Fortinet white logo
Fortinet white logo

FortiOS Log Message Reference

3 - LOG_ID_TRAFFIC_DENY

3 - LOG_ID_TRAFFIC_DENY

Message ID: 3

Message Description: LOG_ID_TRAFFIC_DENY

Message Meaning: Traffic violation

Type: Traffic

Category: FORWARD

Severity: Warning

Log Field Name

Description

Data Type

Length

action

status of the session. Uses following definition: - Deny = blocked by firewall policy. - Start = session start log (special option to enable logging at start of a session). This means firewall allowed. - All Others = allowed by Firewall Policy and the status indicates how it was closed.

string

16

app

Application name

string

96

appact

The security action from app control

string

16

appcat

Application category

string

64

appid

Application ID

uint32

10

applist

Application Control profile (name)

string

64

apprisk

Application Risk Level

string

16

collectedemail

string

66

comment

string

1024

date

Date

string

10

devcategory

string

32

devid

Device serial number

string

16

devtype

Device type

string

32

dstcollectedemail

string

66

dstdevcategory

string

32

dstdevtype

string

32

dstintf

Destination Interface

string

32

dstintfrole

string

10

dstip

Destination IP Address

ip

39

dstmac

string

17

dstname

The destination name.

string

66

dstosname

string

66

dstosversion

string

66

dstport

Destination Port

uint16

5

dstserver

uint32

10

dstssid

Destination SSID

string

33

dstunauthuser

string

66

dstunauthusersource

string

66

dstuuid

UUID of the Destination IP address

string

37

duration

Duration of the session

uint32

10

eventtime

uint64

20

fctuid

string

32

group

User group name

string

64

level

Log Level

string

11

logid

Log ID

string

10

masterdstmac

string

17

mastersrcmac

The master MAC address for a host that has multiple network interfaces

string

17

msg

Log message

string

64

osname

Name of the device's OS

string

66

osversion

string

66

policyid

Firewall Policy ID

uint32

10

policyname

string

36

policytype

string

24

poluuid

UUID of the Firewall Policy

string

37

proto

protocol number

uint8

3

rcvdbyte

Received Bytes

uint64

20

sentbyte

Sent Bytes

uint64

20

service

Name of service

string

63

sessionid

Session ID

uint32

10

shaperdroprcvdbyte

Received bytes dropped by shaper

uint32

10

shaperdropsentbyte

Sent bytes dropped by shaper

uint32

10

shaperperipdropbyte

Dropped bytes per IP by shaper

uint32

10

shaperperipname

Traffic shaper name (per IP)

string

36

shaperrcvdname

Traffic shaper name for received traffic

string

36

shapersentname

Traffic shaper name for sent traffic

string

36

srcintf

Source interface name

string

32

srcintfrole

string

10

srcip

Source IP address

ip

39

srcmac

MAC address associated with the Source IP

string

17

srcname

Source name

string

66

srcport

Source port number

uint16

5

srcserver

uint32

10

srcssid

Source SSID

string

33

srcuuid

UUID of the Source IP Address

string

37

subtype

Subtype of the traffic

string

20

time

Time

string

8

trandisp

NAT translation type

string

16

tranip

NAT destination IP

ip

39

tranport

NAT Destination Port

uint16

5

transip

NAT Source IP

ip

39

transport

NAT Source Port

uint16

5

type

Log type

string

16

unauthuser

Unauthenticated user name

string

66

unauthuser

Unauthenticated user name

string

66

unauthusersource

The method used to detect unauthenticated user name

string

66

unauthusersource

The method used to detect unauthenticated user name

string

66

user

User name

string

256

vd

Virtual domain name

string

32

vpn

The name of the VPN tunnel

string

32

vpntype

The type of the VPN tunnel

string

14

vrf

uint8

3

vwpvlanid

uint32

10

3 - LOG_ID_TRAFFIC_DENY

3 - LOG_ID_TRAFFIC_DENY

Message ID: 3

Message Description: LOG_ID_TRAFFIC_DENY

Message Meaning: Traffic violation

Type: Traffic

Category: FORWARD

Severity: Warning

Log Field Name

Description

Data Type

Length

action

status of the session. Uses following definition: - Deny = blocked by firewall policy. - Start = session start log (special option to enable logging at start of a session). This means firewall allowed. - All Others = allowed by Firewall Policy and the status indicates how it was closed.

string

16

app

Application name

string

96

appact

The security action from app control

string

16

appcat

Application category

string

64

appid

Application ID

uint32

10

applist

Application Control profile (name)

string

64

apprisk

Application Risk Level

string

16

collectedemail

string

66

comment

string

1024

date

Date

string

10

devcategory

string

32

devid

Device serial number

string

16

devtype

Device type

string

32

dstcollectedemail

string

66

dstdevcategory

string

32

dstdevtype

string

32

dstintf

Destination Interface

string

32

dstintfrole

string

10

dstip

Destination IP Address

ip

39

dstmac

string

17

dstname

The destination name.

string

66

dstosname

string

66

dstosversion

string

66

dstport

Destination Port

uint16

5

dstserver

uint32

10

dstssid

Destination SSID

string

33

dstunauthuser

string

66

dstunauthusersource

string

66

dstuuid

UUID of the Destination IP address

string

37

duration

Duration of the session

uint32

10

eventtime

uint64

20

fctuid

string

32

group

User group name

string

64

level

Log Level

string

11

logid

Log ID

string

10

masterdstmac

string

17

mastersrcmac

The master MAC address for a host that has multiple network interfaces

string

17

msg

Log message

string

64

osname

Name of the device's OS

string

66

osversion

string

66

policyid

Firewall Policy ID

uint32

10

policyname

string

36

policytype

string

24

poluuid

UUID of the Firewall Policy

string

37

proto

protocol number

uint8

3

rcvdbyte

Received Bytes

uint64

20

sentbyte

Sent Bytes

uint64

20

service

Name of service

string

63

sessionid

Session ID

uint32

10

shaperdroprcvdbyte

Received bytes dropped by shaper

uint32

10

shaperdropsentbyte

Sent bytes dropped by shaper

uint32

10

shaperperipdropbyte

Dropped bytes per IP by shaper

uint32

10

shaperperipname

Traffic shaper name (per IP)

string

36

shaperrcvdname

Traffic shaper name for received traffic

string

36

shapersentname

Traffic shaper name for sent traffic

string

36

srcintf

Source interface name

string

32

srcintfrole

string

10

srcip

Source IP address

ip

39

srcmac

MAC address associated with the Source IP

string

17

srcname

Source name

string

66

srcport

Source port number

uint16

5

srcserver

uint32

10

srcssid

Source SSID

string

33

srcuuid

UUID of the Source IP Address

string

37

subtype

Subtype of the traffic

string

20

time

Time

string

8

trandisp

NAT translation type

string

16

tranip

NAT destination IP

ip

39

tranport

NAT Destination Port

uint16

5

transip

NAT Source IP

ip

39

transport

NAT Source Port

uint16

5

type

Log type

string

16

unauthuser

Unauthenticated user name

string

66

unauthuser

Unauthenticated user name

string

66

unauthusersource

The method used to detect unauthenticated user name

string

66

unauthusersource

The method used to detect unauthenticated user name

string

66

user

User name

string

256

vd

Virtual domain name

string

32

vpn

The name of the VPN tunnel

string

32

vpntype

The type of the VPN tunnel

string

14

vrf

uint8

3

vwpvlanid

uint32

10