Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • FortiOS Log Message Reference

    Home FortiGate / FortiOS 7.0.0 FortiOS Log Message Reference
    7.0.0
    7.6.0
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.16
    7.0.15
    7.0.14
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.15
    6.4.14
    6.4.13
    6.4.12
    6.4.11
    6.4.10
    6.4.9
    6.4.8
    6.4.7
    6.4.6
    6.4.5
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.2.16
    6.2.15
    6.2.14
    6.2.13
    6.2.12
    6.2.11
    6.2.10
    6.2.9
    6.2.8
    6.2.7
    6.2.6
    6.2.5
    6.2.4
    6.2.3
    6.2.2
    6.2.1
    6.2.0
    6.0.18
    6.0.17
    6.0.16
    6.0.15
    6.0.14
    6.0.13
    6.0.12
    6.0.11
    6.0.10
    6.0.9
    6.0.8
    6.0.7
    6.0.6
    6.0.5
    6.0.4
    6.0.3
    6.0.2
    6.0.1
    6.0.0
    5.6.14
    5.6.13
    5.6.12
    5.6.11
    5.6.10
    5.6.9
    5.6.8
    5.6.7
    5.6.6
    5.6.5
    5.6.4
    5.6.3
    5.6.2
    5.6.1
    5.6.0
    5.4.13
    5.4.12
    5.4.11
    5.4.9
    5.4.8
    5.4.7
    5.4.6
    5.4.5
    5.4.4
    5.4.3
    5.4.2
    5.4.1
    5.4.0
    5.2.15
    5.2.14
    5.2.13
    5.2.12
    5.2.11
    5.2.10
    5.2.8
    5.2.7
    5.2.6
    5.2.5
    5.2.4
    5.2.3
    5.2.2
    5.2.1

    What's new

    What's new

    This section identifies major changes in the Log Reference from version 7.0.0 and later. For more information about new features, please see the FortiOS 7.0 New Features Guide.

    FortiOS 7.0.0

    Log type and subtype changes

    • The CIFS log type is removed.
    • CIFS-AUTH-FAIL is added as a new Event log subtype.

    Log field values

    The following log field values are changed:

    App logs:

    Field Change
    pdstport Field Added
    policymode Field Added
    psrcport Field Added

    AV logs:

    Field Change
    pdstport Field Added
    policymode Field Added
    psrcport Field Added

    DLP logs:

    Field Change
    pdstport Field Added
    policymode Field Added
    psrcport Field Added

    Email logs:

    Field

    Change
    policymode Field Added

    Event logs:

    Field Change
    bibandwidth Field Removed
    bibandwidthavailable Field Added
    cmdbpathname Field Removed
    cmdbtablename Field Removed
    conflictcount Field Removed
    created Field Removed
    domainctrlauthstate Field Added
    domainctrlauthtype Field Added
    domainctrldomain Field Added
    domainctrlip Field Added
    domainctrlname Field Added
    domainctrlprotocoltype Field Added
    domainctrlusername Field Added
    dstintfrole Field Added
    errorcount Field Removed
    inbandwidth Field Removed
    inbandwidthavailable Field Added
    outbandwidth Field Removed
    outbandwidthavailable Field Added
    srcintfrole Field Added
    successcount Field Removed

    FILE-FILTER logs:

    Field Change
    pathname Field Added
    policymode Field Added
    sharename Field Added

    GTP logs:

    Field Change
    upteid Field Added

    ICAP logs:

    Field

    Change
    vrf Field Added

    IPS logs:

    Field Change
    pdstport Field Added
    policymode Field Added
    psrcport Field Added

    Traffic logs:

    Field

    Change
    dstthreatfeed Field Added
    pdstport Field Added
    policymode Field Added
    psrcport Field Added
    srcthreatfeed Field Added

    VoIP logs:

    Field

    Change
    attack Field Added
    attackid Field Added

    Web logs:

    Field

    Change
    policymode Field Added
    videocategoryid Field Added
    videochannelid Field Added
    videoid Field Added
    videoinfosource Field Added

    Log ID changes

    The following log IDs are changed.

    AV logs:

    Log ID

    Message

    Change
    8216 MESGID_FILE_HASH_EMS_WARNING Log ID Added
    8217 MESGID_FILE_HASH_EMS_NOTIF Log ID Added
    8218 MESGID_MIME_FILE_HASH_EMS_WARNING Log ID Added
    8219 MESGID_MIME_FILE_HASH_EMS_NOTIF Log ID Added
    8706 MESGID_OVERSIZE_MIME_WARNING Log ID Removed
    8707 MESGID_OVERSIZE_MIME_NOTIF Log ID Removed

    Event logs:

    LogID

    Message

    Change
    20027 LOG_ID_REPORT_DEL_OLD_REC Log ID Removed
    22090 LOG_ID_FEDERATED_UPGRADE_CANCELLED Log ID Added
    22091 LOG_ID_FEDERATED_UPGRADE_SUCCEEDED Log ID Added
    22092 LOG_ID_FEDERATED_UPGRADE_FAILED Log ID Added
    22861 LOG_ID_FLPOLD_NAC_ADD Log ID Added
    22862 LOG_ID_FLPOLD_NAC_DELETE Log ID Added
    22863 LOG_ID_FLPOLD_NAC_MODIFY Log ID Added
    22864 LOG_ID_FLPOLD_DPP_ADD Log ID Added
    22865 LOG_ID_FLPOLD_DPP_DELETE Log ID Added
    22866 LOG_ID_FLPOLD_DPP_MODIFY Log ID Added
    22897 LOG_ID_FLCFGD_NAC_ADD Log ID Removed
    22898 LOG_ID_FLCFGD_NAC_DELETE Log ID Removed
    22899 LOG_ID_FLCFGD_NAC_MODIFY Log ID Removed
    22953 LOG_ID_IOC_DETECTED Log ID Removed
    29012 LOG_ID_PPP_OPT_ERR Log ID Removed
    29017 LOG_ID_PPP_OPT_NOTIF Log ID Removed
    32120 LOG_ID_RPT_ADD_DATASET Log ID Removed
    32122 LOG_ID_RPT_DEL_DATASET Log ID Removed
    32125 LOG_ID_RPT_ADD_CHART Log ID Removed
    32126 LOG_ID_RPT_DEL_CHART Log ID Removed
    34418 LOG_ID_NP6_HPE_PACKET_DROP Log ID Added
    34419 LOG_ID_NP6_HPE_PACKET_FLOOD Log ID Added
    36883 LOG_ID_EVENT_SYSTEM_CLEAR_ACTIVE_SESSION Log ID Added
    43707 LOG_ID_EVENT_WIRELESS_WTPR_SSID_UP Log ID Added
    43708 LOG_ID_EVENT_WIRELESS_WTPR_SSID_DOWN Log ID Added
    43709 LOG_ID_EVENT_WIRELESS_STA_DHCP_ENFORCEMENT Log ID Added
    43710 LOG_ID_EVENT_WIRELESS_SAM_IPERF Log ID Added
    43711 LOG_ID_EVENT_WIRELESS_SAM_PING Log ID Added
    43712 LOG_ID_EVENT_WIRELESS_SAM_AUTH_FAILED Log ID Added
    47002 LOG_ID_FILE_HASH_EMS_LIST_TRUNCATED_ENTER Log ID Added
    47003 LOG_ID_FILE_HASH_EMS_LIST_TRUNCATED_EXIT Log ID Added
    47004 LOG_ID_FILE_HASH_EMS_LIST_LOAD Log ID Added
    53400 LOG_ID_FMG_TUNNEL_UP Log ID Added
    53401 LOG_ID_FMG_TUNNEL_DOWN Log ID Added
    63002 LOG_ID_CIFS_CONN_FAIL Log ID Added
    63003 LOG_ID_CIFS_AUTH_FAIL Log ID Added
    63004 LOG_ID_CIFS_AUTH_INTERNAL_ERROR Log ID Added
    63005 LOG_ID_CIFS_AUTH_KRB_ERROR Log ID Added

    SSL logs:

    Log ID

    Message

    Change
    62305 LOG_ID_SSL_ANOMALY_CERT_PROBE_FAILURE_BLOCK Log ID Added
    62306 LOG_ID_SSL_ANOMALY_CERT_PROBE_FAILURE_PASS Log ID Added

    Web logs:

    Log ID

    Message

    Change
    13664 LOG_ID_VIDEOFILTER_CATEGORY_BLOCK Log ID Added
    13665 LOG_ID_VIDEOFILTER_CATEGORY_MONITOR Log ID Added
    13666 LOG_ID_VIDEOFILTER_CATEGORY_ALLOW Log ID Added
    13680 LOG_ID_VIDEOFILTER_CHANNEL_BLOCK Log ID Added
    13681 LOG_ID_VIDEOFILTER_CHANNEL_MONITOR Log ID Added
    13682 LOG_ID_VIDEOFILTER_CHANNEL_ALLOW Log ID Added
    Previous
    Next

    What's new

    What's new

    This section identifies major changes in the Log Reference from version 7.0.0 and later. For more information about new features, please see the FortiOS 7.0 New Features Guide.

    FortiOS 7.0.0

    Log type and subtype changes

    • The CIFS log type is removed.
    • CIFS-AUTH-FAIL is added as a new Event log subtype.

    Log field values

    The following log field values are changed:

    App logs:

    Field Change
    pdstport Field Added
    policymode Field Added
    psrcport Field Added

    AV logs:

    Field Change
    pdstport Field Added
    policymode Field Added
    psrcport Field Added

    DLP logs:

    Field Change
    pdstport Field Added
    policymode Field Added
    psrcport Field Added

    Email logs:

    Field

    Change
    policymode Field Added

    Event logs:

    Field Change
    bibandwidth Field Removed
    bibandwidthavailable Field Added
    cmdbpathname Field Removed
    cmdbtablename Field Removed
    conflictcount Field Removed
    created Field Removed
    domainctrlauthstate Field Added
    domainctrlauthtype Field Added
    domainctrldomain Field Added
    domainctrlip Field Added
    domainctrlname Field Added
    domainctrlprotocoltype Field Added
    domainctrlusername Field Added
    dstintfrole Field Added
    errorcount Field Removed
    inbandwidth Field Removed
    inbandwidthavailable Field Added
    outbandwidth Field Removed
    outbandwidthavailable Field Added
    srcintfrole Field Added
    successcount Field Removed

    FILE-FILTER logs:

    Field Change
    pathname Field Added
    policymode Field Added
    sharename Field Added

    GTP logs:

    Field Change
    upteid Field Added

    ICAP logs:

    Field

    Change
    vrf Field Added

    IPS logs:

    Field Change
    pdstport Field Added
    policymode Field Added
    psrcport Field Added

    Traffic logs:

    Field

    Change
    dstthreatfeed Field Added
    pdstport Field Added
    policymode Field Added
    psrcport Field Added
    srcthreatfeed Field Added

    VoIP logs:

    Field

    Change
    attack Field Added
    attackid Field Added

    Web logs:

    Field

    Change
    policymode Field Added
    videocategoryid Field Added
    videochannelid Field Added
    videoid Field Added
    videoinfosource Field Added

    Log ID changes

    The following log IDs are changed.

    AV logs:

    Log ID

    Message

    Change
    8216 MESGID_FILE_HASH_EMS_WARNING Log ID Added
    8217 MESGID_FILE_HASH_EMS_NOTIF Log ID Added
    8218 MESGID_MIME_FILE_HASH_EMS_WARNING Log ID Added
    8219 MESGID_MIME_FILE_HASH_EMS_NOTIF Log ID Added
    8706 MESGID_OVERSIZE_MIME_WARNING Log ID Removed
    8707 MESGID_OVERSIZE_MIME_NOTIF Log ID Removed

    Event logs:

    LogID

    Message

    Change
    20027 LOG_ID_REPORT_DEL_OLD_REC Log ID Removed
    22090 LOG_ID_FEDERATED_UPGRADE_CANCELLED Log ID Added
    22091 LOG_ID_FEDERATED_UPGRADE_SUCCEEDED Log ID Added
    22092 LOG_ID_FEDERATED_UPGRADE_FAILED Log ID Added
    22861 LOG_ID_FLPOLD_NAC_ADD Log ID Added
    22862 LOG_ID_FLPOLD_NAC_DELETE Log ID Added
    22863 LOG_ID_FLPOLD_NAC_MODIFY Log ID Added
    22864 LOG_ID_FLPOLD_DPP_ADD Log ID Added
    22865 LOG_ID_FLPOLD_DPP_DELETE Log ID Added
    22866 LOG_ID_FLPOLD_DPP_MODIFY Log ID Added
    22897 LOG_ID_FLCFGD_NAC_ADD Log ID Removed
    22898 LOG_ID_FLCFGD_NAC_DELETE Log ID Removed
    22899 LOG_ID_FLCFGD_NAC_MODIFY Log ID Removed
    22953 LOG_ID_IOC_DETECTED Log ID Removed
    29012 LOG_ID_PPP_OPT_ERR Log ID Removed
    29017 LOG_ID_PPP_OPT_NOTIF Log ID Removed
    32120 LOG_ID_RPT_ADD_DATASET Log ID Removed
    32122 LOG_ID_RPT_DEL_DATASET Log ID Removed
    32125 LOG_ID_RPT_ADD_CHART Log ID Removed
    32126 LOG_ID_RPT_DEL_CHART Log ID Removed
    34418 LOG_ID_NP6_HPE_PACKET_DROP Log ID Added
    34419 LOG_ID_NP6_HPE_PACKET_FLOOD Log ID Added
    36883 LOG_ID_EVENT_SYSTEM_CLEAR_ACTIVE_SESSION Log ID Added
    43707 LOG_ID_EVENT_WIRELESS_WTPR_SSID_UP Log ID Added
    43708 LOG_ID_EVENT_WIRELESS_WTPR_SSID_DOWN Log ID Added
    43709 LOG_ID_EVENT_WIRELESS_STA_DHCP_ENFORCEMENT Log ID Added
    43710 LOG_ID_EVENT_WIRELESS_SAM_IPERF Log ID Added
    43711 LOG_ID_EVENT_WIRELESS_SAM_PING Log ID Added
    43712 LOG_ID_EVENT_WIRELESS_SAM_AUTH_FAILED Log ID Added
    47002 LOG_ID_FILE_HASH_EMS_LIST_TRUNCATED_ENTER Log ID Added
    47003 LOG_ID_FILE_HASH_EMS_LIST_TRUNCATED_EXIT Log ID Added
    47004 LOG_ID_FILE_HASH_EMS_LIST_LOAD Log ID Added
    53400 LOG_ID_FMG_TUNNEL_UP Log ID Added
    53401 LOG_ID_FMG_TUNNEL_DOWN Log ID Added
    63002 LOG_ID_CIFS_CONN_FAIL Log ID Added
    63003 LOG_ID_CIFS_AUTH_FAIL Log ID Added
    63004 LOG_ID_CIFS_AUTH_INTERNAL_ERROR Log ID Added
    63005 LOG_ID_CIFS_AUTH_KRB_ERROR Log ID Added

    SSL logs:

    Log ID

    Message

    Change
    62305 LOG_ID_SSL_ANOMALY_CERT_PROBE_FAILURE_BLOCK Log ID Added
    62306 LOG_ID_SSL_ANOMALY_CERT_PROBE_FAILURE_PASS Log ID Added

    Web logs:

    Log ID

    Message

    Change
    13664 LOG_ID_VIDEOFILTER_CATEGORY_BLOCK Log ID Added
    13665 LOG_ID_VIDEOFILTER_CATEGORY_MONITOR Log ID Added
    13666 LOG_ID_VIDEOFILTER_CATEGORY_ALLOW Log ID Added
    13680 LOG_ID_VIDEOFILTER_CHANNEL_BLOCK Log ID Added
    13681 LOG_ID_VIDEOFILTER_CHANNEL_MONITOR Log ID Added
    13682 LOG_ID_VIDEOFILTER_CHANNEL_ALLOW Log ID Added
    Previous
    Next