Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY 6.0.13
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    FortiOS Log Message Reference

    Home FortiGate / FortiOS 6.0.13 FortiOS Log Message Reference
    6.0.13
    7.6.6
    7.6.5
    7.6.4
    7.6.3
    7.6.2
    7.6.1
    7.6.0
    7.4.11
    7.4.10
    7.4.9
    7.4.8
    7.4.7
    7.4.6
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.13
    7.2.12
    7.2.11
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.19
    7.0.18
    7.0.17
    7.0.16
    7.0.15
    7.0.14
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.0
    6.2.0
    6.0.18
    6.0.17
    6.0.16
    6.0.15
    6.0.14
    6.0.13
    6.0.12
    6.0.11
    6.0.10
    6.0.9
    6.0.8
    6.0.7
    6.0.6
    6.0.5
    6.0.4
    6.0.3
    6.0.2
    6.0.1
    6.0.0
    5.6.14
    5.6.13
    5.6.12
    5.6.11
    5.6.10
    5.6.9
    5.6.8
    5.6.7
    5.6.6
    5.6.5
    5.6.4
    5.6.3
    5.6.2
    5.6.1
    5.6.0
    5.4.13
    5.4.12
    5.4.11
    5.4.9
    5.4.8
    5.4.7
    5.4.6
    5.4.5
    5.4.4
    5.4.3
    5.4.2
    5.4.1
    5.4.0
    5.2.15
    5.2.14
    5.2.13
    5.2.12
    5.2.11
    5.2.10
    5.2.8
    5.2.7
    5.2.6
    5.2.5
    5.2.4
    5.2.3
    5.2.2
    5.2.1

    30260 - LOGID_WAF_URL_ACCESS_BYPASS

    30260 - LOGID_WAF_URL_ACCESS_BYPASS

    Message ID: 30260

    Message Description: LOGID_WAF_URL_ACCESS_BYPASS

    Message Meaning: Web application firewall allowed application by URL access bypass

    Type: WAF

    Category: WAF-URL-ACCESS

    Severity: Warning

    Log Field Name

    Description

    Data Type

    Length

    action

    status of the session. Uses following definition: - Deny = blocked by firewall policy. - Start = session start log (special option to enable logging at start of a session). This means firewall allowed. - All Others = allowed by Firewall Policy and the status indicates how it was closed.

    string

    17

    agent

    Agent

    string

    64

    date

    Date

    string

    10

    direction

    Direction

    string

    dstintf

    Destination Interface

    string

    32

    dstintfrole

    string

    10

    dstip

    Destination IP Address

    ip

    39

    dstport

    Destination Port

    uint16

    5

    eventid

    Event ID

    uint32

    10

    eventtime

    uint64

    20

    eventtype

    Event Type

    string

    32

    fctuid

    string

    32

    group

    User Group Name

    string

    64

    level

    Log Level

    string

    11

    logid

    Log ID

    string

    10

    policyid

    Policy ID

    uint32

    10

    profile

    Full profile name

    string

    64

    proto

    Protocol

    uint8

    3

    service

    Service name

    string

    5

    sessionid

    Session ID

    uint32

    10

    severity

    Severity

    string

    6

    srcintf

    Source Interface

    string

    32

    srcintfrole

    string

    10

    srcip

    Source IP Address

    ip

    39

    srcport

    Source Port

    uint16

    5

    subtype

    Log Subtype

    string

    20

    time

    Time

    string

    8

    type

    Log Type

    string

    16

    unauthuser

    string

    66

    unauthusersource

    string

    66

    url

    URL

    string

    512

    user

    User Name

    string

    256

    vd

    Virtual Domain Name

    string

    32
    Previous
    Next

    30260 - LOGID_WAF_URL_ACCESS_BYPASS

    30260 - LOGID_WAF_URL_ACCESS_BYPASS

    Message ID: 30260

    Message Description: LOGID_WAF_URL_ACCESS_BYPASS

    Message Meaning: Web application firewall allowed application by URL access bypass

    Type: WAF

    Category: WAF-URL-ACCESS

    Severity: Warning

    Log Field Name

    Description

    Data Type

    Length

    action

    status of the session. Uses following definition: - Deny = blocked by firewall policy. - Start = session start log (special option to enable logging at start of a session). This means firewall allowed. - All Others = allowed by Firewall Policy and the status indicates how it was closed.

    string

    17

    agent

    Agent

    string

    64

    date

    Date

    string

    10

    direction

    Direction

    string

    dstintf

    Destination Interface

    string

    32

    dstintfrole

    string

    10

    dstip

    Destination IP Address

    ip

    39

    dstport

    Destination Port

    uint16

    5

    eventid

    Event ID

    uint32

    10

    eventtime

    uint64

    20

    eventtype

    Event Type

    string

    32

    fctuid

    string

    32

    group

    User Group Name

    string

    64

    level

    Log Level

    string

    11

    logid

    Log ID

    string

    10

    policyid

    Policy ID

    uint32

    10

    profile

    Full profile name

    string

    64

    proto

    Protocol

    uint8

    3

    service

    Service name

    string

    5

    sessionid

    Session ID

    uint32

    10

    severity

    Severity

    string

    6

    srcintf

    Source Interface

    string

    32

    srcintfrole

    string

    10

    srcip

    Source IP Address

    ip

    39

    srcport

    Source Port

    uint16

    5

    subtype

    Log Subtype

    string

    20

    time

    Time

    string

    8

    type

    Log Type

    string

    16

    unauthuser

    string

    66

    unauthusersource

    string

    66

    url

    URL

    string

    512

    user

    User Name

    string

    256

    vd

    Virtual Domain Name

    string

    32
    Previous
    Next