Fortinet black logo

FortiOS Log Message Reference

54601 - LOG_ID_DNS_BOTNET_DOMAIN

54601 - LOG_ID_DNS_BOTNET_DOMAIN

Message ID: 54601

Message Description: LOG_ID_DNS_BOTNET_DOMAIN

Message Meaning: Domain blocked by DNS botnet C&C (Domain)

Type: DNS

Category: DNS-RESPONSE

Severity: Warning

Log Field Name

Description

Data Type

Length

action

Security action performed by DNS filter

string

16

botnetdomain

Botnet domain name

string

256

botnetip

Botnet IP address

ip

39

date

Date

string

10

dstintf

Destination Interface

string

32

dstintfrole

string

10

dstip

Destination IP

ip

39

dstport

Destination Port

uint16

5

eventtime

uint64

20

fctuid

string

32

group

User group name

string

64

level

Log Level

string

11

logid

Log ID

string

10

msg

Log message

string

512

policyid

Policy ID

uint32

10

profile

Profile name for DNS filter

string

64

proto

Protocol number

uint8

3

qclass

Query class

string

32

qname

Query domain name

string

256

qtype

Query type description

string

32

qtypeval

uint16

5

sessionid

Session ID

uint32

10

srcintf

Source Interface

string

32

srcintfrole

string

10

srcip

Source IP

ip

39

srcmac

MAC address associated with the Source IP

string

17

srcport

Source Port

uint16

5

subtype

Log Subtype

string

20

time

Time

string

8

type

Log Type

string

16

unauthuser

string

66

unauthusersource

string

66

user

User name

string

256

vd

Virtual Domain Name

string

32

xid

Transaction ID

uint16

5

54601 - LOG_ID_DNS_BOTNET_DOMAIN

Message ID: 54601

Message Description: LOG_ID_DNS_BOTNET_DOMAIN

Message Meaning: Domain blocked by DNS botnet C&C (Domain)

Type: DNS

Category: DNS-RESPONSE

Severity: Warning

Log Field Name

Description

Data Type

Length

action

Security action performed by DNS filter

string

16

botnetdomain

Botnet domain name

string

256

botnetip

Botnet IP address

ip

39

date

Date

string

10

dstintf

Destination Interface

string

32

dstintfrole

string

10

dstip

Destination IP

ip

39

dstport

Destination Port

uint16

5

eventtime

uint64

20

fctuid

string

32

group

User group name

string

64

level

Log Level

string

11

logid

Log ID

string

10

msg

Log message

string

512

policyid

Policy ID

uint32

10

profile

Profile name for DNS filter

string

64

proto

Protocol number

uint8

3

qclass

Query class

string

32

qname

Query domain name

string

256

qtype

Query type description

string

32

qtypeval

uint16

5

sessionid

Session ID

uint32

10

srcintf

Source Interface

string

32

srcintfrole

string

10

srcip

Source IP

ip

39

srcmac

MAC address associated with the Source IP

string

17

srcport

Source Port

uint16

5

subtype

Log Subtype

string

20

time

Time

string

8

type

Log Type

string

16

unauthuser

string

66

unauthusersource

string

66

user

User name

string

256

vd

Virtual Domain Name

string

32

xid

Transaction ID

uint16

5