AntiVirus |
0x00017912 |
Warning |
action=<clean|ignored|warning|accessdenied|quarantined|quarantinefailed|deleted|deletefailed|repaired|repairfailed>
file=<infected file name> filesize=<infected file size>
checksum=<infected file CRC checksum> virus=<virus name>
sigid=<signature id of the virus> from=<sender>
to=<receiver> service=<network protocol> vpn=<vpn tunnel
name> user=<logged on user> msg=Found virus by [AntiVirus
scan|AntiVirus realtime protection] in [filesystem|disk|email] |
This message is logged when a virus
is found. |
AntiVirus |
0x00017929 |
Info |
action=<clean|ignored|warning|accessdenied|quarantined|quarantinefailed|deleted|deletefailed|repaired|repairfailed>
file=<infected file name> filesize=<infected file size>
checksum=<infected file CRC checksum> virus=<virus name>
sigid=<signature id of the virus> from=<sender>
to=<receiver> service=<network protocol> vpn=<vpn tunnel
name> user=<logged on user> msg=An attempt to delete a quarantined
file failed (<file path>). |
An attempt to delete a quarantined
file failed. |
AntiVirus |
0x00017928 |
Info |
action=<clean|ignored|warning|accessdenied|quarantined|quarantinefailed|deleted|deletefailed|repaired|repairfailed>
file=<infected file name> filesize=<infected file size>
checksum=<infected file CRC checksum> virus=<virus name>
sigid=<signature id of the virus> from=<sender>
to=<receiver> service=<network protocol> vpn=<vpn tunnel
name> user=<logged on user> msg=A quarantined file was deleted
(<file path>). |
A quarantined file was deleted. |
AntiVirus |
0x00017927 |
Info |
action=<clean|ignored|warning|accessdenied|quarantined|quarantinefailed|deleted|deletefailed|repaired|repairfailed>
file=<infected file name> filesize=<infected file size>
checksum=<infected file CRC checksum> virus=<virus name>
sigid=<signature id of the virus> from=<sender>
to=<receiver> service=<network protocol> vpn=<vpn tunnel
name> user=<logged on user> msg=A quarantined file was restored
(<file path>). |
A quarantined file was restored. |
AntiVirus |
0x00017926 |
Error |
action=<clean|ignored|warning|accessdenied|quarantined|quarantinefailed|deleted|deletefailed|repaired|repairfailed>
file=<infected file name> filesize=<infected file size>
checksum=<infected file CRC checksum> virus=<virus name>
sigid=<signature id of the virus> from=<sender>
to=<receiver> service=<network protocol> vpn=<vpn tunnel
name> user=<logged on user> msg=Failed to restore quarantined file
to (<file path>) error=<error code>. |
Attempting to restore quarantined
file failed. |
AntiVirus |
0x0001791f |
Error |
action=<clean|ignored|warning|accessdenied|quarantined|quarantinefailed|deleted|deletefailed|repaired|repairfailed>
file=<infected file name> filesize=<infected file size>
checksum=<infected file CRC checksum> virus=<virus name>
sigid=<signature id of the virus> from=<sender>
to=<receiver> service=<network protocol> vpn=<vpn tunnel
name> user=<logged on user> msg=Scheduled scan failed:Path to file/folder no longer exists. |
Path not found. |
|
AntiVirus |
0x0001791c |
Info |
action=<clean|ignored|warning|accessdenied|quarantined|quarantinefailed|deleted|deletefailed|repaired|repairfailed>
file=<infected file name> filesize=<infected file size>
checksum=<infected file CRC checksum> virus=<virus name>
sigid=<signature id of the virus> from=<sender>
to=<receiver> service=<network protocol> vpn=<vpn tunnel
name> user=<logged on user> msg=Cannot start scan task |
License expired. |
AntiVirus |
0x0001791b |
Warning |
action=<clean|ignored|warning|accessdenied|quarantined|quarantinefailed|deleted|deletefailed|repaired|repairfailed>
file=<infected file name> filesize=<infected file size>
checksum=<infected file CRC checksum> virus=<virus name>
sigid=<signature id of the virus> from=<sender>
to=<receiver> service=<network protocol> vpn=<vpn tunnel
name> user=<logged on user> msg=av_task killed suspicious process :
<filename or process name> |
<filename or process name> is
a suspicious process and has been terminated. |
AntiVirus |
0x0001791a |
Info |
action=<clean|ignored|warning|accessdenied|quarantined|quarantinefailed|deleted|deletefailed|repaired|repairfailed>
file=<infected file name> filesize=<infected file size>
checksum=<infected file CRC checksum> virus=<virus name>
sigid=<signature id of the virus> from=<sender>
to=<receiver> service=<network protocol> vpn=<vpn tunnel
name> user=<logged on user> msg=av_task scan thread is resumed |
This message when AV scanning is
resumed. |
AntiVirus |
0x00017920 |
Warning |
action=<clean|ignored|warning|accessdenied|quarantined|quarantinefailed|deleted|deletefailed|repaired|repairfailed>
file=<infected file name> filesize=<infected file size>
checksum=<infected file CRC checksum> virus=<virus name>
sigid=<signature id of the virus> from=<sender>
to=<receiver> service=<network protocol> vpn=<vpn tunnel
name> user=<logged on user> msg=AntiVirus scan was stopped by a user
before it finished. |
The user specified stopped an
AntiVirus scan |
AntiVirus |
0x0001791e |
Info |
action=<clean|ignored|warning|accessdenied|quarantined|quarantinefailed|deleted|deletefailed|repaired|repairfailed>
file=<infected file name> filesize=<infected file size>
checksum=<infected file CRC checksum> virus=<virus name>
sigid=<signature id of the virus> from=<sender>
to=<receiver> service=<network protocol> vpn=<vpn tunnel
name> user=<logged on user> msg=av_task scan is stopped |
This message is logged if AV
scanning is stopped. |
AntiVirus |
0x0001791d |
Info |
action=<clean|ignored|warning|accessdenied|quarantined|quarantinefailed|deleted|deletefailed|repaired|repairfailed>
file=<infected file name> filesize=<infected file size>
checksum=<infected file CRC checksum> virus=<virus name>
sigid=<signature id of the virus> from=<sender>
to=<receiver> service=<network protocol> vpn=<vpn tunnel
name> user=<logged on user> msg=av_task scan is started |
This message is logged if AV
scanning is started. |
AntiVirus |
0x00017918 |
Warning |
action=<clean|ignored|warning|accessdenied|quarantined|quarantinefailed|deleted|deletefailed|repaired|repairfailed>
file=<infected file name> filesize=<infected file size>
checksum=<infected file CRC checksum> virus=<virus name>
sigid=<signature id of the virus> from=<sender>
to=<receiver> service=<network protocol> vpn=<vpn tunnel
name> user=<logged on user> msg=AntiVirus realtime protection killed
malware process : [process name] |
A malware process killed a malware
process. |
AntiVirus |
0x00017917 |
Info |
action=<clean|ignored|warning|accessdenied|quarantined|quarantinefailed|deleted|deletefailed|repaired|repairfailed>
file=<infected file name> filesize=<infected file size>
checksum=<infected file CRC checksum> virus=<virus name>
sigid=<signature id of the virus> from=<sender>
to=<receiver> service=<network protocol> vpn=<vpn tunnel
name> user=<logged on user> msg=Communication error |
[detailed info] |
err=[error_code] Communication
error with other modules |
AntiVirus |
0x00017916 |
Warning |
action=<clean|ignored|warning|accessdenied|quarantined|quarantinefailed|deleted|deletefailed|repaired|repairfailed>
file=<infected file name> filesize=<infected file size>
checksum=<infected file CRC checksum> virus=<virus name>
sigid=<signature id of the virus> from=<sender>
to=<receiver> service=<network protocol> vpn=<vpn tunnel
name> user=<logged on user> msg=User disabled Realtime AntiVirus
protection |
Logged when someone disables
Realtime AntiVirus. |
AntiVirus |
0x00017915 |
Info |
action=<clean|ignored|warning|accessdenied|quarantined|quarantinefailed|deleted|deletefailed|repaired|repairfailed>
file=<infected file name> filesize=<infected file size>
checksum=<infected file CRC checksum> virus=<virus name>
sigid=<signature id of the virus> from=<sender>
to=<receiver> service=<network protocol> vpn=<vpn tunnel
name> user=<logged on user> msg=User enabled Realtime AntiVirus
protection |
Logged when someone enables Realtime
AntiVirus. |
AntiVirus |
0x00017914 |
Warning |
action=<clean|ignored|warning|accessdenied|quarantined|quarantinefailed|deleted|deletefailed|repaired|repairfailed>
file=<infected file name> filesize=<infected file size>
checksum=<infected file CRC checksum> virus=<virus name>
sigid=<signature id of the virus> from=<sender>
to=<receiver> service=<network protocol> vpn=<vpn tunnel
name> user=<logged on user> msg=Found suspicious by [AntiVirus
scan|AntiVirus realtime protection] in [filesystem|disk|email] |
This message is logged when a
suspicious is found. |
AntiVirus |
0x00017913 |
Warning |
action=<clean|ignored|warning|accessdenied|quarantined|quarantinefailed|deleted|deletefailed|repaired|repairfailed>
file=<infected file name> filesize=<infected file size>
checksum=<infected file CRC checksum> virus=<virus name>
sigid=<signature id of the virus> from=<sender>
to=<receiver> service=<network protocol> vpn=<vpn tunnel
name> user=<logged on user> msg=Found malware by [AntiVirus
scan|AntiVirus realtime protection] in [filesystem|email] |
This message is logged when a
malware is found. |
AntiVirus |
0x00017919 |
Info |
action=<clean|ignored|warning|accessdenied|quarantined|quarantinefailed|deleted|deletefailed|repaired|repairfailed>
file=<infected file name> filesize=<infected file size>
checksum=<infected file CRC checksum> virus=<virus name>
sigid=<signature id of the virus> from=<sender>
to=<receiver> service=<network protocol> vpn=<vpn tunnel
name> user=<logged on user> msg=av_task scan thread is suspended |
This message is logged if AV
scanning is paused. |
Application Database |
0x0000d00b |
Error |
<context> <file reference> Unable to extract vendor id. |
The files is not digitally signed |
or the signature cannot be read.
<context> is the service that generated the log. <file reference>
is optional and describes the file was being accessed when the log was
generated. |
Application Database |
0x0000d00e |
Error |
<context> <file reference> Can't access file because of
sharing violation. |
Can't access file because of sharing
violation. <context> is the service that generated the log. <file
reference> is optional and describes the file was being accessed when the
log was generated. |
Application Database |
0x0000d01a |
Error |
<context> <file reference> Invalid arguments. |
Invalid command line options
supplied. <context> is the service that generated the log. <file
reference> is optional and describes the file was being accessed when the
log was generated. |
Application Database |
0x0000d019 |
Error |
<context> <file reference> Unable to bypass fortishield. |
Failed to bypass self-protection.
The daemon might not function normally after this. <context> is the
service that generated the log. <file reference> is optional and
describes the file was being accessed when the log was generated. |
Application Database |
0x0000d011 |
Error |
<context> <file reference> Driver io error. |
APD driver io error. <context>
is the service that generated the log. <file reference> is optional and
describes the file was being accessed when the log was generated. |
Application Database |
0x0000d017 |
Error |
<context> <file reference> Pipe server initialization error. |
A communication initialization error
occurred. It is probably temporary. <context> is the service that
generated the log. <file reference> is optional and describes the file
was being accessed when the log was generated. |
Application Database |
0x0000d016 |
Error |
<context> <file reference> Server-side pipe error. |
A communication error occurred. It
is probably temporary. <context> is the service that generated the log.
<file reference> is optional and describes the file was being accessed
when the log was generated. |
Application Database |
0x0000d00a |
Error |
<context> <file reference> Can't open file. |
The file cannot be opened.
<context> is the service that generated the log. <file reference>
is optional and describes the file was being accessed when the log was
generated. |
Application Database |
0x0000d018 |
Error |
<context> <file reference> Pipe server creation error. |
A communication initialization error
occurred. It is probably temporary. <context> is the service that
generated the log. <file reference> is optional and describes the file
was being accessed when the log was generated. |
Application Database |
0x0000d008 |
Error |
<context> <file reference> db error - row not found. |
The requested row does not exist.
<context> is the service that generated the log. <file reference>
is optional and describes the file was being accessed when the log was
generated. |
Application Database |
0x0000d003 |
Error |
<context> <file reference> db error - BIND command. |
A critical error occurred. The
application database will not work. <context> is the service that
generated the log. <file reference> is optional and describes the file
was being accessed when the log was generated. |
Application Database |
0x0000d006 |
Error |
<context> <file reference> db error - unable to find
fingerprint. |
The fingerprint does not exist in
the database. <context> is the service that generated the log. <file
reference> is optional and describes the file was being accessed when the
log was generated. |
Application Database |
0x0000d01c |
Error |
<context> <file reference> Unable to allocate memory for
vendor id cache. |
Low memory. <context> is the
service that generated the log. <file reference> is optional and
describes the file was being accessed when the log was generated. |
Application Database |
0x0000d01d |
Error |
<context> <file reference> Vendor id cache not initialized. |
This is probably temporary. An
attempt will be made later to read/write to the cache. <context> is the
service that generated the log. <file reference> is optional and
describes the file was being accessed when the log was generated. |
Application Database |
0x0000d01e |
Error |
<context> <file reference> Unable to open vendor id cache
shared memory. |
Application detection will not be
functioning normally. <context> is the service that generated the log.
<file reference> is optional and describes the file was being accessed
when the log was generated. |
Application Database |
0x0000d01f |
Error |
<context> <file reference> Unable to open mutex to access
vendor id shared memory. |
Application detection will not be
functioning normally. <context> is the service that generated the log.
<file reference> is optional and describes the file was being accessed
when the log was generated. |
Application Database |
0x0000d005 |
Error |
<context> <file reference> db error - preparing sql
statement. |
The sql statement used is invalid.
<context> is the service that generated the log. <file reference>
is optional and describes the file was being accessed when the log was
generated. |
Application Database |
0x0000d004 |
Error |
<context> <file reference> db error - opening database. |
A critical error occurred. The
application database is not present. An attempt to automatically regenerate
it will occur. <context> is the service that generated the log.
<file reference> is optional and describes the file was being accessed when
the log was generated. |
Application Database |
0x0000d010 |
Error |
<context> <file reference> Can't start driver. |
Can't start the apd driver.
<context> is the service that generated the log. <file reference>
is optional and describes the file was being accessed when the log was
generated. |
Application Database |
0x0000d001 |
Error |
<context> <file reference> db error - creating new database. |
A critical error occurred. The
application database will not work. <context> is the service that
generated the log. <file reference> is optional and describes the file
was being accessed when the log was generated. |
Application Database |
0x0000d007 |
Error |
<context> <file reference> db error - invalid md5. |
The parameter supplied is not an
MD5. <context> is the service that generated the log. <file
reference> is optional and describes the file was being accessed when the
log was generated. |
Application Database |
0x0000d00f |
Error |
<context> <file reference> Can't open driver. |
Can't open the apd driver.
<context> is the service that generated the log. <file reference>
is optional and describes the file was being accessed when the log was
generated. |
Application FireWall |
0x00017982 |
Info |
action=<action_id> app=<application name>
appid=<application id> apppath=<application location>
count=<counter of action> rule=<rule that applied> ruleid=<id
of rule> ruletype=<type of rule> cat=<category>
catid=<category id> policyname=<policy name> msg=User enabled
Firewall |
User enabled Firewall |
Application FireWall |
0x00017984 |
Warning |
action=<action_id> app=<application name>
appid=<application id> apppath=<application location>
count=<counter of action> rule=<rule that applied> ruleid=<id
of rule> ruletype=<type of rule> cat=<category>
catid=<category id> policyname=<policy name> msg=The Application
Firewall report was cleared |
Logged when someone clears the
application firewall report. |
Application FireWall |
0x00017983 |
Warning |
action=<action_id> app=<application name>
appid=<application id> apppath=<application location>
count=<counter of action> rule=<rule that applied> ruleid=<id
of rule> ruletype=<type of rule> cat=<category>
catid=<category id> policyname=<policy name> msg=User disabled
Firewall |
User disabled Firewall |
Application FireWall |
0x00017985 |
Warning |
action=<action_id> app=<application name>
appid=<application id> apppath=<application location>
count=<counter of action> rule=<rule that applied> ruleid=<id
of rule> ruletype=<type of rule> cat=<category>
catid=<category id> policyname=<policy name> msg=The application
firewall has been disabled because it's driver could not be loaded |
Logged when application firewall
driver could not be loaded with error 127 (The specified procedure could not
be found). |
Application FireWall |
0x00017981 |
Info |
action=<action_id>
app=<application name> appid=<application id>
apppath=<application location> count=<counter of action>
rule=<rule that applied> ruleid=<id of rule> ruletype=<type of
rule> cat=<category> catid=<category id> policyname=<policy
name> msg=Firewall action |
type=[num] protocol=[num] direction=[num]
source=[addr] destination=[addr] Firewall action |
Application FireWall |
0x00017980 |
Warning |
action=<action_id>
app=<application name> appid=<application id>
apppath=<application location> count=<counter of action>
rule=<rule that applied> ruleid=<id of rule> ruletype=<type of
rule> cat=<category> catid=<category id> policyname=<policy
name> msg=Firewall action |
type=[num] protocol=[num] direction=[num]
source=[addr] destination=[addr] Firewall action |
Config Import/Export |
0x00017a72 |
Info |
user=<logged on user> msg=Policy '[name]' was received and applied |
Logged when push configuration is
received. |
Config Import/Export |
0x00017a73 |
Info |
user=<logged on user> msg=Compliance rules '[name]' were received
and applied |
Logged when compliance rules are
received. |
Config Import/Export |
0x00017a5c |
Info |
user=<logged on user> msg=A configuration file is exported to
[location] |
Logged when someone exports a config
file. |
Config Import/Export |
0x00017a5d |
Info |
user=<logged on user> msg=A configuration file is imported from
[location] |
Logged when someone imports a config
file. |
EndPoint Control |
0x00017ab7 |
Info |
action=<register|authenticate|unregister>
actiontype=<auto|manual> user=<logged on user>
epmgmtst=<blocked|quarantined> eponlinest=<regonline|regoffline>
epplace=<onnet|offnet> epfeatures=<list of features installed>
epenfeatures=<list of features enabled> ephbduration=<time duration
in minutes that the client has been in the online state to FGT>
ephblast=<timestamp of last heartbeat to FGT> ephbemsduration=<time
duration in minutes that the client has been in the online state to EMS>
ephbemslast=<timestamp of last heartbeat to EMS> msg=Endpoint control
policy synchronization was enabled |
Logged when someone enables Endpoint
control policy synchronization. |
EndPoint Control |
0x00017abf |
Info |
This is a report of the current AV whitelist engine/signatures this
endpoint is using |
This is a report of the current AV
whitelist engine/signatures this endpoint is using |
EndPoint Control |
0x00017abe |
Info |
user=<logged on user> social_srvc=<social media service>
social_user=<social media user>social_email=<social media email>social_phone=<social media phone
number> msg=User social media information |
User social media information |
EndPoint Control |
0x00017abd |
Info |
action=<register|authenticate|unregister>
actiontype=<auto|manual> user=<logged on user>
epmgmtst=<blocked|quarantined> eponlinest=<regonline|regoffline>
epplace=<onnet|offnet> epfeatures=<list of features installed>
epenfeatures=<list of features enabled> ephbduration=<time duration
in minutes that the client has been in the online state to FGT>
ephblast=<timestamp of last heartbeat to FGT> ephbemsduration=<time
duration in minutes that the client has been in the online state to EMS>
ephbemslast=<timestamp of last heartbeat to EMS> msg=Endpoint Ext Log
to FAZ |
Endpoint Ext Log to FAZ |
EndPoint Control |
0x00017abc |
Info |
action=<register|authenticate|unregister>
actiontype=<auto|manual> user=<logged on user>
epmgmtst=<blocked|quarantined> eponlinest=<regonline|regoffline>
epplace=<onnet|offnet> epfeatures=<list of features installed>
epenfeatures=<list of features enabled> ephbduration=<time duration
in minutes that the client has been in the online state to FGT>
ephblast=<timestamp of last heartbeat to FGT> ephbemsduration=<time
duration in minutes that the client has been in the online state to EMS>
ephbemslast=<timestamp of last heartbeat to EMS> msg=Endpoint
Quarantine Status changed to [status] |
Endpoint Quarantine Status Changed |
EndPoint Control |
0x00017abb |
Info |
action=<register|authenticate|unregister>
actiontype=<auto|manual> user=<logged on user>
epmgmtst=<blocked|quarantined> eponlinest=<regonline|regoffline>
epplace=<onnet|offnet> epfeatures=<list of features installed>
epenfeatures=<list of features enabled> ephbduration=<time duration
in minutes that the client has been in the online state to FGT>
ephblast=<timestamp of last heartbeat to FGT> ephbemsduration=<time
duration in minutes that the client has been in the online state to EMS>
ephbemslast=<timestamp of last heartbeat to EMS> msg=Endpoint Control
Registration Status changed to [status] with FGT [serial] |
[address] and client ip [address] Endpoint
Control Registration Status Changed |
EndPoint Control |
0x00017aba |
Warning |
action=<register|authenticate|unregister>
actiontype=<auto|manual> user=<logged on user>
epmgmtst=<blocked|quarantined> eponlinest=<regonline|regoffline>
epplace=<onnet|offnet> epfeatures=<list of features installed>
epenfeatures=<list of features enabled> ephbduration=<time duration
in minutes that the client has been in the online state to FGT>
ephblast=<timestamp of last heartbeat to FGT> ephbemsduration=<time
duration in minutes that the client has been in the online state to EMS>
ephbemslast=<timestamp of last heartbeat to EMS> msg=OffNet
configuration version [version] doesn't match FortiGate configuration version
[version] |
OffNet configuration version doesn't
match FortiGate configuration version |
EndPoint Control |
0x00017ab8 |
Warning |
action=<register|authenticate|unregister>
actiontype=<auto|manual> user=<logged on user>
epmgmtst=<blocked|quarantined> eponlinest=<regonline|regoffline>
epplace=<onnet|offnet> epfeatures=<list of features installed>
epenfeatures=<list of features enabled> ephbduration=<time duration
in minutes that the client has been in the online state to FGT>
ephblast=<timestamp of last heartbeat to FGT> ephbemsduration=<time
duration in minutes that the client has been in the online state to EMS>
ephbemslast=<timestamp of last heartbeat to EMS> msg=Endpoint control
policy synchronization was disabled |
Logged when someone disables
Endpoint control policy synchronization. |
EndPoint Control |
0x00017ab6 |
Info |
action=<register|authenticate|unregister>
actiontype=<auto|manual> user=<logged on user>
epmgmtst=<blocked|quarantined> eponlinest=<regonline|regoffline>
epplace=<onnet|offnet> epfeatures=<list of features installed>
epenfeatures=<list of features enabled> ephbduration=<time duration
in minutes that the client has been in the online state to FGT>
ephblast=<timestamp of last heartbeat to FGT> ephbemsduration=<time
duration in minutes that the client has been in the online state to EMS>
ephbemslast=<timestamp of last heartbeat to EMS> msg=upload logs |
[state] Upload logs to registered FortiGate |
EndPoint Control |
0x00017ab9 |
Info |
action=<register|authenticate|unregister>
actiontype=<auto|manual> user=<logged on user>
epmgmtst=<blocked|quarantined> eponlinest=<regonline|regoffline>
epplace=<onnet|offnet> epfeatures=<list of features installed>
epenfeatures=<list of features enabled> ephbduration=<time duration
in minutes that the client has been in the online state to FGT>
ephblast=<timestamp of last heartbeat to FGT> ephbemsduration=<time
duration in minutes that the client has been in the online state to EMS>
ephbemslast=<timestamp of last heartbeat to EMS> msg=Endpoint Control
Status changed to [status] |
Endpoint Control Status Changed |
FortiProxy |
0x00017a48 |
Warning |
user=<logged on user> msg=Fortiproxy is disabled |
Fortiproxy is disabled |
FortiProxy |
0x00017a49 |
Info |
user=<logged on user> msg=Fortiproxy is enabled |
Fortiproxy is enabled |
FortiShield |
0x00017a52 |
Warning |
user=<logged on user> msg=FortiShield is disabled |
FortiShield is disabled |
FortiShield |
0x00017a55 |
Warning |
user=<logged on user> msg=The console was unlocked |
The console password was unlocked. |
FortiShield |
0x00017a56 |
Warning |
user=<logged on user> msg=The console password was removed |
The console password was removed. |
FortiShield |
0x00017a57 |
Warning |
user=<logged on user> msg=FortiShield blocked application:
[application path] from modifying: [file or registry path] |
FortiShield has prevented an
application from modifying a file or registry setting protected by
FortiClient. |
FortiShield |
0x00017a53 |
Info |
user=<logged on user> msg=FortiShield is enabled |
FortiShield is enabled |
FortiShield |
0x00017a54 |
Info |
user=<logged on user> msg=The console was locked |
The console password was locked. |
IKE VPN |
0x00017941 |
Info |
vpnstate=<connected|disconnected> vpntunnel=<tunnel name>
vpnuser=<vpn user> remotegw=<remote gateway> user=<logged on
user> msg=locip=<ip address> locport=<port number>
remip=<ip address> remport=<port number> outif=<interface>
vpntunnel=<tunnel name> status=negotiate_error msg=IKE phase1
authentication fail as the preshare key mismatch. |
IKE phase1 authentication fail as
the preshare key mismatch. |
IKE VPN |
0x0001793f |
Warning |
vpnstate=<connected|disconnected> vpntunnel=<tunnel name>
vpnuser=<vpn user> remotegw=<remote gateway> user=<logged on
user> msg=A required application is not running. |
VPN cannot connect because the
specified application is not running. |
IKE VPN |
0x0001793e |
Error |
vpnstate=<connected|disconnected> vpntunnel=<tunnel name>
vpnuser=<vpn user> remotegw=<remote gateway> user=<logged on
user> msg=VPN cannot connect because an authorization rule failed. |
Logged when a VPN authorization rule
failed. |
IKE VPN |
0x0001793d |
Info |
vpnstate=<connected|disconnected> vpntunnel=<tunnel name>
vpnuser=<vpn user> remotegw=<remote gateway> user=<logged on
user> msg=VPN before logon was disabled |
Logged when someone disables VPN
before logon. |
IKE VPN |
0x00017940 |
Info |
vpnstate=<connected|disconnected> vpntunnel=<tunnel name>
vpnuser=<vpn user> remotegw=<remote gateway> user=<logged on
user> msg=locip=<ip address> locport=<port number>
remip=<ip address> remport=<port number> outif=<interface>
vpntunnel=<tunnel name> status=negotiate_error msg=IKE phase1
authentication fail as peer's certificate is not verified. |
IKE phase1 authentication fail as
peer's certificate is not verified. |
IKE VPN |
0x0001793b |
Info |
vpnstate=<connected|disconnected>
vpntunnel=<tunnel name> vpnuser=<vpn user> remotegw=<remote
gateway> user=<logged on user> msg=locip=<ip address>
locport=<port number> remip=<ip address> remport=<port number>
outif=<interface> vpntunnel=<tunnel name> action=install_sa |
inspi=<inbound spi>
outspi=<outbound spi> <Initiator|Responder> tunnel <ip
address/ip address> install sa Send sa to the IPsec driver. |
IKE VPN |
0x0001793a |
Info |
vpnstate=<connected|disconnected> vpntunnel=<tunnel name>
vpnuser=<vpn user> remotegw=<remote gateway> user=<logged on
user> msg=VPN user choose disconnect the tunnel or no response |
The VPN user reject the banner
warning and disconnect the tunnel |
IKE VPN |
0x00017939 |
Info |
vpnstate=<connected|disconnected> vpntunnel=<tunnel name>
vpnuser=<vpn user> remotegw=<remote gateway> user=<logged on
user> msg=VPN user accept the banner and continue with the tunnel setup |
The VPN user accept the banner
warning |
IKE VPN |
0x00017930 |
Info |
vpnstate=<connected|disconnected> vpntunnel=<tunnel name>
vpnuser=<vpn user> remotegw=<remote gateway> user=<logged on
user> msg=VPN tunnel status |
VPN tunnel status |
|
IKE VPN |
0x0001793c |
Info |
vpnstate=<connected|disconnected> vpntunnel=<tunnel name>
vpnuser=<vpn user> remotegw=<remote gateway> user=<logged on
user> msg=VPN before logon was enabled |
Logged when someone enables VPN
before logon. |
IKE VPN |
0x00017936 |
Info |
vpnstate=<connected|disconnected>
vpntunnel=<tunnel name> vpnuser=<vpn user> remotegw=<remote
gateway> user=<logged on user> msg=negotiation information |
<detailed info> negotiation
information |
IKE VPN |
0x00017937 |
Error |
vpnstate=<connected|disconnected>
vpntunnel=<tunnel name> vpnuser=<vpn user> remotegw=<remote
gateway> user=<logged on user> msg=negotiation error |
<detailed error> negotiation error |
IKE VPN |
0x00017931 |
Warning |
vpnstate=<connected|disconnected>
vpntunnel=<tunnel name> vpnuser=<vpn user> remotegw=<remote
gateway> user=<logged on user> msg=locip=<ip address>
locport=<port number> remip=<ip address> remport=<port number>
outif=<interface> vpntunnel=<tunnel name> status=negotiate_error
msg=No response from the peer |
phase1 retransmit reaches maximum
count. No response from the peer |
phase1 retransmit reaches maximum
count. |
IKE VPN |
0x00017932 |
Warning |
vpnstate=<connected|disconnected>
vpntunnel=<tunnel name> vpnuser=<vpn user> remotegw=<remote
gateway> user=<logged on user> msg=locip=<ip address>
locport=<port number> remip=<ip address> remport=<port number>
outif=<interface> vpntunnel=<tunnel name> status=negotiate_error
msg=No response from the peer |
phase2 retransmit reaches maximum
count. No response from the peer |
phase2 retransmit reaches maximum
count. |
IKE VPN |
0x00017938 |
Error |
vpnstate=<connected|disconnected>
vpntunnel=<tunnel name> vpnuser=<vpn user> remotegw=<remote
gateway> user=<logged on user> msg=replayed packet detected (packet
dropped) |
<detailed error> replayed packet
detected (packet dropped). |
IKE VPN |
0x00017933 |
Warning |
vpnstate=<connected|disconnected> vpntunnel=<tunnel name>
vpnuser=<vpn user> remotegw=<remote gateway> user=<logged on
user> msg=locip=<ip address> locport=<port number>
remip=<ip address> remport=<port number> outif=<interface>
vpntunnel=<tunnel name> status=negotiate_error msg=Received delete
payload from peer check xauth password. |
Received delete payload from peer
check xauth password. |
IKE VPN |
0x00017934 |
Error |
vpnstate=<connected|disconnected> vpntunnel=<tunnel name>
vpnuser=<vpn user> remotegw=<remote gateway> user=<logged on
user> msg=locip=<ip address> locport=<port number>
remip=<ip address> remport=<port number> outif=<interface>
vpntunnel=<tunnel name> msg=Failed to acquire an IP address. |
Failed to acquire an IP address for
the virtual adapter. |
IKE VPN |
0x00017935 |
Error |
vpnstate=<connected|disconnected>
vpntunnel=<tunnel name> vpnuser=<vpn user> remotegw=<remote
gateway> user=<logged on user> msg=ike error |
<detailed error info> General error of
IKE |
IKE VPN |
0x00017942 |
Error |
vpnstate=<connected|disconnected> vpntunnel=<tunnel name>
vpnuser=<vpn user> remotegw=<remote gateway> user=<logged on
user> msg=VPN cannot connect because the computer failed a compliancy
test. |
Logged when a compliance test fails
when trying to connect a VPN tunnel. |
Scheduler |
0x00017a20 |
Info |
user=<logged on user> msg=Forcefully kill a child process fct
(process name) after grace period expires |
A scheduler owned child process failed to stop when instructed to do so |
so was forcefully terminated. |
Scheduler |
0x00017a21 |
Error |
user=<logged on user> msg=The scheduler cannot start the scheduled
task because the task's license is expired. |
The scheduler cannot start the
scheduled task because the task's license is expired. |
Scheduler |
0x00017a68 |
Info |
user=<logged on user> msg=FortiClient is starting up |
FortiClient is starting up |
Scheduler |
0x00017a69 |
Info |
user=<logged on user> msg=%s is shutting down |
FortiClient is shutting down |
Single Sign-On Mobility Agent |
0x00017ad4 |
Info |
action=<logoff|logon|ipchange|wakeup|keepalive> domain=<domain
name> remotegw=<remote gateway> user=<logged on user>
msg=Single Sign-On event |
Single Sign-On event. |
Single Sign-On Mobility Agent |
0x00017ad6 |
Warning |
action=<logoff|logon|ipchange|wakeup|keepalive> domain=<domain
name> remotegw=<remote gateway> user=<logged on user>
msg=Single Sign-On Mobility Agent was disabled |
Logged when someone disables Single
Sign-On Mobility Agent. |
Single Sign-On Mobility Agent |
0x00017ad7 |
Info |
action=<logoff|logon|ipchange|wakeup|keepalive>
domain=<domain name> remotegw=<remote gateway> user=<logged on
user> msg=Single Sign-On Mobility Agent is starting... |
version:[nnn] Single Sign-On Mobility Agent
is starting |
Single Sign-On Mobility Agent |
0x00017ad8 |
Info |
action=<logoff|logon|ipchange|wakeup|keepalive>
domain=<domain name> remotegw=<remote gateway> user=<logged on
user> msg=Single Sign-On Mobility Agent is stopping... |
version:[nnn] Single Sign-On Mobility Agent
is stopping |
Single Sign-On Mobility Agent |
0x00017ad5 |
Info |
action=<logoff|logon|ipchange|wakeup|keepalive> domain=<domain
name> remotegw=<remote gateway> user=<logged on user>
msg=Single Sign-On Mobility Agent was enabled |
Logged when someone enables Single
Sign-On Mobility Agent. |
SSL VPN |
0x00017958 |
Info |
vpnstate=<connected|disconnected> vpntunnel=<tunnel name>
vpnuser=<vpn user> remotegw=<remote gateway> user=<logged on
user> msg=SSLVPN tunnel status |
SSLVPN tunnel status |
UI |
0x00017a67 |
Info |
user=<logged on user> msg=Alerts were cleared |
Logged when alerts are cleared by a
user. |
UI |
0x00017a66 |
Warning |
user=<logged on user> msg=Logs were cleared |
Logged when logs are cleared. |
Update |
0x00017a2a |
Info |
avengine=<AV engine version> avsig=<AV high signature
version> avsigext=<AV extend signature version> avsigetm=<AV
extreme signature version> avsigheu=<AV heuristics signature
version> rootkitengine=<anti rootkit engine version>
rootkitsig=<anti rootkit signature version> appengine=<application
engine version> appsig=<application signature version>
ipseng=<IPS engine version> ipssig=<IPS signature version>
vulnsig=<vulnerability scan signature version> avsiglastupdate=<last
time AV high signature is updated> msg=Customer initiated a software
update request. |
Logged when a user presses the gui's
update button. |
Update |
0x00017a37 |
Info |
avengine=<AV engine version> avsig=<AV high signature
version> avsigext=<AV extend signature version> avsigetm=<AV
extreme signature version> avsigheu=<AV heuristics signature
version> rootkitengine=<anti rootkit engine version>
rootkitsig=<anti rootkit signature version> appengine=<application
engine version> appsig=<application signature version>
ipseng=<IPS engine version> ipssig=<IPS signature version>
vulnsig=<vulnerability scan signature version> avsiglastupdate=<last
time AV high signature is updated> msg=Checking for updates. |
Checking for updates. |
Update |
0x00017a2c |
Info |
avengine=<AV engine version> avsig=<AV high signature
version> avsigext=<AV extend signature version> avsigetm=<AV
extreme signature version> avsigheu=<AV heuristics signature
version> rootkitengine=<anti rootkit engine version>
rootkitsig=<anti rootkit signature version> appengine=<application
engine version> appsig=<application signature version>
ipseng=<IPS engine version> ipssig=<IPS signature version>
vulnsig=<vulnerability scan signature version> avsiglastupdate=<last
time AV high signature is updated> msg=Update allowed only if you have a
valid license |
Update allowed only if you have a
valid license |
Update |
0x00017a38 |
Info |
avengine=<AV engine version> avsig=<AV high signature
version> avsigext=<AV extend signature version> avsigetm=<AV
extreme signature version> avsigheu=<AV heuristics signature
version> rootkitengine=<anti rootkit engine version>
rootkitsig=<anti rootkit signature version> appengine=<application
engine version> appsig=<application signature version>
ipseng=<IPS engine version> ipssig=<IPS signature version>
vulnsig=<vulnerability scan signature version> avsiglastupdate=<last
time AV high signature is updated> msg=Software update started. |
Software update started. |
Update |
0x00017a2d |
Info |
avengine=<AV engine version> avsig=<AV high signature
version> avsigext=<AV extend signature version> avsigetm=<AV
extreme signature version> avsigheu=<AV heuristics signature
version> rootkitengine=<anti rootkit engine version>
rootkitsig=<anti rootkit signature version> appengine=<application
engine version> appsig=<application signature version>
ipseng=<IPS engine version> ipssig=<IPS signature version>
vulnsig=<vulnerability scan signature version> avsiglastupdate=<last
time AV high signature is updated> msg=Software updates are disabled. |
Software updates from FortiGuard
have been disabled. |
Update |
0x00017a2e |
Info |
avengine=<AV engine version> avsig=<AV high signature
version> avsigext=<AV extend signature version> avsigetm=<AV
extreme signature version> avsigheu=<AV heuristics signature
version> rootkitengine=<anti rootkit engine version>
rootkitsig=<anti rootkit signature version> appengine=<application
engine version> appsig=<application signature version>
ipseng=<IPS engine version> ipssig=<IPS signature version>
vulnsig=<vulnerability scan signature version> avsiglastupdate=<last
time AV high signature is updated> msg=Software updates from FortiGuard
have been disabled because this client is managed. |
Software updates from FortiGuard
have been disabled. |
Update |
0x00017a30 |
Info |
avengine=<AV engine version> avsig=<AV high signature
version> avsigext=<AV extend signature version> avsigetm=<AV
extreme signature version> avsigheu=<AV heuristics signature
version> rootkitengine=<anti rootkit engine version>
rootkitsig=<anti rootkit signature version> appengine=<application
engine version> appsig=<application signature version>
ipseng=<IPS engine version> ipssig=<IPS signature version>
vulnsig=<vulnerability scan signature version> avsiglastupdate=<last
time AV high signature is updated> msg=Software update successful. |
Software update successful. |
Update |
0x00017a2f |
Info |
avengine=<AV engine version> avsig=<AV high signature
version> avsigext=<AV extend signature version> avsigetm=<AV
extreme signature version> avsigheu=<AV heuristics signature
version> rootkitengine=<anti rootkit engine version>
rootkitsig=<anti rootkit signature version> appengine=<application
engine version> appsig=<application signature version>
ipseng=<IPS engine version> ipssig=<IPS signature version>
vulnsig=<vulnerability scan signature version> avsiglastupdate=<last
time AV high signature is updated> msg=Software updates require
administrative privileges. |
The user does not have sufficient
privileges to perform software updates. |
Update |
0x00017a32 |
Info |
avengine=<AV engine version> avsig=<AV high signature
version> avsigext=<AV extend signature version> avsigetm=<AV
extreme signature version> avsigheu=<AV heuristics signature
version> rootkitengine=<anti rootkit engine version>
rootkitsig=<anti rootkit signature version> appengine=<application
engine version> appsig=<application signature version>
ipseng=<IPS engine version> ipssig=<IPS signature version>
vulnsig=<vulnerability scan signature version> avsiglastupdate=<last
time AV high signature is updated> msg=Unable to perform software update.
Registry does not contain image id to download. |
The image id that is expected to be
in the registry is missing. |
Update |
0x00017a33 |
Info |
avengine=<AV engine version>
avsig=<AV high signature version> avsigext=<AV extend signature
version> avsigetm=<AV extreme signature version> avsigheu=<AV
heuristics signature version> rootkitengine=<anti rootkit engine version>
rootkitsig=<anti rootkit signature version> appengine=<application
engine version> appsig=<application signature version>
ipseng=<IPS engine version> ipssig=<IPS signature version>
vulnsig=<vulnerability scan signature version> avsiglastupdate=<last
time AV high signature is updated> msg=Update <module description>
successful |
new version is <version number> Update
was successful to the given version for the given module. |
Update |
0x0001798a |
Info |
avengine=<AV engine version> avsig=<AV high signature
version> avsigext=<AV extend signature version> avsigetm=<AV
extreme signature version> avsigheu=<AV heuristics signature
version> rootkitengine=<anti rootkit engine version>
rootkitsig=<anti rootkit signature version> appengine=<application
engine version> appsig=<application signature version>
ipseng=<IPS engine version> ipssig=<IPS signature version>
vulnsig=<vulnerability scan signature version> avsiglastupdate=<last
time AV high signature is updated> msg=Update success |
Update was successful. |
Update |
0x00017a34 |
Error |
avengine=<AV engine version> avsig=<AV high signature
version> avsigext=<AV extend signature version> avsigetm=<AV
extreme signature version> avsigheu=<AV heuristics signature
version> rootkitengine=<anti rootkit engine version>
rootkitsig=<anti rootkit signature version> appengine=<application
engine version> appsig=<application signature version>
ipseng=<IPS engine version> ipssig=<IPS signature version>
vulnsig=<vulnerability scan signature version> avsiglastupdate=<last
time AV high signature is updated> msg=Unable to load AV engine |
Failed to load the av engine |
Update |
0x00017a35 |
Error |
avengine=<AV engine version> avsig=<AV high signature
version> avsigext=<AV extend signature version> avsigetm=<AV
extreme signature version> avsigheu=<AV heuristics signature
version> rootkitengine=<anti rootkit engine version>
rootkitsig=<anti rootkit signature version> appengine=<application
engine version> appsig=<application signature version>
ipseng=<IPS engine version> ipssig=<IPS signature version>
vulnsig=<vulnerability scan signature version> avsiglastupdate=<last
time AV high signature is updated> msg=Error patching AV signature. |
Error patching AV signature. |
Update |
0x00017a36 |
Error |
avengine=<AV engine version> avsig=<AV high signature
version> avsigext=<AV extend signature version> avsigetm=<AV
extreme signature version> avsigheu=<AV heuristics signature
version> rootkitengine=<anti rootkit engine version>
rootkitsig=<anti rootkit signature version> appengine=<application
engine version> appsig=<application signature version>
ipseng=<IPS engine version> ipssig=<IPS signature version>
vulnsig=<vulnerability scan signature version> avsiglastupdate=<last
time AV high signature is updated> msg=Unable to load FASLE engine |
Unable to load FASLE engine |
Update |
0x00017a31 |
Info |
avengine=<AV engine version> avsig=<AV high signature
version> avsigext=<AV extend signature version> avsigetm=<AV
extreme signature version> avsigheu=<AV heuristics signature
version> rootkitengine=<anti rootkit engine version>
rootkitsig=<anti rootkit signature version> appengine=<application
engine version> appsig=<application signature version>
ipseng=<IPS engine version> ipssig=<IPS signature version>
vulnsig=<vulnerability scan signature version> avsiglastupdate=<last
time AV high signature is updated> msg=Software update failed. |
Software update failed. |
Update |
0x00017a39 |
Info |
avengine=<AV engine version>
avsig=<AV high signature version> avsigext=<AV extend signature
version> avsigetm=<AV extreme signature version> avsigheu=<AV
heuristics signature version> rootkitengine=<anti rootkit engine version>
rootkitsig=<anti rootkit signature version> appengine=<application
engine version> appsig=<application signature version>
ipseng=<IPS engine version> ipssig=<IPS signature version>
vulnsig=<vulnerability scan signature version> avsiglastupdate=<last
time AV high signature is updated> msg=Update successful |
<all engine/signature
versions> Update was successful |
current engine/signature
information recorded. |
Vulnerability Scan |
0x0001790b |
Info |
status=<started|finished|failed|cancelled|application>
vulnid=<id of vulnerability> vulnname=<name of vulnerability>
vulnseverity=<severity> vulncat=<category of vulnerability>
vulncvss=<cvss> vulnref=<reference> vulnengine=<scan engine
version> vulnsig=<signature version> user=<logged on user>
appid=<app id> appversion=<app version> appvendor=<app
vendor> product=<csv list of products> msg=Applying patch for
Windows vulnerability |
The details of the vulnerability
being remediated is described by the log fields |
Vulnerability Scan |
0x0001790a |
Info |
status=<started|finished|failed|cancelled|application>
vulnid=<id of vulnerability> vulnname=<name of vulnerability>
vulnseverity=<severity> vulncat=<category of vulnerability>
vulncvss=<cvss> vulnref=<reference> vulnengine=<scan engine
version> vulnsig=<signature version> user=<logged on user>
appid=<app id> appversion=<app version> appvendor=<app
vendor> product=<csv list of products> msg=Applying patch for
vulnerability found |
The details of the vulnerability
being remediated is described by the log fields |
Vulnerability Scan |
0x00017909 |
Info |
status=<started|finished|failed|cancelled|application>
vulnid=<id of vulnerability> vulnname=<name of vulnerability>
vulnseverity=<severity> vulncat=<category of vulnerability>
vulncvss=<cvss> vulnref=<reference> vulnengine=<scan engine
version> vulnsig=<signature version> user=<logged on user>
appid=<app id> appversion=<app version> appvendor=<app
vendor> product=<csv list of products> msg=A vulnerability scan
result has been logged |
A Vulnerability scan result log |
Vulnerability Scan |
0x00017908 |
Info |
status=<started|finished|failed|cancelled|application>
vulnid=<id of vulnerability> vulnname=<name of vulnerability>
vulnseverity=<severity> vulncat=<category of vulnerability>
vulncvss=<cvss> vulnref=<reference> vulnengine=<scan engine
version> vulnsig=<signature version> user=<logged on user>
appid=<app id> appversion=<app version> appvendor=<app
vendor> product=<csv list of products> msg=The vulnerability scan
status has changed |
A vulnerability scan status change |
Webfilter |
0x000178fb |
Warning |
status=<passthrough|monitor|warn|block> cat=<id of rating
category> catdesc=<description of rating category>
service=<http|https> hostname=<remote server> url=<url>
ip=<local ip> user=<logged on user> msg=status=warn [logged on
user] temporarily disabled blocking of category [category id] ([category
name]) to access [url] |
The user [logged on user] proceeded
to the url [url] after acknowledging a warning message. |
Webfilter |
0x000178fa |
Warning |
status=<passthrough|monitor|warn|block> cat=<id of rating
category> catdesc=<description of rating category>
service=<http|https> hostname=<remote server> url=<url>
ip=<local ip> user=<logged on user> msg=Unable to retrieve the
webfilter UDP port number. |
FortiClient will not be able to
determine the FortiGuard rating of URLs. |
Webfilter |
0x000178f9 |
Warning |
status=<passthrough|monitor|warn|block> cat=<id of rating
category> catdesc=<description of rating category>
service=<http|https> hostname=<remote server> url=<url>
ip=<local ip> user=<logged on user> msg=Unable to create
proxy/webfilter communication socket. |
FortiClient will not be able to
determine the FortiGuard rating of URLs. |
Webfilter |
0x000178f8 |
Warning |
status=<passthrough|monitor|warn|block> cat=<id of rating
category> catdesc=<description of rating category>
service=<http|https> hostname=<remote server> url=<url>
ip=<local ip> user=<logged on user> msg=The Webfilter Violation
report was cleared [user name] |
Logged when someone clears the
webfilter violation report. |
Webfilter |
0x000178f7 |
Info |
status=<passthrough|monitor|warn|block> cat=<id of rating
category> catdesc=<description of rating category>
service=<http|https> hostname=<remote server> url=<url>
ip=<local ip> user=<logged on user> msg=user's access to the url
[action and reason] |
the action to the user's access |
and the reason |
Webfilter |
0x000178f6 |
Warning |
status=<passthrough|monitor|warn|block> cat=<id of rating
category> catdesc=<description of rating category>
service=<http|https> hostname=<remote server> url=<url>
ip=<local ip> user=<logged on user> msg=user's access to the url
[action and reason] |
the action to the user's access |
and the reason |
Webfilter |
0x000178f5 |
Warning |
status=<passthrough|monitor|warn|block> cat=<id of rating
category> catdesc=<description of rating category>
service=<http|https> hostname=<remote server> url=<url>
ip=<local ip> user=<logged on user> msg=User disabled Webfilter |
Logged when someone disables
webfiltering. |
Webfilter |
0x000178f4 |
Info |
status=<passthrough|monitor|warn|block> cat=<id of rating
category> catdesc=<description of rating category>
service=<http|https> hostname=<remote server> url=<url>
ip=<local ip> user=<logged on user> msg=User enabled Webfilter |
Logged when someone enables
webfiltering. |