Fortinet black logo

FortiOS Log Message Reference

Home FortiGate / FortiOS 6.0.16 FortiOS Log Message Reference

List of log types and subtypes

6.0.16
7.4.3
7.4.2
7.4.1
7.4.0
7.2.8
7.2.7
7.2.6
7.2.5
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0
7.0.15
7.0.14
7.0.13
7.0.12
7.0.11
7.0.10
7.0.9
7.0.8
7.0.7
7.0.6
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0
6.4.15
6.4.14
6.4.13
6.4.12
6.4.11
6.4.10
6.4.9
6.4.8
6.4.7
6.4.6
6.4.5
6.4.4
6.4.3
6.4.2
6.4.1
6.4.0
6.2.16
6.2.15
6.2.14
6.2.13
6.2.12
6.2.11
6.2.10
6.2.9
6.2.8
6.2.7
6.2.6
6.2.5
6.2.4
6.2.3
6.2.2
6.2.1
6.2.0
6.0.18
6.0.17
6.0.16
6.0.15
6.0.14
6.0.13
6.0.12
6.0.11
6.0.10
6.0.9
6.0.8
6.0.7
6.0.6
6.0.5
6.0.4
6.0.3
6.0.2
6.0.1
6.0.0
5.6.14
5.6.13
5.6.12
5.6.11
5.6.10
5.6.9
5.6.8
5.6.7
5.6.6
5.6.5
5.6.4
5.6.3
5.6.2
5.6.1
5.6.0
5.4.13
5.4.12
5.4.11
5.4.9
5.4.8
5.4.7
5.4.6
5.4.5
5.4.4
5.4.3
5.4.2
5.4.1
5.4.0
5.2.15
5.2.14
5.2.13
5.2.12
5.2.11
5.2.10
5.2.8
5.2.7
5.2.6
5.2.5
5.2.4
5.2.3
5.2.2
5.2.1
Copy Link
Copy Doc ID e5d0114e-7c0c-11ed-8e6d-fa163e15d75b:160372
Download PDF

List of log types and subtypes

FortiGate devices can record the following types and subtypes of log entry information:

Type

Description

Subtype

Traffic

Records traffic flow information, such as an HTTP/HTTPS request and its response, if any.

  • FORWARD

  • LOCAL

  • MULTICAST

  • SNIFFER

Event

Records system and administrative events, such as downloading a backup copy of the configuration, or daemon activities.

  • COMPLIANCE-CHECK

  • ENDPOINT

  • HA

  • ROUTER

  • SECURITY-RATING

  • SYSTEM

  • USER

  • VPN

  • WAD

  • WIRELESS

UTM

Records UTM events.

See list of UTM log subtypes below

UTM log subtypes

UTM Log Subtypes

Description

Event Type

Anomaly

Records intrusion attempts.

  • ANOMALY

App

Records intrusion attempts. Application control log is output when a signature matches an application pattern.

  • APP-CTRL-ALL

AV

Records virus attacks.

  • ANALYTICS

  • BOTNET

  • COMMAND-BLOCKED

  • CONTENT-DISARM

  • FILENAME

  • FILETYPE-EXECUTABLE

  • INFECTED

  • MIMEFRAGMENTED

  • OVERSIZE

  • SCANERROR

  • SWITCHPROTO

DLP

Records data leak prevention events.

  • DLP

DNS

Records domain name server events.

  • DNS-QUERY

  • DNS-RESPONSE

Email

Records email filter events.

  • CARRIER-ENDPOINT-FILTER

  • GMAIL

  • IMAP

  • MAPI

  • MASS-MMS

  • MSN-HOTMAIL

  • POP3

  • SMTP

  • YAHOO-MAIL

GTP

Records GTP events.

  • GTP-ALL

IPS

Records intrusion prevention events.

  • MALICIOUS-URL

  • SIGNATURE

SSH

Records Secure Socket Shell events.

  • SSH-CHANNEL

  • SSH-COMMAND

VoIP

Records voice over IP events.

  • VOIP

WAF

Records web application firewall information for FortiWeb appliances and virtual appliances.

  • WAF-ADDRESS-LIST

  • WAF-CUSTOM-SIGNATURE

  • WAF-HTTP-CONSTRAINT

  • WAF-HTTP-METHOD

  • WAF-SIGNATURE

  • WAF-URL-ACCESS

Web

Records web filter events.

  • ACTIVEXFILTER

  • APPLETFILTER

  • CONTENT

  • COOKIEFILTER

  • FTGD_ALLOW

  • FTGD_BLK

  • FTGD_ERR

  • FTGD_QUOTA

  • FTGD_QUOTA_COUNTING

  • HTTP_HEADER_CHANGE

  • SCRIPTFILTER

  • SSL-EXEMPT

  • URLFILTER

  • WEBFILTER_COMMAND_BLOCK
Previous
Next

List of log types and subtypes

FortiGate devices can record the following types and subtypes of log entry information:

Type

Description

Subtype

Traffic

Records traffic flow information, such as an HTTP/HTTPS request and its response, if any.

  • FORWARD

  • LOCAL

  • MULTICAST

  • SNIFFER

Event

Records system and administrative events, such as downloading a backup copy of the configuration, or daemon activities.

  • COMPLIANCE-CHECK

  • ENDPOINT

  • HA

  • ROUTER

  • SECURITY-RATING

  • SYSTEM

  • USER

  • VPN

  • WAD

  • WIRELESS

UTM

Records UTM events.

See list of UTM log subtypes below

UTM log subtypes

UTM Log Subtypes

Description

Event Type

Anomaly

Records intrusion attempts.

  • ANOMALY

App

Records intrusion attempts. Application control log is output when a signature matches an application pattern.

  • APP-CTRL-ALL

AV

Records virus attacks.

  • ANALYTICS

  • BOTNET

  • COMMAND-BLOCKED

  • CONTENT-DISARM

  • FILENAME

  • FILETYPE-EXECUTABLE

  • INFECTED

  • MIMEFRAGMENTED

  • OVERSIZE

  • SCANERROR

  • SWITCHPROTO

DLP

Records data leak prevention events.

  • DLP

DNS

Records domain name server events.

  • DNS-QUERY

  • DNS-RESPONSE

Email

Records email filter events.

  • CARRIER-ENDPOINT-FILTER

  • GMAIL

  • IMAP

  • MAPI

  • MASS-MMS

  • MSN-HOTMAIL

  • POP3

  • SMTP

  • YAHOO-MAIL

GTP

Records GTP events.

  • GTP-ALL

IPS

Records intrusion prevention events.

  • MALICIOUS-URL

  • SIGNATURE

SSH

Records Secure Socket Shell events.

  • SSH-CHANNEL

  • SSH-COMMAND

VoIP

Records voice over IP events.

  • VOIP

WAF

Records web application firewall information for FortiWeb appliances and virtual appliances.

  • WAF-ADDRESS-LIST

  • WAF-CUSTOM-SIGNATURE

  • WAF-HTTP-CONSTRAINT

  • WAF-HTTP-METHOD

  • WAF-SIGNATURE

  • WAF-URL-ACCESS

Web

Records web filter events.

  • ACTIVEXFILTER

  • APPLETFILTER

  • CONTENT

  • COOKIEFILTER

  • FTGD_ALLOW

  • FTGD_BLK

  • FTGD_ERR

  • FTGD_QUOTA

  • FTGD_QUOTA_COUNTING

  • HTTP_HEADER_CHANGE

  • SCRIPTFILTER

  • SSL-EXEMPT

  • URLFILTER

  • WEBFILTER_COMMAND_BLOCK
Previous
Next