Fortinet white logo
Fortinet white logo

FortiOS Log Message Reference

16386 - LOGID_ATTCK_SIGNATURE_OTHERS

16386 - LOGID_ATTCK_SIGNATURE_OTHERS

Message ID: 16386

Message Description: LOGID_ATTCK_SIGNATURE_OTHERS

Message Meaning: Attack detected by other signature

Type: IPS

Category: signature

Severity: Alert

Log Field Name

Description

Data Type

Length

vrf

Virtual router forwarding

uint16

3

vd

Virtual domain name

string

32

user

User name

string

256

unauthusersource

Unauthenticated user source

string

66

unauthuser

Unauthenticated user

string

66

tz

string

5

type

Log type

string

16

trueclntip

True-Client-IP HTTP header

ip

39

transid

uint32

10

time

Time

string

8

subtype

Log Subtype

string

20

srcname

string

64

srcmac

string

17

srcip

Source IP

ip

39

srcintfrole

Source Interface's assigned role (LAN, WAN, etc.)

string

10

srcintf

Source Interface

string

64

srcdomain

string

255

srccountry

Country name for Source IP

string

64

severity

Severity of the attack

string

8

sessionid

Session ID

uint32

10

service

Service name

string

80

ref

URL of the FortiGuard IPS database entry for the attack.

string

4096

rawdataid

string

10

rawdata

Extended logging data including HTTP method, URL, client content type, server content type, user agent, referer, x-forwarded-for

string

20480

psrcport

uint16

5

proto

Protocol number

uint8

3

profile

Profile name for IPS

string

64

poluuid

string

37

policytype

string

24

policymode

string

8

policyid

Policy ID

uint32

10

pdstport

uint16

5

msg

Log message for the attack

string

518

messageid

string

256

logid

Log ID

string

10

level

Log Level

string

11

incidentserialno

Incident serial number

uint32

10

group

User group name

string

512

forwardedfor

X-Forwarded-For HTTP header

string

128

fctuid

FortiClient UID

string

32

eventtype

IPS Event Type

string

32

eventtime

Time when detection occured

uint64

20

dstuser

string

256

dstip

Destination IP

ip

39

dstintfrole

Destination Interface's assigned role (LAN, WAN, etc.)

string

10

dstintf

Destination Interface

string

64

dstcountry

string

64

dstauthserver

string

64

direction

Message/packets direction

string

8

devid

Deivce ID

string

16

date

Date

string

10

crscore

Client Reputation Score

uint32

10

crlevel

Client Reputation Level

string

10

craction

Action performed by Threat Weight

uint32

10

authserver

Authentication server for the user

string

64

attackid

Attack ID

uint32

10

attackcontextid

Attack context ID / total

string

10

attackcontext

The trigger patterns and the packet data with base64 encoding

string

2048

attack

Attack Name

string

256

action

Security action performed by IPS: detected - Attack is detected , but NOT blocked (similar to monitor) dropped - Silent packet blocked reset - Blocked and respond with Reset reset_client - Blocked and reset sent to the client reset_server - Blocked and reset sent to the server drop_session - Silent block pass_session - Session allowed clear_session - Session was removed /closed

string

16

16386 - LOGID_ATTCK_SIGNATURE_OTHERS

16386 - LOGID_ATTCK_SIGNATURE_OTHERS

Message ID: 16386

Message Description: LOGID_ATTCK_SIGNATURE_OTHERS

Message Meaning: Attack detected by other signature

Type: IPS

Category: signature

Severity: Alert

Log Field Name

Description

Data Type

Length

vrf

Virtual router forwarding

uint16

3

vd

Virtual domain name

string

32

user

User name

string

256

unauthusersource

Unauthenticated user source

string

66

unauthuser

Unauthenticated user

string

66

tz

string

5

type

Log type

string

16

trueclntip

True-Client-IP HTTP header

ip

39

transid

uint32

10

time

Time

string

8

subtype

Log Subtype

string

20

srcname

string

64

srcmac

string

17

srcip

Source IP

ip

39

srcintfrole

Source Interface's assigned role (LAN, WAN, etc.)

string

10

srcintf

Source Interface

string

64

srcdomain

string

255

srccountry

Country name for Source IP

string

64

severity

Severity of the attack

string

8

sessionid

Session ID

uint32

10

service

Service name

string

80

ref

URL of the FortiGuard IPS database entry for the attack.

string

4096

rawdataid

string

10

rawdata

Extended logging data including HTTP method, URL, client content type, server content type, user agent, referer, x-forwarded-for

string

20480

psrcport

uint16

5

proto

Protocol number

uint8

3

profile

Profile name for IPS

string

64

poluuid

string

37

policytype

string

24

policymode

string

8

policyid

Policy ID

uint32

10

pdstport

uint16

5

msg

Log message for the attack

string

518

messageid

string

256

logid

Log ID

string

10

level

Log Level

string

11

incidentserialno

Incident serial number

uint32

10

group

User group name

string

512

forwardedfor

X-Forwarded-For HTTP header

string

128

fctuid

FortiClient UID

string

32

eventtype

IPS Event Type

string

32

eventtime

Time when detection occured

uint64

20

dstuser

string

256

dstip

Destination IP

ip

39

dstintfrole

Destination Interface's assigned role (LAN, WAN, etc.)

string

10

dstintf

Destination Interface

string

64

dstcountry

string

64

dstauthserver

string

64

direction

Message/packets direction

string

8

devid

Deivce ID

string

16

date

Date

string

10

crscore

Client Reputation Score

uint32

10

crlevel

Client Reputation Level

string

10

craction

Action performed by Threat Weight

uint32

10

authserver

Authentication server for the user

string

64

attackid

Attack ID

uint32

10

attackcontextid

Attack context ID / total

string

10

attackcontext

The trigger patterns and the packet data with base64 encoding

string

2048

attack

Attack Name

string

256

action

Security action performed by IPS: detected - Attack is detected , but NOT blocked (similar to monitor) dropped - Silent packet blocked reset - Blocked and respond with Reset reset_client - Blocked and reset sent to the client reset_server - Blocked and reset sent to the server drop_session - Silent block pass_session - Session allowed clear_session - Session was removed /closed

string

16