Fortinet white logo
Fortinet white logo

FortiOS Log Message Reference

List of log types and subtypes

List of log types and subtypes

FortiGate devices can record the following types and subtypes of log entry information:

Type

Description

Subtype

Traffic

Records traffic flow information, such as an HTTP/HTTPS request and its response, if any.

  • Forward
  • Local
  • Multicast
  • Sniffer

Event

Records system and administrative events, such as downloading a backup copy of the configuration, or daemon activities.

  • Compliance-check
  • Endpoint Control
  • High Availability
  • Router
  • Security-audit
  • System
  • User
  • Virtual Private Network (VPN)
  • WAD
  • Wireless

UTM

Records UTM events.

See list of UTM log subtypes below

UTM log subtypes

UTM Log Subtypes

Description

Event Type

Anomaly

Records intrusion attempts.

  • Anomaly

App

Records intrusion attempts. Application Control log is output when a signature matches an application pattern.

  • App-CTRL-All

Antivirus

Records virus attacks.

  • Analytics
  • Botnet
  • Filename
  • Filetype Executable
  • Infected
  • Mime Fragmented
  • Outbreak-prevention
  • Oversized
  • Scan Error
  • Suspicious
  • Switch Proto

DLP

Records data leak prevention events.

  • DLP
  • Document Source

DNS

Records domain name server events.

  • DNS-query
  • DNS-response

Email

Records email filter events.

  • Carrier Endpoint Filter
  • FTGD Error
  • Google Gmail
  • IMAP
  • MAPI
  • MMS
  • MSN Hotmail
  • POP3
  • SMTP
  • Yahoo Mail

GTP

Records GPRS Tunneling Protocol (GTP) traffic for FortiCarrier devices.

  • GTP-All

IPS

Records intrusion prevention events.

  • Malicious URL
  • Signature

VoIP

Records voice over IP events.

  • VoIP

SSH

Records Secure Socket Shell events.

  • SSH

WAF

Records web application firewall information for FortiWeb appliances and virtual appliances

  • Address List
  • Custom Signature
  • HTTP Constraint
  • HTTP Method
  • Signature
  • URL Access

Web Filtering

Records web filter events.

  • ActiveX Filter
  • Applet Filter
  • Command Block
  • Content
  • Cookie Filter
  • FortiGuard Allow
  • FortiGuard Block
  • FortiGuard Error
  • FortiGuard Quota
  • FortiGuard Quota Counting
  • FortiGuard Quota Expired
  • Script Filter
  • URL Filter
  • URL Monitor

List of log types and subtypes

List of log types and subtypes

FortiGate devices can record the following types and subtypes of log entry information:

Type

Description

Subtype

Traffic

Records traffic flow information, such as an HTTP/HTTPS request and its response, if any.

  • Forward
  • Local
  • Multicast
  • Sniffer

Event

Records system and administrative events, such as downloading a backup copy of the configuration, or daemon activities.

  • Compliance-check
  • Endpoint Control
  • High Availability
  • Router
  • Security-audit
  • System
  • User
  • Virtual Private Network (VPN)
  • WAD
  • Wireless

UTM

Records UTM events.

See list of UTM log subtypes below

UTM log subtypes

UTM Log Subtypes

Description

Event Type

Anomaly

Records intrusion attempts.

  • Anomaly

App

Records intrusion attempts. Application Control log is output when a signature matches an application pattern.

  • App-CTRL-All

Antivirus

Records virus attacks.

  • Analytics
  • Botnet
  • Filename
  • Filetype Executable
  • Infected
  • Mime Fragmented
  • Outbreak-prevention
  • Oversized
  • Scan Error
  • Suspicious
  • Switch Proto

DLP

Records data leak prevention events.

  • DLP
  • Document Source

DNS

Records domain name server events.

  • DNS-query
  • DNS-response

Email

Records email filter events.

  • Carrier Endpoint Filter
  • FTGD Error
  • Google Gmail
  • IMAP
  • MAPI
  • MMS
  • MSN Hotmail
  • POP3
  • SMTP
  • Yahoo Mail

GTP

Records GPRS Tunneling Protocol (GTP) traffic for FortiCarrier devices.

  • GTP-All

IPS

Records intrusion prevention events.

  • Malicious URL
  • Signature

VoIP

Records voice over IP events.

  • VoIP

SSH

Records Secure Socket Shell events.

  • SSH

WAF

Records web application firewall information for FortiWeb appliances and virtual appliances

  • Address List
  • Custom Signature
  • HTTP Constraint
  • HTTP Method
  • Signature
  • URL Access

Web Filtering

Records web filter events.

  • ActiveX Filter
  • Applet Filter
  • Command Block
  • Content
  • Cookie Filter
  • FortiGuard Allow
  • FortiGuard Block
  • FortiGuard Error
  • FortiGuard Quota
  • FortiGuard Quota Counting
  • FortiGuard Quota Expired
  • Script Filter
  • URL Filter
  • URL Monitor