTISPAM_MM1_DUPE_WARNING Log ID Removed

20497 LOGID_ANTISPAM_MM1_DUPE_NOTIF Log ID Removed

20498 LOGID_ANTISPAM_MM4_DUPE_WARNING Log ID Removed

20499 LOGID_ANTISPAM_MM4_DUPE_NOTIF Log ID Removed

Event logs:

LogID Message Change

20079 LOG_ID_RAD_READY Log ID Removed

22033 LOG_ID_FAIL_CSF_LOG_SYNC_NO_VALID_FSA Log ID Removed

22050 LOG_ID_IPAMD_ADDRESS_ALLOCATED Log ID Added

22051 LOG_ID_IPAMD_ADDRESS_SET_FAILED Log ID Added

22052 LOG_ID_IPAMD_ADDRESS_INVALIDATED Log ID Added

22053 LOG_ID_IPAMD_VALIDATION_COMPLETE Log ID Added

22220 LOG_ID_EXT_RESOURCE Log ID Added

22221 LOG_ID_EXT_RESOURCE_FAIL Log ID Added

22222 LOG_ID_EXT_RESOURCE_LOAD Log ID Added

22223 LOG_ID_EXT_RESOURCE_DEBUG Log ID Added

22897 LOG_ID_FLCFGD_NAC_ADD Log ID Added

22898 LOG_ID_FLCFGD_NAC_DELETE Log ID Added

22899 LOG_ID_FLCFGD_NAC_MODIFY Log ID Added

22919 LOG_ID_SVR_LOG_STATUS_CHANGED Log ID Added

37910 MESGID_HB_PACKET_LOST Log ID Added

38400 LOGID_EVENT_NOTIF_SEND_SUCC Log ID Removed

38401 LOGID_EVENT_NOTIF_SEND_FAIL Log ID Removed

38402 LOGID_EVENT_NOTIF_DNS_FAIL Log ID Removed

FortiOS 6.4.7 Log Reference 41


Fortinet, Inc.
Introduction

LogID Message Change

43264 LOGID_MMS_STATS Log ID Removed

43688 LOG_ID_EVENT_WIRELESS_APCFG_RECEIVE Log ID Added

43689 LOG_ID_EVENT_WIRELESS_APCFG_VALIDATING Log ID Added

43690 LOG_ID_EVENT_WIRELESS_APCFG_APPLY Log ID Added

43691 LOG_ID_EVENT_WIRELESS_APCFG_REJECT Log ID Added

45109 LOG_ID_EC_FTCL_LOGOFF Log ID Removed

45119 LOG_ID_EC_FTCL_DISCONN Log ID Removed

45120 LOG_ID_EC_INVALID_EMS_TAG_REFERENCED Log ID Added

48300 LOG_ID_WRG_SVR_FGT_CONF Log ID Removed

ICAP logs:

Log ID Message Change

60000 LOG_ID_ICAP_SERVER_ERROR Log ID Added

SSL logs:

Log ID Message Change

62000 LOG_ID_SSL_CERT_BLACKLISTED Log ID Removed

62001 LOG_ID_SSL_CERT_PASS Log ID Removed

62002 LOG_ID_SSL_CERT_BLOCK Log ID Removed

62003 LOG_ID_SSL_EXEMPT Log ID Removed

62004 LOG_ID_SSL_EXEMPT_ADDR Log ID Added

62005 LOG_ID_SSL_EXEMPT_CATEGORY Log ID Added

62006 LOG_ID_SSL_EXEMPT_WHITELIST Log ID Added

62050 LOG_ID_SSL_HS_CERT_REQ_EXEMPT Log ID Removed

62051 LOG_ID_SSL_HS_CERT_REQ_BLOCK Log ID Removed

62052 LOG_ID_SSL_HS_UNSUPPROTED_EXEMPT Log ID Removed

62053 LOG_ID_SSL_HS_UNSUPPORTED_BLOCK Log ID Removed

62100 LOG_ID_SSL_NEGOTIATION_INSPECT Log ID Added

62101 LOG_ID_SSL_NEGOTIATION_BLOCK Log ID Added

62102 LOG_ID_SSL_NEGOTIATION_BYPASS Log ID Added

62200 LOG_ID_SSL_EXEMPT_ADDR Log ID Removed

62202 LOG_ID_SSL_EXEMPT_FTGD_CAT Log ID Removed

FortiOS 6.4.7 Log Reference 42


Fortinet, Inc.
Introduction

Log ID Message Change

62300 LOG_ID_SSL_ANOMALY_CERT_BLACKLISTED Log ID Added

62301 LOG_ID_SSL_ANOMALY_CERT_RESIGN_TRUSTED Log ID Added

62302 LOG_ID_SSL_ANOMALY_CERT_RESIGN_UNTRUSTED Log ID Added

62303 LOG_ID_SSL_ANOMALY_CERT_BLOCKED Log ID Added

62304 LOG_ID_SSL_ANOMALY_CERT_SNI_MISMATCHED Log ID Added

Web logs:

Log ID Message Change

12289 LOG_ID_WEB_CONTENT_MMS_BANWORD Log ID Removed

12291 LOG_ID_WEB_CONTENT_MMS_EXEMPTWORD Log ID Removed

12305 LOG_ID_WEB_CONTENT_MMS_BANWORD_NOTIF Log ID Removed

13648 LOG_ID_WEB_WF_ANTIPHISH_MATCH_URL_ALLOW Log ID Added

13649 LOG_ID_WEB_WF_ANTIPHISH_MATCH_FTGD_ALLOW Log ID Added

13650 LOG_ID_WEB_WF_ANTIPHISH_MATCH_DEFAULT_ALLOW Log ID Added

13651 LOG_ID_WEB_WF_ANTIPHISH_MATCH_URL_BLOCK Log ID Added

13652 LOG_ID_WEB_WF_ANTIPHISH_MATCH_FTGD_BLOCK Log ID Added

13653 LOG_ID_WEB_WF_ANTIPHISH_MATCH_DEFAULT_BLOCK Log ID Added

FortiOS 6.4.7 Log Reference 43


Fortinet, Inc.
Log Types and Subtypes

This section describes the log types, subtypes, and priority levels. It also describes the log field format.

Type

Each log entry contains a Type (type) or category field that indicates its log type and which log file stores the log entry.

Subtype

Each log entry contains a Sub Type (subtype) or subcategory field within a log type, based on the feature associated with
the cause of the log entry.
For example:
l In event logs, some of the subtypes are compliance check, system, and user.
l In traffic logs, the subtypes are forward, local, multicast, and sniffer.

List of log types and subtypes

FortiGate devices can record the following types and subtypes of log entry information:

Type Description Subtype

Traffic Records traffic flow information, such as an l Forward


HTTP/HTTPS request and its response, if l Local
any. l Multicast
l Sniffer

Event Records system and administrative events, l Compliance-check


such as downloading a backup copy of the l Connector
configuration, or daemon activities. l Endpoint control
l FortiExtender
l High Availability
l Router
l SD-WAN
l Security-audit
l System
l User

FortiOS 6.4.7 Log Reference 44


Fortinet, Inc.
Log Types and Subtypes

Type Description Subtype


l Virtual Private Network (VPN)
l WAD
l Wireless

UTM Records UTM events. See list of UTM log subtypes below

UTM log subtypes

UTM Log Description Event Type


Subtypes

Virus Records virus attacks. l Analytics


l Filename
l Filetype Executable
l Infected
l Malware list
l Mime Fragmented
l Outbreak-prevention
l Oversized
l Scan Error
l Suspicious
l Switch Proto

Web Filter Records web filter events. l ActiveX Filter


l Applet Filter
l webfilter_command_block
l Content
l Cookie Filter
l FortiGuard Allow
l FortiGuard Block
l FortiGuard Quota Counting
l FortiGuard Quota Expired
l Script Filter
l URL Filter

IPS Records intrusion prevention events. l Botnet


l Malicious URL
l Signature

Email Filter Records email filter events. l Carrier Endpoint Filter


l File Filter
l FTGD Error
l Google Gmail
l IMAP
l MAPI

FortiOS 6.4.7 Log Reference 45


Fortinet, Inc.
Log Types and Subtypes

UTM Log Description Event Type


Subtypes
l MMS
l MSN Hotmail
l POP3
l SMTP
l Yahoo Mail

Anomaly Records intrusion attempts. l Anomaly

VoIP Records voice over IP events. l VoIP

DLP Records data leak prevention events. l DLP


l Document Source

App-CTRL Records intrusion attempts. Application l Signature


Control log is output when a signature l Port-violation
matches an application pattern. l Protocol-violation

WAF Records web application firewall information l Address List


for FortiWeb appliances and virtual l Custom Signature
appliances. l HTTP Constraint
l HTTP Method
l Signature
l URL access

DNS Records domain name server events. l DNS-query


l DNS-response

SSH Records Secure Socket Shell events. l SSH Channel


l SSH Command

SSL Records detected/blocked malicious SSL l SSL anomalies


connections. l SSL exempt

CIFS Records CIFS file filter events. l CIFS-auth-all

File Filter Records file filter events. l File-filter

ICAP Records ICAP events. l ICAP

FortiOS priority levels

Each log entry contains a Level (level) field that indicates the estimated severity of the event that caused the log entry,
such as level=warning, and therefore how high a priority it is likely to be. Level (level) associations with the
descriptions below are not always uniform. They also may not correspond with your own definitions of how severe each
event is. If you require notification when a specific event occurs, either configure SNMP traps or alert email by
administrator-defined Severity Level (severity_level) or ID (logid), not by Level (level).

FortiOS 6.4.7 Log Reference 46


Fortinet, Inc.
Log Types and Subtypes

Level (0 is Name Description


highest)

0 Emergency The system is unusable or not responding.

1 Alert Immediate action required. Used in security logs.

2 Critical Functionality is affected.

3 Error An error exists and functionality could be affected.

4 Warning Functionality could be affected.

5 Notification Information about normal events.

6 Information General information about system operations. Used in event logs to


record configuration changes.

For each location where the FortiGate device can store log files (disk, memory, Syslog or FortiAnalyzer), you can define
a severity threshold. FortiOS stores all log messages equal to or exceeding the log severity level selected. For example,
if you select Error, FortiOS will store log messages whose log severity level is Error, Critical, Alert, and Emergency.

Log field format

The following table describes the standard format in which each log type is described in this document. For
documentation purposes, all log types and subtypes follow this generic table format to present the log entry information.

Log Field Name Description Data Type Length

appact The security action from app control string 16

FortiOS 6.4.7 Log Reference 47


Fortinet, Inc.
Log Schema Structure

This section describes the schema of the FortiOS log messages.

Log message fields

Each log message consists of several sections of fields. In the FortiOS GUI, you can view the logs in the Log & Report
pane, which displays the formatted view. If you want to view logs in raw format, you must download the log and view it in
a text editor.
Following is an example of a traffic log message in raw format:
date=2017-11-15 time=11:44:16 logid="0000000013" type="traffic" subtype="forward"
level="notice" vd="vdom1" eventtime=1510775056 srcip=10.1.100.155 srcname="pc1"
srcport=40772 srcintf="port12" srcintfrole="undefined" dstip=35.197.51.42
dstname="fortiguard.com" dstport=443 dstintf="port11" dstintfrole="undefined"
poluuid="707a0d88-c972-51e7-bbc7-4d421660557b" sessionid=8058 proto=6 action="close"
policyid=1 policytype="policy" policymode="learn" service="HTTPS" dstcountry="United
States" srccountry="Reserved" trandisp="snat" transip=172.16.200.2 transport=40772
appid=40568 app="HTTPS.BROWSER" appcat="Web.Client" apprisk="medium" duration=2
sentbyte=1850 rcvdbyte=39898 sentpkt=25 rcvdpkt=37 utmaction="allow" countapp=1
devtype="Linux PC" osname="Linux" mastersrcmac="a2:e9:00:ec:40:01"
srcmac="a2:e9:00:ec:40:01" srcserver=0 utmref=0-220586

The following table provides an example of the log field information in the FortiOS GUI in the detailed view of the Log &
Report pane and in the downloaded, raw log file.

GUI Field Name Field Description Example Field Value in Raw Format


(Raw Field Name)

General

Date (date) Day, month, and year when the log date=2017-11-15


message was recorded.

Direction (direction) Indicates message/packets direction=incoming


direction.

Time (time) Hour clock when the log message time=11:44:16


was recorded.

Duration (duration) Duration of the session. duration=2

Session ID (sessionid) ID for the session. sessionid=8058

Virtual Domain (vd) Name of the virtual domain in which vd="vdom1"


the log message was recorded.

FortiOS 6.4.7 Log Reference 48


Fortinet, Inc.
Log Schema Structure

GUI Field Name Field Description Example Field Value in Raw Format


(Raw Field Name)

NAT Translation NAT source port. transport=40772


(transport)

Source

IP (srcip) IP address of the traffic’s origin. The srcip=10.1.100.155


source varies by the direction:
l In HTTP requests, this is the
web browser or other client.
l In HTTP responses, this is the
physical server.

NAT IP (transip) NAT source IP. transip=172.16.200.2

Source Port (srcport) Port number of the traffic's origin. srcport=40772

Country (srccountry) Name of the source country. srccountry="Reserved"

Source Interface(srcintf) Interface name of the traffic's origin. srcintf="port12"

Source Name (srcname) Name of the source. srcname="pc1"

Source Interface Name Name of the source interface. srcintfrole="undefined"


(srcintfrole)

Device Type (devtype) Device type of the source. devtype="Linux PC"

OS Name (osname) OS of the source. osname="Linux"

Master Source MAC  The master MAC address for a host mastersrcmac="a2:e9:00:ec:40:01"
(mastersrcmac) that has multiple network interfaces.

Source MAC (srcmac) MAC address associated with the srcmac="a2:e9:00:ec:40:01"


source IP address.

Source Server Server of the source. srcserver=0


(srcserver)

Device ID (devid) Serial number of the device for the devid="FGVM02Q105060010"


traffic's origin.

Destination

IP (dstip) Destination IP address for the web. dstip=35.197.51.42

Port (dstport) Port number of the traffic's dstport=443


destination.

Country (dstcountry) Name of the destination country. dstcountry="United States"

Destination Interface Interface of the traffic's destination. dstintf="port11"


(dstintf)

FortiOS 6.4.7 Log Reference 49


Fortinet, Inc.
Log Schema Structure

GUI Field Name Field Description Example Field Value in Raw Format


(Raw Field Name)

Destination Name Name of the destination. dstname="fortiguard.com"


(dstname)

Destination Interface Name of the destination interface. dstintfrole="undefined"


Name (dstinfrole)

Application

Application Name (app) Name of the application. app="HTTPS.BROWSER"

Category (appcat) Category of the application. appcat="Web.Client"

Service (service) Name of the service. service="HTTPS"

Application ID (appid) ID of the application. appid=40568

Application Risk Risk level of the application. apprisk="medium"


(apprisk)

countapp Number of App Ctrl logs associated countapp=1


with the session.

Data

Received bytes Number of bytes received. rcvdbyte=39898


(rcvdbyte)

Received packets Number of packets received. rcvdpkt=37


(rcvdpkt)

Sent bytes (sentbyte) Number of bytes sent. sentbyte=1850

Sent packets (sentpkt) Number of packets sent. sentpkt=25

Action

Action (action) Status of the session. Uses action=close


following definitions:
l Deny: blocked by firewall policy

l Start: session start log (special

option to enable logging at start


of a session). This means
firewall allowed.
l All Others: allowed by Firewall

Policy and the status indicates


how it was closed.

Policy (policyid) Name of the firewall policy policyid=1


governing the traffic which caused
the log message.

Policy UUID (poluuid) UUID for the firewall policy. poluuid="707a0d88-c972-51e7-bbc7-


4d421660557b"

FortiOS 6.4.7 Log Reference 50


Fortinet, Inc.
Log Schema Structure

GUI Field Name Field Description Example Field Value in Raw Format


(Raw Field Name)

Policy Type (policytype) policytype="policy"

Policy Mode Firewall policy mode. policymode="learn"


(policymode)

Security

Level (level) Security level rating. level="notice"

Other

Event Time (eventtime) Epoch time the log was triggered by eventtime=1510775056


FortiGate. If you convert the epoch
time to human readable time, it
might not match the Date and Time
in the header owing to a small delay
between the time the log was
triggered and recorded. The Log
Time field is the same for the same
log among all log devices, but the
Date and Time might differ.

Protocol Number (proto) tcp: The protocol used by web traffic proto=6


(tcp by default)

Type (type) Log type. See Type on page 44 type="traffic"

Log ID (logid) Log ID. See Log ID definitions on logid="0000000013"


page 52

Sub Type(subtype)  Subtype of the traffic. See Subtype subtype="forward"


on page 44.

trandisp NAT translation type. trandisp="snat"

UTM Action (utmaction) Security action performed by UTM. utmaction="allow"

UTM Reference (utmref) UTM reference number. utmref=0-220586

UTM Reference (utmref) UTM reference number. utmref=0-220586

Log ID numbers

The ID (logid) is a 10-digit field. It is a unique identifier for that specific log and includes the following information about
the log entry.

FortiOS 6.4.7 Log Reference 51


Fortinet, Inc.
Log Schema Structure

Log ID number Description Examples


components

Log Type Represented by the first two digits of l Traffic log IDs begin with "00".
the log ID. l Event log IDs begin with "01".

Sub Type or Event Type Represented by the second two digits l VPN log subtype is represented with
of the log ID. "01" which belongs to the Event log type
that is represented with "01".
Therefore, all VPN related Event log IDs
will begin with the 0101 log ID series.

Message ID The last six digits of the log ID l An administrator account always has the
represent the message ID. log ID 0000003401.

The logid field is a number assigned to all permutations of the same message. It classifies a log entry by the nature of the
cause of the log message, such as administrator authentication failures or traffic. Other log messages that share the
same cause will share the same logid.

Log ID definitions

Following are the definitions for the log type IDs and subtype IDs applicable to FortiOS version 5.2.1 and later.

Log Category IDs Subtype IDs

traffic: 0 l forward: 0
l local: 1
l multicast: 2
l sniffer: 4

event: 1 l system: 0
l vpn: 1
l user: 2
l router: 3
l wireless: 4
l wad: 5
l endpoint: 7
l ha: 8
l security-rating: 10
l fortiextender: 11
l connector: 12
l sdwan: 13

virus: 2 l analytics: 1
l botnet: 2
l filetype-executable: 3
l outbreak-prevention: 4
l content-disarm: 5

FortiOS 6.4.7 Log Reference 52


Fortinet, Inc.
Log Schema Structure

Log Category IDs Subtype IDs


l command-blocked: 6
l malware-list: 7
l infected: 11
l filename: 12
l oversize: 13
l mimefragmented: 61
l scanerror: 62
l switchproto: 63

webfilter: 3 l unknown: 0
l content: 14
l urlfilter: 15
l ftgd_blk: 16
l ftgd_allow: 17
l ftgd_err: 18
l activexfilter: 35
l cookiefilter: 36
l appletfilter: 37
l ftgd_quota_counting: 38
l ftgd_quota: 40
l scriptfilter: 41
l webfilter_command_block: 43
l http_header_change: 44
l ssl-exempt: 45
l antiphishing: 46

ips: 4 l signature: 19
l malicious_url: 21
l botnet

email: 5 l msn-hotmail: 5
l yahoo-mail: 6
l gmail: 7
l smtp: 8
l pop3: 9
l imap: 10
l mapi: 11
l carrier-endpoint-filter: 47
l mass-mms: 52
l ftgd_err: 53

anomaly: 7 l anomaly: 20

voip: 8 l voip: 14

dlp: 9 l dlp: 54

app_ctrl: 10 l signature: 59

FortiOS 6.4.7 Log Reference 53


Fortinet, Inc.
Log Schema Structure

Log Category IDs Subtype IDs


l port-violation: 60
l protocol-violation: 61

WAF: 12 l waf-signature: 0
l waf-custom-signature: 1
l waf-http-method: 2
l waf-http-constraint: 3
l waf-address-list: 4
l waf-url-access: 5

GTP: 14 l gtp-all: 0

DNS: 15 l dns-query: 0
l dns-response: 1

SSH: 16 l ssh-command: 0
l ssh-channel: 1

SSL: 17 l ssl-anomalies: 0
l ssl-exempt: 1
l ssl-negotiation: 2

CIFS: 18 l cifs-filefilter: 0
l cifs-auth-fail: 1

File Filter: 19 l file-filter: 0

ICAP: 20 l icap: 0

FortiOS 6.4.7 Log Reference 54


Fortinet, Inc.
FortiGuard Web Filter Categories

The below details the mapping between FortiGuard Web Filter category names and numbers.

Number Category

0 Unrated

1 Drug abuse

2 Alternative beliefs

3 Hacking

4 Illegal or unethical

5 Discrimination

6 Explicit violence

7 Abortion

8 Other adult materials

9 Advocacy organizations

11 Gambling

12 Extremist groups

13 Nudity and risque

14 Pornography

15 Dating

16 Weapons (sales)

17 Advertising

18 Brokerage and trading

19 Freeware and software downloads

20 Games

23 Web-based email

24 File sharing and storage

25 Streaming media and download

26 Malicious websites

28 Entertainment

29 Arts and culture

30 Education

FortiOS 6.4.7 Log Reference 55


Fortinet, Inc.
FortiGuard Web Filter Categories

Number Category

31 Finance and banking

33 Health and wellness

34 Job search

35 Medicine

36 News and media

37 Social networking

38 Political organizations

39 Reference

40 Global religion

41 Search engines and portals

42 Shopping

43 General organizations

44 Society and lifestyles

46 Sports

47 Travel

48 Personal vehicles

49 Business

50 Information and computer security

51 Government and legal organizations

52 Information technology

53 Armed forces

54 Dynamic content

55 Meaningless content

56 Web hosting

57 Marijuana

58 Folklore

59 Proxy avoidance

61 Phishing

62 Plagiarism

63 Sex education

FortiOS 6.4.7 Log Reference 56


Fortinet, Inc.
FortiGuard Web Filter Categories

Number Category

64 Alcohol

65 Tobacco

66 Lingerie and swimsuit

67 Sports hunting and war games

68 Web chat

69 Instant messaging

70 Newsgroups and message boards

71 Digital postcards

72 Peer-to-peer file sharing

75 Internet radio and TV

76 Internet telephony

77 Child education

78 Real estate

79 Restaurant and dining

80 Personal websites and blogs

81 Secure websites

82 Content servers

83 Child abuse

84 Web-based applications

85 Domain parking

86 Spam URLs

87 Personal privacy

88 Dynamic DNS

89 Auction

90 Newly observed domain

91 Newly registered domain

92 Charitable organizations

93 Remote access

94 Web analytics

95 Online meeting

FortiOS 6.4.7 Log Reference 57


Fortinet, Inc.
CEF Support

You can configure FortiOS 6.4.7 to send logs to remote syslog servers in Common Event Format (CEF) by using the
config log syslogd setting command.
When CEF is enabled, FortiOS sends logs to syslog servers in CEF. This section describes how FortiOS logs support
CEF.

You can view logs in CEF on remote syslog servers or FortiAnalyzer, but not in the FortiOS
GUI.

FortiOS to CEF log field mapping guidelines

The following CEF format:


Date/Time host CEF:Version|Device Vendor|Device Product|Device Version|Signature
ID|Name|Severity|[Extension]

Displays as following in FortiOS logs with CEF enabled: 


"MMM dd HH:mm:ss" "hostname of the fortigate"
CEF:0|Fortinet|Fortigate|version|logid|type:subtype +[eventtype] +[action] +
[status]|reversed level|...

The SignatureId field in FortiOS logs maps to the logid field in CEF and should be last 5 digits of logid.
The Name field in CEF uses the following formula:
type:subtype + [eventtype] + [action] + [status]

Following is an example of the header and one key-value pair for extension from the Event VPN log in CEF:
#Feb 12 10:31:04 syslog-800c CEF:0|Fortinet|Fortigate|v5.6.0|37127|event:vpn negotiate
success|3|FTNTFGTlogid=0101037127

The type:subtype field in FortiOS logs maps to the cat field in CEF.
Any fields in FortiOS logs that are unmatched to fields in CEF include the FTNTFGT prefix.
Quotes ("") are removed from FortiOS logs to support CEF.
Forward slashes (//) in string values as well as the equal sign (=) and backward slashes (\) are escaped in FortiOS logs
to support CEF.

CEF priority levels

Following are the CEF priority levels. They are opposite of FortiOS priority levels. See also FortiOS priority levels on
page 46.

FortiOS 6.4.7 Log Reference 58


Fortinet, Inc.
CEF Support

Level (8 is Name Description


highest)

8 Emergency The system is unusable or not responding.

7 Alert Immediate action required. Used in security logs.

6 Critical Functionality is affected.

5 Error An error exists and functionality could be affected.

4 Warning Functionality could be affected.

3 Notification Information about normal events.

2 Information General information about system operations. Used in event logs to


record configuration changes.

1 Debug Debug information.

Examples of CEF support

This section includes examples of how the different types of log message support CEF.

Traffic log support for CEF

The following is an example of a traffic log on the FortiGate disk:


date=2018-12-27 time=11:07:55 logid="0000000013" type="traffic" subtype="forward"
level="notice" vd="vdom1" eventtime=1545937675 srcip=10.1.100.11 srcport=54190
srcintf="port12" srcintfrole="undefined" dstip=52.53.140.235 dstport=443
dstintf="port11" dstintfrole="undefined" poluuid="c2d460aa-fe6f-51e8-9505-
41b5117dfdd4" sessionid=402 proto=6 action="close" policyid=1 policytype="policy"
service="HTTPS" dstcountry="United States" srccountry="Reserved" trandisp="snat"
transip=172.16.200.1 transport=54190 appid=40568 app="HTTPS.BROWSER"
appcat="Web.Client" apprisk="medium" applist="g-default" duration=2 sentbyte=3652
rcvdbyte=146668 sentpkt=58 rcvdpkt=105 utmaction="allow" countapp=2 utmref=65532-56

The following is an example of a traffic log sent in CEF format to a syslog server:
Dec 27 11:07:55 FGT-A-LOG CEF: 0|Fortinet|Fortigate|v6.0.3|00013|traffic:forward
close|3|deviceExternalId=FGT5HD3915800610 FTNTFGTlogid=0000000013
cat=traffic:forward FTNTFGTsubtype=forward FTNTFGTlevel=notice FTNTFGTvd=vdom1
FTNTFGTeventtime=1545937675 src=10.1.100.11 spt=54190 deviceInboundInterface=port12
FTNTFGTsrcintfrole=undefined dst=52.53.140.235 dpt=443
deviceOutboundInterface=port11 FTNTFGTdstintfrole=undefined FTNTFGTpoluuid=c2d460aa-
fe6f-51e8-9505-41b5117dfdd4 externalId=402 proto=6 act=close FTNTFGTpolicyid=1
FTNTFGTpolicytype=policy app=HTTPS FTNTFGTdstcountry=United States
FTNTFGTsrccountry=Reserved FTNTFGTtrandisp=snat sourceTranslatedAddress=172.16.200.1
sourceTranslatedPort=54190 FTNTFGTappid=40568 FTNTFGTapp=HTTPS.BROWSER
FTNTFGTappcat=Web.Client FTNTFGTapprisk=medium FTNTFGTapplist=g-default
FTNTFGTduration=2 out=3652 in=146668 FTNTFGTsentpkt=58 FTNTFGTrcvdpkt=105
FTNTFGTutmaction=allow FTNTFGTcountapp=2

The following table maps FortiOS log field names to CEF field names.

FortiOS 6.4.7 Log Reference 59


Fortinet, Inc.
CEF Support

FortiOS Log Field Name CEF Field Name

type: subtype cat

srcip src

srcport spt

srcintf deviceInboundInterface

dstip dst

dstport dpt

dstintf deviceOutboundInterface

sessionid externalID

proto proto

action act

transip sourceTranslatedAddress

transport sourceTranslatedPort

service app

sentbyte out

rcvdbyte in

Custom fields

To configure the traffic log with custom fields, enter the following CLI commands:
config log custom-field
edit 1
set name "custom_name1"
set value "HN123456"
next
edit 2
set name "custom_name2"
set value "accounting_dpt"
next
end
config firewall policy
edit 1
set name "A-v4-out"
set srcintf "port12"
set dstintf "port11"
set srcaddr "all"
set dstaddr "all"
set action accept
set schedule "always"
set service "ALL"
set utm-status enable
set logtraffic all
set custom-log-fields "1" "2"

FortiOS 6.4.7 Log Reference 60


Fortinet, Inc.
CEF Support

set application-list "g-default"


set ssl-ssh-profile "certificate-inspection"
set nat enable
next
end

The following is an example of a traffic log with custom fields on the FortiGate disk:
date=2018-12-27 time=11:12:30 logid="0000000013" type="traffic" subtype="forward"
level="notice" vd="vdom1" eventtime=1545937950 srcip=10.1.100.11 srcport=58843
srcintf="port12" srcintfrole="undefined" dstip=172.16.200.55 dstport=53
dstintf="port11" dstintfrole="undefined" poluuid="c2d460aa-fe6f-51e8-9505-
41b5117dfdd4" sessionid=440 proto=17 action="accept" policyid=1 policytype="policy"
service="DNS" dstcountry="Reserved" srccountry="Reserved" trandisp="snat"
transip=172.16.200.1 transport=58843 appid=16195 app="DNS" appcat="Network.Service"
apprisk="elevated" applist="g-default" duration=180 sentbyte=70 rcvdbyte=528
sentpkt=1 rcvdpkt=1 custom_name1="HN123456" custom_name2="accounting_dpt"

The following is an example of a traffic log with custom fields sent in CEF format to a syslog server:
Dec 27 11:12:30 FGT-A-LOG CEF: 0|Fortinet|Fortigate|v6.0.3|00013|traffic:forward
accept|3|deviceExternalId=FGT5HD3915800610 FTNTFGTlogid=0000000013
cat=traffic:forward FTNTFGTsubtype=forward FTNTFGTlevel=notice FTNTFGTvd=vdom1
FTNTFGTeventtime=1545937950 src=10.1.100.11 spt=58843 deviceInboundInterface=port12
FTNTFGTsrcintfrole=undefined dst=172.16.200.55 dpt=53 deviceOutboundInterface=port11
FTNTFGTdstintfrole=undefined FTNTFGTpoluuid=c2d460aa-fe6f-51e8-9505-41b5117dfdd4
externalId=440 proto=17 act=accept FTNTFGTpolicyid=1 FTNTFGTpolicytype=policy
app=DNS FTNTFGTdstcountry=Reserved FTNTFGTsrccountry=Reserved FTNTFGTtrandisp=snat
sourceTranslatedAddress=172.16.200.1 sourceTranslatedPort=58843 FTNTFGTappid=16195
FTNTFGTapp=DNS FTNTFGTappcat=Network.Service FTNTFGTapprisk=elevated
FTNTFGTapplist=g-default FTNTFGTduration=180 out=70 in=528 FTNTFGTsentpkt=1
FTNTFGTrcvdpkt=1 FTNTFGTcustom_name1=HN123456 FTNTFGTcustom_name2=accounting_dpt

The following table maps FortiOS custom log field names to CEF field names.

FortiOS Log Field Name CEF Field Name

custom_name1 FTNTFGTcustom_name1

custom_name2 FTNTFGTcustom_name2

Event log support for CEF

The following table maps FortiOS log field names to CEF field names.

FortiOS Log Field Name CEF Field Name

msg msg

cookies requestCookies

user duser

status outcome

role sourceServiceName

ui sproc

FortiOS 6.4.7 Log Reference 61


Fortinet, Inc.
CEF Support

FortiOS Log Field Name CEF Field Name

reason reason

action act

system subtype

The following is an example of a system subtype event log on the FortiGate disk:
date=2018-12-27 time=11:15:40 logid="0100032002" type="event" subtype="system"
level="alert" vd="vdom1" eventtime=1545938140 logdesc="Admin login failed" sn="0"
user="admin1" ui="https(172.16.200.254)" method="https" srcip=172.16.200.254
dstip=172.16.200.1 action="login" status="failed" reason="name_invalid"
msg="Administrator admin1 login failed from https(172.16.200.254) because of invalid
user name"

The following is an example of a system subtype event log sent in CEF format to a syslog server:
Dec 27 11:15:40 FGT-A-LOG CEF: 0|Fortinet|Fortigate|v6.0.3|32002|event:system login
failed|7|deviceExternalId=FGT5HD3915800610 FTNTFGTlogid=0100032002 cat=event:system
FTNTFGTsubtype=system FTNTFGTlevel=alert FTNTFGTvd=vdom1 FTNTFGTeventtime=1545938140
FTNTFGTlogdesc=Admin login failed FTNTFGTsn=0 duser=admin1 sproc=https
(172.16.200.254) FTNTFGTmethod=https src=172.16.200.254 dst=172.16.200.1 act=login
outcome=failed reason=name_invalid msg=Administrator admin1 login failed from https
(172.16.200.254) because of invalid user name

user subtype

The following is an example of a user subtype log on the FortiGate disk:


date=2018-12-27 time=11:17:35 logid="0102043008" type="event" subtype="user"
level="notice" vd="vdom1" eventtime=1545938255 logdesc="Authentication success"
srcip=10.1.100.11 dstip=172.16.200.55 policyid=1 interface="port12" user="bob"
group="N/A" authproto="TELNET(10.1.100.11)" action="authentication" status="success"
reason="N/A" msg="User bob succeeded in authentication"

The following is an example of a user subtype log sent in CEF format to a syslog server:
Dec 27 11:17:35 FGT-A-LOG CEF: 0|Fortinet|Fortigate|v6.0.3|43008|event:user
authentication success|3|deviceExternalId=FGT5HD3915800610 FTNTFGTlogid=0102043008
cat=event:user FTNTFGTsubtype=user FTNTFGTlevel=notice FTNTFGTvd=vdom1
FTNTFGTeventtime=1545938255 FTNTFGTlogdesc=Authentication success src=10.1.100.11
dst=172.16.200.55 FTNTFGTpolicyid=1 deviceInboundInterface=port12 duser=bob
FTNTFGTgroup=N/A FTNTFGTauthproto=TELNET(10.1.100.11) act=authentication
outcome=success reason=N/A msg=User bob succeeded in authentication

Antivirus log support for CEF

The following is an example of an antivirus log on the FortiGate disk:


date=2018-12-27 time=11:20:49 logid="0211008192" type="utm" subtype="virus"
eventtype="infected" level="warning" vd="vdom1" eventtime=1545938448 msg="File is
infected." action="blocked" service="HTTP" sessionid=695 srcip=10.1.100.11
dstip=172.16.200.55 srcport=44356 dstport=80 srcintf="port12"
srcintfrole="undefined" dstintf="port11" dstintfrole="undefined" policyid=1 proto=6
direction="incoming" filename="eicar.com" quarskip="File-was-not-quarantined."

FortiOS 6.4.7 Log Reference 62


Fortinet, Inc.
CEF Support

virus="EICAR_TEST_FILE" dtype="Virus" ref="http://www.fortinet.com/ve?vn=EICAR_TEST_


FILE" virusid=2172 url="http://172.16.200.55/virus/eicar.com" profile="g-default"
user="bob" agent="curl/7.47.0"
analyticscksum="275a021bbfb6489e54d471899f7db9d1663fc695ec2fe2a2c4538aabf651fd0f"
analyticssubmit="false" crscore=50 crlevel="critical"

The following is an example of an antivirus log sent in CEF format to a syslog server:
Dec 27 11:20:48 FGT-A-LOG CEF: 0|Fortinet|Fortigate|v6.0.3|08192|utm:virus infected
blocked|4|deviceExternalId=FGT5HD3915800610 FTNTFGTlogid=0211008192 cat=utm:virus
FTNTFGTsubtype=virus FTNTFGTeventtype=infected FTNTFGTlevel=warning FTNTFGTvd=vdom1
FTNTFGTeventtime=1545938448 msg=File is infected. act=blocked app=HTTP
externalId=695 src=10.1.100.11 dst=172.16.200.55 spt=44356 dpt=80
deviceInboundInterface=port12 FTNTFGTsrcintfrole=undefined
deviceOutboundInterface=port11 FTNTFGTdstintfrole=undefined FTNTFGTpolicyid=1
proto=6 deviceDirection=0 fname=eicar.com FTNTFGTquarskip=File-was-not-quarantined.
FTNTFGTvirus=EICAR_TEST_FILE FTNTFGTdtype=Virus
FTNTFGTref=http://www.fortinet.com/ve?vn\=EICAR_TEST_FILE FTNTFGTvirusid=2172
request=http://172.16.200.55/virus/eicar.com FTNTFGTprofile=g-default duser=bob
requestClientApplication=curl/7.47.0
FTNTFGTanalyticscksum=275a021bbfb6489e54d471899f7db9d1663fc695ec2fe2a2c4538aabf651fd
0f FTNTFGTanalyticssubmit=false FTNTFGTcrscore=50 FTNTFGTcrlevel=critical

The following table maps FortiOS log field names to CEF field names.

FortiOS Log Field Name CEF Field Name

direction deviceDirection (inbound/outbound mapping to 0/1)

filename fname

ref FTNTFGTref (There is \ added to escape = )

url request

agent requestClientApplication

Webfilter log support for CEF

The following is an example of a webfilter log on the FortiGate disk:


date=2018-12-27 time=11:23:50 logid="0316013056" type="utm" subtype="webfilter"
eventtype="ftgd_blk" level="warning" vd="vdom1" eventtime=1545938629 policyid=1
sessionid=764 user="bob" srcip=10.1.100.11 srcport=59194 srcintf="port12"
srcintfrole="undefined" dstip=185.230.61.185 dstport=80 dstintf="port11"
dstintfrole="undefined" proto=6 service="HTTP" hostname="ambrishsriv.wixsite.com"
profile="g-default" action="blocked" reqtype="direct" url="/bizsquads" sentbyte=96
rcvdbyte=0 direction="outgoing" msg="URL belongs to a denied category in policy"
method="domain" cat=26 catdesc="Malicious Websites" crscore=60 crlevel="high"

The following is an example of a webfilter log sent in CEF format to a syslog server:
Dec 27 11:23:49 FGT-A-LOG CEF: 0|Fortinet|Fortigate|v6.0.3|13056|utm:webfilter ftgd_blk
blocked|4|deviceExternalId=FGT5HD3915800610 FTNTFGTlogid=0316013056
cat=utm:webfilter FTNTFGTsubtype=webfilter FTNTFGTeventtype=ftgd_blk
FTNTFGTlevel=warning FTNTFGTvd=vdom1 FTNTFGTeventtime=1545938629 FTNTFGTpolicyid=1
externalId=764 duser=bob src=10.1.100.11 spt=59194 deviceInboundInterface=port12
FTNTFGTsrcintfrole=undefined dst=185.230.61.185 dpt=80
deviceOutboundInterface=port11 FTNTFGTdstintfrole=undefined proto=6 app=HTTP
dhost=ambrishsriv.wixsite.com FTNTFGTprofile=g-default act=blocked
FTNTFGTreqtype=direct request=/bizsquads out=96 in=0 deviceDirection=1 msg=URL

FortiOS 6.4.7 Log Reference 63


Fortinet, Inc.
CEF Support

belongs to a denied category in policy FTNTFGTmethod=domain FTNTFGTcat=26


requestContext=Malicious Websites FTNTFGTcrscore=60 FTNTFGTcrlevel=high

The following table maps FortiOS log field names to CEF field names.

FortiOS Log Field Name CEF Field Name

hostname dhost

catdesc requestContext

IPS log support for CEF

The following is an example of an IPS log on the FortiGate disk:


date=2018-12-27 time=11:28:07 logid="0419016384" type="utm" subtype="ips"
eventtype="signature" level="alert" vd="vdom1" eventtime=1545938887 severity="info"
srcip=172.16.200.55 srccountry="Reserved" dstip=10.1.100.11 srcintf="port11"
srcintfrole="undefined" dstintf="port12" dstintfrole="undefined" sessionid=901
action="reset" proto=6 service="HTTP" policyid=1 attack="Eicar.Virus.Test.File"
srcport=80 dstport=44362 hostname="172.16.200.55" url="/virus/eicar.com"
direction="incoming" attackid=29844 profile="test-ips"
ref="http://www.fortinet.com/ids/VID29844" user="bob" incidentserialno=877326946
msg="file_transfer: Eicar.Virus.Test.File,"

The following is an example of an IPS sent in CEF format to a syslog server:


Dec 27 11:28:07 FGT-A-LOG CEF: 0|Fortinet|Fortigate|v6.0.3|16384|utm:ips signature
reset|7|deviceExternalId=FGT5HD3915800610 FTNTFGTlogid=0419016384 cat=utm:ips
FTNTFGTsubtype=ips FTNTFGTeventtype=signature FTNTFGTlevel=alert FTNTFGTvd=vdom1
FTNTFGTeventtime=1545938887 FTNTFGTseverity=info src=172.16.200.55
FTNTFGTsrccountry=Reserved dst=10.1.100.11 deviceInboundInterface=port11
FTNTFGTsrcintfrole=undefined deviceOutboundInterface=port12
FTNTFGTdstintfrole=undefined externalId=901 act=reset proto=6 app=HTTP
FTNTFGTpolicyid=1 FTNTFGTattack=Eicar.Virus.Test.File spt=80 dpt=44362
dhost=172.16.200.55 request=/virus/eicar.com deviceDirection=0 FTNTFGTattackid=29844
FTNTFGTprofile=test-ips FTNTFGTref=http://www.fortinet.com/ids/VID29844 duser=bob
FTNTFGTincidentserialno=877326946 msg=file_transfer: Eicar.Virus.Test.File,

Email Spamfilter log support for CEF

The following is an example of an email spamfilter log on the FortiGate disk:


date=2018-12-27 time=11:36:58 logid="0508020503" type="utm" subtype="emailfilter"
eventtype="smtp" level="information" vd="vdom1" eventtime=1545939418 policyid=1
sessionid=1135 user="bob" srcip=10.1.100.11 srcport=35969 srcintf="port12"
srcintfrole="undefined" dstip=172.18.62.158 dstport=25 dstintf="port11"
dstintfrole="undefined" proto=6 service="SMTP" profile="test-spam" action="log-only"
from="testpc1@qa.fortinet.com" to="test1@server88.qa.fortinet.com"
sender="testpc1@qa.fortinet.com" recipient="test1@server88.qa.fortinet.com"
direction="outgoing" msg="general email log" subject="hello_world2" size="216"
attachment="no"

The following is an example of an email spamfilter log sent in CEF format to a syslog server:
Dec 27 11:36:58 FGT-A-LOG CEF: 0|Fortinet|Fortigate|v6.0.3|20503|utm:emailfilter smtp
log-only|2|deviceExternalId=FGT5HD3915800610 FTNTFGTlogid=0508020503
cat=utm:emailfilter FTNTFGTsubtype=emailfilter FTNTFGTeventtype=smtp
FTNTFGTlevel=information FTNTFGTvd=vdom1 FTNTFGTeventtime=1545939418

FortiOS 6.4.7 Log Reference 64


Fortinet, Inc.
CEF Support

FTNTFGTpolicyid=1 externalId=1135 duser=bob src=10.1.100.11 spt=35969


deviceInboundInterface=port12 FTNTFGTsrcintfrole=undefined dst=172.18.62.158 dpt=25
deviceOutboundInterface=port11 FTNTFGTdstintfrole=undefined proto=6 app=SMTP
FTNTFGTprofile=test-spam act=log-only suser=testpc1@qa.fortinet.com
duser=test1@server88.qa.fortinet.com FTNTFGTsender=testpc1@qa.fortinet.com
FTNTFGTrecipient=test1@server88.qa.fortinet.com deviceDirection=1 msg=general email
log FTNTFGTsubject=hello_world2 FTNTFGTsize=216 FTNTFGTattachment=no

The following table maps FortiOS log field names to CEF field names.

FortiOS Log Field Name CEF Field Name

from suser

to duser

Anomaly log support for CEF

The following is an example of an anomaly log on the FortiGate disk:


date=2018-12-27 time=11:40:04 logid="0720018433" type="utm" subtype="anomaly"
eventtype="anomaly" level="alert" vd="vdom1" eventtime=1545939604
severity="critical" srcip=10.1.100.11 srccountry="Reserved" dstip=172.16.200.55
srcintf="port12" srcintfrole="undefined" sessionid=0 action="clear_session" proto=1
service="PING" count=1 attack="icmp_flood" icmpid="0x3053" icmptype="0x08"
icmpcode="0x00" attackid=16777316 policyid=1 policytype="DoS-policy"
ref="http://www.fortinet.com/ids/VID16777316" msg="anomaly: icmp_flood, 51 >
threshold 50" crscore=50 crlevel="critical"

The following is an example of an anomaly log sent in CEF format to a syslog server:
Dec 27 11:40:04 FGT-A-LOG CEF: 0|Fortinet|Fortigate|v6.0.3|18433|utm:anomaly anomaly
clear_session|7|deviceExternalId=FGT5HD3915800610 FTNTFGTlogid=0720018433
cat=utm:anomaly FTNTFGTsubtype=anomaly FTNTFGTeventtype=anomaly FTNTFGTlevel=alert
FTNTFGTvd=vdom1 FTNTFGTeventtime=1545939604 FTNTFGTseverity=critical src=10.1.100.11
FTNTFGTsrccountry=Reserved dst=172.16.200.55 deviceInboundInterface=port12
FTNTFGTsrcintfrole=undefined externalId=0 act=clear_session proto=1 app=PING cnt=1
FTNTFGTattack=icmp_flood FTNTFGTicmpid=0x3053 FTNTFGTicmptype=0x08
FTNTFGTicmpcode=0x00 FTNTFGTattackid=16777316 FTNTFGTpolicyid=1
FTNTFGTpolicytype=DoS-policy FTNTFGTref=http://www.fortinet.com/ids/VID16777316
msg=anomaly: icmp_flood, 51 > threshold 50 FTNTFGTcrscore=50 FTNTFGTcrlevel=critical

The following table maps FortiOS log field names to CEF field names.

FortiOS Log Field Name CEF Field Name

count cnt

VoIP log support for CEF

The following is an example of an VoIP log on the FortiGate disk:


date=2018-12-27 time=16:47:09 logid="0814044032" type="utm" subtype="voip"
eventtype="voip" level="information" vd="vdom1" eventtime=1545958028 session_
id=18975 epoch=0 event_id=6857 srcip=10.1.100.11 src_port=5060 dstip=172.16.200.55
dst_port=5060 proto=17 src_int="port12" dst_int="port11" policy_id=1
profile="default" voip_proto="sip" kind="call" action="permit" status="start"

FortiOS 6.4.7 Log Reference 65


Fortinet, Inc.
CEF Support

duration=0 dir="session_origin" call_id="3444-13134@127.0.0.1"


from="sip:sipp@127.0.0.1:5060" to="sip:service@172.16.200.55:5060"

The following is an example of an VoIP sent in CEF format to a syslog server:


Dec 27 16:47:08 FGT-A-LOG CEF: 0|Fortinet|Fortigate|v6.0.3|44032|utm:voip voip permit
start|2|deviceExternalId=FGT5HD3915800610 FTNTFGTlogid=0814044032 cat=utm:voip
FTNTFGTsubtype=voip FTNTFGTeventtype=voip FTNTFGTlevel=information FTNTFGTvd=vdom1
FTNTFGTeventtime=1545958028 externalId=18975 FTNTFGTepoch=0 FTNTFGTevent_id=6857
src=10.1.100.11 spt=5060 dst=172.16.200.55 dpt=5060 proto=17
deviceInboundInterface=port12 deviceOutboundInterface=port11 FTNTFGTpolicy_id=1
FTNTFGTprofile=default FTNTFGTvoip_proto=sip FTNTFGTkind=call act=permit
outcome=start FTNTFGTduration=0 FTNTFGTdir=session_origin FTNTFGTcall_id=3444-
13134@127.0.0.1 suser=sip:sipp@127.0.0.1:5060 duser=sip:service@172.16.200.55:5060

The following table maps FortiOS log field names to CEF field names.

FortiOS Log Field Name CEF Field Name

status outcome

from suser

to duser

DLP log support for CEF

The following is an example of a DLP log on the FortiGate disk:


date=2018-12-27 time=14:29:36 logid="0954024576" type="utm" subtype="dlp" eventtype="dlp"
level="warning" vd="vdom1" eventtime=1545949776 filteridx=1 dlpextra="test-dlp3"
filtertype="file-type" filtercat="file" severity="medium" policyid=1 sessionid=12680
epoch=418303178 eventid=0 user="bob" srcip=10.1.100.11 srcport=33638
srcintf="port12" srcintfrole="undefined" dstip=172.18.62.158 dstport=80
dstintf="port11" dstintfrole="undefined" proto=6 service="HTTP" filetype="gif"
direction="incoming" action="block" hostname="172.18.62.158" url="/dlp/flower.gif"
agent="curl/7.47.0" filename="flower.gif" filesize=1209 profile="test-dlp"

The following is an example of a DLP log sent in CEF format to a syslog server:


Dec 27 14:29:36 FGT-A-LOG CEF: 0|Fortinet|Fortigate|v6.0.3|24576|utm:dlp dlp
block|4|deviceExternalId=FGT5HD3915800610 FTNTFGTlogid=0954024576 cat=utm:dlp
FTNTFGTsubtype=dlp FTNTFGTeventtype=dlp FTNTFGTlevel=warning FTNTFGTvd=vdom1
FTNTFGTeventtime=1545949776 FTNTFGTfilteridx=1 FTNTFGTdlpextra=test-dlp3
FTNTFGTfiltertype=file-type FTNTFGTfiltercat=file FTNTFGTseverity=medium
FTNTFGTpolicyid=1 externalId=12680 FTNTFGTepoch=418303178 FTNTFGTeventid=0 duser=bob
src=10.1.100.11 spt=33638 deviceInboundInterface=port12 FTNTFGTsrcintfrole=undefined
dst=172.18.62.158 dpt=80 deviceOutboundInterface=port11 FTNTFGTdstintfrole=undefined
proto=6 app=HTTP FTNTFGTfiletype=gif deviceDirection=0 act=block dhost=172.18.62.158
request=/dlp/flower.gif requestClientApplication=curl/7.47.0 fname=flower.gif
fsize=1209 FTNTFGTprofile=test-dlp

The following table maps FortiOS log field names to CEF field names.

FortiOS Log Field Name CEF Field Name

filename fname

FortiOS 6.4.7 Log Reference 66


Fortinet, Inc.
CEF Support

Application log support for CEF

The following is an example of an application log on the FortiGate disk:


date=2018-12-27 time=14:28:08 logid="1059028704" type="utm" subtype="app-ctrl"
eventtype="app-ctrl-all" level="information" vd="vdom1" eventtime=1545949688
appid=34050 srcip=10.1.100.11 dstip=104.80.89.24 srcport=56826 dstport=80
srcintf="port12" srcintfrole="undefined" dstintf="port11" dstintfrole="undefined"
proto=6 service="HTTP" direction="outgoing" policyid=1 sessionid=12567 applist="g-
default" appcat="Web.Client" app="HTTP.BROWSER_Firefox" action="pass"
hostname="detectportal.firefox.com" incidentserialno=1702350499 url="/success.txt"
msg="Web.Client: HTTP.BROWSER_Firefox," apprisk="elevated"

The following is an example of an application sent in CEF format to a syslog server:


Dec 27 14:28:08 FGT-A-LOG CEF: 0|Fortinet|Fortigate|v6.0.3|28704|utm:app-ctrl app-ctrl-
all pass|2|deviceExternalId=FGT5HD3915800610 FTNTFGTlogid=1059028704 cat=utm:app-
ctrl FTNTFGTsubtype=app-ctrl FTNTFGTeventtype=app-ctrl-all FTNTFGTlevel=information
FTNTFGTvd=vdom1 FTNTFGTeventtime=1545949688 FTNTFGTappid=34050 src=10.1.100.11
dst=104.80.89.24 spt=56826 dpt=80 deviceInboundInterface=port12
FTNTFGTsrcintfrole=undefined deviceOutboundInterface=port11
FTNTFGTdstintfrole=undefined proto=6 app=HTTP deviceDirection=1 FTNTFGTpolicyid=1
externalId=12567 FTNTFGTapplist=g-default FTNTFGTappcat=Web.Client
FTNTFGTapp=HTTP.BROWSER_Firefox act=pass dhost=detectportal.firefox.com
FTNTFGTincidentserialno=1702350499 request=/success.txt msg=Web.Client:
HTTP.BROWSER_Firefox, FTNTFGTapprisk=elevated

WAF log support for CEF

The following is an example of an WAF log on the FortiGate disk:


date=2018-12-27 time=14:55:20 logid="1203030258" type="utm" subtype="waf" eventtype="waf-
http-constraint" level="warning" vd="vdom1" eventtime=1545951320 policyid=1
sessionid=13614 user="bob" profile="waf_test" srcip=10.1.100.11 srcport=57304
dstip=172.16.200.55 dstport=80 srcintf="port12" srcintfrole="lan" dstintf="port11"
dstintfrole="wan" proto=6 service="HTTP"
url="http://172.16.200.55/index.html?a=0123456789&b=0123456789&c=0123456789"
severity="medium" action="passthrough" direction="request" agent="curl/7.47.0"
constraint="url-param-num" rawdata="Method=GET|User-Agent=curl/7.47.0"

The following is an example of an WAF sent in CEF format to a syslog server:


Dec 27 14:55:20 FGT-A-LOG CEF: 0|Fortinet|Fortigate|v6.0.3|30258|utm:waf waf-http-
constraint passthrough|4|deviceExternalId=FGT5HD3915800610 FTNTFGTlogid=1203030258
cat=utm:waf FTNTFGTsubtype=waf FTNTFGTeventtype=waf-http-constraint
FTNTFGTlevel=warning FTNTFGTvd=vdom1 FTNTFGTeventtime=1545951320 FTNTFGTpolicyid=1
externalId=13614 duser=bob FTNTFGTprofile=waf_test src=10.1.100.11 spt=57304
dst=172.16.200.55 dpt=80 deviceInboundInterface=port12 FTNTFGTsrcintfrole=lan
deviceOutboundInterface=port11 FTNTFGTdstintfrole=wan proto=6 app=HTTP
request=http://172.16.200.55/index.html?a\=0123456789&b\=0123456789&c\=0123456789
FTNTFGTseverity=medium act=passthrough deviceDirection=0
requestClientApplication=curl/7.47.0 FTNTFGTconstraint=url-param-num
FTNTFGTrawdata=Method\=GET|User-Agent\=curl/7.47.0

DNS log support for CEF

The following is an example of an DNS log on the FortiGate disk:

FortiOS 6.4.7 Log Reference 67


Fortinet, Inc.
CEF Support

date=2018-12-27 time=14:45:26 logid="1501054802" type="dns" subtype="dns-response"


level="notice" vd="vdom1" eventtime=1545950726 policyid=1 sessionid=13355 user="bob"
srcip=10.1.100.11 srcport=54621 srcintf="port12" srcintfrole="lan"
dstip=172.16.200.55 dstport=53 dstintf="port11" dstintfrole="wan" proto=17
profile="default" srcmac="a2:e9:00:ec:40:01" xid=5137
qname="detectportal.firefox.com" qtype="A" qtypeval=1 qclass="IN"
ipaddr="104.80.89.26, 104.80.89.24" msg="Domain is monitored" action="pass" cat=52
catdesc="Information Technology"

The following is an example of an DNS sent in CEF format to a syslog server:


Dec 27 14:45:26 FGT-A-LOG CEF: 0|Fortinet|Fortigate|v6.0.3|54802|dns:dns-response
pass|3|deviceExternalId=FGT5HD3915800610 FTNTFGTlogid=1501054802 cat=dns:dns-
response FTNTFGTsubtype=dns-response FTNTFGTlevel=notice FTNTFGTvd=vdom1
FTNTFGTeventtime=1545950726 FTNTFGTpolicyid=1 externalId=13355 duser=bob
src=10.1.100.11 spt=54621 deviceInboundInterface=port12 FTNTFGTsrcintfrole=lan
dst=172.16.200.55 dpt=53 deviceOutboundInterface=port11 FTNTFGTdstintfrole=wan
proto=17 FTNTFGTprofile=default FTNTFGTsrcmac=a2:e9:00:ec:40:01 FTNTFGTxid=5137
FTNTFGTqname=detectportal.firefox.com FTNTFGTqtype=A FTNTFGTqtypeval=1
FTNTFGTqclass=IN FTNTFGTipaddr=104.80.89.26, 104.80.89.24 msg=Domain is monitored
act=pass FTNTFGTcat=52 FTNTFGTcatdesc=Information Technology

SSH log support for CEF

The following is an example of an SSH log on the FortiGate disk:


date=2018-12-27 time=14:36:15 logid="1600061002" type="utm" subtype="ssh" eventtype="ssh-
command" level="notice" vd="vdom1" eventtime=1545950175 policyid=1 sessionid=12921
user="bob" profile="test-ssh" srcip=10.1.100.11 srcport=56698 dstip=172.16.200.55
dstport=22 srcintf="port12" srcintfrole="lan" dstintf="port11" dstintfrole="wan"
proto=6 action="passthrough" direction="outgoing" login="root" command="ls"
severity="low"

The following is an example of an SSH sent in CEF format to a syslog server:


Dec 27 14:36:15 FGT-A-LOG CEF: 0|Fortinet|Fortigate|v6.0.3|61002|utm:ssh ssh-command
passthrough|3|deviceExternalId=FGT5HD3915800610 FTNTFGTlogid=1600061002 cat=utm:ssh
FTNTFGTsubtype=ssh FTNTFGTeventtype=ssh-command FTNTFGTlevel=notice FTNTFGTvd=vdom1
FTNTFGTeventtime=1545950175 FTNTFGTpolicyid=1 externalId=12921 duser=bob
FTNTFGTprofile=test-ssh src=10.1.100.11 spt=56698 dst=172.16.200.55 dpt=22
deviceInboundInterface=port12 FTNTFGTsrcintfrole=lan deviceOutboundInterface=port11
FTNTFGTdstintfrole=wan proto=6 act=passthrough FTNTFGTlogin=root FTNTFGTcommand=ls
FTNTFGTseverity=low

FortiOS 6.4.7 Log Reference 68


Fortinet, Inc.
UTM Extended Logging

FortiOS 6.0.0 and later supports extended logging for UTM log types to reliable Syslog servers over TCP. Extended
logging adds HTTP header information to the rawdata field in UTM log types. You must enable extended logging before
you can use the feature.
When extended logging is enabled, the following HTTP header information can be added to the rawdata field in
UTM logs:
l Method
l X-Forwarded-For
l Request-Content-Type | Response-Content-Type
l Referer
l User-Agent
The full rawdata field of 20KB is only sent to reliable Syslog servers. Other logging devices, such as disk, FortiAnalyzer,
and UDP Syslog servers, receive the information, but only keep a maximum of 2KB total log length, including the
rawdata field, and discard the rest of the extended log information.

Enabling extended logging

You can enable extended logging for the following UTM profiles:


l antivirus
l application
l dlp
l ips
l waf
l webfilter
When you enable the extended-log option for UTM profiles, all HTTP header information for HTTP-deny traffic is
logged.
When you enable the web-extended-all-action-log-enable option for webfilter profile, all HTTP header
information for HTTP-allow traffic is logged.

Extended logging option in UTM profiles

The extended-log option has been added to all UTM profiles, for example:
# webfilter profile
config webfilter profile
edit "test-webfilter"
set extended-log enable
set web-extended-all-action-log enable
next
end

FortiOS 6.4.7 Log Reference 69


Fortinet, Inc.
UTM Extended Logging

# av profile
config antivirus profile
edit "av-proxy-test"
set extended-log enable
next
end
# waf profile
config waf profile
edit "test-waf"
set extended-log enable
next
end

Syslog server mode

The Syslog server mode changed to udp, reliable, and legacy-reliable. You must set the mode to reliable to
support extended logging, for example:
config log syslogd setting
set status enable
set server "<ip address>"
set mode reliable
set facility local6
end

Example of an extended log

Following is an example extended log for a utm log type with a webfilter subtype for a reliable Syslog server. The
rawdata field contains the extended log data.
Dec 18 15:40:15 10.6.30.254 date=2017-12-18 time=15:40:14 devname="600D-9"
devid="FGT6HD3915800120" logid="0316013056" type="utm"subtype="webfilter"
eventtype="ftgd_blk" level="warning" vd="vdom1" eventtime=1513640414 policyid=2
sessionid=440522 srcip=10.1.100.128 srcport=60995 srcintf="port2" srcintfrole="lan"
dstip=209.121.139.177 dstport=80 dstintf="port1" dstintfrole="wan" proto=6
service="HTTP" hostname="detectportal.firefox.com" profile="test-webfilter"
action="blocked" reqtype="direct" url="/success.txt" sentbyte=285 rcvdbyte=0
direction="outgoing" msg="URL belongs to a denied category in policy"
method="domain" cat=52 catdesc="Information Technology" crscore=30 crlevel="high"
rawdata="Method=GET|User-Agent=Mozilla/5.0 (Windows NT 6.1; rv:57.0) Gecko/20100101
Firefox/57.0"

FortiOS 6.4.7 Log Reference 70


Fortinet, Inc.
Log Messages

The following sections list the FortiOS 6.4.7 log messages by log ID number.

Anomaly

18432 - LOGID_ATTCK_ANOMALY_TCP_UDP

Message ID: 18432


Message Description: LOGID_ATTCK_ANOMALY_TCP_UDP
Message Meaning: Attack detected by UCP/TCP anomaly
Type: Anomaly
Category: ANOMALY
Severity: Alert

Log Field Name Description Data Type Length

action Action string 16

attack Attack string 256

attackid Attack ID uint32 10

count Count uint32 10

craction Client Reputation Action uint32 10

crlevel Client Reputation Level string 10

crscore Client Reputation Score uint32 10

date Date string 10

devid Deivce ID string 16

dstintf Destination Interface string 64

dstintfrole Destination Interface's assigned role (LAN, WAN, etc.) string 10

dstip Destination IP ip 39

dstport Destination Port uint16 5

eventtime Time when detection occured uint64 20

eventtype Event Type string 32

fctuid FortiClient UID string 32

FortiOS 6.4.7 Log Reference 71


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

group User Group Name string 64

level Log Level string 11

logid Log ID string 10

msg Log Message string 518

policyid Policy ID uint32 10

policytype Policy type string 24

proto Protocol uint8 3

ref Reference string 4096

service Name of Service string 80

sessionid Session ID uint32 10

severity Severity string 8

srccountry Country name for Source IP string 64

srcdomain string 255

srcintf Source Interface string 64

srcintfrole Source Interface's assigned role (LAN, WAN, etc.) string 10

srcip Source IP ip 39

srcport Source Port uint16 5

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

unauthuser Unauthenticated user string 66

unauthusersource Unauthenticated user source string 66

user User string 256

vd Virtual Domain Name string 32

vrf Virtual router forwarding uint8 3

18433 - LOGID_ATTCK_ANOMALY_ICMP

Message ID: 18433


Message Description: LOGID_ATTCK_ANOMALY_ICMP
Message Meaning: Attack detected by ICMP anomaly

FortiOS 6.4.7 Log Reference 72


Fortinet, Inc.
Log Messages

Type: Anomaly
Category: ANOMALY
Severity: Alert

Log Field Name Description Data Type Length

action Action string 16

attack Attack string 256

attackid Attack ID uint32 10

count Count uint32 10

craction Client Reputation Action uint32 10

crlevel Client Reputation Level string 10

crscore Client Reputation Score uint32 10

date Date string 10

devid Deivce ID string 16

dstintf Destination Interface string 64

dstintfrole Destination Interface's assigned role (LAN, WAN, etc.) string 10

dstip Destination IP ip 39

eventtime Time when detection occured uint64 20

eventtype Event Type string 32

fctuid FortiClient UID string 32

group User Group Name string 64

icmpcode ICMP code string 6

icmpid ICMP ID string 8

icmptype ICMP Type string 6

level Log Level string 11

logid Log ID string 10

msg Log Message string 518

policyid Policy ID uint32 10

policytype Policy type string 24

proto Protocol uint8 3

ref Reference string 4096

service Name of Service string 80

sessionid Session ID uint32 10

FortiOS 6.4.7 Log Reference 73


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

severity Severity string 8

srccountry Country name for Source IP string 64

srcdomain string 255

srcintf Source Interface string 64

srcintfrole Source Interface's assigned role (LAN, WAN, etc.) string 10

srcip Source IP ip 39

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

unauthuser Unauthenticated user string 66

unauthusersource Unauthenticated user source string 66

user User string 256

vd Virtual Domain Name string 32

vrf Virtual router forwarding uint8 3

18434 - LOGID_ATTCK_ANOMALY_OTHERS

Message ID: 18434


Message Description: LOGID_ATTCK_ANOMALY_OTHERS
Message Meaning: Attack detected by other anomaly
Type: Anomaly
Category: ANOMALY
Severity: Alert

Log Field Name Description Data Type Length

action Action string 16

attack Attack string 256

attackid Attack ID uint32 10

count Count uint32 10

craction Client Reputation Action uint32 10

crlevel Client Reputation Level string 10

FortiOS 6.4.7 Log Reference 74


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

crscore Client Reputation Score uint32 10

date Date string 10

devid Deivce ID string 16

dstintf Destination Interface string 64

dstintfrole Destination Interface's assigned role (LAN, WAN, etc.) string 10

dstip Destination IP ip 39

dstport Destination Port uint16 5

eventtime Time when detection occured uint64 20

eventtype Event Type string 32

fctuid FortiClient UID string 32

group User Group Name string 64

level Log Level string 11

logid Log ID string 10

msg Log Message string 518

policyid Policy ID uint32 10

policytype Policy type string 24

proto Protocol uint8 3

ref Reference string 4096

service Name of Service string 80

sessionid Session ID uint32 10

severity Severity string 8

srccountry Country name for Source IP string 64

srcdomain string 255

srcintf Source Interface string 64

srcintfrole Source Interface's assigned role (LAN, WAN, etc.) string 10

srcip Source IP ip 39

srcport Source Port uint16 5

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

FortiOS 6.4.7 Log Reference 75


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

tz Time zone string 5

unauthuser Unauthenticated user string 66

unauthusersource Unauthenticated user source string 66

user User string 256

vd Virtual Domain Name string 32

vrf Virtual router forwarding uint8 3

App

28672 - LOGID_APP_CTRL_IM_BASIC

Message ID: 28672


Message Description: LOGID_APP_CTRL_IM_BASIC
Message Meaning: Application control IM-basic
Type: App
Category: SIGNATURE
Severity: Information

Log Field Name Description Data Type Length

action The status of the session: pass - Application is allowed block - string 16
Application is blocked (silent) reject - Quarantine reset -
Application is blocked and Reset was sent Sometimes, there is
a block page for blocking

app Application name string 96

appcat Application category name string 64

applist Application Control profile name string 64

authserver Authentication server for the user string 64

date Date string 10

devid Deivce ID string 16

direction Direction of the packets string 8

dstintf Destination Interface string 64

dstintfrole Destination Interface's assigned role (LAN, WAN, etc.) string 10

dstip Destination IP ip 39

FortiOS 6.4.7 Log Reference 76


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

dstport Destination Port uint16 5

eventtime Event Time uint64 20

eventtype App Control Event Type string 32

fctuid FortiClient User ID string 32

group User group name string 64

level Log level string 11

logid Log ID string 10

policyid Policy ID uint32 10

profile string 36

profiletype Profile Type string 36

proto Protocol number uint8 3

service Service name string 80

sessionid Session ID uint32 10

srcdomain string 255

srcintf Source Interface string 64

srcintfrole Source Interface's assigned role (LAN, WAN, etc.) string 10

srcip Source IP ip 39

srcport Source Port uint16 5

subtype Log subtype string 20

time Time string 8

type Log type string 16

tz string 5

unauthuser Unauthenticated user string 66

unauthusersource Unauthenticated user source string 66

user User name string 256

vd Virtual domain name string 32

vrf Virtual Routing Forwarding uint8 3

28673 - LOGID_APP_CTRL_IM_BASIC_WITH_STATUS

Message ID: 28673


Message Description: LOGID_APP_CTRL_IM_BASIC_WITH_STATUS

FortiOS 6.4.7 Log Reference 77


Fortinet, Inc.
Log Messages

Message Meaning: Application control IM


Type: App
Category: SIGNATURE
Severity: Information

Log Field Name Description Data Type Length

action The status of the session: pass - Application is allowed block - string 16
Application is blocked (silent) reject - Quarantine reset -
Application is blocked and Reset was sent Sometimes, there is
a block page for blocking

app Application name string 96

appcat Application category name string 64

applist Application Control profile name string 64

authserver Authentication server for the user string 64

date Date string 10

devid Deivce ID string 16

direction Direction of the packets string 8

dstintf Destination Interface string 64

dstintfrole Destination Interface's assigned role (LAN, WAN, etc.) string 10

dstip Destination IP ip 39

dstport Destination Port uint16 5

eventtime Event Time uint64 20

eventtype App Control Event Type string 32

fctuid FortiClient User ID string 32

group User group name string 64

level Log level string 11

logid Log ID string 10

policyid Policy ID uint32 10

profile string 36

profiletype Profile Type string 36

proto Protocol number uint8 3

service Service name string 80

sessionid Session ID uint32 10

srcdomain string 255

FortiOS 6.4.7 Log Reference 78


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

srcintf Source Interface string 64

srcintfrole Source Interface's assigned role (LAN, WAN, etc.) string 10

srcip Source IP ip 39

srcport Source Port uint16 5

subtype Log subtype string 20

time Time string 8

type Log type string 16

tz string 5

unauthuser Unauthenticated user string 66

unauthusersource Unauthenticated user source string 66

user User name string 256

vd Virtual domain name string 32

vrf Virtual Routing Forwarding uint8 3

28674 - LOGID_APP_CTRL_IM_BASIC_WITH_COUNT

Message ID: 28674


Message Description: LOGID_APP_CTRL_IM_BASIC_WITH_COUNT
Message Meaning: Application control IM (chat message count)
Type: App
Category: SIGNATURE
Severity: Information

Log Field Name Description Data Type Length

action The status of the session: pass - Application is allowed block - string 16
Application is blocked (silent) reject - Quarantine reset -
Application is blocked and Reset was sent Sometimes, there is
a block page for blocking

app Application name string 96

appcat Application category name string 64

applist Application Control profile name string 64

authserver Authentication server for the user string 64

date Date string 10

FortiOS 6.4.7 Log Reference 79


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

devid Deivce ID string 16

direction Direction of the packets string 8

dstintf Destination Interface string 64

dstintfrole Destination Interface's assigned role (LAN, WAN, etc.) string 10

dstip Destination IP ip 39

dstport Destination Port uint16 5

eventtime Event Time uint64 20

eventtype App Control Event Type string 32

fctuid FortiClient User ID string 32

group User group name string 64

level Log level string 11

logid Log ID string 10

policyid Policy ID uint32 10

profile string 36

profiletype Profile Type string 36

proto Protocol number uint8 3

service Service name string 80

sessionid Session ID uint32 10

srcdomain string 255

srcintf Source Interface string 64

srcintfrole Source Interface's assigned role (LAN, WAN, etc.) string 10

srcip Source IP ip 39

srcport Source Port uint16 5

subtype Log subtype string 20

time Time string 8

type Log type string 16

tz string 5

unauthuser Unauthenticated user string 66

unauthusersource Unauthenticated user source string 66

user User name string 256

FortiOS 6.4.7 Log Reference 80


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

vd Virtual domain name string 32

vrf Virtual Routing Forwarding uint8 3

28675 - LOGID_APP_CTRL_IM_FILE

Message ID: 28675


Message Description: LOGID_APP_CTRL_IM_FILE
Message Meaning: Application control IM (file)
Type: App
Category: SIGNATURE
Severity: Information

Log Field Name Description Data Type Length

action The status of the session: pass - Application is allowed block - string 16
Application is blocked (silent) reject - Quarantine reset -
Application is blocked and Reset was sent Sometimes, there is
a block page for blocking

app Application name string 96

appcat Application category name string 64

applist Application Control profile name string 64

authserver Authentication server for the user string 64

date Date string 10

devid Deivce ID string 16

direction Direction of the packets string 8

dstintf Destination Interface string 64

dstintfrole Destination Interface's assigned role (LAN, WAN, etc.) string 10

dstip Destination IP ip 39

dstport Destination Port uint16 5

eventtime Event Time uint64 20

eventtype App Control Event Type string 32

fctuid FortiClient User ID string 32

group User group name string 64

level Log level string 11

FortiOS 6.4.7 Log Reference 81


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

logid Log ID string 10

policyid Policy ID uint32 10

profile string 36

profiletype Profile Type string 36

proto Protocol number uint8 3

service Service name string 80

sessionid Session ID uint32 10

srcdomain string 255

srcintf Source Interface string 64

srcintfrole Source Interface's assigned role (LAN, WAN, etc.) string 10

srcip Source IP ip 39

srcport Source Port uint16 5

subtype Log subtype string 20

time Time string 8

type Log type string 16

tz string 5

unauthuser Unauthenticated user string 66

unauthusersource Unauthenticated user source string 66

user User name string 256

vd Virtual domain name string 32

vrf Virtual Routing Forwarding uint8 3

28676 - LOGID_APP_CTRL_IM_CHAT

Message ID: 28676


Message Description: LOGID_APP_CTRL_IM_CHAT
Message Meaning: Application control IM (chat)
Type: App
Category: SIGNATURE
Severity: Information

FortiOS 6.4.7 Log Reference 82


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

action The status of the session: pass - Application is allowed block - string 16
Application is blocked (silent) reject - Quarantine reset -
Application is blocked and Reset was sent Sometimes, there is
a block page for blocking

app Application name string 96

appcat Application category name string 64

applist Application Control profile name string 64

authserver Authentication server for the user string 64

date Date string 10

devid Deivce ID string 16

direction Direction of the packets string 8

dstintf Destination Interface string 64

dstintfrole Destination Interface's assigned role (LAN, WAN, etc.) string 10

dstip Destination IP ip 39

dstport Destination Port uint16 5

eventtime Event Time uint64 20

eventtype App Control Event Type string 32

fctuid FortiClient User ID string 32

group User group name string 64

level Log level string 11

logid Log ID string 10

policyid Policy ID uint32 10

profile string 36

profiletype Profile Type string 36

proto Protocol number uint8 3

service Service name string 80

sessionid Session ID uint32 10

srcdomain string 255

srcintf Source Interface string 64

srcintfrole Source Interface's assigned role (LAN, WAN, etc.) string 10

srcip Source IP ip 39

FortiOS 6.4.7 Log Reference 83


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

srcport Source Port uint16 5

subtype Log subtype string 20

time Time string 8

type Log type string 16

tz string 5

unauthuser Unauthenticated user string 66

unauthusersource Unauthenticated user source string 66

user User name string 256

vd Virtual domain name string 32

vrf Virtual Routing Forwarding uint8 3

28677 - LOGID_APP_CTRL_IM_CHAT_BLOCK

Message ID: 28677


Message Description: LOGID_APP_CTRL_IM_CHAT_BLOCK
Message Meaning: Application control IM (chat blocked)
Type: App
Category: SIGNATURE
Severity: Information

Log Field Name Description Data Type Length

action The status of the session: pass - Application is allowed block - string 16
Application is blocked (silent) reject - Quarantine reset -
Application is blocked and Reset was sent Sometimes, there is
a block page for blocking

app Application name string 96

appcat Application category name string 64

applist Application Control profile name string 64

authserver Authentication server for the user string 64

date Date string 10

devid Deivce ID string 16

direction Direction of the packets string 8

dstintf Destination Interface string 64

FortiOS 6.4.7 Log Reference 84


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

dstintfrole Destination Interface's assigned role (LAN, WAN, etc.) string 10

dstip Destination IP ip 39

dstport Destination Port uint16 5

eventtime Event Time uint64 20

eventtype App Control Event Type string 32

fctuid FortiClient User ID string 32

group User group name string 64

level Log level string 11

logid Log ID string 10

policyid Policy ID uint32 10

profile string 36

profiletype Profile Type string 36

proto Protocol number uint8 3

service Service name string 80

sessionid Session ID uint32 10

srcdomain string 255

srcintf Source Interface string 64

srcintfrole Source Interface's assigned role (LAN, WAN, etc.) string 10

srcip Source IP ip 39

srcport Source Port uint16 5

subtype Log subtype string 20

time Time string 8

type Log type string 16

tz string 5

unauthuser Unauthenticated user string 66

unauthusersource Unauthenticated user source string 66

user User name string 256

vd Virtual domain name string 32

vrf Virtual Routing Forwarding uint8 3

FortiOS 6.4.7 Log Reference 85


Fortinet, Inc.
Log Messages

28678 - LOGID_APP_CTRL_IM_BLOCK

Message ID: 28678


Message Description: LOGID_APP_CTRL_IM_BLOCK
Message Meaning: Application control IM (blocked)
Type: App
Category: SIGNATURE
Severity: Information

Log Field Name Description Data Type Length

action The status of the session: pass - Application is allowed block - string 16
Application is blocked (silent) reject - Quarantine reset -
Application is blocked and Reset was sent Sometimes, there is
a block page for blocking

app Application name string 96

appcat Application category name string 64

applist Application Control profile name string 64

authserver Authentication server for the user string 64

date Date string 10

devid Deivce ID string 16

direction Direction of the packets string 8

dstintf Destination Interface string 64

dstintfrole Destination Interface's assigned role (LAN, WAN, etc.) string 10

dstip Destination IP ip 39

dstport Destination Port uint16 5

eventtime Event Time uint64 20

eventtype App Control Event Type string 32

fctuid FortiClient User ID string 32

group User group name string 64

level Log level string 11

logid Log ID string 10

policyid Policy ID uint32 10

profile string 36

profiletype Profile Type string 36

FortiOS 6.4.7 Log Reference 86


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

proto Protocol number uint8 3

service Service name string 80

sessionid Session ID uint32 10

srcdomain string 255

srcintf Source Interface string 64

srcintfrole Source Interface's assigned role (LAN, WAN, etc.) string 10

srcip Source IP ip 39

srcport Source Port uint16 5

subtype Log subtype string 20

time Time string 8

type Log type string 16

tz string 5

unauthuser Unauthenticated user string 66

unauthusersource Unauthenticated user source string 66

user User name string 256

vd Virtual domain name string 32

vrf Virtual Routing Forwarding uint8 3

28704 - LOGID_APP_CTRL_IPS_PASS

Message ID: 28704


Message Description: LOGID_APP_CTRL_IPS_PASS
Message Meaning: Application control (IPS) (pass)
Type: App
Category: SIGNATURE
Severity: Information

Log Field Name Description Data Type Length

action The status of the session: pass - Application is allowed block - string 16
Application is blocked (silent) reject - Quarantine reset -
Application is blocked and Reset was sent Sometimes, there is
a block page for blocking

app Application name string 96

FortiOS 6.4.7 Log Reference 87


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

appcat Application category name string 64

appid Application ID uint32 10

applist Application Control profile name string 64

apprisk Application risk level string 16

authserver Authentication server for the user string 64

ccertissuer string 64

cloudaction Action performed by cloud application string 32

clouduser User login ID detected by the Deep Application Control feature string 256

craction Client Reputation Action uint32 10

crlevel Client Reputation Level string 10

crscore Client Reputation Score uint32 10

date Date string 10

devid Deivce ID string 16

direction Direction of the packets string 8

dstintf Destination Interface string 64

dstintfrole Destination Interface's assigned role (LAN, WAN, etc.) string 10

dstip Destination IP ip 39

dstport Destination Port uint16 5

eventtime Event Time uint64 20

eventtype App Control Event Type string 32

fctuid FortiClient User ID string 32

filename File name string 256

filesize File size in bytes uint64 10

forwardedfor Forwarded For string 128

group User group name string 64

hostname The host name of a URL string 256

incidentserialno Incident serial number uint32 10

level Log level string 11

logid Log ID string 10

msg Log message string 512

FortiOS 6.4.7 Log Reference 88


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

parameters string 512

policyid Policy ID uint32 10

profile string 36

profiletype Profile Type string 36

proto Protocol number uint8 3

rawdata Extended logging data including HTTP method, URL, client string 1024
content type, server content type, user agent, referer, x-
forwarded-for

rawdataid string 10

scertcname server certificate name string 64

scertissuer server certificate issuer string 64

service Service name string 80

sessionid Session ID uint32 10

srcdomain string 255

srcintf Source Interface string 64

srcintfrole Source Interface's assigned role (LAN, WAN, etc.) string 10

srcip Source IP ip 39

srcport Source Port uint16 5

subtype Log subtype string 20

time Time string 8

trueclntip True-Client-IP ip 39

type Log type string 16

tz string 5

unauthuser Unauthenticated user string 66

unauthusersource Unauthenticated user source string 66

url The URL address string 512

user User name string 256

vd Virtual domain name string 32

vrf Virtual Routing Forwarding uint8 3

28705 - LOGID_APP_CTRL_IPS_BLOCK

Message ID: 28705

FortiOS 6.4.7 Log Reference 89


Fortinet, Inc.
Log Messages

Message Description: LOGID_APP_CTRL_IPS_BLOCK


Message Meaning: Application control (IPS) (block)
Type: App
Category: SIGNATURE
Severity: Warning

Log Field Name Description Data Type Length

action The status of the session: pass - Application is allowed block - string 16
Application is blocked (silent) reject - Quarantine reset -
Application is blocked and Reset was sent Sometimes, there is
a block page for blocking

app Application name string 96

appcat Application category name string 64

appid Application ID uint32 10

applist Application Control profile name string 64

apprisk Application risk level string 16

authserver Authentication server for the user string 64

ccertissuer string 64

cloudaction Action performed by cloud application string 32

clouduser User login ID detected by the Deep Application Control feature string 256

craction Client Reputation Action uint32 10

crlevel Client Reputation Level string 10

crscore Client Reputation Score uint32 10

date Date string 10

devid Deivce ID string 16

direction Direction of the packets string 8

dstintf Destination Interface string 64

dstintfrole Destination Interface's assigned role (LAN, WAN, etc.) string 10

dstip Destination IP ip 39

dstport Destination Port uint16 5

eventtime Event Time uint64 20

eventtype App Control Event Type string 32

fctuid FortiClient User ID string 32

filename File name string 256

FortiOS 6.4.7 Log Reference 90


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

filesize File size in bytes uint64 10

forwardedfor Forwarded For string 128

group User group name string 64

hostname The host name of a URL string 256

incidentserialno Incident serial number uint32 10

level Log level string 11

logid Log ID string 10

msg Log message string 512

parameters string 512

policyid Policy ID uint32 10

profile string 36

profiletype Profile Type string 36

proto Protocol number uint8 3

rawdata Extended logging data including HTTP method, URL, client string 1024
content type, server content type, user agent, referer, x-
forwarded-for

rawdataid string 10

scertcname server certificate name string 64

scertissuer server certificate issuer string 64

service Service name string 80

sessionid Session ID uint32 10

srcdomain string 255

srcintf Source Interface string 64

srcintfrole Source Interface's assigned role (LAN, WAN, etc.) string 10

srcip Source IP ip 39

srcport Source Port uint16 5

subtype Log subtype string 20

time Time string 8

trueclntip True-Client-IP ip 39

type Log type string 16

tz string 5

FortiOS 6.4.7 Log Reference 91


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

unauthuser Unauthenticated user string 66

unauthusersource Unauthenticated user source string 66

url The URL address string 512

user User name string 256

vd Virtual domain name string 32

vrf Virtual Routing Forwarding uint8 3

28706 - LOGID_APP_CTRL_IPS_RESET

Message ID: 28706


Message Description: LOGID_APP_CTRL_IPS_RESET
Message Meaning: Application control (IPS) (reset)
Type: App
Category: SIGNATURE
Severity: Warning

Log Field Name Description Data Type Length

action The status of the session: pass - Application is allowed block - string 16
Application is blocked (silent) reject - Quarantine reset -
Application is blocked and Reset was sent Sometimes, there is
a block page for blocking

app Application name string 96

appcat Application category name string 64

appid Application ID uint32 10

applist Application Control profile name string 64

apprisk Application risk level string 16

authserver Authentication server for the user string 64

ccertissuer string 64

cloudaction Action performed by cloud application string 32

clouduser User login ID detected by the Deep Application Control feature string 256

craction Client Reputation Action uint32 10

crlevel Client Reputation Level string 10

crscore Client Reputation Score uint32 10

FortiOS 6.4.7 Log Reference 92


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

date Date string 10

devid Deivce ID string 16

direction Direction of the packets string 8

dstintf Destination Interface string 64

dstintfrole Destination Interface's assigned role (LAN, WAN, etc.) string 10

dstip Destination IP ip 39

dstport Destination Port uint16 5

eventtime Event Time uint64 20

eventtype App Control Event Type string 32

fctuid FortiClient User ID string 32

filename File name string 256

filesize File size in bytes uint64 10

forwardedfor Forwarded For string 128

group User group name string 64

hostname The host name of a URL string 256

incidentserialno Incident serial number uint32 10

level Log level string 11

logid Log ID string 10

msg Log message string 512

parameters string 512

policyid Policy ID uint32 10

profile string 36

profiletype Profile Type string 36

proto Protocol number uint8 3

rawdata Extended logging data including HTTP method, URL, client string 1024
content type, server content type, user agent, referer, x-
forwarded-for

rawdataid string 10

scertcname server certificate name string 64

scertissuer server certificate issuer string 64

service Service name string 80

FortiOS 6.4.7 Log Reference 93


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

sessionid Session ID uint32 10

srcdomain string 255

srcintf Source Interface string 64

srcintfrole Source Interface's assigned role (LAN, WAN, etc.) string 10

srcip Source IP ip 39

srcport Source Port uint16 5

subtype Log subtype string 20

time Time string 8

trueclntip True-Client-IP ip 39

type Log type string 16

tz string 5

unauthuser Unauthenticated user string 66

unauthusersource Unauthenticated user source string 66

url The URL address string 512

user User name string 256

vd Virtual domain name string 32

vrf Virtual Routing Forwarding uint8 3

28720 - LOGID_APP_CTRL_SSH_PASS

Message ID: 28720


Message Description: LOGID_APP_CTRL_SSH_PASS
Message Meaning: Application control IM (SSH) (pass)
Type: App
Category: SIGNATURE
Severity: Information

Log Field Name Description Data Type Length

action The status of the session: pass - Application is allowed block - string 16
Application is blocked (silent) reject - Quarantine reset -
Application is blocked and Reset was sent Sometimes, there is
a block page for blocking

app Application name string 96

FortiOS 6.4.7 Log Reference 94


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

appcat Application category name string 64

applist Application Control profile name string 64

authserver Authentication server for the user string 64

date Date string 10

devid Deivce ID string 16

direction Direction of the packets string 8

dstintf Destination Interface string 64

dstintfrole Destination Interface's assigned role (LAN, WAN, etc.) string 10

dstip Destination IP ip 39

dstport Destination Port uint16 5

eventtime Event Time uint64 20

eventtype App Control Event Type string 32

fctuid FortiClient User ID string 32

group User group name string 64

level Log level string 11

logid Log ID string 10

policyid Policy ID uint32 10

profile string 36

profiletype Profile Type string 36

proto Protocol number uint8 3

service Service name string 80

sessionid Session ID uint32 10

srcdomain string 255

srcintf Source Interface string 64

srcintfrole Source Interface's assigned role (LAN, WAN, etc.) string 10

srcip Source IP ip 39

srcport Source Port uint16 5

subtype Log subtype string 20

time Time string 8

type Log type string 16

FortiOS 6.4.7 Log Reference 95


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

tz string 5

unauthuser Unauthenticated user string 66

unauthusersource Unauthenticated user source string 66

user User name string 256

vd Virtual domain name string 32

vrf Virtual Routing Forwarding uint8 3

28721 - LOGID_APP_CTRL_SSH_BLOCK

Message ID: 28721


Message Description: LOGID_APP_CTRL_SSH_BLOCK
Message Meaning: Application control IM (SSH) (block)
Type: App
Category: SIGNATURE
Severity: Warning

Log Field Name Description Data Type Length

action The status of the session: pass - Application is allowed block - string 16
Application is blocked (silent) reject - Quarantine reset -
Application is blocked and Reset was sent Sometimes, there is
a block page for blocking

app Application name string 96

appcat Application category name string 64

applist Application Control profile name string 64

authserver Authentication server for the user string 64

date Date string 10

devid Deivce ID string 16

direction Direction of the packets string 8

dstintf Destination Interface string 64

dstintfrole Destination Interface's assigned role (LAN, WAN, etc.) string 10

dstip Destination IP ip 39

dstport Destination Port uint16 5

eventtime Event Time uint64 20

FortiOS 6.4.7 Log Reference 96


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

eventtype App Control Event Type string 32

fctuid FortiClient User ID string 32

group User group name string 64

level Log level string 11

logid Log ID string 10

policyid Policy ID uint32 10

profile string 36

profiletype Profile Type string 36

proto Protocol number uint8 3

service Service name string 80

sessionid Session ID uint32 10

srcdomain string 255

srcintf Source Interface string 64

srcintfrole Source Interface's assigned role (LAN, WAN, etc.) string 10

srcip Source IP ip 39

srcport Source Port uint16 5

subtype Log subtype string 20

time Time string 8

type Log type string 16

tz string 5

unauthuser Unauthenticated user string 66

unauthusersource Unauthenticated user source string 66

user User name string 256

vd Virtual domain name string 32

vrf Virtual Routing Forwarding uint8 3

28736 - LOGID_APP_CTRL_PORT_ENF

Message ID: 28736


Message Description: LOGID_APP_CTRL_PORT_ENF
Message Meaning: Application control port enforcement
Type: App
Category: PORT-VIOLATION

FortiOS 6.4.7 Log Reference 97


Fortinet, Inc.
Log Messages

Severity: Warning

Log Field Name Description Data Type Length

action The status of the session: pass - Application is allowed block - string 16
Application is blocked (silent) reject - Quarantine reset -
Application is blocked and Reset was sent Sometimes, there is
a block page for blocking

app Application name string 96

appcat Application category name string 64

appid Application ID uint32 10

applist Application Control profile name string 64

apprisk Application risk level string 16

authserver Authentication server for the user string 64

ccertissuer string 64

cloudaction Action performed by cloud application string 32

clouduser User login ID detected by the Deep Application Control feature string 256

craction Client Reputation Action uint32 10

crlevel Client Reputation Level string 10

crscore Client Reputation Score uint32 10

date Date string 10

devid Deivce ID string 16

direction Direction of the packets string 8

dstintf Destination Interface string 64

dstintfrole Destination Interface's assigned role (LAN, WAN, etc.) string 10

dstip Destination IP ip 39

dstport Destination Port uint16 5

eventtime Event Time uint64 20

eventtype App Control Event Type string 32

fctuid FortiClient User ID string 32

filename File name string 256

filesize File size in bytes uint64 10

forwardedfor Forwarded For string 128

group User group name string 64

hostname The host name of a URL string 256

FortiOS 6.4.7 Log Reference 98


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

incidentserialno Incident serial number uint32 10

level Log level string 11

logid Log ID string 10

msg Log message string 512

parameters string 512

policyid Policy ID uint32 10

profile string 36

profiletype Profile Type string 36

proto Protocol number uint8 3

rawdata Extended logging data including HTTP method, URL, client string 1024
content type, server content type, user agent, referer, x-
forwarded-for

rawdataid string 10

scertcname server certificate name string 64

scertissuer server certificate issuer string 64

service Service name string 80

sessionid Session ID uint32 10

srcdomain string 255

srcintf Source Interface string 64

srcintfrole Source Interface's assigned role (LAN, WAN, etc.) string 10

srcip Source IP ip 39

srcport Source Port uint16 5

subtype Log subtype string 20

time Time string 8

trueclntip True-Client-IP ip 39

type Log type string 16

tz string 5

unauthuser Unauthenticated user string 66

unauthusersource Unauthenticated user source string 66

url The URL address string 512

user User name string 256

FortiOS 6.4.7 Log Reference 99


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

vd Virtual domain name string 32

vrf Virtual Routing Forwarding uint8 3

28737 - LOGID_APP_CTRL_PROTO_ENF

Message ID: 28737


Message Description: LOGID_APP_CTRL_PROTO_ENF
Message Meaning: Application control protocol enforcement
Type: App
Category: PROTOCOL-VIOLATION
Severity: Warning

Log Field Name Description Data Type Length

action The status of the session: pass - Application is allowed block - string 16
Application is blocked (silent) reject - Quarantine reset -
Application is blocked and Reset was sent Sometimes, there is
a block page for blocking

app Application name string 96

appcat Application category name string 64

appid Application ID uint32 10

applist Application Control profile name string 64

apprisk Application risk level string 16

authserver Authentication server for the user string 64

ccertissuer string 64

cloudaction Action performed by cloud application string 32

clouduser User login ID detected by the Deep Application Control feature string 256

craction Client Reputation Action uint32 10

crlevel Client Reputation Level string 10

crscore Client Reputation Score uint32 10

date Date string 10

devid Deivce ID string 16

direction Direction of the packets string 8

dstintf Destination Interface string 64

FortiOS 6.4.7 Log Reference 100


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

dstintfrole Destination Interface's assigned role (LAN, WAN, etc.) string 10

dstip Destination IP ip 39

dstport Destination Port uint16 5

eventtime Event Time uint64 20

eventtype App Control Event Type string 32

fctuid FortiClient User ID string 32

filename File name string 256

filesize File size in bytes uint64 10

forwardedfor Forwarded For string 128

group User group name string 64

hostname The host name of a URL string 256

incidentserialno Incident serial number uint32 10

level Log level string 11

logid Log ID string 10

msg Log message string 512

parameters string 512

policyid Policy ID uint32 10

profile string 36

profiletype Profile Type string 36

proto Protocol number uint8 3

rawdata Extended logging data including HTTP method, URL, client string 1024
content type, server content type, user agent, referer, x-
forwarded-for

rawdataid string 10

scertcname server certificate name string 64

scertissuer server certificate issuer string 64

service Service name string 80

sessionid Session ID uint32 10

srcdomain string 255

srcintf Source Interface string 64

srcintfrole Source Interface's assigned role (LAN, WAN, etc.) string 10

FortiOS 6.4.7 Log Reference 101


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

srcip Source IP ip 39

srcport Source Port uint16 5

subtype Log subtype string 20

time Time string 8

trueclntip True-Client-IP ip 39

type Log type string 16

tz string 5

unauthuser Unauthenticated user string 66

unauthusersource Unauthenticated user source string 66

url The URL address string 512

user User name string 256

vd Virtual domain name string 32

vrf Virtual Routing Forwarding uint8 3

AV

8192 - MESGID_INFECT_WARNING

Message ID: 8192


Message Description: MESGID_INFECT_WARNING
Message Meaning: Infected file detected by the FortiGate unit and blocked
Type: AV
Category: INFECTED
Severity: Warning

Log Field Name Description Data Type Length

action The status of the session: blocked - Blocked infected file by AV string 17
engine passthrough - Allowed by AV engine monitored - Log,
but do NOT block infected file analytics - Submitted to
Sandbox for analysis

agent User agent - eg. agent="Mozilla/5.0" string 64

analyticscksum The checksum of the file submitted for analytics string 64

analyticssubmit The flag for analytics submission string 10

FortiOS 6.4.7 Log Reference 102


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

attachment string 3

authserver Server used to authenticate the involved user string 64

cc string 512

cdrcontent string 256

checksum The checksum of the scanned file string 16

contentdisarmed Content Disarm action- eg. disarmed, detected string 13

craction Threat Weight action uint32 10

crlevel Threat Weight Level string 10

crscore Threat Weight Score uint32 10

date Date string 10

devid string 16

direction Message/packets direction string 8

dstintf Destination Interface string 32

dstintfrole Destination Interface's assigned role (LAN, WAN, etc.) string 10

dstip Destination IP Address ip 39

dstport Destination Port uint16 5

dtype Data type for virus category string 32

eventtime Time when detection occured uint64 20

eventtype Event type of AV string 32

fctuid Forticlient user ID string 32

filehash Used by Outbreak Prevention External Hash: the hash string 64


signature used in the detection

filehashsrc Used by Outbreak Prevention External Hash: external source string 32


that provided the hash signature

filename File name string 256

filetype File type string 16

forwardedfor string 128

from Email address from the Email Headers (IMAP/POP3/SMTP) string 128

group Group name (authentication) string 64

level Log level string 11

logid Log ID string 10

FortiOS 6.4.7 Log Reference 103


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

msg Log message string 4096

policyid Policy ID uint32 10

profile The name of the profile that was used to detect and take action string 64

proto Protocol number uint8 3

quarskip Quarantine skip explanation string 46

rawdata string 1024

recipient Email addresses from the SMTP envelope string 512

ref The URL of the FortiGuard IPS database entry for the attack string 512

sender Email address from the SMTP envelope string 128

service Proxy service which scanned this traffic string 5

sessionid Session ID uint32 10

srcdomain string 255

srcintf Source Interface string 32

srcintfrole Source Interface's assigned role (LAN, WAN, etc.) string 10

srcip Source IP Address ip 39

srcport Source Port uint16 5

subject string 256

subservice string 16

subtype Subtype of the virus log string 20

time Time string 8

to Email address(es) from the Email Headers string 512


(IMAP/POP3/SMTP)

trueclntip ip 39

type Log type string 16

tz Time Zone string 5

unauthuser string 66

unauthusersource string 66

url The URL address string 512

user Username (authentication) string 256

vd VDOM name string 32

virus Virus Name string 128

FortiOS 6.4.7 Log Reference 104


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

virusid Virus ID (unique virus identifier) uint32 10

vrf uint8 3

8193 - MESGID_INFECT_NOTIF

Message ID: 8193


Message Description: MESGID_INFECT_NOTIF
Message Meaning: Infected file detected by the FortiGate unit and it passed
Type: AV
Category: INFECTED
Severity: Notice

Log Field Name Description Data Type Length

action The status of the session: blocked - Blocked infected file by AV string 17
engine passthrough - Allowed by AV engine monitored - Log,
but do NOT block infected file analytics - Submitted to
Sandbox for analysis

agent User agent - eg. agent="Mozilla/5.0" string 64

analyticscksum The checksum of the file submitted for analytics string 64

analyticssubmit The flag for analytics submission string 10

attachment string 3

authserver Server used to authenticate the involved user string 64

cc string 512

cdrcontent string 256

checksum The checksum of the scanned file string 16

contentdisarmed Content Disarm action- eg. disarmed, detected string 13

craction Threat Weight action uint32 10

crlevel Threat Weight Level string 10

crscore Threat Weight Score uint32 10

date Date string 10

devid string 16

direction Message/packets direction string 8

dstintf Destination Interface string 32

FortiOS 6.4.7 Log Reference 105


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

dstintfrole Destination Interface's assigned role (LAN, WAN, etc.) string 10

dstip Destination IP Address ip 39

dstport Destination Port uint16 5

dtype Data type for virus category string 32

eventtime Time when detection occured uint64 20

eventtype Event type of AV string 32

fctuid Forticlient user ID string 32

filehash Used by Outbreak Prevention External Hash: the hash string 64


signature used in the detection

filehashsrc Used by Outbreak Prevention External Hash: external source string 32


that provided the hash signature

filename File name string 256

filetype File type string 16

forwardedfor string 128

from Email address from the Email Headers (IMAP/POP3/SMTP) string 128

group Group name (authentication) string 64

level Log level string 11

logid Log ID string 10

msg Log message string 4096

policyid Policy ID uint32 10

profile The name of the profile that was used to detect and take action string 64

proto Protocol number uint8 3

quarskip Quarantine skip explanation string 46

rawdata string 1024

recipient Email addresses from the SMTP envelope string 512

ref The URL of the FortiGuard IPS database entry for the attack string 512

sender Email address from the SMTP envelope string 128

service Proxy service which scanned this traffic string 5

sessionid Session ID uint32 10

srcdomain string 255

srcintf Source Interface string 32

FortiOS 6.4.7 Log Reference 106


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

srcintfrole Source Interface's assigned role (LAN, WAN, etc.) string 10

srcip Source IP Address ip 39

srcport Source Port uint16 5

subject string 256

subservice string 16

subtype Subtype of the virus log string 20

time Time string 8

to Email address(es) from the Email Headers string 512


(IMAP/POP3/SMTP)

trueclntip ip 39

type Log type string 16

tz Time Zone string 5

unauthuser string 66

unauthusersource string 66

url The URL address string 512

user Username (authentication) string 256

vd VDOM name string 32

virus Virus Name string 128

virusid Virus ID (unique virus identifier) uint32 10

vrf uint8 3

8194 - MESGID_INFECT_MIME_WARNING

Message ID: 8194


Message Description: MESGID_INFECT_MIME_WARNING
Message Meaning: MIME header detected to have a virus and blocked
Type: AV
Category: INFECTED
Severity: Warning

FortiOS 6.4.7 Log Reference 107


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

action The status of the session: blocked - Blocked infected file by AV string 17
engine passthrough - Allowed by AV engine monitored - Log,
but do NOT block infected file analytics - Submitted to
Sandbox for analysis

agent User agent - eg. agent="Mozilla/5.0" string 64

analyticscksum The checksum of the file submitted for analytics string 64

analyticssubmit The flag for analytics submission string 10

attachment string 3

authserver Server used to authenticate the involved user string 64

cc string 512

cdrcontent string 256

checksum The checksum of the scanned file string 16

contentdisarmed Content Disarm action- eg. disarmed, detected string 13

craction Threat Weight action uint32 10

crlevel Threat Weight Level string 10

crscore Threat Weight Score uint32 10

date Date string 10

devid string 16

direction Message/packets direction string 8

dstintf Destination Interface string 32

dstintfrole Destination Interface's assigned role (LAN, WAN, etc.) string 10

dstip Destination IP Address ip 39

dstport Destination Port uint16 5

dtype Data type for virus category string 32

eventtime Time when detection occured uint64 20

eventtype Event type of AV string 32

fctuid Forticlient user ID string 32

filehash Used by Outbreak Prevention External Hash: the hash string 64


signature used in the detection

filehashsrc Used by Outbreak Prevention External Hash: external source string 32


that provided the hash signature

filename File name string 256

FortiOS 6.4.7 Log Reference 108


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

filetype File type string 16

forwardedfor string 128

from Email address from the Email Headers (IMAP/POP3/SMTP) string 128

group Group name (authentication) string 64

level Log level string 11

logid Log ID string 10

msg Log message string 4096

policyid Policy ID uint32 10

profile The name of the profile that was used to detect and take action string 64

proto Protocol number uint8 3

quarskip Quarantine skip explanation string 46

rawdata string 1024

recipient Email addresses from the SMTP envelope string 512

ref The URL of the FortiGuard IPS database entry for the attack string 512

sender Email address from the SMTP envelope string 128

service Proxy service which scanned this traffic string 5

sessionid Session ID uint32 10

srcdomain string 255

srcintf Source Interface string 32

srcintfrole Source Interface's assigned role (LAN, WAN, etc.) string 10

srcip Source IP Address ip 39

srcport Source Port uint16 5

subject string 256

subservice string 16

subtype Subtype of the virus log string 20

time Time string 8

to Email address(es) from the Email Headers string 512


(IMAP/POP3/SMTP)

trueclntip ip 39

type Log type string 16

tz Time Zone string 5

FortiOS 6.4.7 Log Reference 109


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

unauthuser string 66

unauthusersource string 66

url The URL address string 512

user Username (authentication) string 256

vd VDOM name string 32

virus Virus Name string 128

virusid Virus ID (unique virus identifier) uint32 10

vrf uint8 3

8195 - MESGID_INFECT_MIME_NOTIF

Message ID: 8195


Message Description: MESGID_INFECT_MIME_NOTIF
Message Meaning: MIME header infected and passed
Type: AV
Category: INFECTED
Severity: Notice

Log Field Name Description Data Type Length

action The status of the session: blocked - Blocked infected file by AV string 17
engine passthrough - Allowed by AV engine monitored - Log,
but do NOT block infected file analytics - Submitted to
Sandbox for analysis

agent User agent - eg. agent="Mozilla/5.0" string 64

analyticscksum The checksum of the file submitted for analytics string 64

analyticssubmit The flag for analytics submission string 10

attachment string 3

authserver Server used to authenticate the involved user string 64

cc string 512

cdrcontent string 256

checksum The checksum of the scanned file string 16

contentdisarmed Content Disarm action- eg. disarmed, detected string 13

craction Threat Weight action uint32 10

FortiOS 6.4.7 Log Reference 110


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

crlevel Threat Weight Level string 10

crscore Threat Weight Score uint32 10

date Date string 10

devid string 16

direction Message/packets direction string 8

dstintf Destination Interface string 32

dstintfrole Destination Interface's assigned role (LAN, WAN, etc.) string 10

dstip Destination IP Address ip 39

dstport Destination Port uint16 5

dtype Data type for virus category string 32

eventtime Time when detection occured uint64 20

eventtype Event type of AV string 32

fctuid Forticlient user ID string 32

filehash Used by Outbreak Prevention External Hash: the hash string 64


signature used in the detection

filehashsrc Used by Outbreak Prevention External Hash: external source string 32


that provided the hash signature

filename File name string 256

filetype File type string 16

forwardedfor string 128

from Email address from the Email Headers (IMAP/POP3/SMTP) string 128

group Group name (authentication) string 64

level Log level string 11

logid Log ID string 10

msg Log message string 4096

policyid Policy ID uint32 10

profile The name of the profile that was used to detect and take action string 64

proto Protocol number uint8 3

quarskip Quarantine skip explanation string 46

rawdata string 1024

recipient Email addresses from the SMTP envelope string 512

FortiOS 6.4.7 Log Reference 111


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

ref The URL of the FortiGuard IPS database entry for the attack string 512

sender Email address from the SMTP envelope string 128

service Proxy service which scanned this traffic string 5

sessionid Session ID uint32 10

srcdomain string 255

srcintf Source Interface string 32

srcintfrole Source Interface's assigned role (LAN, WAN, etc.) string 10

srcip Source IP Address ip 39

srcport Source Port uint16 5

subject string 256

subservice string 16

subtype Subtype of the virus log string 20

time Time string 8

to Email address(es) from the Email Headers string 512


(IMAP/POP3/SMTP)

trueclntip ip 39

type Log type string 16

tz Time Zone string 5

unauthuser string 66

unauthusersource string 66

url The URL address string 512

user Username (authentication) string 256

vd VDOM name string 32

virus Virus Name string 128

virusid Virus ID (unique virus identifier) uint32 10

vrf uint8 3

8200 - MESGID_MIME_FILETYPE_EXE_WARNING

Message ID: 8200


Message Description: MESGID_MIME_FILETYPE_EXE_WARNING
Message Meaning: File is an executable (warning)
Type: AV

FortiOS 6.4.7 Log Reference 112


Fortinet, Inc.
Log Messages

Category: FILETYPE-EXECUTABLE
Severity: Warning

Log Field Name Description Data Type Length

action The status of the session: blocked - Blocked infected file by AV string 17
engine passthrough - Allowed by AV engine monitored - Log,
but do NOT block infected file analytics - Submitted to
Sandbox for analysis

analyticscksum The checksum of the file submitted for analytics string 64

analyticssubmit The flag for analytics submission string 10

attachment string 3

authserver Server used to authenticate the involved user string 64

cc string 512

checksum The checksum of the scanned file string 16

craction Threat Weight action uint32 10

crlevel Threat Weight Level string 10

crscore Threat Weight Score uint32 10

date Date string 10

devid string 16

direction Message/packets direction string 8

dstintf Destination Interface string 32

dstintfrole Destination Interface's assigned role (LAN, WAN, etc.) string 10

dstip Destination IP Address ip 39

dstport Destination Port uint16 5

dtype Data type for virus category string 32

eventtime Time when detection occured uint64 20

eventtype Event type of AV string 32

fctuid Forticlient user ID string 32

filename File name string 256

forwardedfor string 128

from Email address from the Email Headers (IMAP/POP3/SMTP) string 128

group Group name (authentication) string 64

level Log level string 11

logid Log ID string 10

FortiOS 6.4.7 Log Reference 113


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

msg Log message string 4096

policyid Policy ID uint32 10

profile The name of the profile that was used to detect and take action string 64

proto Protocol number uint8 3

quarskip Quarantine skip explanation string 46

recipient Email addresses from the SMTP envelope string 512

sender Email address from the SMTP envelope string 128

service Proxy service which scanned this traffic string 5

sessionid Session ID uint32 10

srcdomain string 255

srcintf Source Interface string 32

srcintfrole Source Interface's assigned role (LAN, WAN, etc.) string 10

srcip Source IP Address ip 39

srcport Source Port uint16 5

subject string 256

subservice string 16

subtype Subtype of the virus log string 20

time Time string 8

to Email address(es) from the Email Headers string 512


(IMAP/POP3/SMTP)

trueclntip ip 39

type Log type string 16

tz Time Zone string 5

unauthuser string 66

unauthusersource string 66

user Username (authentication) string 256

vd VDOM name string 32

vrf uint8 3

8201 - MESGID_MIME_FILETYPE_EXE_NOTIF

Message ID: 8201


Message Description: MESGID_MIME_FILETYPE_EXE_NOTIF

FortiOS 6.4.7 Log Reference 114


Fortinet, Inc.
Log Messages

Message Meaning: File is an executable (notice)


Type: AV
Category: FILETYPE-EXECUTABLE
Severity: Notice

Log Field Name Description Data Type Length

action The status of the session: blocked - Blocked infected file by AV string 17
engine passthrough - Allowed by AV engine monitored - Log,
but do NOT block infected file analytics - Submitted to
Sandbox for analysis

analyticscksum The checksum of the file submitted for analytics string 64

analyticssubmit The flag for analytics submission string 10

attachment string 3

authserver Server used to authenticate the involved user string 64

cc string 512

checksum The checksum of the scanned file string 16

craction Threat Weight action uint32 10

crlevel Threat Weight Level string 10

crscore Threat Weight Score uint32 10

date Date string 10

devid string 16

direction Message/packets direction string 8

dstintf Destination Interface string 32

dstintfrole Destination Interface's assigned role (LAN, WAN, etc.) string 10

dstip Destination IP Address ip 39

dstport Destination Port uint16 5

dtype Data type for virus category string 32

eventtime Time when detection occured uint64 20

eventtype Event type of AV string 32

fctuid Forticlient user ID string 32

filename File name string 256

forwardedfor string 128

from Email address from the Email Headers (IMAP/POP3/SMTP) string 128

group Group name (authentication) string 64

FortiOS 6.4.7 Log Reference 115


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

level Log level string 11

logid Log ID string 10

msg Log message string 4096

policyid Policy ID uint32 10

profile The name of the profile that was used to detect and take action string 64

proto Protocol number uint8 3

quarskip Quarantine skip explanation string 46

recipient Email addresses from the SMTP envelope string 512

sender Email address from the SMTP envelope string 128

service Proxy service which scanned this traffic string 5

sessionid Session ID uint32 10

srcdomain string 255

srcintf Source Interface string 32

srcintfrole Source Interface's assigned role (LAN, WAN, etc.) string 10

srcip Source IP Address ip 39

srcport Source Port uint16 5

subject string 256

subservice string 16

subtype Subtype of the virus log string 20

time Time string 8

to Email address(es) from the Email Headers string 512


(IMAP/POP3/SMTP)

trueclntip ip 39

type Log type string 16

tz Time Zone string 5

unauthuser string 66

unauthusersource string 66

user Username (authentication) string 256

vd VDOM name string 32

vrf uint8 3

FortiOS 6.4.7 Log Reference 116


Fortinet, Inc.
Log Messages

8202 - MESGID_AVQUERY_WARNING

Message ID: 8202


Message Description: MESGID_AVQUERY_WARNING
Message Meaning: File reported infected by Outbreak Prevention (warning)
Type: AV
Category: OUTBREAK-PREVENTION
Severity: Warning

Log Field Name Description Data Type Length

action The status of the session: blocked - Blocked infected file by AV string 17
engine passthrough - Allowed by AV engine monitored - Log,
but do NOT block infected file analytics - Submitted to
Sandbox for analysis

agent User agent - eg. agent="Mozilla/5.0" string 64

analyticscksum The checksum of the file submitted for analytics string 64

analyticssubmit The flag for analytics submission string 10

attachment string 3

authserver Server used to authenticate the involved user string 64

cc string 512

cdrcontent string 256

checksum The checksum of the scanned file string 16

contentdisarmed Content Disarm action- eg. disarmed, detected string 13

craction Threat Weight action uint32 10

crlevel Threat Weight Level string 10

crscore Threat Weight Score uint32 10

date Date string 10

devid string 16

direction Message/packets direction string 8

dstintf Destination Interface string 32

dstintfrole Destination Interface's assigned role (LAN, WAN, etc.) string 10

dstip Destination IP Address ip 39

dstport Destination Port uint16 5

dtype Data type for virus category string 32

FortiOS 6.4.7 Log Reference 117


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

eventtime Time when detection occured uint64 20

eventtype Event type of AV string 32

fctuid Forticlient user ID string 32

filehash Used by Outbreak Prevention External Hash: the hash string 64


signature used in the detection

filehashsrc Used by Outbreak Prevention External Hash: external source string 32


that provided the hash signature

filename File name string 256

filetype File type string 16

forwardedfor string 128

from Email address from the Email Headers (IMAP/POP3/SMTP) string 128

group Group name (authentication) string 64

level Log level string 11

logid Log ID string 10

msg Log message string 4096

policyid Policy ID uint32 10

profile The name of the profile that was used to detect and take action string 64

proto Protocol number uint8 3

quarskip Quarantine skip explanation string 46

rawdata string 1024

recipient Email addresses from the SMTP envelope string 512

ref The URL of the FortiGuard IPS database entry for the attack string 512

sender Email address from the SMTP envelope string 128

service Proxy service which scanned this traffic string 5

sessionid Session ID uint32 10

srcdomain string 255

srcintf Source Interface string 32

srcintfrole Source Interface's assigned role (LAN, WAN, etc.) string 10

srcip Source IP Address ip 39

srcport Source Port uint16 5

subject string 256

FortiOS 6.4.7 Log Reference 118


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

subservice string 16

subtype Subtype of the virus log string 20

time Time string 8

to Email address(es) from the Email Headers string 512


(IMAP/POP3/SMTP)

trueclntip ip 39

type Log type string 16

tz Time Zone string 5

unauthuser string 66

unauthusersource string 66

url The URL address string 512

user Username (authentication) string 256

vd VDOM name string 32

virus Virus Name string 128

virusid Virus ID (unique virus identifier) uint32 10

vrf uint8 3

8203 - MESGID_AVQUERY_NOTIF

Message ID: 8203


Message Description: MESGID_AVQUERY_NOTIF
Message Meaning: File reported infected by Outbreak Prevention (notice)
Type: AV
Category: OUTBREAK-PREVENTION
Severity: Notice

Log Field Name Description Data Type Length

action The status of the session: blocked - Blocked infected file by AV string 17
engine passthrough - Allowed by AV engine monitored - Log,
but do NOT block infected file analytics - Submitted to
Sandbox for analysis

agent User agent - eg. agent="Mozilla/5.0" string 64

analyticscksum The checksum of the file submitted for analytics string 64

analyticssubmit The flag for analytics submission string 10

FortiOS 6.4.7 Log Reference 119


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

attachment string 3

authserver Server used to authenticate the involved user string 64

cc string 512

cdrcontent string 256

checksum The checksum of the scanned file string 16

contentdisarmed Content Disarm action- eg. disarmed, detected string 13

craction Threat Weight action uint32 10

crlevel Threat Weight Level string 10

crscore Threat Weight Score uint32 10

date Date string 10

devid string 16

direction Message/packets direction string 8

dstintf Destination Interface string 32

dstintfrole Destination Interface's assigned role (LAN, WAN, etc.) string 10

dstip Destination IP Address ip 39

dstport Destination Port uint16 5

dtype Data type for virus category string 32

eventtime Time when detection occured uint64 20

eventtype Event type of AV string 32

fctuid Forticlient user ID string 32

filehash Used by Outbreak Prevention External Hash: the hash string 64


signature used in the detection

filehashsrc Used by Outbreak Prevention External Hash: external source string 32


that provided the hash signature

filename File name string 256

filetype File type string 16

forwardedfor string 128

from Email address from the Email Headers (IMAP/POP3/SMTP) string 128

group Group name (authentication) string 64

level Log level string 11

logid Log ID string 10

FortiOS 6.4.7 Log Reference 120


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

msg Log message string 4096

policyid Policy ID uint32 10

profile The name of the profile that was used to detect and take action string 64

proto Protocol number uint8 3

quarskip Quarantine skip explanation string 46

rawdata string 1024

recipient Email addresses from the SMTP envelope string 512

ref The URL of the FortiGuard IPS database entry for the attack string 512

sender Email address from the SMTP envelope string 128

service Proxy service which scanned this traffic string 5

sessionid Session ID uint32 10

srcdomain string 255

srcintf Source Interface string 32

srcintfrole Source Interface's assigned role (LAN, WAN, etc.) string 10

srcip Source IP Address ip 39

srcport Source Port uint16 5

subject string 256

subservice string 16

subtype Subtype of the virus log string 20

time Time string 8

to Email address(es) from the Email Headers string 512


(IMAP/POP3/SMTP)

trueclntip ip 39

type Log type string 16

tz Time Zone string 5

unauthuser string 66

unauthusersource string 66

url The URL address string 512

user Username (authentication) string 256

vd VDOM name string 32

virus Virus Name string 128

FortiOS 6.4.7 Log Reference 121


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

virusid Virus ID (unique virus identifier) uint32 10

vrf uint8 3

8204 - MESGID_MIME_AVQUERY_WARNING

Message ID: 8204


Message Description: MESGID_MIME_AVQUERY_WARNING
Message Meaning: MIME data reported infected by Outbreak Prevention (warning)
Type: AV
Category: OUTBREAK-PREVENTION
Severity: Warning

Log Field Name Description Data Type Length

action The status of the session: blocked - Blocked infected file by AV string 17
engine passthrough - Allowed by AV engine monitored - Log,
but do NOT block infected file analytics - Submitted to
Sandbox for analysis

agent User agent - eg. agent="Mozilla/5.0" string 64

analyticscksum The checksum of the file submitted for analytics string 64

analyticssubmit The flag for analytics submission string 10

attachment string 3

authserver Server used to authenticate the involved user string 64

cc string 512

cdrcontent string 256

checksum The checksum of the scanned file string 16

contentdisarmed Content Disarm action- eg. disarmed, detected string 13

craction Threat Weight action uint32 10

crlevel Threat Weight Level string 10

crscore Threat Weight Score uint32 10

date Date string 10

devid string 16

direction Message/packets direction string 8

dstintf Destination Interface string 32

FortiOS 6.4.7 Log Reference 122


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

dstintfrole Destination Interface's assigned role (LAN, WAN, etc.) string 10

dstip Destination IP Address ip 39

dstport Destination Port uint16 5

dtype Data type for virus category string 32

eventtime Time when detection occured uint64 20

eventtype Event type of AV string 32

fctuid Forticlient user ID string 32

filehash Used by Outbreak Prevention External Hash: the hash string 64


signature used in the detection

filehashsrc Used by Outbreak Prevention External Hash: external source string 32


that provided the hash signature

filename File name string 256

filetype File type string 16

forwardedfor string 128

from Email address from the Email Headers (IMAP/POP3/SMTP) string 128

group Group name (authentication) string 64

level Log level string 11

logid Log ID string 10

msg Log message string 4096

policyid Policy ID uint32 10

profile The name of the profile that was used to detect and take action string 64

proto Protocol number uint8 3

quarskip Quarantine skip explanation string 46

rawdata string 1024

recipient Email addresses from the SMTP envelope string 512

ref The URL of the FortiGuard IPS database entry for the attack string 512

sender Email address from the SMTP envelope string 128

service Proxy service which scanned this traffic string 5

sessionid Session ID uint32 10

srcdomain string 255

srcintf Source Interface string 32

FortiOS 6.4.7 Log Reference 123


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

srcintfrole Source Interface's assigned role (LAN, WAN, etc.) string 10

srcip Source IP Address ip 39

srcport Source Port uint16 5

subject string 256

subservice string 16

subtype Subtype of the virus log string 20

time Time string 8

to Email address(es) from the Email Headers string 512


(IMAP/POP3/SMTP)

trueclntip ip 39

type Log type string 16

tz Time Zone string 5

unauthuser string 66

unauthusersource string 66

url The URL address string 512

user Username (authentication) string 256

vd VDOM name string 32

virus Virus Name string 128

virusid Virus ID (unique virus identifier) uint32 10

vrf uint8 3

8205 - MESGID_MIME_AVQUERY_NOTIF

Message ID: 8205


Message Description: MESGID_MIME_AVQUERY_NOTIF
Message Meaning: MIME data reported infected by Outbreak Prevention (notice)
Type: AV
Category: OUTBREAK-PREVENTION
Severity: Notice

FortiOS 6.4.7 Log Reference 124


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

action The status of the session: blocked - Blocked infected file by AV string 17
engine passthrough - Allowed by AV engine monitored - Log,
but do NOT block infected file analytics - Submitted to
Sandbox for analysis

agent User agent - eg. agent="Mozilla/5.0" string 64

analyticscksum The checksum of the file submitted for analytics string 64

analyticssubmit The flag for analytics submission string 10

attachment string 3

authserver Server used to authenticate the involved user string 64

cc string 512

cdrcontent string 256

checksum The checksum of the scanned file string 16

contentdisarmed Content Disarm action- eg. disarmed, detected string 13

craction Threat Weight action uint32 10

crlevel Threat Weight Level string 10

crscore Threat Weight Score uint32 10

date Date string 10

devid string 16

direction Message/packets direction string 8

dstintf Destination Interface string 32

dstintfrole Destination Interface's assigned role (LAN, WAN, etc.) string 10

dstip Destination IP Address ip 39

dstport Destination Port uint16 5

dtype Data type for virus category string 32

eventtime Time when detection occured uint64 20

eventtype Event type of AV string 32

fctuid Forticlient user ID string 32

filehash Used by Outbreak Prevention External Hash: the hash string 64


signature used in the detection

filehashsrc Used by Outbreak Prevention External Hash: external source string 32


that provided the hash signature

filename File name string 256

FortiOS 6.4.7 Log Reference 125


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

filetype File type string 16

forwardedfor string 128

from Email address from the Email Headers (IMAP/POP3/SMTP) string 128

group Group name (authentication) string 64

level Log level string 11

logid Log ID string 10

msg Log message string 4096

policyid Policy ID uint32 10

profile The name of the profile that was used to detect and take action string 64

proto Protocol number uint8 3

quarskip Quarantine skip explanation string 46

rawdata string 1024

recipient Email addresses from the SMTP envelope string 512

ref The URL of the FortiGuard IPS database entry for the attack string 512

sender Email address from the SMTP envelope string 128

service Proxy service which scanned this traffic string 5

sessionid Session ID uint32 10

srcdomain string 255

srcintf Source Interface string 32

srcintfrole Source Interface's assigned role (LAN, WAN, etc.) string 10

srcip Source IP Address ip 39

srcport Source Port uint16 5

subject string 256

subservice string 16

subtype Subtype of the virus log string 20

time Time string 8

to Email address(es) from the Email Headers string 512


(IMAP/POP3/SMTP)

trueclntip ip 39

type Log type string 16

tz Time Zone string 5

FortiOS 6.4.7 Log Reference 126


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

unauthuser string 66

unauthusersource string 66

url The URL address string 512

user Username (authentication) string 256

vd VDOM name string 32

virus Virus Name string 128

virusid Virus ID (unique virus identifier) uint32 10

vrf uint8 3

8212 - MESGID_MALWARE_LIST_WARNING

Message ID: 8212


Message Description: MESGID_MALWARE_LIST_WARNING
Message Meaning: File reported infected by external malware list (warning)
Type: AV
Category: MALWARE-LIST
Severity: Warning

Log Field Name Description Data Type Length

action The status of the session: blocked - Blocked infected file by AV string 17
engine passthrough - Allowed by AV engine monitored - Log,
but do NOT block infected file analytics - Submitted to
Sandbox for analysis

agent User agent - eg. agent="Mozilla/5.0" string 64

analyticscksum The checksum of the file submitted for analytics string 64

analyticssubmit The flag for analytics submission string 10

attachment string 3

authserver Server used to authenticate the involved user string 64

cc string 512

cdrcontent string 256

checksum The checksum of the scanned file string 16

contentdisarmed Content Disarm action- eg. disarmed, detected string 13

craction Threat Weight action uint32 10

FortiOS 6.4.7 Log Reference 127


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

crlevel Threat Weight Level string 10

crscore Threat Weight Score uint32 10

date Date string 10

devid string 16

direction Message/packets direction string 8

dstintf Destination Interface string 32

dstintfrole Destination Interface's assigned role (LAN, WAN, etc.) string 10

dstip Destination IP Address ip 39

dstport Destination Port uint16 5

dtype Data type for virus category string 32

eventtime Time when detection occured uint64 20

eventtype Event type of AV string 32

fctuid Forticlient user ID string 32

filehash Used by Outbreak Prevention External Hash: the hash string 64


signature used in the detection

filehashsrc Used by Outbreak Prevention External Hash: external source string 32


that provided the hash signature

filename File name string 256

filetype File type string 16

forwardedfor string 128

from Email address from the Email Headers (IMAP/POP3/SMTP) string 128

group Group name (authentication) string 64

level Log level string 11

logid Log ID string 10

msg Log message string 4096

policyid Policy ID uint32 10

profile The name of the profile that was used to detect and take action string 64

proto Protocol number uint8 3

quarskip Quarantine skip explanation string 46

rawdata string 1024

recipient Email addresses from the SMTP envelope string 512

FortiOS 6.4.7 Log Reference 128


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

ref The URL of the FortiGuard IPS database entry for the attack string 512

sender Email address from the SMTP envelope string 128

service Proxy service which scanned this traffic string 5

sessionid Session ID uint32 10

srcdomain string 255

srcintf Source Interface string 32

srcintfrole Source Interface's assigned role (LAN, WAN, etc.) string 10

srcip Source IP Address ip 39

srcport Source Port uint16 5

subject string 256

subservice string 16

subtype Subtype of the virus log string 20

time Time string 8

to Email address(es) from the Email Headers string 512


(IMAP/POP3/SMTP)

trueclntip ip 39

type Log type string 16

tz Time Zone string 5

unauthuser string 66

unauthusersource string 66

url The URL address string 512

user Username (authentication) string 256

vd VDOM name string 32

virus Virus Name string 128

virusid Virus ID (unique virus identifier) uint32 10

vrf uint8 3

8213 - MESGID_MALWARE_LIST_NOTIF

Message ID: 8213


Message Description: MESGID_MALWARE_LIST_NOTIF
Message Meaning: File reported infected by external malware list (notice)
Type: AV

FortiOS 6.4.7 Log Reference 129


Fortinet, Inc.
Log Messages

Category: MALWARE-LIST
Severity: Notice

Log Field Name Description Data Type Length

action The status of the session: blocked - Blocked infected file by AV string 17
engine passthrough - Allowed by AV engine monitored - Log,
but do NOT block infected file analytics - Submitted to
Sandbox for analysis

agent User agent - eg. agent="Mozilla/5.0" string 64

analyticscksum The checksum of the file submitted for analytics string 64

analyticssubmit The flag for analytics submission string 10

attachment string 3

authserver Server used to authenticate the involved user string 64

cc string 512

cdrcontent string 256

checksum The checksum of the scanned file string 16

contentdisarmed Content Disarm action- eg. disarmed, detected string 13

craction Threat Weight action uint32 10

crlevel Threat Weight Level string 10

crscore Threat Weight Score uint32 10

date Date string 10

devid string 16

direction Message/packets direction string 8

dstintf Destination Interface string 32

dstintfrole Destination Interface's assigned role (LAN, WAN, etc.) string 10

dstip Destination IP Address ip 39

dstport Destination Port uint16 5

dtype Data type for virus category string 32

eventtime Time when detection occured uint64 20

eventtype Event type of AV string 32

fctuid Forticlient user ID string 32

filehash Used by Outbreak Prevention External Hash: the hash string 64


signature used in the detection

filehashsrc Used by Outbreak Prevention External Hash: external source string 32


that provided the hash signature

FortiOS 6.4.7 Log Reference 130


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

filename File name string 256

filetype File type string 16

forwardedfor string 128

from Email address from the Email Headers (IMAP/POP3/SMTP) string 128

group Group name (authentication) string 64

level Log level string 11

logid Log ID string 10

msg Log message string 4096

policyid Policy ID uint32 10

profile The name of the profile that was used to detect and take action string 64

proto Protocol number uint8 3

quarskip Quarantine skip explanation string 46

rawdata string 1024

recipient Email addresses from the SMTP envelope string 512

ref The URL of the FortiGuard IPS database entry for the attack string 512

sender Email address from the SMTP envelope string 128

service Proxy service which scanned this traffic string 5

sessionid Session ID uint32 10

srcdomain string 255

srcintf Source Interface string 32

srcintfrole Source Interface's assigned role (LAN, WAN, etc.) string 10

srcip Source IP Address ip 39

srcport Source Port uint16 5

subject string 256

subservice string 16

subtype Subtype of the virus log string 20

time Time string 8

to Email address(es) from the Email Headers string 512


(IMAP/POP3/SMTP)

trueclntip ip 39

type Log type string 16

FortiOS 6.4.7 Log Reference 131


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

tz Time Zone string 5

unauthuser string 66

unauthusersource string 66

url The URL address string 512

user Username (authentication) string 256

vd VDOM name string 32

virus Virus Name string 128

virusid Virus ID (unique virus identifier) uint32 10

vrf uint8 3

8214 - MESGID_MIME_MALWARE_LIST_WARNING

Message ID: 8214


Message Description: MESGID_MIME_MALWARE_LIST_WARNING
Message Meaning: MIME data reported infected by external malware list (warning)
Type: AV
Category: MALWARE-LIST
Severity: Warning

Log Field Name Description Data Type Length

action The status of the session: blocked - Blocked infected file by AV string 17
engine passthrough - Allowed by AV engine monitored - Log,
but do NOT block infected file analytics - Submitted to
Sandbox for analysis

agent User agent - eg. agent="Mozilla/5.0" string 64

analyticscksum The checksum of the file submitted for analytics string 64

analyticssubmit The flag for analytics submission string 10

attachment string 3

authserver Server used to authenticate the involved user string 64

cc string 512

cdrcontent string 256

checksum The checksum of the scanned file string 16

contentdisarmed Content Disarm action- eg. disarmed, detected string 13

FortiOS 6.4.7 Log Reference 132


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

craction Threat Weight action uint32 10

crlevel Threat Weight Level string 10

crscore Threat Weight Score uint32 10

date Date string 10

devid string 16

direction Message/packets direction string 8

dstintf Destination Interface string 32

dstintfrole Destination Interface's assigned role (LAN, WAN, etc.) string 10

dstip Destination IP Address ip 39

dstport Destination Port uint16 5

dtype Data type for virus category string 32

eventtime Time when detection occured uint64 20

eventtype Event type of AV string 32

fctuid Forticlient user ID string 32

filehash Used by Outbreak Prevention External Hash: the hash string 64


signature used in the detection

filehashsrc Used by Outbreak Prevention External Hash: external source string 32


that provided the hash signature

filename File name string 256

filetype File type string 16

forwardedfor string 128

from Email address from the Email Headers (IMAP/POP3/SMTP) string 128

group Group name (authentication) string 64

level Log level string 11

logid Log ID string 10

msg Log message string 4096

policyid Policy ID uint32 10

profile The name of the profile that was used to detect and take action string 64

proto Protocol number uint8 3

quarskip Quarantine skip explanation string 46

rawdata string 1024

FortiOS 6.4.7 Log Reference 133


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

recipient Email addresses from the SMTP envelope string 512

ref The URL of the FortiGuard IPS database entry for the attack string 512

sender Email address from the SMTP envelope string 128

service Proxy service which scanned this traffic string 5

sessionid Session ID uint32 10

srcdomain string 255

srcintf Source Interface string 32

srcintfrole Source Interface's assigned role (LAN, WAN, etc.) string 10

srcip Source IP Address ip 39

srcport Source Port uint16 5

subject string 256

subservice string 16

subtype Subtype of the virus log string 20

time Time string 8

to Email address(es) from the Email Headers string 512


(IMAP/POP3/SMTP)

trueclntip ip 39

type Log type string 16

tz Time Zone string 5

unauthuser string 66

unauthusersource string 66

url The URL address string 512

user Username (authentication) string 256

vd VDOM name string 32

virus Virus Name string 128

virusid Virus ID (unique virus identifier) uint32 10

vrf uint8 3

8215 - MESGID_MIME_MALWARE_LIST_NOTIF

Message ID: 8215


Message Description: MESGID_MIME_MALWARE_LIST_NOTIF
Message Meaning: MIME data reported infected by external malware list (notice)

FortiOS 6.4.7 Log Reference 134


Fortinet, Inc.
Log Messages

Type: AV
Category: MALWARE-LIST
Severity: Notice

Log Field Name Description Data Type Length

action The status of the session: blocked - Blocked infected file by AV string 17
engine passthrough - Allowed by AV engine monitored - Log,
but do NOT block infected file analytics - Submitted to
Sandbox for analysis

agent User agent - eg. agent="Mozilla/5.0" string 64

analyticscksum The checksum of the file submitted for analytics string 64

analyticssubmit The flag for analytics submission string 10

attachment string 3

authserver Server used to authenticate the involved user string 64

cc string 512

cdrcontent string 256

checksum The checksum of the scanned file string 16

contentdisarmed Content Disarm action- eg. disarmed, detected string 13

craction Threat Weight action uint32 10

crlevel Threat Weight Level string 10

crscore Threat Weight Score uint32 10

date Date string 10

devid string 16

direction Message/packets direction string 8

dstintf Destination Interface string 32

dstintfrole Destination Interface's assigned role (LAN, WAN, etc.) string 10

dstip Destination IP Address ip 39

dstport Destination Port uint16 5

dtype Data type for virus category string 32

eventtime Time when detection occured uint64 20

eventtype Event type of AV string 32

fctuid Forticlient user ID string 32

filehash Used by Outbreak Prevention External Hash: the hash string 64


signature used in the detection

FortiOS 6.4.7 Log Reference 135


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

filehashsrc Used by Outbreak Prevention External Hash: external source string 32


that provided the hash signature

filename File name string 256

filetype File type string 16

forwardedfor string 128

from Email address from the Email Headers (IMAP/POP3/SMTP) string 128

group Group name (authentication) string 64

level Log level string 11

logid Log ID string 10

msg Log message string 4096

policyid Policy ID uint32 10

profile The name of the profile that was used to detect and take action string 64

proto Protocol number uint8 3

quarskip Quarantine skip explanation string 46

rawdata string 1024

recipient Email addresses from the SMTP envelope string 512

ref The URL of the FortiGuard IPS database entry for the attack string 512

sender Email address from the SMTP envelope string 128

service Proxy service which scanned this traffic string 5

sessionid Session ID uint32 10

srcdomain string 255

srcintf Source Interface string 32

srcintfrole Source Interface's assigned role (LAN, WAN, etc.) string 10

srcip Source IP Address ip 39

srcport Source Port uint16 5

subject string 256

subservice string 16

subtype Subtype of the virus log string 20

time Time string 8

to Email address(es) from the Email Headers string 512


(IMAP/POP3/SMTP)

FortiOS 6.4.7 Log Reference 136


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

trueclntip ip 39

type Log type string 16

tz Time Zone string 5

unauthuser string 66

unauthusersource string 66

url The URL address string 512

user Username (authentication) string 256

vd VDOM name string 32

virus Virus Name string 128

virusid Virus ID (unique virus identifier) uint32 10

vrf uint8 3

8448 - MESGID_BLOCK_WARNING

Message ID: 8448


Message Description: MESGID_BLOCK_WARNING
Message Meaning: FortiGate unit blocked a file because it contains a virus
Type: AV
Category: FILENAME
Severity: Warning

Log Field Name Description Data Type Length

action The status of the session: blocked - Blocked infected file by AV string 17
engine passthrough - Allowed by AV engine monitored - Log,
but do NOT block infected file analytics - Submitted to
Sandbox for analysis

agent User agent - eg. agent="Mozilla/5.0" string 64

attachment string 3

authserver Server used to authenticate the involved user string 64

cc string 512

checksum The checksum of the scanned file string 16

craction Threat Weight action uint32 10

crlevel Threat Weight Level string 10

FortiOS 6.4.7 Log Reference 137


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

crscore Threat Weight Score uint32 10

date Date string 10

devid string 16

direction Message/packets direction string 8

dstintf Destination Interface string 32

dstintfrole Destination Interface's assigned role (LAN, WAN, etc.) string 10

dstip Destination IP Address ip 39

dstport Destination Port uint16 5

eventtime Time when detection occured uint64 20

eventtype Event type of AV string 32

fctuid Forticlient user ID string 32

filefilter The filter used to identify the affected file string 12

filename File name string 256

filetype File type string 16

from Email address from the Email Headers (IMAP/POP3/SMTP) string 128

group Group name (authentication) string 64

level Log level string 11

logid Log ID string 10

msg Log message string 4096

policyid Policy ID uint32 10

profile The name of the profile that was used to detect and take action string 64

proto Protocol number uint8 3

quarskip Quarantine skip explanation string 46

recipient Email addresses from the SMTP envelope string 512

sender Email address from the SMTP envelope string 128

service Proxy service which scanned this traffic string 5

sessionid Session ID uint32 10

srcdomain string 255

srcintf Source Interface string 32

srcintfrole Source Interface's assigned role (LAN, WAN, etc.) string 10

FortiOS 6.4.7 Log Reference 138


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

srcip Source IP Address ip 39

srcport Source Port uint16 5

subject string 256

subservice string 16

subtype Subtype of the virus log string 20

time Time string 8

to Email address(es) from the Email Headers string 512


(IMAP/POP3/SMTP)

type Log type string 16

tz Time Zone string 5

unauthuser string 66

unauthusersource string 66

url The URL address string 512

user Username (authentication) string 256

vd VDOM name string 32

vrf uint8 3

8450 - MESGID_BLOCK_MIME_WARNING

Message ID: 8450


Message Description: MESGID_BLOCK_MIME_WARNING
Message Meaning: FortiGate unit blocked a file because it contains a virus (MIME)
Type: AV
Category: MIMEFRAGMENTED
Severity: Warning

Log Field Name Description Data Type Length

action The status of the session: blocked - Blocked infected file by AV string 17
engine passthrough - Allowed by AV engine monitored - Log,
but do NOT block infected file analytics - Submitted to
Sandbox for analysis

agent User agent - eg. agent="Mozilla/5.0" string 64

attachment string 3

authserver Server used to authenticate the involved user string 64

FortiOS 6.4.7 Log Reference 139


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

cc string 512

checksum The checksum of the scanned file string 16

craction Threat Weight action uint32 10

crlevel Threat Weight Level string 10

crscore Threat Weight Score uint32 10

date Date string 10

devid string 16

direction Message/packets direction string 8

dstintf Destination Interface string 32

dstintfrole Destination Interface's assigned role (LAN, WAN, etc.) string 10

dstip Destination IP Address ip 39

dstport Destination Port uint16 5

eventtime Time when detection occured uint64 20

eventtype Event type of AV string 32

fctuid Forticlient user ID string 32

filefilter The filter used to identify the affected file string 12

filename File name string 256

filetype File type string 16

from Email address from the Email Headers (IMAP/POP3/SMTP) string 128

group Group name (authentication) string 64

level Log level string 11

logid Log ID string 10

msg Log message string 4096

policyid Policy ID uint32 10

profile The name of the profile that was used to detect and take action string 64

proto Protocol number uint8 3

quarskip Quarantine skip explanation string 46

recipient Email addresses from the SMTP envelope string 512

sender Email address from the SMTP envelope string 128

service Proxy service which scanned this traffic string 5

FortiOS 6.4.7 Log Reference 140


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

sessionid Session ID uint32 10

srcdomain string 255

srcintf Source Interface string 32

srcintfrole Source Interface's assigned role (LAN, WAN, etc.) string 10

srcip Source IP Address ip 39

srcport Source Port uint16 5

subject string 256

subservice string 16

subtype Subtype of the virus log string 20

time Time string 8

to Email address(es) from the Email Headers string 512


(IMAP/POP3/SMTP)

type Log type string 16

tz Time Zone string 5

unauthuser string 66

unauthusersource string 66

url The URL address string 512

user Username (authentication) string 256

vd VDOM name string 32

vrf uint8 3

8451 - MESGID_BLOCK_MIME_NOTIF

Message ID: 8451


Message Description: MESGID_BLOCK_MIME_NOTIF
Message Meaning: FortiGate unit blocked a file because it contains a virus (MIME)
Type: AV
Category: MIMEFRAGMENTED
Severity: Notice

FortiOS 6.4.7 Log Reference 141


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

action The status of the session: blocked - Blocked infected file by AV string 17
engine passthrough - Allowed by AV engine monitored - Log,
but do NOT block infected file analytics - Submitted to
Sandbox for analysis

agent User agent - eg. agent="Mozilla/5.0" string 64

attachment string 3

authserver Server used to authenticate the involved user string 64

cc string 512

checksum The checksum of the scanned file string 16

craction Threat Weight action uint32 10

crlevel Threat Weight Level string 10

crscore Threat Weight Score uint32 10

date Date string 10

devid string 16

direction Message/packets direction string 8

dstintf Destination Interface string 32

dstintfrole Destination Interface's assigned role (LAN, WAN, etc.) string 10

dstip Destination IP Address ip 39

dstport Destination Port uint16 5

eventtime Time when detection occured uint64 20

eventtype Event type of AV string 32

fctuid Forticlient user ID string 32

filefilter The filter used to identify the affected file string 12

filename File name string 256

filetype File type string 16

from Email address from the Email Headers (IMAP/POP3/SMTP) string 128

group Group name (authentication) string 64

level Log level string 11

logid Log ID string 10

msg Log message string 4096

policyid Policy ID uint32 10

FortiOS 6.4.7 Log Reference 142


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

profile The name of the profile that was used to detect and take action string 64

proto Protocol number uint8 3

quarskip Quarantine skip explanation string 46

recipient Email addresses from the SMTP envelope string 512

sender Email address from the SMTP envelope string 128

service Proxy service which scanned this traffic string 5

sessionid Session ID uint32 10

srcdomain string 255

srcintf Source Interface string 32

srcintfrole Source Interface's assigned role (LAN, WAN, etc.) string 10

srcip Source IP Address ip 39

srcport Source Port uint16 5

subject string 256

subservice string 16

subtype Subtype of the virus log string 20

time Time string 8

to Email address(es) from the Email Headers string 512


(IMAP/POP3/SMTP)

type Log type string 16

tz Time Zone string 5

unauthuser string 66

unauthusersource string 66

url The URL address string 512

user Username (authentication) string 256

vd VDOM name string 32

vrf uint8 3

8452 - MESGID_BLOCK_COMMAND

Message ID: 8452


Message Description: MESGID_BLOCK_COMMAND
Message Meaning: FortiGate unit blocked a virus command
Type: AV

FortiOS 6.4.7 Log Reference 143


Fortinet, Inc.
Log Messages

Category: COMMAND-BLOCKED
Severity: Warning

Log Field Name Description Data Type Length

action The status of the session: blocked - Blocked infected file by AV string 17
engine passthrough - Allowed by AV engine monitored - Log,
but do NOT block infected file analytics - Submitted to
Sandbox for analysis

agent User agent - eg. agent="Mozilla/5.0" string 64

authserver Server used to authenticate the involved user string 64

command string 16

craction Threat Weight action uint32 10

crlevel Threat Weight Level string 10

crscore Threat Weight Score uint32 10

date Date string 10

devid string 16

direction Message/packets direction string 8

dstintf Destination Interface string 32

dstintfrole Destination Interface's assigned role (LAN, WAN, etc.) string 10

dstip Destination IP Address ip 39

dstport Destination Port uint16 5

eventtime Time when detection occured uint64 20

eventtype Event type of AV string 32

fctuid Forticlient user ID string 32

group Group name (authentication) string 64

level Log level string 11

logid Log ID string 10

msg Log message string 4096

policyid Policy ID uint32 10

profile The name of the profile that was used to detect and take action string 64

proto Protocol number uint8 3

service Proxy service which scanned this traffic string 5

sessionid Session ID uint32 10

srcdomain string 255

FortiOS 6.4.7 Log Reference 144


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

srcintf Source Interface string 32

srcintfrole Source Interface's assigned role (LAN, WAN, etc.) string 10

srcip Source IP Address ip 39

srcport Source Port uint16 5

subservice string 16

subtype Subtype of the virus log string 20

time Time string 8

type Log type string 16

tz Time Zone string 5

unauthuser string 66

unauthusersource string 66

url The URL address string 512

user Username (authentication) string 256

vd VDOM name string 32

vrf uint8 3

8704 - MESGID_OVERSIZE_WARNING

Message ID: 8704


Message Description: MESGID_OVERSIZE_WARNING
Message Meaning: Defined file size limit was exceeded
Type: AV
Category: OVERSIZE
Severity: Warning

Log Field Name Description Data Type Length

action The status of the session: blocked - Blocked infected file by AV string 17
engine passthrough - Allowed by AV engine monitored - Log,
but do NOT block infected file analytics - Submitted to
Sandbox for analysis

agent User agent - eg. agent="Mozilla/5.0" string 64

authserver Server used to authenticate the involved user string 64

craction Threat Weight action uint32 10

FortiOS 6.4.7 Log Reference 145


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

crlevel Threat Weight Level string 10

crscore Threat Weight Score uint32 10

date Date string 10

devid string 16

direction Message/packets direction string 8

dstintf Destination Interface string 32

dstintfrole Destination Interface's assigned role (LAN, WAN, etc.) string 10

dstip Destination IP Address ip 39

dstport Destination Port uint16 5

eventtime Time when detection occured uint64 20

eventtype Event type of AV string 32

fctuid Forticlient user ID string 32

filename File name string 256

forwardedfor string 128

from Email address from the Email Headers (IMAP/POP3/SMTP) string 128

group Group name (authentication) string 64

level Log level string 11

logid Log ID string 10

msg Log message string 4096

policyid Policy ID uint32 10

profile The name of the profile that was used to detect and take action string 64

proto Protocol number uint8 3

recipient Email addresses from the SMTP envelope string 512

sender Email address from the SMTP envelope string 128

service Proxy service which scanned this traffic string 5

sessionid Session ID uint32 10

srcdomain string 255

srcintf Source Interface string 32

srcintfrole Source Interface's assigned role (LAN, WAN, etc.) string 10

srcip Source IP Address ip 39

FortiOS 6.4.7 Log Reference 146


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

srcport Source Port uint16 5

subservice string 16

subtype Subtype of the virus log string 20

time Time string 8

to Email address(es) from the Email Headers string 512


(IMAP/POP3/SMTP)

trueclntip ip 39

type Log type string 16

tz Time Zone string 5

unauthuser string 66

unauthusersource string 66

url The URL address string 512

user Username (authentication) string 256

vd VDOM name string 32

vrf uint8 3

8705 - MESGID_OVERSIZE_NOTIF

Message ID: 8705


Message Description: MESGID_OVERSIZE_NOTIF
Message Meaning: File size limit was exceeded
Type: AV
Category: OVERSIZE
Severity: Notice

Log Field Name Description Data Type Length

action The status of the session: blocked - Blocked infected file by AV string 17
engine passthrough - Allowed by AV engine monitored - Log,
but do NOT block infected file analytics - Submitted to
Sandbox for analysis

agent User agent - eg. agent="Mozilla/5.0" string 64

authserver Server used to authenticate the involved user string 64

craction Threat Weight action uint32 10

crlevel Threat Weight Level string 10

FortiOS 6.4.7 Log Reference 147


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

crscore Threat Weight Score uint32 10

date Date string 10

devid string 16

direction Message/packets direction string 8

dstintf Destination Interface string 32

dstintfrole Destination Interface's assigned role (LAN, WAN, etc.) string 10

dstip Destination IP Address ip 39

dstport Destination Port uint16 5

eventtime Time when detection occured uint64 20

eventtype Event type of AV string 32

fctuid Forticlient user ID string 32

filename File name string 256

forwardedfor string 128

from Email address from the Email Headers (IMAP/POP3/SMTP) string 128

group Group name (authentication) string 64

level Log level string 11

logid Log ID string 10

msg Log message string 4096

policyid Policy ID uint32 10

profile The name of the profile that was used to detect and take action string 64

proto Protocol number uint8 3

recipient Email addresses from the SMTP envelope string 512

sender Email address from the SMTP envelope string 128

service Proxy service which scanned this traffic string 5

sessionid Session ID uint32 10

srcdomain string 255

srcintf Source Interface string 32

srcintfrole Source Interface's assigned role (LAN, WAN, etc.) string 10

srcip Source IP Address ip 39

srcport Source Port uint16 5

FortiOS 6.4.7 Log Reference 148


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

subservice string 16

subtype Subtype of the virus log string 20

time Time string 8

to Email address(es) from the Email Headers string 512


(IMAP/POP3/SMTP)

trueclntip ip 39

type Log type string 16

tz Time Zone string 5

unauthuser string 66

unauthusersource string 66

url The URL address string 512

user Username (authentication) string 256

vd VDOM name string 32

vrf uint8 3

8706 - MESGID_OVERSIZE_MIME_WARNING

Message ID: 8706


Message Description: MESGID_OVERSIZE_MIME_WARNING
Message Meaning: File (MIME) size exceed the defined size limit
Type: AV
Category: OVERSIZE
Severity: Warning

Log Field Name Description Data Type Length

action The status of the session: blocked - Blocked infected file by AV string 17
engine passthrough - Allowed by AV engine monitored - Log,
but do NOT block infected file analytics - Submitted to
Sandbox for analysis

agent User agent - eg. agent="Mozilla/5.0" string 64

authserver Server used to authenticate the involved user string 64

craction Threat Weight action uint32 10

crlevel Threat Weight Level string 10

crscore Threat Weight Score uint32 10

FortiOS 6.4.7 Log Reference 149


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

date Date string 10

devid string 16

direction Message/packets direction string 8

dstintf Destination Interface string 32

dstintfrole Destination Interface's assigned role (LAN, WAN, etc.) string 10

dstip Destination IP Address ip 39

dstport Destination Port uint16 5

eventtime Time when detection occured uint64 20

eventtype Event type of AV string 32

fctuid Forticlient user ID string 32

filename File name string 256

forwardedfor string 128

from Email address from the Email Headers (IMAP/POP3/SMTP) string 128

group Group name (authentication) string 64

level Log level string 11

logid Log ID string 10

msg Log message string 4096

policyid Policy ID uint32 10

profile The name of the profile that was used to detect and take action string 64

proto Protocol number uint8 3

recipient Email addresses from the SMTP envelope string 512

sender Email address from the SMTP envelope string 128

service Proxy service which scanned this traffic string 5

sessionid Session ID uint32 10

srcdomain string 255

srcintf Source Interface string 32

srcintfrole Source Interface's assigned role (LAN, WAN, etc.) string 10

srcip Source IP Address ip 39

srcport Source Port uint16 5

subservice string 16

FortiOS 6.4.7 Log Reference 150


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

subtype Subtype of the virus log string 20

time Time string 8

to Email address(es) from the Email Headers string 512


(IMAP/POP3/SMTP)

trueclntip ip 39

type Log type string 16

tz Time Zone string 5

unauthuser string 66

unauthusersource string 66

url The URL address string 512

user Username (authentication) string 256

vd VDOM name string 32

vrf uint8 3

8707 - MESGID_OVERSIZE_MIME_NOTIF

Message ID: 8707


Message Description: MESGID_OVERSIZE_MIME_NOTIF
Message Meaning: File (MIME) size exceed the defined size limit
Type: AV
Category: OVERSIZE
Severity: Notice

Log Field Name Description Data Type Length

action The status of the session: blocked - Blocked infected file by AV string 17
engine passthrough - Allowed by AV engine monitored - Log,
but do NOT block infected file analytics - Submitted to
Sandbox for analysis

agent User agent - eg. agent="Mozilla/5.0" string 64

authserver Server used to authenticate the involved user string 64

craction Threat Weight action uint32 10

crlevel Threat Weight Level string 10

crscore Threat Weight Score uint32 10

date Date string 10

FortiOS 6.4.7 Log Reference 151


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

devid string 16

direction Message/packets direction string 8

dstintf Destination Interface string 32

dstintfrole Destination Interface's assigned role (LAN, WAN, etc.) string 10

dstip Destination IP Address ip 39

dstport Destination Port uint16 5

eventtime Time when detection occured uint64 20

eventtype Event type of AV string 32

fctuid Forticlient user ID string 32

filename File name string 256

forwardedfor string 128

from Email address from the Email Headers (IMAP/POP3/SMTP) string 128

group Group name (authentication) string 64

level Log level string 11

logid Log ID string 10

msg Log message string 4096

policyid Policy ID uint32 10

profile The name of the profile that was used to detect and take action string 64

proto Protocol number uint8 3

recipient Email addresses from the SMTP envelope string 512

sender Email address from the SMTP envelope string 128

service Proxy service which scanned this traffic string 5

sessionid Session ID uint32 10

srcdomain string 255

srcintf Source Interface string 32

srcintfrole Source Interface's assigned role (LAN, WAN, etc.) string 10

srcip Source IP Address ip 39

srcport Source Port uint16 5

subservice string 16

subtype Subtype of the virus log string 20

FortiOS 6.4.7 Log Reference 152


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

time Time string 8

to Email address(es) from the Email Headers string 512


(IMAP/POP3/SMTP)

trueclntip ip 39

type Log type string 16

tz Time Zone string 5

unauthuser string 66

unauthusersource string 66

url The URL address string 512

user Username (authentication) string 256

vd VDOM name string 32

vrf uint8 3

8708 - MESGID_OVERSIZE_STREAM_UNCOMP_WARNING

Message ID: 8708


Message Description: MESGID_OVERSIZE_STREAM_UNCOMP_WARNING
Message Meaning: Stream-based uncompression reached size limit.
Type: AV
Category: OVERSIZE
Severity: Warning

Log Field Name Description Data Type Length

action The status of the session: blocked - Blocked infected file by AV string 17
engine passthrough - Allowed by AV engine monitored - Log,
but do NOT block infected file analytics - Submitted to
Sandbox for analysis

agent User agent - eg. agent="Mozilla/5.0" string 64

authserver Server used to authenticate the involved user string 64

craction Threat Weight action uint32 10

crlevel Threat Weight Level string 10

crscore Threat Weight Score uint32 10

date Date string 10

devid string 16

FortiOS 6.4.7 Log Reference 153


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

direction Message/packets direction string 8

dstintf Destination Interface string 32

dstintfrole Destination Interface's assigned role (LAN, WAN, etc.) string 10

dstip Destination IP Address ip 39

dstport Destination Port uint16 5

eventtime Time when detection occured uint64 20

eventtype Event type of AV string 32

fctuid Forticlient user ID string 32

filename File name string 256

forwardedfor string 128

from Email address from the Email Headers (IMAP/POP3/SMTP) string 128

group Group name (authentication) string 64

level Log level string 11

logid Log ID string 10

msg Log message string 4096

policyid Policy ID uint32 10

profile The name of the profile that was used to detect and take action string 64

proto Protocol number uint8 3

recipient Email addresses from the SMTP envelope string 512

sender Email address from the SMTP envelope string 128

service Proxy service which scanned this traffic string 5

sessionid Session ID uint32 10

srcdomain string 255

srcintf Source Interface string 32

srcintfrole Source Interface's assigned role (LAN, WAN, etc.) string 10

srcip Source IP Address ip 39

srcport Source Port uint16 5

subservice string 16

subtype Subtype of the virus log string 20

time Time string 8

FortiOS 6.4.7 Log Reference 154


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

to Email address(es) from the Email Headers string 512


(IMAP/POP3/SMTP)

trueclntip ip 39

type Log type string 16

tz Time Zone string 5

unauthuser string 66

unauthusersource string 66

url The URL address string 512

user Username (authentication) string 256

vd VDOM name string 32

vrf uint8 3

8709 - MESGID_OVERSIZE_STREAM_UNCOMP_NOTIF

Message ID: 8709


Message Description: MESGID_OVERSIZE_STREAM_UNCOMP_NOTIF
Message Meaning: Stream-based uncompression reached size limit.
Type: AV
Category: OVERSIZE
Severity: Notice

Log Field Name Description Data Type Length

action The status of the session: blocked - Blocked infected file by AV string 17
engine passthrough - Allowed by AV engine monitored - Log,
but do NOT block infected file analytics - Submitted to
Sandbox for analysis

agent User agent - eg. agent="Mozilla/5.0" string 64

authserver Server used to authenticate the involved user string 64

craction Threat Weight action uint32 10

crlevel Threat Weight Level string 10

crscore Threat Weight Score uint32 10

date Date string 10

devid string 16

direction Message/packets direction string 8

FortiOS 6.4.7 Log Reference 155


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

dstintf Destination Interface string 32

dstintfrole Destination Interface's assigned role (LAN, WAN, etc.) string 10

dstip Destination IP Address ip 39

dstport Destination Port uint16 5

eventtime Time when detection occured uint64 20

eventtype Event type of AV string 32

fctuid Forticlient user ID string 32

filename File name string 256

forwardedfor string 128

from Email address from the Email Headers (IMAP/POP3/SMTP) string 128

group Group name (authentication) string 64

level Log level string 11

logid Log ID string 10

msg Log message string 4096

policyid Policy ID uint32 10

profile The name of the profile that was used to detect and take action string 64

proto Protocol number uint8 3

recipient Email addresses from the SMTP envelope string 512

sender Email address from the SMTP envelope string 128

service Proxy service which scanned this traffic string 5

sessionid Session ID uint32 10

srcdomain string 255

srcintf Source Interface string 32

srcintfrole Source Interface's assigned role (LAN, WAN, etc.) string 10

srcip Source IP Address ip 39

srcport Source Port uint16 5

subservice string 16

subtype Subtype of the virus log string 20

time Time string 8

to Email address(es) from the Email Headers string 512


(IMAP/POP3/SMTP)

FortiOS 6.4.7 Log Reference 156


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

trueclntip ip 39

type Log type string 16

tz Time Zone string 5

unauthuser string 66

unauthusersource string 66

url The URL address string 512

user Username (authentication) string 256

vd VDOM name string 32

vrf uint8 3

8720 - MESGID_SWITCH_PROTO_WARNING

Message ID: 8720


Message Description: MESGID_SWITCH_PROTO_WARNING
Message Meaning: Switching protocols request (warning)
Type: AV
Category: SWITCHPROTO
Severity: Warning

Log Field Name Description Data Type Length

action The status of the session: blocked - Blocked infected file by AV string 17
engine passthrough - Allowed by AV engine monitored - Log,
but do NOT block infected file analytics - Submitted to
Sandbox for analysis

agent User agent - eg. agent="Mozilla/5.0" string 64

authserver Server used to authenticate the involved user string 64

craction Threat Weight action uint32 10

crlevel Threat Weight Level string 10

crscore Threat Weight Score uint32 10

date Date string 10

devid string 16

direction Message/packets direction string 8

dstintf Destination Interface string 32

FortiOS 6.4.7 Log Reference 157


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

dstintfrole Destination Interface's assigned role (LAN, WAN, etc.) string 10

dstip Destination IP Address ip 39

dstport Destination Port uint16 5

eventtime Time when detection occured uint64 20

eventtype Event type of AV string 32

fctuid Forticlient user ID string 32

from Email address from the Email Headers (IMAP/POP3/SMTP) string 128

group Group name (authentication) string 64

level Log level string 11

logid Log ID string 10

msg Log message string 4096

policyid Policy ID uint32 10

profile The name of the profile that was used to detect and take action string 64

proto Protocol number uint8 3

service Proxy service which scanned this traffic string 5

sessionid Session ID uint32 10

srcdomain string 255

srcintf Source Interface string 32

srcintfrole Source Interface's assigned role (LAN, WAN, etc.) string 10

srcip Source IP Address ip 39

srcport Source Port uint16 5

subservice string 16

subtype Subtype of the virus log string 20

switchproto Protocol used on the switch string 128

time Time string 8

to Email address(es) from the Email Headers string 512


(IMAP/POP3/SMTP)

type Log type string 16

tz Time Zone string 5

unauthuser string 66

unauthusersource string 66

FortiOS 6.4.7 Log Reference 158


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

url The URL address string 512

user Username (authentication) string 256

vd VDOM name string 32

vrf uint8 3

8721 - MESGID_SWITCH_PROTO_NOTIF

Message ID: 8721


Message Description: MESGID_SWITCH_PROTO_NOTIF
Message Meaning: Switching protocols request (notice)
Type: AV
Category: SWITCHPROTO
Severity: Notice

Log Field Name Description Data Type Length

action The status of the session: blocked - Blocked infected file by AV string 17
engine passthrough - Allowed by AV engine monitored - Log,
but do NOT block infected file analytics - Submitted to
Sandbox for analysis

agent User agent - eg. agent="Mozilla/5.0" string 64

authserver Server used to authenticate the involved user string 64

craction Threat Weight action uint32 10

crlevel Threat Weight Level string 10

crscore Threat Weight Score uint32 10

date Date string 10

devid string 16

direction Message/packets direction string 8

dstintf Destination Interface string 32

dstintfrole Destination Interface's assigned role (LAN, WAN, etc.) string 10

dstip Destination IP Address ip 39

dstport Destination Port uint16 5

eventtime Time when detection occured uint64 20

eventtype Event type of AV string 32

FortiOS 6.4.7 Log Reference 159


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

fctuid Forticlient user ID string 32

from Email address from the Email Headers (IMAP/POP3/SMTP) string 128

group Group name (authentication) string 64

level Log level string 11

logid Log ID string 10

msg Log message string 4096

policyid Policy ID uint32 10

profile The name of the profile that was used to detect and take action string 64

proto Protocol number uint8 3

service Proxy service which scanned this traffic string 5

sessionid Session ID uint32 10

srcdomain string 255

srcintf Source Interface string 32

srcintfrole Source Interface's assigned role (LAN, WAN, etc.) string 10

srcip Source IP Address ip 39

srcport Source Port uint16 5

subservice string 16

subtype Subtype of the virus log string 20

switchproto Protocol used on the switch string 128

time Time string 8

to Email address(es) from the Email Headers string 512


(IMAP/POP3/SMTP)

type Log type string 16

tz Time Zone string 5

unauthuser string 66

unauthusersource string 66

url The URL address string 512

user Username (authentication) string 256

vd VDOM name string 32

vrf uint8 3

FortiOS 6.4.7 Log Reference 160


Fortinet, Inc.
Log Messages

8960 - MESGID_SCAN_UNCOMPSIZELIMIT_WARNING

Message ID: 8960


Message Description: MESGID_SCAN_UNCOMPSIZELIMIT_WARNING
Message Meaning: File reached the uncompressed nested limit
Type: AV
Category: SCANERROR
Severity: Warning

Log Field Name Description Data Type Length

action The status of the session: blocked - Blocked infected file by AV string 17
engine passthrough - Allowed by AV engine monitored - Log,
but do NOT block infected file analytics - Submitted to
Sandbox for analysis

agent User agent - eg. agent="Mozilla/5.0" string 64

analyticscksum The checksum of the file submitted for analytics string 64

analyticssubmit The flag for analytics submission string 10

attachment string 3

authserver Server used to authenticate the involved user string 64

cc string 512

cdrcontent string 256

checksum The checksum of the scanned file string 16

contentdisarmed Content Disarm action- eg. disarmed, detected string 13

craction Threat Weight action uint32 10

crlevel Threat Weight Level string 10

crscore Threat Weight Score uint32 10

date Date string 10

devid string 16

direction Message/packets direction string 8

dstintf Destination Interface string 32

dstintfrole Destination Interface's assigned role (LAN, WAN, etc.) string 10

dstip Destination IP Address ip 39

dstport Destination Port uint16 5

dtype Data type for virus category string 32

FortiOS 6.4.7 Log Reference 161


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

eventtime Time when detection occured uint64 20

eventtype Event type of AV string 32

fctuid Forticlient user ID string 32

filehash Used by Outbreak Prevention External Hash: the hash string 64


signature used in the detection

filehashsrc Used by Outbreak Prevention External Hash: external source string 32


that provided the hash signature

filename File name string 256

filetype File type string 16

forwardedfor string 128

from Email address from the Email Headers (IMAP/POP3/SMTP) string 128

group Group name (authentication) string 64

level Log level string 11

logid Log ID string 10

msg Log message string 4096

policyid Policy ID uint32 10

profile The name of the profile that was used to detect and take action string 64

proto Protocol number uint8 3

quarskip Quarantine skip explanation string 46

rawdata string 1024

recipient Email addresses from the SMTP envelope string 512

ref The URL of the FortiGuard IPS database entry for the attack string 512

sender Email address from the SMTP envelope string 128

service Proxy service which scanned this traffic string 5

sessionid Session ID uint32 10

srcdomain string 255

srcintf Source Interface string 32

srcintfrole Source Interface's assigned role (LAN, WAN, etc.) string 10

srcip Source IP Address ip 39

srcport Source Port uint16 5

subject string 256

FortiOS 6.4.7 Log Reference 162


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

subservice string 16

subtype Subtype of the virus log string 20

time Time string 8

to Email address(es) from the Email Headers string 512


(IMAP/POP3/SMTP)

trueclntip ip 39

type Log type string 16

tz Time Zone string 5

unauthuser string 66

unauthusersource string 66

url The URL address string 512

user Username (authentication) string 256

vd VDOM name string 32

virus Virus Name string 128

virusid Virus ID (unique virus identifier) uint32 10

vrf uint8 3

8961 - MESGID_SCAN_UNCOMPSIZELIMIT_NOTIF

Message ID: 8961


Message Description: MESGID_SCAN_UNCOMPSIZELIMIT_NOTIF
Message Meaning: File reached the uncompressed size limit
Type: AV
Category: SCANERROR
Severity: Notice

Log Field Name Description Data Type Length

action The status of the session: blocked - Blocked infected file by AV string 17
engine passthrough - Allowed by AV engine monitored - Log,
but do NOT block infected file analytics - Submitted to
Sandbox for analysis

agent User agent - eg. agent="Mozilla/5.0" string 64

analyticscksum The checksum of the file submitted for analytics string 64

analyticssubmit The flag for analytics submission string 10

FortiOS 6.4.7 Log Reference 163


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

attachment string 3

authserver Server used to authenticate the involved user string 64

cc string 512

cdrcontent string 256

checksum The checksum of the scanned file string 16

contentdisarmed Content Disarm action- eg. disarmed, detected string 13

craction Threat Weight action uint32 10

crlevel Threat Weight Level string 10

crscore Threat Weight Score uint32 10

date Date string 10

devid string 16

direction Message/packets direction string 8

dstintf Destination Interface string 32

dstintfrole Destination Interface's assigned role (LAN, WAN, etc.) string 10

dstip Destination IP Address ip 39

dstport Destination Port uint16 5

dtype Data type for virus category string 32

eventtime Time when detection occured uint64 20

eventtype Event type of AV string 32

fctuid Forticlient user ID string 32

filehash Used by Outbreak Prevention External Hash: the hash string 64


signature used in the detection

filehashsrc Used by Outbreak Prevention External Hash: external source string 32


that provided the hash signature

filename File name string 256

filetype File type string 16

forwardedfor string 128

from Email address from the Email Headers (IMAP/POP3/SMTP) string 128

group Group name (authentication) string 64

level Log level string 11

logid Log ID string 10

FortiOS 6.4.7 Log Reference 164


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

msg Log message string 4096

policyid Policy ID uint32 10

profile The name of the profile that was used to detect and take action string 64

proto Protocol number uint8 3

quarskip Quarantine skip explanation string 46

rawdata string 1024

recipient Email addresses from the SMTP envelope string 512

ref The URL of the FortiGuard IPS database entry for the attack string 512

sender Email address from the SMTP envelope string 128

service Proxy service which scanned this traffic string 5

sessionid Session ID uint32 10

srcdomain string 255

srcintf Source Interface string 32

srcintfrole Source Interface's assigned role (LAN, WAN, etc.) string 10

srcip Source IP Address ip 39

srcport Source Port uint16 5

subject string 256

subservice string 16

subtype Subtype of the virus log string 20

time Time string 8

to Email address(es) from the Email Headers string 512


(IMAP/POP3/SMTP)

trueclntip ip 39

type Log type string 16

tz Time Zone string 5

unauthuser string 66

unauthusersource string 66

url The URL address string 512

user Username (authentication) string 256

vd VDOM name string 32

virus Virus Name string 128

FortiOS 6.4.7 Log Reference 165


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

virusid Virus ID (unique virus identifier) uint32 10

vrf uint8 3

8962 - MESGID_SCAN_ARCHIVE_ENCRYPTED_WARNING

Message ID: 8962


Message Description: MESGID_SCAN_ARCHIVE_ENCRYPTED_WARNING
Message Meaning: Archived file is corrupted
Type: AV
Category: SCANERROR
Severity: Warning

Log Field Name Description Data Type Length

action The status of the session: blocked - Blocked infected file by AV string 17
engine passthrough - Allowed by AV engine monitored - Log,
but do NOT block infected file analytics - Submitted to
Sandbox for analysis

agent User agent - eg. agent="Mozilla/5.0" string 64

analyticscksum The checksum of the file submitted for analytics string 64

analyticssubmit The flag for analytics submission string 10

attachment string 3

authserver Server used to authenticate the involved user string 64

cc string 512

cdrcontent string 256

checksum The checksum of the scanned file string 16

contentdisarmed Content Disarm action- eg. disarmed, detected string 13

craction Threat Weight action uint32 10

crlevel Threat Weight Level string 10

crscore Threat Weight Score uint32 10

date Date string 10

devid string 16

direction Message/packets direction string 8

dstintf Destination Interface string 32

FortiOS 6.4.7 Log Reference 166


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

dstintfrole Destination Interface's assigned role (LAN, WAN, etc.) string 10

dstip Destination IP Address ip 39

dstport Destination Port uint16 5

dtype Data type for virus category string 32

eventtime Time when detection occured uint64 20

eventtype Event type of AV string 32

fctuid Forticlient user ID string 32

filehash Used by Outbreak Prevention External Hash: the hash string 64


signature used in the detection

filehashsrc Used by Outbreak Prevention External Hash: external source string 32


that provided the hash signature

filename File name string 256

filetype File type string 16

forwardedfor string 128

from Email address from the Email Headers (IMAP/POP3/SMTP) string 128

group Group name (authentication) string 64

level Log level string 11

logid Log ID string 10

msg Log message string 4096

policyid Policy ID uint32 10

profile The name of the profile that was used to detect and take action string 64

proto Protocol number uint8 3

quarskip Quarantine skip explanation string 46

rawdata string 1024

recipient Email addresses from the SMTP envelope string 512

ref The URL of the FortiGuard IPS database entry for the attack string 512

sender Email address from the SMTP envelope string 128

service Proxy service which scanned this traffic string 5

sessionid Session ID uint32 10

srcdomain string 255

srcintf Source Interface string 32

FortiOS 6.4.7 Log Reference 167


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

srcintfrole Source Interface's assigned role (LAN, WAN, etc.) string 10

srcip Source IP Address ip 39

srcport Source Port uint16 5

subject string 256

subservice string 16

subtype Subtype of the virus log string 20

time Time string 8

to Email address(es) from the Email Headers string 512


(IMAP/POP3/SMTP)

trueclntip ip 39

type Log type string 16

tz Time Zone string 5

unauthuser string 66

unauthusersource string 66

url The URL address string 512

user Username (authentication) string 256

vd VDOM name string 32

virus Virus Name string 128

virusid Virus ID (unique virus identifier) uint32 10

vrf uint8 3

8963 - MESGID_SCAN_ARCHIVE_ENCRYPTED_NOTIF

Message ID: 8963


Message Description: MESGID_SCAN_ARCHIVE_ENCRYPTED_NOTIF
Message Meaning: Archived file is encrypted
Type: AV
Category: SCANERROR
Severity: Notice

FortiOS 6.4.7 Log Reference 168


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

action The status of the session: blocked - Blocked infected file by AV string 17
engine passthrough - Allowed by AV engine monitored - Log,
but do NOT block infected file analytics - Submitted to
Sandbox for analysis

agent User agent - eg. agent="Mozilla/5.0" string 64

analyticscksum The checksum of the file submitted for analytics string 64

analyticssubmit The flag for analytics submission string 10

attachment string 3

authserver Server used to authenticate the involved user string 64

cc string 512

cdrcontent string 256

checksum The checksum of the scanned file string 16

contentdisarmed Content Disarm action- eg. disarmed, detected string 13

craction Threat Weight action uint32 10

crlevel Threat Weight Level string 10

crscore Threat Weight Score uint32 10

date Date string 10

devid string 16

direction Message/packets direction string 8

dstintf Destination Interface string 32

dstintfrole Destination Interface's assigned role (LAN, WAN, etc.) string 10

dstip Destination IP Address ip 39

dstport Destination Port uint16 5

dtype Data type for virus category string 32

eventtime Time when detection occured uint64 20

eventtype Event type of AV string 32

fctuid Forticlient user ID string 32

filehash Used by Outbreak Prevention External Hash: the hash string 64


signature used in the detection

filehashsrc Used by Outbreak Prevention External Hash: external source string 32


that provided the hash signature

filename File name string 256

FortiOS 6.4.7 Log Reference 169


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

filetype File type string 16

forwardedfor string 128

from Email address from the Email Headers (IMAP/POP3/SMTP) string 128

group Group name (authentication) string 64

level Log level string 11

logid Log ID string 10

msg Log message string 4096

policyid Policy ID uint32 10

profile The name of the profile that was used to detect and take action string 64

proto Protocol number uint8 3

quarskip Quarantine skip explanation string 46

rawdata string 1024

recipient Email addresses from the SMTP envelope string 512

ref The URL of the FortiGuard IPS database entry for the attack string 512

sender Email address from the SMTP envelope string 128

service Proxy service which scanned this traffic string 5

sessionid Session ID uint32 10

srcdomain string 255

srcintf Source Interface string 32

srcintfrole Source Interface's assigned role (LAN, WAN, etc.) string 10

srcip Source IP Address ip 39

srcport Source Port uint16 5

subject string 256

subservice string 16

subtype Subtype of the virus log string 20

time Time string 8

to Email address(es) from the Email Headers string 512


(IMAP/POP3/SMTP)

trueclntip ip 39

type Log type string 16

tz Time Zone string 5

FortiOS 6.4.7 Log Reference 170


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

unauthuser string 66

unauthusersource string 66

url The URL address string 512

user Username (authentication) string 256

vd VDOM name string 32

virus Virus Name string 128

virusid Virus ID (unique virus identifier) uint32 10

vrf uint8 3

8964 - MESGID_SCAN_ARCHIVE_CORRUPTED_WARNING

Message ID: 8964


Message Description: MESGID_SCAN_ARCHIVE_CORRUPTED_WARNING
Message Meaning: Corrupted archive (warning)
Type: AV
Category: SCANERROR
Severity: Warning

Log Field Name Description Data Type Length

action The status of the session: blocked - Blocked infected file by AV string 17
engine passthrough - Allowed by AV engine monitored - Log,
but do NOT block infected file analytics - Submitted to
Sandbox for analysis

agent User agent - eg. agent="Mozilla/5.0" string 64

analyticscksum The checksum of the file submitted for analytics string 64

analyticssubmit The flag for analytics submission string 10

attachment string 3

authserver Server used to authenticate the involved user string 64

cc string 512

cdrcontent string 256

checksum The checksum of the scanned file string 16

contentdisarmed Content Disarm action- eg. disarmed, detected string 13

craction Threat Weight action uint32 10

FortiOS 6.4.7 Log Reference 171


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

crlevel Threat Weight Level string 10

crscore Threat Weight Score uint32 10

date Date string 10

devid string 16

direction Message/packets direction string 8

dstintf Destination Interface string 32

dstintfrole Destination Interface's assigned role (LAN, WAN, etc.) string 10

dstip Destination IP Address ip 39

dstport Destination Port uint16 5

dtype Data type for virus category string 32

eventtime Time when detection occured uint64 20

eventtype Event type of AV string 32

fctuid Forticlient user ID string 32

filehash Used by Outbreak Prevention External Hash: the hash string 64


signature used in the detection

filehashsrc Used by Outbreak Prevention External Hash: external source string 32


that provided the hash signature

filename File name string 256

filetype File type string 16

forwardedfor string 128

from Email address from the Email Headers (IMAP/POP3/SMTP) string 128

group Group name (authentication) string 64

level Log level string 11

logid Log ID string 10

msg Log message string 4096

policyid Policy ID uint32 10

profile The name of the profile that was used to detect and take action string 64

proto Protocol number uint8 3

quarskip Quarantine skip explanation string 46

rawdata string 1024

recipient Email addresses from the SMTP envelope string 512

FortiOS 6.4.7 Log Reference 172


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

ref The URL of the FortiGuard IPS database entry for the attack string 512

sender Email address from the SMTP envelope string 128

service Proxy service which scanned this traffic string 5

sessionid Session ID uint32 10

srcdomain string 255

srcintf Source Interface string 32

srcintfrole Source Interface's assigned role (LAN, WAN, etc.) string 10

srcip Source IP Address ip 39

srcport Source Port uint16 5

subject string 256

subservice string 16

subtype Subtype of the virus log string 20

time Time string 8

to Email address(es) from the Email Headers string 512


(IMAP/POP3/SMTP)

trueclntip ip 39

type Log type string 16

tz Time Zone string 5

unauthuser string 66

unauthusersource string 66

url The URL address string 512

user Username (authentication) string 256

vd VDOM name string 32

virus Virus Name string 128

virusid Virus ID (unique virus identifier) uint32 10

vrf uint8 3

8965 - MESGID_SCAN_ARCHIVE_CORRUPTED_NOTIF

Message ID: 8965


Message Description: MESGID_SCAN_ARCHIVE_CORRUPTED_NOTIF
Message Meaning: Corrupted archive (notice)
Type: AV

FortiOS 6.4.7 Log Reference 173


Fortinet, Inc.
Log Messages

Category: SCANERROR
Severity: Notice

Log Field Name Description Data Type Length

action The status of the session: blocked - Blocked infected file by AV string 17
engine passthrough - Allowed by AV engine monitored - Log,
but do NOT block infected file analytics - Submitted to
Sandbox for analysis

agent User agent - eg. agent="Mozilla/5.0" string 64

analyticscksum The checksum of the file submitted for analytics string 64

analyticssubmit The flag for analytics submission string 10

attachment string 3

authserver Server used to authenticate the involved user string 64

cc string 512

cdrcontent string 256

checksum The checksum of the scanned file string 16

contentdisarmed Content Disarm action- eg. disarmed, detected string 13

craction Threat Weight action uint32 10

crlevel Threat Weight Level string 10

crscore Threat Weight Score uint32 10

date Date string 10

devid string 16

direction Message/packets direction string 8

dstintf Destination Interface string 32

dstintfrole Destination Interface's assigned role (LAN, WAN, etc.) string 10

dstip Destination IP Address ip 39

dstport Destination Port uint16 5

dtype Data type for virus category string 32

eventtime Time when detection occured uint64 20

eventtype Event type of AV string 32

fctuid Forticlient user ID string 32

filehash Used by Outbreak Prevention External Hash: the hash string 64


signature used in the detection

filehashsrc Used by Outbreak Prevention External Hash: external source string 32


that provided the hash signature

FortiOS 6.4.7 Log Reference 174


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

filename File name string 256

filetype File type string 16

forwardedfor string 128

from Email address from the Email Headers (IMAP/POP3/SMTP) string 128

group Group name (authentication) string 64

level Log level string 11

logid Log ID string 10

msg Log message string 4096

policyid Policy ID uint32 10

profile The name of the profile that was used to detect and take action string 64

proto Protocol number uint8 3

quarskip Quarantine skip explanation string 46

rawdata string 1024

recipient Email addresses from the SMTP envelope string 512

ref The URL of the FortiGuard IPS database entry for the attack string 512

sender Email address from the SMTP envelope string 128

service Proxy service which scanned this traffic string 5

sessionid Session ID uint32 10

srcdomain string 255

srcintf Source Interface string 32

srcintfrole Source Interface's assigned role (LAN, WAN, etc.) string 10

srcip Source IP Address ip 39

srcport Source Port uint16 5

subject string 256

subservice string 16

subtype Subtype of the virus log string 20

time Time string 8

to Email address(es) from the Email Headers string 512


(IMAP/POP3/SMTP)

trueclntip ip 39

type Log type string 16

FortiOS 6.4.7 Log Reference 175


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

tz Time Zone string 5

unauthuser string 66

unauthusersource string 66

url The URL address string 512

user Username (authentication) string 256

vd VDOM name string 32

virus Virus Name string 128

virusid Virus ID (unique virus identifier) uint32 10

vrf uint8 3

8966 - MESGID_SCAN_ARCHIVE_MULTIPART_WARNING

Message ID: 8966


Message Description: MESGID_SCAN_ARCHIVE_MULTIPART_WARNING
Message Meaning: File is a multipart archive or contains multiple files within the archive
Type: AV
Category: SCANERROR
Severity: Warning

Log Field Name Description Data Type Length

action The status of the session: blocked - Blocked infected file by AV string 17
engine passthrough - Allowed by AV engine monitored - Log,
but do NOT block infected file analytics - Submitted to
Sandbox for analysis

agent User agent - eg. agent="Mozilla/5.0" string 64

analyticscksum The checksum of the file submitted for analytics string 64

analyticssubmit The flag for analytics submission string 10

attachment string 3

authserver Server used to authenticate the involved user string 64

cc string 512

cdrcontent string 256

checksum The checksum of the scanned file string 16

contentdisarmed Content Disarm action- eg. disarmed, detected string 13

FortiOS 6.4.7 Log Reference 176


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

craction Threat Weight action uint32 10

crlevel Threat Weight Level string 10

crscore Threat Weight Score uint32 10

date Date string 10

devid string 16

direction Message/packets direction string 8

dstintf Destination Interface string 32

dstintfrole Destination Interface's assigned role (LAN, WAN, etc.) string 10

dstip Destination IP Address ip 39

dstport Destination Port uint16 5

dtype Data type for virus category string 32

eventtime Time when detection occured uint64 20

eventtype Event type of AV string 32

fctuid Forticlient user ID string 32

filehash Used by Outbreak Prevention External Hash: the hash string 64


signature used in the detection

filehashsrc Used by Outbreak Prevention External Hash: external source string 32


that provided the hash signature

filename File name string 256

filetype File type string 16

forwardedfor string 128

from Email address from the Email Headers (IMAP/POP3/SMTP) string 128

group Group name (authentication) string 64

level Log level string 11

logid Log ID string 10

msg Log message string 4096

policyid Policy ID uint32 10

profile The name of the profile that was used to detect and take action string 64

proto Protocol number uint8 3

quarskip Quarantine skip explanation string 46

rawdata string 1024

FortiOS 6.4.7 Log Reference 177


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

recipient Email addresses from the SMTP envelope string 512

ref The URL of the FortiGuard IPS database entry for the attack string 512

sender Email address from the SMTP envelope string 128

service Proxy service which scanned this traffic string 5

sessionid Session ID uint32 10

srcdomain string 255

srcintf Source Interface string 32

srcintfrole Source Interface's assigned role (LAN, WAN, etc.) string 10

srcip Source IP Address ip 39

srcport Source Port uint16 5

subject string 256

subservice string 16

subtype Subtype of the virus log string 20

time Time string 8

to Email address(es) from the Email Headers string 512


(IMAP/POP3/SMTP)

trueclntip ip 39

type Log type string 16

tz Time Zone string 5

unauthuser string 66

unauthusersource string 66

url The URL address string 512

user Username (authentication) string 256

vd VDOM name string 32

virus Virus Name string 128

virusid Virus ID (unique virus identifier) uint32 10

vrf uint8 3

8967 - MESGID_SCAN_ARCHIVE_MULTIPART_NOTIF

Message ID: 8967


Message Description: MESGID_SCAN_ARCHIVE_MULTIPART_NOTIF
Message Meaning: File is a multipart archive or contains multiple files within the archive

FortiOS 6.4.7 Log Reference 178


Fortinet, Inc.
Log Messages

Type: AV
Category: SCANERROR
Severity: Notice

Log Field Name Description Data Type Length

action The status of the session: blocked - Blocked infected file by AV string 17
engine passthrough - Allowed by AV engine monitored - Log,
but do NOT block infected file analytics - Submitted to
Sandbox for analysis

agent User agent - eg. agent="Mozilla/5.0" string 64

analyticscksum The checksum of the file submitted for analytics string 64

analyticssubmit The flag for analytics submission string 10

attachment string 3

authserver Server used to authenticate the involved user string 64

cc string 512

cdrcontent string 256

checksum The checksum of the scanned file string 16

contentdisarmed Content Disarm action- eg. disarmed, detected string 13

craction Threat Weight action uint32 10

crlevel Threat Weight Level string 10

crscore Threat Weight Score uint32 10

date Date string 10

devid string 16

direction Message/packets direction string 8

dstintf Destination Interface string 32

dstintfrole Destination Interface's assigned role (LAN, WAN, etc.) string 10

dstip Destination IP Address ip 39

dstport Destination Port uint16 5

dtype Data type for virus category string 32

eventtime Time when detection occured uint64 20

eventtype Event type of AV string 32

fctuid Forticlient user ID string 32

filehash Used by Outbreak Prevention External Hash: the hash string 64


signature used in the detection

FortiOS 6.4.7 Log Reference 179


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

filehashsrc Used by Outbreak Prevention External Hash: external source string 32


that provided the hash signature

filename File name string 256

filetype File type string 16

forwardedfor string 128

from Email address from the Email Headers (IMAP/POP3/SMTP) string 128

group Group name (authentication) string 64

level Log level string 11

logid Log ID string 10

msg Log message string 4096

policyid Policy ID uint32 10

profile The name of the profile that was used to detect and take action string 64

proto Protocol number uint8 3

quarskip Quarantine skip explanation string 46

rawdata string 1024

recipient Email addresses from the SMTP envelope string 512

ref The URL of the FortiGuard IPS database entry for the attack string 512

sender Email address from the SMTP envelope string 128

service Proxy service which scanned this traffic string 5

sessionid Session ID uint32 10

srcdomain string 255

srcintf Source Interface string 32

srcintfrole Source Interface's assigned role (LAN, WAN, etc.) string 10

srcip Source IP Address ip 39

srcport Source Port uint16 5

subject string 256

subservice string 16

subtype Subtype of the virus log string 20

time Time string 8

to Email address(es) from the Email Headers string 512


(IMAP/POP3/SMTP)

FortiOS 6.4.7 Log Reference 180


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

trueclntip ip 39

type Log type string 16

tz Time Zone string 5

unauthuser string 66

unauthusersource string 66

url The URL address string 512

user Username (authentication) string 256

vd VDOM name string 32

virus Virus Name string 128

virusid Virus ID (unique virus identifier) uint32 10

vrf uint8 3

8968 - MESGID_SCAN_ARCHIVE_NESTED_WARNING

Message ID: 8968


Message Description: MESGID_SCAN_ARCHIVE_NESTED_WARNING
Message Meaning: File is a nested archived file
Type: AV
Category: SCANERROR
Severity: Warning

Log Field Name Description Data Type Length

action The status of the session: blocked - Blocked infected file by AV string 17
engine passthrough - Allowed by AV engine monitored - Log,
but do NOT block infected file analytics - Submitted to
Sandbox for analysis

agent User agent - eg. agent="Mozilla/5.0" string 64

analyticscksum The checksum of the file submitted for analytics string 64

analyticssubmit The flag for analytics submission string 10

attachment string 3

authserver Server used to authenticate the involved user string 64

cc string 512

cdrcontent string 256

FortiOS 6.4.7 Log Reference 181


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

checksum The checksum of the scanned file string 16

contentdisarmed Content Disarm action- eg. disarmed, detected string 13

craction Threat Weight action uint32 10

crlevel Threat Weight Level string 10

crscore Threat Weight Score uint32 10

date Date string 10

devid string 16

direction Message/packets direction string 8

dstintf Destination Interface string 32

dstintfrole Destination Interface's assigned role (LAN, WAN, etc.) string 10

dstip Destination IP Address ip 39

dstport Destination Port uint16 5

dtype Data type for virus category string 32

eventtime Time when detection occured uint64 20

eventtype Event type of AV string 32

fctuid Forticlient user ID string 32

filehash Used by Outbreak Prevention External Hash: the hash string 64


signature used in the detection

filehashsrc Used by Outbreak Prevention External Hash: external source string 32


that provided the hash signature

filename File name string 256

filetype File type string 16

forwardedfor string 128

from Email address from the Email Headers (IMAP/POP3/SMTP) string 128

group Group name (authentication) string 64

level Log level string 11

logid Log ID string 10

msg Log message string 4096

policyid Policy ID uint32 10

profile The name of the profile that was used to detect and take action string 64

proto Protocol number uint8 3

FortiOS 6.4.7 Log Reference 182


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

quarskip Quarantine skip explanation string 46

rawdata string 1024

recipient Email addresses from the SMTP envelope string 512

ref The URL of the FortiGuard IPS database entry for the attack string 512

sender Email address from the SMTP envelope string 128

service Proxy service which scanned this traffic string 5

sessionid Session ID uint32 10

srcdomain string 255

srcintf Source Interface string 32

srcintfrole Source Interface's assigned role (LAN, WAN, etc.) string 10

srcip Source IP Address ip 39

srcport Source Port uint16 5

subject string 256

subservice string 16

subtype Subtype of the virus log string 20

time Time string 8

to Email address(es) from the Email Headers string 512


(IMAP/POP3/SMTP)

trueclntip ip 39

type Log type string 16

tz Time Zone string 5

unauthuser string 66

unauthusersource string 66

url The URL address string 512

user Username (authentication) string 256

vd VDOM name string 32

virus Virus Name string 128

virusid Virus ID (unique virus identifier) uint32 10

vrf uint8 3

8969 - MESGID_SCAN_ARCHIVE_NESTED_NOTIF

Message ID: 8969

FortiOS 6.4.7 Log Reference 183


Fortinet, Inc.
Log Messages

Message Description: MESGID_SCAN_ARCHIVE_NESTED_NOTIF


Message Meaning: File is an archived type unhandled
Type: AV
Category: SCANERROR
Severity: Notice

Log Field Name Description Data Type Length

action The status of the session: blocked - Blocked infected file by AV string 17
engine passthrough - Allowed by AV engine monitored - Log,
but do NOT block infected file analytics - Submitted to
Sandbox for analysis

agent User agent - eg. agent="Mozilla/5.0" string 64

analyticscksum The checksum of the file submitted for analytics string 64

analyticssubmit The flag for analytics submission string 10

attachment string 3

authserver Server used to authenticate the involved user string 64

cc string 512

cdrcontent string 256

checksum The checksum of the scanned file string 16

contentdisarmed Content Disarm action- eg. disarmed, detected string 13

craction Threat Weight action uint32 10

crlevel Threat Weight Level string 10

crscore Threat Weight Score uint32 10

date Date string 10

devid string 16

direction Message/packets direction string 8

dstintf Destination Interface string 32

dstintfrole Destination Interface's assigned role (LAN, WAN, etc.) string 10

dstip Destination IP Address ip 39

dstport Destination Port uint16 5

dtype Data type for virus category string 32

eventtime Time when detection occured uint64 20

eventtype Event type of AV string 32

fctuid Forticlient user ID string 32

FortiOS 6.4.7 Log Reference 184


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

filehash Used by Outbreak Prevention External Hash: the hash string 64


signature used in the detection

filehashsrc Used by Outbreak Prevention External Hash: external source string 32


that provided the hash signature

filename File name string 256

filetype File type string 16

forwardedfor string 128

from Email address from the Email Headers (IMAP/POP3/SMTP) string 128

group Group name (authentication) string 64

level Log level string 11

logid Log ID string 10

msg Log message string 4096

policyid Policy ID uint32 10

profile The name of the profile that was used to detect and take action string 64

proto Protocol number uint8 3

quarskip Quarantine skip explanation string 46

rawdata string 1024

recipient Email addresses from the SMTP envelope string 512

ref The URL of the FortiGuard IPS database entry for the attack string 512

sender Email address from the SMTP envelope string 128

service Proxy service which scanned this traffic string 5

sessionid Session ID uint32 10

srcdomain string 255

srcintf Source Interface string 32

srcintfrole Source Interface's assigned role (LAN, WAN, etc.) string 10

srcip Source IP Address ip 39

srcport Source Port uint16 5

subject string 256

subservice string 16

subtype Subtype of the virus log string 20

time Time string 8

FortiOS 6.4.7 Log Reference 185


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

to Email address(es) from the Email Headers string 512


(IMAP/POP3/SMTP)

trueclntip ip 39

type Log type string 16

tz Time Zone string 5

unauthuser string 66

unauthusersource string 66

url The URL address string 512

user Username (authentication) string 256

vd VDOM name string 32

virus Virus Name string 128

virusid Virus ID (unique virus identifier) uint32 10

vrf uint8 3

8970 - MESGID_SCAN_ARCHIVE_OVERSIZE_WARNING

Message ID: 8970


Message Description: MESGID_SCAN_ARCHIVE_OVERSIZE_WARNING
Message Meaning: Archived file is oversized
Type: AV
Category: SCANERROR
Severity: Warning

Log Field Name Description Data Type Length

action The status of the session: blocked - Blocked infected file by AV string 17
engine passthrough - Allowed by AV engine monitored - Log,
but do NOT block infected file analytics - Submitted to
Sandbox for analysis

agent User agent - eg. agent="Mozilla/5.0" string 64

analyticscksum The checksum of the file submitted for analytics string 64

analyticssubmit The flag for analytics submission string 10

attachment string 3

authserver Server used to authenticate the involved user string 64

cc string 512

FortiOS 6.4.7 Log Reference 186


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

cdrcontent string 256

checksum The checksum of the scanned file string 16

contentdisarmed Content Disarm action- eg. disarmed, detected string 13

craction Threat Weight action uint32 10

crlevel Threat Weight Level string 10

crscore Threat Weight Score uint32 10

date Date string 10

devid string 16

direction Message/packets direction string 8

dstintf Destination Interface string 32

dstintfrole Destination Interface's assigned role (LAN, WAN, etc.) string 10

dstip Destination IP Address ip 39

dstport Destination Port uint16 5

dtype Data type for virus category string 32

eventtime Time when detection occured uint64 20

eventtype Event type of AV string 32

fctuid Forticlient user ID string 32

filehash Used by Outbreak Prevention External Hash: the hash string 64


signature used in the detection

filehashsrc Used by Outbreak Prevention External Hash: external source string 32


that provided the hash signature

filename File name string 256

filetype File type string 16

forwardedfor string 128

from Email address from the Email Headers (IMAP/POP3/SMTP) string 128

group Group name (authentication) string 64

level Log level string 11

logid Log ID string 10

msg Log message string 4096

policyid Policy ID uint32 10

profile The name of the profile that was used to detect and take action string 64

FortiOS 6.4.7 Log Reference 187


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

proto Protocol number uint8 3

quarskip Quarantine skip explanation string 46

rawdata string 1024

recipient Email addresses from the SMTP envelope string 512

ref The URL of the FortiGuard IPS database entry for the attack string 512

sender Email address from the SMTP envelope string 128

service Proxy service which scanned this traffic string 5

sessionid Session ID uint32 10

srcdomain string 255

srcintf Source Interface string 32

srcintfrole Source Interface's assigned role (LAN, WAN, etc.) string 10

srcip Source IP Address ip 39

srcport Source Port uint16 5

subject string 256

subservice string 16

subtype Subtype of the virus log string 20

time Time string 8

to Email address(es) from the Email Headers string 512


(IMAP/POP3/SMTP)

trueclntip ip 39

type Log type string 16

tz Time Zone string 5

unauthuser string 66

unauthusersource string 66

url The URL address string 512

user Username (authentication) string 256

vd VDOM name string 32

virus Virus Name string 128

virusid Virus ID (unique virus identifier) uint32 10

vrf uint8 3

FortiOS 6.4.7 Log Reference 188


Fortinet, Inc.
Log Messages

8971 - MESGID_SCAN_ARCHIVE_OVERSIZE_NOTIF

Message ID: 8971


Message Description: MESGID_SCAN_ARCHIVE_OVERSIZE_NOTIF
Message Meaning: Archived file is oversized
Type: AV
Category: SCANERROR
Severity: Notice

Log Field Name Description Data Type Length

action The status of the session: blocked - Blocked infected file by AV string 17
engine passthrough - Allowed by AV engine monitored - Log,
but do NOT block infected file analytics - Submitted to
Sandbox for analysis

agent User agent - eg. agent="Mozilla/5.0" string 64

analyticscksum The checksum of the file submitted for analytics string 64

analyticssubmit The flag for analytics submission string 10

attachment string 3

authserver Server used to authenticate the involved user string 64

cc string 512

cdrcontent string 256

checksum The checksum of the scanned file string 16

contentdisarmed Content Disarm action- eg. disarmed, detected string 13

craction Threat Weight action uint32 10

crlevel Threat Weight Level string 10

crscore Threat Weight Score uint32 10

date Date string 10

devid string 16

direction Message/packets direction string 8

dstintf Destination Interface string 32

dstintfrole Destination Interface's assigned role (LAN, WAN, etc.) string 10

dstip Destination IP Address ip 39

dstport Destination Port uint16 5

dtype Data type for virus category string 32

FortiOS 6.4.7 Log Reference 189


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

eventtime Time when detection occured uint64 20

eventtype Event type of AV string 32

fctuid Forticlient user ID string 32

filehash Used by Outbreak Prevention External Hash: the hash string 64


signature used in the detection

filehashsrc Used by Outbreak Prevention External Hash: external source string 32


that provided the hash signature

filename File name string 256

filetype File type string 16

forwardedfor string 128

from Email address from the Email Headers (IMAP/POP3/SMTP) string 128

group Group name (authentication) string 64

level Log level string 11

logid Log ID string 10

msg Log message string 4096

policyid Policy ID uint32 10

profile The name of the profile that was used to detect and take action string 64

proto Protocol number uint8 3

quarskip Quarantine skip explanation string 46

rawdata string 1024

recipient Email addresses from the SMTP envelope string 512

ref The URL of the FortiGuard IPS database entry for the attack string 512

sender Email address from the SMTP envelope string 128

service Proxy service which scanned this traffic string 5

sessionid Session ID uint32 10

srcdomain string 255

srcintf Source Interface string 32

srcintfrole Source Interface's assigned role (LAN, WAN, etc.) string 10

srcip Source IP Address ip 39

srcport Source Port uint16 5

subject string 256

FortiOS 6.4.7 Log Reference 190


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

subservice string 16

subtype Subtype of the virus log string 20

time Time string 8

to Email address(es) from the Email Headers string 512


(IMAP/POP3/SMTP)

trueclntip ip 39

type Log type string 16

tz Time Zone string 5

unauthuser string 66

unauthusersource string 66

url The URL address string 512

user Username (authentication) string 256

vd VDOM name string 32

virus Virus Name string 128

virusid Virus ID (unique virus identifier) uint32 10

vrf uint8 3

8972 - MESGID_SCAN_ARCHIVE_UNHANDLED_WARNING

Message ID: 8972


Message Description: MESGID_SCAN_ARCHIVE_UNHANDLED_WARNING
Message Meaning: Unhandled archive (warning)
Type: AV
Category: SCANERROR
Severity: Warning

Log Field Name Description Data Type Length

action The status of the session: blocked - Blocked infected file by AV string 17
engine passthrough - Allowed by AV engine monitored - Log,
but do NOT block infected file analytics - Submitted to
Sandbox for analysis

agent User agent - eg. agent="Mozilla/5.0" string 64

analyticscksum The checksum of the file submitted for analytics string 64

analyticssubmit The flag for analytics submission string 10

FortiOS 6.4.7 Log Reference 191


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

attachment string 3

authserver Server used to authenticate the involved user string 64

cc string 512

cdrcontent string 256

checksum The checksum of the scanned file string 16

contentdisarmed Content Disarm action- eg. disarmed, detected string 13

craction Threat Weight action uint32 10

crlevel Threat Weight Level string 10

crscore Threat Weight Score uint32 10

date Date string 10

devid string 16

direction Message/packets direction string 8

dstintf Destination Interface string 32

dstintfrole Destination Interface's assigned role (LAN, WAN, etc.) string 10

dstip Destination IP Address ip 39

dstport Destination Port uint16 5

dtype Data type for virus category string 32

eventtime Time when detection occured uint64 20

eventtype Event type of AV string 32

fctuid Forticlient user ID string 32

filehash Used by Outbreak Prevention External Hash: the hash string 64


signature used in the detection

filehashsrc Used by Outbreak Prevention External Hash: external source string 32


that provided the hash signature

filename File name string 256

filetype File type string 16

forwardedfor string 128

from Email address from the Email Headers (IMAP/POP3/SMTP) string 128

group Group name (authentication) string 64

level Log level string 11

logid Log ID string 10

FortiOS 6.4.7 Log Reference 192


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

msg Log message string 4096

policyid Policy ID uint32 10

profile The name of the profile that was used to detect and take action string 64

proto Protocol number uint8 3

quarskip Quarantine skip explanation string 46

rawdata string 1024

recipient Email addresses from the SMTP envelope string 512

ref The URL of the FortiGuard IPS database entry for the attack string 512

sender Email address from the SMTP envelope string 128

service Proxy service which scanned this traffic string 5

sessionid Session ID uint32 10

srcdomain string 255

srcintf Source Interface string 32

srcintfrole Source Interface's assigned role (LAN, WAN, etc.) string 10

srcip Source IP Address ip 39

srcport Source Port uint16 5

subject string 256

subservice string 16

subtype Subtype of the virus log string 20

time Time string 8

to Email address(es) from the Email Headers string 512


(IMAP/POP3/SMTP)

trueclntip ip 39

type Log type string 16

tz Time Zone string 5

unauthuser string 66

unauthusersource string 66

url The URL address string 512

user Username (authentication) string 256

vd VDOM name string 32

virus Virus Name string 128

FortiOS 6.4.7 Log Reference 193


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

virusid Virus ID (unique virus identifier) uint32 10

vrf uint8 3

8973 - MESGID_SCAN_ARCHIVE_UNHANDLED_NOTIF

Message ID: 8973


Message Description: MESGID_SCAN_ARCHIVE_UNHANDLED_NOTIF
Message Meaning: Unhandled archive (notice)
Type: AV
Category: SCANERROR
Severity: Notice

Log Field Name Description Data Type Length

action The status of the session: blocked - Blocked infected file by AV string 17
engine passthrough - Allowed by AV engine monitored - Log,
but do NOT block infected file analytics - Submitted to
Sandbox for analysis

agent User agent - eg. agent="Mozilla/5.0" string 64

analyticscksum The checksum of the file submitted for analytics string 64

analyticssubmit The flag for analytics submission string 10

attachment string 3

authserver Server used to authenticate the involved user string 64

cc string 512

cdrcontent string 256

checksum The checksum of the scanned file string 16

contentdisarmed Content Disarm action- eg. disarmed, detected string 13

craction Threat Weight action uint32 10

crlevel Threat Weight Level string 10

crscore Threat Weight Score uint32 10

date Date string 10

devid string 16

direction Message/packets direction string 8

dstintf Destination Interface string 32

FortiOS 6.4.7 Log Reference 194


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

dstintfrole Destination Interface's assigned role (LAN, WAN, etc.) string 10

dstip Destination IP Address ip 39

dstport Destination Port uint16 5

dtype Data type for virus category string 32

eventtime Time when detection occured uint64 20

eventtype Event type of AV string 32

fctuid Forticlient user ID string 32

filehash Used by Outbreak Prevention External Hash: the hash string 64


signature used in the detection

filehashsrc Used by Outbreak Prevention External Hash: external source string 32


that provided the hash signature

filename File name string 256

filetype File type string 16

forwardedfor string 128

from Email address from the Email Headers (IMAP/POP3/SMTP) string 128

group Group name (authentication) string 64

level Log level string 11

logid Log ID string 10

msg Log message string 4096

policyid Policy ID uint32 10

profile The name of the profile that was used to detect and take action string 64

proto Protocol number uint8 3

quarskip Quarantine skip explanation string 46

rawdata string 1024

recipient Email addresses from the SMTP envelope string 512

ref The URL of the FortiGuard IPS database entry for the attack string 512

sender Email address from the SMTP envelope string 128

service Proxy service which scanned this traffic string 5

sessionid Session ID uint32 10

srcdomain string 255

srcintf Source Interface string 32

FortiOS 6.4.7 Log Reference 195


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

srcintfrole Source Interface's assigned role (LAN, WAN, etc.) string 10

srcip Source IP Address ip 39

srcport Source Port uint16 5

subject string 256

subservice string 16

subtype Subtype of the virus log string 20

time Time string 8

to Email address(es) from the Email Headers string 512


(IMAP/POP3/SMTP)

trueclntip ip 39

type Log type string 16

tz Time Zone string 5

unauthuser string 66

unauthusersource string 66

url The URL address string 512

user Username (authentication) string 256

vd VDOM name string 32

virus Virus Name string 128

virusid Virus ID (unique virus identifier) uint32 10

vrf uint8 3

8974 - MESGID_SCAN_AV_ENGINE_LOAD_FAILED_ERROR

Message ID: 8974


Message Description: MESGID_SCAN_AV_ENGINE_LOAD_FAILED_ERROR
Message Meaning: AV Engine load failed
Type: AV
Category: SCANERROR
Severity: Error

FortiOS 6.4.7 Log Reference 196


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

action The status of the session: blocked - Blocked infected file by AV string 17
engine passthrough - Allowed by AV engine monitored - Log,
but do NOT block infected file analytics - Submitted to
Sandbox for analysis

agent User agent - eg. agent="Mozilla/5.0" string 64

analyticscksum The checksum of the file submitted for analytics string 64

analyticssubmit The flag for analytics submission string 10

attachment string 3

authserver Server used to authenticate the involved user string 64

cc string 512

cdrcontent string 256

checksum The checksum of the scanned file string 16

contentdisarmed Content Disarm action- eg. disarmed, detected string 13

craction Threat Weight action uint32 10

crlevel Threat Weight Level string 10

crscore Threat Weight Score uint32 10

date Date string 10

devid string 16

direction Message/packets direction string 8

dstintf Destination Interface string 32

dstintfrole Destination Interface's assigned role (LAN, WAN, etc.) string 10

dstip Destination IP Address ip 39

dstport Destination Port uint16 5

dtype Data type for virus category string 32

eventtime Time when detection occured uint64 20

eventtype Event type of AV string 32

fctuid Forticlient user ID string 32

filehash Used by Outbreak Prevention External Hash: the hash string 64


signature used in the detection

filehashsrc Used by Outbreak Prevention External Hash: external source string 32


that provided the hash signature

filename File name string 256

FortiOS 6.4.7 Log Reference 197


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

filetype File type string 16

forwardedfor string 128

from Email address from the Email Headers (IMAP/POP3/SMTP) string 128

group Group name (authentication) string 64

level Log level string 11

logid Log ID string 10

msg Log message string 4096

policyid Policy ID uint32 10

profile The name of the profile that was used to detect and take action string 64

proto Protocol number uint8 3

quarskip Quarantine skip explanation string 46

rawdata string 1024

recipient Email addresses from the SMTP envelope string 512

ref The URL of the FortiGuard IPS database entry for the attack string 512

sender Email address from the SMTP envelope string 128

service Proxy service which scanned this traffic string 5

sessionid Session ID uint32 10

srcdomain string 255

srcintf Source Interface string 32

srcintfrole Source Interface's assigned role (LAN, WAN, etc.) string 10

srcip Source IP Address ip 39

srcport Source Port uint16 5

subject string 256

subservice string 16

subtype Subtype of the virus log string 20

time Time string 8

to Email address(es) from the Email Headers string 512


(IMAP/POP3/SMTP)

trueclntip ip 39

type Log type string 16

tz Time Zone string 5

FortiOS 6.4.7 Log Reference 198


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

unauthuser string 66

unauthusersource string 66

url The URL address string 512

user Username (authentication) string 256

vd VDOM name string 32

virus Virus Name string 128

virusid Virus ID (unique virus identifier) uint32 10

vrf uint8 3

8975 - MESGID_SCAN_ARCHIVE_PARTIALLYCORRUPTED_WARNING

Message ID: 8975


Message Description: MESGID_SCAN_ARCHIVE_PARTIALLYCORRUPTED_WARNING
Message Meaning: Partially corrupted archive (warning)
Type: AV
Category: SCANERROR
Severity: Warning

Log Field Name Description Data Type Length

action The status of the session: blocked - Blocked infected file by AV string 17
engine passthrough - Allowed by AV engine monitored - Log,
but do NOT block infected file analytics - Submitted to
Sandbox for analysis

agent User agent - eg. agent="Mozilla/5.0" string 64

analyticscksum The checksum of the file submitted for analytics string 64

analyticssubmit The flag for analytics submission string 10

attachment string 3

authserver Server used to authenticate the involved user string 64

cc string 512

cdrcontent string 256

checksum The checksum of the scanned file string 16

contentdisarmed Content Disarm action- eg. disarmed, detected string 13

craction Threat Weight action uint32 10

FortiOS 6.4.7 Log Reference 199


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

crlevel Threat Weight Level string 10

crscore Threat Weight Score uint32 10

date Date string 10

devid string 16

direction Message/packets direction string 8

dstintf Destination Interface string 32

dstintfrole Destination Interface's assigned role (LAN, WAN, etc.) string 10

dstip Destination IP Address ip 39

dstport Destination Port uint16 5

dtype Data type for virus category string 32

eventtime Time when detection occured uint64 20

eventtype Event type of AV string 32

fctuid Forticlient user ID string 32

filehash Used by Outbreak Prevention External Hash: the hash string 64


signature used in the detection

filehashsrc Used by Outbreak Prevention External Hash: external source string 32


that provided the hash signature

filename File name string 256

filetype File type string 16

forwardedfor string 128

from Email address from the Email Headers (IMAP/POP3/SMTP) string 128

group Group name (authentication) string 64

level Log level string 11

logid Log ID string 10

msg Log message string 4096

policyid Policy ID uint32 10

profile The name of the profile that was used to detect and take action string 64

proto Protocol number uint8 3

quarskip Quarantine skip explanation string 46

rawdata string 1024

recipient Email addresses from the SMTP envelope string 512

FortiOS 6.4.7 Log Reference 200


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

ref The URL of the FortiGuard IPS database entry for the attack string 512

sender Email address from the SMTP envelope string 128

service Proxy service which scanned this traffic string 5

sessionid Session ID uint32 10

srcdomain string 255

srcintf Source Interface string 32

srcintfrole Source Interface's assigned role (LAN, WAN, etc.) string 10

srcip Source IP Address ip 39

srcport Source Port uint16 5

subject string 256

subservice string 16

subtype Subtype of the virus log string 20

time Time string 8

to Email address(es) from the Email Headers string 512


(IMAP/POP3/SMTP)

trueclntip ip 39

type Log type string 16

tz Time Zone string 5

unauthuser string 66

unauthusersource string 66

url The URL address string 512

user Username (authentication) string 256

vd VDOM name string 32

virus Virus Name string 128

virusid Virus ID (unique virus identifier) uint32 10

vrf uint8 3

8976 - MESGID_SCAN_ARCHIVE_PARTIALLYCORRUPTED_NOTIF

Message ID: 8976


Message Description: MESGID_SCAN_ARCHIVE_PARTIALLYCORRUPTED_NOTIF
Message Meaning: Partially corrupted archive (notice)
Type: AV

FortiOS 6.4.7 Log Reference 201


Fortinet, Inc.
Log Messages

Category: SCANERROR
Severity: Notice

Log Field Name Description Data Type Length

action The status of the session: blocked - Blocked infected file by AV string 17
engine passthrough - Allowed by AV engine monitored - Log,
but do NOT block infected file analytics - Submitted to
Sandbox for analysis

agent User agent - eg. agent="Mozilla/5.0" string 64

analyticscksum The checksum of the file submitted for analytics string 64

analyticssubmit The flag for analytics submission string 10

attachment string 3

authserver Server used to authenticate the involved user string 64

cc string 512

cdrcontent string 256

checksum The checksum of the scanned file string 16

contentdisarmed Content Disarm action- eg. disarmed, detected string 13

craction Threat Weight action uint32 10

crlevel Threat Weight Level string 10

crscore Threat Weight Score uint32 10

date Date string 10

devid string 16

direction Message/packets direction string 8

dstintf Destination Interface string 32

dstintfrole Destination Interface's assigned role (LAN, WAN, etc.) string 10

dstip Destination IP Address ip 39

dstport Destination Port uint16 5

dtype Data type for virus category string 32

eventtime Time when detection occured uint64 20

eventtype Event type of AV string 32

fctuid Forticlient user ID string 32

filehash Used by Outbreak Prevention External Hash: the hash string 64


signature used in the detection

filehashsrc Used by Outbreak Prevention External Hash: external source string 32


that provided the hash signature

FortiOS 6.4.7 Log Reference 202


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

filename File name string 256

filetype File type string 16

forwardedfor string 128

from Email address from the Email Headers (IMAP/POP3/SMTP) string 128

group Group name (authentication) string 64

level Log level string 11

logid Log ID string 10

msg Log message string 4096

policyid Policy ID uint32 10

profile The name of the profile that was used to detect and take action string 64

proto Protocol number uint8 3

quarskip Quarantine skip explanation string 46

rawdata string 1024

recipient Email addresses from the SMTP envelope string 512

ref The URL of the FortiGuard IPS database entry for the attack string 512

sender Email address from the SMTP envelope string 128

service Proxy service which scanned this traffic string 5

sessionid Session ID uint32 10

srcdomain string 255

srcintf Source Interface string 32

srcintfrole Source Interface's assigned role (LAN, WAN, etc.) string 10

srcip Source IP Address ip 39

srcport Source Port uint16 5

subject string 256

subservice string 16

subtype Subtype of the virus log string 20

time Time string 8

to Email address(es) from the Email Headers string 512


(IMAP/POP3/SMTP)

trueclntip ip 39

type Log type string 16

FortiOS 6.4.7 Log Reference 203


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

tz Time Zone string 5

unauthuser string 66

unauthusersource string 66

url The URL address string 512

user Username (authentication) string 256

vd VDOM name string 32

virus Virus Name string 128

virusid Virus ID (unique virus identifier) uint32 10

vrf uint8 3

8977 - MESGID_SCAN_ARCHIVE_FILESLIMIT_WARNING

Message ID: 8977


Message Description: MESGID_SCAN_ARCHIVE_FILESLIMIT_WARNING
Message Meaning: Exceeded archive files limit (warning)
Type: AV
Category: SCANERROR
Severity: Warning

Log Field Name Description Data Type Length

action The status of the session: blocked - Blocked infected file by AV string 17
engine passthrough - Allowed by AV engine monitored - Log,
but do NOT block infected file analytics - Submitted to
Sandbox for analysis

agent User agent - eg. agent="Mozilla/5.0" string 64

analyticscksum The checksum of the file submitted for analytics string 64

analyticssubmit The flag for analytics submission string 10

attachment string 3

authserver Server used to authenticate the involved user string 64

cc string 512

cdrcontent string 256

checksum The checksum of the scanned file string 16

contentdisarmed Content Disarm action- eg. disarmed, detected string 13

FortiOS 6.4.7 Log Reference 204


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

craction Threat Weight action uint32 10

crlevel Threat Weight Level string 10

crscore Threat Weight Score uint32 10

date Date string 10

devid string 16

direction Message/packets direction string 8

dstintf Destination Interface string 32

dstintfrole Destination Interface's assigned role (LAN, WAN, etc.) string 10

dstip Destination IP Address ip 39

dstport Destination Port uint16 5

dtype Data type for virus category string 32

eventtime Time when detection occured uint64 20

eventtype Event type of AV string 32

fctuid Forticlient user ID string 32

filehash Used by Outbreak Prevention External Hash: the hash string 64


signature used in the detection

filehashsrc Used by Outbreak Prevention External Hash: external source string 32


that provided the hash signature

filename File name string 256

filetype File type string 16

forwardedfor string 128

from Email address from the Email Headers (IMAP/POP3/SMTP) string 128

group Group name (authentication) string 64

level Log level string 11

logid Log ID string 10

msg Log message string 4096

policyid Policy ID uint32 10

profile The name of the profile that was used to detect and take action string 64

proto Protocol number uint8 3

quarskip Quarantine skip explanation string 46

rawdata string 1024

FortiOS 6.4.7 Log Reference 205


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

recipient Email addresses from the SMTP envelope string 512

ref The URL of the FortiGuard IPS database entry for the attack string 512

sender Email address from the SMTP envelope string 128

service Proxy service which scanned this traffic string 5

sessionid Session ID uint32 10

srcdomain string 255

srcintf Source Interface string 32

srcintfrole Source Interface's assigned role (LAN, WAN, etc.) string 10

srcip Source IP Address ip 39

srcport Source Port uint16 5

subject string 256

subservice string 16

subtype Subtype of the virus log string 20

time Time string 8

to Email address(es) from the Email Headers string 512


(IMAP/POP3/SMTP)

trueclntip ip 39

type Log type string 16

tz Time Zone string 5

unauthuser string 66

unauthusersource string 66

url The URL address string 512

user Username (authentication) string 256

vd VDOM name string 32

virus Virus Name string 128

virusid Virus ID (unique virus identifier) uint32 10

vrf uint8 3

8978 - MESGID_SCAN_ARCHIVE_FILESLIMIT_NOTIF

Message ID: 8978


Message Description: MESGID_SCAN_ARCHIVE_FILESLIMIT_NOTIF
Message Meaning: Exceeded archive files limit (notice)

FortiOS 6.4.7 Log Reference 206


Fortinet, Inc.
Log Messages

Type: AV
Category: SCANERROR
Severity: Notice

Log Field Name Description Data Type Length

action The status of the session: blocked - Blocked infected file by AV string 17
engine passthrough - Allowed by AV engine monitored - Log,
but do NOT block infected file analytics - Submitted to
Sandbox for analysis

agent User agent - eg. agent="Mozilla/5.0" string 64

analyticscksum The checksum of the file submitted for analytics string 64

analyticssubmit The flag for analytics submission string 10

attachment string 3

authserver Server used to authenticate the involved user string 64

cc string 512

cdrcontent string 256

checksum The checksum of the scanned file string 16

contentdisarmed Content Disarm action- eg. disarmed, detected string 13

craction Threat Weight action uint32 10

crlevel Threat Weight Level string 10

crscore Threat Weight Score uint32 10

date Date string 10

devid string 16

direction Message/packets direction string 8

dstintf Destination Interface string 32

dstintfrole Destination Interface's assigned role (LAN, WAN, etc.) string 10

dstip Destination IP Address ip 39

dstport Destination Port uint16 5

dtype Data type for virus category string 32

eventtime Time when detection occured uint64 20

eventtype Event type of AV string 32

fctuid Forticlient user ID string 32

filehash Used by Outbreak Prevention External Hash: the hash string 64


signature used in the detection

FortiOS 6.4.7 Log Reference 207


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

filehashsrc Used by Outbreak Prevention External Hash: external source string 32


that provided the hash signature

filename File name string 256

filetype File type string 16

forwardedfor string 128

from Email address from the Email Headers (IMAP/POP3/SMTP) string 128

group Group name (authentication) string 64

level Log level string 11

logid Log ID string 10

msg Log message string 4096

policyid Policy ID uint32 10

profile The name of the profile that was used to detect and take action string 64

proto Protocol number uint8 3

quarskip Quarantine skip explanation string 46

rawdata string 1024

recipient Email addresses from the SMTP envelope string 512

ref The URL of the FortiGuard IPS database entry for the attack string 512

sender Email address from the SMTP envelope string 128

service Proxy service which scanned this traffic string 5

sessionid Session ID uint32 10

srcdomain string 255

srcintf Source Interface string 32

srcintfrole Source Interface's assigned role (LAN, WAN, etc.) string 10

srcip Source IP Address ip 39

srcport Source Port uint16 5

subject string 256

subservice string 16

subtype Subtype of the virus log string 20

time Time string 8

to Email address(es) from the Email Headers string 512


(IMAP/POP3/SMTP)

FortiOS 6.4.7 Log Reference 208


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

trueclntip ip 39

type Log type string 16

tz Time Zone string 5

unauthuser string 66

unauthusersource string 66

url The URL address string 512

user Username (authentication) string 256

vd VDOM name string 32

virus Virus Name string 128

virusid Virus ID (unique virus identifier) uint32 10

vrf uint8 3

8979 - MESGID_SCAN_ARCHIVE_TIMEOUT_WARNING

Message ID: 8979


Message Description: MESGID_SCAN_ARCHIVE_TIMEOUT_WARNING
Message Meaning: Archive scan timeout (warning)
Type: AV
Category: SCANERROR
Severity: Warning

Log Field Name Description Data Type Length

action The status of the session: blocked - Blocked infected file by AV string 17
engine passthrough - Allowed by AV engine monitored - Log,
but do NOT block infected file analytics - Submitted to
Sandbox for analysis

agent User agent - eg. agent="Mozilla/5.0" string 64

analyticscksum The checksum of the file submitted for analytics string 64

analyticssubmit The flag for analytics submission string 10

attachment string 3

authserver Server used to authenticate the involved user string 64

cc string 512

cdrcontent string 256

FortiOS 6.4.7 Log Reference 209


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

checksum The checksum of the scanned file string 16

contentdisarmed Content Disarm action- eg. disarmed, detected string 13

craction Threat Weight action uint32 10

crlevel Threat Weight Level string 10

crscore Threat Weight Score uint32 10

date Date string 10

devid string 16

direction Message/packets direction string 8

dstintf Destination Interface string 32

dstintfrole Destination Interface's assigned role (LAN, WAN, etc.) string 10

dstip Destination IP Address ip 39

dstport Destination Port uint16 5

dtype Data type for virus category string 32

eventtime Time when detection occured uint64 20

eventtype Event type of AV string 32

fctuid Forticlient user ID string 32

filehash Used by Outbreak Prevention External Hash: the hash string 64


signature used in the detection

filehashsrc Used by Outbreak Prevention External Hash: external source string 32


that provided the hash signature

filename File name string 256

filetype File type string 16

forwardedfor string 128

from Email address from the Email Headers (IMAP/POP3/SMTP) string 128

group Group name (authentication) string 64

level Log level string 11

logid Log ID string 10

msg Log message string 4096

policyid Policy ID uint32 10

profile The name of the profile that was used to detect and take action string 64

proto Protocol number uint8 3

FortiOS 6.4.7 Log Reference 210


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

quarskip Quarantine skip explanation string 46

rawdata string 1024

recipient Email addresses from the SMTP envelope string 512

ref The URL of the FortiGuard IPS database entry for the attack string 512

sender Email address from the SMTP envelope string 128

service Proxy service which scanned this traffic string 5

sessionid Session ID uint32 10

srcdomain string 255

srcintf Source Interface string 32

srcintfrole Source Interface's assigned role (LAN, WAN, etc.) string 10

srcip Source IP Address ip 39

srcport Source Port uint16 5

subject string 256

subservice string 16

subtype Subtype of the virus log string 20

time Time string 8

to Email address(es) from the Email Headers string 512


(IMAP/POP3/SMTP)

trueclntip ip 39

type Log type string 16

tz Time Zone string 5

unauthuser string 66

unauthusersource string 66

url The URL address string 512

user Username (authentication) string 256

vd VDOM name string 32

virus Virus Name string 128

virusid Virus ID (unique virus identifier) uint32 10

vrf uint8 3

8980 - MESGID_SCAN_ARCHIVE_TIMEOUT_NOTIF

Message ID: 8980

FortiOS 6.4.7 Log Reference 211


Fortinet, Inc.
Log Messages

Message Description: MESGID_SCAN_ARCHIVE_TIMEOUT_NOTIF


Message Meaning: Archive scan timeout (notice)
Type: AV
Category: SCANERROR
Severity: Notice

Log Field Name Description Data Type Length

action The status of the session: blocked - Blocked infected file by AV string 17
engine passthrough - Allowed by AV engine monitored - Log,
but do NOT block infected file analytics - Submitted to
Sandbox for analysis

agent User agent - eg. agent="Mozilla/5.0" string 64

analyticscksum The checksum of the file submitted for analytics string 64

analyticssubmit The flag for analytics submission string 10

attachment string 3

authserver Server used to authenticate the involved user string 64

cc string 512

cdrcontent string 256

checksum The checksum of the scanned file string 16

contentdisarmed Content Disarm action- eg. disarmed, detected string 13

craction Threat Weight action uint32 10

crlevel Threat Weight Level string 10

crscore Threat Weight Score uint32 10

date Date string 10

devid string 16

direction Message/packets direction string 8

dstintf Destination Interface string 32

dstintfrole Destination Interface's assigned role (LAN, WAN, etc.) string 10

dstip Destination IP Address ip 39

dstport Destination Port uint16 5

dtype Data type for virus category string 32

eventtime Time when detection occured uint64 20

eventtype Event type of AV string 32

fctuid Forticlient user ID string 32

FortiOS 6.4.7 Log Reference 212


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

filehash Used by Outbreak Prevention External Hash: the hash string 64


signature used in the detection

filehashsrc Used by Outbreak Prevention External Hash: external source string 32


that provided the hash signature

filename File name string 256

filetype File type string 16

forwardedfor string 128

from Email address from the Email Headers (IMAP/POP3/SMTP) string 128

group Group name (authentication) string 64

level Log level string 11

logid Log ID string 10

msg Log message string 4096

policyid Policy ID uint32 10

profile The name of the profile that was used to detect and take action string 64

proto Protocol number uint8 3

quarskip Quarantine skip explanation string 46

rawdata string 1024

recipient Email addresses from the SMTP envelope string 512

ref The URL of the FortiGuard IPS database entry for the attack string 512

sender Email address from the SMTP envelope string 128

service Proxy service which scanned this traffic string 5

sessionid Session ID uint32 10

srcdomain string 255

srcintf Source Interface string 32

srcintfrole Source Interface's assigned role (LAN, WAN, etc.) string 10

srcip Source IP Address ip 39

srcport Source Port uint16 5

subject string 256

subservice string 16

subtype Subtype of the virus log string 20

time Time string 8

FortiOS 6.4.7 Log Reference 213


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

to Email address(es) from the Email Headers string 512


(IMAP/POP3/SMTP)

trueclntip ip 39

type Log type string 16

tz Time Zone string 5

unauthuser string 66

unauthusersource string 66

url The URL address string 512

user Username (authentication) string 256

vd VDOM name string 32

virus Virus Name string 128

virusid Virus ID (unique virus identifier) uint32 10

vrf uint8 3

8981 - MESGID_SCAN_AV_CDR_INTERNAL_ERROR

Message ID: 8981


Message Description: MESGID_SCAN_AV_CDR_INTERNAL_ERROR
Message Meaning: AV CDR engine internal error
Type: AV
Category: SCANERROR
Severity: Error

Log Field Name Description Data Type Length

action The status of the session: blocked - Blocked infected file by AV string 17
engine passthrough - Allowed by AV engine monitored - Log,
but do NOT block infected file analytics - Submitted to
Sandbox for analysis

agent User agent - eg. agent="Mozilla/5.0" string 64

analyticscksum The checksum of the file submitted for analytics string 64

analyticssubmit The flag for analytics submission string 10

attachment string 3

authserver Server used to authenticate the involved user string 64

cc string 512

FortiOS 6.4.7 Log Reference 214


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

cdrcontent string 256

checksum The checksum of the scanned file string 16

contentdisarmed Content Disarm action- eg. disarmed, detected string 13

craction Threat Weight action uint32 10

crlevel Threat Weight Level string 10

crscore Threat Weight Score uint32 10

date Date string 10

devid string 16

direction Message/packets direction string 8

dstintf Destination Interface string 32

dstintfrole Destination Interface's assigned role (LAN, WAN, etc.) string 10

dstip Destination IP Address ip 39

dstport Destination Port uint16 5

dtype Data type for virus category string 32

eventtime Time when detection occured uint64 20

eventtype Event type of AV string 32

fctuid Forticlient user ID string 32

filehash Used by Outbreak Prevention External Hash: the hash string 64


signature used in the detection

filehashsrc Used by Outbreak Prevention External Hash: external source string 32


that provided the hash signature

filename File name string 256

filetype File type string 16

forwardedfor string 128

from Email address from the Email Headers (IMAP/POP3/SMTP) string 128

group Group name (authentication) string 64

level Log level string 11

logid Log ID string 10

msg Log message string 4096

policyid Policy ID uint32 10

profile The name of the profile that was used to detect and take action string 64

FortiOS 6.4.7 Log Reference 215


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

proto Protocol number uint8 3

quarskip Quarantine skip explanation string 46

rawdata string 1024

recipient Email addresses from the SMTP envelope string 512

ref The URL of the FortiGuard IPS database entry for the attack string 512

sender Email address from the SMTP envelope string 128

service Proxy service which scanned this traffic string 5

sessionid Session ID uint32 10

srcdomain string 255

srcintf Source Interface string 32

srcintfrole Source Interface's assigned role (LAN, WAN, etc.) string 10

srcip Source IP Address ip 39

srcport Source Port uint16 5

subject string 256

subservice string 16

subtype Subtype of the virus log string 20

time Time string 8

to Email address(es) from the Email Headers string 512


(IMAP/POP3/SMTP)

trueclntip ip 39

type Log type string 16

tz Time Zone string 5

unauthuser string 66

unauthusersource string 66

url The URL address string 512

user Username (authentication) string 256

vd VDOM name string 32

virus Virus Name string 128

virusid Virus ID (unique virus identifier) uint32 10

vrf uint8 3

FortiOS 6.4.7 Log Reference 216


Fortinet, Inc.
Log Messages

9233 - MESGID_ANALYTICS_SUBMITTED

Message ID: 9233


Message Description: MESGID_ANALYTICS_SUBMITTED
Message Meaning: File submitted to Sandbox
Type: AV
Category: ANALYTICS
Severity: Information

Log Field Name Description Data Type Length

action The status of the session: blocked - Blocked infected file by AV string 17
engine passthrough - Allowed by AV engine monitored - Log,
but do NOT block infected file analytics - Submitted to
Sandbox for analysis

agent User agent - eg. agent="Mozilla/5.0" string 64

analyticscksum The checksum of the file submitted for analytics string 64

analyticssubmit The flag for analytics submission string 10

attachment string 3

authserver Server used to authenticate the involved user string 64

cc string 512

cdrcontent string 256

checksum The checksum of the scanned file string 16

contentdisarmed Content Disarm action- eg. disarmed, detected string 13

craction Threat Weight action uint32 10

crlevel Threat Weight Level string 10

crscore Threat Weight Score uint32 10

date Date string 10

devid string 16

direction Message/packets direction string 8

dstintf Destination Interface string 32

dstintfrole Destination Interface's assigned role (LAN, WAN, etc.) string 10

dstip Destination IP Address ip 39

dstport Destination Port uint16 5

dtype Data type for virus category string 32

FortiOS 6.4.7 Log Reference 217


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

eventtime Time when detection occured uint64 20

eventtype Event type of AV string 32

fctuid Forticlient user ID string 32

filehash Used by Outbreak Prevention External Hash: the hash string 64


signature used in the detection

filehashsrc Used by Outbreak Prevention External Hash: external source string 32


that provided the hash signature

filename File name string 256

filetype File type string 16

forwardedfor string 128

from Email address from the Email Headers (IMAP/POP3/SMTP) string 128

group Group name (authentication) string 64

level Log level string 11

logid Log ID string 10

msg Log message string 4096

policyid Policy ID uint32 10

profile The name of the profile that was used to detect and take action string 64

proto Protocol number uint8 3

quarskip Quarantine skip explanation string 46

rawdata string 1024

recipient Email addresses from the SMTP envelope string 512

ref The URL of the FortiGuard IPS database entry for the attack string 512

sender Email address from the SMTP envelope string 128

service Proxy service which scanned this traffic string 5

sessionid Session ID uint32 10

srcdomain string 255

srcintf Source Interface string 32

srcintfrole Source Interface's assigned role (LAN, WAN, etc.) string 10

srcip Source IP Address ip 39

srcport Source Port uint16 5

subject string 256

FortiOS 6.4.7 Log Reference 218


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

subservice string 16

subtype Subtype of the virus log string 20

time Time string 8

to Email address(es) from the Email Headers string 512


(IMAP/POP3/SMTP)

trueclntip ip 39

type Log type string 16

tz Time Zone string 5

unauthuser string 66

unauthusersource string 66

url The URL address string 512

user Username (authentication) string 256

vd VDOM name string 32

virus Virus Name string 128

virusid Virus ID (unique virus identifier) uint32 10

vrf uint8 3

9234 - MESGID_ANALYTICS_INFECT_WARNING

Message ID: 9234


Message Description: MESGID_ANALYTICS_INFECT_WARNING
Message Meaning: File reported infected by FortiSandbox (warning)
Type: AV
Category: INFECTED
Severity: Warning

Log Field Name Description Data Type Length

action The status of the session: blocked - Blocked infected file by AV string 17
engine passthrough - Allowed by AV engine monitored - Log,
but do NOT block infected file analytics - Submitted to
Sandbox for analysis

agent User agent - eg. agent="Mozilla/5.0" string 64

analyticscksum The checksum of the file submitted for analytics string 64

analyticssubmit The flag for analytics submission string 10

FortiOS 6.4.7 Log Reference 219


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

attachment string 3

authserver Server used to authenticate the involved user string 64

cc string 512

cdrcontent string 256

checksum The checksum of the scanned file string 16

contentdisarmed Content Disarm action- eg. disarmed, detected string 13

craction Threat Weight action uint32 10

crlevel Threat Weight Level string 10

crscore Threat Weight Score uint32 10

date Date string 10

devid string 16

direction Message/packets direction string 8

dstintf Destination Interface string 32

dstintfrole Destination Interface's assigned role (LAN, WAN, etc.) string 10

dstip Destination IP Address ip 39

dstport Destination Port uint16 5

dtype Data type for virus category string 32

eventtime Time when detection occured uint64 20

eventtype Event type of AV string 32

fctuid Forticlient user ID string 32

filehash Used by Outbreak Prevention External Hash: the hash string 64


signature used in the detection

filehashsrc Used by Outbreak Prevention External Hash: external source string 32


that provided the hash signature

filename File name string 256

filetype File type string 16

forwardedfor string 128

from Email address from the Email Headers (IMAP/POP3/SMTP) string 128

group Group name (authentication) string 64

level Log level string 11

logid Log ID string 10

FortiOS 6.4.7 Log Reference 220


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

msg Log message string 4096

policyid Policy ID uint32 10

profile The name of the profile that was used to detect and take action string 64

proto Protocol number uint8 3

quarskip Quarantine skip explanation string 46

rawdata string 1024

recipient Email addresses from the SMTP envelope string 512

ref The URL of the FortiGuard IPS database entry for the attack string 512

sender Email address from the SMTP envelope string 128

service Proxy service which scanned this traffic string 5

sessionid Session ID uint32 10

srcdomain string 255

srcintf Source Interface string 32

srcintfrole Source Interface's assigned role (LAN, WAN, etc.) string 10

srcip Source IP Address ip 39

srcport Source Port uint16 5

subject string 256

subservice string 16

subtype Subtype of the virus log string 20

time Time string 8

to Email address(es) from the Email Headers string 512


(IMAP/POP3/SMTP)

trueclntip ip 39

type Log type string 16

tz Time Zone string 5

unauthuser string 66

unauthusersource string 66

url The URL address string 512

user Username (authentication) string 256

vd VDOM name string 32

virus Virus Name string 128

FortiOS 6.4.7 Log Reference 221


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

virusid Virus ID (unique virus identifier) uint32 10

vrf uint8 3

9235 - MESGID_ANALYTICS_INFECT_NOTIF

Message ID: 9235


Message Description: MESGID_ANALYTICS_INFECT_NOTIF
Message Meaning: File reported infected by FortiSandbox (notice)
Type: AV
Category: INFECTED
Severity: Notice

Log Field Name Description Data Type Length

action The status of the session: blocked - Blocked infected file by AV string 17
engine passthrough - Allowed by AV engine monitored - Log,
but do NOT block infected file analytics - Submitted to
Sandbox for analysis

agent User agent - eg. agent="Mozilla/5.0" string 64

analyticscksum The checksum of the file submitted for analytics string 64

analyticssubmit The flag for analytics submission string 10

attachment string 3

authserver Server used to authenticate the involved user string 64

cc string 512

cdrcontent string 256

checksum The checksum of the scanned file string 16

contentdisarmed Content Disarm action- eg. disarmed, detected string 13

craction Threat Weight action uint32 10

crlevel Threat Weight Level string 10

crscore Threat Weight Score uint32 10

date Date string 10

devid string 16

direction Message/packets direction string 8

dstintf Destination Interface string 32

FortiOS 6.4.7 Log Reference 222


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

dstintfrole Destination Interface's assigned role (LAN, WAN, etc.) string 10

dstip Destination IP Address ip 39

dstport Destination Port uint16 5

dtype Data type for virus category string 32

eventtime Time when detection occured uint64 20

eventtype Event type of AV string 32

fctuid Forticlient user ID string 32

filehash Used by Outbreak Prevention External Hash: the hash string 64


signature used in the detection

filehashsrc Used by Outbreak Prevention External Hash: external source string 32


that provided the hash signature

filename File name string 256

filetype File type string 16

forwardedfor string 128

from Email address from the Email Headers (IMAP/POP3/SMTP) string 128

group Group name (authentication) string 64

level Log level string 11

logid Log ID string 10

msg Log message string 4096

policyid Policy ID uint32 10

profile The name of the profile that was used to detect and take action string 64

proto Protocol number uint8 3

quarskip Quarantine skip explanation string 46

rawdata string 1024

recipient Email addresses from the SMTP envelope string 512

ref The URL of the FortiGuard IPS database entry for the attack string 512

sender Email address from the SMTP envelope string 128

service Proxy service which scanned this traffic string 5

sessionid Session ID uint32 10

srcdomain string 255

srcintf Source Interface string 32

FortiOS 6.4.7 Log Reference 223


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

srcintfrole Source Interface's assigned role (LAN, WAN, etc.) string 10

srcip Source IP Address ip 39

srcport Source Port uint16 5

subject string 256

subservice string 16

subtype Subtype of the virus log string 20

time Time string 8

to Email address(es) from the Email Headers string 512


(IMAP/POP3/SMTP)

trueclntip ip 39

type Log type string 16

tz Time Zone string 5

unauthuser string 66

unauthusersource string 66

url The URL address string 512

user Username (authentication) string 256

vd VDOM name string 32

virus Virus Name string 128

virusid Virus ID (unique virus identifier) uint32 10

vrf uint8 3

9236 - MESGID_ANALYTICS_INFECT_MIME_WARNING

Message ID: 9236


Message Description: MESGID_ANALYTICS_INFECT_MIME_WARNING
Message Meaning: File reported infected by FortiSandbox (warning)
Type: AV
Category: INFECTED
Severity: Warning

FortiOS 6.4.7 Log Reference 224


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

action The status of the session: blocked - Blocked infected file by AV string 17
engine passthrough - Allowed by AV engine monitored - Log,
but do NOT block infected file analytics - Submitted to
Sandbox for analysis

agent User agent - eg. agent="Mozilla/5.0" string 64

analyticscksum The checksum of the file submitted for analytics string 64

analyticssubmit The flag for analytics submission string 10

attachment string 3

authserver Server used to authenticate the involved user string 64

cc string 512

cdrcontent string 256

checksum The checksum of the scanned file string 16

contentdisarmed Content Disarm action- eg. disarmed, detected string 13

craction Threat Weight action uint32 10

crlevel Threat Weight Level string 10

crscore Threat Weight Score uint32 10

date Date string 10

devid string 16

direction Message/packets direction string 8

dstintf Destination Interface string 32

dstintfrole Destination Interface's assigned role (LAN, WAN, etc.) string 10

dstip Destination IP Address ip 39

dstport Destination Port uint16 5

dtype Data type for virus category string 32

eventtime Time when detection occured uint64 20

eventtype Event type of AV string 32

fctuid Forticlient user ID string 32

filehash Used by Outbreak Prevention External Hash: the hash string 64


signature used in the detection

filehashsrc Used by Outbreak Prevention External Hash: external source string 32


that provided the hash signature

filename File name string 256

FortiOS 6.4.7 Log Reference 225


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

filetype File type string 16

forwardedfor string 128

from Email address from the Email Headers (IMAP/POP3/SMTP) string 128

group Group name (authentication) string 64

level Log level string 11

logid Log ID string 10

msg Log message string 4096

policyid Policy ID uint32 10

profile The name of the profile that was used to detect and take action string 64

proto Protocol number uint8 3

quarskip Quarantine skip explanation string 46

rawdata string 1024

recipient Email addresses from the SMTP envelope string 512

ref The URL of the FortiGuard IPS database entry for the attack string 512

sender Email address from the SMTP envelope string 128

service Proxy service which scanned this traffic string 5

sessionid Session ID uint32 10

srcdomain string 255

srcintf Source Interface string 32

srcintfrole Source Interface's assigned role (LAN, WAN, etc.) string 10

srcip Source IP Address ip 39

srcport Source Port uint16 5

subject string 256

subservice string 16

subtype Subtype of the virus log string 20

time Time string 8

to Email address(es) from the Email Headers string 512


(IMAP/POP3/SMTP)

trueclntip ip 39

type Log type string 16

tz Time Zone string 5

FortiOS 6.4.7 Log Reference 226


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

unauthuser string 66

unauthusersource string 66

url The URL address string 512

user Username (authentication) string 256

vd VDOM name string 32

virus Virus Name string 128

virusid Virus ID (unique virus identifier) uint32 10

vrf uint8 3

9237 - MESGID_ANALYTICS_INFECT_MIME_NOTIF

Message ID: 9237


Message Description: MESGID_ANALYTICS_INFECT_MIME_NOTIF
Message Meaning: File reported infected by FortiSandbox (notice)
Type: AV
Category: INFECTED
Severity: Notice

Log Field Name Description Data Type Length

action The status of the session: blocked - Blocked infected file by AV string 17
engine passthrough - Allowed by AV engine monitored - Log,
but do NOT block infected file analytics - Submitted to
Sandbox for analysis

agent User agent - eg. agent="Mozilla/5.0" string 64

analyticscksum The checksum of the file submitted for analytics string 64

analyticssubmit The flag for analytics submission string 10

attachment string 3

authserver Server used to authenticate the involved user string 64

cc string 512

cdrcontent string 256

checksum The checksum of the scanned file string 16

contentdisarmed Content Disarm action- eg. disarmed, detected string 13

craction Threat Weight action uint32 10

FortiOS 6.4.7 Log Reference 227


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

crlevel Threat Weight Level string 10

crscore Threat Weight Score uint32 10

date Date string 10

devid string 16

direction Message/packets direction string 8

dstintf Destination Interface string 32

dstintfrole Destination Interface's assigned role (LAN, WAN, etc.) string 10

dstip Destination IP Address ip 39

dstport Destination Port uint16 5

dtype Data type for virus category string 32

eventtime Time when detection occured uint64 20

eventtype Event type of AV string 32

fctuid Forticlient user ID string 32

filehash Used by Outbreak Prevention External Hash: the hash string 64


signature used in the detection

filehashsrc Used by Outbreak Prevention External Hash: external source string 32


that provided the hash signature

filename File name string 256

filetype File type string 16

forwardedfor string 128

from Email address from the Email Headers (IMAP/POP3/SMTP) string 128

group Group name (authentication) string 64

level Log level string 11

logid Log ID string 10

msg Log message string 4096

policyid Policy ID uint32 10

profile The name of the profile that was used to detect and take action string 64

proto Protocol number uint8 3

quarskip Quarantine skip explanation string 46

rawdata string 1024

recipient Email addresses from the SMTP envelope string 512

FortiOS 6.4.7 Log Reference 228


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

ref The URL of the FortiGuard IPS database entry for the attack string 512

sender Email address from the SMTP envelope string 128

service Proxy service which scanned this traffic string 5

sessionid Session ID uint32 10

srcdomain string 255

srcintf Source Interface string 32

srcintfrole Source Interface's assigned role (LAN, WAN, etc.) string 10

srcip Source IP Address ip 39

srcport Source Port uint16 5

subject string 256

subservice string 16

subtype Subtype of the virus log string 20

time Time string 8

to Email address(es) from the Email Headers string 512


(IMAP/POP3/SMTP)

trueclntip ip 39

type Log type string 16

tz Time Zone string 5

unauthuser string 66

unauthusersource string 66

url The URL address string 512

user Username (authentication) string 256

vd VDOM name string 32

virus Virus Name string 128

virusid Virus ID (unique virus identifier) uint32 10

vrf uint8 3

9238 - MESGID_ANALYTICS_FSA_RESULT

Message ID: 9238


Message Description: MESGID_ANALYTICS_FSA_RESULT
Message Meaning: File verdict returned from FortiSandbox
Type: AV

FortiOS 6.4.7 Log Reference 229


Fortinet, Inc.
Log Messages

Category: ANALYTICS
Severity: Notice

Log Field Name Description Data Type Length

action The status of the session: blocked - Blocked infected file by AV string 17
engine passthrough - Allowed by AV engine monitored - Log,
but do NOT block infected file analytics - Submitted to
Sandbox for analysis

analyticscksum The checksum of the file submitted for analytics string 64

date Date string 10

devid string 16

dstip Destination IP Address ip 39

dstport Destination Port uint16 5

dtype Data type for virus category string 32

eventtime Time when detection occured uint64 20

eventtype Event type of AV string 32

fctuid Forticlient user ID string 32

filename File name string 256

fsaverdict FortiSandbox Verdict returned to FortiGate after analysis string 32


(clean, low risk, med risk, high risk, malicious)

level Log level string 11

logid Log ID string 10

service Proxy service which scanned this traffic string 5

srcdomain string 255

srcip Source IP Address ip 39

srcport Source Port uint16 5

subtype Subtype of the virus log string 20

time Time string 8

type Log type string 16

tz Time Zone string 5

unauthuser string 66

unauthusersource string 66

vd VDOM name string 32

FortiOS 6.4.7 Log Reference 230


Fortinet, Inc.
Log Messages

9239 - MESGID_CONTENT_DISARM_NOTIF

Message ID: 9239


Message Description: MESGID_CONTENT_DISARM_NOTIF
Message Meaning: Active content detected by Content Disarm engine
Type: AV
Category: CONTENT-DISARM
Severity: Notice

Log Field Name Description Data Type Length

action The status of the session: blocked - Blocked infected file by AV string 17
engine passthrough - Allowed by AV engine monitored - Log,
but do NOT block infected file analytics - Submitted to
Sandbox for analysis

analyticscksum The checksum of the file submitted for analytics string 64

attachment string 3

authserver Server used to authenticate the involved user string 64

cc string 512

cdrcontent string 256

checksum The checksum of the scanned file string 16

contentdisarmed Content Disarm action- eg. disarmed, detected string 13

craction Threat Weight action uint32 10

crlevel Threat Weight Level string 10

crscore Threat Weight Score uint32 10

date Date string 10

devid string 16

direction Message/packets direction string 8

dstintf Destination Interface string 32

dstintfrole Destination Interface's assigned role (LAN, WAN, etc.) string 10

dstip Destination IP Address ip 39

dstport Destination Port uint16 5

eventtime Time when detection occured uint64 20

eventtype Event type of AV string 32

fctuid Forticlient user ID string 32

FortiOS 6.4.7 Log Reference 231


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

filename File name string 256

forwardedfor string 128

from Email address from the Email Headers (IMAP/POP3/SMTP) string 128

group Group name (authentication) string 64

level Log level string 11

logid Log ID string 10

msg Log message string 4096

policyid Policy ID uint32 10

profile The name of the profile that was used to detect and take action string 64

proto Protocol number uint8 3

rawdata string 1024

recipient Email addresses from the SMTP envelope string 512

sender Email address from the SMTP envelope string 128

service Proxy service which scanned this traffic string 5

sessionid Session ID uint32 10

srcdomain string 255

srcintf Source Interface string 32

srcintfrole Source Interface's assigned role (LAN, WAN, etc.) string 10

srcip Source IP Address ip 39

srcport Source Port uint16 5

subject string 256

subservice string 16

subtype Subtype of the virus log string 20

time Time string 8

to Email address(es) from the Email Headers string 512


(IMAP/POP3/SMTP)

trueclntip ip 39

type Log type string 16

tz Time Zone string 5

unauthuser string 66

unauthusersource string 66

FortiOS 6.4.7 Log Reference 232


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

url The URL address string 512

user Username (authentication) string 256

vd VDOM name string 32

vrf uint8 3

9240 - MESGID_CONTENT_DISARM_WARNING

Message ID: 9240


Message Description: MESGID_CONTENT_DISARM_WARNING
Message Meaning: File was disarmed by Content Disarm engine
Type: AV
Category: CONTENT-DISARM
Severity: Warning

Log Field Name Description Data Type Length

action The status of the session: blocked - Blocked infected file by AV string 17
engine passthrough - Allowed by AV engine monitored - Log,
but do NOT block infected file analytics - Submitted to
Sandbox for analysis

analyticscksum The checksum of the file submitted for analytics string 64

attachment string 3

authserver Server used to authenticate the involved user string 64

cc string 512

cdrcontent string 256

checksum The checksum of the scanned file string 16

contentdisarmed Content Disarm action- eg. disarmed, detected string 13

craction Threat Weight action uint32 10

crlevel Threat Weight Level string 10

crscore Threat Weight Score uint32 10

date Date string 10

devid string 16

direction Message/packets direction string 8

dstintf Destination Interface string 32

FortiOS 6.4.7 Log Reference 233


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

dstintfrole Destination Interface's assigned role (LAN, WAN, etc.) string 10

dstip Destination IP Address ip 39

dstport Destination Port uint16 5

eventtime Time when detection occured uint64 20

eventtype Event type of AV string 32

fctuid Forticlient user ID string 32

filename File name string 256

forwardedfor string 128

from Email address from the Email Headers (IMAP/POP3/SMTP) string 128

group Group name (authentication) string 64

level Log level string 11

logid Log ID string 10

msg Log message string 4096

policyid Policy ID uint32 10

profile The name of the profile that was used to detect and take action string 64

proto Protocol number uint8 3

rawdata string 1024

recipient Email addresses from the SMTP envelope string 512

sender Email address from the SMTP envelope string 128

service Proxy service which scanned this traffic string 5

sessionid Session ID uint32 10

srcdomain string 255

srcintf Source Interface string 32

srcintfrole Source Interface's assigned role (LAN, WAN, etc.) string 10

srcip Source IP Address ip 39

srcport Source Port uint16 5

subject string 256

subservice string 16

subtype Subtype of the virus log string 20

time Time string 8

FortiOS 6.4.7 Log Reference 234


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

to Email address(es) from the Email Headers string 512


(IMAP/POP3/SMTP)

trueclntip ip 39

type Log type string 16

tz Time Zone string 5

unauthuser string 66

unauthusersource string 66

url The URL address string 512

user Username (authentication) string 256

vd VDOM name string 32

vrf uint8 3

CIFS

63000 - LOG_ID_CIFS_FILE_BLOCK

Message ID: 63000


Message Description: LOG_ID_CIFS_FILE_BLOCK
Message Meaning: File was blocked by file filter
Type: CIFS
Category: CIFS-FILEFILTER
Severity: Warning

Log Field Name Description Data Type Length

date string 10

devid string 16

domainctrlauthstate uint32 5

domainctrlauthtype uint32 5

domainctrldomain string 80

domainctrlip ip 39

domainctrlname string 64

domainctrlprotocoltype uint32 5

FortiOS 6.4.7 Log Reference 235


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

domainctrlusername string 65

dstintf string 32

dstintfrole string 10

dstip ip 39

dstport uint16 5

errorcode string 20

eventtime uint64 20

eventtype string 32

fctuid string 32

level string 11

logid string 10

msg string 4096

policyid uint32 10

profile string 64

service string 5

srcdomain string 255

srcintf string 32

srcintfrole string 10

srcip ip 39

srcport uint16 5

subtype string 20

time string 8

type string 16

tz string 5

unauthuser string 66

unauthusersource string 66

vd string 32

63001 - LOG_ID_CIFS_FILE_PASS

Message ID: 63001


Message Description: LOG_ID_CIFS_FILE_PASS

FortiOS 6.4.7 Log Reference 236


Fortinet, Inc.
Log Messages

Message Meaning: File detected by file-type filter


Type: CIFS
Category: CIFS-FILEFILTER
Severity: Notice

Log Field Name Description Data Type Length

date string 10

devid string 16

domainctrlauthstate uint32 5

domainctrlauthtype uint32 5

domainctrldomain string 80

domainctrlip ip 39

domainctrlname string 64

domainctrlprotocoltype uint32 5

domainctrlusername string 65

dstintf string 32

dstintfrole string 10

dstip ip 39

dstport uint16 5

errorcode string 20

eventtime uint64 20

eventtype string 32

fctuid string 32

level string 11

logid string 10

msg string 4096

policyid uint32 10

profile string 64

service string 5

srcdomain string 255

srcintf string 32

srcintfrole string 10

srcip ip 39

FortiOS 6.4.7 Log Reference 237


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

srcport uint16 5

subtype string 20

time string 8

type string 16

tz string 5

unauthuser string 66

unauthusersource string 66

vd string 32

63002 - LOG_ID_CIFS_CONN_FAIL

Message ID: 63002


Message Description: LOG_ID_CIFS_CONN_FAIL
Message Meaning: Unable to connect to the CIFS Domain Controller
Type: CIFS
Category: CIFS-AUTH-FAIL
Severity: Warning

Log Field Name Description Data Type Length

date string 10

devid string 16

domainctrlauthstate uint32 5

domainctrlauthtype uint32 5

domainctrldomain string 80

domainctrlip ip 39

domainctrlname string 64

domainctrlprotocoltype uint32 5

domainctrlusername string 65

dstintf string 32

dstintfrole string 10

dstip ip 39

dstport uint16 5

FortiOS 6.4.7 Log Reference 238


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

errorcode string 20

eventtime uint64 20

eventtype string 32

fctuid string 32

level string 11

logid string 10

msg string 4096

policyid uint32 10

profile string 64

service string 5

srcdomain string 255

srcintf string 32

srcintfrole string 10

srcip ip 39

srcport uint16 5

subtype string 20

time string 8

type string 16

tz string 5

unauthuser string 66

unauthusersource string 66

vd string 32

63003 - LOG_ID_CIFS_AUTH_FAIL

Message ID: 63003


Message Description: LOG_ID_CIFS_AUTH_FAIL
Message Meaning: Unable to authenticate with the CIFS Domain Controller
Type: CIFS
Category: CIFS-AUTH-FAIL
Severity: Warning

FortiOS 6.4.7 Log Reference 239


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

date string 10

devid string 16

domainctrlauthstate uint32 5

domainctrlauthtype uint32 5

domainctrldomain string 80

domainctrlip ip 39

domainctrlname string 64

domainctrlprotocoltype uint32 5

domainctrlusername string 65

dstintf string 32

dstintfrole string 10

dstip ip 39

dstport uint16 5

errorcode string 20

eventtime uint64 20

eventtype string 32

fctuid string 32

level string 11

logid string 10

msg string 4096

policyid uint32 10

profile string 64

service string 5

srcdomain string 255

srcintf string 32

srcintfrole string 10

srcip ip 39

srcport uint16 5

subtype string 20

time string 8

FortiOS 6.4.7 Log Reference 240


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

type string 16

tz string 5

unauthuser string 66

unauthusersource string 66

vd string 32

63004 - LOG_ID_CIFS_AUTH_INTERNAL_ERROR

Message ID: 63004


Message Description: LOG_ID_CIFS_AUTH_INTERNAL_ERROR
Message Meaning: An error occured in processing CIFS authentication
Type: CIFS
Category: CIFS-AUTH-FAIL
Severity: Warning

Log Field Name Description Data Type Length

date string 10

devid string 16

domainctrlauthstate uint32 5

domainctrlauthtype uint32 5

domainctrldomain string 80

domainctrlip ip 39

domainctrlname string 64

domainctrlprotocoltype uint32 5

domainctrlusername string 65

dstintf string 32

dstintfrole string 10

dstip ip 39

dstport uint16 5

errorcode string 20

eventtime uint64 20

eventtype string 32

FortiOS 6.4.7 Log Reference 241


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

fctuid string 32

level string 11

logid string 10

msg string 4096

policyid uint32 10

profile string 64

service string 5

srcdomain string 255

srcintf string 32

srcintfrole string 10

srcip ip 39

srcport uint16 5

subtype string 20

time string 8

type string 16

tz string 5

unauthuser string 66

unauthusersource string 66

vd string 32

63005 - LOG_ID_CIFS_AUTH_KRB_ERROR

Message ID: 63005


Message Description: LOG_ID_CIFS_AUTH_KRB_ERROR
Message Meaning: An error occured in processing CIFS authentication.
Type: CIFS
Category: CIFS-AUTH-FAIL
Severity: Warning

Log Field Name Description Data Type Length

date string 10

devid string 16

FortiOS 6.4.7 Log Reference 242


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

domainctrlauthstate uint32 5

domainctrlauthtype uint32 5

domainctrldomain string 80

domainctrlip ip 39

domainctrlname string 64

domainctrlprotocoltype uint32 5

domainctrlusername string 65

dstintf string 32

dstintfrole string 10

dstip ip 39

dstport uint16 5

errorcode string 20

eventtime uint64 20

eventtype string 32

fctuid string 32

level string 11

logid string 10

msg string 4096

policyid uint32 10

profile string 64

service string 5

srcdomain string 255

srcintf string 32

srcintfrole string 10

srcip ip 39

srcport uint16 5

subtype string 20

time string 8

type string 16

tz string 5

FortiOS 6.4.7 Log Reference 243


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

unauthuser string 66

unauthusersource string 66

vd string 32

DLP

24576 - LOG_ID_DLP_WARN

Message ID: 24576


Message Description: LOG_ID_DLP_WARN
Message Meaning: Data leak detected by specified DLP sensor rule
Type: DLP
Category: DLP
Severity: Warning

Log Field Name Description Data Type Length

action The status of the session: log-only - DLP event is detected , string 20
but NOT blocked (similar to monitor action) block - Blocked
exempt - Allowed ban - blocked (Not in used since FortiOS
5.0, replaced by blocked) ban-sender - blocks all data being
sent by an ip or user (Not in used since FortiOS 5.0, replaced
by quarantine) quarantine-ip - Blocked and band the source ip
(Not in used since FortiOS 5.0) quarantine-interface - Blocked
and band the source interface (Not in used since FortiOS 5.0)

agent User agent - eg. agent="Mozilla/5.0" string 64

attachment string 3

authserver Authentication Server string 64

cc string 512

date Date string 10

devid Device ID string 16

direction Direction of packets string 8

dlpextra DLP extra information string 256

dstintf Destination Interface string 32

dstintfrole Destination Interface's assigned role (LAN, WAN, etc.) string 10

FortiOS 6.4.7 Log Reference 244


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

dstip Destination IP ip 39

dstport Destination Port uint16 5

epoch Epoch used for locating file uint32 10

eventid The serial number of the dlparchive file in the same epoch uint32 10

eventtime Event Time, time when DLP event detected. uint64 20

eventtype DLP event type string 32

fctuid FortiClient User ID string 32

filename File name string 256

filesize File size in bytes uint64 10

filetype File type string 23

filtercat DLP filter category string 8

filteridx DLP filter ID uint32 10

filtername DLP rule name string 128

filtertype DLP filter type string 23

forwardedfor Forwarded For string 128

from Email address from the Email Headers (IMAP/POP3/SMTP) string 128

group User group name string 64

hostname The host name of a URL string 256

infectedfilelevel Infected File Level (Critical,Warning etc) uint32 10

infectedfilename Infected File Name string 256

infectedfilesize Infected File Size uint64 10

infectedfiletype Infected File Type string 23

level Log Level string 11

logid Log ID string 10

policyid Policy ID uint32 10

profile DLP profile name string 64

proto Protocol number uint8 3

rawdata Raw Data string 1024

recipient Email addresses from the SMTP envelope string 512

sender Email address from the SMTP envelope string 128

FortiOS 6.4.7 Log Reference 245


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

service Service name string 36

sessionid Session ID uint32 10

severity Severity level of a DLP rule string 8

srcdomain string 255

srcintf Source Interface string 32

srcintfrole Source Interface's assigned role (LAN, WAN, etc.) string 10

srcip Source IP ip 39

srcport Source Port uint16 5

subject The subject title of the email message string 256

subservice string 16

subtype Log subtype string 20

time Time string 8

to Email address(es) from the Email Headers string 512


(IMAP/POP3/SMTP)

trueclntip True client's IP ip 39

type Log type string 16

tz string 5

unauthuser Unauthenticated user string 66

unauthusersource Unauthenticated user source string 66

url The URL address string 512

user User name string 256

vd Virtual domain name string 32

vrf Virtual Routing Forwarding uint8 3

24577 - LOG_ID_DLP_NOTIF

Message ID: 24577


Message Description: LOG_ID_DLP_NOTIF
Message Meaning: Data leak detected by specified DLP sensor rule
Type: DLP
Category: DLP
Severity: Notice

FortiOS 6.4.7 Log Reference 246


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

action The status of the session: log-only - DLP event is detected , string 20
but NOT blocked (similar to monitor action) block - Blocked
exempt - Allowed ban - blocked (Not in used since FortiOS
5.0, replaced by blocked) ban-sender - blocks all data being
sent by an ip or user (Not in used since FortiOS 5.0, replaced
by quarantine) quarantine-ip - Blocked and band the source ip
(Not in used since FortiOS 5.0) quarantine-interface - Blocked
and band the source interface (Not in used since FortiOS 5.0)

agent User agent - eg. agent="Mozilla/5.0" string 64

attachment string 3

authserver Authentication Server string 64

cc string 512

date Date string 10

devid Device ID string 16

direction Direction of packets string 8

dlpextra DLP extra information string 256

dstintf Destination Interface string 32

dstintfrole Destination Interface's assigned role (LAN, WAN, etc.) string 10

dstip Destination IP ip 39

dstport Destination Port uint16 5

epoch Epoch used for locating file uint32 10

eventid The serial number of the dlparchive file in the same epoch uint32 10

eventtime Event Time, time when DLP event detected. uint64 20

eventtype DLP event type string 32

fctuid FortiClient User ID string 32

filename File name string 256

filesize File size in bytes uint64 10

filetype File type string 23

filtercat DLP filter category string 8

filteridx DLP filter ID uint32 10

filtername DLP rule name string 128

filtertype DLP filter type string 23

forwardedfor Forwarded For string 128

FortiOS 6.4.7 Log Reference 247


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

from Email address from the Email Headers (IMAP/POP3/SMTP) string 128

group User group name string 64

hostname The host name of a URL string 256

infectedfilelevel Infected File Level (Critical,Warning etc) uint32 10

infectedfilename Infected File Name string 256

infectedfilesize Infected File Size uint64 10

infectedfiletype Infected File Type string 23

level Log Level string 11

logid Log ID string 10

policyid Policy ID uint32 10

profile DLP profile name string 64

proto Protocol number uint8 3

rawdata Raw Data string 1024

recipient Email addresses from the SMTP envelope string 512

sender Email address from the SMTP envelope string 128

service Service name string 36

sessionid Session ID uint32 10

severity Severity level of a DLP rule string 8

srcdomain string 255

srcintf Source Interface string 32

srcintfrole Source Interface's assigned role (LAN, WAN, etc.) string 10

srcip Source IP ip 39

srcport Source Port uint16 5

subject The subject title of the email message string 256

subservice string 16

subtype Log subtype string 20

time Time string 8

to Email address(es) from the Email Headers string 512


(IMAP/POP3/SMTP)

trueclntip True client's IP ip 39

type Log type string 16

FortiOS 6.4.7 Log Reference 248


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

tz string 5

unauthuser Unauthenticated user string 66

unauthusersource Unauthenticated user source string 66

url The URL address string 512

user User name string 256

vd Virtual domain name string 32

vrf Virtual Routing Forwarding uint8 3

24578 - LOG_ID_DLP_DOC_SOURCE

Message ID: 24578


Message Description: LOG_ID_DLP_DOC_SOURCE
Message Meaning: DLP fingerprint document source notice
Type: DLP
Category: DLP-DOCSOURCE
Severity: Notice

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

dlpextra DLP extra information string 256

docsource DLP fingerprint document source string 515

eventtime Event Time, time when DLP event detected. uint64 20

eventtype DLP event type string 32

level Log Level string 11

logid Log ID string 10

sensitivity Sensitivity for document fingerprint string 36

subtype Log subtype string 20

time Time string 8

type Log type string 16

tz string 5

vd Virtual domain name string 32

FortiOS 6.4.7 Log Reference 249


Fortinet, Inc.
Log Messages

24579 - LOG_ID_DLP_DOC_SOURCE_ERROR

Message ID: 24579


Message Description: LOG_ID_DLP_DOC_SOURCE_ERROR
Message Meaning: DLP fingerprint document source error
Type: DLP
Category: DLP-DOCSOURCE
Severity: Warning

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

dlpextra DLP extra information string 256

docsource DLP fingerprint document source string 515

eventtime Event Time, time when DLP event detected. uint64 20

eventtype DLP event type string 32

level Log Level string 11

logid Log ID string 10

sensitivity Sensitivity for document fingerprint string 36

subtype Log subtype string 20

time Time string 8

type Log type string 16

tz string 5

vd Virtual domain name string 32

DNS

54000 - LOG_ID_DNS_QUERY

Message ID: 54000


Message Description: LOG_ID_DNS_QUERY
Message Meaning: DNS query message
Type: DNS
Category: DNS-QUERY
Severity: Information

FortiOS 6.4.7 Log Reference 250


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

dstintf Destination Interface string 32

dstintfrole Destination Interface Role string 10

dstip Destination IP ip 39

dstport Destination Port uint16 5

eventtime Event Timestamp uint64 20

eventtype DNS Type (DNS query/DNS response) string 32

fctuid FortiClient ID string 32

group User group name string 64

level Log Level string 11

logid Log ID string 10

policyid Policy ID uint32 10

profile Profile name for DNS filter string 64

proto Protocol number uint8 3

qclass Query class string 32

qname Query domain name string 256

qtype Query type description string 32

qtypeval Query Type Value uint16 5

sessionid Session ID uint32 10

srcdomain string 255

srcintf Source Interface string 32

srcintfrole Source Interface Role string 10

srcip Source IP ip 39

srcmac MAC address associated with the Source IP string 17

srcport Source Port uint16 5

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

FortiOS 6.4.7 Log Reference 251


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

unauthuser Unauthenticated User string 66

unauthusersource Unauthenticated User Source string 66

user User name string 256

vd Virtual Domain Name string 32

xid Transaction ID uint16 5

54200 - LOG_ID_DNS_RESOLV_ERROR

Message ID: 54200


Message Description: LOG_ID_DNS_RESOLV_ERROR
Message Meaning: DNS resolution error message
Type: DNS
Category: DNS-RESPONSE
Severity: Error

Log Field Name Description Data Type Length

action Security action performed by DNS filter string 16

botnetdomain Botnet domain name string 256

botnetip Botnet IP address ip 39

cat DNS category ID uint8 3

catdesc DNS category description string 64

date Date string 10

devid Device ID string 16

domainfilteridx Domain Filter Index uint8 3

domainfilterlist Domain Filter List string 512

dstintf Destination Interface string 32

dstintfrole Destination Interface Role string 10

dstip Destination IP ip 39

dstport Destination Port uint16 5

error DNS filter service error message string 256

eventtime Event Timestamp uint64 20

eventtype DNS Type (DNS query/DNS response) string 32

FortiOS 6.4.7 Log Reference 252


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

exchange Mail Exchanges from DNS response answer section string 256

fctuid FortiClient ID string 32

group User group name string 64

ipaddr IP addresses from DNS response answer section string 512

level Log Level string 11

logid Log ID string 10

msg Log message string 512

policyid Policy ID uint32 10

profile Profile name for DNS filter string 64

proto Protocol number uint8 3

qclass Query class string 32

qname Query domain name string 256

qtype Query type description string 32

qtypeval Query Type Value uint16 5

rcode uint8 3

sessionid Session ID uint32 10

srcdomain string 255

srcintf Source Interface string 32

srcintfrole Source Interface Role string 10

srcip Source IP ip 39

srcmac MAC address associated with the Source IP string 17

srcport Source Port uint16 5

sscname Safe Search CNAME string 256

subtype Log Subtype string 20

time Time string 8

translationid uint32 10

type Log Type string 16

tz Time zone string 5

unauthuser Unauthenticated User string 66

unauthusersource Unauthenticated User Source string 66

FortiOS 6.4.7 Log Reference 253


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

user User name string 256

vd Virtual Domain Name string 32

xid Transaction ID uint16 5

54400 - LOG_ID_DNS_URL_FILTER_BLOCK

Message ID: 54400


Message Description: LOG_ID_DNS_URL_FILTER_BLOCK
Message Meaning: Domain blocked because it is in the domain-filter list
Type: DNS
Category: DNS-RESPONSE
Severity: Warning

Log Field Name Description Data Type Length

action Security action performed by DNS filter string 16

botnetdomain Botnet domain name string 256

botnetip Botnet IP address ip 39

cat DNS category ID uint8 3

catdesc DNS category description string 64

date Date string 10

devid Device ID string 16

domainfilteridx Domain Filter Index uint8 3

domainfilterlist Domain Filter List string 512

dstintf Destination Interface string 32

dstintfrole Destination Interface Role string 10

dstip Destination IP ip 39

dstport Destination Port uint16 5

error DNS filter service error message string 256

eventtime Event Timestamp uint64 20

eventtype DNS Type (DNS query/DNS response) string 32

exchange Mail Exchanges from DNS response answer section string 256

fctuid FortiClient ID string 32

FortiOS 6.4.7 Log Reference 254


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

group User group name string 64

ipaddr IP addresses from DNS response answer section string 512

level Log Level string 11

logid Log ID string 10

msg Log message string 512

policyid Policy ID uint32 10

profile Profile name for DNS filter string 64

proto Protocol number uint8 3

qclass Query class string 32

qname Query domain name string 256

qtype Query type description string 32

qtypeval Query Type Value uint16 5

rcode uint8 3

sessionid Session ID uint32 10

srcdomain string 255

srcintf Source Interface string 32

srcintfrole Source Interface Role string 10

srcip Source IP ip 39

srcmac MAC address associated with the Source IP string 17

srcport Source Port uint16 5

sscname Safe Search CNAME string 256

subtype Log Subtype string 20

time Time string 8

translationid uint32 10

type Log Type string 16

tz Time zone string 5

unauthuser Unauthenticated User string 66

unauthusersource Unauthenticated User Source string 66

user User name string 256

vd Virtual Domain Name string 32

xid Transaction ID uint16 5

FortiOS 6.4.7 Log Reference 255


Fortinet, Inc.
Log Messages

54401 - LOG_ID_DNS_URL_FILTER_ALLOW

Message ID: 54401


Message Description: LOG_ID_DNS_URL_FILTER_ALLOW
Message Meaning: Domain allowed because it is in the domain-filter list
Type: DNS
Category: DNS-RESPONSE
Severity: Information

Log Field Name Description Data Type Length

action Security action performed by DNS filter string 16

botnetdomain Botnet domain name string 256

botnetip Botnet IP address ip 39

cat DNS category ID uint8 3

catdesc DNS category description string 64

date Date string 10

devid Device ID string 16

domainfilteridx Domain Filter Index uint8 3

domainfilterlist Domain Filter List string 512

dstintf Destination Interface string 32

dstintfrole Destination Interface Role string 10

dstip Destination IP ip 39

dstport Destination Port uint16 5

error DNS filter service error message string 256

eventtime Event Timestamp uint64 20

eventtype DNS Type (DNS query/DNS response) string 32

exchange Mail Exchanges from DNS response answer section string 256

fctuid FortiClient ID string 32

group User group name string 64

ipaddr IP addresses from DNS response answer section string 512

level Log Level string 11

logid Log ID string 10

msg Log message string 512

FortiOS 6.4.7 Log Reference 256


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

policyid Policy ID uint32 10

profile Profile name for DNS filter string 64

proto Protocol number uint8 3

qclass Query class string 32

qname Query domain name string 256

qtype Query type description string 32

qtypeval Query Type Value uint16 5

rcode uint8 3

sessionid Session ID uint32 10

srcdomain string 255

srcintf Source Interface string 32

srcintfrole Source Interface Role string 10

srcip Source IP ip 39

srcmac MAC address associated with the Source IP string 17

srcport Source Port uint16 5

sscname Safe Search CNAME string 256

subtype Log Subtype string 20

time Time string 8

translationid uint32 10

type Log Type string 16

tz Time zone string 5

unauthuser Unauthenticated User string 66

unauthusersource Unauthenticated User Source string 66

user User name string 256

vd Virtual Domain Name string 32

xid Transaction ID uint16 5

54600 - LOG_ID_DNS_BOTNET_IP

Message ID: 54600


Message Description: LOG_ID_DNS_BOTNET_IP
Message Meaning: Domain blocked by DNS botnet C&C (IP)

FortiOS 6.4.7 Log Reference 257


Fortinet, Inc.
Log Messages

Type: DNS
Category: DNS-RESPONSE
Severity: Warning

Log Field Name Description Data Type Length

action Security action performed by DNS filter string 16

botnetdomain Botnet domain name string 256

botnetip Botnet IP address ip 39

cat DNS category ID uint8 3

catdesc DNS category description string 64

date Date string 10

devid Device ID string 16

domainfilteridx Domain Filter Index uint8 3

domainfilterlist Domain Filter List string 512

dstintf Destination Interface string 32

dstintfrole Destination Interface Role string 10

dstip Destination IP ip 39

dstport Destination Port uint16 5

error DNS filter service error message string 256

eventtime Event Timestamp uint64 20

eventtype DNS Type (DNS query/DNS response) string 32

exchange Mail Exchanges from DNS response answer section string 256

fctuid FortiClient ID string 32

group User group name string 64

ipaddr IP addresses from DNS response answer section string 512

level Log Level string 11

logid Log ID string 10

msg Log message string 512

policyid Policy ID uint32 10

profile Profile name for DNS filter string 64

proto Protocol number uint8 3

qclass Query class string 32

qname Query domain name string 256

FortiOS 6.4.7 Log Reference 258


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

qtype Query type description string 32

qtypeval Query Type Value uint16 5

rcode uint8 3

sessionid Session ID uint32 10

srcdomain string 255

srcintf Source Interface string 32

srcintfrole Source Interface Role string 10

srcip Source IP ip 39

srcmac MAC address associated with the Source IP string 17

srcport Source Port uint16 5

sscname Safe Search CNAME string 256

subtype Log Subtype string 20

time Time string 8

translationid uint32 10

type Log Type string 16

tz Time zone string 5

unauthuser Unauthenticated User string 66

unauthusersource Unauthenticated User Source string 66

user User name string 256

vd Virtual Domain Name string 32

xid Transaction ID uint16 5

54601 - LOG_ID_DNS_BOTNET_DOMAIN

Message ID: 54601


Message Description: LOG_ID_DNS_BOTNET_DOMAIN
Message Meaning: Domain blocked by DNS botnet C&C (Domain)
Type: DNS
Category: DNS-RESPONSE
Severity: Warning

FortiOS 6.4.7 Log Reference 259


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

action Security action performed by DNS filter string 16

botnetdomain Botnet domain name string 256

botnetip Botnet IP address ip 39

cat DNS category ID uint8 3

catdesc DNS category description string 64

date Date string 10

devid Device ID string 16

domainfilteridx Domain Filter Index uint8 3

domainfilterlist Domain Filter List string 512

dstintf Destination Interface string 32

dstintfrole Destination Interface Role string 10

dstip Destination IP ip 39

dstport Destination Port uint16 5

error DNS filter service error message string 256

eventtime Event Timestamp uint64 20

eventtype DNS Type (DNS query/DNS response) string 32

exchange Mail Exchanges from DNS response answer section string 256

fctuid FortiClient ID string 32

group User group name string 64

ipaddr IP addresses from DNS response answer section string 512

level Log Level string 11

logid Log ID string 10

msg Log message string 512

policyid Policy ID uint32 10

profile Profile name for DNS filter string 64

proto Protocol number uint8 3

qclass Query class string 32

qname Query domain name string 256

qtype Query type description string 32

qtypeval Query Type Value uint16 5

FortiOS 6.4.7 Log Reference 260


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

rcode uint8 3

sessionid Session ID uint32 10

srcdomain string 255

srcintf Source Interface string 32

srcintfrole Source Interface Role string 10

srcip Source IP ip 39

srcmac MAC address associated with the Source IP string 17

srcport Source Port uint16 5

sscname Safe Search CNAME string 256

subtype Log Subtype string 20

time Time string 8

translationid uint32 10

type Log Type string 16

tz Time zone string 5

unauthuser Unauthenticated User string 66

unauthusersource Unauthenticated User Source string 66

user User name string 256

vd Virtual Domain Name string 32

xid Transaction ID uint16 5

54800 - LOG_ID_DNS_FTGD_WARNING

Message ID: 54800


Message Description: LOG_ID_DNS_FTGD_WARNING
Message Meaning: FortiGuard rating error warning
Type: DNS
Category: DNS-RESPONSE
Severity: Warning

Log Field Name Description Data Type Length

action Security action performed by DNS filter string 16

botnetdomain Botnet domain name string 256

FortiOS 6.4.7 Log Reference 261


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

botnetip Botnet IP address ip 39

cat DNS category ID uint8 3

catdesc DNS category description string 64

date Date string 10

devid Device ID string 16

domainfilteridx Domain Filter Index uint8 3

domainfilterlist Domain Filter List string 512

dstintf Destination Interface string 32

dstintfrole Destination Interface Role string 10

dstip Destination IP ip 39

dstport Destination Port uint16 5

error DNS filter service error message string 256

eventtime Event Timestamp uint64 20

eventtype DNS Type (DNS query/DNS response) string 32

exchange Mail Exchanges from DNS response answer section string 256

fctuid FortiClient ID string 32

group User group name string 64

ipaddr IP addresses from DNS response answer section string 512

level Log Level string 11

logid Log ID string 10

msg Log message string 512

policyid Policy ID uint32 10

profile Profile name for DNS filter string 64

proto Protocol number uint8 3

qclass Query class string 32

qname Query domain name string 256

qtype Query type description string 32

qtypeval Query Type Value uint16 5

rcode uint8 3

sessionid Session ID uint32 10

FortiOS 6.4.7 Log Reference 262


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

srcdomain string 255

srcintf Source Interface string 32

srcintfrole Source Interface Role string 10

srcip Source IP ip 39

srcmac MAC address associated with the Source IP string 17

srcport Source Port uint16 5

sscname Safe Search CNAME string 256

subtype Log Subtype string 20

time Time string 8

translationid uint32 10

type Log Type string 16

tz Time zone string 5

unauthuser Unauthenticated User string 66

unauthusersource Unauthenticated User Source string 66

user User name string 256

vd Virtual Domain Name string 32

xid Transaction ID uint16 5

54801 - LOG_ID_DNS_FTGD_ERROR

Message ID: 54801


Message Description: LOG_ID_DNS_FTGD_ERROR
Message Meaning: FortiGuard rating error occurred
Type: DNS
Category: DNS-RESPONSE
Severity: Error

Log Field Name Description Data Type Length

action Security action performed by DNS filter string 16

botnetdomain Botnet domain name string 256

botnetip Botnet IP address ip 39

cat DNS category ID uint8 3

FortiOS 6.4.7 Log Reference 263


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

catdesc DNS category description string 64

date Date string 10

devid Device ID string 16

domainfilteridx Domain Filter Index uint8 3

domainfilterlist Domain Filter List string 512

dstintf Destination Interface string 32

dstintfrole Destination Interface Role string 10

dstip Destination IP ip 39

dstport Destination Port uint16 5

error DNS filter service error message string 256

eventtime Event Timestamp uint64 20

eventtype DNS Type (DNS query/DNS response) string 32

exchange Mail Exchanges from DNS response answer section string 256

fctuid FortiClient ID string 32

group User group name string 64

ipaddr IP addresses from DNS response answer section string 512

level Log Level string 11

logid Log ID string 10

msg Log message string 512

policyid Policy ID uint32 10

profile Profile name for DNS filter string 64

proto Protocol number uint8 3

qclass Query class string 32

qname Query domain name string 256

qtype Query type description string 32

qtypeval Query Type Value uint16 5

rcode uint8 3

sessionid Session ID uint32 10

srcdomain string 255

srcintf Source Interface string 32

FortiOS 6.4.7 Log Reference 264


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

srcintfrole Source Interface Role string 10

srcip Source IP ip 39

srcmac MAC address associated with the Source IP string 17

srcport Source Port uint16 5

sscname Safe Search CNAME string 256

subtype Log Subtype string 20

time Time string 8

translationid uint32 10

type Log Type string 16

tz Time zone string 5

unauthuser Unauthenticated User string 66

unauthusersource Unauthenticated User Source string 66

user User name string 256

vd Virtual Domain Name string 32

xid Transaction ID uint16 5

54802 - LOG_ID_DNS_FTGD_CAT_ALLOW

Message ID: 54802


Message Description: LOG_ID_DNS_FTGD_CAT_ALLOW
Message Meaning: Domain is monitored
Type: DNS
Category: DNS-RESPONSE
Severity: Notice

Log Field Name Description Data Type Length

action Security action performed by DNS filter string 16

botnetdomain Botnet domain name string 256

botnetip Botnet IP address ip 39

cat DNS category ID uint8 3

catdesc DNS category description string 64

date Date string 10

FortiOS 6.4.7 Log Reference 265


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

devid Device ID string 16

domainfilteridx Domain Filter Index uint8 3

domainfilterlist Domain Filter List string 512

dstintf Destination Interface string 32

dstintfrole Destination Interface Role string 10

dstip Destination IP ip 39

dstport Destination Port uint16 5

error DNS filter service error message string 256

eventtime Event Timestamp uint64 20

eventtype DNS Type (DNS query/DNS response) string 32

exchange Mail Exchanges from DNS response answer section string 256

fctuid FortiClient ID string 32

group User group name string 64

ipaddr IP addresses from DNS response answer section string 512

level Log Level string 11

logid Log ID string 10

msg Log message string 512

policyid Policy ID uint32 10

profile Profile name for DNS filter string 64

proto Protocol number uint8 3

qclass Query class string 32

qname Query domain name string 256

qtype Query type description string 32

qtypeval Query Type Value uint16 5

rcode uint8 3

sessionid Session ID uint32 10

srcdomain string 255

srcintf Source Interface string 32

srcintfrole Source Interface Role string 10

srcip Source IP ip 39

FortiOS 6.4.7 Log Reference 266


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

srcmac MAC address associated with the Source IP string 17

srcport Source Port uint16 5

sscname Safe Search CNAME string 256

subtype Log Subtype string 20

time Time string 8

translationid uint32 10

type Log Type string 16

tz Time zone string 5

unauthuser Unauthenticated User string 66

unauthusersource Unauthenticated User Source string 66

user User name string 256

vd Virtual Domain Name string 32

xid Transaction ID uint16 5

54803 - LOG_ID_DNS_FTGD_CAT_BLOCK

Message ID: 54803


Message Description: LOG_ID_DNS_FTGD_CAT_BLOCK
Message Meaning: Domain belongs to a denied category in policy
Type: DNS
Category: DNS-RESPONSE
Severity: Warning

Log Field Name Description Data Type Length

action Security action performed by DNS filter string 16

botnetdomain Botnet domain name string 256

botnetip Botnet IP address ip 39

cat DNS category ID uint8 3

catdesc DNS category description string 64

date Date string 10

devid Device ID string 16

domainfilteridx Domain Filter Index uint8 3

FortiOS 6.4.7 Log Reference 267


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

domainfilterlist Domain Filter List string 512

dstintf Destination Interface string 32

dstintfrole Destination Interface Role string 10

dstip Destination IP ip 39

dstport Destination Port uint16 5

error DNS filter service error message string 256

eventtime Event Timestamp uint64 20

eventtype DNS Type (DNS query/DNS response) string 32

exchange Mail Exchanges from DNS response answer section string 256

fctuid FortiClient ID string 32

group User group name string 64

ipaddr IP addresses from DNS response answer section string 512

level Log Level string 11

logid Log ID string 10

msg Log message string 512

policyid Policy ID uint32 10

profile Profile name for DNS filter string 64

proto Protocol number uint8 3

qclass Query class string 32

qname Query domain name string 256

qtype Query type description string 32

qtypeval Query Type Value uint16 5

rcode uint8 3

sessionid Session ID uint32 10

srcdomain string 255

srcintf Source Interface string 32

srcintfrole Source Interface Role string 10

srcip Source IP ip 39

srcmac MAC address associated with the Source IP string 17

srcport Source Port uint16 5

FortiOS 6.4.7 Log Reference 268


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

sscname Safe Search CNAME string 256

subtype Log Subtype string 20

time Time string 8

translationid uint32 10

type Log Type string 16

tz Time zone string 5

unauthuser Unauthenticated User string 66

unauthusersource Unauthenticated User Source string 66

user User name string 256

vd Virtual Domain Name string 32

xid Transaction ID uint16 5

54804 - LOG_ID_DNS_SAFE_SEARCH

Message ID: 54804


Message Description: LOG_ID_DNS_SAFE_SEARCH
Message Meaning: DNS Safe Search enforced
Type: DNS
Category: DNS-RESPONSE
Severity: Notice

Log Field Name Description Data Type Length

action Security action performed by DNS filter string 16

botnetdomain Botnet domain name string 256

botnetip Botnet IP address ip 39

cat DNS category ID uint8 3

catdesc DNS category description string 64

date Date string 10

devid Device ID string 16

domainfilteridx Domain Filter Index uint8 3

domainfilterlist Domain Filter List string 512

dstintf Destination Interface string 32

FortiOS 6.4.7 Log Reference 269


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

dstintfrole Destination Interface Role string 10

dstip Destination IP ip 39

dstport Destination Port uint16 5

error DNS filter service error message string 256

eventtime Event Timestamp uint64 20

eventtype DNS Type (DNS query/DNS response) string 32

exchange Mail Exchanges from DNS response answer section string 256

fctuid FortiClient ID string 32

group User group name string 64

ipaddr IP addresses from DNS response answer section string 512

level Log Level string 11

logid Log ID string 10

msg Log message string 512

policyid Policy ID uint32 10

profile Profile name for DNS filter string 64

proto Protocol number uint8 3

qclass Query class string 32

qname Query domain name string 256

qtype Query type description string 32

qtypeval Query Type Value uint16 5

rcode uint8 3

sessionid Session ID uint32 10

srcdomain string 255

srcintf Source Interface string 32

srcintfrole Source Interface Role string 10

srcip Source IP ip 39

srcmac MAC address associated with the Source IP string 17

srcport Source Port uint16 5

sscname Safe Search CNAME string 256

subtype Log Subtype string 20

FortiOS 6.4.7 Log Reference 270


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

time Time string 8

translationid uint32 10

type Log Type string 16

tz Time zone string 5

unauthuser Unauthenticated User string 66

unauthusersource Unauthenticated User Source string 66

user User name string 256

vd Virtual Domain Name string 32

xid Transaction ID uint16 5

Email

20480 - LOGID_ANTISPAM_EMAIL_NOTIF

Message ID: 20480


Message Description: LOGID_ANTISPAM_EMAIL_NOTIF
Message Meaning: SPAM notification
Type: Email
Category: SPAM
Severity: Notice

Log Field Name Description Data Type Length

action Security action of the email filter. Eg. blocked, tagged, allow string 8

agent string 64

attachment Possible values: yes , no string 3

authserver string 64

banword Banned word string 128

cc Email address(es) from the Email Headers string 4096


(IMAP/POP3/SMTP)

date Date string 10

devid Device ID string 16

direction Direction of packets string 8

FortiOS 6.4.7 Log Reference 271


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

dstintf Destination Interface string 64

dstintfrole Destination interface Role, ex: LAN, WAN, etc string 10

dstip Destination IP ip 39

dstport Destination Port uint16 5

eventtime the time of the event uint64 20

eventtype Email Filter event type string 32

fctuid FortiClient ID string 32

fortiguardresp string 512

from Email address(es) from the Email Headers string 128


(IMAP/POP3/SMTP)

group User group name string 64

level Log Level string 11

logid Log ID string 10

msg Log Message string 512

policyid Policy ID uint32 10

profile Email Filter profile name string 64

proto Protocol number uint8 3

recipient Email addresses from the SMTP envelope string 512

sender Email addresses from the SMTP envelope string 128

service SMTP, POP3, IMAP, etc. string 36

sessionid Session ID uint32 10

size Email size in Bytes? string 16

srcdomain string 255

srcintf Source Interface string 64

srcintfrole Source interface Role, ex: LAN, WAN, etc string 10

srcip Source IP ip 39

srcport Source Port uint16 5

subject The subject title of the email message string 256

subtype Log subtype string 20

time Time string 8

FortiOS 6.4.7 Log Reference 272


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

to Email address(es) from the Email Headers string 512


(IMAP/POP3/SMTP)

type Log type string 16

tz string 5

unauthuser string 66

unauthusersource string 66

user User name string 256

vd Virtual Domain string 32

vrf Virtual router forwarding uint8 3

webmailprovider string 32

20481 - LOGID_EMAIL_GENERAL_NOTIF

Message ID: 20481


Message Description: LOGID_EMAIL_GENERAL_NOTIF
Message Meaning: Email message
Type: Email
Category: EMAIL
Severity: Information

Log Field Name Description Data Type Length

action Security action of the email filter. Eg. blocked, tagged, allow string 8

agent string 64

attachment Possible values: yes , no string 3

authserver string 64

banword Banned word string 128

cc Email address(es) from the Email Headers string 4096


(IMAP/POP3/SMTP)

date Date string 10

devid Device ID string 16

direction Direction of packets string 8

dstintf Destination Interface string 64

dstintfrole Destination interface Role, ex: LAN, WAN, etc string 10

FortiOS 6.4.7 Log Reference 273


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

dstip Destination IP ip 39

dstport Destination Port uint16 5

eventtime the time of the event uint64 20

eventtype Email Filter event type string 32

fctuid FortiClient ID string 32

fortiguardresp string 512

from Email address(es) from the Email Headers string 128


(IMAP/POP3/SMTP)

group User group name string 64

level Log Level string 11

logid Log ID string 10

msg Log Message string 512

policyid Policy ID uint32 10

profile Email Filter profile name string 64

proto Protocol number uint8 3

recipient Email addresses from the SMTP envelope string 512

sender Email addresses from the SMTP envelope string 128

service SMTP, POP3, IMAP, etc. string 36

sessionid Session ID uint32 10

size Email size in Bytes? string 16

srcdomain string 255

srcintf Source Interface string 64

srcintfrole Source interface Role, ex: LAN, WAN, etc string 10

srcip Source IP ip 39

srcport Source Port uint16 5

subject The subject title of the email message string 256

subtype Log subtype string 20

time Time string 8

to Email address(es) from the Email Headers string 512


(IMAP/POP3/SMTP)

type Log type string 16

FortiOS 6.4.7 Log Reference 274


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

tz string 5

unauthuser string 66

unauthusersource string 66

user User name string 256

vd Virtual Domain string 32

vrf Virtual router forwarding uint8 3

webmailprovider string 32

20482 - LOGID_ANTISPAM_EMAIL_BWORD_NOTIF

Message ID: 20482


Message Description: LOGID_ANTISPAM_EMAIL_BWORD_NOTIF
Message Meaning: Banned word notification
Type: Email
Category: BANNEDWORD
Severity: Notice

Log Field Name Description Data Type Length

action Security action of the email filter. Eg. blocked, tagged, allow string 8

agent string 64

attachment Possible values: yes , no string 3

authserver string 64

banword Banned word string 128

cc Email address(es) from the Email Headers string 4096


(IMAP/POP3/SMTP)

date Date string 10

devid Device ID string 16

direction Direction of packets string 8

dstintf Destination Interface string 64

dstintfrole Destination interface Role, ex: LAN, WAN, etc string 10

dstip Destination IP ip 39

dstport Destination Port uint16 5

eventtime the time of the event uint64 20

FortiOS 6.4.7 Log Reference 275


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

eventtype Email Filter event type string 32

fctuid FortiClient ID string 32

fortiguardresp string 512

from Email address(es) from the Email Headers string 128


(IMAP/POP3/SMTP)

group User group name string 64

level Log Level string 11

logid Log ID string 10

msg Log Message string 512

policyid Policy ID uint32 10

profile Email Filter profile name string 64

proto Protocol number uint8 3

recipient Email addresses from the SMTP envelope string 512

sender Email addresses from the SMTP envelope string 128

service SMTP, POP3, IMAP, etc. string 36

sessionid Session ID uint32 10

size Email size in Bytes? string 16

srcdomain string 255

srcintf Source Interface string 64

srcintfrole Source interface Role, ex: LAN, WAN, etc string 10

srcip Source IP ip 39

srcport Source Port uint16 5

subject The subject title of the email message string 256

subtype Log subtype string 20

time Time string 8

to Email address(es) from the Email Headers string 512


(IMAP/POP3/SMTP)

type Log type string 16

tz string 5

unauthuser string 66

unauthusersource string 66

FortiOS 6.4.7 Log Reference 276


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

user User name string 256

vd Virtual Domain string 32

vrf Virtual router forwarding uint8 3

webmailprovider string 32

20509 - LOGID_ANTISPAM_FTGD_ERR

Message ID: 20509


Message Description: LOGID_ANTISPAM_FTGD_ERR
Message Meaning: FortiGuard error message
Type: Email
Category: FTGD_ERR
Severity: Notice

Log Field Name Description Data Type Length

action Security action of the email filter. Eg. blocked, tagged, allow string 8

agent string 64

attachment Possible values: yes , no string 3

authserver string 64

banword Banned word string 128

cc Email address(es) from the Email Headers string 4096


(IMAP/POP3/SMTP)

date Date string 10

devid Device ID string 16

direction Direction of packets string 8

dstintf Destination Interface string 64

dstintfrole Destination interface Role, ex: LAN, WAN, etc string 10

dstip Destination IP ip 39

dstport Destination Port uint16 5

eventtime the time of the event uint64 20

eventtype Email Filter event type string 32

fctuid FortiClient ID string 32

fortiguardresp string 512

FortiOS 6.4.7 Log Reference 277


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

from Email address(es) from the Email Headers string 128


(IMAP/POP3/SMTP)

group User group name string 64

level Log Level string 11

logid Log ID string 10

msg Log Message string 512

policyid Policy ID uint32 10

profile Email Filter profile name string 64

proto Protocol number uint8 3

recipient Email addresses from the SMTP envelope string 512

sender Email addresses from the SMTP envelope string 128

service SMTP, POP3, IMAP, etc. string 36

sessionid Session ID uint32 10

size Email size in Bytes? string 16

srcdomain string 255

srcintf Source Interface string 64

srcintfrole Source interface Role, ex: LAN, WAN, etc string 10

srcip Source IP ip 39

srcport Source Port uint16 5

subject The subject title of the email message string 256

subtype Log subtype string 20

time Time string 8

to Email address(es) from the Email Headers string 512


(IMAP/POP3/SMTP)

type Log type string 16

tz string 5

unauthuser string 66

unauthusersource string 66

user User name string 256

vd Virtual Domain string 32

vrf Virtual router forwarding uint8 3

webmailprovider string 32

FortiOS 6.4.7 Log Reference 278


Fortinet, Inc.
Log Messages

20510 - LOGID_ANTISPAM_EMAIL_WEBMAIL_NOTIF

Message ID: 20510


Message Description: LOGID_ANTISPAM_EMAIL_WEBMAIL_NOTIF
Message Meaning: Webmail message
Type: Email
Category: WEBMAIL
Severity: Information

Log Field Name Description Data Type Length

action Security action of the email filter. Eg. blocked, tagged, allow string 8

agent string 64

attachment Possible values: yes , no string 3

authserver string 64

banword Banned word string 128

cc Email address(es) from the Email Headers string 4096


(IMAP/POP3/SMTP)

date Date string 10

devid Device ID string 16

direction Direction of packets string 8

dstintf Destination Interface string 64

dstintfrole Destination interface Role, ex: LAN, WAN, etc string 10

dstip Destination IP ip 39

dstport Destination Port uint16 5

eventtime the time of the event uint64 20

eventtype Email Filter event type string 32

fctuid FortiClient ID string 32

fortiguardresp string 512

from Email address(es) from the Email Headers string 128


(IMAP/POP3/SMTP)

group User group name string 64

level Log Level string 11

logid Log ID string 10

msg Log Message string 512

FortiOS 6.4.7 Log Reference 279


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

policyid Policy ID uint32 10

profile Email Filter profile name string 64

proto Protocol number uint8 3

recipient Email addresses from the SMTP envelope string 512

sender Email addresses from the SMTP envelope string 128

service SMTP, POP3, IMAP, etc. string 36

sessionid Session ID uint32 10

size Email size in Bytes? string 16

srcdomain string 255

srcintf Source Interface string 64

srcintfrole Source interface Role, ex: LAN, WAN, etc string 10

srcip Source IP ip 39

srcport Source Port uint16 5

subject The subject title of the email message string 256

subtype Log subtype string 20

time Time string 8

to Email address(es) from the Email Headers string 512


(IMAP/POP3/SMTP)

type Log type string 16

tz string 5

unauthuser string 66

unauthusersource string 66

user User name string 256

vd Virtual Domain string 32

vrf Virtual router forwarding uint8 3

webmailprovider string 32

Event

20002 - LOG_ID_DOMAIN_UNRESOLVABLE

Message ID: 20002

FortiOS 6.4.7 Log Reference 280


Fortinet, Inc.
Log Messages

Message Description: LOG_ID_DOMAIN_UNRESOLVABLE


Message Meaning: Domain name of alert email sender unresolvable
Type: Event
Category: SYSTEM
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

status Status string 23

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

ui User Interface string 64

user User name of authenticated user string 256

vd Virtual Domain Name string 32

20003 - LOG_ID_MAIL_SENT_FAIL

Message ID: 20003


Message Description: LOG_ID_MAIL_SENT_FAIL
Message Meaning: Alert email send status failed
Type: Event
Category: SYSTEM
Severity: Notice

FortiOS 6.4.7 Log Reference 281


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

action Policy Action string 65

count Count uint32 10

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

status Status string 23

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

ui User Interface string 64

user User name of authenticated user string 256

vd Virtual Domain Name string 32

20004 - LOG_ID_POLICY_TOO_BIG

Message ID: 20004


Message Description: LOG_ID_POLICY_TOO_BIG
Message Meaning: Policy too big for installation
Type: Event
Category: SYSTEM
Severity: Critical

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

FortiOS 6.4.7 Log Reference 282


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

status Status string 23

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

ui User Interface string 64

user User name of authenticated user string 256

vd Virtual Domain Name string 32

20005 - LOG_ID_PPP_LINK_UP

Message ID: 20005


Message Description: LOG_ID_PPP_LINK_UP
Message Meaning: Modem PPP link up
Type: Event
Category: SYSTEM
Severity: Information

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

FortiOS 6.4.7 Log Reference 283


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

tz Time zone string 5

vd Virtual Domain Name string 32

20006 - LOG_ID_PPP_LINK_DOWN

Message ID: 20006


Message Description: LOG_ID_PPP_LINK_DOWN
Message Meaning: Modem PPP link down
Type: Event
Category: SYSTEM
Severity: Information

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

20007 - LOG_ID_SOCKET_EXHAUSTED

Message ID: 20007


Message Description: LOG_ID_SOCKET_EXHAUSTED
Message Meaning: NAT port exhausted
Type: Event
Category: SYSTEM
Severity: Critical

FortiOS 6.4.7 Log Reference 284


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

dstip Destination IP ip 39

dstport Destination Protocol Port uint16 5

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

nat NAT IP Address ip 39

proto Protocol Number uint8 3

service Name of Service string 64

srcip Source IP ip 39

srcport Source port uint16 5

status Status string 23

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

vrf uint8 3

20008 - LOG_ID_POLICY6_TOO_BIG

Message ID: 20008


Message Description: LOG_ID_POLICY6_TOO_BIG
Message Meaning: IPv6 policy too big for installation
Type: Event
Category: SYSTEM
Severity: Critical

FortiOS 6.4.7 Log Reference 285


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

status Status string 23

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

ui User Interface string 64

user User name of authenticated user string 256

vd Virtual Domain Name string 32

20010 - LOG_ID_KERNEL_ERROR

Message ID: 20010


Message Description: LOG_ID_KERNEL_ERROR
Message Meaning: Kernel error
Type: Event
Category: SYSTEM
Severity: Critical

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

FortiOS 6.4.7 Log Reference 286


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

20016 - LOG_ID_MODEM_EXCEED_REDIAL_COUNT

Message ID: 20016


Message Description: LOG_ID_MODEM_EXCEED_REDIAL_COUNT
Message Meaning: Modem exceeded redial limit
Type: Event
Category: SYSTEM
Severity: Information

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

20017 - LOG_ID_MODEM_FAIL_TO_OPEN

Message ID: 20017


Message Description: LOG_ID_MODEM_FAIL_TO_OPEN

FortiOS 6.4.7 Log Reference 287


Fortinet, Inc.
Log Messages

Message Meaning: Modem failed to open


Type: Event
Category: SYSTEM
Severity: Information

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

20020 - LOG_ID_MODEM_USB_DETECTED

Message ID: 20020


Message Description: LOG_ID_MODEM_USB_DETECTED
Message Meaning: USB modem detected
Type: Event
Category: SYSTEM
Severity: Warning

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

FortiOS 6.4.7 Log Reference 288


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

20021 - LOG_ID_MAIL_RESENT

Message ID: 20021


Message Description: LOG_ID_MAIL_RESENT
Message Meaning: Alert email resent
Type: Event
Category: SYSTEM
Severity: Information

Log Field Name Description Data Type Length

action Policy Action string 65

count Count uint32 10

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

status Status string 23

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

FortiOS 6.4.7 Log Reference 289


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

ui User Interface string 64

user User name of authenticated user string 256

vd Virtual Domain Name string 32

20022 - LOG_ID_MODEM_USB_REMOVED

Message ID: 20022


Message Description: LOG_ID_MODEM_USB_REMOVED
Message Meaning: USB modem removed
Type: Event
Category: SYSTEM
Severity: Warning

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

20023 - LOG_ID_MODEM_USBLTE_DETECTED

Message ID: 20023


Message Description: LOG_ID_MODEM_USBLTE_DETECTED
Message Meaning: USB LTE modem detected
Type: Event
Category: SYSTEM

FortiOS 6.4.7 Log Reference 290


Fortinet, Inc.
Log Messages

Severity: Information

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

20024 - LOG_ID_MODEM_USBLTE_REMOVED

Message ID: 20024


Message Description: LOG_ID_MODEM_USBLTE_REMOVED
Message Meaning: USB LTE modem removed
Type: Event
Category: SYSTEM
Severity: Information

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

FortiOS 6.4.7 Log Reference 291


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

20025 - LOG_ID_REPORTD_REPORT_SUCCESS

Message ID: 20025


Message Description: LOG_ID_REPORTD_REPORT_SUCCESS
Message Meaning: Report generated successfully
Type: Event
Category: SYSTEM
Severity: Notice

Log Field Name Description Data Type Length

datarange Data range for reports string 50

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

file Report file full path string 256

filesize Report File Size in Bytes uint32 10

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

processtime Process time for reports uint32 10

reporttype Report Type string 20

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

FortiOS 6.4.7 Log Reference 292


Fortinet, Inc.
Log Messages

20026 - LOG_ID_REPORTD_REPORT_FAILURE

Message ID: 20026


Message Description: LOG_ID_REPORTD_REPORT_FAILURE
Message Meaning: Report generation failed
Type: Event
Category: SYSTEM
Severity: Error

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

20027 - LOG_ID_REPORT_DEL_OLD_REC

Message ID: 20027


Message Description: LOG_ID_REPORT_DEL_OLD_REC
Message Meaning: Outdated report files deleted
Type: Event
Category: SYSTEM
Severity: Information

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

FortiOS 6.4.7 Log Reference 293


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

20028 - LOG_ID_REPORT_RECREATE_DB

Message ID: 20028


Message Description: LOG_ID_REPORT_RECREATE_DB
Message Meaning: Report database recreated
Type: Event
Category: SYSTEM
Severity: Warning

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

FortiOS 6.4.7 Log Reference 294


Fortinet, Inc.
Log Messages

20031 - LOG_ID_RAD_OUT_OF_MEM

Message ID: 20031


Message Description: LOG_ID_RAD_OUT_OF_MEM
Message Meaning: RADVD out of memory
Type: Event
Category: SYSTEM
Severity: Critical

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

20032 - LOG_ID_RAD_NOT_FOUND

Message ID: 20032


Message Description: LOG_ID_RAD_NOT_FOUND
Message Meaning: RADVD interface not found
Type: Event
Category: SYSTEM
Severity: Critical

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

FortiOS 6.4.7 Log Reference 295


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

20033 - LOG_ID_RAD_MOBILE_IPV6

Message ID: 20033


Message Description: LOG_ID_RAD_MOBILE_IPV6
Message Meaning: RADVD mobile IPv6 extensions used
Type: Event
Category: SYSTEM
Severity: Information

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

FortiOS 6.4.7 Log Reference 296


Fortinet, Inc.
Log Messages

20034 - LOG_ID_RAD_IPV6_OUT_OF_RANGE

Message ID: 20034


Message Description: LOG_ID_RAD_IPV6_OUT_OF_RANGE
Message Meaning: RADVD mobile IPv6 MinRtrAdvInterval out of range
Type: Event
Category: SYSTEM
Severity: Critical

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

20035 - LOG_ID_RAD_MIN_OUT_OF_RANGE

Message ID: 20035


Message Description: LOG_ID_RAD_MIN_OUT_OF_RANGE
Message Meaning: RADVD MinRtrAdvInterval out of range
Type: Event
Category: SYSTEM
Severity: Critical

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

FortiOS 6.4.7 Log Reference 297


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

20036 - LOG_ID_RAD_MAX_OUT_OF_RANGE

Message ID: 20036


Message Description: LOG_ID_RAD_MAX_OUT_OF_RANGE
Message Meaning: RADVD mobile IPv6 MaxRtrAdvInterval out of range
Type: Event
Category: SYSTEM
Severity: Critical

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

FortiOS 6.4.7 Log Reference 298


Fortinet, Inc.
Log Messages

20037 - LOG_ID_RAD_MAX_ADV_OUT_OF_RANGE

Message ID: 20037


Message Description: LOG_ID_RAD_MAX_ADV_OUT_OF_RANGE
Message Meaning: RADVD MaxRtrAdvInterval out of range
Type: Event
Category: SYSTEM
Severity: Critical

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

20039 - LOG_ID_RAD_MTU_TOO_SMALL

Message ID: 20039


Message Description: LOG_ID_RAD_MTU_TOO_SMALL
Message Meaning: RADVD AdvLinkMTU too small
Type: Event
Category: SYSTEM
Severity: Critical

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

FortiOS 6.4.7 Log Reference 299


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

20040 - LOG_ID_RAD_TIME_TOO_SMALL

Message ID: 20040


Message Description: LOG_ID_RAD_TIME_TOO_SMALL
Message Meaning: RADVD AdvReachableTime too small
Type: Event
Category: SYSTEM
Severity: Critical

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

FortiOS 6.4.7 Log Reference 300


Fortinet, Inc.
Log Messages

20041 - LOG_ID_RAD_HOP_OUT_OF_RANGE

Message ID: 20041


Message Description: LOG_ID_RAD_HOP_OUT_OF_RANGE
Message Meaning: RADVD AdvCurHopLimit too big
Type: Event
Category: SYSTEM
Severity: Critical

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

20042 - LOG_ID_RAD_DFT_HOP_OUT_OF_RANGE

Message ID: 20042


Message Description: LOG_ID_RAD_DFT_HOP_OUT_OF_RANGE
Message Meaning: RADVD AdvCurHopLimit out of range
Type: Event
Category: SYSTEM
Severity: Critical

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

FortiOS 6.4.7 Log Reference 301


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

20043 - LOG_ID_RAD_AGENT_OUT_OF_RANGE

Message ID: 20043


Message Description: LOG_ID_RAD_AGENT_OUT_OF_RANGE
Message Meaning: RADVD HomeAgentLifetime out of range
Type: Event
Category: SYSTEM
Severity: Critical

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

FortiOS 6.4.7 Log Reference 302


Fortinet, Inc.
Log Messages

20044 - LOG_ID_RAD_AGENT_FLAG_NOT_SET

Message ID: 20044


Message Description: LOG_ID_RAD_AGENT_FLAG_NOT_SET
Message Meaning: RADVD AdvHomeAgentFlag not set
Type: Event
Category: SYSTEM
Severity: Critical

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

20045 - LOG_ID_RAD_PREFIX_TOO_LONG

Message ID: 20045


Message Description: LOG_ID_RAD_PREFIX_TOO_LONG
Message Meaning: RADVD invalid prefix length
Type: Event
Category: SYSTEM
Severity: Critical

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

FortiOS 6.4.7 Log Reference 303


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

20046 - LOG_ID_RAD_PREF_TIME_TOO_SMALL

Message ID: 20046


Message Description: LOG_ID_RAD_PREF_TIME_TOO_SMALL
Message Meaning: RADVD AdvValidLifetime less than AdvPreferredLifetime
Type: Event
Category: SYSTEM
Severity: Critical

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

FortiOS 6.4.7 Log Reference 304


Fortinet, Inc.
Log Messages

20047 - LOG_ID_RAD_FAIL_IPV6_SOCKET

Message ID: 20047


Message Description: LOG_ID_RAD_FAIL_IPV6_SOCKET
Message Meaning: RADVD failed to create an IPv6 socket
Type: Event
Category: SYSTEM
Severity: Critical

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

20048 - LOG_ID_RAD_FAIL_OPT_IPV6_PKTINFO

Message ID: 20048


Message Description: LOG_ID_RAD_FAIL_OPT_IPV6_PKTINFO
Message Meaning: RADVD failed to set IPv6 packet info
Type: Event
Category: SYSTEM
Severity: Critical

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

FortiOS 6.4.7 Log Reference 305


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

20049 - LOG_ID_RAD_FAIL_OPT_IPV6_CHECKSUM

Message ID: 20049


Message Description: LOG_ID_RAD_FAIL_OPT_IPV6_CHECKSUM
Message Meaning: RADVD failed to set IPv6 checksum
Type: Event
Category: SYSTEM
Severity: Critical

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

FortiOS 6.4.7 Log Reference 306


Fortinet, Inc.
Log Messages

20050 - LOG_ID_RAD_FAIL_OPT_IPV6_UNICAST_HOPS

Message ID: 20050


Message Description: LOG_ID_RAD_FAIL_OPT_IPV6_UNICAST_HOPS
Message Meaning: RADVD failed to set IPv6 unicast hops
Type: Event
Category: SYSTEM
Severity: Critical

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

20051 - LOG_ID_RAD_FAIL_OPT_IPV6_MULTICAST_HOPS

Message ID: 20051


Message Description: LOG_ID_RAD_FAIL_OPT_IPV6_MULTICAST_HOPS
Message Meaning: RADVD failed to set IPv6 multicast hops
Type: Event
Category: SYSTEM
Severity: Critical

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

FortiOS 6.4.7 Log Reference 307


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

20052 - LOG_ID_RAD_FAIL_OPT_IPV6_HOPLIMIT

Message ID: 20052


Message Description: LOG_ID_RAD_FAIL_OPT_IPV6_HOPLIMIT
Message Meaning: RADVD failed to set IPv6 hop limit
Type: Event
Category: SYSTEM
Severity: Critical

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

FortiOS 6.4.7 Log Reference 308


Fortinet, Inc.
Log Messages

20053 - LOG_ID_RAD_FAIL_OPT_IPPROTO_ICMPV6

Message ID: 20053


Message Description: LOG_ID_RAD_FAIL_OPT_IPPROTO_ICMPV6
Message Meaning: RADVD failed to set ICMPv6 filter
Type: Event
Category: SYSTEM
Severity: Critical

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

20054 - LOG_ID_RAD_EXIT_BY_SIGNAL

Message ID: 20054


Message Description: LOG_ID_RAD_EXIT_BY_SIGNAL
Message Meaning: RADVD exited due to received signal
Type: Event
Category: SYSTEM
Severity: Information

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

FortiOS 6.4.7 Log Reference 309


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

20055 - LOG_ID_RAD_FAIL_CMDB_QUERY

Message ID: 20055


Message Description: LOG_ID_RAD_FAIL_CMDB_QUERY
Message Meaning: RADVD interface query creation failed
Type: Event
Category: SYSTEM
Severity: Critical

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

FortiOS 6.4.7 Log Reference 310


Fortinet, Inc.
Log Messages

20056 - LOG_ID_RAD_FAIL_CMDB_FOR_EACH

Message ID: 20056


Message Description: LOG_ID_RAD_FAIL_CMDB_FOR_EACH
Message Meaning: RADVD query error
Type: Event
Category: SYSTEM
Severity: Critical

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

20057 - LOG_ID_RAD_FAIL_FIND_VIRT_INTF

Message ID: 20057


Message Description: LOG_ID_RAD_FAIL_FIND_VIRT_INTF
Message Meaning: RADVD virtual interface not found
Type: Event
Category: SYSTEM
Severity: Critical

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

FortiOS 6.4.7 Log Reference 311


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

20058 - LOG_ID_RAD_UNLOAD_INTF

Message ID: 20058


Message Description: LOG_ID_RAD_UNLOAD_INTF
Message Meaning: RADVD unloaded interface
Type: Event
Category: SYSTEM
Severity: Information

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

FortiOS 6.4.7 Log Reference 312


Fortinet, Inc.
Log Messages

20061 - LOG_ID_RAD_INV_ICMPV6_TYPE

Message ID: 20061


Message Description: LOG_ID_RAD_INV_ICMPV6_TYPE
Message Meaning: RADVD received unwanted ICMPv6 packet
Type: Event
Category: SYSTEM
Severity: Critical

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

20062 - LOG_ID_RAD_INV_ICMPV6_RA_LEN

Message ID: 20062


Message Description: LOG_ID_RAD_INV_ICMPV6_RA_LEN
Message Meaning: RADVD received ICMPv6 RA packet with invalid length
Type: Event
Category: SYSTEM
Severity: Warning

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

FortiOS 6.4.7 Log Reference 313


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

20063 - LOG_ID_RAD_ICMPV6_NO_SRC_ADDR

Message ID: 20063


Message Description: LOG_ID_RAD_ICMPV6_NO_SRC_ADDR
Message Meaning: RADVD received ICMPv6 RA packet with non-link local source address
Type: Event
Category: SYSTEM
Severity: Warning

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

FortiOS 6.4.7 Log Reference 314


Fortinet, Inc.
Log Messages

20064 - LOG_ID_RAD_INV_ICMPV6_RS_LEN

Message ID: 20064


Message Description: LOG_ID_RAD_INV_ICMPV6_RS_LEN
Message Meaning: RADVD received ICMPv6 RS packet with invalid length
Type: Event
Category: SYSTEM
Severity: Warning

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

20065 - LOG_ID_RAD_INV_ICMPV6_CODE

Message ID: 20065


Message Description: LOG_ID_RAD_INV_ICMPV6_CODE
Message Meaning: RADVD received ICMPv6 RS/RA packet with invalid code
Type: Event
Category: SYSTEM
Severity: Warning

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

FortiOS 6.4.7 Log Reference 315


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

20066 - LOG_ID_RAD_INV_ICMPV6_HOP

Message ID: 20066


Message Description: LOG_ID_RAD_INV_ICMPV6_HOP
Message Meaning: RADVD received ICMPv6 RS/RA packet with invalid hop limit
Type: Event
Category: SYSTEM
Severity: Warning

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

FortiOS 6.4.7 Log Reference 316


Fortinet, Inc.
Log Messages

20067 - LOG_ID_RAD_MISMATCH_HOP

Message ID: 20067


Message Description: LOG_ID_RAD_MISMATCH_HOP
Message Meaning: RADVD local AdvCurHopLimit disagrees with remote site
Type: Event
Category: SYSTEM
Severity: Warning

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

20068 - LOG_ID_RAD_MISMATCH_MGR_FLAG

Message ID: 20068


Message Description: LOG_ID_RAD_MISMATCH_MGR_FLAG
Message Meaning: RADVD local AdvManagedFlag disagrees with remote site
Type: Event
Category: SYSTEM
Severity: Warning

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

FortiOS 6.4.7 Log Reference 317


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

20069 - LOG_ID_RAD_MISMATCH_OTH_FLAG

Message ID: 20069


Message Description: LOG_ID_RAD_MISMATCH_OTH_FLAG
Message Meaning: RADVD local AdvOtherConfigFlag disagrees with remote site
Type: Event
Category: SYSTEM
Severity: Warning

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

FortiOS 6.4.7 Log Reference 318


Fortinet, Inc.
Log Messages

20070 - LOG_ID_RAD_MISMATCH_TIME

Message ID: 20070


Message Description: LOG_ID_RAD_MISMATCH_TIME
Message Meaning: RADVD local AdvReachableTime disagrees with remote site
Type: Event
Category: SYSTEM
Severity: Warning

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

20071 - LOG_ID_RAD_MISMATCH_TIMER

Message ID: 20071


Message Description: LOG_ID_RAD_MISMATCH_TIMER
Message Meaning: RADVD local AdvRetransTimer disagrees with remote site
Type: Event
Category: SYSTEM
Severity: Warning

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

FortiOS 6.4.7 Log Reference 319


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

20072 - LOG_ID_RAD_EXTRA_DATA

Message ID: 20072


Message Description: LOG_ID_RAD_EXTRA_DATA
Message Meaning: RADVD extra data in RA packet found
Type: Event
Category: SYSTEM
Severity: Critical

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

FortiOS 6.4.7 Log Reference 320


Fortinet, Inc.
Log Messages

20073 - LOG_ID_RAD_NO_OPT_DATA

Message ID: 20073


Message Description: LOG_ID_RAD_NO_OPT_DATA
Message Meaning: RADVD RA packet option length zero
Type: Event
Category: SYSTEM
Severity: Critical

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

20074 - LOG_ID_RAD_INV_OPT_LEN

Message ID: 20074


Message Description: LOG_ID_RAD_INV_OPT_LEN
Message Meaning: RADVD RA packet option length greater than total length
Type: Event
Category: SYSTEM
Severity: Critical

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

FortiOS 6.4.7 Log Reference 321


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

20075 - LOG_ID_RAD_MISMATCH_MTU

Message ID: 20075


Message Description: LOG_ID_RAD_MISMATCH_MTU
Message Meaning: RADVD local AdvLinkMTU disagrees with remote site
Type: Event
Category: SYSTEM
Severity: Warning

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

FortiOS 6.4.7 Log Reference 322


Fortinet, Inc.
Log Messages

20077 - LOG_ID_RAD_MISMATCH_PREF_TIME

Message ID: 20077


Message Description: LOG_ID_RAD_MISMATCH_PREF_TIME
Message Meaning: Interface AdvPreferredLifetime on our interface does not agree with a remote site
Type: Event
Category: SYSTEM
Severity: Warning

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

20078 - LOG_ID_RAD_INV_OPT

Message ID: 20078


Message Description: LOG_ID_RAD_INV_OPT
Message Meaning: RADVD found invalid option in RA packet from remote site
Type: Event
Category: SYSTEM
Severity: Critical

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

FortiOS 6.4.7 Log Reference 323


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

20080 - LOG_ID_RAD_FAIL_TO_RCV

Message ID: 20080


Message Description: LOG_ID_RAD_FAIL_TO_RCV
Message Meaning: RADVD receive message failed
Type: Event
Category: SYSTEM
Severity: Critical

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

FortiOS 6.4.7 Log Reference 324


Fortinet, Inc.
Log Messages

20081 - LOG_ID_RAD_INV_HOP

Message ID: 20081


Message Description: LOG_ID_RAD_INV_HOP
Message Meaning: RADVD received invalid IPv6 hop limit
Type: Event
Category: SYSTEM
Severity: Critical

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

20082 - LOG_ID_RAD_INV_PKTINFO

Message ID: 20082


Message Description: LOG_ID_RAD_INV_PKTINFO
Message Meaning: RADVD received invalid IPv6 packet info
Type: Event
Category: SYSTEM
Severity: Critical

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

FortiOS 6.4.7 Log Reference 325


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

20083 - LOG_ID_RAD_FAIL_TO_CHECK

Message ID: 20083


Message Description: LOG_ID_RAD_FAIL_TO_CHECK
Message Meaning: RADVD all-routers membership check failed
Type: Event
Category: SYSTEM
Severity: Warning

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

FortiOS 6.4.7 Log Reference 326


Fortinet, Inc.
Log Messages

20084 - LOG_ID_RAD_FAIL_TO_SEND

Message ID: 20084


Message Description: LOG_ID_RAD_FAIL_TO_SEND
Message Meaning: RADVD send message failed
Type: Event
Category: SYSTEM
Severity: Warning

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

20085 - LOG_ID_SESSION_CLASH

Message ID: 20085


Message Description: LOG_ID_SESSION_CLASH
Message Meaning: Session clashed
Type: Event
Category: SYSTEM
Severity: Information

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

FortiOS 6.4.7 Log Reference 327


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

proto Protocol Number uint8 3

status Status string 23

subtype Log Subtype string 20

time Time string 8

trace_id string 32

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

20090 - LOG_ID_INTF_LINK_STA_CHG

Message ID: 20090


Message Description: LOG_ID_INTF_LINK_STA_CHG
Message Meaning: Interface link status changed
Type: Event
Category: SYSTEM
Severity: Notice

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

intf Interface string 16

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

FortiOS 6.4.7 Log Reference 328


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

status Status string 23

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

20099 - LOG_ID_INTF_STA_CHG

Message ID: 20099


Message Description: LOG_ID_INTF_STA_CHG
Message Meaning: Interface status changed
Type: Event
Category: SYSTEM
Severity: Warning

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

status Status string 23

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

FortiOS 6.4.7 Log Reference 329


Fortinet, Inc.
Log Messages

20100 - LOG_ID_WEB_CAT_UPDATED

Message ID: 20100


Message Description: LOG_ID_WEB_CAT_UPDATED
Message Meaning: FortiGuard web filter category list updated
Type: Event
Category: SYSTEM
Severity: Critical

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

20101 - LOG_ID_WEB_LIC_EXPIRE

Message ID: 20101


Message Description: LOG_ID_WEB_LIC_EXPIRE
Message Meaning: FortiGuard web filter license expiring
Type: Event
Category: SYSTEM
Severity: Warning

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

FortiOS 6.4.7 Log Reference 330


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

20102 - LOG_ID_SPAM_LIC_EXPIRE

Message ID: 20102


Message Description: LOG_ID_SPAM_LIC_EXPIRE
Message Meaning: FortiGuard antispam license expiring
Type: Event
Category: SYSTEM
Severity: Warning

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

FortiOS 6.4.7 Log Reference 331


Fortinet, Inc.
Log Messages

20103 - LOG_ID_AV_LIC_EXPIRE

Message ID: 20103


Message Description: LOG_ID_AV_LIC_EXPIRE
Message Meaning: FortiGuard antivirus license expiring
Type: Event
Category: SYSTEM
Severity: Warning

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

20104 - LOG_ID_IPS_LIC_EXPIRE

Message ID: 20104


Message Description: LOG_ID_IPS_LIC_EXPIRE
Message Meaning: FortiGuard IPS license expiring
Type: Event
Category: SYSTEM
Severity: Warning

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

FortiOS 6.4.7 Log Reference 332


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

20107 - LOG_ID_LOG_UPLOAD_ERR

Message ID: 20107


Message Description: LOG_ID_LOG_UPLOAD_ERR
Message Meaning: Log upload error
Type: Event
Category: SYSTEM
Severity: Warning

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

error Error Reason for Log Upload to Forticloud string 256

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

port Port Number uint16 5

server Server IP Address string 64

FortiOS 6.4.7 Log Reference 333


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

vd Virtual Domain Name string 32

20108 - LOG_ID_LOG_UPLOAD_DONE

Message ID: 20108


Message Description: LOG_ID_LOG_UPLOAD_DONE
Message Meaning: Log upload completed
Type: Event
Category: SYSTEM
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

port Port Number uint16 5

server Server IP Address string 64

status Status string 23

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

FortiOS 6.4.7 Log Reference 334


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

user User name of authenticated user string 256

vd Virtual Domain Name string 32

20109 - LOG_ID_WEB_LIC_EXPIRED

Message ID: 20109


Message Description: LOG_ID_WEB_LIC_EXPIRED
Message Meaning: FortiGuard web filter license expired
Type: Event
Category: SYSTEM
Severity: Critical

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

20113 - LOG_ID_IPSA_DOWNLOAD_FAIL

Message ID: 20113


Message Description: LOG_ID_IPSA_DOWNLOAD_FAIL
Message Meaning: IPSA database download failed
Type: Event
Category: SYSTEM
Severity: Error

FortiOS 6.4.7 Log Reference 335


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

20114 - LOG_ID_IPSA_SELFTEST_FAIL

Message ID: 20114


Message Description: LOG_ID_IPSA_SELFTEST_FAIL
Message Meaning: IPSA disabled: self test failed
Type: Event
Category: SYSTEM
Severity: Error

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

FortiOS 6.4.7 Log Reference 336


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

20115 - LOG_ID_IPSA_STATUSUPD_FAIL

Message ID: 20115


Message Description: LOG_ID_IPSA_STATUSUPD_FAIL
Message Meaning: IPSA driver update failed
Type: Event
Category: SYSTEM
Severity: Error

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

20116 - LOG_ID_SPAM_LIC_EXPIRED

Message ID: 20116


Message Description: LOG_ID_SPAM_LIC_EXPIRED
Message Meaning: FortiGuard antispam license expired
Type: Event
Category: SYSTEM

FortiOS 6.4.7 Log Reference 337


Fortinet, Inc.
Log Messages

Severity: Critical

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

20117 - LOG_ID_AV_LIC_EXPIRED

Message ID: 20117


Message Description: LOG_ID_AV_LIC_EXPIRED
Message Meaning: FortiGuard antivirus license expired
Type: Event
Category: SYSTEM
Severity: Critical

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

FortiOS 6.4.7 Log Reference 338


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

20118 - LOG_ID_WEBF_STATUS_REACH

Message ID: 20118


Message Description: LOG_ID_WEBF_STATUS_REACH
Message Meaning: FortiGuard webfilter reachable
Type: Event
Category: SYSTEM
Severity: Warning

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

20119 - LOG_ID_WEBF_STATUS_UNREACH

Message ID: 20119


Message Description: LOG_ID_WEBF_STATUS_UNREACH
Message Meaning: FortiGuard webfilter unreachable
Type: Event

FortiOS 6.4.7 Log Reference 339


Fortinet, Inc.
Log Messages

Category: SYSTEM
Severity: Warning

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

20200 - LOG_ID_FIPS_SELF_TEST

Message ID: 20200


Message Description: LOG_ID_FIPS_SELF_TEST
Message Meaning: FIPS CC self-test initiated
Type: Event
Category: SYSTEM
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

FortiOS 6.4.7 Log Reference 340


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

ui User Interface string 64

user User name of authenticated user string 256

vd Virtual Domain Name string 32

20201 - LOG_ID_FIPS_SELF_ALL_TEST

Message ID: 20201


Message Description: LOG_ID_FIPS_SELF_ALL_TEST
Message Meaning: FIPS ALL CC self-tests initiated
Type: Event
Category: SYSTEM
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

ui User Interface string 64

user User name of authenticated user string 256

vd Virtual Domain Name string 32

FortiOS 6.4.7 Log Reference 341


Fortinet, Inc.
Log Messages

20202 - LOG_ID_DISK_FORMAT_ERROR

Message ID: 20202


Message Description: LOG_ID_DISK_FORMAT_ERROR
Message Meaning: Disk partitioning or formatting Error
Type: Event
Category: SYSTEM
Severity: Warning

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

20203 - LOG_ID_DAEMON_SHUTDOWN

Message ID: 20203


Message Description: LOG_ID_DAEMON_SHUTDOWN
Message Meaning: Daemon shutdown
Type: Event
Category: SYSTEM
Severity: Information

Log Field Name Description Data Type Length

action Policy Action string 65

daemon Daemon Name string 32

FortiOS 6.4.7 Log Reference 342


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

pid Process ID uint32 10

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

20204 - LOG_ID_DAEMON_START

Message ID: 20204


Message Description: LOG_ID_DAEMON_START
Message Meaning: Daemon started
Type: Event
Category: SYSTEM
Severity: Information

Log Field Name Description Data Type Length

action Policy Action string 65

daemon Daemon Name string 32

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

FortiOS 6.4.7 Log Reference 343


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

msg Log Message string 4096

pid Process ID uint32 10

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

20205 - LOG_ID_DISK_FORMAT_REQ

Message ID: 20205


Message Description: LOG_ID_DISK_FORMAT_REQ
Message Meaning: Format disk requested
Type: Event
Category: SYSTEM
Severity: Alert, Critical

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

ui User Interface string 64

user User name of authenticated user string 256

vd Virtual Domain Name string 32

FortiOS 6.4.7 Log Reference 344


Fortinet, Inc.
Log Messages

20206 - LOG_ID_DISK_SCAN_REQ

Message ID: 20206


Message Description: LOG_ID_DISK_SCAN_REQ
Message Meaning: Scan disk requested
Type: Event
Category: SYSTEM
Severity: Warning

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

ui User Interface string 64

user User name of authenticated user string 256

vd Virtual Domain Name string 32

20207 - LOG_ID_RAD_MISMATCH_VALID_TIME

Message ID: 20207


Message Description: LOG_ID_RAD_MISMATCH_VALID_TIME
Message Meaning: RADVD local AdvValidLifetime disagrees with remote site
Type: Event
Category: SYSTEM
Severity: Warning

FortiOS 6.4.7 Log Reference 345


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

20208 - LOG_ID_ZOMBIE_DAEMON_CLEANUP

Message ID: 20208


Message Description: LOG_ID_ZOMBIE_DAEMON_CLEANUP
Message Meaning: Zombie daemon cleanup
Type: Event
Category: SYSTEM
Severity: Information

Log Field Name Description Data Type Length

action Policy Action string 65

daemon Daemon Name string 32

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

FortiOS 6.4.7 Log Reference 346


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

pid Process ID uint32 10

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

20209 - LOG_ID_DISK_UNAVAIL

Message ID: 20209


Message Description: LOG_ID_DISK_UNAVAIL
Message Meaning: Disk unavailable
Type: Event
Category: SYSTEM
Severity: Critical

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

20210 - LOG_ID_DISK_TRIM_START

Message ID: 20210


Message Description: LOG_ID_DISK_TRIM_START

FortiOS 6.4.7 Log Reference 347


Fortinet, Inc.
Log Messages

Message Meaning: SSD TRIM started


Type: Event
Category: SYSTEM
Severity: Information

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

ui User Interface string 64

user User name of authenticated user string 256

vd Virtual Domain Name string 32

20211 - LOG_ID_DISK_TRIM_END

Message ID: 20211


Message Description: LOG_ID_DISK_TRIM_END
Message Meaning: SSD TRIM finished
Type: Event
Category: SYSTEM
Severity: Information

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

FortiOS 6.4.7 Log Reference 348


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

ui User Interface string 64

user User name of authenticated user string 256

vd Virtual Domain Name string 32

20212 - LOG_ID_DISK_SCAN_NEEDED

Message ID: 20212


Message Description: LOG_ID_DISK_SCAN_NEEDED
Message Meaning: Disk scan is needed
Type: Event
Category: SYSTEM
Severity: Alert

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

FortiOS 6.4.7 Log Reference 349


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

20213 - LOG_ID_DISK_LOG_CORRUPTED

Message ID: 20213


Message Description: LOG_ID_DISK_LOG_CORRUPTED
Message Meaning: Log file on disk is corrupted
Type: Event
Category: SYSTEM
Severity: Warning

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

20220 - LOGID_EVENT_SHAPER_OUTBOUND_MAXED_OUT

Message ID: 20220


Message Description: LOGID_EVENT_SHAPER_OUTBOUND_MAXED_OUT
Message Meaning: Outbound bandwidth rate exceeded
Type: Event

FortiOS 6.4.7 Log Reference 350


Fortinet, Inc.
Log Messages

Category: SYSTEM
Severity: Information

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

intf Interface string 16

level Log Level string 11

limit Virtual Domain Resource Limit uint32 10

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

20221 - LOGID_EVENT_SHAPER_INBOUND_MAXED_OUT

Message ID: 20221


Message Description: LOGID_EVENT_SHAPER_INBOUND_MAXED_OUT
Message Meaning: Inbound bandwidth rate exceeded
Type: Event
Category: SYSTEM
Severity: Information

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

intf Interface string 16

level Log Level string 11

limit Virtual Domain Resource Limit uint32 10

FortiOS 6.4.7 Log Reference 351


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

20300 - LOG_ID_BGP_NB_STAT_CHG

Message ID: 20300


Message Description: LOG_ID_BGP_NB_STAT_CHG
Message Meaning: BGP neighbor status changed
Type: Event
Category: ROUTER
Severity: Warning

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

FortiOS 6.4.7 Log Reference 352


Fortinet, Inc.
Log Messages

20301 - LOG_ID_VZ_LOG

Message ID: 20301


Message Description: LOG_ID_VZ_LOG
Message Meaning: Routing log
Type: Event
Category: ROUTER
Severity: Warning, Information

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

20302 - LOG_ID_OSPF_NB_STAT_CHG

Message ID: 20302


Message Description: LOG_ID_OSPF_NB_STAT_CHG
Message Meaning: OSPF neighbor status changed
Type: Event
Category: ROUTER
Severity: Warning

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

FortiOS 6.4.7 Log Reference 353


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

20303 - LOG_ID_OSPF6_NB_STAT_CHG

Message ID: 20303


Message Description: LOG_ID_OSPF6_NB_STAT_CHG
Message Meaning: OSPF6 neighbor status changed
Type: Event
Category: ROUTER
Severity: Warning

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

FortiOS 6.4.7 Log Reference 354


Fortinet, Inc.
Log Messages

20401 - LOG_ID_ROUTER_CLEAR

Message ID: 20401


Message Description: LOG_ID_ROUTER_CLEAR
Message Meaning: Router cleared
Type: Event
Category: ROUTER
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

ui User Interface string 64

user User name of authenticated user string 256

vd Virtual Domain Name string 32

22000 - LOG_ID_INV_PKT_LEN

Message ID: 22000


Message Description: LOG_ID_INV_PKT_LEN
Message Meaning: Packet length mismatch
Type: Event
Category: SYSTEM
Severity: Warning

FortiOS 6.4.7 Log Reference 355


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

22001 - LOG_ID_UNSUPPORTED_PROT_VER

Message ID: 22001


Message Description: LOG_ID_UNSUPPORTED_PROT_VER
Message Meaning: Protocol version unsupported
Type: Event
Category: SYSTEM
Severity: Warning

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

FortiOS 6.4.7 Log Reference 356


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

22002 - LOG_ID_INV_REQ_TYPE

Message ID: 22002


Message Description: LOG_ID_INV_REQ_TYPE
Message Meaning: Request type not supported
Type: Event
Category: SYSTEM
Severity: Warning

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

22003 - LOG_ID_FAIL_SET_SIG_HANDLER

Message ID: 22003


Message Description: LOG_ID_FAIL_SET_SIG_HANDLER
Message Meaning: Signal handler setup failed
Type: Event
Category: SYSTEM

FortiOS 6.4.7 Log Reference 357


Fortinet, Inc.
Log Messages

Severity: Warning

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

22004 - LOG_ID_FAIL_CREATE_SOCKET

Message ID: 22004


Message Description: LOG_ID_FAIL_CREATE_SOCKET
Message Meaning: Socket creation failed
Type: Event
Category: SYSTEM
Severity: Warning

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

subtype Log Subtype string 20

time Time string 8

FortiOS 6.4.7 Log Reference 358


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

22005 - LOG_ID_FAIL_CREATE_SOCKET_RETRY

Message ID: 22005


Message Description: LOG_ID_FAIL_CREATE_SOCKET_RETRY
Message Meaning: Socket creation retry failed
Type: Event
Category: SYSTEM
Severity: Warning

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

22006 - LOG_ID_FAIL_REG_CMDB_EVENT

Message ID: 22006


Message Description: LOG_ID_FAIL_REG_CMDB_EVENT
Message Meaning: Registration for CMDB events failed
Type: Event
Category: SYSTEM
Severity: Warning

FortiOS 6.4.7 Log Reference 359


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

22009 - LOG_ID_FAIL_FIND_AV_PROFILE

Message ID: 22009


Message Description: LOG_ID_FAIL_FIND_AV_PROFILE
Message Meaning: AntiVirus profile not found
Type: Event
Category: SYSTEM
Severity: Warning

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

name Display Name of the Connection string 128

status Status string 23

FortiOS 6.4.7 Log Reference 360


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

22010 - LOG_ID_SENDTO_FAIL

Message ID: 22010


Message Description: LOG_ID_SENDTO_FAIL
Message Meaning: URL filter packet send failure
Type: Event
Category: SYSTEM
Severity: Error

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

process Process string 4096

reason Reason string 256

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

22011 - LOG_ID_ENTER_MEM_CONSERVE_MODE

Message ID: 22011

FortiOS 6.4.7 Log Reference 361


Fortinet, Inc.
Log Messages

Message Description: LOG_ID_ENTER_MEM_CONSERVE_MODE


Message Meaning: Memory conserve mode entered
Type: Event
Category: SYSTEM
Severity: Critical

Log Field Name Description Data Type Length

conserve Flag for Conserve Mode string 32

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

green Green threshold for conserve mode string 32

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

red string 32

service Name of Service string 64

subtype Log Subtype string 20

time Time string 8

total Total uint32 10

type Log Type string 16

tz Time zone string 5

used Number of Used IPs uint32 10

vd Virtual Domain Name string 32

22012 - LOG_ID_LEAVE_MEM_CONSERVE_MODE

Message ID: 22012


Message Description: LOG_ID_LEAVE_MEM_CONSERVE_MODE
Message Meaning: Memory conserve mode exited
Type: Event
Category: SYSTEM
Severity: Critical

FortiOS 6.4.7 Log Reference 362


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

conserve Flag for Conserve Mode string 32

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

green Green threshold for conserve mode string 32

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

red string 32

service Name of Service string 64

subtype Log Subtype string 20

time Time string 8

total Total uint32 10

type Log Type string 16

tz Time zone string 5

used Number of Used IPs uint32 10

vd Virtual Domain Name string 32

22013 - LOG_ID_IPPOOLPBA_BLOCK_EXHAUSTED

Message ID: 22013


Message Description: LOG_ID_IPPOOLPBA_BLOCK_EXHAUSTED
Message Meaning: IP pool PBA block exhausted
Type: Event
Category: SYSTEM
Severity: Alert

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

FortiOS 6.4.7 Log Reference 363


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

poolname IP Pool Name string 36

saddr Source Address IP string 80

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

22014 - LOG_ID_IPPOOLPBA_NATIP_EXHAUSTED

Message ID: 22014


Message Description: LOG_ID_IPPOOLPBA_NATIP_EXHAUSTED
Message Meaning: IP pool PBA NAT IP exhausted
Type: Event
Category: SYSTEM
Severity: Alert

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

poolname IP Pool Name string 36

FortiOS 6.4.7 Log Reference 364


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

saddr Source Address IP string 80

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

22015 - LOG_ID_IPPOOLPBA_CREATE

Message ID: 22015


Message Description: LOG_ID_IPPOOLPBA_CREATE
Message Meaning: IP pool PBA created
Type: Event
Category: SYSTEM
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

nat NAT IP Address ip 39

poolname IP Pool Name string 36

portbegin Port Number to Begin uint16 5

portend Port Number to End uint16 5

saddr Source Address IP string 80

subtype Log Subtype string 20

time Time string 8

FortiOS 6.4.7 Log Reference 365


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

22016 - LOG_ID_IPPOOLPBA_DEALLOCATE

Message ID: 22016


Message Description: LOG_ID_IPPOOLPBA_DEALLOCATE
Message Meaning: Deallocate IP pool PBA
Type: Event
Category: SYSTEM
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

duration Duration uint32 10

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

nat NAT IP Address ip 39

poolname IP Pool Name string 36

portbegin Port Number to Begin uint16 5

portend Port Number to End uint16 5

saddr Source Address IP string 80

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

FortiOS 6.4.7 Log Reference 366


Fortinet, Inc.
Log Messages

22017 - LOG_ID_EXCEED_GLOB_RES_LIMIT

Message ID: 22017


Message Description: LOG_ID_EXCEED_GLOB_RES_LIMIT
Message Meaning: Global resource limit exceeded
Type: Event
Category: SYSTEM
Severity: Notice

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

service Name of Service string 64

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

22018 - LOG_ID_EXCEED_VD_RES_LIMIT

Message ID: 22018


Message Description: LOG_ID_EXCEED_VD_RES_LIMIT
Message Meaning: VDOM resource limit exceeded
Type: Event
Category: SYSTEM
Severity: Notice

Log Field Name Description Data Type Length

date Date string 10

FortiOS 6.4.7 Log Reference 367


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

service Name of Service string 64

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

22019 - LOG_ID_LOGRATE_OVER_LIMIT

Message ID: 22019


Message Description: LOG_ID_LOGRATE_OVER_LIMIT
Message Meaning: Log rate limit exceeded
Type: Event
Category: SYSTEM
Severity: Notice

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

FortiOS 6.4.7 Log Reference 368


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

22020 - LOG_ID_FAIL_CREATE_HA_SOCKET

Message ID: 22020


Message Description: LOG_ID_FAIL_CREATE_HA_SOCKET
Message Meaning: HA socket creation failed
Type: Event
Category: SYSTEM
Severity: Warning

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

22021 - LOG_ID_FAIL_CREATE_HA_SOCKET_RETRY

Message ID: 22021


Message Description: LOG_ID_FAIL_CREATE_HA_SOCKET_RETRY
Message Meaning: UDP socket creation to relay URL request failed
Type: Event
Category: SYSTEM

FortiOS 6.4.7 Log Reference 369


Fortinet, Inc.
Log Messages

Severity: Warning

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

22031 - LOG_ID_SUCCESS_CSF_LOG_SYNC_CONFIG_CHANGED

Message ID: 22031


Message Description: LOG_ID_SUCCESS_CSF_LOG_SYNC_CONFIG_CHANGED
Message Meaning: Settings modified by Security Fabric service
Type: Event
Category: SYSTEM
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

FortiOS 6.4.7 Log Reference 370


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

sn Serial Number string 64

status Status string 23

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

22032 - LOG_ID_CSF_LOOP_FOUND

Message ID: 22032


Message Description: LOG_ID_CSF_LOOP_FOUND
Message Meaning: Looped configuration in Security Fabric service
Type: Event
Category: SYSTEM
Severity: Critical

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

path string 512

reason Reason string 256

sn Serial Number string 64

status Status string 23

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

FortiOS 6.4.7 Log Reference 371


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

tz Time zone string 5

vd Virtual Domain Name string 32

22035 - LOG_ID_CSF_UPSTREAM_SN_CHANGED

Message ID: 22035


Message Description: LOG_ID_CSF_UPSTREAM_SN_CHANGED
Message Meaning: Serial number of upstream is changed
Type: Event
Category: SYSTEM
Severity: Warning

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

ip ip 39

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

oldsn Security fabric upstream FGT old serial number string 64

sn Serial Number string 64

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

22036 - LOG_ID_CSF_FGT_CONNECTED

Message ID: 22036


Message Description: LOG_ID_CSF_FGT_CONNECTED
Message Meaning: Connection with CSF member established and authorized

FortiOS 6.4.7 Log Reference 372


Fortinet, Inc.
Log Messages

Type: Event
Category: SYSTEM
Severity: Information

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

direction string 16

eventtime Event time uint64 20

ip ip 39

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

sn Serial Number string 64

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

22037 - LOG_ID_CSF_FGT_DISCONNECTED

Message ID: 22037


Message Description: LOG_ID_CSF_FGT_DISCONNECTED
Message Meaning: Connection with authorized CSF member terminated
Type: Event
Category: SYSTEM
Severity: Information

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

direction string 16

FortiOS 6.4.7 Log Reference 373


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

eventtime Event time uint64 20

ip ip 39

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

reason Reason string 256

sn Serial Number string 64

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

22038 - LOG_ID_CSF_GLOBAL_SYNC_FAILED

Message ID: 22038


Message Description: LOG_ID_CSF_GLOBAL_SYNC_FAILED
Message Meaning: Synchronization of global object failed.
Type: Event
Category: SYSTEM
Severity: Alert

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

path string 512

FortiOS 6.4.7 Log Reference 374


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

reason Reason string 256

sn Serial Number string 64

status Status string 23

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

22039 - LOG_ID_CSF_GLOBAL_SYNC_REPORT

Message ID: 22039


Message Description: LOG_ID_CSF_GLOBAL_SYNC_REPORT
Message Meaning: Synchronization of global object report.
Type: Event
Category: SYSTEM
Severity: Notice

Log Field Name Description Data Type Length

cmdbpathname string 96

cmdbtablename string 64

conflictcount int32 10

date Date string 10

devid Device ID string 16

errorcount int32 10

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

path string 512

reason Reason string 256

FortiOS 6.4.7 Log Reference 375


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

sn Serial Number string 64

status Status string 23

subtype Log Subtype string 20

successcount int32 10

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

22050 - LOG_ID_IPAMD_ADDRESS_ALLOCATED

Message ID: 22050


Message Description: LOG_ID_IPAMD_ADDRESS_ALLOCATED
Message Meaning: Address allocated by FortiIPAM and applied to an interface
Type: Event
Category: SYSTEM
Severity: Notice

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

interface Interface string 32

ip ip 39

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

FortiOS 6.4.7 Log Reference 376


Fortinet, Inc.
Log Messages

22051 - LOG_ID_IPAMD_ADDRESS_SET_FAILED

Message ID: 22051


Message Description: LOG_ID_IPAMD_ADDRESS_SET_FAILED
Message Meaning: Address received from FortiIPAM could not be applied to the interface
Type: Event
Category: SYSTEM
Severity: Warning

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

interface Interface string 32

ip ip 39

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

22052 - LOG_ID_IPAMD_ADDRESS_INVALIDATED

Message ID: 22052


Message Description: LOG_ID_IPAMD_ADDRESS_INVALIDATED
Message Meaning: FortiIPAM indicated that the address was no longer allocated to the interface
Type: Event
Category: SYSTEM
Severity: Notice

FortiOS 6.4.7 Log Reference 377


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

interface Interface string 32

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

22053 - LOG_ID_IPAMD_VALIDATION_COMPLETE

Message ID: 22053


Message Description: LOG_ID_IPAMD_VALIDATION_COMPLETE
Message Meaning: Startup validation of IPAM addresses was completed
Type: Event
Category: SYSTEM
Severity: Information

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

FortiOS 6.4.7 Log Reference 378


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

22100 - LOG_ID_QUAR_DROP_TRAN_JOB

Message ID: 22100


Message Description: LOG_ID_QUAR_DROP_TRAN_JOB
Message Meaning: Files dropped by quarantine daemon
Type: Event
Category: SYSTEM
Severity: Warning

Log Field Name Description Data Type Length

action Policy Action string 65

count Count uint32 10

date Date string 10

devid Device ID string 16

duration Duration uint32 10

eventtime Event time uint64 20

fams_pause Fortinet Analysis and Management Service Pause uint32 10

level Log Level string 11

limit Virtual Domain Resource Limit uint32 10

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

reason Reason string 256

status Status string 23

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

FortiOS 6.4.7 Log Reference 379


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

tz Time zone string 5

used Number of Used IPs uint32 10

vd Virtual Domain Name string 32

22101 - LOG_ID_QUAR_DROP_TLL_JOB

Message ID: 22101


Message Description: LOG_ID_QUAR_DROP_TLL_JOB
Message Meaning: Files dropped due to poor network connection
Type: Event
Category: SYSTEM
Severity: Warning

Log Field Name Description Data Type Length

action Policy Action string 65

count Count uint32 10

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

reason Reason string 256

status Status string 23

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

22102 - LOG_ID_LOG_DISK_FAILURE

Message ID: 22102

FortiOS 6.4.7 Log Reference 380


Fortinet, Inc.
Log Messages

Message Description: LOG_ID_LOG_DISK_FAILURE


Message Meaning: Log disk failure imminent
Type: Event
Category: SYSTEM
Severity: Critical

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

22103 - LOG_ID_QUAR_LIMIT_REACHED

Message ID: 22103


Message Description: LOG_ID_QUAR_LIMIT_REACHED
Message Meaning: Sandbox limit reached
Type: Event
Category: SYSTEM
Severity: Warning

Log Field Name Description Data Type Length

action Policy Action string 65

count Count uint32 10

date Date string 10

devid Device ID string 16

FortiOS 6.4.7 Log Reference 381


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

eventtime Event time uint64 20

level Log Level string 11

limit Virtual Domain Resource Limit uint32 10

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

22104 - LOG_ID_POWER_RESTORE

Message ID: 22104


Message Description: LOG_ID_POWER_RESTORE
Message Meaning: Power supply restored
Type: Event
Category: SYSTEM
Severity: Critical, Notice

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

status Status string 23

subtype Log Subtype string 20

FortiOS 6.4.7 Log Reference 382


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

time Time string 8

type Log Type string 16

tz Time zone string 5

unit Unit uint32 10

vd Virtual Domain Name string 32

22105 - LOG_ID_POWER_FAILURE

Message ID: 22105


Message Description: LOG_ID_POWER_FAILURE
Message Meaning: Power supply failed
Type: Event
Category: SYSTEM
Severity: Critical, Warning

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

status Status string 23

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

unit Unit uint32 10

vd Virtual Domain Name string 32

FortiOS 6.4.7 Log Reference 383


Fortinet, Inc.
Log Messages

22106 - LOG_ID_POWER_OPTIONAL_NOT_DETECTED

Message ID: 22106


Message Description: LOG_ID_POWER_OPTIONAL_NOT_DETECTED
Message Meaning: Optional power supply not detected
Type: Event
Category: SYSTEM
Severity: Warning

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

status Status string 23

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

22107 - LOG_ID_VOLT_ANOM

Message ID: 22107


Message Description: LOG_ID_VOLT_ANOM
Message Meaning: Voltage anomaly
Type: Event
Category: SYSTEM
Severity: Warning

FortiOS 6.4.7 Log Reference 384


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

status Status string 23

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

22108 - LOG_ID_FAN_ANOM

Message ID: 22108


Message Description: LOG_ID_FAN_ANOM
Message Meaning: Fan anomaly
Type: Event
Category: SYSTEM
Severity: Warning

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

FortiOS 6.4.7 Log Reference 385


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

msg Log Message string 4096

status Status string 23

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

22109 - LOG_ID_TEMP_TOO_HIGH

Message ID: 22109


Message Description: LOG_ID_TEMP_TOO_HIGH
Message Meaning: Temperature too high
Type: Event
Category: SYSTEM
Severity: Warning

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

status Status string 23

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

FortiOS 6.4.7 Log Reference 386


Fortinet, Inc.
Log Messages

22110 - LOG_ID_SPARE_BLOCK_LOW

Message ID: 22110


Message Description: LOG_ID_SPARE_BLOCK_LOW
Message Meaning: Spare blocks availability low
Type: Event
Category: SYSTEM
Severity: Critical

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

22113 - LOG_ID_FNBAM_FAILURE

Message ID: 22113


Message Description: LOG_ID_FNBAM_FAILURE
Message Meaning: Authentication error
Type: Event
Category: SYSTEM
Severity: Warning

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

FortiOS 6.4.7 Log Reference 387


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

service Name of Service string 64

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

22150 - LOG_ID_VOLT_NOM

Message ID: 22150


Message Description: LOG_ID_VOLT_NOM
Message Meaning: Voltage normal
Type: Event
Category: SYSTEM
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

status Status string 23

subtype Log Subtype string 20

FortiOS 6.4.7 Log Reference 388


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

22151 - LOG_ID_FAN_NOM

Message ID: 22151


Message Description: LOG_ID_FAN_NOM
Message Meaning: Fan normal
Type: Event
Category: SYSTEM
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

status Status string 23

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

22152 - LOG_ID_TEMP_TOO_LOW

Message ID: 22152


Message Description: LOG_ID_TEMP_TOO_LOW

FortiOS 6.4.7 Log Reference 389


Fortinet, Inc.
Log Messages

Message Meaning: Temperature too low


Type: Event
Category: SYSTEM
Severity: Warning

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

status Status string 23

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

22153 - LOG_ID_TEMP_NORM

Message ID: 22153


Message Description: LOG_ID_TEMP_NORM
Message Meaning: Temperature normal
Type: Event
Category: SYSTEM
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

FortiOS 6.4.7 Log Reference 390


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

status Status string 23

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

22200 - LOG_ID_AUTO_UPT_CERT

Message ID: 22200


Message Description: LOG_ID_AUTO_UPT_CERT
Message Meaning: Certificate will be auto-updated
Type: Event
Category: SYSTEM
Severity: Warning

Log Field Name Description Data Type Length

action Policy Action string 65

cert Certificate string 36

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

status Status string 23

FortiOS 6.4.7 Log Reference 391


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

vd Virtual Domain Name string 32

22201 - LOG_ID_AUTO_GEN_CERT

Message ID: 22201


Message Description: LOG_ID_AUTO_GEN_CERT
Message Meaning: Certificate will be auto-regenerated
Type: Event
Category: SYSTEM
Severity: Warning

Log Field Name Description Data Type Length

action Policy Action string 65

cert Certificate string 36

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

status Status string 23

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

vd Virtual Domain Name string 32

FortiOS 6.4.7 Log Reference 392


Fortinet, Inc.
Log Messages

22203 - LOG_ID_AUTO_GEN_CERT_FAIL

Message ID: 22203


Message Description: LOG_ID_AUTO_GEN_CERT_FAIL
Message Meaning: Certificate failed to auto-generate
Type: Event
Category: SYSTEM
Severity: Error

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

name Display Name of the Connection string 128

status Status string 23

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

vd Virtual Domain Name string 32

22204 - LOG_ID_AUTO_GEN_CERT_PENDING

Message ID: 22204


Message Description: LOG_ID_AUTO_GEN_CERT_PENDING
Message Meaning: Certificate pending to auto-generate
Type: Event
Category: SYSTEM
Severity: Information

FortiOS 6.4.7 Log Reference 393


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

name Display Name of the Connection string 128

status Status string 23

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

vd Virtual Domain Name string 32

22205 - LOG_ID_AUTO_GEN_CERT_SUCC

Message ID: 22205


Message Description: LOG_ID_AUTO_GEN_CERT_SUCC
Message Meaning: Certificate succeed to auto-generate
Type: Event
Category: SYSTEM
Severity: Information

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

FortiOS 6.4.7 Log Reference 394


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

name Display Name of the Connection string 128

status Status string 23

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

vd Virtual Domain Name string 32

22206 - LOG_ID_CRL_EXPIRED

Message ID: 22206


Message Description: LOG_ID_CRL_EXPIRED
Message Meaning: CRL is expired
Type: Event
Category: SYSTEM
Severity: Warning

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

status Status string 23

subtype Log Subtype string 20

FortiOS 6.4.7 Log Reference 395


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

time Time string 8

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

vd Virtual Domain Name string 32

22220 - LOG_ID_EXT_RESOURCE

Message ID: 22220


Message Description: LOG_ID_EXT_RESOURCE
Message Meaning: Threat feed updated
Type: Event
Category: SYSTEM
Severity: Information

Log Field Name Description Data Type Length

date Date string 10

desc Description string 128

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

status Status string 23

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

22221 - LOG_ID_EXT_RESOURCE_FAIL

Message ID: 22221

FortiOS 6.4.7 Log Reference 396


Fortinet, Inc.
Log Messages

Message Description: LOG_ID_EXT_RESOURCE_FAIL


Message Meaning: Threat feed update failed
Type: Event
Category: SYSTEM
Severity: Warning

Log Field Name Description Data Type Length

date Date string 10

desc Description string 128

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

reason Reason string 256

status Status string 23

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

22222 - LOG_ID_EXT_RESOURCE_LOAD

Message ID: 22222


Message Description: LOG_ID_EXT_RESOURCE_LOAD
Message Meaning: Threat feed loaded
Type: Event
Category: SYSTEM
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

FortiOS 6.4.7 Log Reference 397


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

created string 64

date Date string 10

desc Description string 128

devid Device ID string 16

eventtime Event time uint64 20

file Report file full path string 256

filesize Report File Size in Bytes uint32 10

informationsource Information Source string 4096

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

new_status New Status string 512

reason Reason string 256

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

22223 - LOG_ID_EXT_RESOURCE_DEBUG

Message ID: 22223


Message Description: LOG_ID_EXT_RESOURCE_DEBUG
Message Meaning: Threat feed debug
Type: Event
Category: SYSTEM
Severity: Debug

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

FortiOS 6.4.7 Log Reference 398


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

desc Description string 128

devid Device ID string 16

dstport Destination Protocol Port uint16 5

eventtime Event time uint64 20

host string 256

hostname Hostname string 128

informationsource Information Source string 4096

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

old_status Original Status string 512

path string 512

profile Profile Name string 64

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

22700 - LOG_ID_IPS_FAIL_OPEN

Message ID: 22700


Message Description: LOG_ID_IPS_FAIL_OPEN
Message Meaning: IPS session scan paused
Type: Event
Category: SYSTEM
Severity: Critical

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

FortiOS 6.4.7 Log Reference 399


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

22701 - LOG_ID_IPS_FAIL_OPEN_END

Message ID: 22701


Message Description: LOG_ID_IPS_FAIL_OPEN_END
Message Meaning: IPS session scan resumed
Type: Event
Category: SYSTEM
Severity: Critical

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

FortiOS 6.4.7 Log Reference 400


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

tz Time zone string 5

vd Virtual Domain Name string 32

22800 - LOG_ID_SCAN_SERV_FAIL

Message ID: 22800


Message Description: LOG_ID_SCAN_SERV_FAIL
Message Meaning: Scan services session failed
Type: Event
Category: SYSTEM
Severity: Critical

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

mode Mode string 12

msg Log Message string 4096

service Name of Service string 64

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

22802 - LOG_ID_ENTER_FD_CONSERVE_MODE

Message ID: 22802


Message Description: LOG_ID_ENTER_FD_CONSERVE_MODE
Message Meaning: File descriptor conserve mode entered
Type: Event

FortiOS 6.4.7 Log Reference 401


Fortinet, Inc.
Log Messages

Category: SYSTEM
Severity: Critical

Log Field Name Description Data Type Length

conserve Flag for Conserve Mode string 32

daemon Daemon Name string 32

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

green Green threshold for conserve mode string 32

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

red string 32

subtype Log Subtype string 20

time Time string 8

total Total uint32 10

type Log Type string 16

tz Time zone string 5

used Number of Used IPs uint32 10

vd Virtual Domain Name string 32

22803 - LOG_ID_LEAVE_FD_CONSERVE_MODE

Message ID: 22803


Message Description: LOG_ID_LEAVE_FD_CONSERVE_MODE
Message Meaning: File descriptor conserve mode exited
Type: Event
Category: SYSTEM
Severity: Critical, Notice

Log Field Name Description Data Type Length

conserve Flag for Conserve Mode string 32

daemon Daemon Name string 32

FortiOS 6.4.7 Log Reference 402


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

green Green threshold for conserve mode string 32

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

red string 32

subtype Log Subtype string 20

time Time string 8

total Total uint32 10

type Log Type string 16

tz Time zone string 5

used Number of Used IPs uint32 10

vd Virtual Domain Name string 32

22804 - LOG_ID_LIC_STATUS_CHG

Message ID: 22804


Message Description: LOG_ID_LIC_STATUS_CHG
Message Meaning: License status changed
Type: Event
Category: SYSTEM
Severity: Critical

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

FortiOS 6.4.7 Log Reference 403


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

logid Log ID string 10

msg Log Message string 4096

service Name of Service string 64

status Status string 23

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

22805 - LOG_ID_FAIL_TO_VALIDATE_LIC

Message ID: 22805


Message Description: LOG_ID_FAIL_TO_VALIDATE_LIC
Message Meaning: License validation failure
Type: Event
Category: SYSTEM
Severity: Warning

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

service Name of Service string 64

status Status string 23

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

FortiOS 6.4.7 Log Reference 404


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

tz Time zone string 5

vd Virtual Domain Name string 32

22806 - LOG_ID_DUP_LIC

Message ID: 22806


Message Description: LOG_ID_DUP_LIC
Message Meaning: Duplicate license detected
Type: Event
Category: SYSTEM
Severity: Warning

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

service Name of Service string 64

status Status string 23

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

22808 - LOG_ID_LIC_EXPIRE

Message ID: 22808


Message Description: LOG_ID_LIC_EXPIRE
Message Meaning: VM license expired
Type: Event

FortiOS 6.4.7 Log Reference 405


Fortinet, Inc.
Log Messages

Category: SYSTEM
Severity: Critical

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

service Name of Service string 64

status Status string 23

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

22809 - LOG_ID_LIC_WILL_EXPIRE

Message ID: 22809


Message Description: LOG_ID_LIC_WILL_EXPIRE
Message Meaning: VM license expiring
Type: Event
Category: SYSTEM
Severity: Warning

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

FortiOS 6.4.7 Log Reference 406


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

msg Log Message string 4096

service Name of Service string 64

status Status string 23

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

22810 - LOG_ID_SCANUNIT_ERROR_BLOCK

Message ID: 22810


Message Description: LOG_ID_SCANUNIT_ERROR_BLOCK
Message Meaning: Scan error - traffic blocked
Type: Event
Category: SYSTEM
Severity: Warning

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

dir Direction string 8

dstip Destination IP ip 39

dstport Destination Protocol Port uint16 5

dst_int Destination Interface string 64

eventtime Event time uint64 20

file Report file full path string 256

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

proto Protocol Number uint8 3

FortiOS 6.4.7 Log Reference 407


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

service Name of Service string 64

session_id Session ID uint32 10

srcip Source IP ip 39

srcport Source port uint16 5

src_int Source Interface string 64

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

22811 - LOG_ID_SCANUNIT_ERROR_PASS

Message ID: 22811


Message Description: LOG_ID_SCANUNIT_ERROR_PASS
Message Meaning: Scan error - traffic passed
Type: Event
Category: SYSTEM
Severity: Notice

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

dir Direction string 8

dstip Destination IP ip 39

dstport Destination Protocol Port uint16 5

dst_int Destination Interface string 64

eventtime Event time uint64 20

file Report file full path string 256

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

FortiOS 6.4.7 Log Reference 408


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

msg Log Message string 4096

proto Protocol Number uint8 3

service Name of Service string 64

session_id Session ID uint32 10

srcip Source IP ip 39

srcport Source port uint16 5

src_int Source Interface string 64

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

22812 - LOG_ID_SCANUNIT_AVENG_RELOAD

Message ID: 22812


Message Description: LOG_ID_SCANUNIT_AVENG_RELOAD
Message Meaning: Scanunit is reloading AV engine
Type: Event
Category: SYSTEM
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

FortiOS 6.4.7 Log Reference 409


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

22813 - LOG_ID_SCANUNIT_AVDB_RELOAD

Message ID: 22813


Message Description: LOG_ID_SCANUNIT_AVDB_RELOAD
Message Meaning: Scanunit reloaded AV Database
Type: Event
Category: SYSTEM
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

22814 - LOG_ID_SCANUNIT_AVDB_RELOAD_ERROR

Message ID: 22814


Message Description: LOG_ID_SCANUNIT_AVDB_RELOAD_ERROR
Message Meaning: Scanunit AV Database reload error

FortiOS 6.4.7 Log Reference 410


Fortinet, Inc.
Log Messages

Type: Event
Category: SYSTEM
Severity: Error

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

22815 - LOG_ID_SCANUNIT_AVDB_LOAD

Message ID: 22815


Message Description: LOG_ID_SCANUNIT_AVDB_LOAD
Message Meaning: Scanunit loaded AV Database
Type: Event
Category: SYSTEM
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

FortiOS 6.4.7 Log Reference 411


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

22816 - LOG_ID_SCANUNIT_AVDB_LOAD_ERROR

Message ID: 22816


Message Description: LOG_ID_SCANUNIT_AVDB_LOAD_ERROR
Message Meaning: Scanunit AV Database load error
Type: Event
Category: SYSTEM
Severity: Error

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

FortiOS 6.4.7 Log Reference 412


Fortinet, Inc.
Log Messages

22850 - LOG_ID_USER_QUARANTINE_MAC_ADD

Message ID: 22850


Message Description: LOG_ID_USER_QUARANTINE_MAC_ADD
Message Meaning: User quarantine MAC added
Type: Event
Category: SWITCH-CONTROLLER
Severity: Notice

Log Field Name Description Data Type Length

action string 65

date string 10

devid string 16

eventtime uint64 20

level string 11

logdesc string 4096

logid string 10

msg string 4096

subtype string 20

time string 8

type string 16

tz string 5

ui string 64

user string 256

vd string 32

22851 - LOG_ID_USER_QUARANTINE_MAC_DELETE

Message ID: 22851


Message Description: LOG_ID_USER_QUARANTINE_MAC_DELETE
Message Meaning: User quarantine MAC deleted
Type: Event
Category: SWITCH-CONTROLLER
Severity: Notice

FortiOS 6.4.7 Log Reference 413


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

action string 65

date string 10

devid string 16

eventtime uint64 20

level string 11

logdesc string 4096

logid string 10

msg string 4096

subtype string 20

time string 8

type string 16

tz string 5

ui string 64

user string 256

vd string 32

22852 - LOG_ID_USER_QUARANTINE_MAC_BOUNCE_PORT_HIT

Message ID: 22852


Message Description: LOG_ID_USER_QUARANTINE_MAC_BOUNCE_PORT_HIT
Message Meaning: User quarantine MAC bounce port hit
Type: Event
Category: SWITCH-CONTROLLER
Severity: Notice

Log Field Name Description Data Type Length

action string 65

date string 10

devid string 16

eventtime uint64 20

level string 11

logdesc string 4096

FortiOS 6.4.7 Log Reference 414


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

logid string 10

msg string 4096

name string 128

sn string 64

subtype string 20

time string 8

type string 16

tz string 5

ui string 64

user string 256

vd string 32

22853 - LOG_ID_USER_QUARANTINE_MAC_BOUNCE_PORT_MISS

Message ID: 22853


Message Description: LOG_ID_USER_QUARANTINE_MAC_BOUNCE_PORT_MISS
Message Meaning: User quarantine MAC bounce port miss
Type: Event
Category: SWITCH-CONTROLLER
Severity: Warning

Log Field Name Description Data Type Length

action string 65

date string 10

devid string 16

eventtime uint64 20

level string 11

logdesc string 4096

logid string 10

msg string 4096

name string 128

sn string 64

FortiOS 6.4.7 Log Reference 415


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

subtype string 20

time string 8

type string 16

tz string 5

ui string 64

user string 256

vd string 32

22890 - LOG_ID_FORTILINKD

Message ID: 22890


Message Description: LOG_ID_FORTILINKD
Message Meaning: Switch-Controller Daemon Log (Notification)
Type: Event
Category: SWITCH-CONTROLLER
Severity: Notice

Log Field Name Description Data Type Length

date string 10

devid string 16

eventtime uint64 20

level string 11

logdesc string 4096

logid string 10

msg string 4096

name string 128

sn string 64

subtype string 20

time string 8

type string 16

tz string 5

ui string 64

FortiOS 6.4.7 Log Reference 416


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

user string 256

vd string 32

22891 - LOG_ID_FLCFGD_SYNC_ERROR

Message ID: 22891


Message Description: LOG_ID_FLCFGD_SYNC_ERROR
Message Meaning: Switch-Controller Switch Sync Error
Type: Event
Category: SWITCH-CONTROLLER
Severity: Error

Log Field Name Description Data Type Length

date string 10

devid string 16

eventtime uint64 20

level string 11

logdesc string 4096

logid string 10

msg string 4096

name string 128

sn string 64

subtype string 20

time string 8

type string 16

tz string 5

ui string 64

user string 256

vd string 32

22892 - LOG_ID_FLCFGD_SYNC_COMPLETE

Message ID: 22892


Message Description: LOG_ID_FLCFGD_SYNC_COMPLETE

FortiOS 6.4.7 Log Reference 417


Fortinet, Inc.
Log Messages

Message Meaning: Switch-Controller Switch Sync Complete


Type: Event
Category: SWITCH-CONTROLLER
Severity: Information

Log Field Name Description Data Type Length

date string 10

devid string 16

eventtime uint64 20

level string 11

logdesc string 4096

logid string 10

msg string 4096

name string 128

sn string 64

subtype string 20

time string 8

type string 16

tz string 5

ui string 64

user string 256

vd string 32

22893 - LOG_ID_FLCFGD_SYNC_STATE

Message ID: 22893


Message Description: LOG_ID_FLCFGD_SYNC_STATE
Message Meaning: Switch-Controller Switch Sync State
Type: Event
Category: SWITCH-CONTROLLER
Severity: Debug

Log Field Name Description Data Type Length

date string 10

FortiOS 6.4.7 Log Reference 418


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

devid string 16

eventtime uint64 20

level string 11

logdesc string 4096

logid string 10

msg string 4096

name string 128

sn string 64

subtype string 20

time string 8

type string 16

tz string 5

ui string 64

user string 256

vd string 32

22894 - LOG_ID_FLCFGD_UPGRADE_ERROR

Message ID: 22894


Message Description: LOG_ID_FLCFGD_UPGRADE_ERROR
Message Meaning: Switch-Controller Switch Upgrade Error
Type: Event
Category: SWITCH-CONTROLLER
Severity: Error

Log Field Name Description Data Type Length

date string 10

devid string 16

eventtime uint64 20

level string 11

logdesc string 4096

logid string 10

FortiOS 6.4.7 Log Reference 419


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

msg string 4096

name string 128

sn string 64

subtype string 20

time string 8

type string 16

tz string 5

ui string 64

user string 256

vd string 32

22895 - LOG_ID_FLCFGD_UPGRADE_STATUS

Message ID: 22895


Message Description: LOG_ID_FLCFGD_UPGRADE_STATUS
Message Meaning: Switch-Controller Switch Upgrade Status
Type: Event
Category: SWITCH-CONTROLLER
Severity: Information

Log Field Name Description Data Type Length

date string 10

devid string 16

eventtime uint64 20

level string 11

logdesc string 4096

logid string 10

msg string 4096

name string 128

sn string 64

subtype string 20

time string 8

FortiOS 6.4.7 Log Reference 420


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

type string 16

tz string 5

ui string 64

user string 256

vd string 32

22896 - LOG_ID_FORTILINKD_CRITICAL

Message ID: 22896


Message Description: LOG_ID_FORTILINKD_CRITICAL
Message Meaning: Switch-Controller Daemon Log (Critical)
Type: Event
Category: SWITCH-CONTROLLER
Severity: Critical

Log Field Name Description Data Type Length

date string 10

devid string 16

eventtime uint64 20

level string 11

logdesc string 4096

logid string 10

msg string 4096

name string 128

sn string 64

subtype string 20

time string 8

type string 16

tz string 5

ui string 64

user string 256

vd string 32

FortiOS 6.4.7 Log Reference 421


Fortinet, Inc.
Log Messages

22897 - LOG_ID_FLCFGD_NAC_ADD

Message ID: 22897


Message Description: LOG_ID_FLCFGD_NAC_ADD
Message Meaning: NAC device addition
Type: Event
Category: SWITCH-CONTROLLER
Severity: Information

Log Field Name Description Data Type Length

action string 65

date string 10

devid string 16

eventtime uint64 20

level string 11

logdesc string 4096

logid string 10

msg string 4096

name string 128

sn string 64

subtype string 20

time string 8

type string 16

tz string 5

ui string 64

user string 256

vd string 32

22898 - LOG_ID_FLCFGD_NAC_DELETE

Message ID: 22898


Message Description: LOG_ID_FLCFGD_NAC_DELETE
Message Meaning: NAC device deletion
Type: Event
Category: SWITCH-CONTROLLER

FortiOS 6.4.7 Log Reference 422


Fortinet, Inc.
Log Messages

Severity: Information

Log Field Name Description Data Type Length

action string 65

date string 10

devid string 16

eventtime uint64 20

level string 11

logdesc string 4096

logid string 10

msg string 4096

name string 128

sn string 64

subtype string 20

time string 8

type string 16

tz string 5

ui string 64

user string 256

vd string 32

22899 - LOG_ID_FLCFGD_NAC_MODIFY

Message ID: 22899


Message Description: LOG_ID_FLCFGD_NAC_MODIFY
Message Meaning: NAC device modify
Type: Event
Category: SWITCH-CONTROLLER
Severity: Information

Log Field Name Description Data Type Length

action string 65

date string 10

devid string 16

FortiOS 6.4.7 Log Reference 423


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

eventtime uint64 20

level string 11

logdesc string 4096

logid string 10

msg string 4096

name string 128

sn string 64

subtype string 20

time string 8

type string 16

tz string 5

ui string 64

user string 256

vd string 32

22900 - LOG_ID_CAPUTP_SESSION

Message ID: 22900


Message Description: LOG_ID_CAPUTP_SESSION
Message Meaning: CAPUTP session status
Type: Event
Category: SWITCH-CONTROLLER
Severity: Information

Log Field Name Description Data Type Length

date string 10

devid string 16

eventtime uint64 20

level string 11

logdesc string 4096

logid string 10

msg string 4096

FortiOS 6.4.7 Log Reference 424


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

subtype string 20

time string 8

type string 16

tz string 5

vd string 32

22901 - LOG_ID_FAZ_CON

Message ID: 22901


Message Description: LOG_ID_FAZ_CON
Message Meaning: FortiAnalyzer connection up
Type: Event
Category: SYSTEM
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

status Status string 23

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

22902 - LOG_ID_FAZ_DISCON

Message ID: 22902

FortiOS 6.4.7 Log Reference 425


Fortinet, Inc.
Log Messages

Message Description: LOG_ID_FAZ_DISCON


Message Meaning: FortiAnalyzer connection down
Type: Event
Category: SYSTEM
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

reason Reason string 256

status Status string 23

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

22903 - LOG_ID_FAZ_CON_ERR

Message ID: 22903


Message Description: LOG_ID_FAZ_CON_ERR
Message Meaning: FortiAnalyzer connection failed
Type: Event
Category: SYSTEM
Severity: Critical

Log Field Name Description Data Type Length

action Policy Action string 65

FortiOS 6.4.7 Log Reference 426


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

reason Reason string 256

status Status string 23

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

22904 - LOG_ID_CAPUTP_SESSION_NOTIF

Message ID: 22904


Message Description: LOG_ID_CAPUTP_SESSION_NOTIF
Message Meaning: CAPUTP session status notification
Type: Event
Category: SWITCH-CONTROLLER
Severity: Notice

Log Field Name Description Data Type Length

action string 65

date string 10

devid string 16

eventtime uint64 20

level string 11

logdesc string 4096

logid string 10

FortiOS 6.4.7 Log Reference 427


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

msg string 4096

name string 128

sn string 64

srcip ip 39

subtype string 20

time string 8

type string 16

tz string 5

ui string 64

user string 256

vd string 32

22912 - LOG_ID_FDS_SRV_ERRCON

Message ID: 22912


Message Description: LOG_ID_FDS_SRV_ERRCON
Message Meaning: FortiCloud server connection failed
Type: Event
Category: SYSTEM
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

reason Reason string 256

server Server IP Address string 64

FortiOS 6.4.7 Log Reference 428


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

22913 - LOG_ID_FDS_SRV_DISCON

Message ID: 22913


Message Description: LOG_ID_FDS_SRV_DISCON
Message Meaning: FortiCloud server disconnected
Type: Event
Category: SYSTEM
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

reason Reason string 256

server Server IP Address string 64

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

FortiOS 6.4.7 Log Reference 429


Fortinet, Inc.
Log Messages

22914 - LOG_ID_FDS_SRV_CHG

Message ID: 22914


Message Description: LOG_ID_FDS_SRV_CHG
Message Meaning: FortiCloud server changed
Type: Event
Category: SYSTEM
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

server Server IP Address string 64

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

22915 - LOG_ID_FDS_SRV_CON

Message ID: 22915


Message Description: LOG_ID_FDS_SRV_CON
Message Meaning: FortiCloud server connected
Type: Event
Category: SYSTEM
Severity: Notice

FortiOS 6.4.7 Log Reference 430


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

server Server IP Address string 64

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

22916 - LOG_ID_FDS_STATUS

Message ID: 22916


Message Description: LOG_ID_FDS_STATUS
Message Meaning: FortiGuard Message Service status
Type: Event
Category: SYSTEM
Severity: Notice

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

FortiOS 6.4.7 Log Reference 431


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

status Status string 23

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

22917 - LOG_ID_FDS_SMS_QUOTA

Message ID: 22917


Message Description: LOG_ID_FDS_SMS_QUOTA
Message Meaning: SMS quota reached
Type: Event
Category: SYSTEM
Severity: Notice

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

vd Virtual Domain Name string 32

22918 - LOG_ID_FDS_CTRL_STATUS

Message ID: 22918

FortiOS 6.4.7 Log Reference 432


Fortinet, Inc.
Log Messages

Message Description: LOG_ID_FDS_CTRL_STATUS


Message Meaning: FortiGuard Message Service controller status
Type: Event
Category: SYSTEM
Severity: Notice

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

status Status string 23

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

22919 - LOG_ID_SVR_LOG_STATUS_CHANGED

Message ID: 22919


Message Description: LOG_ID_SVR_LOG_STATUS_CHANGED
Message Meaning: Server logging status changed
Type: Event
Category: SYSTEM
Severity: Notice

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

FortiOS 6.4.7 Log Reference 433


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

22921 - LOG_ID_EVENT_ROUTE_INFO_CHANGED

Message ID: 22921


Message Description: LOG_ID_EVENT_ROUTE_INFO_CHANGED
Message Meaning: Routing information changed
Type: Event
Category: SYSTEM
Severity: Critical

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

interface Interface string 32

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

name Display Name of the Connection string 128

status Status string 23

subtype Log Subtype string 20

time Time string 8

FortiOS 6.4.7 Log Reference 434


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

22922 - LOG_ID_EVENT_LINK_MONITOR_STATUS

Message ID: 22922


Message Description: LOG_ID_EVENT_LINK_MONITOR_STATUS
Message Meaning: Link monitor status
Type: Event
Category: SYSTEM
Severity: Notice

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

interface Interface string 32

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

name Display Name of the Connection string 128

probeproto Link Monitor Probe Protocol string 16

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

22923 - LOG_ID_EVENT_VWL_LQTY_STATUS

Message ID: 22923


Message Description: LOG_ID_EVENT_VWL_LQTY_STATUS

FortiOS 6.4.7 Log Reference 435


Fortinet, Inc.
Log Messages

Message Meaning: Virtual WAN Link status


Type: Event
Category: SDWAN
Severity: Warning, Notice, Information

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

eventtype string 32

healthcheck string 64

interface Interface string 32

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

member string 512

msg Log Message string 4096

newvalue string 32

numpassmember uint32 10

oldvalue string 32

service Name of Service string 64

serviceid uint32 10

slatargetid uint32 10

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

22924 - LOG_ID_EVENT_VWL_VOLUME_STATUS

Message ID: 22924


Message Description: LOG_ID_EVENT_VWL_VOLUME_STATUS
Message Meaning: Virtual WAN Link volume status
Type: Event

FortiOS 6.4.7 Log Reference 436


Fortinet, Inc.
Log Messages

Category: SDWAN
Severity: Notice

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

eventtype string 32

interface Interface string 32

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

member string 512

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

22925 - LOG_ID_EVENT_VWL_SLA_INFO

Message ID: 22925


Message Description: LOG_ID_EVENT_VWL_SLA_INFO
Message Meaning: Virtual WAN Link SLA information
Type: Event
Category: SDWAN
Severity: Information

Log Field Name Description Data Type Length

bibandwidth string 24

bibandwidthused string 24

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

FortiOS 6.4.7 Log Reference 437


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

eventtype string 32

healthcheck string 64

inbandwidth string 24

inbandwidthused string 24

interface Interface string 32

jitter string 24

latency string 24

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

newvalue string 32

oldvalue string 32

outbandwidth string 24

outbandwidthused string 24

packetloss string 24

probeproto Link Monitor Probe Protocol string 16

slamap string 24

slatargetid uint32 10

status Status string 23

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

22926 - LOG_ID_EVENT_VWL_NEIGHBOR_STATUS

Message ID: 22926


Message Description: LOG_ID_EVENT_VWL_NEIGHBOR_STATUS
Message Meaning: Virtual WAN Link Neighbor status
Type: Event
Category: SDWAN

FortiOS 6.4.7 Log Reference 438


Fortinet, Inc.
Log Messages

Severity: Notice

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

eventtype string 32

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

member string 512

msg Log Message string 4096

neighbor string 46

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

22927 - LOG_ID_EVENT_VWL_NEIGHBOR_STANDALONE

Message ID: 22927


Message Description: LOG_ID_EVENT_VWL_NEIGHBOR_STANDALONE
Message Meaning: Virtual WAN Link Neighbor standalone
Type: Event
Category: SDWAN
Severity: Notice

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

eventtype string 32

level Log Level string 11

FortiOS 6.4.7 Log Reference 439


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

newvalue string 32

oldvalue string 32

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

22928 - LOG_ID_EVENT_VWL_NEIGHBOR_PRIMARY

Message ID: 22928


Message Description: LOG_ID_EVENT_VWL_NEIGHBOR_PRIMARY
Message Meaning: Virtual WAN Link Neighbor primary
Type: Event
Category: SDWAN
Severity: Notice

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

eventtype string 32

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

newvalue string 32

oldvalue string 32

subtype Log Subtype string 20

FortiOS 6.4.7 Log Reference 440


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

22929 - LOG_ID_EVENT_VWL_NEIGHBOR_SECONDARY

Message ID: 22929


Message Description: LOG_ID_EVENT_VWL_NEIGHBOR_SECONDARY
Message Meaning: Virtual WAN Link Neighbor secondary
Type: Event
Category: SDWAN
Severity: Warning

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

eventtype string 32

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

newvalue string 32

oldvalue string 32

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

22949 - LOG_ID_FDS_JOIN

Message ID: 22949

FortiOS 6.4.7 Log Reference 441


Fortinet, Inc.
Log Messages

Message Description: LOG_ID_FDS_JOIN


Message Meaning: FortiCloud auto-join attempted
Type: Event
Category: SYSTEM
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

vd Virtual Domain Name string 32

22950 - LOG_ID_FDS_LOGIN_SUCC

Message ID: 22950


Message Description: LOG_ID_FDS_LOGIN_SUCC
Message Meaning: FortiCloud activation successful
Type: Event
Category: SYSTEM
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

FortiOS 6.4.7 Log Reference 442


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

vd Virtual Domain Name string 32

22951 - LOG_ID_FDS_LOGOUT

Message ID: 22951


Message Description: LOG_ID_FDS_LOGOUT
Message Meaning: FortiCloud logout
Type: Event
Category: SYSTEM
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

FortiOS 6.4.7 Log Reference 443


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

time Time string 8

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

vd Virtual Domain Name string 32

22952 - LOG_ID_FDS_LOGIN_FAIL

Message ID: 22952


Message Description: LOG_ID_FDS_LOGIN_FAIL
Message Meaning: FortiCloud activation failed
Type: Event
Category: SYSTEM
Severity: Warning

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

vd Virtual Domain Name string 32

22953 - LOG_ID_IOC_DETECTED

Message ID: 22953

FortiOS 6.4.7 Log Reference 444


Fortinet, Inc.
Log Messages

Message Description: LOG_ID_IOC_DETECTED


Message Meaning: Compromised host detected
Type: Event
Category: SYSTEM
Severity: Warning

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

22954 - LOG_ID_INET_SVC_OBSOLETE

Message ID: 22954


Message Description: LOG_ID_INET_SVC_OBSOLETE
Message Meaning: Internet Service obsolete
Type: Event
Category: SYSTEM
Severity: Notice

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

FortiOS 6.4.7 Log Reference 445


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

22955 - LOG_ID_INET_SVC_NAME_FAILURE

Message ID: 22955


Message Description: LOG_ID_INET_SVC_NAME_FAILURE
Message Meaning: Internet Service name update failed
Type: Event
Category: SYSTEM
Severity: Warning

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

22956 - LOG_ID_INET_SVC_NAME_UPDATE

Message ID: 22956

FortiOS 6.4.7 Log Reference 446


Fortinet, Inc.
Log Messages

Message Description: LOG_ID_INET_SVC_NAME_UPDATE


Message Meaning: Internet Service name update
Type: Event
Category: SYSTEM
Severity: Notice

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

23101 - LOG_ID_IPSEC_TUNNEL_UP

Message ID: 23101


Message Description: LOG_ID_IPSEC_TUNNEL_UP
Message Meaning: IPsec VPN tunnel up
Type: Event
Category: VPN
Severity: Information

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

FortiOS 6.4.7 Log Reference 447


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

group User group Name string 64

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

remip IPsec VPN remote gateway IP address ip 39

subtype Log Subtype string 20

time Time string 8

tunnelid IPsec VPN tunnel ID uint32 10

tunnelip IPsec VPN tunnel IP address ip 39

tunneltype IPsec VPN tunnel type string 64

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

vd Virtual Domain Name string 32

23102 - LOG_ID_IPSEC_TUNNEL_DOWN

Message ID: 23102


Message Description: LOG_ID_IPSEC_TUNNEL_DOWN
Message Meaning: IPsec VPN tunnel down
Type: Event
Category: VPN
Severity: Information

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

group User group Name string 64

level Log Level string 11

FortiOS 6.4.7 Log Reference 448


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

remip IPsec VPN remote gateway IP address ip 39

subtype Log Subtype string 20

time Time string 8

tunnelid IPsec VPN tunnel ID uint32 10

tunnelip IPsec VPN tunnel IP address ip 39

tunneltype IPsec VPN tunnel type string 64

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

vd Virtual Domain Name string 32

23103 - LOG_ID_IPSEC_TUNNEL_STAT

Message ID: 23103


Message Description: LOG_ID_IPSEC_TUNNEL_STAT
Message Meaning: IPsec VPN tunnel statistics
Type: Event
Category: VPN
Severity: Information

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

group User group Name string 64

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

FortiOS 6.4.7 Log Reference 449


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

msg Log Message string 4096

remip IPsec VPN remote gateway IP address ip 39

subtype Log Subtype string 20

time Time string 8

tunnelid IPsec VPN tunnel ID uint32 10

tunnelip IPsec VPN tunnel IP address ip 39

tunneltype IPsec VPN tunnel type string 64

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

vd Virtual Domain Name string 32

26001 - LOG_ID_DHCP_ACK

Message ID: 26001


Message Description: LOG_ID_DHCP_ACK
Message Meaning: DHCP Ack log
Type: Event
Category: SYSTEM
Severity: Information

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

dhcp_msg DHCP Message string 4096

eventtime Event time uint64 20

hostname Hostname string 128

interface Interface string 32

ip ip 39

lease DHCP lease time uint32 10

level Log Level string 11

logdesc Log Description string 4096

FortiOS 6.4.7 Log Reference 450


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

logid Log ID string 10

mac MAC Address string 17

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

26002 - LOG_ID_DHCP_RELEASE

Message ID: 26002


Message Description: LOG_ID_DHCP_RELEASE
Message Meaning: DHCP Release log
Type: Event
Category: SYSTEM
Severity: Information

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

dhcp_msg DHCP Message string 4096

eventtime Event time uint64 20

hostname Hostname string 128

interface Interface string 32

ip ip 39

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

mac MAC Address string 17

msg Log Message string 4096

subtype Log Subtype string 20

FortiOS 6.4.7 Log Reference 451


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

26003 - LOG_ID_DHCP_STAT

Message ID: 26003


Message Description: LOG_ID_DHCP_STAT
Message Meaning: DHCP statistics
Type: Event
Category: SYSTEM
Severity: Information

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

interface Interface string 32

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

total Total uint32 10

type Log Type string 16

tz Time zone string 5

used Number of Used IPs uint32 10

vd Virtual Domain Name string 32

26004 - LOG_ID_DHCP_CLIENT_LEASE

Message ID: 26004

FortiOS 6.4.7 Log Reference 452


Fortinet, Inc.
Log Messages

Message Description: LOG_ID_DHCP_CLIENT_LEASE


Message Meaning: DHCP client lease granted
Type: Event
Category: SYSTEM
Severity: Information

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

26005 - LOG_ID_DHCP_LEASE_USAGE_HIGH

Message ID: 26005


Message Description: LOG_ID_DHCP_LEASE_USAGE_HIGH
Message Meaning: DHCP lease usage high
Type: Event
Category: SYSTEM
Severity: Warning

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

interface Interface string 32

FortiOS 6.4.7 Log Reference 453


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

26006 - LOG_ID_DHCP_LEASE_USAGE_FULL

Message ID: 26006


Message Description: LOG_ID_DHCP_LEASE_USAGE_FULL
Message Meaning: DHCP lease usage full
Type: Event
Category: SYSTEM
Severity: Warning

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

interface Interface string 32

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

FortiOS 6.4.7 Log Reference 454


Fortinet, Inc.
Log Messages

26007 - LOG_ID_DHCP_BLOCKED_MAC

Message ID: 26007


Message Description: LOG_ID_DHCP_BLOCKED_MAC
Message Meaning: DHCP client blocked log
Type: Event
Category: SYSTEM
Severity: Information

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

interface Interface string 32

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

mac MAC Address string 17

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

26008 - LOG_ID_DHCP_DDNS_ADD

Message ID: 26008


Message Description: LOG_ID_DHCP_DDNS_ADD
Message Meaning: DHCP DDNS add query
Type: Event
Category: SYSTEM
Severity: Information

FortiOS 6.4.7 Log Reference 455


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

date Date string 10

ddnsserver DDNS Server ip 39

devid Device ID string 16

dhcp_msg DHCP Message string 4096

eventtime Event time uint64 20

fqdn Fully Qualified Domain Name string 256

ip ip 39

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

26009 - LOG_ID_DHCP_DDNS_DELETE

Message ID: 26009


Message Description: LOG_ID_DHCP_DDNS_DELETE
Message Meaning: DHCP DDNS delete query
Type: Event
Category: SYSTEM
Severity: Information

Log Field Name Description Data Type Length

date Date string 10

ddnsserver DDNS Server ip 39

devid Device ID string 16

dhcp_msg DHCP Message string 4096

eventtime Event time uint64 20

FortiOS 6.4.7 Log Reference 456


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

fqdn Fully Qualified Domain Name string 256

ip ip 39

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

26010 - LOG_ID_DHCP_DDNS_COMPLETED

Message ID: 26010


Message Description: LOG_ID_DHCP_DDNS_COMPLETED
Message Meaning: DHCP DDNS query completed
Type: Event
Category: SYSTEM
Severity: Information

Log Field Name Description Data Type Length

date Date string 10

ddnsserver DDNS Server ip 39

devid Device ID string 16

dhcp_msg DHCP Message string 4096

eventtime Event time uint64 20

fqdn Fully Qualified Domain Name string 256

ip ip 39

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

FortiOS 6.4.7 Log Reference 457


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

26011 - LOG_ID_DHCPV6_REPLY

Message ID: 26011


Message Description: LOG_ID_DHCPV6_REPLY
Message Meaning: DHCPv6 Ack log
Type: Event
Category: SYSTEM
Severity: Information

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

dhcp_msg DHCP Message string 4096

duid DHCPv6 unique identifier string 128

eventtime Event time uint64 20

iaid DHCPv6 Identity Association Identifier uint32 10

interface Interface string 32

ip ip 39

lease DHCP lease time uint32 10

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

FortiOS 6.4.7 Log Reference 458


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

26012 - LOG_ID_DHCPV6_RELEASE

Message ID: 26012


Message Description: LOG_ID_DHCPV6_RELEASE
Message Meaning: DHCPv6 Release log
Type: Event
Category: SYSTEM
Severity: Information

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

dhcp_msg DHCP Message string 4096

duid DHCPv6 unique identifier string 128

eventtime Event time uint64 20

iaid DHCPv6 Identity Association Identifier uint32 10

interface Interface string 32

ip ip 39

lease DHCP lease time uint32 10

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

FortiOS 6.4.7 Log Reference 459


Fortinet, Inc.
Log Messages

27001 - LOG_ID_VRRP_STATE_CHG

Message ID: 27001


Message Description: LOG_ID_VRRP_STATE_CHG
Message Meaning: VRRP state changed
Type: Event
Category: ROUTER
Severity: Information

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

interface Interface string 32

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

29001 - LOG_ID_PPPD_MSG

Message ID: 29001


Message Description: LOG_ID_PPPD_MSG
Message Meaning: PPP status
Type: Event
Category: SYSTEM
Severity: Error

Log Field Name Description Data Type Length

assigned Assigned IP Address through PPPoE ip 39

FortiOS 6.4.7 Log Reference 460


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

local Local IP for a PPPD Connection ip 39

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

remote IP Address of the PPP Remote end ip 39

status Status string 23

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

vd Virtual Domain Name string 32

29002 - LOG_ID_PPPD_AUTH_SUC

Message ID: 29002


Message Description: LOG_ID_PPPD_AUTH_SUC
Message Meaning: PPP authentication successful
Type: Event
Category: SYSTEM
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

assigned Assigned IP Address through PPPoE ip 39

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

FortiOS 6.4.7 Log Reference 461


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

level Log Level string 11

local Local IP for a PPPD Connection ip 39

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

remote IP Address of the PPP Remote end ip 39

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

vd Virtual Domain Name string 32

29003 - LOG_ID_PPPD_AUTH_FAIL

Message ID: 29003


Message Description: LOG_ID_PPPD_AUTH_FAIL
Message Meaning: PPP authentication failed
Type: Event
Category: SYSTEM
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

assigned Assigned IP Address through PPPoE ip 39

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

local Local IP for a PPPD Connection ip 39

logdesc Log Description string 4096

logid Log ID string 10

FortiOS 6.4.7 Log Reference 462


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

msg Log Message string 4096

remote IP Address of the PPP Remote end ip 39

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

29010 - LOG_ID_PPPOE_STATUS_REPORT_NOTIF

Message ID: 29010


Message Description: LOG_ID_PPPOE_STATUS_REPORT_NOTIF
Message Meaning: PPPoE status report
Type: Event
Category: SYSTEM
Severity: Notice

Log Field Name Description Data Type Length

assigned Assigned IP Address through PPPoE ip 39

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

gateway Gateway ip address for PPPoE status report ip 39

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

mtu Max Transmission Unit Value uint32 10

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

FortiOS 6.4.7 Log Reference 463


Fortinet, Inc.
Log Messages

29011 - LOG_ID_PPPD_FAIL_TO_EXEC

Message ID: 29011


Message Description: LOG_ID_PPPD_FAIL_TO_EXEC
Message Meaning: PPP execution failed
Type: Event
Category: SYSTEM
Severity: Error

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

29012 - LOG_ID_PPP_OPT_ERR

Message ID: 29012


Message Description: LOG_ID_PPP_OPT_ERR
Message Meaning: PPP received incorrect options
Type: Event
Category: SYSTEM
Severity: Error

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

FortiOS 6.4.7 Log Reference 464


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

29013 - LOG_ID_PPPD_START

Message ID: 29013


Message Description: LOG_ID_PPPD_START
Message Meaning: PPP daemon started
Type: Event
Category: SYSTEM
Severity: Notice

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

FortiOS 6.4.7 Log Reference 465


Fortinet, Inc.
Log Messages

29014 - LOG_ID_PPPD_EXIT

Message ID: 29014


Message Description: LOG_ID_PPPD_EXIT
Message Meaning: PPP daemon exited
Type: Event
Category: SYSTEM
Severity: Information

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

29015 - LOG_ID_PPP_RCV_BAD_PEER_IP

Message ID: 29015


Message Description: LOG_ID_PPP_RCV_BAD_PEER_IP
Message Meaning: PPP received invalid peer IP
Type: Event
Category: SYSTEM
Severity: Error

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

FortiOS 6.4.7 Log Reference 466


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

29016 - LOG_ID_PPP_RCV_BAD_LOCAL_IP

Message ID: 29016


Message Description: LOG_ID_PPP_RCV_BAD_LOCAL_IP
Message Meaning: PPP received invalid local IP
Type: Event
Category: SYSTEM
Severity: Error

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

FortiOS 6.4.7 Log Reference 467


Fortinet, Inc.
Log Messages

29017 - LOG_ID_PPP_OPT_NOTIF

Message ID: 29017


Message Description: LOG_ID_PPP_OPT_NOTIF
Message Meaning: PPP received incorrect notifications
Type: Event
Category: SYSTEM
Severity: Notice

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

29021 - LOG_ID_EVENT_AUTH_SNMP_QUERY_FAILED

Message ID: 29021


Message Description: LOG_ID_EVENT_AUTH_SNMP_QUERY_FAILED
Message Meaning: SNMP query failed
Type: Event
Category: SYSTEM
Severity: Warning

Log Field Name Description Data Type Length

community Community string 36

date Date string 10

devid Device ID string 16

FortiOS 6.4.7 Log Reference 468


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

dstip Destination IP ip 39

dstport Destination Protocol Port uint16 5

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

srcip Source IP ip 39

srcport Source port uint16 5

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

vd Virtual Domain Name string 32

version Version string 64

29022 - LOG_ID_DDNS_UPDATE_FAIL

Message ID: 29022


Message Description: LOG_ID_DDNS_UPDATE_FAIL
Message Meaning: DDNS update failed
Type: Event
Category: SYSTEM
Severity: Error

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

FortiOS 6.4.7 Log Reference 469


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

32001 - LOG_ID_ADMIN_LOGIN_SUCC

Message ID: 32001


Message Description: LOG_ID_ADMIN_LOGIN_SUCC
Message Meaning: Admin login successful
Type: Event
Category: SYSTEM
Severity: Information

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

dstip Destination IP ip 39

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

method Method string 64

msg Log Message string 4096

name Display Name of the Connection string 128

profile Profile Name string 64

reason Reason string 256

sn Serial Number string 64

FortiOS 6.4.7 Log Reference 470


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

srcip Source IP ip 39

status Status string 23

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

ui User Interface string 64

user User name of authenticated user string 256

vd Virtual Domain Name string 32

32002 - LOG_ID_ADMIN_LOGIN_FAIL

Message ID: 32002


Message Description: LOG_ID_ADMIN_LOGIN_FAIL
Message Meaning: Admin login failed
Type: Event
Category: SYSTEM
Severity: Alert

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

dstip Destination IP ip 39

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

method Method string 64

msg Log Message string 4096

name Display Name of the Connection string 128

reason Reason string 256

FortiOS 6.4.7 Log Reference 471


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

sn Serial Number string 64

srcip Source IP ip 39

status Status string 23

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

ui User Interface string 64

user User name of authenticated user string 256

vd Virtual Domain Name string 32

32003 - LOG_ID_ADMIN_LOGOUT

Message ID: 32003


Message Description: LOG_ID_ADMIN_LOGOUT
Message Meaning: Admin logout successful
Type: Event
Category: SYSTEM
Severity: Information

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

dstip Destination IP ip 39

duration Duration uint32 10

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

method Method string 64

msg Log Message string 4096

FortiOS 6.4.7 Log Reference 472


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

name Display Name of the Connection string 128

reason Reason string 256

sn Serial Number string 64

srcip Source IP ip 39

state State string 64

status Status string 23

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

ui User Interface string 64

user User name of authenticated user string 256

vd Virtual Domain Name string 32

32005 - LOG_ID_ADMIN_OVERIDE_VDOM

Message ID: 32005


Message Description: LOG_ID_ADMIN_OVERIDE_VDOM
Message Meaning: Admin overrode VDOM
Type: Event
Category: SYSTEM
Severity: Information

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

FortiOS 6.4.7 Log Reference 473


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

reason Reason string 256

status Status string 23

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

vd Virtual Domain Name string 32

32006 - LOG_ID_ADMIN_ENTER_VDOM

Message ID: 32006


Message Description: LOG_ID_ADMIN_ENTER_VDOM
Message Meaning: Super admin entered VDOM
Type: Event
Category: SYSTEM
Severity: Information

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

reason Reason string 256

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

FortiOS 6.4.7 Log Reference 474


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

ui User Interface string 64

user User name of authenticated user string 256

vd Virtual Domain Name string 32

32007 - LOG_ID_ADMIN_LEFT_VDOM

Message ID: 32007


Message Description: LOG_ID_ADMIN_LEFT_VDOM
Message Meaning: Super admin left VDOM
Type: Event
Category: SYSTEM
Severity: Information

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

reason Reason string 256

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

ui User Interface string 64

user User name of authenticated user string 256

vd Virtual Domain Name string 32

32008 - LOG_ID_VIEW_DISK_LOG_FAIL

Message ID: 32008

FortiOS 6.4.7 Log Reference 475


Fortinet, Inc.
Log Messages

Message Description: LOG_ID_VIEW_DISK_LOG_FAIL


Message Meaning: Disk log access failed
Type: Event
Category: SYSTEM
Severity: Warning

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

ui User Interface string 64

user User name of authenticated user string 256

vd Virtual Domain Name string 32

32009 - LOG_ID_SYSTEM_START

Message ID: 32009


Message Description: LOG_ID_SYSTEM_START
Message Meaning: FortiGate started
Type: Event
Category: SYSTEM
Severity: Information

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

FortiOS 6.4.7 Log Reference 476


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

32010 - LOG_ID_DISK_LOG_FULL

Message ID: 32010


Message Description: LOG_ID_DISK_LOG_FULL
Message Meaning: Disk full
Type: Event
Category: SYSTEM
Severity: Warning

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

FortiOS 6.4.7 Log Reference 477


Fortinet, Inc.
Log Messages

32011 - LOG_ID_LOG_ROLL

Message ID: 32011


Message Description: LOG_ID_LOG_ROLL
Message Meaning: Disk log rolled
Type: Event
Category: SYSTEM
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

log Log Name for Log Rotation string 32

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

reason Reason string 256

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

32014 - LOG_ID_CS_LIC_EXPIRE

Message ID: 32014


Message Description: LOG_ID_CS_LIC_EXPIRE
Message Meaning: Support license expiring
Type: Event
Category: SYSTEM
Severity: Warning

FortiOS 6.4.7 Log Reference 478


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

32015 - LOG_ID_DISK_LOG_USAGE

Message ID: 32015


Message Description: LOG_ID_DISK_LOG_USAGE
Message Meaning: Log disk full
Type: Event
Category: SYSTEM
Severity: Warning

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

FortiOS 6.4.7 Log Reference 479


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

32017 - LOG_ID_FDS_DAILY_QUOTA_FULL

Message ID: 32017


Message Description: LOG_ID_FDS_DAILY_QUOTA_FULL
Message Meaning: FortiCloud daily quota full
Type: Event
Category: SYSTEM
Severity: Alert

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

32018 - LOG_ID_FIPS_ENTER_ERR_MOD

Message ID: 32018


Message Description: LOG_ID_FIPS_ENTER_ERR_MOD
Message Meaning: FIPS CC entered error mode
Type: Event
Category: SYSTEM

FortiOS 6.4.7 Log Reference 480


Fortinet, Inc.
Log Messages

Severity: Emergency

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

reason Reason string 256

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

32019 - LOG_ID_CC_ENTER_ERR_MOD

Message ID: 32019


Message Description: LOG_ID_CC_ENTER_ERR_MOD
Message Meaning: CC entered error mode
Type: Event
Category: SYSTEM
Severity: Emergency

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

FortiOS 6.4.7 Log Reference 481


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

32020 - LOG_ID_SSH_CORRPUT_MAC

Message ID: 32020


Message Description: LOG_ID_SSH_CORRPUT_MAC
Message Meaning: Message Authentication Code corrupted
Type: Event
Category: SYSTEM
Severity: Warning

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

ui User Interface string 64

vd Virtual Domain Name string 32

FortiOS 6.4.7 Log Reference 482


Fortinet, Inc.
Log Messages

32021 - LOG_ID_ADMIN_LOGIN_DISABLE

Message ID: 32021


Message Description: LOG_ID_ADMIN_LOGIN_DISABLE
Message Meaning: Admin login disabled
Type: Event
Category: SYSTEM
Severity: Alert

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

reason Reason string 256

status Status string 23

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

ui User Interface string 64

user User name of authenticated user string 256

vd Virtual Domain Name string 32

32022 - LOG_ID_VDOM_ENABLED

Message ID: 32022


Message Description: LOG_ID_VDOM_ENABLED
Message Meaning: VDOM enabled
Type: Event
Category: SYSTEM

FortiOS 6.4.7 Log Reference 483


Fortinet, Inc.
Log Messages

Severity: Notice

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

ui User Interface string 64

user User name of authenticated user string 256

vd Virtual Domain Name string 32

32023 - LOG_ID_MEM_LOG_FIRST_FULL

Message ID: 32023


Message Description: LOG_ID_MEM_LOG_FIRST_FULL
Message Meaning: Memory log full over first warning level
Type: Event
Category: SYSTEM
Severity: Information

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

FortiOS 6.4.7 Log Reference 484


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

32024 - LOG_ID_ADMIN_PASSWD_EXPIRE

Message ID: 32024


Message Description: LOG_ID_ADMIN_PASSWD_EXPIRE
Message Meaning: Admin password expired
Type: Event
Category: SYSTEM
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

status Status string 23

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

vd Virtual Domain Name string 32

FortiOS 6.4.7 Log Reference 485


Fortinet, Inc.
Log Messages

32025 - LOG_ID_SSH_REKEY

Message ID: 32025


Message Description: LOG_ID_SSH_REKEY
Message Meaning: SSH server re-key
Type: Event
Category: SYSTEM
Severity: Warning

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

ui User Interface string 64

vd Virtual Domain Name string 32

32026 - LOG_ID_SSH_BAD_PACKET_LENGTH

Message ID: 32026


Message Description: LOG_ID_SSH_BAD_PACKET_LENGTH
Message Meaning: SSH server received bad length packet
Type: Event
Category: SYSTEM
Severity: Warning

Log Field Name Description Data Type Length

date Date string 10

FortiOS 6.4.7 Log Reference 486


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

ui User Interface string 64

vd Virtual Domain Name string 32

32027 - LOG_ID_VIEW_DISK_LOG_SUCC

Message ID: 32027


Message Description: LOG_ID_VIEW_DISK_LOG_SUCC
Message Meaning: Disk logs viewed successfully
Type: Event
Category: SYSTEM
Severity: Notice

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

FortiOS 6.4.7 Log Reference 487


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

type Log Type string 16

tz Time zone string 5

ui User Interface string 64

user User name of authenticated user string 256

vd Virtual Domain Name string 32

32028 - LOG_ID_LOG_DEL_DIR

Message ID: 32028


Message Description: LOG_ID_LOG_DEL_DIR
Message Meaning: Disk log directory deleted
Type: Event
Category: SYSTEM
Severity: Information

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

32029 - LOG_ID_LOG_DEL_FILE

Message ID: 32029


Message Description: LOG_ID_LOG_DEL_FILE
Message Meaning: Disk log file deleted

FortiOS 6.4.7 Log Reference 488


Fortinet, Inc.
Log Messages

Type: Event
Category: SYSTEM
Severity: Warning

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

filesize Report File Size in Bytes uint32 10

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

32030 - LOG_ID_SEND_FDS_STAT

Message ID: 32030


Message Description: LOG_ID_SEND_FDS_STAT
Message Meaning: FDS statistics sent
Type: Event
Category: SYSTEM
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

FortiOS 6.4.7 Log Reference 489


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

ui User Interface string 64

user User name of authenticated user string 256

vd Virtual Domain Name string 32

32031 - LOG_ID_VIEW_MEM_LOG_FAIL

Message ID: 32031


Message Description: LOG_ID_VIEW_MEM_LOG_FAIL
Message Meaning: Memory log access failed
Type: Event
Category: SYSTEM
Severity: Warning

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

FortiOS 6.4.7 Log Reference 490


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

tz Time zone string 5

ui User Interface string 64

user User name of authenticated user string 256

vd Virtual Domain Name string 32

32032 - LOG_ID_DISK_DLP_ARCH_FULL

Message ID: 32032


Message Description: LOG_ID_DISK_DLP_ARCH_FULL
Message Meaning: DLP archive full
Type: Event
Category: SYSTEM
Severity: Emergency

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

32033 - LOG_ID_DISK_QUAR_FULL

Message ID: 32033


Message Description: LOG_ID_DISK_QUAR_FULL
Message Meaning: Quarantine full
Type: Event

FortiOS 6.4.7 Log Reference 491


Fortinet, Inc.
Log Messages

Category: SYSTEM
Severity: Emergency

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

32034 - LOG_ID_DISK_REPORT_FULL

Message ID: 32034


Message Description: LOG_ID_DISK_REPORT_FULL
Message Meaning: Report full
Type: Event
Category: SYSTEM
Severity: Emergency

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

FortiOS 6.4.7 Log Reference 492


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

32035 - LOG_ID_VDOM_DISABLED

Message ID: 32035


Message Description: LOG_ID_VDOM_DISABLED
Message Meaning: VDOM disabled
Type: Event
Category: SYSTEM
Severity: Notice

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

ui User Interface string 64

user User name of authenticated user string 256

vd Virtual Domain Name string 32

32036 - LOG_ID_DISK_IPS_ARCH_FULL

Message ID: 32036


Message Description: LOG_ID_DISK_IPS_ARCH_FULL

FortiOS 6.4.7 Log Reference 493


Fortinet, Inc.
Log Messages

Message Meaning: IPS archive full


Type: Event
Category: SYSTEM
Severity: Emergency

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

32037 - LOG_ID_DISK_LOG_FIRST_FULL

Message ID: 32037


Message Description: LOG_ID_DISK_LOG_FIRST_FULL
Message Meaning: Disk log full over first warning
Type: Event
Category: SYSTEM
Severity: Information

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

FortiOS 6.4.7 Log Reference 494


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

32038 - LOG_ID_LOG_ROLL_FORTICRON

Message ID: 32038


Message Description: LOG_ID_LOG_ROLL_FORTICRON
Message Meaning: Log rotation requested by FortiCron
Type: Event
Category: SYSTEM
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

log Log Name for Log Rotation string 32

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

reason Reason string 256

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

FortiOS 6.4.7 Log Reference 495


Fortinet, Inc.
Log Messages

32039 - LOG_ID_VIEW_MEM_LOG_SUCC

Message ID: 32039


Message Description: LOG_ID_VIEW_MEM_LOG_SUCC
Message Meaning: Memory logs viewed successfully
Type: Event
Category: SYSTEM
Severity: Notice

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

log Log Name for Log Rotation string 32

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

ui User Interface string 64

user User name of authenticated user string 256

vd Virtual Domain Name string 32

32040 - LOG_ID_REPORT_DELETED

Message ID: 32040


Message Description: LOG_ID_REPORT_DELETED
Message Meaning: Report deleted
Type: Event
Category: SYSTEM
Severity: Information

FortiOS 6.4.7 Log Reference 496


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

32041 - LOG_ID_REPORT_DELETED_GUI

Message ID: 32041


Message Description: LOG_ID_REPORT_DELETED_GUI
Message Meaning: Report deleted from GUI
Type: Event
Category: SYSTEM
Severity: Information

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

FortiOS 6.4.7 Log Reference 497


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

32042 - LOG_ID_MEM_LOG_SECOND_FULL

Message ID: 32042


Message Description: LOG_ID_MEM_LOG_SECOND_FULL
Message Meaning: Memory log full over second warning level
Type: Event
Category: SYSTEM
Severity: Warning

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

32043 - LOG_ID_MEM_LOG_FINAL_FULL

Message ID: 32043


Message Description: LOG_ID_MEM_LOG_FINAL_FULL
Message Meaning: Memory log full over final warning level

FortiOS 6.4.7 Log Reference 498


Fortinet, Inc.
Log Messages

Type: Event
Category: SYSTEM
Severity: Warning

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

32044 - LOG_ID_LOG_DELETE

Message ID: 32044


Message Description: LOG_ID_LOG_DELETE
Message Meaning: Log deleted by user
Type: Event
Category: SYSTEM
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

log Log Name for Log Rotation string 32

FortiOS 6.4.7 Log Reference 499


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

ui User Interface string 64

user User name of authenticated user string 256

vd Virtual Domain Name string 32

32045 - LOG_ID_MGR_LIC_EXPIRE

Message ID: 32045


Message Description: LOG_ID_MGR_LIC_EXPIRE
Message Meaning: FortiGuard management service license expiring
Type: Event
Category: SYSTEM
Severity: Warning

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

FortiOS 6.4.7 Log Reference 500


Fortinet, Inc.
Log Messages

32048 - LOG_ID_SCHEDULE_EXPIRE

Message ID: 32048


Message Description: LOG_ID_SCHEDULE_EXPIRE
Message Meaning: One time schedule expiring
Type: Event
Category: SYSTEM
Severity: Warning

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

32049 - LOG_ID_FC_EXPIRE

Message ID: 32049


Message Description: LOG_ID_FC_EXPIRE
Message Meaning: FortiCloud license expiring
Type: Event
Category: SYSTEM
Severity: Warning

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

FortiOS 6.4.7 Log Reference 501


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

32050 - LOG_ID_POL_PKT_CAPTURE_FULL

Message ID: 32050


Message Description: LOG_ID_POL_PKT_CAPTURE_FULL
Message Meaning: Policy packet capture full
Type: Event
Category: SYSTEM
Severity: Warning

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

FortiOS 6.4.7 Log Reference 502


Fortinet, Inc.
Log Messages

32051 - LOG_ID_LOG_UPLOAD

Message ID: 32051


Message Description: LOG_ID_LOG_UPLOAD
Message Meaning: Disk logs upload started
Type: Event
Category: SYSTEM
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

status Status string 23

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

ui User Interface string 64

vd Virtual Domain Name string 32

32052 - LOG_ID_UPLOAD_RUN_SCRIPT

Message ID: 32052


Message Description: LOG_ID_UPLOAD_RUN_SCRIPT
Message Meaning: Upload and run a script
Type: Event
Category: SYSTEM
Severity: Notice

FortiOS 6.4.7 Log Reference 503


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

ui User Interface string 64

user User name of authenticated user string 256

vd Virtual Domain Name string 32

32053 - LOG_ID_ADMIN_MTNER_LOGIN_SUCC

Message ID: 32053


Message Description: LOG_ID_ADMIN_MTNER_LOGIN_SUCC
Message Meaning: Admin monitor login successful
Type: Event
Category: SYSTEM
Severity: Alert

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

dstip Destination IP ip 39

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

FortiOS 6.4.7 Log Reference 504


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

logid Log ID string 10

method Method string 64

msg Log Message string 4096

profile Profile Name string 64

reason Reason string 256

sn Serial Number string 64

srcip Source IP ip 39

status Status string 23

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

ui User Interface string 64

user User name of authenticated user string 256

vd Virtual Domain Name string 32

32054 - LOG_ID_ADMIN_MTNER_LOGOUT

Message ID: 32054


Message Description: LOG_ID_ADMIN_MTNER_LOGOUT
Message Meaning: Admin monitor logout successful
Type: Event
Category: SYSTEM
Severity: Alert

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

dstip Destination IP ip 39

duration Duration uint32 10

eventtime Event time uint64 20

FortiOS 6.4.7 Log Reference 505


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

method Method string 64

msg Log Message string 4096

reason Reason string 256

sn Serial Number string 64

srcip Source IP ip 39

state State string 64

status Status string 23

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

ui User Interface string 64

user User name of authenticated user string 256

vd Virtual Domain Name string 32

32057 - LOG_ID_VIEW_FAZ_LOG_FAIL

Message ID: 32057


Message Description: LOG_ID_VIEW_FAZ_LOG_FAIL
Message Meaning: FortiAnalyzer log access failed
Type: Event
Category: SYSTEM
Severity: Warning

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

FortiOS 6.4.7 Log Reference 506


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

ui User Interface string 64

user User name of authenticated user string 256

vd Virtual Domain Name string 32

32058 - LOG_ID_VIEW_FAZ_LOG_SUCC

Message ID: 32058


Message Description: LOG_ID_VIEW_FAZ_LOG_SUCC
Message Meaning: FortiAnalyzer logs viewed successfully
Type: Event
Category: SYSTEM
Severity: Notice

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

FortiOS 6.4.7 Log Reference 507


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

ui User Interface string 64

user User name of authenticated user string 256

vd Virtual Domain Name string 32

32095 - LOG_ID_GUI_CHG_SUB_MODULE

Message ID: 32095


Message Description: LOG_ID_GUI_CHG_SUB_MODULE
Message Meaning: Admin performed an action from GUI
Type: Event
Category: SYSTEM
Severity: Warning

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

status Status string 23

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

ui User Interface string 64

user User name of authenticated user string 256

vd Virtual Domain Name string 32

32096 - LOG_ID_GUI_DOWNLOAD_LOG

Message ID: 32096

FortiOS 6.4.7 Log Reference 508


Fortinet, Inc.
Log Messages

Message Description: LOG_ID_GUI_DOWNLOAD_LOG


Message Meaning: Log file downloaded from GUI
Type: Event
Category: SYSTEM
Severity: Notice

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

ui User Interface string 64

user User name of authenticated user string 256

vd Virtual Domain Name string 32

32097 - LOG_ID_DELETE_CAPTURE_PKT

Message ID: 32097


Message Description: LOG_ID_DELETE_CAPTURE_PKT
Message Meaning: Policy packet capture file deleted
Type: Event
Category: SYSTEM
Severity: Warning

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

FortiOS 6.4.7 Log Reference 509


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

status Status string 23

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

ui User Interface string 64

user User name of authenticated user string 256

vd Virtual Domain Name string 32

32100 - LOG_ID_FORTI_TOKEN_SYNC

Message ID: 32100


Message Description: LOG_ID_FORTI_TOKEN_SYNC
Message Meaning: FortiToken synchronized
Type: Event
Category: SYSTEM
Severity: Warning

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

FortiOS 6.4.7 Log Reference 510


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

vd Virtual Domain Name string 32

32102 - LOG_ID_CHG_CONFIG

Message ID: 32102


Message Description: LOG_ID_CHG_CONFIG
Message Meaning: Configuration changed
Type: Event
Category: SYSTEM
Severity: Alert, Information

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

module Configuration Module Name string 32

msg Log Message string 4096

submodule Sub-module name. For example autoupdate is sub-module in string 32


log of "config system autoupdate schedule"

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

ui User Interface string 64

FortiOS 6.4.7 Log Reference 511


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

user User name of authenticated user string 256

vd Virtual Domain Name string 32

32103 - LOG_ID_NEW_FIRMWARE

Message ID: 32103


Message Description: LOG_ID_NEW_FIRMWARE
Message Meaning: New firmware available on FortiGuard
Type: Event
Category: SYSTEM
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

status Status string 23

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

vd Virtual Domain Name string 32

32104 - LOG_ID_CHG_CONFIG_GUI

Message ID: 32104


Message Description: LOG_ID_CHG_CONFIG_GUI
Message Meaning: Configuration changed via GUI

FortiOS 6.4.7 Log Reference 512


Fortinet, Inc.
Log Messages

Type: Event
Category: SYSTEM
Severity: Information

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

module Configuration Module Name string 32

msg Log Message string 4096

submodule Sub-module name. For example autoupdate is sub-module in string 32


log of "config system autoupdate schedule"

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

ui User Interface string 64

user User name of authenticated user string 256

vd Virtual Domain Name string 32

32105 - LOG_ID_NTP_SVR_STAUS_CHG_REACHABLE

Message ID: 32105


Message Description: LOG_ID_NTP_SVR_STAUS_CHG_REACHABLE
Message Meaning: NTP server status changes to reachable
Type: Event
Category: SYSTEM
Severity: Notice

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

FortiOS 6.4.7 Log Reference 513


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

eventtime Event time uint64 20

field NTP date-time field string 32

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

ui User Interface string 64

user User name of authenticated user string 256

vd Virtual Domain Name string 32

32106 - LOG_ID_NTP_SVR_STAUS_CHG_RESOLVABLE

Message ID: 32106


Message Description: LOG_ID_NTP_SVR_STAUS_CHG_RESOLVABLE
Message Meaning: NTP server status changes to resolvable
Type: Event
Category: SYSTEM
Severity: Notice

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

field NTP date-time field string 32

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

FortiOS 6.4.7 Log Reference 514


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

ui User Interface string 64

user User name of authenticated user string 256

vd Virtual Domain Name string 32

32107 - LOG_ID_NTP_SVR_STAUS_CHG_UNRESOLVABLE

Message ID: 32107


Message Description: LOG_ID_NTP_SVR_STAUS_CHG_UNRESOLVABLE
Message Meaning: NTP server status changes to unresolvable
Type: Event
Category: SYSTEM
Severity: Notice

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

field NTP date-time field string 32

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

ui User Interface string 64

user User name of authenticated user string 256

vd Virtual Domain Name string 32

FortiOS 6.4.7 Log Reference 515


Fortinet, Inc.
Log Messages

32108 - LOG_ID_NTP_SVR_STAUS_CHG_UNREACHABLE

Message ID: 32108


Message Description: LOG_ID_NTP_SVR_STAUS_CHG_UNREACHABLE
Message Meaning: NTP server status changes to unreachable
Type: Event
Category: SYSTEM
Severity: Notice

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

field NTP date-time field string 32

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

ui User Interface string 64

user User name of authenticated user string 256

vd Virtual Domain Name string 32

32109 - LOG_ID_UPD_SIGN_AV_DB

Message ID: 32109


Message Description: LOG_ID_UPD_SIGN_AV_DB
Message Meaning: Updating virus database
Type: Event
Category: SYSTEM
Severity: Critical

FortiOS 6.4.7 Log Reference 516


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

ui User Interface string 64

user User name of authenticated user string 256

vd Virtual Domain Name string 32

32110 - LOG_ID_UPD_SIGN_IPS_DB

Message ID: 32110


Message Description: LOG_ID_UPD_SIGN_IPS_DB
Message Meaning: IPS database updated
Type: Event
Category: SYSTEM
Severity: Critical

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

FortiOS 6.4.7 Log Reference 517


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

ui User Interface string 64

user User name of authenticated user string 256

vd Virtual Domain Name string 32

32111 - LOG_ID_UPD_SIGN_AVIPS_DB

Message ID: 32111


Message Description: LOG_ID_UPD_SIGN_AVIPS_DB
Message Meaning: AV, IPS, GeoIP, SRC-VIS, FortiFlow, URL White-list, Certificate databases updated
Type: Event
Category: SYSTEM
Severity: Critical

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

FortiOS 6.4.7 Log Reference 518


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

ui User Interface string 64

user User name of authenticated user string 256

vd Virtual Domain Name string 32

32113 - LOG_ID_UPD_SIGN_SRCVIS_DB

Message ID: 32113


Message Description: LOG_ID_UPD_SIGN_SRCVIS_DB
Message Meaning: SRC-VIS object updated
Type: Event
Category: SYSTEM
Severity: Critical

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

ui User Interface string 64

user User name of authenticated user string 256

vd Virtual Domain Name string 32

32114 - LOG_ID_UPD_SIGN_GEOIP_DB

Message ID: 32114


Message Description: LOG_ID_UPD_SIGN_GEOIP_DB

FortiOS 6.4.7 Log Reference 519


Fortinet, Inc.
Log Messages

Message Meaning: GeoIP object updated


Type: Event
Category: SYSTEM
Severity: Critical

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

ui User Interface string 64

user User name of authenticated user string 256

vd Virtual Domain Name string 32

32116 - LOG_ID_UPD_SIGN_AVPKG_FAILURE

Message ID: 32116


Message Description: LOG_ID_UPD_SIGN_AVPKG_FAILURE
Message Meaning: AV package update by SCP failed
Type: Event
Category: SYSTEM
Severity: Warning

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

FortiOS 6.4.7 Log Reference 520


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

ui User Interface string 64

user User name of authenticated user string 256

vd Virtual Domain Name string 32

32117 - LOG_ID_UPD_SIGN_AVPKG_SUCCESS

Message ID: 32117


Message Description: LOG_ID_UPD_SIGN_AVPKG_SUCCESS
Message Meaning: AV package update by SCP successful
Type: Event
Category: SYSTEM
Severity: Warning

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

FortiOS 6.4.7 Log Reference 521


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

ui User Interface string 64

user User name of authenticated user string 256

vd Virtual Domain Name string 32

32118 - LOG_ID_UPD_ADMIN_AV_DB

Message ID: 32118


Message Description: LOG_ID_UPD_ADMIN_AV_DB
Message Meaning: AV updated by admin
Type: Event
Category: SYSTEM
Severity: Notice

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

status Status string 23

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

FortiOS 6.4.7 Log Reference 522


Fortinet, Inc.
Log Messages

32119 - LOG_ID_UPD_SCANUNIT_AV_DB

Message ID: 32119


Message Description: LOG_ID_UPD_SCANUNIT_AV_DB
Message Meaning: AV database updated by scanunit
Type: Event
Category: SYSTEM
Severity: Critical

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

ui User Interface string 64

user User name of authenticated user string 256

vd Virtual Domain Name string 32

32120 - LOG_ID_RPT_ADD_DATASET

Message ID: 32120


Message Description: LOG_ID_RPT_ADD_DATASET
Message Meaning: Report data set added
Type: Event
Category: SYSTEM
Severity: Notice

FortiOS 6.4.7 Log Reference 523


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

name Display Name of the Connection string 128

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

ui User Interface string 64

user User name of authenticated user string 256

vd Virtual Domain Name string 32

32122 - LOG_ID_RPT_DEL_DATASET

Message ID: 32122


Message Description: LOG_ID_RPT_DEL_DATASET
Message Meaning: Report data set deleted
Type: Event
Category: SYSTEM
Severity: Notice

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

FortiOS 6.4.7 Log Reference 524


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

msg Log Message string 4096

name Display Name of the Connection string 128

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

ui User Interface string 64

user User name of authenticated user string 256

vd Virtual Domain Name string 32

32125 - LOG_ID_RPT_ADD_CHART

Message ID: 32125


Message Description: LOG_ID_RPT_ADD_CHART
Message Meaning: Report chart widget added
Type: Event
Category: SYSTEM
Severity: Notice

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

name Display Name of the Connection string 128

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

FortiOS 6.4.7 Log Reference 525


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

ui User Interface string 64

user User name of authenticated user string 256

vd Virtual Domain Name string 32

32126 - LOG_ID_RPT_DEL_CHART

Message ID: 32126


Message Description: LOG_ID_RPT_DEL_CHART
Message Meaning: Report chart widget deleted
Type: Event
Category: SYSTEM
Severity: Notice

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

name Display Name of the Connection string 128

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

ui User Interface string 64

user User name of authenticated user string 256

vd Virtual Domain Name string 32

32129 - LOG_ID_ADD_GUEST

Message ID: 32129


Message Description: LOG_ID_ADD_GUEST

FortiOS 6.4.7 Log Reference 526


Fortinet, Inc.
Log Messages

Message Meaning: Guest user added


Type: Event
Category: SYSTEM
Severity: Notice

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

name Display Name of the Connection string 128

status Status string 23

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

ui User Interface string 64

user User name of authenticated user string 256

vd Virtual Domain Name string 32

32130 - LOG_ID_CHG_USER

Message ID: 32130


Message Description: LOG_ID_CHG_USER
Message Meaning: User changed
Type: Event
Category: SYSTEM
Severity: Notice

Log Field Name Description Data Type Length

date Date string 10

FortiOS 6.4.7 Log Reference 527


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

name Display Name of the Connection string 128

new_status New Status string 512

old_status Original Status string 512

passwd Password string 20

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

ui User Interface string 64

user User name of authenticated user string 256

vd Virtual Domain Name string 32

32131 - LOG_ID_DEL_GUEST

Message ID: 32131


Message Description: LOG_ID_DEL_GUEST
Message Meaning: Guest user deleted
Type: Event
Category: SYSTEM
Severity: Notice

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

FortiOS 6.4.7 Log Reference 528


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

name Display Name of the Connection string 128

status Status string 23

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

ui User Interface string 64

user User name of authenticated user string 256

vd Virtual Domain Name string 32

32132 - LOG_ID_ADD_USER

Message ID: 32132


Message Description: LOG_ID_ADD_USER
Message Meaning: Local user added
Type: Event
Category: SYSTEM
Severity: Notice

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

name Display Name of the Connection string 128

status Status string 23

FortiOS 6.4.7 Log Reference 529


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

ui User Interface string 64

user User name of authenticated user string 256

vd Virtual Domain Name string 32

32138 - LOG_ID_REBOOT

Message ID: 32138


Message Description: LOG_ID_REBOOT
Message Meaning: Device rebooted
Type: Event
Category: SYSTEM
Severity: Critical

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

ui User Interface string 64

user User name of authenticated user string 256

vd Virtual Domain Name string 32

FortiOS 6.4.7 Log Reference 530


Fortinet, Inc.
Log Messages

32139 - LOG_ID_WAKE_ON_LAN

Message ID: 32139


Message Description: LOG_ID_WAKE_ON_LAN
Message Meaning: Wake on LAN device
Type: Event
Category: SYSTEM
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

ui User Interface string 64

user User name of authenticated user string 256

vd Virtual Domain Name string 32

32140 - LOG_ID_TIME_USER_SETTING_CHG

Message ID: 32140


Message Description: LOG_ID_TIME_USER_SETTING_CHG
Message Meaning: Global time setting changed by user
Type: Event
Category: SYSTEM
Severity: Notice

FortiOS 6.4.7 Log Reference 531


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

field NTP date-time field string 32

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

srcip Source IP ip 39

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

ui User Interface string 64

user User name of authenticated user string 256

vd Virtual Domain Name string 32

32141 - LOG_ID_TIME_NTP_SETTING_CHG

Message ID: 32141


Message Description: LOG_ID_TIME_NTP_SETTING_CHG
Message Meaning: Global time setting changed by NTP
Type: Event
Category: SYSTEM
Severity: Notice

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

field NTP date-time field string 32

FortiOS 6.4.7 Log Reference 532


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

ui User Interface string 64

user User name of authenticated user string 256

vd Virtual Domain Name string 32

32142 - LOG_ID_BACKUP_CONF

Message ID: 32142


Message Description: LOG_ID_BACKUP_CONF
Message Meaning: System configuration backed up
Type: Event
Category: SYSTEM
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

status Status string 23

subtype Log Subtype string 20

FortiOS 6.4.7 Log Reference 533


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

time Time string 8

type Log Type string 16

tz Time zone string 5

ui User Interface string 64

user User name of authenticated user string 256

vd Virtual Domain Name string 32

32143 - LOG_ID_BACKUP_CONF_BY_SCP

Message ID: 32143


Message Description: LOG_ID_BACKUP_CONF_BY_SCP
Message Meaning: System configuration backed up by SCP
Type: Event
Category: SYSTEM
Severity: Warning

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

ui User Interface string 64

user User name of authenticated user string 256

vd Virtual Domain Name string 32

FortiOS 6.4.7 Log Reference 534


Fortinet, Inc.
Log Messages

32144 - LOG_ID_BACKUP_CONF_ERROR

Message ID: 32144


Message Description: LOG_ID_BACKUP_CONF_ERROR
Message Meaning: System configuration backed up error
Type: Event
Category: SYSTEM
Severity: Error

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

status Status string 23

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

ui User Interface string 64

user User name of authenticated user string 256

vd Virtual Domain Name string 32

32145 - LOG_ID_BACKUP_CONF_ALERT

Message ID: 32145


Message Description: LOG_ID_BACKUP_CONF_ALERT
Message Meaning: System configuration backed up alert
Type: Event
Category: SYSTEM
Severity: Alert

FortiOS 6.4.7 Log Reference 535


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

status Status string 23

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

32146 - LOG_ID_TIME_PTP_SETTING_CHG

Message ID: 32146


Message Description: LOG_ID_TIME_PTP_SETTING_CHG
Message Meaning: Global time setting changed by PTP
Type: Event
Category: SYSTEM
Severity: Notice

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

field NTP date-time field string 32

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

FortiOS 6.4.7 Log Reference 536


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

32148 - LOG_ID_GET_CRL

Message ID: 32148


Message Description: LOG_ID_GET_CRL
Message Meaning: CRL update requested
Type: Event
Category: SYSTEM
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

crl Certificate revocation lists string 4096

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

ui User Interface string 64

user User name of authenticated user string 256

vd Virtual Domain Name string 32

FortiOS 6.4.7 Log Reference 537


Fortinet, Inc.
Log Messages

32149 - LOG_ID_COMMAND_FAIL

Message ID: 32149


Message Description: LOG_ID_COMMAND_FAIL
Message Meaning: Command failed
Type: Event
Category: SYSTEM
Severity: Notice

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

ui User Interface string 64

user User name of authenticated user string 256

vd Virtual Domain Name string 32

32151 - LOG_ID_ADD_IP6_LOCAL_POL

Message ID: 32151


Message Description: LOG_ID_ADD_IP6_LOCAL_POL
Message Meaning: IPv6 firewall local in policy added
Type: Event
Category: SYSTEM
Severity: Notice

FortiOS 6.4.7 Log Reference 538


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

act Action string 16

daddr Destination address string 80

date Date string 10

devid Device ID string 16

dintf Destination interface string 36

eventtime Event time uint64 20

iptype IP type string 16

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

32152 - LOG_ID_CHG_IP6_LOCAL_POL

Message ID: 32152


Message Description: LOG_ID_CHG_IP6_LOCAL_POL
Message Meaning: IPv6 firewall local in policy setting changed
Type: Event
Category: SYSTEM
Severity: Notice

Log Field Name Description Data Type Length

act Action string 16

daddr Destination address string 80

date Date string 10

devid Device ID string 16

dintf Destination interface string 36

eventtime Event time uint64 20

FortiOS 6.4.7 Log Reference 539


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

iptype IP type string 16

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

32153 - LOG_ID_DEL_IP6_LOCAL_POL

Message ID: 32153


Message Description: LOG_ID_DEL_IP6_LOCAL_POL
Message Meaning: IPv6 firewall local in policy deleted
Type: Event
Category: SYSTEM
Severity: Notice

Log Field Name Description Data Type Length

act Action string 16

daddr Destination address string 80

date Date string 10

devid Device ID string 16

dintf Destination interface string 36

eventtime Event time uint64 20

iptype IP type string 16

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

subtype Log Subtype string 20

time Time string 8

FortiOS 6.4.7 Log Reference 540


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

32155 - LOG_ID_ACT_FTOKEN_REQ

Message ID: 32155


Message Description: LOG_ID_ACT_FTOKEN_REQ
Message Meaning: FortiToken activation requested
Type: Event
Category: SYSTEM
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

serialno Serial Number string 16

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

ui User Interface string 64

user User name of authenticated user string 256

vd Virtual Domain Name string 32

32156 - LOG_ID_ACT_FTOKEN_SUCC

Message ID: 32156

FortiOS 6.4.7 Log Reference 541


Fortinet, Inc.
Log Messages

Message Description: LOG_ID_ACT_FTOKEN_SUCC


Message Meaning: FortiToken activation successful
Type: Event
Category: SYSTEM
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

serialno Serial Number string 16

status Status string 23

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

32157 - LOG_ID_SYNC_FTOKEN_SUCC

Message ID: 32157


Message Description: LOG_ID_SYNC_FTOKEN_SUCC
Message Meaning: FortiToken re-synchronized
Type: Event
Category: SYSTEM
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

FortiOS 6.4.7 Log Reference 542


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

serialno Serial Number string 16

status Status string 23

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

ui User Interface string 64

user User name of authenticated user string 256

vd Virtual Domain Name string 32

32158 - LOG_ID_SYNC_FTOKEN_FAIL

Message ID: 32158


Message Description: LOG_ID_SYNC_FTOKEN_FAIL
Message Meaning: FortiToken re-synchronization failed
Type: Event
Category: SYSTEM
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

FortiOS 6.4.7 Log Reference 543


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

serialno Serial Number string 16

status Status string 23

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

ui User Interface string 64

user User name of authenticated user string 256

vd Virtual Domain Name string 32

32159 - LOG_ID_ACT_FTOKEN_FAIL

Message ID: 32159


Message Description: LOG_ID_ACT_FTOKEN_FAIL
Message Meaning: FortiToken activation failed
Type: Event
Category: SYSTEM
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

serialno Serial Number string 16

FortiOS 6.4.7 Log Reference 544


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

status Status string 23

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

32160 - LOG_ID_FTM_PUSH_SUCC

Message ID: 32160


Message Description: LOG_ID_FTM_PUSH_SUCC
Message Meaning: FortiToken mobile push message succeeded
Type: Event
Category: SYSTEM
Severity: Notice

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

32161 - LOG_ID_FTM_PUSH_FAIL

Message ID: 32161


Message Description: LOG_ID_FTM_PUSH_FAIL

FortiOS 6.4.7 Log Reference 545


Fortinet, Inc.
Log Messages

Message Meaning: FortiToken mobile push message failed


Type: Event
Category: SYSTEM
Severity: Alert

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

32168 - LOG_ID_REACH_VDOM_LIMIT

Message ID: 32168


Message Description: LOG_ID_REACH_VDOM_LIMIT
Message Meaning: VDOM limit reached
Type: Event
Category: SYSTEM
Severity: Notice

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

FortiOS 6.4.7 Log Reference 546


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

ui User Interface string 64

user User name of authenticated user string 256

vd Virtual Domain Name string 32

32169 - LOG_ID_ALARM_DLP_DB

Message ID: 32169


Message Description: LOG_ID_ALARM_DLP_DB
Message Meaning: DLP database space alarm
Type: Event
Category: SYSTEM
Severity: Alert

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

FortiOS 6.4.7 Log Reference 547


Fortinet, Inc.
Log Messages

32170 - LOG_ID_ALARM_MSG

Message ID: 32170


Message Description: LOG_ID_ALARM_MSG
Message Meaning: Alarm created
Type: Event
Category: SYSTEM
Severity: Alert

Log Field Name Description Data Type Length

action Policy Action string 65

alarmid Alarm ID uint32 10

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

groupid User Group ID uint32 10

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

32171 - LOG_ID_ALARM_ACK

Message ID: 32171


Message Description: LOG_ID_ALARM_ACK
Message Meaning: Alarm acknowledged
Type: Event
Category: SYSTEM
Severity: Alert

FortiOS 6.4.7 Log Reference 548


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

acktime Alarm Acknowledge Time string 24

action Policy Action string 65

alarmid Alarm ID uint32 10

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

ui User Interface string 64

user User name of authenticated user string 256

vd Virtual Domain Name string 32

32172 - LOG_ID_ADD_IP4_LOCAL_POL

Message ID: 32172


Message Description: LOG_ID_ADD_IP4_LOCAL_POL
Message Meaning: IPv4 firewall local in policy added
Type: Event
Category: SYSTEM
Severity: Notice

Log Field Name Description Data Type Length

act Action string 16

daddr Destination address string 80

date Date string 10

devid Device ID string 16

FortiOS 6.4.7 Log Reference 549


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

dintf Destination interface string 36

eventtime Event time uint64 20

iptype IP type string 16

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

32173 - LOG_ID_CHG_IP4_LOCAL_POL

Message ID: 32173


Message Description: LOG_ID_CHG_IP4_LOCAL_POL
Message Meaning: IPv4 firewall local in policy's setting changed
Type: Event
Category: SYSTEM
Severity: Notice

Log Field Name Description Data Type Length

act Action string 16

daddr Destination address string 80

date Date string 10

devid Device ID string 16

dintf Destination interface string 36

eventtime Event time uint64 20

iptype IP type string 16

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

FortiOS 6.4.7 Log Reference 550


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

32174 - LOG_ID_DEL_IP4_LOCAL_POL

Message ID: 32174


Message Description: LOG_ID_DEL_IP4_LOCAL_POL
Message Meaning: IPv4 firewall local in policy deleted
Type: Event
Category: SYSTEM
Severity: Notice

Log Field Name Description Data Type Length

act Action string 16

daddr Destination address string 80

date Date string 10

devid Device ID string 16

dintf Destination interface string 36

eventtime Event time uint64 20

iptype IP type string 16

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

FortiOS 6.4.7 Log Reference 551


Fortinet, Inc.
Log Messages

32190 - LOG_ID_UPT_INVALID_IMG

Message ID: 32190


Message Description: LOG_ID_UPT_INVALID_IMG
Message Meaning: Invalid image loaded
Type: Event
Category: SYSTEM
Severity: Critical

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

ui User Interface string 64

user User name of authenticated user string 256

vd Virtual Domain Name string 32

32191 - LOG_ID_UPT_INVALID_IMG_CC

Message ID: 32191


Message Description: LOG_ID_UPT_INVALID_IMG_CC
Message Meaning: Image with invalid CC signature loaded
Type: Event
Category: SYSTEM
Severity: Critical

FortiOS 6.4.7 Log Reference 552


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

ui User Interface string 64

user User name of authenticated user string 256

vd Virtual Domain Name string 32

32192 - LOG_ID_UPT_INVALID_IMG_RSA

Message ID: 32192


Message Description: LOG_ID_UPT_INVALID_IMG_RSA
Message Meaning: Image with invalid RSA signature loaded
Type: Event
Category: SYSTEM
Severity: Critical

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

FortiOS 6.4.7 Log Reference 553


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

ui User Interface string 64

user User name of authenticated user string 256

vd Virtual Domain Name string 32

32193 - LOG_ID_UPT_IMG_RSA

Message ID: 32193


Message Description: LOG_ID_UPT_IMG_RSA
Message Meaning: Image with valid RSA signature loaded
Type: Event
Category: SYSTEM
Severity: Critical

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

FortiOS 6.4.7 Log Reference 554


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

ui User Interface string 64

user User name of authenticated user string 256

vd Virtual Domain Name string 32

32194 - LOG_ID_UPT_IMG_FAIL

Message ID: 32194


Message Description: LOG_ID_UPT_IMG_FAIL
Message Meaning: System upgrade failed due to file operation failure
Type: Event
Category: SYSTEM
Severity: Critical

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

ui User Interface string 64

user User name of authenticated user string 256

vd Virtual Domain Name string 32

32199 - LOG_ID_RESTORE_IMG_USB

Message ID: 32199


Message Description: LOG_ID_RESTORE_IMG_USB

FortiOS 6.4.7 Log Reference 555


Fortinet, Inc.
Log Messages

Message Meaning: Image restored from USB


Type: Event
Category: SYSTEM
Severity: Critical

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

ui User Interface string 64

user User name of authenticated user string 256

vd Virtual Domain Name string 32

32200 - LOG_ID_SHUTDOWN

Message ID: 32200


Message Description: LOG_ID_SHUTDOWN
Message Meaning: Device shutdown
Type: Event
Category: SYSTEM
Severity: Critical

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

FortiOS 6.4.7 Log Reference 556


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

ui User Interface string 64

user User name of authenticated user string 256

vd Virtual Domain Name string 32

32201 - LOG_ID_LOAD_IMG_SUCC

Message ID: 32201


Message Description: LOG_ID_LOAD_IMG_SUCC
Message Meaning: Image loaded successfully
Type: Event
Category: SYSTEM
Severity: Critical

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

FortiOS 6.4.7 Log Reference 557


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

status Status string 23

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

ui User Interface string 64

user User name of authenticated user string 256

vd Virtual Domain Name string 32

32202 - LOG_ID_RESTORE_IMG

Message ID: 32202


Message Description: LOG_ID_RESTORE_IMG
Message Meaning: Image restored
Type: Event
Category: SYSTEM
Severity: Critical

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

status Status string 23

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

FortiOS 6.4.7 Log Reference 558


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

ui User Interface string 64

user User name of authenticated user string 256

vd Virtual Domain Name string 32

32203 - LOG_ID_RESTORE_CONF

Message ID: 32203


Message Description: LOG_ID_RESTORE_CONF
Message Meaning: Configuration restored
Type: Event
Category: SYSTEM
Severity: Critical

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

ui User Interface string 64

user User name of authenticated user string 256

vd Virtual Domain Name string 32

32204 - LOG_ID_RESTORE_FGD_SVR

Message ID: 32204


Message Description: LOG_ID_RESTORE_FGD_SVR

FortiOS 6.4.7 Log Reference 559


Fortinet, Inc.
Log Messages

Message Meaning: FortiGuard service restored


Type: Event
Category: SYSTEM
Severity: Critical

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

ui User Interface string 64

user User name of authenticated user string 256

vd Virtual Domain Name string 32

32205 - LOG_ID_RESTORE_VDOM_LIC

Message ID: 32205


Message Description: LOG_ID_RESTORE_VDOM_LIC
Message Meaning: VM license restored
Type: Event
Category: SYSTEM
Severity: Critical

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

FortiOS 6.4.7 Log Reference 560


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

ui User Interface string 64

user User name of authenticated user string 256

vd Virtual Domain Name string 32

32206 - LOG_ID_RESTORE_SCRIPT

Message ID: 32206


Message Description: LOG_ID_RESTORE_SCRIPT
Message Meaning: Script restored from management station
Type: Event
Category: SYSTEM
Severity: Warning, Notice

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

FortiOS 6.4.7 Log Reference 561


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

ui User Interface string 64

user User name of authenticated user string 256

vd Virtual Domain Name string 32

32207 - LOG_ID_RETRIEVE_CONF_LIST

Message ID: 32207


Message Description: LOG_ID_RETRIEVE_CONF_LIST
Message Meaning: Configuration list retrieval failed
Type: Event
Category: SYSTEM
Severity: Warning

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

ui User Interface string 64

user User name of authenticated user string 256

vd Virtual Domain Name string 32

FortiOS 6.4.7 Log Reference 562


Fortinet, Inc.
Log Messages

32208 - LOG_ID_IMP_PKCS12_CERT

Message ID: 32208


Message Description: LOG_ID_IMP_PKCS12_CERT
Message Meaning: PKCS12 certificate imported
Type: Event
Category: SYSTEM
Severity: Critical

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

ui User Interface string 64

user User name of authenticated user string 256

vd Virtual Domain Name string 32

32209 - LOG_ID_RESTORE_USR_DEF_IPS

Message ID: 32209


Message Description: LOG_ID_RESTORE_USR_DEF_IPS
Message Meaning: IPS custom signatures restored
Type: Event
Category: SYSTEM
Severity: Notice

FortiOS 6.4.7 Log Reference 563


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

status Status string 23

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

ui User Interface string 64

user User name of authenticated user string 256

vd Virtual Domain Name string 32

32210 - LOG_ID_BACKUP_IMG_SUCC

Message ID: 32210


Message Description: LOG_ID_BACKUP_IMG_SUCC
Message Meaning: Firmware image backed up successfully
Type: Event
Category: SYSTEM
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

FortiOS 6.4.7 Log Reference 564


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

status Status string 23

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

ui User Interface string 64

user User name of authenticated user string 256

vd Virtual Domain Name string 32

32211 - LOG_ID_UPLOAD_REVISION

Message ID: 32211


Message Description: LOG_ID_UPLOAD_REVISION
Message Meaning: Revision uploaded to flash disk
Type: Event
Category: SYSTEM
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

status Status string 23

subtype Log Subtype string 20

FortiOS 6.4.7 Log Reference 565


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

time Time string 8

type Log Type string 16

tz Time zone string 5

ui User Interface string 64

user User name of authenticated user string 256

vd Virtual Domain Name string 32

32212 - LOG_ID_DEL_REVISION

Message ID: 32212


Message Description: LOG_ID_DEL_REVISION
Message Meaning: Revision deleted
Type: Event
Category: SYSTEM
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

status Status string 23

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

ui User Interface string 64

user User name of authenticated user string 256

vd Virtual Domain Name string 32

FortiOS 6.4.7 Log Reference 566


Fortinet, Inc.
Log Messages

32213 - LOG_ID_RESTORE_TEMPLATE

Message ID: 32213


Message Description: LOG_ID_RESTORE_TEMPLATE
Message Meaning: Template restored
Type: Event
Category: SYSTEM
Severity: Warning

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

vd Virtual Domain Name string 32

32214 - LOG_ID_RESTORE_FILE

Message ID: 32214


Message Description: LOG_ID_RESTORE_FILE
Message Meaning: File restore failed
Type: Event
Category: SYSTEM
Severity: Warning

FortiOS 6.4.7 Log Reference 567


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

vd Virtual Domain Name string 32

32215 - LOG_ID_UPT_IMG

Message ID: 32215


Message Description: LOG_ID_UPT_IMG
Message Meaning: Image updated
Type: Event
Category: SYSTEM
Severity: Critical

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

FortiOS 6.4.7 Log Reference 568


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

ui User Interface string 64

user User name of authenticated user string 256

vd Virtual Domain Name string 32

32217 - LOG_ID_UPD_IPS

Message ID: 32217


Message Description: LOG_ID_UPD_IPS
Message Meaning: IPS package - Admin update successful
Type: Event
Category: SYSTEM
Severity: Notice

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

status Status string 23

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

FortiOS 6.4.7 Log Reference 569


Fortinet, Inc.
Log Messages

32218 - LOG_ID_UPD_DLP

Message ID: 32218


Message Description: LOG_ID_UPD_DLP
Message Meaning: DLP fingerprint database update via SCP failed
Type: Event
Category: SYSTEM
Severity: Warning

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

ui User Interface string 64

user User name of authenticated user string 256

vd Virtual Domain Name string 32

32219 - LOG_ID_BACKUP_OUTPUT

Message ID: 32219


Message Description: LOG_ID_BACKUP_OUTPUT
Message Meaning: Error output backup via SCP successful
Type: Event
Category: SYSTEM
Severity: Warning

FortiOS 6.4.7 Log Reference 570


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

ui User Interface string 64

user User name of authenticated user string 256

vd Virtual Domain Name string 32

32220 - LOG_ID_BACKUP_COMMAND

Message ID: 32220


Message Description: LOG_ID_BACKUP_COMMAND
Message Meaning: Batch mode command output backup via SCP successful
Type: Event
Category: SYSTEM
Severity: Warning

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

FortiOS 6.4.7 Log Reference 571


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

ui User Interface string 64

user User name of authenticated user string 256

vd Virtual Domain Name string 32

32221 - LOG_ID_UPD_VDOM_LIC

Message ID: 32221


Message Description: LOG_ID_UPD_VDOM_LIC
Message Meaning: VM license installed via SCP
Type: Event
Category: SYSTEM
Severity: Warning

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

FortiOS 6.4.7 Log Reference 572


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

ui User Interface string 64

user User name of authenticated user string 256

vd Virtual Domain Name string 32

32222 - LOG_ID_GLB_SETTING_CHG

Message ID: 32222


Message Description: LOG_ID_GLB_SETTING_CHG
Message Meaning: Global setting changed
Type: Event
Category: SYSTEM
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

field NTP date-time field string 32

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

new_value New Virtual Domain Name string 128

old_value Original Virtual Domain name string 128

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

ui User Interface string 64

user User name of authenticated user string 256

vd Virtual Domain Name string 32

FortiOS 6.4.7 Log Reference 573


Fortinet, Inc.
Log Messages

32223 - LOG_ID_BACKUP_USER_DEF_IPS

Message ID: 32223


Message Description: LOG_ID_BACKUP_USER_DEF_IPS
Message Meaning: IPS custom signatures backup success
Type: Event
Category: SYSTEM
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

status Status string 23

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

ui User Interface string 64

user User name of authenticated user string 256

vd Virtual Domain Name string 32

32224 - LOG_ID_BACKUP_DISK_LOG

Message ID: 32224


Message Description: LOG_ID_BACKUP_DISK_LOG
Message Meaning: Disk logs backed up
Type: Event
Category: SYSTEM
Severity: Notice

FortiOS 6.4.7 Log Reference 574


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

file Report file full path string 256

hash Hash Value of Downloaded File string 32

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

ui User Interface string 64

user User name of authenticated user string 256

vd Virtual Domain Name string 32

32225 - LOG_ID_DEL_ALL_REVISION

Message ID: 32225


Message Description: LOG_ID_DEL_ALL_REVISION
Message Meaning: Revision database reset due to data corruption
Type: Event
Category: SYSTEM
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

FortiOS 6.4.7 Log Reference 575


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

status Status string 23

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

32226 - LOG_ID_LOAD_IMG_FAIL

Message ID: 32226


Message Description: LOG_ID_LOAD_IMG_FAIL
Message Meaning: Image failed to load
Type: Event
Category: SYSTEM
Severity: Critical

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

status Status string 23

subtype Log Subtype string 20

time Time string 8

FortiOS 6.4.7 Log Reference 576


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

type Log Type string 16

tz Time zone string 5

ui User Interface string 64

user User name of authenticated user string 256

vd Virtual Domain Name string 32

32227 - LOG_ID_UPD_DLP_FAIL

Message ID: 32227


Message Description: LOG_ID_UPD_DLP_FAIL
Message Meaning: DLP fingerprint database failed to update by SCP
Type: Event
Category: SYSTEM
Severity: Warning

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

ui User Interface string 64

user User name of authenticated user string 256

vd Virtual Domain Name string 32

FortiOS 6.4.7 Log Reference 577


Fortinet, Inc.
Log Messages

32228 - LOG_ID_LOAD_IMG_FAIL_WRONG_IMG

Message ID: 32228


Message Description: LOG_ID_LOAD_IMG_FAIL_WRONG_IMG
Message Meaning: Firmware image loaded incorrect
Type: Event
Category: SYSTEM
Severity: Critical

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

vd Virtual Domain Name string 32

32229 - LOG_ID_LOAD_IMG_FAIL_NO_RSA

Message ID: 32229


Message Description: LOG_ID_LOAD_IMG_FAIL_NO_RSA
Message Meaning: Firmware image without valid RSA signature loaded
Type: Event
Category: SYSTEM
Severity: Critical

FortiOS 6.4.7 Log Reference 578


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

vd Virtual Domain Name string 32

32230 - LOG_ID_LOAD_IMG_FAIL_INVALID_RSA

Message ID: 32230


Message Description: LOG_ID_LOAD_IMG_FAIL_INVALID_RSA
Message Meaning: Firmware image with invalid RSA signature loaded
Type: Event
Category: SYSTEM
Severity: Critical

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

FortiOS 6.4.7 Log Reference 579


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

vd Virtual Domain Name string 32

32231 - LOG_ID_RESTORE_FGD_SVR_FAIL

Message ID: 32231


Message Description: LOG_ID_RESTORE_FGD_SVR_FAIL
Message Meaning: FortiGuard service failed to restore
Type: Event
Category: SYSTEM
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

ui User Interface string 64

user User name of authenticated user string 256

vd Virtual Domain Name string 32

FortiOS 6.4.7 Log Reference 580


Fortinet, Inc.
Log Messages

32232 - LOG_ID_RESTORE_VDOM_LIC_FAIL

Message ID: 32232


Message Description: LOG_ID_RESTORE_VDOM_LIC_FAIL
Message Meaning: VM license failed to restore
Type: Event
Category: SYSTEM
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

ui User Interface string 64

user User name of authenticated user string 256

vd Virtual Domain Name string 32

32233 - LOG_ID_BACKUP_IMG_FAIL

Message ID: 32233


Message Description: LOG_ID_BACKUP_IMG_FAIL
Message Meaning: Firmware image backup failed
Type: Event
Category: SYSTEM
Severity: Notice

FortiOS 6.4.7 Log Reference 581


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

status Status string 23

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

ui User Interface string 64

user User name of authenticated user string 256

vd Virtual Domain Name string 32

32234 - LOG_ID_RESTORE_IMG_INVALID_CC

Message ID: 32234


Message Description: LOG_ID_RESTORE_IMG_INVALID_CC
Message Meaning: Image with invalid CC signature restored
Type: Event
Category: SYSTEM
Severity: Critical

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

FortiOS 6.4.7 Log Reference 582


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

vd Virtual Domain Name string 32

32235 - LOG_ID_RESTORE_IMG_FORTIGUARD

Message ID: 32235


Message Description: LOG_ID_RESTORE_IMG_FORTIGUARD
Message Meaning: Image restored from FortiGuard Management
Type: Event
Category: SYSTEM
Severity: Critical, Notice

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

FortiOS 6.4.7 Log Reference 583


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

user User name of authenticated user string 256

vd Virtual Domain Name string 32

32236 - LOG_ID_BACKUP_MEM_LOG

Message ID: 32236


Message Description: LOG_ID_BACKUP_MEM_LOG
Message Meaning: Memory logs backed up
Type: Event
Category: SYSTEM
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

ui User Interface string 64

user User name of authenticated user string 256

vd Virtual Domain Name string 32

32237 - LOG_ID_BACKUP_MEM_LOG_FAIL

Message ID: 32237


Message Description: LOG_ID_BACKUP_MEM_LOG_FAIL
Message Meaning: Memory logs failed to back up

FortiOS 6.4.7 Log Reference 584


Fortinet, Inc.
Log Messages

Type: Event
Category: SYSTEM
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

ui User Interface string 64

user User name of authenticated user string 256

vd Virtual Domain Name string 32

32238 - LOG_ID_BACKUP_DISK_LOG_FAIL

Message ID: 32238


Message Description: LOG_ID_BACKUP_DISK_LOG_FAIL
Message Meaning: Disk logs failed to back up
Type: Event
Category: SYSTEM
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

FortiOS 6.4.7 Log Reference 585


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

ui User Interface string 64

user User name of authenticated user string 256

vd Virtual Domain Name string 32

32239 - LOG_ID_BACKUP_DISK_LOG_USB

Message ID: 32239


Message Description: LOG_ID_BACKUP_DISK_LOG_USB
Message Meaning: Disk logs backed up to USB
Type: Event
Category: SYSTEM
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

FortiOS 6.4.7 Log Reference 586


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

time Time string 8

type Log Type string 16

tz Time zone string 5

ui User Interface string 64

user User name of authenticated user string 256

vd Virtual Domain Name string 32

32240 - LOG_ID_SYS_USB_MODE

Message ID: 32240


Message Description: LOG_ID_SYS_USB_MODE
Message Meaning: System operating in USB mode
Type: Event
Category: SYSTEM
Severity: Critical

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

status Status string 23

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

FortiOS 6.4.7 Log Reference 587


Fortinet, Inc.
Log Messages

32241 - LOG_ID_BACKUP_DISK_LOG_USB_FAIL

Message ID: 32241


Message Description: LOG_ID_BACKUP_DISK_LOG_USB_FAIL
Message Meaning: Disk logs failed to back up to USB
Type: Event
Category: SYSTEM
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

ui User Interface string 64

user User name of authenticated user string 256

vd Virtual Domain Name string 32

32242 - LOG_ID_UPD_VDOM_LIC_FAIL

Message ID: 32242


Message Description: LOG_ID_UPD_VDOM_LIC_FAIL
Message Meaning: VM license failed to install via SCP
Type: Event
Category: SYSTEM
Severity: Warning

FortiOS 6.4.7 Log Reference 588


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

ui User Interface string 64

user User name of authenticated user string 256

vd Virtual Domain Name string 32

32243 - LOG_ID_UPD_IPS_SCP

Message ID: 32243


Message Description: LOG_ID_UPD_IPS_SCP
Message Meaning: IPS package updated via SCP
Type: Event
Category: SYSTEM
Severity: Warning

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

FortiOS 6.4.7 Log Reference 589


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

ui User Interface string 64

user User name of authenticated user string 256

vd Virtual Domain Name string 32

32244 - LOG_ID_UPD_IPS_SCP_FAIL

Message ID: 32244


Message Description: LOG_ID_UPD_IPS_SCP_FAIL
Message Meaning: IPS package failed to update via SCP
Type: Event
Category: SYSTEM
Severity: Warning

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

FortiOS 6.4.7 Log Reference 590


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

ui User Interface string 64

user User name of authenticated user string 256

vd Virtual Domain Name string 32

32245 - LOG_ID_BACKUP_USER_DEF_IPS_FAIL

Message ID: 32245


Message Description: LOG_ID_BACKUP_USER_DEF_IPS_FAIL
Message Meaning: IPS custom signatures backup failed
Type: Event
Category: SYSTEM
Severity: Error

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

status Status string 23

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

ui User Interface string 64

user User name of authenticated user string 256

vd Virtual Domain Name string 32

32246 - LOG_ID_RESTORE_USR_DEF_IPS_CRITICAL

Message ID: 32246

FortiOS 6.4.7 Log Reference 591


Fortinet, Inc.
Log Messages

Message Description: LOG_ID_RESTORE_USR_DEF_IPS_CRITICAL


Message Meaning: IPS custom signatures restored critical
Type: Event
Category: SYSTEM
Severity: Critical

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

status Status string 23

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

ui User Interface string 64

user User name of authenticated user string 256

vd Virtual Domain Name string 32

32247 - LOG_ID_SSH_NEGOTIATION_FAILURE

Message ID: 32247


Message Description: LOG_ID_SSH_NEGOTIATION_FAILURE
Message Meaning: SSH protocol cannot be negotiated
Type: Event
Category: SYSTEM
Severity: Error

FortiOS 6.4.7 Log Reference 592


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

addr IP Address string 80

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

port Port Number uint16 5

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

32252 - LOG_ID_FACTORY_RESET

Message ID: 32252


Message Description: LOG_ID_FACTORY_RESET
Message Meaning: Factory settings reset
Type: Event
Category: SYSTEM
Severity: Critical

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

FortiOS 6.4.7 Log Reference 593


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

ui User Interface string 64

user User name of authenticated user string 256

vd Virtual Domain Name string 32

32253 - LOG_ID_FORMAT_RAID

Message ID: 32253


Message Description: LOG_ID_FORMAT_RAID
Message Meaning: RAID disk formatted
Type: Event
Category: SYSTEM
Severity: Critical

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

ui User Interface string 64

FortiOS 6.4.7 Log Reference 594


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

user User name of authenticated user string 256

vd Virtual Domain Name string 32

32254 - LOG_ID_ENABLE_RAID

Message ID: 32254


Message Description: LOG_ID_ENABLE_RAID
Message Meaning: RAID enabled
Type: Event
Category: SYSTEM
Severity: Critical

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

ui User Interface string 64

user User name of authenticated user string 256

vd Virtual Domain Name string 32

32255 - LOG_ID_DISABLE_RAID

Message ID: 32255


Message Description: LOG_ID_DISABLE_RAID
Message Meaning: RAID disabled

FortiOS 6.4.7 Log Reference 595


Fortinet, Inc.
Log Messages

Type: Event
Category: SYSTEM
Severity: Critical

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

ui User Interface string 64

user User name of authenticated user string 256

vd Virtual Domain Name string 32

32300 - LOG_ID_UPLOAD_RPT_IMG

Message ID: 32300


Message Description: LOG_ID_UPLOAD_RPT_IMG
Message Meaning: Report image file uploaded
Type: Event
Category: SYSTEM
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

FortiOS 6.4.7 Log Reference 596


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

reason Reason string 256

status Status string 23

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

ui User Interface string 64

user User name of authenticated user string 256

vd Virtual Domain Name string 32

32301 - LOG_ID_ADD_VDOM

Message ID: 32301


Message Description: LOG_ID_ADD_VDOM
Message Meaning: VDOM added
Type: Event
Category: SYSTEM
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

FortiOS 6.4.7 Log Reference 597


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

ui User Interface string 64

user User name of authenticated user string 256

vd Virtual Domain Name string 32

32302 - LOG_ID_DEL_VDOM

Message ID: 32302


Message Description: LOG_ID_DEL_VDOM
Message Meaning: VDOM deleted
Type: Event
Category: SYSTEM
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

ui User Interface string 64

FortiOS 6.4.7 Log Reference 598


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

user User name of authenticated user string 256

vd Virtual Domain Name string 32

32545 - LOG_ID_SYS_RESTART

Message ID: 32545


Message Description: LOG_ID_SYS_RESTART
Message Meaning: Scheduled daily reboot started
Type: Event
Category: SYSTEM
Severity: Critical

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

ui User Interface string 64

user User name of authenticated user string 256

vd Virtual Domain Name string 32

32546 - LOG_ID_APPLICATION_CRASH

Message ID: 32546


Message Description: LOG_ID_APPLICATION_CRASH
Message Meaning: Application crashed

FortiOS 6.4.7 Log Reference 599


Fortinet, Inc.
Log Messages

Type: Event
Category: SYSTEM
Severity: Warning

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

32547 - LOG_ID_AUTOSCRIPT_START

Message ID: 32547


Message Description: LOG_ID_AUTOSCRIPT_START
Message Meaning: Autoscript start
Type: Event
Category: SYSTEM
Severity: Information

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

FortiOS 6.4.7 Log Reference 600


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

ui User Interface string 64

user User name of authenticated user string 256

vd Virtual Domain Name string 32

32548 - LOG_ID_AUTOSCRIPT_STOP

Message ID: 32548


Message Description: LOG_ID_AUTOSCRIPT_STOP
Message Meaning: Autoscript stop
Type: Event
Category: SYSTEM
Severity: Information

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

FortiOS 6.4.7 Log Reference 601


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

tz Time zone string 5

ui User Interface string 64

user User name of authenticated user string 256

vd Virtual Domain Name string 32

32549 - LOG_ID_AUTOSCRIPT_STOP_AUTO

Message ID: 32549


Message Description: LOG_ID_AUTOSCRIPT_STOP_AUTO
Message Meaning: Autoscript stop automatically
Type: Event
Category: SYSTEM
Severity: Information

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

32550 - LOG_ID_AUTOSCRIPT_DELETE_RSLT

Message ID: 32550


Message Description: LOG_ID_AUTOSCRIPT_DELETE_RSLT
Message Meaning: Autoscript delete result
Type: Event

FortiOS 6.4.7 Log Reference 602


Fortinet, Inc.
Log Messages

Category: SYSTEM
Severity: Information

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

ui User Interface string 64

user User name of authenticated user string 256

vd Virtual Domain Name string 32

32551 - LOG_ID_AUTOSCRIPT_BACKUP_RSLT

Message ID: 32551


Message Description: LOG_ID_AUTOSCRIPT_BACKUP_RSLT
Message Meaning: Autoscript backup result
Type: Event
Category: SYSTEM
Severity: Information

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

FortiOS 6.4.7 Log Reference 603


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

ui User Interface string 64

user User name of authenticated user string 256

vd Virtual Domain Name string 32

32552 - LOG_ID_AUTOSCRIPT_CHECK_STATUS

Message ID: 32552


Message Description: LOG_ID_AUTOSCRIPT_CHECK_STATUS
Message Meaning: Autoscript check status
Type: Event
Category: SYSTEM
Severity: Information

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

FortiOS 6.4.7 Log Reference 604


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

tz Time zone string 5

ui User Interface string 64

user User name of authenticated user string 256

vd Virtual Domain Name string 32

32553 - LOG_ID_AUTOSCRIPT_STOP_REACH_LIMIT

Message ID: 32553


Message Description: LOG_ID_AUTOSCRIPT_STOP_REACH_LIMIT
Message Meaning: Autoscript stop due to limit reached
Type: Event
Category: SYSTEM
Severity: Information

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

32561 - LOG_ID_ADMIN_LOGOUT_DISCONNECT

Message ID: 32561


Message Description: LOG_ID_ADMIN_LOGOUT_DISCONNECT
Message Meaning: Admin disconnected
Type: Event

FortiOS 6.4.7 Log Reference 605


Fortinet, Inc.
Log Messages

Category: SYSTEM
Severity: Information

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

dstip Destination IP ip 39

duration Duration uint32 10

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

method Method string 64

msg Log Message string 4096

reason Reason string 256

sn Serial Number string 64

srcip Source IP ip 39

state State string 64

status Status string 23

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

ui User Interface string 64

user User name of authenticated user string 256

vd Virtual Domain Name string 32

32562 - LOG_ID_STORE_CONF_FAIL_SPACE

Message ID: 32562


Message Description: LOG_ID_STORE_CONF_FAIL_SPACE
Message Meaning: Store config failed - not enough flash space
Type: Event

FortiOS 6.4.7 Log Reference 606


Fortinet, Inc.
Log Messages

Category: SYSTEM
Severity: Critical

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

32564 - LOG_ID_RESTORE_CONF_FAIL

Message ID: 32564


Message Description: LOG_ID_RESTORE_CONF_FAIL
Message Meaning: Configuration failed to restore
Type: Event
Category: SYSTEM
Severity: Warning, Notice

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

FortiOS 6.4.7 Log Reference 607


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

ui User Interface string 64

user User name of authenticated user string 256

vd Virtual Domain Name string 32

32565 - LOG_ID_RESTORE_CONF_BY_MGMT

Message ID: 32565


Message Description: LOG_ID_RESTORE_CONF_BY_MGMT
Message Meaning: Configuration restored from management station
Type: Event
Category: SYSTEM
Severity: Warning

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

ui User Interface string 64

user User name of authenticated user string 256

vd Virtual Domain Name string 32

FortiOS 6.4.7 Log Reference 608


Fortinet, Inc.
Log Messages

32566 - LOG_ID_RESTORE_CONF_BY_SCP

Message ID: 32566


Message Description: LOG_ID_RESTORE_CONF_BY_SCP
Message Meaning: Configuration restored by SCP
Type: Event
Category: SYSTEM
Severity: Critical

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

ui User Interface string 64

user User name of authenticated user string 256

vd Virtual Domain Name string 32

32567 - LOG_ID_RESTORE_CONF_BY_USB

Message ID: 32567


Message Description: LOG_ID_RESTORE_CONF_BY_USB
Message Meaning: Configuration restored by USB
Type: Event
Category: SYSTEM
Severity: Critical

FortiOS 6.4.7 Log Reference 609


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

ui User Interface string 64

user User name of authenticated user string 256

vd Virtual Domain Name string 32

32568 - LOG_ID_DEL_REVISION_DB

Message ID: 32568


Message Description: LOG_ID_DEL_REVISION_DB
Message Meaning: Revision Database deletion
Type: Event
Category: SYSTEM
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

FortiOS 6.4.7 Log Reference 610


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

logid Log ID string 10

msg Log Message string 4096

status Status string 23

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

32569 - LOG_ID_FSW_SWITCH_LOG_EVENT

Message ID: 32569


Message Description: LOG_ID_FSW_SWITCH_LOG_EVENT
Message Meaning: Switch-Controller
Type: Event
Category: SWITCH-CONTROLLER
Severity: Unknown

Log Field Name Description Data Type Length

cfgattr string 4096

cfgobj string 256

cfgpath string 128

cfgtid uint32 10

date string 10

devid string 16

eventtime uint64 20

level string 11

logdesc string 4096

logid string 10

msg string 4096

name string 128

sn string 64

FortiOS 6.4.7 Log Reference 611


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

subtype string 20

time string 8

type string 16

tz string 5

ui string 64

user string 256

vd string 32

32570 - LOG_ID_ADMIN_MTNER_LOGOUT_DISCONNECT

Message ID: 32570


Message Description: LOG_ID_ADMIN_MTNER_LOGOUT_DISCONNECT
Message Meaning: Admin monitor disconnected
Type: Event
Category: SYSTEM
Severity: Alert

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

dstip Destination IP ip 39

duration Duration uint32 10

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

method Method string 64

msg Log Message string 4096

reason Reason string 256

sn Serial Number string 64

srcip Source IP ip 39

FortiOS 6.4.7 Log Reference 612


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

state State string 64

status Status string 23

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

ui User Interface string 64

user User name of authenticated user string 256

vd Virtual Domain Name string 32

32601 - LOG_ID_FGT_SWITCH_LOG_DISCOVER

Message ID: 32601


Message Description: LOG_ID_FGT_SWITCH_LOG_DISCOVER
Message Meaning: Switch-Controller discovered
Type: Event
Category: SWITCH-CONTROLLER
Severity: Information

Log Field Name Description Data Type Length

date string 10

devid string 16

eventtime uint64 20

level string 11

logdesc string 4096

logid string 10

msg string 4096

name string 128

sn string 64

subtype string 20

time string 8

type string 16

FortiOS 6.4.7 Log Reference 613


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

tz string 5

ui string 64

user string 256

vd string 32

32602 - LOG_ID_FGT_SWITCH_LOG_AUTH

Message ID: 32602


Message Description: LOG_ID_FGT_SWITCH_LOG_AUTH
Message Meaning: Switch-Controller authorized
Type: Event
Category: SWITCH-CONTROLLER
Severity: Information

Log Field Name Description Data Type Length

date string 10

devid string 16

eventtime uint64 20

level string 11

logdesc string 4096

logid string 10

msg string 4096

name string 128

sn string 64

subtype string 20

time string 8

type string 16

tz string 5

ui string 64

user string 256

vd string 32

FortiOS 6.4.7 Log Reference 614


Fortinet, Inc.
Log Messages

32603 - LOG_ID_FGT_SWITCH_LOG_DEAUTH

Message ID: 32603


Message Description: LOG_ID_FGT_SWITCH_LOG_DEAUTH
Message Meaning: Switch-Controller deauthorized
Type: Event
Category: SWITCH-CONTROLLER
Severity: Information

Log Field Name Description Data Type Length

date string 10

devid string 16

eventtime uint64 20

level string 11

logdesc string 4096

logid string 10

msg string 4096

name string 128

sn string 64

subtype string 20

time string 8

type string 16

tz string 5

ui string 64

user string 256

vd string 32

32604 - LOG_ID_FGT_SWITCH_LOG_DELETE

Message ID: 32604


Message Description: LOG_ID_FGT_SWITCH_LOG_DELETE
Message Meaning: Switch-Controller deleted
Type: Event
Category: SWITCH-CONTROLLER
Severity: Information

FortiOS 6.4.7 Log Reference 615


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

date string 10

devid string 16

eventtime uint64 20

level string 11

logdesc string 4096

logid string 10

msg string 4096

name string 128

sn string 64

subtype string 20

time string 8

type string 16

tz string 5

ui string 64

user string 256

vd string 32

32605 - LOG_ID_FGT_SWITCH_LOG_TUNNEL_UP

Message ID: 32605


Message Description: LOG_ID_FGT_SWITCH_LOG_TUNNEL_UP
Message Meaning: Switch-Controller Tunnel Up
Type: Event
Category: SWITCH-CONTROLLER
Severity: Information

Log Field Name Description Data Type Length

date string 10

devid string 16

eventtime uint64 20

level string 11

logdesc string 4096

FortiOS 6.4.7 Log Reference 616


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

logid string 10

msg string 4096

name string 128

sn string 64

subtype string 20

time string 8

type string 16

tz string 5

ui string 64

user string 256

vd string 32

32606 - LOG_ID_FGT_SWITCH_LOG_TUNNEL_DOWN

Message ID: 32606


Message Description: LOG_ID_FGT_SWITCH_LOG_TUNNEL_DOWN
Message Meaning: Switch-Controller Tunnel Down
Type: Event
Category: SWITCH-CONTROLLER
Severity: Warning

Log Field Name Description Data Type Length

date string 10

devid string 16

eventtime uint64 20

level string 11

logdesc string 4096

logid string 10

msg string 4096

name string 128

sn string 64

subtype string 20

FortiOS 6.4.7 Log Reference 617


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

time string 8

type string 16

tz string 5

ui string 64

user string 256

vd string 32

32607 - LOG_ID_FGT_SWITCH_PUSH_IMAGE

Message ID: 32607


Message Description: LOG_ID_FGT_SWITCH_PUSH_IMAGE
Message Meaning: Image push to FortiSwitch
Type: Event
Category: SWITCH-CONTROLLER
Severity: Information

Log Field Name Description Data Type Length

date string 10

devid string 16

eventtime uint64 20

level string 11

logdesc string 4096

logid string 10

msg string 4096

name string 128

sn string 64

subtype string 20

time string 8

type string 16

tz string 5

ui string 64

user string 256

vd string 32

FortiOS 6.4.7 Log Reference 618


Fortinet, Inc.
Log Messages

32608 - LOG_ID_FGT_SWITCH_STAGE_IMAGE

Message ID: 32608


Message Description: LOG_ID_FGT_SWITCH_STAGE_IMAGE
Message Meaning: Image stage to FortiSwitch
Type: Event
Category: SWITCH-CONTROLLER
Severity: Information

Log Field Name Description Data Type Length

date string 10

devid string 16

eventtime uint64 20

level string 11

logdesc string 4096

logid string 10

msg string 4096

name string 128

sn string 64

subtype string 20

time string 8

type string 16

tz string 5

ui string 64

user string 256

vd string 32

32609 - LOG_ID_FGT_SWITCH_DISABLE_DISCOVERY

Message ID: 32609


Message Description: LOG_ID_FGT_SWITCH_DISABLE_DISCOVERY
Message Meaning: Disable FortiSwitch Discovery
Type: Event
Category: SWITCH-CONTROLLER
Severity: Information

FortiOS 6.4.7 Log Reference 619


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

date string 10

devid string 16

eventtime uint64 20

level string 11

logdesc string 4096

logid string 10

msg string 4096

subtype string 20

time string 8

type string 16

tz string 5

ui string 64

user string 256

vd string 32

32610 - LOG_ID_FGT_SWITCH_LOG_WARNING

Message ID: 32610


Message Description: LOG_ID_FGT_SWITCH_LOG_WARNING
Message Meaning: Switch-Controller warning
Type: Event
Category: SWITCH-CONTROLLER
Severity: Warning

Log Field Name Description Data Type Length

date string 10

devid string 16

eventtime uint64 20

level string 11

logdesc string 4096

logid string 10

msg string 4096

FortiOS 6.4.7 Log Reference 620


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

subtype string 20

time string 8

type string 16

tz string 5

ui string 64

user string 256

vd string 32

32611 - LOG_ID_FGT_SWITCH_EXPORT_POOL

Message ID: 32611


Message Description: LOG_ID_FGT_SWITCH_EXPORT_POOL
Message Meaning: Export port to pool
Type: Event
Category: SWITCH-CONTROLLER
Severity: Information

Log Field Name Description Data Type Length

date string 10

devid string 16

eventtime uint64 20

level string 11

logdesc string 4096

logid string 10

msg string 4096

name string 128

sn string 64

subtype string 20

time string 8

type string 16

tz string 5

ui string 64

FortiOS 6.4.7 Log Reference 621


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

user string 256

vd string 32

32612 - LOG_ID_FGT_SWITCH_EXPORT_VDOM

Message ID: 32612


Message Description: LOG_ID_FGT_SWITCH_EXPORT_VDOM
Message Meaning: Export port to vdom
Type: Event
Category: SWITCH-CONTROLLER
Severity: Information

Log Field Name Description Data Type Length

date string 10

devid string 16

eventtime uint64 20

level string 11

logdesc string 4096

logid string 10

msg string 4096

name string 128

sn string 64

subtype string 20

time string 8

type string 16

tz string 5

ui string 64

user string 256

vd string 32

32613 - LOG_ID_FGT_SWITCH_REQUEST_PORT

Message ID: 32613


Message Description: LOG_ID_FGT_SWITCH_REQUEST_PORT

FortiOS 6.4.7 Log Reference 622


Fortinet, Inc.
Log Messages

Message Meaning: Request port from pool


Type: Event
Category: SWITCH-CONTROLLER
Severity: Information

Log Field Name Description Data Type Length

date string 10

devid string 16

eventtime uint64 20

level string 11

logdesc string 4096

logid string 10

msg string 4096

subtype string 20

time string 8

type string 16

tz string 5

ui string 64

user string 256

vd string 32

32614 - LOG_ID_FGT_SWITCH_RETURN_PORT

Message ID: 32614


Message Description: LOG_ID_FGT_SWITCH_RETURN_PORT
Message Meaning: Return port to pool
Type: Event
Category: SWITCH-CONTROLLER
Severity: Information

Log Field Name Description Data Type Length

date string 10

devid string 16

eventtime uint64 20

FortiOS 6.4.7 Log Reference 623


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

level string 11

logdesc string 4096

logid string 10

msg string 4096

subtype string 20

time string 8

type string 16

tz string 5

ui string 64

user string 256

vd string 32

32615 - LOG_ID_FGT_SWITCH_MAC_ADD

Message ID: 32615


Message Description: LOG_ID_FGT_SWITCH_MAC_ADD
Message Meaning: FortiSwitch MAC add
Type: Event
Category: SWITCH-CONTROLLER
Severity: Information

Log Field Name Description Data Type Length

date string 10

devid string 16

eventtime uint64 20

level string 11

logdesc string 4096

logid string 10

msg string 4096

name string 128

sn string 64

subtype string 20

FortiOS 6.4.7 Log Reference 624


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

time string 8

type string 16

tz string 5

ui string 64

user string 256

vd string 32

32616 - LOG_ID_FGT_SWITCH_MAC_DEL

Message ID: 32616


Message Description: LOG_ID_FGT_SWITCH_MAC_DEL
Message Meaning: FortiSwitch MAC delete
Type: Event
Category: SWITCH-CONTROLLER
Severity: Information

Log Field Name Description Data Type Length

date string 10

devid string 16

eventtime uint64 20

level string 11

logdesc string 4096

logid string 10

msg string 4096

name string 128

sn string 64

subtype string 20

time string 8

type string 16

tz string 5

ui string 64

user string 256

vd string 32

FortiOS 6.4.7 Log Reference 625


Fortinet, Inc.
Log Messages

32617 - LOG_ID_FGT_SWITCH_MAC_MOVE

Message ID: 32617


Message Description: LOG_ID_FGT_SWITCH_MAC_MOVE
Message Meaning: FortiSwitch MAC move
Type: Event
Category: SWITCH-CONTROLLER
Severity: Information

Log Field Name Description Data Type Length

date string 10

devid string 16

eventtime uint64 20

level string 11

logdesc string 4096

logid string 10

msg string 4096

name string 128

sn string 64

subtype string 20

time string 8

type string 16

tz string 5

ui string 64

user string 256

vd string 32

32693 - LOG_ID_FGT_SWITCH_GROUP_SWC

Message ID: 32693


Message Description: LOG_ID_FGT_SWITCH_GROUP_SWC
Message Meaning: FortiSwitch switch controller
Type: Event
Category: SWITCH-CONTROLLER
Severity: Critical

FortiOS 6.4.7 Log Reference 626


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

cfgattr string 4096

cfgobj string 256

cfgpath string 128

cfgtid uint32 10

date string 10

devid string 16

eventtime uint64 20

level string 11

logdesc string 4096

logid string 10

msg string 4096

name string 128

sn string 64

subtype string 20

time string 8

type string 16

tz string 5

ui string 64

user string 256

vd string 32

32694 - LOG_ID_FGT_SWITCH_GROUP_POE

Message ID: 32694


Message Description: LOG_ID_FGT_SWITCH_GROUP_POE
Message Meaning: FortiSwitch PoE
Type: Event
Category: SWITCH-CONTROLLER
Severity: Critical

Log Field Name Description Data Type Length

cfgattr string 4096

FortiOS 6.4.7 Log Reference 627


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

cfgobj string 256

cfgpath string 128

cfgtid uint32 10

date string 10

devid string 16

eventtime uint64 20

level string 11

logdesc string 4096

logid string 10

msg string 4096

name string 128

sn string 64

subtype string 20

time string 8

type string 16

tz string 5

ui string 64

user string 256

vd string 32

32695 - LOG_ID_FGT_SWITCH_GROUP_LINK

Message ID: 32695


Message Description: LOG_ID_FGT_SWITCH_GROUP_LINK
Message Meaning: FortiSwitch link
Type: Event
Category: SWITCH-CONTROLLER
Severity: Critical

Log Field Name Description Data Type Length

cfgattr string 4096

cfgobj string 256

FortiOS 6.4.7 Log Reference 628


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

cfgpath string 128

cfgtid uint32 10

date string 10

devid string 16

eventtime uint64 20

level string 11

logdesc string 4096

logid string 10

msg string 4096

name string 128

sn string 64

subtype string 20

time string 8

type string 16

tz string 5

ui string 64

user string 256

vd string 32

32696 - LOG_ID_FGT_SWITCH_GROUP_STP

Message ID: 32696


Message Description: LOG_ID_FGT_SWITCH_GROUP_STP
Message Meaning: FortiSwitch spanning Tree
Type: Event
Category: SWITCH-CONTROLLER
Severity: Critical

Log Field Name Description Data Type Length

cfgattr string 4096

cfgobj string 256

cfgpath string 128

FortiOS 6.4.7 Log Reference 629


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

cfgtid uint32 10

date string 10

devid string 16

eventtime uint64 20

level string 11

logdesc string 4096

logid string 10

msg string 4096

name string 128

sn string 64

subtype string 20

time string 8

type string 16

tz string 5

ui string 64

user string 256

vd string 32

32697 - LOG_ID_FGT_SWITCH_GROUP_SWITCH

Message ID: 32697


Message Description: LOG_ID_FGT_SWITCH_GROUP_SWITCH
Message Meaning: FortiSwitch switch
Type: Event
Category: SWITCH-CONTROLLER
Severity: Critical

Log Field Name Description Data Type Length

cfgattr string 4096

cfgobj string 256

cfgpath string 128

cfgtid uint32 10

FortiOS 6.4.7 Log Reference 630


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

date string 10

devid string 16

eventtime uint64 20

level string 11

logdesc string 4096

logid string 10

msg string 4096

name string 128

sn string 64

subtype string 20

time string 8

type string 16

tz string 5

ui string 64

user string 256

vd string 32

32698 - LOG_ID_FGT_SWITCH_GROUP_ROUTER

Message ID: 32698


Message Description: LOG_ID_FGT_SWITCH_GROUP_ROUTER
Message Meaning: FortiSwitch router
Type: Event
Category: SWITCH-CONTROLLER
Severity: Critical

Log Field Name Description Data Type Length

cfgattr string 4096

cfgobj string 256

cfgpath string 128

cfgtid uint32 10

date string 10

FortiOS 6.4.7 Log Reference 631


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

devid string 16

eventtime uint64 20

level string 11

logdesc string 4096

logid string 10

msg string 4096

name string 128

sn string 64

subtype string 20

time string 8

type string 16

tz string 5

ui string 64

user string 256

vd string 32

32699 - LOG_ID_FGT_SWITCH_GROUP_SYSTEM

Message ID: 32699


Message Description: LOG_ID_FGT_SWITCH_GROUP_SYSTEM
Message Meaning: FortiSwitch system
Type: Event
Category: SWITCH-CONTROLLER
Severity: Critical

Log Field Name Description Data Type Length

cfgattr string 4096

cfgobj string 256

cfgpath string 128

cfgtid uint32 10

date string 10

devid string 16

FortiOS 6.4.7 Log Reference 632


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

eventtime uint64 20

level string 11

logdesc string 4096

logid string 10

msg string 4096

name string 128

sn string 64

subtype string 20

time string 8

type string 16

tz string 5

ui string 64

user string 256

vd string 32

32700 - LOG_ID_DPDK_EARLY_INIT_FAIL

Message ID: 32700


Message Description: LOG_ID_DPDK_EARLY_INIT_FAIL
Message Meaning: DPDK early initialization failed.
Type: Event
Category: SYSTEM
Severity: Critical

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

FortiOS 6.4.7 Log Reference 633


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

34415 - LOG_ID_NP6_IPSEC_ENGINE_BUSY

Message ID: 34415


Message Description: LOG_ID_NP6_IPSEC_ENGINE_BUSY
Message Meaning: NP6 IPsec engine is busy
Type: Event
Category: SYSTEM
Severity: Information

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

34416 - LOG_ID_NP6_IPSEC_ENGINE_POSSIBLY_LOCKUP

Message ID: 34416


Message Description: LOG_ID_NP6_IPSEC_ENGINE_POSSIBLY_LOCKUP
Message Meaning: NP6 IPsec engine is possibly locked up

FortiOS 6.4.7 Log Reference 634


Fortinet, Inc.
Log Messages

Type: Event
Category: SYSTEM
Severity: Warning

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

34417 - LOG_ID_NP6_IPSEC_ENGINE_LOCKUP

Message ID: 34417


Message Description: LOG_ID_NP6_IPSEC_ENGINE_LOCKUP
Message Meaning: NP6 IPsec engine is locked up
Type: Event
Category: SYSTEM
Severity: Critical

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

FortiOS 6.4.7 Log Reference 635


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

34418 - LOG_ID_NP6_HPE_PACKET_DROP

Message ID: 34418


Message Description: LOG_ID_NP6_HPE_PACKET_DROP
Message Meaning: NP6 HPE is dropping packets
Type: Event
Category: SYSTEM
Severity: Warning

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

34419 - LOG_ID_NP6_HPE_PACKET_FLOOD

Message ID: 34419


Message Description: LOG_ID_NP6_HPE_PACKET_FLOOD

FortiOS 6.4.7 Log Reference 636


Fortinet, Inc.
Log Messages

Message Meaning: NP6 HPE under a packets flood


Type: Event
Category: SYSTEM
Severity: Critical

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

35001 - LOG_ID_HA_SYNC_VIRDB

Message ID: 35001


Message Description: LOG_ID_HA_SYNC_VIRDB
Message Meaning: HA secondary synchronized Virus database
Type: Event
Category: HA
Severity: Notice

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

FortiOS 6.4.7 Log Reference 637


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

35002 - LOG_ID_HA_SYNC_ETDB

Message ID: 35002


Message Description: LOG_ID_HA_SYNC_ETDB
Message Meaning: HA secondary synchronized Extended database
Type: Event
Category: HA
Severity: Notice

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

35003 - LOG_ID_HA_SYNC_EXDB

Message ID: 35003

FortiOS 6.4.7 Log Reference 638


Fortinet, Inc.
Log Messages

Message Description: LOG_ID_HA_SYNC_EXDB


Message Meaning: HA secondary synchronized Extreme database
Type: Event
Category: HA
Severity: Notice

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

35004 - LOG_ID_HA_SYNC_FLDB

Message ID: 35004


Message Description: LOG_ID_HA_SYNC_FLDB
Message Meaning: HA secondary synchronized FLDB
Type: Event
Category: HA
Severity: Notice

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

FortiOS 6.4.7 Log Reference 639


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

35005 - LOG_ID_HA_SYNC_IPS

Message ID: 35005


Message Description: LOG_ID_HA_SYNC_IPS
Message Meaning: HA secondary synchronized IDS package
Type: Event
Category: HA
Severity: Notice

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

FortiOS 6.4.7 Log Reference 640


Fortinet, Inc.
Log Messages

35007 - LOG_ID_HA_SYNC_AV

Message ID: 35007


Message Description: LOG_ID_HA_SYNC_AV
Message Meaning: HA secondary synchronized AntiVirus package
Type: Event
Category: HA
Severity: Notice

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

35009 - LOG_ID_HA_SYNC_CID

Message ID: 35009


Message Description: LOG_ID_HA_SYNC_CID
Message Meaning: HA secondary synchronized CID package
Type: Event
Category: HA
Severity: Notice

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

FortiOS 6.4.7 Log Reference 641


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

35011 - LOG_ID_HA_SYNC_FAIL

Message ID: 35011


Message Description: LOG_ID_HA_SYNC_FAIL
Message Meaning: HA secondary synchronization failed
Type: Event
Category: HA
Severity: Error

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

FortiOS 6.4.7 Log Reference 642


Fortinet, Inc.
Log Messages

35012 - LOG_ID_CONF_SYNC_FAIL

Message ID: 35012


Message Description: LOG_ID_CONF_SYNC_FAIL
Message Meaning: Secondary sync failed
Type: Event
Category: HA
Severity: Error

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

35013 - LOG_ID_HA_FAILOVER_FAIL

Message ID: 35013


Message Description: LOG_ID_HA_FAILOVER_FAIL
Message Meaning: HA failover failed
Type: Event
Category: HA
Severity: Error

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

FortiOS 6.4.7 Log Reference 643


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

35014 - LOG_ID_HA_RESET_UPTIME

Message ID: 35014


Message Description: LOG_ID_HA_RESET_UPTIME
Message Meaning: HA reset uptime
Type: Event
Category: HA
Severity: Information

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

FortiOS 6.4.7 Log Reference 644


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

ui User Interface string 64

user User name of authenticated user string 256

vd Virtual Domain Name string 32

35015 - LOG_ID_HA_CLEAR_HISTORY

Message ID: 35015


Message Description: LOG_ID_HA_CLEAR_HISTORY
Message Meaning: HA clear history
Type: Event
Category: HA
Severity: Information

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

ui User Interface string 64

user User name of authenticated user string 256

vd Virtual Domain Name string 32

35016 - LOG_ID_HA_FAILOVER_SUCCESS

Message ID: 35016


Message Description: LOG_ID_HA_FAILOVER_SUCCESS
Message Meaning: HA failover success

FortiOS 6.4.7 Log Reference 645


Fortinet, Inc.
Log Messages

Type: Event
Category: HA
Severity: Information

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

36881 - LOG_ID_EVENT_SYSTEM_CFG_REVERT

Message ID: 36881


Message Description: LOG_ID_EVENT_SYSTEM_CFG_REVERT
Message Meaning: Configuration reverted due to timeout
Type: Event
Category: SYSTEM
Severity: Notice

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

FortiOS 6.4.7 Log Reference 646


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

36882 - LOG_ID_EVENT_SYSTEM_CFG_MANUALLY_SAVED

Message ID: 36882


Message Description: LOG_ID_EVENT_SYSTEM_CFG_MANUALLY_SAVED
Message Meaning: Configuration manually saved
Type: Event
Category: SYSTEM
Severity: Notice

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

ui User Interface string 64

user User name of authenticated user string 256

vd Virtual Domain Name string 32

FortiOS 6.4.7 Log Reference 647


Fortinet, Inc.
Log Messages

37120 - MESGID_NEG_GENERIC_P1_NOTIF

Message ID: 37120


Message Description: MESGID_NEG_GENERIC_P1_NOTIF
Message Meaning: Negotiate IPsec phase 1
Type: Event
Category: VPN
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

assignip IPsec VPN tunnel assigned IP address ip 39

cookies Cookie string 64

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

group User group Name string 64

level Log Level string 11

locip IPsec VPN local gateway IP address ip 39

locport Local Port uint16 5

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

outintf IPsec VPN binding interface string 32

peer_notif IPsec VPN Peer Notification string 25

remip IPsec VPN remote gateway IP address ip 39

remport Remote Port uint16 5

result IPsec VPN negotiation result string 31

status Status string 23

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

FortiOS 6.4.7 Log Reference 648


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

user User name of authenticated user string 256

useralt string 256

vd Virtual Domain Name string 32

vpntunnel IPsec VPN Tunnel Name string 128

xauthgroup IPsec VPN Xauth user group name string 128

xauthuser IPsec VPN Xauth user name string 256

37121 - MESGID_NEG_GENERIC_P1_ERROR

Message ID: 37121


Message Description: MESGID_NEG_GENERIC_P1_ERROR
Message Meaning: Negotiate IPsec phase 1
Type: Event
Category: VPN
Severity: Error

Log Field Name Description Data Type Length

action Policy Action string 65

assignip IPsec VPN tunnel assigned IP address ip 39

cookies Cookie string 64

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

group User group Name string 64

level Log Level string 11

locip IPsec VPN local gateway IP address ip 39

locport Local Port uint16 5

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

outintf IPsec VPN binding interface string 32

peer_notif IPsec VPN Peer Notification string 25

FortiOS 6.4.7 Log Reference 649


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

remip IPsec VPN remote gateway IP address ip 39

remport Remote Port uint16 5

result IPsec VPN negotiation result string 31

status Status string 23

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

useralt string 256

vd Virtual Domain Name string 32

vpntunnel IPsec VPN Tunnel Name string 128

xauthgroup IPsec VPN Xauth user group name string 128

xauthuser IPsec VPN Xauth user name string 256

37122 - MESGID_NEG_GENERIC_P2_NOTIF

Message ID: 37122


Message Description: MESGID_NEG_GENERIC_P2_NOTIF
Message Meaning: Negotiate IPsec phase 2
Type: Event
Category: VPN
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

assignip IPsec VPN tunnel assigned IP address ip 39

cookies Cookie string 64

date Date string 10

devid Device ID string 16

espauth IPsec Phase2 ESP message authentication code string 17

esptransform IPsec Phase2 ESP encryption method string 21

FortiOS 6.4.7 Log Reference 650


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

eventtime Event time uint64 20

group User group Name string 64

level Log Level string 11

locip IPsec VPN local gateway IP address ip 39

locport Local Port uint16 5

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

outintf IPsec VPN binding interface string 32

remip IPsec VPN remote gateway IP address ip 39

remport Remote Port uint16 5

role IPsec peer role, initator or responder string 9

status Status string 23

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

useralt string 256

vd Virtual Domain Name string 32

vpntunnel IPsec VPN Tunnel Name string 128

xauthgroup IPsec VPN Xauth user group name string 128

xauthuser IPsec VPN Xauth user name string 256

37123 - MESGID_NEG_GENERIC_P2_ERROR

Message ID: 37123


Message Description: MESGID_NEG_GENERIC_P2_ERROR
Message Meaning: Negotiate IPsec phase 2
Type: Event
Category: VPN
Severity: Error

FortiOS 6.4.7 Log Reference 651


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

action Policy Action string 65

assignip IPsec VPN tunnel assigned IP address ip 39

cookies Cookie string 64

date Date string 10

devid Device ID string 16

espauth IPsec Phase2 ESP message authentication code string 17

esptransform IPsec Phase2 ESP encryption method string 21

eventtime Event time uint64 20

group User group Name string 64

level Log Level string 11

locip IPsec VPN local gateway IP address ip 39

locport Local Port uint16 5

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

outintf IPsec VPN binding interface string 32

remip IPsec VPN remote gateway IP address ip 39

remport Remote Port uint16 5

role IPsec peer role, initator or responder string 9

status Status string 23

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

useralt string 256

vd Virtual Domain Name string 32

vpntunnel IPsec VPN Tunnel Name string 128

xauthgroup IPsec VPN Xauth user group name string 128

xauthuser IPsec VPN Xauth user name string 256

FortiOS 6.4.7 Log Reference 652


Fortinet, Inc.
Log Messages

37124 - MESGID_NEG_I_P1_ERROR

Message ID: 37124


Message Description: MESGID_NEG_I_P1_ERROR
Message Meaning: IPsec phase 1 error
Type: Event
Category: VPN
Severity: Error

Log Field Name Description Data Type Length

action Policy Action string 65

assignip IPsec VPN tunnel assigned IP address ip 39

cookies Cookie string 64

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

group User group Name string 64

level Log Level string 11

locip IPsec VPN local gateway IP address ip 39

locport Local Port uint16 5

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

outintf IPsec VPN binding interface string 32

peer_notif IPsec VPN Peer Notification string 25

reason Reason string 256

remip IPsec VPN remote gateway IP address ip 39

remport Remote Port uint16 5

status Status string 23

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

FortiOS 6.4.7 Log Reference 653


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

user User name of authenticated user string 256

useralt string 256

vd Virtual Domain Name string 32

vpntunnel IPsec VPN Tunnel Name string 128

xauthgroup IPsec VPN Xauth user group name string 128

xauthuser IPsec VPN Xauth user name string 256

37125 - MESGID_NEG_I_P2_ERROR

Message ID: 37125


Message Description: MESGID_NEG_I_P2_ERROR
Message Meaning: IPsec phase 2 error
Type: Event
Category: VPN
Severity: Error

Log Field Name Description Data Type Length

action Policy Action string 65

assignip IPsec VPN tunnel assigned IP address ip 39

cookies Cookie string 64

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

group User group Name string 64

level Log Level string 11

locip IPsec VPN local gateway IP address ip 39

locport Local Port uint16 5

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

outintf IPsec VPN binding interface string 32

reason Reason string 256

FortiOS 6.4.7 Log Reference 654


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

remip IPsec VPN remote gateway IP address ip 39

remport Remote Port uint16 5

status Status string 23

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

useralt string 256

vd Virtual Domain Name string 32

vpntunnel IPsec VPN Tunnel Name string 128

xauthgroup IPsec VPN Xauth user group name string 128

xauthuser IPsec VPN Xauth user name string 256

37126 - MESGID_NEG_NO_STATE_ERROR

Message ID: 37126


Message Description: MESGID_NEG_NO_STATE_ERROR
Message Meaning: IPsec no state error
Type: Event
Category: VPN
Severity: Error

Log Field Name Description Data Type Length

action Policy Action string 65

assignip IPsec VPN tunnel assigned IP address ip 39

cookies Cookie string 64

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

group User group Name string 64

level Log Level string 11

FortiOS 6.4.7 Log Reference 655


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

locip IPsec VPN local gateway IP address ip 39

locport Local Port uint16 5

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

outintf IPsec VPN binding interface string 32

reason Reason string 256

remip IPsec VPN remote gateway IP address ip 39

remport Remote Port uint16 5

status Status string 23

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

useralt string 256

vd Virtual Domain Name string 32

vpntunnel IPsec VPN Tunnel Name string 128

xauthgroup IPsec VPN Xauth user group name string 128

xauthuser IPsec VPN Xauth user name string 256

37127 - MESGID_NEG_PROGRESS_P1_NOTIF

Message ID: 37127


Message Description: MESGID_NEG_PROGRESS_P1_NOTIF
Message Meaning: Progress IPsec phase 1
Type: Event
Category: VPN
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

FortiOS 6.4.7 Log Reference 656


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

assignip IPsec VPN tunnel assigned IP address ip 39

cookies Cookie string 64

date Date string 10

devid Device ID string 16

dir Direction string 8

eventtime Event time uint64 20

exch Type of IKE messages exchanged string 14

group User group Name string 64

init string 6

level Log Level string 11

locip IPsec VPN local gateway IP address ip 39

locport Local Port uint16 5

logdesc Log Description string 4096

logid Log ID string 10

mode IPsec VPN ID protection mode string 12

msg Log Message string 4096

outintf IPsec VPN binding interface string 32

remip IPsec VPN remote gateway IP address ip 39

remport Remote Port uint16 5

result IPsec VPN negotiation result string 31

role IPsec peer role, initator or responder string 9

stage uint8 3

status Status string 23

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

useralt string 256

vd Virtual Domain Name string 32

FortiOS 6.4.7 Log Reference 657


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

version Version string 64

vpntunnel IPsec VPN Tunnel Name string 128

xauthgroup IPsec VPN Xauth user group name string 128

xauthuser IPsec VPN Xauth user name string 256

37128 - MESGID_NEG_PROGRESS_P1_ERROR

Message ID: 37128


Message Description: MESGID_NEG_PROGRESS_P1_ERROR
Message Meaning: Progress IPsec phase 1
Type: Event
Category: VPN
Severity: Error

Log Field Name Description Data Type Length

action Policy Action string 65

assignip IPsec VPN tunnel assigned IP address ip 39

cookies Cookie string 64

date Date string 10

devid Device ID string 16

dir Direction string 8

eventtime Event time uint64 20

exch Type of IKE messages exchanged string 14

group User group Name string 64

init string 6

level Log Level string 11

locip IPsec VPN local gateway IP address ip 39

locport Local Port uint16 5

logdesc Log Description string 4096

logid Log ID string 10

mode IPsec VPN ID protection mode string 12

msg Log Message string 4096

FortiOS 6.4.7 Log Reference 658


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

outintf IPsec VPN binding interface string 32

remip IPsec VPN remote gateway IP address ip 39

remport Remote Port uint16 5

result IPsec VPN negotiation result string 31

role IPsec peer role, initator or responder string 9

stage uint8 3

status Status string 23

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

useralt string 256

vd Virtual Domain Name string 32

version Version string 64

vpntunnel IPsec VPN Tunnel Name string 128

xauthgroup IPsec VPN Xauth user group name string 128

xauthuser IPsec VPN Xauth user name string 256

37129 - MESGID_NEG_PROGRESS_P2_NOTIF

Message ID: 37129


Message Description: MESGID_NEG_PROGRESS_P2_NOTIF
Message Meaning: Progress IPsec phase 2
Type: Event
Category: VPN
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

assignip IPsec VPN tunnel assigned IP address ip 39

cookies Cookie string 64

FortiOS 6.4.7 Log Reference 659


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

dir Direction string 8

eventtime Event time uint64 20

exch Type of IKE messages exchanged string 14

group User group Name string 64

init string 6

level Log Level string 11

locip IPsec VPN local gateway IP address ip 39

locport Local Port uint16 5

logdesc Log Description string 4096

logid Log ID string 10

mode IPsec VPN ID protection mode string 12

msg Log Message string 4096

outintf IPsec VPN binding interface string 32

remip IPsec VPN remote gateway IP address ip 39

remport Remote Port uint16 5

result IPsec VPN negotiation result string 31

role IPsec peer role, initator or responder string 9

stage uint8 3

status Status string 23

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

useralt string 256

vd Virtual Domain Name string 32

version Version string 64

vpntunnel IPsec VPN Tunnel Name string 128

FortiOS 6.4.7 Log Reference 660


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

xauthgroup IPsec VPN Xauth user group name string 128

xauthuser IPsec VPN Xauth user name string 256

37130 - MESGID_NEG_PROGRESS_P2_ERROR

Message ID: 37130


Message Description: MESGID_NEG_PROGRESS_P2_ERROR
Message Meaning: Progress IPsec phase 2
Type: Event
Category: VPN
Severity: Error

Log Field Name Description Data Type Length

action Policy Action string 65

assignip IPsec VPN tunnel assigned IP address ip 39

cookies Cookie string 64

date Date string 10

devid Device ID string 16

dir Direction string 8

eventtime Event time uint64 20

exch Type of IKE messages exchanged string 14

group User group Name string 64

init string 6

level Log Level string 11

locip IPsec VPN local gateway IP address ip 39

locport Local Port uint16 5

logdesc Log Description string 4096

logid Log ID string 10

mode IPsec VPN ID protection mode string 12

msg Log Message string 4096

outintf IPsec VPN binding interface string 32

remip IPsec VPN remote gateway IP address ip 39

FortiOS 6.4.7 Log Reference 661


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

remport Remote Port uint16 5

result IPsec VPN negotiation result string 31

role IPsec peer role, initator or responder string 9

stage uint8 3

status Status string 23

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

useralt string 256

vd Virtual Domain Name string 32

version Version string 64

vpntunnel IPsec VPN Tunnel Name string 128

xauthgroup IPsec VPN Xauth user group name string 128

xauthuser IPsec VPN Xauth user name string 256

37131 - MESGID_ESP_ERROR

Message ID: 37131


Message Description: MESGID_ESP_ERROR
Message Meaning: IPsec ESP
Type: Event
Category: VPN
Severity: Error

Log Field Name Description Data Type Length

action Policy Action string 65

assignip IPsec VPN tunnel assigned IP address ip 39

cookies Cookie string 64

date Date string 10

devid Device ID string 16

FortiOS 6.4.7 Log Reference 662


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

error_num Error Number string 53

eventtime Event time uint64 20

group User group Name string 64

level Log Level string 11

locip IPsec VPN local gateway IP address ip 39

locport Local Port uint16 5

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

outintf IPsec VPN binding interface string 32

remip IPsec VPN remote gateway IP address ip 39

remport Remote Port uint16 5

seq Sequence string 512

spi Security Parameter Index string 16

status Status string 23

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

useralt string 256

vd Virtual Domain Name string 32

vpntunnel IPsec VPN Tunnel Name string 128

xauthgroup IPsec VPN Xauth user group name string 128

xauthuser IPsec VPN Xauth user name string 256

37132 - MESGID_ESP_CRITICAL

Message ID: 37132


Message Description: MESGID_ESP_CRITICAL
Message Meaning: IPsec ESP
Type: Event
Category: VPN

FortiOS 6.4.7 Log Reference 663


Fortinet, Inc.
Log Messages

Severity: Critical

Log Field Name Description Data Type Length

action Policy Action string 65

assignip IPsec VPN tunnel assigned IP address ip 39

cookies Cookie string 64

date Date string 10

devid Device ID string 16

error_num Error Number string 53

eventtime Event time uint64 20

group User group Name string 64

level Log Level string 11

locip IPsec VPN local gateway IP address ip 39

locport Local Port uint16 5

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

outintf IPsec VPN binding interface string 32

remip IPsec VPN remote gateway IP address ip 39

remport Remote Port uint16 5

seq Sequence string 512

spi Security Parameter Index string 16

status Status string 23

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

useralt string 256

vd Virtual Domain Name string 32

vpntunnel IPsec VPN Tunnel Name string 128

xauthgroup IPsec VPN Xauth user group name string 128

xauthuser IPsec VPN Xauth user name string 256

FortiOS 6.4.7 Log Reference 664


Fortinet, Inc.
Log Messages

37133 - MESGID_INSTALL_SA

Message ID: 37133


Message Description: MESGID_INSTALL_SA
Message Meaning: IPsec SA installed
Type: Event
Category: VPN
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

assignip IPsec VPN tunnel assigned IP address ip 39

cookies Cookie string 64

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

group User group Name string 64

in_spi SPI for incoming traffic string 16

level Log Level string 11

locip IPsec VPN local gateway IP address ip 39

locport Local Port uint16 5

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

outintf IPsec VPN binding interface string 32

out_spi Out SPI string 16

remip IPsec VPN remote gateway IP address ip 39

remport Remote Port uint16 5

role IPsec peer role, initator or responder string 9

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

FortiOS 6.4.7 Log Reference 665


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

user User name of authenticated user string 256

useralt string 256

vd Virtual Domain Name string 32

vpntunnel IPsec VPN Tunnel Name string 128

xauthgroup IPsec VPN Xauth user group name string 128

xauthuser IPsec VPN Xauth user name string 256

37134 - MESGID_DELETE_P1_SA

Message ID: 37134


Message Description: MESGID_DELETE_P1_SA
Message Meaning: IPsec phase 1 SA deleted
Type: Event
Category: VPN
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

assignip IPsec VPN tunnel assigned IP address ip 39

cookies Cookie string 64

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

group User group Name string 64

level Log Level string 11

locip IPsec VPN local gateway IP address ip 39

locport Local Port uint16 5

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

outintf IPsec VPN binding interface string 32

remip IPsec VPN remote gateway IP address ip 39

FortiOS 6.4.7 Log Reference 666


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

remport Remote Port uint16 5

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

useralt string 256

vd Virtual Domain Name string 32

vpntunnel IPsec VPN Tunnel Name string 128

xauthgroup IPsec VPN Xauth user group name string 128

xauthuser IPsec VPN Xauth user name string 256

37135 - MESGID_DELETE_P2_SA

Message ID: 37135


Message Description: MESGID_DELETE_P2_SA
Message Meaning: IPsec phase 2 SA deleted
Type: Event
Category: VPN
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

assignip IPsec VPN tunnel assigned IP address ip 39

cookies Cookie string 64

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

group User group Name string 64

in_spi SPI for incoming traffic string 16

level Log Level string 11

locip IPsec VPN local gateway IP address ip 39

FortiOS 6.4.7 Log Reference 667


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

locport Local Port uint16 5

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

outintf IPsec VPN binding interface string 32

out_spi Out SPI string 16

remip IPsec VPN remote gateway IP address ip 39

remport Remote Port uint16 5

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

useralt string 256

vd Virtual Domain Name string 32

vpntunnel IPsec VPN Tunnel Name string 128

xauthgroup IPsec VPN Xauth user group name string 128

xauthuser IPsec VPN Xauth user name string 256

37136 - MESGID_DPD_FAILURE

Message ID: 37136


Message Description: MESGID_DPD_FAILURE
Message Meaning: IPsec DPD failed
Type: Event
Category: VPN
Severity: Error

Log Field Name Description Data Type Length

action Policy Action string 65

assignip IPsec VPN tunnel assigned IP address ip 39

cookies Cookie string 64

FortiOS 6.4.7 Log Reference 668


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

group User group Name string 64

level Log Level string 11

locip IPsec VPN local gateway IP address ip 39

locport Local Port uint16 5

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

outintf IPsec VPN binding interface string 32

remip IPsec VPN remote gateway IP address ip 39

remport Remote Port uint16 5

status Status string 23

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

useralt string 256

vd Virtual Domain Name string 32

vpntunnel IPsec VPN Tunnel Name string 128

xauthgroup IPsec VPN Xauth user group name string 128

xauthuser IPsec VPN Xauth user name string 256

37137 - MESGID_CONN_FAILURE

Message ID: 37137


Message Description: MESGID_CONN_FAILURE
Message Meaning: IPsec connection failed
Type: Event
Category: VPN
Severity: Error

FortiOS 6.4.7 Log Reference 669


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

action Policy Action string 65

assignip IPsec VPN tunnel assigned IP address ip 39

cookies Cookie string 64

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

group User group Name string 64

level Log Level string 11

locip IPsec VPN local gateway IP address ip 39

locport Local Port uint16 5

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

outintf IPsec VPN binding interface string 32

remip IPsec VPN remote gateway IP address ip 39

remport Remote Port uint16 5

status Status string 23

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

useralt string 256

vd Virtual Domain Name string 32

vpntunnel IPsec VPN Tunnel Name string 128

xauthgroup IPsec VPN Xauth user group name string 128

xauthuser IPsec VPN Xauth user name string 256

37138 - MESGID_CONN_UPDOWN

Message ID: 37138


Message Description: MESGID_CONN_UPDOWN

FortiOS 6.4.7 Log Reference 670


Fortinet, Inc.
Log Messages

Message Meaning: IPsec connection status changed


Type: Event
Category: VPN
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

assignip IPsec VPN tunnel assigned IP address ip 39

cookies Cookie string 64

date Date string 10

devid Device ID string 16

duration Duration uint32 10

eventtime Event time uint64 20

group User group Name string 64

level Log Level string 11

locip IPsec VPN local gateway IP address ip 39

locport Local Port uint16 5

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

nextstat Time interval in seconds for the next statistics uint32 10

outintf IPsec VPN binding interface string 32

rcvdbyte Received Bytes uint64 20

remip IPsec VPN remote gateway IP address ip 39

remport Remote Port uint16 5

sentbyte Bytes Sent uint64 20

subtype Log Subtype string 20

time Time string 8

tunnelid IPsec VPN tunnel ID uint32 10

tunnelip IPsec VPN tunnel IP address ip 39

tunneltype IPsec VPN tunnel type string 64

type Log Type string 16

tz Time zone string 5

FortiOS 6.4.7 Log Reference 671


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

user User name of authenticated user string 256

useralt string 256

vd Virtual Domain Name string 32

vpntunnel IPsec VPN Tunnel Name string 128

xauthgroup IPsec VPN Xauth user group name string 128

xauthuser IPsec VPN Xauth user name string 256

37139 - MESGID_P2_UPDOWN

Message ID: 37139


Message Description: MESGID_P2_UPDOWN
Message Meaning: IPsec phase 2 status changed
Type: Event
Category: VPN
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

assignip IPsec VPN tunnel assigned IP address ip 39

cookies Cookie string 64

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

group User group Name string 64

level Log Level string 11

locip IPsec VPN local gateway IP address ip 39

locport Local Port uint16 5

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

outintf IPsec VPN binding interface string 32

phase2_name Phase 2 Name string 128

FortiOS 6.4.7 Log Reference 672


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

remip IPsec VPN remote gateway IP address ip 39

remport Remote Port uint16 5

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

useralt string 256

vd Virtual Domain Name string 32

vpntunnel IPsec VPN Tunnel Name string 128

xauthgroup IPsec VPN Xauth user group name string 128

xauthuser IPsec VPN Xauth user name string 256

37141 - MESGID_CONN_STATS

Message ID: 37141


Message Description: MESGID_CONN_STATS
Message Meaning: IPsec tunnel statistics
Type: Event
Category: VPN
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

assignip IPsec VPN tunnel assigned IP address ip 39

cookies Cookie string 64

date Date string 10

devid Device ID string 16

duration Duration uint32 10

eventtime Event time uint64 20

group User group Name string 64

level Log Level string 11

FortiOS 6.4.7 Log Reference 673


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

locip IPsec VPN local gateway IP address ip 39

locport Local Port uint16 5

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

nextstat Time interval in seconds for the next statistics uint32 10

outintf IPsec VPN binding interface string 32

rcvdbyte Received Bytes uint64 20

remip IPsec VPN remote gateway IP address ip 39

remport Remote Port uint16 5

sentbyte Bytes Sent uint64 20

subtype Log Subtype string 20

time Time string 8

tunnelid IPsec VPN tunnel ID uint32 10

tunnelip IPsec VPN tunnel IP address ip 39

tunneltype IPsec VPN tunnel type string 64

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

useralt string 256

vd Virtual Domain Name string 32

vpntunnel IPsec VPN Tunnel Name string 128

xauthgroup IPsec VPN Xauth user group name string 128

xauthuser IPsec VPN Xauth user name string 256

37889 - MESGID_VC_DELETE

Message ID: 37889


Message Description: MESGID_VC_DELETE
Message Meaning: Virtual cluster deleted
Type: Event
Category: HA
Severity: Notice

FortiOS 6.4.7 Log Reference 674


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vcluster Virtual cluster uint32 10

vd Virtual Domain Name string 32

37890 - MESGID_VC_MOVE_VDOM

Message ID: 37890


Message Description: MESGID_VC_MOVE_VDOM
Message Meaning: Virtual cluster VDOM moved
Type: Event
Category: HA
Severity: Notice

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

from_vcluster Source virtual cluster number uint32 10

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

FortiOS 6.4.7 Log Reference 675


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

subtype Log Subtype string 20

time Time string 8

to_vcluster Destination virtual cluster number uint32 10

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

vdname Virtual Domain Name string 32

37891 - MESGID_VC_ADD_VDOM

Message ID: 37891


Message Description: MESGID_VC_ADD_VDOM
Message Meaning: Virtual cluster VDOM added
Type: Event
Category: HA
Severity: Notice

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

to_vcluster Destination virtual cluster number uint32 10

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

vdname Virtual Domain Name string 32

FortiOS 6.4.7 Log Reference 676


Fortinet, Inc.
Log Messages

37892 - MESGID_VC_MOVE_MEMB_STATE

Message ID: 37892


Message Description: MESGID_VC_MOVE_MEMB_STATE
Message Meaning: Virtual cluster member state moved
Type: Event
Category: HA
Severity: Notice

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vcluster_member Virtual cluster member uint32 10

vcluster_state Virtual cluster member state string 7

vd Virtual Domain Name string 32

37893 - MESGID_VC_DETECT_MEMB_DEAD

Message ID: 37893


Message Description: MESGID_VC_DETECT_MEMB_DEAD
Message Meaning: Virtual cluster member dead
Type: Event
Category: HA
Severity: Critical

Log Field Name Description Data Type Length

date Date string 10

FortiOS 6.4.7 Log Reference 677


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

devid Device ID string 16

eventtime Event time uint64 20

ha_group HA Group Number - can be 0 - 255 uint8 3

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

sn Serial Number string 64

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vcluster Virtual cluster uint32 10

vd Virtual Domain Name string 32

37894 - MESGID_VC_DETECT_MEMB_JOIN

Message ID: 37894


Message Description: MESGID_VC_DETECT_MEMB_JOIN
Message Meaning: Virtual cluster member joined
Type: Event
Category: HA
Severity: Critical

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

ha_group HA Group Number - can be 0 - 255 uint8 3

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

FortiOS 6.4.7 Log Reference 678


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

msg Log Message string 4096

sn Serial Number string 64

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vcluster Virtual cluster uint32 10

vd Virtual Domain Name string 32

37895 - MESGID_VC_ADD_HADEV

Message ID: 37895


Message Description: MESGID_VC_ADD_HADEV
Message Meaning: Virtual cluster added HA device interface
Type: Event
Category: HA
Severity: Notice

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

devintfname HA device interface name string 32

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vcluster Virtual cluster uint32 10

vd Virtual Domain Name string 32

FortiOS 6.4.7 Log Reference 679


Fortinet, Inc.
Log Messages

37896 - MESGID_VC_DEL_HADEV

Message ID: 37896


Message Description: MESGID_VC_DEL_HADEV
Message Meaning: Virtual cluster deleted HA device interface
Type: Event
Category: HA
Severity: Notice

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

devintfname HA device interface name string 32

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vcluster Virtual cluster uint32 10

vd Virtual Domain Name string 32

37897 - MESGID_HADEV_READY

Message ID: 37897


Message Description: MESGID_HADEV_READY
Message Meaning: HA device interface ready
Type: Event
Category: HA
Severity: Notice

FortiOS 6.4.7 Log Reference 680


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

devintfname HA device interface name string 32

eventtime Event time uint64 20

ha_role The HA role in the cluster string 9

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

37898 - MESGID_HADEV_FAIL

Message ID: 37898


Message Description: MESGID_HADEV_FAIL
Message Meaning: HA device interface failed
Type: Event
Category: HA
Severity: Warning

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

devintfname HA device interface name string 32

eventtime Event time uint64 20

ha_role The HA role in the cluster string 9

level Log Level string 11

logdesc Log Description string 4096

FortiOS 6.4.7 Log Reference 681


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

37899 - MESGID_HADEV_PEERINFO

Message ID: 37899


Message Description: MESGID_HADEV_PEERINFO
Message Meaning: HA device interface peer information
Type: Event
Category: HA
Severity: Notice

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

devintfname HA device interface name string 32

eventtime Event time uint64 20

ha_role The HA role in the cluster string 9

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

FortiOS 6.4.7 Log Reference 682


Fortinet, Inc.
Log Messages

37900 - MESGID_HBDEV_DELETE

Message ID: 37900


Message Description: MESGID_HBDEV_DELETE
Message Meaning: Heartbeat device interface deleted
Type: Event
Category: HA
Severity: Notice

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

devintfname HA device interface name string 32

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

37901 - MESGID_HBDEV_DOWN

Message ID: 37901


Message Description: MESGID_HBDEV_DOWN
Message Meaning: Heartbeat device interface down
Type: Event
Category: HA
Severity: Critical

Log Field Name Description Data Type Length

date Date string 10

FortiOS 6.4.7 Log Reference 683


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

devid Device ID string 16

devintfname HA device interface name string 32

eventtime Event time uint64 20

ha_role The HA role in the cluster string 9

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

37902 - MESGID_HBDEV_UP

Message ID: 37902


Message Description: MESGID_HBDEV_UP
Message Meaning: Heartbeat device interface up
Type: Event
Category: HA
Severity: Information

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

devintfname HA device interface name string 32

eventtime Event time uint64 20

ha_role The HA role in the cluster string 9

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

FortiOS 6.4.7 Log Reference 684


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

37903 - MESGID_SYNC_STATUS

Message ID: 37903


Message Description: MESGID_SYNC_STATUS
Message Meaning: Synchronization status with primary
Type: Event
Category: HA
Severity: Information

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

sync_status The sync status with the primary string 11

sync_type The sync type with the primary string 14

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

FortiOS 6.4.7 Log Reference 685


Fortinet, Inc.
Log Messages

37904 - MESGID_HA_ACTIVITY

Message ID: 37904


Message Description: MESGID_HA_ACTIVITY
Message Meaning: Device set as HA primary
Type: Event
Category: HA
Severity: Notice, Information

Log Field Name Description Data Type Length

activity HA activity message string 128

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

ha-prio HA Priority uint8 3

ip ip 39

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

37907 - MESGID_VLAN_HB_UP

Message ID: 37907


Message Description: MESGID_VLAN_HB_UP
Message Meaning: VLAN heartbeat started
Type: Event
Category: HA
Severity: Information

FortiOS 6.4.7 Log Reference 686


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

37908 - MESGID_VLAN_HB_DOWN

Message ID: 37908


Message Description: MESGID_VLAN_HB_DOWN
Message Meaning: VLAN heartbeat lost
Type: Event
Category: HA
Severity: Error

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

FortiOS 6.4.7 Log Reference 687


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

37909 - MESGID_VLAN_HB_DOWN_SUM

Message ID: 37909


Message Description: MESGID_VLAN_HB_DOWN_SUM
Message Meaning: VLAN heartbeat lost summary
Type: Event
Category: HA
Severity: Error

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

37910 - MESGID_HB_PACKET_LOST

Message ID: 37910


Message Description: MESGID_HB_PACKET_LOST
Message Meaning: Heartbeat packet lost
Type: Event
Category: HA

FortiOS 6.4.7 Log Reference 688


Fortinet, Inc.
Log Messages

Severity: Critical

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

devintfname HA device interface name string 32

eventtime Event time uint64 20

ha_role The HA role in the cluster string 9

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

38010 - LOG_ID_FIPS_ENCRY_FAIL

Message ID: 38010


Message Description: LOG_ID_FIPS_ENCRY_FAIL
Message Meaning: FIPS CC encryption failed
Type: Event
Category: USER
Severity: Alert

Log Field Name Description Data Type Length

action Policy Action string 65

authproto The protocol that initiated the authentication string 512

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

FortiOS 6.4.7 Log Reference 689


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

status Status string 23

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

vd Virtual Domain Name string 32

38011 - LOG_ID_FIPS_DECRY_FAIL

Message ID: 38011


Message Description: LOG_ID_FIPS_DECRY_FAIL
Message Meaning: FIPS CC decryption failed
Type: Event
Category: USER
Severity: Alert

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

status Status string 23

subtype Log Subtype string 20

time Time string 8

FortiOS 6.4.7 Log Reference 690


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

type Log Type string 16

tz Time zone string 5

ui User Interface string 64

user User name of authenticated user string 256

vd Virtual Domain Name string 32

38012 - LOG_ID_ENTROPY_TOKEN

Message ID: 38012


Message Description: LOG_ID_ENTROPY_TOKEN
Message Meaning: Seeding from entropy source
Type: Event
Category: USER
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

vd Virtual Domain Name string 32

38031 - LOG_ID_FSSO_LOGON

Message ID: 38031

FortiOS 6.4.7 Log Reference 691


Fortinet, Inc.
Log Messages

Message Description: LOG_ID_FSSO_LOGON


Message Meaning: FSSO logon successful
Type: Event
Category: USER
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

reason Reason string 256

server AD server FQDN or IP string 64

srcip Source IP ip 39

status Status string 23

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

vd Virtual Domain Name string 32

38032 - LOG_ID_FSSO_LOGOFF

Message ID: 38032


Message Description: LOG_ID_FSSO_LOGOFF
Message Meaning: FSSO logout successful
Type: Event
Category: USER
Severity: Notice

FortiOS 6.4.7 Log Reference 692


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

reason Reason string 256

server AD server FQDN or IP string 64

srcip Source IP ip 39

status Status string 23

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

vd Virtual Domain Name string 32

38033 - LOG_ID_FSSO_SVR_STATUS

Message ID: 38033


Message Description: LOG_ID_FSSO_SVR_STATUS
Message Meaning: FSSO Active Directory server authentication status
Type: Event
Category: USER
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

FortiOS 6.4.7 Log Reference 693


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

server AD server FQDN or IP string 64

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

vd Virtual Domain Name string 32

38403 - LOGID_EVENT_NOTIF_INSUFFICIENT_RESOURCE

Message ID: 38403


Message Description: LOGID_EVENT_NOTIF_INSUFFICIENT_RESOURCE
Message Meaning: Insufficient system resource notification
Type: Event
Category: SYSTEM
Severity: Critical

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

FortiOS 6.4.7 Log Reference 694


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

38404 - LOGID_EVENT_NOTIF_HOSTNAME_ERROR

Message ID: 38404


Message Description: LOGID_EVENT_NOTIF_HOSTNAME_ERROR
Message Meaning: FortiGuard hostname unresolvable
Type: Event
Category: SYSTEM
Severity: Error

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

hostname Hostname string 128

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

38405 - LOGID_NOTIF_CODE_SENDTO_SMS_PHONE

Message ID: 38405


Message Description: LOGID_NOTIF_CODE_SENDTO_SMS_PHONE
Message Meaning: Guest user account login information sent to phone
Type: Event

FortiOS 6.4.7 Log Reference 695


Fortinet, Inc.
Log Messages

Category: SYSTEM
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

vd Virtual Domain Name string 32

38406 - LOGID_NOTIF_CODE_SENDTO_SMS_TO

Message ID: 38406


Message Description: LOGID_NOTIF_CODE_SENDTO_SMS_TO
Message Meaning: Guest user account login information sent as SMS
Type: Event
Category: SYSTEM
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

FortiOS 6.4.7 Log Reference 696


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

vd Virtual Domain Name string 32

38407 - LOGID_NOTIF_CODE_SENDTO_EMAIL

Message ID: 38407


Message Description: LOGID_NOTIF_CODE_SENDTO_EMAIL
Message Meaning: Guest user account login information sent to email
Type: Event
Category: SYSTEM
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

vd Virtual Domain Name string 32

FortiOS 6.4.7 Log Reference 697


Fortinet, Inc.
Log Messages

38408 - LOGID_EVENT_OFTP_SSL_CONNECTED

Message ID: 38408


Message Description: LOGID_EVENT_OFTP_SSL_CONNECTED
Message Meaning: SSL connection established
Type: Event
Category: SYSTEM
Severity: Information

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

dstip Destination IP ip 39

dstport Destination Protocol Port uint16 5

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

status Status string 23

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

38409 - LOGID_EVENT_OFTP_SSL_DISCONNECTED

Message ID: 38409


Message Description: LOGID_EVENT_OFTP_SSL_DISCONNECTED
Message Meaning: SSL connection closed
Type: Event
Category: SYSTEM
Severity: Information

FortiOS 6.4.7 Log Reference 698


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

dstip Destination IP ip 39

dstport Destination Protocol Port uint16 5

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

status Status string 23

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

38410 - LOGID_EVENT_OFTP_SSL_FAILED

Message ID: 38410


Message Description: LOGID_EVENT_OFTP_SSL_FAILED
Message Meaning: SSL connection failed
Type: Event
Category: SYSTEM
Severity: Information

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

dstip Destination IP ip 39

dstport Destination Protocol Port uint16 5

FortiOS 6.4.7 Log Reference 699


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

reason Reason string 256

status Status string 23

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

38411 - LOGID_EVENT_TWO_F_AUTH_CODE_SENDTO

Message ID: 38411


Message Description: LOGID_EVENT_TWO_F_AUTH_CODE_SENDTO
Message Meaning: Two-factor authentication code sent
Type: Event
Category: SYSTEM
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

FortiOS 6.4.7 Log Reference 700


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

time Time string 8

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

vd Virtual Domain Name string 32

38412 - LOGID_EVENT_TOKEN_CODE_SENDTO

Message ID: 38412


Message Description: LOGID_EVENT_TOKEN_CODE_SENDTO
Message Meaning: Token activation code sent
Type: Event
Category: SYSTEM
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

vd Virtual Domain Name string 32

38656 - LOGID_EVENT_RAD_RPT_PROTO_ERROR

Message ID: 38656

FortiOS 6.4.7 Log Reference 701


Fortinet, Inc.
Log Messages

Message Description: LOGID_EVENT_RAD_RPT_PROTO_ERROR


Message Meaning: RADIUS protocol error summary
Type: Event
Category: USER
Severity: Notice

Log Field Name Description Data Type Length

count Number of Packets uint32 10

date Date string 10

devid Device ID string 16

duration Duration uint32 10

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

38657 - LOGID_EVENT_RAD_RPT_PROF_NOT_FOUND

Message ID: 38657


Message Description: LOGID_EVENT_RAD_RPT_PROF_NOT_FOUND
Message Meaning: RADIUS profile not found summary
Type: Event
Category: USER
Severity: Notice

Log Field Name Description Data Type Length

count Number of Packets uint32 10

date Date string 10

FortiOS 6.4.7 Log Reference 702


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

devid Device ID string 16

duration Duration uint32 10

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

38658 - LOGID_EVENT_RAD_RPT_CTX_NOT_FOUND

Message ID: 38658


Message Description: LOGID_EVENT_RAD_RPT_CTX_NOT_FOUND
Message Meaning: RADIUS profile CTX not found summary
Type: Event
Category: USER
Severity: Notice

Log Field Name Description Data Type Length

count Number of Packets uint32 10

date Date string 10

devid Device ID string 16

duration Duration uint32 10

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

FortiOS 6.4.7 Log Reference 703


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

38659 - LOGID_EVENT_RAD_RPT_ACCT_STOP_MISSED

Message ID: 38659


Message Description: LOGID_EVENT_RAD_RPT_ACCT_STOP_MISSED
Message Meaning: RADIUS accounting stop message missing summary
Type: Event
Category: USER
Severity: Notice

Log Field Name Description Data Type Length

count Number of Packets uint32 10

date Date string 10

devid Device ID string 16

duration Duration uint32 10

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

38660 - LOGID_EVENT_RAD_RPT_ACCT_EVENT

Message ID: 38660

FortiOS 6.4.7 Log Reference 704


Fortinet, Inc.
Log Messages

Message Description: LOGID_EVENT_RAD_RPT_ACCT_EVENT


Message Meaning: RADIUS accounting event summary
Type: Event
Category: USER
Severity: Notice

Log Field Name Description Data Type Length

count Number of Packets uint32 10

date Date string 10

devid Device ID string 16

duration Duration uint32 10

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

38661 - LOGID_EVENT_RAD_RPT_OTHER

Message ID: 38661


Message Description: LOGID_EVENT_RAD_RPT_OTHER
Message Meaning: RADIUS endpoint block event or other event summary
Type: Event
Category: USER
Severity: Notice

Log Field Name Description Data Type Length

count Number of Packets uint32 10

date Date string 10

FortiOS 6.4.7 Log Reference 705


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

devid Device ID string 16

duration Duration uint32 10

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

38662 - LOGID_EVENT_RAD_STAT_PROTO_ERROR

Message ID: 38662


Message Description: LOGID_EVENT_RAD_STAT_PROTO_ERROR
Message Meaning: RADIUS accounting protocol error
Type: Event
Category: USER
Severity: Notice

Log Field Name Description Data Type Length

acct_stat Accounting state (RADIUS) string 14

carrier_ep The FortiOS Carrier end-point identification string 64

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

FortiOS 6.4.7 Log Reference 706


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

reason Reason string 256

rsso_key RADIUS SSO attribute value string 64

srcip Source IP ip 39

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

38663 - LOGID_EVENT_RAD_STAT_PROF_NOT_FOUND

Message ID: 38663


Message Description: LOGID_EVENT_RAD_STAT_PROF_NOT_FOUND
Message Meaning: RADIUS accounting profile not found
Type: Event
Category: USER
Severity: Notice

Log Field Name Description Data Type Length

acct_stat Accounting state (RADIUS) string 14

carrier_ep The FortiOS Carrier end-point identification string 64

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

reason Reason string 256

rsso_key RADIUS SSO attribute value string 64

srcip Source IP ip 39

subtype Log Subtype string 20

FortiOS 6.4.7 Log Reference 707


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

38665 - LOGID_EVENT_RAD_STAT_ACCT_STOP_MISSED

Message ID: 38665


Message Description: LOGID_EVENT_RAD_STAT_ACCT_STOP_MISSED
Message Meaning: RADIUS accounting stop message missing
Type: Event
Category: USER
Severity: Notice

Log Field Name Description Data Type Length

acct_stat Accounting state (RADIUS) string 14

carrier_ep The FortiOS Carrier end-point identification string 64

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

reason Reason string 256

rsso_key RADIUS SSO attribute value string 64

srcip Source IP ip 39

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

FortiOS 6.4.7 Log Reference 708


Fortinet, Inc.
Log Messages

38666 - LOGID_EVENT_RAD_STAT_ACCT_EVENT

Message ID: 38666


Message Description: LOGID_EVENT_RAD_STAT_ACCT_EVENT
Message Meaning: RADIUS accounting event
Type: Event
Category: USER
Severity: Notice

Log Field Name Description Data Type Length

acct_stat Accounting state (RADIUS) string 14

carrier_ep The FortiOS Carrier end-point identification string 64

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

rsso_key RADIUS SSO attribute value string 64

srcip Source IP ip 39

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

38667 - LOGID_EVENT_RAD_STAT_OTHER

Message ID: 38667


Message Description: LOGID_EVENT_RAD_STAT_OTHER
Message Meaning: RADIUS other accounting event
Type: Event
Category: USER
Severity: Notice

FortiOS 6.4.7 Log Reference 709


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

acct_stat Accounting state (RADIUS) string 14

carrier_ep The FortiOS Carrier end-point identification string 64

count Number of Packets uint32 10

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

reason Reason string 256

rsso_key RADIUS SSO attribute value string 64

srcip Source IP ip 39

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

38668 - LOGID_EVENT_RAD_STAT_EP_BLK

Message ID: 38668


Message Description: LOGID_EVENT_RAD_STAT_EP_BLK
Message Meaning: RADIUS endpoint block event
Type: Event
Category: USER
Severity: Notice

Log Field Name Description Data Type Length

acct_stat Accounting state (RADIUS) string 14

carrier_ep The FortiOS Carrier end-point identification string 64

date Date string 10

FortiOS 6.4.7 Log Reference 710


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

reason Reason string 256

rsso_key RADIUS SSO attribute value string 64

srcip Source IP ip 39

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

39424 - LOG_ID_EVENT_SSL_VPN_USER_TUNNEL_UP

Message ID: 39424


Message Description: LOG_ID_EVENT_SSL_VPN_USER_TUNNEL_UP
Message Meaning: SSL VPN tunnel up
Type: Event
Category: VPN
Severity: Information

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

dst_host Destination Host string 64

eventtime Event time uint64 20

group User group Name string 64

level Log Level string 11

FortiOS 6.4.7 Log Reference 711


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

reason Reason string 256

remip IPsec VPN remote gateway IP address ip 39

subtype Log Subtype string 20

time Time string 8

tunnelid IPsec VPN tunnel ID uint32 10

tunneltype IPsec VPN tunnel type string 64

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

vd Virtual Domain Name string 32

39425 - LOG_ID_EVENT_SSL_VPN_USER_TUNNEL_DOWN

Message ID: 39425


Message Description: LOG_ID_EVENT_SSL_VPN_USER_TUNNEL_DOWN
Message Meaning: SSL VPN tunnel down
Type: Event
Category: VPN
Severity: Information

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

dst_host Destination Host string 64

duration Duration uint32 10

eventtime Event time uint64 20

group User group Name string 64

level Log Level string 11

FortiOS 6.4.7 Log Reference 712


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

rcvdbyte Received Bytes uint64 20

reason Reason string 256

remip IPsec VPN remote gateway IP address ip 39

sentbyte Bytes Sent uint64 20

subtype Log Subtype string 20

time Time string 8

tunnelid IPsec VPN tunnel ID uint32 10

tunneltype IPsec VPN tunnel type string 64

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

vd Virtual Domain Name string 32

39426 - LOG_ID_EVENT_SSL_VPN_USER_SSL_LOGIN_FAIL

Message ID: 39426


Message Description: LOG_ID_EVENT_SSL_VPN_USER_SSL_LOGIN_FAIL
Message Meaning: SSL VPN login fail
Type: Event
Category: VPN
Severity: Alert

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

dst_host Destination Host string 64

eventtime Event time uint64 20

group User group Name string 64

FortiOS 6.4.7 Log Reference 713


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

reason Reason string 256

remip IPsec VPN remote gateway IP address ip 39

subtype Log Subtype string 20

time Time string 8

tunnelid IPsec VPN tunnel ID uint32 10

tunneltype IPsec VPN tunnel type string 64

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

vd Virtual Domain Name string 32

39936 - LOG_ID_EVENT_SSL_VPN_SESSION_WEB_TUNNEL_STATS

Message ID: 39936


Message Description: LOG_ID_EVENT_SSL_VPN_SESSION_WEB_TUNNEL_STATS
Message Meaning: SSL VPN statistics
Type: Event
Category: VPN
Severity: Information

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

dst_host Destination Host string 64

duration Duration uint32 10

eventtime Event time uint64 20

group User group Name string 64

FortiOS 6.4.7 Log Reference 714


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

nextstat Time interval in seconds for the next statistics uint32 10

rcvdbyte Received Bytes uint64 20

remip IPsec VPN remote gateway IP address ip 39

sentbyte Bytes Sent uint64 20

subtype Log Subtype string 20

time Time string 8

tunnelid IPsec VPN tunnel ID uint32 10

tunneltype IPsec VPN tunnel type string 64

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

vd Virtual Domain Name string 32

39937 - LOG_ID_EVENT_SSL_VPN_SESSION_WEBAPP_DENY

Message ID: 39937


Message Description: LOG_ID_EVENT_SSL_VPN_SESSION_WEBAPP_DENY
Message Meaning: SSL VPN deny
Type: Event
Category: VPN
Severity: Warning

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

dst_host Destination Host string 64

eventtime Event time uint64 20

FortiOS 6.4.7 Log Reference 715


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

group User group Name string 64

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

reason Reason string 256

remip IPsec VPN remote gateway IP address ip 39

subtype Log Subtype string 20

time Time string 8

tunnelid IPsec VPN tunnel ID uint32 10

tunneltype IPsec VPN tunnel type string 64

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

vd Virtual Domain Name string 32

39938 - LOG_ID_EVENT_SSL_VPN_SESSION_WEBAPP_PASS

Message ID: 39938


Message Description: LOG_ID_EVENT_SSL_VPN_SESSION_WEBAPP_PASS
Message Meaning: SSL VPN pass
Type: Event
Category: VPN
Severity: Warning

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

dst_host Destination Host string 64

eventtime Event time uint64 20

group User group Name string 64

FortiOS 6.4.7 Log Reference 716


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

reason Reason string 256

remip IPsec VPN remote gateway IP address ip 39

subtype Log Subtype string 20

time Time string 8

tunnelid IPsec VPN tunnel ID uint32 10

tunneltype IPsec VPN tunnel type string 64

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

vd Virtual Domain Name string 32

39939 - LOG_ID_EVENT_SSL_VPN_SESSION_WEBAPP_TIMEOUT

Message ID: 39939


Message Description: LOG_ID_EVENT_SSL_VPN_SESSION_WEBAPP_TIMEOUT
Message Meaning: SSL VPN timeout
Type: Event
Category: VPN
Severity: Information

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

dst_host Destination Host string 64

eventtime Event time uint64 20

group User group Name string 64

level Log Level string 11

FortiOS 6.4.7 Log Reference 717


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

reason Reason string 256

remip IPsec VPN remote gateway IP address ip 39

subtype Log Subtype string 20

time Time string 8

tunnelid IPsec VPN tunnel ID uint32 10

tunneltype IPsec VPN tunnel type string 64

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

vd Virtual Domain Name string 32

39940 - LOG_ID_EVENT_SSL_VPN_SESSION_WEBAPP_CLOSE

Message ID: 39940


Message Description: LOG_ID_EVENT_SSL_VPN_SESSION_WEBAPP_CLOSE
Message Meaning: SSL VPN close
Type: Event
Category: VPN
Severity: Information

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

dst_host Destination Host string 64

eventtime Event time uint64 20

group User group Name string 64

level Log Level string 11

logdesc Log Description string 4096

FortiOS 6.4.7 Log Reference 718


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

logid Log ID string 10

msg Log Message string 4096

reason Reason string 256

remip IPsec VPN remote gateway IP address ip 39

subtype Log Subtype string 20

time Time string 8

tunnelid IPsec VPN tunnel ID uint32 10

tunneltype IPsec VPN tunnel type string 64

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

vd Virtual Domain Name string 32

39941 - LOG_ID_EVENT_SSL_VPN_SESSION_SYS_BUSY

Message ID: 39941


Message Description: LOG_ID_EVENT_SSL_VPN_SESSION_SYS_BUSY
Message Meaning: SSL VPN system busy
Type: Event
Category: VPN
Severity: Information

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

dst_host Destination Host string 64

eventtime Event time uint64 20

group User group Name string 64

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

FortiOS 6.4.7 Log Reference 719


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

msg Log Message string 4096

reason Reason string 256

remip IPsec VPN remote gateway IP address ip 39

subtype Log Subtype string 20

time Time string 8

tunnelid IPsec VPN tunnel ID uint32 10

tunneltype IPsec VPN tunnel type string 64

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

vd Virtual Domain Name string 32

39942 - LOG_ID_EVENT_SSL_VPN_SESSION_CERT_OK

Message ID: 39942


Message Description: LOG_ID_EVENT_SSL_VPN_SESSION_CERT_OK
Message Meaning: SSL VPN certificate OK
Type: Event
Category: VPN
Severity: Information

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

dst_host Destination Host string 64

eventtime Event time uint64 20

group User group Name string 64

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

FortiOS 6.4.7 Log Reference 720


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

reason Reason string 256

remip IPsec VPN remote gateway IP address ip 39

subtype Log Subtype string 20

time Time string 8

tunnelid IPsec VPN tunnel ID uint32 10

tunneltype IPsec VPN tunnel type string 64

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

vd Virtual Domain Name string 32

39943 - LOG_ID_EVENT_SSL_VPN_SESSION_NEW_CON

Message ID: 39943


Message Description: LOG_ID_EVENT_SSL_VPN_SESSION_NEW_CON
Message Meaning: SSL VPN new connection
Type: Event
Category: VPN
Severity: Information

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

dst_host Destination Host string 64

eventtime Event time uint64 20

group User group Name string 64

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

reason Reason string 256

FortiOS 6.4.7 Log Reference 721


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

remip IPsec VPN remote gateway IP address ip 39

subtype Log Subtype string 20

time Time string 8

tunnelid IPsec VPN tunnel ID uint32 10

tunneltype IPsec VPN tunnel type string 64

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

vd Virtual Domain Name string 32

39944 - LOG_ID_EVENT_SSL_VPN_SESSION_ALERT

Message ID: 39944


Message Description: LOG_ID_EVENT_SSL_VPN_SESSION_ALERT
Message Meaning: SSL VPN alert
Type: Event
Category: VPN
Severity: Error

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

desc Description string 128

devid Device ID string 16

dst_host Destination Host string 64

eventtime Event time uint64 20

group User group Name string 64

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

reason Reason string 256

FortiOS 6.4.7 Log Reference 722


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

remip IPsec VPN remote gateway IP address ip 39

subtype Log Subtype string 20

time Time string 8

tunnelid IPsec VPN tunnel ID uint32 10

tunneltype IPsec VPN tunnel type string 64

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

vd Virtual Domain Name string 32

39945 - LOG_ID_EVENT_SSL_VPN_SESSION_EXIT_FAIL

Message ID: 39945


Message Description: LOG_ID_EVENT_SSL_VPN_SESSION_EXIT_FAIL
Message Meaning: SSL VPN exit fail
Type: Event
Category: VPN
Severity: Error

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

dst_host Destination Host string 64

eventtime Event time uint64 20

group User group Name string 64

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

reason Reason string 256

remip IPsec VPN remote gateway IP address ip 39

FortiOS 6.4.7 Log Reference 723


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

subtype Log Subtype string 20

time Time string 8

tunnelid IPsec VPN tunnel ID uint32 10

tunneltype IPsec VPN tunnel type string 64

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

vd Virtual Domain Name string 32

39946 - LOG_ID_EVENT_SSL_VPN_SESSION_EXIT_ERR

Message ID: 39946


Message Description: LOG_ID_EVENT_SSL_VPN_SESSION_EXIT_ERR
Message Meaning: SSL VPN exit error
Type: Event
Category: VPN
Severity: Error

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

dst_host Destination Host string 64

eventtime Event time uint64 20

group User group Name string 64

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

reason Reason string 256

remip IPsec VPN remote gateway IP address ip 39

subtype Log Subtype string 20

FortiOS 6.4.7 Log Reference 724


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

time Time string 8

tunnelid IPsec VPN tunnel ID uint32 10

tunneltype IPsec VPN tunnel type string 64

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

vd Virtual Domain Name string 32

39947 - LOG_ID_EVENT_SSL_VPN_SESSION_TUNNEL_UP

Message ID: 39947


Message Description: LOG_ID_EVENT_SSL_VPN_SESSION_TUNNEL_UP
Message Meaning: SSL VPN tunnel up
Type: Event
Category: VPN
Severity: Information

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

dst_host Destination Host string 64

eventtime Event time uint64 20

group User group Name string 64

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

reason Reason string 256

remip IPsec VPN remote gateway IP address ip 39

subtype Log Subtype string 20

time Time string 8

FortiOS 6.4.7 Log Reference 725


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

tunnelid IPsec VPN tunnel ID uint32 10

tunneltype IPsec VPN tunnel type string 64

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

vd Virtual Domain Name string 32

39948 - LOG_ID_EVENT_SSL_VPN_SESSION_TUNNEL_DOWN

Message ID: 39948


Message Description: LOG_ID_EVENT_SSL_VPN_SESSION_TUNNEL_DOWN
Message Meaning: SSL VPN tunnel down
Type: Event
Category: VPN
Severity: Information

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

dst_host Destination Host string 64

duration Duration uint32 10

eventtime Event time uint64 20

group User group Name string 64

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

rcvdbyte Received Bytes uint64 20

reason Reason string 256

remip IPsec VPN remote gateway IP address ip 39

sentbyte Bytes Sent uint64 20

FortiOS 6.4.7 Log Reference 726


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

subtype Log Subtype string 20

time Time string 8

tunnelid IPsec VPN tunnel ID uint32 10

tunneltype IPsec VPN tunnel type string 64

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

vd Virtual Domain Name string 32

39949 - LOG_ID_EVENT_SSL_VPN_SESSION_TUNNEL_STATS

Message ID: 39949


Message Description: LOG_ID_EVENT_SSL_VPN_SESSION_TUNNEL_STATS
Message Meaning: SSL VPN statistics
Type: Event
Category: VPN
Severity: Information

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

dst_host Destination Host string 64

duration Duration uint32 10

eventtime Event time uint64 20

group User group Name string 64

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

nextstat Time interval in seconds for the next statistics uint32 10

rcvdbyte Received Bytes uint64 20

FortiOS 6.4.7 Log Reference 727


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

remip IPsec VPN remote gateway IP address ip 39

sentbyte Bytes Sent uint64 20

subtype Log Subtype string 20

time Time string 8

tunnelid IPsec VPN tunnel ID uint32 10

tunneltype IPsec VPN tunnel type string 64

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

vd Virtual Domain Name string 32

39950 - LOG_ID_EVENT_SSL_VPN_SESSION_TUNNEL_UNKNOWNTAG

Message ID: 39950


Message Description: LOG_ID_EVENT_SSL_VPN_SESSION_TUNNEL_UNKNOWNTAG
Message Meaning: SSL VPN unknown tag
Type: Event
Category: VPN
Severity: Information

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

dst_host Destination Host string 64

eventtime Event time uint64 20

group User group Name string 64

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

reason Reason string 256

FortiOS 6.4.7 Log Reference 728


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

remip IPsec VPN remote gateway IP address ip 39

subtype Log Subtype string 20

time Time string 8

tunnelid IPsec VPN tunnel ID uint32 10

tunneltype IPsec VPN tunnel type string 64

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

vd Virtual Domain Name string 32

39951 - LOG_ID_EVENT_SSL_VPN_SESSION_TUNNEL_ERROR

Message ID: 39951


Message Description: LOG_ID_EVENT_SSL_VPN_SESSION_TUNNEL_ERROR
Message Meaning: SSL VPN tunnel error
Type: Event
Category: VPN
Severity: Error

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

dst_host Destination Host string 64

eventtime Event time uint64 20

group User group Name string 64

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

reason Reason string 256

remip IPsec VPN remote gateway IP address ip 39

FortiOS 6.4.7 Log Reference 729


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

subtype Log Subtype string 20

time Time string 8

tunnelid IPsec VPN tunnel ID uint32 10

tunneltype IPsec VPN tunnel type string 64

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

vd Virtual Domain Name string 32

39952 - LOG_ID_EVENT_SSL_VPN_SESSION_ENTER_CONSERVE_MODE

Message ID: 39952


Message Description: LOG_ID_EVENT_SSL_VPN_SESSION_ENTER_CONSERVE_MODE
Message Meaning: SSL VPN enter conserve mode
Type: Event
Category: VPN
Severity: Information

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

dst_host Destination Host string 64

eventtime Event time uint64 20

group User group Name string 64

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

reason Reason string 256

remip IPsec VPN remote gateway IP address ip 39

subtype Log Subtype string 20

FortiOS 6.4.7 Log Reference 730


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

time Time string 8

tunnelid IPsec VPN tunnel ID uint32 10

tunneltype IPsec VPN tunnel type string 64

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

vd Virtual Domain Name string 32

39953 - LOG_ID_EVENT_SSL_VPN_SESSION_LEAVE_CONSERVE_MODE

Message ID: 39953


Message Description: LOG_ID_EVENT_SSL_VPN_SESSION_LEAVE_CONSERVE_MODE
Message Meaning: SSL VPN leave conserve mode
Type: Event
Category: VPN
Severity: Information

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

dst_host Destination Host string 64

eventtime Event time uint64 20

group User group Name string 64

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

reason Reason string 256

remip IPsec VPN remote gateway IP address ip 39

subtype Log Subtype string 20

time Time string 8

FortiOS 6.4.7 Log Reference 731


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

tunnelid IPsec VPN tunnel ID uint32 10

tunneltype IPsec VPN tunnel type string 64

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

vd Virtual Domain Name string 32

40001 - LOG_ID_PPTP_TUNNEL_UP

Message ID: 40001


Message Description: LOG_ID_PPTP_TUNNEL_UP
Message Meaning: PPTP tunnel up
Type: Event
Category: VPN
Severity: Information

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

group User group Name string 64

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

remip IPsec VPN remote gateway IP address ip 39

subtype Log Subtype string 20

time Time string 8

tunnelid IPsec VPN tunnel ID uint32 10

tunnelip IPsec VPN tunnel IP address ip 39

tunneltype IPsec VPN tunnel type string 64

FortiOS 6.4.7 Log Reference 732


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

vd Virtual Domain Name string 32

40002 - LOG_ID_PPTP_TUNNEL_DOWN

Message ID: 40002


Message Description: LOG_ID_PPTP_TUNNEL_DOWN
Message Meaning: PPTP tunnel down
Type: Event
Category: VPN
Severity: Information

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

group User group Name string 64

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

remip IPsec VPN remote gateway IP address ip 39

subtype Log Subtype string 20

time Time string 8

tunnelid IPsec VPN tunnel ID uint32 10

tunnelip IPsec VPN tunnel IP address ip 39

tunneltype IPsec VPN tunnel type string 64

type Log Type string 16

tz Time zone string 5

FortiOS 6.4.7 Log Reference 733


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

user User name of authenticated user string 256

vd Virtual Domain Name string 32

40003 - LOG_ID_PPTP_TUNNEL_STAT

Message ID: 40003


Message Description: LOG_ID_PPTP_TUNNEL_STAT
Message Meaning: PPTP tunnel status
Type: Event
Category: VPN
Severity: Information

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

group User group Name string 64

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

remip IPsec VPN remote gateway IP address ip 39

subtype Log Subtype string 20

time Time string 8

tunnelid IPsec VPN tunnel ID uint32 10

tunnelip IPsec VPN tunnel IP address ip 39

tunneltype IPsec VPN tunnel type string 64

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

vd Virtual Domain Name string 32

FortiOS 6.4.7 Log Reference 734


Fortinet, Inc.
Log Messages

40014 - LOG_ID_PPTP_REACH_MAX_CON

Message ID: 40014


Message Description: LOG_ID_PPTP_REACH_MAX_CON
Message Meaning: PPTP client connection limit reached
Type: Event
Category: VPN
Severity: Warning

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

status Status string 23

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

40017 - LOG_ID_L2TPD_CLIENT_CON_FAIL

Message ID: 40017


Message Description: LOG_ID_L2TPD_CLIENT_CON_FAIL
Message Meaning: L2TP client connection failed
Type: Event
Category: VPN
Severity: Warning

FortiOS 6.4.7 Log Reference 735


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

reason Reason string 256

status Status string 23

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

40019 - LOG_ID_L2TPD_CLIENT_DISCON

Message ID: 40019


Message Description: LOG_ID_L2TPD_CLIENT_DISCON
Message Meaning: L2TP client disconnected
Type: Event
Category: VPN
Severity: Information

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

FortiOS 6.4.7 Log Reference 736


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

logid Log ID string 10

msg Log Message string 4096

status Status string 23

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

40021 - LOG_ID_PPTP_NOT_CONIG

Message ID: 40021


Message Description: LOG_ID_PPTP_NOT_CONIG
Message Meaning: PPTP not configured in VDOM
Type: Event
Category: VPN
Severity: Debug

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

status Status string 23

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

FortiOS 6.4.7 Log Reference 737


Fortinet, Inc.
Log Messages

40022 - LOG_ID_PPTP_NO_IP_AVAIL

Message ID: 40022


Message Description: LOG_ID_PPTP_NO_IP_AVAIL
Message Meaning: PPTP IP addresses unavailable
Type: Event
Category: VPN
Severity: Warning

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

status Status string 23

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

40024 - LOG_ID_PPTP_OUT_MEM

Message ID: 40024


Message Description: LOG_ID_PPTP_OUT_MEM
Message Meaning: PPTP config list insufficient memory
Type: Event
Category: VPN
Severity: Warning

FortiOS 6.4.7 Log Reference 738


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

status Status string 23

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

40034 - LOG_ID_PPTP_START

Message ID: 40034


Message Description: LOG_ID_PPTP_START
Message Meaning: PPTP daemon started
Type: Event
Category: VPN
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

FortiOS 6.4.7 Log Reference 739


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

msg Log Message string 4096

status Status string 23

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

40035 - LOG_ID_PPTP_START_FAIL

Message ID: 40035


Message Description: LOG_ID_PPTP_START_FAIL
Message Meaning: PPTP daemon failed to start
Type: Event
Category: VPN
Severity: Error

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

reason Reason string 256

status Status string 23

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

FortiOS 6.4.7 Log Reference 740


Fortinet, Inc.
Log Messages

40036 - LOG_ID_PPTP_EXIT

Message ID: 40036


Message Description: LOG_ID_PPTP_EXIT
Message Meaning: PPTP daemon exited
Type: Event
Category: VPN
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

status Status string 23

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

40037 - LOG_ID_PPTPD_SVR_DISCON

Message ID: 40037


Message Description: LOG_ID_PPTPD_SVR_DISCON
Message Meaning: PPTP daemon disconnected
Type: Event
Category: VPN
Severity: Information

FortiOS 6.4.7 Log Reference 741


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

reason Reason string 256

status Status string 23

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

40038 - LOG_ID_PPTPD_CLIENT_CON

Message ID: 40038


Message Description: LOG_ID_PPTPD_CLIENT_CON
Message Meaning: PPTP client connected
Type: Event
Category: VPN
Severity: Information

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

FortiOS 6.4.7 Log Reference 742


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

logid Log ID string 10

msg Log Message string 4096

status Status string 23

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

40039 - LOG_ID_PPTPD_CLIENT_DISCON

Message ID: 40039


Message Description: LOG_ID_PPTPD_CLIENT_DISCON
Message Meaning: PPTP client disconnected
Type: Event
Category: VPN
Severity: Information

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

status Status string 23

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

FortiOS 6.4.7 Log Reference 743


Fortinet, Inc.
Log Messages

40101 - LOG_ID_L2TP_TUNNEL_UP

Message ID: 40101


Message Description: LOG_ID_L2TP_TUNNEL_UP
Message Meaning: L2TP tunnel up
Type: Event
Category: VPN
Severity: Information

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

group User group Name string 64

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

remip IPsec VPN remote gateway IP address ip 39

subtype Log Subtype string 20

time Time string 8

tunnelid IPsec VPN tunnel ID uint32 10

tunnelip IPsec VPN tunnel IP address ip 39

tunneltype IPsec VPN tunnel type string 64

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

vd Virtual Domain Name string 32

40102 - LOG_ID_L2TP_TUNNEL_DOWN

Message ID: 40102


Message Description: LOG_ID_L2TP_TUNNEL_DOWN
Message Meaning: L2TP tunnel down

FortiOS 6.4.7 Log Reference 744


Fortinet, Inc.
Log Messages

Type: Event
Category: VPN
Severity: Information

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

group User group Name string 64

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

remip IPsec VPN remote gateway IP address ip 39

subtype Log Subtype string 20

time Time string 8

tunnelid IPsec VPN tunnel ID uint32 10

tunnelip IPsec VPN tunnel IP address ip 39

tunneltype IPsec VPN tunnel type string 64

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

vd Virtual Domain Name string 32

40103 - LOG_ID_L2TP_TUNNEL_STAT

Message ID: 40103


Message Description: LOG_ID_L2TP_TUNNEL_STAT
Message Meaning: L2TP tunnel status
Type: Event
Category: VPN
Severity: Information

FortiOS 6.4.7 Log Reference 745


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

group User group Name string 64

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

remip IPsec VPN remote gateway IP address ip 39

subtype Log Subtype string 20

time Time string 8

tunnelid IPsec VPN tunnel ID uint32 10

tunnelip IPsec VPN tunnel IP address ip 39

tunneltype IPsec VPN tunnel type string 64

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

vd Virtual Domain Name string 32

40114 - LOG_ID_L2TPD_START

Message ID: 40114


Message Description: LOG_ID_L2TPD_START
Message Meaning: L2TP daemon started
Type: Event
Category: VPN
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

FortiOS 6.4.7 Log Reference 746


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

status Status string 23

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

40115 - LOG_ID_L2TPD_EXIT

Message ID: 40115


Message Description: LOG_ID_L2TPD_EXIT
Message Meaning: L2TP daemon exited
Type: Event
Category: VPN
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

status Status string 23

FortiOS 6.4.7 Log Reference 747


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

40118 - LOG_ID_L2TPD_CLIENT_CON

Message ID: 40118


Message Description: LOG_ID_L2TPD_CLIENT_CON
Message Meaning: L2TP client connected
Type: Event
Category: VPN
Severity: Information

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

status Status string 23

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

40704 - LOG_ID_EVENT_SYS_PERF

Message ID: 40704

FortiOS 6.4.7 Log Reference 748


Fortinet, Inc.
Log Messages

Message Description: LOG_ID_EVENT_SYS_PERF


Message Meaning: System performance statistics
Type: Event
Category: SYSTEM
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

bandwidth Bandwidth string 42

cpu CPU Usage uint8 3

date Date string 10

devid Device ID string 16

disk Disk Usage uint8 3

disklograte Disk Log Rate uint64 20

eventtime Event time uint64 20

fazlograte FortiAnalyzer Logging Rate uint64 20

freediskstorage uint32 10

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

mem Memory Usage uint8 3

msg Log Message string 4096

name Display Name of the Connection string 128

setuprate Session Setup Rate uint64 20

sn Serial Number string 64

subtype Log Subtype string 20

sysuptime uint32 10

time Time string 8

totalsession Total Number of Sessions uint32 10

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

vd Virtual Domain Name string 32

waninfo string 512

FortiOS 6.4.7 Log Reference 749


Fortinet, Inc.
Log Messages

40705 - LOG_ID_EVENT_SYS_CPU_USAGE

Message ID: 40705


Message Description: LOG_ID_EVENT_SYS_CPU_USAGE
Message Meaning: CPU usage statistics
Type: Event
Category: SYSTEM
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

cpu CPU Usage uint8 3

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

40706 - LOG_ID_EVENT_SYS_BROKEN_SYMBOLIC_LINK

Message ID: 40706


Message Description: LOG_ID_EVENT_SYS_BROKEN_SYMBOLIC_LINK
Message Meaning: Delete broken symbolic link
Type: Event
Category: SYSTEM
Severity: Information

FortiOS 6.4.7 Log Reference 750


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

40960 - LOGID_EVENT_WAD_WEBPROXY_FWD_SRV_ERROR

Message ID: 40960


Message Description: LOGID_EVENT_WAD_WEBPROXY_FWD_SRV_ERROR
Message Meaning: Web proxy forward server error
Type: Event
Category: WAD
Severity: Notice

Log Field Name Description Data Type Length

addr_type Address Type string 4

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

fqdn Fully Qualified Domain Name string 256

fwserver_name WAD forward server name string 32

ip ip 39

level Log Level string 11

logdesc Log Description string 4096

FortiOS 6.4.7 Log Reference 751


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

logid Log ID string 10

msg Log Message string 4096

port Port Number uint16 5

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

41000 - LOG_ID_UPD_FGT_SUCC

Message ID: 41000


Message Description: LOG_ID_UPD_FGT_SUCC
Message Meaning: FortiGate update succeeded
Type: Event
Category: SYSTEM
Severity: Notice

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

status Status string 23

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

FortiOS 6.4.7 Log Reference 752


Fortinet, Inc.
Log Messages

41001 - LOG_ID_UPD_FGT_FAIL

Message ID: 41001


Message Description: LOG_ID_UPD_FGT_FAIL
Message Meaning: FortiGate update failed
Type: Event
Category: SYSTEM
Severity: Critical

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

status Status string 23

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

41002 - LOG_ID_UPD_SRC_VIS

Message ID: 41002


Message Description: LOG_ID_UPD_SRC_VIS
Message Meaning: Source visibility signature package updated
Type: Event
Category: SYSTEM
Severity: Notice

Log Field Name Description Data Type Length

date Date string 10

FortiOS 6.4.7 Log Reference 753


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

status Status string 23

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

41006 - LOG_ID_UPD_FSA_VIRDB

Message ID: 41006


Message Description: LOG_ID_UPD_FSA_VIRDB
Message Meaning: FortiSandbox AV database updated
Type: Event
Category: SYSTEM
Severity: Notice

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

FortiOS 6.4.7 Log Reference 754


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

version Version string 64

41984 - LOG_ID_EVENT_VPN_CERT_LOAD

Message ID: 41984


Message Description: LOG_ID_EVENT_VPN_CERT_LOAD
Message Meaning: Certificate loaded
Type: Event
Category: VPN
Severity: Information

Log Field Name Description Data Type Length

action Policy Action string 65

cert-type Certification type string 6

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

name Display Name of the Connection string 128

status Status string 23

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

ui User Interface string 64

user User name of authenticated user string 256

vd Virtual Domain Name string 32

FortiOS 6.4.7 Log Reference 755


Fortinet, Inc.
Log Messages

41985 - LOG_ID_EVENT_VPN_CERT_REMOVAL

Message ID: 41985


Message Description: LOG_ID_EVENT_VPN_CERT_REMOVAL
Message Meaning: Certificate removed
Type: Event
Category: VPN
Severity: Information

Log Field Name Description Data Type Length

action Policy Action string 65

cert-type Certification type string 6

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

name Display Name of the Connection string 128

status Status string 23

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

ui User Interface string 64

user User name of authenticated user string 256

vd Virtual Domain Name string 32

41986 - LOG_ID_EVENT_VPN_CERT_REGEN

Message ID: 41986


Message Description: LOG_ID_EVENT_VPN_CERT_REGEN
Message Meaning: Certificate regenerated
Type: Event

FortiOS 6.4.7 Log Reference 756


Fortinet, Inc.
Log Messages

Category: VPN
Severity: Information

Log Field Name Description Data Type Length

action Policy Action string 65

cert-type Certification type string 6

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

name Display Name of the Connection string 128

status Status string 23

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

ui User Interface string 64

user User name of authenticated user string 256

vd Virtual Domain Name string 32

41987 - LOG_ID_EVENT_VPN_CERT_UPDATE

Message ID: 41987


Message Description: LOG_ID_EVENT_VPN_CERT_UPDATE
Message Meaning: Certificate updated
Type: Event
Category: VPN
Severity: Information

Log Field Name Description Data Type Length

action Policy Action string 65

cert-type Certification type string 6

FortiOS 6.4.7 Log Reference 757


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

method Method string 64

msg Log Message string 4096

name Display Name of the Connection string 128

reason Reason string 256

status Status string 23

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

41988 - LOG_ID_EVENT_SSL_VPN_SETTING_UPDATE

Message ID: 41988


Message Description: LOG_ID_EVENT_SSL_VPN_SETTING_UPDATE
Message Meaning: SSL setting changed
Type: Event
Category: VPN
Severity: Information

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

FortiOS 6.4.7 Log Reference 758


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

ui User Interface string 64

user User name of authenticated user string 256

vd Virtual Domain Name string 32

41989 - LOG_ID_EVENT_VPN_CERT_ERR

Message ID: 41989


Message Description: LOG_ID_EVENT_VPN_CERT_ERR
Message Meaning: Certificate error
Type: Event
Category: VPN
Severity: Information

Log Field Name Description Data Type Length

action Policy Action string 65

cert-type Certification type string 6

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

method Method string 64

msg Log Message string 4096

name Display Name of the Connection string 128

FortiOS 6.4.7 Log Reference 759


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

status Status string 23

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

41990 - LOG_ID_EVENT_VPN_CERT_UPDATE_FAILED

Message ID: 41990


Message Description: LOG_ID_EVENT_VPN_CERT_UPDATE_FAILED
Message Meaning: Certificate update failed
Type: Event
Category: VPN
Severity: Information

Log Field Name Description Data Type Length

action Policy Action string 65

cert-type Certification type string 6

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

method Method string 64

msg Log Message string 4096

name Display Name of the Connection string 128

reason Reason string 256

status Status string 23

subtype Log Subtype string 20

time Time string 8

FortiOS 6.4.7 Log Reference 760


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

41991 - LOG_ID_EVENT_VPN_CERT_EXPORT

Message ID: 41991


Message Description: LOG_ID_EVENT_VPN_CERT_EXPORT
Message Meaning: Certificate exported
Type: Event
Category: VPN
Severity: Information

Log Field Name Description Data Type Length

action Policy Action string 65

cert-type Certification type string 6

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

name Display Name of the Connection string 128

status Status string 23

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

ui User Interface string 64

user User name of authenticated user string 256

vd Virtual Domain Name string 32

FortiOS 6.4.7 Log Reference 761


Fortinet, Inc.
Log Messages

41992 - LOG_ID_EVENT_VPN_CERT_CRL_EXPIRED

Message ID: 41992


Message Description: LOG_ID_EVENT_VPN_CERT_CRL_EXPIRED
Message Meaning: CRL certificate file is expired
Type: Event
Category: VPN
Severity: Information

Log Field Name Description Data Type Length

action Policy Action string 65

cert-type Certification type string 6

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

method Method string 64

msg Log Message string 4096

name Display Name of the Connection string 128

status Status string 23

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

42201 - LOG_ID_NETX_VMX_ATTACH

Message ID: 42201


Message Description: LOG_ID_NETX_VMX_ATTACH
Message Meaning: VMX instance successfully attached
Type: Event
Category: SYSTEM

FortiOS 6.4.7 Log Reference 762


Fortinet, Inc.
Log Messages

Severity: Notice

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

42202 - LOG_ID_NETX_VMX_DETACH

Message ID: 42202


Message Description: LOG_ID_NETX_VMX_DETACH
Message Meaning: VMX instance successfully detached
Type: Event
Category: SYSTEM
Severity: Notice

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

FortiOS 6.4.7 Log Reference 763


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

42203 - LOG_ID_NETX_VMX_DENIED

Message ID: 42203


Message Description: LOG_ID_NETX_VMX_DENIED
Message Meaning: VMX instance successfully denied
Type: Event
Category: SYSTEM
Severity: Notice

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

43008 - LOG_ID_EVENT_AUTH_SUCCESS

Message ID: 43008


Message Description: LOG_ID_EVENT_AUTH_SUCCESS
Message Meaning: Authentication success
Type: Event

FortiOS 6.4.7 Log Reference 764


Fortinet, Inc.
Log Messages

Category: USER
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

authproto The protocol that initiated the authentication string 512

date Date string 10

devid Device ID string 16

dstip Destination IP ip 39

eventtime Event time uint64 20

group User group Name string 64

interface Interface string 32

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

policyid Policy ID uint32 10

reason Reason string 256

srcip Source IP ip 39

status Status string 23

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

vd Virtual Domain Name string 32

43009 - LOG_ID_EVENT_AUTH_FAILED

Message ID: 43009


Message Description: LOG_ID_EVENT_AUTH_FAILED
Message Meaning: Authentication failed
Type: Event
Category: USER
Severity: Notice

FortiOS 6.4.7 Log Reference 765


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

action Policy Action string 65

authproto The protocol that initiated the authentication string 512

date Date string 10

devid Device ID string 16

dstip Destination IP ip 39

eventtime Event time uint64 20

group User group Name string 64

interface Interface string 32

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

policyid Policy ID uint32 10

reason Reason string 256

srcip Source IP ip 39

status Status string 23

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

vd Virtual Domain Name string 32

43010 - LOG_ID_EVENT_AUTH_LOCKOUT

Message ID: 43010


Message Description: LOG_ID_EVENT_AUTH_LOCKOUT
Message Meaning: Authentication lockout
Type: Event
Category: USER
Severity: Warning

FortiOS 6.4.7 Log Reference 766


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

action Policy Action string 65

authproto The protocol that initiated the authentication string 512

date Date string 10

devid Device ID string 16

dstip Destination IP ip 39

eventtime Event time uint64 20

group User group Name string 64

interface Interface string 32

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

policyid Policy ID uint32 10

reason Reason string 256

srcip Source IP ip 39

status Status string 23

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

vd Virtual Domain Name string 32

43011 - LOG_ID_EVENT_AUTH_TIME_OUT

Message ID: 43011


Message Description: LOG_ID_EVENT_AUTH_TIME_OUT
Message Meaning: Authentication timed out
Type: Event
Category: USER
Severity: Notice

FortiOS 6.4.7 Log Reference 767


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

action Policy Action string 65

authproto The protocol that initiated the authentication string 512

authserver Remote Authentication server string 64

date Date string 10

devid Device ID string 16

dstip Destination IP ip 39

eventtime Event time uint64 20

group User group Name string 64

interface Interface string 32

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

policyid Policy ID uint32 10

reason Reason string 256

srcip Source IP ip 39

status Status string 23

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

vd Virtual Domain Name string 32

43014 - LOG_ID_EVENT_AUTH_FSAE_LOGON

Message ID: 43014


Message Description: LOG_ID_EVENT_AUTH_FSAE_LOGON
Message Meaning: FSSO logon authentication status
Type: Event
Category: USER
Severity: Notice

FortiOS 6.4.7 Log Reference 768


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

server AD server FQDN or IP string 64

srcip Source IP ip 39

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

vd Virtual Domain Name string 32

43015 - LOG_ID_EVENT_AUTH_FSAE_LOGOFF

Message ID: 43015


Message Description: LOG_ID_EVENT_AUTH_FSAE_LOGOFF
Message Meaning: FSSO log off authentication status
Type: Event
Category: USER
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

FortiOS 6.4.7 Log Reference 769


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

server AD server FQDN or IP string 64

srcip Source IP ip 39

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

vd Virtual Domain Name string 32

43016 - LOG_ID_EVENT_AUTH_NTLM_AUTH_SUCCESS

Message ID: 43016


Message Description: LOG_ID_EVENT_AUTH_NTLM_AUTH_SUCCESS
Message Meaning: NTLM authentication successful
Type: Event
Category: USER
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

adgroup AD Group Name of FSSO user string 128

authproto The protocol that initiated the authentication string 512

date Date string 10

devid Device ID string 16

dstip Destination IP ip 39

eventtime Event time uint64 20

group User group Name string 64

level Log Level string 11

logdesc Log Description string 4096

FortiOS 6.4.7 Log Reference 770


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

logid Log ID string 10

msg Log Message string 4096

policyid Policy ID uint32 10

reason Reason string 256

srcip Source IP ip 39

status Status string 23

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

vd Virtual Domain Name string 32

43017 - LOG_ID_EVENT_AUTH_NTLM_AUTH_FAIL

Message ID: 43017


Message Description: LOG_ID_EVENT_AUTH_NTLM_AUTH_FAIL
Message Meaning: NTLM authentication failed
Type: Event
Category: USER
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

adgroup AD Group Name of FSSO user string 128

authproto The protocol that initiated the authentication string 512

date Date string 10

devid Device ID string 16

dstip Destination IP ip 39

eventtime Event time uint64 20

group User group Name string 64

level Log Level string 11

FortiOS 6.4.7 Log Reference 771


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

policyid Policy ID uint32 10

reason Reason string 256

srcip Source IP ip 39

status Status string 23

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

vd Virtual Domain Name string 32

43018 - LOG_ID_EVENT_AUTH_FGOVRD_FAIL

Message ID: 43018


Message Description: LOG_ID_EVENT_AUTH_FGOVRD_FAIL
Message Meaning: FortiGuard override failed
Type: Event
Category: USER
Severity: Warning

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

dstip Destination IP ip 39

eventtime Event time uint64 20

initiator Original login user name for Fortiguard override string 64

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

FortiOS 6.4.7 Log Reference 772


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

msg Log Message string 4096

reason Reason string 256

srcip Source IP ip 39

status Status string 23

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

43020 - LOG_ID_EVENT_AUTH_FGOVRD_SUCCESS

Message ID: 43020


Message Description: LOG_ID_EVENT_AUTH_FGOVRD_SUCCESS
Message Meaning: FortiGuard override successful
Type: Event
Category: USER
Severity: Notice

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

dstip Destination IP ip 39

eventtime Event time uint64 20

expiry FortiGuard override expiry timestamp string 64

initiator Original login user name for Fortiguard override string 64

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

oldwprof Old Web Filter Profile string 64

reason Reason string 256

FortiOS 6.4.7 Log Reference 773


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

scope FortiGuard Override Scope string 16

srcip Source IP ip 39

status Status string 23

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

43025 - LOG_ID_EVENT_AUTH_PROXY_SUCCESS

Message ID: 43025


Message Description: LOG_ID_EVENT_AUTH_PROXY_SUCCESS
Message Meaning: Explicit proxy authentication successful
Type: Event
Category: USER
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

authid string 36

authproto The protocol that initiated the authentication string 512

date Date string 10

devid Device ID string 16

dstip Destination IP ip 39

eventtime Event time uint64 20

group User group Name string 64

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

reason Reason string 256

FortiOS 6.4.7 Log Reference 774


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

srcip Source IP ip 39

status Status string 23

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

vd Virtual Domain Name string 32

43026 - LOG_ID_EVENT_AUTH_PROXY_FAILED

Message ID: 43026


Message Description: LOG_ID_EVENT_AUTH_PROXY_FAILED
Message Meaning: Explicit proxy authentication failed
Type: Event
Category: USER
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

authid string 36

authproto The protocol that initiated the authentication string 512

date Date string 10

devid Device ID string 16

dstip Destination IP ip 39

eventtime Event time uint64 20

group User group Name string 64

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

reason Reason string 256

FortiOS 6.4.7 Log Reference 775


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

srcip Source IP ip 39

status Status string 23

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

vd Virtual Domain Name string 32

43027 - LOG_ID_EVENT_AUTH_PROXY_TIME_OUT

Message ID: 43027


Message Description: LOG_ID_EVENT_AUTH_PROXY_TIME_OUT
Message Meaning: Explicit proxy authentication timed out
Type: Event
Category: USER
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

authproto The protocol that initiated the authentication string 512

date Date string 10

devid Device ID string 16

dstip Destination IP ip 39

eventtime Event time uint64 20

group User group Name string 64

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

reason Reason string 256

srcip Source IP ip 39

FortiOS 6.4.7 Log Reference 776


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

status Status string 23

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

vd Virtual Domain Name string 32

43028 - LOG_ID_EVENT_AUTH_PROXY_GROUP_INFO_FAILED

Message ID: 43028


Message Description: LOG_ID_EVENT_AUTH_PROXY_GROUP_INFO_FAILED
Message Meaning: Explicit proxy user group query failed
Type: Event
Category: USER
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

authid string 36

authproto The protocol that initiated the authentication string 512

date Date string 10

devid Device ID string 16

dstip Destination IP ip 39

eventtime Event time uint64 20

group User group Name string 64

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

reason Reason string 256

srcip Source IP ip 39

FortiOS 6.4.7 Log Reference 777


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

status Status string 23

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

vd Virtual Domain Name string 32

43029 - LOG_ID_EVENT_AUTH_WARNING_SUCCESS

Message ID: 43029


Message Description: LOG_ID_EVENT_AUTH_WARNING_SUCCESS
Message Meaning: FortiGuard authentication override successful
Type: Event
Category: USER
Severity: Notice

Log Field Name Description Data Type Length

category Log category uint32 10

date Date string 10

devid Device ID string 16

dstip Destination IP ip 39

eventtime Event time uint64 20

expiry FortiGuard override expiry timestamp string 64

initiator Original login user name for Fortiguard override string 64

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

oldwprof Old Web Filter Profile string 64

reason Reason string 256

scope FortiGuard Override Scope string 16

FortiOS 6.4.7 Log Reference 778


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

srcip Source IP ip 39

status Status string 23

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

43030 - LOG_ID_EVENT_AUTH_WARNING_TBL_FULL

Message ID: 43030


Message Description: LOG_ID_EVENT_AUTH_WARNING_TBL_FULL
Message Meaning: FortiGuard authentication override failed
Type: Event
Category: USER
Severity: Warning

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

dstip Destination IP ip 39

eventtime Event time uint64 20

initiator Original login user name for Fortiguard override string 64

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

reason Reason string 256

srcip Source IP ip 39

status Status string 23

subtype Log Subtype string 20

time Time string 8

FortiOS 6.4.7 Log Reference 779


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

43032 - LOG_ID_EVENT_AUTH_PROXY_USER_LIMIT_REACHED

Message ID: 43032


Message Description: LOG_ID_EVENT_AUTH_PROXY_USER_LIMIT_REACHED
Message Meaning: Explicit proxy authentication user limit reached
Type: Event
Category: USER
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

authid string 36

authproto The protocol that initiated the authentication string 512

date Date string 10

devid Device ID string 16

dstip Destination IP ip 39

eventtime Event time uint64 20

group User group Name string 64

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

reason Reason string 256

srcip Source IP ip 39

status Status string 23

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

FortiOS 6.4.7 Log Reference 780


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

tz Time zone string 5

user User name of authenticated user string 256

vd Virtual Domain Name string 32

43033 - LOG_ID_EVENT_AUTH_PROXY_MULTIPLE_LOGIN

Message ID: 43033


Message Description: LOG_ID_EVENT_AUTH_PROXY_MULTIPLE_LOGIN
Message Meaning: Explicit proxy authentication user concurrent check failed
Type: Event
Category: USER
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

authid string 36

authproto The protocol that initiated the authentication string 512

date Date string 10

devid Device ID string 16

dstip Destination IP ip 39

eventtime Event time uint64 20

group User group Name string 64

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

reason Reason string 256

srcip Source IP ip 39

status Status string 23

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

FortiOS 6.4.7 Log Reference 781


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

tz Time zone string 5

user User name of authenticated user string 256

vd Virtual Domain Name string 32

43034 - LOG_ID_EVENT_AUTH_PROXY_NO_RESP

Message ID: 43034


Message Description: LOG_ID_EVENT_AUTH_PROXY_NO_RESP
Message Meaning: Explicit proxy authentication no response
Type: Event
Category: USER
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

agent SNMP agent string 64

date Date string 10

devid Device ID string 16

dstip Destination IP ip 39

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

policyid Policy ID uint32 10

srcip Source IP ip 39

status Status string 23

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

url URL string 512

vd Virtual Domain Name string 32

FortiOS 6.4.7 Log Reference 782


Fortinet, Inc.
Log Messages

43037 - LOG_ID_EVENT_AUTH_IPV4_FLUSH

Message ID: 43037


Message Description: LOG_ID_EVENT_AUTH_IPV4_FLUSH
Message Meaning: Authentication IPv4 logon flush
Type: Event
Category: USER
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

status Status string 23

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

43038 - LOG_ID_EVENT_AUTH_IPV6_FLUSH

Message ID: 43038


Message Description: LOG_ID_EVENT_AUTH_IPV6_FLUSH
Message Meaning: Authentication IPv6 logon flush
Type: Event
Category: USER
Severity: Notice

FortiOS 6.4.7 Log Reference 783


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

status Status string 23

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

43039 - LOG_ID_EVENT_AUTH_LOGON

Message ID: 43039


Message Description: LOG_ID_EVENT_AUTH_LOGON
Message Meaning: Authentication logon
Type: Event
Category: USER
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

authserver Remote Authentication server string 64

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

FortiOS 6.4.7 Log Reference 784


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

logid Log ID string 10

msg Log Message string 4096

srcip Source IP ip 39

status Status string 23

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

vd Virtual Domain Name string 32

43040 - LOG_ID_EVENT_AUTH_LOGOUT

Message ID: 43040


Message Description: LOG_ID_EVENT_AUTH_LOGOUT
Message Meaning: Authentication logout
Type: Event
Category: USER
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

authserver Remote Authentication server string 64

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

srcip Source IP ip 39

status Status string 23

FortiOS 6.4.7 Log Reference 785


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

vd Virtual Domain Name string 32

43041 - LOG_ID_EVENT_AUTH_DISCLAIMER_ACCEPT

Message ID: 43041


Message Description: LOG_ID_EVENT_AUTH_DISCLAIMER_ACCEPT
Message Meaning: Disclaimer accepted
Type: Event
Category: USER
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

authproto The protocol that initiated the authentication string 512

date Date string 10

devid Device ID string 16

dstip Destination IP ip 39

eventtime Event time uint64 20

group User group Name string 64

interface Interface string 32

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

policyid Policy ID uint32 10

reason Reason string 256

srcip Source IP ip 39

FortiOS 6.4.7 Log Reference 786


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

status Status string 23

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

vd Virtual Domain Name string 32

43042 - LOG_ID_EVENT_AUTH_DISCLAIMER_DECLINE

Message ID: 43042


Message Description: LOG_ID_EVENT_AUTH_DISCLAIMER_DECLINE
Message Meaning: Disclaimer declined
Type: Event
Category: USER
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

authproto The protocol that initiated the authentication string 512

date Date string 10

devid Device ID string 16

dstip Destination IP ip 39

eventtime Event time uint64 20

group User group Name string 64

interface Interface string 32

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

policyid Policy ID uint32 10

reason Reason string 256

FortiOS 6.4.7 Log Reference 787


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

srcip Source IP ip 39

status Status string 23

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

vd Virtual Domain Name string 32

43043 - LOG_ID_EVENT_AUTH_EMAIL_COLLECTING_SUCCESS

Message ID: 43043


Message Description: LOG_ID_EVENT_AUTH_EMAIL_COLLECTING_SUCCESS
Message Meaning: Email collecting succeeded
Type: Event
Category: USER
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

authproto The protocol that initiated the authentication string 512

date Date string 10

devid Device ID string 16

dstip Destination IP ip 39

eventtime Event time uint64 20

group User group Name string 64

interface Interface string 32

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

policyid Policy ID uint32 10

FortiOS 6.4.7 Log Reference 788


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

reason Reason string 256

srcip Source IP ip 39

status Status string 23

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

vd Virtual Domain Name string 32

43044 - LOG_ID_EVENT_AUTH_EMAIL_COLLECTING_FAIL

Message ID: 43044


Message Description: LOG_ID_EVENT_AUTH_EMAIL_COLLECTING_FAIL
Message Meaning: Email collecting failed
Type: Event
Category: USER
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

authproto The protocol that initiated the authentication string 512

date Date string 10

devid Device ID string 16

dstip Destination IP ip 39

eventtime Event time uint64 20

group User group Name string 64

interface Interface string 32

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

FortiOS 6.4.7 Log Reference 789


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

policyid Policy ID uint32 10

reason Reason string 256

srcip Source IP ip 39

status Status string 23

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

vd Virtual Domain Name string 32

43045 - LOG_ID_EVENT_AUTH_8021X_SUCCESS

Message ID: 43045


Message Description: LOG_ID_EVENT_AUTH_8021X_SUCCESS
Message Meaning: 802.1x authentication succeeded
Type: Event
Category: USER
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

interface Interface string 32

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

reason Reason string 256

stamac The MAC address of wifi station string 17

FortiOS 6.4.7 Log Reference 790


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

status Status string 23

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

vd Virtual Domain Name string 32

43046 - LOG_ID_EVENT_AUTH_8021X_FAIL

Message ID: 43046


Message Description: LOG_ID_EVENT_AUTH_8021X_FAIL
Message Meaning: 802.1x authentication failed
Type: Event
Category: USER
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

interface Interface string 32

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

reason Reason string 256

stamac The MAC address of wifi station string 17

status Status string 23

subtype Log Subtype string 20

time Time string 8

FortiOS 6.4.7 Log Reference 791


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

vd Virtual Domain Name string 32

43050 - LOG_ID_EVENT_AUTH_FSAE_CONNECT

Message ID: 43050


Message Description: LOG_ID_EVENT_AUTH_FSAE_CONNECT
Message Meaning: FSSO server connected
Type: Event
Category: USER
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

server AD server FQDN or IP string 64

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

43051 - LOG_ID_EVENT_AUTH_FSAE_DISCONNECT

Message ID: 43051


Message Description: LOG_ID_EVENT_AUTH_FSAE_DISCONNECT

FortiOS 6.4.7 Log Reference 792


Fortinet, Inc.
Log Messages

Message Meaning: FSSO server disconnected


Type: Event
Category: USER
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

server AD server FQDN or IP string 64

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

43520 - LOG_ID_EVENT_WIRELESS_SYS

Message ID: 43520


Message Description: LOG_ID_EVENT_WIRELESS_SYS
Message Meaning: Wireless system activity
Type: Event
Category: WIRELESS
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

FortiOS 6.4.7 Log Reference 793


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

43521 - LOG_ID_EVENT_WIRELESS_ROGUE

Message ID: 43521


Message Description: LOG_ID_EVENT_WIRELESS_ROGUE
Message Meaning: Rogue AP activity
Type: Event
Category: WIRELESS
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

age Time in seconds - time passed since last seen uint32 10

apscan The name of AP to detect rogue ap string 36

apstatus Rogue AP status like unclassify(0), rogue(1), accept(2), uint8 3


suppress(3)

aptype The AP type is Ad-hoc mode or regular AP mode uint8 3

bssid Basic service set ID string 17

channel Channel uint8 3

date Date string 10

detectionmethod Detection Method string 21

devid Device ID string 16

encryption The encryption type of detected rogue AP string 12

FortiOS 6.4.7 Log Reference 794


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

eventtime Event time uint64 20

level Log Level string 11

live Time in seconds uint32 10

logdesc Log Description string 4096

logid Log ID string 10

manuf Manufacturer name string 20

msg Log Message string 4096

noise WiFi signal noise level int8 4

onwire The rogue ap is onwire or not string 3

radioband The operating radio band string 64

radioidclosest The radio ID on the AP closest with the detected rogue ap uint8 3

radioiddetected The radio ID on the AP which detected the rogue ap uint8 3

rate WiFi band width rate uint16 6

security Security string 40

signal The signal value of SSID or client int8 4

snclosest SN of the AP closest to the rogue AP string 36

sndetected SN of the AP which detected the rogue AP string 36

ssid WiFi Service Set ID string 33

stacount The count of wifi stations uint32 10

stamac The MAC address of wifi station string 17

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

43522 - LOG_ID_EVENT_WIRELESS_WTP

Message ID: 43522


Message Description: LOG_ID_EVENT_WIRELESS_WTP
Message Meaning: Physical AP activity
Type: Event
Category: WIRELESS

FortiOS 6.4.7 Log Reference 795


Fortinet, Inc.
Log Messages

Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

ap Access Point string 36

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

ip ip 39

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

meshmode Mesh mode string 19

msg Log Message string 4096

profile Profile Name string 64

reason Reason string 256

sn Serial Number string 64

snmeshparent SN of the mesh parent string 36

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

43524 - LOG_ID_EVENT_WIRELESS_STA

Message ID: 43524


Message Description: LOG_ID_EVENT_WIRELESS_STA
Message Meaning: Wireless client activity
Type: Event
Category: WIRELESS
Severity: Notice

FortiOS 6.4.7 Log Reference 796


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

action Policy Action string 65

ap Access Point string 36

channel Channel uint8 3

date Date string 10

devid Device ID string 16

encryption The encryption type of detected rogue AP string 12

eventtime Event time uint64 20

group User group Name string 64

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

mpsk Multiple pre-shared keys string 33

msg Log Message string 4096

radioband The operating radio band string 64

radioid The operating radio ID uint8 3

reason Reason string 256

security Security string 40

signal The signal value of SSID or client int8 4

sn Serial Number string 64

snr int8 4

srcip Source IP ip 39

ssid WiFi Service Set ID string 33

stamac The MAC address of wifi station string 17

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

vap Virtual Access Point string 36

vd Virtual Domain Name string 32

FortiOS 6.4.7 Log Reference 797


Fortinet, Inc.
Log Messages

43525 - LOG_ID_EVENT_WIRELESS_ONWIRE

Message ID: 43525


Message Description: LOG_ID_EVENT_WIRELESS_ONWIRE
Message Meaning: Rogue AP on wire
Type: Event
Category: WIRELESS
Severity: Warning

Log Field Name Description Data Type Length

action Policy Action string 65

age Time in seconds - time passed since last seen uint32 10

apscan The name of AP to detect rogue ap string 36

apstatus Rogue AP status like unclassify(0), rogue(1), accept(2), uint8 3


suppress(3)

aptype The AP type is Ad-hoc mode or regular AP mode uint8 3

bssid Basic service set ID string 17

channel Channel uint8 3

date Date string 10

detectionmethod Detection Method string 21

devid Device ID string 16

encryption The encryption type of detected rogue AP string 12

eventtime Event time uint64 20

level Log Level string 11

live Time in seconds uint32 10

logdesc Log Description string 4096

logid Log ID string 10

manuf Manufacturer name string 20

msg Log Message string 4096

noise WiFi signal noise level int8 4

onwire The rogue ap is onwire or not string 3

radioband The operating radio band string 64

radioidclosest The radio ID on the AP closest with the detected rogue ap uint8 3

radioiddetected The radio ID on the AP which detected the rogue ap uint8 3

FortiOS 6.4.7 Log Reference 798


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

rate WiFi band width rate uint16 6

security Security string 40

signal The signal value of SSID or client int8 4

snclosest SN of the AP closest to the rogue AP string 36

sndetected SN of the AP which detected the rogue AP string 36

ssid WiFi Service Set ID string 33

stacount The count of wifi stations uint32 10

stamac The MAC address of wifi station string 17

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

43526 - LOG_ID_EVENT_WIRELESS_WTPR

Message ID: 43526


Message Description: LOG_ID_EVENT_WIRELESS_WTPR
Message Meaning: Physical AP radio activity
Type: Event
Category: WIRELESS
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

ap Access Point string 36

bandwidth Bandwidth string 42

cfgtxpower Config TX power uint32 10

configcountry Config Country string 4

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

FortiOS 6.4.7 Log Reference 799


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

ip ip 39

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

opercountry The name of operating country on a AP string 4

operdrmamode string 10

opertxpower The value of operating tx power uint32 10

radioband The operating radio band string 64

radioid The operating radio ID uint8 3

slctdrmamode string 10

sn Serial Number string 64

ssid WiFi Service Set ID string 33

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

43527 - LOG_ID_EVENT_WIRELESS_ROGUE_CFG

Message ID: 43527


Message Description: LOG_ID_EVENT_WIRELESS_ROGUE_CFG
Message Meaning: Rogue AP status configured
Type: Event
Category: WIRELESS
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

apstatus Rogue AP status like unclassify(0), rogue(1), accept(2), uint8 3


suppress(3)

bssid Basic service set ID string 17

FortiOS 6.4.7 Log Reference 800


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

ssid WiFi Service Set ID string 33

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

43528 - LOG_ID_EVENT_WIRELESS_WTPR_ERROR

Message ID: 43528


Message Description: LOG_ID_EVENT_WIRELESS_WTPR_ERROR
Message Meaning: Physical AP radio error activity
Type: Event
Category: WIRELESS
Severity: Error

Log Field Name Description Data Type Length

action Policy Action string 65

ap Access Point string 36

bandwidth Bandwidth string 42

cfgtxpower Config TX power uint32 10

configcountry Config Country string 4

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

FortiOS 6.4.7 Log Reference 801


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

ip ip 39

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

opercountry The name of operating country on a AP string 4

operdrmamode string 10

opertxpower The value of operating tx power uint32 10

radioband The operating radio band string 64

radioid The operating radio ID uint8 3

slctdrmamode string 10

sn Serial Number string 64

ssid WiFi Service Set ID string 33

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

43529 - LOG_ID_EVENT_WIRELESS_CLB

Message ID: 43529


Message Description: LOG_ID_EVENT_WIRELESS_CLB
Message Meaning: Wireless client load balancing
Type: Event
Category: WIRELESS
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

ap Access Point string 36

date Date string 10

FortiOS 6.4.7 Log Reference 802


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

radioband The operating radio band string 64

reason Reason string 256

sn Serial Number string 64

ssid WiFi Service Set ID string 33

stacount The count of wifi stations uint32 10

stamac The MAC address of wifi station string 17

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vap Virtual Access Point string 36

vd Virtual Domain Name string 32

43530 - LOG_ID_EVENT_WIRELESS_WIDS_WL_BRIDGE

Message ID: 43530


Message Description: LOG_ID_EVENT_WIRELESS_WIDS_WL_BRIDGE
Message Meaning: Wireless bridge intrusion detected
Type: Event
Category: WIRELESS
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

age Time in seconds - time passed since last seen uint32 10

bssid Basic service set ID string 17

FortiOS 6.4.7 Log Reference 803


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

channel Channel uint8 3

date Date string 10

devid Device ID string 16

ds Direction with distribution system string 8

encrypt The packet is encrypted or not uint8 3

eventtime Event time uint64 20

frametype Frame Type string 32

level Log Level string 11

live Time in seconds uint32 10

logdesc Log Description string 4096

logid Log ID string 10

manuf Manufacturer name string 20

msg Log Message string 4096

radioiddetected The radio ID on the AP which detected the rogue ap uint8 3

rssi The value of Received signal strength indicator uint8 3

seq Sequence string 512

sndetected SN of the AP which detected the rogue AP string 36

subtype Log Subtype string 20

tamac The MAC address of Transmitter. If none, then Receiver string 17

threattype WIDS threat type string 64

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

43531 - LOG_ID_EVENT_WIRELESS_WIDS_BR_DEAUTH

Message ID: 43531


Message Description: LOG_ID_EVENT_WIRELESS_WIDS_BR_DEAUTH
Message Meaning: Wireless broadcasting deauthentication detected
Type: Event
Category: WIRELESS
Severity: Notice

FortiOS 6.4.7 Log Reference 804


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

action Policy Action string 65

age Time in seconds - time passed since last seen uint32 10

bssid Basic service set ID string 17

channel Channel uint8 3

date Date string 10

devid Device ID string 16

ds Direction with distribution system string 8

encrypt The packet is encrypted or not uint8 3

eventtime Event time uint64 20

frametype Frame Type string 32

level Log Level string 11

live Time in seconds uint32 10

logdesc Log Description string 4096

logid Log ID string 10

manuf Manufacturer name string 20

msg Log Message string 4096

radioiddetected The radio ID on the AP which detected the rogue ap uint8 3

rssi The value of Received signal strength indicator uint8 3

seq Sequence string 512

sndetected SN of the AP which detected the rogue AP string 36

subtype Log Subtype string 20

tamac The MAC address of Transmitter. If none, then Receiver string 17

threattype WIDS threat type string 64

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

43532 - LOG_ID_EVENT_WIRELESS_WIDS_NL_PBRESP

Message ID: 43532


Message Description: LOG_ID_EVENT_WIRELESS_WIDS_NL_PBRESP

FortiOS 6.4.7 Log Reference 805


Fortinet, Inc.
Log Messages

Message Meaning: Wireless null SSID probe response detected


Type: Event
Category: WIRELESS
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

age Time in seconds - time passed since last seen uint32 10

bssid Basic service set ID string 17

channel Channel uint8 3

date Date string 10

devid Device ID string 16

ds Direction with distribution system string 8

encrypt The packet is encrypted or not uint8 3

eventtime Event time uint64 20

frametype Frame Type string 32

level Log Level string 11

live Time in seconds uint32 10

logdesc Log Description string 4096

logid Log ID string 10

manuf Manufacturer name string 20

msg Log Message string 4096

radioiddetected The radio ID on the AP which detected the rogue ap uint8 3

rssi The value of Received signal strength indicator uint8 3

seq Sequence string 512

sndetected SN of the AP which detected the rogue AP string 36

subtype Log Subtype string 20

tamac The MAC address of Transmitter. If none, then Receiver string 17

threattype WIDS threat type string 64

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

FortiOS 6.4.7 Log Reference 806


Fortinet, Inc.
Log Messages

43533 - LOG_ID_EVENT_WIRELESS_WIDS_MAC_OUI

Message ID: 43533


Message Description: LOG_ID_EVENT_WIRELESS_WIDS_MAC_OUI
Message Meaning: Wireless invalid MAC OUI detected
Type: Event
Category: WIRELESS
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

age Time in seconds - time passed since last seen uint32 10

bssid Basic service set ID string 17

channel Channel uint8 3

date Date string 10

devid Device ID string 16

ds Direction with distribution system string 8

encrypt The packet is encrypted or not uint8 3

eventtime Event time uint64 20

frametype Frame Type string 32

invalidmac Detected MAC address with invalid OUI string 17

level Log Level string 11

live Time in seconds uint32 10

logdesc Log Description string 4096

logid Log ID string 10

manuf Manufacturer name string 20

msg Log Message string 4096

radioiddetected The radio ID on the AP which detected the rogue ap uint8 3

rssi The value of Received signal strength indicator uint8 3

seq Sequence string 512

sndetected SN of the AP which detected the rogue AP string 36

subtype Log Subtype string 20

tamac The MAC address of Transmitter. If none, then Receiver string 17

FortiOS 6.4.7 Log Reference 807


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

threattype WIDS threat type string 64

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

43534 - LOG_ID_EVENT_WIRELESS_WIDS_LONG_DUR

Message ID: 43534


Message Description: LOG_ID_EVENT_WIRELESS_WIDS_LONG_DUR
Message Meaning: Wireless long duration attack detected
Type: Event
Category: WIRELESS
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

age Time in seconds - time passed since last seen uint32 10

bssid Basic service set ID string 17

channel Channel uint8 3

date Date string 10

devid Device ID string 16

ds Direction with distribution system string 8

duration Duration of the last threatening packed captured from TA uint32 10

encrypt The packet is encrypted or not uint8 3

eventtime Event time uint64 20

frametype Frame Type string 32

level Log Level string 11

live Time in seconds uint32 10

logdesc Log Description string 4096

logid Log ID string 10

manuf Manufacturer name string 20

FortiOS 6.4.7 Log Reference 808


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

msg Log Message string 4096

radioiddetected The radio ID on the AP which detected the rogue ap uint8 3

rssi The value of Received signal strength indicator uint8 3

seq Sequence string 512

sndetected SN of the AP which detected the rogue AP string 36

subtype Log Subtype string 20

tamac The MAC address of Transmitter. If none, then Receiver string 17

threattype WIDS threat type string 64

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

43535 - LOG_ID_EVENT_WIRELESS_WIDS_WEP_IV

Message ID: 43535


Message Description: LOG_ID_EVENT_WIRELESS_WIDS_WEP_IV
Message Meaning: Wireless Weak WEP IV detected
Type: Event
Category: WIRELESS
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

age Time in seconds - time passed since last seen uint32 10

bssid Basic service set ID string 17

channel Channel uint8 3

date Date string 10

devid Device ID string 16

ds Direction with distribution system string 8

encrypt The packet is encrypted or not uint8 3

eventtime Event time uint64 20

FortiOS 6.4.7 Log Reference 809


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

frametype Frame Type string 32

level Log Level string 11

live Time in seconds uint32 10

logdesc Log Description string 4096

logid Log ID string 10

manuf Manufacturer name string 20

msg Log Message string 4096

radioiddetected The radio ID on the AP which detected the rogue ap uint8 3

rssi The value of Received signal strength indicator uint8 3

seq Sequence string 512

sndetected SN of the AP which detected the rogue AP string 36

subtype Log Subtype string 20

tamac The MAC address of Transmitter. If none, then Receiver string 17

threattype WIDS threat type string 64

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

weakwepiv Weak Wep Initiation Vector string 8

43542 - LOG_ID_EVENT_WIRELESS_WIDS_EAPOL_FLOOD

Message ID: 43542


Message Description: LOG_ID_EVENT_WIRELESS_WIDS_EAPOL_FLOOD
Message Meaning: Wireless EAPOL packet flooding detected
Type: Event
Category: WIRELESS
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

FortiOS 6.4.7 Log Reference 810


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

devid Device ID string 16

eapolcnt The count of EAPOL packets uint32 10

eapoltype The packet type of EAPOL string 16

eventtime Event time uint64 20

level Log Level string 11

live Time in seconds uint32 10

logdesc Log Description string 4096

logid Log ID string 10

manuf Manufacturer name string 20

msg Log Message string 4096

radioiddetected The radio ID on the AP which detected the rogue ap uint8 3

sndetected SN of the AP which detected the rogue AP string 36

subtype Log Subtype string 20

tamac The MAC address of Transmitter. If none, then Receiver string 17

threattype WIDS threat type string 64

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

43544 - LOG_ID_EVENT_WIRELESS_WIDS_MGMT_FLOOD

Message ID: 43544


Message Description: LOG_ID_EVENT_WIRELESS_WIDS_MGMT_FLOOD
Message Meaning: Wireless management flooding detected
Type: Event
Category: WIRELESS
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

age Time in seconds - time passed since last seen uint32 10

FortiOS 6.4.7 Log Reference 811


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

bssid Basic service set ID string 17

channel Channel uint8 3

date Date string 10

devid Device ID string 16

ds Direction with distribution system string 8

eventtime Event time uint64 20

frametype Frame Type string 32

level Log Level string 11

live Time in seconds uint32 10

logdesc Log Description string 4096

logid Log ID string 10

manuf Manufacturer name string 20

mgmtcnt The number of unauthorized client flooding managemet uint32 10


frames

msg Log Message string 4096

radioiddetected The radio ID on the AP which detected the rogue ap uint8 3

rssi The value of Received signal strength indicator uint8 3

sndetected SN of the AP which detected the rogue AP string 36

subtype Log Subtype string 20

tamac The MAC address of Transmitter. If none, then Receiver string 17

threattype WIDS threat type string 64

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

43546 - LOG_ID_EVENT_WIRELESS_WIDS_SPOOF_DEAUTH

Message ID: 43546


Message Description: LOG_ID_EVENT_WIRELESS_WIDS_SPOOF_DEAUTH
Message Meaning: Wireless spoofed deauthentication detected
Type: Event
Category: WIRELESS

FortiOS 6.4.7 Log Reference 812


Fortinet, Inc.
Log Messages

Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

age Time in seconds - time passed since last seen uint32 10

bssid Basic service set ID string 17

channel Channel uint8 3

date Date string 10

devid Device ID string 16

ds Direction with distribution system string 8

encrypt The packet is encrypted or not uint8 3

eventtime Event time uint64 20

frametype Frame Type string 32

level Log Level string 11

live Time in seconds uint32 10

logdesc Log Description string 4096

logid Log ID string 10

manuf Manufacturer name string 20

msg Log Message string 4096

radioiddetected The radio ID on the AP which detected the rogue ap uint8 3

rssi The value of Received signal strength indicator uint8 3

seq Sequence string 512

sndetected SN of the AP which detected the rogue AP string 36

subtype Log Subtype string 20

tamac The MAC address of Transmitter. If none, then Receiver string 17

threattype WIDS threat type string 64

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

43548 - LOG_ID_EVENT_WIRELESS_WIDS_ASLEAP

Message ID: 43548

FortiOS 6.4.7 Log Reference 813


Fortinet, Inc.
Log Messages

Message Description: LOG_ID_EVENT_WIRELESS_WIDS_ASLEAP


Message Meaning: Wireless Asleap attack detected
Type: Event
Category: WIRELESS
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

age Time in seconds - time passed since last seen uint32 10

bssid Basic service set ID string 17

channel Channel uint8 3

date Date string 10

devid Device ID string 16

ds Direction with distribution system string 8

encrypt The packet is encrypted or not uint8 3

eventtime Event time uint64 20

frametype Frame Type string 32

level Log Level string 11

live Time in seconds uint32 10

logdesc Log Description string 4096

logid Log ID string 10

manuf Manufacturer name string 20

msg Log Message string 4096

radioiddetected The radio ID on the AP which detected the rogue ap uint8 3

rssi The value of Received signal strength indicator uint8 3

seq Sequence string 512

sndetected SN of the AP which detected the rogue AP string 36

subtype Log Subtype string 20

tamac The MAC address of Transmitter. If none, then Receiver string 17

threattype WIDS threat type string 64

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

FortiOS 6.4.7 Log Reference 814


Fortinet, Inc.
Log Messages

43550 - LOG_ID_EVENT_WIRELESS_STA_LOCATE

Message ID: 43550


Message Description: LOG_ID_EVENT_WIRELESS_STA_LOCATE
Message Meaning: Wireless station presence detection
Type: Event
Category: WIRELESS
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

ap Access Point string 36

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

noise WiFi signal noise level int8 4

radioband The operating radio band string 64

radioid The operating radio ID uint8 3

signal The signal value of SSID or client int8 4

sn Serial Number string 64

stamac The MAC address of wifi station string 17

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

43551 - LOG_ID_EVENT_WIRELESS_WTP_JOIN

Message ID: 43551


Message Description: LOG_ID_EVENT_WIRELESS_WTP_JOIN

FortiOS 6.4.7 Log Reference 815


Fortinet, Inc.
Log Messages

Message Meaning: Physical AP join


Type: Event
Category: WIRELESS
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

ap Access Point string 36

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

ip ip 39

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

meshmode Mesh mode string 19

msg Log Message string 4096

profile Profile Name string 64

reason Reason string 256

sn Serial Number string 64

snmeshparent SN of the mesh parent string 36

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

43552 - LOG_ID_EVENT_WIRELESS_WTP_LEAVE

Message ID: 43552


Message Description: LOG_ID_EVENT_WIRELESS_WTP_LEAVE
Message Meaning: Physical AP leave
Type: Event
Category: WIRELESS
Severity: Notice

FortiOS 6.4.7 Log Reference 816


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

action Policy Action string 65

ap Access Point string 36

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

ip ip 39

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

meshmode Mesh mode string 19

msg Log Message string 4096

profile Profile Name string 64

reason Reason string 256

sn Serial Number string 64

snmeshparent SN of the mesh parent string 36

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

43553 - LOG_ID_EVENT_WIRELESS_WTP_FAIL

Message ID: 43553


Message Description: LOG_ID_EVENT_WIRELESS_WTP_FAIL
Message Meaning: Physical AP fail
Type: Event
Category: WIRELESS
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

FortiOS 6.4.7 Log Reference 817


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

ap Access Point string 36

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

ip ip 39

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

meshmode Mesh mode string 19

msg Log Message string 4096

profile Profile Name string 64

reason Reason string 256

sn Serial Number string 64

snmeshparent SN of the mesh parent string 36

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

43554 - LOG_ID_EVENT_WIRELESS_WTP_UPDATE

Message ID: 43554


Message Description: LOG_ID_EVENT_WIRELESS_WTP_UPDATE
Message Meaning: Physical AP update
Type: Event
Category: WIRELESS
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

ap Access Point string 36

FortiOS 6.4.7 Log Reference 818


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

ip ip 39

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

meshmode Mesh mode string 19

msg Log Message string 4096

profile Profile Name string 64

reason Reason string 256

sn Serial Number string 64

snmeshparent SN of the mesh parent string 36

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

43555 - LOG_ID_EVENT_WIRELESS_WTP_RESET

Message ID: 43555


Message Description: LOG_ID_EVENT_WIRELESS_WTP_RESET
Message Meaning: Physical AP reset
Type: Event
Category: WIRELESS
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

ap Access Point string 36

date Date string 10

FortiOS 6.4.7 Log Reference 819


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

devid Device ID string 16

eventtime Event time uint64 20

ip ip 39

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

meshmode Mesh mode string 19

msg Log Message string 4096

profile Profile Name string 64

reason Reason string 256

sn Serial Number string 64

snmeshparent SN of the mesh parent string 36

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

43556 - LOG_ID_EVENT_WIRELESS_WTP_KICK

Message ID: 43556


Message Description: LOG_ID_EVENT_WIRELESS_WTP_KICK
Message Meaning: Physical AP kick
Type: Event
Category: WIRELESS
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

ap Access Point string 36

date Date string 10

devid Device ID string 16

FortiOS 6.4.7 Log Reference 820


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

eventtime Event time uint64 20

ip ip 39

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

meshmode Mesh mode string 19

msg Log Message string 4096

profile Profile Name string 64

reason Reason string 256

sn Serial Number string 64

snmeshparent SN of the mesh parent string 36

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

43557 - LOG_ID_EVENT_WIRELESS_WTP_ADD_FAILURE

Message ID: 43557


Message Description: LOG_ID_EVENT_WIRELESS_WTP_ADD_FAILURE
Message Meaning: Physical AP add failure
Type: Event
Category: WIRELESS
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

ap Access Point string 36

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

FortiOS 6.4.7 Log Reference 821


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

ip ip 39

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

meshmode Mesh mode string 19

msg Log Message string 4096

profile Profile Name string 64

reason Reason string 256

sn Serial Number string 64

snmeshparent SN of the mesh parent string 36

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

43558 - LOG_ID_EVENT_WIRELESS_WTP_CFG_ERR

Message ID: 43558


Message Description: LOG_ID_EVENT_WIRELESS_WTP_CFG_ERR
Message Meaning: Physical AP config error
Type: Event
Category: WIRELESS
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

ap Access Point string 36

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

ip ip 39

FortiOS 6.4.7 Log Reference 822


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

meshmode Mesh mode string 19

msg Log Message string 4096

profile Profile Name string 64

reason Reason string 256

sn Serial Number string 64

snmeshparent SN of the mesh parent string 36

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

43559 - LOG_ID_EVENT_WIRELESS_WTP_SN_MISMATCH

Message ID: 43559


Message Description: LOG_ID_EVENT_WIRELESS_WTP_SN_MISMATCH
Message Meaning: Physical AP SN mismatch
Type: Event
Category: WIRELESS
Severity: Warning

Log Field Name Description Data Type Length

action Policy Action string 65

ap Access Point string 36

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

ip ip 39

level Log Level string 11

FortiOS 6.4.7 Log Reference 823


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

logdesc Log Description string 4096

logid Log ID string 10

meshmode Mesh mode string 19

msg Log Message string 4096

profile Profile Name string 64

reason Reason string 256

sn Serial Number string 64

snmeshparent SN of the mesh parent string 36

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

43560 - LOG_ID_EVENT_WIRELESS_SYS_AC_RESTARTED

Message ID: 43560


Message Description: LOG_ID_EVENT_WIRELESS_SYS_AC_RESTARTED
Message Meaning: Wireless system restarted
Type: Event
Category: WIRELESS
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

FortiOS 6.4.7 Log Reference 824


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

43561 - LOG_ID_EVENT_WIRELESS_SYS_AC_HOSTAPD_UP

Message ID: 43561


Message Description: LOG_ID_EVENT_WIRELESS_SYS_AC_HOSTAPD_UP
Message Meaning: Wireless system hostapd up
Type: Event
Category: WIRELESS
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

43562 - LOG_ID_EVENT_WIRELESS_SYS_AC_HOSTAPD_DOWN

Message ID: 43562


Message Description: LOG_ID_EVENT_WIRELESS_SYS_AC_HOSTAPD_DOWN

FortiOS 6.4.7 Log Reference 825


Fortinet, Inc.
Log Messages

Message Meaning: Wireless system hostapd down


Type: Event
Category: WIRELESS
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

43563 - LOG_ID_EVENT_WIRELESS_ROGUE_DETECT

Message ID: 43563


Message Description: LOG_ID_EVENT_WIRELESS_ROGUE_DETECT
Message Meaning: Rogue AP detected
Type: Event
Category: WIRELESS
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

age Time in seconds - time passed since last seen uint32 10

apscan The name of AP to detect rogue ap string 36

apstatus Rogue AP status like unclassify(0), rogue(1), accept(2), uint8 3


suppress(3)

FortiOS 6.4.7 Log Reference 826


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

aptype The AP type is Ad-hoc mode or regular AP mode uint8 3

bssid Basic service set ID string 17

channel Channel uint8 3

date Date string 10

detectionmethod Detection Method string 21

devid Device ID string 16

encryption The encryption type of detected rogue AP string 12

eventtime Event time uint64 20

level Log Level string 11

live Time in seconds uint32 10

logdesc Log Description string 4096

logid Log ID string 10

manuf Manufacturer name string 20

msg Log Message string 4096

noise WiFi signal noise level int8 4

onwire The rogue ap is onwire or not string 3

radioband The operating radio band string 64

radioidclosest The radio ID on the AP closest with the detected rogue ap uint8 3

radioiddetected The radio ID on the AP which detected the rogue ap uint8 3

rate WiFi band width rate uint16 6

security Security string 40

signal The signal value of SSID or client int8 4

snclosest SN of the AP closest to the rogue AP string 36

sndetected SN of the AP which detected the rogue AP string 36

ssid WiFi Service Set ID string 33

stacount The count of wifi stations uint32 10

stamac The MAC address of wifi station string 17

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

FortiOS 6.4.7 Log Reference 827


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

tz Time zone string 5

vd Virtual Domain Name string 32

43564 - LOG_ID_EVENT_WIRELESS_ROGUE_OFFAIR

Message ID: 43564


Message Description: LOG_ID_EVENT_WIRELESS_ROGUE_OFFAIR
Message Meaning: Rogue AP off air
Type: Event
Category: WIRELESS
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

age Time in seconds - time passed since last seen uint32 10

apscan The name of AP to detect rogue ap string 36

apstatus Rogue AP status like unclassify(0), rogue(1), accept(2), uint8 3


suppress(3)

aptype The AP type is Ad-hoc mode or regular AP mode uint8 3

bssid Basic service set ID string 17

channel Channel uint8 3

date Date string 10

detectionmethod Detection Method string 21

devid Device ID string 16

encryption The encryption type of detected rogue AP string 12

eventtime Event time uint64 20

level Log Level string 11

live Time in seconds uint32 10

logdesc Log Description string 4096

logid Log ID string 10

manuf Manufacturer name string 20

msg Log Message string 4096

noise WiFi signal noise level int8 4

FortiOS 6.4.7 Log Reference 828


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

onwire The rogue ap is onwire or not string 3

radioband The operating radio band string 64

radioidclosest The radio ID on the AP closest with the detected rogue ap uint8 3

radioiddetected The radio ID on the AP which detected the rogue ap uint8 3

rate WiFi band width rate uint16 6

security Security string 40

signal The signal value of SSID or client int8 4

snclosest SN of the AP closest to the rogue AP string 36

sndetected SN of the AP which detected the rogue AP string 36

ssid WiFi Service Set ID string 33

stacount The count of wifi stations uint32 10

stamac The MAC address of wifi station string 17

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

43565 - LOG_ID_EVENT_WIRELESS_ROGUE_ONAIR

Message ID: 43565


Message Description: LOG_ID_EVENT_WIRELESS_ROGUE_ONAIR
Message Meaning: Rogue AP on air
Type: Event
Category: WIRELESS
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

age Time in seconds - time passed since last seen uint32 10

apscan The name of AP to detect rogue ap string 36

apstatus Rogue AP status like unclassify(0), rogue(1), accept(2), uint8 3


suppress(3)

FortiOS 6.4.7 Log Reference 829


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

aptype The AP type is Ad-hoc mode or regular AP mode uint8 3

bssid Basic service set ID string 17

channel Channel uint8 3

date Date string 10

detectionmethod Detection Method string 21

devid Device ID string 16

encryption The encryption type of detected rogue AP string 12

eventtime Event time uint64 20

level Log Level string 11

live Time in seconds uint32 10

logdesc Log Description string 4096

logid Log ID string 10

manuf Manufacturer name string 20

msg Log Message string 4096

noise WiFi signal noise level int8 4

onwire The rogue ap is onwire or not string 3

radioband The operating radio band string 64

radioidclosest The radio ID on the AP closest with the detected rogue ap uint8 3

radioiddetected The radio ID on the AP which detected the rogue ap uint8 3

rate WiFi band width rate uint16 6

security Security string 40

signal The signal value of SSID or client int8 4

snclosest SN of the AP closest to the rogue AP string 36

sndetected SN of the AP which detected the rogue AP string 36

ssid WiFi Service Set ID string 33

stacount The count of wifi stations uint32 10

stamac The MAC address of wifi station string 17

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

FortiOS 6.4.7 Log Reference 830


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

tz Time zone string 5

vd Virtual Domain Name string 32

43566 - LOG_ID_EVENT_WIRELESS_ROGUE_OFFWIRE

Message ID: 43566


Message Description: LOG_ID_EVENT_WIRELESS_ROGUE_OFFWIRE
Message Meaning: Rogue AP off wire
Type: Event
Category: WIRELESS
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

age Time in seconds - time passed since last seen uint32 10

apscan The name of AP to detect rogue ap string 36

apstatus Rogue AP status like unclassify(0), rogue(1), accept(2), uint8 3


suppress(3)

aptype The AP type is Ad-hoc mode or regular AP mode uint8 3

bssid Basic service set ID string 17

channel Channel uint8 3

date Date string 10

detectionmethod Detection Method string 21

devid Device ID string 16

encryption The encryption type of detected rogue AP string 12

eventtime Event time uint64 20

level Log Level string 11

live Time in seconds uint32 10

logdesc Log Description string 4096

logid Log ID string 10

manuf Manufacturer name string 20

msg Log Message string 4096

noise WiFi signal noise level int8 4

FortiOS 6.4.7 Log Reference 831


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

onwire The rogue ap is onwire or not string 3

radioband The operating radio band string 64

radioidclosest The radio ID on the AP closest with the detected rogue ap uint8 3

radioiddetected The radio ID on the AP which detected the rogue ap uint8 3

rate WiFi band width rate uint16 6

security Security string 40

signal The signal value of SSID or client int8 4

snclosest SN of the AP closest to the rogue AP string 36

sndetected SN of the AP which detected the rogue AP string 36

ssid WiFi Service Set ID string 33

stacount The count of wifi stations uint32 10

stamac The MAC address of wifi station string 17

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

43567 - LOG_ID_EVENT_WIRELESS_FAKEAP_DETECT

Message ID: 43567


Message Description: LOG_ID_EVENT_WIRELESS_FAKEAP_DETECT
Message Meaning: Fake AP detected
Type: Event
Category: WIRELESS
Severity: Warning

Log Field Name Description Data Type Length

action Policy Action string 65

age Time in seconds - time passed since last seen uint32 10

apscan The name of AP to detect rogue ap string 36

apstatus Rogue AP status like unclassify(0), rogue(1), accept(2), uint8 3


suppress(3)

FortiOS 6.4.7 Log Reference 832


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

aptype The AP type is Ad-hoc mode or regular AP mode uint8 3

bssid Basic service set ID string 17

channel Channel uint8 3

date Date string 10

detectionmethod Detection Method string 21

devid Device ID string 16

encryption The encryption type of detected rogue AP string 12

eventtime Event time uint64 20

level Log Level string 11

live Time in seconds uint32 10

logdesc Log Description string 4096

logid Log ID string 10

manuf Manufacturer name string 20

msg Log Message string 4096

noise WiFi signal noise level int8 4

onwire The rogue ap is onwire or not string 3

radioband The operating radio band string 64

radioidclosest The radio ID on the AP closest with the detected rogue ap uint8 3

radioiddetected The radio ID on the AP which detected the rogue ap uint8 3

rate WiFi band width rate uint16 6

security Security string 40

signal The signal value of SSID or client int8 4

snclosest SN of the AP closest to the rogue AP string 36

sndetected SN of the AP which detected the rogue AP string 36

ssid WiFi Service Set ID string 33

stacount The count of wifi stations uint32 10

stamac The MAC address of wifi station string 17

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

FortiOS 6.4.7 Log Reference 833


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

tz Time zone string 5

vd Virtual Domain Name string 32

43568 - LOG_ID_EVENT_WIRELESS_FAKEAP_ONAIR

Message ID: 43568


Message Description: LOG_ID_EVENT_WIRELESS_FAKEAP_ONAIR
Message Meaning: Fake AP on air
Type: Event
Category: WIRELESS
Severity: Warning

Log Field Name Description Data Type Length

action Policy Action string 65

age Time in seconds - time passed since last seen uint32 10

apscan The name of AP to detect rogue ap string 36

apstatus Rogue AP status like unclassify(0), rogue(1), accept(2), uint8 3


suppress(3)

aptype The AP type is Ad-hoc mode or regular AP mode uint8 3

bssid Basic service set ID string 17

channel Channel uint8 3

date Date string 10

detectionmethod Detection Method string 21

devid Device ID string 16

encryption The encryption type of detected rogue AP string 12

eventtime Event time uint64 20

level Log Level string 11

live Time in seconds uint32 10

logdesc Log Description string 4096

logid Log ID string 10

manuf Manufacturer name string 20

msg Log Message string 4096

noise WiFi signal noise level int8 4

FortiOS 6.4.7 Log Reference 834


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

onwire The rogue ap is onwire or not string 3

radioband The operating radio band string 64

radioidclosest The radio ID on the AP closest with the detected rogue ap uint8 3

radioiddetected The radio ID on the AP which detected the rogue ap uint8 3

rate WiFi band width rate uint16 6

security Security string 40

signal The signal value of SSID or client int8 4

snclosest SN of the AP closest to the rogue AP string 36

sndetected SN of the AP which detected the rogue AP string 36

ssid WiFi Service Set ID string 33

stacount The count of wifi stations uint32 10

stamac The MAC address of wifi station string 17

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

43569 - LOG_ID_EVENT_WIRELESS_ROGUE_SUPPRESSED

Message ID: 43569


Message Description: LOG_ID_EVENT_WIRELESS_ROGUE_SUPPRESSED
Message Meaning: Rogue AP suppressed
Type: Event
Category: WIRELESS
Severity: Warning

Log Field Name Description Data Type Length

action Policy Action string 65

age Time in seconds - time passed since last seen uint32 10

apscan The name of AP to detect rogue ap string 36

apstatus Rogue AP status like unclassify(0), rogue(1), accept(2), uint8 3


suppress(3)

FortiOS 6.4.7 Log Reference 835


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

aptype The AP type is Ad-hoc mode or regular AP mode uint8 3

bssid Basic service set ID string 17

channel Channel uint8 3

date Date string 10

detectionmethod Detection Method string 21

devid Device ID string 16

encryption The encryption type of detected rogue AP string 12

eventtime Event time uint64 20

level Log Level string 11

live Time in seconds uint32 10

logdesc Log Description string 4096

logid Log ID string 10

manuf Manufacturer name string 20

msg Log Message string 4096

noise WiFi signal noise level int8 4

onwire The rogue ap is onwire or not string 3

radioband The operating radio band string 64

radioidclosest The radio ID on the AP closest with the detected rogue ap uint8 3

radioiddetected The radio ID on the AP which detected the rogue ap uint8 3

rate WiFi band width rate uint16 6

security Security string 40

signal The signal value of SSID or client int8 4

snclosest SN of the AP closest to the rogue AP string 36

sndetected SN of the AP which detected the rogue AP string 36

ssid WiFi Service Set ID string 33

stacount The count of wifi stations uint32 10

stamac The MAC address of wifi station string 17

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

FortiOS 6.4.7 Log Reference 836


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

tz Time zone string 5

vd Virtual Domain Name string 32

43570 - LOG_ID_EVENT_WIRELESS_ROGUE_UNSUPPRESSED

Message ID: 43570


Message Description: LOG_ID_EVENT_WIRELESS_ROGUE_UNSUPPRESSED
Message Meaning: Rogue AP unsuppressed
Type: Event
Category: WIRELESS
Severity: Warning

Log Field Name Description Data Type Length

action Policy Action string 65

age Time in seconds - time passed since last seen uint32 10

apscan The name of AP to detect rogue ap string 36

apstatus Rogue AP status like unclassify(0), rogue(1), accept(2), uint8 3


suppress(3)

aptype The AP type is Ad-hoc mode or regular AP mode uint8 3

bssid Basic service set ID string 17

channel Channel uint8 3

date Date string 10

detectionmethod Detection Method string 21

devid Device ID string 16

encryption The encryption type of detected rogue AP string 12

eventtime Event time uint64 20

level Log Level string 11

live Time in seconds uint32 10

logdesc Log Description string 4096

logid Log ID string 10

manuf Manufacturer name string 20

msg Log Message string 4096

noise WiFi signal noise level int8 4

FortiOS 6.4.7 Log Reference 837


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

onwire The rogue ap is onwire or not string 3

radioband The operating radio band string 64

radioidclosest The radio ID on the AP closest with the detected rogue ap uint8 3

radioiddetected The radio ID on the AP which detected the rogue ap uint8 3

rate WiFi band width rate uint16 6

security Security string 40

signal The signal value of SSID or client int8 4

snclosest SN of the AP closest to the rogue AP string 36

sndetected SN of the AP which detected the rogue AP string 36

ssid WiFi Service Set ID string 33

stacount The count of wifi stations uint32 10

stamac The MAC address of wifi station string 17

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

43571 - LOG_ID_EVENT_WIRELESS_ROGUE_DETECT_CHG

Message ID: 43571


Message Description: LOG_ID_EVENT_WIRELESS_ROGUE_DETECT_CHG
Message Meaning: Rogue AP change detected
Type: Event
Category: WIRELESS
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

age Time in seconds - time passed since last seen uint32 10

apscan The name of AP to detect rogue ap string 36

apstatus Rogue AP status like unclassify(0), rogue(1), accept(2), uint8 3


suppress(3)

FortiOS 6.4.7 Log Reference 838


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

aptype The AP type is Ad-hoc mode or regular AP mode uint8 3

bssid Basic service set ID string 17

channel Channel uint8 3

date Date string 10

detectionmethod Detection Method string 21

devid Device ID string 16

encryption The encryption type of detected rogue AP string 12

eventtime Event time uint64 20

level Log Level string 11

live Time in seconds uint32 10

logdesc Log Description string 4096

logid Log ID string 10

manuf Manufacturer name string 20

msg Log Message string 4096

noise WiFi signal noise level int8 4

onwire The rogue ap is onwire or not string 3

radioband The operating radio band string 64

radioidclosest The radio ID on the AP closest with the detected rogue ap uint8 3

radioiddetected The radio ID on the AP which detected the rogue ap uint8 3

rate WiFi band width rate uint16 6

security Security string 40

signal The signal value of SSID or client int8 4

snclosest SN of the AP closest to the rogue AP string 36

sndetected SN of the AP which detected the rogue AP string 36

ssid WiFi Service Set ID string 33

stacount The count of wifi stations uint32 10

stamac The MAC address of wifi station string 17

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

FortiOS 6.4.7 Log Reference 839


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

tz Time zone string 5

vd Virtual Domain Name string 32

43572 - LOG_ID_EVENT_WIRELESS_STA_ASSO

Message ID: 43572


Message Description: LOG_ID_EVENT_WIRELESS_STA_ASSO
Message Meaning: Wireless client associated
Type: Event
Category: WIRELESS
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

ap Access Point string 36

channel Channel uint8 3

date Date string 10

devid Device ID string 16

encryption The encryption type of detected rogue AP string 12

eventtime Event time uint64 20

group User group Name string 64

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

mpsk Multiple pre-shared keys string 33

msg Log Message string 4096

radioband The operating radio band string 64

radioid The operating radio ID uint8 3

reason Reason string 256

security Security string 40

signal The signal value of SSID or client int8 4

sn Serial Number string 64

FortiOS 6.4.7 Log Reference 840


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

snr int8 4

srcip Source IP ip 39

ssid WiFi Service Set ID string 33

stamac The MAC address of wifi station string 17

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

vap Virtual Access Point string 36

vd Virtual Domain Name string 32

43573 - LOG_ID_EVENT_WIRELESS_STA_AUTH

Message ID: 43573


Message Description: LOG_ID_EVENT_WIRELESS_STA_AUTH
Message Meaning: Wireless client authenticated
Type: Event
Category: WIRELESS
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

ap Access Point string 36

channel Channel uint8 3

date Date string 10

devid Device ID string 16

encryption The encryption type of detected rogue AP string 12

eventtime Event time uint64 20

group User group Name string 64

level Log Level string 11

logdesc Log Description string 4096

FortiOS 6.4.7 Log Reference 841


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

logid Log ID string 10

mpsk Multiple pre-shared keys string 33

msg Log Message string 4096

radioband The operating radio band string 64

radioid The operating radio ID uint8 3

reason Reason string 256

security Security string 40

signal The signal value of SSID or client int8 4

sn Serial Number string 64

snr int8 4

srcip Source IP ip 39

ssid WiFi Service Set ID string 33

stamac The MAC address of wifi station string 17

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

vap Virtual Access Point string 36

vd Virtual Domain Name string 32

43574 - LOG_ID_EVENT_WIRELESS_STA_DASS

Message ID: 43574


Message Description: LOG_ID_EVENT_WIRELESS_STA_DASS
Message Meaning: Wireless client disassociated
Type: Event
Category: WIRELESS
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

FortiOS 6.4.7 Log Reference 842


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

ap Access Point string 36

channel Channel uint8 3

date Date string 10

devid Device ID string 16

encryption The encryption type of detected rogue AP string 12

eventtime Event time uint64 20

group User group Name string 64

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

mpsk Multiple pre-shared keys string 33

msg Log Message string 4096

radioband The operating radio band string 64

radioid The operating radio ID uint8 3

reason Reason string 256

security Security string 40

signal The signal value of SSID or client int8 4

sn Serial Number string 64

snr int8 4

srcip Source IP ip 39

ssid WiFi Service Set ID string 33

stamac The MAC address of wifi station string 17

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

vap Virtual Access Point string 36

vd Virtual Domain Name string 32

FortiOS 6.4.7 Log Reference 843


Fortinet, Inc.
Log Messages

43575 - LOG_ID_EVENT_WIRELESS_STA_DAUT

Message ID: 43575


Message Description: LOG_ID_EVENT_WIRELESS_STA_DAUT
Message Meaning: Wireless client deauthenticated
Type: Event
Category: WIRELESS
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

ap Access Point string 36

channel Channel uint8 3

date Date string 10

devid Device ID string 16

encryption The encryption type of detected rogue AP string 12

eventtime Event time uint64 20

group User group Name string 64

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

mpsk Multiple pre-shared keys string 33

msg Log Message string 4096

radioband The operating radio band string 64

radioid The operating radio ID uint8 3

reason Reason string 256

remotewtptime The time of AP when client trying to connect string 32

security Security string 40

signal The signal value of SSID or client int8 4

sn Serial Number string 64

snr int8 4

srcip Source IP ip 39

ssid WiFi Service Set ID string 33

FortiOS 6.4.7 Log Reference 844


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

stamac The MAC address of wifi station string 17

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

vap Virtual Access Point string 36

vd Virtual Domain Name string 32

43576 - LOG_ID_EVENT_WIRELESS_STA_IDLE

Message ID: 43576


Message Description: LOG_ID_EVENT_WIRELESS_STA_IDLE
Message Meaning: Wireless client idle
Type: Event
Category: WIRELESS
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

ap Access Point string 36

channel Channel uint8 3

date Date string 10

devid Device ID string 16

encryption The encryption type of detected rogue AP string 12

eventtime Event time uint64 20

group User group Name string 64

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

mpsk Multiple pre-shared keys string 33

msg Log Message string 4096

FortiOS 6.4.7 Log Reference 845


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

radioband The operating radio band string 64

radioid The operating radio ID uint8 3

reason Reason string 256

security Security string 40

signal The signal value of SSID or client int8 4

sn Serial Number string 64

snr int8 4

srcip Source IP ip 39

ssid WiFi Service Set ID string 33

stamac The MAC address of wifi station string 17

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

vap Virtual Access Point string 36

vd Virtual Domain Name string 32

43577 - LOG_ID_EVENT_WIRELESS_STA_DENY

Message ID: 43577


Message Description: LOG_ID_EVENT_WIRELESS_STA_DENY
Message Meaning: Wireless client denied
Type: Event
Category: WIRELESS
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

ap Access Point string 36

channel Channel uint8 3

date Date string 10

FortiOS 6.4.7 Log Reference 846


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

devid Device ID string 16

encryption The encryption type of detected rogue AP string 12

eventtime Event time uint64 20

group User group Name string 64

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

mpsk Multiple pre-shared keys string 33

msg Log Message string 4096

radioband The operating radio band string 64

radioid The operating radio ID uint8 3

reason Reason string 256

remotewtptime The time of AP when client trying to connect string 32

security Security string 40

signal The signal value of SSID or client int8 4

sn Serial Number string 64

snr int8 4

srcip Source IP ip 39

ssid WiFi Service Set ID string 33

stamac The MAC address of wifi station string 17

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

vap Virtual Access Point string 36

vd Virtual Domain Name string 32

43578 - LOG_ID_EVENT_WIRELESS_STA_KICK

Message ID: 43578


Message Description: LOG_ID_EVENT_WIRELESS_STA_KICK

FortiOS 6.4.7 Log Reference 847


Fortinet, Inc.
Log Messages

Message Meaning: Wireless client kicked


Type: Event
Category: WIRELESS
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

ap Access Point string 36

channel Channel uint8 3

date Date string 10

devid Device ID string 16

encryption The encryption type of detected rogue AP string 12

eventtime Event time uint64 20

group User group Name string 64

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

mpsk Multiple pre-shared keys string 33

msg Log Message string 4096

radioband The operating radio band string 64

radioid The operating radio ID uint8 3

reason Reason string 256

security Security string 40

signal The signal value of SSID or client int8 4

sn Serial Number string 64

snr int8 4

srcip Source IP ip 39

ssid WiFi Service Set ID string 33

stamac The MAC address of wifi station string 17

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

FortiOS 6.4.7 Log Reference 848


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

user User name of authenticated user string 256

vap Virtual Access Point string 36

vd Virtual Domain Name string 32

43579 - LOG_ID_EVENT_WIRELESS_STA_IP

Message ID: 43579


Message Description: LOG_ID_EVENT_WIRELESS_STA_IP
Message Meaning: Wireless client IP assigned
Type: Event
Category: WIRELESS
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

ap Access Point string 36

channel Channel uint8 3

date Date string 10

devid Device ID string 16

encryption The encryption type of detected rogue AP string 12

eventtime Event time uint64 20

group User group Name string 64

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

mpsk Multiple pre-shared keys string 33

msg Log Message string 4096

radioband The operating radio band string 64

radioid The operating radio ID uint8 3

reason Reason string 256

security Security string 40

signal The signal value of SSID or client int8 4

FortiOS 6.4.7 Log Reference 849


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

sn Serial Number string 64

snr int8 4

srcip Source IP ip 39

ssid WiFi Service Set ID string 33

stamac The MAC address of wifi station string 17

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

vap Virtual Access Point string 36

vd Virtual Domain Name string 32

43580 - LOG_ID_EVENT_WIRELESS_STA_LEAVE_WTP

Message ID: 43580


Message Description: LOG_ID_EVENT_WIRELESS_STA_LEAVE_WTP
Message Meaning: Wireless client left WTP
Type: Event
Category: WIRELESS
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

ap Access Point string 36

channel Channel uint8 3

date Date string 10

devid Device ID string 16

encryption The encryption type of detected rogue AP string 12

eventtime Event time uint64 20

group User group Name string 64

level Log Level string 11

FortiOS 6.4.7 Log Reference 850


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

logdesc Log Description string 4096

logid Log ID string 10

mpsk Multiple pre-shared keys string 33

msg Log Message string 4096

radioband The operating radio band string 64

radioid The operating radio ID uint8 3

reason Reason string 256

security Security string 40

signal The signal value of SSID or client int8 4

sn Serial Number string 64

snr int8 4

srcip Source IP ip 39

ssid WiFi Service Set ID string 33

stamac The MAC address of wifi station string 17

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

vap Virtual Access Point string 36

vd Virtual Domain Name string 32

43581 - LOG_ID_EVENT_WIRELESS_STA_WTP_DISCONN

Message ID: 43581


Message Description: LOG_ID_EVENT_WIRELESS_STA_WTP_DISCONN
Message Meaning: Wireless client WTP disconnected
Type: Event
Category: WIRELESS
Severity: Notice

FortiOS 6.4.7 Log Reference 851


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

action Policy Action string 65

ap Access Point string 36

channel Channel uint8 3

date Date string 10

devid Device ID string 16

encryption The encryption type of detected rogue AP string 12

eventtime Event time uint64 20

group User group Name string 64

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

mpsk Multiple pre-shared keys string 33

msg Log Message string 4096

radioband The operating radio band string 64

radioid The operating radio ID uint8 3

reason Reason string 256

security Security string 40

signal The signal value of SSID or client int8 4

sn Serial Number string 64

snr int8 4

srcip Source IP ip 39

ssid WiFi Service Set ID string 33

stamac The MAC address of wifi station string 17

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

vap Virtual Access Point string 36

vd Virtual Domain Name string 32

FortiOS 6.4.7 Log Reference 852


Fortinet, Inc.
Log Messages

43582 - LOG_ID_EVENT_WIRELESS_ROGUE_CFG_UNCLASSIFIED

Message ID: 43582


Message Description: LOG_ID_EVENT_WIRELESS_ROGUE_CFG_UNCLASSIFIED
Message Meaning: Rogue AP status configured as unclassified
Type: Event
Category: WIRELESS
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

apstatus Rogue AP status like unclassify(0), rogue(1), accept(2), uint8 3


suppress(3)

bssid Basic service set ID string 17

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

ssid WiFi Service Set ID string 33

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

43583 - LOG_ID_EVENT_WIRELESS_ROGUE_CFG_ACCEPTED

Message ID: 43583


Message Description: LOG_ID_EVENT_WIRELESS_ROGUE_CFG_ACCEPTED
Message Meaning: Rogue AP status configured as accepted
Type: Event
Category: WIRELESS

FortiOS 6.4.7 Log Reference 853


Fortinet, Inc.
Log Messages

Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

apstatus Rogue AP status like unclassify(0), rogue(1), accept(2), uint8 3


suppress(3)

bssid Basic service set ID string 17

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

ssid WiFi Service Set ID string 33

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

43584 - LOG_ID_EVENT_WIRELESS_ROGUE_CFG_ROGUE

Message ID: 43584


Message Description: LOG_ID_EVENT_WIRELESS_ROGUE_CFG_ROGUE
Message Meaning: Rogue AP status configured as rogue
Type: Event
Category: WIRELESS
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

apstatus Rogue AP status like unclassify(0), rogue(1), accept(2), uint8 3


suppress(3)

bssid Basic service set ID string 17

FortiOS 6.4.7 Log Reference 854


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

ssid WiFi Service Set ID string 33

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

43585 - LOG_ID_EVENT_WIRELESS_ROGUE_CFG_SUPPRESSED

Message ID: 43585


Message Description: LOG_ID_EVENT_WIRELESS_ROGUE_CFG_SUPPRESSED
Message Meaning: Rogue AP status configured as suppressed
Type: Event
Category: WIRELESS
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

apstatus Rogue AP status like unclassify(0), rogue(1), accept(2), uint8 3


suppress(3)

bssid Basic service set ID string 17

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

FortiOS 6.4.7 Log Reference 855


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

logid Log ID string 10

msg Log Message string 4096

ssid WiFi Service Set ID string 33

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

43586 - LOG_ID_EVENT_WIRELESS_WTPR_DARRP_CHAN

Message ID: 43586


Message Description: LOG_ID_EVENT_WIRELESS_WTPR_DARRP_CHAN
Message Meaning: Physical AP radio DARRP channel change
Type: Event
Category: WIRELESS
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

ap Access Point string 36

bandwidth Bandwidth string 42

cfgtxpower Config TX power uint32 10

configcountry Config Country string 4

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

ip ip 39

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

FortiOS 6.4.7 Log Reference 856


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

opercountry The name of operating country on a AP string 4

operdrmamode string 10

opertxpower The value of operating tx power uint32 10

radioband The operating radio band string 64

radioid The operating radio ID uint8 3

slctdrmamode string 10

sn Serial Number string 64

ssid WiFi Service Set ID string 33

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

43587 - LOG_ID_EVENT_WIRELESS_WTPR_DARRP_START

Message ID: 43587


Message Description: LOG_ID_EVENT_WIRELESS_WTPR_DARRP_START
Message Meaning: Physical AP radio DARRP start
Type: Event
Category: WIRELESS
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

ap Access Point string 36

bandwidth Bandwidth string 42

cfgtxpower Config TX power uint32 10

configcountry Config Country string 4

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

FortiOS 6.4.7 Log Reference 857


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

ip ip 39

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

opercountry The name of operating country on a AP string 4

operdrmamode string 10

opertxpower The value of operating tx power uint32 10

radioband The operating radio band string 64

radioid The operating radio ID uint8 3

slctdrmamode string 10

sn Serial Number string 64

ssid WiFi Service Set ID string 33

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

43588 - LOG_ID_EVENT_WIRELESS_WTPR_OPER_CHAN

Message ID: 43588


Message Description: LOG_ID_EVENT_WIRELESS_WTPR_OPER_CHAN
Message Meaning: Physical AP radio operation channel change
Type: Event
Category: WIRELESS
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

ap Access Point string 36

bandwidth Bandwidth string 42

FortiOS 6.4.7 Log Reference 858


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

cfgtxpower Config TX power uint32 10

configcountry Config Country string 4

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

ip ip 39

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

opercountry The name of operating country on a AP string 4

operdrmamode string 10

opertxpower The value of operating tx power uint32 10

radioband The operating radio band string 64

radioid The operating radio ID uint8 3

slctdrmamode string 10

sn Serial Number string 64

ssid WiFi Service Set ID string 33

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

43589 - LOG_ID_EVENT_WIRELESS_WTPR_RADAR

Message ID: 43589


Message Description: LOG_ID_EVENT_WIRELESS_WTPR_RADAR
Message Meaning: Physical AP radio radar detected
Type: Event
Category: WIRELESS
Severity: Notice

FortiOS 6.4.7 Log Reference 859


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

action Policy Action string 65

ap Access Point string 36

bandwidth Bandwidth string 42

cfgtxpower Config TX power uint32 10

configcountry Config Country string 4

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

ip ip 39

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

opercountry The name of operating country on a AP string 4

operdrmamode string 10

opertxpower The value of operating tx power uint32 10

radioband The operating radio band string 64

radioid The operating radio ID uint8 3

slctdrmamode string 10

sn Serial Number string 64

ssid WiFi Service Set ID string 33

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

43590 - LOG_ID_EVENT_WIRELESS_WTPR_NOL

Message ID: 43590


Message Description: LOG_ID_EVENT_WIRELESS_WTPR_NOL
Message Meaning: Physical AP radio channel removed from NOL

FortiOS 6.4.7 Log Reference 860


Fortinet, Inc.
Log Messages

Type: Event
Category: WIRELESS
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

ap Access Point string 36

bandwidth Bandwidth string 42

cfgtxpower Config TX power uint32 10

configcountry Config Country string 4

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

ip ip 39

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

opercountry The name of operating country on a AP string 4

operdrmamode string 10

opertxpower The value of operating tx power uint32 10

radioband The operating radio band string 64

radioid The operating radio ID uint8 3

slctdrmamode string 10

sn Serial Number string 64

ssid WiFi Service Set ID string 33

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

FortiOS 6.4.7 Log Reference 861


Fortinet, Inc.
Log Messages

43591 - LOG_ID_EVENT_WIRELESS_WTPR_COUNTRY_CFG_SUCCESS

Message ID: 43591


Message Description: LOG_ID_EVENT_WIRELESS_WTPR_COUNTRY_CFG_SUCCESS
Message Meaning: Physical AP radio country config success
Type: Event
Category: WIRELESS
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

ap Access Point string 36

bandwidth Bandwidth string 42

cfgtxpower Config TX power uint32 10

configcountry Config Country string 4

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

ip ip 39

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

opercountry The name of operating country on a AP string 4

operdrmamode string 10

opertxpower The value of operating tx power uint32 10

radioband The operating radio band string 64

radioid The operating radio ID uint8 3

slctdrmamode string 10

sn Serial Number string 64

ssid WiFi Service Set ID string 33

subtype Log Subtype string 20

time Time string 8

FortiOS 6.4.7 Log Reference 862


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

43592 - LOG_ID_EVENT_WIRELESS_WTPR_OPER_COUNTRY

Message ID: 43592


Message Description: LOG_ID_EVENT_WIRELESS_WTPR_OPER_COUNTRY
Message Meaning: Physical AP radio operation country
Type: Event
Category: WIRELESS
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

ap Access Point string 36

bandwidth Bandwidth string 42

cfgtxpower Config TX power uint32 10

configcountry Config Country string 4

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

ip ip 39

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

opercountry The name of operating country on a AP string 4

operdrmamode string 10

opertxpower The value of operating tx power uint32 10

radioband The operating radio band string 64

radioid The operating radio ID uint8 3

FortiOS 6.4.7 Log Reference 863


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

slctdrmamode string 10

sn Serial Number string 64

ssid WiFi Service Set ID string 33

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

43593 - LOG_ID_EVENT_WIRELESS_WTPR_CFG_TXPOWER

Message ID: 43593


Message Description: LOG_ID_EVENT_WIRELESS_WTPR_CFG_TXPOWER
Message Meaning: Physical AP radio config TX power
Type: Event
Category: WIRELESS
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

ap Access Point string 36

bandwidth Bandwidth string 42

cfgtxpower Config TX power uint32 10

configcountry Config Country string 4

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

ip ip 39

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

FortiOS 6.4.7 Log Reference 864


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

opercountry The name of operating country on a AP string 4

operdrmamode string 10

opertxpower The value of operating tx power uint32 10

radioband The operating radio band string 64

radioid The operating radio ID uint8 3

slctdrmamode string 10

sn Serial Number string 64

ssid WiFi Service Set ID string 33

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

43594 - LOG_ID_EVENT_WIRELESS_WTPR_OPER_TXPOWER

Message ID: 43594


Message Description: LOG_ID_EVENT_WIRELESS_WTPR_OPER_TXPOWER
Message Meaning: Physical AP radio operation TX power
Type: Event
Category: WIRELESS
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

ap Access Point string 36

bandwidth Bandwidth string 42

cfgtxpower Config TX power uint32 10

configcountry Config Country string 4

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

FortiOS 6.4.7 Log Reference 865


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

ip ip 39

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

opercountry The name of operating country on a AP string 4

operdrmamode string 10

opertxpower The value of operating tx power uint32 10

radioband The operating radio band string 64

radioid The operating radio ID uint8 3

slctdrmamode string 10

sn Serial Number string 64

ssid WiFi Service Set ID string 33

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

43595 - LOG_ID_EVENT_WIRELESS_CLB_DENY

Message ID: 43595


Message Description: LOG_ID_EVENT_WIRELESS_CLB_DENY
Message Meaning: Wireless client load balancing denied
Type: Event
Category: WIRELESS
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

ap Access Point string 36

date Date string 10

FortiOS 6.4.7 Log Reference 866


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

radioband The operating radio band string 64

reason Reason string 256

sn Serial Number string 64

ssid WiFi Service Set ID string 33

stacount The count of wifi stations uint32 10

stamac The MAC address of wifi station string 17

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vap Virtual Access Point string 36

vd Virtual Domain Name string 32

43596 - LOG_ID_EVENT_WIRELESS_CLB_RETRY

Message ID: 43596


Message Description: LOG_ID_EVENT_WIRELESS_CLB_RETRY
Message Meaning: Wireless client load balancing retry
Type: Event
Category: WIRELESS
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

ap Access Point string 36

date Date string 10

FortiOS 6.4.7 Log Reference 867


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

radioband The operating radio band string 64

reason Reason string 256

sn Serial Number string 64

ssid WiFi Service Set ID string 33

stacount The count of wifi stations uint32 10

stamac The MAC address of wifi station string 17

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vap Virtual Access Point string 36

vd Virtual Domain Name string 32

43597 - LOG_ID_EVENT_WIRELESS_WTP_ADD

Message ID: 43597


Message Description: LOG_ID_EVENT_WIRELESS_WTP_ADD
Message Meaning: Physical AP add
Type: Event
Category: WIRELESS
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

ap Access Point string 36

date Date string 10

FortiOS 6.4.7 Log Reference 868


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

devid Device ID string 16

eventtime Event time uint64 20

ip ip 39

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

meshmode Mesh mode string 19

msg Log Message string 4096

profile Profile Name string 64

reason Reason string 256

sn Serial Number string 64

snmeshparent SN of the mesh parent string 36

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

43598 - LOG_ID_EVENT_WIRELESS_WTP_ADD_XSS

Message ID: 43598


Message Description: LOG_ID_EVENT_WIRELESS_WTP_ADD_XSS
Message Meaning: Physical AP add XSS
Type: Event
Category: WIRELESS
Severity: Warning

Log Field Name Description Data Type Length

action Policy Action string 65

ap Access Point string 36

date Date string 10

devid Device ID string 16

FortiOS 6.4.7 Log Reference 869


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

eventtime Event time uint64 20

ip ip 39

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

meshmode Mesh mode string 19

msg Log Message string 4096

profile Profile Name string 64

reason Reason string 256

sn Serial Number string 64

snmeshparent SN of the mesh parent string 36

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

43599 - LOG_ID_EVENT_WIRELESS_WTP_DEL

Message ID: 43599


Message Description: LOG_ID_EVENT_WIRELESS_WTP_DEL
Message Meaning: Physical AP delete
Type: Event
Category: WIRELESS
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

ap Access Point string 36

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

FortiOS 6.4.7 Log Reference 870


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

ip ip 39

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

meshmode Mesh mode string 19

msg Log Message string 4096

profile Profile Name string 64

reason Reason string 256

sn Serial Number string 64

snmeshparent SN of the mesh parent string 36

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

43600 - LOG_ID_EVENT_WIRELESS_WTPR_DARRP_STOP

Message ID: 43600


Message Description: LOG_ID_EVENT_WIRELESS_WTPR_DARRP_STOP
Message Meaning: Physical AP radio DARRP stop
Type: Event
Category: WIRELESS
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

ap Access Point string 36

bandwidth Bandwidth string 42

cfgtxpower Config TX power uint32 10

configcountry Config Country string 4

date Date string 10

FortiOS 6.4.7 Log Reference 871


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

devid Device ID string 16

eventtime Event time uint64 20

ip ip 39

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

opercountry The name of operating country on a AP string 4

operdrmamode string 10

opertxpower The value of operating tx power uint32 10

radioband The operating radio band string 64

radioid The operating radio ID uint8 3

slctdrmamode string 10

sn Serial Number string 64

ssid WiFi Service Set ID string 33

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

43601 - LOG_ID_EVENT_WIRELESS_STA_CAP_SIGNON

Message ID: 43601


Message Description: LOG_ID_EVENT_WIRELESS_STA_CAP_SIGNON
Message Meaning: Wireless station sign on
Type: Event
Category: WIRELESS
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

FortiOS 6.4.7 Log Reference 872


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

ap Access Point string 36

channel Channel uint8 3

date Date string 10

devid Device ID string 16

encryption The encryption type of detected rogue AP string 12

eventtime Event time uint64 20

group User group Name string 64

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

mpsk Multiple pre-shared keys string 33

msg Log Message string 4096

radioband The operating radio band string 64

radioid The operating radio ID uint8 3

reason Reason string 256

security Security string 40

signal The signal value of SSID or client int8 4

sn Serial Number string 64

snr int8 4

srcip Source IP ip 39

ssid WiFi Service Set ID string 33

stamac The MAC address of wifi station string 17

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

vap Virtual Access Point string 36

vd Virtual Domain Name string 32

FortiOS 6.4.7 Log Reference 873


Fortinet, Inc.
Log Messages

43602 - LOG_ID_EVENT_WIRELESS_STA_CAP_SIGNON_SUCCESS

Message ID: 43602


Message Description: LOG_ID_EVENT_WIRELESS_STA_CAP_SIGNON_SUCCESS
Message Meaning: Wireless station sign on success
Type: Event
Category: WIRELESS
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

ap Access Point string 36

channel Channel uint8 3

date Date string 10

devid Device ID string 16

encryption The encryption type of detected rogue AP string 12

eventtime Event time uint64 20

group User group Name string 64

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

mpsk Multiple pre-shared keys string 33

msg Log Message string 4096

radioband The operating radio band string 64

radioid The operating radio ID uint8 3

reason Reason string 256

security Security string 40

signal The signal value of SSID or client int8 4

sn Serial Number string 64

snr int8 4

srcip Source IP ip 39

ssid WiFi Service Set ID string 33

stamac The MAC address of wifi station string 17

FortiOS 6.4.7 Log Reference 874


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

vap Virtual Access Point string 36

vd Virtual Domain Name string 32

43603 - LOG_ID_EVENT_WIRELESS_STA_CAP_SIGNON_FAILURE

Message ID: 43603


Message Description: LOG_ID_EVENT_WIRELESS_STA_CAP_SIGNON_FAILURE
Message Meaning: Wireless station sign on failed
Type: Event
Category: WIRELESS
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

ap Access Point string 36

channel Channel uint8 3

date Date string 10

devid Device ID string 16

encryption The encryption type of detected rogue AP string 12

eventtime Event time uint64 20

group User group Name string 64

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

mpsk Multiple pre-shared keys string 33

msg Log Message string 4096

radioband The operating radio band string 64

FortiOS 6.4.7 Log Reference 875


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

radioid The operating radio ID uint8 3

reason Reason string 256

security Security string 40

signal The signal value of SSID or client int8 4

sn Serial Number string 64

snr int8 4

srcip Source IP ip 39

ssid WiFi Service Set ID string 33

stamac The MAC address of wifi station string 17

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

vap Virtual Access Point string 36

vd Virtual Domain Name string 32

43604 - LOG_ID_EVENT_WIRELESS_STA_CAP_EMAIL_REQUEST

Message ID: 43604


Message Description: LOG_ID_EVENT_WIRELESS_STA_CAP_EMAIL_REQUEST
Message Meaning: Captive-portal VAP e-mail collect request sent
Type: Event
Category: WIRELESS
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

ap Access Point string 36

channel Channel uint8 3

date Date string 10

devid Device ID string 16

FortiOS 6.4.7 Log Reference 876


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

encryption The encryption type of detected rogue AP string 12

eventtime Event time uint64 20

group User group Name string 64

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

mpsk Multiple pre-shared keys string 33

msg Log Message string 4096

radioband The operating radio band string 64

radioid The operating radio ID uint8 3

reason Reason string 256

security Security string 40

signal The signal value of SSID or client int8 4

sn Serial Number string 64

snr int8 4

srcip Source IP ip 39

ssid WiFi Service Set ID string 33

stamac The MAC address of wifi station string 17

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

vap Virtual Access Point string 36

vd Virtual Domain Name string 32

43605 - LOG_ID_EVENT_WIRELESS_STA_CAP_EMAIL_SUCCESS

Message ID: 43605


Message Description: LOG_ID_EVENT_WIRELESS_STA_CAP_EMAIL_SUCCESS
Message Meaning: Captive-portal VAP e-mail collect success
Type: Event
Category: WIRELESS

FortiOS 6.4.7 Log Reference 877


Fortinet, Inc.
Log Messages

Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

ap Access Point string 36

channel Channel uint8 3

date Date string 10

devid Device ID string 16

encryption The encryption type of detected rogue AP string 12

eventtime Event time uint64 20

group User group Name string 64

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

mpsk Multiple pre-shared keys string 33

msg Log Message string 4096

radioband The operating radio band string 64

radioid The operating radio ID uint8 3

reason Reason string 256

security Security string 40

signal The signal value of SSID or client int8 4

sn Serial Number string 64

snr int8 4

srcip Source IP ip 39

ssid WiFi Service Set ID string 33

stamac The MAC address of wifi station string 17

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

vap Virtual Access Point string 36

vd Virtual Domain Name string 32

FortiOS 6.4.7 Log Reference 878


Fortinet, Inc.
Log Messages

43606 - LOG_ID_EVENT_WIRELESS_STA_CAP_EMAIL_FAILURE

Message ID: 43606


Message Description: LOG_ID_EVENT_WIRELESS_STA_CAP_EMAIL_FAILURE
Message Meaning: Captive-portal VAP e-mail collect failed
Type: Event
Category: WIRELESS
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

ap Access Point string 36

channel Channel uint8 3

date Date string 10

devid Device ID string 16

encryption The encryption type of detected rogue AP string 12

eventtime Event time uint64 20

group User group Name string 64

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

mpsk Multiple pre-shared keys string 33

msg Log Message string 4096

radioband The operating radio band string 64

radioid The operating radio ID uint8 3

reason Reason string 256

security Security string 40

signal The signal value of SSID or client int8 4

sn Serial Number string 64

snr int8 4

srcip Source IP ip 39

ssid WiFi Service Set ID string 33

stamac The MAC address of wifi station string 17

FortiOS 6.4.7 Log Reference 879


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

vap Virtual Access Point string 36

vd Virtual Domain Name string 32

43607 - LOG_ID_EVENT_WIRELESS_STA_CAP_DISCLAIMER_CHECK

Message ID: 43607


Message Description: LOG_ID_EVENT_WIRELESS_STA_CAP_DISCLAIMER_CHECK
Message Meaning: Captive-portal VAP disclaimer agreed
Type: Event
Category: WIRELESS
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

ap Access Point string 36

channel Channel uint8 3

date Date string 10

devid Device ID string 16

encryption The encryption type of detected rogue AP string 12

eventtime Event time uint64 20

group User group Name string 64

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

mpsk Multiple pre-shared keys string 33

msg Log Message string 4096

radioband The operating radio band string 64

FortiOS 6.4.7 Log Reference 880


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

radioid The operating radio ID uint8 3

reason Reason string 256

security Security string 40

signal The signal value of SSID or client int8 4

sn Serial Number string 64

snr int8 4

srcip Source IP ip 39

ssid WiFi Service Set ID string 33

stamac The MAC address of wifi station string 17

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

vap Virtual Access Point string 36

vd Virtual Domain Name string 32

43608 - LOG_ID_EVENT_WIRELESS_STA_CAP_DISCLAIMER_DECLINE

Message ID: 43608


Message Description: LOG_ID_EVENT_WIRELESS_STA_CAP_DISCLAIMER_DECLINE
Message Meaning: Captive-portal VAP disclaimer declined
Type: Event
Category: WIRELESS
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

ap Access Point string 36

channel Channel uint8 3

date Date string 10

devid Device ID string 16

FortiOS 6.4.7 Log Reference 881


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

encryption The encryption type of detected rogue AP string 12

eventtime Event time uint64 20

group User group Name string 64

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

mpsk Multiple pre-shared keys string 33

msg Log Message string 4096

radioband The operating radio band string 64

radioid The operating radio ID uint8 3

reason Reason string 256

security Security string 40

signal The signal value of SSID or client int8 4

sn Serial Number string 64

snr int8 4

srcip Source IP ip 39

ssid WiFi Service Set ID string 33

stamac The MAC address of wifi station string 17

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

vap Virtual Access Point string 36

vd Virtual Domain Name string 32

43609 - LOG_ID_EVENT_WIRELESS_WTPR_DARRP_OPTIMIZATION_START

Message ID: 43609


Message Description: LOG_ID_EVENT_WIRELESS_WTPR_DARRP_OPTIMIZATION_START
Message Meaning: DARRP optimization start
Type: Event
Category: WIRELESS

FortiOS 6.4.7 Log Reference 882


Fortinet, Inc.
Log Messages

Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

ap Access Point string 36

bandwidth Bandwidth string 42

cfgtxpower Config TX power uint32 10

configcountry Config Country string 4

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

ip ip 39

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

opercountry The name of operating country on a AP string 4

operdrmamode string 10

opertxpower The value of operating tx power uint32 10

radioband The operating radio band string 64

radioid The operating radio ID uint8 3

slctdrmamode string 10

sn Serial Number string 64

ssid WiFi Service Set ID string 33

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

43610 - LOG_ID_EVENT_WIRELESS_WTPR_DARRP_OPTIMIZATION_STOP

Message ID: 43610


Message Description: LOG_ID_EVENT_WIRELESS_WTPR_DARRP_OPTIMIZATION_STOP

FortiOS 6.4.7 Log Reference 883


Fortinet, Inc.
Log Messages

Message Meaning: DARRP optimization stop


Type: Event
Category: WIRELESS
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

ap Access Point string 36

bandwidth Bandwidth string 42

cfgtxpower Config TX power uint32 10

configcountry Config Country string 4

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

ip ip 39

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

opercountry The name of operating country on a AP string 4

operdrmamode string 10

opertxpower The value of operating tx power uint32 10

radioband The operating radio band string 64

radioid The operating radio ID uint8 3

slctdrmamode string 10

sn Serial Number string 64

ssid WiFi Service Set ID string 33

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

FortiOS 6.4.7 Log Reference 884


Fortinet, Inc.
Log Messages

43611 - LOG_ID_EVENT_WIRELESS_SYS_AC_UP

Message ID: 43611


Message Description: LOG_ID_EVENT_WIRELESS_SYS_AC_UP
Message Meaning: Wireless controller start
Type: Event
Category: WIRELESS
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

43612 - LOG_ID_EVENT_WIRELESS_SYS_AC_CFG_LOADED

Message ID: 43612


Message Description: LOG_ID_EVENT_WIRELESS_SYS_AC_CFG_LOADED
Message Meaning: Wireless controller configuration loaded
Type: Event
Category: WIRELESS
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

FortiOS 6.4.7 Log Reference 885


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

43613 - LOG_ID_EVENT_WIRELESS_WTP_ERR

Message ID: 43613


Message Description: LOG_ID_EVENT_WIRELESS_WTP_ERR
Message Meaning: Physical AP error
Type: Event
Category: WIRELESS
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

ap Access Point string 36

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

ip ip 39

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

FortiOS 6.4.7 Log Reference 886


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

meshmode Mesh mode string 19

msg Log Message string 4096

profile Profile Name string 64

reason Reason string 256

sn Serial Number string 64

snmeshparent SN of the mesh parent string 36

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

43614 - LOG_ID_EVENT_WIRELESS_DHCP_STAVATION

Message ID: 43614


Message Description: LOG_ID_EVENT_WIRELESS_DHCP_STAVATION
Message Meaning: DHCP Starvation detected
Type: Event
Category: WIRELESS
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

ap Access Point string 36

client_addr Client address string 17

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

FortiOS 6.4.7 Log Reference 887


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

sn Serial Number string 64

source_mac The source MAC address of wifi station string 17

ssid WiFi Service Set ID string 33

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vap Virtual Access Point string 36

vapmode Virtual Access Point mode string 17

vd Virtual Domain Name string 32

xid uint32 10

43615 - LOG_ID_EVENT_WIRELESS_SYS_AC_IPSEC_FAIL

Message ID: 43615


Message Description: LOG_ID_EVENT_WIRELESS_SYS_AC_IPSEC_FAIL
Message Meaning: Wireless controller IPsec setup failed
Type: Event
Category: WIRELESS
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

FortiOS 6.4.7 Log Reference 888


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

43616 - LOG_ID_EVENT_WIRELESS_WTPR_NOL_ADD

Message ID: 43616


Message Description: LOG_ID_EVENT_WIRELESS_WTPR_NOL_ADD
Message Meaning: Physical AP radio NOL added
Type: Event
Category: WIRELESS
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

ap Access Point string 36

bandwidth Bandwidth string 42

cfgtxpower Config TX power uint32 10

configcountry Config Country string 4

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

ip ip 39

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

opercountry The name of operating country on a AP string 4

operdrmamode string 10

opertxpower The value of operating tx power uint32 10

radioband The operating radio band string 64

radioid The operating radio ID uint8 3

FortiOS 6.4.7 Log Reference 889


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

slctdrmamode string 10

sn Serial Number string 64

ssid WiFi Service Set ID string 33

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

43618 - LOG_ID_EVENT_WIRELESS_WTP_IMAGE_RC_SUCCESS

Message ID: 43618


Message Description: LOG_ID_EVENT_WIRELESS_WTP_IMAGE_RC_SUCCESS
Message Meaning: Physical AP image receive success
Type: Event
Category: WIRELESS
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

ap Access Point string 36

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

ip ip 39

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

meshmode Mesh mode string 19

msg Log Message string 4096

profile Profile Name string 64

reason Reason string 256

FortiOS 6.4.7 Log Reference 890


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

sn Serial Number string 64

snmeshparent SN of the mesh parent string 36

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

43619 - LOG_ID_EVENT_WIRELESS_OFFENDINGAP_DETECT

Message ID: 43619


Message Description: LOG_ID_EVENT_WIRELESS_OFFENDINGAP_DETECT
Message Meaning: Offending AP detected
Type: Event
Category: WIRELESS
Severity: Warning

Log Field Name Description Data Type Length

action Policy Action string 65

age Time in seconds - time passed since last seen uint32 10

apscan The name of AP to detect rogue ap string 36

apstatus Rogue AP status like unclassify(0), rogue(1), accept(2), uint8 3


suppress(3)

aptype The AP type is Ad-hoc mode or regular AP mode uint8 3

bssid Basic service set ID string 17

channel Channel uint8 3

date Date string 10

detectionmethod Detection Method string 21

devid Device ID string 16

encryption The encryption type of detected rogue AP string 12

eventtime Event time uint64 20

level Log Level string 11

live Time in seconds uint32 10

FortiOS 6.4.7 Log Reference 891


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

logdesc Log Description string 4096

logid Log ID string 10

manuf Manufacturer name string 20

msg Log Message string 4096

noise WiFi signal noise level int8 4

onwire The rogue ap is onwire or not string 3

radioband The operating radio band string 64

radioidclosest The radio ID on the AP closest with the detected rogue ap uint8 3

radioiddetected The radio ID on the AP which detected the rogue ap uint8 3

rate WiFi band width rate uint16 6

security Security string 40

signal The signal value of SSID or client int8 4

snclosest SN of the AP closest to the rogue AP string 36

sndetected SN of the AP which detected the rogue AP string 36

ssid WiFi Service Set ID string 33

stacount The count of wifi stations uint32 10

stamac The MAC address of wifi station string 17

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

43620 - LOG_ID_EVENT_WIRELESS_OFFENDINGAP_ONAIR

Message ID: 43620


Message Description: LOG_ID_EVENT_WIRELESS_OFFENDINGAP_ONAIR
Message Meaning: Offending AP on air
Type: Event
Category: WIRELESS
Severity: Warning

FortiOS 6.4.7 Log Reference 892


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

action Policy Action string 65

age Time in seconds - time passed since last seen uint32 10

apscan The name of AP to detect rogue ap string 36

apstatus Rogue AP status like unclassify(0), rogue(1), accept(2), uint8 3


suppress(3)

aptype The AP type is Ad-hoc mode or regular AP mode uint8 3

bssid Basic service set ID string 17

channel Channel uint8 3

date Date string 10

detectionmethod Detection Method string 21

devid Device ID string 16

encryption The encryption type of detected rogue AP string 12

eventtime Event time uint64 20

level Log Level string 11

live Time in seconds uint32 10

logdesc Log Description string 4096

logid Log ID string 10

manuf Manufacturer name string 20

msg Log Message string 4096

noise WiFi signal noise level int8 4

onwire The rogue ap is onwire or not string 3

radioband The operating radio band string 64

radioidclosest The radio ID on the AP closest with the detected rogue ap uint8 3

radioiddetected The radio ID on the AP which detected the rogue ap uint8 3

rate WiFi band width rate uint16 6

security Security string 40

signal The signal value of SSID or client int8 4

snclosest SN of the AP closest to the rogue AP string 36

sndetected SN of the AP which detected the rogue AP string 36

ssid WiFi Service Set ID string 33

stacount The count of wifi stations uint32 10

FortiOS 6.4.7 Log Reference 893


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

stamac The MAC address of wifi station string 17

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

43621 - LOG_ID_EVENT_WIRELESS_WTP_DATA_CHAN_CHG

Message ID: 43621


Message Description: LOG_ID_EVENT_WIRELESS_WTP_DATA_CHAN_CHG
Message Meaning: Wireless wtp data channel changed
Type: Event
Category: WIRELESS
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

ap Access Point string 36

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

ip ip 39

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

meshmode Mesh mode string 19

msg Log Message string 4096

profile Profile Name string 64

reason Reason string 256

sn Serial Number string 64

snmeshparent SN of the mesh parent string 36

FortiOS 6.4.7 Log Reference 894


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

43622 - LOG_ID_EVENT_WIRELESS_WTP_VLAN_PROBE

Message ID: 43622


Message Description: LOG_ID_EVENT_WIRELESS_WTP_VLAN_PROBE
Message Meaning: WTP is probing vlan
Type: Event
Category: WIRELESS
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

ap Access Point string 36

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

ip ip 39

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

meshmode Mesh mode string 19

msg Log Message string 4096

profile Profile Name string 64

reason Reason string 256

sn Serial Number string 64

snmeshparent SN of the mesh parent string 36

subtype Log Subtype string 20

FortiOS 6.4.7 Log Reference 895


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

43623 - LOG_ID_EVENT_WIRELESS_WTP_VLAN_MISSING

Message ID: 43623


Message Description: LOG_ID_EVENT_WIRELESS_WTP_VLAN_MISSING
Message Meaning: VLAN not detected
Type: Event
Category: WIRELESS
Severity: Warning

Log Field Name Description Data Type Length

action Policy Action string 65

ap Access Point string 36

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

ip ip 39

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

meshmode Mesh mode string 19

msg Log Message string 4096

profile Profile Name string 64

reason Reason string 256

sn Serial Number string 64

snmeshparent SN of the mesh parent string 36

subtype Log Subtype string 20

time Time string 8

FortiOS 6.4.7 Log Reference 896


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

43624 - LOG_ID_EVENT_WIRELESS_WTP_VLAN_DETECTED

Message ID: 43624


Message Description: LOG_ID_EVENT_WIRELESS_WTP_VLAN_DETECTED
Message Meaning: VLAN detected
Type: Event
Category: WIRELESS
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

ap Access Point string 36

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

ip ip 39

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

meshmode Mesh mode string 19

msg Log Message string 4096

profile Profile Name string 64

reason Reason string 256

sn Serial Number string 64

snmeshparent SN of the mesh parent string 36

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

FortiOS 6.4.7 Log Reference 897


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

tz Time zone string 5

vd Virtual Domain Name string 32

43625 - LOG_ID_EVENT_WIRELESS_STA_CAP_CMCC_SUCCESS

Message ID: 43625


Message Description: LOG_ID_EVENT_WIRELESS_STA_CAP_CMCC_SUCCESS
Message Meaning: Wireless station CMCC sign on success
Type: Event
Category: WIRELESS
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

ap Access Point string 36

channel Channel uint8 3

date Date string 10

devid Device ID string 16

encryption The encryption type of detected rogue AP string 12

eventtime Event time uint64 20

group User group Name string 64

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

mpsk Multiple pre-shared keys string 33

msg Log Message string 4096

radioband The operating radio band string 64

radioid The operating radio ID uint8 3

reason Reason string 256

security Security string 40

signal The signal value of SSID or client int8 4

sn Serial Number string 64

FortiOS 6.4.7 Log Reference 898


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

snr int8 4

srcip Source IP ip 39

ssid WiFi Service Set ID string 33

stamac The MAC address of wifi station string 17

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

vap Virtual Access Point string 36

vd Virtual Domain Name string 32

43626 - LOG_ID_EVENT_WIRELESS_STA_CAP_CMCC_FAILURE

Message ID: 43626


Message Description: LOG_ID_EVENT_WIRELESS_STA_CAP_CMCC_FAILURE
Message Meaning: Wireless station CMCC sign on failed
Type: Event
Category: WIRELESS
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

ap Access Point string 36

channel Channel uint8 3

date Date string 10

devid Device ID string 16

encryption The encryption type of detected rogue AP string 12

eventtime Event time uint64 20

group User group Name string 64

level Log Level string 11

logdesc Log Description string 4096

FortiOS 6.4.7 Log Reference 899


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

logid Log ID string 10

mpsk Multiple pre-shared keys string 33

msg Log Message string 4096

radioband The operating radio band string 64

radioid The operating radio ID uint8 3

reason Reason string 256

security Security string 40

signal The signal value of SSID or client int8 4

sn Serial Number string 64

snr int8 4

srcip Source IP ip 39

ssid WiFi Service Set ID string 33

stamac The MAC address of wifi station string 17

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

vap Virtual Access Point string 36

vd Virtual Domain Name string 32

43627 - LOG_ID_EVENT_WIRELESS_STA_CAP_CMCC_TIMEOUT

Message ID: 43627


Message Description: LOG_ID_EVENT_WIRELESS_STA_CAP_CMCC_TIMEOUT
Message Meaning: Wireless station CMCC sign on timeout
Type: Event
Category: WIRELESS
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

FortiOS 6.4.7 Log Reference 900


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

ap Access Point string 36

channel Channel uint8 3

date Date string 10

devid Device ID string 16

encryption The encryption type of detected rogue AP string 12

eventtime Event time uint64 20

group User group Name string 64

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

mpsk Multiple pre-shared keys string 33

msg Log Message string 4096

radioband The operating radio band string 64

radioid The operating radio ID uint8 3

reason Reason string 256

security Security string 40

signal The signal value of SSID or client int8 4

sn Serial Number string 64

snr int8 4

srcip Source IP ip 39

ssid WiFi Service Set ID string 33

stamac The MAC address of wifi station string 17

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

vap Virtual Access Point string 36

vd Virtual Domain Name string 32

FortiOS 6.4.7 Log Reference 901


Fortinet, Inc.
Log Messages

43628 - LOG_ID_EVENT_WIRELESS_STA_CAP_CMCC_MAC_AUTH_SUCCESS

Message ID: 43628


Message Description: LOG_ID_EVENT_WIRELESS_STA_CAP_CMCC_MAC_AUTH_SUCCESS
Message Meaning: Wireless station CMCC MAC auth success
Type: Event
Category: WIRELESS
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

ap Access Point string 36

channel Channel uint8 3

date Date string 10

devid Device ID string 16

encryption The encryption type of detected rogue AP string 12

eventtime Event time uint64 20

group User group Name string 64

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

mpsk Multiple pre-shared keys string 33

msg Log Message string 4096

radioband The operating radio band string 64

radioid The operating radio ID uint8 3

reason Reason string 256

security Security string 40

signal The signal value of SSID or client int8 4

sn Serial Number string 64

snr int8 4

srcip Source IP ip 39

ssid WiFi Service Set ID string 33

stamac The MAC address of wifi station string 17

FortiOS 6.4.7 Log Reference 902


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

vap Virtual Access Point string 36

vd Virtual Domain Name string 32

43629 - LOG_ID_EVENT_WIRELESS_STA_RADIUS_AUTH_FAILURE

Message ID: 43629


Message Description: LOG_ID_EVENT_WIRELESS_STA_RADIUS_AUTH_FAILURE
Message Meaning: Wireless client RADIUS authentication failure
Type: Event
Category: WIRELESS
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

ap Access Point string 36

channel Channel uint8 3

date Date string 10

devid Device ID string 16

encryption The encryption type of detected rogue AP string 12

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

radioid The operating radio ID uint8 3

reason Reason string 256

remotewtptime The time of AP when client trying to connect string 32

FortiOS 6.4.7 Log Reference 903


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

security Security string 40

sn Serial Number string 64

ssid WiFi Service Set ID string 33

stamac The MAC address of wifi station string 17

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

vap Virtual Access Point string 36

vd Virtual Domain Name string 32

43630 - LOG_ID_EVENT_WIRELESS_STA_RADIUS_AUTH_SUCCESS

Message ID: 43630


Message Description: LOG_ID_EVENT_WIRELESS_STA_RADIUS_AUTH_SUCCESS
Message Meaning: Wireless client RADIUS authentication success
Type: Event
Category: WIRELESS
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

ap Access Point string 36

channel Channel uint8 3

date Date string 10

devid Device ID string 16

encryption The encryption type of detected rogue AP string 12

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

FortiOS 6.4.7 Log Reference 904


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

msg Log Message string 4096

radioid The operating radio ID uint8 3

reason Reason string 256

remotewtptime The time of AP when client trying to connect string 32

security Security string 40

sn Serial Number string 64

ssid WiFi Service Set ID string 33

stamac The MAC address of wifi station string 17

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

vap Virtual Access Point string 36

vd Virtual Domain Name string 32

43631 - LOG_ID_EVENT_WIRELESS_STA_RADIUS_AUTH_NO_RESP

Message ID: 43631


Message Description: LOG_ID_EVENT_WIRELESS_STA_RADIUS_AUTH_NO_RESP
Message Meaning: Wireless client RADIUS authentication server not responding
Type: Event
Category: WIRELESS
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

ap Access Point string 36

channel Channel uint8 3

date Date string 10

devid Device ID string 16

encryption The encryption type of detected rogue AP string 12

FortiOS 6.4.7 Log Reference 905


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

radioid The operating radio ID uint8 3

reason Reason string 256

remotewtptime The time of AP when client trying to connect string 32

security Security string 40

sn Serial Number string 64

ssid WiFi Service Set ID string 33

stamac The MAC address of wifi station string 17

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

vap Virtual Access Point string 36

vd Virtual Domain Name string 32

43632 - LOG_ID_EVENT_WIRELESS_STA_RADIUS_MAC_AUTH_FAILURE

Message ID: 43632


Message Description: LOG_ID_EVENT_WIRELESS_STA_RADIUS_MAC_AUTH_FAILURE
Message Meaning: Wireless client RADIUS MAC authentication failure
Type: Event
Category: WIRELESS
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

ap Access Point string 36

FortiOS 6.4.7 Log Reference 906


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

channel Channel uint8 3

date Date string 10

devid Device ID string 16

encryption The encryption type of detected rogue AP string 12

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

radioid The operating radio ID uint8 3

reason Reason string 256

remotewtptime The time of AP when client trying to connect string 32

security Security string 40

sn Serial Number string 64

ssid WiFi Service Set ID string 33

stamac The MAC address of wifi station string 17

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

vap Virtual Access Point string 36

vd Virtual Domain Name string 32

43633 - LOG_ID_EVENT_WIRELESS_STA_RADIUS_MAC_AUTH_SUCCESS

Message ID: 43633


Message Description: LOG_ID_EVENT_WIRELESS_STA_RADIUS_MAC_AUTH_SUCCESS
Message Meaning: Wireless client RADIUS MAC authentication success
Type: Event
Category: WIRELESS
Severity: Notice

FortiOS 6.4.7 Log Reference 907


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

action Policy Action string 65

ap Access Point string 36

channel Channel uint8 3

date Date string 10

devid Device ID string 16

encryption The encryption type of detected rogue AP string 12

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

radioid The operating radio ID uint8 3

reason Reason string 256

remotewtptime The time of AP when client trying to connect string 32

security Security string 40

sn Serial Number string 64

ssid WiFi Service Set ID string 33

stamac The MAC address of wifi station string 17

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

vap Virtual Access Point string 36

vd Virtual Domain Name string 32

43634 - LOG_ID_EVENT_WIRELESS_STA_RADIUS_MAC_AUTH_NO_RESP

Message ID: 43634


Message Description: LOG_ID_EVENT_WIRELESS_STA_RADIUS_MAC_AUTH_NO_RESP
Message Meaning: Wireless client RADIUS MAC authentication server not responding
Type: Event
Category: WIRELESS

FortiOS 6.4.7 Log Reference 908


Fortinet, Inc.
Log Messages

Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

ap Access Point string 36

channel Channel uint8 3

date Date string 10

devid Device ID string 16

encryption The encryption type of detected rogue AP string 12

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

radioid The operating radio ID uint8 3

reason Reason string 256

remotewtptime The time of AP when client trying to connect string 32

security Security string 40

sn Serial Number string 64

ssid WiFi Service Set ID string 33

stamac The MAC address of wifi station string 17

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

vap Virtual Access Point string 36

vd Virtual Domain Name string 32

43635 - LOG_ID_EVENT_WIRELESS_STA_OKC_NO_MATCH

Message ID: 43635


Message Description: LOG_ID_EVENT_WIRELESS_STA_OKC_NO_MATCH
Message Meaning: Wireless client authenticates through OKC failed with no match

FortiOS 6.4.7 Log Reference 909


Fortinet, Inc.
Log Messages

Type: Event
Category: WIRELESS
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

ap Access Point string 36

channel Channel uint8 3

date Date string 10

devid Device ID string 16

encryption The encryption type of detected rogue AP string 12

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

radioid The operating radio ID uint8 3

reason Reason string 256

remotewtptime The time of AP when client trying to connect string 32

security Security string 40

sn Serial Number string 64

ssid WiFi Service Set ID string 33

stamac The MAC address of wifi station string 17

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

vap Virtual Access Point string 36

vd Virtual Domain Name string 32

43636 - LOG_ID_EVENT_WIRELESS_STA_OKC_LOCAL_MATCH

Message ID: 43636

FortiOS 6.4.7 Log Reference 910


Fortinet, Inc.
Log Messages

Message Description: LOG_ID_EVENT_WIRELESS_STA_OKC_LOCAL_MATCH


Message Meaning: Wireless client authenticates through local OKC success
Type: Event
Category: WIRELESS
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

ap Access Point string 36

channel Channel uint8 3

date Date string 10

devid Device ID string 16

encryption The encryption type of detected rogue AP string 12

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

radioid The operating radio ID uint8 3

reason Reason string 256

remotewtptime The time of AP when client trying to connect string 32

security Security string 40

sn Serial Number string 64

ssid WiFi Service Set ID string 33

stamac The MAC address of wifi station string 17

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

vap Virtual Access Point string 36

vd Virtual Domain Name string 32

FortiOS 6.4.7 Log Reference 911


Fortinet, Inc.
Log Messages

43637 - LOG_ID_EVENT_WIRELESS_STA_OKC_INTER_AC_MATCH

Message ID: 43637


Message Description: LOG_ID_EVENT_WIRELESS_STA_OKC_INTER_AC_MATCH
Message Meaning: Wireless client authenticates through inter AC OKC success
Type: Event
Category: WIRELESS
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

ap Access Point string 36

channel Channel uint8 3

date Date string 10

devid Device ID string 16

encryption The encryption type of detected rogue AP string 12

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

radioid The operating radio ID uint8 3

reason Reason string 256

remotewtptime The time of AP when client trying to connect string 32

security Security string 40

sn Serial Number string 64

ssid WiFi Service Set ID string 33

stamac The MAC address of wifi station string 17

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

FortiOS 6.4.7 Log Reference 912


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

vap Virtual Access Point string 36

vd Virtual Domain Name string 32

43638 - LOG_ID_EVENT_WIRELESS_STA_OKC_INTER_AP_MATCH

Message ID: 43638


Message Description: LOG_ID_EVENT_WIRELESS_STA_OKC_INTER_AP_MATCH
Message Meaning: Wireless client authenticates through inter AP OKC success
Type: Event
Category: WIRELESS
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

ap Access Point string 36

channel Channel uint8 3

date Date string 10

devid Device ID string 16

encryption The encryption type of detected rogue AP string 12

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

radioid The operating radio ID uint8 3

reason Reason string 256

remotewtptime The time of AP when client trying to connect string 32

security Security string 40

sn Serial Number string 64

ssid WiFi Service Set ID string 33

stamac The MAC address of wifi station string 17

subtype Log Subtype string 20

FortiOS 6.4.7 Log Reference 913


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

time Time string 8

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

vap Virtual Access Point string 36

vd Virtual Domain Name string 32

43639 - LOG_ID_EVENT_WIRELESS_STA_FT_INVALID_ACTION_REQ

Message ID: 43639


Message Description: LOG_ID_EVENT_WIRELESS_STA_FT_INVALID_ACTION_REQ
Message Meaning: Wireless client sent invalid FT action request
Type: Event
Category: WIRELESS
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

ap Access Point string 36

channel Channel uint8 3

date Date string 10

devid Device ID string 16

encryption The encryption type of detected rogue AP string 12

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

radioid The operating radio ID uint8 3

reason Reason string 256

remotewtptime The time of AP when client trying to connect string 32

security Security string 40

FortiOS 6.4.7 Log Reference 914


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

sn Serial Number string 64

ssid WiFi Service Set ID string 33

stamac The MAC address of wifi station string 17

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

vap Virtual Access Point string 36

vd Virtual Domain Name string 32

43640 - LOG_ID_EVENT_WIRELESS_STA_FT_INVALID_AUTH_REQ

Message ID: 43640


Message Description: LOG_ID_EVENT_WIRELESS_STA_FT_INVALID_AUTH_REQ
Message Meaning: Wireless client sent invalid FT auth request
Type: Event
Category: WIRELESS
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

ap Access Point string 36

channel Channel uint8 3

date Date string 10

devid Device ID string 16

encryption The encryption type of detected rogue AP string 12

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

FortiOS 6.4.7 Log Reference 915


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

radioid The operating radio ID uint8 3

reason Reason string 256

remotewtptime The time of AP when client trying to connect string 32

security Security string 40

sn Serial Number string 64

ssid WiFi Service Set ID string 33

stamac The MAC address of wifi station string 17

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

vap Virtual Access Point string 36

vd Virtual Domain Name string 32

43641 - LOG_ID_EVENT_WIRELESS_STA_FT_INVALID_REASSOC_REQ

Message ID: 43641


Message Description: LOG_ID_EVENT_WIRELESS_STA_FT_INVALID_REASSOC_REQ
Message Meaning: Wireless client sent invalid FT reassociation request
Type: Event
Category: WIRELESS
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

ap Access Point string 36

channel Channel uint8 3

date Date string 10

devid Device ID string 16

encryption The encryption type of detected rogue AP string 12

eventtime Event time uint64 20

FortiOS 6.4.7 Log Reference 916


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

radioid The operating radio ID uint8 3

reason Reason string 256

remotewtptime The time of AP when client trying to connect string 32

security Security string 40

sn Serial Number string 64

ssid WiFi Service Set ID string 33

stamac The MAC address of wifi station string 17

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

vap Virtual Access Point string 36

vd Virtual Domain Name string 32

43642 - LOG_ID_EVENT_WIRELESS_STA_FT_ACTION_REQ

Message ID: 43642


Message Description: LOG_ID_EVENT_WIRELESS_STA_FT_ACTION_REQ
Message Meaning: Wireless client sent FT action reqeust
Type: Event
Category: WIRELESS
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

ap Access Point string 36

channel Channel uint8 3

FortiOS 6.4.7 Log Reference 917


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

encryption The encryption type of detected rogue AP string 12

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

radioid The operating radio ID uint8 3

reason Reason string 256

remotewtptime The time of AP when client trying to connect string 32

security Security string 40

sn Serial Number string 64

ssid WiFi Service Set ID string 33

stamac The MAC address of wifi station string 17

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

vap Virtual Access Point string 36

vd Virtual Domain Name string 32

43643 - LOG_ID_EVENT_WIRELESS_STA_FT_ACTION_RESP

Message ID: 43643


Message Description: LOG_ID_EVENT_WIRELESS_STA_FT_ACTION_RESP
Message Meaning: FT action response was sent to wireless client
Type: Event
Category: WIRELESS
Severity: Notice

FortiOS 6.4.7 Log Reference 918


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

action Policy Action string 65

ap Access Point string 36

channel Channel uint8 3

date Date string 10

devid Device ID string 16

encryption The encryption type of detected rogue AP string 12

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

radioid The operating radio ID uint8 3

reason Reason string 256

remotewtptime The time of AP when client trying to connect string 32

security Security string 40

sn Serial Number string 64

ssid WiFi Service Set ID string 33

stamac The MAC address of wifi station string 17

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

vap Virtual Access Point string 36

vd Virtual Domain Name string 32

43644 - LOG_ID_EVENT_WIRELESS_STA_FT_AUTH_REQ

Message ID: 43644


Message Description: LOG_ID_EVENT_WIRELESS_STA_FT_AUTH_REQ
Message Meaning: Wireless client sent FT auth request
Type: Event
Category: WIRELESS

FortiOS 6.4.7 Log Reference 919


Fortinet, Inc.
Log Messages

Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

ap Access Point string 36

channel Channel uint8 3

date Date string 10

devid Device ID string 16

encryption The encryption type of detected rogue AP string 12

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

radioid The operating radio ID uint8 3

reason Reason string 256

remotewtptime The time of AP when client trying to connect string 32

security Security string 40

sn Serial Number string 64

ssid WiFi Service Set ID string 33

stamac The MAC address of wifi station string 17

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

vap Virtual Access Point string 36

vd Virtual Domain Name string 32

43645 - LOG_ID_EVENT_WIRELESS_STA_FT_AUTH_RESP

Message ID: 43645


Message Description: LOG_ID_EVENT_WIRELESS_STA_FT_AUTH_RESP
Message Meaning: FT auth response was sent to wireless client

FortiOS 6.4.7 Log Reference 920


Fortinet, Inc.
Log Messages

Type: Event
Category: WIRELESS
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

ap Access Point string 36

channel Channel uint8 3

date Date string 10

devid Device ID string 16

encryption The encryption type of detected rogue AP string 12

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

radioid The operating radio ID uint8 3

reason Reason string 256

remotewtptime The time of AP when client trying to connect string 32

security Security string 40

sn Serial Number string 64

ssid WiFi Service Set ID string 33

stamac The MAC address of wifi station string 17

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

vap Virtual Access Point string 36

vd Virtual Domain Name string 32

43646 - LOG_ID_EVENT_WIRELESS_STA_FT_REASSOC_REQ

Message ID: 43646

FortiOS 6.4.7 Log Reference 921


Fortinet, Inc.
Log Messages

Message Description: LOG_ID_EVENT_WIRELESS_STA_FT_REASSOC_REQ


Message Meaning: Wireless client sent FT reassociation request
Type: Event
Category: WIRELESS
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

ap Access Point string 36

channel Channel uint8 3

date Date string 10

devid Device ID string 16

encryption The encryption type of detected rogue AP string 12

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

radioid The operating radio ID uint8 3

reason Reason string 256

remotewtptime The time of AP when client trying to connect string 32

security Security string 40

sn Serial Number string 64

ssid WiFi Service Set ID string 33

stamac The MAC address of wifi station string 17

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

vap Virtual Access Point string 36

vd Virtual Domain Name string 32

FortiOS 6.4.7 Log Reference 922


Fortinet, Inc.
Log Messages

43647 - LOG_ID_EVENT_WIRELESS_STA_FT_REASSOC_RESP

Message ID: 43647


Message Description: LOG_ID_EVENT_WIRELESS_STA_FT_REASSOC_RESP
Message Meaning: FT reassociation response was sent to wireless client
Type: Event
Category: WIRELESS
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

ap Access Point string 36

channel Channel uint8 3

date Date string 10

devid Device ID string 16

encryption The encryption type of detected rogue AP string 12

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

radioid The operating radio ID uint8 3

reason Reason string 256

remotewtptime The time of AP when client trying to connect string 32

security Security string 40

sn Serial Number string 64

ssid WiFi Service Set ID string 33

stamac The MAC address of wifi station string 17

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

FortiOS 6.4.7 Log Reference 923


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

vap Virtual Access Point string 36

vd Virtual Domain Name string 32

43648 - LOG_ID_EVENT_WIRELESS_STA_WPA_MSG_INVALID_SECOND_MSG

Message ID: 43648


Message Description: LOG_ID_EVENT_WIRELESS_STA_WPA_MSG_INVALID_SECOND_MSG
Message Meaning: Wireless client 4 way handshake failed with invalid 2/4 message
Type: Event
Category: WIRELESS
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

ap Access Point string 36

channel Channel uint8 3

date Date string 10

devid Device ID string 16

encryption The encryption type of detected rogue AP string 12

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

radioid The operating radio ID uint8 3

reason Reason string 256

remotewtptime The time of AP when client trying to connect string 32

security Security string 40

sn Serial Number string 64

ssid WiFi Service Set ID string 33

stamac The MAC address of wifi station string 17

subtype Log Subtype string 20

FortiOS 6.4.7 Log Reference 924


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

time Time string 8

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

vap Virtual Access Point string 36

vd Virtual Domain Name string 32

43649 - LOG_ID_EVENT_WIRELESS_STA_WPA_MSG_INVALID_FOURTH_MSG

Message ID: 43649


Message Description: LOG_ID_EVENT_WIRELESS_STA_WPA_MSG_INVALID_FOURTH_MSG
Message Meaning: Wireless client 4 way handshake failed with invalid 4/4 message
Type: Event
Category: WIRELESS
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

ap Access Point string 36

channel Channel uint8 3

date Date string 10

devid Device ID string 16

encryption The encryption type of detected rogue AP string 12

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

radioid The operating radio ID uint8 3

reason Reason string 256

remotewtptime The time of AP when client trying to connect string 32

security Security string 40

FortiOS 6.4.7 Log Reference 925


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

sn Serial Number string 64

ssid WiFi Service Set ID string 33

stamac The MAC address of wifi station string 17

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

vap Virtual Access Point string 36

vd Virtual Domain Name string 32

43650 - LOG_ID_EVENT_WIRELESS_STA_WPA_MSG_FIRST_MSG

Message ID: 43650


Message Description: LOG_ID_EVENT_WIRELESS_STA_WPA_MSG_FIRST_MSG
Message Meaning: AP sent 1/4 message of 4 way handshake to wireless client
Type: Event
Category: WIRELESS
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

ap Access Point string 36

channel Channel uint8 3

date Date string 10

devid Device ID string 16

encryption The encryption type of detected rogue AP string 12

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

FortiOS 6.4.7 Log Reference 926


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

radioid The operating radio ID uint8 3

reason Reason string 256

remotewtptime The time of AP when client trying to connect string 32

security Security string 40

sn Serial Number string 64

ssid WiFi Service Set ID string 33

stamac The MAC address of wifi station string 17

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

vap Virtual Access Point string 36

vd Virtual Domain Name string 32

43651 - LOG_ID_EVENT_WIRELESS_STA_WPA_MSG_SECOND_MSG

Message ID: 43651


Message Description: LOG_ID_EVENT_WIRELESS_STA_WPA_MSG_SECOND_MSG
Message Meaning: Wireless client sent 2/4 message of 4 way handshake
Type: Event
Category: WIRELESS
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

ap Access Point string 36

channel Channel uint8 3

date Date string 10

devid Device ID string 16

encryption The encryption type of detected rogue AP string 12

eventtime Event time uint64 20

FortiOS 6.4.7 Log Reference 927


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

radioid The operating radio ID uint8 3

reason Reason string 256

remotewtptime The time of AP when client trying to connect string 32

security Security string 40

sn Serial Number string 64

ssid WiFi Service Set ID string 33

stamac The MAC address of wifi station string 17

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

vap Virtual Access Point string 36

vd Virtual Domain Name string 32

43652 - LOG_ID_EVENT_WIRELESS_STA_WPA_MSG_THIRD_MSG

Message ID: 43652


Message Description: LOG_ID_EVENT_WIRELESS_STA_WPA_MSG_THIRD_MSG
Message Meaning: AP sent 3/4 message of 4 way handshake to wireless client
Type: Event
Category: WIRELESS
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

ap Access Point string 36

channel Channel uint8 3

FortiOS 6.4.7 Log Reference 928


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

encryption The encryption type of detected rogue AP string 12

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

radioid The operating radio ID uint8 3

reason Reason string 256

remotewtptime The time of AP when client trying to connect string 32

security Security string 40

sn Serial Number string 64

ssid WiFi Service Set ID string 33

stamac The MAC address of wifi station string 17

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

vap Virtual Access Point string 36

vd Virtual Domain Name string 32

43653 - LOG_ID_EVENT_WIRELESS_STA_WPA_MSG_FOURTH_MSG

Message ID: 43653


Message Description: LOG_ID_EVENT_WIRELESS_STA_WPA_MSG_FOURTH_MSG
Message Meaning: Wireless client sent 4/4 message of 4 way handshake
Type: Event
Category: WIRELESS
Severity: Notice

FortiOS 6.4.7 Log Reference 929


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

action Policy Action string 65

ap Access Point string 36

channel Channel uint8 3

date Date string 10

devid Device ID string 16

encryption The encryption type of detected rogue AP string 12

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

radioid The operating radio ID uint8 3

reason Reason string 256

remotewtptime The time of AP when client trying to connect string 32

security Security string 40

sn Serial Number string 64

ssid WiFi Service Set ID string 33

stamac The MAC address of wifi station string 17

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

vap Virtual Access Point string 36

vd Virtual Domain Name string 32

43654 - LOG_ID_EVENT_WIRELESS_STA_WPA_MSG_FIRST_GROUP_MSG

Message ID: 43654


Message Description: LOG_ID_EVENT_WIRELESS_STA_WPA_MSG_FIRST_GROUP_MSG
Message Meaning: AP sent 1/2 message of group key handshake to wireless client
Type: Event
Category: WIRELESS

FortiOS 6.4.7 Log Reference 930


Fortinet, Inc.
Log Messages

Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

ap Access Point string 36

channel Channel uint8 3

date Date string 10

devid Device ID string 16

encryption The encryption type of detected rogue AP string 12

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

radioid The operating radio ID uint8 3

reason Reason string 256

remotewtptime The time of AP when client trying to connect string 32

security Security string 40

sn Serial Number string 64

ssid WiFi Service Set ID string 33

stamac The MAC address of wifi station string 17

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

vap Virtual Access Point string 36

vd Virtual Domain Name string 32

43655 - LOG_ID_EVENT_WIRELESS_STA_WPA_MSG_SECOND_GROUP_MSG

Message ID: 43655


Message Description: LOG_ID_EVENT_WIRELESS_STA_WPA_MSG_SECOND_GROUP_MSG
Message Meaning: Wireless client sent 2/2 message of group key handshake

FortiOS 6.4.7 Log Reference 931


Fortinet, Inc.
Log Messages

Type: Event
Category: WIRELESS
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

ap Access Point string 36

channel Channel uint8 3

date Date string 10

devid Device ID string 16

encryption The encryption type of detected rogue AP string 12

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

radioid The operating radio ID uint8 3

reason Reason string 256

remotewtptime The time of AP when client trying to connect string 32

security Security string 40

sn Serial Number string 64

ssid WiFi Service Set ID string 33

stamac The MAC address of wifi station string 17

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

vap Virtual Access Point string 36

vd Virtual Domain Name string 32

43656 - LOG_ID_EVENT_WIRELESS_STA_WPA_MSG_MAX_STA_CNT

Message ID: 43656

FortiOS 6.4.7 Log Reference 932


Fortinet, Inc.
Log Messages

Message Description: LOG_ID_EVENT_WIRELESS_STA_WPA_MSG_MAX_STA_CNT


Message Meaning: Max sta count limit for the PSK was reached
Type: Event
Category: WIRELESS
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

ap Access Point string 36

channel Channel uint8 3

date Date string 10

devid Device ID string 16

encryption The encryption type of detected rogue AP string 12

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

radioid The operating radio ID uint8 3

reason Reason string 256

remotewtptime The time of AP when client trying to connect string 32

security Security string 40

sn Serial Number string 64

ssid WiFi Service Set ID string 33

stamac The MAC address of wifi station string 17

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

vap Virtual Access Point string 36

vd Virtual Domain Name string 32

FortiOS 6.4.7 Log Reference 933


Fortinet, Inc.
Log Messages

43657 - LOG_ID_EVENT_WIRELESS_STA_ASSOC_FAIL

Message ID: 43657


Message Description: LOG_ID_EVENT_WIRELESS_STA_ASSOC_FAIL
Message Meaning: Wireless station association failed
Type: Event
Category: WIRELESS
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

ap Access Point string 36

channel Channel uint8 3

date Date string 10

devid Device ID string 16

encryption The encryption type of detected rogue AP string 12

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

radioid The operating radio ID uint8 3

reason Reason string 256

remotewtptime The time of AP when client trying to connect string 32

security Security string 40

sn Serial Number string 64

ssid WiFi Service Set ID string 33

stamac The MAC address of wifi station string 17

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

FortiOS 6.4.7 Log Reference 934


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

vap Virtual Access Point string 36

vd Virtual Domain Name string 32

43658 - LOG_ID_EVENT_WIRELESS_STA_DHCP_NO_RESP

Message ID: 43658


Message Description: LOG_ID_EVENT_WIRELESS_STA_DHCP_NO_RESP
Message Meaning: Wireless station DHCP process failed with no server response
Type: Event
Category: WIRELESS
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

ap Access Point string 36

date Date string 10

devid Device ID string 16

encryption The encryption type of detected rogue AP string 12

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

reason Reason string 256

remotewtptime The time of AP when client trying to connect string 32

security Security string 40

sn Serial Number string 64

ssid WiFi Service Set ID string 33

stamac The MAC address of wifi station string 17

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

FortiOS 6.4.7 Log Reference 935


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

tz Time zone string 5

vap Virtual Access Point string 36

vd Virtual Domain Name string 32

43659 - LOG_ID_EVENT_WIRELESS_STA_DHCP_DIFF_OFFER

Message ID: 43659


Message Description: LOG_ID_EVENT_WIRELESS_STA_DHCP_DIFF_OFFER
Message Meaning: Another DHCP server sent DHCP offer to wireless station
Type: Event
Category: WIRELESS
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

ap Access Point string 36

date Date string 10

devid Device ID string 16

encryption The encryption type of detected rogue AP string 12

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

reason Reason string 256

remotewtptime The time of AP when client trying to connect string 32

security Security string 40

sn Serial Number string 64

ssid WiFi Service Set ID string 33

stamac The MAC address of wifi station string 17

subtype Log Subtype string 20

time Time string 8

FortiOS 6.4.7 Log Reference 936


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

type Log Type string 16

tz Time zone string 5

vap Virtual Access Point string 36

vd Virtual Domain Name string 32

43660 - LOG_ID_EVENT_WIRELESS_STA_DHCP_NO_ACK

Message ID: 43660


Message Description: LOG_ID_EVENT_WIRELESS_STA_DHCP_NO_ACK
Message Meaning: No DHCP ACK from server
Type: Event
Category: WIRELESS
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

ap Access Point string 36

date Date string 10

devid Device ID string 16

encryption The encryption type of detected rogue AP string 12

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

reason Reason string 256

remotewtptime The time of AP when client trying to connect string 32

security Security string 40

sn Serial Number string 64

ssid WiFi Service Set ID string 33

stamac The MAC address of wifi station string 17

subtype Log Subtype string 20

FortiOS 6.4.7 Log Reference 937


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

time Time string 8

type Log Type string 16

tz Time zone string 5

vap Virtual Access Point string 36

vd Virtual Domain Name string 32

43661 - LOG_ID_EVENT_WIRELESS_STA_DHCP_NAK

Message ID: 43661


Message Description: LOG_ID_EVENT_WIRELESS_STA_DHCP_NAK
Message Meaning: DHCP server sent DHCP NAK
Type: Event
Category: WIRELESS
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

ap Access Point string 36

date Date string 10

devid Device ID string 16

encryption The encryption type of detected rogue AP string 12

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

reason Reason string 256

remotewtptime The time of AP when client trying to connect string 32

security Security string 40

sn Serial Number string 64

ssid WiFi Service Set ID string 33

stamac The MAC address of wifi station string 17

FortiOS 6.4.7 Log Reference 938


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vap Virtual Access Point string 36

vd Virtual Domain Name string 32

43662 - LOG_ID_EVENT_WIRELESS_STA_DHCP_DUP_IP

Message ID: 43662


Message Description: LOG_ID_EVENT_WIRELESS_STA_DHCP_DUP_IP
Message Meaning: IP offered has been used by another wireless station
Type: Event
Category: WIRELESS
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

ap Access Point string 36

date Date string 10

devid Device ID string 16

encryption The encryption type of detected rogue AP string 12

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

reason Reason string 256

remotewtptime The time of AP when client trying to connect string 32

security Security string 40

sn Serial Number string 64

ssid WiFi Service Set ID string 33

FortiOS 6.4.7 Log Reference 939


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

stamac The MAC address of wifi station string 17

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vap Virtual Access Point string 36

vd Virtual Domain Name string 32

43663 - LOG_ID_EVENT_WIRELESS_STA_DHCP_DISCOVER

Message ID: 43663


Message Description: LOG_ID_EVENT_WIRELESS_STA_DHCP_DISCOVER
Message Meaning: Wireless station sent DHCP DISCOVER
Type: Event
Category: WIRELESS
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

ap Access Point string 36

date Date string 10

devid Device ID string 16

encryption The encryption type of detected rogue AP string 12

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

reason Reason string 256

remotewtptime The time of AP when client trying to connect string 32

security Security string 40

sn Serial Number string 64

FortiOS 6.4.7 Log Reference 940


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

ssid WiFi Service Set ID string 33

stamac The MAC address of wifi station string 17

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vap Virtual Access Point string 36

vd Virtual Domain Name string 32

43664 - LOG_ID_EVENT_WIRELESS_STA_DHCP_OFFER

Message ID: 43664


Message Description: LOG_ID_EVENT_WIRELESS_STA_DHCP_OFFER
Message Meaning: DHCP server sent DHCP OFFER
Type: Event
Category: WIRELESS
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

ap Access Point string 36

date Date string 10

devid Device ID string 16

encryption The encryption type of detected rogue AP string 12

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

reason Reason string 256

remotewtptime The time of AP when client trying to connect string 32

security Security string 40

FortiOS 6.4.7 Log Reference 941


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

sn Serial Number string 64

ssid WiFi Service Set ID string 33

stamac The MAC address of wifi station string 17

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vap Virtual Access Point string 36

vd Virtual Domain Name string 32

43665 - LOG_ID_EVENT_WIRELESS_STA_DHCP_DECLINE

Message ID: 43665


Message Description: LOG_ID_EVENT_WIRELESS_STA_DHCP_DECLINE
Message Meaning: Wireless station sent DHCP DECLINE
Type: Event
Category: WIRELESS
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

ap Access Point string 36

date Date string 10

devid Device ID string 16

encryption The encryption type of detected rogue AP string 12

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

reason Reason string 256

remotewtptime The time of AP when client trying to connect string 32

FortiOS 6.4.7 Log Reference 942


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

security Security string 40

sn Serial Number string 64

ssid WiFi Service Set ID string 33

stamac The MAC address of wifi station string 17

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vap Virtual Access Point string 36

vd Virtual Domain Name string 32

43666 - LOG_ID_EVENT_WIRELESS_STA_DHCP_REQUEST

Message ID: 43666


Message Description: LOG_ID_EVENT_WIRELESS_STA_DHCP_REQUEST
Message Meaning: Wireless station sent DHCP REQUEST
Type: Event
Category: WIRELESS
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

ap Access Point string 36

date Date string 10

devid Device ID string 16

encryption The encryption type of detected rogue AP string 12

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

reason Reason string 256

FortiOS 6.4.7 Log Reference 943


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

remotewtptime The time of AP when client trying to connect string 32

security Security string 40

sn Serial Number string 64

ssid WiFi Service Set ID string 33

stamac The MAC address of wifi station string 17

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vap Virtual Access Point string 36

vd Virtual Domain Name string 32

43667 - LOG_ID_EVENT_WIRELESS_STA_DHCP_ACK

Message ID: 43667


Message Description: LOG_ID_EVENT_WIRELESS_STA_DHCP_ACK
Message Meaning: DHCP server sent DHCP ACK
Type: Event
Category: WIRELESS
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

ap Access Point string 36

date Date string 10

devid Device ID string 16

encryption The encryption type of detected rogue AP string 12

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

FortiOS 6.4.7 Log Reference 944


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

reason Reason string 256

remotewtptime The time of AP when client trying to connect string 32

security Security string 40

sn Serial Number string 64

ssid WiFi Service Set ID string 33

stamac The MAC address of wifi station string 17

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vap Virtual Access Point string 36

vd Virtual Domain Name string 32

43668 - LOG_ID_EVENT_WIRELESS_STA_DHCP_RELEASE

Message ID: 43668


Message Description: LOG_ID_EVENT_WIRELESS_STA_DHCP_RELEASE
Message Meaning: Wireless station sent DHCP RELEASE
Type: Event
Category: WIRELESS
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

ap Access Point string 36

date Date string 10

devid Device ID string 16

encryption The encryption type of detected rogue AP string 12

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

FortiOS 6.4.7 Log Reference 945


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

msg Log Message string 4096

reason Reason string 256

remotewtptime The time of AP when client trying to connect string 32

security Security string 40

sn Serial Number string 64

ssid WiFi Service Set ID string 33

stamac The MAC address of wifi station string 17

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vap Virtual Access Point string 36

vd Virtual Domain Name string 32

43669 - LOG_ID_EVENT_WIRELESS_STA_DHCP_INFORM

Message ID: 43669


Message Description: LOG_ID_EVENT_WIRELESS_STA_DHCP_INFORM
Message Meaning: Wireless station sent DHCP INFORM
Type: Event
Category: WIRELESS
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

ap Access Point string 36

date Date string 10

devid Device ID string 16

encryption The encryption type of detected rogue AP string 12

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

FortiOS 6.4.7 Log Reference 946


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

logid Log ID string 10

msg Log Message string 4096

reason Reason string 256

remotewtptime The time of AP when client trying to connect string 32

security Security string 40

sn Serial Number string 64

ssid WiFi Service Set ID string 33

stamac The MAC address of wifi station string 17

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vap Virtual Access Point string 36

vd Virtual Domain Name string 32

43670 - LOG_ID_EVENT_WIRELESS_STA_DHCP_SELF_ASSIGNED

Message ID: 43670


Message Description: LOG_ID_EVENT_WIRELESS_STA_DHCP_SELF_ASSIGNED
Message Meaning: Wireless station is using self-assigned IP
Type: Event
Category: WIRELESS
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

ap Access Point string 36

date Date string 10

devid Device ID string 16

encryption The encryption type of detected rogue AP string 12

eventtime Event time uint64 20

level Log Level string 11

FortiOS 6.4.7 Log Reference 947


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

reason Reason string 256

remotewtptime The time of AP when client trying to connect string 32

security Security string 40

sn Serial Number string 64

ssid WiFi Service Set ID string 33

stamac The MAC address of wifi station string 17

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vap Virtual Access Point string 36

vd Virtual Domain Name string 32

43671 - LOG_ID_EVENT_WIRELESS_STA_DNS_NO_RESP

Message ID: 43671


Message Description: LOG_ID_EVENT_WIRELESS_STA_DNS_NO_RESP
Message Meaning: Wireless station DNS process failed with no server response
Type: Event
Category: WIRELESS
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

ap Access Point string 36

date Date string 10

devid Device ID string 16

encryption The encryption type of detected rogue AP string 12

eventtime Event time uint64 20

FortiOS 6.4.7 Log Reference 948


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

reason Reason string 256

remotewtptime The time of AP when client trying to connect string 32

security Security string 40

sn Serial Number string 64

ssid WiFi Service Set ID string 33

stamac The MAC address of wifi station string 17

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vap Virtual Access Point string 36

vd Virtual Domain Name string 32

43672 - LOG_ID_EVENT_WIRELESS_STA_DNS_SERVER_FAILURE

Message ID: 43672


Message Description: LOG_ID_EVENT_WIRELESS_STA_DNS_SERVER_FAILURE
Message Meaning: Wireless station DNS process failed due to server failure
Type: Event
Category: WIRELESS
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

ap Access Point string 36

date Date string 10

devid Device ID string 16

encryption The encryption type of detected rogue AP string 12

FortiOS 6.4.7 Log Reference 949


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

reason Reason string 256

remotewtptime The time of AP when client trying to connect string 32

security Security string 40

sn Serial Number string 64

ssid WiFi Service Set ID string 33

stamac The MAC address of wifi station string 17

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vap Virtual Access Point string 36

vd Virtual Domain Name string 32

43673 - LOG_ID_EVENT_WIRELESS_STA_DNS_NO_DOMAIN

Message ID: 43673


Message Description: LOG_ID_EVENT_WIRELESS_STA_DNS_NO_DOMAIN
Message Meaning: Wireless station DNS process failed due to non-existing domain
Type: Event
Category: WIRELESS
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

ap Access Point string 36

date Date string 10

devid Device ID string 16

FortiOS 6.4.7 Log Reference 950


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

encryption The encryption type of detected rogue AP string 12

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

reason Reason string 256

remotewtptime The time of AP when client trying to connect string 32

security Security string 40

sn Serial Number string 64

ssid WiFi Service Set ID string 33

stamac The MAC address of wifi station string 17

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vap Virtual Access Point string 36

vd Virtual Domain Name string 32

43674 - LOG_ID_EVENT_WIRELESS_STA_WPA_KRACK_FT_REASSOC

Message ID: 43674


Message Description: LOG_ID_EVENT_WIRELESS_STA_WPA_KRACK_FT_REASSOC
Message Meaning: Wireless station WPA key reinstallation attack on FT reassociation
Type: Event
Category: WIRELESS
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

ap Access Point string 36

channel Channel uint8 3

FortiOS 6.4.7 Log Reference 951


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

encryption The encryption type of detected rogue AP string 12

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

radioid The operating radio ID uint8 3

reason Reason string 256

remotewtptime The time of AP when client trying to connect string 32

security Security string 40

sn Serial Number string 64

ssid WiFi Service Set ID string 33

stamac The MAC address of wifi station string 17

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

vap Virtual Access Point string 36

vd Virtual Domain Name string 32

43675 - LOG_ID_EVENT_WIRELESS_STA_AUTH_REQ

Message ID: 43675


Message Description: LOG_ID_EVENT_WIRELESS_STA_AUTH_REQ
Message Meaning: Authentication request from wireless station
Type: Event
Category: WIRELESS
Severity: Notice

FortiOS 6.4.7 Log Reference 952


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

action Policy Action string 65

ap Access Point string 36

channel Channel uint8 3

date Date string 10

devid Device ID string 16

encryption The encryption type of detected rogue AP string 12

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

radioid The operating radio ID uint8 3

reason Reason string 256

remotewtptime The time of AP when client trying to connect string 32

security Security string 40

sn Serial Number string 64

ssid WiFi Service Set ID string 33

stamac The MAC address of wifi station string 17

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

vap Virtual Access Point string 36

vd Virtual Domain Name string 32

43676 - LOG_ID_EVENT_WIRELESS_STA_AUTH_RESP

Message ID: 43676


Message Description: LOG_ID_EVENT_WIRELESS_STA_AUTH_RESP
Message Meaning: Authentication response to wireless station
Type: Event
Category: WIRELESS

FortiOS 6.4.7 Log Reference 953


Fortinet, Inc.
Log Messages

Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

ap Access Point string 36

channel Channel uint8 3

date Date string 10

devid Device ID string 16

encryption The encryption type of detected rogue AP string 12

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

radioid The operating radio ID uint8 3

reason Reason string 256

remotewtptime The time of AP when client trying to connect string 32

security Security string 40

sn Serial Number string 64

ssid WiFi Service Set ID string 33

stamac The MAC address of wifi station string 17

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

vap Virtual Access Point string 36

vd Virtual Domain Name string 32

43677 - LOG_ID_EVENT_WIRELESS_STA_ASSOC_REQ

Message ID: 43677


Message Description: LOG_ID_EVENT_WIRELESS_STA_ASSOC_REQ
Message Meaning: Association request from wireless station

FortiOS 6.4.7 Log Reference 954


Fortinet, Inc.
Log Messages

Type: Event
Category: WIRELESS
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

ap Access Point string 36

channel Channel uint8 3

date Date string 10

devid Device ID string 16

encryption The encryption type of detected rogue AP string 12

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

radioid The operating radio ID uint8 3

reason Reason string 256

remotewtptime The time of AP when client trying to connect string 32

security Security string 40

sn Serial Number string 64

ssid WiFi Service Set ID string 33

stamac The MAC address of wifi station string 17

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

vap Virtual Access Point string 36

vd Virtual Domain Name string 32

43678 - LOG_ID_EVENT_WIRELESS_STA_REASSOC_REQ

Message ID: 43678

FortiOS 6.4.7 Log Reference 955


Fortinet, Inc.
Log Messages

Message Description: LOG_ID_EVENT_WIRELESS_STA_REASSOC_REQ


Message Meaning: Reassociation request from wireless station
Type: Event
Category: WIRELESS
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

ap Access Point string 36

channel Channel uint8 3

date Date string 10

devid Device ID string 16

encryption The encryption type of detected rogue AP string 12

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

radioid The operating radio ID uint8 3

reason Reason string 256

remotewtptime The time of AP when client trying to connect string 32

security Security string 40

sn Serial Number string 64

ssid WiFi Service Set ID string 33

stamac The MAC address of wifi station string 17

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

vap Virtual Access Point string 36

vd Virtual Domain Name string 32

FortiOS 6.4.7 Log Reference 956


Fortinet, Inc.
Log Messages

43679 - LOG_ID_EVENT_WIRELESS_STA_ASSOC_RESP

Message ID: 43679


Message Description: LOG_ID_EVENT_WIRELESS_STA_ASSOC_RESP
Message Meaning: Association response to wireless station
Type: Event
Category: WIRELESS
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

ap Access Point string 36

channel Channel uint8 3

date Date string 10

devid Device ID string 16

encryption The encryption type of detected rogue AP string 12

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

radioid The operating radio ID uint8 3

reason Reason string 256

remotewtptime The time of AP when client trying to connect string 32

security Security string 40

sn Serial Number string 64

ssid WiFi Service Set ID string 33

stamac The MAC address of wifi station string 17

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

FortiOS 6.4.7 Log Reference 957


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

vap Virtual Access Point string 36

vd Virtual Domain Name string 32

43680 - LOG_ID_EVENT_WIRELESS_STA_REASSOC_RESP

Message ID: 43680


Message Description: LOG_ID_EVENT_WIRELESS_STA_REASSOC_RESP
Message Meaning: Reassociation response to wireless station
Type: Event
Category: WIRELESS
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

ap Access Point string 36

channel Channel uint8 3

date Date string 10

devid Device ID string 16

encryption The encryption type of detected rogue AP string 12

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

radioid The operating radio ID uint8 3

reason Reason string 256

remotewtptime The time of AP when client trying to connect string 32

security Security string 40

sn Serial Number string 64

ssid WiFi Service Set ID string 33

stamac The MAC address of wifi station string 17

subtype Log Subtype string 20

FortiOS 6.4.7 Log Reference 958


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

time Time string 8

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

vap Virtual Access Point string 36

vd Virtual Domain Name string 32

43681 - LOG_ID_EVENT_WIRELESS_STA_PROBE_REQ

Message ID: 43681


Message Description: LOG_ID_EVENT_WIRELESS_STA_PROBE_REQ
Message Meaning: Probe request from wireless station
Type: Event
Category: WIRELESS
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

ap Access Point string 36

channel Channel uint8 3

date Date string 10

devid Device ID string 16

encryption The encryption type of detected rogue AP string 12

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

radioid The operating radio ID uint8 3

reason Reason string 256

remotewtptime The time of AP when client trying to connect string 32

security Security string 40

FortiOS 6.4.7 Log Reference 959


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

sn Serial Number string 64

ssid WiFi Service Set ID string 33

stamac The MAC address of wifi station string 17

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

vap Virtual Access Point string 36

vd Virtual Domain Name string 32

43682 - LOG_ID_EVENT_WIRELESS_STA_PROBE_RESP

Message ID: 43682


Message Description: LOG_ID_EVENT_WIRELESS_STA_PROBE_RESP
Message Meaning: Probe response to wireless station
Type: Event
Category: WIRELESS
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

ap Access Point string 36

channel Channel uint8 3

date Date string 10

devid Device ID string 16

encryption The encryption type of detected rogue AP string 12

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

FortiOS 6.4.7 Log Reference 960


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

radioid The operating radio ID uint8 3

reason Reason string 256

remotewtptime The time of AP when client trying to connect string 32

security Security string 40

sn Serial Number string 64

ssid WiFi Service Set ID string 33

stamac The MAC address of wifi station string 17

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

vap Virtual Access Point string 36

vd Virtual Domain Name string 32

43683 - LOG_ID_EVENT_WIRELESS_BLE_DEV_LOCATE

Message ID: 43683


Message Description: LOG_ID_EVENT_WIRELESS_BLE_DEV_LOCATE
Message Meaning: Wireless ble dev detection
Type: Event
Category: WIRELESS
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

ap Access Point string 36

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

FortiOS 6.4.7 Log Reference 961


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

logid Log ID string 10

msg Log Message string 4096

signal The signal value of SSID or client int8 4

sn Serial Number string 64

stamac The MAC address of wifi station string 17

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

43684 - LOG_ID_EVENT_WIRELESS_ADDRGRP_DUPLICATE_MAC

Message ID: 43684


Message Description: LOG_ID_EVENT_WIRELESS_ADDRGRP_DUPLICATE_MAC
Message Meaning: Wireless addrgrp duplicate mac
Type: Event
Category: WIRELESS
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

addrgrp string 36

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

FortiOS 6.4.7 Log Reference 962


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

43685 - LOG_ID_EVENT_WIRELESS_ADDRGRP_ADDR_APPLY

Message ID: 43685


Message Description: LOG_ID_EVENT_WIRELESS_ADDRGRP_ADDR_APPLY
Message Meaning: Wireless addrgrp address apply
Type: Event
Category: WIRELESS
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

addrgrp string 36

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

43686 - LOG_ID_EVENT_WIRELESS_STA_WPA_MSG_INVALID_SCHEDULE

Message ID: 43686


Message Description: LOG_ID_EVENT_WIRELESS_STA_WPA_MSG_INVALID_SCHEDULE
Message Meaning: PSK is out of any valid schedules

FortiOS 6.4.7 Log Reference 963


Fortinet, Inc.
Log Messages

Type: Event
Category: WIRELESS
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

ap Access Point string 36

channel Channel uint8 3

date Date string 10

devid Device ID string 16

encryption The encryption type of detected rogue AP string 12

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

radioid The operating radio ID uint8 3

reason Reason string 256

remotewtptime The time of AP when client trying to connect string 32

security Security string 40

sn Serial Number string 64

ssid WiFi Service Set ID string 33

stamac The MAC address of wifi station string 17

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

vap Virtual Access Point string 36

vd Virtual Domain Name string 32

43687 - LOG_ID_EVENT_WIRELESS_STA_WL_BRIDGE_TRAFFIC_STATS

Message ID: 43687

FortiOS 6.4.7 Log Reference 964


Fortinet, Inc.
Log Messages

Message Description: LOG_ID_EVENT_WIRELESS_STA_WL_BRIDGE_TRAFFIC_STATS


Message Meaning: Traffic stats for station with bridge wlan
Type: Event
Category: WIRELESS
Severity: Information

Log Field Name Description Data Type Length

action Policy Action string 65

ap Access Point string 36

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

nextstat Time interval in seconds for the next statistics uint32 10

rcvdbyte Received Bytes uint64 20

sentbyte Bytes Sent uint64 20

signal The signal value of SSID or client int8 4

sn Serial Number string 64

snr int8 4

srcip Source IP ip 39

ssid WiFi Service Set ID string 33

stamac The MAC address of wifi station string 17

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

vap Virtual Access Point string 36

vd Virtual Domain Name string 32

FortiOS 6.4.7 Log Reference 965


Fortinet, Inc.
Log Messages

43688 - LOG_ID_EVENT_WIRELESS_APCFG_RECEIVE

Message ID: 43688


Message Description: LOG_ID_EVENT_WIRELESS_APCFG_RECEIVE
Message Meaning: FortiAP receives the apcfg
Type: Event
Category: WIRELESS
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

ap Access Point string 36

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

reason Reason string 256

sn Serial Number string 64

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

43689 - LOG_ID_EVENT_WIRELESS_APCFG_VALIDATING

Message ID: 43689


Message Description: LOG_ID_EVENT_WIRELESS_APCFG_VALIDATING
Message Meaning: FortiAP is validating the apcfg
Type: Event
Category: WIRELESS
Severity: Notice

FortiOS 6.4.7 Log Reference 966


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

action Policy Action string 65

ap Access Point string 36

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

reason Reason string 256

sn Serial Number string 64

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

43690 - LOG_ID_EVENT_WIRELESS_APCFG_APPLY

Message ID: 43690


Message Description: LOG_ID_EVENT_WIRELESS_APCFG_APPLY
Message Meaning: FortiAP applies the apcfg
Type: Event
Category: WIRELESS
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

ap Access Point string 36

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

FortiOS 6.4.7 Log Reference 967


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

reason Reason string 256

sn Serial Number string 64

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

43691 - LOG_ID_EVENT_WIRELESS_APCFG_REJECT

Message ID: 43691


Message Description: LOG_ID_EVENT_WIRELESS_APCFG_REJECT
Message Meaning: FortiAP rejects the apcfg
Type: Event
Category: WIRELESS
Severity: Warning

Log Field Name Description Data Type Length

action Policy Action string 65

ap Access Point string 36

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

reason Reason string 256

FortiOS 6.4.7 Log Reference 968


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

sn Serial Number string 64

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

43692 - LOG_ID_EVENT_WIRELESS_WTPR_ANTENNA_DEFECT_DETECT

Message ID: 43692


Message Description: LOG_ID_EVENT_WIRELESS_WTPR_ANTENNA_DEFECT_DETECT
Message Meaning: Defect antenna detection
Type: Event
Category: WIRELESS
Severity: Warning

Log Field Name Description Data Type Length

action Policy Action string 65

ap Access Point string 36

bandwidth Bandwidth string 42

cfgtxpower Config TX power uint32 10

configcountry Config Country string 4

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

ip ip 39

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

opercountry The name of operating country on a AP string 4

operdrmamode string 10

FortiOS 6.4.7 Log Reference 969


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

opertxpower The value of operating tx power uint32 10

radioband The operating radio band string 64

radioid The operating radio ID uint8 3

slctdrmamode string 10

sn Serial Number string 64

ssid WiFi Service Set ID string 33

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

43693 - LOG_ID_EVENT_WIRELESS_STA_WNM_ACTION_BSTM_REQ

Message ID: 43693


Message Description: LOG_ID_EVENT_WIRELESS_STA_WNM_ACTION_BSTM_REQ
Message Meaning: AP sent WNM action BSTM request
Type: Event
Category: WIRELESS
Severity: Warning

Log Field Name Description Data Type Length

action Policy Action string 65

ap Access Point string 36

channel Channel uint8 3

date Date string 10

devid Device ID string 16

encryption The encryption type of detected rogue AP string 12

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

FortiOS 6.4.7 Log Reference 970


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

msg Log Message string 4096

radioid The operating radio ID uint8 3

reason Reason string 256

remotewtptime The time of AP when client trying to connect string 32

security Security string 40

sn Serial Number string 64

ssid WiFi Service Set ID string 33

stamac The MAC address of wifi station string 17

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

vap Virtual Access Point string 36

vd Virtual Domain Name string 32

43694 - LOG_ID_EVENT_WIRELESS_STA_WNM_ACTION_BSTM_RESP_ACCEPT

Message ID: 43694


Message Description: LOG_ID_EVENT_WIRELESS_STA_WNM_ACTION_BSTM_RESP_ACCEPT
Message Meaning: Wireless client sent WNM action BSTM response accept
Type: Event
Category: WIRELESS
Severity: Warning

Log Field Name Description Data Type Length

action Policy Action string 65

ap Access Point string 36

channel Channel uint8 3

date Date string 10

devid Device ID string 16

encryption The encryption type of detected rogue AP string 12

FortiOS 6.4.7 Log Reference 971


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

radioid The operating radio ID uint8 3

reason Reason string 256

remotewtptime The time of AP when client trying to connect string 32

security Security string 40

sn Serial Number string 64

ssid WiFi Service Set ID string 33

stamac The MAC address of wifi station string 17

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

vap Virtual Access Point string 36

vd Virtual Domain Name string 32

43695 - LOG_ID_EVENT_WIRELESS_STA_WNM_ACTION_BSTM_RESP_REJECT

Message ID: 43695


Message Description: LOG_ID_EVENT_WIRELESS_STA_WNM_ACTION_BSTM_RESP_REJECT
Message Meaning: Wireless client sent WNM action BSTM response reject
Type: Event
Category: WIRELESS
Severity: Warning

Log Field Name Description Data Type Length

action Policy Action string 65

ap Access Point string 36

FortiOS 6.4.7 Log Reference 972


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

channel Channel uint8 3

date Date string 10

devid Device ID string 16

encryption The encryption type of detected rogue AP string 12

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

radioid The operating radio ID uint8 3

reason Reason string 256

remotewtptime The time of AP when client trying to connect string 32

security Security string 40

sn Serial Number string 64

ssid WiFi Service Set ID string 33

stamac The MAC address of wifi station string 17

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

vap Virtual Access Point string 36

vd Virtual Domain Name string 32

43696 - LOG_ID_EVENT_WIRELESS_WTPR_DRMA_START

Message ID: 43696


Message Description: LOG_ID_EVENT_WIRELESS_WTPR_DRMA_START
Message Meaning: Physical AP radio DRMA start
Type: Event
Category: WIRELESS
Severity: Notice

FortiOS 6.4.7 Log Reference 973


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

action Policy Action string 65

ap Access Point string 36

bandwidth Bandwidth string 42

cfgtxpower Config TX power uint32 10

configcountry Config Country string 4

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

ip ip 39

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

opercountry The name of operating country on a AP string 4

operdrmamode string 10

opertxpower The value of operating tx power uint32 10

radioband The operating radio band string 64

radioid The operating radio ID uint8 3

slctdrmamode string 10

sn Serial Number string 64

ssid WiFi Service Set ID string 33

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

43697 - LOG_ID_EVENT_WIRELESS_WTPR_DRMA_STOP

Message ID: 43697


Message Description: LOG_ID_EVENT_WIRELESS_WTPR_DRMA_STOP
Message Meaning: Physical AP radio DRMA stop

FortiOS 6.4.7 Log Reference 974


Fortinet, Inc.
Log Messages

Type: Event
Category: WIRELESS
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

ap Access Point string 36

bandwidth Bandwidth string 42

cfgtxpower Config TX power uint32 10

configcountry Config Country string 4

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

ip ip 39

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

opercountry The name of operating country on a AP string 4

operdrmamode string 10

opertxpower The value of operating tx power uint32 10

radioband The operating radio band string 64

radioid The operating radio ID uint8 3

slctdrmamode string 10

sn Serial Number string 64

ssid WiFi Service Set ID string 33

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

FortiOS 6.4.7 Log Reference 975


Fortinet, Inc.
Log Messages

43698 - LOG_ID_EVENT_WIRELESS_WTPR_DRMA_MODE

Message ID: 43698


Message Description: LOG_ID_EVENT_WIRELESS_WTPR_DRMA_MODE
Message Meaning: Physical AP radio DRMA mode
Type: Event
Category: WIRELESS
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

ap Access Point string 36

bandwidth Bandwidth string 42

cfgtxpower Config TX power uint32 10

configcountry Config Country string 4

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

ip ip 39

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

opercountry The name of operating country on a AP string 4

operdrmamode string 10

opertxpower The value of operating tx power uint32 10

radioband The operating radio band string 64

radioid The operating radio ID uint8 3

slctdrmamode string 10

sn Serial Number string 64

ssid WiFi Service Set ID string 33

subtype Log Subtype string 20

time Time string 8

FortiOS 6.4.7 Log Reference 976


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

43699 - LOG_ID_EVENT_WIRELESS_STA_DHCP6_SOLICIT

Message ID: 43699


Message Description: LOG_ID_EVENT_WIRELESS_STA_DHCP6_SOLICIT
Message Meaning: Wireless station sent DHCP6 SOLICIT
Type: Event
Category: WIRELESS
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

ap Access Point string 36

date Date string 10

devid Device ID string 16

encryption The encryption type of detected rogue AP string 12

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

remotewtptime The time of AP when client trying to connect string 32

security Security string 40

sn Serial Number string 64

ssid WiFi Service Set ID string 33

stamac The MAC address of wifi station string 17

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

FortiOS 6.4.7 Log Reference 977


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

tz Time zone string 5

vap Virtual Access Point string 36

vd Virtual Domain Name string 32

43700 - LOG_ID_EVENT_WIRELESS_STA_DHCP6_ADVERTISE

Message ID: 43700


Message Description: LOG_ID_EVENT_WIRELESS_STA_DHCP6_ADVERTISE
Message Meaning: DHCP6 server sent DHCP6 ADVERTISE
Type: Event
Category: WIRELESS
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

ap Access Point string 36

date Date string 10

devid Device ID string 16

encryption The encryption type of detected rogue AP string 12

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

remotewtptime The time of AP when client trying to connect string 32

security Security string 40

sn Serial Number string 64

ssid WiFi Service Set ID string 33

stamac The MAC address of wifi station string 17

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

FortiOS 6.4.7 Log Reference 978


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

tz Time zone string 5

vap Virtual Access Point string 36

vd Virtual Domain Name string 32

43701 - LOG_ID_EVENT_WIRELESS_STA_DHCP6_REQUEST

Message ID: 43701


Message Description: LOG_ID_EVENT_WIRELESS_STA_DHCP6_REQUEST
Message Meaning: Wireless station sent DHCP6 REQUEST
Type: Event
Category: WIRELESS
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

ap Access Point string 36

date Date string 10

devid Device ID string 16

encryption The encryption type of detected rogue AP string 12

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

remotewtptime The time of AP when client trying to connect string 32

security Security string 40

sn Serial Number string 64

ssid WiFi Service Set ID string 33

stamac The MAC address of wifi station string 17

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

FortiOS 6.4.7 Log Reference 979


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

tz Time zone string 5

vap Virtual Access Point string 36

vd Virtual Domain Name string 32

43702 - LOG_ID_EVENT_WIRELESS_STA_DHCP6_CONFIRM

Message ID: 43702


Message Description: LOG_ID_EVENT_WIRELESS_STA_DHCP6_CONFIRM
Message Meaning: Wireless station sent DHCP6 CONFIRM
Type: Event
Category: WIRELESS
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

ap Access Point string 36

date Date string 10

devid Device ID string 16

encryption The encryption type of detected rogue AP string 12

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

remotewtptime The time of AP when client trying to connect string 32

security Security string 40

sn Serial Number string 64

ssid WiFi Service Set ID string 33

stamac The MAC address of wifi station string 17

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

FortiOS 6.4.7 Log Reference 980


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

tz Time zone string 5

vap Virtual Access Point string 36

vd Virtual Domain Name string 32

43703 - LOG_ID_EVENT_WIRELESS_STA_DHCP6_RENEW

Message ID: 43703


Message Description: LOG_ID_EVENT_WIRELESS_STA_DHCP6_RENEW
Message Meaning: Wireless station sent DHCP6 RENEW
Type: Event
Category: WIRELESS
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

ap Access Point string 36

date Date string 10

devid Device ID string 16

encryption The encryption type of detected rogue AP string 12

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

remotewtptime The time of AP when client trying to connect string 32

security Security string 40

sn Serial Number string 64

ssid WiFi Service Set ID string 33

stamac The MAC address of wifi station string 17

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

FortiOS 6.4.7 Log Reference 981


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

tz Time zone string 5

vap Virtual Access Point string 36

vd Virtual Domain Name string 32

43704 - LOG_ID_EVENT_WIRELESS_STA_DHCP6_REPLY

Message ID: 43704


Message Description: LOG_ID_EVENT_WIRELESS_STA_DHCP6_REPLY
Message Meaning: DHCP6 server sent DHCP6 REPLY
Type: Event
Category: WIRELESS
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

ap Access Point string 36

date Date string 10

devid Device ID string 16

encryption The encryption type of detected rogue AP string 12

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

remotewtptime The time of AP when client trying to connect string 32

security Security string 40

sn Serial Number string 64

ssid WiFi Service Set ID string 33

stamac The MAC address of wifi station string 17

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

FortiOS 6.4.7 Log Reference 982


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

tz Time zone string 5

vap Virtual Access Point string 36

vd Virtual Domain Name string 32

43705 - LOG_ID_EVENT_WIRELESS_STA_DHCP6_RELEASE

Message ID: 43705


Message Description: LOG_ID_EVENT_WIRELESS_STA_DHCP6_RELEASE
Message Meaning: Wireless station sent DHCP6 RELEASE
Type: Event
Category: WIRELESS
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

ap Access Point string 36

date Date string 10

devid Device ID string 16

encryption The encryption type of detected rogue AP string 12

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

remotewtptime The time of AP when client trying to connect string 32

security Security string 40

sn Serial Number string 64

ssid WiFi Service Set ID string 33

stamac The MAC address of wifi station string 17

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

FortiOS 6.4.7 Log Reference 983


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

tz Time zone string 5

vap Virtual Access Point string 36

vd Virtual Domain Name string 32

43706 - LOG_ID_EVENT_WIRELESS_STA_DHCP6_RECONFIGURE

Message ID: 43706


Message Description: LOG_ID_EVENT_WIRELESS_STA_DHCP6_RECONFIGURE
Message Meaning: DHCP6 server sent DHCP6 RECONFIGURE
Type: Event
Category: WIRELESS
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

ap Access Point string 36

date Date string 10

devid Device ID string 16

encryption The encryption type of detected rogue AP string 12

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

remotewtptime The time of AP when client trying to connect string 32

security Security string 40

sn Serial Number string 64

ssid WiFi Service Set ID string 33

stamac The MAC address of wifi station string 17

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

FortiOS 6.4.7 Log Reference 984


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

tz Time zone string 5

vap Virtual Access Point string 36

vd Virtual Domain Name string 32

43707 - LOG_ID_EVENT_WIRELESS_WTPR_SSID_UP

Message ID: 43707


Message Description: LOG_ID_EVENT_WIRELESS_WTPR_SSID_UP
Message Meaning: Physical AP radio ssid up
Type: Event
Category: WIRELESS
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

ap Access Point string 36

bandwidth Bandwidth string 42

cfgtxpower Config TX power uint32 10

configcountry Config Country string 4

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

ip ip 39

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

opercountry The name of operating country on a AP string 4

operdrmamode string 10

opertxpower The value of operating tx power uint32 10

radioband The operating radio band string 64

radioid The operating radio ID uint8 3

FortiOS 6.4.7 Log Reference 985


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

slctdrmamode string 10

sn Serial Number string 64

ssid WiFi Service Set ID string 33

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

43708 - LOG_ID_EVENT_WIRELESS_WTPR_SSID_DOWN

Message ID: 43708


Message Description: LOG_ID_EVENT_WIRELESS_WTPR_SSID_DOWN
Message Meaning: Physical AP radio ssid down
Type: Event
Category: WIRELESS
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

ap Access Point string 36

bandwidth Bandwidth string 42

cfgtxpower Config TX power uint32 10

configcountry Config Country string 4

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

ip ip 39

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

FortiOS 6.4.7 Log Reference 986


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

opercountry The name of operating country on a AP string 4

operdrmamode string 10

opertxpower The value of operating tx power uint32 10

radioband The operating radio band string 64

radioid The operating radio ID uint8 3

slctdrmamode string 10

sn Serial Number string 64

ssid WiFi Service Set ID string 33

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

43776 - LOG_ID_EVENT_NAC_QUARANTINE

Message ID: 43776


Message Description: LOG_ID_EVENT_NAC_QUARANTINE
Message Meaning: NAC quarantine
Type: Event
Category: SYSTEM
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

admin Administrator string 64

banned_rule NAC quarantine Banned Rule Name string 80

banned_src NAC quarantine Banned Source IP string 16

date Date string 10

devid Device ID string 16

dstip Destination IP ip 39

dstport Destination Protocol Port uint16 5

FortiOS 6.4.7 Log Reference 987


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

dst_int Destination Interface string 64

duration Duration uint32 10

eventtime Event time uint64 20

group User group Name string 64

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

policyid Policy ID uint32 10

proto Protocol Number uint8 3

sensor NAC Sensor Name string 36

service Name of Service string 64

srcip Source IP ip 39

srcport Source port uint16 5

src_int Source Interface string 64

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

vd Virtual Domain Name string 32

43777 - LOG_ID_EVENT_NAC_ANOMALY_QUARANTINE

Message ID: 43777


Message Description: LOG_ID_EVENT_NAC_ANOMALY_QUARANTINE
Message Meaning: NAC anomaly quarantine
Type: Event
Category: SYSTEM
Severity: Notice

FortiOS 6.4.7 Log Reference 988


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

action Policy Action string 65

admin Administrator string 64

banned_rule NAC quarantine Banned Rule Name string 80

banned_src NAC quarantine Banned Source IP string 16

date Date string 10

devid Device ID string 16

dstip Destination IP ip 39

dstport Destination Protocol Port uint16 5

dst_int Destination Interface string 64

duration Duration uint32 10

eventtime Event time uint64 20

group User group Name string 64

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

policyid Policy ID uint32 10

proto Protocol Number uint8 3

sensor NAC Sensor Name string 36

service Name of Service string 64

srcip Source IP ip 39

srcport Source port uint16 5

src_int Source Interface string 64

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

vd Virtual Domain Name string 32

FortiOS 6.4.7 Log Reference 989


Fortinet, Inc.
Log Messages

43800 - LOG_ID_EVENT_ELBC_BLADE_JOIN

Message ID: 43800


Message Description: LOG_ID_EVENT_ELBC_BLADE_JOIN
Message Meaning: Blade ready to process traffic
Type: Event
Category: SYSTEM
Severity: Critical

Log Field Name Description Data Type Length

action Policy Action string 65

chassisid Chassis ID uint8 3

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

informationsource Information Source string 4096

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

slot Slot Number uint8 3

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

43801 - LOG_ID_EVENT_ELBC_BLADE_LEAVE

Message ID: 43801


Message Description: LOG_ID_EVENT_ELBC_BLADE_LEAVE
Message Meaning: Blade not ready to process traffic
Type: Event
Category: SYSTEM
Severity: Critical

FortiOS 6.4.7 Log Reference 990


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

action Policy Action string 65

chassisid Chassis ID uint8 3

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

informationsource Information Source string 4096

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

slot Slot Number uint8 3

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

43802 - LOG_ID_EVENT_ELBC_MASTER_BLADE_FOUND

Message ID: 43802


Message Description: LOG_ID_EVENT_ELBC_MASTER_BLADE_FOUND
Message Meaning: Primary blade found
Type: Event
Category: SYSTEM
Severity: Critical

Log Field Name Description Data Type Length

action Policy Action string 65

chassisid Chassis ID uint8 3

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

FortiOS 6.4.7 Log Reference 991


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

informationsource Information Source string 4096

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

slot Slot Number uint8 3

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

43803 - LOG_ID_EVENT_ELBC_MASTER_BLADE_LOST

Message ID: 43803


Message Description: LOG_ID_EVENT_ELBC_MASTER_BLADE_LOST
Message Meaning: Primary blade lost
Type: Event
Category: SYSTEM
Severity: Critical

Log Field Name Description Data Type Length

action Policy Action string 65

chassisid Chassis ID uint8 3

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

informationsource Information Source string 4096

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

FortiOS 6.4.7 Log Reference 992


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

slot Slot Number uint8 3

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

43804 - LOG_ID_EVENT_ELBC_MASTER_BLADE_CHANGE

Message ID: 43804


Message Description: LOG_ID_EVENT_ELBC_MASTER_BLADE_CHANGE
Message Meaning: Primary blade changed
Type: Event
Category: SYSTEM
Severity: Critical

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

informationsource Information Source string 4096

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

newchassisid New Chassis ID uint8 3

newslot New Slot Number uint8 3

oldchassisid Original Chassis Number uint8 3

oldslot Original Slot Number uint8 3

subtype Log Subtype string 20

time Time string 8

FortiOS 6.4.7 Log Reference 993


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

43805 - LOG_ID_EVENT_ELBC_ACTIVE_CHANNEL_FOUND

Message ID: 43805


Message Description: LOG_ID_EVENT_ELBC_ACTIVE_CHANNEL_FOUND
Message Meaning: ELBC channel active
Type: Event
Category: SYSTEM
Severity: Critical

Log Field Name Description Data Type Length

action Policy Action string 65

chassisid Chassis ID uint8 3

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

informationsource Information Source string 4096

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

newchannel New Channel Number uint8 3

slot Slot Number uint8 3

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

FortiOS 6.4.7 Log Reference 994


Fortinet, Inc.
Log Messages

43806 - LOG_ID_EVENT_ELBC_ACTIVE_CHANNEL_LOST

Message ID: 43806


Message Description: LOG_ID_EVENT_ELBC_ACTIVE_CHANNEL_LOST
Message Meaning: ELBC channel inactive
Type: Event
Category: SYSTEM
Severity: Critical

Log Field Name Description Data Type Length

action Policy Action string 65

chassisid Chassis ID uint8 3

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

informationsource Information Source string 4096

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

oldchannel Original Channel Number uint8 3

slot Slot Number uint8 3

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

43807 - LOG_ID_EVENT_ELBC_ACTIVE_CHANNEL_CHANGE

Message ID: 43807


Message Description: LOG_ID_EVENT_ELBC_ACTIVE_CHANNEL_CHANGE
Message Meaning: ELBC channel failover
Type: Event
Category: SYSTEM

FortiOS 6.4.7 Log Reference 995


Fortinet, Inc.
Log Messages

Severity: Critical

Log Field Name Description Data Type Length

action Policy Action string 65

chassisid Chassis ID uint8 3

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

informationsource Information Source string 4096

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

newchannel New Channel Number uint8 3

oldchannel Original Channel Number uint8 3

slot Slot Number uint8 3

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

43808 - LOG_ID_EVENT_ELBC_CHASSIS_ACTIVE

Message ID: 43808


Message Description: LOG_ID_EVENT_ELBC_CHASSIS_ACTIVE
Message Meaning: ELBC chassis active
Type: Event
Category: SYSTEM
Severity: Critical

Log Field Name Description Data Type Length

action Policy Action string 65

chassisid Chassis ID uint8 3

FortiOS 6.4.7 Log Reference 996


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

informationsource Information Source string 4096

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

43809 - LOG_ID_EVENT_ELBC_CHASSIS_INACTIVE

Message ID: 43809


Message Description: LOG_ID_EVENT_ELBC_CHASSIS_INACTIVE
Message Meaning: ELBC chassis inactive
Type: Event
Category: SYSTEM
Severity: Critical

Log Field Name Description Data Type Length

action Policy Action string 65

chassisid Chassis ID uint8 3

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

informationsource Information Source string 4096

level Log Level string 11

logdesc Log Description string 4096

FortiOS 6.4.7 Log Reference 997


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

44544 - LOGID_EVENT_CONFIG_PATH

Message ID: 44544


Message Description: LOGID_EVENT_CONFIG_PATH
Message Meaning: Path configured
Type: Event
Category: SYSTEM
Severity: Information

Log Field Name Description Data Type Length

action Policy Action string 65

cfgpath Configuration path string 128

cfgtid Config transaction id uint32 10

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

FortiOS 6.4.7 Log Reference 998


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

ui User Interface string 64

user User name of authenticated user string 256

vd Virtual Domain Name string 32

44545 - LOGID_EVENT_CONFIG_OBJ

Message ID: 44545


Message Description: LOGID_EVENT_CONFIG_OBJ
Message Meaning: Object configured
Type: Event
Category: SYSTEM
Severity: Information

Log Field Name Description Data Type Length

action Policy Action string 65

cfgobj Configuration object string 256

cfgpath Configuration path string 128

cfgtid Config transaction id uint32 10

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

ui User Interface string 64

user User name of authenticated user string 256

vd Virtual Domain Name string 32

FortiOS 6.4.7 Log Reference 999


Fortinet, Inc.
Log Messages

44546 - LOGID_EVENT_CONFIG_ATTR

Message ID: 44546


Message Description: LOGID_EVENT_CONFIG_ATTR
Message Meaning: Attribute configured
Type: Event
Category: SYSTEM
Severity: Information

Log Field Name Description Data Type Length

action Policy Action string 65

cfgattr Configuration attribute string 4096

cfgpath Configuration path string 128

cfgtid Config transaction id uint32 10

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

ui User Interface string 64

user User name of authenticated user string 256

vd Virtual Domain Name string 32

44547 - LOGID_EVENT_CONFIG_OBJATTR

Message ID: 44547


Message Description: LOGID_EVENT_CONFIG_OBJATTR
Message Meaning: Object attribute configured
Type: Event

FortiOS 6.4.7 Log Reference 1000


Fortinet, Inc.
Log Messages

Category: SYSTEM
Severity: Information

Log Field Name Description Data Type Length

action Policy Action string 65

cfgattr Configuration attribute string 4096

cfgobj Configuration object string 256

cfgpath Configuration path string 128

cfgtid Config transaction id uint32 10

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

ui User Interface string 64

user User name of authenticated user string 256

vd Virtual Domain Name string 32

44548 - LOGID_EVENT_CONFIG_EXEC

Message ID: 44548


Message Description: LOGID_EVENT_CONFIG_EXEC
Message Meaning: Action performed
Type: Event
Category: SYSTEM
Severity: Information

Log Field Name Description Data Type Length

action Policy Action string 65

FortiOS 6.4.7 Log Reference 1001


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

ui User Interface string 64

user User name of authenticated user string 256

vd Virtual Domain Name string 32

44549 - LOGID_EVENT_CONFIG_OBJATTR_MTNER

Message ID: 44549


Message Description: LOGID_EVENT_CONFIG_OBJATTR_MTNER
Message Meaning: Object attribute configured by maintainer
Type: Event
Category: SYSTEM
Severity: Alert

Log Field Name Description Data Type Length

action Policy Action string 65

cfgattr Configuration attribute string 4096

cfgobj Configuration object string 256

cfgpath Configuration path string 128

cfgtid Config transaction id uint32 10

date Date string 10

devid Device ID string 16

FortiOS 6.4.7 Log Reference 1002


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

ui User Interface string 64

user User name of authenticated user string 256

vd Virtual Domain Name string 32

44550 - LOGID_EVENT_CONFIG_OBJ_MTNER

Message ID: 44550


Message Description: LOGID_EVENT_CONFIG_OBJ_MTNER
Message Meaning: Object configured by maintainer
Type: Event
Category: SYSTEM
Severity: Alert

Log Field Name Description Data Type Length

action Policy Action string 65

cfgobj Configuration object string 256

cfgpath Configuration path string 128

cfgtid Config transaction id uint32 10

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

FortiOS 6.4.7 Log Reference 1003


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

ui User Interface string 64

user User name of authenticated user string 256

vd Virtual Domain Name string 32

44551 - LOGID_EVENT_CONFIG_ATTR_MTNER

Message ID: 44551


Message Description: LOGID_EVENT_CONFIG_ATTR_MTNER
Message Meaning: Attribute configured by maintainer
Type: Event
Category: SYSTEM
Severity: Alert

Log Field Name Description Data Type Length

action Policy Action string 65

cfgattr Configuration attribute string 4096

cfgpath Configuration path string 128

cfgtid Config transaction id uint32 10

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

FortiOS 6.4.7 Log Reference 1004


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

time Time string 8

type Log Type string 16

tz Time zone string 5

ui User Interface string 64

user User name of authenticated user string 256

vd Virtual Domain Name string 32

44552 - LOGID_EVENT_CONFIG_PATH_MTNER

Message ID: 44552


Message Description: LOGID_EVENT_CONFIG_PATH_MTNER
Message Meaning: Path configured by maintainer
Type: Event
Category: SYSTEM
Severity: Alert

Log Field Name Description Data Type Length

action Policy Action string 65

cfgpath Configuration path string 128

cfgtid Config transaction id uint32 10

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

ui User Interface string 64

FortiOS 6.4.7 Log Reference 1005


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

user User name of authenticated user string 256

vd Virtual Domain Name string 32

44553 - LOGID_EVENT_CONFIG_FIXEDPORT_DIS

Message ID: 44553


Message Description: LOGID_EVENT_CONFIG_FIXEDPORT_DIS
Message Meaning: Policy attribute fixed port changed during upgrade
Type: Event
Category: SYSTEM
Severity: Information

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

policyid Policy ID uint32 10

sn Serial Number string 64

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

44554 - LOGID_EVENT_CONFIG_POL_CHANGED

Message ID: 44554


Message Description: LOGID_EVENT_CONFIG_POL_CHANGED
Message Meaning: Learning mode policy is converted to accept policy during upgrade.
Type: Event

FortiOS 6.4.7 Log Reference 1006


Fortinet, Inc.
Log Messages

Category: SYSTEM
Severity: Notice

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

policyid Policy ID uint32 10

sn Serial Number string 64

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

44555 - LOGID_EVENT_CMDB_DEADLOCK_DETECTED

Message ID: 44555


Message Description: LOGID_EVENT_CMDB_DEADLOCK_DETECTED
Message Meaning: CMDB lock deadlock is detected.
Type: Event
Category: SYSTEM
Severity: Critical

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

FortiOS 6.4.7 Log Reference 1007


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

45057 - LOG_ID_FCC_ADD

Message ID: 45057


Message Description: LOG_ID_FCC_ADD
Message Meaning: FortiClient connection added
Type: Event
Category: ENDPOINT
Severity: Information

Log Field Name Description Data Type Length

action Policy Action string 65

connection_type FortiClient Connection Type string 6

count Count of EndPoint Connections uint32 10

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

fctuid FortiClient UID string 32

ip Source IP ip 39

level Log Level string 11

license_limit Maximum Number of FortiClients for the License string 32

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

name Display Name of the Connection string 128

status Status string 23

FortiOS 6.4.7 Log Reference 1008


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

used_for_type Connection for the type uint32 10

user User name of authenticated user string 256

vd Virtual Domain Name string 32

45058 - LOG_ID_FCC_CLOSE

Message ID: 45058


Message Description: LOG_ID_FCC_CLOSE
Message Meaning: FortiClient connection closed
Type: Event
Category: ENDPOINT
Severity: Information

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

45061 - LOG_ID_FCC_CLOSE_BY_TYPE

Message ID: 45061


Message Description: LOG_ID_FCC_CLOSE_BY_TYPE

FortiOS 6.4.7 Log Reference 1009


Fortinet, Inc.
Log Messages

Message Meaning: FortiClient connection closed by type


Type: Event
Category: ENDPOINT
Severity: Information

Log Field Name Description Data Type Length

action Policy Action string 65

connection_type FortiClient Connection Type string 6

count Count of EndPoint Connections uint32 10

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

fctuid FortiClient UID string 32

ip Source IP ip 39

level Log Level string 11

license_limit Maximum Number of FortiClients for the License string 32

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

name Display Name of the Connection string 128

status Status string 23

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

used_for_type Connection for the type uint32 10

user User name of authenticated user string 256

vd Virtual Domain Name string 32

45071 - LOG_ID_FCC_VULN_SCAN

Message ID: 45071


Message Description: LOG_ID_FCC_VULN_SCAN
Message Meaning: FortiClient Vulnerability Scan
Type: Event

FortiOS 6.4.7 Log Reference 1010


Fortinet, Inc.
Log Messages

Category: ENDPOINT
Severity: Notice

Log Field Name Description Data Type Length

cveid CVE ID string 720

date Date string 10

devid Device ID string 16

devtype Device type string 32

eventtime Event time uint64 20

fctuid FortiClient UID string 32

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

scantime uint64 20

severity Severity string 10

srcip Source IP ip 39

srcmac Source MAC address string 17

srcname Source name string 64

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

vd Virtual Domain Name string 32

vendorurl string 256

vulncat Vulnerability Category string 32

vulnid Vulnerability ID uint32 10

vulnname Vulnerability name string 128

45114 - LOG_ID_EC_REG_QUARANTINE

Message ID: 45114


Message Description: LOG_ID_EC_REG_QUARANTINE

FortiOS 6.4.7 Log Reference 1011


Fortinet, Inc.
Log Messages

Message Meaning: FortiClient endpoint quarantined


Type: Event
Category: ENDPOINT
Severity: Notice

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

fctemssn string 16

fctuid FortiClient UID string 32

hostname Hostname string 128

ip Source IP ip 39

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

vd Virtual Domain Name string 32

45115 - LOG_ID_EC_REG_UNQUARANTINE

Message ID: 45115


Message Description: LOG_ID_EC_REG_UNQUARANTINE
Message Meaning: FortiClient endpoint quarantine removed
Type: Event
Category: ENDPOINT
Severity: Notice

FortiOS 6.4.7 Log Reference 1012


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

fctemssn string 16

fctuid FortiClient UID string 32

hostname Hostname string 128

ip Source IP ip 39

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

vd Virtual Domain Name string 32

46000 - LOG_ID_VIP_REAL_SVR_ENA

Message ID: 46000


Message Description: LOG_ID_VIP_REAL_SVR_ENA
Message Meaning: VIP real server enabled
Type: Event
Category: SYSTEM
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

FortiOS 6.4.7 Log Reference 1013


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

port Port Number uint16 5

server Server IP Address string 64

status Status string 23

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

vip Virtual IP string 64

46001 - LOG_ID_VIP_REAL_SVR_DISA

Message ID: 46001


Message Description: LOG_ID_VIP_REAL_SVR_DISA
Message Meaning: VIP real server disabled
Type: Event
Category: SYSTEM
Severity: Alert

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

FortiOS 6.4.7 Log Reference 1014


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

port Port Number uint16 5

server Server IP Address string 64

status Status string 23

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

vip Virtual IP string 64

46002 - LOG_ID_VIP_REAL_SVR_UP

Message ID: 46002


Message Description: LOG_ID_VIP_REAL_SVR_UP
Message Meaning: VIP real server up
Type: Event
Category: SYSTEM
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

port Port Number uint16 5

server Server IP Address string 64

status Status string 23

subtype Log Subtype string 20

FortiOS 6.4.7 Log Reference 1015


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

vip Virtual IP string 64

46003 - LOG_ID_VIP_REAL_SVR_DOWN

Message ID: 46003


Message Description: LOG_ID_VIP_REAL_SVR_DOWN
Message Meaning: VIP real server down
Type: Event
Category: SYSTEM
Severity: Alert

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

port Port Number uint16 5

server Server IP Address string 64

status Status string 23

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

vip Virtual IP string 64

FortiOS 6.4.7 Log Reference 1016


Fortinet, Inc.
Log Messages

46004 - LOG_ID_VIP_REAL_SVR_ENT_HOLDDOWN

Message ID: 46004


Message Description: LOG_ID_VIP_REAL_SVR_ENT_HOLDDOWN
Message Meaning: VIP real server entered hold-down
Type: Event
Category: SYSTEM
Severity: Notice

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

port Port Number uint16 5

server Server IP Address string 64

status Status string 23

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

vip Virtual IP string 64

46005 - LOG_ID_VIP_REAL_SVR_FAIL_HOLDDOWN

Message ID: 46005


Message Description: LOG_ID_VIP_REAL_SVR_FAIL_HOLDDOWN
Message Meaning: VIP real server health check failed during hold-down
Type: Event
Category: SYSTEM

FortiOS 6.4.7 Log Reference 1017


Fortinet, Inc.
Log Messages

Severity: Alert

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

port Port Number uint16 5

server Server IP Address string 64

status Status string 23

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

vip Virtual IP string 64

46006 - LOG_ID_VIP_REAL_SVR_FAIL

Message ID: 46006


Message Description: LOG_ID_VIP_REAL_SVR_FAIL
Message Meaning: VIP real server health check failed
Type: Event
Category: SYSTEM
Severity: Debug

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

FortiOS 6.4.7 Log Reference 1018


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

monitor-name Health Monitor Type string 35

monitor-type Health Monitor Name string 32

msg Log Message string 4096

port Port Number uint16 5

server Server IP Address string 64

status Status string 23

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

vip Virtual IP string 64

46400 - LOG_ID_EVENT_EXT_SYS

Message ID: 46400


Message Description: LOG_ID_EVENT_EXT_SYS
Message Meaning: FortiExtender system activity
Type: Event
Category: FORTIEXTENDER
Severity: Notice

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

FortiOS 6.4.7 Log Reference 1019


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

46401 - LOG_ID_EVENT_EXT_LOCAL

Message ID: 46401


Message Description: LOG_ID_EVENT_EXT_LOCAL
Message Meaning: FortiExtender controller activity
Type: Event
Category: FORTIEXTENDER
Severity: Notice

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

46402 - LOG_ID_EVENT_EXT_LOCAL_ERROR

Message ID: 46402


Message Description: LOG_ID_EVENT_EXT_LOCAL_ERROR

FortiOS 6.4.7 Log Reference 1020


Fortinet, Inc.
Log Messages

Message Meaning: FortiExtender controller activity error


Type: Event
Category: FORTIEXTENDER
Severity: Error

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

46403 - LOG_ID_EVENT_EXT_REMOTE_EMERG

Message ID: 46403


Message Description: LOG_ID_EVENT_EXT_REMOTE_EMERG
Message Meaning: Remote FortiExtender emergency activity
Type: Event
Category: FORTIEXTENDER
Severity: Emergency

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

ip ip 39

level Log Level string 11

logdesc Log Description string 4096

FortiOS 6.4.7 Log Reference 1021


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

logid Log ID string 10

msg Log Message string 4096

sn Serial Number string 64

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

46404 - LOG_ID_EVENT_EXT_REMOTE_ALERT

Message ID: 46404


Message Description: LOG_ID_EVENT_EXT_REMOTE_ALERT
Message Meaning: Remote FortiExtender alert activity
Type: Event
Category: FORTIEXTENDER
Severity: Alert

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

ip ip 39

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

sn Serial Number string 64

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

FortiOS 6.4.7 Log Reference 1022


Fortinet, Inc.
Log Messages

46405 - LOG_ID_EVENT_EXT_REMOTE_CRITICAL

Message ID: 46405


Message Description: LOG_ID_EVENT_EXT_REMOTE_CRITICAL
Message Meaning: Remote FortiExtender critical activity
Type: Event
Category: FORTIEXTENDER
Severity: Critical

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

ip ip 39

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

sn Serial Number string 64

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

46406 - LOG_ID_EVENT_EXT_REMOTE_ERROR

Message ID: 46406


Message Description: LOG_ID_EVENT_EXT_REMOTE_ERROR
Message Meaning: Remote FortiExtender error activity
Type: Event
Category: FORTIEXTENDER
Severity: Error

FortiOS 6.4.7 Log Reference 1023


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

ip ip 39

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

sn Serial Number string 64

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

46407 - LOG_ID_EVENT_EXT_REMOTE_WARNING

Message ID: 46407


Message Description: LOG_ID_EVENT_EXT_REMOTE_WARNING
Message Meaning: Remote FortiExtender warning activity
Type: Event
Category: FORTIEXTENDER
Severity: Warning

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

ip ip 39

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

FortiOS 6.4.7 Log Reference 1024


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

msg Log Message string 4096

sn Serial Number string 64

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

46408 - LOG_ID_EVENT_EXT_REMOTE_NOTIF

Message ID: 46408


Message Description: LOG_ID_EVENT_EXT_REMOTE_NOTIF
Message Meaning: Remote FortiExtender notify activity
Type: Event
Category: FORTIEXTENDER
Severity: Notice

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

ip ip 39

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

sn Serial Number string 64

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

FortiOS 6.4.7 Log Reference 1025


Fortinet, Inc.
Log Messages

46409 - LOG_ID_EVENT_EXT_REMOTE_INFO

Message ID: 46409


Message Description: LOG_ID_EVENT_EXT_REMOTE_INFO
Message Meaning: Remote FortiExtender info activity
Type: Event
Category: FORTIEXTENDER
Severity: Information

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

ip ip 39

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

sn Serial Number string 64

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

46410 - LOG_ID_EVENT_EXT_REMOTE_DEBUG

Message ID: 46410


Message Description: LOG_ID_EVENT_EXT_REMOTE_DEBUG
Message Meaning: Remote FortiExtender debug activity
Type: Event
Category: FORTIEXTENDER
Severity: Debug

FortiOS 6.4.7 Log Reference 1026


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

ip ip 39

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

sn Serial Number string 64

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

46501 - LOG_ID_INTERNAL_LTE_MODEM_DETECTION

Message ID: 46501


Message Description: LOG_ID_INTERNAL_LTE_MODEM_DETECTION
Message Meaning: LTE modem detection
Type: Event
Category: SYSTEM
Severity: Information

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

FortiOS 6.4.7 Log Reference 1027


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

46502 - LOG_ID_INTERNAL_LTE_MODEM_GPSD

Message ID: 46502


Message Description: LOG_ID_INTERNAL_LTE_MODEM_GPSD
Message Meaning: LTE modem GPS daemon started or stopped
Type: Event
Category: SYSTEM
Severity: Information

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

46503 - LOG_ID_INTERNAL_LTE_MODEM_GPS_LOC_ACQUISITION

Message ID: 46503


Message Description: LOG_ID_INTERNAL_LTE_MODEM_GPS_LOC_ACQUISITION
Message Meaning: LTE modem GPS location acquisition

FortiOS 6.4.7 Log Reference 1028


Fortinet, Inc.
Log Messages

Type: Event
Category: SYSTEM
Severity: Information

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

46504 - LOG_ID_INTERNAL_LTE_MODEM_BILLD

Message ID: 46504


Message Description: LOG_ID_INTERNAL_LTE_MODEM_BILLD
Message Meaning: LTE modem billing daemon started or stopped
Type: Event
Category: SYSTEM
Severity: Information

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

FortiOS 6.4.7 Log Reference 1029


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

46505 - LOG_ID_INTERNAL_LTE_MODEM_BILLING_PURGED

Message ID: 46505


Message Description: LOG_ID_INTERNAL_LTE_MODEM_BILLING_PURGED
Message Meaning: LTE billing data purged
Type: Event
Category: SYSTEM
Severity: Information

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

46506 - LOG_ID_INTERNAL_LTE_MODEM_BILLING_DAILY_LOG

Message ID: 46506


Message Description: LOG_ID_INTERNAL_LTE_MODEM_BILLING_DAILY_LOG

FortiOS 6.4.7 Log Reference 1030


Fortinet, Inc.
Log Messages

Message Meaning: LTE billing daily usage information


Type: Event
Category: SYSTEM
Severity: Information

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

46507 - LOG_ID_INTERNAL_LTE_MODEM_FW_UPGRADE

Message ID: 46507


Message Description: LOG_ID_INTERNAL_LTE_MODEM_FW_UPGRADE
Message Meaning: LTE modem firmware upgrade event
Type: Event
Category: SYSTEM
Severity: Information

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

FortiOS 6.4.7 Log Reference 1031


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

46508 - LOG_ID_INTERNAL_LTE_MODEM_QDL_DETECTION

Message ID: 46508


Message Description: LOG_ID_INTERNAL_LTE_MODEM_QDL_DETECTION
Message Meaning: LTE modem QDL device detection event
Type: Event
Category: SYSTEM
Severity: Information

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

46509 - LOG_ID_INTERNAL_LTE_MODEM_REBOOT

Message ID: 46509

FortiOS 6.4.7 Log Reference 1032


Fortinet, Inc.
Log Messages

Message Description: LOG_ID_INTERNAL_LTE_MODEM_REBOOT


Message Meaning: LTE modem reboot event
Type: Event
Category: SYSTEM
Severity: Information

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

46510 - LOG_ID_INTERNAL_LTE_MODEM_OP_MODE

Message ID: 46510


Message Description: LOG_ID_INTERNAL_LTE_MODEM_OP_MODE
Message Meaning: LTE modem operation mode
Type: Event
Category: SYSTEM
Severity: Information

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

FortiOS 6.4.7 Log Reference 1033


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

46511 - LOG_ID_INTERNAL_LTE_MODEM_POWER_ON_OFF

Message ID: 46511


Message Description: LOG_ID_INTERNAL_LTE_MODEM_POWER_ON_OFF
Message Meaning: LTE modem powered on or powered off
Type: Event
Category: SYSTEM
Severity: Information

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

FortiOS 6.4.7 Log Reference 1034


Fortinet, Inc.
Log Messages

46512 - LOG_ID_INTERNAL_LTE_MODEM_SIM_STATE

Message ID: 46512


Message Description: LOG_ID_INTERNAL_LTE_MODEM_SIM_STATE
Message Meaning: LTE modem sim card state event
Type: Event
Category: SYSTEM
Severity: Information

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

46513 - LOG_ID_INTERNAL_LTE_MODEM_LINK_CONNECTION

Message ID: 46513


Message Description: LOG_ID_INTERNAL_LTE_MODEM_LINK_CONNECTION
Message Meaning: LTE modem data link connection event
Type: Event
Category: SYSTEM
Severity: Information

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

FortiOS 6.4.7 Log Reference 1035


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

46514 - LOG_ID_INTERNAL_LTE_MODEM_MANUAL_HANDOVER

Message ID: 46514


Message Description: LOG_ID_INTERNAL_LTE_MODEM_MANUAL_HANDOVER
Message Meaning: LTE modem manual handover event
Type: Event
Category: SYSTEM
Severity: Information

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

FortiOS 6.4.7 Log Reference 1036


Fortinet, Inc.
Log Messages

46515 - LOG_ID_INTERNAL_LTE_MODEM_IP_ADDR

Message ID: 46515


Message Description: LOG_ID_INTERNAL_LTE_MODEM_IP_ADDR
Message Meaning: LTE modem ip address event
Type: Event
Category: SYSTEM
Severity: Information

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

46516 - LOG_ID_INTERNAL_LTE_MODEM_BEARER_TECH_CHANGE

Message ID: 46516


Message Description: LOG_ID_INTERNAL_LTE_MODEM_BEARER_TECH_CHANGE
Message Meaning: LTE modem bearer event
Type: Event
Category: SYSTEM
Severity: Information

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

FortiOS 6.4.7 Log Reference 1037


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

46600 - LOG_ID_EVENT_AUTOMATION_TRIGGERED

Message ID: 46600


Message Description: LOG_ID_EVENT_AUTOMATION_TRIGGERED
Message Meaning: Automation stitch triggered
Type: Event
Category: SYSTEM
Severity: Notice

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

from Sender Email Address for Notification string 128

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

stitch Automation stitch name string 36

stitchaction string 256

subtype Log Subtype string 20

FortiOS 6.4.7 Log Reference 1038


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

time Time string 8

trigger Automation trigger name string 36

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

46900 - LOG_ID_POE_STATUS_REPORT

Message ID: 46900


Message Description: LOG_ID_POE_STATUS_REPORT
Message Meaning: PoE device status reported
Type: Event
Category: SYSTEM
Severity: Error

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

47000 - LOG_ID_MALWARE_LIST_TRUNCATED_ENTER

Message ID: 47000


Message Description: LOG_ID_MALWARE_LIST_TRUNCATED_ENTER
Message Meaning: External malware list is truncated

FortiOS 6.4.7 Log Reference 1039


Fortinet, Inc.
Log Messages

Type: Event
Category: SYSTEM
Severity: Warning

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

47001 - LOG_ID_MALWARE_LIST_TRUNCATED_EXIT

Message ID: 47001


Message Description: LOG_ID_MALWARE_LIST_TRUNCATED_EXIT
Message Meaning: External malware list is no longer truncated
Type: Event
Category: SYSTEM
Severity: Notice

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

FortiOS 6.4.7 Log Reference 1040


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

47203 - LOG_ID_ENTER_BYPASS

Message ID: 47203


Message Description: LOG_ID_ENTER_BYPASS
Message Meaning: Bypass ports pair entered bypass mode
Type: Event
Category: SYSTEM
Severity: Warning

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

47204 - LOG_ID_EXIT_BYPASS

Message ID: 47204


Message Description: LOG_ID_EXIT_BYPASS

FortiOS 6.4.7 Log Reference 1041


Fortinet, Inc.
Log Messages

Message Meaning: Bypass ports pair exited bypass mode


Type: Event
Category: SYSTEM
Severity: Warning

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

48000 - LOG_ID_WAD_SSL_RCV_HS

Message ID: 48000


Message Description: LOG_ID_WAD_SSL_RCV_HS
Message Meaning: SSL handshake received
Type: Event
Category: WAD
Severity: Debug

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

dstip Destination IP ip 39

dstport Destination Protocol Port uint16 5

FortiOS 6.4.7 Log Reference 1042


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

eventtime Event time uint64 20

handshake Handshake string 32

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

policyid Policy ID uint32 10

session_id Session ID uint32 10

srcip Source IP ip 39

srcport Source port uint16 5

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

48001 - LOG_ID_WAD_SSL_RCV_WRG_HS

Message ID: 48001


Message Description: LOG_ID_WAD_SSL_RCV_WRG_HS
Message Meaning: SSL handshake message incorrect
Type: Event
Category: WAD
Severity: Error

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

dstip Destination IP ip 39

dstport Destination Protocol Port uint16 5

eventtime Event time uint64 20

FortiOS 6.4.7 Log Reference 1043


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

policyid Policy ID uint32 10

session_id Session ID uint32 10

srcip Source IP ip 39

srcport Source port uint16 5

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

48002 - LOG_ID_WAD_SSL_SENT_HS

Message ID: 48002


Message Description: LOG_ID_WAD_SSL_SENT_HS
Message Meaning: SSL handshake sent
Type: Event
Category: WAD
Severity: Debug

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

dstip Destination IP ip 39

dstport Destination Protocol Port uint16 5

eventtime Event time uint64 20

handshake Handshake string 32

level Log Level string 11

FortiOS 6.4.7 Log Reference 1044


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

policyid Policy ID uint32 10

session_id Session ID uint32 10

srcip Source IP ip 39

srcport Source port uint16 5

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

48003 - LOG_ID_WAD_SSL_WRG_HS_LEN

Message ID: 48003


Message Description: LOG_ID_WAD_SSL_WRG_HS_LEN
Message Meaning: SSL handshake length invalid
Type: Event
Category: WAD
Severity: Error

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

dstip Destination IP ip 39

dstport Destination Protocol Port uint16 5

eventtime Event time uint64 20

handshake Handshake string 32

level Log Level string 11

logdesc Log Description string 4096

FortiOS 6.4.7 Log Reference 1045


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

logid Log ID string 10

msg Log Message string 4096

policyid Policy ID uint32 10

session_id Session ID uint32 10

srcip Source IP ip 39

srcport Source port uint16 5

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

48004 - LOG_ID_WAD_SSL_RCV_CCS

Message ID: 48004


Message Description: LOG_ID_WAD_SSL_RCV_CCS
Message Meaning: SSL ChangeCipherSpec received
Type: Event
Category: WAD
Severity: Debug

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

dstip Destination IP ip 39

dstport Destination Protocol Port uint16 5

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

FortiOS 6.4.7 Log Reference 1046


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

policyid Policy ID uint32 10

session_id Session ID uint32 10

srcip Source IP ip 39

srcport Source port uint16 5

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

48005 - LOG_ID_WAD_SSL_RSA_DH_FAIL

Message ID: 48005


Message Description: LOG_ID_WAD_SSL_RSA_DH_FAIL
Message Meaning: RSA verification of Diffie-Hellman parameters failed
Type: Event
Category: WAD
Severity: Error

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

dstip Destination IP ip 39

dstport Destination Protocol Port uint16 5

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

policyid Policy ID uint32 10

session_id Session ID uint32 10

FortiOS 6.4.7 Log Reference 1047


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

srcip Source IP ip 39

srcport Source port uint16 5

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

48006 - LOG_ID_WAD_SSL_SENT_CCS

Message ID: 48006


Message Description: LOG_ID_WAD_SSL_SENT_CCS
Message Meaning: SSL ChangeCipherSpec sent
Type: Event
Category: WAD
Severity: Debug

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

dstip Destination IP ip 39

dstport Destination Protocol Port uint16 5

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

policyid Policy ID uint32 10

session_id Session ID uint32 10

srcip Source IP ip 39

srcport Source port uint16 5

FortiOS 6.4.7 Log Reference 1048


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

48007 - LOG_ID_WAD_SSL_BAD_HASH

Message ID: 48007


Message Description: LOG_ID_WAD_SSL_BAD_HASH
Message Meaning: SSL Finished hash mismatch
Type: Event
Category: WAD
Severity: Error

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

dstip Destination IP ip 39

dstport Destination Protocol Port uint16 5

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

policyid Policy ID uint32 10

session_id Session ID uint32 10

srcip Source IP ip 39

srcport Source port uint16 5

ssllocal SSL message string 76

sslremote SSL message string 76

FortiOS 6.4.7 Log Reference 1049


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

48009 - LOG_ID_WAD_SSL_DECRY_FAIL

Message ID: 48009


Message Description: LOG_ID_WAD_SSL_DECRY_FAIL
Message Meaning: SSL decryption failed
Type: Event
Category: WAD
Severity: Error

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

dstip Destination IP ip 39

dstport Destination Protocol Port uint16 5

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

policyid Policy ID uint32 10

reason Reason string 256

session_id Session ID uint32 10

srcip Source IP ip 39

srcport Source port uint16 5

subtype Log Subtype string 20

FortiOS 6.4.7 Log Reference 1050


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

48011 - LOG_ID_WAD_SSL_LESS_MINOR

Message ID: 48011


Message Description: LOG_ID_WAD_SSL_LESS_MINOR
Message Meaning: SSL minor version less than configured minimum value
Type: Event
Category: WAD
Severity: Error

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

dstip Destination IP ip 39

dstport Destination Protocol Port uint16 5

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

policyid Policy ID uint32 10

session_id Session ID uint32 10

srcip Source IP ip 39

srcport Source port uint16 5

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

FortiOS 6.4.7 Log Reference 1051


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

tz Time zone string 5

vd Virtual Domain Name string 32

48013 - LOG_ID_WAD_SSL_NOT_SUPPORT_CS

Message ID: 48013


Message Description: LOG_ID_WAD_SSL_NOT_SUPPORT_CS
Message Meaning: SSL Cipher Suites not supported
Type: Event
Category: WAD
Severity: Error

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

dstip Destination IP ip 39

dstport Destination Protocol Port uint16 5

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

policyid Policy ID uint32 10

session_id Session ID uint32 10

srcip Source IP ip 39

srcport Source port uint16 5

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

FortiOS 6.4.7 Log Reference 1052


Fortinet, Inc.
Log Messages

48016 - LOG_ID_WAD_SSL_HS_FIN

Message ID: 48016


Message Description: LOG_ID_WAD_SSL_HS_FIN
Message Meaning: SSL handshake completed
Type: Event
Category: WAD
Severity: Debug

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

dstip Destination IP ip 39

dstport Destination Protocol Port uint16 5

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

policyid Policy ID uint32 10

session_id Session ID uint32 10

srcip Source IP ip 39

srcport Source port uint16 5

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

48017 - LOG_ID_WAD_SSL_HS_TOO_LONG

Message ID: 48017


Message Description: LOG_ID_WAD_SSL_HS_TOO_LONG
Message Meaning: SSL handshake too long

FortiOS 6.4.7 Log Reference 1053


Fortinet, Inc.
Log Messages

Type: Event
Category: WAD
Severity: Error

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

dstip Destination IP ip 39

dstport Destination Protocol Port uint16 5

eventtime Event time uint64 20

handshake Handshake string 32

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

policyid Policy ID uint32 10

session_id Session ID uint32 10

srcip Source IP ip 39

srcport Source port uint16 5

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

48019 - LOG_ID_WAD_SSL_SENT_ALERT

Message ID: 48019


Message Description: LOG_ID_WAD_SSL_SENT_ALERT
Message Meaning: SSL alert sent
Type: Event
Category: WAD
Severity: Debug

FortiOS 6.4.7 Log Reference 1054


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

action Policy Action string 65

alert Alert ID string 256

date Date string 10

desc Description string 128

devid Device ID string 16

dstip Destination IP ip 39

dstport Destination Protocol Port uint16 5

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

policyid Policy ID uint32 10

session_id Session ID uint32 10

srcip Source IP ip 39

srcport Source port uint16 5

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

48023 - LOG_ID_WAD_SSL_RCV_ALERT

Message ID: 48023


Message Description: LOG_ID_WAD_SSL_RCV_ALERT
Message Meaning: SSL alert received
Type: Event
Category: WAD
Severity: Debug

FortiOS 6.4.7 Log Reference 1055


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

action Policy Action string 65

alert Alert ID string 256

date Date string 10

desc Description string 128

devid Device ID string 16

dstip Destination IP ip 39

dstport Destination Protocol Port uint16 5

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

policyid Policy ID uint32 10

session_id Session ID uint32 10

srcip Source IP ip 39

srcport Source port uint16 5

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

48027 - LOG_ID_WAD_SSL_INVALID_CONT_TYPE

Message ID: 48027


Message Description: LOG_ID_WAD_SSL_INVALID_CONT_TYPE
Message Meaning: SSL Content Type invalid
Type: Event
Category: WAD
Severity: Error

FortiOS 6.4.7 Log Reference 1056


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

dstip Destination IP ip 39

dstport Destination Protocol Port uint16 5

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

policyid Policy ID uint32 10

session_id Session ID uint32 10

srcip Source IP ip 39

srcport Source port uint16 5

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

48029 - LOG_ID_WAD_SSL_BAD_CCS_LEN

Message ID: 48029


Message Description: LOG_ID_WAD_SSL_BAD_CCS_LEN
Message Meaning: SSL ChangeCipherSpec length invalid
Type: Event
Category: WAD
Severity: Error

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

FortiOS 6.4.7 Log Reference 1057


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

devid Device ID string 16

dstip Destination IP ip 39

dstport Destination Protocol Port uint16 5

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

policyid Policy ID uint32 10

session_id Session ID uint32 10

srcip Source IP ip 39

srcport Source port uint16 5

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

48031 - LOG_ID_WAD_SSL_BAD_DH

Message ID: 48031


Message Description: LOG_ID_WAD_SSL_BAD_DH
Message Meaning: SSL Diffie-Hellman value invalid
Type: Event
Category: WAD
Severity: Error

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

dstip Destination IP ip 39

FortiOS 6.4.7 Log Reference 1058


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

dstport Destination Protocol Port uint16 5

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

policyid Policy ID uint32 10

session_id Session ID uint32 10

srcip Source IP ip 39

srcport Source port uint16 5

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

48032 - LOG_ID_WAD_SSL_PUB_KEY_TOO_BIG

Message ID: 48032


Message Description: LOG_ID_WAD_SSL_PUB_KEY_TOO_BIG
Message Meaning: Certificate's public key too long
Type: Event
Category: WAD
Severity: Error

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

dstip Destination IP ip 39

dstport Destination Protocol Port uint16 5

eventtime Event time uint64 20

FortiOS 6.4.7 Log Reference 1059


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

policyid Policy ID uint32 10

session_id Session ID uint32 10

srcip Source IP ip 39

srcport Source port uint16 5

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

48034 - LOG_ID_WAD_SSL_SERVER_KEY_HASH_ALGORITHM_MISMATCH

Message ID: 48034


Message Description: LOG_ID_WAD_SSL_SERVER_KEY_HASH_ALGORITHM_MISMATCH
Message Meaning: Server Key Exchange hash algorithm mismatch
Type: Event
Category: WAD
Severity: Error

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

dstip Destination IP ip 39

dstport Destination Protocol Port uint16 5

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

FortiOS 6.4.7 Log Reference 1060


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

logid Log ID string 10

msg Log Message string 4096

policyid Policy ID uint32 10

received uint8 3

session_id Session ID uint32 10

srcip Source IP ip 39

srcport Source port uint16 5

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

48035 - LOG_ID_WAD_SSL_SERVER_KEY_SIGNATURE_ALGORITHM_MISMATCH

Message ID: 48035


Message Description: LOG_ID_WAD_SSL_SERVER_KEY_SIGNATURE_ALGORITHM_MISMATCH
Message Meaning: Server Key Exchange signature algorithm mismatch
Type: Event
Category: WAD
Severity: Error

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

dstip Destination IP ip 39

dstport Destination Protocol Port uint16 5

eventtime Event time uint64 20

expectedsignature uint8 3

level Log Level string 11

logdesc Log Description string 4096

FortiOS 6.4.7 Log Reference 1061


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

logid Log ID string 10

msg Log Message string 4096

policyid Policy ID uint32 10

receivedsignature uint8 3

session_id Session ID uint32 10

srcip Source IP ip 39

srcport Source port uint16 5

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

48038 - LOG_ID_WAD_SSL_RCV_FATAL_ALERT

Message ID: 48038


Message Description: LOG_ID_WAD_SSL_RCV_FATAL_ALERT
Message Meaning: SSL Fatal Alert received
Type: Event
Category: WAD
Severity: Error

Log Field Name Description Data Type Length

action Policy Action string 65

alert Alert ID string 256

date Date string 10

desc Description string 128

devid Device ID string 16

dstip Destination IP ip 39

dstport Destination Protocol Port uint16 5

eventtime Event time uint64 20

level Log Level string 11

FortiOS 6.4.7 Log Reference 1062


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

policyid Policy ID uint32 10

session_id Session ID uint32 10

srcip Source IP ip 39

srcport Source port uint16 5

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

48039 - LOG_ID_WAD_SSL_SENT_FATAL_ALERT

Message ID: 48039


Message Description: LOG_ID_WAD_SSL_SENT_FATAL_ALERT
Message Meaning: SSL fatal alert sent
Type: Event
Category: WAD
Severity: Error

Log Field Name Description Data Type Length

action Policy Action string 65

alert Alert ID string 256

date Date string 10

desc Description string 128

devid Device ID string 16

dstip Destination IP ip 39

dstport Destination Protocol Port uint16 5

eventtime Event time uint64 20

level Log Level string 11

FortiOS 6.4.7 Log Reference 1063


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

policyid Policy ID uint32 10

session_id Session ID uint32 10

srcip Source IP ip 39

srcport Source port uint16 5

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

48101 - LOG_ID_WAD_AUTH_FAIL_PSK

Message ID: 48101


Message Description: LOG_ID_WAD_AUTH_FAIL_PSK
Message Meaning: WAN Optimization peer PSK authentication failed
Type: Event
Category: WAD
Severity: Error

Log Field Name Description Data Type Length

authgrp Authorization Group string 36

date Date string 10

devid Device ID string 16

dstip Destination IP ip 39

dstport Destination Protocol Port uint16 5

eventtime Event time uint64 20

host Host Name string 256

level Log Level string 11

logdesc Log Description string 4096

FortiOS 6.4.7 Log Reference 1064


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

logid Log ID string 10

msg Log Message string 4096

policyid Policy ID uint32 10

serial Serial Number uint32 10

srcip Source IP ip 39

srcport Source port uint16 5

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

48102 - LOG_ID_WAD_AUTH_FAIL_OTH

Message ID: 48102


Message Description: LOG_ID_WAD_AUTH_FAIL_OTH
Message Meaning: WAN Optimization peer authentication failed
Type: Event
Category: WAD
Severity: Error

Log Field Name Description Data Type Length

authgrp Authorization Group string 36

date Date string 10

devid Device ID string 16

dstip Destination IP ip 39

dstport Destination Protocol Port uint16 5

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

FortiOS 6.4.7 Log Reference 1065


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

peer Address type string 36

policyid Policy ID uint32 10

serial Serial Number uint32 10

srcip Source IP ip 39

srcport Source port uint16 5

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

48301 - LOG_ID_UNEXP_APP_TYPE

Message ID: 48301


Message Description: LOG_ID_UNEXP_APP_TYPE
Message Meaning: Unexpected application type for WAN Optimization
Type: Event
Category: WAD
Severity: Critical

Log Field Name Description Data Type Length

app-type Application type string 64

date Date string 10

devid Device ID string 16

dstip Destination IP ip 39

dstport Destination Protocol Port uint16 5

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

policyid Policy ID uint32 10

FortiOS 6.4.7 Log Reference 1066


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

session_id Session ID uint32 10

srcip Source IP ip 39

srcport Source port uint16 5

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

49002 - LOG_ID_VNP_DPDK_PRIMARY_RESTART

Message ID: 49002


Message Description: LOG_ID_VNP_DPDK_PRIMARY_RESTART
Message Meaning: VNP Primary restarted
Type: Event
Category: SYSTEM
Severity: Information

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

FortiOS 6.4.7 Log Reference 1067


Fortinet, Inc.
Log Messages

49004 - LOGID_EVENT_HYPERV_SRIOV_SHOW_UP

Message ID: 49004


Message Description: LOGID_EVENT_HYPERV_SRIOV_SHOW_UP
Message Meaning: Hyper-V SR-IOV secondary hot plugged
Type: Event
Category: SYSTEM
Severity: Information

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

49005 - LOGID_EVENT_HYPERV_SRIOV_DISAPPEAR

Message ID: 49005


Message Description: LOGID_EVENT_HYPERV_SRIOV_DISAPPEAR
Message Meaning: Hyper-V SR-IOV secondary hot unplugged
Type: Event
Category: SYSTEM
Severity: Information

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

FortiOS 6.4.7 Log Reference 1068


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

51000 - LOG_ID_NB_TBL_CHG

Message ID: 51000


Message Description: LOG_ID_NB_TBL_CHG
Message Meaning: Neighbor table changed
Type: Event
Category: ROUTER
Severity: Information

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

mac MAC Address string 17

msg Log Message string 4096

service Name of Service string 64

srcip Source IP ip 39

FortiOS 6.4.7 Log Reference 1069


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

src_int Source Interface string 64

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

52000 - LOG_ID_EVENT_SECURITY_AUDIT_FABRIC_SUMMARY

Message ID: 52000


Message Description: LOG_ID_EVENT_SECURITY_AUDIT_FABRIC_SUMMARY
Message Meaning: Security Rating summary
Type: Event
Category: SECURITY-RATING
Severity: Notice

Log Field Name Description Data Type Length

auditid Security Rating ID uint64 20

auditreporttype Security Rating report type string 20

auditscore Security Rating score string 20

audittime Security Rating time uint64 20

criticalcount Critical level threat count int32 10

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

highcount Security Rating result failed count for high severity int32 10

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

lowcount Security Rating result failed count for low severity int32 10

mediumcount Security Rating result failed count for medium severity int32 10

passedcount Security Rating result passed count int32 10

FortiOS 6.4.7 Log Reference 1070


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

52001 - LOG_ID_EVENT_SECURITY_AUDIT_FABRIC_CHANGE

Message ID: 52001


Message Description: LOG_ID_EVENT_SECURITY_AUDIT_FABRIC_CHANGE
Message Meaning: Security Rating result change
Type: Event
Category: SECURITY-RATING
Severity: Notice

Log Field Name Description Data Type Length

auditid Security Rating ID uint64 20

auditreporttype Security Rating report type string 20

auditscore Security Rating score string 20

audittime Security Rating time uint64 20

criticalcount Critical level threat count int32 10

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

highcount Security Rating result failed count for high severity int32 10

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

lowcount Security Rating result failed count for low severity int32 10

mediumcount Security Rating result failed count for medium severity int32 10

passedcount Security Rating result passed count int32 10

subtype Log Subtype string 20

FortiOS 6.4.7 Log Reference 1071


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

53000 - LOG_ID_SDNC_CONNECTED

Message ID: 53000


Message Description: LOG_ID_SDNC_CONNECTED
Message Meaning: Connected to SDN server
Type: Event
Category: SYSTEM
Severity: Information

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

vd Virtual Domain Name string 32

53001 - LOG_ID_SDNC_DISCONNECTED

Message ID: 53001


Message Description: LOG_ID_SDNC_DISCONNECTED

FortiOS 6.4.7 Log Reference 1072


Fortinet, Inc.
Log Messages

Message Meaning: Disconnected from SDN server


Type: Event
Category: SYSTEM
Severity: Information

Log Field Name Description Data Type Length

action Policy Action string 65

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

user User name of authenticated user string 256

vd Virtual Domain Name string 32

53002 - LOG_ID_SDNC_SUBSCRIBE

Message ID: 53002


Message Description: LOG_ID_SDNC_SUBSCRIBE
Message Meaning: Dynamic SDN address channel opened
Type: Event
Category: SYSTEM
Severity: Information

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

FortiOS 6.4.7 Log Reference 1073


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

53003 - LOG_ID_SDNC_UNSUBSCRIBE

Message ID: 53003


Message Description: LOG_ID_SDNC_UNSUBSCRIBE
Message Meaning: Dynamic SDN address channel closed
Type: Event
Category: SYSTEM
Severity: Information

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

FortiOS 6.4.7 Log Reference 1074


Fortinet, Inc.
Log Messages

53100 - LOG_ID_VPN_OCVPN_REGISTERED

Message ID: 53100


Message Description: LOG_ID_VPN_OCVPN_REGISTERED
Message Meaning: Overlay Controller VPN registered
Type: Event
Category: VPN
Severity: Notice

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

status Status string 23

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

53101 - LOG_ID_VPN_OCVPN_UNREGISTERED

Message ID: 53101


Message Description: LOG_ID_VPN_OCVPN_UNREGISTERED
Message Meaning: Overlay Controller VPN unregistered
Type: Event
Category: VPN
Severity: Notice

Log Field Name Description Data Type Length

date Date string 10

FortiOS 6.4.7 Log Reference 1075


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

status Status string 23

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

53102 - LOG_ID_VPN_OCVPN_COMM_ESTABLISHED

Message ID: 53102


Message Description: LOG_ID_VPN_OCVPN_COMM_ESTABLISHED
Message Meaning: Overlay Controller VPN server communication established
Type: Event
Category: VPN
Severity: Notice

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

status Status string 23

subtype Log Subtype string 20

FortiOS 6.4.7 Log Reference 1076


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

53103 - LOG_ID_VPN_OCVPN_COMM_ERROR

Message ID: 53103


Message Description: LOG_ID_VPN_OCVPN_COMM_ERROR
Message Meaning: Overlay Controller VPN server communication error
Type: Event
Category: VPN
Severity: Error

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

status Status string 23

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

53104 - LOG_ID_VPN_OCVPN_DNS_ERROR

Message ID: 53104


Message Description: LOG_ID_VPN_OCVPN_DNS_ERROR
Message Meaning: Overlay Controller VPN DNS error

FortiOS 6.4.7 Log Reference 1077


Fortinet, Inc.
Log Messages

Type: Event
Category: VPN
Severity: Notice

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

status Status string 23

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

53105 - LOG_ID_VPN_OCVPN_ROUTE_ERROR

Message ID: 53105


Message Description: LOG_ID_VPN_OCVPN_ROUTE_ERROR
Message Meaning: Overlay Controller VPN routing error
Type: Event
Category: VPN
Severity: Notice

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

FortiOS 6.4.7 Log Reference 1078


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

logid Log ID string 10

msg Log Message string 4096

status Status string 23

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

53200 - LOG_ID_CONNECTOR_OBJECT_ADD

Message ID: 53200


Message Description: LOG_ID_CONNECTOR_OBJECT_ADD
Message Meaning: Dynamic address added
Type: Event
Category: CONNECTOR
Severity: Information

Log Field Name Description Data Type Length

action Policy Action string 65

addr IP Address string 80

cfgobj Configuration object string 256

cldobjid string 128

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

fctemssn string 16

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

netid string 128

FortiOS 6.4.7 Log Reference 1079


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

53201 - LOG_ID_CONNECTOR_OBJECT_REMOVE

Message ID: 53201


Message Description: LOG_ID_CONNECTOR_OBJECT_REMOVE
Message Meaning: Dynamic address removed
Type: Event
Category: CONNECTOR
Severity: Information

Log Field Name Description Data Type Length

action Policy Action string 65

addr IP Address string 80

cfgobj Configuration object string 256

cldobjid string 128

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

fctemssn string 16

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

netid string 128

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

FortiOS 6.4.7 Log Reference 1080


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

tz Time zone string 5

vd Virtual Domain Name string 32

53202 - LOG_ID_CONNECTOR_API_FAILED

Message ID: 53202


Message Description: LOG_ID_CONNECTOR_API_FAILED
Message Meaning: SDN Connector API failed
Type: Event
Category: CONNECTOR
Severity: Error

Log Field Name Description Data Type Length

addr IP Address string 80

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

fctemssn string 16

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

53203 - LOG_ID_CONNECTOR_OBJECT_UPDATE

Message ID: 53203


Message Description: LOG_ID_CONNECTOR_OBJECT_UPDATE
Message Meaning: Dynamic address updated
Type: Event

FortiOS 6.4.7 Log Reference 1081


Fortinet, Inc.
Log Messages

Category: CONNECTOR
Severity: Information

Log Field Name Description Data Type Length

addr IP Address string 80

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

fctemssn string 16

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

53204 - LOG_ID_CONNECTOR_OBJECT_CANT_ADD

Message ID: 53204


Message Description: LOG_ID_CONNECTOR_OBJECT_CANT_ADD
Message Meaning: Dynamic address can't be added
Type: Event
Category: CONNECTOR
Severity: Warning

Log Field Name Description Data Type Length

addr IP Address string 80

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

fctemssn string 16

level Log Level string 11

FortiOS 6.4.7 Log Reference 1082


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

53205 - LOG_ID_CONNECTOR_OBJECT_CANT_REMOVE

Message ID: 53205


Message Description: LOG_ID_CONNECTOR_OBJECT_CANT_REMOVE
Message Meaning: Dynamic address can't be removed
Type: Event
Category: CONNECTOR
Severity: Warning

Log Field Name Description Data Type Length

addr IP Address string 80

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

fctemssn string 16

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

FortiOS 6.4.7 Log Reference 1083


Fortinet, Inc.
Log Messages

53300 - LOG_ID_VNE_PRO_UPDATE_COMPLETED

Message ID: 53300


Message Description: LOG_ID_VNE_PRO_UPDATE_COMPLETED
Message Meaning: VNE provision server update completed
Type: Event
Category: SYSTEM
Severity: Information

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

hostname Hostname string 128

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

server Server IP Address string 64

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

53301 - LOG_ID_VNE_PRO_UPDATE_FAILED

Message ID: 53301


Message Description: LOG_ID_VNE_PRO_UPDATE_FAILED
Message Meaning: VNE provision server update failed
Type: Event
Category: SYSTEM
Severity: Information

FortiOS 6.4.7 Log Reference 1084


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

error Error Reason for Log Upload to Forticloud string 256

eventtime Event time uint64 20

hostname Hostname string 128

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

server Server IP Address string 64

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

53312 - LOG_ID_NPD_INFO

Message ID: 53312


Message Description: LOG_ID_NPD_INFO
Message Meaning: NPD INFO
Type: Event
Category: SYSTEM
Severity: Notice

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

FortiOS 6.4.7 Log Reference 1085


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

53313 - LOG_ID_NPD_WARNING

Message ID: 53313


Message Description: LOG_ID_NPD_WARNING
Message Meaning: NPD WARNING MSG
Type: Event
Category: SYSTEM
Severity: Warning

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

53314 - LOG_ID_NPD_ERROR

Message ID: 53314


Message Description: LOG_ID_NPD_ERROR

FortiOS 6.4.7 Log Reference 1086


Fortinet, Inc.
Log Messages

Message Meaning: NPD ERROR MSG


Type: Event
Category: SYSTEM
Severity: Error

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Event time uint64 20

level Log Level string 11

logdesc Log Description string 4096

logid Log ID string 10

msg Log Message string 4096

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

FILE-FILTER

64000 - LOG_ID_FILE_FILTER_BLOCK

Message ID: 64000


Message Description: LOG_ID_FILE_FILTER_BLOCK
Message Meaning: File was blocked by file filter
Type: FILE-FILTER
Category: FILE-FILTER
Severity: Warning

Log Field Name Description Data Type Length

action string 20

agent string 64

attachment string 3

FortiOS 6.4.7 Log Reference 1087


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

authserver string 64

cc string 512

date string 10

devid string 16

direction string 8

dstintf string 32

dstintfrole string 10

dstip ip 39

dstport uint16 5

eventtime uint64 20

eventtype string 32

fctuid string 32

filename string 256

filesize uint64 10

filetype string 23

filtername string 32

forwardedfor string 128

from string 128

group string 64

hostname string 256

level string 11

logid string 10

matchfilename string 256

matchfiletype string 23

msg string 512

policyid uint32 10

profile string 64

proto uint8 3

rawdata string 1024

recipient string 512

FortiOS 6.4.7 Log Reference 1088


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

sender string 128

service string 36

sessionid uint32 10

srcdomain string 255

srcintf string 32

srcintfrole string 10

srcip ip 39

srcport uint16 5

subject string 256

subservice string 16

subtype string 20

time string 8

to string 512

trueclntip ip 39

type string 16

tz string 5

unauthuser string 66

unauthusersource string 66

url string 512

user string 256

vd string 32

vrf uint8 3

64001 - LOG_ID_FILE_FILTER_LOG

Message ID: 64001


Message Description: LOG_ID_FILE_FILTER_LOG
Message Meaning: File was detected by file filter
Type: FILE-FILTER
Category: FILE-FILTER
Severity: Notice

FortiOS 6.4.7 Log Reference 1089


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

action string 20

agent string 64

attachment string 3

authserver string 64

cc string 512

date string 10

devid string 16

direction string 8

dstintf string 32

dstintfrole string 10

dstip ip 39

dstport uint16 5

eventtime uint64 20

eventtype string 32

fctuid string 32

filename string 256

filesize uint64 10

filetype string 23

filtername string 32

forwardedfor string 128

from string 128

group string 64

hostname string 256

level string 11

logid string 10

matchfilename string 256

matchfiletype string 23

msg string 512

policyid uint32 10

profile string 64

FortiOS 6.4.7 Log Reference 1090


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

proto uint8 3

rawdata string 1024

recipient string 512

sender string 128

service string 36

sessionid uint32 10

srcdomain string 255

srcintf string 32

srcintfrole string 10

srcip ip 39

srcport uint16 5

subject string 256

subservice string 16

subtype string 20

time string 8

to string 512

trueclntip ip 39

type string 16

tz string 5

unauthuser string 66

unauthusersource string 66

url string 512

user string 256

vd string 32

vrf uint8 3

GTP

41216 - LOGID_GTP_FORWARD

Message ID: 41216


Message Description: LOGID_GTP_FORWARD

FortiOS 6.4.7 Log Reference 1091


Fortinet, Inc.
Log Messages

Message Meaning: GTP forward


Type: GTP
Category: GTP-ALL
Severity: Information

Log Field Name Description Data Type Length

apn Access Point Name string 128

c-gsn Control Plane GSN ip 39

cgsn6 ip 39

date Date string 10

deny_cause Deny Cause string 25

devid Device ID string 16

dstport Destination Port uint16 5

dtlexp Detailed Explanation string 64

end-usr-address End user IP Address ip 39

endusraddress6 ip 39

eventtime Event time line uint64 20

from From ip 128

from6 ip 39

headerteid Tunnel Endpoint ID Header uint32 10

ietype Malformed GTP IE number uint8 3

imei-sv IMEI(International Mobile Equipment Identity) Software string 32


Version

imsi International mobile subscriber ID string 16

level Log Level string 11

linked-nsapi Linked Netscape Server Application Programming Interface uint8 3

logid Log ID string 10

msg-type Message Type uint8 3

msisdn Mobile Subscriber Integrated Services Digital Network- string 16


Number (telephone # to a SIM card)

nsapi Netscape Server Application Programming Interface uint8 3

profile Profile Name string 64

rai Routing Area Identifier string 32

rat-type Radio Access Technology type string 7

FortiOS 6.4.7 Log Reference 1092


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

selection APN selection, which is one IE in gtp packet string 14

seqnum GTP packet sequence number uint32 10

srcport Source Port uint16 5

status Status string 23

subtype Log Subtype string 20

time Time string 8

to To ip 512

to6 ip 39

tunnel-idx Tunnel serial number, internally assigned uint32 10

type Log Type string 16

tz Time zone string 5

u-gsn User Plane GSN ip 39

ugsn6 ip 39

uli User Location Information string 120

ulimcc uint16 3

ulimnc uint16 3

vd Virtual Domain Name string 32

version Version uint32 64

41217 - LOGID_GTP_DENY

Message ID: 41217


Message Description: LOGID_GTP_DENY
Message Meaning: GTP deny
Type: GTP
Category: GTP-ALL
Severity: Information

Log Field Name Description Data Type Length

apn Access Point Name string 128

c-gsn Control Plane GSN ip 39

cgsn6 ip 39

FortiOS 6.4.7 Log Reference 1093


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

date Date string 10

deny_cause Deny Cause string 25

devid Device ID string 16

dstport Destination Port uint16 5

dtlexp Detailed Explanation string 64

end-usr-address End user IP Address ip 39

endusraddress6 ip 39

eventtime Event time line uint64 20

from From ip 128

from6 ip 39

headerteid Tunnel Endpoint ID Header uint32 10

ietype Malformed GTP IE number uint8 3

imei-sv IMEI(International Mobile Equipment Identity) Software string 32


Version

imsi International mobile subscriber ID string 16

level Log Level string 11

linked-nsapi Linked Netscape Server Application Programming Interface uint8 3

logid Log ID string 10

msg-type Message Type uint8 3

msisdn Mobile Subscriber Integrated Services Digital Network- string 16


Number (telephone # to a SIM card)

nsapi Netscape Server Application Programming Interface uint8 3

profile Profile Name string 64

rai Routing Area Identifier string 32

rat-type Radio Access Technology type string 7

selection APN selection, which is one IE in gtp packet string 14

seqnum GTP packet sequence number uint32 10

srcport Source Port uint16 5

status Status string 23

subtype Log Subtype string 20

time Time string 8

FortiOS 6.4.7 Log Reference 1094


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

to To ip 512

to6 ip 39

tunnel-idx Tunnel serial number, internally assigned uint32 10

type Log Type string 16

tz Time zone string 5

u-gsn User Plane GSN ip 39

ugsn6 ip 39

uli User Location Information string 120

ulimcc uint16 3

ulimnc uint16 3

vd Virtual Domain Name string 32

version Version uint32 64

41218 - LOGID_GTP_RATE_LIMIT

Message ID: 41218


Message Description: LOGID_GTP_RATE_LIMIT
Message Meaning: GTP rate limit
Type: GTP
Category: GTP-ALL
Severity: Information

Log Field Name Description Data Type Length

apn Access Point Name string 128

c-gsn Control Plane GSN ip 39

cgsn6 ip 39

date Date string 10

deny_cause Deny Cause string 25

devid Device ID string 16

dstport Destination Port uint16 5

dtlexp Detailed Explanation string 64

end-usr-address End user IP Address ip 39

FortiOS 6.4.7 Log Reference 1095


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

endusraddress6 ip 39

eventtime Event time line uint64 20

from From ip 128

from6 ip 39

headerteid Tunnel Endpoint ID Header uint32 10

ietype Malformed GTP IE number uint8 3

imei-sv IMEI(International Mobile Equipment Identity) Software string 32


Version

imsi International mobile subscriber ID string 16

level Log Level string 11

linked-nsapi Linked Netscape Server Application Programming Interface uint8 3

logid Log ID string 10

msg-type Message Type uint8 3

msisdn Mobile Subscriber Integrated Services Digital Network- string 16


Number (telephone # to a SIM card)

nsapi Netscape Server Application Programming Interface uint8 3

profile Profile Name string 64

rai Routing Area Identifier string 32

rat-type Radio Access Technology type string 7

selection APN selection, which is one IE in gtp packet string 14

seqnum GTP packet sequence number uint32 10

srcport Source Port uint16 5

status Status string 23

subtype Log Subtype string 20

time Time string 8

to To ip 512

to6 ip 39

tunnel-idx Tunnel serial number, internally assigned uint32 10

type Log Type string 16

tz Time zone string 5

u-gsn User Plane GSN ip 39

FortiOS 6.4.7 Log Reference 1096


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

ugsn6 ip 39

uli User Location Information string 120

ulimcc uint16 3

ulimnc uint16 3

vd Virtual Domain Name string 32

version Version uint32 64

41219 - LOGID_GTP_STATE_INVALID

Message ID: 41219


Message Description: LOGID_GTP_STATE_INVALID
Message Meaning: GTP state invalid
Type: GTP
Category: GTP-ALL
Severity: Information

Log Field Name Description Data Type Length

apn Access Point Name string 128

c-gsn Control Plane GSN ip 39

cgsn6 ip 39

date Date string 10

deny_cause Deny Cause string 25

devid Device ID string 16

dstport Destination Port uint16 5

dtlexp Detailed Explanation string 64

end-usr-address End user IP Address ip 39

endusraddress6 ip 39

eventtime Event time line uint64 20

from From ip 128

from6 ip 39

headerteid Tunnel Endpoint ID Header uint32 10

ietype Malformed GTP IE number uint8 3

FortiOS 6.4.7 Log Reference 1097


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

imei-sv IMEI(International Mobile Equipment Identity) Software string 32


Version

imsi International mobile subscriber ID string 16

level Log Level string 11

linked-nsapi Linked Netscape Server Application Programming Interface uint8 3

logid Log ID string 10

msg-type Message Type uint8 3

msisdn Mobile Subscriber Integrated Services Digital Network- string 16


Number (telephone # to a SIM card)

nsapi Netscape Server Application Programming Interface uint8 3

profile Profile Name string 64

rai Routing Area Identifier string 32

rat-type Radio Access Technology type string 7

selection APN selection, which is one IE in gtp packet string 14

seqnum GTP packet sequence number uint32 10

srcport Source Port uint16 5

status Status string 23

subtype Log Subtype string 20

time Time string 8

to To ip 512

to6 ip 39

tunnel-idx Tunnel serial number, internally assigned uint32 10

type Log Type string 16

tz Time zone string 5

u-gsn User Plane GSN ip 39

ugsn6 ip 39

uli User Location Information string 120

ulimcc uint16 3

ulimnc uint16 3

vd Virtual Domain Name string 32

version Version uint32 64

FortiOS 6.4.7 Log Reference 1098


Fortinet, Inc.
Log Messages

41220 - LOGID_GTP_TUNNEL_LIMIT

Message ID: 41220


Message Description: LOGID_GTP_TUNNEL_LIMIT
Message Meaning: Tunnel limit GTP message. These messages occur only when the maximum number of GTP
tunnels is reached. No new tunnels are created when the maximum number is reached
Type: GTP
Category: GTP-ALL
Severity: Information

Log Field Name Description Data Type Length

apn Access Point Name string 128

c-gsn Control Plane GSN ip 39

cgsn6 ip 39

date Date string 10

deny_cause Deny Cause string 25

devid Device ID string 16

dstport Destination Port uint16 5

dtlexp Detailed Explanation string 64

end-usr-address End user IP Address ip 39

endusraddress6 ip 39

eventtime Event time line uint64 20

from From ip 128

from6 ip 39

headerteid Tunnel Endpoint ID Header uint32 10

ietype Malformed GTP IE number uint8 3

imei-sv IMEI(International Mobile Equipment Identity) Software string 32


Version

imsi International mobile subscriber ID string 16

level Log Level string 11

linked-nsapi Linked Netscape Server Application Programming Interface uint8 3

logid Log ID string 10

msg-type Message Type uint8 3

FortiOS 6.4.7 Log Reference 1099


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

msisdn Mobile Subscriber Integrated Services Digital Network- string 16


Number (telephone # to a SIM card)

nsapi Netscape Server Application Programming Interface uint8 3

profile Profile Name string 64

rai Routing Area Identifier string 32

rat-type Radio Access Technology type string 7

selection APN selection, which is one IE in gtp packet string 14

seqnum GTP packet sequence number uint32 10

srcport Source Port uint16 5

status Status string 23

subtype Log Subtype string 20

time Time string 8

to To ip 512

to6 ip 39

tunnel-idx Tunnel serial number, internally assigned uint32 10

type Log Type string 16

tz Time zone string 5

u-gsn User Plane GSN ip 39

ugsn6 ip 39

uli User Location Information string 120

ulimcc uint16 3

ulimnc uint16 3

vd Virtual Domain Name string 32

version Version uint32 64

41221 - LOGID_GTP_TRAFFIC_COUNT

Message ID: 41221


Message Description: LOGID_GTP_TRAFFIC_COUNT
Message Meaning: Statistic summary information when the GTP tunnel is being torn down
Type: GTP
Category: GTP-ALL
Severity: Information

FortiOS 6.4.7 Log Reference 1100


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

apn Access Point Name string 128

c-bytes Control Plane Data Bytes uint64 20

c-ggsn Control Plane GGSN IP Address ip 39

c-ggsn-teid Control Plane GGSN Tunnel Endpoint Identifier uint32 10

c-pkts Control Plane Packets uint64 20

c-sgsn Control Plane SGSN IP Address ip 39

c-sgsn-teid Control Plane SGSN Tunnel Endpoint Identifier uint32 10

cggsn6 ip 39

csgsn6 ip 39

date Date string 10

devid Device ID string 16

duration Tunnel duration uint32 10

end-usr-address End user IP Address ip 39

endusraddress6 ip 39

eventtime Event time line uint64 20

imei-sv IMEI(International Mobile Equipment Identity) Software string 32


Version

imsi International mobile subscriber ID string 16

level Log Level string 11

linked-nsapi Linked Netscape Server Application Programming Interface uint8 3

logid Log ID string 10

msisdn Mobile Subscriber Integrated Services Digital Network- string 16


Number (telephone # to a SIM card)

nsapi Netscape Server Application Programming Interface uint8 3

profile Profile Name string 64

rai Routing Area Identifier string 32

rat-type Radio Access Technology type string 7

selection APN selection, which is one IE in gtp packet string 14

status Status string 23

subtype Log Subtype string 20

time Time string 8

FortiOS 6.4.7 Log Reference 1101


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

tunnel-idx Tunnel serial number, internally assigned uint32 10

type Log Type string 16

tz Time zone string 5

u-bytes User Plane Data Bytes uint64 20

u-ggsn User plane ggsn IP address ip 39

u-ggsn-teid User plane ggsn teid uint32 10

u-pkts User Plane Packets uint64 20

u-sgsn User plane sgsn IP address ip 39

u-sgsn-teid User plane sgsn tunnel endpoint identifier uint32 10

uggsn6 ip 39

uli User Location Information string 120

ulimcc uint16 3

ulimnc uint16 3

usgsn6 ip 39

vd Virtual Domain Name string 32

version Version uint32 64

41222 - LOGID_GTP_USER_DATA

Message ID: 41222


Message Description: LOGID_GTP_USER_DATA
Message Meaning: GTP user data
Type: GTP
Category: GTP-ALL
Severity: Information

Log Field Name Description Data Type Length

apn Access Point Name string 128

date Date string 10

devid Device ID string 16

end-usr-address End user IP Address ip 39

endusraddress6 ip 39

FortiOS 6.4.7 Log Reference 1102


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

eventtime Event time line uint64 20

from From ip 128

from6 ip 39

imsi International mobile subscriber ID string 16

level Log Level string 11

logid Log ID string 10

profile Profile Name string 64

status Status string 23

subtype Log Subtype string 20

time Time string 8

to To ip 512

to6 ip 39

tunnel-idx Tunnel serial number, internally assigned uint32 10

type Log Type string 16

tz Time zone string 5

user_data User traffic content inside GTP-U tunnel string 256

vd Virtual Domain Name string 32

version Version uint32 64

41223 - LOGID_GTPV2_FORWARD

Message ID: 41223


Message Description: LOGID_GTPV2_FORWARD
Message Meaning: GTPv2 forward message
Type: GTP
Category: GTP-ALL
Severity: Information

Log Field Name Description Data Type Length

apn Access Point Name string 128

cpaddr Control Plane Address (either downlink or uplink) ip 39

cpaddr6 ip 39

FortiOS 6.4.7 Log Reference 1103


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

cpteid Control Plane teid (either downlink or uplink) uint32 10

date Date string 10

deny_cause Deny Cause string 25

devid Device ID string 16

dstport Destination Port uint16 5

dtlexp Detailed Explanation string 64

end-usr-address End user IP Address ip 39

endusraddress6 ip 39

eventtime Event time line uint64 20

from From ip 128

from6 ip 39

headerteid Tunnel Endpoint ID Header uint32 10

ietype Malformed GTP IE number uint8 3

imei-sv IMEI(International Mobile Equipment Identity) Software string 32


Version

imsi International mobile subscriber ID string 16

level Log Level string 11

logid Log ID string 10

msg-type Message Type uint8 3

msisdn Mobile Subscriber Integrated Services Digital Network- string 16


Number (telephone # to a SIM card)

profile Profile Name string 64

rat-type Radio Access Technology type string 7

selection APN selection, which is one IE in gtp packet string 14

seqnum GTP packet sequence number uint32 10

snetwork Source Network, it's a IE type in GTPv2 packet string 64

srcport Source Port uint16 5

status Status string 23

subtype Log Subtype string 20

time Time string 8

to To ip 512

FortiOS 6.4.7 Log Reference 1104


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

to6 ip 39

tunnel-idx Tunnel serial number, internally assigned uint32 10

type Log Type string 16

tz Time zone string 5

uli User Location Information string 120

ulimcc uint16 3

ulimnc uint16 3

vd Virtual Domain Name string 32

version Version uint32 64

41224 - LOGID_GTPV2_DENY

Message ID: 41224


Message Description: LOGID_GTPV2_DENY
Message Meaning: GTPv2 deny message
Type: GTP
Category: GTP-ALL
Severity: Information

Log Field Name Description Data Type Length

apn Access Point Name string 128

cpaddr Control Plane Address (either downlink or uplink) ip 39

cpaddr6 ip 39

cpteid Control Plane teid (either downlink or uplink) uint32 10

date Date string 10

deny_cause Deny Cause string 25

devid Device ID string 16

dstport Destination Port uint16 5

dtlexp Detailed Explanation string 64

end-usr-address End user IP Address ip 39

endusraddress6 ip 39

eventtime Event time line uint64 20

FortiOS 6.4.7 Log Reference 1105


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

from From ip 128

from6 ip 39

headerteid Tunnel Endpoint ID Header uint32 10

ietype Malformed GTP IE number uint8 3

imei-sv IMEI(International Mobile Equipment Identity) Software string 32


Version

imsi International mobile subscriber ID string 16

level Log Level string 11

logid Log ID string 10

msg-type Message Type uint8 3

msisdn Mobile Subscriber Integrated Services Digital Network- string 16


Number (telephone # to a SIM card)

profile Profile Name string 64

rat-type Radio Access Technology type string 7

selection APN selection, which is one IE in gtp packet string 14

seqnum GTP packet sequence number uint32 10

snetwork Source Network, it's a IE type in GTPv2 packet string 64

srcport Source Port uint16 5

status Status string 23

subtype Log Subtype string 20

time Time string 8

to To ip 512

to6 ip 39

tunnel-idx Tunnel serial number, internally assigned uint32 10

type Log Type string 16

tz Time zone string 5

uli User Location Information string 120

ulimcc uint16 3

ulimnc uint16 3

vd Virtual Domain Name string 32

version Version uint32 64

FortiOS 6.4.7 Log Reference 1106


Fortinet, Inc.
Log Messages

41225 - LOGID_GTPV2_RATE_LIMIT

Message ID: 41225


Message Description: LOGID_GTPV2_RATE_LIMIT
Message Meaning: GTPv2 rate limit message
Type: GTP
Category: GTP-ALL
Severity: Information

Log Field Name Description Data Type Length

apn Access Point Name string 128

cpaddr Control Plane Address (either downlink or uplink) ip 39

cpaddr6 ip 39

cpteid Control Plane teid (either downlink or uplink) uint32 10

date Date string 10

deny_cause Deny Cause string 25

devid Device ID string 16

dstport Destination Port uint16 5

dtlexp Detailed Explanation string 64

end-usr-address End user IP Address ip 39

endusraddress6 ip 39

eventtime Event time line uint64 20

from From ip 128

from6 ip 39

headerteid Tunnel Endpoint ID Header uint32 10

ietype Malformed GTP IE number uint8 3

imei-sv IMEI(International Mobile Equipment Identity) Software string 32


Version

imsi International mobile subscriber ID string 16

level Log Level string 11

logid Log ID string 10

msg-type Message Type uint8 3

msisdn Mobile Subscriber Integrated Services Digital Network- string 16


Number (telephone # to a SIM card)

FortiOS 6.4.7 Log Reference 1107


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

profile Profile Name string 64

rat-type Radio Access Technology type string 7

selection APN selection, which is one IE in gtp packet string 14

seqnum GTP packet sequence number uint32 10

snetwork Source Network, it's a IE type in GTPv2 packet string 64

srcport Source Port uint16 5

status Status string 23

subtype Log Subtype string 20

time Time string 8

to To ip 512

to6 ip 39

tunnel-idx Tunnel serial number, internally assigned uint32 10

type Log Type string 16

tz Time zone string 5

uli User Location Information string 120

ulimcc uint16 3

ulimnc uint16 3

vd Virtual Domain Name string 32

version Version uint32 64

41226 - LOGID_GTPV2_STATE_INVALID

Message ID: 41226


Message Description: LOGID_GTPV2_STATE_INVALID
Message Meaning: GTPv2 state invalid message
Type: GTP
Category: GTP-ALL
Severity: Information

Log Field Name Description Data Type Length

apn Access Point Name string 128

cpaddr Control Plane Address (either downlink or uplink) ip 39

FortiOS 6.4.7 Log Reference 1108


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

cpaddr6 ip 39

cpteid Control Plane teid (either downlink or uplink) uint32 10

date Date string 10

deny_cause Deny Cause string 25

devid Device ID string 16

dstport Destination Port uint16 5

dtlexp Detailed Explanation string 64

end-usr-address End user IP Address ip 39

endusraddress6 ip 39

eventtime Event time line uint64 20

from From ip 128

from6 ip 39

headerteid Tunnel Endpoint ID Header uint32 10

ietype Malformed GTP IE number uint8 3

imei-sv IMEI(International Mobile Equipment Identity) Software string 32


Version

imsi International mobile subscriber ID string 16

level Log Level string 11

logid Log ID string 10

msg-type Message Type uint8 3

msisdn Mobile Subscriber Integrated Services Digital Network- string 16


Number (telephone # to a SIM card)

profile Profile Name string 64

rat-type Radio Access Technology type string 7

selection APN selection, which is one IE in gtp packet string 14

seqnum GTP packet sequence number uint32 10

snetwork Source Network, it's a IE type in GTPv2 packet string 64

srcport Source Port uint16 5

status Status string 23

subtype Log Subtype string 20

time Time string 8

FortiOS 6.4.7 Log Reference 1109


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

to To ip 512

to6 ip 39

tunnel-idx Tunnel serial number, internally assigned uint32 10

type Log Type string 16

tz Time zone string 5

uli User Location Information string 120

ulimcc uint16 3

ulimnc uint16 3

vd Virtual Domain Name string 32

version Version uint32 64

41227 - LOGID_GTPV2_TUNNEL_LIMIT

Message ID: 41227


Message Description: LOGID_GTPV2_TUNNEL_LIMIT
Message Meaning: Tunnel limit GTP (version 2) message
Type: GTP
Category: GTP-ALL
Severity: Information

Log Field Name Description Data Type Length

apn Access Point Name string 128

cpaddr Control Plane Address (either downlink or uplink) ip 39

cpaddr6 ip 39

cpteid Control Plane teid (either downlink or uplink) uint32 10

date Date string 10

deny_cause Deny Cause string 25

devid Device ID string 16

dstport Destination Port uint16 5

dtlexp Detailed Explanation string 64

end-usr-address End user IP Address ip 39

endusraddress6 ip 39

FortiOS 6.4.7 Log Reference 1110


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

eventtime Event time line uint64 20

from From ip 128

from6 ip 39

headerteid Tunnel Endpoint ID Header uint32 10

ietype Malformed GTP IE number uint8 3

imei-sv IMEI(International Mobile Equipment Identity) Software string 32


Version

imsi International mobile subscriber ID string 16

level Log Level string 11

logid Log ID string 10

msg-type Message Type uint8 3

msisdn Mobile Subscriber Integrated Services Digital Network- string 16


Number (telephone # to a SIM card)

profile Profile Name string 64

rat-type Radio Access Technology type string 7

selection APN selection, which is one IE in gtp packet string 14

seqnum GTP packet sequence number uint32 10

snetwork Source Network, it's a IE type in GTPv2 packet string 64

srcport Source Port uint16 5

status Status string 23

subtype Log Subtype string 20

time Time string 8

to To ip 512

to6 ip 39

tunnel-idx Tunnel serial number, internally assigned uint32 10

type Log Type string 16

tz Time zone string 5

uli User Location Information string 120

ulimcc uint16 3

ulimnc uint16 3

vd Virtual Domain Name string 32

version Version uint32 64

FortiOS 6.4.7 Log Reference 1111


Fortinet, Inc.
Log Messages

41228 - LOGID_GTPV2_TRAFFIC_COUNT

Message ID: 41228


Message Description: LOGID_GTPV2_TRAFFIC_COUNT
Message Meaning: Statistic summary information when the GTPv2 tunnel is being torn down
Type: GTP
Category: GTP-ALL
Severity: Information

Log Field Name Description Data Type Length

apn Access Point Name string 128

c-bytes Control Plane Data Bytes uint64 20

c-pkts Control Plane Packets uint64 20

cpdladdr Control Plane Downlink IP Address ip 39

cpdladdr6 ip 39

cpdlisraddr Control Plane ISR Downlink IP Address ip 39

cpdlisraddr6 ip 39

cpdlisrteid control plane ISR downlink tunnel endpoint identifier uint32 10

cpdlteid control plane downlink tunnel endpoint identifier uint32 10

cpuladdr control plane uplink IP address ip 39

cpuladdr6 ip 39

cpulteid control plane uplink teid uint32 10

date Date string 10

devid Device ID string 16

duration Tunnel duration uint32 10

end-usr-address End user IP Address ip 39

endusraddress6 ip 39

eventtime Event time line uint64 20

imei-sv IMEI(International Mobile Equipment Identity) Software string 32


Version

imsi International mobile subscriber ID string 16

level Log Level string 11

logid Log ID string 10

FortiOS 6.4.7 Log Reference 1112


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

msisdn Mobile Subscriber Integrated Services Digital Network- string 16


Number (telephone # to a SIM card)

profile Profile Name string 64

rat-type Radio Access Technology type string 7

selection APN selection, which is one IE in gtp packet string 14

snetwork Source Network, it's a IE type in GTPv2 packet string 64

status Status string 23

subtype Log Subtype string 20

time Time string 8

tunnel-idx Tunnel serial number, internally assigned uint32 10

type Log Type string 16

tz Time zone string 5

u-bytes User Plane Data Bytes uint64 20

u-pkts User Plane Packets uint64 20

uli User Location Information string 120

ulimcc uint16 3

ulimnc uint16 3

vd Virtual Domain Name string 32

version Version uint32 64

41229 - LOGID_GTPU_FORWARD

Message ID: 41229


Message Description: LOGID_GTPU_FORWARD
Message Meaning: GTPU forward message
Type: GTP
Category: GTP-ALL
Severity: Information

Log Field Name Description Data Type Length

apn Access Point Name string 128

date Date string 10

deny_cause Deny Cause string 25

FortiOS 6.4.7 Log Reference 1113


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

devid Device ID string 16

dstport Destination Port uint16 5

eventtime Event time line uint64 20

from From ip 128

from6 ip 39

headerteid Tunnel Endpoint ID Header uint32 10

imsi International mobile subscriber ID string 16

level Log Level string 11

logid Log ID string 10

msg-type Message Type uint8 3

msisdn Mobile Subscriber Integrated Services Digital Network- string 16


Number (telephone # to a SIM card)

profile Profile Name string 64

srcport Source Port uint16 5

status Status string 23

subtype Log Subtype string 20

time Time string 8

to To ip 512

to6 ip 39

tunnel-idx Tunnel serial number, internally assigned uint32 10

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

version Version uint32 64

41230 - LOGID_GTPU_DENY

Message ID: 41230


Message Description: LOGID_GTPU_DENY
Message Meaning: GTPU deny message
Type: GTP
Category: GTP-ALL
Severity: Information

FortiOS 6.4.7 Log Reference 1114


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

apn Access Point Name string 128

date Date string 10

deny_cause Deny Cause string 25

devid Device ID string 16

dstport Destination Port uint16 5

eventtime Event time line uint64 20

from From ip 128

from6 ip 39

headerteid Tunnel Endpoint ID Header uint32 10

imsi International mobile subscriber ID string 16

level Log Level string 11

logid Log ID string 10

msg-type Message Type uint8 3

msisdn Mobile Subscriber Integrated Services Digital Network- string 16


Number (telephone # to a SIM card)

profile Profile Name string 64

srcport Source Port uint16 5

status Status string 23

subtype Log Subtype string 20

time Time string 8

to To ip 512

to6 ip 39

tunnel-idx Tunnel serial number, internally assigned uint32 10

type Log Type string 16

tz Time zone string 5

vd Virtual Domain Name string 32

version Version uint32 64

FortiOS 6.4.7 Log Reference 1115


Fortinet, Inc.
Log Messages

ICAP

60000 - LOG_ID_ICAP_SERVER_ERROR

Message ID: 60000


Message Description: LOG_ID_ICAP_SERVER_ERROR
Message Meaning: Traffic blocked as it cannot be forwarded to ICAP Server.
Type: ICAP
Category: ICAP
Severity: Warning

Log Field Name Description Data Type Length

action string 17

date string 10

devid string 16

dstintf string 32

dstintfrole string 10

dstip ip 39

dstport uint16 5

eventtime uint64 20

eventtype string 32

level string 11

logid string 10

msg string 4096

policyid uint32 10

profile string 64

proto uint8 3

service string 5

sessionid uint32 10

srcintf string 32

srcintfrole string 10

srcip ip 39

srcport uint16 5

FortiOS 6.4.7 Log Reference 1116


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

subtype string 20

time string 8

type string 16

tz string 5

url string 512

vd string 32

IPS

16384 - LOGID_ATTCK_SIGNATURE_TCP_UDP

Message ID: 16384


Message Description: LOGID_ATTCK_SIGNATURE_TCP_UDP
Message Meaning: Attack detected by UDP/TCP signature
Type: IPS
Category: SIGNATURE
Severity: Alert

Log Field Name Description Data Type Length

action Security action performed by IPS: detected - Attack is string 16


detected , but NOT blocked (similar to monitor) dropped -
Silent packet blocked reset - Blocked and respond with Reset
reset_client - Blocked and reset sent to the client reset_server
- Blocked and reset sent to the server drop_session - Silent
block pass_session - Session allowed clear_session - Session
was removed /closed

attack Attack Name string 256

attackcontext The trigger patterns and the packet data with base64 encoding string 2048

attackcontextid Attack context ID / total string 10

attackid Attack ID uint32 10

authserver Authentication server for the user string 64

craction Action performed by Threat Weight uint32 10

crlevel Client Reputation Level string 10

crscore Client Reputation Score uint32 10

FortiOS 6.4.7 Log Reference 1117


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

date Date string 10

devid Deivce ID string 16

direction Message/packets direction string 8

dstintf Destination Interface string 64

dstintfrole Destination Interface's assigned role (LAN, WAN, etc.) string 10

dstip Destination IP ip 39

dstport Destination Port uint16 5

eventtime Time when detection occured uint64 20

eventtype IPS Event Type string 32

fctuid FortiClient UID string 32

forwardedfor X-Forwarded-For HTTP header string 128

group User group name string 64

hostname The host name of a URL string 256

incidentserialno Incident serial number uint32 10

level Log Level string 11

logid Log ID string 10

msg Log message for the attack string 518

policyid Policy ID uint32 10

profile Profile name for IPS string 64

proto Protocol number uint8 3

rawdata Extended logging data including HTTP method, URL, client string 1024
content type, server content type, user agent, referer, x-
forwarded-for

rawdataid string 10

ref URL of the FortiGuard IPS database entry for the attack. string 4096

service Service name string 80

sessionid Session ID uint32 10

severity Severity of the attack string 8

srccountry Country name for Source IP string 64

srcdomain string 255

srcintf Source Interface string 64

FortiOS 6.4.7 Log Reference 1118


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

srcintfrole Source Interface's assigned role (LAN, WAN, etc.) string 10

srcip Source IP ip 39

srcport Source Port uint16 5

subtype Log Subtype string 20

time Time string 8

trueclntip True-Client-IP HTTP header ip 39

type Log type string 16

tz string 5

unauthuser Unauthenticated user string 66

unauthusersource Unauthenticated user source string 66

url The URL address string 512

user User name string 256

vd Virtual domain name string 32

vrf Virtual router forwarding uint8 3

16385 - LOGID_ATTCK_SIGNATURE_ICMP

Message ID: 16385


Message Description: LOGID_ATTCK_SIGNATURE_ICMP
Message Meaning: Attack detected by ICMP signature
Type: IPS
Category: SIGNATURE
Severity: Alert

Log Field Name Description Data Type Length

action Security action performed by IPS: detected - Attack is string 16


detected , but NOT blocked (similar to monitor) dropped -
Silent packet blocked reset - Blocked and respond with Reset
reset_client - Blocked and reset sent to the client reset_server
- Blocked and reset sent to the server drop_session - Silent
block pass_session - Session allowed clear_session - Session
was removed /closed

attack Attack Name string 256

attackcontext The trigger patterns and the packet data with base64 encoding string 2048

FortiOS 6.4.7 Log Reference 1119


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

attackcontextid Attack context ID / total string 10

attackid Attack ID uint32 10

authserver Authentication server for the user string 64

craction Action performed by Threat Weight uint32 10

crlevel Client Reputation Level string 10

crscore Client Reputation Score uint32 10

date Date string 10

devid Deivce ID string 16

direction Message/packets direction string 8

dstintf Destination Interface string 64

dstintfrole Destination Interface's assigned role (LAN, WAN, etc.) string 10

dstip Destination IP ip 39

eventtime Time when detection occured uint64 20

eventtype IPS Event Type string 32

fctuid FortiClient UID string 32

forwardedfor X-Forwarded-For HTTP header string 128

group User group name string 64

icmpcode Destination Port of the ICMP message string 6

icmpid Source port of the ICMP message string 8

icmptype The type of ICMP message string 6

incidentserialno Incident serial number uint32 10

level Log Level string 11

logid Log ID string 10

msg Log message for the attack string 518

policyid Policy ID uint32 10

profile Profile name for IPS string 64

proto Protocol number uint8 3

rawdata Extended logging data including HTTP method, URL, client string 1024
content type, server content type, user agent, referer, x-
forwarded-for

rawdataid string 10

FortiOS 6.4.7 Log Reference 1120


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

ref URL of the FortiGuard IPS database entry for the attack. string 4096

service Service name string 80

sessionid Session ID uint32 10

severity Severity of the attack string 8

srccountry Country name for Source IP string 64

srcdomain string 255

srcintf Source Interface string 64

srcintfrole Source Interface's assigned role (LAN, WAN, etc.) string 10

srcip Source IP ip 39

subtype Log Subtype string 20

time Time string 8

trueclntip True-Client-IP HTTP header ip 39

type Log type string 16

tz string 5

unauthuser Unauthenticated user string 66

unauthusersource Unauthenticated user source string 66

user User name string 256

vd Virtual domain name string 32

vrf Virtual router forwarding uint8 3

16386 - LOGID_ATTCK_SIGNATURE_OTHERS

Message ID: 16386


Message Description: LOGID_ATTCK_SIGNATURE_OTHERS
Message Meaning: Attack detected by other signature
Type: IPS
Category: SIGNATURE
Severity: Alert

FortiOS 6.4.7 Log Reference 1121


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

action Security action performed by IPS: detected - Attack is string 16


detected , but NOT blocked (similar to monitor) dropped -
Silent packet blocked reset - Blocked and respond with Reset
reset_client - Blocked and reset sent to the client reset_server
- Blocked and reset sent to the server drop_session - Silent
block pass_session - Session allowed clear_session - Session
was removed /closed

attack Attack Name string 256

attackcontext The trigger patterns and the packet data with base64 encoding string 2048

attackcontextid Attack context ID / total string 10

attackid Attack ID uint32 10

authserver Authentication server for the user string 64

craction Action performed by Threat Weight uint32 10

crlevel Client Reputation Level string 10

crscore Client Reputation Score uint32 10

date Date string 10

devid Deivce ID string 16

direction Message/packets direction string 8

dstintf Destination Interface string 64

dstintfrole Destination Interface's assigned role (LAN, WAN, etc.) string 10

dstip Destination IP ip 39

eventtime Time when detection occured uint64 20

eventtype IPS Event Type string 32

fctuid FortiClient UID string 32

forwardedfor X-Forwarded-For HTTP header string 128

group User group name string 64

incidentserialno Incident serial number uint32 10

level Log Level string 11

logid Log ID string 10

msg Log message for the attack string 518

policyid Policy ID uint32 10

profile Profile name for IPS string 64

FortiOS 6.4.7 Log Reference 1122


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

proto Protocol number uint8 3

rawdata Extended logging data including HTTP method, URL, client string 1024
content type, server content type, user agent, referer, x-
forwarded-for

rawdataid string 10

ref URL of the FortiGuard IPS database entry for the attack. string 4096

service Service name string 80

sessionid Session ID uint32 10

severity Severity of the attack string 8

srccountry Country name for Source IP string 64

srcdomain string 255

srcintf Source Interface string 64

srcintfrole Source Interface's assigned role (LAN, WAN, etc.) string 10

srcip Source IP ip 39

subtype Log Subtype string 20

time Time string 8

trueclntip True-Client-IP HTTP header ip 39

type Log type string 16

tz string 5

unauthuser Unauthenticated user string 66

unauthusersource Unauthenticated user source string 66

user User name string 256

vd Virtual domain name string 32

vrf Virtual router forwarding uint8 3

16399 - LOGID_ATTACK_MALICIOUS_URL

Message ID: 16399


Message Description: LOGID_ATTACK_MALICIOUS_URL
Message Meaning: Attack detected by a malicious URL
Type: IPS
Category: MALICIOUS-URL
Severity: Warning

FortiOS 6.4.7 Log Reference 1123


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

action Security action performed by IPS: detected - Attack is string 16


detected , but NOT blocked (similar to monitor) dropped -
Silent packet blocked reset - Blocked and respond with Reset
reset_client - Blocked and reset sent to the client reset_server
- Blocked and reset sent to the server drop_session - Silent
block pass_session - Session allowed clear_session - Session
was removed /closed

attack Attack Name string 256

attackcontext The trigger patterns and the packet data with base64 encoding string 2048

attackcontextid Attack context ID / total string 10

authserver Authentication server for the user string 64

craction Action performed by Threat Weight uint32 10

crlevel Client Reputation Level string 10

crscore Client Reputation Score uint32 10

date Date string 10

devid Deivce ID string 16

direction Message/packets direction string 8

dstintf Destination Interface string 64

dstintfrole Destination Interface's assigned role (LAN, WAN, etc.) string 10

dstip Destination IP ip 39

dstport Destination Port uint16 5

eventtime Time when detection occured uint64 20

eventtype IPS Event Type string 32

fctuid FortiClient UID string 32

forwardedfor X-Forwarded-For HTTP header string 128

hostname The host name of a URL string 256

level Log Level string 11

logid Log ID string 10

msg Log message for the attack string 518

policyid Policy ID uint32 10

profile Profile name for IPS string 64

proto Protocol number uint8 3

FortiOS 6.4.7 Log Reference 1124


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

rawdata Extended logging data including HTTP method, URL, client string 1024
content type, server content type, user agent, referer, x-
forwarded-for

rawdataid string 10

service Service name string 80

sessionid Session ID uint32 10

severity Severity of the attack string 8

srccountry Country name for Source IP string 64

srcdomain string 255

srcintf Source Interface string 64

srcintfrole Source Interface's assigned role (LAN, WAN, etc.) string 10

srcip Source IP ip 39

srcport Source Port uint16 5

subtype Log Subtype string 20

time Time string 8

trueclntip True-Client-IP HTTP header ip 39

type Log type string 16

tz string 5

unauthuser Unauthenticated user string 66

unauthusersource Unauthenticated user source string 66

url The URL address string 512

user User name string 256

vd Virtual domain name string 32

vrf Virtual router forwarding uint8 3

16400 - LOGID_ATTACK_BOTNET_WARNING

Message ID: 16400


Message Description: LOGID_ATTACK_BOTNET_WARNING
Message Meaning: Botnet C&C Communication (warning)
Type: IPS
Category: BOTNET
Severity: Warning

FortiOS 6.4.7 Log Reference 1125


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

action Security action performed by IPS: detected - Attack is string 16


detected , but NOT blocked (similar to monitor) dropped -
Silent packet blocked reset - Blocked and respond with Reset
reset_client - Blocked and reset sent to the client reset_server
- Blocked and reset sent to the server drop_session - Silent
block pass_session - Session allowed clear_session - Session
was removed /closed

attack Attack Name string 256

attackcontext The trigger patterns and the packet data with base64 encoding string 2048

attackcontextid Attack context ID / total string 10

attackid Attack ID uint32 10

authserver Authentication server for the user string 64

craction Action performed by Threat Weight uint32 10

crlevel Client Reputation Level string 10

crscore Client Reputation Score uint32 10

date Date string 10

devid Deivce ID string 16

direction Message/packets direction string 8

dstintf Destination Interface string 64

dstintfrole Destination Interface's assigned role (LAN, WAN, etc.) string 10

dstip Destination IP ip 39

dstport Destination Port uint16 5

eventtime Time when detection occured uint64 20

eventtype IPS Event Type string 32

fctuid FortiClient UID string 32

forwardedfor X-Forwarded-For HTTP header string 128

group User group name string 64

level Log Level string 11

logid Log ID string 10

msg Log message for the attack string 518

policyid Policy ID uint32 10

profile Profile name for IPS string 64

FortiOS 6.4.7 Log Reference 1126


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

proto Protocol number uint8 3

rawdata Extended logging data including HTTP method, URL, client string 1024
content type, server content type, user agent, referer, x-
forwarded-for

rawdataid string 10

ref URL of the FortiGuard IPS database entry for the attack. string 4096

service Service name string 80

sessionid Session ID uint32 10

severity Severity of the attack string 8

srccountry Country name for Source IP string 64

srcdomain string 255

srcintf Source Interface string 64

srcintfrole Source Interface's assigned role (LAN, WAN, etc.) string 10

srcip Source IP ip 39

srcport Source Port uint16 5

subtype Log Subtype string 20

time Time string 8

trueclntip True-Client-IP HTTP header ip 39

type Log type string 16

tz string 5

unauthuser Unauthenticated user string 66

unauthusersource Unauthenticated user source string 66

user User name string 256

vd Virtual domain name string 32

vrf Virtual router forwarding uint8 3

16401 - LOGID_ATTACK_BOTNET_NOTIF

Message ID: 16401


Message Description: LOGID_ATTACK_BOTNET_NOTIF
Message Meaning: Botnet C&C Communication (notice)
Type: IPS
Category: BOTNET

FortiOS 6.4.7 Log Reference 1127


Fortinet, Inc.
Log Messages

Severity: Notice

Log Field Name Description Data Type Length

action Security action performed by IPS: detected - Attack is string 16


detected , but NOT blocked (similar to monitor) dropped -
Silent packet blocked reset - Blocked and respond with Reset
reset_client - Blocked and reset sent to the client reset_server
- Blocked and reset sent to the server drop_session - Silent
block pass_session - Session allowed clear_session - Session
was removed /closed

attack Attack Name string 256

attackcontext The trigger patterns and the packet data with base64 encoding string 2048

attackcontextid Attack context ID / total string 10

attackid Attack ID uint32 10

authserver Authentication server for the user string 64

craction Action performed by Threat Weight uint32 10

crlevel Client Reputation Level string 10

crscore Client Reputation Score uint32 10

date Date string 10

devid Deivce ID string 16

direction Message/packets direction string 8

dstintf Destination Interface string 64

dstintfrole Destination Interface's assigned role (LAN, WAN, etc.) string 10

dstip Destination IP ip 39

dstport Destination Port uint16 5

eventtime Time when detection occured uint64 20

eventtype IPS Event Type string 32

fctuid FortiClient UID string 32

forwardedfor X-Forwarded-For HTTP header string 128

group User group name string 64

level Log Level string 11

logid Log ID string 10

msg Log message for the attack string 518

policyid Policy ID uint32 10

profile Profile name for IPS string 64

FortiOS 6.4.7 Log Reference 1128


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

proto Protocol number uint8 3

rawdata Extended logging data including HTTP method, URL, client string 1024
content type, server content type, user agent, referer, x-
forwarded-for

rawdataid string 10

ref URL of the FortiGuard IPS database entry for the attack. string 4096

service Service name string 80

sessionid Session ID uint32 10

severity Severity of the attack string 8

srccountry Country name for Source IP string 64

srcdomain string 255

srcintf Source Interface string 64

srcintfrole Source Interface's assigned role (LAN, WAN, etc.) string 10

srcip Source IP ip 39

srcport Source Port uint16 5

subtype Log Subtype string 20

time Time string 8

trueclntip True-Client-IP HTTP header ip 39

type Log type string 16

tz string 5

unauthuser Unauthenticated user string 66

unauthusersource Unauthenticated user source string 66

user User name string 256

vd Virtual domain name string 32

vrf Virtual router forwarding uint8 3

SSH

61000 - LOG_ID_SSH_COMMAND_BLOCK

Message ID: 61000


Message Description: LOG_ID_SSH_COMMAND_BLOCK
Message Meaning: SSH shell command is blocked

FortiOS 6.4.7 Log Reference 1129


Fortinet, Inc.
Log Messages

Type: SSH
Category: SSH-COMMAND
Severity: Warning

Log Field Name Description Data Type Length

action The status of the ssh-channel: passthrough - channel is string 17


allowed blocked - channel is blocked

channeltype Type of Channel: x11, shell, exec, tcp-fprward, tun-forward, string 15


sftp. scp

command Shell command string 256

date Date string 10

devid Device ID string 16

direction Direction of session string 4096

dstintf Destination Interface string 32

dstintfrole Destination Interface's assigned role (LAN, WAN, etc.) string 10

dstip Destination IP ip 39

dstport Destination Port uint16 5

eventtime Event time uint64 20

eventtype Event Type string 32

fctuid FortiClient UID string 32

group Group name for authentication string 64

level Log level string 11

logid Log ID string 10

login SSH login Name string 128

policyid Policy ID uint32 10

profile Full profile name string 64

proto Protocol number uint8 3

sessionid Session ID uint32 10

severity Severity level of shell command string 8

srcdomain string 255

srcintf Source Interface string 32

srcintfrole Source Interface's assigned role (LAN, WAN, etc.) string 10

srcip Source IP ip 39

srcport Source Port uint16 5

FortiOS 6.4.7 Log Reference 1130


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

subtype Log subtype string 20

time Time string 8

type Log type string 16

tz Time zone string 5

unauthuser Unauthenticated User string 66

unauthusersource Unauthenticated User Source string 66

user User name for authentication string 256

vd Virtual Domain Name string 32

61001 - LOG_ID_SSH_COMMAND_BLOCK_ALERT

Message ID: 61001


Message Description: LOG_ID_SSH_COMMAND_BLOCK_ALERT
Message Meaning: SSH shell command is blocked
Type: SSH
Category: SSH-COMMAND
Severity: Alert

Log Field Name Description Data Type Length

action The status of the ssh-channel: passthrough - channel is string 17


allowed blocked - channel is blocked

channeltype Type of Channel: x11, shell, exec, tcp-fprward, tun-forward, string 15


sftp. scp

command Shell command string 256

date Date string 10

devid Device ID string 16

direction Direction of session string 4096

dstintf Destination Interface string 32

dstintfrole Destination Interface's assigned role (LAN, WAN, etc.) string 10

dstip Destination IP ip 39

dstport Destination Port uint16 5

eventtime Event time uint64 20

eventtype Event Type string 32

FortiOS 6.4.7 Log Reference 1131


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

fctuid FortiClient UID string 32

group Group name for authentication string 64

level Log level string 11

logid Log ID string 10

login SSH login Name string 128

policyid Policy ID uint32 10

profile Full profile name string 64

proto Protocol number uint8 3

sessionid Session ID uint32 10

severity Severity level of shell command string 8

srcdomain string 255

srcintf Source Interface string 32

srcintfrole Source Interface's assigned role (LAN, WAN, etc.) string 10

srcip Source IP ip 39

srcport Source Port uint16 5

subtype Log subtype string 20

time Time string 8

type Log type string 16

tz Time zone string 5

unauthuser Unauthenticated User string 66

unauthusersource Unauthenticated User Source string 66

user User name for authentication string 256

vd Virtual Domain Name string 32

61002 - LOG_ID_SSH_COMMAND_PASS

Message ID: 61002


Message Description: LOG_ID_SSH_COMMAND_PASS
Message Meaning: SSH shell command is detected
Type: SSH
Category: SSH-COMMAND
Severity: Notice

FortiOS 6.4.7 Log Reference 1132


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

action The status of the ssh-channel: passthrough - channel is string 17


allowed blocked - channel is blocked

channeltype Type of Channel: x11, shell, exec, tcp-fprward, tun-forward, string 15


sftp. scp

command Shell command string 256

date Date string 10

devid Device ID string 16

direction Direction of session string 4096

dstintf Destination Interface string 32

dstintfrole Destination Interface's assigned role (LAN, WAN, etc.) string 10

dstip Destination IP ip 39

dstport Destination Port uint16 5

eventtime Event time uint64 20

eventtype Event Type string 32

fctuid FortiClient UID string 32

group Group name for authentication string 64

level Log level string 11

logid Log ID string 10

login SSH login Name string 128

policyid Policy ID uint32 10

profile Full profile name string 64

proto Protocol number uint8 3

sessionid Session ID uint32 10

severity Severity level of shell command string 8

srcdomain string 255

srcintf Source Interface string 32

srcintfrole Source Interface's assigned role (LAN, WAN, etc.) string 10

srcip Source IP ip 39

srcport Source Port uint16 5

subtype Log subtype string 20

time Time string 8

FortiOS 6.4.7 Log Reference 1133


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

type Log type string 16

tz Time zone string 5

unauthuser Unauthenticated User string 66

unauthusersource Unauthenticated User Source string 66

user User name for authentication string 256

vd Virtual Domain Name string 32

61003 - LOG_ID_SSH_COMMAND_PASS_ALERT

Message ID: 61003


Message Description: LOG_ID_SSH_COMMAND_PASS_ALERT
Message Meaning: SSH shell command is detected
Type: SSH
Category: SSH-COMMAND
Severity: Alert

Log Field Name Description Data Type Length

action The status of the ssh-channel: passthrough - channel is string 17


allowed blocked - channel is blocked

channeltype Type of Channel: x11, shell, exec, tcp-fprward, tun-forward, string 15


sftp. scp

command Shell command string 256

date Date string 10

devid Device ID string 16

direction Direction of session string 4096

dstintf Destination Interface string 32

dstintfrole Destination Interface's assigned role (LAN, WAN, etc.) string 10

dstip Destination IP ip 39

dstport Destination Port uint16 5

eventtime Event time uint64 20

eventtype Event Type string 32

fctuid FortiClient UID string 32

group Group name for authentication string 64

FortiOS 6.4.7 Log Reference 1134


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

level Log level string 11

logid Log ID string 10

login SSH login Name string 128

policyid Policy ID uint32 10

profile Full profile name string 64

proto Protocol number uint8 3

sessionid Session ID uint32 10

severity Severity level of shell command string 8

srcdomain string 255

srcintf Source Interface string 32

srcintfrole Source Interface's assigned role (LAN, WAN, etc.) string 10

srcip Source IP ip 39

srcport Source Port uint16 5

subtype Log subtype string 20

time Time string 8

type Log type string 16

tz Time zone string 5

unauthuser Unauthenticated User string 66

unauthusersource Unauthenticated User Source string 66

user User name for authentication string 256

vd Virtual Domain Name string 32

61010 - LOG_ID_SSH_CHANNEL_BLOCK

Message ID: 61010


Message Description: LOG_ID_SSH_CHANNEL_BLOCK
Message Meaning: SSH channel is blocked
Type: SSH
Category: SSH-CHANNEL
Severity: Warning

FortiOS 6.4.7 Log Reference 1135


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

action The status of the ssh-channel: passthrough - channel is string 17


allowed blocked - channel is blocked

channeltype Type of Channel: x11, shell, exec, tcp-fprward, tun-forward, string 15


sftp. scp

command Shell command string 256

date Date string 10

devid Device ID string 16

direction Direction of session string 4096

dstintf Destination Interface string 32

dstintfrole Destination Interface's assigned role (LAN, WAN, etc.) string 10

dstip Destination IP ip 39

dstport Destination Port uint16 5

eventtime Event time uint64 20

eventtype Event Type string 32

fctuid FortiClient UID string 32

group Group name for authentication string 64

level Log level string 11

logid Log ID string 10

login SSH login Name string 128

policyid Policy ID uint32 10

profile Full profile name string 64

proto Protocol number uint8 3

sessionid Session ID uint32 10

severity Severity level of shell command string 8

srcdomain string 255

srcintf Source Interface string 32

srcintfrole Source Interface's assigned role (LAN, WAN, etc.) string 10

srcip Source IP ip 39

srcport Source Port uint16 5

subtype Log subtype string 20

time Time string 8

FortiOS 6.4.7 Log Reference 1136


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

type Log type string 16

tz Time zone string 5

unauthuser Unauthenticated User string 66

unauthusersource Unauthenticated User Source string 66

user User name for authentication string 256

vd Virtual Domain Name string 32

61011 - LOG_ID_SSH_CHANNEL_PASS

Message ID: 61011


Message Description: LOG_ID_SSH_CHANNEL_PASS
Message Meaning: SSH channel is detected
Type: SSH
Category: SSH-CHANNEL
Severity: Notice

Log Field Name Description Data Type Length

action The status of the ssh-channel: passthrough - channel is string 17


allowed blocked - channel is blocked

channeltype Type of Channel: x11, shell, exec, tcp-fprward, tun-forward, string 15


sftp. scp

command Shell command string 256

date Date string 10

devid Device ID string 16

direction Direction of session string 4096

dstintf Destination Interface string 32

dstintfrole Destination Interface's assigned role (LAN, WAN, etc.) string 10

dstip Destination IP ip 39

dstport Destination Port uint16 5

eventtime Event time uint64 20

eventtype Event Type string 32

fctuid FortiClient UID string 32

group Group name for authentication string 64

FortiOS 6.4.7 Log Reference 1137


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

level Log level string 11

logid Log ID string 10

login SSH login Name string 128

policyid Policy ID uint32 10

profile Full profile name string 64

proto Protocol number uint8 3

sessionid Session ID uint32 10

severity Severity level of shell command string 8

srcdomain string 255

srcintf Source Interface string 32

srcintfrole Source Interface's assigned role (LAN, WAN, etc.) string 10

srcip Source IP ip 39

srcport Source Port uint16 5

subtype Log subtype string 20

time Time string 8

type Log type string 16

tz Time zone string 5

unauthuser Unauthenticated User string 66

unauthusersource Unauthenticated User Source string 66

user User name for authentication string 256

vd Virtual Domain Name string 32

SSL

62004 - LOG_ID_SSL_EXEMPT_ADDR

Message ID: 62004


Message Description: LOG_ID_SSL_EXEMPT_ADDR
Message Meaning: SSL connection is exempted based on address
Type: SSL
Category: SSL-EXEMPT
Severity: Notice

FortiOS 6.4.7 Log Reference 1138


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

action string 20

cat uint8 3

catdesc string 64

date string 10

devid string 16

dstintf string 32

dstintfrole string 10

dstip ip 39

dstport uint16 5

eventsubtype string 32

eventtime uint64 20

eventtype string 32

fctuid string 32

group string 64

hostname string 256

level string 11

logid string 10

msg string 512

policyid uint32 10

profile string 64

proto uint8 3

service string 5

sessionid uint32 10

srcdomain string 255

srcintf string 32

srcintfrole string 10

srcip ip 39

srcport uint16 5

subtype string 20

time string 8

FortiOS 6.4.7 Log Reference 1139


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

type string 16

tz string 5

unauthuser string 66

unauthusersource string 66

user string 256

vd string 32

vrf uint8 3

62006 - LOG_ID_SSL_EXEMPT_WHITELIST

Message ID: 62006


Message Description: LOG_ID_SSL_EXEMPT_WHITELIST
Message Meaning: SSL connection is exempted based on whitelist
Type: SSL
Category: SSL-EXEMPT
Severity: Notice

Log Field Name Description Data Type Length

action string 20

cat uint8 3

catdesc string 64

date string 10

devid string 16

dstintf string 32

dstintfrole string 10

dstip ip 39

dstport uint16 5

eventsubtype string 32

eventtime uint64 20

eventtype string 32

fctuid string 32

group string 64

FortiOS 6.4.7 Log Reference 1140


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

hostname string 256

level string 11

logid string 10

msg string 512

policyid uint32 10

profile string 64

proto uint8 3

service string 5

sessionid uint32 10

srcdomain string 255

srcintf string 32

srcintfrole string 10

srcip ip 39

srcport uint16 5

subtype string 20

time string 8

type string 16

tz string 5

unauthuser string 66

unauthusersource string 66

user string 256

vd string 32

vrf uint8 3

62007 - LOG_ID_SSL_EXEMPT_FTGD_CATEGORY

Message ID: 62007


Message Description: LOG_ID_SSL_EXEMPT_FTGD_CATEGORY
Message Meaning: SSL connection is exempted based on FortiGuard category rating
Type: SSL
Category: SSL-EXEMPT
Severity: Notice

FortiOS 6.4.7 Log Reference 1141


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

action string 20

cat uint8 3

catdesc string 64

date string 10

devid string 16

dstintf string 32

dstintfrole string 10

dstip ip 39

dstport uint16 5

eventsubtype string 32

eventtime uint64 20

eventtype string 32

fctuid string 32

group string 64

hostname string 256

level string 11

logid string 10

msg string 512

policyid uint32 10

profile string 64

proto uint8 3

service string 5

sessionid uint32 10

srcdomain string 255

srcintf string 32

srcintfrole string 10

srcip ip 39

srcport uint16 5

subtype string 20

time string 8

FortiOS 6.4.7 Log Reference 1142


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

type string 16

tz string 5

unauthuser string 66

unauthusersource string 66

user string 256

vd string 32

vrf uint8 3

62008 - LOG_ID_SSL_EXEMPT_LOCAL_CATEGORY

Message ID: 62008


Message Description: LOG_ID_SSL_EXEMPT_LOCAL_CATEGORY
Message Meaning: SSL connection is exempted based on local category rating
Type: SSL
Category: SSL-EXEMPT
Severity: Notice

Log Field Name Description Data Type Length

action string 20

cat uint8 3

catdesc string 64

date string 10

devid string 16

dstintf string 32

dstintfrole string 10

dstip ip 39

dstport uint16 5

eventsubtype string 32

eventtime uint64 20

eventtype string 32

fctuid string 32

group string 64

FortiOS 6.4.7 Log Reference 1143


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

hostname string 256

level string 11

logid string 10

msg string 512

policyid uint32 10

profile string 64

proto uint8 3

service string 5

sessionid uint32 10

srcdomain string 255

srcintf string 32

srcintfrole string 10

srcip ip 39

srcport uint16 5

subtype string 20

time string 8

type string 16

tz string 5

unauthuser string 66

unauthusersource string 66

user string 256

vd string 32

vrf uint8 3

62009 - LOG_ID_SSL_EXEMPT_USER_CATEGORY

Message ID: 62009


Message Description: LOG_ID_SSL_EXEMPT_USER_CATEGORY
Message Meaning: SSL connection is exempted based on user category rating
Type: SSL
Category: SSL-EXEMPT
Severity: Notice

FortiOS 6.4.7 Log Reference 1144


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

action string 20

cat uint8 3

catdesc string 64

date string 10

devid string 16

dstintf string 32

dstintfrole string 10

dstip ip 39

dstport uint16 5

eventsubtype string 32

eventtime uint64 20

eventtype string 32

fctuid string 32

group string 64

hostname string 256

level string 11

logid string 10

msg string 512

policyid uint32 10

profile string 64

proto uint8 3

service string 5

sessionid uint32 10

srcdomain string 255

srcintf string 32

srcintfrole string 10

srcip ip 39

srcport uint16 5

subtype string 20

time string 8

FortiOS 6.4.7 Log Reference 1145


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

type string 16

tz string 5

unauthuser string 66

unauthusersource string 66

user string 256

vd string 32

vrf uint8 3

62100 - LOG_ID_SSL_NEGOTIATION_INSPECT

Message ID: 62100


Message Description: LOG_ID_SSL_NEGOTIATION_INSPECT
Message Meaning: Continue inspect the SSL connection
Type: SSL
Category: SSL-NEGOTIATION
Severity: Notice

Log Field Name Description Data Type Length

action string 20

date string 10

devid string 16

dstintf string 32

dstintfrole string 10

dstip ip 39

dstport uint16 5

eventsubtype string 32

eventtime uint64 20

eventtype string 32

fctuid string 32

group string 64

hostname string 256

level string 11

FortiOS 6.4.7 Log Reference 1146


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

logid string 10

msg string 512

policyid uint32 10

profile string 64

proto uint8 3

service string 5

sessionid uint32 10

srcdomain string 255

srcintf string 32

srcintfrole string 10

srcip ip 39

srcport uint16 5

subtype string 20

time string 8

type string 16

tz string 5

unauthuser string 66

unauthusersource string 66

user string 256

vd string 32

vrf uint8 3

62101 - LOG_ID_SSL_NEGOTIATION_BLOCK

Message ID: 62101


Message Description: LOG_ID_SSL_NEGOTIATION_BLOCK
Message Meaning: SSL connection is blocked due to its SSL negotiation
Type: SSL
Category: SSL-NEGOTIATION
Severity: Warning

FortiOS 6.4.7 Log Reference 1147


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

action string 20

date string 10

devid string 16

dstintf string 32

dstintfrole string 10

dstip ip 39

dstport uint16 5

eventsubtype string 32

eventtime uint64 20

eventtype string 32

fctuid string 32

group string 64

hostname string 256

level string 11

logid string 10

msg string 512

policyid uint32 10

profile string 64

proto uint8 3

service string 5

sessionid uint32 10

srcdomain string 255

srcintf string 32

srcintfrole string 10

srcip ip 39

srcport uint16 5

subtype string 20

time string 8

type string 16

tz string 5

FortiOS 6.4.7 Log Reference 1148


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

unauthuser string 66

unauthusersource string 66

user string 256

vd string 32

vrf uint8 3

62102 - LOG_ID_SSL_NEGOTIATION_BYPASS

Message ID: 62102


Message Description: LOG_ID_SSL_NEGOTIATION_BYPASS
Message Meaning: SSL connection is bypassed due to its SSL negotiation
Type: SSL
Category: SSL-NEGOTIATION
Severity: Notice

Log Field Name Description Data Type Length

action string 20

date string 10

devid string 16

dstintf string 32

dstintfrole string 10

dstip ip 39

dstport uint16 5

eventsubtype string 32

eventtime uint64 20

eventtype string 32

fctuid string 32

group string 64

hostname string 256

level string 11

logid string 10

msg string 512

FortiOS 6.4.7 Log Reference 1149


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

policyid uint32 10

profile string 64

proto uint8 3

service string 5

sessionid uint32 10

srcdomain string 255

srcintf string 32

srcintfrole string 10

srcip ip 39

srcport uint16 5

subtype string 20

time string 8

type string 16

tz string 5

unauthuser string 66

unauthusersource string 66

user string 256

vd string 32

vrf uint8 3

62300 - LOG_ID_SSL_ANOMALY_CERT_BLACKLISTED

Message ID: 62300


Message Description: LOG_ID_SSL_ANOMALY_CERT_BLACKLISTED
Message Meaning: SSL connection is blocked due to the server certificate is blacklisted
Type: SSL
Category: SSL-ANOMALIES
Severity: Warning

Log Field Name Description Data Type Length

action string 20

certdesc string 64

FortiOS 6.4.7 Log Reference 1150


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

certhash string 40

date string 10

devid string 16

dstintf string 32

dstintfrole string 10

dstip ip 39

dstport uint16 5

eventsubtype string 32

eventtime uint64 20

eventtype string 32

fctuid string 32

group string 64

hostname string 256

level string 11

logid string 10

msg string 512

policyid uint32 10

profile string 64

proto uint8 3

service string 5

sessionid uint32 10

srcdomain string 255

srcintf string 32

srcintfrole string 10

srcip ip 39

srcport uint16 5

subtype string 20

time string 8

type string 16

tz string 5

FortiOS 6.4.7 Log Reference 1151


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

unauthuser string 66

unauthusersource string 66

user string 256

vd string 32

vrf uint8 3

62301 - LOG_ID_SSL_ANOMALY_CERT_RESIGN_TRUSTED

Message ID: 62301


Message Description: LOG_ID_SSL_ANOMALY_CERT_RESIGN_TRUSTED
Message Meaning: (null)
Type: SSL
Category: SSL-ANOMALIES
Severity: Notice

Log Field Name Description Data Type Length

action string 20

certdesc string 64

certhash string 40

date string 10

devid string 16

dstintf string 32

dstintfrole string 10

dstip ip 39

dstport uint16 5

eventsubtype string 32

eventtime uint64 20

eventtype string 32

fctuid string 32

group string 64

hostname string 256

level string 11

FortiOS 6.4.7 Log Reference 1152


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

logid string 10

msg string 512

policyid uint32 10

profile string 64

proto uint8 3

service string 5

sessionid uint32 10

srcdomain string 255

srcintf string 32

srcintfrole string 10

srcip ip 39

srcport uint16 5

subtype string 20

time string 8

type string 16

tz string 5

unauthuser string 66

unauthusersource string 66

user string 256

vd string 32

vrf uint8 3

62302 - LOG_ID_SSL_ANOMALY_CERT_RESIGN_UNTRUSTED

Message ID: 62302


Message Description: LOG_ID_SSL_ANOMALY_CERT_RESIGN_UNTRUSTED
Message Meaning: (null)
Type: SSL
Category: SSL-ANOMALIES
Severity: Notice

FortiOS 6.4.7 Log Reference 1153


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

action string 20

certdesc string 64

certhash string 40

date string 10

devid string 16

dstintf string 32

dstintfrole string 10

dstip ip 39

dstport uint16 5

eventsubtype string 32

eventtime uint64 20

eventtype string 32

fctuid string 32

group string 64

hostname string 256

level string 11

logid string 10

msg string 512

policyid uint32 10

profile string 64

proto uint8 3

service string 5

sessionid uint32 10

srcdomain string 255

srcintf string 32

srcintfrole string 10

srcip ip 39

srcport uint16 5

subtype string 20

time string 8

FortiOS 6.4.7 Log Reference 1154


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

type string 16

tz string 5

unauthuser string 66

unauthusersource string 66

user string 256

vd string 32

vrf uint8 3

62303 - LOG_ID_SSL_ANOMALY_CERT_BLOCKED

Message ID: 62303


Message Description: LOG_ID_SSL_ANOMALY_CERT_BLOCKED
Message Meaning: (null)
Type: SSL
Category: SSL-ANOMALIES
Severity: Warning

Log Field Name Description Data Type Length

action string 20

certdesc string 64

certhash string 40

date string 10

devid string 16

dstintf string 32

dstintfrole string 10

dstip ip 39

dstport uint16 5

eventsubtype string 32

eventtime uint64 20

eventtype string 32

fctuid string 32

group string 64

FortiOS 6.4.7 Log Reference 1155


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

hostname string 256

level string 11

logid string 10

msg string 512

policyid uint32 10

profile string 64

proto uint8 3

service string 5

sessionid uint32 10

srcdomain string 255

srcintf string 32

srcintfrole string 10

srcip ip 39

srcport uint16 5

subtype string 20

time string 8

type string 16

tz string 5

unauthuser string 66

unauthusersource string 66

user string 256

vd string 32

vrf uint8 3

62304 - LOG_ID_SSL_ANOMALY_CERT_SNI_MISMATCHED

Message ID: 62304


Message Description: LOG_ID_SSL_ANOMALY_CERT_SNI_MISMATCHED
Message Meaning: (null)
Type: SSL
Category: SSL-ANOMALIES
Severity: Warning

FortiOS 6.4.7 Log Reference 1156


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

action string 20

certdesc string 64

certhash string 40

date string 10

devid string 16

dstintf string 32

dstintfrole string 10

dstip ip 39

dstport uint16 5

eventsubtype string 32

eventtime uint64 20

eventtype string 32

fctuid string 32

group string 64

hostname string 256

level string 11

logid string 10

msg string 512

policyid uint32 10

profile string 64

proto uint8 3

service string 5

sessionid uint32 10

srcdomain string 255

srcintf string 32

srcintfrole string 10

srcip ip 39

srcport uint16 5

subtype string 20

time string 8

FortiOS 6.4.7 Log Reference 1157


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

type string 16

tz string 5

unauthuser string 66

unauthusersource string 66

user string 256

vd string 32

vrf uint8 3

Traffic

2 - LOG_ID_TRAFFIC_ALLOW

Message ID: 2
Message Description: LOG_ID_TRAFFIC_ALLOW
Message Meaning: Allowed traffic
Type: Traffic
Category: FORWARD
Severity: Notice

Log Field Name Description Data Type Length

action The status of the session: deny - Session was denied string 16
accept - Allowed Forward session start - Session starts (log
message was created when the session was created) dns -
DNS query return error ip-conn - Failed connection attempts
close - Local-traffic session allowed timeout - Allowed
session was timeout client-rst - Session reset by client
server-rst - Session reset by server

agent User agent - eg. agent="Mozilla/5.0" string 64

ap Access Point name string 36

app Application name string 96

appact The security action from app control string 16

appcat Application category string 64

appid Application ID uint32 10

applist Application Control profile (name) string 64

FortiOS 6.4.7 Log Reference 1158


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

apprisk Application Risk Level string 16

apsn Access Point serial number string 36

authserver Remote Authentication server string 64

centralnatid central-snat-map id uint32 10

channel WiFi Channel uint32 10

comment Customized policy comment string 1024

craction Action performed by Threat Weight uint32 10

crlevel Threat Weight level string 10

crscore Threat Weight score uint32 10

date Date string 10

devid Device Serial Number string 16

devtype Device Type string 66

dstauthserver string 32

dstcity string 64

dstcountry Country name for the destination IP string 64

dstdevtype Destination Device Type string 66

dstfamily string 66

dsthwvendor string 66

dsthwversion string 66

dstinetsvc Internet service name for the destination string 64

dstintf Destination Interface string 32

dstintfrole Destination Interface's assigned role (LAN, WAN, etc.) string 10

dstip Destination IP Address ip 39

dstmac Destination Mac Address string 17

dstname Destination name string 66

dstosname Destination OS name string 66

dstport Destination Protocol Port Number uint16 5

dstregion string 64

dstserver Destination Server uint8 3

dstssid Destination SSID string 33

FortiOS 6.4.7 Log Reference 1159


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

dstswversion string 66

dstunauthuser string 66

dstunauthusersource string 66

dstuser string 256

dstuuid UUID of the Destination Address Object string 37

duration Duration of the session uint32 10

eventtime Epoch time in nanoseconds uint64 20

fctuid FortiClient UID string 32

group User group name string 64

identifier uint16 5

lanin LAN incoming traffic in bytes uint64 20

lanout LAN outgoing traffic in bytes uint64 20

level Log Level string 11

logid Log ID string 10

masterdstmac Destination master MAC address string 17

mastersrcmac The master MAC address for a host that has multiple string 17
network interfaces

msg Log message string 64

osname Name of the device's OS string 66

policyid Firewall Policy ID uint32 10

policyname Policy name string 36

policytype Policy type string 24

poluuid UUID of the Firewall Policy string 37

proto Protocol Number uint8 3

radioband Radio Band string 64

rcvdbyte Received Bytes uint64 20

rcvddelta Delta Received Bytes uint64 20

rcvdpkt Received Packets uint32 10

sentbyte Sent Bytes uint64 20

sentdelta Delta Sent Bytes uint64 20

sentpkt Sent Packets uint32 10

FortiOS 6.4.7 Log Reference 1160


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

service Name of Service string 80

sessionid Session ID uint32 10

shaperdroprcvdbyte Received bytes dropped by shaper uint32 10

shaperdropsentbyte Sent bytes dropped by shaper uint32 10

shaperperipdropbyte Dropped bytes per IP by shaper uint32 10

shaperperipname Traffic shaper name (per IP) string 36

shaperrcvdname Traffic shaper name for received traffic string 36

shapersentname Traffic shaper name for sent traffic string 36

shapingpolicyid Shaping Policy ID uint32 10

signal int8 4

snr int8 4

srccity string 64

srccountry Country name for Source IP string 64

srcdomain string 255

srcfamily string 66

srchwvendor string 66

srchwversion string 66

srcinetsvc Internet service name for the source string 64

srcintf Source interface name string 32

srcintfrole Source Interface's assigned role (LAN, WAN, etc.) string 10

srcip Source IP address ip 39

srcmac MAC address associated with the Source IP string 17

srcname Source name string 66

srcport Source protocol port number uint16 5

srcregion string 64

srcserver Source server uint8 3

srcssid Source SSID string 33

srcswversion string 66

srcuuid UUID of the Source Address Object string 37

sslaction Action taken by ssl-ssh-profile string 26

FortiOS 6.4.7 Log Reference 1161


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

subtype Subtype of the traffic string 20

time Time string 8

trandisp NAT translation type string 16

tranip NAT Destination IP ip 39

tranport NAT Destination Port uint16 5

transip NAT Source IP ip 39

transport NAT Source Protocol Port uint16 5

tunnelid uint32 10

type Log type string 16

tz Time zone string 5

unauthuser Unauthenticated user name string 66

unauthusersource The method used to detect unauthenticated user name string 66

url URL string 512

user User name string 256

utmaction Security action performed by UTM string 32

vd Virtual domain name string 32

vpn The name of the VPN tunnel string 32

vpntype The type of the VPN tunnel string 14

vrf Virtual router forwarding uint8 3

vwlid Virtual Wan Link (SD-WAN) service id uint32 10

vwlname string 36

vwlquality Quality info of the service rule that is matched by traffic string 320

vwlservice Application that is matched by the traffic (internet-service- string 64


app-ctrl)

vwpvlanid Virtual Wire Pair vlan id uint32 10

wanin WAN incoming traffic in bytes uint64 20

wanoptapptype WAN Optimization Application type string 9

wanout WAN outgoing traffic in bytes uint64 20

3 - LOG_ID_TRAFFIC_DENY

Message ID: 3
Message Description: LOG_ID_TRAFFIC_DENY

FortiOS 6.4.7 Log Reference 1162


Fortinet, Inc.
Log Messages

Message Meaning: Traffic violation


Type: Traffic
Category: FORWARD
Severity: Warning

Log Field Name Description Data Type Length

action The status of the session: deny - Session was denied string 16
accept - Allowed Forward session start - Session starts (log
message was created when the session was created) dns -
DNS query return error ip-conn - Failed connection attempts
close - Local-traffic session allowed timeout - Allowed
session was timeout client-rst - Session reset by client
server-rst - Session reset by server

agent User agent - eg. agent="Mozilla/5.0" string 64

ap Access Point name string 36

app Application name string 96

appact The security action from app control string 16

appcat Application category string 64

appid Application ID uint32 10

applist Application Control profile (name) string 64

apprisk Application Risk Level string 16

apsn Access Point serial number string 36

authserver Remote Authentication server string 64

centralnatid central-snat-map id uint32 10

channel WiFi Channel uint32 10

comment Customized policy comment string 1024

craction Action performed by Threat Weight uint32 10

crlevel Threat Weight level string 10

crscore Threat Weight score uint32 10

date Date string 10

devid Device Serial Number string 16

devtype Device Type string 66

dstauthserver string 32

dstcity string 64

dstcountry Country name for the destination IP string 64

FortiOS 6.4.7 Log Reference 1163


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

dstdevtype Destination Device Type string 66

dstfamily string 66

dsthwvendor string 66

dsthwversion string 66

dstinetsvc Internet service name for the destination string 64

dstintf Destination Interface string 32

dstintfrole Destination Interface's assigned role (LAN, WAN, etc.) string 10

dstip Destination IP Address ip 39

dstmac Destination Mac Address string 17

dstname Destination name string 66

dstosname Destination OS name string 66

dstport Destination Protocol Port Number uint16 5

dstregion string 64

dstserver Destination Server uint8 3

dstssid Destination SSID string 33

dstswversion string 66

dstunauthuser string 66

dstunauthusersource string 66

dstuser string 256

dstuuid UUID of the Destination Address Object string 37

duration Duration of the session uint32 10

eventtime Epoch time in nanoseconds uint64 20

fctuid FortiClient UID string 32

group User group name string 64

identifier uint16 5

lanin LAN incoming traffic in bytes uint64 20

lanout LAN outgoing traffic in bytes uint64 20

level Log Level string 11

logid Log ID string 10

masterdstmac Destination master MAC address string 17

FortiOS 6.4.7 Log Reference 1164


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

mastersrcmac The master MAC address for a host that has multiple string 17
network interfaces

msg Log message string 64

osname Name of the device's OS string 66

policyid Firewall Policy ID uint32 10

policyname Policy name string 36

policytype Policy type string 24

poluuid UUID of the Firewall Policy string 37

proto Protocol Number uint8 3

radioband Radio Band string 64

rcvdbyte Received Bytes uint64 20

rcvddelta Delta Received Bytes uint64 20

rcvdpkt Received Packets uint32 10

sentbyte Sent Bytes uint64 20

sentdelta Delta Sent Bytes uint64 20

sentpkt Sent Packets uint32 10

service Name of Service string 80

sessionid Session ID uint32 10

shaperdroprcvdbyte Received bytes dropped by shaper uint32 10

shaperdropsentbyte Sent bytes dropped by shaper uint32 10

shaperperipdropbyte Dropped bytes per IP by shaper uint32 10

shaperperipname Traffic shaper name (per IP) string 36

shaperrcvdname Traffic shaper name for received traffic string 36

shapersentname Traffic shaper name for sent traffic string 36

shapingpolicyid Shaping Policy ID uint32 10

signal int8 4

snr int8 4

srccity string 64

srccountry Country name for Source IP string 64

srcdomain string 255

srcfamily string 66

FortiOS 6.4.7 Log Reference 1165


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

srchwvendor string 66

srchwversion string 66

srcinetsvc Internet service name for the source string 64

srcintf Source interface name string 32

srcintfrole Source Interface's assigned role (LAN, WAN, etc.) string 10

srcip Source IP address ip 39

srcmac MAC address associated with the Source IP string 17

srcname Source name string 66

srcport Source protocol port number uint16 5

srcregion string 64

srcserver Source server uint8 3

srcssid Source SSID string 33

srcswversion string 66

srcuuid UUID of the Source Address Object string 37

sslaction Action taken by ssl-ssh-profile string 26

subtype Subtype of the traffic string 20

time Time string 8

trandisp NAT translation type string 16

tranip NAT Destination IP ip 39

tranport NAT Destination Port uint16 5

transip NAT Source IP ip 39

transport NAT Source Protocol Port uint16 5

tunnelid uint32 10

type Log type string 16

tz Time zone string 5

unauthuser Unauthenticated user name string 66

unauthusersource The method used to detect unauthenticated user name string 66

url URL string 512

user User name string 256

utmaction Security action performed by UTM string 32

FortiOS 6.4.7 Log Reference 1166


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

vd Virtual domain name string 32

vpn The name of the VPN tunnel string 32

vpntype The type of the VPN tunnel string 14

vrf Virtual router forwarding uint8 3

vwlid Virtual Wan Link (SD-WAN) service id uint32 10

vwlname string 36

vwlquality Quality info of the service rule that is matched by traffic string 320

vwlservice Application that is matched by the traffic (internet-service- string 64


app-ctrl)

vwpvlanid Virtual Wire Pair vlan id uint32 10

wanin WAN incoming traffic in bytes uint64 20

wanoptapptype WAN Optimization Application type string 9

wanout WAN outgoing traffic in bytes uint64 20

4 - LOG_ID_TRAFFIC_OTHER_START

Message ID: 4
Message Description: LOG_ID_TRAFFIC_OTHER_START
Message Meaning: Traffic other session start
Type: Traffic
Category: FORWARD
Severity: Notice

Log Field Name Description Data Type Length

action The status of the session: deny - Session was denied string 16
accept - Allowed Forward session start - Session starts (log
message was created when the session was created) dns -
DNS query return error ip-conn - Failed connection attempts
close - Local-traffic session allowed timeout - Allowed
session was timeout client-rst - Session reset by client
server-rst - Session reset by server

agent User agent - eg. agent="Mozilla/5.0" string 64

ap Access Point name string 36

app Application name string 96

appact The security action from app control string 16

FortiOS 6.4.7 Log Reference 1167


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

appcat Application category string 64

appid Application ID uint32 10

applist Application Control profile (name) string 64

apprisk Application Risk Level string 16

apsn Access Point serial number string 36

authserver Remote Authentication server string 64

centralnatid central-snat-map id uint32 10

channel WiFi Channel uint32 10

comment Customized policy comment string 1024

craction Action performed by Threat Weight uint32 10

crlevel Threat Weight level string 10

crscore Threat Weight score uint32 10

date Date string 10

devid Device Serial Number string 16

devtype Device Type string 66

dstauthserver string 32

dstcity string 64

dstcountry Country name for the destination IP string 64

dstdevtype Destination Device Type string 66

dstfamily string 66

dsthwvendor string 66

dsthwversion string 66

dstinetsvc Internet service name for the destination string 64

dstintf Destination Interface string 32

dstintfrole Destination Interface's assigned role (LAN, WAN, etc.) string 10

dstip Destination IP Address ip 39

dstmac Destination Mac Address string 17

dstname Destination name string 66

dstosname Destination OS name string 66

dstport Destination Protocol Port Number uint16 5

FortiOS 6.4.7 Log Reference 1168


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

dstregion string 64

dstserver Destination Server uint8 3

dstssid Destination SSID string 33

dstswversion string 66

dstunauthuser string 66

dstunauthusersource string 66

dstuser string 256

dstuuid UUID of the Destination Address Object string 37

duration Duration of the session uint32 10

eventtime Epoch time in nanoseconds uint64 20

fctuid FortiClient UID string 32

group User group name string 64

identifier uint16 5

lanin LAN incoming traffic in bytes uint64 20

lanout LAN outgoing traffic in bytes uint64 20

level Log Level string 11

logid Log ID string 10

masterdstmac Destination master MAC address string 17

mastersrcmac The master MAC address for a host that has multiple string 17
network interfaces

msg Log message string 64

osname Name of the device's OS string 66

policyid Firewall Policy ID uint32 10

policyname Policy name string 36

policytype Policy type string 24

poluuid UUID of the Firewall Policy string 37

proto Protocol Number uint8 3

radioband Radio Band string 64

rcvdbyte Received Bytes uint64 20

rcvddelta Delta Received Bytes uint64 20

rcvdpkt Received Packets uint32 10

FortiOS 6.4.7 Log Reference 1169


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

sentbyte Sent Bytes uint64 20

sentdelta Delta Sent Bytes uint64 20

sentpkt Sent Packets uint32 10

service Name of Service string 80

sessionid Session ID uint32 10

shaperdroprcvdbyte Received bytes dropped by shaper uint32 10

shaperdropsentbyte Sent bytes dropped by shaper uint32 10

shaperperipdropbyte Dropped bytes per IP by shaper uint32 10

shaperperipname Traffic shaper name (per IP) string 36

shaperrcvdname Traffic shaper name for received traffic string 36

shapersentname Traffic shaper name for sent traffic string 36

shapingpolicyid Shaping Policy ID uint32 10

signal int8 4

snr int8 4

srccity string 64

srccountry Country name for Source IP string 64

srcdomain string 255

srcfamily string 66

srchwvendor string 66

srchwversion string 66

srcinetsvc Internet service name for the source string 64

srcintf Source interface name string 32

srcintfrole Source Interface's assigned role (LAN, WAN, etc.) string 10

srcip Source IP address ip 39

srcmac MAC address associated with the Source IP string 17

srcname Source name string 66

srcport Source protocol port number uint16 5

srcregion string 64

srcserver Source server uint8 3

srcssid Source SSID string 33

FortiOS 6.4.7 Log Reference 1170


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

srcswversion string 66

srcuuid UUID of the Source Address Object string 37

sslaction Action taken by ssl-ssh-profile string 26

subtype Subtype of the traffic string 20

time Time string 8

trandisp NAT translation type string 16

tranip NAT Destination IP ip 39

tranport NAT Destination Port uint16 5

transip NAT Source IP ip 39

transport NAT Source Protocol Port uint16 5

tunnelid uint32 10

type Log type string 16

tz Time zone string 5

unauthuser Unauthenticated user name string 66

unauthusersource The method used to detect unauthenticated user name string 66

url URL string 512

user User name string 256

utmaction Security action performed by UTM string 32

vd Virtual domain name string 32

vpn The name of the VPN tunnel string 32

vpntype The type of the VPN tunnel string 14

vrf Virtual router forwarding uint8 3

vwlid Virtual Wan Link (SD-WAN) service id uint32 10

vwlname string 36

vwlquality Quality info of the service rule that is matched by traffic string 320

vwlservice Application that is matched by the traffic (internet-service- string 64


app-ctrl)

vwpvlanid Virtual Wire Pair vlan id uint32 10

wanin WAN incoming traffic in bytes uint64 20

wanoptapptype WAN Optimization Application type string 9

wanout WAN outgoing traffic in bytes uint64 20

FortiOS 6.4.7 Log Reference 1171


Fortinet, Inc.
Log Messages

5 - LOG_ID_TRAFFIC_OTHER_ICMP_ALLOW

Message ID: 5
Message Description: LOG_ID_TRAFFIC_OTHER_ICMP_ALLOW
Message Meaning: Traffic allowed ICMP
Type: Traffic
Category: FORWARD
Severity: Notice

Log Field Name Description Data Type Length

action The status of the session: deny - Session was denied string 16
accept - Allowed Forward session start - Session starts (log
message was created when the session was created) dns -
DNS query return error ip-conn - Failed connection attempts
close - Local-traffic session allowed timeout - Allowed
session was timeout client-rst - Session reset by client
server-rst - Session reset by server

agent User agent - eg. agent="Mozilla/5.0" string 64

ap Access Point name string 36

app Application name string 96

appact The security action from app control string 16

appcat Application category string 64

appid Application ID uint32 10

applist Application Control profile (name) string 64

apprisk Application Risk Level string 16

apsn Access Point serial number string 36

authserver Remote Authentication server string 64

centralnatid central-snat-map id uint32 10

channel WiFi Channel uint32 10

comment Customized policy comment string 1024

craction Action performed by Threat Weight uint32 10

crlevel Threat Weight level string 10

crscore Threat Weight score uint32 10

date Date string 10

devid Device Serial Number string 16

FortiOS 6.4.7 Log Reference 1172


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

devtype Device Type string 66

dstauthserver string 32

dstcity string 64

dstcountry Country name for the destination IP string 64

dstdevtype Destination Device Type string 66

dstfamily string 66

dsthwvendor string 66

dsthwversion string 66

dstinetsvc Internet service name for the destination string 64

dstintf Destination Interface string 32

dstintfrole Destination Interface's assigned role (LAN, WAN, etc.) string 10

dstip Destination IP Address ip 39

dstmac Destination Mac Address string 17

dstname Destination name string 66

dstosname Destination OS name string 66

dstport Destination Protocol Port Number uint16 5

dstregion string 64

dstserver Destination Server uint8 3

dstssid Destination SSID string 33

dstswversion string 66

dstunauthuser string 66

dstunauthusersource string 66

dstuser string 256

dstuuid UUID of the Destination Address Object string 37

duration Duration of the session uint32 10

eventtime Epoch time in nanoseconds uint64 20

fctuid FortiClient UID string 32

group User group name string 64

identifier uint16 5

lanin LAN incoming traffic in bytes uint64 20

FortiOS 6.4.7 Log Reference 1173


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

lanout LAN outgoing traffic in bytes uint64 20

level Log Level string 11

logid Log ID string 10

masterdstmac Destination master MAC address string 17

mastersrcmac The master MAC address for a host that has multiple string 17
network interfaces

msg Log message string 64

osname Name of the device's OS string 66

policyid Firewall Policy ID uint32 10

policyname Policy name string 36

policytype Policy type string 24

poluuid UUID of the Firewall Policy string 37

proto Protocol Number uint8 3

radioband Radio Band string 64

rcvdbyte Received Bytes uint64 20

rcvddelta Delta Received Bytes uint64 20

rcvdpkt Received Packets uint32 10

sentbyte Sent Bytes uint64 20

sentdelta Delta Sent Bytes uint64 20

sentpkt Sent Packets uint32 10

service Name of Service string 80

sessionid Session ID uint32 10

shaperdroprcvdbyte Received bytes dropped by shaper uint32 10

shaperdropsentbyte Sent bytes dropped by shaper uint32 10

shaperperipdropbyte Dropped bytes per IP by shaper uint32 10

shaperperipname Traffic shaper name (per IP) string 36

shaperrcvdname Traffic shaper name for received traffic string 36

shapersentname Traffic shaper name for sent traffic string 36

shapingpolicyid Shaping Policy ID uint32 10

signal int8 4

snr int8 4

FortiOS 6.4.7 Log Reference 1174


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

srccity string 64

srccountry Country name for Source IP string 64

srcdomain string 255

srcfamily string 66

srchwvendor string 66

srchwversion string 66

srcinetsvc Internet service name for the source string 64

srcintf Source interface name string 32

srcintfrole Source Interface's assigned role (LAN, WAN, etc.) string 10

srcip Source IP address ip 39

srcmac MAC address associated with the Source IP string 17

srcname Source name string 66

srcport Source protocol port number uint16 5

srcregion string 64

srcserver Source server uint8 3

srcssid Source SSID string 33

srcswversion string 66

srcuuid UUID of the Source Address Object string 37

sslaction Action taken by ssl-ssh-profile string 26

subtype Subtype of the traffic string 20

time Time string 8

trandisp NAT translation type string 16

tranip NAT Destination IP ip 39

tranport NAT Destination Port uint16 5

transip NAT Source IP ip 39

transport NAT Source Protocol Port uint16 5

tunnelid uint32 10

type Log type string 16

tz Time zone string 5

unauthuser Unauthenticated user name string 66

FortiOS 6.4.7 Log Reference 1175


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

unauthusersource The method used to detect unauthenticated user name string 66

url URL string 512

user User name string 256

utmaction Security action performed by UTM string 32

vd Virtual domain name string 32

vpn The name of the VPN tunnel string 32

vpntype The type of the VPN tunnel string 14

vrf Virtual router forwarding uint8 3

vwlid Virtual Wan Link (SD-WAN) service id uint32 10

vwlname string 36

vwlquality Quality info of the service rule that is matched by traffic string 320

vwlservice Application that is matched by the traffic (internet-service- string 64


app-ctrl)

vwpvlanid Virtual Wire Pair vlan id uint32 10

wanin WAN incoming traffic in bytes uint64 20

wanoptapptype WAN Optimization Application type string 9

wanout WAN outgoing traffic in bytes uint64 20

6 - LOG_ID_TRAFFIC_OTHER_ICMP_DENY

Message ID: 6
Message Description: LOG_ID_TRAFFIC_OTHER_ICMP_DENY
Message Meaning: Traffic denied ICMP
Type: Traffic
Category: FORWARD
Severity: Warning

Log Field Name Description Data Type Length

action The status of the session: deny - Session was denied string 16
accept - Allowed Forward session start - Session starts (log
message was created when the session was created) dns -
DNS query return error ip-conn - Failed connection attempts
close - Local-traffic session allowed timeout - Allowed
session was timeout client-rst - Session reset by client
server-rst - Session reset by server

FortiOS 6.4.7 Log Reference 1176


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

agent User agent - eg. agent="Mozilla/5.0" string 64

ap Access Point name string 36

app Application name string 96

appact The security action from app control string 16

appcat Application category string 64

appid Application ID uint32 10

applist Application Control profile (name) string 64

apprisk Application Risk Level string 16

apsn Access Point serial number string 36

authserver Remote Authentication server string 64

centralnatid central-snat-map id uint32 10

channel WiFi Channel uint32 10

comment Customized policy comment string 1024

craction Action performed by Threat Weight uint32 10

crlevel Threat Weight level string 10

crscore Threat Weight score uint32 10

date Date string 10

devid Device Serial Number string 16

devtype Device Type string 66

dstauthserver string 32

dstcity string 64

dstcountry Country name for the destination IP string 64

dstdevtype Destination Device Type string 66

dstfamily string 66

dsthwvendor string 66

dsthwversion string 66

dstinetsvc Internet service name for the destination string 64

dstintf Destination Interface string 32

dstintfrole Destination Interface's assigned role (LAN, WAN, etc.) string 10

dstip Destination IP Address ip 39

FortiOS 6.4.7 Log Reference 1177


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

dstmac Destination Mac Address string 17

dstname Destination name string 66

dstosname Destination OS name string 66

dstport Destination Protocol Port Number uint16 5

dstregion string 64

dstserver Destination Server uint8 3

dstssid Destination SSID string 33

dstswversion string 66

dstunauthuser string 66

dstunauthusersource string 66

dstuser string 256

dstuuid UUID of the Destination Address Object string 37

duration Duration of the session uint32 10

eventtime Epoch time in nanoseconds uint64 20

fctuid FortiClient UID string 32

group User group name string 64

identifier uint16 5

lanin LAN incoming traffic in bytes uint64 20

lanout LAN outgoing traffic in bytes uint64 20

level Log Level string 11

logid Log ID string 10

masterdstmac Destination master MAC address string 17

mastersrcmac The master MAC address for a host that has multiple string 17
network interfaces

msg Log message string 64

osname Name of the device's OS string 66

policyid Firewall Policy ID uint32 10

policyname Policy name string 36

policytype Policy type string 24

poluuid UUID of the Firewall Policy string 37

proto Protocol Number uint8 3

FortiOS 6.4.7 Log Reference 1178


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

radioband Radio Band string 64

rcvdbyte Received Bytes uint64 20

rcvddelta Delta Received Bytes uint64 20

rcvdpkt Received Packets uint32 10

sentbyte Sent Bytes uint64 20

sentdelta Delta Sent Bytes uint64 20

sentpkt Sent Packets uint32 10

service Name of Service string 80

sessionid Session ID uint32 10

shaperdroprcvdbyte Received bytes dropped by shaper uint32 10

shaperdropsentbyte Sent bytes dropped by shaper uint32 10

shaperperipdropbyte Dropped bytes per IP by shaper uint32 10

shaperperipname Traffic shaper name (per IP) string 36

shaperrcvdname Traffic shaper name for received traffic string 36

shapersentname Traffic shaper name for sent traffic string 36

shapingpolicyid Shaping Policy ID uint32 10

signal int8 4

snr int8 4

srccity string 64

srccountry Country name for Source IP string 64

srcdomain string 255

srcfamily string 66

srchwvendor string 66

srchwversion string 66

srcinetsvc Internet service name for the source string 64

srcintf Source interface name string 32

srcintfrole Source Interface's assigned role (LAN, WAN, etc.) string 10

srcip Source IP address ip 39

srcmac MAC address associated with the Source IP string 17

srcname Source name string 66

FortiOS 6.4.7 Log Reference 1179


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

srcport Source protocol port number uint16 5

srcregion string 64

srcserver Source server uint8 3

srcssid Source SSID string 33

srcswversion string 66

srcuuid UUID of the Source Address Object string 37

sslaction Action taken by ssl-ssh-profile string 26

subtype Subtype of the traffic string 20

time Time string 8

trandisp NAT translation type string 16

tranip NAT Destination IP ip 39

tranport NAT Destination Port uint16 5

transip NAT Source IP ip 39

transport NAT Source Protocol Port uint16 5

tunnelid uint32 10

type Log type string 16

tz Time zone string 5

unauthuser Unauthenticated user name string 66

unauthusersource The method used to detect unauthenticated user name string 66

url URL string 512

user User name string 256

utmaction Security action performed by UTM string 32

vd Virtual domain name string 32

vpn The name of the VPN tunnel string 32

vpntype The type of the VPN tunnel string 14

vrf Virtual router forwarding uint8 3

vwlid Virtual Wan Link (SD-WAN) service id uint32 10

vwlname string 36

vwlquality Quality info of the service rule that is matched by traffic string 320

vwlservice Application that is matched by the traffic (internet-service- string 64


app-ctrl)

FortiOS 6.4.7 Log Reference 1180


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

vwpvlanid Virtual Wire Pair vlan id uint32 10

wanin WAN incoming traffic in bytes uint64 20

wanoptapptype WAN Optimization Application type string 9

wanout WAN outgoing traffic in bytes uint64 20

7 - LOG_ID_TRAFFIC_OTHER_INVALID

Message ID: 7
Message Description: LOG_ID_TRAFFIC_OTHER_INVALID
Message Meaning: Traffic other invalid
Type: Traffic
Category: FORWARD
Severity: Warning

Log Field Name Description Data Type Length

action The status of the session: deny - Session was denied string 16
accept - Allowed Forward session start - Session starts (log
message was created when the session was created) dns -
DNS query return error ip-conn - Failed connection attempts
close - Local-traffic session allowed timeout - Allowed
session was timeout client-rst - Session reset by client
server-rst - Session reset by server

agent User agent - eg. agent="Mozilla/5.0" string 64

ap Access Point name string 36

app Application name string 96

appact The security action from app control string 16

appcat Application category string 64

appid Application ID uint32 10

applist Application Control profile (name) string 64

apprisk Application Risk Level string 16

apsn Access Point serial number string 36

authserver Remote Authentication server string 64

centralnatid central-snat-map id uint32 10

channel WiFi Channel uint32 10

FortiOS 6.4.7 Log Reference 1181


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

comment Customized policy comment string 1024

craction Action performed by Threat Weight uint32 10

crlevel Threat Weight level string 10

crscore Threat Weight score uint32 10

date Date string 10

devid Device Serial Number string 16

devtype Device Type string 66

dstauthserver string 32

dstcity string 64

dstcountry Country name for the destination IP string 64

dstdevtype Destination Device Type string 66

dstfamily string 66

dsthwvendor string 66

dsthwversion string 66

dstinetsvc Internet service name for the destination string 64

dstintf Destination Interface string 32

dstintfrole Destination Interface's assigned role (LAN, WAN, etc.) string 10

dstip Destination IP Address ip 39

dstmac Destination Mac Address string 17

dstname Destination name string 66

dstosname Destination OS name string 66

dstport Destination Protocol Port Number uint16 5

dstregion string 64

dstserver Destination Server uint8 3

dstssid Destination SSID string 33

dstswversion string 66

dstunauthuser string 66

dstunauthusersource string 66

dstuser string 256

dstuuid UUID of the Destination Address Object string 37

FortiOS 6.4.7 Log Reference 1182


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

duration Duration of the session uint32 10

eventtime Epoch time in nanoseconds uint64 20

fctuid FortiClient UID string 32

group User group name string 64

identifier uint16 5

lanin LAN incoming traffic in bytes uint64 20

lanout LAN outgoing traffic in bytes uint64 20

level Log Level string 11

logid Log ID string 10

masterdstmac Destination master MAC address string 17

mastersrcmac The master MAC address for a host that has multiple string 17
network interfaces

msg Log message string 64

osname Name of the device's OS string 66

policyid Firewall Policy ID uint32 10

policyname Policy name string 36

policytype Policy type string 24

poluuid UUID of the Firewall Policy string 37

proto Protocol Number uint8 3

radioband Radio Band string 64

rcvdbyte Received Bytes uint64 20

rcvddelta Delta Received Bytes uint64 20

rcvdpkt Received Packets uint32 10

sentbyte Sent Bytes uint64 20

sentdelta Delta Sent Bytes uint64 20

sentpkt Sent Packets uint32 10

service Name of Service string 80

sessionid Session ID uint32 10

shaperdroprcvdbyte Received bytes dropped by shaper uint32 10

shaperdropsentbyte Sent bytes dropped by shaper uint32 10

shaperperipdropbyte Dropped bytes per IP by shaper uint32 10

FortiOS 6.4.7 Log Reference 1183


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

shaperperipname Traffic shaper name (per IP) string 36

shaperrcvdname Traffic shaper name for received traffic string 36

shapersentname Traffic shaper name for sent traffic string 36

shapingpolicyid Shaping Policy ID uint32 10

signal int8 4

snr int8 4

srccity string 64

srccountry Country name for Source IP string 64

srcdomain string 255

srcfamily string 66

srchwvendor string 66

srchwversion string 66

srcinetsvc Internet service name for the source string 64

srcintf Source interface name string 32

srcintfrole Source Interface's assigned role (LAN, WAN, etc.) string 10

srcip Source IP address ip 39

srcmac MAC address associated with the Source IP string 17

srcname Source name string 66

srcport Source protocol port number uint16 5

srcregion string 64

srcserver Source server uint8 3

srcssid Source SSID string 33

srcswversion string 66

srcuuid UUID of the Source Address Object string 37

sslaction Action taken by ssl-ssh-profile string 26

subtype Subtype of the traffic string 20

time Time string 8

trandisp NAT translation type string 16

tranip NAT Destination IP ip 39

tranport NAT Destination Port uint16 5

FortiOS 6.4.7 Log Reference 1184


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

transip NAT Source IP ip 39

transport NAT Source Protocol Port uint16 5

tunnelid uint32 10

type Log type string 16

tz Time zone string 5

unauthuser Unauthenticated user name string 66

unauthusersource The method used to detect unauthenticated user name string 66

url URL string 512

user User name string 256

utmaction Security action performed by UTM string 32

vd Virtual domain name string 32

vpn The name of the VPN tunnel string 32

vpntype The type of the VPN tunnel string 14

vrf Virtual router forwarding uint8 3

vwlid Virtual Wan Link (SD-WAN) service id uint32 10

vwlname string 36

vwlquality Quality info of the service rule that is matched by traffic string 320

vwlservice Application that is matched by the traffic (internet-service- string 64


app-ctrl)

vwpvlanid Virtual Wire Pair vlan id uint32 10

wanin WAN incoming traffic in bytes uint64 20

wanoptapptype WAN Optimization Application type string 9

wanout WAN outgoing traffic in bytes uint64 20

8 - LOG_ID_TRAFFIC_WANOPT

Message ID: 8
Message Description: LOG_ID_TRAFFIC_WANOPT
Message Meaning: WAN optimization traffic
Type: Traffic
Category: FORWARD
Severity: Notice

FortiOS 6.4.7 Log Reference 1185


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

action The status of the session: deny - Session was denied string 16
accept - Allowed Forward session start - Session starts (log
message was created when the session was created) dns -
DNS query return error ip-conn - Failed connection attempts
close - Local-traffic session allowed timeout - Allowed
session was timeout client-rst - Session reset by client
server-rst - Session reset by server

agent User agent - eg. agent="Mozilla/5.0" string 64

ap Access Point name string 36

app Application name string 96

appact The security action from app control string 16

appcat Application category string 64

appid Application ID uint32 10

applist Application Control profile (name) string 64

apprisk Application Risk Level string 16

apsn Access Point serial number string 36

authserver Remote Authentication server string 64

centralnatid central-snat-map id uint32 10

channel WiFi Channel uint32 10

comment Customized policy comment string 1024

countapp Number of App Ctrl logs associated with the session uint32 10

countav Number of AV logs associated with the session uint32 10

countcifs uint32 10

countdlp Number of DLP logs associated with the session uint32 10

countdns Number of DNS Query logs associated with the session uint32 10

countemail Number of Email logs associated with the session uint32 10

countff uint32 10

counticap uint32 10

countips Number of IPS logs associated with the session uint32 10

countssh Number of SSH logs associated with the session uint32 10

countssl uint32 10

countwaf Number of WAF logs associated with the session uint32 10

FortiOS 6.4.7 Log Reference 1186


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

countweb Number of Web Filter logs associated with the session uint32 10

craction Action performed by Threat Weight uint32 10

crlevel Threat Weight level string 10

crscore Threat Weight score uint32 10

date Date string 10

devid Device Serial Number string 16

devtype Device Type string 66

dstauthserver string 32

dstcity string 64

dstcountry Country name for the destination IP string 64

dstdevtype Destination Device Type string 66

dstfamily string 66

dsthwvendor string 66

dsthwversion string 66

dstinetsvc Internet service name for the destination string 64

dstintf Destination Interface string 32

dstintfrole Destination Interface's assigned role (LAN, WAN, etc.) string 10

dstip Destination IP Address ip 39

dstmac Destination Mac Address string 17

dstname Destination name string 66

dstosname Destination OS name string 66

dstport Destination Protocol Port Number uint16 5

dstregion string 64

dstserver Destination Server uint8 3

dstssid Destination SSID string 33

dstswversion string 66

dstunauthuser string 66

dstunauthusersource string 66

dstuser string 256

dstuuid UUID of the Destination Address Object string 37

FortiOS 6.4.7 Log Reference 1187


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

duration Duration of the session uint32 10

eventtime Epoch time in nanoseconds uint64 20

fctuid FortiClient UID string 32

group User group name string 64

identifier uint16 5

lanin LAN incoming traffic in bytes uint64 20

lanout LAN outgoing traffic in bytes uint64 20

level Log Level string 11

logid Log ID string 10

masterdstmac Destination master MAC address string 17

mastersrcmac The master MAC address for a host that has multiple string 17
network interfaces

msg Log message string 64

osname Name of the device's OS string 66

policyid Firewall Policy ID uint32 10

policyname Policy name string 36

policytype Policy type string 24

poluuid UUID of the Firewall Policy string 37

proto Protocol Number uint8 3

radioband Radio Band string 64

rcvdbyte Received Bytes uint64 20

rcvddelta Delta Received Bytes uint64 20

rcvdpkt Received Packets uint32 10

sentbyte Sent Bytes uint64 20

sentdelta Delta Sent Bytes uint64 20

sentpkt Sent Packets uint32 10

service Name of Service string 80

sessionid Session ID uint32 10

shaperdroprcvdbyte Received bytes dropped by shaper uint32 10

shaperdropsentbyte Sent bytes dropped by shaper uint32 10

shaperperipdropbyte Dropped bytes per IP by shaper uint32 10

FortiOS 6.4.7 Log Reference 1188


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

shaperperipname Traffic shaper name (per IP) string 36

shaperrcvdname Traffic shaper name for received traffic string 36

shapersentname Traffic shaper name for sent traffic string 36

shapingpolicyid Shaping Policy ID uint32 10

signal int8 4

snr int8 4

srccity string 64

srccountry Country name for Source IP string 64

srcdomain string 255

srcfamily string 66

srchwvendor string 66

srchwversion string 66

srcinetsvc Internet service name for the source string 64

srcintf Source interface name string 32

srcintfrole Source Interface's assigned role (LAN, WAN, etc.) string 10

srcip Source IP address ip 39

srcmac MAC address associated with the Source IP string 17

srcname Source name string 66

srcport Source protocol port number uint16 5

srcregion string 64

srcserver Source server uint8 3

srcssid Source SSID string 33

srcswversion string 66

srcuuid UUID of the Source Address Object string 37

sslaction Action taken by ssl-ssh-profile string 26

subtype Subtype of the traffic string 20

time Time string 8

trandisp NAT translation type string 16

tranip NAT Destination IP ip 39

tranport NAT Destination Port uint16 5

FortiOS 6.4.7 Log Reference 1189


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

transip NAT Source IP ip 39

transport NAT Source Protocol Port uint16 5

tunnelid uint32 10

type Log type string 16

tz Time zone string 5

unauthuser Unauthenticated user name string 66

unauthusersource The method used to detect unauthenticated user name string 66

url URL string 512

user User name string 256

utmaction Security action performed by UTM string 32

vd Virtual domain name string 32

vpn The name of the VPN tunnel string 32

vpntype The type of the VPN tunnel string 14

vrf Virtual router forwarding uint8 3

vwlid Virtual Wan Link (SD-WAN) service id uint32 10

vwlname string 36

vwlquality Quality info of the service rule that is matched by traffic string 320

vwlservice Application that is matched by the traffic (internet-service- string 64


app-ctrl)

vwpvlanid Virtual Wire Pair vlan id uint32 10

wanin WAN incoming traffic in bytes uint64 20

wanoptapptype WAN Optimization Application type string 9

wanout WAN outgoing traffic in bytes uint64 20

9 - LOG_ID_TRAFFIC_WEBCACHE

Message ID: 9
Message Description: LOG_ID_TRAFFIC_WEBCACHE
Message Meaning: Web cache traffic
Type: Traffic
Category: FORWARD
Severity: Notice

FortiOS 6.4.7 Log Reference 1190


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

action The status of the session: deny - Session was denied string 16
accept - Allowed Forward session start - Session starts (log
message was created when the session was created) dns -
DNS query return error ip-conn - Failed connection attempts
close - Local-traffic session allowed timeout - Allowed
session was timeout client-rst - Session reset by client
server-rst - Session reset by server

agent User agent - eg. agent="Mozilla/5.0" string 64

ap Access Point name string 36

app Application name string 96

appact The security action from app control string 16

appcat Application category string 64

appid Application ID uint32 10

applist Application Control profile (name) string 64

apprisk Application Risk Level string 16

apsn Access Point serial number string 36

authserver Remote Authentication server string 64

centralnatid central-snat-map id uint32 10

channel WiFi Channel uint32 10

comment Customized policy comment string 1024

countapp Number of App Ctrl logs associated with the session uint32 10

countav Number of AV logs associated with the session uint32 10

countcifs uint32 10

countdlp Number of DLP logs associated with the session uint32 10

countdns Number of DNS Query logs associated with the session uint32 10

countemail Number of Email logs associated with the session uint32 10

countff uint32 10

counticap uint32 10

countips Number of IPS logs associated with the session uint32 10

countssh Number of SSH logs associated with the session uint32 10

countssl uint32 10

countwaf Number of WAF logs associated with the session uint32 10

FortiOS 6.4.7 Log Reference 1191


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

countweb Number of Web Filter logs associated with the session uint32 10

craction Action performed by Threat Weight uint32 10

crlevel Threat Weight level string 10

crscore Threat Weight score uint32 10

date Date string 10

devid Device Serial Number string 16

devtype Device Type string 66

dstauthserver string 32

dstcity string 64

dstcountry Country name for the destination IP string 64

dstdevtype Destination Device Type string 66

dstfamily string 66

dsthwvendor string 66

dsthwversion string 66

dstinetsvc Internet service name for the destination string 64

dstintf Destination Interface string 32

dstintfrole Destination Interface's assigned role (LAN, WAN, etc.) string 10

dstip Destination IP Address ip 39

dstmac Destination Mac Address string 17

dstname Destination name string 66

dstosname Destination OS name string 66

dstport Destination Protocol Port Number uint16 5

dstregion string 64

dstserver Destination Server uint8 3

dstssid Destination SSID string 33

dstswversion string 66

dstunauthuser string 66

dstunauthusersource string 66

dstuser string 256

dstuuid UUID of the Destination Address Object string 37

FortiOS 6.4.7 Log Reference 1192


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

duration Duration of the session uint32 10

eventtime Epoch time in nanoseconds uint64 20

fctuid FortiClient UID string 32

group User group name string 64

identifier uint16 5

lanin LAN incoming traffic in bytes uint64 20

lanout LAN outgoing traffic in bytes uint64 20

level Log Level string 11

logid Log ID string 10

masterdstmac Destination master MAC address string 17

mastersrcmac The master MAC address for a host that has multiple string 17
network interfaces

msg Log message string 64

osname Name of the device's OS string 66

policyid Firewall Policy ID uint32 10

policyname Policy name string 36

policytype Policy type string 24

poluuid UUID of the Firewall Policy string 37

proto Protocol Number uint8 3

radioband Radio Band string 64

rcvdbyte Received Bytes uint64 20

rcvddelta Delta Received Bytes uint64 20

rcvdpkt Received Packets uint32 10

sentbyte Sent Bytes uint64 20

sentdelta Delta Sent Bytes uint64 20

sentpkt Sent Packets uint32 10

service Name of Service string 80

sessionid Session ID uint32 10

shaperdroprcvdbyte Received bytes dropped by shaper uint32 10

shaperdropsentbyte Sent bytes dropped by shaper uint32 10

shaperperipdropbyte Dropped bytes per IP by shaper uint32 10

FortiOS 6.4.7 Log Reference 1193


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

shaperperipname Traffic shaper name (per IP) string 36

shaperrcvdname Traffic shaper name for received traffic string 36

shapersentname Traffic shaper name for sent traffic string 36

shapingpolicyid Shaping Policy ID uint32 10

signal int8 4

snr int8 4

srccity string 64

srccountry Country name for Source IP string 64

srcdomain string 255

srcfamily string 66

srchwvendor string 66

srchwversion string 66

srcinetsvc Internet service name for the source string 64

srcintf Source interface name string 32

srcintfrole Source Interface's assigned role (LAN, WAN, etc.) string 10

srcip Source IP address ip 39

srcmac MAC address associated with the Source IP string 17

srcname Source name string 66

srcport Source protocol port number uint16 5

srcregion string 64

srcserver Source server uint8 3

srcssid Source SSID string 33

srcswversion string 66

srcuuid UUID of the Source Address Object string 37

sslaction Action taken by ssl-ssh-profile string 26

subtype Subtype of the traffic string 20

time Time string 8

trandisp NAT translation type string 16

tranip NAT Destination IP ip 39

tranport NAT Destination Port uint16 5

FortiOS 6.4.7 Log Reference 1194


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

transip NAT Source IP ip 39

transport NAT Source Protocol Port uint16 5

tunnelid uint32 10

type Log type string 16

tz Time zone string 5

unauthuser Unauthenticated user name string 66

unauthusersource The method used to detect unauthenticated user name string 66

url URL string 512

user User name string 256

utmaction Security action performed by UTM string 32

vd Virtual domain name string 32

vpn The name of the VPN tunnel string 32

vpntype The type of the VPN tunnel string 14

vrf Virtual router forwarding uint8 3

vwlid Virtual Wan Link (SD-WAN) service id uint32 10

vwlname string 36

vwlquality Quality info of the service rule that is matched by traffic string 320

vwlservice Application that is matched by the traffic (internet-service- string 64


app-ctrl)

vwpvlanid Virtual Wire Pair vlan id uint32 10

wanin WAN incoming traffic in bytes uint64 20

wanoptapptype WAN Optimization Application type string 9

wanout WAN outgoing traffic in bytes uint64 20

10 - LOG_ID_TRAFFIC_EXPLICIT_PROXY

Message ID: 10
Message Description: LOG_ID_TRAFFIC_EXPLICIT_PROXY
Message Meaning: Explicit proxy traffic
Type: Traffic
Category: FORWARD
Severity: Notice

FortiOS 6.4.7 Log Reference 1195


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

action The status of the session: deny - Session was denied string 16
accept - Allowed Forward session start - Session starts (log
message was created when the session was created) dns -
DNS query return error ip-conn - Failed connection attempts
close - Local-traffic session allowed timeout - Allowed
session was timeout client-rst - Session reset by client
server-rst - Session reset by server

agent User agent - eg. agent="Mozilla/5.0" string 64

ap Access Point name string 36

app Application name string 96

appact The security action from app control string 16

appcat Application category string 64

appid Application ID uint32 10

applist Application Control profile (name) string 64

apprisk Application Risk Level string 16

apsn Access Point serial number string 36

authserver Remote Authentication server string 64

centralnatid central-snat-map id uint32 10

channel WiFi Channel uint32 10

comment Customized policy comment string 1024

countapp Number of App Ctrl logs associated with the session uint32 10

countav Number of AV logs associated with the session uint32 10

countcifs uint32 10

countdlp Number of DLP logs associated with the session uint32 10

countdns Number of DNS Query logs associated with the session uint32 10

countemail Number of Email logs associated with the session uint32 10

countff uint32 10

counticap uint32 10

countips Number of IPS logs associated with the session uint32 10

countssh Number of SSH logs associated with the session uint32 10

countssl uint32 10

countwaf Number of WAF logs associated with the session uint32 10

FortiOS 6.4.7 Log Reference 1196


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

countweb Number of Web Filter logs associated with the session uint32 10

craction Action performed by Threat Weight uint32 10

crlevel Threat Weight level string 10

crscore Threat Weight score uint32 10

date Date string 10

devid Device Serial Number string 16

devtype Device Type string 66

dstauthserver string 32

dstcity string 64

dstcountry Country name for the destination IP string 64

dstdevtype Destination Device Type string 66

dstfamily string 66

dsthwvendor string 66

dsthwversion string 66

dstinetsvc Internet service name for the destination string 64

dstintf Destination Interface string 32

dstintfrole Destination Interface's assigned role (LAN, WAN, etc.) string 10

dstip Destination IP Address ip 39

dstmac Destination Mac Address string 17

dstname Destination name string 66

dstosname Destination OS name string 66

dstport Destination Protocol Port Number uint16 5

dstregion string 64

dstserver Destination Server uint8 3

dstssid Destination SSID string 33

dstswversion string 66

dstunauthuser string 66

dstunauthusersource string 66

dstuser string 256

dstuuid UUID of the Destination Address Object string 37

FortiOS 6.4.7 Log Reference 1197


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

duration Duration of the session uint32 10

eventtime Epoch time in nanoseconds uint64 20

fctuid FortiClient UID string 32

group User group name string 64

identifier uint16 5

lanin LAN incoming traffic in bytes uint64 20

lanout LAN outgoing traffic in bytes uint64 20

level Log Level string 11

logid Log ID string 10

masterdstmac Destination master MAC address string 17

mastersrcmac The master MAC address for a host that has multiple string 17
network interfaces

msg Log message string 64

osname Name of the device's OS string 66

policyid Firewall Policy ID uint32 10

policyname Policy name string 36

policytype Policy type string 24

poluuid UUID of the Firewall Policy string 37

proto Protocol Number uint8 3

radioband Radio Band string 64

rcvdbyte Received Bytes uint64 20

rcvddelta Delta Received Bytes uint64 20

rcvdpkt Received Packets uint32 10

sentbyte Sent Bytes uint64 20

sentdelta Delta Sent Bytes uint64 20

sentpkt Sent Packets uint32 10

service Name of Service string 80

sessionid Session ID uint32 10

shaperdroprcvdbyte Received bytes dropped by shaper uint32 10

shaperdropsentbyte Sent bytes dropped by shaper uint32 10

shaperperipdropbyte Dropped bytes per IP by shaper uint32 10

FortiOS 6.4.7 Log Reference 1198


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

shaperperipname Traffic shaper name (per IP) string 36

shaperrcvdname Traffic shaper name for received traffic string 36

shapersentname Traffic shaper name for sent traffic string 36

shapingpolicyid Shaping Policy ID uint32 10

signal int8 4

snr int8 4

srccity string 64

srccountry Country name for Source IP string 64

srcdomain string 255

srcfamily string 66

srchwvendor string 66

srchwversion string 66

srcinetsvc Internet service name for the source string 64

srcintf Source interface name string 32

srcintfrole Source Interface's assigned role (LAN, WAN, etc.) string 10

srcip Source IP address ip 39

srcmac MAC address associated with the Source IP string 17

srcname Source name string 66

srcport Source protocol port number uint16 5

srcregion string 64

srcserver Source server uint8 3

srcssid Source SSID string 33

srcswversion string 66

srcuuid UUID of the Source Address Object string 37

sslaction Action taken by ssl-ssh-profile string 26

subtype Subtype of the traffic string 20

time Time string 8

trandisp NAT translation type string 16

tranip NAT Destination IP ip 39

tranport NAT Destination Port uint16 5

FortiOS 6.4.7 Log Reference 1199


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

transip NAT Source IP ip 39

transport NAT Source Protocol Port uint16 5

tunnelid uint32 10

type Log type string 16

tz Time zone string 5

unauthuser Unauthenticated user name string 66

unauthusersource The method used to detect unauthenticated user name string 66

url URL string 512

user User name string 256

utmaction Security action performed by UTM string 32

vd Virtual domain name string 32

vpn The name of the VPN tunnel string 32

vpntype The type of the VPN tunnel string 14

vrf Virtual router forwarding uint8 3

vwlid Virtual Wan Link (SD-WAN) service id uint32 10

vwlname string 36

vwlquality Quality info of the service rule that is matched by traffic string 320

vwlservice Application that is matched by the traffic (internet-service- string 64


app-ctrl)

vwpvlanid Virtual Wire Pair vlan id uint32 10

wanin WAN incoming traffic in bytes uint64 20

wanoptapptype WAN Optimization Application type string 9

wanout WAN outgoing traffic in bytes uint64 20

11 - LOG_ID_TRAFFIC_FAIL_CONN

Message ID: 11
Message Description: LOG_ID_TRAFFIC_FAIL_CONN
Message Meaning: Failed connection attempts
Type: Traffic
Category: FORWARD
Severity: Warning

FortiOS 6.4.7 Log Reference 1200


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

action The status of the session: deny - Session was denied string 16
accept - Allowed Forward session start - Session starts (log
message was created when the session was created) dns -
DNS query return error ip-conn - Failed connection attempts
close - Local-traffic session allowed timeout - Allowed
session was timeout client-rst - Session reset by client
server-rst - Session reset by server

agent User agent - eg. agent="Mozilla/5.0" string 64

ap Access Point name string 36

app Application name string 96

appact The security action from app control string 16

appcat Application category string 64

appid Application ID uint32 10

applist Application Control profile (name) string 64

apprisk Application Risk Level string 16

apsn Access Point serial number string 36

authserver Remote Authentication server string 64

centralnatid central-snat-map id uint32 10

channel WiFi Channel uint32 10

comment Customized policy comment string 1024

craction Action performed by Threat Weight uint32 10

crlevel Threat Weight level string 10

crscore Threat Weight score uint32 10

date Date string 10

devid Device Serial Number string 16

devtype Device Type string 66

dstauthserver string 32

dstcity string 64

dstcountry Country name for the destination IP string 64

dstdevtype Destination Device Type string 66

dstfamily string 66

dsthwvendor string 66

FortiOS 6.4.7 Log Reference 1201


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

dsthwversion string 66

dstinetsvc Internet service name for the destination string 64

dstintf Destination Interface string 32

dstintfrole Destination Interface's assigned role (LAN, WAN, etc.) string 10

dstip Destination IP Address ip 39

dstmac Destination Mac Address string 17

dstname Destination name string 66

dstosname Destination OS name string 66

dstport Destination Protocol Port Number uint16 5

dstregion string 64

dstserver Destination Server uint8 3

dstssid Destination SSID string 33

dstswversion string 66

dstunauthuser string 66

dstunauthusersource string 66

dstuser string 256

dstuuid UUID of the Destination Address Object string 37

duration Duration of the session uint32 10

eventtime Epoch time in nanoseconds uint64 20

fctuid FortiClient UID string 32

group User group name string 64

identifier uint16 5

lanin LAN incoming traffic in bytes uint64 20

lanout LAN outgoing traffic in bytes uint64 20

level Log Level string 11

logid Log ID string 10

masterdstmac Destination master MAC address string 17

mastersrcmac The master MAC address for a host that has multiple string 17
network interfaces

msg Log message string 64

osname Name of the device's OS string 66

FortiOS 6.4.7 Log Reference 1202


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

policyid Firewall Policy ID uint32 10

policyname Policy name string 36

policytype Policy type string 24

poluuid UUID of the Firewall Policy string 37

proto Protocol Number uint8 3

radioband Radio Band string 64

rcvdbyte Received Bytes uint64 20

rcvddelta Delta Received Bytes uint64 20

rcvdpkt Received Packets uint32 10

sentbyte Sent Bytes uint64 20

sentdelta Delta Sent Bytes uint64 20

sentpkt Sent Packets uint32 10

service Name of Service string 80

sessionid Session ID uint32 10

shaperdroprcvdbyte Received bytes dropped by shaper uint32 10

shaperdropsentbyte Sent bytes dropped by shaper uint32 10

shaperperipdropbyte Dropped bytes per IP by shaper uint32 10

shaperperipname Traffic shaper name (per IP) string 36

shaperrcvdname Traffic shaper name for received traffic string 36

shapersentname Traffic shaper name for sent traffic string 36

shapingpolicyid Shaping Policy ID uint32 10

signal int8 4

snr int8 4

srccity string 64

srccountry Country name for Source IP string 64

srcdomain string 255

srcfamily string 66

srchwvendor string 66

srchwversion string 66

srcinetsvc Internet service name for the source string 64

FortiOS 6.4.7 Log Reference 1203


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

srcintf Source interface name string 32

srcintfrole Source Interface's assigned role (LAN, WAN, etc.) string 10

srcip Source IP address ip 39

srcmac MAC address associated with the Source IP string 17

srcname Source name string 66

srcport Source protocol port number uint16 5

srcregion string 64

srcserver Source server uint8 3

srcssid Source SSID string 33

srcswversion string 66

srcuuid UUID of the Source Address Object string 37

sslaction Action taken by ssl-ssh-profile string 26

subtype Subtype of the traffic string 20

time Time string 8

trandisp NAT translation type string 16

tranip NAT Destination IP ip 39

tranport NAT Destination Port uint16 5

transip NAT Source IP ip 39

transport NAT Source Protocol Port uint16 5

tunnelid uint32 10

type Log type string 16

tz Time zone string 5

unauthuser Unauthenticated user name string 66

unauthusersource The method used to detect unauthenticated user name string 66

url URL string 512

user User name string 256

utmaction Security action performed by UTM string 32

vd Virtual domain name string 32

vpn The name of the VPN tunnel string 32

vpntype The type of the VPN tunnel string 14

FortiOS 6.4.7 Log Reference 1204


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

vrf Virtual router forwarding uint8 3

vwlid Virtual Wan Link (SD-WAN) service id uint32 10

vwlname string 36

vwlquality Quality info of the service rule that is matched by traffic string 320

vwlservice Application that is matched by the traffic (internet-service- string 64


app-ctrl)

vwpvlanid Virtual Wire Pair vlan id uint32 10

wanin WAN incoming traffic in bytes uint64 20

wanoptapptype WAN Optimization Application type string 9

wanout WAN outgoing traffic in bytes uint64 20

12 - LOG_ID_TRAFFIC_MULTICAST

Message ID: 12
Message Description: LOG_ID_TRAFFIC_MULTICAST
Message Meaning: Multicast traffic
Type: Traffic
Category: MULTICAST
Severity: Notice

Log Field Name Description Data Type Length

action The status of the session: deny - Session was denied string 16
accept - Allowed Forward session start - Session starts (log
message was created when the session was created) dns -
DNS query return error ip-conn - Failed connection attempts
close - Local-traffic session allowed timeout - Allowed
session was timeout client-rst - Session reset by client
server-rst - Session reset by server

agent User agent - eg. agent="Mozilla/5.0" string 64

ap Access Point name string 36

app Application name string 96

appact The security action from app control string 16

appcat Application category string 64

appid Application ID uint32 10

applist Application Control profile (name) string 64

FortiOS 6.4.7 Log Reference 1205


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

apprisk Application Risk Level string 16

apsn Access Point serial number string 36

authserver Remote Authentication server string 64

centralnatid central-snat-map id uint32 10

channel WiFi Channel uint32 10

comment Customized policy comment string 1024

craction Action performed by Threat Weight uint32 10

crlevel Threat Weight level string 10

crscore Threat Weight score uint32 10

date Date string 10

devid Device Serial Number string 16

devtype Device Type string 66

dstauthserver string 32

dstcity string 64

dstcountry Country name for the destination IP string 64

dstdevtype Destination Device Type string 66

dstfamily string 66

dsthwvendor string 66

dsthwversion string 66

dstinetsvc Internet service name for the destination string 64

dstintf Destination Interface string 32

dstintfrole Destination Interface's assigned role (LAN, WAN, etc.) string 10

dstip Destination IP Address ip 39

dstmac Destination Mac Address string 17

dstname Destination name string 66

dstosname Destination OS name string 66

dstport Destination Protocol Port Number uint16 5

dstregion string 64

dstserver Destination Server uint8 3

dstssid Destination SSID string 33

FortiOS 6.4.7 Log Reference 1206


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

dstswversion string 66

dstunauthuser string 66

dstunauthusersource string 66

dstuser string 256

dstuuid UUID of the Destination Address Object string 37

duration Duration of the session uint32 10

eventtime Epoch time in nanoseconds uint64 20

fctuid FortiClient UID string 32

group User group name string 64

identifier uint16 5

lanin LAN incoming traffic in bytes uint64 20

lanout LAN outgoing traffic in bytes uint64 20

level Log Level string 11

logid Log ID string 10

masterdstmac Destination master MAC address string 17

mastersrcmac The master MAC address for a host that has multiple string 17
network interfaces

msg Log message string 64

osname Name of the device's OS string 66

policyid Firewall Policy ID uint32 10

policyname Policy name string 36

policytype Policy type string 24

poluuid UUID of the Firewall Policy string 37

proto Protocol Number uint8 3

radioband Radio Band string 64

rcvdbyte Received Bytes uint64 20

rcvddelta Delta Received Bytes uint64 20

rcvdpkt Received Packets uint32 10

sentbyte Sent Bytes uint64 20

sentdelta Delta Sent Bytes uint64 20

sentpkt Sent Packets uint32 10

FortiOS 6.4.7 Log Reference 1207


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

service Name of Service string 80

sessionid Session ID uint32 10

shaperdroprcvdbyte Received bytes dropped by shaper uint32 10

shaperdropsentbyte Sent bytes dropped by shaper uint32 10

shaperperipdropbyte Dropped bytes per IP by shaper uint32 10

shaperperipname Traffic shaper name (per IP) string 36

shaperrcvdname Traffic shaper name for received traffic string 36

shapersentname Traffic shaper name for sent traffic string 36

shapingpolicyid Shaping Policy ID uint32 10

signal int8 4

snr int8 4

srccity string 64

srccountry Country name for Source IP string 64

srcdomain string 255

srcfamily string 66

srchwvendor string 66

srchwversion string 66

srcinetsvc Internet service name for the source string 64

srcintf Source interface name string 32

srcintfrole Source Interface's assigned role (LAN, WAN, etc.) string 10

srcip Source IP address ip 39

srcmac MAC address associated with the Source IP string 17

srcname Source name string 66

srcport Source protocol port number uint16 5

srcregion string 64

srcserver Source server uint8 3

srcssid Source SSID string 33

srcswversion string 66

srcuuid UUID of the Source Address Object string 37

sslaction Action taken by ssl-ssh-profile string 26

FortiOS 6.4.7 Log Reference 1208


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

subtype Subtype of the traffic string 20

time Time string 8

trandisp NAT translation type string 16

tranip NAT Destination IP ip 39

tranport NAT Destination Port uint16 5

transip NAT Source IP ip 39

transport NAT Source Protocol Port uint16 5

tunnelid uint32 10

type Log type string 16

tz Time zone string 5

unauthuser Unauthenticated user name string 66

unauthusersource The method used to detect unauthenticated user name string 66

url URL string 512

user User name string 256

utmaction Security action performed by UTM string 32

vd Virtual domain name string 32

vpn The name of the VPN tunnel string 32

vpntype The type of the VPN tunnel string 14

vrf Virtual router forwarding uint8 3

vwlid Virtual Wan Link (SD-WAN) service id uint32 10

vwlname string 36

vwlquality Quality info of the service rule that is matched by traffic string 320

vwlservice Application that is matched by the traffic (internet-service- string 64


app-ctrl)

vwpvlanid Virtual Wire Pair vlan id uint32 10

wanin WAN incoming traffic in bytes uint64 20

wanoptapptype WAN Optimization Application type string 9

wanout WAN outgoing traffic in bytes uint64 20

13 - LOG_ID_TRAFFIC_END_FORWARD

Message ID: 13
Message Description: LOG_ID_TRAFFIC_END_FORWARD

FortiOS 6.4.7 Log Reference 1209


Fortinet, Inc.
Log Messages

Message Meaning: Forward traffic


Type: Traffic
Category: FORWARD
Severity: Notice

Log Field Name Description Data Type Length

action The status of the session: deny - Session was denied string 16
accept - Allowed Forward session start - Session starts (log
message was created when the session was created) dns -
DNS query return error ip-conn - Failed connection attempts
close - Local-traffic session allowed timeout - Allowed
session was timeout client-rst - Session reset by client
server-rst - Session reset by server

agent User agent - eg. agent="Mozilla/5.0" string 64

ap Access Point name string 36

app Application name string 96

appact The security action from app control string 16

appcat Application category string 64

appid Application ID uint32 10

applist Application Control profile (name) string 64

apprisk Application Risk Level string 16

apsn Access Point serial number string 36

authserver Remote Authentication server string 64

centralnatid central-snat-map id uint32 10

channel WiFi Channel uint32 10

comment Customized policy comment string 1024

countapp Number of App Ctrl logs associated with the session uint32 10

countav Number of AV logs associated with the session uint32 10

countcifs uint32 10

countdlp Number of DLP logs associated with the session uint32 10

countdns Number of DNS Query logs associated with the session uint32 10

countemail Number of Email logs associated with the session uint32 10

countff uint32 10

counticap uint32 10

countips Number of IPS logs associated with the session uint32 10

FortiOS 6.4.7 Log Reference 1210


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

countssh Number of SSH logs associated with the session uint32 10

countssl uint32 10

countwaf Number of WAF logs associated with the session uint32 10

countweb Number of Web Filter logs associated with the session uint32 10

craction Action performed by Threat Weight uint32 10

crlevel Threat Weight level string 10

crscore Threat Weight score uint32 10

date Date string 10

devid Device Serial Number string 16

devtype Device Type string 66

dstauthserver string 32

dstcity string 64

dstcountry Country name for the destination IP string 64

dstdevtype Destination Device Type string 66

dstfamily string 66

dsthwvendor string 66

dsthwversion string 66

dstinetsvc Internet service name for the destination string 64

dstintf Destination Interface string 32

dstintfrole Destination Interface's assigned role (LAN, WAN, etc.) string 10

dstip Destination IP Address ip 39

dstmac Destination Mac Address string 17

dstname Destination name string 66

dstosname Destination OS name string 66

dstport Destination Protocol Port Number uint16 5

dstregion string 64

dstserver Destination Server uint8 3

dstssid Destination SSID string 33

dstswversion string 66

dstunauthuser string 66

FortiOS 6.4.7 Log Reference 1211


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

dstunauthusersource string 66

dstuser string 256

dstuuid UUID of the Destination Address Object string 37

duration Duration of the session uint32 10

eventtime Epoch time in nanoseconds uint64 20

fctuid FortiClient UID string 32

group User group name string 64

identifier uint16 5

lanin LAN incoming traffic in bytes uint64 20

lanout LAN outgoing traffic in bytes uint64 20

level Log Level string 11

logid Log ID string 10

masterdstmac Destination master MAC address string 17

mastersrcmac The master MAC address for a host that has multiple string 17
network interfaces

msg Log message string 64

osname Name of the device's OS string 66

policyid Firewall Policy ID uint32 10

policyname Policy name string 36

policytype Policy type string 24

poluuid UUID of the Firewall Policy string 37

proto Protocol Number uint8 3

radioband Radio Band string 64

rcvdbyte Received Bytes uint64 20

rcvddelta Delta Received Bytes uint64 20

rcvdpkt Received Packets uint32 10

sentbyte Sent Bytes uint64 20

sentdelta Delta Sent Bytes uint64 20

sentpkt Sent Packets uint32 10

service Name of Service string 80

sessionid Session ID uint32 10

FortiOS 6.4.7 Log Reference 1212


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

shaperdroprcvdbyte Received bytes dropped by shaper uint32 10

shaperdropsentbyte Sent bytes dropped by shaper uint32 10

shaperperipdropbyte Dropped bytes per IP by shaper uint32 10

shaperperipname Traffic shaper name (per IP) string 36

shaperrcvdname Traffic shaper name for received traffic string 36

shapersentname Traffic shaper name for sent traffic string 36

shapingpolicyid Shaping Policy ID uint32 10

signal int8 4

snr int8 4

srccity string 64

srccountry Country name for Source IP string 64

srcdomain string 255

srcfamily string 66

srchwvendor string 66

srchwversion string 66

srcinetsvc Internet service name for the source string 64

srcintf Source interface name string 32

srcintfrole Source Interface's assigned role (LAN, WAN, etc.) string 10

srcip Source IP address ip 39

srcmac MAC address associated with the Source IP string 17

srcname Source name string 66

srcport Source protocol port number uint16 5

srcregion string 64

srcserver Source server uint8 3

srcssid Source SSID string 33

srcswversion string 66

srcuuid UUID of the Source Address Object string 37

sslaction Action taken by ssl-ssh-profile string 26

subtype Subtype of the traffic string 20

time Time string 8

FortiOS 6.4.7 Log Reference 1213


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

trandisp NAT translation type string 16

tranip NAT Destination IP ip 39

tranport NAT Destination Port uint16 5

transip NAT Source IP ip 39

transport NAT Source Protocol Port uint16 5

tunnelid uint32 10

type Log type string 16

tz Time zone string 5

unauthuser Unauthenticated user name string 66

unauthusersource The method used to detect unauthenticated user name string 66

url URL string 512

user User name string 256

utmaction Security action performed by UTM string 32

vd Virtual domain name string 32

vpn The name of the VPN tunnel string 32

vpntype The type of the VPN tunnel string 14

vrf Virtual router forwarding uint8 3

vwlid Virtual Wan Link (SD-WAN) service id uint32 10

vwlname string 36

vwlquality Quality info of the service rule that is matched by traffic string 320

vwlservice Application that is matched by the traffic (internet-service- string 64


app-ctrl)

vwpvlanid Virtual Wire Pair vlan id uint32 10

wanin WAN incoming traffic in bytes uint64 20

wanoptapptype WAN Optimization Application type string 9

wanout WAN outgoing traffic in bytes uint64 20

14 - LOG_ID_TRAFFIC_END_LOCAL

Message ID: 14
Message Description: LOG_ID_TRAFFIC_END_LOCAL
Message Meaning: Local traffic
Type: Traffic

FortiOS 6.4.7 Log Reference 1214


Fortinet, Inc.
Log Messages

Category: LOCAL
Severity: Notice

Log Field Name Description Data Type Length

action The status of the session: deny - Session was denied string 16
accept - Allowed Forward session start - Session starts (log
message was created when the session was created) dns -
DNS query return error ip-conn - Failed connection attempts
close - Local-traffic session allowed timeout - Allowed
session was timeout client-rst - Session reset by client
server-rst - Session reset by server

agent User agent - eg. agent="Mozilla/5.0" string 64

ap Access Point name string 36

app Application name string 96

appact The security action from app control string 16

appcat Application category string 64

appid Application ID uint32 10

applist Application Control profile (name) string 64

apprisk Application Risk Level string 16

apsn Access Point serial number string 36

authserver Remote Authentication server string 64

centralnatid central-snat-map id uint32 10

channel WiFi Channel uint32 10

comment Customized policy comment string 1024

craction Action performed by Threat Weight uint32 10

crlevel Threat Weight level string 10

crscore Threat Weight score uint32 10

date Date string 10

devid Device Serial Number string 16

devtype Device Type string 66

dstauthserver string 32

dstcity string 64

dstcountry Country name for the destination IP string 64

dstdevtype Destination Device Type string 66

dstfamily string 66

FortiOS 6.4.7 Log Reference 1215


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

dsthwvendor string 66

dsthwversion string 66

dstinetsvc Internet service name for the destination string 64

dstintf Destination Interface string 32

dstintfrole Destination Interface's assigned role (LAN, WAN, etc.) string 10

dstip Destination IP Address ip 39

dstmac Destination Mac Address string 17

dstname Destination name string 66

dstosname Destination OS name string 66

dstport Destination Protocol Port Number uint16 5

dstregion string 64

dstserver Destination Server uint8 3

dstssid Destination SSID string 33

dstswversion string 66

dstunauthuser string 66

dstunauthusersource string 66

dstuser string 256

dstuuid UUID of the Destination Address Object string 37

duration Duration of the session uint32 10

eventtime Epoch time in nanoseconds uint64 20

fctuid FortiClient UID string 32

group User group name string 64

identifier uint16 5

lanin LAN incoming traffic in bytes uint64 20

lanout LAN outgoing traffic in bytes uint64 20

level Log Level string 11

logid Log ID string 10

masterdstmac Destination master MAC address string 17

mastersrcmac The master MAC address for a host that has multiple string 17
network interfaces

msg Log message string 64

FortiOS 6.4.7 Log Reference 1216


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

osname Name of the device's OS string 66

policyid Firewall Policy ID uint32 10

policyname Policy name string 36

policytype Policy type string 24

poluuid UUID of the Firewall Policy string 37

proto Protocol Number uint8 3

radioband Radio Band string 64

rcvdbyte Received Bytes uint64 20

rcvddelta Delta Received Bytes uint64 20

rcvdpkt Received Packets uint32 10

sentbyte Sent Bytes uint64 20

sentdelta Delta Sent Bytes uint64 20

sentpkt Sent Packets uint32 10

service Name of Service string 80

sessionid Session ID uint32 10

shaperdroprcvdbyte Received bytes dropped by shaper uint32 10

shaperdropsentbyte Sent bytes dropped by shaper uint32 10

shaperperipdropbyte Dropped bytes per IP by shaper uint32 10

shaperperipname Traffic shaper name (per IP) string 36

shaperrcvdname Traffic shaper name for received traffic string 36

shapersentname Traffic shaper name for sent traffic string 36

shapingpolicyid Shaping Policy ID uint32 10

signal int8 4

snr int8 4

srccity string 64

srccountry Country name for Source IP string 64

srcdomain string 255

srcfamily string 66

srchwvendor string 66

srchwversion string 66

FortiOS 6.4.7 Log Reference 1217


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

srcinetsvc Internet service name for the source string 64

srcintf Source interface name string 32

srcintfrole Source Interface's assigned role (LAN, WAN, etc.) string 10

srcip Source IP address ip 39

srcmac MAC address associated with the Source IP string 17

srcname Source name string 66

srcport Source protocol port number uint16 5

srcregion string 64

srcserver Source server uint8 3

srcssid Source SSID string 33

srcswversion string 66

srcuuid UUID of the Source Address Object string 37

sslaction Action taken by ssl-ssh-profile string 26

subtype Subtype of the traffic string 20

time Time string 8

trandisp NAT translation type string 16

tranip NAT Destination IP ip 39

tranport NAT Destination Port uint16 5

transip NAT Source IP ip 39

transport NAT Source Protocol Port uint16 5

tunnelid uint32 10

type Log type string 16

tz Time zone string 5

unauthuser Unauthenticated user name string 66

unauthusersource The method used to detect unauthenticated user name string 66

url URL string 512

user User name string 256

utmaction Security action performed by UTM string 32

vd Virtual domain name string 32

vpn The name of the VPN tunnel string 32

FortiOS 6.4.7 Log Reference 1218


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

vpntype The type of the VPN tunnel string 14

vrf Virtual router forwarding uint8 3

vwlid Virtual Wan Link (SD-WAN) service id uint32 10

vwlname string 36

vwlquality Quality info of the service rule that is matched by traffic string 320

vwlservice Application that is matched by the traffic (internet-service- string 64


app-ctrl)

vwpvlanid Virtual Wire Pair vlan id uint32 10

wanin WAN incoming traffic in bytes uint64 20

wanoptapptype WAN Optimization Application type string 9

wanout WAN outgoing traffic in bytes uint64 20

15 - LOG_ID_TRAFFIC_START_FORWARD

Message ID: 15
Message Description: LOG_ID_TRAFFIC_START_FORWARD
Message Meaning: Forward traffic session start
Type: Traffic
Category: FORWARD
Severity: Notice

Log Field Name Description Data Type Length

action The status of the session: deny - Session was denied string 16
accept - Allowed Forward session start - Session starts (log
message was created when the session was created) dns -
DNS query return error ip-conn - Failed connection attempts
close - Local-traffic session allowed timeout - Allowed
session was timeout client-rst - Session reset by client
server-rst - Session reset by server

agent User agent - eg. agent="Mozilla/5.0" string 64

ap Access Point name string 36

app Application name string 96

appact The security action from app control string 16

appcat Application category string 64

appid Application ID uint32 10

FortiOS 6.4.7 Log Reference 1219


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

applist Application Control profile (name) string 64

apprisk Application Risk Level string 16

apsn Access Point serial number string 36

authserver Remote Authentication server string 64

centralnatid central-snat-map id uint32 10

channel WiFi Channel uint32 10

comment Customized policy comment string 1024

craction Action performed by Threat Weight uint32 10

crlevel Threat Weight level string 10

crscore Threat Weight score uint32 10

date Date string 10

devid Device Serial Number string 16

devtype Device Type string 66

dstauthserver string 32

dstcity string 64

dstcountry Country name for the destination IP string 64

dstdevtype Destination Device Type string 66

dstfamily string 66

dsthwvendor string 66

dsthwversion string 66

dstinetsvc Internet service name for the destination string 64

dstintf Destination Interface string 32

dstintfrole Destination Interface's assigned role (LAN, WAN, etc.) string 10

dstip Destination IP Address ip 39

dstmac Destination Mac Address string 17

dstname Destination name string 66

dstosname Destination OS name string 66

dstport Destination Protocol Port Number uint16 5

dstregion string 64

dstserver Destination Server uint8 3

FortiOS 6.4.7 Log Reference 1220


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

dstssid Destination SSID string 33

dstswversion string 66

dstunauthuser string 66

dstunauthusersource string 66

dstuser string 256

dstuuid UUID of the Destination Address Object string 37

duration Duration of the session uint32 10

eventtime Epoch time in nanoseconds uint64 20

fctuid FortiClient UID string 32

group User group name string 64

identifier uint16 5

lanin LAN incoming traffic in bytes uint64 20

lanout LAN outgoing traffic in bytes uint64 20

level Log Level string 11

logid Log ID string 10

masterdstmac Destination master MAC address string 17

mastersrcmac The master MAC address for a host that has multiple string 17
network interfaces

msg Log message string 64

osname Name of the device's OS string 66

policyid Firewall Policy ID uint32 10

policyname Policy name string 36

policytype Policy type string 24

poluuid UUID of the Firewall Policy string 37

proto Protocol Number uint8 3

radioband Radio Band string 64

rcvdbyte Received Bytes uint64 20

rcvddelta Delta Received Bytes uint64 20

rcvdpkt Received Packets uint32 10

sentbyte Sent Bytes uint64 20

sentdelta Delta Sent Bytes uint64 20

FortiOS 6.4.7 Log Reference 1221


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

sentpkt Sent Packets uint32 10

service Name of Service string 80

sessionid Session ID uint32 10

shaperdroprcvdbyte Received bytes dropped by shaper uint32 10

shaperdropsentbyte Sent bytes dropped by shaper uint32 10

shaperperipdropbyte Dropped bytes per IP by shaper uint32 10

shaperperipname Traffic shaper name (per IP) string 36

shaperrcvdname Traffic shaper name for received traffic string 36

shapersentname Traffic shaper name for sent traffic string 36

shapingpolicyid Shaping Policy ID uint32 10

signal int8 4

snr int8 4

srccity string 64

srccountry Country name for Source IP string 64

srcdomain string 255

srcfamily string 66

srchwvendor string 66

srchwversion string 66

srcinetsvc Internet service name for the source string 64

srcintf Source interface name string 32

srcintfrole Source Interface's assigned role (LAN, WAN, etc.) string 10

srcip Source IP address ip 39

srcmac MAC address associated with the Source IP string 17

srcname Source name string 66

srcport Source protocol port number uint16 5

srcregion string 64

srcserver Source server uint8 3

srcssid Source SSID string 33

srcswversion string 66

srcuuid UUID of the Source Address Object string 37

FortiOS 6.4.7 Log Reference 1222


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

sslaction Action taken by ssl-ssh-profile string 26

subtype Subtype of the traffic string 20

time Time string 8

trandisp NAT translation type string 16

tranip NAT Destination IP ip 39

tranport NAT Destination Port uint16 5

transip NAT Source IP ip 39

transport NAT Source Protocol Port uint16 5

tunnelid uint32 10

type Log type string 16

tz Time zone string 5

unauthuser Unauthenticated user name string 66

unauthusersource The method used to detect unauthenticated user name string 66

url URL string 512

user User name string 256

utmaction Security action performed by UTM string 32

vd Virtual domain name string 32

vpn The name of the VPN tunnel string 32

vpntype The type of the VPN tunnel string 14

vrf Virtual router forwarding uint8 3

vwlid Virtual Wan Link (SD-WAN) service id uint32 10

vwlname string 36

vwlquality Quality info of the service rule that is matched by traffic string 320

vwlservice Application that is matched by the traffic (internet-service- string 64


app-ctrl)

vwpvlanid Virtual Wire Pair vlan id uint32 10

wanin WAN incoming traffic in bytes uint64 20

wanoptapptype WAN Optimization Application type string 9

wanout WAN outgoing traffic in bytes uint64 20

16 - LOG_ID_TRAFFIC_START_LOCAL

Message ID: 16

FortiOS 6.4.7 Log Reference 1223


Fortinet, Inc.
Log Messages

Message Description: LOG_ID_TRAFFIC_START_LOCAL


Message Meaning: Local traffic session start
Type: Traffic
Category: LOCAL
Severity: Notice

Log Field Name Description Data Type Length

action The status of the session: deny - Session was denied string 16
accept - Allowed Forward session start - Session starts (log
message was created when the session was created) dns -
DNS query return error ip-conn - Failed connection attempts
close - Local-traffic session allowed timeout - Allowed
session was timeout client-rst - Session reset by client
server-rst - Session reset by server

agent User agent - eg. agent="Mozilla/5.0" string 64

ap Access Point name string 36

app Application name string 96

appact The security action from app control string 16

appcat Application category string 64

appid Application ID uint32 10

applist Application Control profile (name) string 64

apprisk Application Risk Level string 16

apsn Access Point serial number string 36

authserver Remote Authentication server string 64

centralnatid central-snat-map id uint32 10

channel WiFi Channel uint32 10

comment Customized policy comment string 1024

craction Action performed by Threat Weight uint32 10

crlevel Threat Weight level string 10

crscore Threat Weight score uint32 10

date Date string 10

devid Device Serial Number string 16

devtype Device Type string 66

dstauthserver string 32

dstcity string 64

FortiOS 6.4.7 Log Reference 1224


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

dstcountry Country name for the destination IP string 64

dstdevtype Destination Device Type string 66

dstfamily string 66

dsthwvendor string 66

dsthwversion string 66

dstinetsvc Internet service name for the destination string 64

dstintf Destination Interface string 32

dstintfrole Destination Interface's assigned role (LAN, WAN, etc.) string 10

dstip Destination IP Address ip 39

dstmac Destination Mac Address string 17

dstname Destination name string 66

dstosname Destination OS name string 66

dstport Destination Protocol Port Number uint16 5

dstregion string 64

dstserver Destination Server uint8 3

dstssid Destination SSID string 33

dstswversion string 66

dstunauthuser string 66

dstunauthusersource string 66

dstuser string 256

dstuuid UUID of the Destination Address Object string 37

duration Duration of the session uint32 10

eventtime Epoch time in nanoseconds uint64 20

fctuid FortiClient UID string 32

group User group name string 64

identifier uint16 5

lanin LAN incoming traffic in bytes uint64 20

lanout LAN outgoing traffic in bytes uint64 20

level Log Level string 11

logid Log ID string 10

FortiOS 6.4.7 Log Reference 1225


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

masterdstmac Destination master MAC address string 17

mastersrcmac The master MAC address for a host that has multiple string 17
network interfaces

msg Log message string 64

osname Name of the device's OS string 66

policyid Firewall Policy ID uint32 10

policyname Policy name string 36

policytype Policy type string 24

poluuid UUID of the Firewall Policy string 37

proto Protocol Number uint8 3

radioband Radio Band string 64

rcvdbyte Received Bytes uint64 20

rcvddelta Delta Received Bytes uint64 20

rcvdpkt Received Packets uint32 10

sentbyte Sent Bytes uint64 20

sentdelta Delta Sent Bytes uint64 20

sentpkt Sent Packets uint32 10

service Name of Service string 80

sessionid Session ID uint32 10

shaperdroprcvdbyte Received bytes dropped by shaper uint32 10

shaperdropsentbyte Sent bytes dropped by shaper uint32 10

shaperperipdropbyte Dropped bytes per IP by shaper uint32 10

shaperperipname Traffic shaper name (per IP) string 36

shaperrcvdname Traffic shaper name for received traffic string 36

shapersentname Traffic shaper name for sent traffic string 36

shapingpolicyid Shaping Policy ID uint32 10

signal int8 4

snr int8 4

srccity string 64

srccountry Country name for Source IP string 64

srcdomain string 255

FortiOS 6.4.7 Log Reference 1226


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

srcfamily string 66

srchwvendor string 66

srchwversion string 66

srcinetsvc Internet service name for the source string 64

srcintf Source interface name string 32

srcintfrole Source Interface's assigned role (LAN, WAN, etc.) string 10

srcip Source IP address ip 39

srcmac MAC address associated with the Source IP string 17

srcname Source name string 66

srcport Source protocol port number uint16 5

srcregion string 64

srcserver Source server uint8 3

srcssid Source SSID string 33

srcswversion string 66

srcuuid UUID of the Source Address Object string 37

sslaction Action taken by ssl-ssh-profile string 26

subtype Subtype of the traffic string 20

time Time string 8

trandisp NAT translation type string 16

tranip NAT Destination IP ip 39

tranport NAT Destination Port uint16 5

transip NAT Source IP ip 39

transport NAT Source Protocol Port uint16 5

tunnelid uint32 10

type Log type string 16

tz Time zone string 5

unauthuser Unauthenticated user name string 66

unauthusersource The method used to detect unauthenticated user name string 66

url URL string 512

user User name string 256

FortiOS 6.4.7 Log Reference 1227


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

utmaction Security action performed by UTM string 32

vd Virtual domain name string 32

vpn The name of the VPN tunnel string 32

vpntype The type of the VPN tunnel string 14

vrf Virtual router forwarding uint8 3

vwlid Virtual Wan Link (SD-WAN) service id uint32 10

vwlname string 36

vwlquality Quality info of the service rule that is matched by traffic string 320

vwlservice Application that is matched by the traffic (internet-service- string 64


app-ctrl)

vwpvlanid Virtual Wire Pair vlan id uint32 10

wanin WAN incoming traffic in bytes uint64 20

wanoptapptype WAN Optimization Application type string 9

wanout WAN outgoing traffic in bytes uint64 20

17 - LOG_ID_TRAFFIC_SNIFFER

Message ID: 17
Message Description: LOG_ID_TRAFFIC_SNIFFER
Message Meaning: Sniffer traffic
Type: Traffic
Category: SNIFFER
Severity: Notice

Log Field Name Description Data Type Length

action The status of the session: deny - Session was denied string 16
accept - Allowed Forward session start - Session starts (log
message was created when the session was created) dns -
DNS query return error ip-conn - Failed connection attempts
close - Local-traffic session allowed timeout - Allowed
session was timeout client-rst - Session reset by client
server-rst - Session reset by server

agent User agent - eg. agent="Mozilla/5.0" string 64

ap Access Point name string 36

app Application Name string 96

FortiOS 6.4.7 Log Reference 1228


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

appact The security action from app control string 16

appcat Application category string 64

appid Application ID uint32 10

applist Application Control profile (name) string 64

apprisk Application Risk Level string 16

apsn Access Point serial number string 36

authserver Remote Authentication server string 64

centralnatid central-snat-map id uint32 10

channel WiFi Channel uint32 10

comment Customized policy comment string 1024

countapp Number of App Ctrl logs associated with the session uint32 10

countav Number of AV logs associated with the session uint32 10

countcifs uint32 10

countdlp Number of DLP logs associated with the session uint32 10

countdns Number of DNS Query logs associated with the session uint32 10

countemail Number of Email logs associated with the session uint32 10

countff uint32 10

counticap uint32 10

countips Number of IPS logs associated with the session uint32 10

countssh Number of SSH logs associated with the session uint32 10

countssl uint32 10

countwaf Number of WAF logs associated with the session uint32 10

countweb Number of Web Filter logs associated with the session uint32 10

craction Action performed by Threat Weight uint32 10

crlevel Threat Weight level string 10

crscore Threat Weight score uint32 10

date Date string 10

devid Device Serial Number string 16

devtype Device Type string 66

dstauthserver string 32

FortiOS 6.4.7 Log Reference 1229


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

dstcity string 64

dstcountry Country name for the destination IP string 64

dstdevtype Destination Device Type string 66

dstfamily string 66

dsthwvendor string 66

dsthwversion string 66

dstinetsvc Internet service name for the destination string 64

dstintf Destination Interface string 32

dstintfrole Destination Interface's assigned role (LAN, WAN, etc.) string 10

dstip Destination IP Address ip 39

dstmac Destination Mac Address string 17

dstname Destination name string 66

dstosname Destination OS name string 66

dstport Destination Protocol Port Number uint16 5

dstregion string 64

dstserver Destination Server uint8 3

dstssid Destination SSID string 33

dstswversion string 66

dstunauthuser string 66

dstunauthusersource string 66

dstuser string 256

dstuuid UUID of the Destination Address Object string 37

duration Duration of the session uint32 10

eventtime Epoch time in nanoseconds uint64 20

fctuid FortiClient UID string 32

group User group name string 64

identifier uint16 5

lanin LAN incoming traffic in bytes uint64 20

lanout LAN outgoing traffic in bytes uint64 20

level Log Level string 11

FortiOS 6.4.7 Log Reference 1230


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

logid Log ID string 10

masterdstmac Destination master MAC address string 17

mastersrcmac The master MAC address for a host that has multiple string 17
network interfaces

msg Log message string 64

osname Name of the device's OS string 66

policyid Firewall Policy ID uint32 10

policyname Policy name string 36

policytype Policy type string 24

poluuid UUID of the Firewall Policy string 37

proto Protocol Number uint8 3

radioband Radio Band string 64

rcvdbyte Received Bytes uint64 20

rcvddelta Delta Received Bytes uint64 20

rcvdpkt Received Packets uint32 10

sentbyte Sent Bytes uint64 20

sentdelta Delta Sent Bytes uint64 20

sentpkt Sent Packets uint32 10

service Name of Service string 80

sessionid Session ID uint32 10

shaperdroprcvdbyte Received bytes dropped by shaper uint32 10

shaperdropsentbyte Sent bytes dropped by shaper uint32 10

shaperperipdropbyte Dropped bytes per IP by shaper uint32 10

shaperperipname Traffic shaper name (per IP) string 36

shaperrcvdname Traffic shaper name for received traffic string 36

shapersentname Traffic shaper name for sent traffic string 36

shapingpolicyid Shaping Policy ID uint32 10

signal int8 4

snr int8 4

srccity string 64

srccountry Country name for Source IP string 64

FortiOS 6.4.7 Log Reference 1231


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

srcdomain string 255

srcfamily string 66

srchwvendor string 66

srchwversion string 66

srcinetsvc Internet service name for the source string 64

srcintf Source interface name string 32

srcintfrole Source Interface's assigned role (LAN, WAN, etc.) string 10

srcip Source IP address ip 39

srcmac MAC address associated with the Source IP string 17

srcname Source name string 66

srcport Source protocol port number uint16 5

srcregion string 64

srcserver Source server uint8 3

srcssid Source SSID string 33

srcswversion string 66

srcuuid UUID of the Source Address Object string 37

sslaction Action taken by ssl-ssh-profile string 26

subtype Subtype of the traffic string 20

time Time string 8

trandisp NAT translation type string 16

tranip NAT Destination IP ip 39

tranport NAT Destination Port uint16 5

transip NAT Source IP ip 39

transport NAT Source Protocol Port uint16 5

tunnelid uint32 10

type Log type string 16

tz Time zone string 5

unauthuser Unauthenticated user name string 66

unauthusersource The method used to detect unauthenticated user name string 66

url URL string 512

FortiOS 6.4.7 Log Reference 1232


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

user User name string 256

utmaction Security action performed by UTM string 32

vd Virtual domain name string 32

vpn The name of the VPN tunnel string 32

vpntype The type of the VPN tunnel string 14

vrf Virtual router forwarding uint8 3

vwlid Virtual Wan Link (SD-WAN) service id uint32 10

vwlname string 36

vwlquality Quality info of the service rule that is matched by traffic string 320

vwlservice Application that is matched by the traffic (internet-service- string 64


app-ctrl)

vwpvlanid Virtual Wire Pair vlan id uint32 10

wanin WAN incoming traffic in bytes uint64 20

wanoptapptype WAN Optimization Application type string 9

wanout WAN outgoing traffic in bytes uint64 20

19 - LOG_ID_TRAFFIC_BROADCAST

Message ID: 19
Message Description: LOG_ID_TRAFFIC_BROADCAST
Message Meaning: Broadcast traffic
Type: Traffic
Category: MULTICAST
Severity: Notice

Log Field Name Description Data Type Length

action The status of the session: deny - Session was denied string 16
accept - Allowed Forward session start - Session starts (log
message was created when the session was created) dns -
DNS query return error ip-conn - Failed connection attempts
close - Local-traffic session allowed timeout - Allowed
session was timeout client-rst - Session reset by client
server-rst - Session reset by server

agent User agent - eg. agent="Mozilla/5.0" string 64

ap Access Point name string 36

FortiOS 6.4.7 Log Reference 1233


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

app Application name string 96

appact The security action from app control string 16

appcat Application category string 64

appid Application ID uint32 10

applist Application Control profile (name) string 64

apprisk Application Risk Level string 16

apsn Access Point serial number string 36

authserver Remote Authentication server string 64

centralnatid central-snat-map id uint32 10

channel WiFi Channel uint32 10

comment Customized policy comment string 1024

craction Action performed by Threat Weight uint32 10

crlevel Threat Weight level string 10

crscore Threat Weight score uint32 10

date Date string 10

devid Device Serial Number string 16

devtype Device Type string 66

dstauthserver string 32

dstcity string 64

dstcountry Country name for the destination IP string 64

dstdevtype Destination Device Type string 66

dstfamily string 66

dsthwvendor string 66

dsthwversion string 66

dstinetsvc Internet service name for the destination string 64

dstintf Destination Interface string 32

dstintfrole Destination Interface's assigned role (LAN, WAN, etc.) string 10

dstip Destination IP Address ip 39

dstmac Destination Mac Address string 17

dstname Destination name string 66

FortiOS 6.4.7 Log Reference 1234


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

dstosname Destination OS name string 66

dstport Destination Protocol Port Number uint16 5

dstregion string 64

dstserver Destination Server uint8 3

dstssid Destination SSID string 33

dstswversion string 66

dstunauthuser string 66

dstunauthusersource string 66

dstuser string 256

dstuuid UUID of the Destination Address Object string 37

duration Duration of the session uint32 10

eventtime Epoch time in nanoseconds uint64 20

fctuid FortiClient UID string 32

group User group name string 64

identifier uint16 5

lanin LAN incoming traffic in bytes uint64 20

lanout LAN outgoing traffic in bytes uint64 20

level Log Level string 11

logid Log ID string 10

masterdstmac Destination master MAC address string 17

mastersrcmac The master MAC address for a host that has multiple string 17
network interfaces

msg Log message string 64

osname Name of the device's OS string 66

policyid Firewall Policy ID uint32 10

policyname Policy name string 36

policytype Policy type string 24

poluuid UUID of the Firewall Policy string 37

proto Protocol Number uint8 3

radioband Radio Band string 64

rcvdbyte Received Bytes uint64 20

FortiOS 6.4.7 Log Reference 1235


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

rcvddelta Delta Received Bytes uint64 20

rcvdpkt Received Packets uint32 10

sentbyte Sent Bytes uint64 20

sentdelta Delta Sent Bytes uint64 20

sentpkt Sent Packets uint32 10

service Name of Service string 80

sessionid Session ID uint32 10

shaperdroprcvdbyte Received bytes dropped by shaper uint32 10

shaperdropsentbyte Sent bytes dropped by shaper uint32 10

shaperperipdropbyte Dropped bytes per IP by shaper uint32 10

shaperperipname Traffic shaper name (per IP) string 36

shaperrcvdname Traffic shaper name for received traffic string 36

shapersentname Traffic shaper name for sent traffic string 36

shapingpolicyid Shaping Policy ID uint32 10

signal int8 4

snr int8 4

srccity string 64

srccountry Country name for Source IP string 64

srcdomain string 255

srcfamily string 66

srchwvendor string 66

srchwversion string 66

srcinetsvc Internet service name for the source string 64

srcintf Source interface name string 32

srcintfrole Source Interface's assigned role (LAN, WAN, etc.) string 10

srcip Source IP address ip 39

srcmac MAC address associated with the Source IP string 17

srcname Source name string 66

srcport Source protocol port number uint16 5

srcregion string 64

FortiOS 6.4.7 Log Reference 1236


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

srcserver Source server uint8 3

srcssid Source SSID string 33

srcswversion string 66

srcuuid UUID of the Source Address Object string 37

sslaction Action taken by ssl-ssh-profile string 26

subtype Subtype of the traffic string 20

time Time string 8

trandisp NAT translation type string 16

tranip NAT Destination IP ip 39

tranport NAT Destination Port uint16 5

transip NAT Source IP ip 39

transport NAT Source Protocol Port uint16 5

tunnelid uint32 10

type Log type string 16

tz Time zone string 5

unauthuser Unauthenticated user name string 66

unauthusersource The method used to detect unauthenticated user name string 66

url URL string 512

user User name string 256

utmaction Security action performed by UTM string 32

vd Virtual domain name string 32

vpn The name of the VPN tunnel string 32

vpntype The type of the VPN tunnel string 14

vrf Virtual router forwarding uint8 3

vwlid Virtual Wan Link (SD-WAN) service id uint32 10

vwlname string 36

vwlquality Quality info of the service rule that is matched by traffic string 320

vwlservice Application that is matched by the traffic (internet-service- string 64


app-ctrl)

vwpvlanid Virtual Wire Pair vlan id uint32 10

wanin WAN incoming traffic in bytes uint64 20

FortiOS 6.4.7 Log Reference 1237


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

wanoptapptype WAN Optimization Application type string 9

wanout WAN outgoing traffic in bytes uint64 20

20 - LOG_ID_TRAFFIC_STAT

Message ID: 20
Message Description: LOG_ID_TRAFFIC_STAT
Message Meaning: Forward traffic statistics
Type: Traffic
Category: FORWARD
Severity: Notice

Log Field Name Description Data Type Length

action The status of the session: deny - Session was denied string 16
accept - Allowed Forward session start - Session starts (log
message was created when the session was created) dns -
DNS query return error ip-conn - Failed connection attempts
close - Local-traffic session allowed timeout - Allowed
session was timeout client-rst - Session reset by client
server-rst - Session reset by server

agent User agent - eg. agent="Mozilla/5.0" string 64

ap Access Point name string 36

app Application name string 96

appact The security action from app control string 16

appcat Application category string 64

appid Application ID uint32 10

applist Application Control profile (name) string 64

apprisk Application Risk Level string 16

apsn Access Point serial number string 36

authserver Remote Authentication server string 64

centralnatid central-snat-map id uint32 10

channel WiFi Channel uint32 10

comment Customized policy comment string 1024

craction Action performed by Threat Weight uint32 10

FortiOS 6.4.7 Log Reference 1238


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

crlevel Threat Weight level string 10

crscore Threat Weight score uint32 10

date Date string 10

devid Device Serial Number string 16

devtype Device Type string 66

dstauthserver string 32

dstcity string 64

dstcountry Country name for the destination IP string 64

dstdevtype Destination Device Type string 66

dstfamily string 66

dsthwvendor string 66

dsthwversion string 66

dstinetsvc Internet service name for the destination string 64

dstintf Destination Interface string 32

dstintfrole Destination Interface's assigned role (LAN, WAN, etc.) string 10

dstip Destination IP Address ip 39

dstmac Destination Mac Address string 17

dstname Destination name string 66

dstosname Destination OS name string 66

dstport Destination Protocol Port Number uint16 5

dstregion string 64

dstserver Destination Server uint8 3

dstssid Destination SSID string 33

dstswversion string 66

dstunauthuser string 66

dstunauthusersource string 66

dstuser string 256

dstuuid UUID of the Destination Address Object string 37

duration Duration of the session uint32 10

eventtime Epoch time in nanoseconds uint64 20

FortiOS 6.4.7 Log Reference 1239


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

fctuid FortiClient UID string 32

group User group name string 64

identifier uint16 5

lanin LAN incoming traffic in bytes uint64 20

lanout LAN outgoing traffic in bytes uint64 20

level Log Level string 11

logid Log ID string 10

masterdstmac Destination master MAC address string 17

mastersrcmac The master MAC address for a host that has multiple string 17
network interfaces

msg Log message string 64

osname Name of the device's OS string 66

policyid Firewall Policy ID uint32 10

policyname Policy name string 36

policytype Policy type string 24

poluuid UUID of the Firewall Policy string 37

proto Protocol Number uint8 3

radioband Radio Band string 64

rcvdbyte Received Bytes uint64 20

rcvddelta Delta Received Bytes uint64 20

rcvdpkt Received Packets uint32 10

sentbyte Sent Bytes uint64 20

sentdelta Delta Sent Bytes uint64 20

sentpkt Sent Packets uint32 10

service Name of Service string 80

sessionid Session ID uint32 10

shaperdroprcvdbyte Received bytes dropped by shaper uint32 10

shaperdropsentbyte Sent bytes dropped by shaper uint32 10

shaperperipdropbyte Dropped bytes per IP by shaper uint32 10

shaperperipname Traffic shaper name (per IP) string 36

shaperrcvdname Traffic shaper name for received traffic string 36

FortiOS 6.4.7 Log Reference 1240


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

shapersentname Traffic shaper name for sent traffic string 36

shapingpolicyid Shaping Policy ID uint32 10

signal int8 4

snr int8 4

srccity string 64

srccountry Country name for Source IP string 64

srcdomain string 255

srcfamily string 66

srchwvendor string 66

srchwversion string 66

srcinetsvc Internet service name for the source string 64

srcintf Source interface name string 32

srcintfrole Source Interface's assigned role (LAN, WAN, etc.) string 10

srcip Source IP address ip 39

srcmac MAC address associated with the Source IP string 17

srcname Source name string 66

srcport Source protocol port number uint16 5

srcregion string 64

srcserver Source server uint8 3

srcssid Source SSID string 33

srcswversion string 66

srcuuid UUID of the Source Address Object string 37

sslaction Action taken by ssl-ssh-profile string 26

subtype Subtype of the traffic string 20

time Time string 8

trandisp NAT translation type string 16

tranip NAT Destination IP ip 39

tranport NAT Destination Port uint16 5

transip NAT Source IP ip 39

transport NAT Source Protocol Port uint16 5

FortiOS 6.4.7 Log Reference 1241


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

tunnelid uint32 10

type Log type string 16

tz Time zone string 5

unauthuser Unauthenticated user name string 66

unauthusersource The method used to detect unauthenticated user name string 66

url URL string 512

user User name string 256

utmaction Security action performed by UTM string 32

vd Virtual domain name string 32

vpn The name of the VPN tunnel string 32

vpntype The type of the VPN tunnel string 14

vrf Virtual router forwarding uint8 3

vwlid Virtual Wan Link (SD-WAN) service id uint32 10

vwlname string 36

vwlquality Quality info of the service rule that is matched by traffic string 320

vwlservice Application that is matched by the traffic (internet-service- string 64


app-ctrl)

vwpvlanid Virtual Wire Pair vlan id uint32 10

wanin WAN incoming traffic in bytes uint64 20

wanoptapptype WAN Optimization Application type string 9

wanout WAN outgoing traffic in bytes uint64 20

21 - LOG_ID_TRAFFIC_SNIFFER_STAT

Message ID: 21
Message Description: LOG_ID_TRAFFIC_SNIFFER_STAT
Message Meaning: Sniffer traffic statistics
Type: Traffic
Category: SNIFFER
Severity: Notice

FortiOS 6.4.7 Log Reference 1242


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

action The status of the session: deny - Session was denied string 16
accept - Allowed Forward session start - Session starts (log
message was created when the session was created) dns -
DNS query return error ip-conn - Failed connection attempts
close - Local-traffic session allowed timeout - Allowed
session was timeout client-rst - Session reset by client
server-rst - Session reset by server

agent User agent - eg. agent="Mozilla/5.0" string 64

ap Access Point name string 36

app Application Name string 96

appact The security action from app control string 16

appcat Application category string 64

appid Application ID uint32 10

applist Application Control profile (name) string 64

apprisk Application Risk Level string 16

apsn Access Point serial number string 36

authserver Remote Authentication server string 64

centralnatid central-snat-map id uint32 10

channel WiFi Channel uint32 10

comment Customized policy comment string 1024

craction Action performed by Threat Weight uint32 10

crlevel Threat Weight level string 10

crscore Threat Weight score uint32 10

date Date string 10

devid Device Serial Number string 16

devtype Device Type string 66

dstauthserver string 32

dstcity string 64

dstcountry Country name for the destination IP string 64

dstdevtype Destination Device Type string 66

dstfamily string 66

dsthwvendor string 66

FortiOS 6.4.7 Log Reference 1243


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

dsthwversion string 66

dstinetsvc Internet service name for the destination string 64

dstintf Destination Interface string 32

dstintfrole Destination Interface's assigned role (LAN, WAN, etc.) string 10

dstip Destination IP Address ip 39

dstmac Destination Mac Address string 17

dstname Destination name string 66

dstosname Destination OS name string 66

dstport Destination Protocol Port Number uint16 5

dstregion string 64

dstserver Destination Server uint8 3

dstssid Destination SSID string 33

dstswversion string 66

dstunauthuser string 66

dstunauthusersource string 66

dstuser string 256

dstuuid UUID of the Destination Address Object string 37

duration Duration of the session uint32 10

eventtime Epoch time in nanoseconds uint64 20

fctuid FortiClient UID string 32

group User group name string 64

identifier uint16 5

lanin LAN incoming traffic in bytes uint64 20

lanout LAN outgoing traffic in bytes uint64 20

level Log Level string 11

logid Log ID string 10

masterdstmac Destination master MAC address string 17

mastersrcmac The master MAC address for a host that has multiple string 17
network interfaces

msg Log message string 64

osname Name of the device's OS string 66

FortiOS 6.4.7 Log Reference 1244


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

policyid Firewall Policy ID uint32 10

policyname Policy name string 36

policytype Policy type string 24

poluuid UUID of the Firewall Policy string 37

proto Protocol Number uint8 3

radioband Radio Band string 64

rcvdbyte Received Bytes uint64 20

rcvddelta Delta Received Bytes uint64 20

rcvdpkt Received Packets uint32 10

sentbyte Sent Bytes uint64 20

sentdelta Delta Sent Bytes uint64 20

sentpkt Sent Packets uint32 10

service Name of Service string 80

sessionid Session ID uint32 10

shaperdroprcvdbyte Received bytes dropped by shaper uint32 10

shaperdropsentbyte Sent bytes dropped by shaper uint32 10

shaperperipdropbyte Dropped bytes per IP by shaper uint32 10

shaperperipname Traffic shaper name (per IP) string 36

shaperrcvdname Traffic shaper name for received traffic string 36

shapersentname Traffic shaper name for sent traffic string 36

shapingpolicyid Shaping Policy ID uint32 10

signal int8 4

snr int8 4

srccity string 64

srccountry Country name for Source IP string 64

srcdomain string 255

srcfamily string 66

srchwvendor string 66

srchwversion string 66

srcinetsvc Internet service name for the source string 64

FortiOS 6.4.7 Log Reference 1245


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

srcintf Source interface name string 32

srcintfrole Source Interface's assigned role (LAN, WAN, etc.) string 10

srcip Source IP address ip 39

srcmac MAC address associated with the Source IP string 17

srcname Source name string 66

srcport Source protocol port number uint16 5

srcregion string 64

srcserver Source server uint8 3

srcssid Source SSID string 33

srcswversion string 66

srcuuid UUID of the Source Address Object string 37

sslaction Action taken by ssl-ssh-profile string 26

subtype Subtype of the traffic string 20

time Time string 8

trandisp NAT translation type string 16

tranip NAT Destination IP ip 39

tranport NAT Destination Port uint16 5

transip NAT Source IP ip 39

transport NAT Source Protocol Port uint16 5

tunnelid uint32 10

type Log type string 16

tz Time zone string 5

unauthuser Unauthenticated user name string 66

unauthusersource The method used to detect unauthenticated user name string 66

url URL string 512

user User name string 256

utmaction Security action performed by UTM string 32

vd Virtual domain name string 32

vpn The name of the VPN tunnel string 32

vpntype The type of the VPN tunnel string 14

FortiOS 6.4.7 Log Reference 1246


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

vrf Virtual router forwarding uint8 3

vwlid Virtual Wan Link (SD-WAN) service id uint32 10

vwlname string 36

vwlquality Quality info of the service rule that is matched by traffic string 320

vwlservice Application that is matched by the traffic (internet-service- string 64


app-ctrl)

vwpvlanid Virtual Wire Pair vlan id uint32 10

wanin WAN incoming traffic in bytes uint64 20

wanoptapptype WAN Optimization Application type string 9

wanout WAN outgoing traffic in bytes uint64 20

22 - LOG_ID_TRAFFIC_UTM_CORRELATION

Message ID: 22
Message Description: LOG_ID_TRAFFIC_UTM_CORRELATION
Message Meaning: Forward traffic for UTM correlation
Type: Traffic
Category: FORWARD
Severity: Notice

Log Field Name Description Data Type Length

action The status of the session: deny - Session was denied string 16
accept - Allowed Forward session start - Session starts (log
message was created when the session was created) dns -
DNS query return error ip-conn - Failed connection attempts
close - Local-traffic session allowed timeout - Allowed
session was timeout client-rst - Session reset by client
server-rst - Session reset by server

agent User agent - eg. agent="Mozilla/5.0" string 64

ap Access Point name string 36

app Application name string 96

appact The security action from app control string 16

appcat Application category string 64

appid Application ID uint32 10

applist Application Control profile (name) string 64

FortiOS 6.4.7 Log Reference 1247


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

apprisk Application Risk Level string 16

apsn Access Point serial number string 36

authserver Remote Authentication server string 64

centralnatid central-snat-map id uint32 10

channel WiFi Channel uint32 10

comment Customized policy comment string 1024

countapp Number of App Ctrl logs associated with the session uint32 10

countav Number of AV logs associated with the session uint32 10

countcifs uint32 10

countdlp Number of DLP logs associated with the session uint32 10

countdns Number of DNS Query logs associated with the session uint32 10

countemail Number of Email logs associated with the session uint32 10

countff uint32 10

counticap uint32 10

countips Number of IPS logs associated with the session uint32 10

countssh Number of SSH logs associated with the session uint32 10

countssl uint32 10

countwaf Number of WAF logs associated with the session uint32 10

countweb Number of Web Filter logs associated with the session uint32 10

craction Action performed by Threat Weight uint32 10

crlevel Threat Weight level string 10

crscore Threat Weight score uint32 10

date Date string 10

devid Device Serial Number string 16

devtype Device Type string 66

dstauthserver string 32

dstcity string 64

dstcountry Country name for the destination IP string 64

dstdevtype Destination Device Type string 66

dstfamily string 66

FortiOS 6.4.7 Log Reference 1248


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

dsthwvendor string 66

dsthwversion string 66

dstinetsvc Internet service name for the destination string 64

dstintf Destination Interface string 32

dstintfrole Destination Interface's assigned role (LAN, WAN, etc.) string 10

dstip Destination IP Address ip 39

dstmac Destination Mac Address string 17

dstname Destination name string 66

dstosname Destination OS name string 66

dstport Destination Protocol Port Number uint16 5

dstregion string 64

dstserver Destination Server uint8 3

dstssid Destination SSID string 33

dstswversion string 66

dstunauthuser string 66

dstunauthusersource string 66

dstuser string 256

dstuuid UUID of the Destination Address Object string 37

duration Duration of the session uint32 10

eventtime Epoch time in nanoseconds uint64 20

fctuid FortiClient UID string 32

group User group name string 64

identifier uint16 5

lanin LAN incoming traffic in bytes uint64 20

lanout LAN outgoing traffic in bytes uint64 20

level Log Level string 11

logid Log ID string 10

masterdstmac Destination master MAC address string 17

mastersrcmac The master MAC address for a host that has multiple string 17
network interfaces

msg Log message string 64

FortiOS 6.4.7 Log Reference 1249


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

osname Name of the device's OS string 66

policyid Firewall Policy ID uint32 10

policyname Policy name string 36

policytype Policy type string 24

poluuid UUID of the Firewall Policy string 37

proto Protocol Number uint8 3

radioband Radio Band string 64

rcvdbyte Received Bytes uint64 20

rcvddelta Delta Received Bytes uint64 20

rcvdpkt Received Packets uint32 10

sentbyte Sent Bytes uint64 20

sentdelta Delta Sent Bytes uint64 20

sentpkt Sent Packets uint32 10

service Name of Service string 80

sessionid Session ID uint32 10

shaperdroprcvdbyte Received bytes dropped by shaper uint32 10

shaperdropsentbyte Sent bytes dropped by shaper uint32 10

shaperperipdropbyte Dropped bytes per IP by shaper uint32 10

shaperperipname Traffic shaper name (per IP) string 36

shaperrcvdname Traffic shaper name for received traffic string 36

shapersentname Traffic shaper name for sent traffic string 36

shapingpolicyid Shaping Policy ID uint32 10

signal int8 4

snr int8 4

srccity string 64

srccountry Country name for Source IP string 64

srcdomain string 255

srcfamily string 66

srchwvendor string 66

srchwversion string 66

FortiOS 6.4.7 Log Reference 1250


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

srcinetsvc Internet service name for the source string 64

srcintf Source interface name string 32

srcintfrole Source Interface's assigned role (LAN, WAN, etc.) string 10

srcip Source IP address ip 39

srcmac MAC address associated with the Source IP string 17

srcname Source name string 66

srcport Source protocol port number uint16 5

srcregion string 64

srcserver Source server uint8 3

srcssid Source SSID string 33

srcswversion string 66

srcuuid UUID of the Source Address Object string 37

sslaction Action taken by ssl-ssh-profile string 26

subtype Subtype of the traffic string 20

time Time string 8

trandisp NAT translation type string 16

tranip NAT Destination IP ip 39

tranport NAT Destination Port uint16 5

transip NAT Source IP ip 39

transport NAT Source Protocol Port uint16 5

tunnelid uint32 10

type Log type string 16

tz Time zone string 5

unauthuser Unauthenticated user name string 66

unauthusersource The method used to detect unauthenticated user name string 66

url URL string 512

user User name string 256

utmaction Security action performed by UTM string 32

vd Virtual domain name string 32

vpn The name of the VPN tunnel string 32

FortiOS 6.4.7 Log Reference 1251


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

vpntype The type of the VPN tunnel string 14

vrf Virtual router forwarding uint8 3

vwlid Virtual Wan Link (SD-WAN) service id uint32 10

vwlname string 36

vwlquality Quality info of the service rule that is matched by traffic string 320

vwlservice Application that is matched by the traffic (internet-service- string 64


app-ctrl)

vwpvlanid Virtual Wire Pair vlan id uint32 10

wanin WAN incoming traffic in bytes uint64 20

wanoptapptype WAN Optimization Application type string 9

wanout WAN outgoing traffic in bytes uint64 20

VoIP

44032 - LOGID_EVENT_VOIP_SIP

Message ID: 44032


Message Description: LOGID_EVENT_VOIP_SIP
Message Meaning: VoIP SIP
Type: VoIP
Category: VOIP
Severity: Information

Log Field Name Description Data Type Length

action Action. Eg. block , allow string 15

call_id Ex: call_id="1-22011@10.6.30.11" string 64

date Day, month, and year when the log message was recorded. string 10

devid Serial number of the device for the traffic's origin. string 16

dir Destination Interface string 16

dstip Destination IP ip 39

dst_int Destination Interface string 16

dst_port Destination port uint16 5

FortiOS 6.4.7 Log Reference 1252


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

duration Duration of the session. Ex: 180 (in seconds) uint32 10

epoch Epoch uint32 10

eventtime Time when event occured uint64 20

event_id Unique event ID uint32 10

from Where call was originated from string 128

kind Kind of service. Typically it will have value "call" string 10

level Log Level string 11

logid Unique Log ID string 10

policy_id Name of the firewall policy governing the traffic which caused uint32 10
the log message.

profile Name or number of associated VOIP profile string 64

proto Protocol number. Ex: for SIP it will be proto=17 uint8 3

session_id Session ID. Ex: session_id=232 uint32 10

srcip IP address of the traffic's origin. Ex: srcip=10.1.100.155 ip 39

src_int Name of the source interface. Ex: src_int="port1" string 16

src_port Port number of the traffic's origin. Ex: srcport=40772 uint16 5

status Status. Ex: status="blocked" , status= "start" string 23

subtype Subtype string 20

time Hour clock when the log message was recorded. string 8

to Destination address string 512

type Type of log. Ex: type="utm" string 16

tz Time zone string 5

vd Name of the virtual domain in which the log message was string 32
recorded.

voip_proto SIP/SCCP/MGCP/h323 string 4

44033 - LOGID_EVENT_VOIP_SIP_BLOCK

Message ID: 44033


Message Description: LOGID_EVENT_VOIP_SIP_BLOCK
Message Meaning: VoIP SIP blocked
Type: VoIP
Category: VOIP

FortiOS 6.4.7 Log Reference 1253


Fortinet, Inc.
Log Messages

Severity: Notice

Log Field Name Description Data Type Length

action Action. Eg. block , allow string 15

call_id Ex: call_id="1-22011@10.6.30.11" string 64

count Session count uint32 10

date Day, month, and year when the log message was recorded. string 10

devid Serial number of the device for the traffic's origin. string 16

dir Destination Interface string 16

dstip Destination IP ip 39

dst_int Destination Interface string 16

dst_port Destination port uint16 5

duration Duration of the session. Ex: 180 (in seconds) uint32 10

epoch Epoch uint32 10

eventtime Time when event occured uint64 20

event_id Unique event ID uint32 10

from Where call was originated from string 128

kind Kind of service. Typically it will have value "call" string 10

level Log Level string 11

logid Unique Log ID string 10

message_type Message Type. Ex: message_type="request" string 16

policy_id Name of the firewall policy governing the traffic which caused uint32 10
the log message.

profile Name or number of associated VOIP profile string 64

proto Protocol number. Ex: for SIP it will be proto=17 uint8 3

reason Reason. Ex: reason="unrecognized-form" string 128

request_name Name of request. Ex: request_name="INVITE" or "NOTIFY" string 64

session_id Session ID. Ex: session_id=232 uint32 10

srcip IP address of the traffic's origin. Ex: srcip=10.1.100.155 ip 39

src_int Name of the source interface. Ex: src_int="port1" string 16

src_port Port number of the traffic's origin. Ex: srcport=40772 uint16 5

status Status. Ex: status="blocked" , status= "start" string 23

subtype Subtype string 20

FortiOS 6.4.7 Log Reference 1254


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

time Hour clock when the log message was recorded. string 8

to Destination address string 512

type Type of log. Ex: type="utm" string 16

tz Time zone string 5

vd Name of the virtual domain in which the log message was string 32
recorded.

voip_proto SIP/SCCP/MGCP/h323 string 4

44034 - LOGID_EVENT_VOIP_SIP_FUZZING

Message ID: 44034


Message Description: LOGID_EVENT_VOIP_SIP_FUZZING
Message Meaning: VoIP SIP fuzzing
Type: VoIP
Category: VOIP
Severity: Information

Log Field Name Description Data Type Length

action Action. Eg. block , allow string 15

call_id Ex: call_id="1-22011@10.6.30.11" string 64

column Ex: column=16 uint32 10

date Day, month, and year when the log message was recorded. string 10

devid Serial number of the device for the traffic's origin. string 16

dir Destination Interface string 16

dstip Destination IP ip 39

dst_int Destination Interface string 16

dst_port Destination port uint16 5

duration Duration of the session. Ex: 180 (in seconds) uint32 10

epoch Epoch uint32 10

eventtime Time when event occured uint64 20

event_id Unique event ID uint32 10

kind Kind of service. Typically it will have value "call" string 10

level Log Level string 11

FortiOS 6.4.7 Log Reference 1255


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

line SIP header line string 128

logid Unique Log ID string 10

malform_data Malformed header data uint32 10

malform_desc Malformed header description string 47

message_type Message Type. Ex: message_type="request" string 16

policy_id Name of the firewall policy governing the traffic which caused uint32 10
the log message.

profile Name or number of associated VOIP profile string 64

proto Protocol number. Ex: for SIP it will be proto=17 uint8 3

request_name Name of request. Ex: request_name="INVITE" or "NOTIFY" string 64

session_id Session ID. Ex: session_id=232 uint32 10

srcip IP address of the traffic's origin. Ex: srcip=10.1.100.155 ip 39

src_int Name of the source interface. Ex: src_int="port1" string 16

src_port Port number of the traffic's origin. Ex: srcport=40772 uint16 5

subtype Subtype string 20

time Hour clock when the log message was recorded. string 8

type Type of log. Ex: type="utm" string 16

tz Time zone string 5

vd Name of the virtual domain in which the log message was string 32
recorded.

voip_proto SIP/SCCP/MGCP/h323 string 4

44035 - LOGID_EVENT_VOIP_SCCP_REGISTER

Message ID: 44035


Message Description: LOGID_EVENT_VOIP_SCCP_REGISTER
Message Meaning: VoIP SCCP registered
Type: VoIP
Category: VOIP
Severity: Information

Log Field Name Description Data Type Length

action Action. Eg. block , allow string 15

FortiOS 6.4.7 Log Reference 1256


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

date Day, month, and year when the log message was recorded. string 10

devid Serial number of the device for the traffic's origin. string 16

dstip Destination IP ip 39

dst_port Destination port uint16 5

epoch Epoch uint32 10

eventtime Time when event occured uint64 20

event_id Unique event ID uint32 10

kind Kind of service. Typically it will have value "call" string 10

level Log Level string 11

locip Local IP ip 39

logid Unique Log ID string 10

phone Phone string 64

policy_id Name of the firewall policy governing the traffic which caused uint32 10
the log message.

profile Name or number of associated VOIP profile string 64

proto Protocol number. Ex: for SIP it will be proto=17 uint8 3

session_id Session ID. Ex: session_id=232 uint32 10

srcip IP address of the traffic's origin. Ex: srcip=10.1.100.155 ip 39

src_int Name of the source interface. Ex: src_int="port1" string 16

src_port Port number of the traffic's origin. Ex: srcport=40772 uint16 5

status Status. Ex: status="blocked" , status= "start" string 23

subtype Subtype string 20

time Hour clock when the log message was recorded. string 8

type Type of log. Ex: type="utm" string 16

tz Time zone string 5

vd Name of the virtual domain in which the log message was string 32
recorded.

voip_proto SIP/SCCP/MGCP/h323 string 4

44036 - LOGID_EVENT_VOIP_SCCP_UNREGISTER

Message ID: 44036


Message Description: LOGID_EVENT_VOIP_SCCP_UNREGISTER

FortiOS 6.4.7 Log Reference 1257


Fortinet, Inc.
Log Messages

Message Meaning: VoIP SCCP unregistered


Type: VoIP
Category: VOIP
Severity: Information

Log Field Name Description Data Type Length

action Action. Eg. block , allow string 15

date Day, month, and year when the log message was recorded. string 10

devid Serial number of the device for the traffic's origin. string 16

dstip Destination IP ip 39

dst_port Destination port uint16 5

epoch Epoch uint32 10

eventtime Time when event occured uint64 20

event_id Unique event ID uint32 10

kind Kind of service. Typically it will have value "call" string 10

level Log Level string 11

locip Local IP ip 39

logid Unique Log ID string 10

phone Phone string 64

policy_id Name of the firewall policy governing the traffic which caused uint32 10
the log message.

profile Name or number of associated VOIP profile string 64

proto Protocol number. Ex: for SIP it will be proto=17 uint8 3

reason Reason. Ex: reason="unrecognized-form" string 128

session_id Session ID. Ex: session_id=232 uint32 10

srcip IP address of the traffic's origin. Ex: srcip=10.1.100.155 ip 39

src_int Name of the source interface. Ex: src_int="port1" string 16

src_port Port number of the traffic's origin. Ex: srcport=40772 uint16 5

status Status. Ex: status="blocked" , status= "start" string 23

subtype Subtype string 20

time Hour clock when the log message was recorded. string 8

type Type of log. Ex: type="utm" string 16

tz Time zone string 5

FortiOS 6.4.7 Log Reference 1258


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

vd Name of the virtual domain in which the log message was string 32
recorded.

voip_proto SIP/SCCP/MGCP/h323 string 4

44037 - LOGID_EVENT_VOIP_SCCP_CALL_BLOCK

Message ID: 44037


Message Description: LOGID_EVENT_VOIP_SCCP_CALL_BLOCK
Message Meaning: VoIP SCCP call blocked
Type: VoIP
Category: VOIP
Severity: Information

Log Field Name Description Data Type Length

action Action. Eg. block , allow string 15

date Day, month, and year when the log message was recorded. string 10

devid Serial number of the device for the traffic's origin. string 16

dstip Destination IP ip 39

dst_port Destination port uint16 5

epoch Epoch uint32 10

eventtime Time when event occured uint64 20

event_id Unique event ID uint32 10

kind Kind of service. Typically it will have value "call" string 10

level Log Level string 11

locip Local IP ip 39

logid Unique Log ID string 10

phone Phone string 64

policy_id Name of the firewall policy governing the traffic which caused uint32 10
the log message.

profile Name or number of associated VOIP profile string 64

proto Protocol number. Ex: for SIP it will be proto=17 uint8 3

reason Reason. Ex: reason="unrecognized-form" string 128

session_id Session ID. Ex: session_id=232 uint32 10

FortiOS 6.4.7 Log Reference 1259


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

srcip IP address of the traffic's origin. Ex: srcip=10.1.100.155 ip 39

src_int Name of the source interface. Ex: src_int="port1" string 16

src_port Port number of the traffic's origin. Ex: srcport=40772 uint16 5

status Status. Ex: status="blocked" , status= "start" string 23

subtype Subtype string 20

time Hour clock when the log message was recorded. string 8

type Type of log. Ex: type="utm" string 16

tz Time zone string 5

vd Name of the virtual domain in which the log message was string 32
recorded.

voip_proto SIP/SCCP/MGCP/h323 string 4

44038 - LOGID_EVENT_VOIP_SCCP_CALL_INFO

Message ID: 44038


Message Description: LOGID_EVENT_VOIP_SCCP_CALL_INFO
Message Meaning: VoIP SCCP call information
Type: VoIP
Category: VOIP
Severity: Information

Log Field Name Description Data Type Length

action Action. Eg. block , allow string 15

date Day, month, and year when the log message was recorded. string 10

devid Serial number of the device for the traffic's origin. string 16

dstip Destination IP ip 39

dst_int Destination Interface string 16

dst_port Destination port uint16 5

duration Duration of the session. Ex: 180 (in seconds) uint32 10

epoch Epoch uint32 10

eventtime Time when event occured uint64 20

event_id Unique event ID uint32 10

kind Kind of service. Typically it will have value "call" string 10

FortiOS 6.4.7 Log Reference 1260


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

level Log Level string 11

locip Local IP ip 39

locport Local Port uint16 5

logid Unique Log ID string 10

phone Phone string 64

policy_id Name of the firewall policy governing the traffic which caused uint32 10
the log message.

profile Name or number of associated VOIP profile string 64

proto Protocol number. Ex: for SIP it will be proto=17 uint8 3

remip Remote IP ip 39

remport Remote Port uint16 5

session_id Session ID. Ex: session_id=232 uint32 10

srcip IP address of the traffic's origin. Ex: srcip=10.1.100.155 ip 39

src_int Name of the source interface. Ex: src_int="port1" string 16

src_port Port number of the traffic's origin. Ex: srcport=40772 uint16 5

status Status. Ex: status="blocked" , status= "start" string 23

subtype Subtype string 20

time Hour clock when the log message was recorded. string 8

type Type of log. Ex: type="utm" string 16

tz Time zone string 5

vd Name of the virtual domain in which the log message was string 32
recorded.

voip_proto SIP/SCCP/MGCP/h323 string 4

WAF

30248 - LOGID_WAF_SIGNATURE_BLOCK

Message ID: 30248


Message Description: LOGID_WAF_SIGNATURE_BLOCK
Message Meaning: Web application firewall blocked application by signature
Type: WAF
Category: WAF-SIGNATURE

FortiOS 6.4.7 Log Reference 1261


Fortinet, Inc.
Log Messages

Severity: Warning

Log Field Name Description Data Type Length

action Status of the session. Uses following definition: - Deny = string 17


blocked by firewall policy. - Start = session start log (special
option to enable logging at start of a session). This means
firewall allowed. - All Others = allowed by Firewall Policy and
the status indicates how it was closed.

agent Agent string 64

authserver Authentication Server string 64

constraint WAF HTTP protocol restrictions string 4096

date Date string 10

devid Device ID string 16

direction Direction string 4096

dstintf Destination Interface string 32

dstintfrole Destination Interface's assigned role (LAN, WAN, etc.) string 10

dstip Destination IP Address ip 39

dstport Destination Port uint16 5

eventid Event ID uint32 10

eventtime Event Time, Time when WAF event detected uint64 20

eventtype Event Type string 32

fctuid FortiClient UID string 32

group User Group Name string 64

level Log Level string 11

logid Log ID string 10

method HTTP Method string 4096

msg Log Message string 4096

name Method or custom signature name string 64

policyid Policy ID uint32 10

profile Full profile name string 64

proto Protocol uint8 3

rawdata Raw Data string 1024

service Service name string 5

sessionid Session ID uint32 10

severity Severity string 6

FortiOS 6.4.7 Log Reference 1262


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

srcdomain string 255

srcintf Source Interface string 32

srcintfrole Source Interface's assigned role (LAN, WAN, etc.) string 10

srcip Source IP Address ip 39

srcport Source Port uint16 5

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

unauthuser Unauthenticated user string 66

unauthusersource Unauthenticated user source string 66

url URL string 512

user User Name string 256

vd Virtual Domain Name string 32

30249 - LOGID_WAF_SIGNATURE_PASS

Message ID: 30249


Message Description: LOGID_WAF_SIGNATURE_PASS
Message Meaning: Web application firewall passed application by signature
Type: WAF
Category: WAF-SIGNATURE
Severity: Warning

Log Field Name Description Data Type Length

action Status of the session. Uses following definition: - Deny = string 17


blocked by firewall policy. - Start = session start log (special
option to enable logging at start of a session). This means
firewall allowed. - All Others = allowed by Firewall Policy and
the status indicates how it was closed.

agent Agent string 64

authserver Authentication Server string 64

constraint WAF HTTP protocol restrictions string 4096

date Date string 10

FortiOS 6.4.7 Log Reference 1263


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

devid Device ID string 16

direction Direction string 4096

dstintf Destination Interface string 32

dstintfrole Destination Interface's assigned role (LAN, WAN, etc.) string 10

dstip Destination IP Address ip 39

dstport Destination Port uint16 5

eventid Event ID uint32 10

eventtime Event Time, Time when WAF event detected uint64 20

eventtype Event Type string 32

fctuid FortiClient UID string 32

group User Group Name string 64

level Log Level string 11

logid Log ID string 10

method HTTP Method string 4096

msg Log Message string 4096

name Method or custom signature name string 64

policyid Policy ID uint32 10

profile Full profile name string 64

proto Protocol uint8 3

rawdata Raw Data string 1024

service Service name string 5

sessionid Session ID uint32 10

severity Severity string 6

srcdomain string 255

srcintf Source Interface string 32

srcintfrole Source Interface's assigned role (LAN, WAN, etc.) string 10

srcip Source IP Address ip 39

srcport Source Port uint16 5

subtype Log Subtype string 20

time Time string 8

FortiOS 6.4.7 Log Reference 1264


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

type Log Type string 16

tz Time zone string 5

unauthuser Unauthenticated user string 66

unauthusersource Unauthenticated user source string 66

url URL string 512

user User Name string 256

vd Virtual Domain Name string 32

30250 - LOGID_WAF_SIGNATURE_ERASE

Message ID: 30250


Message Description: LOGID_WAF_SIGNATURE_ERASE
Message Meaning: Web application firewall erased application by signature
Type: WAF
Category: WAF-SIGNATURE
Severity: Warning

Log Field Name Description Data Type Length

action Status of the session. Uses following definition: - Deny = string 17


blocked by firewall policy. - Start = session start log (special
option to enable logging at start of a session). This means
firewall allowed. - All Others = allowed by Firewall Policy and
the status indicates how it was closed.

agent Agent string 64

authserver Authentication Server string 64

constraint WAF HTTP protocol restrictions string 4096

date Date string 10

devid Device ID string 16

direction Direction string 4096

dstintf Destination Interface string 32

dstintfrole Destination Interface's assigned role (LAN, WAN, etc.) string 10

dstip Destination IP Address ip 39

dstport Destination Port uint16 5

eventid Event ID uint32 10

FortiOS 6.4.7 Log Reference 1265


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

eventtime Event Time, Time when WAF event detected uint64 20

eventtype Event Type string 32

fctuid FortiClient UID string 32

group User Group Name string 64

level Log Level string 11

logid Log ID string 10

method HTTP Method string 4096

msg Log Message string 4096

name Method or custom signature name string 64

policyid Policy ID uint32 10

profile Full profile name string 64

proto Protocol uint8 3

rawdata Raw Data string 1024

service Service name string 5

sessionid Session ID uint32 10

severity Severity string 6

srcdomain string 255

srcintf Source Interface string 32

srcintfrole Source Interface's assigned role (LAN, WAN, etc.) string 10

srcip Source IP Address ip 39

srcport Source Port uint16 5

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

unauthuser Unauthenticated user string 66

unauthusersource Unauthenticated user source string 66

url URL string 512

user User Name string 256

vd Virtual Domain Name string 32

FortiOS 6.4.7 Log Reference 1266


Fortinet, Inc.
Log Messages

30251 - LOGID_WAF_CUSTOM_SIGNATURE_BLOCK

Message ID: 30251


Message Description: LOGID_WAF_CUSTOM_SIGNATURE_BLOCK
Message Meaning: Web application firewall blocked application by custom signature
Type: WAF
Category: WAF-CUSTOM-SIGNATURE
Severity: Warning

Log Field Name Description Data Type Length

action Status of the session. Uses following definition: - Deny = string 17


blocked by firewall policy. - Start = session start log (special
option to enable logging at start of a session). This means
firewall allowed. - All Others = allowed by Firewall Policy and
the status indicates how it was closed.

agent Agent string 64

authserver Authentication Server string 64

constraint WAF HTTP protocol restrictions string 4096

date Date string 10

devid Device ID string 16

direction Direction string 4096

dstintf Destination Interface string 32

dstintfrole Destination Interface's assigned role (LAN, WAN, etc.) string 10

dstip Destination IP Address ip 39

dstport Destination Port uint16 5

eventid Event ID uint32 10

eventtime Event Time, Time when WAF event detected uint64 20

eventtype Event Type string 32

fctuid FortiClient UID string 32

group User Group Name string 64

level Log Level string 11

logid Log ID string 10

method HTTP Method string 4096

msg Log Message string 4096

name Method or custom signature name string 64

FortiOS 6.4.7 Log Reference 1267


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

policyid Policy ID uint32 10

profile Full profile name string 64

proto Protocol uint8 3

rawdata Raw Data string 1024

service Service name string 5

sessionid Session ID uint32 10

severity Severity string 6

srcdomain string 255

srcintf Source Interface string 32

srcintfrole Source Interface's assigned role (LAN, WAN, etc.) string 10

srcip Source IP Address ip 39

srcport Source Port uint16 5

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

unauthuser Unauthenticated user string 66

unauthusersource Unauthenticated user source string 66

url URL string 512

user User Name string 256

vd Virtual Domain Name string 32

30252 - LOGID_WAF_CUSTOM_SIGNATURE_PASS

Message ID: 30252


Message Description: LOGID_WAF_CUSTOM_SIGNATURE_PASS
Message Meaning: Web application firewall allowed application by custom signature
Type: WAF
Category: WAF-CUSTOM-SIGNATURE
Severity: Warning

FortiOS 6.4.7 Log Reference 1268


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

action Status of the session. Uses following definition: - Deny = string 17


blocked by firewall policy. - Start = session start log (special
option to enable logging at start of a session). This means
firewall allowed. - All Others = allowed by Firewall Policy and
the status indicates how it was closed.

agent Agent string 64

authserver Authentication Server string 64

constraint WAF HTTP protocol restrictions string 4096

date Date string 10

devid Device ID string 16

direction Direction string 4096

dstintf Destination Interface string 32

dstintfrole Destination Interface's assigned role (LAN, WAN, etc.) string 10

dstip Destination IP Address ip 39

dstport Destination Port uint16 5

eventid Event ID uint32 10

eventtime Event Time, Time when WAF event detected uint64 20

eventtype Event Type string 32

fctuid FortiClient UID string 32

group User Group Name string 64

level Log Level string 11

logid Log ID string 10

method HTTP Method string 4096

msg Log Message string 4096

name Method or custom signature name string 64

policyid Policy ID uint32 10

profile Full profile name string 64

proto Protocol uint8 3

rawdata Raw Data string 1024

service Service name string 5

sessionid Session ID uint32 10

severity Severity string 6

FortiOS 6.4.7 Log Reference 1269


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

srcdomain string 255

srcintf Source Interface string 32

srcintfrole Source Interface's assigned role (LAN, WAN, etc.) string 10

srcip Source IP Address ip 39

srcport Source Port uint16 5

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

unauthuser Unauthenticated user string 66

unauthusersource Unauthenticated user source string 66

url URL string 512

user User Name string 256

vd Virtual Domain Name string 32

30253 - LOGID_WAF_METHOD_BLOCK

Message ID: 30253


Message Description: LOGID_WAF_METHOD_BLOCK
Message Meaning: Web application firewall blocked application by HTTP method
Type: WAF
Category: WAF-HTTP-METHOD
Severity: Warning

Log Field Name Description Data Type Length

action Status of the session. Uses following definition: - Deny = string 17


blocked by firewall policy. - Start = session start log (special
option to enable logging at start of a session). This means
firewall allowed. - All Others = allowed by Firewall Policy and
the status indicates how it was closed.

agent Agent string 64

authserver Authentication Server string 64

constraint WAF HTTP protocol restrictions string 4096

date Date string 10

FortiOS 6.4.7 Log Reference 1270


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

devid Device ID string 16

direction Direction string 4096

dstintf Destination Interface string 32

dstintfrole Destination Interface's assigned role (LAN, WAN, etc.) string 10

dstip Destination IP Address ip 39

dstport Destination Port uint16 5

eventid Event ID uint32 10

eventtime Event Time, Time when WAF event detected uint64 20

eventtype Event Type string 32

fctuid FortiClient UID string 32

group User Group Name string 64

level Log Level string 11

logid Log ID string 10

method HTTP Method string 4096

msg Log Message string 4096

name Method or custom signature name string 64

policyid Policy ID uint32 10

profile Full profile name string 64

proto Protocol uint8 3

rawdata Raw Data string 1024

service Service name string 5

sessionid Session ID uint32 10

severity Severity string 6

srcdomain string 255

srcintf Source Interface string 32

srcintfrole Source Interface's assigned role (LAN, WAN, etc.) string 10

srcip Source IP Address ip 39

srcport Source Port uint16 5

subtype Log Subtype string 20

time Time string 8

FortiOS 6.4.7 Log Reference 1271


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

type Log Type string 16

tz Time zone string 5

unauthuser Unauthenticated user string 66

unauthusersource Unauthenticated user source string 66

url URL string 512

user User Name string 256

vd Virtual Domain Name string 32

30255 - LOGID_WAF_ADDRESS_LIST_BLOCK

Message ID: 30255


Message Description: LOGID_WAF_ADDRESS_LIST_BLOCK
Message Meaning: Web application firewall blocked application by address list
Type: WAF
Category: WAF-ADDRESS-LIST
Severity: Warning

Log Field Name Description Data Type Length

action Status of the session. Uses following definition: - Deny = string 17


blocked by firewall policy. - Start = session start log (special
option to enable logging at start of a session). This means
firewall allowed. - All Others = allowed by Firewall Policy and
the status indicates how it was closed.

agent Agent string 64

authserver Authentication Server string 64

constraint WAF HTTP protocol restrictions string 4096

date Date string 10

devid Device ID string 16

direction Direction string 4096

dstintf Destination Interface string 32

dstintfrole Destination Interface's assigned role (LAN, WAN, etc.) string 10

dstip Destination IP Address ip 39

dstport Destination Port uint16 5

eventid Event ID uint32 10

FortiOS 6.4.7 Log Reference 1272


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

eventtime Event Time, Time when WAF event detected uint64 20

eventtype Event Type string 32

fctuid FortiClient UID string 32

group User Group Name string 64

level Log Level string 11

logid Log ID string 10

method HTTP Method string 4096

msg Log Message string 4096

name Method or custom signature name string 64

policyid Policy ID uint32 10

profile Full profile name string 64

proto Protocol uint8 3

rawdata Raw Data string 1024

service Service name string 5

sessionid Session ID uint32 10

severity Severity string 6

srcdomain string 255

srcintf Source Interface string 32

srcintfrole Source Interface's assigned role (LAN, WAN, etc.) string 10

srcip Source IP Address ip 39

srcport Source Port uint16 5

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

unauthuser Unauthenticated user string 66

unauthusersource Unauthenticated user source string 66

url URL string 512

user User Name string 256

vd Virtual Domain Name string 32

FortiOS 6.4.7 Log Reference 1273


Fortinet, Inc.
Log Messages

30257 - LOGID_WAF_CONSTRAINTS_BLOCK

Message ID: 30257


Message Description: LOGID_WAF_CONSTRAINTS_BLOCK
Message Meaning: Web application firewall blocked application by HTTP constraints
Type: WAF
Category: WAF-HTTP-CONSTRAINT
Severity: Warning

Log Field Name Description Data Type Length

action Status of the session. Uses following definition: - Deny = string 17


blocked by firewall policy. - Start = session start log (special
option to enable logging at start of a session). This means
firewall allowed. - All Others = allowed by Firewall Policy and
the status indicates how it was closed.

agent Agent string 64

authserver Authentication Server string 64

constraint WAF HTTP protocol restrictions string 4096

date Date string 10

devid Device ID string 16

direction Direction string 4096

dstintf Destination Interface string 32

dstintfrole Destination Interface's assigned role (LAN, WAN, etc.) string 10

dstip Destination IP Address ip 39

dstport Destination Port uint16 5

eventid Event ID uint32 10

eventtime Event Time, Time when WAF event detected uint64 20

eventtype Event Type string 32

fctuid FortiClient UID string 32

group User Group Name string 64

level Log Level string 11

logid Log ID string 10

method HTTP Method string 4096

msg Log Message string 4096

name Method or custom signature name string 64

FortiOS 6.4.7 Log Reference 1274


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

policyid Policy ID uint32 10

profile Full profile name string 64

proto Protocol uint8 3

rawdata Raw Data string 1024

service Service name string 5

sessionid Session ID uint32 10

severity Severity string 6

srcdomain string 255

srcintf Source Interface string 32

srcintfrole Source Interface's assigned role (LAN, WAN, etc.) string 10

srcip Source IP Address ip 39

srcport Source Port uint16 5

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

unauthuser Unauthenticated user string 66

unauthusersource Unauthenticated user source string 66

url URL string 512

user User Name string 256

vd Virtual Domain Name string 32

30258 - LOGID_WAF_CONSTRAINTS_PASS

Message ID: 30258


Message Description: LOGID_WAF_CONSTRAINTS_PASS
Message Meaning: Web application firewall allowed application by HTTP constraints
Type: WAF
Category: WAF-HTTP-CONSTRAINT
Severity: Warning

FortiOS 6.4.7 Log Reference 1275


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

action Status of the session. Uses following definition: - Deny = string 17


blocked by firewall policy. - Start = session start log (special
option to enable logging at start of a session). This means
firewall allowed. - All Others = allowed by Firewall Policy and
the status indicates how it was closed.

agent Agent string 64

authserver Authentication Server string 64

constraint WAF HTTP protocol restrictions string 4096

date Date string 10

devid Device ID string 16

direction Direction string 4096

dstintf Destination Interface string 32

dstintfrole Destination Interface's assigned role (LAN, WAN, etc.) string 10

dstip Destination IP Address ip 39

dstport Destination Port uint16 5

eventid Event ID uint32 10

eventtime Event Time, Time when WAF event detected uint64 20

eventtype Event Type string 32

fctuid FortiClient UID string 32

group User Group Name string 64

level Log Level string 11

logid Log ID string 10

method HTTP Method string 4096

msg Log Message string 4096

name Method or custom signature name string 64

policyid Policy ID uint32 10

profile Full profile name string 64

proto Protocol uint8 3

rawdata Raw Data string 1024

service Service name string 5

sessionid Session ID uint32 10

severity Severity string 6

FortiOS 6.4.7 Log Reference 1276


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

srcdomain string 255

srcintf Source Interface string 32

srcintfrole Source Interface's assigned role (LAN, WAN, etc.) string 10

srcip Source IP Address ip 39

srcport Source Port uint16 5

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

unauthuser Unauthenticated user string 66

unauthusersource Unauthenticated user source string 66

url URL string 512

user User Name string 256

vd Virtual Domain Name string 32

30259 - LOGID_WAF_URL_ACCESS_PERMIT

Message ID: 30259


Message Description: LOGID_WAF_URL_ACCESS_PERMIT
Message Meaning: Web application firewall allowed application by URL access permit
Type: WAF
Category: WAF-URL-ACCESS
Severity: Warning

Log Field Name Description Data Type Length

action Status of the session. Uses following definition: - Deny = string 17


blocked by firewall policy. - Start = session start log (special
option to enable logging at start of a session). This means
firewall allowed. - All Others = allowed by Firewall Policy and
the status indicates how it was closed.

agent Agent string 64

authserver Authentication Server string 64

constraint WAF HTTP protocol restrictions string 4096

date Date string 10

FortiOS 6.4.7 Log Reference 1277


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

devid Device ID string 16

direction Direction string 4096

dstintf Destination Interface string 32

dstintfrole Destination Interface's assigned role (LAN, WAN, etc.) string 10

dstip Destination IP Address ip 39

dstport Destination Port uint16 5

eventid Event ID uint32 10

eventtime Event Time, Time when WAF event detected uint64 20

eventtype Event Type string 32

fctuid FortiClient UID string 32

group User Group Name string 64

level Log Level string 11

logid Log ID string 10

method HTTP Method string 4096

msg Log Message string 4096

name Method or custom signature name string 64

policyid Policy ID uint32 10

profile Full profile name string 64

proto Protocol uint8 3

rawdata Raw Data string 1024

service Service name string 5

sessionid Session ID uint32 10

severity Severity string 6

srcdomain string 255

srcintf Source Interface string 32

srcintfrole Source Interface's assigned role (LAN, WAN, etc.) string 10

srcip Source IP Address ip 39

srcport Source Port uint16 5

subtype Log Subtype string 20

time Time string 8

FortiOS 6.4.7 Log Reference 1278


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

type Log Type string 16

tz Time zone string 5

unauthuser Unauthenticated user string 66

unauthusersource Unauthenticated user source string 66

url URL string 512

user User Name string 256

vd Virtual Domain Name string 32

30260 - LOGID_WAF_URL_ACCESS_BYPASS

Message ID: 30260


Message Description: LOGID_WAF_URL_ACCESS_BYPASS
Message Meaning: Web application firewall allowed application by URL access bypass
Type: WAF
Category: WAF-URL-ACCESS
Severity: Warning

Log Field Name Description Data Type Length

action Status of the session. Uses following definition: - Deny = string 17


blocked by firewall policy. - Start = session start log (special
option to enable logging at start of a session). This means
firewall allowed. - All Others = allowed by Firewall Policy and
the status indicates how it was closed.

agent Agent string 64

authserver Authentication Server string 64

constraint WAF HTTP protocol restrictions string 4096

date Date string 10

devid Device ID string 16

direction Direction string 4096

dstintf Destination Interface string 32

dstintfrole Destination Interface's assigned role (LAN, WAN, etc.) string 10

dstip Destination IP Address ip 39

dstport Destination Port uint16 5

eventid Event ID uint32 10

FortiOS 6.4.7 Log Reference 1279


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

eventtime Event Time, Time when WAF event detected uint64 20

eventtype Event Type string 32

fctuid FortiClient UID string 32

group User Group Name string 64

level Log Level string 11

logid Log ID string 10

method HTTP Method string 4096

msg Log Message string 4096

name Method or custom signature name string 64

policyid Policy ID uint32 10

profile Full profile name string 64

proto Protocol uint8 3

rawdata Raw Data string 1024

service Service name string 5

sessionid Session ID uint32 10

severity Severity string 6

srcdomain string 255

srcintf Source Interface string 32

srcintfrole Source Interface's assigned role (LAN, WAN, etc.) string 10

srcip Source IP Address ip 39

srcport Source Port uint16 5

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

unauthuser Unauthenticated user string 66

unauthusersource Unauthenticated user source string 66

url URL string 512

user User Name string 256

vd Virtual Domain Name string 32

FortiOS 6.4.7 Log Reference 1280


Fortinet, Inc.
Log Messages

30261 - LOGID_WAF_URL_ACCESS_BLOCK

Message ID: 30261


Message Description: LOGID_WAF_URL_ACCESS_BLOCK
Message Meaning: Web application firewall blocked application by URL access
Type: WAF
Category: WAF-URL-ACCESS
Severity: Warning

Log Field Name Description Data Type Length

action Status of the session. Uses following definition: - Deny = string 17


blocked by firewall policy. - Start = session start log (special
option to enable logging at start of a session). This means
firewall allowed. - All Others = allowed by Firewall Policy and
the status indicates how it was closed.

agent Agent string 64

authserver Authentication Server string 64

constraint WAF HTTP protocol restrictions string 4096

date Date string 10

devid Device ID string 16

direction Direction string 4096

dstintf Destination Interface string 32

dstintfrole Destination Interface's assigned role (LAN, WAN, etc.) string 10

dstip Destination IP Address ip 39

dstport Destination Port uint16 5

eventid Event ID uint32 10

eventtime Event Time, Time when WAF event detected uint64 20

eventtype Event Type string 32

fctuid FortiClient UID string 32

group User Group Name string 64

level Log Level string 11

logid Log ID string 10

method HTTP Method string 4096

msg Log Message string 4096

name Method or custom signature name string 64

FortiOS 6.4.7 Log Reference 1281


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

policyid Policy ID uint32 10

profile Full profile name string 64

proto Protocol uint8 3

rawdata Raw Data string 1024

service Service name string 5

sessionid Session ID uint32 10

severity Severity string 6

srcdomain string 255

srcintf Source Interface string 32

srcintfrole Source Interface's assigned role (LAN, WAN, etc.) string 10

srcip Source IP Address ip 39

srcport Source Port uint16 5

subtype Log Subtype string 20

time Time string 8

type Log Type string 16

tz Time zone string 5

unauthuser Unauthenticated user string 66

unauthusersource Unauthenticated user source string 66

url URL string 512

user User Name string 256

vd Virtual Domain Name string 32

Web

12288 - LOG_ID_WEB_CONTENT_BANWORD

Message ID: 12288


Message Description: LOG_ID_WEB_CONTENT_BANWORD
Message Meaning: Web content banned word found
Type: Web
Category: CONTENT
Severity: Warning

FortiOS 6.4.7 Log Reference 1282


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

action Security action performed by WF: blocked - url is blocked by string 11


webfilter passthrough - url is allowed by webfilter

agent User agent - eg. agent="Mozilla/5.0" string 64

authserver Authentication server for the user string 64

banword Banned word string 128

contenttype Content Type from HTTP header string 64

craction Client Reputation Action uint32 10

crlevel Client Reputation level string 10

crscore Client Reputation Score uint32 10

date Date string 10

devid Device ID string 16

direction Direction of the web traffic string 8

dstintf Destination Interface string 32

dstintfrole Destination Interface's assigned role (LAN, WAN, etc.) string 10

dstip Destination IP ip 39

dstport Destination Port uint16 5

eventtime Web Filter event time uint64 20

eventtype Web Filter event type string 32

fctuid FortiClient UID string 32

forwardedfor X-Forwarded-For HTTP header string 128

from MMS-only - From/To headers from the email string 128

group User group name string 64

hostname The host name of a URL string 256

initiator The initiator user for override string 64

keyword Keyword used for search string 512

level Log Level string 11

logid Log ID string 10

msg Log message string 512

policyid Policy ID uint32 10

profile Web Filter profile name string 64

proto Protocol number uint8 3

FortiOS 6.4.7 Log Reference 1283


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

rawdata Extended logging data including HTTP method, URL, client string 1024
content type, server content type, user agent, referer, x-
forwarded-for

rcvdbyte Received Bytes uint64 20

referralurl Referrer URI string 512

reqtype Request type string 8

sentbyte Sent Bytes uint64 20

service Service name string 36

sessionid Session ID uint32 10

srcdomain string 255

srcintf Source Interface string 32

srcintfrole Source Interface's assigned role (LAN, WAN, etc.) string 10

srcip Source IP ip 39

srcport Source Port uint16 5

subtype Log subtype string 20

time Time string 8

to MMS-only - From/To headers from the email string 512

trueclntip True-Client-IP HTTP header ip 39

type Log type string 16

tz Time Zone string 5

unauthuser Unauthenticated user string 66

unauthusersource Unauthenticated user source string 66

url The URL address string 512

user User name string 256

vd Virtual domain name string 32

vrf Virtual router forwarding uint8 3

12290 - LOG_ID_WEB_CONTENT_EXEMPTWORD

Message ID: 12290


Message Description: LOG_ID_WEB_CONTENT_EXEMPTWORD
Message Meaning: Web content exempt word found
Type: Web

FortiOS 6.4.7 Log Reference 1284


Fortinet, Inc.
Log Messages

Category: CONTENT
Severity: Notice

Log Field Name Description Data Type Length

action Security action performed by WF: blocked - url is blocked by string 11


webfilter passthrough - url is allowed by webfilter

agent User agent - eg. agent="Mozilla/5.0" string 64

authserver Authentication server for the user string 64

banword Banned word string 128

contenttype Content Type from HTTP header string 64

craction Client Reputation Action uint32 10

crlevel Client Reputation level string 10

crscore Client Reputation Score uint32 10

date Date string 10

devid Device ID string 16

direction Direction of the web traffic string 8

dstintf Destination Interface string 32

dstintfrole Destination Interface's assigned role (LAN, WAN, etc.) string 10

dstip Destination IP ip 39

dstport Destination Port uint16 5

eventtime Web Filter event time uint64 20

eventtype Web Filter event type string 32

fctuid FortiClient UID string 32

forwardedfor X-Forwarded-For HTTP header string 128

from MMS-only - From/To headers from the email string 128

group User group name string 64

hostname The host name of a URL string 256

initiator The initiator user for override string 64

keyword Keyword used for search string 512

level Log Level string 11

logid Log ID string 10

msg Log message string 512

policyid Policy ID uint32 10

profile Web Filter profile name string 64

FortiOS 6.4.7 Log Reference 1285


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

proto Protocol number uint8 3

rawdata Extended logging data including HTTP method, URL, client string 1024
content type, server content type, user agent, referer, x-
forwarded-for

rcvdbyte Received Bytes uint64 20

referralurl Referrer URI string 512

reqtype Request type string 8

sentbyte Sent Bytes uint64 20

service Service name string 36

sessionid Session ID uint32 10

srcdomain string 255

srcintf Source Interface string 32

srcintfrole Source Interface's assigned role (LAN, WAN, etc.) string 10

srcip Source IP ip 39

srcport Source Port uint16 5

subtype Log subtype string 20

time Time string 8

to MMS-only - From/To headers from the email string 512

trueclntip True-Client-IP HTTP header ip 39

type Log type string 16

tz Time Zone string 5

unauthuser Unauthenticated user string 66

unauthusersource Unauthenticated user source string 66

url The URL address string 512

user User name string 256

vd Virtual domain name string 32

vrf Virtual router forwarding uint8 3

12292 - LOG_ID_WEB_CONTENT_KEYWORD

Message ID: 12292


Message Description: LOG_ID_WEB_CONTENT_KEYWORD
Message Meaning: Message contained a key word in the profile list

FortiOS 6.4.7 Log Reference 1286


Fortinet, Inc.
Log Messages

Type: Web
Category: CONTENT
Severity: Notice

Log Field Name Description Data Type Length

action Security action performed by WF: blocked - url is blocked by string 11


webfilter passthrough - url is allowed by webfilter

agent User agent - eg. agent="Mozilla/5.0" string 64

authserver Authentication server for the user string 64

banword Banned word string 128

contenttype Content Type from HTTP header string 64

craction Client Reputation Action uint32 10

crlevel Client Reputation level string 10

crscore Client Reputation Score uint32 10

date Date string 10

devid Device ID string 16

direction Direction of the web traffic string 8

dstintf Destination Interface string 32

dstintfrole Destination Interface's assigned role (LAN, WAN, etc.) string 10

dstip Destination IP ip 39

dstport Destination Port uint16 5

eventtime Web Filter event time uint64 20

eventtype Web Filter event type string 32

fctuid FortiClient UID string 32

forwardedfor X-Forwarded-For HTTP header string 128

from MMS-only - From/To headers from the email string 128

group User group name string 64

hostname The host name of a URL string 256

initiator The initiator user for override string 64

keyword Keyword used for search string 512

level Log Level string 11

logid Log ID string 10

msg Log message string 512

FortiOS 6.4.7 Log Reference 1287


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

policyid Policy ID uint32 10

profile Web Filter profile name string 64

proto Protocol number uint8 3

rawdata Extended logging data including HTTP method, URL, client string 1024
content type, server content type, user agent, referer, x-
forwarded-for

rcvdbyte Received Bytes uint64 20

referralurl Referrer URI string 512

reqtype Request type string 8

sentbyte Sent Bytes uint64 20

service Service name string 36

sessionid Session ID uint32 10

srcdomain string 255

srcintf Source Interface string 32

srcintfrole Source Interface's assigned role (LAN, WAN, etc.) string 10

srcip Source IP ip 39

srcport Source Port uint16 5

subtype Log subtype string 20

time Time string 8

to MMS-only - From/To headers from the email string 512

trueclntip True-Client-IP HTTP header ip 39

type Log type string 16

tz Time Zone string 5

unauthuser Unauthenticated user string 66

unauthusersource Unauthenticated user source string 66

url The URL address string 512

user User name string 256

vd Virtual domain name string 32

vrf Virtual router forwarding uint8 3

12293 - LOG_ID_WEB_CONTENT_SEARCH

Message ID: 12293

FortiOS 6.4.7 Log Reference 1288


Fortinet, Inc.
Log Messages

Message Description: LOG_ID_WEB_CONTENT_SEARCH


Message Meaning: Search phrase detected
Type: Web
Category: CONTENT
Severity: Notice

Log Field Name Description Data Type Length

action Security action performed by WF: blocked - url is blocked by string 11


webfilter passthrough - url is allowed by webfilter

agent User agent - eg. agent="Mozilla/5.0" string 64

authserver Authentication server for the user string 64

banword Banned word string 128

contenttype Content Type from HTTP header string 64

craction Client Reputation Action uint32 10

crlevel Client Reputation level string 10

crscore Client Reputation Score uint32 10

date Date string 10

devid Device ID string 16

direction Direction of the web traffic string 8

dstintf Destination Interface string 32

dstintfrole Destination Interface's assigned role (LAN, WAN, etc.) string 10

dstip Destination IP ip 39

dstport Destination Port uint16 5

eventtime Web Filter event time uint64 20

eventtype Web Filter event type string 32

fctuid FortiClient UID string 32

forwardedfor X-Forwarded-For HTTP header string 128

from MMS-only - From/To headers from the email string 128

group User group name string 64

hostname The host name of a URL string 256

initiator The initiator user for override string 64

keyword Keyword used for search string 512

level Log Level string 11

FortiOS 6.4.7 Log Reference 1289


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

logid Log ID string 10

msg Log message string 512

policyid Policy ID uint32 10

profile Web Filter profile name string 64

proto Protocol number uint8 3

rawdata Extended logging data including HTTP method, URL, client string 1024
content type, server content type, user agent, referer, x-
forwarded-for

rcvdbyte Received Bytes uint64 20

referralurl Referrer URI string 512

reqtype Request type string 8

sentbyte Sent Bytes uint64 20

service Service name string 36

sessionid Session ID uint32 10

srcdomain string 255

srcintf Source Interface string 32

srcintfrole Source Interface's assigned role (LAN, WAN, etc.) string 10

srcip Source IP ip 39

srcport Source Port uint16 5

subtype Log subtype string 20

time Time string 8

to MMS-only - From/To headers from the email string 512

trueclntip True-Client-IP HTTP header ip 39

type Log type string 16

tz Time Zone string 5

unauthuser Unauthenticated user string 66

unauthusersource Unauthenticated user source string 66

url The URL address string 512

user User name string 256

vd Virtual domain name string 32

vrf Virtual router forwarding uint8 3

FortiOS 6.4.7 Log Reference 1290


Fortinet, Inc.
Log Messages

12544 - LOG_ID_URL_FILTER_BLOCK

Message ID: 12544


Message Description: LOG_ID_URL_FILTER_BLOCK
Message Meaning: URL address was blocked because it was found in the URL filter list
Type: Web
Category: URLFILTER
Severity: Warning

Log Field Name Description Data Type Length

action Security action performed by WF: blocked - url is blocked by string 11


webfilter passthrough - url is allowed by webfilter

authserver Authentication server for the user string 64

craction Client Reputation Action uint32 10

crlevel Client Reputation level string 10

crscore Client Reputation Score uint32 10

date Date string 10

devid Device ID string 16

direction Direction of the web traffic string 8

dstintf Destination Interface string 32

dstintfrole Destination Interface's assigned role (LAN, WAN, etc.) string 10

dstip Destination IP ip 39

dstport Destination Port uint16 5

eventtime Web Filter event time uint64 20

eventtype Web Filter event type string 32

fctuid FortiClient UID string 32

forwardedfor X-Forwarded-For HTTP header string 128

group User group name string 64

hostname The host name of a URL string 256

initiator The initiator user for override string 64

level Log Level string 11

logid Log ID string 10

msg Log message string 512

policyid Policy ID uint32 10

FortiOS 6.4.7 Log Reference 1291


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

profile Web Filter profile name string 64

proto Protocol number uint8 3

rawdata Extended logging data including HTTP method, URL, client string 1024
content type, server content type, user agent, referer, x-
forwarded-for

rcvdbyte Received Bytes uint64 20

referralurl Referrer URI string 512

reqtype Request type string 8

sentbyte Sent Bytes uint64 20

service Service name string 36

sessionid Session ID uint32 10

srcdomain string 255

srcintf Source Interface string 32

srcintfrole Source Interface's assigned role (LAN, WAN, etc.) string 10

srcip Source IP ip 39

srcport Source Port uint16 5

subtype Log subtype string 20

time Time string 8

trueclntip True-Client-IP HTTP header ip 39

type Log type string 16

tz Time Zone string 5

unauthuser Unauthenticated user string 66

unauthusersource Unauthenticated user source string 66

url The URL address string 512

urlfilteridx URL filter ID uint32 10

urlfilterlist URL filter list string 64

urlsource URL source string 64

user User name string 256

vd Virtual domain name string 32

vrf Virtual router forwarding uint8 3

FortiOS 6.4.7 Log Reference 1292


Fortinet, Inc.
Log Messages

12545 - LOG_ID_URL_FILTER_EXEMPT

Message ID: 12545


Message Description: LOG_ID_URL_FILTER_EXEMPT
Message Meaning: URL address was exempted because it was found in the URL filter list
Type: Web
Category: URLFILTER
Severity: Information

Log Field Name Description Data Type Length

action Security action performed by WF: blocked - url is blocked by string 11


webfilter passthrough - url is allowed by webfilter

authserver Authentication server for the user string 64

craction Client Reputation Action uint32 10

crlevel Client Reputation level string 10

crscore Client Reputation Score uint32 10

date Date string 10

devid Device ID string 16

direction Direction of the web traffic string 8

dstintf Destination Interface string 32

dstintfrole Destination Interface's assigned role (LAN, WAN, etc.) string 10

dstip Destination IP ip 39

dstport Destination Port uint16 5

eventtime Web Filter event time uint64 20

eventtype Web Filter event type string 32

fctuid FortiClient UID string 32

forwardedfor X-Forwarded-For HTTP header string 128

group User group name string 64

hostname The host name of a URL string 256

initiator The initiator user for override string 64

level Log Level string 11

logid Log ID string 10

msg Log message string 512

policyid Policy ID uint32 10

FortiOS 6.4.7 Log Reference 1293


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

profile Web Filter profile name string 64

proto Protocol number uint8 3

rawdata Extended logging data including HTTP method, URL, client string 1024
content type, server content type, user agent, referer, x-
forwarded-for

rcvdbyte Received Bytes uint64 20

referralurl Referrer URI string 512

reqtype Request type string 8

sentbyte Sent Bytes uint64 20

service Service name string 36

sessionid Session ID uint32 10

srcdomain string 255

srcintf Source Interface string 32

srcintfrole Source Interface's assigned role (LAN, WAN, etc.) string 10

srcip Source IP ip 39

srcport Source Port uint16 5

subtype Log subtype string 20

time Time string 8

trueclntip True-Client-IP HTTP header ip 39

type Log type string 16

tz Time Zone string 5

unauthuser Unauthenticated user string 66

unauthusersource Unauthenticated user source string 66

url The URL address string 512

urlfilteridx URL filter ID uint32 10

urlfilterlist URL filter list string 64

urlsource URL source string 64

user User name string 256

vd Virtual domain name string 32

vrf Virtual router forwarding uint8 3

FortiOS 6.4.7 Log Reference 1294


Fortinet, Inc.
Log Messages

12546 - LOG_ID_URL_FILTER_ALLOW

Message ID: 12546


Message Description: LOG_ID_URL_FILTER_ALLOW
Message Meaning: URL address was allowed because it was found in the URL filter list
Type: Web
Category: URLFILTER
Severity: Information

Log Field Name Description Data Type Length

action Security action performed by WF: blocked - url is blocked by string 11


webfilter passthrough - url is allowed by webfilter

authserver Authentication server for the user string 64

craction Client Reputation Action uint32 10

crlevel Client Reputation level string 10

crscore Client Reputation Score uint32 10

date Date string 10

devid Device ID string 16

direction Direction of the web traffic string 8

dstintf Destination Interface string 32

dstintfrole Destination Interface's assigned role (LAN, WAN, etc.) string 10

dstip Destination IP ip 39

dstport Destination Port uint16 5

eventtime Web Filter event time uint64 20

eventtype Web Filter event type string 32

fctuid FortiClient UID string 32

forwardedfor X-Forwarded-For HTTP header string 128

group User group name string 64

hostname The host name of a URL string 256

initiator The initiator user for override string 64

level Log Level string 11

logid Log ID string 10

msg Log message string 512

policyid Policy ID uint32 10

FortiOS 6.4.7 Log Reference 1295


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

profile Web Filter profile name string 64

proto Protocol number uint8 3

rawdata Extended logging data including HTTP method, URL, client string 1024
content type, server content type, user agent, referer, x-
forwarded-for

rcvdbyte Received Bytes uint64 20

referralurl Referrer URI string 512

reqtype Request type string 8

sentbyte Sent Bytes uint64 20

service Service name string 36

sessionid Session ID uint32 10

srcdomain string 255

srcintf Source Interface string 32

srcintfrole Source Interface's assigned role (LAN, WAN, etc.) string 10

srcip Source IP ip 39

srcport Source Port uint16 5

subtype Log subtype string 20

time Time string 8

trueclntip True-Client-IP HTTP header ip 39

type Log type string 16

tz Time Zone string 5

unauthuser Unauthenticated user string 66

unauthusersource Unauthenticated user source string 66

url The URL address string 512

urlfilteridx URL filter ID uint32 10

urlfilterlist URL filter list string 64

urlsource URL source string 64

user User name string 256

vd Virtual domain name string 32

vrf Virtual router forwarding uint8 3

FortiOS 6.4.7 Log Reference 1296


Fortinet, Inc.
Log Messages

12547 - LOG_ID_URL_FILTER_INVALID_HOSTNAME_HTTP_BLK

Message ID: 12547


Message Description: LOG_ID_URL_FILTER_INVALID_HOSTNAME_HTTP_BLK
Message Meaning: The request contained an invalid domain name
Type: Web
Category: URLFILTER
Severity: Notice

Log Field Name Description Data Type Length

action Security action performed by WF: blocked - url is blocked by string 11


webfilter passthrough - url is allowed by webfilter

authserver Authentication server for the user string 64

craction Client Reputation Action uint32 10

crlevel Client Reputation level string 10

crscore Client Reputation Score uint32 10

date Date string 10

devid Device ID string 16

direction Direction of the web traffic string 8

dstintf Destination Interface string 32

dstintfrole Destination Interface's assigned role (LAN, WAN, etc.) string 10

dstip Destination IP ip 39

dstport Destination Port uint16 5

eventtime Web Filter event time uint64 20

eventtype Web Filter event type string 32

fctuid FortiClient UID string 32

forwardedfor X-Forwarded-For HTTP header string 128

group User group name string 64

hostname The host name of a URL string 256

level Log Level string 11

logid Log ID string 10

msg Log message string 512

policyid Policy ID uint32 10

profile Web Filter profile name string 64

FortiOS 6.4.7 Log Reference 1297


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

rawdata Extended logging data including HTTP method, URL, client string 1024
content type, server content type, user agent, referer, x-
forwarded-for

rcvdbyte Received Bytes uint64 20

referralurl Referrer URI string 512

reqtype Request type string 8

sentbyte Sent Bytes uint64 20

service Service name string 36

sessionid Session ID uint32 10

srcdomain string 255

srcintf Source Interface string 32

srcintfrole Source Interface's assigned role (LAN, WAN, etc.) string 10

srcip Source IP ip 39

srcport Source Port uint16 5

subtype Log subtype string 20

time Time string 8

trueclntip True-Client-IP HTTP header ip 39

type Log type string 16

tz Time Zone string 5

unauthuser Unauthenticated user string 66

unauthusersource Unauthenticated user source string 66

url The URL address string 512

user User name string 256

vd Virtual domain name string 32

vrf Virtual router forwarding uint8 3

12548 - LOG_ID_URL_FILTER_INVALID_HOSTNAME_HTTPS_BLK

Message ID: 12548


Message Description: LOG_ID_URL_FILTER_INVALID_HOSTNAME_HTTPS_BLK
Message Meaning: HTTP certificate request contained an invalid domain name
Type: Web
Category: URLFILTER

FortiOS 6.4.7 Log Reference 1298


Fortinet, Inc.
Log Messages

Severity: Notice

Log Field Name Description Data Type Length

action Security action performed by WF: blocked - url is blocked by string 11


webfilter passthrough - url is allowed by webfilter

authserver Authentication server for the user string 64

craction Client Reputation Action uint32 10

crlevel Client Reputation level string 10

crscore Client Reputation Score uint32 10

date Date string 10

devid Device ID string 16

direction Direction of the web traffic string 8

dstintf Destination Interface string 32

dstintfrole Destination Interface's assigned role (LAN, WAN, etc.) string 10

dstip Destination IP ip 39

dstport Destination Port uint16 5

eventtime Web Filter event time uint64 20

eventtype Web Filter event type string 32

fctuid FortiClient UID string 32

forwardedfor X-Forwarded-For HTTP header string 128

group User group name string 64

hostname The host name of a URL string 256

level Log Level string 11

logid Log ID string 10

msg Log message string 512

policyid Policy ID uint32 10

profile Web Filter profile name string 64

rawdata Extended logging data including HTTP method, URL, client string 1024
content type, server content type, user agent, referer, x-
forwarded-for

rcvdbyte Received Bytes uint64 20

referralurl Referrer URI string 512

reqtype Request type string 8

sentbyte Sent Bytes uint64 20

FortiOS 6.4.7 Log Reference 1299


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

service Service name string 36

sessionid Session ID uint32 10

srcdomain string 255

srcintf Source Interface string 32

srcintfrole Source Interface's assigned role (LAN, WAN, etc.) string 10

srcip Source IP ip 39

srcport Source Port uint16 5

subtype Log subtype string 20

time Time string 8

trueclntip True-Client-IP HTTP header ip 39

type Log type string 16

tz Time Zone string 5

unauthuser Unauthenticated user string 66

unauthusersource Unauthenticated user source string 66

url The URL address string 512

user User name string 256

vd Virtual domain name string 32

vrf Virtual router forwarding uint8 3

12549 - LOG_ID_URL_FILTER_INVALID_HOSTNAME_HTTP_PASS

Message ID: 12549


Message Description: LOG_ID_URL_FILTER_INVALID_HOSTNAME_HTTP_PASS
Message Meaning: HTTP request contained an invalid name so the session has been filtered by IP only
Type: Web
Category: URLFILTER
Severity: Information

Log Field Name Description Data Type Length

action Security action performed by WF: blocked - url is blocked by string 11


webfilter passthrough - url is allowed by webfilter

authserver Authentication server for the user string 64

craction Client Reputation Action uint32 10

FortiOS 6.4.7 Log Reference 1300


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

crlevel Client Reputation level string 10

crscore Client Reputation Score uint32 10

date Date string 10

devid Device ID string 16

direction Direction of the web traffic string 8

dstintf Destination Interface string 32

dstintfrole Destination Interface's assigned role (LAN, WAN, etc.) string 10

dstip Destination IP ip 39

dstport Destination Port uint16 5

eventtime Web Filter event time uint64 20

eventtype Web Filter event type string 32

fctuid FortiClient UID string 32

forwardedfor X-Forwarded-For HTTP header string 128

group User group name string 64

hostname The host name of a URL string 256

level Log Level string 11

logid Log ID string 10

msg Log message string 512

policyid Policy ID uint32 10

profile Web Filter profile name string 64

rawdata Extended logging data including HTTP method, URL, client string 1024
content type, server content type, user agent, referer, x-
forwarded-for

rcvdbyte Received Bytes uint64 20

referralurl Referrer URI string 512

reqtype Request type string 8

sentbyte Sent Bytes uint64 20

service Service name string 36

sessionid Session ID uint32 10

srcdomain string 255

srcintf Source Interface string 32

FortiOS 6.4.7 Log Reference 1301


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

srcintfrole Source Interface's assigned role (LAN, WAN, etc.) string 10

srcip Source IP ip 39

srcport Source Port uint16 5

subtype Log subtype string 20

time Time string 8

trueclntip True-Client-IP HTTP header ip 39

type Log type string 16

tz Time Zone string 5

unauthuser Unauthenticated user string 66

unauthusersource Unauthenticated user source string 66

url The URL address string 512

user User name string 256

vd Virtual domain name string 32

vrf Virtual router forwarding uint8 3

12550 - LOG_ID_URL_FILTER_INVALID_HOSTNAME_HTTPS_PASS

Message ID: 12550


Message Description: LOG_ID_URL_FILTER_INVALID_HOSTNAME_HTTPS_PASS
Message Meaning: HTTPS request contained an invalid name so the session has been filtered by IP only
Type: Web
Category: URLFILTER
Severity: Information

Log Field Name Description Data Type Length

action Security action performed by WF: blocked - url is blocked by string 11


webfilter passthrough - url is allowed by webfilter

authserver Authentication server for the user string 64

craction Client Reputation Action uint32 10

crlevel Client Reputation level string 10

crscore Client Reputation Score uint32 10

date Date string 10

devid Device ID string 16

FortiOS 6.4.7 Log Reference 1302


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

direction Direction of the web traffic string 8

dstintf Destination Interface string 32

dstintfrole Destination Interface's assigned role (LAN, WAN, etc.) string 10

dstip Destination IP ip 39

dstport Destination Port uint16 5

eventtime Web Filter event time uint64 20

eventtype Web Filter event type string 32

fctuid FortiClient UID string 32

forwardedfor X-Forwarded-For HTTP header string 128

group User group name string 64

hostname The host name of a URL string 256

level Log Level string 11

logid Log ID string 10

msg Log message string 512

policyid Policy ID uint32 10

profile Web Filter profile name string 64

rawdata Extended logging data including HTTP method, URL, client string 1024
content type, server content type, user agent, referer, x-
forwarded-for

rcvdbyte Received Bytes uint64 20

referralurl Referrer URI string 512

reqtype Request type string 8

sentbyte Sent Bytes uint64 20

service Service name string 36

sessionid Session ID uint32 10

srcdomain string 255

srcintf Source Interface string 32

srcintfrole Source Interface's assigned role (LAN, WAN, etc.) string 10

srcip Source IP ip 39

srcport Source Port uint16 5

subtype Log subtype string 20

FortiOS 6.4.7 Log Reference 1303


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

time Time string 8

trueclntip True-Client-IP HTTP header ip 39

type Log type string 16

tz Time Zone string 5

unauthuser Unauthenticated user string 66

unauthusersource Unauthenticated user source string 66

url The URL address string 512

user User name string 256

vd Virtual domain name string 32

vrf Virtual router forwarding uint8 3

12551 - LOG_ID_URL_FILTER_INVALID_HOSTNAME_SNI_BLK

Message ID: 12551


Message Description: LOG_ID_URL_FILTER_INVALID_HOSTNAME_SNI_BLK
Message Meaning: Insufficient resources
Type: Web
Category: URLFILTER
Severity: Notice

Log Field Name Description Data Type Length

action Security action performed by WF: blocked - url is blocked by string 11


webfilter passthrough - url is allowed by webfilter

authserver Authentication server for the user string 64

craction Client Reputation Action uint32 10

crlevel Client Reputation level string 10

crscore Client Reputation Score uint32 10

date Date string 10

devid Device ID string 16

direction Direction of the web traffic string 8

dstintf Destination Interface string 32

dstintfrole Destination Interface's assigned role (LAN, WAN, etc.) string 10

dstip Destination IP ip 39

FortiOS 6.4.7 Log Reference 1304


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

dstport Destination Port uint16 5

eventtime Web Filter event time uint64 20

eventtype Web Filter event type string 32

fctuid FortiClient UID string 32

forwardedfor X-Forwarded-For HTTP header string 128

group User group name string 64

hostname The host name of a URL string 256

level Log Level string 11

logid Log ID string 10

msg Log message string 512

policyid Policy ID uint32 10

profile Web Filter profile name string 64

rawdata Extended logging data including HTTP method, URL, client string 1024
content type, server content type, user agent, referer, x-
forwarded-for

rcvdbyte Received Bytes uint64 20

referralurl Referrer URI string 512

reqtype Request type string 8

sentbyte Sent Bytes uint64 20

service Service name string 36

sessionid Session ID uint32 10

srcdomain string 255

srcintf Source Interface string 32

srcintfrole Source Interface's assigned role (LAN, WAN, etc.) string 10

srcip Source IP ip 39

srcport Source Port uint16 5

subtype Log subtype string 20

time Time string 8

trueclntip True-Client-IP HTTP header ip 39

type Log type string 16

tz Time Zone string 5

FortiOS 6.4.7 Log Reference 1305


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

unauthuser Unauthenticated user string 66

unauthusersource Unauthenticated user source string 66

url The URL address string 512

user User name string 256

vd Virtual domain name string 32

vrf Virtual router forwarding uint8 3

12552 - LOG_ID_URL_FILTER_INVALID_HOSTNAME_SNI_PASS

Message ID: 12552


Message Description: LOG_ID_URL_FILTER_INVALID_HOSTNAME_SNI_PASS
Message Meaning: Getting the host name failed
Type: Web
Category: URLFILTER
Severity: Information

Log Field Name Description Data Type Length

action Security action performed by WF: blocked - url is blocked by string 11


webfilter passthrough - url is allowed by webfilter

authserver Authentication server for the user string 64

craction Client Reputation Action uint32 10

crlevel Client Reputation level string 10

crscore Client Reputation Score uint32 10

date Date string 10

devid Device ID string 16

direction Direction of the web traffic string 8

dstintf Destination Interface string 32

dstintfrole Destination Interface's assigned role (LAN, WAN, etc.) string 10

dstip Destination IP ip 39

dstport Destination Port uint16 5

eventtime Web Filter event time uint64 20

eventtype Web Filter event type string 32

fctuid FortiClient UID string 32

FortiOS 6.4.7 Log Reference 1306


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

forwardedfor X-Forwarded-For HTTP header string 128

group User group name string 64

hostname The host name of a URL string 256

level Log Level string 11

logid Log ID string 10

msg Log message string 512

policyid Policy ID uint32 10

profile Web Filter profile name string 64

rawdata Extended logging data including HTTP method, URL, client string 1024
content type, server content type, user agent, referer, x-
forwarded-for

rcvdbyte Received Bytes uint64 20

referralurl Referrer URI string 512

reqtype Request type string 8

sentbyte Sent Bytes uint64 20

service Service name string 36

sessionid Session ID uint32 10

srcdomain string 255

srcintf Source Interface string 32

srcintfrole Source Interface's assigned role (LAN, WAN, etc.) string 10

srcip Source IP ip 39

srcport Source Port uint16 5

subtype Log subtype string 20

time Time string 8

trueclntip True-Client-IP HTTP header ip 39

type Log type string 16

tz Time Zone string 5

unauthuser Unauthenticated user string 66

unauthusersource Unauthenticated user source string 66

url The URL address string 512

user User name string 256

FortiOS 6.4.7 Log Reference 1307


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

vd Virtual domain name string 32

vrf Virtual router forwarding uint8 3

12553 - LOG_ID_URL_FILTER_INVALID_CERT

Message ID: 12553


Message Description: LOG_ID_URL_FILTER_INVALID_CERT
Message Meaning: Server certificate validation failed
Type: Web
Category: URLFILTER
Severity: Notice

Log Field Name Description Data Type Length

action Security action performed by WF: blocked - url is blocked by string 11


webfilter passthrough - url is allowed by webfilter

authserver Authentication server for the user string 64

craction Client Reputation Action uint32 10

crlevel Client Reputation level string 10

crscore Client Reputation Score uint32 10

date Date string 10

devid Device ID string 16

direction Direction of the web traffic string 8

dstintf Destination Interface string 32

dstintfrole Destination Interface's assigned role (LAN, WAN, etc.) string 10

dstip Destination IP ip 39

dstport Destination Port uint16 5

eventtime Web Filter event time uint64 20

eventtype Web Filter event type string 32

fctuid FortiClient UID string 32

forwardedfor X-Forwarded-For HTTP header string 128

group User group name string 64

hostname The host name of a URL string 256

level Log Level string 11

FortiOS 6.4.7 Log Reference 1308


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

logid Log ID string 10

msg Log message string 512

policyid Policy ID uint32 10

profile Web Filter profile name string 64

rawdata Extended logging data including HTTP method, URL, client string 1024
content type, server content type, user agent, referer, x-
forwarded-for

rcvdbyte Received Bytes uint64 20

referralurl Referrer URI string 512

reqtype Request type string 8

sentbyte Sent Bytes uint64 20

service Service name string 36

sessionid Session ID uint32 10

srcdomain string 255

srcintf Source Interface string 32

srcintfrole Source Interface's assigned role (LAN, WAN, etc.) string 10

srcip Source IP ip 39

srcport Source Port uint16 5

subtype Log subtype string 20

time Time string 8

trueclntip True-Client-IP HTTP header ip 39

type Log type string 16

tz Time Zone string 5

unauthuser Unauthenticated user string 66

unauthusersource Unauthenticated user source string 66

url The URL address string 512

user User name string 256

vd Virtual domain name string 32

vrf Virtual router forwarding uint8 3

12554 - LOG_ID_URL_FILTER_INVALID_SESSION

Message ID: 12554

FortiOS 6.4.7 Log Reference 1309


Fortinet, Inc.
Log Messages

Message Description: LOG_ID_URL_FILTER_INVALID_SESSION


Message Meaning: SSL session blocked because its identification number was unknown
Type: Web
Category: URLFILTER
Severity: Notice

Log Field Name Description Data Type Length

action Security action performed by WF: blocked - url is blocked by string 11


webfilter passthrough - url is allowed by webfilter

authserver Authentication server for the user string 64

craction Client Reputation Action uint32 10

crlevel Client Reputation level string 10

crscore Client Reputation Score uint32 10

date Date string 10

devid Device ID string 16

direction Direction of the web traffic string 8

dstintf Destination Interface string 32

dstintfrole Destination Interface's assigned role (LAN, WAN, etc.) string 10

dstip Destination IP ip 39

dstport Destination Port uint16 5

eventtime Web Filter event time uint64 20

eventtype Web Filter event type string 32

fctuid FortiClient UID string 32

forwardedfor X-Forwarded-For HTTP header string 128

group User group name string 64

hostname The host name of a URL string 256

level Log Level string 11

logid Log ID string 10

msg Log message string 512

policyid Policy ID uint32 10

profile Web Filter profile name string 64

rawdata Extended logging data including HTTP method, URL, client string 1024
content type, server content type, user agent, referer, x-
forwarded-for

FortiOS 6.4.7 Log Reference 1310


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

rcvdbyte Received Bytes uint64 20

referralurl Referrer URI string 512

reqtype Request type string 8

sentbyte Sent Bytes uint64 20

service Service name string 36

sessionid Session ID uint32 10

srcdomain string 255

srcintf Source Interface string 32

srcintfrole Source Interface's assigned role (LAN, WAN, etc.) string 10

srcip Source IP ip 39

srcport Source Port uint16 5

subtype Log subtype string 20

time Time string 8

trueclntip True-Client-IP HTTP header ip 39

type Log type string 16

tz Time Zone string 5

unauthuser Unauthenticated user string 66

unauthusersource Unauthenticated user source string 66

url The URL address string 512

user User name string 256

vd Virtual domain name string 32

vrf Virtual router forwarding uint8 3

12555 - LOG_ID_URL_FILTER_SRV_CERT_ERR_BLK

Message ID: 12555


Message Description: LOG_ID_URL_FILTER_SRV_CERT_ERR_BLK
Message Meaning: SSL session blocked
Type: Web
Category: URLFILTER
Severity: Notice

FortiOS 6.4.7 Log Reference 1311


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

action Security action performed by WF: blocked - url is blocked by string 11


webfilter passthrough - url is allowed by webfilter

authserver Authentication server for the user string 64

craction Client Reputation Action uint32 10

crlevel Client Reputation level string 10

crscore Client Reputation Score uint32 10

date Date string 10

devid Device ID string 16

direction Direction of the web traffic string 8

dstintf Destination Interface string 32

dstintfrole Destination Interface's assigned role (LAN, WAN, etc.) string 10

dstip Destination IP ip 39

dstport Destination Port uint16 5

eventtime Web Filter event time uint64 20

eventtype Web Filter event type string 32

fctuid FortiClient UID string 32

forwardedfor X-Forwarded-For HTTP header string 128

group User group name string 64

hostname The host name of a URL string 256

level Log Level string 11

logid Log ID string 10

msg Log message string 512

policyid Policy ID uint32 10

profile Web Filter profile name string 64

rawdata Extended logging data including HTTP method, URL, client string 1024
content type, server content type, user agent, referer, x-
forwarded-for

rcvdbyte Received Bytes uint64 20

referralurl Referrer URI string 512

reqtype Request type string 8

sentbyte Sent Bytes uint64 20

FortiOS 6.4.7 Log Reference 1312


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

service Service name string 36

sessionid Session ID uint32 10

srcdomain string 255

srcintf Source Interface string 32

srcintfrole Source Interface's assigned role (LAN, WAN, etc.) string 10

srcip Source IP ip 39

srcport Source Port uint16 5

subtype Log subtype string 20

time Time string 8

trueclntip True-Client-IP HTTP header ip 39

type Log type string 16

tz Time Zone string 5

unauthuser Unauthenticated user string 66

unauthusersource Unauthenticated user source string 66

url The URL address string 512

user User name string 256

vd Virtual domain name string 32

vrf Virtual router forwarding uint8 3

12556 - LOG_ID_URL_FILTER_SRV_CERT_ERR_PASS

Message ID: 12556


Message Description: LOG_ID_URL_FILTER_SRV_CERT_ERR_PASS
Message Meaning: SSL session ignored
Type: Web
Category: URLFILTER
Severity: Notice

Log Field Name Description Data Type Length

action Security action performed by WF: blocked - url is blocked by string 11


webfilter passthrough - url is allowed by webfilter

authserver Authentication server for the user string 64

craction Client Reputation Action uint32 10

FortiOS 6.4.7 Log Reference 1313


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

crlevel Client Reputation level string 10

crscore Client Reputation Score uint32 10

date Date string 10

devid Device ID string 16

direction Direction of the web traffic string 8

dstintf Destination Interface string 32

dstintfrole Destination Interface's assigned role (LAN, WAN, etc.) string 10

dstip Destination IP ip 39

dstport Destination Port uint16 5

eventtime Web Filter event time uint64 20

eventtype Web Filter event type string 32

fctuid FortiClient UID string 32

forwardedfor X-Forwarded-For HTTP header string 128

group User group name string 64

hostname The host name of a URL string 256

level Log Level string 11

logid Log ID string 10

msg Log message string 512

policyid Policy ID uint32 10

profile Web Filter profile name string 64

rawdata Extended logging data including HTTP method, URL, client string 1024
content type, server content type, user agent, referer, x-
forwarded-for

rcvdbyte Received Bytes uint64 20

referralurl Referrer URI string 512

reqtype Request type string 8

sentbyte Sent Bytes uint64 20

service Service name string 36

sessionid Session ID uint32 10

srcdomain string 255

srcintf Source Interface string 32

FortiOS 6.4.7 Log Reference 1314


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

srcintfrole Source Interface's assigned role (LAN, WAN, etc.) string 10

srcip Source IP ip 39

srcport Source Port uint16 5

subtype Log subtype string 20

time Time string 8

trueclntip True-Client-IP HTTP header ip 39

type Log type string 16

tz Time Zone string 5

unauthuser Unauthenticated user string 66

unauthusersource Unauthenticated user source string 66

url The URL address string 512

user User name string 256

vd Virtual domain name string 32

vrf Virtual router forwarding uint8 3

12557 - LOG_ID_URL_FILTER_FAMS_NOT_ACTIVE

Message ID: 12557


Message Description: LOG_ID_URL_FILTER_FAMS_NOT_ACTIVE
Message Meaning: The FortiGuard Analysis and Management Service is not active. You must enable this service
Type: Web
Category: URLFILTER
Severity: Critical

Log Field Name Description Data Type Length

date Date string 10

devid Device ID string 16

eventtime Web Filter event time uint64 20

eventtype Web Filter event type string 32

level Log Level string 11

logid Log ID string 10

msg Log message string 512

FortiOS 6.4.7 Log Reference 1315


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

subtype Log subtype string 20

time Time string 8

type Log type string 16

tz Time Zone string 5

vd Virtual domain name string 32

12558 - LOG_ID_URL_FILTER_RATING_ERR

Message ID: 12558


Message Description: LOG_ID_URL_FILTER_RATING_ERR
Message Meaning: Rating error occurred
Type: Web
Category: URLFILTER
Severity: Information

Log Field Name Description Data Type Length

action Security action performed by WF: blocked - url is blocked by string 11


webfilter passthrough - url is allowed by webfilter

craction Client Reputation Action uint32 10

crlevel Client Reputation level string 10

crscore Client Reputation Score uint32 10

date Date string 10

devid Device ID string 16

dstip Destination IP ip 39

dstport Destination Port uint16 5

error URL rating error message string 256

eventtime Web Filter event time uint64 20

eventtype Web Filter event type string 32

fctuid FortiClient UID string 32

hostname The host name of a URL string 256

level Log Level string 11

logid Log ID string 10

msg Log message string 512

FortiOS 6.4.7 Log Reference 1316


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

srcdomain string 255

srcip Source IP ip 39

srcport Source Port uint16 5

subtype Log subtype string 20

time Time string 8

type Log type string 16

tz Time Zone string 5

unauthuser Unauthenticated user string 66

unauthusersource Unauthenticated user source string 66

url The URL address string 512

urltype URL filter type string 8

user User name string 256

vd Virtual domain name string 32

12559 - LOG_ID_URL_FILTER_PASS

Message ID: 12559


Message Description: LOG_ID_URL_FILTER_PASS
Message Meaning: URL passed because it was in the URL filter list
Type: Web
Category: URLFILTER
Severity: Information

Log Field Name Description Data Type Length

action Security action performed by WF: blocked - url is blocked by string 11


webfilter passthrough - url is allowed by webfilter

authserver Authentication server for the user string 64

craction Client Reputation Action uint32 10

crlevel Client Reputation level string 10

crscore Client Reputation Score uint32 10

date Date string 10

devid Device ID string 16

direction Direction of the web traffic string 8

FortiOS 6.4.7 Log Reference 1317


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

dstintf Destination Interface string 32

dstintfrole Destination Interface's assigned role (LAN, WAN, etc.) string 10

dstip Destination IP ip 39

dstport Destination Port uint16 5

eventtime Web Filter event time uint64 20

eventtype Web Filter event type string 32

fctuid FortiClient UID string 32

forwardedfor X-Forwarded-For HTTP header string 128

group User group name string 64

hostname The host name of a URL string 256

initiator The initiator user for override string 64

level Log Level string 11

logid Log ID string 10

msg Log message string 512

policyid Policy ID uint32 10

profile Web Filter profile name string 64

proto Protocol number uint8 3

rawdata Extended logging data including HTTP method, URL, client string 1024
content type, server content type, user agent, referer, x-
forwarded-for

rcvdbyte Received Bytes uint64 20

referralurl Referrer URI string 512

reqtype Request type string 8

sentbyte Sent Bytes uint64 20

service Service name string 36

sessionid Session ID uint32 10

srcdomain string 255

srcintf Source Interface string 32

srcintfrole Source Interface's assigned role (LAN, WAN, etc.) string 10

srcip Source IP ip 39

srcport Source Port uint16 5

FortiOS 6.4.7 Log Reference 1318


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

subtype Log subtype string 20

time Time string 8

trueclntip True-Client-IP HTTP header ip 39

type Log type string 16

tz Time Zone string 5

unauthuser Unauthenticated user string 66

unauthusersource Unauthenticated user source string 66

url The URL address string 512

urlfilteridx URL filter ID uint32 10

urlfilterlist URL filter list string 64

urlsource URL source string 64

user User name string 256

vd Virtual domain name string 32

vrf Virtual router forwarding uint8 3

12560 - LOG_ID_URL_WISP_BLOCK

Message ID: 12560


Message Description: LOG_ID_URL_WISP_BLOCK
Message Meaning: URL blocked by Websense service
Type: Web
Category: URLFILTER
Severity: Warning

Log Field Name Description Data Type Length

action Security action performed by WF: blocked - url is blocked by string 11


webfilter passthrough - url is allowed by webfilter

authserver Authentication server for the user string 64

craction Client Reputation Action uint32 10

crlevel Client Reputation level string 10

crscore Client Reputation Score uint32 10

date Date string 10

devid Device ID string 16

FortiOS 6.4.7 Log Reference 1319


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

direction Direction of the web traffic string 8

dstintf Destination Interface string 32

dstintfrole Destination Interface's assigned role (LAN, WAN, etc.) string 10

dstip Destination IP ip 39

dstport Destination Port uint16 5

eventtime Web Filter event time uint64 20

eventtype Web Filter event type string 32

fctuid FortiClient UID string 32

forwardedfor X-Forwarded-For HTTP header string 128

group User group name string 64

hostname The host name of a URL string 256

level Log Level string 11

logid Log ID string 10

msg Log message string 512

policyid Policy ID uint32 10

profile Web Filter profile name string 64

rawdata Extended logging data including HTTP method, URL, client string 1024
content type, server content type, user agent, referer, x-
forwarded-for

rcvdbyte Received Bytes uint64 20

referralurl Referrer URI string 512

reqtype Request type string 8

sentbyte Sent Bytes uint64 20

service Service name string 36

sessionid Session ID uint32 10

srcdomain string 255

srcintf Source Interface string 32

srcintfrole Source Interface's assigned role (LAN, WAN, etc.) string 10

srcip Source IP ip 39

srcport Source Port uint16 5

subtype Log subtype string 20

FortiOS 6.4.7 Log Reference 1320


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

time Time string 8

trueclntip True-Client-IP HTTP header ip 39

type Log type string 16

tz Time Zone string 5

unauthuser Unauthenticated user string 66

unauthusersource Unauthenticated user source string 66

url The URL address string 512

user User name string 256

vd Virtual domain name string 32

vrf Virtual router forwarding uint8 3

12561 - LOG_ID_URL_WISP_REDIR

Message ID: 12561


Message Description: LOG_ID_URL_WISP_REDIR
Message Meaning: URL blocked with redirect message by Websense service
Type: Web
Category: URLFILTER
Severity: Warning

Log Field Name Description Data Type Length

action Security action performed by WF: blocked - url is blocked by string 11


webfilter passthrough - url is allowed by webfilter

authserver Authentication server for the user string 64

craction Client Reputation Action uint32 10

crlevel Client Reputation level string 10

crscore Client Reputation Score uint32 10

date Date string 10

devid Device ID string 16

direction Direction of the web traffic string 8

dstintf Destination Interface string 32

dstintfrole Destination Interface's assigned role (LAN, WAN, etc.) string 10

dstip Destination IP ip 39

FortiOS 6.4.7 Log Reference 1321


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

dstport Destination Port uint16 5

eventtime Web Filter event time uint64 20

eventtype Web Filter event type string 32

fctuid FortiClient UID string 32

forwardedfor X-Forwarded-For HTTP header string 128

group User group name string 64

hostname The host name of a URL string 256

level Log Level string 11

logid Log ID string 10

msg Log message string 512

policyid Policy ID uint32 10

profile Web Filter profile name string 64

rawdata Extended logging data including HTTP method, URL, client string 1024
content type, server content type, user agent, referer, x-
forwarded-for

rcvdbyte Received Bytes uint64 20

referralurl Referrer URI string 512

reqtype Request type string 8

sentbyte Sent Bytes uint64 20

service Service name string 36

sessionid Session ID uint32 10

srcdomain string 255

srcintf Source Interface string 32

srcintfrole Source Interface's assigned role (LAN, WAN, etc.) string 10

srcip Source IP ip 39

srcport Source Port uint16 5

subtype Log subtype string 20

time Time string 8

trueclntip True-Client-IP HTTP header ip 39

type Log type string 16

tz Time Zone string 5

FortiOS 6.4.7 Log Reference 1322


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

unauthuser Unauthenticated user string 66

unauthusersource Unauthenticated user source string 66

url The URL address string 512

user User name string 256

vd Virtual domain name string 32

vrf Virtual router forwarding uint8 3

12562 - LOG_ID_URL_WISP_ALLOW

Message ID: 12562


Message Description: LOG_ID_URL_WISP_ALLOW
Message Meaning: URL allowed by Websense service
Type: Web
Category: URLFILTER
Severity: Information

Log Field Name Description Data Type Length

action Security action performed by WF: blocked - url is blocked by string 11


webfilter passthrough - url is allowed by webfilter

authserver Authentication server for the user string 64

craction Client Reputation Action uint32 10

crlevel Client Reputation level string 10

crscore Client Reputation Score uint32 10

date Date string 10

devid Device ID string 16

direction Direction of the web traffic string 8

dstintf Destination Interface string 32

dstintfrole Destination Interface's assigned role (LAN, WAN, etc.) string 10

dstip Destination IP ip 39

dstport Destination Port uint16 5

eventtime Web Filter event time uint64 20

eventtype Web Filter event type string 32

fctuid FortiClient UID string 32

FortiOS 6.4.7 Log Reference 1323


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

forwardedfor X-Forwarded-For HTTP header string 128

group User group name string 64

hostname The host name of a URL string 256

level Log Level string 11

logid Log ID string 10

msg Log message string 512

policyid Policy ID uint32 10

profile Web Filter profile name string 64

rawdata Extended logging data including HTTP method, URL, client string 1024
content type, server content type, user agent, referer, x-
forwarded-for

rcvdbyte Received Bytes uint64 20

referralurl Referrer URI string 512

reqtype Request type string 8

sentbyte Sent Bytes uint64 20

service Service name string 36

sessionid Session ID uint32 10

srcdomain string 255

srcintf Source Interface string 32

srcintfrole Source Interface's assigned role (LAN, WAN, etc.) string 10

srcip Source IP ip 39

srcport Source Port uint16 5

subtype Log subtype string 20

time Time string 8

trueclntip True-Client-IP HTTP header ip 39

type Log type string 16

tz Time Zone string 5

unauthuser Unauthenticated user string 66

unauthusersource Unauthenticated user source string 66

url The URL address string 512

user User name string 256

FortiOS 6.4.7 Log Reference 1324


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

vd Virtual domain name string 32

vrf Virtual router forwarding uint8 3

12688 - LOG_ID_WEB_SSL_EXEMPT

Message ID: 12688


Message Description: LOG_ID_WEB_SSL_EXEMPT
Message Meaning: URL address was exempted because it was found in the ssl-exempt
Type: Web
Category: SSL-EXEMPT
Severity: Information

Log Field Name Description Data Type Length

action Security action performed by WF: blocked - url is blocked by string 11


webfilter passthrough - url is allowed by webfilter

authserver Authentication server for the user string 64

cat Web category ID uint8 3

catdesc Web category description string 64

craction Client Reputation Action uint32 10

crlevel Client Reputation level string 10

crscore Client Reputation Score uint32 10

date Date string 10

devid Device ID string 16

direction Direction of the web traffic string 8

dstintf Destination Interface string 32

dstintfrole Destination Interface's assigned role (LAN, WAN, etc.) string 10

dstip Destination IP ip 39

dstport Destination Port uint16 5

eventtime Web Filter event time uint64 20

eventtype Web Filter event type string 32

fctuid FortiClient UID string 32

forwardedfor X-Forwarded-For HTTP header string 128

group User group name string 64

FortiOS 6.4.7 Log Reference 1325


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

hostname The host name of a URL string 256

initiator The initiator user for override string 64

level Log Level string 11

logid Log ID string 10

method Rating override method by URL domain name or IP address string 6

msg Log message string 512

policyid Policy ID uint32 10

profile Web Filter profile name string 64

proto Protocol number uint8 3

quotamax Maximum quota allowed - in seconds if time-based - in bytes if uint64 20


traffic-based

quotatype Quota type string 16

quotaused Quota used - in seconds if time-based - in bytes if traffic-based uint64 20

rawdata Extended logging data including HTTP method, URL, client string 1024
content type, server content type, user agent, referer, x-
forwarded-for

rcvdbyte Received Bytes uint64 20

referralurl Referrer URI string 512

reqtype Request type string 8

sentbyte Sent Bytes uint64 20

service Service name string 36

sessionid Session ID uint32 10

srcdomain string 255

srcintf Source Interface string 32

srcintfrole Source Interface's assigned role (LAN, WAN, etc.) string 10

srcip Source IP ip 39

srcport Source Port uint16 5

subtype Log subtype string 20

time Time string 8

trueclntip True-Client-IP HTTP header ip 39

type Log type string 16

FortiOS 6.4.7 Log Reference 1326


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

tz Time Zone string 5

unauthuser Unauthenticated user string 66

unauthusersource Unauthenticated user source string 66

url The URL address string 512

urlsource URL source string 64

user User name string 256

vd Virtual domain name string 32

vrf Virtual router forwarding uint8 3

12800 - LOG_ID_WEB_FTGD_ERR

Message ID: 12800


Message Description: LOG_ID_WEB_FTGD_ERR
Message Meaning: Rating error occurred (error)
Type: Web
Category: FTGD_ERR
Severity: Error

Log Field Name Description Data Type Length

action Security action performed by WF: blocked - url is blocked by string 11


webfilter passthrough - url is allowed by webfilter

authserver Authentication server for the user string 64

craction Client Reputation Action uint32 10

crlevel Client Reputation level string 10

crscore Client Reputation Score uint32 10

date Date string 10

devid Device ID string 16

direction Direction of the web traffic string 8

dstintf Destination Interface string 32

dstintfrole Destination Interface's assigned role (LAN, WAN, etc.) string 10

dstip Destination IP ip 39

dstport Destination Port uint16 5

error URL rating error message string 256

FortiOS 6.4.7 Log Reference 1327


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

eventtime Web Filter event time uint64 20

eventtype Web Filter event type string 32

fctuid FortiClient UID string 32

forwardedfor X-Forwarded-For HTTP header string 128

group User group name string 64

hostname The host name of a URL string 256

initiator The initiator user for override string 64

level Log Level string 11

logid Log ID string 10

msg Log message string 512

policyid Policy ID uint32 10

profile Web Filter profile name string 64

proto Protocol number uint8 3

rawdata Extended logging data including HTTP method, URL, client string 1024
content type, server content type, user agent, referer, x-
forwarded-for

rcvdbyte Received Bytes uint64 20

referralurl Referrer URI string 512

reqtype Request type string 8

sentbyte Sent Bytes uint64 20

service Service name string 36

sessionid Session ID uint32 10

srcdomain string 255

srcintf Source Interface string 32

srcintfrole Source Interface's assigned role (LAN, WAN, etc.) string 10

srcip Source IP ip 39

srcport Source Port uint16 5

subtype Log subtype string 20

time Time string 8

trueclntip True-Client-IP HTTP header ip 39

type Log type string 16

FortiOS 6.4.7 Log Reference 1328


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

tz Time Zone string 5

unauthuser Unauthenticated user string 66

unauthusersource Unauthenticated user source string 66

url The URL address string 512

user User name string 256

vd Virtual domain name string 32

vrf Virtual router forwarding uint8 3

12801 - LOG_ID_WEB_FTGD_WARNING

Message ID: 12801


Message Description: LOG_ID_WEB_FTGD_WARNING
Message Meaning: Rating error occurred (warning)
Type: Web
Category: FTGD_ERR
Severity: Warning

Log Field Name Description Data Type Length

action Security action performed by WF: blocked - url is blocked by string 11


webfilter passthrough - url is allowed by webfilter

authserver Authentication server for the user string 64

craction Client Reputation Action uint32 10

crlevel Client Reputation level string 10

crscore Client Reputation Score uint32 10

date Date string 10

devid Device ID string 16

direction Direction of the web traffic string 8

dstintf Destination Interface string 32

dstintfrole Destination Interface's assigned role (LAN, WAN, etc.) string 10

dstip Destination IP ip 39

dstport Destination Port uint16 5

error URL rating error message string 256

eventtime Web Filter event time uint64 20

FortiOS 6.4.7 Log Reference 1329


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

eventtype Web Filter event type string 32

fctuid FortiClient UID string 32

forwardedfor X-Forwarded-For HTTP header string 128

group User group name string 64

hostname The host name of a URL string 256

initiator The initiator user for override string 64

level Log Level string 11

logid Log ID string 10

msg Log message string 512

policyid Policy ID uint32 10

profile Web Filter profile name string 64

proto Protocol number uint8 3

rawdata Extended logging data including HTTP method, URL, client string 1024
content type, server content type, user agent, referer, x-
forwarded-for

rcvdbyte Received Bytes uint64 20

referralurl Referrer URI string 512

reqtype Request type string 8

sentbyte Sent Bytes uint64 20

service Service name string 36

sessionid Session ID uint32 10

srcdomain string 255

srcintf Source Interface string 32

srcintfrole Source Interface's assigned role (LAN, WAN, etc.) string 10

srcip Source IP ip 39

srcport Source Port uint16 5

subtype Log subtype string 20

time Time string 8

trueclntip True-Client-IP HTTP header ip 39

type Log type string 16

tz Time Zone string 5

FortiOS 6.4.7 Log Reference 1330


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

unauthuser Unauthenticated user string 66

unauthusersource Unauthenticated user source string 66

url The URL address string 512

user User name string 256

vd Virtual domain name string 32

vrf Virtual router forwarding uint8 3

12802 - LOG_ID_WEB_FTGD_QUOTA

Message ID: 12802


Message Description: LOG_ID_WEB_FTGD_QUOTA
Message Meaning: Daily FortiGuard quota status
Type: Web
Category: FTGD_QUOTA
Severity: Information

Log Field Name Description Data Type Length

catdesc Web category description string 64

date Date string 10

devid Device ID string 16

eventtime Web Filter event time uint64 20

eventtype Web Filter event type string 32

level Log Level string 11

logid Log ID string 10

profile Web Filter profile name string 64

quotaexceeded Quota has been exceeded string 3

quotamax Maximum quota allowed - in seconds if time-based - in bytes if uint64 20


traffic-based

quotatype Quota type string 16

quotaused Quota used - in seconds if time-based - in bytes if traffic-based uint64 20

subtype Log subtype string 20

time Time string 8

type Log type string 16

FortiOS 6.4.7 Log Reference 1331


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

tz Time Zone string 5

user User name string 256

vd Virtual domain name string 32

13056 - LOG_ID_WEB_FTGD_CAT_BLK

Message ID: 13056


Message Description: LOG_ID_WEB_FTGD_CAT_BLK
Message Meaning: URL belongs to an blocked category within the firewall policy
Type: Web
Category: FTGD_BLK
Severity: Warning

Log Field Name Description Data Type Length

action Security action performed by WF: blocked - url is blocked by string 11


webfilter passthrough - url is allowed by webfilter

authserver Authentication server for the user string 64

cat Web category ID uint8 3

catdesc Web category description string 64

craction Client Reputation Action uint32 10

crlevel Client Reputation level string 10

crscore Client Reputation Score uint32 10

date Date string 10

devid Device ID string 16

direction Direction of the web traffic string 8

dstintf Destination Interface string 32

dstintfrole Destination Interface's assigned role (LAN, WAN, etc.) string 10

dstip Destination IP ip 39

dstport Destination Port uint16 5

eventtime Web Filter event time uint64 20

eventtype Web Filter event type string 32

fctuid FortiClient UID string 32

forwardedfor X-Forwarded-For HTTP header string 128

FortiOS 6.4.7 Log Reference 1332


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

group User group name string 64

hostname The host name of a URL string 256

initiator The initiator user for override string 64

level Log Level string 11

logid Log ID string 10

method Rating override method by URL domain name or IP address string 6

msg Log message string 512

policyid Policy ID uint32 10

profile Web Filter profile name string 64

proto Protocol number uint8 3

quotamax Maximum quota allowed - in seconds if time-based - in bytes if uint64 20


traffic-based

quotatype Quota type string 16

quotaused Quota used - in seconds if time-based - in bytes if traffic-based uint64 20

rawdata Extended logging data including HTTP method, URL, client string 1024
content type, server content type, user agent, referer, x-
forwarded-for

rcvdbyte Received Bytes uint64 20

referralurl Referrer URI string 512

reqtype Request type string 8

sentbyte Sent Bytes uint64 20

service Service name string 36

sessionid Session ID uint32 10

srcdomain string 255

srcintf Source Interface string 32

srcintfrole Source Interface's assigned role (LAN, WAN, etc.) string 10

srcip Source IP ip 39

srcport Source Port uint16 5

subtype Log subtype string 20

time Time string 8

trueclntip True-Client-IP HTTP header ip 39

FortiOS 6.4.7 Log Reference 1333


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

type Log type string 16

tz Time Zone string 5

unauthuser Unauthenticated user string 66

unauthusersource Unauthenticated user source string 66

url The URL address string 512

urlsource URL source string 64

user User name string 256

vd Virtual domain name string 32

vrf Virtual router forwarding uint8 3

13057 - LOG_ID_WEB_FTGD_CAT_WARN

Message ID: 13057


Message Description: LOG_ID_WEB_FTGD_CAT_WARN
Message Meaning: URL belongs to a category with warnings enabled
Type: Web
Category: FTGD_BLK
Severity: Warning

Log Field Name Description Data Type Length

action Security action performed by WF: blocked - url is blocked by string 11


webfilter passthrough - url is allowed by webfilter

authserver Authentication server for the user string 64

cat Web category ID uint8 3

catdesc Web category description string 64

craction Client Reputation Action uint32 10

crlevel Client Reputation level string 10

crscore Client Reputation Score uint32 10

date Date string 10

devid Device ID string 16

direction Direction of the web traffic string 8

dstintf Destination Interface string 32

dstintfrole Destination Interface's assigned role (LAN, WAN, etc.) string 10

FortiOS 6.4.7 Log Reference 1334


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

dstip Destination IP ip 39

dstport Destination Port uint16 5

eventtime Web Filter event time uint64 20

eventtype Web Filter event type string 32

fctuid FortiClient UID string 32

forwardedfor X-Forwarded-For HTTP header string 128

group User group name string 64

hostname The host name of a URL string 256

initiator The initiator user for override string 64

level Log Level string 11

logid Log ID string 10

method Rating override method by URL domain name or IP address string 6

msg Log message string 512

policyid Policy ID uint32 10

profile Web Filter profile name string 64

proto Protocol number uint8 3

quotamax Maximum quota allowed - in seconds if time-based - in bytes if uint64 20


traffic-based

quotatype Quota type string 16

quotaused Quota used - in seconds if time-based - in bytes if traffic-based uint64 20

rawdata Extended logging data including HTTP method, URL, client string 1024
content type, server content type, user agent, referer, x-
forwarded-for

rcvdbyte Received Bytes uint64 20

referralurl Referrer URI string 512

reqtype Request type string 8

sentbyte Sent Bytes uint64 20

service Service name string 36

sessionid Session ID uint32 10

srcdomain string 255

srcintf Source Interface string 32

FortiOS 6.4.7 Log Reference 1335


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

srcintfrole Source Interface's assigned role (LAN, WAN, etc.) string 10

srcip Source IP ip 39

srcport Source Port uint16 5

subtype Log subtype string 20

time Time string 8

trueclntip True-Client-IP HTTP header ip 39

type Log type string 16

tz Time Zone string 5

unauthuser Unauthenticated user string 66

unauthusersource Unauthenticated user source string 66

url The URL address string 512

urlsource URL source string 64

user User name string 256

vd Virtual domain name string 32

vrf Virtual router forwarding uint8 3

13312 - LOG_ID_WEB_FTGD_CAT_ALLOW

Message ID: 13312


Message Description: LOG_ID_WEB_FTGD_CAT_ALLOW
Message Meaning: URL belongs to an allowed category within the firewall policy
Type: Web
Category: FTGD_ALLOW
Severity: Notice

Log Field Name Description Data Type Length

action Security action performed by WF: blocked - url is blocked by string 11


webfilter passthrough - url is allowed by webfilter

authserver Authentication server for the user string 64

cat Web category ID uint8 3

catdesc Web category description string 64

craction Client Reputation Action uint32 10

crlevel Client Reputation level string 10

FortiOS 6.4.7 Log Reference 1336


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

crscore Client Reputation Score uint32 10

date Date string 10

devid Device ID string 16

direction Direction of the web traffic string 8

dstintf Destination Interface string 32

dstintfrole Destination Interface's assigned role (LAN, WAN, etc.) string 10

dstip Destination IP ip 39

dstport Destination Port uint16 5

eventtime Web Filter event time uint64 20

eventtype Web Filter event type string 32

fctuid FortiClient UID string 32

forwardedfor X-Forwarded-For HTTP header string 128

group User group name string 64

hostname The host name of a URL string 256

initiator The initiator user for override string 64

level Log Level string 11

logid Log ID string 10

method Rating override method by URL domain name or IP address string 6

msg Log message string 512

policyid Policy ID uint32 10

profile Web Filter profile name string 64

proto Protocol number uint8 3

quotamax Maximum quota allowed - in seconds if time-based - in bytes if uint64 20


traffic-based

quotatype Quota type string 16

quotaused Quota used - in seconds if time-based - in bytes if traffic-based uint64 20

rawdata Extended logging data including HTTP method, URL, client string 1024
content type, server content type, user agent, referer, x-
forwarded-for

rcvdbyte Received Bytes uint64 20

referralurl Referrer URI string 512

FortiOS 6.4.7 Log Reference 1337


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

reqtype Request type string 8

sentbyte Sent Bytes uint64 20

service Service name string 36

sessionid Session ID uint32 10

srcdomain string 255

srcintf Source Interface string 32

srcintfrole Source Interface's assigned role (LAN, WAN, etc.) string 10

srcip Source IP ip 39

srcport Source Port uint16 5

subtype Log subtype string 20

time Time string 8

trueclntip True-Client-IP HTTP header ip 39

type Log type string 16

tz Time Zone string 5

unauthuser Unauthenticated user string 66

unauthusersource Unauthenticated user source string 66

url The URL address string 512

urlsource URL source string 64

user User name string 256

vd Virtual domain name string 32

vrf Virtual router forwarding uint8 3

13315 - LOG_ID_WEB_FTGD_QUOTA_COUNTING

Message ID: 13315


Message Description: LOG_ID_WEB_FTGD_QUOTA_COUNTING
Message Meaning: FortiGuard web filter category quota counting log message
Type: Web
Category: FTGD_QUOTA_COUNTING
Severity: Notice

FortiOS 6.4.7 Log Reference 1338


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

action Security action performed by WF: blocked - url is blocked by string 11


webfilter passthrough - url is allowed by webfilter

authserver Authentication server for the user string 64

cat Web category ID uint8 3

catdesc Web category description string 64

craction Client Reputation Action uint32 10

crlevel Client Reputation level string 10

crscore Client Reputation Score uint32 10

date Date string 10

devid Device ID string 16

direction Direction of the web traffic string 8

dstintf Destination Interface string 32

dstintfrole Destination Interface's assigned role (LAN, WAN, etc.) string 10

dstip Destination IP ip 39

dstport Destination Port uint16 5

eventtime Web Filter event time uint64 20

eventtype Web Filter event type string 32

fctuid FortiClient UID string 32

forwardedfor X-Forwarded-For HTTP header string 128

group User group name string 64

hostname The host name of a URL string 256

initiator The initiator user for override string 64

level Log Level string 11

logid Log ID string 10

method Rating override method by URL domain name or IP address string 6

msg Log message string 512

policyid Policy ID uint32 10

profile Web Filter profile name string 64

proto Protocol number uint8 3

quotamax Maximum quota allowed - in seconds if time-based - in bytes if uint64 20


traffic-based

FortiOS 6.4.7 Log Reference 1339


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

quotatype Quota type string 16

quotaused Quota used - in seconds if time-based - in bytes if traffic-based uint64 20

rawdata Extended logging data including HTTP method, URL, client string 1024
content type, server content type, user agent, referer, x-
forwarded-for

rcvdbyte Received Bytes uint64 20

referralurl Referrer URI string 512

reqtype Request type string 8

sentbyte Sent Bytes uint64 20

service Service name string 36

sessionid Session ID uint32 10

srcdomain string 255

srcintf Source Interface string 32

srcintfrole Source Interface's assigned role (LAN, WAN, etc.) string 10

srcip Source IP ip 39

srcport Source Port uint16 5

subtype Log subtype string 20

time Time string 8

trueclntip True-Client-IP HTTP header ip 39

type Log type string 16

tz Time Zone string 5

unauthuser Unauthenticated user string 66

unauthusersource Unauthenticated user source string 66

url The URL address string 512

urlsource URL source string 64

user User name string 256

vd Virtual domain name string 32

vrf Virtual router forwarding uint8 3

13316 - LOG_ID_WEB_FTGD_QUOTA_EXPIRED

Message ID: 13316


Message Description: LOG_ID_WEB_FTGD_QUOTA_EXPIRED

FortiOS 6.4.7 Log Reference 1340


Fortinet, Inc.
Log Messages

Message Meaning: FortiGuard web filter category quota expired log message
Type: Web
Category: FTGD_QUOTA_EXPIRED
Severity: Warning

Log Field Name Description Data Type Length

action Security action performed by WF: blocked - url is blocked by string 11


webfilter passthrough - url is allowed by webfilter

authserver Authentication server for the user string 64

cat Web category ID uint8 3

catdesc Web category description string 64

craction Client Reputation Action uint32 10

crlevel Client Reputation level string 10

crscore Client Reputation Score uint32 10

date Date string 10

devid Device ID string 16

direction Direction of the web traffic string 8

dstintf Destination Interface string 32

dstintfrole Destination Interface's assigned role (LAN, WAN, etc.) string 10

dstip Destination IP ip 39

dstport Destination Port uint16 5

eventtime Web Filter event time uint64 20

eventtype Web Filter event type string 32

fctuid FortiClient UID string 32

forwardedfor X-Forwarded-For HTTP header string 128

group User group name string 64

hostname The host name of a URL string 256

initiator The initiator user for override string 64

level Log Level string 11

logid Log ID string 10

method Rating override method by URL domain name or IP address string 6

msg Log message string 512

policyid Policy ID uint32 10

FortiOS 6.4.7 Log Reference 1341


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

profile Web Filter profile name string 64

proto Protocol number uint8 3

quotamax Maximum quota allowed - in seconds if time-based - in bytes if uint64 20


traffic-based

quotatype Quota type string 16

quotaused Quota used - in seconds if time-based - in bytes if traffic-based uint64 20

rawdata Extended logging data including HTTP method, URL, client string 1024
content type, server content type, user agent, referer, x-
forwarded-for

rcvdbyte Received Bytes uint64 20

referralurl Referrer URI string 512

reqtype Request type string 8

sentbyte Sent Bytes uint64 20

service Service name string 36

sessionid Session ID uint32 10

srcdomain string 255

srcintf Source Interface string 32

srcintfrole Source Interface's assigned role (LAN, WAN, etc.) string 10

srcip Source IP ip 39

srcport Source Port uint16 5

subtype Log subtype string 20

time Time string 8

trueclntip True-Client-IP HTTP header ip 39

type Log type string 16

tz Time Zone string 5

unauthuser Unauthenticated user string 66

unauthusersource Unauthenticated user source string 66

url The URL address string 512

urlsource URL source string 64

user User name string 256

vd Virtual domain name string 32

vrf Virtual router forwarding uint8 3

FortiOS 6.4.7 Log Reference 1342


Fortinet, Inc.
Log Messages

13317 - LOG_ID_WEB_URL

Message ID: 13317


Message Description: LOG_ID_WEB_URL
Message Meaning: URL has been visited
Type: Web
Category: URLMONITOR
Severity: Notice

Log Field Name Description Data Type Length

action Security action performed by WF: blocked - url is blocked by string 11


webfilter passthrough - url is allowed by webfilter

authserver Authentication server for the user string 64

cat Web category ID uint8 3

catdesc Web category description string 64

craction Client Reputation Action uint32 10

crlevel Client Reputation level string 10

crscore Client Reputation Score uint32 10

date Date string 10

devid Device ID string 16

direction Direction of the web traffic string 8

dstintf Destination Interface string 32

dstintfrole Destination Interface's assigned role (LAN, WAN, etc.) string 10

dstip Destination IP ip 39

dstport Destination Port uint16 5

eventtime Web Filter event time uint64 20

eventtype Web Filter event type string 32

fctuid FortiClient UID string 32

forwardedfor X-Forwarded-For HTTP header string 128

group User group name string 64

hostname The host name of a URL string 256

initiator The initiator user for override string 64

level Log Level string 11

logid Log ID string 10

FortiOS 6.4.7 Log Reference 1343


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

method Rating override method by URL domain name or IP address string 6

msg Log message string 512

policyid Policy ID uint32 10

profile Web Filter profile name string 64

proto Protocol number uint8 3

quotamax Maximum quota allowed - in seconds if time-based - in bytes if uint64 20


traffic-based

quotatype Quota type string 16

quotaused Quota used - in seconds if time-based - in bytes if traffic-based uint64 20

rawdata Extended logging data including HTTP method, URL, client string 1024
content type, server content type, user agent, referer, x-
forwarded-for

rcvdbyte Received Bytes uint64 20

referralurl Referrer URI string 512

reqtype Request type string 8

sentbyte Sent Bytes uint64 20

service Service name string 36

sessionid Session ID uint32 10

srcdomain string 255

srcintf Source Interface string 32

srcintfrole Source Interface's assigned role (LAN, WAN, etc.) string 10

srcip Source IP ip 39

srcport Source Port uint16 5

subtype Log subtype string 20

time Time string 8

trueclntip True-Client-IP HTTP header ip 39

type Log type string 16

tz Time Zone string 5

unauthuser Unauthenticated user string 66

unauthusersource Unauthenticated user source string 66

url The URL address string 512

FortiOS 6.4.7 Log Reference 1344


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

urlsource URL source string 64

user User name string 256

vd Virtual domain name string 32

vrf Virtual router forwarding uint8 3

13568 - LOG_ID_WEB_SCRIPTFILTER_ACTIVEX

Message ID: 13568


Message Description: LOG_ID_WEB_SCRIPTFILTER_ACTIVEX
Message Meaning: ActiveX script removed
Type: Web
Category: ACTIVEXFILTER
Severity: Notice

Log Field Name Description Data Type Length

action Security action performed by WF: blocked - url is blocked by string 11


webfilter passthrough - url is allowed by webfilter

authserver Authentication server for the user string 64

craction Client Reputation Action uint32 10

crlevel Client Reputation level string 10

crscore Client Reputation Score uint32 10

date Date string 10

devid Device ID string 16

direction Direction of the web traffic string 8

dstintf Destination Interface string 32

dstintfrole Destination Interface's assigned role (LAN, WAN, etc.) string 10

dstip Destination IP ip 39

dstport Destination Port uint16 5

eventtime Web Filter event time uint64 20

eventtype Web Filter event type string 32

fctuid FortiClient UID string 32

filtertype Filter type string 10

forwardedfor X-Forwarded-For HTTP header string 128

FortiOS 6.4.7 Log Reference 1345


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

group User group name string 64

hostname The host name of a URL string 256

initiator The initiator user for override string 64

level Log Level string 11

logid Log ID string 10

msg Log message string 512

policyid Policy ID uint32 10

profile Web Filter profile name string 64

proto Protocol number uint8 3

rawdata Extended logging data including HTTP method, URL, client string 1024
content type, server content type, user agent, referer, x-
forwarded-for

rcvdbyte Received Bytes uint64 20

referralurl Referrer URI string 512

reqtype Request type string 8

sentbyte Sent Bytes uint64 20

service Service name string 36

sessionid Session ID uint32 10

srcdomain string 255

srcintf Source Interface string 32

srcintfrole Source Interface's assigned role (LAN, WAN, etc.) string 10

srcip Source IP ip 39

srcport Source Port uint16 5

subtype Log subtype string 20

time Time string 8

trueclntip True-Client-IP HTTP header ip 39

type Log type string 16

tz Time Zone string 5

unauthuser Unauthenticated user string 66

unauthusersource Unauthenticated user source string 66

url The URL address string 512

FortiOS 6.4.7 Log Reference 1346


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

user User name string 256

vd Virtual domain name string 32

vrf Virtual router forwarding uint8 3

13573 - LOG_ID_WEB_SCRIPTFILTER_COOKIE

Message ID: 13573


Message Description: LOG_ID_WEB_SCRIPTFILTER_COOKIE
Message Meaning: Cookie removed
Type: Web
Category: COOKIEFILTER
Severity: Notice

Log Field Name Description Data Type Length

action Security action performed by WF: blocked - url is blocked by string 11


webfilter passthrough - url is allowed by webfilter

authserver Authentication server for the user string 64

craction Client Reputation Action uint32 10

crlevel Client Reputation level string 10

crscore Client Reputation Score uint32 10

date Date string 10

devid Device ID string 16

direction Direction of the web traffic string 8

dstintf Destination Interface string 32

dstintfrole Destination Interface's assigned role (LAN, WAN, etc.) string 10

dstip Destination IP ip 39

dstport Destination Port uint16 5

eventtime Web Filter event time uint64 20

eventtype Web Filter event type string 32

fctuid FortiClient UID string 32

filtertype Filter type string 10

forwardedfor X-Forwarded-For HTTP header string 128

group User group name string 64

FortiOS 6.4.7 Log Reference 1347


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

hostname The host name of a URL string 256

initiator The initiator user for override string 64

level Log Level string 11

logid Log ID string 10

msg Log message string 512

policyid Policy ID uint32 10

profile Web Filter profile name string 64

proto Protocol number uint8 3

rawdata Extended logging data including HTTP method, URL, client string 1024
content type, server content type, user agent, referer, x-
forwarded-for

rcvdbyte Received Bytes uint64 20

referralurl Referrer URI string 512

reqtype Request type string 8

sentbyte Sent Bytes uint64 20

service Service name string 36

sessionid Session ID uint32 10

srcdomain string 255

srcintf Source Interface string 32

srcintfrole Source Interface's assigned role (LAN, WAN, etc.) string 10

srcip Source IP ip 39

srcport Source Port uint16 5

subtype Log subtype string 20

time Time string 8

trueclntip True-Client-IP HTTP header ip 39

type Log type string 16

tz Time Zone string 5

unauthuser Unauthenticated user string 66

unauthusersource Unauthenticated user source string 66

url The URL address string 512

user User name string 256

FortiOS 6.4.7 Log Reference 1348


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

vd Virtual domain name string 32

vrf Virtual router forwarding uint8 3

13584 - LOG_ID_WEB_SCRIPTFILTER_APPLET

Message ID: 13584


Message Description: LOG_ID_WEB_SCRIPTFILTER_APPLET
Message Meaning: Java applet removed
Type: Web
Category: APPLETFILTER
Severity: Notice

Log Field Name Description Data Type Length

action Security action performed by WF: blocked - url is blocked by string 11


webfilter passthrough - url is allowed by webfilter

authserver Authentication server for the user string 64

craction Client Reputation Action uint32 10

crlevel Client Reputation level string 10

crscore Client Reputation Score uint32 10

date Date string 10

devid Device ID string 16

direction Direction of the web traffic string 8

dstintf Destination Interface string 32

dstintfrole Destination Interface's assigned role (LAN, WAN, etc.) string 10

dstip Destination IP ip 39

dstport Destination Port uint16 5

eventtime Web Filter event time uint64 20

eventtype Web Filter event type string 32

fctuid FortiClient UID string 32

filtertype Filter type string 10

forwardedfor X-Forwarded-For HTTP header string 128

group User group name string 64

hostname The host name of a URL string 256

FortiOS 6.4.7 Log Reference 1349


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

initiator The initiator user for override string 64

level Log Level string 11

logid Log ID string 10

msg Log message string 512

policyid Policy ID uint32 10

profile Web Filter profile name string 64

proto Protocol number uint8 3

rawdata Extended logging data including HTTP method, URL, client string 1024
content type, server content type, user agent, referer, x-
forwarded-for

rcvdbyte Received Bytes uint64 20

referralurl Referrer URI string 512

reqtype Request type string 8

sentbyte Sent Bytes uint64 20

service Service name string 36

sessionid Session ID uint32 10

srcdomain string 255

srcintf Source Interface string 32

srcintfrole Source Interface's assigned role (LAN, WAN, etc.) string 10

srcip Source IP ip 39

srcport Source Port uint16 5

subtype Log subtype string 20

time Time string 8

trueclntip True-Client-IP HTTP header ip 39

type Log type string 16

tz Time Zone string 5

unauthuser Unauthenticated user string 66

unauthusersource Unauthenticated user source string 66

url The URL address string 512

user User name string 256

vd Virtual domain name string 32

vrf Virtual router forwarding uint8 3

FortiOS 6.4.7 Log Reference 1350


Fortinet, Inc.
Log Messages

13600 - LOG_ID_WEB_SCRIPTFILTER_OTHER

Message ID: 13600


Message Description: LOG_ID_WEB_SCRIPTFILTER_OTHER
Message Meaning: Script entity removed
Type: Web
Category: SCRIPTFILTER
Severity: Notice

Log Field Name Description Data Type Length

action Security action performed by WF: blocked - url is blocked by string 11


webfilter passthrough - url is allowed by webfilter

authserver Authentication server for the user string 64

craction Client Reputation Action uint32 10

crlevel Client Reputation level string 10

crscore Client Reputation Score uint32 10

date Date string 10

devid Device ID string 16

direction Direction of the web traffic string 8

dstintf Destination Interface string 32

dstintfrole Destination Interface's assigned role (LAN, WAN, etc.) string 10

dstip Destination IP ip 39

dstport Destination Port uint16 5

eventtime Web Filter event time uint64 20

eventtype Web Filter event type string 32

fctuid FortiClient UID string 32

filtertype Filter type string 10

forwardedfor X-Forwarded-For HTTP header string 128

group User group name string 64

hostname The host name of a URL string 256

initiator The initiator user for override string 64

level Log Level string 11

logid Log ID string 10

msg Log message string 512

FortiOS 6.4.7 Log Reference 1351


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

policyid Policy ID uint32 10

profile Web Filter profile name string 64

proto Protocol number uint8 3

rawdata Extended logging data including HTTP method, URL, client string 1024
content type, server content type, user agent, referer, x-
forwarded-for

rcvdbyte Received Bytes uint64 20

referralurl Referrer URI string 512

reqtype Request type string 8

sentbyte Sent Bytes uint64 20

service Service name string 36

sessionid Session ID uint32 10

srcdomain string 255

srcintf Source Interface string 32

srcintfrole Source Interface's assigned role (LAN, WAN, etc.) string 10

srcip Source IP ip 39

srcport Source Port uint16 5

subtype Log subtype string 20

time Time string 8

trueclntip True-Client-IP HTTP header ip 39

type Log type string 16

tz Time Zone string 5

unauthuser Unauthenticated user string 66

unauthusersource Unauthenticated user source string 66

url The URL address string 512

user User name string 256

vd Virtual domain name string 32

vrf Virtual router forwarding uint8 3

13601 - LOG_ID_WEB_WF_COOKIE

Message ID: 13601


Message Description: LOG_ID_WEB_WF_COOKIE

FortiOS 6.4.7 Log Reference 1352


Fortinet, Inc.
Log Messages

Message Meaning: Cookie removed entirely


Type: Web
Category: COOKIEFILTER
Severity: Notice

Log Field Name Description Data Type Length

action Security action performed by WF: blocked - url is blocked by string 11


webfilter passthrough - url is allowed by webfilter

authserver Authentication server for the user string 64

craction Client Reputation Action uint32 10

crlevel Client Reputation level string 10

crscore Client Reputation Score uint32 10

date Date string 10

devid Device ID string 16

direction Direction of the web traffic string 8

dstintf Destination Interface string 32

dstintfrole Destination Interface's assigned role (LAN, WAN, etc.) string 10

dstip Destination IP ip 39

dstport Destination Port uint16 5

eventtime Web Filter event time uint64 20

eventtype Web Filter event type string 32

fctuid FortiClient UID string 32

filtertype Filter type string 10

forwardedfor X-Forwarded-For HTTP header string 128

group User group name string 64

hostname The host name of a URL string 256

initiator The initiator user for override string 64

level Log Level string 11

logid Log ID string 10

msg Log message string 512

policyid Policy ID uint32 10

profile Web Filter profile name string 64

proto Protocol number uint8 3

FortiOS 6.4.7 Log Reference 1353


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

rawdata Extended logging data including HTTP method, URL, client string 1024
content type, server content type, user agent, referer, x-
forwarded-for

rcvdbyte Received Bytes uint64 20

referralurl Referrer URI string 512

reqtype Request type string 8

sentbyte Sent Bytes uint64 20

service Service name string 36

sessionid Session ID uint32 10

srcdomain string 255

srcintf Source Interface string 32

srcintfrole Source Interface's assigned role (LAN, WAN, etc.) string 10

srcip Source IP ip 39

srcport Source Port uint16 5

subtype Log subtype string 20

time Time string 8

trueclntip True-Client-IP HTTP header ip 39

type Log type string 16

tz Time Zone string 5

unauthuser Unauthenticated user string 66

unauthusersource Unauthenticated user source string 66

url The URL address string 512

user User name string 256

vd Virtual domain name string 32

vrf Virtual router forwarding uint8 3

13602 - LOG_ID_WEB_WF_REFERER

Message ID: 13602


Message Description: LOG_ID_WEB_WF_REFERER
Message Meaning: Referrer removed from request
Type: Web
Category: COOKIEFILTER

FortiOS 6.4.7 Log Reference 1354


Fortinet, Inc.
Log Messages

Severity: Notice

Log Field Name Description Data Type Length

action Security action performed by WF: blocked - url is blocked by string 11


webfilter passthrough - url is allowed by webfilter

authserver Authentication server for the user string 64

craction Client Reputation Action uint32 10

crlevel Client Reputation level string 10

crscore Client Reputation Score uint32 10

date Date string 10

devid Device ID string 16

direction Direction of the web traffic string 8

dstintf Destination Interface string 32

dstintfrole Destination Interface's assigned role (LAN, WAN, etc.) string 10

dstip Destination IP ip 39

dstport Destination Port uint16 5

eventtime Web Filter event time uint64 20

eventtype Web Filter event type string 32

fctuid FortiClient UID string 32

filtertype Filter type string 10

forwardedfor X-Forwarded-For HTTP header string 128

group User group name string 64

hostname The host name of a URL string 256

initiator The initiator user for override string 64

level Log Level string 11

logid Log ID string 10

msg Log message string 512

policyid Policy ID uint32 10

profile Web Filter profile name string 64

proto Protocol number uint8 3

rawdata Extended logging data including HTTP method, URL, client string 1024
content type, server content type, user agent, referer, x-
forwarded-for

rcvdbyte Received Bytes uint64 20

FortiOS 6.4.7 Log Reference 1355


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

referralurl Referrer URI string 512

reqtype Request type string 8

sentbyte Sent Bytes uint64 20

service Service name string 36

sessionid Session ID uint32 10

srcdomain string 255

srcintf Source Interface string 32

srcintfrole Source Interface's assigned role (LAN, WAN, etc.) string 10

srcip Source IP ip 39

srcport Source Port uint16 5

subtype Log subtype string 20

time Time string 8

trueclntip True-Client-IP HTTP header ip 39

type Log type string 16

tz Time Zone string 5

unauthuser Unauthenticated user string 66

unauthusersource Unauthenticated user source string 66

url The URL address string 512

user User name string 256

vd Virtual domain name string 32

vrf Virtual router forwarding uint8 3

13603 - LOG_ID_WEB_WF_COMMAND_BLOCK

Message ID: 13603


Message Description: LOG_ID_WEB_WF_COMMAND_BLOCK
Message Meaning: Command blocked
Type: Web
Category: WEBFILTER_COMMAND_BLOCK
Severity: Warning

FortiOS 6.4.7 Log Reference 1356


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

action Security action performed by WF: blocked - url is blocked by string 11


webfilter passthrough - url is allowed by webfilter

authserver Authentication server for the user string 64

craction Client Reputation Action uint32 10

crlevel Client Reputation level string 10

crscore Client Reputation Score uint32 10

date Date string 10

devid Device ID string 16

direction Direction of the web traffic string 8

dstintf Destination Interface string 32

dstintfrole Destination Interface's assigned role (LAN, WAN, etc.) string 10

dstip Destination IP ip 39

dstport Destination Port uint16 5

eventtime Web Filter event time uint64 20

eventtype Web Filter event type string 32

fctuid FortiClient UID string 32

forwardedfor X-Forwarded-For HTTP header string 128

group User group name string 64

hostname The host name of a URL string 256

level Log Level string 11

logid Log ID string 10

msg Log message string 512

policyid Policy ID uint32 10

profile Web Filter profile name string 64

rawdata Extended logging data including HTTP method, URL, client string 1024
content type, server content type, user agent, referer, x-
forwarded-for

rcvdbyte Received Bytes uint64 20

referralurl Referrer URI string 512

reqtype Request type string 8

sentbyte Sent Bytes uint64 20

FortiOS 6.4.7 Log Reference 1357


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

service Service name string 36

sessionid Session ID uint32 10

srcdomain string 255

srcintf Source Interface string 32

srcintfrole Source Interface's assigned role (LAN, WAN, etc.) string 10

srcip Source IP ip 39

srcport Source Port uint16 5

subtype Log subtype string 20

time Time string 8

trueclntip True-Client-IP HTTP header ip 39

type Log type string 16

tz Time Zone string 5

unauthuser Unauthenticated user string 66

unauthusersource Unauthenticated user source string 66

url The URL address string 512

user User name string 256

vd Virtual domain name string 32

vrf Virtual router forwarding uint8 3

13616 - LOG_ID_CONTENT_TYPE_BLOCK

Message ID: 13616


Message Description: LOG_ID_CONTENT_TYPE_BLOCK
Message Meaning: Blocked by HTTP header content type
Type: Web
Category: CONTENT
Severity: Warning

Log Field Name Description Data Type Length

action Security action performed by WF: blocked - url is blocked by string 11


webfilter passthrough - url is allowed by webfilter

agent User agent - eg. agent="Mozilla/5.0" string 64

authserver Authentication server for the user string 64

FortiOS 6.4.7 Log Reference 1358


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

banword Banned word string 128

contenttype Content Type from HTTP header string 64

craction Client Reputation Action uint32 10

crlevel Client Reputation level string 10

crscore Client Reputation Score uint32 10

date Date string 10

devid Device ID string 16

direction Direction of the web traffic string 8

dstintf Destination Interface string 32

dstintfrole Destination Interface's assigned role (LAN, WAN, etc.) string 10

dstip Destination IP ip 39

dstport Destination Port uint16 5

eventtime Web Filter event time uint64 20

eventtype Web Filter event type string 32

fctuid FortiClient UID string 32

forwardedfor X-Forwarded-For HTTP header string 128

from MMS-only - From/To headers from the email string 128

group User group name string 64

hostname The host name of a URL string 256

initiator The initiator user for override string 64

keyword Keyword used for search string 512

level Log Level string 11

logid Log ID string 10

msg Log message string 512

policyid Policy ID uint32 10

profile Web Filter profile name string 64

proto Protocol number uint8 3

rawdata Extended logging data including HTTP method, URL, client string 1024
content type, server content type, user agent, referer, x-
forwarded-for

rcvdbyte Received Bytes uint64 20

FortiOS 6.4.7 Log Reference 1359


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

referralurl Referrer URI string 512

reqtype Request type string 8

sentbyte Sent Bytes uint64 20

service Service name string 36

sessionid Session ID uint32 10

srcdomain string 255

srcintf Source Interface string 32

srcintfrole Source Interface's assigned role (LAN, WAN, etc.) string 10

srcip Source IP ip 39

srcport Source Port uint16 5

subtype Log subtype string 20

time Time string 8

to MMS-only - From/To headers from the email string 512

trueclntip True-Client-IP HTTP header ip 39

type Log type string 16

tz Time Zone string 5

unauthuser Unauthenticated user string 66

unauthusersource Unauthenticated user source string 66

url The URL address string 512

user User name string 256

vd Virtual domain name string 32

vrf Virtual router forwarding uint8 3

13632 - LOGID_HTTP_HDR_CHG_REQ

Message ID: 13632


Message Description: LOGID_HTTP_HDR_CHG_REQ
Message Meaning: Depends on info in msg field
Type: Web
Category: HTTP_HEADER_CHANGE
Severity: Notice

FortiOS 6.4.7 Log Reference 1360


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

agent User agent - eg. agent="Mozilla/5.0" string 64

authserver Authentication server for the user string 64

chgheaders Change headers string 1024

date Date string 10

devid Device ID string 16

dstintf Destination Interface string 32

dstintfrole Destination Interface's assigned role (LAN, WAN, etc.) string 10

dstip Destination IP ip 39

dstport Destination Port uint16 5

eventtime Web Filter event time uint64 20

eventtype Web Filter event type string 32

group User group name string 64

level Log Level string 11

logid Log ID string 10

policyid Policy ID uint32 10

profile Web Filter profile name string 64

proto Protocol number uint8 3

service Service name string 36

sessionid Session ID uint32 10

srcintf Source Interface string 32

srcintfrole Source Interface's assigned role (LAN, WAN, etc.) string 10

srcip Source IP ip 39

srcport Source Port uint16 5

subtype Log subtype string 20

time Time string 8

transid Transaction ID uint32 10

type Log type string 16

tz Time Zone string 5

url The URL address string 512

user User name string 256

vd Virtual domain name string 32

FortiOS 6.4.7 Log Reference 1361


Fortinet, Inc.
Log Messages

13633 - LOGID_HTTP_HDR_CHG_RESP

Message ID: 13633


Message Description: LOGID_HTTP_HDR_CHG_RESP
Message Meaning: Depends on info in msg field
Type: Web
Category: HTTP_HEADER_CHANGE
Severity: Notice

Log Field Name Description Data Type Length

agent User agent - eg. agent="Mozilla/5.0" string 64

authserver Authentication server for the user string 64

chgheaders Change headers string 1024

date Date string 10

devid Device ID string 16

dstintf Destination Interface string 32

dstintfrole Destination Interface's assigned role (LAN, WAN, etc.) string 10

dstip Destination IP ip 39

dstport Destination Port uint16 5

eventtime Web Filter event time uint64 20

eventtype Web Filter event type string 32

group User group name string 64

level Log Level string 11

logid Log ID string 10

policyid Policy ID uint32 10

profile Web Filter profile name string 64

proto Protocol number uint8 3

service Service name string 36

sessionid Session ID uint32 10

srcintf Source Interface string 32

srcintfrole Source Interface's assigned role (LAN, WAN, etc.) string 10

srcip Source IP ip 39

srcport Source Port uint16 5

FortiOS 6.4.7 Log Reference 1362


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

subtype Log subtype string 20

time Time string 8

transid Transaction ID uint32 10

type Log type string 16

tz Time Zone string 5

url The URL address string 512

user User name string 256

vd Virtual domain name string 32

13648 - LOG_ID_WEB_WF_ANTIPHISH_MATCH_URL_ALLOW

Message ID: 13648


Message Description: LOG_ID_WEB_WF_ANTIPHISH_MATCH_URL_ALLOW
Message Meaning: Antiphishing matched a URL filter rule without blocking the request.
Type: Web
Category: ANTIPHISHING
Severity: Warning

Log Field Name Description Data Type Length

action Security action performed by WF: blocked - url is blocked by string 11


webfilter passthrough - url is allowed by webfilter

antiphishdc string 64

antiphishrule string 64

authserver Authentication server for the user string 64

cat Web category ID uint8 3

catdesc Web category description string 64

craction Client Reputation Action uint32 10

crlevel Client Reputation level string 10

crscore Client Reputation Score uint32 10

date Date string 10

devid Device ID string 16

direction Direction of the web traffic string 8

dstintf Destination Interface string 32

FortiOS 6.4.7 Log Reference 1363


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

dstintfrole Destination Interface's assigned role (LAN, WAN, etc.) string 10

dstip Destination IP ip 39

dstport Destination Port uint16 5

eventtime Web Filter event time uint64 20

eventtype Web Filter event type string 32

fctuid FortiClient UID string 32

forwardedfor X-Forwarded-For HTTP header string 128

group User group name string 64

hostname The host name of a URL string 256

initiator The initiator user for override string 64

level Log Level string 11

logid Log ID string 10

method Rating override method by URL domain name or IP address string 6

msg Log message string 512

policyid Policy ID uint32 10

profile Web Filter profile name string 64

proto Protocol number uint8 3

rawdata Extended logging data including HTTP method, URL, client string 1024
content type, server content type, user agent, referer, x-
forwarded-for

rcvdbyte Received Bytes uint64 20

referralurl Referrer URI string 512

reqtype Request type string 8

sentbyte Sent Bytes uint64 20

service Service name string 36

sessionid Session ID uint32 10

srcdomain string 255

srcintf Source Interface string 32

srcintfrole Source Interface's assigned role (LAN, WAN, etc.) string 10

srcip Source IP ip 39

srcport Source Port uint16 5

FortiOS 6.4.7 Log Reference 1364


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

subtype Log subtype string 20

time Time string 8

trueclntip True-Client-IP HTTP header ip 39

type Log type string 16

tz Time Zone string 5

unauthuser Unauthenticated user string 66

unauthusersource Unauthenticated user source string 66

url The URL address string 512

user User name string 256

vd Virtual domain name string 32

vrf Virtual router forwarding uint8 3

13649 - LOG_ID_WEB_WF_ANTIPHISH_MATCH_FTGD_ALLOW

Message ID: 13649


Message Description: LOG_ID_WEB_WF_ANTIPHISH_MATCH_FTGD_ALLOW
Message Meaning: Antiphishing matched a Fortiguard category rule without blocking the request.
Type: Web
Category: ANTIPHISHING
Severity: Warning

Log Field Name Description Data Type Length

action Security action performed by WF: blocked - url is blocked by string 11


webfilter passthrough - url is allowed by webfilter

antiphishdc string 64

antiphishrule string 64

authserver Authentication server for the user string 64

cat Web category ID uint8 3

catdesc Web category description string 64

craction Client Reputation Action uint32 10

crlevel Client Reputation level string 10

crscore Client Reputation Score uint32 10

date Date string 10

FortiOS 6.4.7 Log Reference 1365


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

devid Device ID string 16

direction Direction of the web traffic string 8

dstintf Destination Interface string 32

dstintfrole Destination Interface's assigned role (LAN, WAN, etc.) string 10

dstip Destination IP ip 39

dstport Destination Port uint16 5

eventtime Web Filter event time uint64 20

eventtype Web Filter event type string 32

fctuid FortiClient UID string 32

forwardedfor X-Forwarded-For HTTP header string 128

group User group name string 64

hostname The host name of a URL string 256

initiator The initiator user for override string 64

level Log Level string 11

logid Log ID string 10

method Rating override method by URL domain name or IP address string 6

msg Log message string 512

policyid Policy ID uint32 10

profile Web Filter profile name string 64

proto Protocol number uint8 3

rawdata Extended logging data including HTTP method, URL, client string 1024
content type, server content type, user agent, referer, x-
forwarded-for

rcvdbyte Received Bytes uint64 20

referralurl Referrer URI string 512

reqtype Request type string 8

sentbyte Sent Bytes uint64 20

service Service name string 36

sessionid Session ID uint32 10

srcdomain string 255

srcintf Source Interface string 32

FortiOS 6.4.7 Log Reference 1366


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

srcintfrole Source Interface's assigned role (LAN, WAN, etc.) string 10

srcip Source IP ip 39

srcport Source Port uint16 5

subtype Log subtype string 20

time Time string 8

trueclntip True-Client-IP HTTP header ip 39

type Log type string 16

tz Time Zone string 5

unauthuser Unauthenticated user string 66

unauthusersource Unauthenticated user source string 66

url The URL address string 512

user User name string 256

vd Virtual domain name string 32

vrf Virtual router forwarding uint8 3

13650 - LOG_ID_WEB_WF_ANTIPHISH_MATCH_DEFAULT_ALLOW

Message ID: 13650


Message Description: LOG_ID_WEB_WF_ANTIPHISH_MATCH_DEFAULT_ALLOW
Message Meaning: Antiphishing reached default action without blocking the request.
Type: Web
Category: ANTIPHISHING
Severity: Warning

Log Field Name Description Data Type Length

action Security action performed by WF: blocked - url is blocked by string 11


webfilter passthrough - url is allowed by webfilter

antiphishdc string 64

antiphishrule string 64

authserver Authentication server for the user string 64

cat Web category ID uint8 3

catdesc Web category description string 64

craction Client Reputation Action uint32 10

FortiOS 6.4.7 Log Reference 1367


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

crlevel Client Reputation level string 10

crscore Client Reputation Score uint32 10

date Date string 10

devid Device ID string 16

direction Direction of the web traffic string 8

dstintf Destination Interface string 32

dstintfrole Destination Interface's assigned role (LAN, WAN, etc.) string 10

dstip Destination IP ip 39

dstport Destination Port uint16 5

eventtime Web Filter event time uint64 20

eventtype Web Filter event type string 32

fctuid FortiClient UID string 32

forwardedfor X-Forwarded-For HTTP header string 128

group User group name string 64

hostname The host name of a URL string 256

initiator The initiator user for override string 64

level Log Level string 11

logid Log ID string 10

method Rating override method by URL domain name or IP address string 6

msg Log message string 512

policyid Policy ID uint32 10

profile Web Filter profile name string 64

proto Protocol number uint8 3

rawdata Extended logging data including HTTP method, URL, client string 1024
content type, server content type, user agent, referer, x-
forwarded-for

rcvdbyte Received Bytes uint64 20

referralurl Referrer URI string 512

reqtype Request type string 8

sentbyte Sent Bytes uint64 20

service Service name string 36

FortiOS 6.4.7 Log Reference 1368


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

sessionid Session ID uint32 10

srcdomain string 255

srcintf Source Interface string 32

srcintfrole Source Interface's assigned role (LAN, WAN, etc.) string 10

srcip Source IP ip 39

srcport Source Port uint16 5

subtype Log subtype string 20

time Time string 8

trueclntip True-Client-IP HTTP header ip 39

type Log type string 16

tz Time Zone string 5

unauthuser Unauthenticated user string 66

unauthusersource Unauthenticated user source string 66

url The URL address string 512

user User name string 256

vd Virtual domain name string 32

vrf Virtual router forwarding uint8 3

13651 - LOG_ID_WEB_WF_ANTIPHISH_MATCH_URL_BLOCK

Message ID: 13651


Message Description: LOG_ID_WEB_WF_ANTIPHISH_MATCH_URL_BLOCK
Message Meaning: Antiphishing matched a URL filter rule and blocked the request.
Type: Web
Category: ANTIPHISHING
Severity: Warning

Log Field Name Description Data Type Length

action Security action performed by WF: blocked - url is blocked by string 11


webfilter passthrough - url is allowed by webfilter

antiphishdc string 64

antiphishrule string 64

authserver Authentication server for the user string 64

FortiOS 6.4.7 Log Reference 1369


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

cat Web category ID uint8 3

catdesc Web category description string 64

craction Client Reputation Action uint32 10

crlevel Client Reputation level string 10

crscore Client Reputation Score uint32 10

date Date string 10

devid Device ID string 16

direction Direction of the web traffic string 8

dstintf Destination Interface string 32

dstintfrole Destination Interface's assigned role (LAN, WAN, etc.) string 10

dstip Destination IP ip 39

dstport Destination Port uint16 5

eventtime Web Filter event time uint64 20

eventtype Web Filter event type string 32

fctuid FortiClient UID string 32

forwardedfor X-Forwarded-For HTTP header string 128

group User group name string 64

hostname The host name of a URL string 256

initiator The initiator user for override string 64

level Log Level string 11

logid Log ID string 10

method Rating override method by URL domain name or IP address string 6

msg Log message string 512

policyid Policy ID uint32 10

profile Web Filter profile name string 64

proto Protocol number uint8 3

rawdata Extended logging data including HTTP method, URL, client string 1024
content type, server content type, user agent, referer, x-
forwarded-for

rcvdbyte Received Bytes uint64 20

referralurl Referrer URI string 512

FortiOS 6.4.7 Log Reference 1370


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

reqtype Request type string 8

sentbyte Sent Bytes uint64 20

service Service name string 36

sessionid Session ID uint32 10

srcdomain string 255

srcintf Source Interface string 32

srcintfrole Source Interface's assigned role (LAN, WAN, etc.) string 10

srcip Source IP ip 39

srcport Source Port uint16 5

subtype Log subtype string 20

time Time string 8

trueclntip True-Client-IP HTTP header ip 39

type Log type string 16

tz Time Zone string 5

unauthuser Unauthenticated user string 66

unauthusersource Unauthenticated user source string 66

url The URL address string 512

user User name string 256

vd Virtual domain name string 32

vrf Virtual router forwarding uint8 3

13652 - LOG_ID_WEB_WF_ANTIPHISH_MATCH_FTGD_BLOCK

Message ID: 13652


Message Description: LOG_ID_WEB_WF_ANTIPHISH_MATCH_FTGD_BLOCK
Message Meaning: Antiphishing matched a Fortiguard category rule and blocked the request.
Type: Web
Category: ANTIPHISHING
Severity: Warning

Log Field Name Description Data Type Length

action Security action performed by WF: blocked - url is blocked by string 11


webfilter passthrough - url is allowed by webfilter

FortiOS 6.4.7 Log Reference 1371


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

antiphishdc string 64

antiphishrule string 64

authserver Authentication server for the user string 64

cat Web category ID uint8 3

catdesc Web category description string 64

craction Client Reputation Action uint32 10

crlevel Client Reputation level string 10

crscore Client Reputation Score uint32 10

date Date string 10

devid Device ID string 16

direction Direction of the web traffic string 8

dstintf Destination Interface string 32

dstintfrole Destination Interface's assigned role (LAN, WAN, etc.) string 10

dstip Destination IP ip 39

dstport Destination Port uint16 5

eventtime Web Filter event time uint64 20

eventtype Web Filter event type string 32

fctuid FortiClient UID string 32

forwardedfor X-Forwarded-For HTTP header string 128

group User group name string 64

hostname The host name of a URL string 256

initiator The initiator user for override string 64

level Log Level string 11

logid Log ID string 10

method Rating override method by URL domain name or IP address string 6

msg Log message string 512

policyid Policy ID uint32 10

profile Web Filter profile name string 64

proto Protocol number uint8 3

FortiOS 6.4.7 Log Reference 1372


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

rawdata Extended logging data including HTTP method, URL, client string 1024
content type, server content type, user agent, referer, x-
forwarded-for

rcvdbyte Received Bytes uint64 20

referralurl Referrer URI string 512

reqtype Request type string 8

sentbyte Sent Bytes uint64 20

service Service name string 36

sessionid Session ID uint32 10

srcdomain string 255

srcintf Source Interface string 32

srcintfrole Source Interface's assigned role (LAN, WAN, etc.) string 10

srcip Source IP ip 39

srcport Source Port uint16 5

subtype Log subtype string 20

time Time string 8

trueclntip True-Client-IP HTTP header ip 39

type Log type string 16

tz Time Zone string 5

unauthuser Unauthenticated user string 66

unauthusersource Unauthenticated user source string 66

url The URL address string 512

user User name string 256

vd Virtual domain name string 32

vrf Virtual router forwarding uint8 3

13653 - LOG_ID_WEB_WF_ANTIPHISH_MATCH_DEFAULT_BLOCK

Message ID: 13653


Message Description: LOG_ID_WEB_WF_ANTIPHISH_MATCH_DEFAULT_BLOCK
Message Meaning: Antiphishing reached default action and blocked the request.
Type: Web
Category: ANTIPHISHING

FortiOS 6.4.7 Log Reference 1373


Fortinet, Inc.
Log Messages

Severity: Warning

Log Field Name Description Data Type Length

action Security action performed by WF: blocked - url is blocked by string 11


webfilter passthrough - url is allowed by webfilter

antiphishdc string 64

antiphishrule string 64

authserver Authentication server for the user string 64

cat Web category ID uint8 3

catdesc Web category description string 64

craction Client Reputation Action uint32 10

crlevel Client Reputation level string 10

crscore Client Reputation Score uint32 10

date Date string 10

devid Device ID string 16

direction Direction of the web traffic string 8

dstintf Destination Interface string 32

dstintfrole Destination Interface's assigned role (LAN, WAN, etc.) string 10

dstip Destination IP ip 39

dstport Destination Port uint16 5

eventtime Web Filter event time uint64 20

eventtype Web Filter event type string 32

fctuid FortiClient UID string 32

forwardedfor X-Forwarded-For HTTP header string 128

group User group name string 64

hostname The host name of a URL string 256

initiator The initiator user for override string 64

level Log Level string 11

logid Log ID string 10

method Rating override method by URL domain name or IP address string 6

msg Log message string 512

policyid Policy ID uint32 10

profile Web Filter profile name string 64

FortiOS 6.4.7 Log Reference 1374


Fortinet, Inc.
Log Messages

Log Field Name Description Data Type Length

proto Protocol number uint8 3

rawdata Extended logging data including HTTP method, URL, client string 1024
content type, server content type, user agent, referer, x-
forwarded-for

rcvdbyte Received Bytes uint64 20

referralurl Referrer URI string 512

reqtype Request type string 8

sentbyte Sent Bytes uint64 20

service Service name string 36

sessionid Session ID uint32 10

srcdomain string 255

srcintf Source Interface string 32

srcintfrole Source Interface's assigned role (LAN, WAN, etc.) string 10

srcip Source IP ip 39

srcport Source Port uint16 5

subtype Log subtype string 20

time Time string 8

trueclntip True-Client-IP HTTP header ip 39

type Log type string 16

tz Time Zone string 5

unauthuser Unauthenticated user string 66

unauthusersource Unauthenticated user source string 66

url The URL address string 512

user User name string 256

vd Virtual domain name string 32

vrf Virtual router forwarding uint8 3

FortiOS 6.4.7 Log Reference 1375


Fortinet, Inc.
Copyright© 2021 Fortinet, Inc. All rights reserved. Fortinet®, FortiGate®, FortiCare® and FortiGuard®, and certain other marks are registered trademarks of Fortinet, Inc., in the
U.S. and other jurisdictions, and other Fortinet names herein may also be registered and/or common law trademarks of Fortinet. All other product or company names may be
trademarks of their respective owners. Performance and other metrics contained herein were attained in internal lab tests under ideal conditions, and actual performance and
other results may vary. Network variables, different network environments and other conditions may affect performance results. Nothing herein represents any binding
commitment by Fortinet, and Fortinet disclaims all warranties, whether express or implied, except to the extent Fortinet enters a binding written contract, signed by Fortinet’s
General Counsel, with a purchaser that expressly warrants that the identified product will perform according to certain expressly-identified performance metrics and, in such
event, only the specific performance metrics expressly identified in such binding written contract shall be binding on Fortinet. For absolute clarity, any such warranty will be
limited to performance in the same ideal conditions as in Fortinet’s internal lab tests. In no event does Fortinet make any commitment related to future deliverables, features or
development, and circumstances may change such that any forward-looking statements herein are not accurate. Fortinet disclaims in full any covenants, representations, and
guarantees pursuant hereto, whether express or implied. Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without notice, and the most
current version of the publication shall be applicable.

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy