What's new
This section identifies major changes in the Log Reference from version 7.2.0 and later. For more information about new features, please see the FortiOS 7.2 New Features Guide.
FortiOS 7.2.1
Log type and subtype changes
-
The FortiSwitch log type is added.
Log field values
The following log field values are changed:
AV logs:
|
Field |
Change |
|---|---|
|
epoch |
Field Added |
|
eventid |
Field Added |
| fndrverdict | Field Added |
Event logs:
|
Field |
Change |
|---|---|
| alert | Field Removed |
| expectedsignature | Field Removed |
| handshake | Field Removed |
| protocol | Field Added |
| received | Field Removed |
| receivedsignature | Field Removed |
| remotetunnelid | Field Added |
| ssllocal | Field Removed |
| sslremote | Field Removed |
| wanin | Field Added |
| wanout | Field Added |
FortiSwitch logs:
|
Field |
Change |
|---|---|
| date | Field Added |
| devid | Field Added |
| dstip | Field Added |
| duration | Field Added |
| eventtime | Field Added |
| ftlkintf | Field Added |
| level | Field Added |
| logid | Field Added |
| proto | Field Added |
| rcvdbyte | Field Added |
| rcvdpkt | Field Added |
| srcip | Field Added |
| subtype | Field Added |
| switchid | Field Added |
| time | Field Added |
| type | Field Added |
| tz | Field Added |
| vd | Field Added |
GTP logs:
|
Field |
Change |
|---|---|
| clashtunnelidx | Field Added |
Traffic logs:
|
Field |
Change |
|---|---|
| saasname | Field Added |
| shapingpolicyname | Field Added |
| srcmacvendor | Field Added |
Web logs:
|
Field |
Change |
|---|---|
| videocategoryname | Field Added |
Log ID changes
Event logs:
|
Log ID |
Message |
Change |
|---|---|---|
| 20047 | LOG_ID_RAD_FAIL_IPV6_SOCKET | Log ID Removed |
| 20048 | LOG_ID_RAD_FAIL_OPT_IPV6_PKTINFO | Log ID Removed |
| 20049 | LOG_ID_RAD_FAIL_OPT_IPV6_CHECKSUM | Log ID Removed |
| 20050 | LOG_ID_RAD_FAIL_OPT_IPV6_UNICAST_HOPS | Log ID Removed |
| 20051 | LOG_ID_RAD_FAIL_OPT_IPV6_MULTICAST_HOPS | Log ID Removed |
| 20052 | LOG_ID_RAD_FAIL_OPT_IPV6_HOPLIMIT | Log ID Removed |
| 20053 | LOG_ID_RAD_FAIL_OPT_IPPROTO_ICMPV6 | Log ID Removed |
| 20054 | LOG_ID_RAD_EXIT_BY_SIGNAL | Log ID Removed |
| 20055 | LOG_ID_RAD_FAIL_CMDB_QUERY | Log ID Removed |
| 20056 | LOG_ID_RAD_FAIL_CMDB_FOR_EACH | Log ID Removed |
| 20057 | LOG_ID_RAD_FAIL_FIND_VIRT_INTF | Log ID Removed |
| 20058 | LOG_ID_RAD_UNLOAD_INTF | Log ID Removed |
| 20133 | LOG_ID_FIREWALL_POLICY_EXPIRE | Log ID Added |
| 20134 | LOG_ID_FIREWALL_POLICY_EXPIRED | Log ID Added |
| 20135 | LOG_ID_FAIS_LIC_EXPIRE | Log ID Added |
| 22062 | LOG_ID_IPAMSD_FLAG_CONFLICT | Log ID Added |
| 22063 | LOG_ID_IPAMSD_UNFLAG_CONFLICT | Log ID Added |
| 22116 | LOG_ID_POWER_REDUNDANCY_DEGRADE | Log ID Added |
| 22117 | LOG_ID_POWER_REDUNDANCY_FAILURE | Log ID Added |
| 22207 | LOG_ID_CERT_EXPIRE_WARNING | Log ID Added |
| 22914 | LOG_ID_FDS_SRV_CHG | Log ID Removed |
| 32263 | LOG_ID_AUTO_IMG_UPD_SCHEDULED | Log ID Added |
| 32554 | LOG_ID_UPD_ADMIN_DB | Log ID Added |
| 34428 | LOG_ID_NP7_HPE_PACKET_DROP | Log ID Added |
| 34430 | LOG_ID_NP7_HPE_PACKET_FLOOD | Log ID Added |
| 37912 | MESGID_FGSP_MEMBER_JOIN | Log ID Added |
| 37913 | MESGID_FGSP_MEMBER_LEAVE | Log ID Added |
| 43719 | LOG_ID_EVENT_WIRELESS_STA_PROBE_LOW_RSSI | Log ID Added |
| 45128 | LOG_ID_EC_EMS_REST_API_NEW_SUCCESS | Log ID Added |
| 45129 | LOG_ID_EC_EMS_EMS_VERIFY | Log ID Added |
| 45130 | LOG_ID_EC_EMS_EMS_VERIFY_FAILED | Log ID Added |
| 45131 | LOG_ID_EC_EMS_EMS_UNVERIFY | Log ID Added |
| 46517 | LOG_ID_INTERNAL_LTE_MODEM_WRONG_PIN | Log ID Added |
| 48000 | LOG_ID_WAD_SSL_RCV_HS | Log ID Removed |
| 48001 | LOG_ID_WAD_SSL_RCV_WRG_HS | Log ID Removed |
| 48002 | LOG_ID_WAD_SSL_SENT_HS | Log ID Removed |
| 48003 | LOG_ID_WAD_SSL_WRG_HS_LEN | Log ID Removed |
| 48004 | LOG_ID_WAD_SSL_RCV_CCS | Log ID Removed |
| 48005 | LOG_ID_WAD_SSL_RSA_DH_FAIL | Log ID Removed |
| 48006 | LOG_ID_WAD_SSL_SENT_CCS | Log ID Removed |
| 48007 | LOG_ID_WAD_SSL_BAD_HASH | Log ID Removed |
| 48009 | LOG_ID_WAD_SSL_DECRY_FAIL | Log ID Removed |
| 48011 | LOG_ID_WAD_SSL_LESS_MINOR | Log ID Removed |
| 48013 | LOG_ID_WAD_SSL_NOT_SUPPORT_CS | Log ID Removed |
| 48016 | LOG_ID_WAD_SSL_HS_FIN | Log ID Removed |
| 48017 | LOG_ID_WAD_SSL_HS_TOO_LONG | Log ID Removed |
| 48018 | LOG_ID_WAD_SSL_MORE_MINOR | Log ID Removed |
| 48019 | LOG_ID_WAD_SSL_SENT_ALERT | Log ID Removed |
| 48023 | LOG_ID_WAD_SSL_RCV_ALERT | Log ID Removed |
| 48027 | LOG_ID_WAD_SSL_INVALID_CONT_TYPE | Log ID Removed |
| 48029 | LOG_ID_WAD_SSL_BAD_CCS_LEN | Log ID Removed |
| 48031 | LOG_ID_WAD_SSL_BAD_DH | Log ID Removed |
| 48032 | LOG_ID_WAD_SSL_PUB_KEY_TOO_BIG | Log ID Removed |
| 48034 | LOG_ID_WAD_SSL_SERVER_KEY_HASH_ALGORITHM_MISMATCH | Log ID Removed |
| 48035 | LOG_ID_WAD_SSL_SERVER_KEY_SIGNATURE_ALGORITHM_MISMATCH | Log ID Removed |
| 48038 | LOG_ID_WAD_SSL_RCV_FATAL_ALERT | Log ID Removed |
| 48039 | LOG_ID_WAD_SSL_SENT_FATAL_ALERT | Log ID Removed |
| 48040 | LOG_ID_WAD_WANOPT_TUNNEL_CREATE | Log ID Added |
| 48041 | LOG_ID_WAD_WANOPT_TUNNEL_CLOSED | Log ID Added |
| 53311 | LOG_ID_NPU_PER_MAPPING_ALLOCATION | Log ID Added |
| 53315 | LOG_ID_LPM_ERROR | Log ID Added |
| 53316 | LOG_ID_LPM_INFO | Log ID Added |
FortiSwitch logs:
|
Log ID |
Message |
Change |
|---|---|---|
| 56001 | LOG_ID_FSW_FLOW | Log ID Added |
SSL logs:
|
Log ID |
Message |
Change |
|---|---|---|
| 62307 | LOG_ID_SSL_ANOMALY_CERT_SNI_MISMATCHED_INFO | Log ID Added |
FortiOS 7.2.0
Log field values
The following log field values are changed:
App logs:
|
Field |
Change |
|---|---|
|
agent |
Field Added |
|
clouddevice |
Field Added |
|
httpmethod |
Field Added |
|
referralurl |
Field Added |
AV logs:
|
Field |
Change |
|---|---|
|
faiaction |
Field Removed |
|
faiconfidence |
Field Removed |
|
faifileid |
Field Removed |
|
faifiletype |
Field Removed |
|
faiseverity |
Field Removed |
|
fndraction |
Field Added |
|
fndrconfidence |
Field Added |
|
fndrfileid |
Field Added |
|
fndrfiletype |
Field Added |
|
fndrseverity |
Field Added |
|
fsaaction |
Field Added |
|
fsafileid |
Field Added |
|
fsafiletype |
Field Added |
|
fsaseverity |
Field Added |
|
httpmethod |
Field Added |
|
referralurl |
Field Added |
DLP logs:
|
Field |
Change |
|---|---|
|
httpmethod |
Field Added |
|
referralurl |
Field Added |
Email logs:
|
Field |
Change |
|---|---|
|
poluuid |
Field Added |
Event logs:
|
Field |
Change |
|---|---|
|
advpnsc |
Field Added |
|
failuredev |
Field Added |
|
localdevcount |
Field Added |
|
moscodec |
Field Added |
|
mosvalue |
Field Added |
|
sensor |
Field Removed |
|
upgradedevice |
Field Added |
FILE-FILTER logs:
|
Field |
Change |
|---|---|
|
httpmethod |
Field Added |
|
referralurl |
Field Added |
GTP logs:
|
Field |
Change |
|---|---|
|
timeoutdelete |
Field Added |
IPS logs:
|
Field |
Change |
|---|---|
|
agent |
Field Added |
|
httpmethod |
Field Added |
|
referralurl |
Field Added |
WAF logs:
|
Field |
Change |
|---|---|
|
httpmethod |
Field Added |
|
method |
Field Removed |
|
poluuid |
Field Added |
|
ratemethod |
Field Added |
|
referralurl |
Field Added |
Web logs:
|
Field |
Change |
|---|---|
|
httpmethod |
Field Added |
|
method |
Field Removed |
|
ratemethod |
Field Added |
Log ID changes
The following log IDs are changed:
AV logs:
|
Log ID |
Message |
Change |
|---|---|---|
|
8224 |
MESGID_ICB_FAI_TIMEOUT_WARNING |
Log ID Added |
|
8225 |
MESGID_ICB_FAI_TIMEOUT_NOTIF |
Log ID Added |
|
8226 |
MESGID_MIME_ICB_FAI_TIMEOUT_WARNING |
Log ID Added |
|
8227 |
MESGID_MIME_ICB_FAI_TIMEOUT_NOTIF |
Log ID Added |
|
8228 |
MESGID_ICB_FAI_ERROR_WARNING |
Log ID Added |
|
8229 |
MESGID_ICB_FAI_ERROR_NOTIF |
Log ID Added |
|
8230 |
MESGID_MIME_ICB_FAI_ERROR_WARNING |
Log ID Added |
|
8231 |
MESGID_MIME_ICB_FAI_ERROR_NOTIF |
Log ID Added |
|
8232 |
MESGID_ICB_FSA_WARNING |
Log ID Added |
|
8233 |
MESGID_ICB_FSA_NOTIF |
Log ID Added |
|
8234 |
MESGID_MIME_ICB_FSA_WARNING |
Log ID Added |
|
8235 |
MESGID_MIME_ICB_FSA_NOTIF |
Log ID Added |
|
8236 |
MESGID_ICB_FSA_TIMEOUT_WARNING |
Log ID Added |
|
8237 |
MESGID_ICB_FSA_TIMEOUT_NOTIF |
Log ID Added |
|
8238 |
MESGID_MIME_ICB_FSA_TIMEOUT_WARNING |
Log ID Added |
|
8239 |
MESGID_MIME_ICB_FSA_TIMEOUT_NOTIF |
Log ID Added |
|
8240 |
MESGID_ICB_FSA_ERROR_WARNING |
Log ID Added |
|
8241 |
MESGID_ICB_FSA_ERROR_NOTIF |
Log ID Added |
|
8242 |
MESGID_MIME_ICB_FSA_ERROR_WARNING |
Log ID Added |
|
8243 |
MESGID_MIME_ICB_FSA_ERROR_NOTIF |
Log ID Added |
|
8983 |
MESGID_FORTIAI_FAILURE_WARNING |
Log ID Removed |
|
8984 |
MESGID_FORTIAI_FAILURE_NOTIF |
Log ID Removed |
|
8985 |
MESGID_FORTIAI_TIMEOUT_WARNING |
Log ID Removed |
|
8986 |
MESGID_FORTIAI_TIMEOUT_NOTIF |
Log ID Removed |
Event logs:
|
Log ID |
Message |
Change |
|---|---|---|
|
20214 |
LOG_ID_LOCAL_OUT_IOC |
Log ID Added |
|
22080 |
LOG_ID_PROVISION_LATEST_SUCCEEDED |
Log ID Added |
|
22081 |
LOG_ID_PROVISION_LATEST_FAILED |
Log ID Added |
|
22093 |
LOG_ID_FEDERATED_UPGRADE_STEP_COMPLETE |
Log ID Added |
|
22897 |
LOG_ID_FORTILINKD_SPLIT_PORT_INFO |
Log ID Added |
|
32180 |
LOG_ID_GEOIP_DB_INIT_FAIL |
Log ID Added |
|
32199 |
LOG_ID_RESTORE_IMG_USB |
Log ID Removed |
|
32262 |
LOG_ID_RESTORE_IMG_CONFIRM |
Log ID Added |
|
32567 |
LOG_ID_RESTORE_CONF_BY_USB |
Log ID Removed |
|
41007 |
LOG_ID_UPD_MANUAL_LICENSE_SUCC |
Log ID Added |
|
41008 |
LOG_ID_UPD_MANUAL_LICENSE_FAIL |
Log ID Added |
|
41009 |
LOG_ID_UPD_DB_SIGN_INVALID |
Log ID Added |
|
41010 |
LOG_ID_UPD_DB_SIGN_PASSED |
Log ID Added |
|
43716 |
LOG_ID_EVENT_WIRELESS_ADDRGRP_MAX_FW_ADDR |
Log ID Added |
|
43717 |
LOG_ID_EVENT_WIRELESS_STA_L3R_REHOME |
Log ID Added |
|
45126 |
LOG_ID_EC_CLOUD_ENTITLEMENT_LOST |
Log ID Added |