Event
SYSTEM
Log Field Name |
Description |
Data Type |
Length |
---|---|---|---|
date |
Date If the log server If In both cases, the |
string |
16 |
time |
Time If the log server If In both cases, the |
string |
16 |
tz |
time zone abbreviation. e.g. PST, PDT |
string |
8 |
user |
User Name |
string |
64 |
ui |
User Interface |
string |
128 |
action |
Action |
string |
64 |
status |
Status |
string |
16 |
error |
Error Message |
string |
128 |
reason |
Reason |
string |
128 |
letype |
sub of subcategory |
uint8 |
8 |
admin |
Admin User Name |
string |
128 |
blacklist |
Blacklist Name |
string |
128 |
emailsndr |
Email Sender |
string |
64 |
emailrcvr |
Email Receiver |
string |
128 |
cloneidx |
Virtual Machine Clone Index |
uint32 |
32 |
jobcount |
Job Count |
uint32 |
32 |
device |
FortiGate or other device name |
string |
16 |
dbid |
DB Identifier |
uint32 |
32 |
|
|
string |
128 |
etime |
Finish Timestamp |
uint32 |
32 |
rptfmt |
Report Format |
string |
16 |
harole |
HA Cluster Role Name |
string |
16 |
hostname |
Hostname |
string |
128 |
index |
Index |
uint32 |
32 |
ip |
IPv4 or IPv6 Address |
string |
45 |
jobtype |
Job Type |
string |
64 |
snmpoid |
SNMP Object ID |
string |
128 |
officekt |
Office key type |
string |
32 |
os |
OS Name |
string |
128 |
filepath |
File Path |
string |
1024 |
pid |
Process ID |
uint32 |
32 |
pidstatus |
Process Status |
uint32 |
32 |
port |
Interface Port |
string |
8 |
quarantine |
Network Share Quarantine |
string |
128 |
rpttype |
Report Type |
string |
8 |
retcode |
Report return code |
uint32 |
32 |
serial |
Serial Number |
string |
16 |
from |
Access From |
string |
32 |
sha1 |
SHA1 Checksum |
string |
41 |
subject |
Email Subject |
string |
128 |
sharename |
Network Share Name |
string |
256 |
sid |
Job Submission ID |
string |
16 |
sizebin |
Size of Binary |
uint32 |
32 |
sizeconf |
Size of Configuration |
uint32 |
32 |
snmpaction |
SNMP Action |
string |
128 |
stime |
Start Timestamp |
uint64 |
64 |
susr |
Source User Name |
string |
64 |
urlcat |
URL Category |
string |
64 |
version |
Version |
string |
16 |
vmname |
Virtual Machine Name |
string |
64 |
vmkey |
Virtual Machine Key |
string |
16 |
whitelist |
Whitelist Name |
string |
128 |
cip |
Source IP |
string |
45 |
cport |
Source Port |
string |
8 |
sip |
Destination IP |
string |
45 |
sport |
Destination Port |
string |
8 |
service |
Service |
string |
32 |
ftype |
File Type |
string |
64 |
rsrc |
Submit Source |
string |
16 |
fcuid |
FortiClient UID |
string |
32 |
unauthuser |
Unauthorized User |
string |
66 |
unauthusersource |
Unauthorized User Source |
string |
66 |
xforwarded |
X-FORWARDED-FOR |
string |
128 |
trueclient |
True Client IP |
string |
40 |
session_id |
Email Session ID |
string |
64 |
mcate |
Malware category |
string |
256 |
http_host |
http hostname |
string |
256 |
PERFORMANCE
Log Field Name |
Description |
Data Type |
---|---|---|
pfdur |
Performance Data Collecting Duration |
|
pfendtm |
Performance Data Collecting End Time |
|
pftjob |
Total Scanned Jobs |
uint32 |
pftexe |
Total EXE Jobs |
uint32 |
pftpdf |
Total PDF Jobs |
uint32 |
pftoffice |
Total Office Jobs |
uint32 |
pftflash |
Total Flash Jobs |
|
pftweb |
Total Web Jobs |
uint32 |
pftarch |
Total Compressed Jobs |
uint32 |
pftandroid |
Total Android Jobs |
uint32 |
pftmac |
Total Mac Jobs |
uint32 |
pftlinux |
Total Linux Jobs |
uint32 |
pfturl |
Total URL Jobs |
uint32 |
pftuser |
Total User defined Jobs |
uint32 |
pfvjob |
Total VM Scanned Jobs |
uint32 |
pfvexe |
VM EXE Jobs |
uint32 |
pfvpdf |
VM PDF Jobs |
uint32 |
pfvoffice |
VM Office Jobs |
uint32 |
pfvflash |
VM Flash Jobs |
uint32 |
pfvweb |
VM Web Jobs |
uint32 |
pfvarch |
VM Compressed Jobs |
uint32 |
pfvandroid |
VM Android Jobs |
uint32 |
pfvmac |
VM Mac Jobs |
uint32 |
pfvlinux |
VM Linux Jobs |
uint32 |
pfvurl |
VM URL Jobs |
uint32 |
pfvuser |
VM User defined Jobs |
uint32 |
pfavgscantm |
Average Scan Time |
uint32 |
pfmedianscantm |
Median Scan Time |
uint32 |
pfmaxscantm |
Max Scan Time |
uint32 |
pfavgvmscantm |
VM Scan Time |
uint32 |
Pfmedianvmscantm |
Median VM Scan Time |
uint32 |
pfmaxvmscantm |
Max VM Scan Time |
uint32 |
pfavgwait |
Average Wait Time |
uint32 |
pfmedianwait |
Median Wait Time |
uint32 |
pfmaxwait |
Max Wait Time |
uint32 |
pfavgvmwait |
Average VM Wait Time |
uint32 |
pfmedianvmwait |
Median VM Wait Time |
uint32 |
pfmaxvmwait |
Max VM Wait Time |
uint32 |
pf0dayfile |
0Day File |
uint32 |
pf0dayurl |
0Day URL File |
uint32 |
pfmalfile |
Malicious File |
uint32 |
pfmalurl |
Malicious URL File |
uint32 |
pfai |
AI Detected File |
uint32 |
pfurl |
Suspicious URL |
uint32 |
RESOURCE
Field Name |
Description |
Data Type |
---|---|---|
cpu |
CPU Usage |
uint8 |
mem |
Memory Usage |
uint8 |
disk |
HDD Disk Usage |
uint8 |
ramdisk |
Ram Disk Usage |
uint8 |
vmdisk |
VM Disk Usage |
uint8 |
snifferbw |
Sniffer Port Speed |
uint64 |
pending |
Pending Jobs |
uint32 |
REPORT
Log Field Name |
Description |
Data Type |
Length |
---|---|---|---|
rpttype |
report type |
enum |
16 |
rptfmt |
report format |
enum |
16 |
etime |
finish timestamp |
uint32 |
|
stime |
start timestamp |
uint32 |
|
fname |
file name |
string |
1024 |
retcode |
report return code |
int32 |
|