Fortinet white logo
Fortinet white logo

FortiOS Log Message Reference

8200 - MESGID_MIME_FILETYPE_EXE_WARNING

8200 - MESGID_MIME_FILETYPE_EXE_WARNING

Message ID: 8200

Message Description: MESGID_MIME_FILETYPE_EXE_WARNING

Message Meaning: File is an executable (warning)

Type: Virus

Category: filetype-executable

Severity: Warning

Log Field Name

Description

Data Type

Length

action

The status of the session: blocked - Blocked infected file by AV engine passthrough - Allowed by AV engine monitored - Log, but do NOT block infected file analytics - Submitted to Sandbox for analysis

string

18

agent

User agent - eg. agent="Mozilla/5.0"

string

1024

analyticscksum

The checksum of the file submitted for analytics

string

64

analyticssubmit

The flag for analytics submission

string

10

attachment

string

3

authserver

Server used to authenticate the involved user

string

64

cc

string

512

checksum

The checksum of the scanned file

string

16

craction

Threat Weight action

uint32

10

crlevel

Threat Weight Level

string

10

crscore

Threat Weight Score

uint32

10

date

Date

string

10

devid

string

16

direction

Message/packets direction

string

8

dstauthserver

string

64

dstcountry

string

64

dstintf

Destination Interface

string

32

dstintfrole

Destination Interface's assigned role (LAN, WAN, etc.)

string

10

dstip

Destination IP Address

ip

39

dstport

Destination Port

uint16

5

dstuser

string

256

dstuuid

string

37

dtype

Data type for virus category

string

32

eventtime

Time when detection occured

uint64

20

eventtype

Event type of AV

string

32

fctuid

Forticlient user ID

string

32

filename

File name

string

256

forwardedfor

string

128

from

Email address from the Email Headers (IMAP/POP3/SMTP)

string

128

group

Group name (authentication)

string

512

httpmethod

string

20

level

Log level

string

11

logid

Log ID

string

10

msg

Log message

string

4096

pdstport

uint16

5

policyid

Policy ID

uint32

10

policymode

string

8

policytype

string

24

poluuid

string

37

profile

The name of the profile that was used to detect and take action

string

64

proto

Protocol number

uint8

3

psrcport

uint16

5

quarskip

Quarantine skip explanation

string

46

recipient

Email addresses from the SMTP envelope

string

512

referralurl

string

512

sender

Email address from the SMTP envelope

string

128

service

Proxy service which scanned this traffic

string

5

sessionid

Session ID

uint32

10

srccountry

string

64

srcdomain

string

255

srcintf

Source Interface

string

32

srcintfrole

Source Interface's assigned role (LAN, WAN, etc.)

string

10

srcip

Source IP Address

ip

39

srcport

Source Port

uint16

5

srcuuid

string

37

subject

string

256

subservice

string

16

subtype

Subtype of the virus log

string

20

time

Time

string

8

to

Email address(es) from the Email Headers (IMAP/POP3/SMTP)

string

512

trueclntip

ip

39

type

Log type

string

16

tz

Time Zone

string

5

unauthuser

string

66

unauthusersource

string

66

user

Username (authentication)

string

256

vd

VDOM name

string

32

vrf

uint8

3

8200 - MESGID_MIME_FILETYPE_EXE_WARNING

8200 - MESGID_MIME_FILETYPE_EXE_WARNING

Message ID: 8200

Message Description: MESGID_MIME_FILETYPE_EXE_WARNING

Message Meaning: File is an executable (warning)

Type: Virus

Category: filetype-executable

Severity: Warning

Log Field Name

Description

Data Type

Length

action

The status of the session: blocked - Blocked infected file by AV engine passthrough - Allowed by AV engine monitored - Log, but do NOT block infected file analytics - Submitted to Sandbox for analysis

string

18

agent

User agent - eg. agent="Mozilla/5.0"

string

1024

analyticscksum

The checksum of the file submitted for analytics

string

64

analyticssubmit

The flag for analytics submission

string

10

attachment

string

3

authserver

Server used to authenticate the involved user

string

64

cc

string

512

checksum

The checksum of the scanned file

string

16

craction

Threat Weight action

uint32

10

crlevel

Threat Weight Level

string

10

crscore

Threat Weight Score

uint32

10

date

Date

string

10

devid

string

16

direction

Message/packets direction

string

8

dstauthserver

string

64

dstcountry

string

64

dstintf

Destination Interface

string

32

dstintfrole

Destination Interface's assigned role (LAN, WAN, etc.)

string

10

dstip

Destination IP Address

ip

39

dstport

Destination Port

uint16

5

dstuser

string

256

dstuuid

string

37

dtype

Data type for virus category

string

32

eventtime

Time when detection occured

uint64

20

eventtype

Event type of AV

string

32

fctuid

Forticlient user ID

string

32

filename

File name

string

256

forwardedfor

string

128

from

Email address from the Email Headers (IMAP/POP3/SMTP)

string

128

group

Group name (authentication)

string

512

httpmethod

string

20

level

Log level

string

11

logid

Log ID

string

10

msg

Log message

string

4096

pdstport

uint16

5

policyid

Policy ID

uint32

10

policymode

string

8

policytype

string

24

poluuid

string

37

profile

The name of the profile that was used to detect and take action

string

64

proto

Protocol number

uint8

3

psrcport

uint16

5

quarskip

Quarantine skip explanation

string

46

recipient

Email addresses from the SMTP envelope

string

512

referralurl

string

512

sender

Email address from the SMTP envelope

string

128

service

Proxy service which scanned this traffic

string

5

sessionid

Session ID

uint32

10

srccountry

string

64

srcdomain

string

255

srcintf

Source Interface

string

32

srcintfrole

Source Interface's assigned role (LAN, WAN, etc.)

string

10

srcip

Source IP Address

ip

39

srcport

Source Port

uint16

5

srcuuid

string

37

subject

string

256

subservice

string

16

subtype

Subtype of the virus log

string

20

time

Time

string

8

to

Email address(es) from the Email Headers (IMAP/POP3/SMTP)

string

512

trueclntip

ip

39

type

Log type

string

16

tz

Time Zone

string

5

unauthuser

string

66

unauthusersource

string

66

user

Username (authentication)

string

256

vd

VDOM name

string

32

vrf

uint8

3