Fortinet black logo

FortiOS Log Message Reference

30248 - LOGID_WAF_SIGNATURE_BLOCK

30248 - LOGID_WAF_SIGNATURE_BLOCK

Message ID: 30248

Message Description: LOGID_WAF_SIGNATURE_BLOCK

Message Meaning: Web application firewall blocked application by signature

Type: WAF

Category: WAF-SIGNATURE

Severity: Warning

Log Field Name

Description

Data Type

Length

action

status of the session. Uses following definition: - Deny = blocked by firewall policy. - Start = session start log (special option to enable logging at start of a session). This means firewall allowed. - All Others = allowed by Firewall Policy and the status indicates how it was closed.

string

17

agent

Agent

string

64

authserver

string

32

constraint

string

4096

date

Date

string

10

devid

string

16

direction

Direction

string

4096

dstintf

Destination Interface

string

32

dstintfrole

string

10

dstip

Destination IP Address

ip

39

dstport

Destination Port

uint16

5

eventid

Event ID

uint32

10

eventtime

uint64

20

eventtype

Event Type

string

32

fctuid

string

32

group

User Group Name

string

64

level

Log Level

string

11

logid

Log ID

string

10

method

string

4096

msg

Log Message

string

4096

name

string

64

policyid

Policy ID

uint32

10

profile

Full profile name

string

64

proto

Protocol

uint8

3

rawdata

string

20480

service

Service name

string

5

sessionid

Session ID

uint32

10

severity

Severity

string

6

srcdomain

string

255

srcintf

Source Interface

string

32

srcintfrole

string

10

srcip

Source IP Address

ip

39

srcport

Source Port

uint16

5

subtype

Log Subtype

string

20

time

Time

string

8

type

Log Type

string

16

tz

string

5

unauthuser

string

66

unauthusersource

string

66

url

URL

string

512

user

User Name

string

256

vd

Virtual Domain Name

string

32

30248 - LOGID_WAF_SIGNATURE_BLOCK

Message ID: 30248

Message Description: LOGID_WAF_SIGNATURE_BLOCK

Message Meaning: Web application firewall blocked application by signature

Type: WAF

Category: WAF-SIGNATURE

Severity: Warning

Log Field Name

Description

Data Type

Length

action

status of the session. Uses following definition: - Deny = blocked by firewall policy. - Start = session start log (special option to enable logging at start of a session). This means firewall allowed. - All Others = allowed by Firewall Policy and the status indicates how it was closed.

string

17

agent

Agent

string

64

authserver

string

32

constraint

string

4096

date

Date

string

10

devid

string

16

direction

Direction

string

4096

dstintf

Destination Interface

string

32

dstintfrole

string

10

dstip

Destination IP Address

ip

39

dstport

Destination Port

uint16

5

eventid

Event ID

uint32

10

eventtime

uint64

20

eventtype

Event Type

string

32

fctuid

string

32

group

User Group Name

string

64

level

Log Level

string

11

logid

Log ID

string

10

method

string

4096

msg

Log Message

string

4096

name

string

64

policyid

Policy ID

uint32

10

profile

Full profile name

string

64

proto

Protocol

uint8

3

rawdata

string

20480

service

Service name

string

5

sessionid

Session ID

uint32

10

severity

Severity

string

6

srcdomain

string

255

srcintf

Source Interface

string

32

srcintfrole

string

10

srcip

Source IP Address

ip

39

srcport

Source Port

uint16

5

subtype

Log Subtype

string

20

time

Time

string

8

type

Log Type

string

16

tz

string

5

unauthuser

string

66

unauthusersource

string

66

url

URL

string

512

user

User Name

string

256

vd

Virtual Domain Name

string

32