Version:

Version:

Version:

Version:


Table of Contents

Download PDF
Copy Link

Log fields by type

securityevent

Log Field Name

Description

Data Type

Length

action

block or monitor

string

32

action

action taken for the infected item

enumeration string

32

activity

activity

enumeration string

64

ae_api

API used of the violation

string

64

ae_reason

reason of the violation

string

64

app

application

string

96

cat

category id

int

20

category

category name

string

260

checksum

file crc32 checksum

int

20

checksum

file SHA256 checksum

string

16

date

date

string

260

default_used

if process is handled by default action

int

20

description

description

string

260

detectedby

the security feature that detected virus

enumeration string

64

detectedin

where the virus is detected

enumeration string

64

deviceip

device IP address

string

20

devicemac

device MAC address

string

17

devid

device ID

string

16

domain

domain of user

string

256

emsserial

EMS serial number

string

16

error_code

reason of the failure

int

20

eventtype

type of event

enumeration string

32

failed_reason

reason of the failure

string

260

fctver

FCT version

string

16

fgtserial

FGT serial number

string

16

file

file location

string

256

filesize

file size

int

20

from

email from

string

128

hostname

host name of local machine

string

256

id

log id

int

20

ip

IP address

string

260

level

log level

enumeration string

20

locip

local ip

string

20

locport

local port

int

20

logver

log protocol version

int

20

msg

description of this log

string

512

os

operating system

string

96

path

path of process

string

260

pcdomain

domain name of local machine

string

128

processname

process name

string

128

remip

remote ip

string

20

remotegw

remote gateway

string

256

remport

remote port

int

20

ruleuuid

uuid of violated rule

string

260

score

file score

int

20

service

network protocol

string

64

sigid

signature id

string

260

site

Multi-tenancy site

string

32

status

scan status

string

16

status

status

enumeration string

16

subtype

AntiVirus, FireWall, WebFilter ...

enumeration string

32

time

time

string

260

to

email to

string

512

type

Traffic, Security Event or System Event

string

16

uid

FortiClient unique ID

string

32

user

current logged on user

string

256

username

username of process

string

260

usingpolicy

current policy name

string

64

vid

virus id

int

20

virus

virus name

string

512

vpn

vpn tunnel name

string

32

vpnstate

tunnel status

enumeration string

64

vpntunnel

tunnel name

string

128

vpnuser

vpn tunnel user name

string

128

vulncat

category

string

32

vulncvss

cvss score

string

64

vulnengine

engine version

string

64

vulnid

id of the vulnerability

int

20

vulnname

name of the vulnerability

string

128

vulnproducts

name of the vulnerable product

string

2048

vulnref

reference of the vulnerability

string

256

vulnseverity

severity level

string

8

vulnsignature

signature version

string

260

systemevent

Log Field Name

Description

Data Type

Length

appengine

app DB engine

string

260

apppath

process name

string

128

appsig

app DB signature

string

11

avaleng

AV allowlist engine version

string

260

avalsig

AV allowlist signatures version

string

260

avengine

AV engine

string

11

avsig

AV signature

string

11

avsigetm

AV extreme signature

string

11

avsigext

AV extended signature

string

11

avsigheu

AV heuristic signature

string

11

avsiglastupdate

last update time

string

260

avsigpallas

AV pallas signature

string

260

date

date

string

260

deviceip

device IP address

string

20

devicemac

device MAC address

string

17

devid

device ID

string

16

emshostname

EMS host name

string

64

emsip

EMS IP

string

20

emsserial

EMS serial number

string

16

epenfeatures

enabled features list

string

128

epfeatures

installed features list

string

128

ephbemsduration

EMS heart beat duration

int

20

ephbemslast

EMS heart beat last time

string

64

epmgmtst

management status

enumeration string

64

eponlinest

online status

enumeration string

32

epplace

EP place

enumeration string

32

epquarmsg

quarant message

string

260

eventtype

type of event

enumeration string

32

fctip

FCT IP

string

20

fctver

FCT version

string

16

fgtserial

FGT serial number

string

16

file

file or registry path

string

256

hostname

host name of local machine

string

256

id

log id

int

20

ipseng

firewall engine

string

11

ipssig

firewall signature

string

11

irdbsig

irdb signature

string

260

level

log level

enumeration string

20

logver

log protocol version

int

20

msg

description of this log

string

512

os

operating system

string

96

pcdomain

domain name of local machine

string

128

policyname

policy name

string

64

processname

blocked process

string

128

rootkitengine

anti-rootkit engine

string

11

rootkitsig

anti-rootkit signature

string

11

site

Multi-tenancy site

string

32

social_email

social email

string

128

social_phone

social phone number

string

64

social_srvc

social service

string

64

social_user

social user name

string

256

status

status description

string

16

subtype

AntiVirus, FireWall, WebFilter ...

enumeration string

32

time

time

string

260

type

Traffic, Security Event or System Event

string

16

uid

FortiClient unique ID

string

32

user

current logged on user

string

256

usingpolicy

current policy name

string

64

vulnengine

vulnerability engine

string

64

vulnsig

vulnerability signature

string

11

traffic

Log Field Name

Description

Data Type

Length

browsetime

user browsing time of web page(in seconds)

int

20

date

date

string

260

deviceip

device IP address

string

20

devicemac

device MAC address

string

17

devid

device ID

string

16

direction

traffic direction

string

8

dstip

destination IP

string

20

dstport

destination port

int

20

emsserial

EMS serial number

string

16

eventtype

type of event

enumeration string

32

fctver

FCT version

string

16

fgtserial

FGT serial number

string

16

hostname

host name of local machine

string

256

id

log id

int

20

level

log level

enumeration string

20

logver

log protocol version

int

20

msg

description of this log

string

512

os

operating system

string

96

pcdomain

domain name of local machine

string

128

proto

network protocol

int

20

rcvdbyte

data received (in bytes)

int

20

regip

regip

string

64

remotename

remote name

string

256

sentbyte

data sent (in bytes)

int

20

service

network protocol

string

64

sessionid

network session

string

64

site

Multi-tenancy site

string

32

srcip

source IP

string

20

srcname

source name

string

256

srcport

source port

int

20

srcproduct

source product

string

256

subtype

AntiVirus, FireWall, WebFilter ...

enumeration string

32

threat

threat

string

128

time

time

string

260

type

Traffic, Security Event or System Event

string

16

uid

FortiClient unique ID

string

32

url

url

string

512

user

current logged on user

string

256

userinitiated

if user initiated url request

int

20

usingpolicy

current policy name

string

64

utmaction

utm action

string

32

utmevent

utm event

string

32

Log fields by type

securityevent

Log Field Name

Description

Data Type

Length

action

block or monitor

string

32

action

action taken for the infected item

enumeration string

32

activity

activity

enumeration string

64

ae_api

API used of the violation

string

64

ae_reason

reason of the violation

string

64

app

application

string

96

cat

category id

int

20

category

category name

string

260

checksum

file crc32 checksum

int

20

checksum

file SHA256 checksum

string

16

date

date

string

260

default_used

if process is handled by default action

int

20

description

description

string

260

detectedby

the security feature that detected virus

enumeration string

64

detectedin

where the virus is detected

enumeration string

64

deviceip

device IP address

string

20

devicemac

device MAC address

string

17

devid

device ID

string

16

domain

domain of user

string

256

emsserial

EMS serial number

string

16

error_code

reason of the failure

int

20

eventtype

type of event

enumeration string

32

failed_reason

reason of the failure

string

260

fctver

FCT version

string

16

fgtserial

FGT serial number

string

16

file

file location

string

256

filesize

file size

int

20

from

email from

string

128

hostname

host name of local machine

string

256

id

log id

int

20

ip

IP address

string

260

level

log level

enumeration string

20

locip

local ip

string

20

locport

local port

int

20

logver

log protocol version

int

20

msg

description of this log

string

512

os

operating system

string

96

path

path of process

string

260

pcdomain

domain name of local machine

string

128

processname

process name

string

128

remip

remote ip

string

20

remotegw

remote gateway

string

256

remport

remote port

int

20

ruleuuid

uuid of violated rule

string

260

score

file score

int

20

service

network protocol

string

64

sigid

signature id

string

260

site

Multi-tenancy site

string

32

status

scan status

string

16

status

status

enumeration string

16

subtype

AntiVirus, FireWall, WebFilter ...

enumeration string

32

time

time

string

260

to

email to

string

512

type

Traffic, Security Event or System Event

string

16

uid

FortiClient unique ID

string

32

user

current logged on user

string

256

username

username of process

string

260

usingpolicy

current policy name

string

64

vid

virus id

int

20

virus

virus name

string

512

vpn

vpn tunnel name

string

32

vpnstate

tunnel status

enumeration string

64

vpntunnel

tunnel name

string

128

vpnuser

vpn tunnel user name

string

128

vulncat

category

string

32

vulncvss

cvss score

string

64

vulnengine

engine version

string

64

vulnid

id of the vulnerability

int

20

vulnname

name of the vulnerability

string

128

vulnproducts

name of the vulnerable product

string

2048

vulnref

reference of the vulnerability

string

256

vulnseverity

severity level

string

8

vulnsignature

signature version

string

260

systemevent

Log Field Name

Description

Data Type

Length

appengine

app DB engine

string

260

apppath

process name

string

128

appsig

app DB signature

string

11

avaleng

AV allowlist engine version

string

260

avalsig

AV allowlist signatures version

string

260

avengine

AV engine

string

11

avsig

AV signature

string

11

avsigetm

AV extreme signature

string

11

avsigext

AV extended signature

string

11

avsigheu

AV heuristic signature

string

11

avsiglastupdate

last update time

string

260

avsigpallas

AV pallas signature

string

260

date

date

string

260

deviceip

device IP address

string

20

devicemac

device MAC address

string

17

devid

device ID

string

16

emshostname

EMS host name

string

64

emsip

EMS IP

string

20

emsserial

EMS serial number

string

16

epenfeatures

enabled features list

string

128

epfeatures

installed features list

string

128

ephbemsduration

EMS heart beat duration

int

20

ephbemslast

EMS heart beat last time

string

64

epmgmtst

management status

enumeration string

64

eponlinest

online status

enumeration string

32

epplace

EP place

enumeration string

32

epquarmsg

quarant message

string

260

eventtype

type of event

enumeration string

32

fctip

FCT IP

string

20

fctver

FCT version

string

16

fgtserial

FGT serial number

string

16

file

file or registry path

string

256

hostname

host name of local machine

string

256

id

log id

int

20

ipseng

firewall engine

string

11

ipssig

firewall signature

string

11

irdbsig

irdb signature

string

260

level

log level

enumeration string

20

logver

log protocol version

int

20

msg

description of this log

string

512

os

operating system

string

96

pcdomain

domain name of local machine

string

128

policyname

policy name

string

64

processname

blocked process

string

128

rootkitengine

anti-rootkit engine

string

11

rootkitsig

anti-rootkit signature

string

11

site

Multi-tenancy site

string

32

social_email

social email

string

128

social_phone

social phone number

string

64

social_srvc

social service

string

64

social_user

social user name

string

256

status

status description

string

16

subtype

AntiVirus, FireWall, WebFilter ...

enumeration string

32

time

time

string

260

type

Traffic, Security Event or System Event

string

16

uid

FortiClient unique ID

string

32

user

current logged on user

string

256

usingpolicy

current policy name

string

64

vulnengine

vulnerability engine

string

64

vulnsig

vulnerability signature

string

11

traffic

Log Field Name

Description

Data Type

Length

browsetime

user browsing time of web page(in seconds)

int

20

date

date

string

260

deviceip

device IP address

string

20

devicemac

device MAC address

string

17

devid

device ID

string

16

direction

traffic direction

string

8

dstip

destination IP

string

20

dstport

destination port

int

20

emsserial

EMS serial number

string

16

eventtype

type of event

enumeration string

32

fctver

FCT version

string

16

fgtserial

FGT serial number

string

16

hostname

host name of local machine

string

256

id

log id

int

20

level

log level

enumeration string

20

logver

log protocol version

int

20

msg

description of this log

string

512

os

operating system

string

96

pcdomain

domain name of local machine

string

128

proto

network protocol

int

20

rcvdbyte

data received (in bytes)

int

20

regip

regip

string

64

remotename

remote name

string

256

sentbyte

data sent (in bytes)

int

20

service

network protocol

string

64

sessionid

network session

string

64

site

Multi-tenancy site

string

32

srcip

source IP

string

20

srcname

source name

string

256

srcport

source port

int

20

srcproduct

source product

string

256

subtype

AntiVirus, FireWall, WebFilter ...

enumeration string

32

threat

threat

string

128

time

time

string

260

type

Traffic, Security Event or System Event

string

16

uid

FortiClient unique ID

string

32

url

url

string

512

user

current logged on user

string

256

userinitiated

if user initiated url request

int

20

usingpolicy

current policy name

string

64

utmaction

utm action

string

32

utmevent

utm event

string

32