Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • FortiOS Log Message Reference

    Home FortiGate / FortiOS 6.2.1 FortiOS Log Message Reference
    6.2.1
    7.6.0
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.16
    7.0.15
    7.0.14
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.15
    6.4.14
    6.4.13
    6.4.12
    6.4.11
    6.4.10
    6.4.9
    6.4.8
    6.4.7
    6.4.6
    6.4.5
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.2.16
    6.2.15
    6.2.14
    6.2.13
    6.2.12
    6.2.11
    6.2.10
    6.2.9
    6.2.8
    6.2.7
    6.2.6
    6.2.5
    6.2.4
    6.2.3
    6.2.2
    6.2.1
    6.2.0
    6.0.18
    6.0.17
    6.0.16
    6.0.15
    6.0.14
    6.0.13
    6.0.12
    6.0.11
    6.0.10
    6.0.9
    6.0.8
    6.0.7
    6.0.6
    6.0.5
    6.0.4
    6.0.3
    6.0.2
    6.0.1
    6.0.0
    5.6.14
    5.6.13
    5.6.12
    5.6.11
    5.6.10
    5.6.9
    5.6.8
    5.6.7
    5.6.6
    5.6.5
    5.6.4
    5.6.3
    5.6.2
    5.6.1
    5.6.0
    5.4.13
    5.4.12
    5.4.11
    5.4.9
    5.4.8
    5.4.7
    5.4.6
    5.4.5
    5.4.4
    5.4.3
    5.4.2
    5.4.1
    5.4.0
    5.2.15
    5.2.14
    5.2.13
    5.2.12
    5.2.11
    5.2.10
    5.2.8
    5.2.7
    5.2.6
    5.2.5
    5.2.4
    5.2.3
    5.2.2
    5.2.1

    List of log types and subtypes

    List of log types and subtypes

    FortiGate devices can record the following types and subtypes of log entry information:

    Type

    Description

    Subtype

    Traffic

    Records traffic flow information, such as an HTTP/HTTPS request and its response, if any.
    • Forward
    • Local
    • Multicast
    • Sniffer

    Event

    Records system and administrative events, such as downloading a backup copy of the configuration, or daemon activities.
    • Compliance-check
    • Connector
    • Endpoint control
    • FortiExtender
    • High Availability
    • Router
    • Security-audit
    • System
    • User
    • Virtual Private Network (VPN)
    • WAD
    • Wireless

    UTM

    Records UTM events.

    See list of UTM log subtypes below

    UTM log subtypes

    UTM Log Subtypes

    Description

    Event Type

    Virus

    Records virus attacks.
    • Analytics
    • Filename
    • Filetype Executable
    • Infected
    • Malware list
    • Mime Fragmented
    • Outbreak-prevention
    • Oversized
    • Scan Error
    • Suspicious
    • Switch Proto

    Web Filter

    Records web filter events.
    • ActiveX Filter
    • Applet Filter
    • webfilter_command_block
    • Content
    • Cookie Filter
    • FortiGuard Allow
    • FortiGuard Block
    • FortiGuard Quota Counting
    • FortiGuard Quota Expired
    • Script Filter
    • URL Filter

    IPS

    Records intrusion prevention events.
    • Botnet
    • Malicious URL
    • Signature

    Email Filter

    Records email filter events.
    • Carrier Endpoint Filter
    • File Filter
    • FTGD Error
    • Google Gmail
    • IMAP
    • MAPI
    • MMS
    • MSN Hotmail
    • POP3
    • SMTP
    • Yahoo Mail

    Anomaly

    Records intrusion attempts.
    • Anomaly

    VoIP

    Records voice over IP events.
    • VoIP

    DLP

    Records data leak prevention events.
    • DLP
    • Document Source

    App-CTRL

    Records intrusion attempts. Application Control log is output when a signature matches an application pattern.
    • Signature
    • Port-violation
    • Protocol-violation

    WAF

    Records web application firewall information for FortiWeb appliances and virtual appliances.
    • Address List
    • Custom Signature
    • HTTP Constraint
    • HTTP Method
    • Signature
    • URL access

    DNS

    Records domain name server events.
    • DNS-query
    • DNS-response

    SSH

    Records Secure Socket Shell events.
    • SSH Channel
    • SSH Command

    SSL

    Records detected/blocked malicious SSL connections.
    • SSL anomalies
    • SSL exempt

    CIFS

    Records CIFS file filter events.
    • CIFS-auth-all

    File Filter

    Records file filter events.
    • File-filter
    Previous
    Next

    List of log types and subtypes

    List of log types and subtypes

    FortiGate devices can record the following types and subtypes of log entry information:

    Type

    Description

    Subtype

    Traffic

    Records traffic flow information, such as an HTTP/HTTPS request and its response, if any.
    • Forward
    • Local
    • Multicast
    • Sniffer

    Event

    Records system and administrative events, such as downloading a backup copy of the configuration, or daemon activities.
    • Compliance-check
    • Connector
    • Endpoint control
    • FortiExtender
    • High Availability
    • Router
    • Security-audit
    • System
    • User
    • Virtual Private Network (VPN)
    • WAD
    • Wireless

    UTM

    Records UTM events.

    See list of UTM log subtypes below

    UTM log subtypes

    UTM Log Subtypes

    Description

    Event Type

    Virus

    Records virus attacks.
    • Analytics
    • Filename
    • Filetype Executable
    • Infected
    • Malware list
    • Mime Fragmented
    • Outbreak-prevention
    • Oversized
    • Scan Error
    • Suspicious
    • Switch Proto

    Web Filter

    Records web filter events.
    • ActiveX Filter
    • Applet Filter
    • webfilter_command_block
    • Content
    • Cookie Filter
    • FortiGuard Allow
    • FortiGuard Block
    • FortiGuard Quota Counting
    • FortiGuard Quota Expired
    • Script Filter
    • URL Filter

    IPS

    Records intrusion prevention events.
    • Botnet
    • Malicious URL
    • Signature

    Email Filter

    Records email filter events.
    • Carrier Endpoint Filter
    • File Filter
    • FTGD Error
    • Google Gmail
    • IMAP
    • MAPI
    • MMS
    • MSN Hotmail
    • POP3
    • SMTP
    • Yahoo Mail

    Anomaly

    Records intrusion attempts.
    • Anomaly

    VoIP

    Records voice over IP events.
    • VoIP

    DLP

    Records data leak prevention events.
    • DLP
    • Document Source

    App-CTRL

    Records intrusion attempts. Application Control log is output when a signature matches an application pattern.
    • Signature
    • Port-violation
    • Protocol-violation

    WAF

    Records web application firewall information for FortiWeb appliances and virtual appliances.
    • Address List
    • Custom Signature
    • HTTP Constraint
    • HTTP Method
    • Signature
    • URL access

    DNS

    Records domain name server events.
    • DNS-query
    • DNS-response

    SSH

    Records Secure Socket Shell events.
    • SSH Channel
    • SSH Command

    SSL

    Records detected/blocked malicious SSL connections.
    • SSL anomalies
    • SSL exempt

    CIFS

    Records CIFS file filter events.
    • CIFS-auth-all

    File Filter

    Records file filter events.
    • File-filter
    Previous
    Next