Fortinet black logo

Administration Guide

Raw logs

Copy Link
Copy Doc ID 63cab9f6-5858-11ec-bdf2-fa163e15d75b:554896
Download PDF

Raw logs

You can download and save raw logs to the management computer by clicking Download Log. Raw logs are saved as a text file with the extension .log.gz. You can search the system log for more details.

Sample raw logs file content

itime=1535413204 date=2018-08-27 time=16:40:04 logid=0106000001 type=event subtype=system pri=debug user=system ui=system action= status=success msg="SNMP TRAP sent out: Service=SSH AttackerIp=10.95.5.83 AttackerPort=57190 VictimIp=10.95.5.21 VictimPort=22 Operation=Established SSH connection Description=10.95.5.83 Username=NA Password=NA"

itime=1535413204 date=2018-08-27 time=16:40:04 logid=0106000001 type=event subtype=system pri=debug user=system ui=system action= status=success msg="SNMP TRAP sent out: Service=SSH AttackerIp=10.95.5.83 AttackerPort=57190 VictimIp=10.95.5.21 VictimPort=22 Operation=SSH connection closed Description=83ssh Username=83ssh Password=83ssh"

itime=1535413204 date=2018-08-27 time=16:40:04 logid=0106000001 type=event subtype=system pri=debug user=system ui=system action= status=success msg="SNMP TRAP sent out: Service=SSH AttackerIp=10.95.5.83 AttackerPort=57190 VictimIp=10.95.5.21 VictimPort=22 Operation=Authentication Failure Description=83ssh Username=83ssh Password=83ssh"

itime=1535413204 date=2018-08-27 time=16:40:04 logid=0106000001 type=event subtype=system pri=debug user=system ui=system action= status=success msg="SNMP TRAP sent out: Service=SAMBA AttackerIp=10.95.5.83 AttackerPort=NA VictimIp=10.95.5.21 VictimPort=445 Operation=Change to dir Description=/home/share/samba Username=83samba Password=83samba"

itime=1535413204 date=2018-08-27 time=16:40:04 logid=0106000001 type=event subtype=system pri=debug user=system ui=system action= status=success msg="SNMP TRAP sent out: Service=SAMBA AttackerIp=10.95.5.83 AttackerPort=NA VictimIp=10.95.5.21 VictimPort=445 Operation=Access path Description=samba Username=83samba Password=83samba"

itime=1535413204 date=2018-08-27 time=16:40:04 logid=0106000001 type=event subtype=system pri=debug user=system ui=system action= status=success msg="SNMP TRAP sent out: Service=SAMBA AttackerIp=10.95.5.83 AttackerPort=NA VictimIp=10.95.5.21 VictimPort=445 Operation=Disconnect net share Description=samba Username=83samba Password=83samba"

itime=1535413201 date=2018-08-27 time=16:40:01 logid=0106000001 type=event subtype=system pri=alert user=system ui=GUI action=update status=success msg="Service=SSH AttackerIp=10.95.5.83 AttackerPort=57190 VictimIp=10.95.5.21 VictimPort=22 Operation=SSH connection closed Description=83ssh Username=83ssh Password=83ssh"

itime=1535413201 date=2018-08-27 time=16:40:01 logid=0106000001 type=event subtype=system pri=alert user=system ui=GUI action=update status=success msg="Service=SSH AttackerIp=10.95.5.83 AttackerPort=57190 VictimIp=10.95.5.21 VictimPort=22 Operation=Authentication Failure Description=83ssh Username=83ssh Password=83ssh"

itime=1535413198 date=2018-08-27 time=16:39:58 logid=0106000001 type=event subtype=system pri=alert user=system ui=GUI action=update status=success msg="Service=SSH AttackerIp=10.95.5.83 AttackerPort=57190 VictimIp=10.95.5.21 VictimPort=22 Operation=Established SSH connection Description=10.95.5.83 Username=NA Password=NA"

itime=1535413198 date=2018-08-27 time=16:39:58 logid=0106000001 type=event subtype=system pri=alert user=system ui=GUI action=update status=success msg="Service=SAMBA AttackerIp=10.95.5.83 AttackerPort=NA VictimIp=10.95.5.21 VictimPort=445 Operation=Disconnect net share Description=samba Username=83samba Password=83samba"

itime=1535413197 date=2018-08-27 time=16:39:57 logid=0106000001 type=event subtype=system pri=alert user=system ui=GUI action=update status=success msg="Service=SAMBA AttackerIp=10.95.5.83 AttackerPort=NA VictimIp=10.95.5.21 VictimPort=445 Operation=Change to dir Description=/home/share/samba Username=83samba Password=83samba"

itime=1535413197 date=2018-08-27 time=16:39:57 logid=0106000001 type=event subtype=system pri=alert user=system ui=GUI action=update status=success msg="Service=SAMBA AttackerIp=10.95.5.83 AttackerPort=NA VictimIp=10.95.5.21 VictimPort=445 Operation=Access path Description=samba Username=83samba Password=83samba"

Raw logs

You can download and save raw logs to the management computer by clicking Download Log. Raw logs are saved as a text file with the extension .log.gz. You can search the system log for more details.

Sample raw logs file content

itime=1535413204 date=2018-08-27 time=16:40:04 logid=0106000001 type=event subtype=system pri=debug user=system ui=system action= status=success msg="SNMP TRAP sent out: Service=SSH AttackerIp=10.95.5.83 AttackerPort=57190 VictimIp=10.95.5.21 VictimPort=22 Operation=Established SSH connection Description=10.95.5.83 Username=NA Password=NA"

itime=1535413204 date=2018-08-27 time=16:40:04 logid=0106000001 type=event subtype=system pri=debug user=system ui=system action= status=success msg="SNMP TRAP sent out: Service=SSH AttackerIp=10.95.5.83 AttackerPort=57190 VictimIp=10.95.5.21 VictimPort=22 Operation=SSH connection closed Description=83ssh Username=83ssh Password=83ssh"

itime=1535413204 date=2018-08-27 time=16:40:04 logid=0106000001 type=event subtype=system pri=debug user=system ui=system action= status=success msg="SNMP TRAP sent out: Service=SSH AttackerIp=10.95.5.83 AttackerPort=57190 VictimIp=10.95.5.21 VictimPort=22 Operation=Authentication Failure Description=83ssh Username=83ssh Password=83ssh"

itime=1535413204 date=2018-08-27 time=16:40:04 logid=0106000001 type=event subtype=system pri=debug user=system ui=system action= status=success msg="SNMP TRAP sent out: Service=SAMBA AttackerIp=10.95.5.83 AttackerPort=NA VictimIp=10.95.5.21 VictimPort=445 Operation=Change to dir Description=/home/share/samba Username=83samba Password=83samba"

itime=1535413204 date=2018-08-27 time=16:40:04 logid=0106000001 type=event subtype=system pri=debug user=system ui=system action= status=success msg="SNMP TRAP sent out: Service=SAMBA AttackerIp=10.95.5.83 AttackerPort=NA VictimIp=10.95.5.21 VictimPort=445 Operation=Access path Description=samba Username=83samba Password=83samba"

itime=1535413204 date=2018-08-27 time=16:40:04 logid=0106000001 type=event subtype=system pri=debug user=system ui=system action= status=success msg="SNMP TRAP sent out: Service=SAMBA AttackerIp=10.95.5.83 AttackerPort=NA VictimIp=10.95.5.21 VictimPort=445 Operation=Disconnect net share Description=samba Username=83samba Password=83samba"

itime=1535413201 date=2018-08-27 time=16:40:01 logid=0106000001 type=event subtype=system pri=alert user=system ui=GUI action=update status=success msg="Service=SSH AttackerIp=10.95.5.83 AttackerPort=57190 VictimIp=10.95.5.21 VictimPort=22 Operation=SSH connection closed Description=83ssh Username=83ssh Password=83ssh"

itime=1535413201 date=2018-08-27 time=16:40:01 logid=0106000001 type=event subtype=system pri=alert user=system ui=GUI action=update status=success msg="Service=SSH AttackerIp=10.95.5.83 AttackerPort=57190 VictimIp=10.95.5.21 VictimPort=22 Operation=Authentication Failure Description=83ssh Username=83ssh Password=83ssh"

itime=1535413198 date=2018-08-27 time=16:39:58 logid=0106000001 type=event subtype=system pri=alert user=system ui=GUI action=update status=success msg="Service=SSH AttackerIp=10.95.5.83 AttackerPort=57190 VictimIp=10.95.5.21 VictimPort=22 Operation=Established SSH connection Description=10.95.5.83 Username=NA Password=NA"

itime=1535413198 date=2018-08-27 time=16:39:58 logid=0106000001 type=event subtype=system pri=alert user=system ui=GUI action=update status=success msg="Service=SAMBA AttackerIp=10.95.5.83 AttackerPort=NA VictimIp=10.95.5.21 VictimPort=445 Operation=Disconnect net share Description=samba Username=83samba Password=83samba"

itime=1535413197 date=2018-08-27 time=16:39:57 logid=0106000001 type=event subtype=system pri=alert user=system ui=GUI action=update status=success msg="Service=SAMBA AttackerIp=10.95.5.83 AttackerPort=NA VictimIp=10.95.5.21 VictimPort=445 Operation=Change to dir Description=/home/share/samba Username=83samba Password=83samba"

itime=1535413197 date=2018-08-27 time=16:39:57 logid=0106000001 type=event subtype=system pri=alert user=system ui=GUI action=update status=success msg="Service=SAMBA AttackerIp=10.95.5.83 AttackerPort=NA VictimIp=10.95.5.21 VictimPort=445 Operation=Access path Description=samba Username=83samba Password=83samba"