Fortinet black logo

FortiOS Log Message Reference

24576 - LOG_ID_DLP_WARN

24576 - LOG_ID_DLP_WARN

Message ID: 24576

Message Description: LOG_ID_DLP_WARN

Message Meaning: Data leak detected by specified DLP sensor rule

Type: DLP

Category: DLP

Severity: Warning

Log Field Name

Description

Data Type

Length

action

The status of the session: log-only - DLP event is detected , but NOT blocked (similar to monitor action) block - Blocked exempt - Allowed ban - blocked (Not in used since FortiOS 5.0, replaced by blocked) ban-sender - blocks all data being sent by an ip or user (Not in used since FortiOS 5.0, replaced by quarantine) quarantine-ip - Blocked and band the source ip (Not in used since FortiOS 5.0) quarantine-interface - Blocked and band the source interface (Not in used since FortiOS 5.0)

string

20

agent

User agent - eg. agent="Mozilla/5.0"

string

64

attachment

string

3

authserver

Authentication Server

string

64

cc

string

512

date

Date

string

10

devid

Device ID

string

16

direction

Direction of packets

string

8

dlpextra

DLP extra information

string

256

dstauthserver

string

64

dstintf

Destination Interface

string

32

dstintfrole

Destination Interface's assigned role (LAN, WAN, etc.)

string

10

dstip

Destination IP

ip

39

dstport

Destination Port

uint16

5

dstuser

string

256

dstuuid

string

37

epoch

Epoch used for locating file

uint32

10

eventid

The serial number of the dlparchive file in the same epoch

uint32

10

eventtime

Event Time, time when DLP event detected.

uint64

20

eventtype

DLP event type

string

32

fctuid

FortiClient User ID

string

32

filename

File name

string

256

filesize

File size in bytes

uint64

10

filetype

File type

string

23

filtercat

DLP filter category

string

8

filteridx

DLP filter ID

uint32

10

filtername

DLP rule name

string

128

filtertype

DLP filter type

string

23

forwardedfor

Forwarded For

string

128

from

Email address from the Email Headers (IMAP/POP3/SMTP)

string

128

group

User group name

string

64

hostname

The host name of a URL

string

256

infectedfilelevel

Infected File Level (Critical,Warning etc)

uint32

10

infectedfilename

Infected File Name

string

256

infectedfilesize

Infected File Size

uint64

10

infectedfiletype

Infected File Type

string

23

level

Log Level

string

11

logid

Log ID

string

10

pdstport

uint16

5

policyid

Policy ID

uint32

10

policymode

string

8

profile

DLP profile name

string

64

proto

Protocol number

uint8

3

psrcport

uint16

5

rawdata

Raw Data

string

1024

recipient

Email addresses from the SMTP envelope

string

512

sender

Email address from the SMTP envelope

string

128

service

Service name

string

36

sessionid

Session ID

uint32

10

severity

Severity level of a DLP rule

string

8

srcdomain

string

255

srcintf

Source Interface

string

32

srcintfrole

Source Interface's assigned role (LAN, WAN, etc.)

string

10

srcip

Source IP

ip

39

srcport

Source Port

uint16

5

srcuuid

string

37

subject

The subject title of the email message

string

256

subservice

string

16

subtype

Log subtype

string

20

time

Time

string

8

to

Email address(es) from the Email Headers (IMAP/POP3/SMTP)

string

512

trueclntip

True client's IP

ip

39

type

Log type

string

16

tz

string

5

unauthuser

Unauthenticated user

string

66

unauthusersource

Unauthenticated user source

string

66

url

The URL address

string

512

user

User name

string

256

vd

Virtual domain name

string

32

vrf

Virtual Routing Forwarding

uint8

3

24576 - LOG_ID_DLP_WARN

Message ID: 24576

Message Description: LOG_ID_DLP_WARN

Message Meaning: Data leak detected by specified DLP sensor rule

Type: DLP

Category: DLP

Severity: Warning

Log Field Name

Description

Data Type

Length

action

The status of the session: log-only - DLP event is detected , but NOT blocked (similar to monitor action) block - Blocked exempt - Allowed ban - blocked (Not in used since FortiOS 5.0, replaced by blocked) ban-sender - blocks all data being sent by an ip or user (Not in used since FortiOS 5.0, replaced by quarantine) quarantine-ip - Blocked and band the source ip (Not in used since FortiOS 5.0) quarantine-interface - Blocked and band the source interface (Not in used since FortiOS 5.0)

string

20

agent

User agent - eg. agent="Mozilla/5.0"

string

64

attachment

string

3

authserver

Authentication Server

string

64

cc

string

512

date

Date

string

10

devid

Device ID

string

16

direction

Direction of packets

string

8

dlpextra

DLP extra information

string

256

dstauthserver

string

64

dstintf

Destination Interface

string

32

dstintfrole

Destination Interface's assigned role (LAN, WAN, etc.)

string

10

dstip

Destination IP

ip

39

dstport

Destination Port

uint16

5

dstuser

string

256

dstuuid

string

37

epoch

Epoch used for locating file

uint32

10

eventid

The serial number of the dlparchive file in the same epoch

uint32

10

eventtime

Event Time, time when DLP event detected.

uint64

20

eventtype

DLP event type

string

32

fctuid

FortiClient User ID

string

32

filename

File name

string

256

filesize

File size in bytes

uint64

10

filetype

File type

string

23

filtercat

DLP filter category

string

8

filteridx

DLP filter ID

uint32

10

filtername

DLP rule name

string

128

filtertype

DLP filter type

string

23

forwardedfor

Forwarded For

string

128

from

Email address from the Email Headers (IMAP/POP3/SMTP)

string

128

group

User group name

string

64

hostname

The host name of a URL

string

256

infectedfilelevel

Infected File Level (Critical,Warning etc)

uint32

10

infectedfilename

Infected File Name

string

256

infectedfilesize

Infected File Size

uint64

10

infectedfiletype

Infected File Type

string

23

level

Log Level

string

11

logid

Log ID

string

10

pdstport

uint16

5

policyid

Policy ID

uint32

10

policymode

string

8

profile

DLP profile name

string

64

proto

Protocol number

uint8

3

psrcport

uint16

5

rawdata

Raw Data

string

1024

recipient

Email addresses from the SMTP envelope

string

512

sender

Email address from the SMTP envelope

string

128

service

Service name

string

36

sessionid

Session ID

uint32

10

severity

Severity level of a DLP rule

string

8

srcdomain

string

255

srcintf

Source Interface

string

32

srcintfrole

Source Interface's assigned role (LAN, WAN, etc.)

string

10

srcip

Source IP

ip

39

srcport

Source Port

uint16

5

srcuuid

string

37

subject

The subject title of the email message

string

256

subservice

string

16

subtype

Log subtype

string

20

time

Time

string

8

to

Email address(es) from the Email Headers (IMAP/POP3/SMTP)

string

512

trueclntip

True client's IP

ip

39

type

Log type

string

16

tz

string

5

unauthuser

Unauthenticated user

string

66

unauthusersource

Unauthenticated user source

string

66

url

The URL address

string

512

user

User name

string

256

vd

Virtual domain name

string

32

vrf

Virtual Routing Forwarding

uint8

3