Fortinet black logo

FortiAnalyzer application log message example

FortiAnalyzer application log message example

id=6826113487735881741 itime=2020-05-12 17:06:37 euid=1 epid=1 dsteuid=1 dstepid=1 vd=root logid=110269 type=appevent subtype=playbook eventtype=run-stat level=notice date=2020-05-12 time=17:06:38 user=system user_from=system desc=Incident Attachment Added msg=Task 'Attach Events to Incident' executed successfully. status=success playbook_name=Demo Playbook- Compromised Host Incident trigger_type=event trigger_name=202005121000000012 task_name=Attach Events to Incident event_id=202005121000000012 devid=FAZ-VMTM20004698 devname=FAZ-VMTM20004698 dtime=2020-05-12 17:06:37 itime_t=1589328397

application log message breakdown

Log Field

Description

Date/Time: 17:06:37

The hour, minute, and second of when the event occurred.

Description (desc): Incident Attachment Added

A description of the activity or event recorded by the FortiAnalyzer unit.

Destination End User ID (dsteuid): 1

An identification number for the destination end user.

Destination Endpoint ID (dstepid): 1

An identification number for the destination endpoint.

Device ID (devid): FAZ-VMTM20004698

An identification number for the device that recorded the event.

Device Name (devname): FAZ-VMTM20004698

The name of the device that recorded the event.

Device Time (dtime): 2020-05-12 17:06:37

The year, month, and day when the event occurred in the format: YY-MM-DD. It also includes the hour, minute, and second of when the event occurred.

End User ID (euid): 1

An identification number for the end user.

Endpoint ID (epid): 1

An identification number for the endpoint user.

Event ID (id): 6826113487735881741

An identification number for the event.

Event Type (eventtype): run-stat

The type of event recorded.

Level (level): notice

The severity level or priority of the event. There are several severity or priority levels. See Priority levels.

Log ID (logid): 110269

The message ID number.

Message (msg): Task 'Attach Events to Incident' executed successfully.

Explains the activity or event that the FortiAnalyzer unit recorded.

Playbook name (playbook_name): Demo Playbook- Compromised Host Incident

The name of the playbook.

Status (status): success

The status of the playbook.

Subtype (subtype): playbook

The subtype of each log message.

Task Name (task_name): Attach Events to Incident event_

The name of the playbook task.

Trigger Name (trigger_name): 202005121000000012

The identification number for the trigger.

Trigger Type (trigger_type): event

The type of trigger.

Type (type): appevent

The section of the system where the event occurred.

User (user): system

The name of the user creating the traffic.

User From (user_from): system

Where the user initiated the activity or event, if applicable.

Virtual Domain (vd): root

The name of the VDOM, if applicable.

FortiAnalyzer application log message example

id=6826113487735881741 itime=2020-05-12 17:06:37 euid=1 epid=1 dsteuid=1 dstepid=1 vd=root logid=110269 type=appevent subtype=playbook eventtype=run-stat level=notice date=2020-05-12 time=17:06:38 user=system user_from=system desc=Incident Attachment Added msg=Task 'Attach Events to Incident' executed successfully. status=success playbook_name=Demo Playbook- Compromised Host Incident trigger_type=event trigger_name=202005121000000012 task_name=Attach Events to Incident event_id=202005121000000012 devid=FAZ-VMTM20004698 devname=FAZ-VMTM20004698 dtime=2020-05-12 17:06:37 itime_t=1589328397

application log message breakdown

Log Field

Description

Date/Time: 17:06:37

The hour, minute, and second of when the event occurred.

Description (desc): Incident Attachment Added

A description of the activity or event recorded by the FortiAnalyzer unit.

Destination End User ID (dsteuid): 1

An identification number for the destination end user.

Destination Endpoint ID (dstepid): 1

An identification number for the destination endpoint.

Device ID (devid): FAZ-VMTM20004698

An identification number for the device that recorded the event.

Device Name (devname): FAZ-VMTM20004698

The name of the device that recorded the event.

Device Time (dtime): 2020-05-12 17:06:37

The year, month, and day when the event occurred in the format: YY-MM-DD. It also includes the hour, minute, and second of when the event occurred.

End User ID (euid): 1

An identification number for the end user.

Endpoint ID (epid): 1

An identification number for the endpoint user.

Event ID (id): 6826113487735881741

An identification number for the event.

Event Type (eventtype): run-stat

The type of event recorded.

Level (level): notice

The severity level or priority of the event. There are several severity or priority levels. See Priority levels.

Log ID (logid): 110269

The message ID number.

Message (msg): Task 'Attach Events to Incident' executed successfully.

Explains the activity or event that the FortiAnalyzer unit recorded.

Playbook name (playbook_name): Demo Playbook- Compromised Host Incident

The name of the playbook.

Status (status): success

The status of the playbook.

Subtype (subtype): playbook

The subtype of each log message.

Task Name (task_name): Attach Events to Incident event_

The name of the playbook task.

Trigger Name (trigger_name): 202005121000000012

The identification number for the trigger.

Trigger Type (trigger_type): event

The type of trigger.

Type (type): appevent

The section of the system where the event occurred.

User (user): system

The name of the user creating the traffic.

User From (user_from): system

Where the user initiated the activity or event, if applicable.

Virtual Domain (vd): root

The name of the VDOM, if applicable.