Fortinet black logo

FortiOS Log Message Reference

24576 - LOG_ID_DLP_WARN

Message ID: 24576

Message Description: LOG_ID_DLP_WARN

Message Meaning: Data leak detected by specified DLP sensor rule

Type: DLP

Category: DLP

Severity: Warning

Log Field Name

Description

Data Type

Length

action

Security action performed by DLP

string

20

agent

User agent - eg. agent="Mozilla/5.0"

string

64

authserver

string

32

date

Date

string

10

devid

string

16

direction

Direction of packets

string

8

dlpextra

DLP extra information

string

256

dstintf

Destination Interface

string

32

dstintfrole

string

10

dstip

Destination IP

ip

39

dstport

Destination Port

uint16

5

epoch

Epoch used for locating file

uint32

10

eventid

The serial number of the dlparchive file in the same epoch

uint32

10

eventtime

uint64

20

eventtype

DLP event type

string

32

fctuid

string

32

filename

File name

string

256

filesize

File size in bytes

uint64

10

filetype

File type

string

23

filtercat

DLP filter category

string

8

filteridx

DLP filter ID

uint32

10

filtername

DLP rule name

string

128

filtertype

DLP filter type

string

23

forwardedfor

string

128

from

Email address from the Email Headers (IMAP/POP3/SMTP)

string

128

group

User group name

string

64

hostname

The host name of a URL

string

256

infectedfilelevel

uint32

10

infectedfilename

string

256

infectedfilesize

uint64

10

infectedfiletype

string

23

level

Log Level

string

11

logid

Log ID

string

10

policyid

Policy ID

uint32

10

profile

DLP profile name

string

64

proto

Protocol number

uint8

3

rawdata

string

20480

recipient

Email addresses from the SMTP envelope

string

512

sender

Email address from the SMTP envelope

string

128

service

Service name

string

36

sessionid

Session ID

uint32

10

severity

Severity level of a DLP rule

string

8

srcdomain

string

255

srcintf

Source Interface

string

32

srcintfrole

string

10

srcip

Source IP

ip

39

srcport

Source Port

uint16

5

subject

The subject title of the email message

string

256

subservice

string

16

subtype

Log subtype

string

20

time

Time

string

8

to

Email address(es) from the Email Headers (IMAP/POP3/SMTP)

string

512

trueclntip

ip

39

type

Log type

string

16

tz

string

5

unauthuser

string

66

unauthusersource

string

66

url

The URL address

string

512

user

User name

string

256

vd

Virtual domain name

string

32

vrf

uint8

3

Message ID: 24576

Message Description: LOG_ID_DLP_WARN

Message Meaning: Data leak detected by specified DLP sensor rule

Type: DLP

Category: DLP

Severity: Warning

Log Field Name

Description

Data Type

Length

action

Security action performed by DLP

string

20

agent

User agent - eg. agent="Mozilla/5.0"

string

64

authserver

string

32

date

Date

string

10

devid

string

16

direction

Direction of packets

string

8

dlpextra

DLP extra information

string

256

dstintf

Destination Interface

string

32

dstintfrole

string

10

dstip

Destination IP

ip

39

dstport

Destination Port

uint16

5

epoch

Epoch used for locating file

uint32

10

eventid

The serial number of the dlparchive file in the same epoch

uint32

10

eventtime

uint64

20

eventtype

DLP event type

string

32

fctuid

string

32

filename

File name

string

256

filesize

File size in bytes

uint64

10

filetype

File type

string

23

filtercat

DLP filter category

string

8

filteridx

DLP filter ID

uint32

10

filtername

DLP rule name

string

128

filtertype

DLP filter type

string

23

forwardedfor

string

128

from

Email address from the Email Headers (IMAP/POP3/SMTP)

string

128

group

User group name

string

64

hostname

The host name of a URL

string

256

infectedfilelevel

uint32

10

infectedfilename

string

256

infectedfilesize

uint64

10

infectedfiletype

string

23

level

Log Level

string

11

logid

Log ID

string

10

policyid

Policy ID

uint32

10

profile

DLP profile name

string

64

proto

Protocol number

uint8

3

rawdata

string

20480

recipient

Email addresses from the SMTP envelope

string

512

sender

Email address from the SMTP envelope

string

128

service

Service name

string

36

sessionid

Session ID

uint32

10

severity

Severity level of a DLP rule

string

8

srcdomain

string

255

srcintf

Source Interface

string

32

srcintfrole

string

10

srcip

Source IP

ip

39

srcport

Source Port

uint16

5

subject

The subject title of the email message

string

256

subservice

string

16

subtype

Log subtype

string

20

time

Time

string

8

to

Email address(es) from the Email Headers (IMAP/POP3/SMTP)

string

512

trueclntip

ip

39

type

Log type

string

16

tz

string

5

unauthuser

string

66

unauthusersource

string

66

url

The URL address

string

512

user

User name

string

256

vd

Virtual domain name

string

32

vrf

uint8

3