Fortinet black logo

FortiOS Log Message Reference

What's new

This section identifies major changes in the Log Reference from version 7.0.0 and later. For more information about new features, please see the FortiOS 7.0 New Features Guide.

FortiOS 7.0.0

Log type and subtype changes

  • The CIFS log type is removed.
  • CIFS-AUTH-FAIL is added as a new Event log subtype.

Log field values

The following log field values are changed:

App logs:

Field Change
pdstport Field Added
policymode Field Added
psrcport Field Added

AV logs:

Field Change
pdstport Field Added
policymode Field Added
psrcport Field Added

DLP logs:

Field Change
pdstport Field Added
policymode Field Added
psrcport Field Added

Email logs:

Field

Change

policymode Field Added

Event logs:

Field Change
bibandwidth Field Removed
bibandwidthavailable Field Added
cmdbpathname Field Removed
cmdbtablename Field Removed
conflictcount Field Removed
created Field Removed
domainctrlauthstate Field Added
domainctrlauthtype Field Added
domainctrldomain Field Added
domainctrlip Field Added
domainctrlname Field Added
domainctrlprotocoltype Field Added
domainctrlusername Field Added
dstintfrole Field Added
errorcount Field Removed
inbandwidth Field Removed
inbandwidthavailable Field Added
outbandwidth Field Removed
outbandwidthavailable Field Added
srcintfrole Field Added
successcount Field Removed

FILE-FILTER logs:

Field Change
pathname Field Added
policymode Field Added
sharename Field Added

GTP logs:

Field Change
upteid Field Added

ICAP logs:

Field

Change

vrf Field Added

IPS logs:

Field Change
pdstport Field Added
policymode Field Added
psrcport Field Added

Traffic logs:

Field

Change

dstthreatfeed Field Added
pdstport Field Added
policymode Field Added
psrcport Field Added
srcthreatfeed Field Added

VoIP logs:

Field

Change

attack Field Added
attackid Field Added

Web logs:

Field

Change

policymode Field Added
videocategoryid Field Added
videochannelid Field Added
videoid Field Added
videoinfosource Field Added

Log ID changes

The following log IDs are changed.

AV logs:

Log ID

Message

Change

8216 MESGID_FILE_HASH_EMS_WARNING Log ID Added
8217 MESGID_FILE_HASH_EMS_NOTIF Log ID Added
8218 MESGID_MIME_FILE_HASH_EMS_WARNING Log ID Added
8219 MESGID_MIME_FILE_HASH_EMS_NOTIF Log ID Added
8706 MESGID_OVERSIZE_MIME_WARNING Log ID Removed
8707 MESGID_OVERSIZE_MIME_NOTIF Log ID Removed

Event logs:

LogID

Message

Change

20027 LOG_ID_REPORT_DEL_OLD_REC Log ID Removed
22090 LOG_ID_FEDERATED_UPGRADE_CANCELLED Log ID Added
22091 LOG_ID_FEDERATED_UPGRADE_SUCCEEDED Log ID Added
22092 LOG_ID_FEDERATED_UPGRADE_FAILED Log ID Added
22861 LOG_ID_FLPOLD_NAC_ADD Log ID Added
22862 LOG_ID_FLPOLD_NAC_DELETE Log ID Added
22863 LOG_ID_FLPOLD_NAC_MODIFY Log ID Added
22864 LOG_ID_FLPOLD_DPP_ADD Log ID Added
22865 LOG_ID_FLPOLD_DPP_DELETE Log ID Added
22866 LOG_ID_FLPOLD_DPP_MODIFY Log ID Added
22897 LOG_ID_FLCFGD_NAC_ADD Log ID Removed
22898 LOG_ID_FLCFGD_NAC_DELETE Log ID Removed
22899 LOG_ID_FLCFGD_NAC_MODIFY Log ID Removed
22953 LOG_ID_IOC_DETECTED Log ID Removed
29012 LOG_ID_PPP_OPT_ERR Log ID Removed
29017 LOG_ID_PPP_OPT_NOTIF Log ID Removed
32120 LOG_ID_RPT_ADD_DATASET Log ID Removed
32122 LOG_ID_RPT_DEL_DATASET Log ID Removed
32125 LOG_ID_RPT_ADD_CHART Log ID Removed
32126 LOG_ID_RPT_DEL_CHART Log ID Removed
34418 LOG_ID_NP6_HPE_PACKET_DROP Log ID Added
34419 LOG_ID_NP6_HPE_PACKET_FLOOD Log ID Added
36883 LOG_ID_EVENT_SYSTEM_CLEAR_ACTIVE_SESSION Log ID Added
43707 LOG_ID_EVENT_WIRELESS_WTPR_SSID_UP Log ID Added
43708 LOG_ID_EVENT_WIRELESS_WTPR_SSID_DOWN Log ID Added
43709 LOG_ID_EVENT_WIRELESS_STA_DHCP_ENFORCEMENT Log ID Added
43710 LOG_ID_EVENT_WIRELESS_SAM_IPERF Log ID Added
43711 LOG_ID_EVENT_WIRELESS_SAM_PING Log ID Added
43712 LOG_ID_EVENT_WIRELESS_SAM_AUTH_FAILED Log ID Added
47002 LOG_ID_FILE_HASH_EMS_LIST_TRUNCATED_ENTER Log ID Added
47003 LOG_ID_FILE_HASH_EMS_LIST_TRUNCATED_EXIT Log ID Added
47004 LOG_ID_FILE_HASH_EMS_LIST_LOAD Log ID Added
53400 LOG_ID_FMG_TUNNEL_UP Log ID Added
53401 LOG_ID_FMG_TUNNEL_DOWN Log ID Added
63002 LOG_ID_CIFS_CONN_FAIL Log ID Added
63003 LOG_ID_CIFS_AUTH_FAIL Log ID Added
63004 LOG_ID_CIFS_AUTH_INTERNAL_ERROR Log ID Added
63005 LOG_ID_CIFS_AUTH_KRB_ERROR Log ID Added

SSL logs:

Log ID

Message

Change

62305 LOG_ID_SSL_ANOMALY_CERT_PROBE_FAILURE_BLOCK Log ID Added
62306 LOG_ID_SSL_ANOMALY_CERT_PROBE_FAILURE_PASS Log ID Added

Web logs:

Log ID

Message

Change

13664 LOG_ID_VIDEOFILTER_CATEGORY_BLOCK Log ID Added
13665 LOG_ID_VIDEOFILTER_CATEGORY_MONITOR Log ID Added
13666 LOG_ID_VIDEOFILTER_CATEGORY_ALLOW Log ID Added
13680 LOG_ID_VIDEOFILTER_CHANNEL_BLOCK Log ID Added
13681 LOG_ID_VIDEOFILTER_CHANNEL_MONITOR Log ID Added
13682 LOG_ID_VIDEOFILTER_CHANNEL_ALLOW Log ID Added

This section identifies major changes in the Log Reference from version 7.0.0 and later. For more information about new features, please see the FortiOS 7.0 New Features Guide.

FortiOS 7.0.0

Log type and subtype changes

  • The CIFS log type is removed.
  • CIFS-AUTH-FAIL is added as a new Event log subtype.

Log field values

The following log field values are changed:

App logs:

Field Change
pdstport Field Added
policymode Field Added
psrcport Field Added

AV logs:

Field Change
pdstport Field Added
policymode Field Added
psrcport Field Added

DLP logs:

Field Change
pdstport Field Added
policymode Field Added
psrcport Field Added

Email logs:

Field

Change

policymode Field Added

Event logs:

Field Change
bibandwidth Field Removed
bibandwidthavailable Field Added
cmdbpathname Field Removed
cmdbtablename Field Removed
conflictcount Field Removed
created Field Removed
domainctrlauthstate Field Added
domainctrlauthtype Field Added
domainctrldomain Field Added
domainctrlip Field Added
domainctrlname Field Added
domainctrlprotocoltype Field Added
domainctrlusername Field Added
dstintfrole Field Added
errorcount Field Removed
inbandwidth Field Removed
inbandwidthavailable Field Added
outbandwidth Field Removed
outbandwidthavailable Field Added
srcintfrole Field Added
successcount Field Removed

FILE-FILTER logs:

Field Change
pathname Field Added
policymode Field Added
sharename Field Added

GTP logs:

Field Change
upteid Field Added

ICAP logs:

Field

Change

vrf Field Added

IPS logs:

Field Change
pdstport Field Added
policymode Field Added
psrcport Field Added

Traffic logs:

Field

Change

dstthreatfeed Field Added
pdstport Field Added
policymode Field Added
psrcport Field Added
srcthreatfeed Field Added

VoIP logs:

Field

Change

attack Field Added
attackid Field Added

Web logs:

Field

Change

policymode Field Added
videocategoryid Field Added
videochannelid Field Added
videoid Field Added
videoinfosource Field Added

Log ID changes

The following log IDs are changed.

AV logs:

Log ID

Message

Change

8216 MESGID_FILE_HASH_EMS_WARNING Log ID Added
8217 MESGID_FILE_HASH_EMS_NOTIF Log ID Added
8218 MESGID_MIME_FILE_HASH_EMS_WARNING Log ID Added
8219 MESGID_MIME_FILE_HASH_EMS_NOTIF Log ID Added
8706 MESGID_OVERSIZE_MIME_WARNING Log ID Removed
8707 MESGID_OVERSIZE_MIME_NOTIF Log ID Removed

Event logs:

LogID

Message

Change

20027 LOG_ID_REPORT_DEL_OLD_REC Log ID Removed
22090 LOG_ID_FEDERATED_UPGRADE_CANCELLED Log ID Added
22091 LOG_ID_FEDERATED_UPGRADE_SUCCEEDED Log ID Added
22092 LOG_ID_FEDERATED_UPGRADE_FAILED Log ID Added
22861 LOG_ID_FLPOLD_NAC_ADD Log ID Added
22862 LOG_ID_FLPOLD_NAC_DELETE Log ID Added
22863 LOG_ID_FLPOLD_NAC_MODIFY Log ID Added
22864 LOG_ID_FLPOLD_DPP_ADD Log ID Added
22865 LOG_ID_FLPOLD_DPP_DELETE Log ID Added
22866 LOG_ID_FLPOLD_DPP_MODIFY Log ID Added
22897 LOG_ID_FLCFGD_NAC_ADD Log ID Removed
22898 LOG_ID_FLCFGD_NAC_DELETE Log ID Removed
22899 LOG_ID_FLCFGD_NAC_MODIFY Log ID Removed
22953 LOG_ID_IOC_DETECTED Log ID Removed
29012 LOG_ID_PPP_OPT_ERR Log ID Removed
29017 LOG_ID_PPP_OPT_NOTIF Log ID Removed
32120 LOG_ID_RPT_ADD_DATASET Log ID Removed
32122 LOG_ID_RPT_DEL_DATASET Log ID Removed
32125 LOG_ID_RPT_ADD_CHART Log ID Removed
32126 LOG_ID_RPT_DEL_CHART Log ID Removed
34418 LOG_ID_NP6_HPE_PACKET_DROP Log ID Added
34419 LOG_ID_NP6_HPE_PACKET_FLOOD Log ID Added
36883 LOG_ID_EVENT_SYSTEM_CLEAR_ACTIVE_SESSION Log ID Added
43707 LOG_ID_EVENT_WIRELESS_WTPR_SSID_UP Log ID Added
43708 LOG_ID_EVENT_WIRELESS_WTPR_SSID_DOWN Log ID Added
43709 LOG_ID_EVENT_WIRELESS_STA_DHCP_ENFORCEMENT Log ID Added
43710 LOG_ID_EVENT_WIRELESS_SAM_IPERF Log ID Added
43711 LOG_ID_EVENT_WIRELESS_SAM_PING Log ID Added
43712 LOG_ID_EVENT_WIRELESS_SAM_AUTH_FAILED Log ID Added
47002 LOG_ID_FILE_HASH_EMS_LIST_TRUNCATED_ENTER Log ID Added
47003 LOG_ID_FILE_HASH_EMS_LIST_TRUNCATED_EXIT Log ID Added
47004 LOG_ID_FILE_HASH_EMS_LIST_LOAD Log ID Added
53400 LOG_ID_FMG_TUNNEL_UP Log ID Added
53401 LOG_ID_FMG_TUNNEL_DOWN Log ID Added
63002 LOG_ID_CIFS_CONN_FAIL Log ID Added
63003 LOG_ID_CIFS_AUTH_FAIL Log ID Added
63004 LOG_ID_CIFS_AUTH_INTERNAL_ERROR Log ID Added
63005 LOG_ID_CIFS_AUTH_KRB_ERROR Log ID Added

SSL logs:

Log ID

Message

Change

62305 LOG_ID_SSL_ANOMALY_CERT_PROBE_FAILURE_BLOCK Log ID Added
62306 LOG_ID_SSL_ANOMALY_CERT_PROBE_FAILURE_PASS Log ID Added

Web logs:

Log ID

Message

Change

13664 LOG_ID_VIDEOFILTER_CATEGORY_BLOCK Log ID Added
13665 LOG_ID_VIDEOFILTER_CATEGORY_MONITOR Log ID Added
13666 LOG_ID_VIDEOFILTER_CATEGORY_ALLOW Log ID Added
13680 LOG_ID_VIDEOFILTER_CHANNEL_BLOCK Log ID Added
13681 LOG_ID_VIDEOFILTER_CHANNEL_MONITOR Log ID Added
13682 LOG_ID_VIDEOFILTER_CHANNEL_ALLOW Log ID Added