Fortinet black logo

FortiAnalyzer event log message example

FortiAnalyzer event log message example

log_id=0032041002 type=event subtype=report pri=information desc=Run report user=system userfrom=system msg=Start generating SQL report [S-10025_t10025-Cyber Threat Assessment-2020-05-13-1505_1be4cb8e-664d-44f3-a41a-cb32497bf094_199] at Wed (3) 2020-05-13 15:05:14, adom=root. action=run devid=FAZ-VMTM20004698 itime=2020-05-13 15:05:14 date=2020-05-13 time=15:05:14 dtime=2020-05-13 15:05:14 itime_t=1589407514

Event log message breakdown

Log Field

Description

Action: run

Records the action taken, if applicable.

Date: 2020-05-13

The year, month, and day when the event occurred in the format: YY-MM-DD

Time: 15:05:14

The hour, minute, and second of when the event occurred.

Description: Run report

The activity or event recorded by the FortiAnalyzer unit.

Device ID: FAZ-VMTM20004698

An identification number for the device that recorded the event.

Device Time: 2020-05-13 15:05:14

The year, month, and day when the event occurred in the format: YY-MM-DD. It also includes the hour, minute, and second of when the event occurred.

ID: 0032041002

A ten-digit number that identifies the log type. The first two digits represent the log type, and the following two digits represent the log subtype. The last six digits represent the message ID number.

Level: information

The severity level or priority of the event. There are several severity or priority levels. See Priority levels.

Msg: Start generating SQL report [S-10025_t10025-Cyber Threat Assessment-2020-05-13-1505_1be4cb8e-664d-44f3-a41a-cb32497bf094_199] at Wed (3) 2020-05-13 15:05:14,

A description of the activity or event recorded by the FortiAnalyzer unit.

Subtype: report

The subtype of each log message.

Type: event

The section of the system where the event occurred.

User: system

The name of the user creating the traffic.

User From: system

Where the user initiated the activity or event, if applicable.

FortiAnalyzer event log message example

log_id=0032041002 type=event subtype=report pri=information desc=Run report user=system userfrom=system msg=Start generating SQL report [S-10025_t10025-Cyber Threat Assessment-2020-05-13-1505_1be4cb8e-664d-44f3-a41a-cb32497bf094_199] at Wed (3) 2020-05-13 15:05:14, adom=root. action=run devid=FAZ-VMTM20004698 itime=2020-05-13 15:05:14 date=2020-05-13 time=15:05:14 dtime=2020-05-13 15:05:14 itime_t=1589407514

Event log message breakdown

Log Field

Description

Action: run

Records the action taken, if applicable.

Date: 2020-05-13

The year, month, and day when the event occurred in the format: YY-MM-DD

Time: 15:05:14

The hour, minute, and second of when the event occurred.

Description: Run report

The activity or event recorded by the FortiAnalyzer unit.

Device ID: FAZ-VMTM20004698

An identification number for the device that recorded the event.

Device Time: 2020-05-13 15:05:14

The year, month, and day when the event occurred in the format: YY-MM-DD. It also includes the hour, minute, and second of when the event occurred.

ID: 0032041002

A ten-digit number that identifies the log type. The first two digits represent the log type, and the following two digits represent the log subtype. The last six digits represent the message ID number.

Level: information

The severity level or priority of the event. There are several severity or priority levels. See Priority levels.

Msg: Start generating SQL report [S-10025_t10025-Cyber Threat Assessment-2020-05-13-1505_1be4cb8e-664d-44f3-a41a-cb32497bf094_199] at Wed (3) 2020-05-13 15:05:14,

A description of the activity or event recorded by the FortiAnalyzer unit.

Subtype: report

The subtype of each log message.

Type: event

The section of the system where the event occurred.

User: system

The name of the user creating the traffic.

User From: system

Where the user initiated the activity or event, if applicable.