Fortinet black logo

FortiOS Log Message Reference

Log ID definitions

Log ID definitions

Following are the definitions for the log type IDs and subtype IDs applicable to FortiOS version 5.2.1 and later.

Log Type IDs

Subtype IDs

traffic: 0

  • forward: 0
  • local: 1
  • multicast: 2
  • sniffer: 4

event: 1

  • system: 0
  • vpn: 1
  • user: 2
  • router: 3
  • wireless: 4
  • wad: 5
  • endpoint: 7
  • ha: 8
  • compliance-check: 9
  • security_audit: 10

virus: 2

  • infected: 11
  • blocked: 12
  • oversized: 13
  • scanerror: 62
  • suspicious: 0
  • analytics: 1
  • switchproto: 63
  • mimefragmented: 61
  • virus_filetype_exe: 3
  • botnet: 2

webfilter: 3

  • content: 14
  • urlfilter: 15
  • ftgd_blk: 16
  • ftgd_allow: 17
  • ftgd_err: 18
  • url_monitor: 19
  • scriptfilter_activex: 35
  • scriptfilter_ cookie: 36
  • scriptfilter_applet: 37
  • ftgd_quota_counting: 38
  • ftgd_quota_expired: 39
  • ftgd_quota: 40
  • scriptfilter_other: 41
  • webfilter_command_block: 43

ips: 4

  • signature: 19
  • malicious_url: 21

antispam: 5

  • smtp: 8
  • pop3: 9
  • imap: 10
  • mapi: 11
  • endpoint_filter: 47
  • mms: 52
  • msn: 5
  • yahoo: 6
  • google: 7
  • ftgd_err: 53

anomaly: 7

  • anomaly: 20

voip: 8

  • viop: 14

dlp: 9

  • dlp: 54
  • dlp-docsource: 55

app_ctrl: 10

  • app-ctrl-all: 59

WAF: 12

  • signature: 0
  • custom_signature: 1
  • method: 2
  • constraints: 3
  • address_list: 4
  • url_access: 5

GTP: 14

  • all: 0

DNS: 15

  • dns-query: 0
  • dns-response: 1

SSH: 16

  • ssh-command: 0
  • ssh-channel: 1

Log ID definitions

Following are the definitions for the log type IDs and subtype IDs applicable to FortiOS version 5.2.1 and later.

Log Type IDs

Subtype IDs

traffic: 0

  • forward: 0
  • local: 1
  • multicast: 2
  • sniffer: 4

event: 1

  • system: 0
  • vpn: 1
  • user: 2
  • router: 3
  • wireless: 4
  • wad: 5
  • endpoint: 7
  • ha: 8
  • compliance-check: 9
  • security_audit: 10

virus: 2

  • infected: 11
  • blocked: 12
  • oversized: 13
  • scanerror: 62
  • suspicious: 0
  • analytics: 1
  • switchproto: 63
  • mimefragmented: 61
  • virus_filetype_exe: 3
  • botnet: 2

webfilter: 3

  • content: 14
  • urlfilter: 15
  • ftgd_blk: 16
  • ftgd_allow: 17
  • ftgd_err: 18
  • url_monitor: 19
  • scriptfilter_activex: 35
  • scriptfilter_ cookie: 36
  • scriptfilter_applet: 37
  • ftgd_quota_counting: 38
  • ftgd_quota_expired: 39
  • ftgd_quota: 40
  • scriptfilter_other: 41
  • webfilter_command_block: 43

ips: 4

  • signature: 19
  • malicious_url: 21

antispam: 5

  • smtp: 8
  • pop3: 9
  • imap: 10
  • mapi: 11
  • endpoint_filter: 47
  • mms: 52
  • msn: 5
  • yahoo: 6
  • google: 7
  • ftgd_err: 53

anomaly: 7

  • anomaly: 20

voip: 8

  • viop: 14

dlp: 9

  • dlp: 54
  • dlp-docsource: 55

app_ctrl: 10

  • app-ctrl-all: 59

WAF: 12

  • signature: 0
  • custom_signature: 1
  • method: 2
  • constraints: 3
  • address_list: 4
  • url_access: 5

GTP: 14

  • all: 0

DNS: 15

  • dns-query: 0
  • dns-response: 1

SSH: 16

  • ssh-command: 0
  • ssh-channel: 1