Fortinet black logo

FortiOS Log Message Reference

Log ID definitions

Following are the definitions for the log type IDs and subtype IDs applicable to FortiOS version 5.2.1 and later.

Log Category IDs

Subtype IDs

traffic: 0

  • forward: 0
  • local: 1
  • multicast: 2
  • sniffer: 4

event: 1

  • system: 0
  • vpn: 1
  • user: 2
  • router: 3
  • wireless: 4
  • wad: 5
  • endpoint: 7
  • ha: 8
  • compliance-check: 9
  • security_audit: 10
  • connector: 12
  • fortiextender:

virus: 2

  • malware-list: 7
  • infected: 11
  • blocked: 12
  • oversized: 13
  • scanerror: 62
  • suspicious: 0
  • analytics: 1
  • switchproto: 63
  • mimefragmented: 61
  • virus_filetype_exe: 3
  • botnet: 2

webfilter: 3

  • content: 14
  • urlfilter: 15
  • ftgd_blk: 16
  • ftgd_allow: 17
  • ftgd_err: 18
  • url_monitor: 19
  • scriptfilter_activex: 35
  • scriptfilter_ cookie: 36
  • scriptfilter_applet: 37
  • ftgd_quota_counting: 38
  • ftgd_quota_expired: 39
  • ftgd_quota: 40
  • scriptfilter_other: 41
  • webfilter_command_block: 43
  • file_filter

ips: 4

  • signature: 19
  • malicious_url: 21
  • botnet

email: 5

  • smtp: 8
  • pop3: 9
  • imap: 10
  • mapi: 11
  • carrier-endpoint-filter: 47
  • mass-mms: 52
  • msn-hotmail: 5
  • yahoo-mail: 6
  • gmail: 7
  • ftgd_err: 53
  • file_filter: 54

anomaly: 7

  • anomaly: 20

voip: 8

  • viop: 14

dlp: 9

  • dlp: 54
  • dlp-docsource: 55

app_ctrl: 10

  • app-ctrl-all: 59

WAF: 12

  • signature: 0
  • custom_signature: 1
  • method: 2
  • constraints: 3
  • address_list: 4
  • url_access: 5

GTP: 14

  • all: 0

DNS: 15

  • dns-query: 0
  • dns-response: 1

SSH: 16

  • ssh-command: 0
  • ssh-channel: 1

SSL: 17

  • ssl-anomalies: 0
  • ssl-exempt: 1

CIFS: 18

  • cifs-filefilter: 0

File Filter: 19

  • file-filter: 0

Following are the definitions for the log type IDs and subtype IDs applicable to FortiOS version 5.2.1 and later.

Log Category IDs

Subtype IDs

traffic: 0

  • forward: 0
  • local: 1
  • multicast: 2
  • sniffer: 4

event: 1

  • system: 0
  • vpn: 1
  • user: 2
  • router: 3
  • wireless: 4
  • wad: 5
  • endpoint: 7
  • ha: 8
  • compliance-check: 9
  • security_audit: 10
  • connector: 12
  • fortiextender:

virus: 2

  • malware-list: 7
  • infected: 11
  • blocked: 12
  • oversized: 13
  • scanerror: 62
  • suspicious: 0
  • analytics: 1
  • switchproto: 63
  • mimefragmented: 61
  • virus_filetype_exe: 3
  • botnet: 2

webfilter: 3

  • content: 14
  • urlfilter: 15
  • ftgd_blk: 16
  • ftgd_allow: 17
  • ftgd_err: 18
  • url_monitor: 19
  • scriptfilter_activex: 35
  • scriptfilter_ cookie: 36
  • scriptfilter_applet: 37
  • ftgd_quota_counting: 38
  • ftgd_quota_expired: 39
  • ftgd_quota: 40
  • scriptfilter_other: 41
  • webfilter_command_block: 43
  • file_filter

ips: 4

  • signature: 19
  • malicious_url: 21
  • botnet

email: 5

  • smtp: 8
  • pop3: 9
  • imap: 10
  • mapi: 11
  • carrier-endpoint-filter: 47
  • mass-mms: 52
  • msn-hotmail: 5
  • yahoo-mail: 6
  • gmail: 7
  • ftgd_err: 53
  • file_filter: 54

anomaly: 7

  • anomaly: 20

voip: 8

  • viop: 14

dlp: 9

  • dlp: 54
  • dlp-docsource: 55

app_ctrl: 10

  • app-ctrl-all: 59

WAF: 12

  • signature: 0
  • custom_signature: 1
  • method: 2
  • constraints: 3
  • address_list: 4
  • url_access: 5

GTP: 14

  • all: 0

DNS: 15

  • dns-query: 0
  • dns-response: 1

SSH: 16

  • ssh-command: 0
  • ssh-channel: 1

SSL: 17

  • ssl-anomalies: 0
  • ssl-exempt: 1

CIFS: 18

  • cifs-filefilter: 0

File Filter: 19

  • file-filter: 0