Fortinet black logo

FortiOS Log Message Reference

Log ID definitions

Log ID definitions

Following are the definitions for the log type IDs and subtype IDs applicable to FortiOS:

Log Category IDs

Subtype IDs

traffic: 0

  • forward: 0
  • local: 1
  • multicast: 2
  • sniffer: 4

event: 1

  • system: 0
  • vpn: 1
  • user: 2
  • router: 3
  • wireless: 4
  • wad: 5
  • endpoint: 7
  • ha: 8
  • security-rating: 10
  • fortiextender: 11
  • connector: 12
  • sdwan: 13
  • cifs-auth-fails: 14

virus: 2

  • analytics: 1
  • botnet: 2
  • filetype-executable: 3
  • outbreak-prevention: 4
  • content-disarm: 5
  • command-blocked: 6
  • malware-list: 7
  • infected: 11
  • filename: 12
  • oversize: 13
  • mimefragmented: 61
  • scanerror: 62
  • switchproto: 63

webfilter: 3

  • unknown: 0
  • content: 14
  • urlfilter: 15
  • ftgd_blk: 16
  • ftgd_allow: 17
  • ftgd_err: 18
  • activexfilter: 35
  • cookiefilter: 36
  • appletfilter: 37
  • ftgd_quota_counting: 38
  • ftgd_quota: 40
  • scriptfilter: 41
  • webfilter_command_block: 43
  • http_header_change: 44
  • ssl-exempt: 45
  • antiphishing: 46

ips: 4

  • signature: 19
  • malicious_url: 21
  • botnet

email: 5

  • msn-hotmail: 5
  • yahoo-mail: 6
  • gmail: 7
  • smtp: 8
  • pop3: 9
  • imap: 10
  • mapi: 11
  • carrier-endpoint-filter: 47
  • mass-mms: 52
  • ftgd_err: 53

anomaly: 7

  • anomaly: 20

voip: 8

  • voip: 14

dlp: 9

  • dlp: 54

app_ctrl: 10

  • signature: 59
  • port-violation: 60
  • protocol-violation: 61

WAF: 12

  • waf-signature: 0
  • waf-custom-signature: 1
  • waf-http-method: 2
  • waf-http-constraint: 3
  • waf-address-list: 4
  • waf-url-access: 5

GTP: 14

  • gtp-all: 0

DNS: 15

  • dns-query: 0
  • dns-response: 1

SSH: 16

  • ssh-command: 0
  • ssh-channel: 1

SSL: 17

  • ssl-anomalies: 0
  • ssl-exempt: 1
  • ssl-negotiation: 2

File Filter: 19

  • file-filter: 0

ICAP: 20

  • icap: 0

ZTNA: 21

  • ztna-clt-cert: 0

  • ztna-policy-match: 1

  • ztna-error: 2

Log ID definitions

Following are the definitions for the log type IDs and subtype IDs applicable to FortiOS:

Log Category IDs

Subtype IDs

traffic: 0

  • forward: 0
  • local: 1
  • multicast: 2
  • sniffer: 4

event: 1

  • system: 0
  • vpn: 1
  • user: 2
  • router: 3
  • wireless: 4
  • wad: 5
  • endpoint: 7
  • ha: 8
  • security-rating: 10
  • fortiextender: 11
  • connector: 12
  • sdwan: 13
  • cifs-auth-fails: 14

virus: 2

  • analytics: 1
  • botnet: 2
  • filetype-executable: 3
  • outbreak-prevention: 4
  • content-disarm: 5
  • command-blocked: 6
  • malware-list: 7
  • infected: 11
  • filename: 12
  • oversize: 13
  • mimefragmented: 61
  • scanerror: 62
  • switchproto: 63

webfilter: 3

  • unknown: 0
  • content: 14
  • urlfilter: 15
  • ftgd_blk: 16
  • ftgd_allow: 17
  • ftgd_err: 18
  • activexfilter: 35
  • cookiefilter: 36
  • appletfilter: 37
  • ftgd_quota_counting: 38
  • ftgd_quota: 40
  • scriptfilter: 41
  • webfilter_command_block: 43
  • http_header_change: 44
  • ssl-exempt: 45
  • antiphishing: 46

ips: 4

  • signature: 19
  • malicious_url: 21
  • botnet

email: 5

  • msn-hotmail: 5
  • yahoo-mail: 6
  • gmail: 7
  • smtp: 8
  • pop3: 9
  • imap: 10
  • mapi: 11
  • carrier-endpoint-filter: 47
  • mass-mms: 52
  • ftgd_err: 53

anomaly: 7

  • anomaly: 20

voip: 8

  • voip: 14

dlp: 9

  • dlp: 54

app_ctrl: 10

  • signature: 59
  • port-violation: 60
  • protocol-violation: 61

WAF: 12

  • waf-signature: 0
  • waf-custom-signature: 1
  • waf-http-method: 2
  • waf-http-constraint: 3
  • waf-address-list: 4
  • waf-url-access: 5

GTP: 14

  • gtp-all: 0

DNS: 15

  • dns-query: 0
  • dns-response: 1

SSH: 16

  • ssh-command: 0
  • ssh-channel: 1

SSL: 17

  • ssl-anomalies: 0
  • ssl-exempt: 1
  • ssl-negotiation: 2

File Filter: 19

  • file-filter: 0

ICAP: 20

  • icap: 0

ZTNA: 21

  • ztna-clt-cert: 0

  • ztna-policy-match: 1

  • ztna-error: 2