Fortinet black logo

FortiOS Log Message Reference

22 - LOG_ID_TRAFFIC_UTM_CORRELATION

22 - LOG_ID_TRAFFIC_UTM_CORRELATION

Message ID: 22

Message Description: LOG_ID_TRAFFIC_UTM_CORRELATION

Message Meaning: Forward traffic for UTM correlation

Type: Traffic

Category: FORWARD

Severity: Notice

Log Field Name

Description

Data Type

Length

action

status of the session. Uses following definition: - Deny = blocked by firewall policy. - Start = session start log (special option to enable logging at start of a session). This means firewall allowed. - All Others = allowed by Firewall Policy and the status indicates how it was closed.

string

16

agent

string

64

app

Application name

string

96

appact

The security action from app control

string

16

appcat

Application category

string

64

appid

Application ID

uint32

10

applist

Application Control profile (name)

string

64

apprisk

Application Risk Level

string

16

apsn

string

36

centralnatid

Central NAT ID

uint32

10

collectedemail

string

66

comment

string

1024

countapp

Number of App Ctrl logs associated with the session

uint32

10

countav

Number of AV logs associated with the session

uint32

10

countdlp

Number of the DLP logs associated with the session

uint32

10

countemail

Number of the email logs associated with the session

uint32

10

countips

Number of the IPS logs associated with the session

uint32

10

countssh

uint32

10

countweb

Number of the Web Filter logs associated with the session

uint32

10

date

Date

string

10

devcategory

string

32

devid

Device serial number

string

16

devtype

Device type

string

32

dstcollectedemail

string

66

dstdevcategory

string

32

dstdevtype

string

32

dstintf

Destination Interface

string

32

dstintfrole

string

10

dstip

Destination IP Address

ip

39

dstmac

string

17

dstname

The destination name.

string

66

dstosname

string

66

dstosversion

string

66

dstport

Destination Port

uint16

5

dstserver

uint32

10

dstssid

Destination SSID

string

33

dstunauthuser

string

66

dstunauthusersource

string

66

dstuuid

UUID of the Destination IP address

string

37

duration

Duration of the session

uint32

10

eventtime

uint64

20

fctuid

string

32

group

User group name

string

64

level

Log Level

string

11

logid

Log ID

string

10

masterdstmac

string

17

mastersrcmac

The master MAC address for a host that has multiple network interfaces

string

17

msg

Log message

string

64

osname

Name of the device's OS

string

66

osversion

string

66

policyid

Firewall Policy ID

uint32

10

policymode

string

8

policyname

string

36

policytype

string

24

poluuid

UUID of the Firewall Policy

string

37

proto

protocol number

uint8

3

rcvdbyte

Received Bytes

uint64

20

rcvdpkt

Received Packets

uint32

10

sentbyte

Sent Bytes

uint64

20

sentpkt

Sent Packets

uint32

10

service

Name of service

string

63

sessionid

Session ID

uint32

10

shaperdroprcvdbyte

Received bytes dropped by shaper

uint32

10

shaperdropsentbyte

Sent bytes dropped by shaper

uint32

10

shaperperipdropbyte

Dropped bytes per IP by shaper

uint32

10

shaperperipname

Traffic shaper name (per IP)

string

36

shaperrcvdname

Traffic shaper name for received traffic

string

36

shapersentname

Traffic shaper name for sent traffic

string

36

shapingpolicyid

uint32

10

srcintf

Source interface name

string

32

srcintfrole

string

10

srcip

Source IP address

ip

39

srcmac

MAC address associated with the Source IP

string

17

srcname

Source name

string

66

srcport

Source port number

uint16

5

srcserver

uint32

10

srcssid

Source SSID

string

33

srcuuid

UUID of the Source IP Address

string

37

sslaction

string

26

subtype

Subtype of the traffic

string

20

time

Time

string

8

trandisp

NAT translation type

string

16

tranip

NAT destination IP

ip

39

tranport

NAT Destination Port

uint16

5

transip

NAT Source IP

ip

39

transport

NAT Source Port

uint16

5

type

Log type

string

16

unauthuser

Unauthenticated user name

string

66

unauthuser

Unauthenticated user name

string

66

unauthusersource

The method used to detect unauthenticated user name

string

66

unauthusersource

The method used to detect unauthenticated user name

string

66

url

string

512

user

User name

string

256

vd

Virtual domain name

string

32

vpn

The name of the VPN tunnel

string

32

vpntype

The type of the VPN tunnel

string

14

vrf

uint8

3

vwlid

uint32

10

vwlquality

string

320

vwlservice

string

64

vwpvlanid

uint32

10

22 - LOG_ID_TRAFFIC_UTM_CORRELATION

Message ID: 22

Message Description: LOG_ID_TRAFFIC_UTM_CORRELATION

Message Meaning: Forward traffic for UTM correlation

Type: Traffic

Category: FORWARD

Severity: Notice

Log Field Name

Description

Data Type

Length

action

status of the session. Uses following definition: - Deny = blocked by firewall policy. - Start = session start log (special option to enable logging at start of a session). This means firewall allowed. - All Others = allowed by Firewall Policy and the status indicates how it was closed.

string

16

agent

string

64

app

Application name

string

96

appact

The security action from app control

string

16

appcat

Application category

string

64

appid

Application ID

uint32

10

applist

Application Control profile (name)

string

64

apprisk

Application Risk Level

string

16

apsn

string

36

centralnatid

Central NAT ID

uint32

10

collectedemail

string

66

comment

string

1024

countapp

Number of App Ctrl logs associated with the session

uint32

10

countav

Number of AV logs associated with the session

uint32

10

countdlp

Number of the DLP logs associated with the session

uint32

10

countemail

Number of the email logs associated with the session

uint32

10

countips

Number of the IPS logs associated with the session

uint32

10

countssh

uint32

10

countweb

Number of the Web Filter logs associated with the session

uint32

10

date

Date

string

10

devcategory

string

32

devid

Device serial number

string

16

devtype

Device type

string

32

dstcollectedemail

string

66

dstdevcategory

string

32

dstdevtype

string

32

dstintf

Destination Interface

string

32

dstintfrole

string

10

dstip

Destination IP Address

ip

39

dstmac

string

17

dstname

The destination name.

string

66

dstosname

string

66

dstosversion

string

66

dstport

Destination Port

uint16

5

dstserver

uint32

10

dstssid

Destination SSID

string

33

dstunauthuser

string

66

dstunauthusersource

string

66

dstuuid

UUID of the Destination IP address

string

37

duration

Duration of the session

uint32

10

eventtime

uint64

20

fctuid

string

32

group

User group name

string

64

level

Log Level

string

11

logid

Log ID

string

10

masterdstmac

string

17

mastersrcmac

The master MAC address for a host that has multiple network interfaces

string

17

msg

Log message

string

64

osname

Name of the device's OS

string

66

osversion

string

66

policyid

Firewall Policy ID

uint32

10

policymode

string

8

policyname

string

36

policytype

string

24

poluuid

UUID of the Firewall Policy

string

37

proto

protocol number

uint8

3

rcvdbyte

Received Bytes

uint64

20

rcvdpkt

Received Packets

uint32

10

sentbyte

Sent Bytes

uint64

20

sentpkt

Sent Packets

uint32

10

service

Name of service

string

63

sessionid

Session ID

uint32

10

shaperdroprcvdbyte

Received bytes dropped by shaper

uint32

10

shaperdropsentbyte

Sent bytes dropped by shaper

uint32

10

shaperperipdropbyte

Dropped bytes per IP by shaper

uint32

10

shaperperipname

Traffic shaper name (per IP)

string

36

shaperrcvdname

Traffic shaper name for received traffic

string

36

shapersentname

Traffic shaper name for sent traffic

string

36

shapingpolicyid

uint32

10

srcintf

Source interface name

string

32

srcintfrole

string

10

srcip

Source IP address

ip

39

srcmac

MAC address associated with the Source IP

string

17

srcname

Source name

string

66

srcport

Source port number

uint16

5

srcserver

uint32

10

srcssid

Source SSID

string

33

srcuuid

UUID of the Source IP Address

string

37

sslaction

string

26

subtype

Subtype of the traffic

string

20

time

Time

string

8

trandisp

NAT translation type

string

16

tranip

NAT destination IP

ip

39

tranport

NAT Destination Port

uint16

5

transip

NAT Source IP

ip

39

transport

NAT Source Port

uint16

5

type

Log type

string

16

unauthuser

Unauthenticated user name

string

66

unauthuser

Unauthenticated user name

string

66

unauthusersource

The method used to detect unauthenticated user name

string

66

unauthusersource

The method used to detect unauthenticated user name

string

66

url

string

512

user

User name

string

256

vd

Virtual domain name

string

32

vpn

The name of the VPN tunnel

string

32

vpntype

The type of the VPN tunnel

string

14

vrf

uint8

3

vwlid

uint32

10

vwlquality

string

320

vwlservice

string

64

vwpvlanid

uint32

10