Fortinet black logo

FortiOS Log Message Reference

9238 - MESGID_ANALYTICS_FSA_RESULT

Message ID: 9238

Message Description: MESGID_ANALYTICS_FSA_RESULT

Message Meaning: File verdict returned from FortiSandbox

Type: AV

Category: ANALYTICS

Severity: Notice

Log Field Name

Description

Data Type

Length

action

The status of the session: blocked - Blocked infected file by AV engine passthrough - Allowed by AV engine monitored - Log, but do NOT block infected file analytics - Submitted to Sandbox for analysis

string

18

analyticscksum

The checksum of the file submitted for analytics

string

64

date

Date

string

10

devid

string

16

dstip

Destination IP Address

ip

39

dstport

Destination Port

uint16

5

dtype

Data type for virus category

string

32

eventtime

Time when detection occured

uint64

20

eventtype

Event type of AV

string

32

fctuid

Forticlient user ID

string

32

filename

File name

string

256

fsaverdict

FortiSandbox Verdict returned to FortiGate after analysis (clean, low risk, med risk, high risk, malicious)

string

32

level

Log level

string

11

logid

Log ID

string

10

service

Proxy service which scanned this traffic

string

5

srcdomain

string

255

srcip

Source IP Address

ip

39

srcport

Source Port

uint16

5

subtype

Subtype of the virus log

string

20

time

Time

string

8

type

Log type

string

16

tz

Time Zone

string

5

unauthuser

string

66

unauthusersource

string

66

vd

VDOM name

string

32

Message ID: 9238

Message Description: MESGID_ANALYTICS_FSA_RESULT

Message Meaning: File verdict returned from FortiSandbox

Type: AV

Category: ANALYTICS

Severity: Notice

Log Field Name

Description

Data Type

Length

action

The status of the session: blocked - Blocked infected file by AV engine passthrough - Allowed by AV engine monitored - Log, but do NOT block infected file analytics - Submitted to Sandbox for analysis

string

18

analyticscksum

The checksum of the file submitted for analytics

string

64

date

Date

string

10

devid

string

16

dstip

Destination IP Address

ip

39

dstport

Destination Port

uint16

5

dtype

Data type for virus category

string

32

eventtime

Time when detection occured

uint64

20

eventtype

Event type of AV

string

32

fctuid

Forticlient user ID

string

32

filename

File name

string

256

fsaverdict

FortiSandbox Verdict returned to FortiGate after analysis (clean, low risk, med risk, high risk, malicious)

string

32

level

Log level

string

11

logid

Log ID

string

10

service

Proxy service which scanned this traffic

string

5

srcdomain

string

255

srcip

Source IP Address

ip

39

srcport

Source Port

uint16

5

subtype

Subtype of the virus log

string

20

time

Time

string

8

type

Log type

string

16

tz

Time Zone

string

5

unauthuser

string

66

unauthusersource

string

66

vd

VDOM name

string

32