Log types and subtypes

Log types each have a SQL table that can be specified when creating datasets. The available log types are visible when selecting the Log Type for the dataset.

Log types also include log subtypes, which are types of log messages that are within the main log type. For more information on log types and subtypes, see the FortiAnalyzer and FortiGate Log Message Reference guides on the Fortinet Document Library.

If you are combining data from multiple log types in a custom dataset, you must use the appropriate type name(s) in the SQL statement.

Log types available in FortiAnalyzer datasets

Device type	Log type	Name in SQL
FortiGate	Application Control	$log-app-ctrl
	Intrusion Prevention	$log-attack
	Content	$log-content
	Data Leak Prevention	$log-dlp
	DNS	$log-dns
	Email Filter	$log-emailfilter
	Event	$log-event
	File Filter	$log-file-filter
	GTP	$log-gtp
	Vulnerability Scan	$log-netscan
	Protocol	$log-protocol
	SSH	$log-ssh
	SSL	$log-ssl
	Traffic	$log-traffic
	Antivirus	$log-virus
	VoIP	$log-voip
	Web Application Firewall	$log-waf
	Web Filter	$log-webfilter
	Local Event	$log-local-event
FortiMail	Email Filter	$log-emailfilter
	Event	$log-event
	History	$log-history
	Antivirus	$log-virus
FortiAnalyzer	Application Control	$log-appevent
FortiAnalyzer	Event	$log-event
FortiWeb	Attack	$log-attack
	Event	$log-event
	Traffic	$log-traffic
FortiCache	Application Control	$log-app-ctrl
	Intrusion Prevention	$log-ips
	Content	$log-content
	Data Leak Prevention	$log-dlp
	Event	$log-event
	Vulnerability Scan	$log-netscan
	Traffic	$log-traffic
	Antivirus	$log-virus
	VoIP	$log-voip
	Web Filter	$log-webfilter
FortiClient	FortiClient System Event	$log-fct-event
	FortiClient Security Event	$log-fct-netscan
	FortiClient Traffic	$log-fct-traffic
Syslog	Syslog
FortiManager	Application Control	$log-appevent
FortiManager	Event	$log-event
FortiSandbox	Event	$log-event
	Vulnerability Scan	$log-netscan
	Antivirus	$log-virus
FortiDDoS	Intrusion Prevention	$log-ips
FortiDDoS	Event	$log-event
FortiAuthenticator	Event	$log-event
FortiProxy	Application Control	$log-app-ctrl
	Intrusion Prevention	$log-ips
	Data Leak Prevention	$log-dlp
	DNS	$log-dns
	Email Filter	$log-emailfilter
	Event	$log-event
	File Filter	$log-file-filter
	Protocol	$log-protocol
	SSH	$log-ssh
	SSL	$log-ssl
	Traffic	$log-traffic
	Antivirus	$log-virus
	VoIP	$log-voip
	Web Application Firewall	$log-waf
	Web Filter	$log-webfilter
FortiNAC	Asset	$log-asset
FortiNAC	Event	$log-event
FortiFirewall	DNS	$log-dns
	Event	$log-event
	File Filter	$log-file-filter
	GTP	$log-gtp
	SSH	$log-ssh
	SSL	$log-ssl
	Traffic	$log-traffic
FortiSOAR	Event	$log-event
FortiADC	Intrusion Prevention	$log-ips
	Event	$log-event
	Traffic	$log-traffic
FortiDeceptor	Event	$log-event
FortiNDR	Attack	$log-attack
	Event	$log-event
	NDR	$log-netscan
FortiIsolator	Event	$log-event
FortiIsolator	Traffic	$log-traffic
FortiEDR	Event	$log-event
FortiPAM	Data Leak Prevention	$log-dlp
	Event	$log-event
	Protocol	$log-protocol
	Secret	$log-security
	SSH	$log-ssh
	Traffic	$log-traffic
	Antivirus	$log-virus
FortiCASB	Data Leak Prevention	$log-dlp
FortiToken	Event	$log-event
Fabric	Normalized

Log types and subtypes

Log types each have a SQL table that can be specified when creating datasets. The available log types are visible when selecting the Log Type for the dataset.

If you are combining data from multiple log types in a custom dataset, you must use the appropriate type name(s) in the SQL statement.

Log types available in FortiAnalyzer datasets

Device type	Log type	Name in SQL
FortiGate	Application Control	$log-app-ctrl
	Intrusion Prevention	$log-attack
	Content	$log-content
	Data Leak Prevention	$log-dlp
	DNS	$log-dns
	Email Filter	$log-emailfilter
	Event	$log-event
	File Filter	$log-file-filter
	GTP	$log-gtp
	Vulnerability Scan	$log-netscan
	Protocol	$log-protocol
	SSH	$log-ssh
	SSL	$log-ssl
	Traffic	$log-traffic
	Antivirus	$log-virus
	VoIP	$log-voip
	Web Application Firewall	$log-waf
	Web Filter	$log-webfilter
	Local Event	$log-local-event
FortiMail	Email Filter	$log-emailfilter
	Event	$log-event
	History	$log-history
	Antivirus	$log-virus
FortiAnalyzer	Application Control	$log-appevent
FortiAnalyzer	Event	$log-event
FortiWeb	Attack	$log-attack
	Event	$log-event
	Traffic	$log-traffic
FortiCache	Application Control	$log-app-ctrl
	Intrusion Prevention	$log-ips
	Content	$log-content
	Data Leak Prevention	$log-dlp
	Event	$log-event
	Vulnerability Scan	$log-netscan
	Traffic	$log-traffic
	Antivirus	$log-virus
	VoIP	$log-voip
	Web Filter	$log-webfilter
FortiClient	FortiClient System Event	$log-fct-event
	FortiClient Security Event	$log-fct-netscan
	FortiClient Traffic	$log-fct-traffic
Syslog	Syslog
FortiManager	Application Control	$log-appevent
FortiManager	Event	$log-event
FortiSandbox	Event	$log-event
	Vulnerability Scan	$log-netscan
	Antivirus	$log-virus
FortiDDoS	Intrusion Prevention	$log-ips
FortiDDoS	Event	$log-event
FortiAuthenticator	Event	$log-event
FortiProxy	Application Control	$log-app-ctrl
	Intrusion Prevention	$log-ips
	Data Leak Prevention	$log-dlp
	DNS	$log-dns
	Email Filter	$log-emailfilter
	Event	$log-event
	File Filter	$log-file-filter
	Protocol	$log-protocol
	SSH	$log-ssh
	SSL	$log-ssl
	Traffic	$log-traffic
	Antivirus	$log-virus
	VoIP	$log-voip
	Web Application Firewall	$log-waf
	Web Filter	$log-webfilter
FortiNAC	Asset	$log-asset
FortiNAC	Event	$log-event
FortiFirewall	DNS	$log-dns
	Event	$log-event
	File Filter	$log-file-filter
	GTP	$log-gtp
	SSH	$log-ssh
	SSL	$log-ssl
	Traffic	$log-traffic
FortiSOAR	Event	$log-event
FortiADC	Intrusion Prevention	$log-ips
	Event	$log-event
	Traffic	$log-traffic
FortiDeceptor	Event	$log-event
FortiNDR	Attack	$log-attack
	Event	$log-event
	NDR	$log-netscan
FortiIsolator	Event	$log-event
FortiIsolator	Traffic	$log-traffic
FortiEDR	Event	$log-event
FortiPAM	Data Leak Prevention	$log-dlp
	Event	$log-event
	Protocol	$log-protocol
	Secret	$log-security
	SSH	$log-ssh
	Traffic	$log-traffic
	Antivirus	$log-virus
FortiCASB	Data Leak Prevention	$log-dlp
FortiToken	Event	$log-event
Fabric	Normalized

Secure Networking

Hybrid Mesh Firewall

NOC Management

LAN

WAN

Unified SASE

Single Vendor SASE

Cloud Network Security

Secure Endpoint Connectivity

Web Application / API Protection

Security Operations

Security Operations Automation

Identity

Early Detection & Prevention

Secure Networking

Hybrid Mesh Firewall

NOC Management

LAN

WAN

Communication & Surveillance

Unified SASE

Single Vendor SASE

Secure Endpoint Connectivity

Cloud Network Security

Cloud-Native Security

Web Application / API Protection

Security Operations

Security Operations Automation

Endpoint

Data Protection

Identity

Email

Early Detection & Prevention

Expert Services

Edge Firewall

Orchestration & management

SD Branch

Application Delivery

Single Vendor SASE

Secure Endpoint Connectivity

Secure Private Access

Thin Edge

Identity

Application Gateway

Enterprise Asset Management

Endpoint Agent

Agentless Security Posture

Identity

Wireless

Switching

Identity

Privilege Acccess Management

Next Generation Firewall

Orchestration & management

Expert Services

Web Application / API Protection

All

All

Account Management

SAAS Management

SAAS Application Security

Managed Services

Platform as a service (PAAS)

Other SAAS Services

4D Pillars

Cloud

Popular Solutions

All Products

SQL Query Documentation

Log types and subtypes