Document
Library
Product Pillars
Network Security
Network Security
FortiGate / FortiOS
FortiGate-5000
/
6000
/
7000
FortiProxy
NOC & SOC Management
FortiManager
/
FortiManager Cloud
FortiAnalyzer
/
FortiAnalyzer Cloud
FortiMonitor
FortiGate Cloud
Enterprise Networking
Secure SD-WAN
FortiLAN Cloud
FortiSwitch
FortiAP / FortiWiFi
FortiAP-U Series
FortiNAC-F
FortiExtender
/
FortiExtender Cloud
FortiAIOps
Business Communications
FortiFone
FortiVoice
/
FortiVoice Cloud
FortiRecorder
/
FortiCamera
Zero Trust Access
ZTNA
Zero Trust Network Access
FortiClient EMS
SASE
FortiSASE
Identity
FortiAuthenticator
FortiTrust Identity
FortiToken Cloud
FortiToken
Cloud Security
Hybrid Cloud Security
FortiGate Public Cloud
FortiGate Private Cloud
Flex-VM
Cloud Native Protection
FortiCNP
FortiDevSec
Web Application / API Protection
FortiWeb
/
FortiWeb Cloud
FortiADC
/
FortiGSLB
FortiGuard ABP
SAAS Security
FortiMail
/
FortiMail Cloud
FortiCASB
Security Operations
SOC Platform
FortiAnalyzer
/
FortiAnalyzer Cloud
FortiSIEM
/
FortiSIEM Cloud
FortiSOAR
FortiPhish
Advanced Threat Protection
FortiSandbox
/
FortiSandbox Cloud
FortiNDR
FortiNDR Cloud
FortiDeceptor
FortiInsight
/
FortiInsight Cloud
FortiIsolator
Endpoint Security
FortiClient
/
FortiClient Cloud
FortiEDR
Best Practices
Solution Hubs
Curated links by solution
Cloud
FortiCloud
Public & Private Cloud
Popular Solutions
Secure SD-WAN
Zero Trust Network Access
Secure Access
Next Generation Firewall
Security Fabric
Tele-Working
Multi-Factor Authentication
FortiASIC
Operational Technology
MSSP
4-D Resources
Define, Design, Deploy, Demo
Secure SD-WAN
Zero Trust Network Access
Wireless
Switching
Secure Access Service Edge
Identity and Access Management
Next Generation Firewall
Hardware Guides
Filter Products
FortiAnalyzer
FortiAnalyzer Big-Data
FortiADC
FortiAP / FortiWiFi
FortiAP U-Series
FortiAuthenticator
FortiCache
FortiCarrier
FortiController
FortiDDoS
FortiDDoS-F
FortiDeceptor
FortiExtender
FortiGate
FortiGate-5000
FortiGate-6000
FortiGate-7000
FortiHypervisor
FortiIsolator
FortiMail
FortiManager
FortiNAC
FortiNDR
FortiProxy
FortiRecorder
FortiRPS
FortiSandbox
FortiSIEM
FortiSwitch
FortiTester
FortiToken
FortiVoice
FortiWAN
FortiWeb
FortiWLC
FortiWLM
Product A-Z
Filter Products
AscenLink
AV Engine
AWS Firewall Rules
FortiADC
FortiADC E Series
FortiADC Manager
FortiADC Private Cloud
FortiADC Public Cloud
FortiAIOps
FortiAnalyzer
FortiAnalyzer BigData
FortiAnalyzer BigData Private Cloud
FortiAnalyzer Cloud
FortiAnalyzer Private Cloud
FortiAnalyzer Public Cloud
FortiAP / FortiWiFi
FortiAP-U Series
FortiAuthenticator
FortiAuthenticator Private Cloud
FortiAuthenticator Public Cloud
FortiAuthProxy
FortiBalancer
FortiBridge
FortiCache
FortiCamera
FortiCamera Cloud
FortiCare Elite
FortiCarrier
FortiCASB
FortiCentral
FortiClient
FortiClient Cloud
FortiCloud Services
FortiCNP
FortiConnect
FortiController
FortiConverter Service
FortiConverter Tool
FortiCore
FortiCSPM
FortiCWP
FortiDAST
FortiDB
FortiDDoS
FortiDDoS-F
FortiDeceptor
FortiDeceptor DaaS
FortiDeceptor Private Cloud
FortiDeceptor Public Cloud
FortiDevSec
FortiDNS
FortiEDR/XDR
FortiExplorer
FortiExplorer Go
FortiExtender
FortiExtender Cloud
FortiFlex
FortiFone
FortiGate / FortiOS
FortiGate Cloud
FortiGate CNF
FortiGate Private Cloud
FortiGate Public Cloud
FortiGate-5000
FortiGate-6000
FortiGate-7000
FortiGSLB
FortiGuard Advanced Bot Protection
FortiGuest
FortiHypervisor
FortiInsight
FortiInsight Cloud
FortiIPAM
FortiIsolator
FortiIsolator Public Cloud
FortiLAN Cloud
FortiMail
FortiMail Cloud
FortiManager
FortiManager Cloud
FortiManager Private Cloud
FortiManager Public Cloud
FortiMonitor
FortiNAC
FortiNAC-F
FortiNDR
FortiNDR (on-premise) Private Cloud
FortiNDR (on-premise) Public Cloud
FortiNDR Cloud
FortiNDR Cloud Sensors
FortiPAM
FortiPAM Private Cloud
FortiPAM Public Cloud
FortiPhish
FortiPlanner
FortiPolicy
FortiPortal
FortiPortal Public Cloud
FortiPresence
FortiPresence VM
FortiProxy
FortiProxy Private Cloud
FortiProxy Public Cloud
FortiRecon
FortiRecorder
FortiRPS
FortiSandbox
FortiSandbox Cloud
FortiSandbox Private Cloud
FortiSandbox Public Cloud
FortiSASE
FortiSIEM
FortiSIEM Cloud
FortiSOAR
FortiSOAR Cloud
FortiSwitch
FortiSwitch Manager
FortiTap
FortiTester
FortiTester Private Cloud
FortiTester Public Cloud
FortiToken
FortiToken Cloud
FortiTrust Identity
FortiVoice
FortiVoice Cloud
FortiVoice Private Cloud
FortiVoice Public Cloud
FortiWAN
FortiWAN Controller
FortiWeb
FortiWeb Cloud
FortiWeb Manager Private Cloud
FortiWeb Manager Public Cloud
FortiWeb Private Cloud
FortiWeb Public Cloud
FortiWLM
FortiZTP
IPS Engine
Managed FortiGate Service
Overlay-as-a-Service
Security Awareness and Training
SOCaaS
Wireless Controller
Ordering Guides
Search documents and hardware ...
FortiOS Log Message Reference
Introduction
Before you begin
Overview
What's new
Log Types and Subtypes
Type
Subtype
List of log types and subtypes
FortiOS priority levels
Log field format
Log Schema Structure
Log message fields
Log ID numbers
Log ID definitions
FortiGuard Web Filter Categories
CEF Support
FortiOS to CEF log field mapping guidelines
CEF priority levels
Examples of CEF support
Traffic log support for CEF
Event log support for CEF
Antivirus log support for CEF
Webfilter log support for CEF
IPS log support for CEF
Email Spamfilter log support for CEF
Anomaly log support for CEF
VoIP log support for CEF
DLP log support for CEF
Application log support for CEF
WAF log support for CEF
DNS log support for CEF
SSH log support for CEF
UTM Extended Logging
Enabling extended logging
Log Messages
Anomaly
18432 - LOGID_ATTCK_ANOMALY_TCP_UDP
18433 - LOGID_ATTCK_ANOMALY_ICMP
18434 - LOGID_ATTCK_ANOMALY_OTHERS
App
28672 - LOGID_APP_CTRL_IM_BASIC
28673 - LOGID_APP_CTRL_IM_BASIC_WITH_STATUS
28674 - LOGID_APP_CTRL_IM_BASIC_WITH_COUNT
28675 - LOGID_APP_CTRL_IM_FILE
28676 - LOGID_APP_CTRL_IM_CHAT
28677 - LOGID_APP_CTRL_IM_CHAT_BLOCK
28678 - LOGID_APP_CTRL_IM_BLOCK
28704 - LOGID_APP_CTRL_IPS_PASS
28705 - LOGID_APP_CTRL_IPS_BLOCK
28706 - LOGID_APP_CTRL_IPS_RESET
28720 - LOGID_APP_CTRL_SSH_PASS
28721 - LOGID_APP_CTRL_SSH_BLOCK
AV
8192 - MESGID_INFECT_WARNING
8193 - MESGID_INFECT_NOTIF
8194 - MESGID_INFECT_MIME_WARNING
8195 - MESGID_INFECT_MIME_NOTIF
8200 - MESGID_MIME_FILETYPE_EXE_WARNING
8201 - MESGID_MIME_FILETYPE_EXE_NOTIF
8448 - MESGID_BLOCK_WARNING
8449 - MESGID_BLOCK_NOTIF
8450 - MESGID_BLOCK_MIME_WARNING
8451 - MESGID_BLOCK_MIME_NOTIF
8452 - MESGID_BLOCK_COMMAND
8453 - MESGID_INTERCEPT
8454 - MESGID_INTERCEPT_MIME
8455 - MESGID_EXEMPT
8456 - MESGID_EXEMPT_MIME
8457 - MESGID_MMS_CHECKSUM
8458 - MESGID_MMS_CHECKSUM_NOTIF
8704 - MESGID_OVERSIZE_WARNING
8705 - MESGID_OVERSIZE_NOTIF
8706 - MESGID_OVERSIZE_MIME_WARNING
8707 - MESGID_OVERSIZE_MIME_NOTIF
8720 - MESGID_SWITCH_PROTO_WARNING
8721 - MESGID_SWITCH_PROTO_NOTIF
8960 - MESGID_SCAN_UNCOMPSIZELIMIT_WARNING
8961 - MESGID_SCAN_UNCOMPSIZELIMIT_NOTIF
8962 - MESGID_SCAN_ARCHIVE_ENCRYPTED_WARNING
8963 - MESGID_SCAN_ARCHIVE_ENCRYPTED_NOTIF
8964 - MESGID_SCAN_ARCHIVE_CORRUPTED_WARNING
8965 - MESGID_SCAN_ARCHIVE_CORRUPTED_NOTIF
8966 - MESGID_SCAN_ARCHIVE_MULTIPART_WARNING
8967 - MESGID_SCAN_ARCHIVE_MULTIPART_NOTIF
8968 - MESGID_SCAN_ARCHIVE_NESTED_WARNING
8969 - MESGID_SCAN_ARCHIVE_NESTED_NOTIF
8970 - MESGID_SCAN_ARCHIVE_OVERSIZE_WARNING
8971 - MESGID_SCAN_ARCHIVE_OVERSIZE_NOTIF
8972 - MESGID_SCAN_ARCHIVE_UNHANDLED_WARNING
8973 - MESGID_SCAN_ARCHIVE_UNHANDLED_NOTIF
8974 - MESGID_SCAN_AV_ENGINE_LOAD_FAILED_ERROR
8975 - MESGID_SCAN_ARCHIVE_PARTIALLYCORRUPTED_WARNING
8976 - MESGID_SCAN_ARCHIVE_PARTIALLYCORRUPTED_NOTIF
8977 - MESGID_SCAN_ARCHIVE_FILESLIMIT_WARNING
8978 - MESGID_SCAN_ARCHIVE_FILESLIMIT_NOTIF
8979 - MESGID_SCAN_ARCHIVE_TIMEOUT_WARNING
8980 - MESGID_SCAN_ARCHIVE_TIMEOUT_NOTIF
9233 - MESGID_ANALYTICS_SUBMITTED
9234 - MESGID_ANALYTICS_INFECT_WARNING
9235 - MESGID_ANALYTICS_INFECT_NOTIF
9236 - MESGID_ANALYTICS_INFECT_MIME_WARNING
9237 - MESGID_ANALYTICS_INFECT_MIME_NOTIF
9238 - MESGID_ANALYTICS_FSA_RESULT
9239 - MESGID_CONTENT_DISARM_NOTIF
9240 - MESGID_CONTENT_DISARM_WARNING
9248 - MESGID_BOTNET_WARNING
9249 - MESGID_BOTNET_NOTIF
DLP
24576 - LOG_ID_DLP_WARN
24577 - LOG_ID_DLP_NOTIF
24578 - LOG_ID_DLP_DOC_SOURCE
24579 - LOG_ID_DLP_DOC_SOURCE_ERROR
DNS
54000 - LOG_ID_DNS_QUERY
54200 - LOG_ID_DNS_RESOLV_ERROR
54400 - LOG_ID_DNS_URL_FILTER_BLOCK
54401 - LOG_ID_DNS_URL_FILTER_ALLOW
54600 - LOG_ID_DNS_BOTNET_IP
54601 - LOG_ID_DNS_BOTNET_DOMAIN
54800 - LOG_ID_DNS_FTGD_WARNING
54801 - LOG_ID_DNS_FTGD_ERROR
54802 - LOG_ID_DNS_FTGD_CAT_ALLOW
54803 - LOG_ID_DNS_FTGD_CAT_BLOCK
Email
20480 - LOGID_ANTISPAM_EMAIL_SMTP_NOTIF
20481 - LOGID_ANTISPAM_EMAIL_SMTP_BWORD_NOTIF
20482 - LOGID_ANTISPAM_EMAIL_POP3_NOTIF
20483 - LOGID_ANTISPAM_EMAIL_POP3_BWORD_NOTIF
20484 - LOGID_ANTISPAM_EMAIL_IMAP_NOTIF
20485 - LOGID_ANTISPAM_ENDPOINT_FILTER_WARNING
20486 - LOGID_ANTISPAM_ENDPOINT_FILTER_NOTIF
20487 - LOGID_ANTISPAM_ENDPOINT_MM7_WARNING
20488 - LOGID_ANTISPAM_ENDPOINT_MM7_NOTIF
20489 - LOGID_ANTISPAM_ENDPOINT_MM1_WARNING
20490 - LOGID_ANTISPAM_ENDPOINT_MM1_NOTIF
20491 - LOGID_ANTISPAM_EMAIL_IMAP_BWORD_NOTIF
20492 - LOGID_ANTISPAM_MM1_FLOOD_WARNING
20493 - LOGID_ANTISPAM_MM1_FLOOD_NOTIF
20494 - LOGID_ANTISPAM_MM4_FLOOD_WARNING
20495 - LOGID_ANTISPAM_MM4_FLOOD_NOTIF
20496 - LOGID_ANTISPAM_MM1_DUPE_WARNING
20497 - LOGID_ANTISPAM_MM1_DUPE_NOTIF
20498 - LOGID_ANTISPAM_MM4_DUPE_WARNING
20499 - LOGID_ANTISPAM_MM4_DUPE_NOTIF
20500 - LOGID_ANTISPAM_EMAIL_MSN_NOTIF
20501 - LOGID_ANTISPAM_EMAIL_YAHOO_NOTIF
20502 - LOGID_ANTISPAM_EMAIL_GOOGLE_NOTIF
20503 - LOGID_EMAIL_SMTP_GENERAL_NOTIF
20504 - LOGID_EMAIL_POP3_GENERAL_NOTIF
20505 - LOGID_EMAIL_IMAP_GENERAL_NOTIF
20506 - LOGID_EMAIL_MAPI_GENERAL_NOTIF
20507 - LOGID_ANTISPAM_EMAIL_MAPI_BWORD_NOTIF
20508 - LOGID_ANTISPAM_EMAIL_MAPI_NOTIF
20509 - LOGID_ANTISPAM_FTGD_ERR
Event
20002 - LOG_ID_DOMAIN_UNRESOLVABLE
20003 - LOG_ID_MAIL_SENT_FAIL
20004 - LOG_ID_POLICY_TOO_BIG
20005 - LOG_ID_PPP_LINK_UP
20006 - LOG_ID_PPP_LINK_DOWN
20007 - LOG_ID_SOCKET_EXHAUSTED
20008 - LOG_ID_POLICY6_TOO_BIG
20010 - LOG_ID_KERNEL_ERROR
20016 - LOG_ID_MODEM_EXCEED_REDIAL_COUNT
20017 - LOG_ID_MODEM_FAIL_TO_OPEN
20020 - LOG_ID_MODEM_USB_DETECTED
20021 - LOG_ID_MAIL_RESENT
20022 - LOG_ID_MODEM_USB_REMOVED
20023 - LOG_ID_MODEM_USBLTE_DETECTED
20024 - LOG_ID_MODEM_USBLTE_REMOVED
20025 - LOG_ID_REPORTD_REPORT_SUCCESS
20026 - LOG_ID_REPORTD_REPORT_FAILURE
20027 - LOG_ID_REPORT_DEL_OLD_REC
20028 - LOG_ID_REPORT_RECREATE_DB
20031 - LOG_ID_RAD_OUT_OF_MEM
20032 - LOG_ID_RAD_NOT_FOUND
20033 - LOG_ID_RAD_MOBILE_IPV6
20034 - LOG_ID_RAD_IPV6_OUT_OF_RANGE
20035 - LOG_ID_RAD_MIN_OUT_OF_RANGE
20036 - LOG_ID_RAD_MAX_OUT_OF_RANGE
20037 - LOG_ID_RAD_MAX_ADV_OUT_OF_RANGE
20039 - LOG_ID_RAD_MTU_TOO_SMALL
20040 - LOG_ID_RAD_TIME_TOO_SMALL
20041 - LOG_ID_RAD_HOP_OUT_OF_RANGE
20042 - LOG_ID_RAD_DFT_HOP_OUT_OF_RANGE
20043 - LOG_ID_RAD_AGENT_OUT_OF_RANGE
20044 - LOG_ID_RAD_AGENT_FLAG_NOT_SET
20045 - LOG_ID_RAD_PREFIX_TOO_LONG
20046 - LOG_ID_RAD_PREF_TIME_TOO_SMALL
20047 - LOG_ID_RAD_FAIL_IPV6_SOCKET
20048 - LOG_ID_RAD_FAIL_OPT_IPV6_PKTINFO
20049 - LOG_ID_RAD_FAIL_OPT_IPV6_CHECKSUM
20050 - LOG_ID_RAD_FAIL_OPT_IPV6_UNICAST_HOPS
20051 - LOG_ID_RAD_FAIL_OPT_IPV6_MULTICAST_HOPS
20052 - LOG_ID_RAD_FAIL_OPT_IPV6_HOPLIMIT
20053 - LOG_ID_RAD_FAIL_OPT_IPPROTO_ICMPV6
20054 - LOG_ID_RAD_EXIT_BY_SIGNAL
20055 - LOG_ID_RAD_FAIL_CMDB_QUERY
20056 - LOG_ID_RAD_FAIL_CMDB_FOR_EACH
20057 - LOG_ID_RAD_FAIL_FIND_VIRT_INTF
20058 - LOG_ID_RAD_UNLOAD_INTF
20059 - LOG_ID_RAD_NO_PKT_INFO
20060 - LOG_ID_RAD_INV_ICMPV6_LEN
20061 - LOG_ID_RAD_INV_ICMPV6_TYPE
20062 - LOG_ID_RAD_INV_ICMPV6_RA_LEN
20063 - LOG_ID_RAD_ICMPV6_NO_SRC_ADDR
20064 - LOG_ID_RAD_INV_ICMPV6_RS_LEN
20065 - LOG_ID_RAD_INV_ICMPV6_CODE
20066 - LOG_ID_RAD_INV_ICMPV6_HOP
20067 - LOG_ID_RAD_MISMATCH_HOP
20068 - LOG_ID_RAD_MISMATCH_MGR_FLAG
20069 - LOG_ID_RAD_MISMATCH_OTH_FLAG
20070 - LOG_ID_RAD_MISMATCH_TIME
20071 - LOG_ID_RAD_MISMATCH_TIMER
20072 - LOG_ID_RAD_EXTRA_DATA
20073 - LOG_ID_RAD_NO_OPT_DATA
20074 - LOG_ID_RAD_INV_OPT_LEN
20075 - LOG_ID_RAD_MISMATCH_MTU
20077 - LOG_ID_RAD_MISMATCH_PREF_TIME
20078 - LOG_ID_RAD_INV_OPT
20079 - LOG_ID_RAD_READY
20080 - LOG_ID_RAD_FAIL_TO_RCV
20081 - LOG_ID_RAD_INV_HOP
20082 - LOG_ID_RAD_INV_PKTINFO
20083 - LOG_ID_RAD_FAIL_TO_CHECK
20084 - LOG_ID_RAD_FAIL_TO_SEND
20085 - LOG_ID_SESSION_CLASH
20086 - LOG_ID_XH0_EVENT
20090 - LOG_ID_INTF_LINK_STA_CHG
20099 - LOG_ID_INTF_STA_CHG
20100 - LOG_ID_WEB_CAT_UPDATED
20101 - LOG_ID_WEB_LIC_EXPIRE
20102 - LOG_ID_SPAM_LIC_EXPIRE
20103 - LOG_ID_AV_LIC_EXPIRE
20104 - LOG_ID_IPS_LIC_EXPIRE
20105 - LOG_ID_LOG_UPLOAD_SKIP
20107 - LOG_ID_LOG_UPLOAD_ERR
20108 - LOG_ID_LOG_UPLOAD_DONE
20109 - LOG_ID_WEB_LIC_EXPIRED
20113 - LOG_ID_IPSA_DOWNLOAD_FAIL
20115 - LOG_ID_IPSA_STATUSUPD_FAIL
20116 - LOG_ID_SPAM_LIC_EXPIRED
20117 - LOG_ID_AV_LIC_EXPIRED
20118 - LOG_ID_WEBF_STATUS_REACH
20119 - LOG_ID_WEBF_STATUS_UNREACH
20200 - LOG_ID_FIPS_SELF_TEST
20201 - LOG_ID_FIPS_SELF_ALL_TEST
20202 - LOG_ID_DISK_FORMAT_ERROR
20203 - LOG_ID_DAEMON_SHUTDOWN
20204 - LOG_ID_DAEMON_START
20205 - LOG_ID_DISK_FORMAT_REQ
20206 - LOG_ID_DISK_SCAN_REQ
20207 - LOG_ID_RAD_MISMATCH_VALID_TIME
20208 - LOG_ID_ZOMBIE_DAEMON_CLEANUP
20209 - LOG_ID_DISK_UNAVAIL
20210 - LOG_ID_DISK_TRIM_START
20211 - LOG_ID_DISK_TRIM_END
20212 - LOG_ID_DISK_SCAN_NEEDED
20220 - LOGID_EVENT_SHAPER_OUTBOUND_MAXED_OUT
20221 - LOGID_EVENT_SHAPER_INBOUND_MAXED_OUT
20300 - LOG_ID_BGP_NB_STAT_CHG
20301 - LOG_ID_VZ_LOG
20302 - LOG_ID_OSPF_NB_STAT_CHG
20303 - LOG_ID_OSPF6_NB_STAT_CHG
20401 - LOG_ID_ROUTER_CLEAR
22000 - LOG_ID_INV_PKT_LEN
22001 - LOG_ID_UNSUPPORTED_PROT_VER
22002 - LOG_ID_INV_REQ_TYPE
22003 - LOG_ID_FAIL_SET_SIG_HANDLER
22004 - LOG_ID_FAIL_CREATE_SOCKET
22005 - LOG_ID_FAIL_CREATE_SOCKET_RETRY
22006 - LOG_ID_FAIL_REG_CMDB_EVENT
22009 - LOG_ID_FAIL_FIND_AV_PROFILE
22010 - LOG_ID_SENDTO_FAIL
22011 - LOG_ID_ENTER_MEM_CONSERVE_MODE
22012 - LOG_ID_LEAVE_MEM_CONSERVE_MODE
22013 - LOG_ID_IPPOOLPBA_BLOCK_EXHAUSTED
22014 - LOG_ID_IPPOOLPBA_NATIP_EXHAUSTED
22015 - LOG_ID_IPPOOLPBA_CREATE
22016 - LOG_ID_IPPOOLPBA_DEALLOCATE
22017 - LOG_ID_EXCEED_GLOB_RES_LIMIT
22018 - LOG_ID_EXCEED_VD_RES_LIMIT
22020 - LOG_ID_FAIL_CREATE_HA_SOCKET
22021 - LOG_ID_FAIL_CREATE_HA_SOCKET_RETRY