Fortinet white logo
Fortinet white logo

FortiOS Log Message Reference

17 - LOG_ID_TRAFFIC_SNIFFER

17 - LOG_ID_TRAFFIC_SNIFFER

Message ID: 17

Message Description: LOG_ID_TRAFFIC_SNIFFER

Message Meaning: Sniffer traffic

Type: Traffic

Category: sniffer

Severity: Notice

Log Field Name

Description

Data Type

Length

accessproxy

string

80

action

The status of the session: deny - Session was denied accept - Allowed Forward session start - Session starts (log message was created when the session was created) dns - DNS query return error ip-conn - Failed connection attempts close - Local-traffic session allowed timeout - Allowed session was timeout client-rst - Session reset by client server-rst - Session reset by server

string

16

agent

User agent - eg. agent="Mozilla/5.0"

string

64

ap

Access Point name

string

36

app

Application Name

string

96

appact

The security action from app control

string

16

appcat

Application category

string

64

appid

Application ID

uint32

10

applist

Application Control profile (name)

string

64

apprisk

Application Risk Level

string

16

apsn

Access Point serial number

string

36

authserver

Remote Authentication server

string

64

centralnatid

central-snat-map id

uint32

10

channel

WiFi Channel

uint32

10

clientdeviceid

string

80

clientdeviceowner

string

80

clientdevicetags

string

512

comment

Customized policy comment

string

1024

countapp

Number of App Ctrl logs associated with the session

uint32

10

countav

Number of AV logs associated with the session

uint32

10

countcifs

uint32

10

countdlp

Number of DLP logs associated with the session

uint32

10

countdns

Number of DNS Query logs associated with the session

uint32

10

countemail

Number of Email logs associated with the session

uint32

10

countff

uint32

10

counticap

uint32

10

countips

Number of IPS logs associated with the session

uint32

10

countsctpf

uint32

10

countssh

Number of SSH logs associated with the session

uint32

10

countssl

uint32

10

countwaf

Number of WAF logs associated with the session

uint32

10

countweb

Number of Web Filter logs associated with the session

uint32

10

craction

Action performed by Threat Weight

uint32

10

crlevel

Threat Weight level

string

10

crscore

Threat Weight score

uint32

10

date

Date

string

10

devid

Device Serial Number

string

16

devtype

Device Type

string

66

dstauthserver

string

64

dstcity

string

64

dstcountry

Country name for the destination IP

string

64

dstdevtype

Destination Device Type

string

66

dstfamily

string

66

dsthwvendor

string

66

dsthwversion

string

66

dstinetsvc

Internet service name for the destination

string

64

dstintf

Destination Interface

string

32

dstintfrole

Destination Interface's assigned role (LAN, WAN, etc.)

string

10

dstip

Destination IP Address

ip

39

dstmac

Destination Mac Address

string

17

dstname

Destination name

string

66

dstosname

Destination OS name

string

66

dstport

Destination Protocol Port Number

uint16

5

dstregion

string

64

dstreputation

uint32

10

dstserver

Destination Server

uint8

3

dstssid

Destination SSID

string

33

dstswversion

string

66

dstthreatfeed

string

36

dstunauthuser

string

66

dstunauthusersource

string

66

dstuser

string

256

dstuuid

UUID of the Destination Address Object

string

37

duration

Duration of the session

uint32

10

eventtime

Epoch time in nanoseconds

uint64

20

fctuid

FortiClient UID

string

32

gatewayid

uint32

10

group

User group name

string

64

identifier

uint16

5

lanin

LAN incoming traffic in bytes

uint64

20

lanout

LAN outgoing traffic in bytes

uint64

20

level

Log Level

string

11

logid

Log ID

string

10

masterdstmac

Destination master MAC address

string

17

mastersrcmac

The master MAC address for a host that has multiple network interfaces

string

17

msg

Log message

string

512

osname

Name of the device's OS

string

66

pdstport

uint16

5

policyid

Firewall Policy ID

uint32

10

policymode

string

8

policyname

Policy name

string

36

policytype

Policy type

string

24

poluuid

UUID of the Firewall Policy

string

37

proto

Protocol Number

uint8

3

psrcport

uint16

5

radioband

Radio Band

string

64

rcvdbyte

Received Bytes

uint64

20

rcvddelta

Delta Received Bytes

uint64

20

rcvdpkt

Received Packets

uint32

10

sentbyte

Sent Bytes

uint64

20

sentdelta

Delta Sent Bytes

uint64

20

sentpkt

Sent Packets

uint32

10

service

Name of Service

string

80

sessionid

Session ID

uint32

10

shaperdroprcvdbyte

Received bytes dropped by shaper

uint32

10

shaperdropsentbyte

Sent bytes dropped by shaper

uint32

10

shaperperipdropbyte

Dropped bytes per IP by shaper

uint32

10

shaperperipname

Traffic shaper name (per IP)

string

36

shaperrcvdname

Traffic shaper name for received traffic

string

36

shapersentname

Traffic shaper name for sent traffic

string

36

shapingpolicyid

Shaping Policy ID

uint32

10

signal

int8

4

snr

int8

4

srccity

string

64

srccountry

Country name for Source IP

string

64

srcdomain

string

255

srcfamily

string

66

srchwvendor

string

66

srchwversion

string

66

srcinetsvc

Internet service name for the source

string

64

srcintf

Source interface name

string

32

srcintfrole

Source Interface's assigned role (LAN, WAN, etc.)

string

10

srcip

Source IP address

ip

39

srcmac

MAC address associated with the Source IP

string

17

srcname

Source name

string

66

srcport

Source protocol port number

uint16

5

srcregion

string

64

srcreputation

uint32

10

srcserver

Source server

uint8

3

srcssid

Source SSID

string

33

srcswversion

string

66

srcthreatfeed

string

36

srcuuid

UUID of the Source Address Object

string

37

sslaction

Action taken by ssl-ssh-profile

string

26

subtype

Subtype of the traffic

string

20

time

Time

string

8

trandisp

NAT translation type

string

16

tranip

NAT Destination IP

ip

39

tranport

NAT Destination Port

uint16

5

transip

NAT Source IP

ip

39

transport

NAT Source Protocol Port

uint16

5

tunnelid

uint32

10

type

Log type

string

16

tz

Time zone

string

5

unauthuser

Unauthenticated user name

string

66

unauthusersource

The method used to detect unauthenticated user name

string

66

url

URL

string

512

user

User name

string

256

utmaction

Security action performed by UTM

string

32

vd

Virtual domain name

string

32

vip

string

64

vpntype

The type of the VPN tunnel

string

14

vrf

Virtual router forwarding

uint8

3

vwlid

Virtual Wan Link (SD-WAN) service id

uint32

10

vwlname

string

36

vwlquality

Quality info of the service rule that is matched by traffic

string

320

vwlservice

Application that is matched by the traffic (internet-service-app-ctrl)

string

64

vwpvlanid

Virtual Wire Pair vlan id

uint32

10

wanin

WAN incoming traffic in bytes

uint64

20

wanoptapptype

WAN Optimization Application type

string

9

wanout

WAN outgoing traffic in bytes

uint64

20

17 - LOG_ID_TRAFFIC_SNIFFER

17 - LOG_ID_TRAFFIC_SNIFFER

Message ID: 17

Message Description: LOG_ID_TRAFFIC_SNIFFER

Message Meaning: Sniffer traffic

Type: Traffic

Category: sniffer

Severity: Notice

Log Field Name

Description

Data Type

Length

accessproxy

string

80

action

The status of the session: deny - Session was denied accept - Allowed Forward session start - Session starts (log message was created when the session was created) dns - DNS query return error ip-conn - Failed connection attempts close - Local-traffic session allowed timeout - Allowed session was timeout client-rst - Session reset by client server-rst - Session reset by server

string

16

agent

User agent - eg. agent="Mozilla/5.0"

string

64

ap

Access Point name

string

36

app

Application Name

string

96

appact

The security action from app control

string

16

appcat

Application category

string

64

appid

Application ID

uint32

10

applist

Application Control profile (name)

string

64

apprisk

Application Risk Level

string

16

apsn

Access Point serial number

string

36

authserver

Remote Authentication server

string

64

centralnatid

central-snat-map id

uint32

10

channel

WiFi Channel

uint32

10

clientdeviceid

string

80

clientdeviceowner

string

80

clientdevicetags

string

512

comment

Customized policy comment

string

1024

countapp

Number of App Ctrl logs associated with the session

uint32

10

countav

Number of AV logs associated with the session

uint32

10

countcifs

uint32

10

countdlp

Number of DLP logs associated with the session

uint32

10

countdns

Number of DNS Query logs associated with the session

uint32

10

countemail

Number of Email logs associated with the session

uint32

10

countff

uint32

10

counticap

uint32

10

countips

Number of IPS logs associated with the session

uint32

10

countsctpf

uint32

10

countssh

Number of SSH logs associated with the session

uint32

10

countssl

uint32

10

countwaf

Number of WAF logs associated with the session

uint32

10

countweb

Number of Web Filter logs associated with the session

uint32

10

craction

Action performed by Threat Weight

uint32

10

crlevel

Threat Weight level

string

10

crscore

Threat Weight score

uint32

10

date

Date

string

10

devid

Device Serial Number

string

16

devtype

Device Type

string

66

dstauthserver

string

64

dstcity

string

64

dstcountry

Country name for the destination IP

string

64

dstdevtype

Destination Device Type

string

66

dstfamily

string

66

dsthwvendor

string

66

dsthwversion

string

66

dstinetsvc

Internet service name for the destination

string

64

dstintf

Destination Interface

string

32

dstintfrole

Destination Interface's assigned role (LAN, WAN, etc.)

string

10

dstip

Destination IP Address

ip

39

dstmac

Destination Mac Address

string

17

dstname

Destination name

string

66

dstosname

Destination OS name

string

66

dstport

Destination Protocol Port Number

uint16

5

dstregion

string

64

dstreputation

uint32

10

dstserver

Destination Server

uint8

3

dstssid

Destination SSID

string

33

dstswversion

string

66

dstthreatfeed

string

36

dstunauthuser

string

66

dstunauthusersource

string

66

dstuser

string

256

dstuuid

UUID of the Destination Address Object

string

37

duration

Duration of the session

uint32

10

eventtime

Epoch time in nanoseconds

uint64

20

fctuid

FortiClient UID

string

32

gatewayid

uint32

10

group

User group name

string

64

identifier

uint16

5

lanin

LAN incoming traffic in bytes

uint64

20

lanout

LAN outgoing traffic in bytes

uint64

20

level

Log Level

string

11

logid

Log ID

string

10

masterdstmac

Destination master MAC address

string

17

mastersrcmac

The master MAC address for a host that has multiple network interfaces

string

17

msg

Log message

string

512

osname

Name of the device's OS

string

66

pdstport

uint16

5

policyid

Firewall Policy ID

uint32

10

policymode

string

8

policyname

Policy name

string

36

policytype

Policy type

string

24

poluuid

UUID of the Firewall Policy

string

37

proto

Protocol Number

uint8

3

psrcport

uint16

5

radioband

Radio Band

string

64

rcvdbyte

Received Bytes

uint64

20

rcvddelta

Delta Received Bytes

uint64

20

rcvdpkt

Received Packets

uint32

10

sentbyte

Sent Bytes

uint64

20

sentdelta

Delta Sent Bytes

uint64

20

sentpkt

Sent Packets

uint32

10

service

Name of Service

string

80

sessionid

Session ID

uint32

10

shaperdroprcvdbyte

Received bytes dropped by shaper

uint32

10

shaperdropsentbyte

Sent bytes dropped by shaper

uint32

10

shaperperipdropbyte

Dropped bytes per IP by shaper

uint32

10

shaperperipname

Traffic shaper name (per IP)

string

36

shaperrcvdname

Traffic shaper name for received traffic

string

36

shapersentname

Traffic shaper name for sent traffic

string

36

shapingpolicyid

Shaping Policy ID

uint32

10

signal

int8

4

snr

int8

4

srccity

string

64

srccountry

Country name for Source IP

string

64

srcdomain

string

255

srcfamily

string

66

srchwvendor

string

66

srchwversion

string

66

srcinetsvc

Internet service name for the source

string

64

srcintf

Source interface name

string

32

srcintfrole

Source Interface's assigned role (LAN, WAN, etc.)

string

10

srcip

Source IP address

ip

39

srcmac

MAC address associated with the Source IP

string

17

srcname

Source name

string

66

srcport

Source protocol port number

uint16

5

srcregion

string

64

srcreputation

uint32

10

srcserver

Source server

uint8

3

srcssid

Source SSID

string

33

srcswversion

string

66

srcthreatfeed

string

36

srcuuid

UUID of the Source Address Object

string

37

sslaction

Action taken by ssl-ssh-profile

string

26

subtype

Subtype of the traffic

string

20

time

Time

string

8

trandisp

NAT translation type

string

16

tranip

NAT Destination IP

ip

39

tranport

NAT Destination Port

uint16

5

transip

NAT Source IP

ip

39

transport

NAT Source Protocol Port

uint16

5

tunnelid

uint32

10

type

Log type

string

16

tz

Time zone

string

5

unauthuser

Unauthenticated user name

string

66

unauthusersource

The method used to detect unauthenticated user name

string

66

url

URL

string

512

user

User name

string

256

utmaction

Security action performed by UTM

string

32

vd

Virtual domain name

string

32

vip

string

64

vpntype

The type of the VPN tunnel

string

14

vrf

Virtual router forwarding

uint8

3

vwlid

Virtual Wan Link (SD-WAN) service id

uint32

10

vwlname

string

36

vwlquality

Quality info of the service rule that is matched by traffic

string

320

vwlservice

Application that is matched by the traffic (internet-service-app-ctrl)

string

64

vwpvlanid

Virtual Wire Pair vlan id

uint32

10

wanin

WAN incoming traffic in bytes

uint64

20

wanoptapptype

WAN Optimization Application type

string

9

wanout

WAN outgoing traffic in bytes

uint64

20