Log ID definitions

Log ID definitions

Following are the definitions for the log type IDs and subtype IDs applicable to FortiOS:

Log Category IDs	Subtype IDs
traffic: 0	forward: 0 local: 1 multicast: 2 sniffer: 4 ztna: 5
event: 1	system: 0 vpn: 1 user: 2 router: 3 wireless: 4 wad: 5 endpoint: 7 ha: 8 security-rating: 10 fortiextender: 11 connector: 12 sdwan: 13 cifs-auth-fail: 14 switch-controller: 15 rest-api: 16
virus: 2	analytics: 1 filetype-executable: 3 outbreak-prevention: 4 content-disarm: 5 command-blocked: 6 malware-list: 7 ems-threat-feed: 8 fortiai: 9 infected: 11 filename: 12 oversize: 13 mimefragmented: 61 scanerror: 62 switchproto: 63
webfilter: 3	content: 14 urlfilter: 15 ftgd_blk: 16 ftgd_allow: 17 ftgd_err: 18 urlmonitor: 19 activexfilter: 35 cookiefilter: 36 appletfilter: 37 ftgd_quota_counting: 38 ftgd_quota_expired: 39 ftgd_quota: 40 scriptfilter: 41 webfilter_command_block: 43 http_header_change: 44 ssl-exempt: 45 antiphishing: 46 videofilter-category: 47 videofilter-channel: 48
ips: 4	signature: 19 malicious-url: 21 botnet: 22
emailfilter: 5	email: 12 spam: 13 bannedword: 14 webmail: 20 ftgd_err: 53
anomaly: 7	anomaly: 20
voip: 8	voip: 14
dlp: 9	dlp: 54 dlp-docsource: 55
app-ctrl: 10	signature: 59 port-violation: 60 protocol-violation: 61
waf: 12	waf-signature: 0 waf-custom-signature: 1 waf-http-method: 2 waf-http-constraint: 3 waf-address-list: 4 waf-url-access: 5
gtp: 14	gtp-all: 0 pfcp-all: 1
dns: 15	dns-query: 0 dns-response: 1
ssh: 16	ssh-command: 0 ssh-channel: 1 ssh-hostkey: 2
ssl: 17	ssl-anomaly: 0 ssl-exempt: 1 ssl-negotiation: 2 ssl-server-cert-info: 3 ssl-handshake: 4
file-filter: 19	file-filter: 0
icap: 20	icap: 0

Log ID definitions

Following are the definitions for the log type IDs and subtype IDs applicable to FortiOS:

Log Category IDs

Subtype IDs

traffic: 0

forward: 0
local: 1
multicast: 2
sniffer: 4
ztna: 5

event: 1

system: 0
vpn: 1
user: 2
router: 3
wireless: 4
wad: 5
endpoint: 7
ha: 8
security-rating: 10
fortiextender: 11
connector: 12
sdwan: 13
cifs-auth-fail: 14
switch-controller: 15
rest-api: 16

virus: 2

analytics: 1
filetype-executable: 3
outbreak-prevention: 4
content-disarm: 5
command-blocked: 6
malware-list: 7
ems-threat-feed: 8
fortiai: 9
infected: 11
filename: 12
oversize: 13
mimefragmented: 61
scanerror: 62
switchproto: 63

webfilter: 3

content: 14
urlfilter: 15
ftgd_blk: 16
ftgd_allow: 17
ftgd_err: 18
urlmonitor: 19
activexfilter: 35
cookiefilter: 36
appletfilter: 37
ftgd_quota_counting: 38
ftgd_quota_expired: 39
ftgd_quota: 40
scriptfilter: 41
webfilter_command_block: 43
http_header_change: 44
ssl-exempt: 45
antiphishing: 46
videofilter-category: 47
videofilter-channel: 48

ips: 4

signature: 19
malicious-url: 21
botnet: 22

emailfilter: 5

email: 12
spam: 13
bannedword: 14
webmail: 20
ftgd_err: 53

anomaly: 7

anomaly: 20

voip: 8

voip: 14

dlp: 9

dlp: 54
dlp-docsource: 55

app-ctrl: 10

signature: 59
port-violation: 60
protocol-violation: 61

waf: 12

waf-signature: 0
waf-custom-signature: 1
waf-http-method: 2
waf-http-constraint: 3
waf-address-list: 4
waf-url-access: 5

gtp: 14

gtp-all: 0
pfcp-all: 1

dns: 15

dns-query: 0
dns-response: 1

ssh: 16

ssh-command: 0
ssh-channel: 1
ssh-hostkey: 2

ssl: 17

ssl-anomaly: 0
ssl-exempt: 1
ssl-negotiation: 2
ssl-server-cert-info: 3
ssl-handshake: 4

file-filter: 19

file-filter: 0

icap: 20

icap: 0

FortiOS Log Message Reference

Log ID definitions

Log ID definitions