Subtype
Most FortiMail log messages have a subtype field. Valid subtype values vary by the type field. The subtype further categorizes the nature of the event.
|
Type Value |
Subtype Values |
Description |
|---|---|---|
|
(no subtypes) |
. |
|
|
User authentication and email download via IMAP. |
||
|
User authentication and email download via POP3. |
||
|
User authentication, email sending, and email download via SMTP. |
||
|
User authentication via FortiMail webmail (HTTPS). |
||
|
Administrator authentication success or failure. |
||
|
FortiMail configuration changes by administrators. |
||
|
FortiMail configuration changes by users. |
||
|
DNS queries, such as SMTP client IP address verification and SPF record lookups. |
||
|
FortiMail high availability (HA) cluster activities such as synchronization and failover. |
||
|
FortiMail system activities such as software update validation, time synchronization, shutdown, and reboot. |
||
|
Download of package updates such as FortiGuard Antivirus signatures. |
||
|
Quarantine access by an administrator. |
||
|
Antispam scan results, error messages, and DMARC aggregate reports. |
||
|
URL filtering scan results and error messages. |
||
|
Quarantine access by a user. |
||
|
History of email received and delivered by that FortiMail system. |
||
|
For logs sent to FortiAnalyzer only (not visible directly on FortiMail). Updates for recipient rewrites and delivery status of the original history log message, such as from queued to delivered or failed. |
||
|
Data leak protection (DLP) checksum matches for email attachment files. |
||
|
FortiSandbox file antivirus scan results and error messages. |
||
|
FortiSandbox file and URL antivirus scan results and error messages. |
||
|
FortiGuard Antivirus outbreak protection results. |
||
|
Antivirus scan results and error messages such as file size limits. |