Fortinet white logo
Fortinet white logo

FortiOS Log Message Reference

Log ID definitions

Log ID definitions

Following are the definitions for the log type IDs and subtype IDs applicable to FortiOS version 5.2.1 and later.

Log Category IDs

Subtype IDs

traffic: 0

  • forward: 0
  • local: 1
  • multicast: 2
  • sniffer: 4

event: 1

  • system: 0
  • vpn: 1
  • user: 2
  • router: 3
  • wireless: 4
  • wad: 5
  • endpoint: 7
  • ha: 8
  • security-rating: 10
  • fortiextender: 11
  • connector: 12
  • sdwan: 13

virus: 2

  • analytics: 1
  • botnet: 2
  • filetype-executable: 3
  • outbreak-prevention: 4
  • content-disarm: 5
  • command-blocked: 6
  • malware-list: 7
  • infected: 11
  • filename: 12
  • oversize: 13
  • mimefragmented: 61
  • scanerror: 62
  • switchproto: 63

webfilter: 3

  • unknown: 0
  • content: 14
  • urlfilter: 15
  • ftgd_blk: 16
  • ftgd_allow: 17
  • ftgd_err: 18
  • activexfilter: 35
  • cookiefilter: 36
  • appletfilter: 37
  • ftgd_quota_counting: 38
  • ftgd_quota: 40
  • scriptfilter: 41
  • webfilter_command_block: 43
  • http_header_change: 44
  • ssl-exempt: 45
  • antiphishing: 46

ips: 4

  • signature: 19
  • malicious_url: 21
  • botnet

email: 5

  • msn-hotmail: 5
  • yahoo-mail: 6
  • gmail: 7
  • smtp: 8
  • pop3: 9
  • imap: 10
  • mapi: 11
  • carrier-endpoint-filter: 47
  • mass-mms: 52
  • ftgd_err: 53

anomaly: 7

  • anomaly: 20

voip: 8

  • voip: 14

dlp: 9

  • dlp: 54

app_ctrl: 10

  • signature: 59
  • port-violation: 60
  • protocol-violation: 61

WAF: 12

  • waf-signature: 0
  • waf-custom-signature: 1
  • waf-http-method: 2
  • waf-http-constraint: 3
  • waf-address-list: 4
  • waf-url-access: 5

GTP: 14

  • gtp-all: 0

DNS: 15

  • dns-query: 0
  • dns-response: 1

SSH: 16

  • ssh-command: 0
  • ssh-channel: 1

SSL: 17

  • ssl-anomalies: 0
  • ssl-exempt: 1
  • ssl-negotiation: 2

CIFS: 18

  • cifs-filefilter: 0
  • cifs-auth-fail: 1

File Filter: 19

  • file-filter: 0

ICAP: 20

  • icap: 0

Log ID definitions

Log ID definitions

Following are the definitions for the log type IDs and subtype IDs applicable to FortiOS version 5.2.1 and later.

Log Category IDs

Subtype IDs

traffic: 0

  • forward: 0
  • local: 1
  • multicast: 2
  • sniffer: 4

event: 1

  • system: 0
  • vpn: 1
  • user: 2
  • router: 3
  • wireless: 4
  • wad: 5
  • endpoint: 7
  • ha: 8
  • security-rating: 10
  • fortiextender: 11
  • connector: 12
  • sdwan: 13

virus: 2

  • analytics: 1
  • botnet: 2
  • filetype-executable: 3
  • outbreak-prevention: 4
  • content-disarm: 5
  • command-blocked: 6
  • malware-list: 7
  • infected: 11
  • filename: 12
  • oversize: 13
  • mimefragmented: 61
  • scanerror: 62
  • switchproto: 63

webfilter: 3

  • unknown: 0
  • content: 14
  • urlfilter: 15
  • ftgd_blk: 16
  • ftgd_allow: 17
  • ftgd_err: 18
  • activexfilter: 35
  • cookiefilter: 36
  • appletfilter: 37
  • ftgd_quota_counting: 38
  • ftgd_quota: 40
  • scriptfilter: 41
  • webfilter_command_block: 43
  • http_header_change: 44
  • ssl-exempt: 45
  • antiphishing: 46

ips: 4

  • signature: 19
  • malicious_url: 21
  • botnet

email: 5

  • msn-hotmail: 5
  • yahoo-mail: 6
  • gmail: 7
  • smtp: 8
  • pop3: 9
  • imap: 10
  • mapi: 11
  • carrier-endpoint-filter: 47
  • mass-mms: 52
  • ftgd_err: 53

anomaly: 7

  • anomaly: 20

voip: 8

  • voip: 14

dlp: 9

  • dlp: 54

app_ctrl: 10

  • signature: 59
  • port-violation: 60
  • protocol-violation: 61

WAF: 12

  • waf-signature: 0
  • waf-custom-signature: 1
  • waf-http-method: 2
  • waf-http-constraint: 3
  • waf-address-list: 4
  • waf-url-access: 5

GTP: 14

  • gtp-all: 0

DNS: 15

  • dns-query: 0
  • dns-response: 1

SSH: 16

  • ssh-command: 0
  • ssh-channel: 1

SSL: 17

  • ssl-anomalies: 0
  • ssl-exempt: 1
  • ssl-negotiation: 2

CIFS: 18

  • cifs-filefilter: 0
  • cifs-auth-fail: 1

File Filter: 19

  • file-filter: 0

ICAP: 20

  • icap: 0