Fortinet black logo

FortiOS Log Message Reference

Home FortiGate / FortiOS 6.0.3 FortiOS Log Message Reference

Webfilter log support for CEF

6.0.3
7.4.3
7.4.2
7.4.1
7.4.0
7.2.8
7.2.7
7.2.6
7.2.5
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0
7.0.15
7.0.14
7.0.13
7.0.12
7.0.11
7.0.10
7.0.9
7.0.8
7.0.7
7.0.6
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0
6.4.15
6.4.14
6.4.13
6.4.12
6.4.11
6.4.10
6.4.9
6.4.8
6.4.7
6.4.6
6.4.5
6.4.4
6.4.3
6.4.2
6.4.1
6.4.0
6.2.16
6.2.15
6.2.14
6.2.13
6.2.12
6.2.11
6.2.10
6.2.9
6.2.8
6.2.7
6.2.6
6.2.5
6.2.4
6.2.3
6.2.2
6.2.1
6.2.0
6.0.18
6.0.17
6.0.16
6.0.15
6.0.14
6.0.13
6.0.12
6.0.11
6.0.10
6.0.9
6.0.8
6.0.7
6.0.6
6.0.5
6.0.4
6.0.3
6.0.2
6.0.1
6.0.0
5.6.14
5.6.13
5.6.12
5.6.11
5.6.10
5.6.9
5.6.8
5.6.7
5.6.6
5.6.5
5.6.4
5.6.3
5.6.2
5.6.1
5.6.0
5.4.13
5.4.12
5.4.11
5.4.9
5.4.8
5.4.7
5.4.6
5.4.5
5.4.4
5.4.3
5.4.2
5.4.1
5.4.0
5.2.15
5.2.14
5.2.13
5.2.12
5.2.11
5.2.10
5.2.8
5.2.7
5.2.6
5.2.5
5.2.4
5.2.3
5.2.2
5.2.1
Copy Link
Copy Doc ID a4334546-1a1b-11e9-9685-f8bc1258b856:400992
Download PDF

Webfilter log support for CEF

Following is an example of a webfilter log on the FortiGate disk:

date=2016-02-12 time=11:40:47 logid=0316013056 type=utm subtype=webfilter eventtype=ftgd_blk level=warning vd="vdom1" sessionid=58014 user="" srcip=192.168.1.183 srcport=48676 srcintf="port15" dstip=202.46.41.172 dstport=80 dstintf="port19" proto=6 service=HTTP hostname="www.youku.com" profile="default" action=blocked reqtype=direct url="/" sentbyte=120 rcvdbyte=948 direction=outgoing msg="URL belongs to a denied category in policy" method=domain cat=25 catdesc="Streaming Media and Download" crscore=30 crlevel=high

Following is an example of a webfilter log sent in CEF format to a syslog server:

Feb 12 11:40:47 syslog-800c CEF:0|Fortinet|Fortigate|v5.6.0|13056|utm:webfilter ftgd_blk blocked|4|FTNTFGTlogid=0316013056 cat=utm:webfilter FTNTFGTsubtype=webfilter FTNTFGTeventtype=ftgd_blk FTNTFGTlevel=warning FTNTFGTvd=vdom1 externalId=58014 duser= src=192.168.1.183 spt=48676 deviceInboundInterface=port15 dst=202.46.41.172 dpt=80 deviceOutboundInterface=port19 proto=6 app=HTTP dhost=www.youku.com FTNTFGTprofile=default act=blocked FTNTFGTreqtype=direct request=/ out=120 in=948 deviceDirection=1 msg=URL belongs to a denied category in policy FTNTFGTmethod=domain FTNTFGTcat=25 requestContext=Streaming Media and Download FTNTFGTcrscore=30 FTNTFGTcrlevel=high

The following table maps FortiOS log field names to CEF field names.

FortiOS Log Field Name

CEF Field Name

hostname

dhost

catdesc

requestContext

Previous
Next

Webfilter log support for CEF

Following is an example of a webfilter log on the FortiGate disk:

date=2016-02-12 time=11:40:47 logid=0316013056 type=utm subtype=webfilter eventtype=ftgd_blk level=warning vd="vdom1" sessionid=58014 user="" srcip=192.168.1.183 srcport=48676 srcintf="port15" dstip=202.46.41.172 dstport=80 dstintf="port19" proto=6 service=HTTP hostname="www.youku.com" profile="default" action=blocked reqtype=direct url="/" sentbyte=120 rcvdbyte=948 direction=outgoing msg="URL belongs to a denied category in policy" method=domain cat=25 catdesc="Streaming Media and Download" crscore=30 crlevel=high

Following is an example of a webfilter log sent in CEF format to a syslog server:

Feb 12 11:40:47 syslog-800c CEF:0|Fortinet|Fortigate|v5.6.0|13056|utm:webfilter ftgd_blk blocked|4|FTNTFGTlogid=0316013056 cat=utm:webfilter FTNTFGTsubtype=webfilter FTNTFGTeventtype=ftgd_blk FTNTFGTlevel=warning FTNTFGTvd=vdom1 externalId=58014 duser= src=192.168.1.183 spt=48676 deviceInboundInterface=port15 dst=202.46.41.172 dpt=80 deviceOutboundInterface=port19 proto=6 app=HTTP dhost=www.youku.com FTNTFGTprofile=default act=blocked FTNTFGTreqtype=direct request=/ out=120 in=948 deviceDirection=1 msg=URL belongs to a denied category in policy FTNTFGTmethod=domain FTNTFGTcat=25 requestContext=Streaming Media and Download FTNTFGTcrscore=30 FTNTFGTcrlevel=high

The following table maps FortiOS log field names to CEF field names.

FortiOS Log Field Name

CEF Field Name

hostname

dhost

catdesc

requestContext

Previous
Next