Subtype

Subtype

Most FortiMail log messages have a subtype field. Valid subtype values vary by the type field. The subtype further categorizes the nature of the event.

Type Value	Subtype Values	Description
`encrypt`	(no subtypes)	.
`event`	`imap`	User authentication and email download via IMAP.
	`pop3`	User authentication and email download via POP3.
	`smtp`	User authentication, email sending, and email download via SMTP.
	`webmail`	User authentication via FortiMail webmail (HTTPS).
`kevent`	`admin`	Administrator authentication success or failure.
	`config`	FortiMail configuration changes by administrators.
	`config-user`	FortiMail configuration changes by users.
	`dns`	DNS queries, such as SMTP client IP address verification and SPF record lookups.
	`ha`	FortiMail high availability (HA) cluster activities such as synchronization and failover.
	`system`	FortiMail system activities such as software update validation, time synchronization, shutdown, and reboot.
	`update`	Download of package updates such as FortiGuard Antivirus signatures.
`spam`	`admin`	Quarantine access by an administrator.
	`default`	Antispam scan results, error messages, and DMARC aggregate reports.
	`url`	URL filtering scan results and error messages.
	`user`	Quarantine access by a user.
`statistics`	`default`	History of email received and delivered by that FortiMail system.
`statistics`	`update`	For logs sent to FortiAnalyzer only (not visible directly on FortiMail). Updates for recipient rewrites and delivery status of the original history log message, such as from queued to delivered or failed.
`virus`	`file-signature`	Data leak protection (DLP) checksum matches for email attachment files.
	`fortindr`	FortiSandbox file antivirus scan results and error messages.
	`fortisandbox`	FortiSandbox file and URL antivirus scan results and error messages.
	`malware-outbreak`	FortiGuard Antivirus outbreak protection results.
	`infected`	Antivirus scan results and error messages such as file size limits.

Subtype

Most FortiMail log messages have a subtype field. Valid subtype values vary by the type field. The subtype further categorizes the nature of the event.

Type Value	Subtype Values	Description
`encrypt`	(no subtypes)	.
`event`	`imap`	User authentication and email download via IMAP.
	`pop3`	User authentication and email download via POP3.
	`smtp`	User authentication, email sending, and email download via SMTP.
	`webmail`	User authentication via FortiMail webmail (HTTPS).
`kevent`	`admin`	Administrator authentication success or failure.
	`config`	FortiMail configuration changes by administrators.
	`config-user`	FortiMail configuration changes by users.
	`dns`	DNS queries, such as SMTP client IP address verification and SPF record lookups.
	`ha`	FortiMail high availability (HA) cluster activities such as synchronization and failover.
	`system`	FortiMail system activities such as software update validation, time synchronization, shutdown, and reboot.
	`update`	Download of package updates such as FortiGuard Antivirus signatures.
`spam`	`admin`	Quarantine access by an administrator.
	`default`	Antispam scan results, error messages, and DMARC aggregate reports.
	`url`	URL filtering scan results and error messages.
	`user`	Quarantine access by a user.
`statistics`	`default`	History of email received and delivered by that FortiMail system.
`statistics`	`update`	For logs sent to FortiAnalyzer only (not visible directly on FortiMail). Updates for recipient rewrites and delivery status of the original history log message, such as from queued to delivered or failed.
`virus`	`file-signature`	Data leak protection (DLP) checksum matches for email attachment files.
	`fortindr`	FortiSandbox file antivirus scan results and error messages.
	`fortisandbox`	FortiSandbox file and URL antivirus scan results and error messages.
	`malware-outbreak`	FortiGuard Antivirus outbreak protection results.
	`infected`	Antivirus scan results and error messages such as file size limits.

Secure Networking

Hybrid Mesh Firewall

NOC Management

LAN

WAN

Unified SASE

Single Vendor SASE

Cloud Network Security

Secure Endpoint Connectivity

Web Application / API Protection

Security Operations

Security Operations Automation

Identity

Early Detection & Prevention

Secure Networking

Hybrid Mesh Firewall

NOC Management

LAN

WAN

Communication & Surveillance

Unified SASE

Single Vendor SASE

Secure Endpoint Connectivity

Cloud Network Security

Cloud-Native Security

Web Application / API Protection

Security Operations

Security Operations Automation

Endpoint

Data Protection

Identity

Email

Early Detection & Prevention

Expert Services

Edge Firewall

Orchestration & management

SD Branch

Application Delivery

Single Vendor SASE

Secure Endpoint Connectivity

Secure Private Access

Thin Edge

Identity

Application Gateway

Enterprise Asset Management

Endpoint Agent

Agentless Security Posture

Identity

Wireless

Switching

Identity

Privilege Acccess Management

Next Generation Firewall

Orchestration & management

Expert Services

Web Application / API Protection

All

All

Account Management

SAAS Management

SAAS Application Security

Managed Services

Platform as a service (PAAS)

Other SAAS Services

4D Pillars

Cloud

Popular Solutions

All Products

Log Reference

Subtype

Subtype

Subtype