Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • FortiOS Log Message Reference

    Home FortiGate / FortiOS 7.6.1 FortiOS Log Message Reference
    7.6.1
    7.6.1
    7.6.0
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.16
    7.0.15
    7.0.14
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.15
    6.4.14
    6.4.13
    6.4.12
    6.4.11
    6.4.10
    6.4.9
    6.4.8
    6.4.7
    6.4.6
    6.4.5
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.2.16
    6.2.15
    6.2.14
    6.2.13
    6.2.12
    6.2.11
    6.2.10
    6.2.9
    6.2.8
    6.2.7
    6.2.6
    6.2.5
    6.2.4
    6.2.3
    6.2.2
    6.2.1
    6.2.0
    6.0.18
    6.0.17
    6.0.16
    6.0.15
    6.0.14
    6.0.13
    6.0.12
    6.0.11
    6.0.10
    6.0.9
    6.0.8
    6.0.7
    6.0.6
    6.0.5
    6.0.4
    6.0.3
    6.0.2
    6.0.1
    6.0.0
    5.6.14
    5.6.13
    5.6.12
    5.6.11
    5.6.10
    5.6.9
    5.6.8
    5.6.7
    5.6.6
    5.6.5
    5.6.4
    5.6.3
    5.6.2
    5.6.1
    5.6.0
    5.4.13
    5.4.12
    5.4.11
    5.4.9
    5.4.8
    5.4.7
    5.4.6
    5.4.5
    5.4.4
    5.4.3
    5.4.2
    5.4.1
    5.4.0
    5.2.15
    5.2.14
    5.2.13
    5.2.12
    5.2.11
    5.2.10
    5.2.8
    5.2.7
    5.2.6
    5.2.5
    5.2.4
    5.2.3
    5.2.2
    5.2.1

    18433 - LOGID_ATTCK_ANOMALY_ICMP

    18433 - LOGID_ATTCK_ANOMALY_ICMP

    Message ID: 18433

    Message Description: LOGID_ATTCK_ANOMALY_ICMP

    Message Meaning: Attack detected by ICMP anomaly

    Type: Anomaly

    Category: anomaly

    Severity: Alert

    Log Field Name

    Description

    Data Type

    Length

    icmptype

    ICMP Type

    string

    6

    icmpid

    ICMP ID

    string

    8

    icmpcode

    ICMP code

    string

    6

    vrf

    Virtual router forwarding

    uint16

    3

    vd

    Virtual Domain Name

    string

    32

    user

    User

    string

    256

    unauthusersource

    Unauthenticated user source

    string

    66

    unauthuser

    Unauthenticated user

    string

    66

    tz

    Time zone

    string

    5

    type

    Log Type

    string

    16

    time

    Time

    string

    8

    subtype

    Log Subtype

    string

    20

    srcip

    Source IP

    ip

    39

    srcintfrole

    Source Interface's assigned role (LAN, WAN, etc.)

    string

    10

    srcintf

    Source Interface

    string

    64

    srcdomain

    string

    255

    srccountry

    Country name for Source IP

    string

    64

    severity

    Severity

    string

    8

    sessionid

    Session ID

    uint32

    10

    service

    Name of Service

    string

    80

    ref

    Reference

    string

    4096

    proto

    Protocol

    uint8

    3

    policytype

    Policy type

    string

    24

    policyid

    Policy ID

    uint32

    10

    msg

    Log Message

    string

    518

    logid

    Log ID

    string

    10

    level

    Log Level

    string

    11

    group

    User Group Name

    string

    512

    fctuid

    FortiClient UID

    string

    32

    eventtype

    Event Type

    string

    32

    eventtime

    Time when detection occured

    uint64

    20

    dstip

    Destination IP

    ip

    39

    dstintfrole

    Destination Interface's assigned role (LAN, WAN, etc.)

    string

    10

    dstintf

    Destination Interface

    string

    64

    dstcountry

    string

    64

    devid

    Deivce ID

    string

    16

    date

    Date

    string

    10

    crscore

    Client Reputation Score

    uint32

    10

    crlevel

    Client Reputation Level

    string

    10

    craction

    Client Reputation Action

    uint32

    10

    count

    Count

    uint32

    10

    attackid

    Attack ID

    uint32

    10

    attack

    Attack

    string

    256

    action

    Action

    string

    16
    Previous
    Next

    18433 - LOGID_ATTCK_ANOMALY_ICMP

    18433 - LOGID_ATTCK_ANOMALY_ICMP

    Message ID: 18433

    Message Description: LOGID_ATTCK_ANOMALY_ICMP

    Message Meaning: Attack detected by ICMP anomaly

    Type: Anomaly

    Category: anomaly

    Severity: Alert

    Log Field Name

    Description

    Data Type

    Length

    icmptype

    ICMP Type

    string

    6

    icmpid

    ICMP ID

    string

    8

    icmpcode

    ICMP code

    string

    6

    vrf

    Virtual router forwarding

    uint16

    3

    vd

    Virtual Domain Name

    string

    32

    user

    User

    string

    256

    unauthusersource

    Unauthenticated user source

    string

    66

    unauthuser

    Unauthenticated user

    string

    66

    tz

    Time zone

    string

    5

    type

    Log Type

    string

    16

    time

    Time

    string

    8

    subtype

    Log Subtype

    string

    20

    srcip

    Source IP

    ip

    39

    srcintfrole

    Source Interface's assigned role (LAN, WAN, etc.)

    string

    10

    srcintf

    Source Interface

    string

    64

    srcdomain

    string

    255

    srccountry

    Country name for Source IP

    string

    64

    severity

    Severity

    string

    8

    sessionid

    Session ID

    uint32

    10

    service

    Name of Service

    string

    80

    ref

    Reference

    string

    4096

    proto

    Protocol

    uint8

    3

    policytype

    Policy type

    string

    24

    policyid

    Policy ID

    uint32

    10

    msg

    Log Message

    string

    518

    logid

    Log ID

    string

    10

    level

    Log Level

    string

    11

    group

    User Group Name

    string

    512

    fctuid

    FortiClient UID

    string

    32

    eventtype

    Event Type

    string

    32

    eventtime

    Time when detection occured

    uint64

    20

    dstip

    Destination IP

    ip

    39

    dstintfrole

    Destination Interface's assigned role (LAN, WAN, etc.)

    string

    10

    dstintf

    Destination Interface

    string

    64

    dstcountry

    string

    64

    devid

    Deivce ID

    string

    16

    date

    Date

    string

    10

    crscore

    Client Reputation Score

    uint32

    10

    crlevel

    Client Reputation Level

    string

    10

    craction

    Client Reputation Action

    uint32

    10

    count

    Count

    uint32

    10

    attackid

    Attack ID

    uint32

    10

    attack

    Attack

    string

    256

    action

    Action

    string

    16
    Previous
    Next