Fortinet black logo

FortiOS Log Message Reference

Home FortiGate / FortiOS 5.6.14 FortiOS Log Message Reference

DLP log support for CEF

5.6.14
7.4.3
7.4.2
7.4.1
7.4.0
7.2.8
7.2.7
7.2.6
7.2.5
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0
7.0.15
7.0.14
7.0.13
7.0.12
7.0.11
7.0.10
7.0.9
7.0.8
7.0.7
7.0.6
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0
6.4.15
6.4.14
6.4.13
6.4.12
6.4.11
6.4.10
6.4.9
6.4.8
6.4.7
6.4.6
6.4.5
6.4.4
6.4.3
6.4.2
6.4.1
6.4.0
6.2.16
6.2.15
6.2.14
6.2.13
6.2.12
6.2.11
6.2.10
6.2.9
6.2.8
6.2.7
6.2.6
6.2.5
6.2.4
6.2.3
6.2.2
6.2.1
6.2.0
6.0.18
6.0.17
6.0.16
6.0.15
6.0.14
6.0.13
6.0.12
6.0.11
6.0.10
6.0.9
6.0.8
6.0.7
6.0.6
6.0.5
6.0.4
6.0.3
6.0.2
6.0.1
6.0.0
5.6.14
5.6.13
5.6.12
5.6.11
5.6.10
5.6.9
5.6.8
5.6.7
5.6.6
5.6.5
5.6.4
5.6.3
5.6.2
5.6.1
5.6.0
5.4.13
5.4.12
5.4.11
5.4.9
5.4.8
5.4.7
5.4.6
5.4.5
5.4.4
5.4.3
5.4.2
5.4.1
5.4.0
5.2.15
5.2.14
5.2.13
5.2.12
5.2.11
5.2.10
5.2.8
5.2.7
5.2.6
5.2.5
5.2.4
5.2.3
5.2.2
5.2.1
Copy Link
Copy Doc ID 54f857d3-f55f-11eb-97f7-00505692583a:503991
Download PDF

DLP log support for CEF

Following is an example of a DLP log on the FortiGate disk:

date=2016-02-12 time=14:16:32 logid=0954024576 type=utm subtype=dlp eventtype=dlp level=warning vd="vdom1" filteridx=2 filtertype=ssn filtercat=file severity=medium sessionid=65177 epoch=2015044633 eventid=0 user="" srcip=192.168.1.183 srcport=36171 srcintf="port15" dstip=192.168.70.184 dstport=80 dstintf="port19" proto=6 service=HTTP filetype=unknown sentbyte=151 rcvdbyte=90170 direction=incoming action=block hostname="192.168.70.184" url="/dlp/ssn/ssn-docx-pdf-valid.tar" agent="Wget/1.10.2" filename="ssn-docx-pdf-valid.tar" filesize=89831 profile="SSN"

Following is an example of a DLP log sent in CEF format to a syslog server:

Feb 12 14:16:32 syslog-800c CEF:0|Fortinet|Fortigate|v5.6.0|24576|utm:dlp dlp block|4|FTNTFGTlogid=0954024576 cat=utm:dlp FTNTFGTsubtype=dlp FTNTFGTeventtype=dlp FTNTFGTlevel=warning FTNTFGTvd=vdom1 FTNTFGTfilteridx=2 cs1=ssn cs1Label=Filter Type FTNTFGTfiltercat=file FTNTFGTseverity=medium externalId=65177 FTNTFGTepoch=2015044633 FTNTFGTeventid=0 duser= src=192.168.1.183 spt=36171 deviceInboundInterface=port15 dst=192.168.70.184 dpt=80 deviceOutboundInterface=port19 proto=6 app=HTTP FTNTFGTfiletype=unknown out=151 in=90170 deviceDirection=0 act=block dhost=192.168.70.184 request=/dlp/ssn/ssn-docx-pdf-valid.tar requestClientApplication=Wget/1.10.2 fname=ssn-docx-pdf-valid.tar fsize=89831 FTNTFGTprofile=SSN

The following table maps FortiOS log field names to CEF field names.

FortiOS Log Field Name

CEF Field Name

filtertype

cs1=xxx cs1Label=Filter Type

filesize

fsize

Previous
Next

DLP log support for CEF

Following is an example of a DLP log on the FortiGate disk:

date=2016-02-12 time=14:16:32 logid=0954024576 type=utm subtype=dlp eventtype=dlp level=warning vd="vdom1" filteridx=2 filtertype=ssn filtercat=file severity=medium sessionid=65177 epoch=2015044633 eventid=0 user="" srcip=192.168.1.183 srcport=36171 srcintf="port15" dstip=192.168.70.184 dstport=80 dstintf="port19" proto=6 service=HTTP filetype=unknown sentbyte=151 rcvdbyte=90170 direction=incoming action=block hostname="192.168.70.184" url="/dlp/ssn/ssn-docx-pdf-valid.tar" agent="Wget/1.10.2" filename="ssn-docx-pdf-valid.tar" filesize=89831 profile="SSN"

Following is an example of a DLP log sent in CEF format to a syslog server:

Feb 12 14:16:32 syslog-800c CEF:0|Fortinet|Fortigate|v5.6.0|24576|utm:dlp dlp block|4|FTNTFGTlogid=0954024576 cat=utm:dlp FTNTFGTsubtype=dlp FTNTFGTeventtype=dlp FTNTFGTlevel=warning FTNTFGTvd=vdom1 FTNTFGTfilteridx=2 cs1=ssn cs1Label=Filter Type FTNTFGTfiltercat=file FTNTFGTseverity=medium externalId=65177 FTNTFGTepoch=2015044633 FTNTFGTeventid=0 duser= src=192.168.1.183 spt=36171 deviceInboundInterface=port15 dst=192.168.70.184 dpt=80 deviceOutboundInterface=port19 proto=6 app=HTTP FTNTFGTfiletype=unknown out=151 in=90170 deviceDirection=0 act=block dhost=192.168.70.184 request=/dlp/ssn/ssn-docx-pdf-valid.tar requestClientApplication=Wget/1.10.2 fname=ssn-docx-pdf-valid.tar fsize=89831 FTNTFGTprofile=SSN

The following table maps FortiOS log field names to CEF field names.

FortiOS Log Field Name

CEF Field Name

filtertype

cs1=xxx cs1Label=Filter Type

filesize

fsize

Previous
Next