Fortinet white logo
Fortinet white logo

FortiOS Log Message Reference

FortiOS priority levels

FortiOS priority levels

Each log entry contains a Level (level) field that indicates the estimated severity of the event that caused the log entry, such as level=warning, and therefore how high a priority it is likely to be. Level (level) associations with the descriptions below are not always uniform. They also may not correspond with your own definitions of how severe each event is. If you require notification when a specific event occurs, either configure SNMP traps or alert email by administrator-defined Severity Level (severity_level) or ID (logid), not by Level (level).

Level (0 is highest)

Name

Description

0

Emergency

The system is unusable or not responding.

1

Alert

Immediate action required. Used in security logs.

2

Critical

Functionality is affected.

3

Error

An error exists and functionality could be affected.

4

Warning

Functionality could be affected.

5

Notification

Information about normal events.

6

Information

General information about system operations. Used in event logs to record configuration changes.

For each location where the FortiGate device can store log files (disk, memory, Syslog or FortiAnalyzer), you can define a severity threshold. FortiOS stores all log messages equal to or exceeding the log severity level selected. For example, if you select Error, FortiOS will store log messages whose log severity level is Error, Critical, Alert, and Emergency.

FortiOS priority levels

FortiOS priority levels

Each log entry contains a Level (level) field that indicates the estimated severity of the event that caused the log entry, such as level=warning, and therefore how high a priority it is likely to be. Level (level) associations with the descriptions below are not always uniform. They also may not correspond with your own definitions of how severe each event is. If you require notification when a specific event occurs, either configure SNMP traps or alert email by administrator-defined Severity Level (severity_level) or ID (logid), not by Level (level).

Level (0 is highest)

Name

Description

0

Emergency

The system is unusable or not responding.

1

Alert

Immediate action required. Used in security logs.

2

Critical

Functionality is affected.

3

Error

An error exists and functionality could be affected.

4

Warning

Functionality could be affected.

5

Notification

Information about normal events.

6

Information

General information about system operations. Used in event logs to record configuration changes.

For each location where the FortiGate device can store log files (disk, memory, Syslog or FortiAnalyzer), you can define a severity threshold. FortiOS stores all log messages equal to or exceeding the log severity level selected. For example, if you select Error, FortiOS will store log messages whose log severity level is Error, Critical, Alert, and Emergency.