Fortinet black logo

FortiOS Log Message Reference

List of log types and subtypes

List of log types and subtypes

FortiGate devices can record the following types and subtypes of log entry information:

Type

Description

Subtype

Traffic

Records traffic flow information, such as an HTTP/HTTPS request and its response, if any.

  • Forward
  • Local
  • Multicast
  • Sniffer

Event

Records system and administrative events, such as downloading a backup copy of the configuration, or daemon activities.

  • Compliance-check
  • Connector
  • Endpoint control
  • FortiExtender
  • High Availability
  • Router
  • Security-audit
  • System
  • User
  • Virtual Private Network (VPN)
  • WAD
  • Wireless

UTM

Records UTM events.

See list of UTM log subtypes below


UTM log subtypes

UTM Log Subtypes

Description

Event Type

Virus

Records virus attacks.

  • Analytics
  • Filename
  • Filetype Executable
  • Infected
  • Malware list
  • Mime Fragmented
  • Outbreak-prevention
  • Oversized
  • Scan Error
  • Suspicious
  • Switch Proto

Web Filter

Records web filter events.

  • ActiveX Filter
  • Applet Filter
  • webfilter_command_block
  • Content
  • Cookie Filter
  • FortiGuard Allow
  • FortiGuard Block
  • FortiGuard Quota Counting
  • FortiGuard Quota Expired
  • Script Filter
  • URL Filter

IPS

Records intrusion prevention events.

  • Botnet
  • Malicious URL
  • Signature

Email Filter

Records email filter events.

  • Carrier Endpoint Filter
  • File Filter
  • FTGD Error
  • Google Gmail
  • IMAP
  • MAPI
  • MMS
  • MSN Hotmail
  • POP3
  • SMTP
  • Yahoo Mail

Anomaly

Records intrusion attempts.

  • Anomaly

VoIP

Records voice over IP events.

  • VoIP

DLP

Records data leak prevention events.

  • DLP
  • Document Source

App-CTRL

Records intrusion attempts. Application Control log is output when a signature matches an application pattern.

  • Signature
  • Port-violation
  • Protocol-violation

WAF

Records web application firewall information for FortiWeb appliances and virtual appliances.

  • Address List
  • Custom Signature
  • HTTP Constraint
  • HTTP Method
  • Signature
  • URL access

DNS

Records domain name server events.

  • DNS-query
  • DNS-response

SSH

Records Secure Socket Shell events.

  • SSH Channel
  • SSH Command

SSL

Records detected/blocked malicious SSL connections.

  • SSL anomalies
  • SSL exempt

CIFS

Records CIFS file filter events.

  • CIFS-auth-all

File Filter

Records file filter events.

  • File-filter

List of log types and subtypes

FortiGate devices can record the following types and subtypes of log entry information:

Type

Description

Subtype

Traffic

Records traffic flow information, such as an HTTP/HTTPS request and its response, if any.

  • Forward
  • Local
  • Multicast
  • Sniffer

Event

Records system and administrative events, such as downloading a backup copy of the configuration, or daemon activities.

  • Compliance-check
  • Connector
  • Endpoint control
  • FortiExtender
  • High Availability
  • Router
  • Security-audit
  • System
  • User
  • Virtual Private Network (VPN)
  • WAD
  • Wireless

UTM

Records UTM events.

See list of UTM log subtypes below


UTM log subtypes

UTM Log Subtypes

Description

Event Type

Virus

Records virus attacks.

  • Analytics
  • Filename
  • Filetype Executable
  • Infected
  • Malware list
  • Mime Fragmented
  • Outbreak-prevention
  • Oversized
  • Scan Error
  • Suspicious
  • Switch Proto

Web Filter

Records web filter events.

  • ActiveX Filter
  • Applet Filter
  • webfilter_command_block
  • Content
  • Cookie Filter
  • FortiGuard Allow
  • FortiGuard Block
  • FortiGuard Quota Counting
  • FortiGuard Quota Expired
  • Script Filter
  • URL Filter

IPS

Records intrusion prevention events.

  • Botnet
  • Malicious URL
  • Signature

Email Filter

Records email filter events.

  • Carrier Endpoint Filter
  • File Filter
  • FTGD Error
  • Google Gmail
  • IMAP
  • MAPI
  • MMS
  • MSN Hotmail
  • POP3
  • SMTP
  • Yahoo Mail

Anomaly

Records intrusion attempts.

  • Anomaly

VoIP

Records voice over IP events.

  • VoIP

DLP

Records data leak prevention events.

  • DLP
  • Document Source

App-CTRL

Records intrusion attempts. Application Control log is output when a signature matches an application pattern.

  • Signature
  • Port-violation
  • Protocol-violation

WAF

Records web application firewall information for FortiWeb appliances and virtual appliances.

  • Address List
  • Custom Signature
  • HTTP Constraint
  • HTTP Method
  • Signature
  • URL access

DNS

Records domain name server events.

  • DNS-query
  • DNS-response

SSH

Records Secure Socket Shell events.

  • SSH Channel
  • SSH Command

SSL

Records detected/blocked malicious SSL connections.

  • SSL anomalies
  • SSL exempt

CIFS

Records CIFS file filter events.

  • CIFS-auth-all

File Filter

Records file filter events.

  • File-filter