Event
SYSTEM
|
Log Field Name |
Description |
Data Type |
Length |
|---|---|---|---|
|
date |
Date If the log server If In both cases, the |
string |
16 |
|
time |
Time If the log server If In both cases, the |
string |
16 |
|
tz |
time zone abbreviation. e.g. PST, PDT |
string |
8 |
|
user |
User Name |
string |
64 |
|
ui |
User Interface |
string |
128 |
|
action |
Action |
string |
64 |
|
status |
Status |
string |
16 |
|
error |
Error Message |
string |
128 |
|
reason |
Reason |
string |
128 |
|
letype |
sub of subcategory |
uint8 |
8 |
|
admin |
Admin User Name |
string |
128 |
|
blacklist |
Blacklist Name |
string |
128 |
|
emailsndr |
Email Sender |
string |
64 |
|
emailrcvr |
Email Receiver |
string |
128 |
|
cloneidx |
Virtual Machine Clone Index |
uint32 |
32 |
|
jobcount |
Job Count |
uint32 |
32 |
|
device |
FortiGate or other device name |
string |
16 |
|
dbid |
DB Identifier |
uint32 |
32 |
|
|
|
string |
128 |
|
etime |
Finish Timestamp |
uint32 |
32 |
|
rptfmt |
Report Format |
string |
16 |
|
harole |
HA Cluster Role Name |
string |
16 |
|
hostname |
Hostname |
string |
128 |
|
index |
Index |
uint32 |
32 |
|
ip |
IPv4 or IPv6 Address |
string |
45 |
|
jobtype |
Job Type |
string |
64 |
|
snmpoid |
SNMP Object ID |
string |
128 |
|
officekt |
Office key type |
string |
32 |
|
os |
OS Name |
string |
128 |
|
filepath |
File Path |
string |
1024 |
|
pid |
Process ID |
uint32 |
32 |
|
pidstatus |
Process Status |
uint32 |
32 |
|
port |
Interface Port |
string |
8 |
|
quarantine |
Network Share Quarantine |
string |
128 |
|
rpttype |
Report Type |
string |
8 |
|
retcode |
Report return code |
uint32 |
32 |
|
serial |
Serial Number |
string |
16 |
|
from |
Access From |
string |
32 |
|
sha1 |
SHA1 Checksum |
string |
41 |
|
subject |
Email Subject |
string |
128 |
|
sharename |
Network Share Name |
string |
256 |
|
sid |
Job Submission ID |
string |
16 |
|
sizebin |
Size of Binary |
uint32 |
32 |
|
sizeconf |
Size of Configuration |
uint32 |
32 |
|
snmpaction |
SNMP Action |
string |
128 |
|
stime |
Start Timestamp |
uint64 |
64 |
|
susr |
Source User Name |
string |
64 |
|
urlcat |
URL Category |
string |
64 |
|
version |
Version |
string |
16 |
|
vmname |
Virtual Machine Name |
string |
64 |
|
vmkey |
Virtual Machine Key |
string |
16 |
|
whitelist |
Whitelist Name |
string |
128 |
|
cip |
Source IP |
string |
45 |
|
cport |
Source Port |
string |
8 |
|
sip |
Destination IP |
string |
45 |
|
sport |
Destination Port |
string |
8 |
|
service |
Service |
string |
32 |
|
ftype |
File Type |
string |
64 |
|
rsrc |
Submit Source |
string |
16 |
|
fcuid |
FortiClient UID |
string |
32 |
|
unauthuser |
Unauthorized User |
string |
66 |
|
unauthusersource |
Unauthorized User Source |
string |
66 |
|
xforwarded |
X-FORWARDED-FOR |
string |
128 |
|
trueclient |
True Client IP |
string |
40 |
|
session_id |
Email Session ID |
string |
64 |
|
mcate |
Malware category |
string |
256 |
|
http_host |
http hostname |
string |
256 |
PERFORMANCE
|
Log Field Name |
Description |
Data Type |
|---|---|---|
|
pfdur |
Performance Data Collecting Duration |
|
|
pfendtm |
Performance Data Collecting End Time |
|
|
pftjob |
Total Scanned Jobs |
uint32 |
|
pftexe |
Total EXE Jobs |
uint32 |
|
pftpdf |
Total PDF Jobs |
uint32 |
|
pftoffice |
Total Office Jobs |
uint32 |
|
pftflash |
Total Flash Jobs |
|
|
pftweb |
Total Web Jobs |
uint32 |
|
pftarch |
Total Compressed Jobs |
uint32 |
|
pftandroid |
Total Android Jobs |
uint32 |
|
pftmac |
Total Mac Jobs |
uint32 |
|
pftlinux |
Total Linux Jobs |
uint32 |
|
pfturl |
Total URL Jobs |
uint32 |
|
pftuser |
Total User defined Jobs |
uint32 |
|
pfvjob |
Total VM Scanned Jobs |
uint32 |
|
pfvexe |
VM EXE Jobs |
uint32 |
|
pfvpdf |
VM PDF Jobs |
uint32 |
|
pfvoffice |
VM Office Jobs |
uint32 |
|
pfvflash |
VM Flash Jobs |
uint32 |
|
pfvweb |
VM Web Jobs |
uint32 |
|
pfvarch |
VM Compressed Jobs |
uint32 |
|
pfvandroid |
VM Android Jobs |
uint32 |
|
pfvmac |
VM Mac Jobs |
uint32 |
|
pfvlinux |
VM Linux Jobs |
uint32 |
|
pfvurl |
VM URL Jobs |
uint32 |
|
pfvuser |
VM User defined Jobs |
uint32 |
|
pfavgscantm |
Average Scan Time |
uint32 |
|
pfmedianscantm |
Median Scan Time |
uint32 |
|
pfmaxscantm |
Max Scan Time |
uint32 |
|
pfavgvmscantm |
VM Scan Time |
uint32 |
|
Pfmedianvmscantm |
Median VM Scan Time |
uint32 |
|
pfmaxvmscantm |
Max VM Scan Time |
uint32 |
|
pfavgwait |
Average Wait Time |
uint32 |
|
pfmedianwait |
Median Wait Time |
uint32 |
|
pfmaxwait |
Max Wait Time |
uint32 |
|
pfavgvmwait |
Average VM Wait Time |
uint32 |
|
pfmedianvmwait |
Median VM Wait Time |
uint32 |
|
pfmaxvmwait |
Max VM Wait Time |
uint32 |
|
pf0dayfile |
0Day File |
uint32 |
|
pf0dayurl |
0Day URL File |
uint32 |
|
pfmalfile |
Malicious File |
uint32 |
|
pfmalurl |
Malicious URL File |
uint32 |
|
pfai |
AI Detected File |
uint32 |
|
pfurl |
Suspicious URL |
uint32 |
RESOURCE
|
Field Name |
Description |
Data Type |
|---|---|---|
|
cpu |
CPU Usage |
uint8 |
|
mem |
Memory Usage |
uint8 |
|
disk |
HDD Disk Usage |
uint8 |
|
ramdisk |
Ram Disk Usage |
uint8 |
|
vmdisk |
VM Disk Usage |
uint8 |
|
snifferbw |
Sniffer Port Speed |
uint64 |
|
pending |
Pending Jobs |
uint32 |
REPORT
|
Log Field Name |
Description |
Data Type |
Length |
|---|---|---|---|
|
rpttype |
report type |
enum |
16 |
|
rptfmt |
report format |
enum |
16 |
|
etime |
finish timestamp |
uint32 |
|
|
stime |
start timestamp |
uint32 |
|
|
fname |
file name |
string |
1024 |
|
retcode |
report return code |
int32 |
|