Fortinet black logo

FortiOS Log Message Reference

List of log types and subtypes

List of log types and subtypes

FortiGate devices can record the following types and subtypes of log entry information:

Type

Description

Subtype

Anomaly

Records intrusion attempts.

  • Anomaly

App

Records intrusion attempts. Application Control log is output when a signature matches an application pattern.

  • App-CTRL-All

AV

Records virus attacks.

  • Analytics
  • Filename (Blocked)
  • Filetype Executable
  • Infected
  • Malware list
  • Mime Fragmented
  • Oversized
  • Scan Error
  • Suspicious
  • Switch Proto

CIFS

Records CIFS file filter events

  • CIFS file filter

DLP

Records data leak prevention events.

  • DLP
  • Document Source

DNS

Records domain name server events.

  • DNS-query
  • DNS-response

Email

Records email filter events.

  • Carrier Endpoint Filter
  • File Filter
  • FTGD Error
  • Google Gmail
  • IMAP
  • MAPI
  • MMS
  • MSN Hotmail
  • POP3
  • SMTP
  • Yahoo Mail

Event

Records system and administrative events, such as downloading a backup copy of the configuration, or daemon activities.

  • Compliance-check
  • Connector
  • Endpoint Control
  • FortiExtender
  • High Availability
  • Router
  • Security-audit
  • System
  • User
  • Virtual Private Network (VPN)
  • WAD
  • Wireless

GTP

Records GPRS Tunneling Protocol (GTP) traffic for FortiCarrier devices.

  • GTP-All

IPS

Records intrusion prevention events.

  • Botnet
  • Malicious URL
  • Signature

SSH

Records Secure Socket Shell events.

  • SSH Channel
  • SSH Command

SSL

Records detected/blocked malicious SSL connections

  • SSL anomalies
  • SSL exempt

Traffic

Records traffic flow information, such as an HTTP/HTTPS request and its response, if any.

  • Forward
  • Local
  • Multicast
  • Sniffer

VoIP

Records voice over IP events.

  • VoIP

WAF

Records web application firewall information for FortiWeb appliances and virtual appliances

  • Address List
  • Custom Signature
  • HTTP Constraint
  • HTTP Method
  • Signature
  • URL Access

Web Filtering

Records web filter events.

  • ActiveX Filter
  • Applet Filter
  • Command Block
  • Content
  • Cookie Filter
  • File Filter
  • FortiGuard Allow
  • FortiGuard Block
  • FortiGuard Error
  • FortiGuard Quota
  • FortiGuard Quota Counting
  • FortiGuard Quota Expired
  • Script Filter
  • URL Filter
  • URL Monitor

List of log types and subtypes

FortiGate devices can record the following types and subtypes of log entry information:

Type

Description

Subtype

Anomaly

Records intrusion attempts.

  • Anomaly

App

Records intrusion attempts. Application Control log is output when a signature matches an application pattern.

  • App-CTRL-All

AV

Records virus attacks.

  • Analytics
  • Filename (Blocked)
  • Filetype Executable
  • Infected
  • Malware list
  • Mime Fragmented
  • Oversized
  • Scan Error
  • Suspicious
  • Switch Proto

CIFS

Records CIFS file filter events

  • CIFS file filter

DLP

Records data leak prevention events.

  • DLP
  • Document Source

DNS

Records domain name server events.

  • DNS-query
  • DNS-response

Email

Records email filter events.

  • Carrier Endpoint Filter
  • File Filter
  • FTGD Error
  • Google Gmail
  • IMAP
  • MAPI
  • MMS
  • MSN Hotmail
  • POP3
  • SMTP
  • Yahoo Mail

Event

Records system and administrative events, such as downloading a backup copy of the configuration, or daemon activities.

  • Compliance-check
  • Connector
  • Endpoint Control
  • FortiExtender
  • High Availability
  • Router
  • Security-audit
  • System
  • User
  • Virtual Private Network (VPN)
  • WAD
  • Wireless

GTP

Records GPRS Tunneling Protocol (GTP) traffic for FortiCarrier devices.

  • GTP-All

IPS

Records intrusion prevention events.

  • Botnet
  • Malicious URL
  • Signature

SSH

Records Secure Socket Shell events.

  • SSH Channel
  • SSH Command

SSL

Records detected/blocked malicious SSL connections

  • SSL anomalies
  • SSL exempt

Traffic

Records traffic flow information, such as an HTTP/HTTPS request and its response, if any.

  • Forward
  • Local
  • Multicast
  • Sniffer

VoIP

Records voice over IP events.

  • VoIP

WAF

Records web application firewall information for FortiWeb appliances and virtual appliances

  • Address List
  • Custom Signature
  • HTTP Constraint
  • HTTP Method
  • Signature
  • URL Access

Web Filtering

Records web filter events.

  • ActiveX Filter
  • Applet Filter
  • Command Block
  • Content
  • Cookie Filter
  • File Filter
  • FortiGuard Allow
  • FortiGuard Block
  • FortiGuard Error
  • FortiGuard Quota
  • FortiGuard Quota Counting
  • FortiGuard Quota Expired
  • Script Filter
  • URL Filter
  • URL Monitor