Fortinet black logo

FortiOS Log Message Reference

Home FortiGate / FortiOS 6.0.18 FortiOS Log Message Reference
6.0.18
7.4.3
7.4.2
7.4.1
7.4.0
7.2.8
7.2.7
7.2.6
7.2.5
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0
7.0.15
7.0.14
7.0.13
7.0.12
7.0.11
7.0.10
7.0.9
7.0.8
7.0.7
7.0.6
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0
6.4.15
6.4.14
6.4.13
6.4.12
6.4.11
6.4.10
6.4.9
6.4.8
6.4.7
6.4.6
6.4.5
6.4.4
6.4.3
6.4.2
6.4.1
6.4.0
6.2.16
6.2.15
6.2.14
6.2.13
6.2.12
6.2.11
6.2.10
6.2.9
6.2.8
6.2.7
6.2.6
6.2.5
6.2.4
6.2.3
6.2.2
6.2.1
6.2.0
6.0.18
6.0.17
6.0.16
6.0.15
6.0.14
6.0.13
6.0.12
6.0.11
6.0.10
6.0.9
6.0.8
6.0.7
6.0.6
6.0.5
6.0.4
6.0.3
6.0.2
6.0.1
6.0.0
5.6.14
5.6.13
5.6.12
5.6.11
5.6.10
5.6.9
5.6.8
5.6.7
5.6.6
5.6.5
5.6.4
5.6.3
5.6.2
5.6.1
5.6.0
5.4.13
5.4.12
5.4.11
5.4.9
5.4.8
5.4.7
5.4.6
5.4.5
5.4.4
5.4.3
5.4.2
5.4.1
5.4.0
5.2.15
5.2.14
5.2.13
5.2.12
5.2.11
5.2.10
5.2.8
5.2.7
5.2.6
5.2.5
5.2.4
5.2.3
5.2.2
5.2.1

Log ID definitions

Log ID definitions

Following are the definitions for the log type IDs and subtype IDs applicable to FortiOS:

Log Category IDs

Subtype IDs

traffic: 0

  • forward: 0

  • local: 1

  • multicast: 2

  • sniffer: 4

event: 1

  • system: 0

  • vpn: 1

  • user: 2

  • router: 3

  • wireless: 4

  • wad: 5

  • endpoint: 7

  • ha: 8

  • compliance-check: 9

  • security-rating: 10

voip: 2

  • voip: 14

av: 3

  • analytics: 1

  • botnet: 2

  • filetype-executable: 3

  • content-disarm: 5

  • command-blocked: 6

  • infected: 11

  • filename: 12

  • oversize: 13

  • mimefragmented: 61

  • scanerror: 62

  • switchproto: 63

web: 4

  • content: 14

  • urlfilter: 15

  • ftgd_blk: 16

  • ftgd_allow: 17

  • ftgd_err: 18

  • activexfilter: 35

  • cookiefilter: 36

  • appletfilter: 37

  • ftgd_quota_counting: 38

  • ftgd_quota: 40

  • scriptfilter: 41

  • webfilter_command_block: 43

  • http_header_change: 44

  • ssl-exempt: 45

ips: 5

  • signature: 19

  • malicious-url: 21

anomaly: 6

  • anomaly: 20

email: 7

  • msn-hotmail: 5

  • yahoo-mail: 6

  • gmail: 7

  • smtp: 8

  • pop3: 9

  • imap: 10

  • mapi: 11

  • carrier-endpoint-filter: 47

  • mass-mms: 52

dlp: 8

  • dlp: 54

app: 9

  • app-ctrl-all: 59

waf: 10

  • waf-signature: 0

  • waf-custom-signature: 1

  • waf-http-method: 2

  • waf-http-constraint: 3

  • waf-address-list: 4

  • waf-url-access: 5

gtp: 11

  • gtp-all: 0

dns: 12

  • dns-query: 0

  • dns-response: 1

ssh: 13

  • ssh-command: 0

  • ssh-channel: 1
Previous
Next

Log ID definitions

Following are the definitions for the log type IDs and subtype IDs applicable to FortiOS:

Log Category IDs

Subtype IDs

traffic: 0

  • forward: 0

  • local: 1

  • multicast: 2

  • sniffer: 4

event: 1

  • system: 0

  • vpn: 1

  • user: 2

  • router: 3

  • wireless: 4

  • wad: 5

  • endpoint: 7

  • ha: 8

  • compliance-check: 9

  • security-rating: 10

voip: 2

  • voip: 14

av: 3

  • analytics: 1

  • botnet: 2

  • filetype-executable: 3

  • content-disarm: 5

  • command-blocked: 6

  • infected: 11

  • filename: 12

  • oversize: 13

  • mimefragmented: 61

  • scanerror: 62

  • switchproto: 63

web: 4

  • content: 14

  • urlfilter: 15

  • ftgd_blk: 16

  • ftgd_allow: 17

  • ftgd_err: 18

  • activexfilter: 35

  • cookiefilter: 36

  • appletfilter: 37

  • ftgd_quota_counting: 38

  • ftgd_quota: 40

  • scriptfilter: 41

  • webfilter_command_block: 43

  • http_header_change: 44

  • ssl-exempt: 45

ips: 5

  • signature: 19

  • malicious-url: 21

anomaly: 6

  • anomaly: 20

email: 7

  • msn-hotmail: 5

  • yahoo-mail: 6

  • gmail: 7

  • smtp: 8

  • pop3: 9

  • imap: 10

  • mapi: 11

  • carrier-endpoint-filter: 47

  • mass-mms: 52

dlp: 8

  • dlp: 54

app: 9

  • app-ctrl-all: 59

waf: 10

  • waf-signature: 0

  • waf-custom-signature: 1

  • waf-http-method: 2

  • waf-http-constraint: 3

  • waf-address-list: 4

  • waf-url-access: 5

gtp: 11

  • gtp-all: 0

dns: 12

  • dns-query: 0

  • dns-response: 1

ssh: 13

  • ssh-command: 0

  • ssh-channel: 1
Previous
Next