Log message by type

>

Log ID

Level

Sub Type

Event Type

Message

96500

info

User enabled Webfilter

96501

warning

User disabled Webfilter

96502

warning

user's access to the url is blocked

Field	Field Description	Field Type
cat	category id	int
category	category name	string
service	network protocol	string
ip	IP address	string
status	status	enumeration string

96503

info

user's access to the url is bypassed

Field	Field Description	Field Type
cat	category id	int
category	category name	string
service	network protocol	string
ip	IP address	string
status	status	enumeration string

96520

info

The vulnerability scan status has changed

Field	Field Description	Field Type
status	scan status	string

96521

info

A vulnerability scan result has been logged

Field	Field Description	Field Type
vulnid	id of the vulnerability	int
vulnname	name of the vulnerability	string
vulnseverity	severity level	string
vulncat	category	string
vulncvss	cvss score	string
vulnref	reference of the vulnerability	string
vulnengine	engine version	string
vulnsignature	signature version	string
vulnproducts	name of the vulnerable product	string

96522

info

Applying patch for vulnerability found

Field	Field Description	Field Type
vulnid	id of the vulnerability	int
vulnname	name of the vulnerability	string
vulnseverity	severity level	string
vulncat	category	string
vulncvss	cvss score	string
vulnref	reference of the vulnerability	string
vulnengine	engine version	string
vulnsignature	signature version	string
vulnproducts	name of the vulnerable product	string

96523

info

Applying patch for Windows vulnerability

Field	Field Description	Field Type
vulnid	id of the vulnerability	int
vulnname	name of the vulnerability	string
vulnseverity	severity level	string
vulncat	category	string
vulncvss	cvss score	string
vulnref	reference of the vulnerability	string
vulnengine	engine version	string
vulnsignature	signature version	string
vulnproducts	name of the vulnerable product	string

96530

warning

Found virus

Field	Field Description	Field Type
action	action taken for the infected item	enumeration string
file	file location	string
virus	virus name	string
sigid	signature id	string
vid	virus id	int
from	email from	string
to	email to	string
service	network protocol	string
vpn	vpn tunnel name	string
filesize	file size	int
checksum	file crc32 checksum	int
detectedby	the security feature that detected virus	enumeration string
detectedin	where the virus is detected	enumeration string

96531

warning

Found malware

Field	Field Description	Field Type
action	action taken for the infected item	enumeration string
file	file location	string
virus	virus name	string
sigid	signature id	string
filesize	file size	int
checksum	file crc32 checksum	int
detectedby	the security feature that detected virus	enumeration string
detectedin	where the virus is detected	enumeration string

96534

warning

User disabled Realtime AntiVirus protection

96535

info

Communication error with other modules

96536

warning

AntiVirus realtime protection killed malware process

Field	Field Description	Field Type
processname	process name	string
detectedby	the security feature that detected virus	enumeration string

96537

info

av_task scan thread is suspended

96538

info

av_task scan thread is resumed

96540

info

Cannot start scan task, license expired

96541

info

av_task scan is started

96542

info

av_task scan is stopped

96543

error

Scheduled scan failed: Path to file/folder no longer exists

Field	Field Description	Field Type
file	file or directory does not exist	string

96550

error

Failed to restore quarantined file

Field	Field Description	Field Type
action	action taken for the infected item	enumeration string
file	file location	string
virus	virus name	string
sigid	signature id	string
filesize	file size	int
checksum	file crc32 checksum	int
detectedby	the security feature that detected virus	enumeration string

96551

info

A quarantined file was restored

Field	Field Description	Field Type
action	action taken for the infected item	enumeration string
file	file location	string
virus	virus name	string
sigid	signature id	string
filesize	file size	int
checksum	file crc32 checksum	int
detectedby	the security feature that detected virus	enumeration string

96548

warning

AntiExpoit has detected violation

Field	Field Description	Field Type
action	action taken for violation	enumeration string
ae_api	API used of the violation	string
ae_reason	reason of the violation	string
app	application	string

96545

debug

Failed to connect to FortiSandbox server

Field	Field Description	Field Type
failed_reason	reason of the failure	string

96556

warning

Failed to submit file to FortiSandbox server

Field	Field Description	Field Type
file	file location	string
error_code	reason of the failure	int

96557

warning

Failed to query checksum to FortiSandbox server

Field	Field Description	Field Type
file	file location	string
error_code	reason of the failure	int

96546

warning

Found virus

Field	Field Description	Field Type
action	action taken for the infected item	enumeration string
file	file location	string
virus	virus name	string
sigid	signature id	string
filesize	file size	int
checksum	file crc32 checksum	int
detectedby	the security feature that detected virus	enumeration string
detectedin	where the virus is detected	enumeration string

96547

info

Sandbox is not authorized

96554

info

file is submitted to Sandbox service

Field	Field Description	Field Type
file	file location	string
checksum	file SHA256 checksum	string

96555

debug

file score received

Field	Field Description	Field Type
file	file location	string
score	file score	int
checksum	file SHA256 checksum	string

97100

debug

file score received

Field	Field Description	Field Type
file	file location	string
score	file score	int
checksum	file SHA256 checksum	string

98000

warning

AntiRansomware has found suspicious process

Field	Field Description	Field Type
file	file location	string
action	file action (1 = kill 2 = resume)	enumeration string
default_used	if process is handled by default action	int

96560

info

VPN tunnel status

Field	Field Description	Field Type
vpnstate	tunnel status	enumeration string
vpntunnel	tunnel name	string
vpnuser	vpn tunnel user name	string
remotegw	remote gateway	string
locip	local ip	string
locport	local port	int
remip	remote ip	string
remport	remote port	int

96561

warning

No response from the peer, phase1 retransmit reaches maximum count

Field	Field Description	Field Type
vpntunnel	tunnel name	string
locip	local ip	string
locport	local port	int
remip	remote ip	string
remport	remote port	int

96562

warning

No response from the peer, phase2 retransmit reaches maximum count

Field	Field Description	Field Type
vpntunnel	tunnel name	string
locip	local ip	string
locport	local port	int
remip	remote ip	string
remport	remote port	int

96563

warning

Received delete payload from peer check xauth password

Field	Field Description	Field Type
vpntunnel	tunnel name	string
locip	local ip	string
locport	local port	int
remip	remote ip	string
remport	remote port	int

96564

error

Failed to acquire an IP address for the virtual adapter

Field	Field Description	Field Type
vpntunnel	tunnel name	string
locip	local ip	string
locport	local port	int
remip	remote ip	string
remport	remote port	int

96565

error

General error of IKE

Field	Field Description	Field Type
vpntunnel	tunnel name	string
locip	local ip	string
locport	local port	int
remip	remote ip	string
remport	remote port	int

96566

info

negotiation information

Field	Field Description	Field Type
vpntunnel	tunnel name	string

96567

error

negotiation error

Field	Field Description	Field Type
vpntunnel	tunnel name	string

96568

error

replayed packet detected (packet dropped)

Field	Field Description	Field Type
vpntunnel	tunnel name	string

96569

info

The VPN user accept the banner warning

Field	Field Description	Field Type
vpntunnel	tunnel name	string
locip	local ip	string
locport	local port	int
remip	remote ip	string
remport	remote port	int

96570

info

The VPN user reject the banner warning and disconnect the tunnel

Field	Field Description	Field Type
vpntunnel	tunnel name	string
locip	local ip	string
locport	local port	int
remip	remote ip	string
remport	remote port	int

96571

info

Send sa to the IPsec driver

Field	Field Description	Field Type
vpntunnel	tunnel name	string
locip	local ip	string
locport	local port	int
remip	remote ip	string
remport	remote port	int

96574

error

Logged when a VPN authorization rule failed

Field	Field Description	Field Type
vpntunnel	tunnel name	string

96575

warning

VPN cannot connect because the specified application is not running

Field	Field Description	Field Type
app	application	string

96576

info

IKE phase1 authentication fail as peer's certificate is not verified

Field	Field Description	Field Type
vpntunnel	tunnel name	string
locip	local ip	string
locport	local port	int
remip	remote ip	string
remport	remote port	int

96577

info

IKE phase1 authentication fail as peer's certificate is not verified

Field	Field Description	Field Type
vpntunnel	tunnel name	string
locip	local ip	string
locport	local port	int
remip	remote ip	string
remport	remote port	int

96600

info

SSLVPN tunnel status

Field	Field Description	Field Type
vpnstate	tunnel status	enumeration string
vpntunnel	tunnel name	string

96601

error

Telephony service (TapiSrv) is not running

Field	Field Description	Field Type
vpnstate	tunnel status	enumeration string
vpntunnel	tunnel name	string
vpnuser	tunnel user name	string
remotegw	remote gateway	string

96602

info

SSLVPN service started successfully

Field	Field Description	Field Type
vpnstate	tunnel status	enumeration string
vpntunnel	tunnel name	string
vpnuser	tunnel user name	string
remotegw	remote gateway	string

96603

error

SSLVPN tunnel connection failed

Field	Field Description	Field Type
vpnstate	tunnel status	enumeration string
vpntunnel	tunnel name	string
vpnuser	tunnel user name	string
remotegw	remote gateway	string

96605

warning

SSLVPN cannot connect because the specified application is not running

Field	Field Description	Field Type
app	application	string

96610

info

SSLVPN(DTLS) tunnel status

Field	Field Description	Field Type
vpnstate	tunnel status	enumeration string
vpntunnel	tunnel name	string

96620

info

usb storage activity

Field	Field Description	Field Type
action	action	enumeration string
activity	activity	enumeration string
description	description	string

96645

warning

The application firewall has been disabled because it's driver could not be loaded

96701

warning

Application Control found a rule violation

Field	Field Description	Field Type
path	path of process	string
username	username of process	string
domain	domain of user	string
ruleuuid	uuid of violated rule	string
action	block or monitor	string

96650

info

Update was successful

Field	Field Description	Field Type
avengine	AV engine	string
avsig	AV signature	string
avsigext	AV extended signature	string
avsigetm	AV extreme signature	string
avsigheu	AV heuristic signature	string
avsigpallas	AV pallas signature	string
rootkitengine	anti-rootkit engine	string
rootkitsig	anti-rootkit signature	string
appsig	app DB signature	string
appengine	app DB engine	string
vulnsig	vulnerability signature	string
vulnengine	vulnerability engine	string
ipseng	firewall engine	string
ipssig	firewall signature	string
irdbsig	irdb signature	string
avsiglastupdate	last update time	string

96800

info

Forcefully kill a child process after grace period expires

Field	Field Description	Field Type
apppath	process name	string

96801

error

The scheduler cannot start the scheduled task because the task's license is expired

96812

info

Update allowed only if you have a valid license

96813

info

Software updates are disabled

96814

info

Software updates from FortiGuard have been disabled because this client is managed

96815

info

Software updates require administrative privileges

96816

info

Software update successful

96817

info

Software update failed

96818

info

Unable to perform software update. Registry does not contain image id to download

96819

info

Update was successful to the given version for the given module

Field	Field Description	Field Type
avengine	AV engine	string
avsig	AV signature	string
avsigext	AV extended signature	string
avsigetm	AV extreme signature	string
avsigheu	AV heuristic signature	string
rootkitengine	anti-rootkit engine	string
rootkitsig	anti-rootkit signature	string
appsig	app DB signature	string
appengine	app DB engine	string
vulnsig	vulnerability signature	string
vulnengine	vulnerability engine	string
ipseng	firewall engine	string
ipssig	firewall signature	string
irdbsig	irdb signature	string

96820

error

Failed to load the av engine

96821

error

Error patching AV signatur

96822

error

Unable to load FASLE engine

96823

info

Checking for updates

96824

info

Software update started

96825

info

Update was successful, current engine/signature information recorded

Field	Field Description	Field Type
avengine	AV engine	string
avsig	AV signature	string
avsigext	AV extended signature	string
avsigetm	AV extreme signature	string
avsigheu	AV heuristic signature	string
rootkitengine	anti-rootkit engine	string
rootkitsig	anti-rootkit signature	string
appsig	app DB signature	string
appengine	app DB engine	string
vulnsig	vulnerability signature	string
vulnengine	vulnerability engine	string
ipseng	firewall engine	string
ipssig	firewall signature	string
irdbsig	irdb signature	string

96840

warning

Fortiproxy is disabled

96841

info

Fortiproxy is enabled

96851

info

FortiShield is enabled

96850

warning

FortiShield is disabled

96855

warning

FortiShield has prevented an application from modifying a file or registry setting protected by FortiClient

Field	Field Description	Field Type
processname	blocked process	string
file	file or registry path	string

96873

info

FortiClient is shutting down

96882

info

Logged when push configuration is received

Field	Field Description	Field Type
policyname	policy name	string

96900

info

Traffic log

Field	Field Description	Field Type
sessionid	network session	string
regip	regip	string
srcname	source name	string
srcproduct	source product	string
srcip	source IP	string
srcport	source port	int
direction	traffic direction	string
dstip	destination IP	string
remotename	remote name	string
dstport	destination port	int
proto	network protocol	int
rcvdbyte	data received (in bytes)	int
sentbyte	data sent (in bytes)	int
utmaction	utm action	string
utmevent	utm event	string
threat	threat	string
service	network protocol	string
userinitiated	if user initiated url request	int
browsetime	user browsing time of web page(in seconds)	int
url	url	string

96953

info

Endpoint Control Status Changed

Field	Field Description	Field Type
eponlinest	online status	enumeration string
epplace	EP place	enumeration string
emshostname	EMS host name	string
status	status description	string

96955

info

Endpoint Control Registration Status Changed

Field	Field Description	Field Type
emshostname	EMS host name	string
status	status description	string
emsip	EMS IP	string
fctip	FCT IP	string

96956

info

Endpoint Quarantine Status Changed

Field	Field Description	Field Type
epmgmtst	management status	enumeration string
emshostname	EMS host name	string
epquarmsg	quarant message	string

96957

info

Endpoint Ext Log to FAZ

Field	Field Description	Field Type
epfeatures	installed features list	string
epenfeatures	enabled features list	string
ephbemsduration	EMS heart beat duration	int
ephbemslast	EMS heart beat last time	string
emshostname	EMS host name	string

96958

info

User social media information

Field	Field Description	Field Type
social_srvc	social service	string
social_user	social user name	string
social_email	social email	string
social_phone	social phone number	string

96959

info

Current AV allowlist engine/signatures this endpoint is using

Field	Field Description	Field Type
emshostname	EMS host name	string
avaleng	AV allowlist engine version	string
avalsig	AV allowlist signatures version	string

96980

info

Single Sign-On event

Field	Field Description	Field Type
action	action	enumeration string
domain	domain name	string
remotegw	remote gateway	string

96983

info

Single Sign-On Mobility Agent is starting

96984

info

Single Sign-On Mobility Agent is stopping

Log message by type

>

Log ID

Level

Sub Type

Event Type

Message

96500

info

User enabled Webfilter

96501

warning

User disabled Webfilter

96502

warning

user's access to the url is blocked

Field	Field Description	Field Type
cat	category id	int
category	category name	string
service	network protocol	string
ip	IP address	string
status	status	enumeration string

96503

info

user's access to the url is bypassed

Field	Field Description	Field Type
cat	category id	int
category	category name	string
service	network protocol	string
ip	IP address	string
status	status	enumeration string

96520

info

The vulnerability scan status has changed

Field	Field Description	Field Type
status	scan status	string

96521

info

A vulnerability scan result has been logged

Field	Field Description	Field Type
vulnid	id of the vulnerability	int
vulnname	name of the vulnerability	string
vulnseverity	severity level	string
vulncat	category	string
vulncvss	cvss score	string
vulnref	reference of the vulnerability	string
vulnengine	engine version	string
vulnsignature	signature version	string
vulnproducts	name of the vulnerable product	string

96522

info

Applying patch for vulnerability found

Field	Field Description	Field Type
vulnid	id of the vulnerability	int
vulnname	name of the vulnerability	string
vulnseverity	severity level	string
vulncat	category	string
vulncvss	cvss score	string
vulnref	reference of the vulnerability	string
vulnengine	engine version	string
vulnsignature	signature version	string
vulnproducts	name of the vulnerable product	string

96523

info

Applying patch for Windows vulnerability

Field	Field Description	Field Type
vulnid	id of the vulnerability	int
vulnname	name of the vulnerability	string
vulnseverity	severity level	string
vulncat	category	string
vulncvss	cvss score	string
vulnref	reference of the vulnerability	string
vulnengine	engine version	string
vulnsignature	signature version	string
vulnproducts	name of the vulnerable product	string

96530

warning

Found virus

Field	Field Description	Field Type
action	action taken for the infected item	enumeration string
file	file location	string
virus	virus name	string
sigid	signature id	string
vid	virus id	int
from	email from	string
to	email to	string
service	network protocol	string
vpn	vpn tunnel name	string
filesize	file size	int
checksum	file crc32 checksum	int
detectedby	the security feature that detected virus	enumeration string
detectedin	where the virus is detected	enumeration string

96531

warning

Found malware

Field	Field Description	Field Type
action	action taken for the infected item	enumeration string
file	file location	string
virus	virus name	string
sigid	signature id	string
filesize	file size	int
checksum	file crc32 checksum	int
detectedby	the security feature that detected virus	enumeration string
detectedin	where the virus is detected	enumeration string

96534

warning

User disabled Realtime AntiVirus protection

96535

info

Communication error with other modules

96536

warning

AntiVirus realtime protection killed malware process

Field	Field Description	Field Type
processname	process name	string
detectedby	the security feature that detected virus	enumeration string

96537

info

av_task scan thread is suspended

96538

info

av_task scan thread is resumed

96540

info

Cannot start scan task, license expired

96541

info

av_task scan is started

96542

info

av_task scan is stopped

96543

error

Scheduled scan failed: Path to file/folder no longer exists

Field	Field Description	Field Type
file	file or directory does not exist	string

96550

error

Failed to restore quarantined file

Field	Field Description	Field Type
action	action taken for the infected item	enumeration string
file	file location	string
virus	virus name	string
sigid	signature id	string
filesize	file size	int
checksum	file crc32 checksum	int
detectedby	the security feature that detected virus	enumeration string

96551

info

A quarantined file was restored

Field	Field Description	Field Type
action	action taken for the infected item	enumeration string
file	file location	string
virus	virus name	string
sigid	signature id	string
filesize	file size	int
checksum	file crc32 checksum	int
detectedby	the security feature that detected virus	enumeration string

96548

warning

AntiExpoit has detected violation

Field	Field Description	Field Type
action	action taken for violation	enumeration string
ae_api	API used of the violation	string
ae_reason	reason of the violation	string
app	application	string

96545

debug

Failed to connect to FortiSandbox server

Field	Field Description	Field Type
failed_reason	reason of the failure	string

96556

warning

Failed to submit file to FortiSandbox server

Field	Field Description	Field Type
file	file location	string
error_code	reason of the failure	int

96557

warning

Failed to query checksum to FortiSandbox server

Field	Field Description	Field Type
file	file location	string
error_code	reason of the failure	int

96546

warning

Found virus

Field	Field Description	Field Type
action	action taken for the infected item	enumeration string
file	file location	string
virus	virus name	string
sigid	signature id	string
filesize	file size	int
checksum	file crc32 checksum	int
detectedby	the security feature that detected virus	enumeration string
detectedin	where the virus is detected	enumeration string

96547

info

Sandbox is not authorized

96554

info

file is submitted to Sandbox service

Field	Field Description	Field Type
file	file location	string
checksum	file SHA256 checksum	string

96555

debug

file score received

Field	Field Description	Field Type
file	file location	string
score	file score	int
checksum	file SHA256 checksum	string

97100

debug

file score received

Field	Field Description	Field Type
file	file location	string
score	file score	int
checksum	file SHA256 checksum	string

98000

warning

AntiRansomware has found suspicious process

Field	Field Description	Field Type
file	file location	string
action	file action (1 = kill 2 = resume)	enumeration string
default_used	if process is handled by default action	int

96560

info

VPN tunnel status

Field	Field Description	Field Type
vpnstate	tunnel status	enumeration string
vpntunnel	tunnel name	string
vpnuser	vpn tunnel user name	string
remotegw	remote gateway	string
locip	local ip	string
locport	local port	int
remip	remote ip	string
remport	remote port	int

96561

warning

No response from the peer, phase1 retransmit reaches maximum count

Field	Field Description	Field Type
vpntunnel	tunnel name	string
locip	local ip	string
locport	local port	int
remip	remote ip	string
remport	remote port	int

96562

warning

No response from the peer, phase2 retransmit reaches maximum count

Field	Field Description	Field Type
vpntunnel	tunnel name	string
locip	local ip	string
locport	local port	int
remip	remote ip	string
remport	remote port	int

96563

warning

Received delete payload from peer check xauth password

Field	Field Description	Field Type
vpntunnel	tunnel name	string
locip	local ip	string
locport	local port	int
remip	remote ip	string
remport	remote port	int

96564

error

Failed to acquire an IP address for the virtual adapter

Field	Field Description	Field Type
vpntunnel	tunnel name	string
locip	local ip	string
locport	local port	int
remip	remote ip	string
remport	remote port	int

96565

error

General error of IKE

Field	Field Description	Field Type
vpntunnel	tunnel name	string
locip	local ip	string
locport	local port	int
remip	remote ip	string
remport	remote port	int

96566

info

negotiation information

Field	Field Description	Field Type
vpntunnel	tunnel name	string

96567

error

negotiation error

Field	Field Description	Field Type
vpntunnel	tunnel name	string

96568

error

replayed packet detected (packet dropped)

Field	Field Description	Field Type
vpntunnel	tunnel name	string

96569

info

The VPN user accept the banner warning

Field	Field Description	Field Type
vpntunnel	tunnel name	string
locip	local ip	string
locport	local port	int
remip	remote ip	string
remport	remote port	int

96570

info

The VPN user reject the banner warning and disconnect the tunnel

Field	Field Description	Field Type
vpntunnel	tunnel name	string
locip	local ip	string
locport	local port	int
remip	remote ip	string
remport	remote port	int

96571

info

Send sa to the IPsec driver

Field	Field Description	Field Type
vpntunnel	tunnel name	string
locip	local ip	string
locport	local port	int
remip	remote ip	string
remport	remote port	int

96574

error

Logged when a VPN authorization rule failed

Field	Field Description	Field Type
vpntunnel	tunnel name	string

96575

warning

VPN cannot connect because the specified application is not running

Field	Field Description	Field Type
app	application	string

96576

info

IKE phase1 authentication fail as peer's certificate is not verified

Field	Field Description	Field Type
vpntunnel	tunnel name	string
locip	local ip	string
locport	local port	int
remip	remote ip	string
remport	remote port	int

96577

info

IKE phase1 authentication fail as peer's certificate is not verified

Field	Field Description	Field Type
vpntunnel	tunnel name	string
locip	local ip	string
locport	local port	int
remip	remote ip	string
remport	remote port	int

96600

info

SSLVPN tunnel status

Field	Field Description	Field Type
vpnstate	tunnel status	enumeration string
vpntunnel	tunnel name	string

96601

error

Telephony service (TapiSrv) is not running

Field	Field Description	Field Type
vpnstate	tunnel status	enumeration string
vpntunnel	tunnel name	string
vpnuser	tunnel user name	string
remotegw	remote gateway	string

96602

info

SSLVPN service started successfully

Field	Field Description	Field Type
vpnstate	tunnel status	enumeration string
vpntunnel	tunnel name	string
vpnuser	tunnel user name	string
remotegw	remote gateway	string

96603

error

SSLVPN tunnel connection failed

Field	Field Description	Field Type
vpnstate	tunnel status	enumeration string
vpntunnel	tunnel name	string
vpnuser	tunnel user name	string
remotegw	remote gateway	string

96605

warning

SSLVPN cannot connect because the specified application is not running

Field	Field Description	Field Type
app	application	string

96610

info

SSLVPN(DTLS) tunnel status

Field	Field Description	Field Type
vpnstate	tunnel status	enumeration string
vpntunnel	tunnel name	string

96620

info

usb storage activity

Field	Field Description	Field Type
action	action	enumeration string
activity	activity	enumeration string
description	description	string

96645

warning

The application firewall has been disabled because it's driver could not be loaded

96701

warning

Application Control found a rule violation

Field	Field Description	Field Type
path	path of process	string
username	username of process	string
domain	domain of user	string
ruleuuid	uuid of violated rule	string
action	block or monitor	string

96650

info

Update was successful

Field	Field Description	Field Type
avengine	AV engine	string
avsig	AV signature	string
avsigext	AV extended signature	string
avsigetm	AV extreme signature	string
avsigheu	AV heuristic signature	string
avsigpallas	AV pallas signature	string
rootkitengine	anti-rootkit engine	string
rootkitsig	anti-rootkit signature	string
appsig	app DB signature	string
appengine	app DB engine	string
vulnsig	vulnerability signature	string
vulnengine	vulnerability engine	string
ipseng	firewall engine	string
ipssig	firewall signature	string
irdbsig	irdb signature	string
avsiglastupdate	last update time	string

96800

info

Forcefully kill a child process after grace period expires

Field	Field Description	Field Type
apppath	process name	string

96801

error

The scheduler cannot start the scheduled task because the task's license is expired

96812

info

Update allowed only if you have a valid license

96813

info

Software updates are disabled

96814

info

Software updates from FortiGuard have been disabled because this client is managed

96815

info

Software updates require administrative privileges

96816

info

Software update successful

96817

info

Software update failed

96818

info

Unable to perform software update. Registry does not contain image id to download

96819

info

Update was successful to the given version for the given module

Field	Field Description	Field Type
avengine	AV engine	string
avsig	AV signature	string
avsigext	AV extended signature	string
avsigetm	AV extreme signature	string
avsigheu	AV heuristic signature	string
rootkitengine	anti-rootkit engine	string
rootkitsig	anti-rootkit signature	string
appsig	app DB signature	string
appengine	app DB engine	string
vulnsig	vulnerability signature	string
vulnengine	vulnerability engine	string
ipseng	firewall engine	string
ipssig	firewall signature	string
irdbsig	irdb signature	string

96820

error

Failed to load the av engine

96821

error

Error patching AV signatur

96822

error

Unable to load FASLE engine

96823

info

Checking for updates

96824

info

Software update started

96825

info

Update was successful, current engine/signature information recorded

Field	Field Description	Field Type
avengine	AV engine	string
avsig	AV signature	string
avsigext	AV extended signature	string
avsigetm	AV extreme signature	string
avsigheu	AV heuristic signature	string
rootkitengine	anti-rootkit engine	string
rootkitsig	anti-rootkit signature	string
appsig	app DB signature	string
appengine	app DB engine	string
vulnsig	vulnerability signature	string
vulnengine	vulnerability engine	string
ipseng	firewall engine	string
ipssig	firewall signature	string
irdbsig	irdb signature	string

96840

warning

Fortiproxy is disabled

96841

info

Fortiproxy is enabled

96851

info

FortiShield is enabled

96850

warning

FortiShield is disabled

96855

warning

FortiShield has prevented an application from modifying a file or registry setting protected by FortiClient

Field	Field Description	Field Type
processname	blocked process	string
file	file or registry path	string

96873

info

FortiClient is shutting down

96882

info

Logged when push configuration is received

Field	Field Description	Field Type
policyname	policy name	string

96900

info

Traffic log

Field	Field Description	Field Type
sessionid	network session	string
regip	regip	string
srcname	source name	string
srcproduct	source product	string
srcip	source IP	string
srcport	source port	int
direction	traffic direction	string
dstip	destination IP	string
remotename	remote name	string
dstport	destination port	int
proto	network protocol	int
rcvdbyte	data received (in bytes)	int
sentbyte	data sent (in bytes)	int
utmaction	utm action	string
utmevent	utm event	string
threat	threat	string
service	network protocol	string
userinitiated	if user initiated url request	int
browsetime	user browsing time of web page(in seconds)	int
url	url	string

96953

info

Endpoint Control Status Changed

Field	Field Description	Field Type
eponlinest	online status	enumeration string
epplace	EP place	enumeration string
emshostname	EMS host name	string
status	status description	string

96955

info

Endpoint Control Registration Status Changed

Field	Field Description	Field Type
emshostname	EMS host name	string
status	status description	string
emsip	EMS IP	string
fctip	FCT IP	string

96956

info

Endpoint Quarantine Status Changed

Field	Field Description	Field Type
epmgmtst	management status	enumeration string
emshostname	EMS host name	string
epquarmsg	quarant message	string

96957

info

Endpoint Ext Log to FAZ

Field	Field Description	Field Type
epfeatures	installed features list	string
epenfeatures	enabled features list	string
ephbemsduration	EMS heart beat duration	int
ephbemslast	EMS heart beat last time	string
emshostname	EMS host name	string

96958

info

User social media information

Field	Field Description	Field Type
social_srvc	social service	string
social_user	social user name	string
social_email	social email	string
social_phone	social phone number	string

96959

info

Current AV allowlist engine/signatures this endpoint is using

Field	Field Description	Field Type
emshostname	EMS host name	string
avaleng	AV allowlist engine version	string
avalsig	AV allowlist signatures version	string

96980

info

Single Sign-On event

Field	Field Description	Field Type
action	action	enumeration string
domain	domain name	string
remotegw	remote gateway	string

96983

info

Single Sign-On Mobility Agent is starting

96984

info

Single Sign-On Mobility Agent is stopping

Log Message Reference

Log message by type

Log message by type

>

Log message by type

>