Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY 7.6.1
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    FortiOS Log Message Reference

    Home FortiGate / FortiOS 7.6.1 FortiOS Log Message Reference
    7.6.1
    8.0.0
    7.6.6
    7.6.5
    7.6.4
    7.6.3
    7.6.2
    7.6.1
    7.6.0
    7.4.12
    7.4.11
    7.4.10
    7.4.9
    7.4.8
    7.4.7
    7.4.6
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.13
    7.2.12
    7.2.11
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.19
    7.0.18
    7.0.17
    7.0.16
    7.0.15
    7.0.14
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.0
    6.2.0
    6.0.18
    6.0.17
    6.0.16
    6.0.15
    6.0.14
    6.0.13
    6.0.12
    6.0.11
    6.0.10
    6.0.9
    6.0.8
    6.0.7
    6.0.6
    6.0.5
    6.0.4
    6.0.3
    6.0.2
    6.0.1
    6.0.0
    5.6.14
    5.6.13
    5.6.12
    5.6.11
    5.6.10
    5.6.9
    5.6.8
    5.6.7
    5.6.6
    5.6.5
    5.6.4
    5.6.3
    5.6.2
    5.6.1
    5.6.0
    5.4.13
    5.4.12
    5.4.11
    5.4.9
    5.4.8
    5.4.7
    5.4.6
    5.4.5
    5.4.4
    5.4.3
    5.4.2
    5.4.1
    5.4.0
    5.2.15
    5.2.14
    5.2.13
    5.2.12
    5.2.11
    5.2.10
    5.2.8
    5.2.7
    5.2.6
    5.2.5
    5.2.4
    5.2.3
    5.2.2
    5.2.1

    What's new

    What's new

    This section identifies major changes in the Log Reference from version 7.6.0 and later. For more information about new features, please see the FortiOS 7.6 New Features Guide.

    FortiOS 7.6.1

    Log field values

    The following log field values are changed:

    casb logs:

    Field

    Change

    subaction

    Field Added

    tenantmatch

    Field Added

    Event logs:

    Field

    Change

    connector

    Field Added

    Traffic logs:

    Field

    Change

    tcpnrt

    Field Added

    tcporgrtrs

    Field Added

    tcprplrtrs

    Field Added

    tcprst

    Field Added

    tcpsrt

    Field Added

    tcpsynackrtrs

    Field Added

    tcpsynrtrs

    Field Added

    virtual-patch logs:

    Field

    Change

    msg

    Field Added

    Webfilter logs:

    Field

    Change

    urlrisk

    Field Added

    Log ID changes

    The following log IDs are changed:

    Event logs:

    Log ID

    Message

    Change

    22818

    LOG_ID_SCANUNIT_DLP_BUILDER_TIMEOUT

    Log ID Added

    22906

    LOG_ID_SECURITY_LEVEL_CHANGE

    Log ID Added

    22907

    LOG_ID_INPUT_DETECTION

    Log ID Added

    22908

    LOG_ID_OUTPUT_DETECTION

    Log ID Added

    22957

    LOG_ID_SANDBOX_CLOUD_ERRCON

    Log ID Added

    32310

    LOG_ID_USB_DEVICE_DETECTED

    Log ID Added

    32311

    LOG_ID_USB_DEVICE_MOUNTED

    Log ID Added

    32312

    LOG_ID_USB_DEVICE_EJECTED

    Log ID Added

    32625

    LOG_ID_FGT_SWITCH_IMG_VERIFICATION

    Log ID Added

    37142

    MESGID_TRANSPORT_SWITCH

    Log ID Added

    40708

    LOG_ID_EVENT_SYS_FTGD_RESOURCE_FAIL

    Log ID Removed

    43536

    LOG_ID_EVENT_WIRELESS_WIDS_GENERAL

    Log ID Added

    43537

    LOG_ID_EVENT_WIRELESS_WIDS_RISKY_ENCRYPTION

    Log ID Added

    43538

    LOG_ID_EVENT_WIRELESS_WIDS_VALID_STA_MISASSOC

    Log ID Added

    43723

    LOG_ID_EVENT_WIRELESS_SYS_AC_DOWN

    Log ID Added

    45134

    LOG_ID_EC_SHM_ENDPOINT_UPDATE

    Log ID Added

    45135

    LOG_ID_EC_SHM_ENDPOINT_DELETE

    Log ID Added

    46527

    LOG_ID_INTERNAL_LTE_MODEM_SIM_SWITCH_SIM_STATE

    Log ID Added

    53407

    LOG_ID_FABRIC_VPN_PSK_SECRET_UPG_SET

    Log ID Added

    SSH logs:

    Log ID

    Message

    Change

    61014

    LOG_ID_SSH_UNSUPPORT_PROTO_BLOCK

    Log ID Added

    61015

    LOG_ID_SSH_UNSUPPORT_PROTO_PASS

    Log ID Added

    Webfilter logs:

    Log ID

    Message

    Change

    13058

    LOG_ID_WEB_FTGD_RISK_BLK

    Log ID Added

    13313

    LOG_ID_WEB_FTGD_RISK_ALLOW

    Log ID Added

    FortiOS 7.6.0

    Log type and subtype changes

    The http-transaction log subtype is added.

    Log field values

    The following log field values are changed:

    APP-CTRL logs:

    Field

    Change

    messageid

    Field Added

    transid

    Field Added

    casb logs:

    Field

    Change

    srcmac

    Field Added

    srcname

    Field Added

    DLP logs:

    Field

    Change

    messageid

    Field Added

    srcmac

    Field Added

    srcname

    Field Added

    transid

    Field Added

    EmailFilter logs:

    Field

    Change

    messageid

    Field Added

    srcmac

    Field Added

    srcname

    Field Added

    transid

    Field Added

    Event logs:

    Field

    Change

    extinvalid

    Field Added

    exttotal

    Field Added

    uuid

    Field Added

    FILE-FILTER logs:

    Field

    Change

    messageid

    Field Added

    srcmac

    Field Added

    srcname

    Field Added

    transid

    Field Added

    ICAP logs:

    Field

    Change

    srcmac

    Field Added

    srcname

    Field Added

    transid

    Field Added

    IPS logs:

    Field

    Change

    messageid

    Field Added

    srcmac

    Field Added

    srcname

    Field Added

    transid

    Field Added

    SSL logs:

    Field

    Change

    srcmac

    Field Added

    srcname

    Field Added

    transid

    Field Added

    Traffic logs:

    Field

    Change

    emstag

    Field Added

    emstag2

    Field Added

    hostname

    Field Added

    httpmethod

    Field Added

    referralurl

    Field Added

    reqlength

    Field Added

    reqtime

    Field Added

    respfinishtime

    Field Added

    resplength

    Field Added

    resptime

    Field Added

    resptype

    Field Added

    scheme

    Field Added

    statuscode

    Field Added

    transid

    Field Added

    Virus logs:

    Field

    Change

    itype

    Field Added

    messageid

    Field Added

    srcmac

    Field Added

    srcname

    Field Added

    transid

    Field Added

    WAF logs:

    Field

    Change

    transid

    Field Added

    Webfilter logs:

    Field

    Change

    srcmac

    Field Added

    srcname

    Field Added

    Log ID changes

    The following log IDs are changed:

    Event logs:

    Log ID

    Message

    Change

    22905

    LOG_ID_LOGDEV_STATUS_CHANGE

    Log ID Added

    22970

    LOG_ID_EVENT_MAC_FLAPPING

    Log ID Added

    32701

    LOG_ID_FGT_INTF_IP_CONFLICT

    Log ID Added

    35100

    LOG_ID_PACKET_SNIFFER_START

    Log ID Added

    35101

    LOG_ID_PACKET_SNIFFER_STOP

    Log ID Added

    37914

    MESGID_HBDEV_BACKUP

    Log ID Added

    40708

    LOG_ID_EVENT_SYS_FTGD_RESOURCE_FAIL

    Log ID Added

    43052

    LOG_ID_EVENT_AUTH_BACKUP_SUCCESS

    Log ID Added

    43053

    LOG_ID_EVENT_AUTH_BACKUP_FAILED

    Log ID Added

    43054

    LOG_ID_EVENT_AUTH_RESTORE_SUCCESS

    Log ID Added

    43055

    LOG_ID_EVENT_AUTH_RESTORE_FAILED

    Log ID Added

    44557

    LOGID_EVENT_CONFIG_REQUEST_DENIED

    Log ID Added

    44558

    LOGID_EVENT_NEWCLI_SPAWN_ATTEMPT

    Log ID Added

    53050

    LOG_ID_FTC_AUTH_FAILED

    Log ID Added

    53402

    LOG_ID_FGFM_RECOVERY

    Log ID Added

    Traffic logs:

    Log ID

    Message

    Change

    26

    LOG_ID_TRAFFIC_HTTP_TRANSACTION

    Log ID Added

    Webfilter logs:

    Log ID

    Message

    Change

    13318

    LOG_ID_WEB_DOMAIN_FRONTING

    Log ID Added

    Previous
    Next

    What's new

    What's new

    This section identifies major changes in the Log Reference from version 7.6.0 and later. For more information about new features, please see the FortiOS 7.6 New Features Guide.

    FortiOS 7.6.1

    Log field values

    The following log field values are changed:

    casb logs:

    Field

    Change

    subaction

    Field Added

    tenantmatch

    Field Added

    Event logs:

    Field

    Change

    connector

    Field Added

    Traffic logs:

    Field

    Change

    tcpnrt

    Field Added

    tcporgrtrs

    Field Added

    tcprplrtrs

    Field Added

    tcprst

    Field Added

    tcpsrt

    Field Added

    tcpsynackrtrs

    Field Added

    tcpsynrtrs

    Field Added

    virtual-patch logs:

    Field

    Change

    msg

    Field Added

    Webfilter logs:

    Field

    Change

    urlrisk

    Field Added

    Log ID changes

    The following log IDs are changed:

    Event logs:

    Log ID

    Message

    Change

    22818

    LOG_ID_SCANUNIT_DLP_BUILDER_TIMEOUT

    Log ID Added

    22906

    LOG_ID_SECURITY_LEVEL_CHANGE

    Log ID Added

    22907

    LOG_ID_INPUT_DETECTION

    Log ID Added

    22908

    LOG_ID_OUTPUT_DETECTION

    Log ID Added

    22957

    LOG_ID_SANDBOX_CLOUD_ERRCON

    Log ID Added

    32310

    LOG_ID_USB_DEVICE_DETECTED

    Log ID Added

    32311

    LOG_ID_USB_DEVICE_MOUNTED

    Log ID Added

    32312

    LOG_ID_USB_DEVICE_EJECTED

    Log ID Added

    32625

    LOG_ID_FGT_SWITCH_IMG_VERIFICATION

    Log ID Added

    37142

    MESGID_TRANSPORT_SWITCH

    Log ID Added

    40708

    LOG_ID_EVENT_SYS_FTGD_RESOURCE_FAIL

    Log ID Removed

    43536

    LOG_ID_EVENT_WIRELESS_WIDS_GENERAL

    Log ID Added

    43537

    LOG_ID_EVENT_WIRELESS_WIDS_RISKY_ENCRYPTION

    Log ID Added

    43538

    LOG_ID_EVENT_WIRELESS_WIDS_VALID_STA_MISASSOC

    Log ID Added

    43723

    LOG_ID_EVENT_WIRELESS_SYS_AC_DOWN

    Log ID Added

    45134

    LOG_ID_EC_SHM_ENDPOINT_UPDATE

    Log ID Added

    45135

    LOG_ID_EC_SHM_ENDPOINT_DELETE

    Log ID Added

    46527

    LOG_ID_INTERNAL_LTE_MODEM_SIM_SWITCH_SIM_STATE

    Log ID Added

    53407

    LOG_ID_FABRIC_VPN_PSK_SECRET_UPG_SET

    Log ID Added

    SSH logs:

    Log ID

    Message

    Change

    61014

    LOG_ID_SSH_UNSUPPORT_PROTO_BLOCK

    Log ID Added

    61015

    LOG_ID_SSH_UNSUPPORT_PROTO_PASS

    Log ID Added

    Webfilter logs:

    Log ID

    Message

    Change

    13058

    LOG_ID_WEB_FTGD_RISK_BLK

    Log ID Added

    13313

    LOG_ID_WEB_FTGD_RISK_ALLOW

    Log ID Added

    FortiOS 7.6.0

    Log type and subtype changes

    The http-transaction log subtype is added.

    Log field values

    The following log field values are changed:

    APP-CTRL logs:

    Field

    Change

    messageid

    Field Added

    transid

    Field Added

    casb logs:

    Field

    Change

    srcmac

    Field Added

    srcname

    Field Added

    DLP logs:

    Field

    Change

    messageid

    Field Added

    srcmac

    Field Added

    srcname

    Field Added

    transid

    Field Added

    EmailFilter logs:

    Field

    Change

    messageid

    Field Added

    srcmac

    Field Added

    srcname

    Field Added

    transid

    Field Added

    Event logs:

    Field

    Change

    extinvalid

    Field Added

    exttotal

    Field Added

    uuid

    Field Added

    FILE-FILTER logs:

    Field

    Change

    messageid

    Field Added

    srcmac

    Field Added

    srcname

    Field Added

    transid

    Field Added

    ICAP logs:

    Field

    Change

    srcmac

    Field Added

    srcname

    Field Added

    transid

    Field Added

    IPS logs:

    Field

    Change

    messageid

    Field Added

    srcmac

    Field Added

    srcname

    Field Added

    transid

    Field Added

    SSL logs:

    Field

    Change

    srcmac

    Field Added

    srcname

    Field Added

    transid

    Field Added

    Traffic logs:

    Field

    Change

    emstag

    Field Added

    emstag2

    Field Added

    hostname

    Field Added

    httpmethod

    Field Added

    referralurl

    Field Added

    reqlength

    Field Added

    reqtime

    Field Added

    respfinishtime

    Field Added

    resplength

    Field Added

    resptime

    Field Added

    resptype

    Field Added

    scheme

    Field Added

    statuscode

    Field Added

    transid

    Field Added

    Virus logs:

    Field

    Change

    itype

    Field Added

    messageid

    Field Added

    srcmac

    Field Added

    srcname

    Field Added

    transid

    Field Added

    WAF logs:

    Field

    Change

    transid

    Field Added

    Webfilter logs:

    Field

    Change

    srcmac

    Field Added

    srcname

    Field Added

    Log ID changes

    The following log IDs are changed:

    Event logs:

    Log ID

    Message

    Change

    22905

    LOG_ID_LOGDEV_STATUS_CHANGE

    Log ID Added

    22970

    LOG_ID_EVENT_MAC_FLAPPING

    Log ID Added

    32701

    LOG_ID_FGT_INTF_IP_CONFLICT

    Log ID Added

    35100

    LOG_ID_PACKET_SNIFFER_START

    Log ID Added

    35101

    LOG_ID_PACKET_SNIFFER_STOP

    Log ID Added

    37914

    MESGID_HBDEV_BACKUP

    Log ID Added

    40708

    LOG_ID_EVENT_SYS_FTGD_RESOURCE_FAIL

    Log ID Added

    43052

    LOG_ID_EVENT_AUTH_BACKUP_SUCCESS

    Log ID Added

    43053

    LOG_ID_EVENT_AUTH_BACKUP_FAILED

    Log ID Added

    43054

    LOG_ID_EVENT_AUTH_RESTORE_SUCCESS

    Log ID Added

    43055

    LOG_ID_EVENT_AUTH_RESTORE_FAILED

    Log ID Added

    44557

    LOGID_EVENT_CONFIG_REQUEST_DENIED

    Log ID Added

    44558

    LOGID_EVENT_NEWCLI_SPAWN_ATTEMPT

    Log ID Added

    53050

    LOG_ID_FTC_AUTH_FAILED

    Log ID Added

    53402

    LOG_ID_FGFM_RECOVERY

    Log ID Added

    Traffic logs:

    Log ID

    Message

    Change

    26

    LOG_ID_TRAFFIC_HTTP_TRANSACTION

    Log ID Added

    Webfilter logs:

    Log ID

    Message

    Change

    13318

    LOG_ID_WEB_DOMAIN_FRONTING

    Log ID Added

    Previous
    Next