Fortinet white logo
Fortinet white logo

FortiOS Log Message Reference

21 - LOG_ID_TRAFFIC_SNIFFER_STAT

21 - LOG_ID_TRAFFIC_SNIFFER_STAT

Message ID: 21

Message Description: LOG_ID_TRAFFIC_SNIFFER_STAT

Message Meaning: Sniffer traffic statistics

Type: Traffic

Category: sniffer

Severity: Notice

Log Field Name

Description

Data Type

Length

wanout

WAN outgoing traffic in bytes

uint64

20

wanoptapptype

WAN Optimization Application type

string

9

wanin

WAN incoming traffic in bytes

uint64

20

vwpvlanid

Virtual Wire Pair vlan id

uint32

10

vwlservice

Application that is matched by the traffic (internet-service-app-ctrl)

string

64

vwlquality

Quality info of the service rule that is matched by traffic

string

320

vwlname

string

36

vwlid

Virtual Wan Link (SD-WAN) service id

uint32

10

vrf

Virtual router forwarding

uint16

3

vpntype

The type of the VPN tunnel

string

14

vip

string

64

vd

Virtual domain name

string

32

utmaction

Security action performed by UTM

string

32

user

User name

string

256

url

URL

string

512

unauthusersource

The method used to detect unauthenticated user name

string

66

unauthuser

Unauthenticated user name

string

66

tz

Time zone

string

5

type

Log type

string

16

tunnelid

uint32

10

transport

NAT Source Protocol Port

uint16

5

transip

NAT Source IP

ip

39

tranport

NAT Destination Port

uint16

5

tranip

NAT Destination IP

ip

39

trandisp

NAT translation type

string

16

time

Time

string

8

tcpsynrtrs

uint32

10

tcpsynackrtrs

uint32

10

tcpsrt

uint32

10

tcprst

string

6

tcprplrtrs

uint32

10

tcporgrtrs

uint32

10

tcpnrt

uint32

10

subtype

Subtype of the traffic

string

20

sslaction

Action taken by ssl-ssh-profile

string

26

srcuuid

UUID of the Source Address Object

string

37

srcthreatfeed

string

36

srcswversion

string

66

srcssid

Source SSID

string

33

srcserver

Source server

uint8

3

srcreputation

uint32

10

srcremote

ip

39

srcregion

string

64

srcport

Source protocol port number

uint16

5

srcname

Source name

string

256

srcmacvendor

string

66

srcmac

MAC address associated with the Source IP

string

17

srcip

Source IP address

ip

39

srcintfrole

Source Interface's assigned role (LAN, WAN, etc.)

string

10

srcintf

Source interface name

string

32

srcinetsvc

Internet service name for the source

string

64

srchwversion

string

66

srchwvendor

string

66

srcfamily

string

66

srcdomain

string

255

srccountry

Country name for Source IP

string

64

srccity

string

64

snr

int8

4

signal

int8

4

shapingpolicyname

string

36

shapingpolicyid

Shaping Policy ID

uint32

10

shapersentname

Traffic shaper name for sent traffic

string

36

shaperrcvdname

Traffic shaper name for received traffic

string

36

shaperperipname

Traffic shaper name (per IP)

string

36

shaperperipdropbyte

Dropped bytes per IP by shaper

uint32

10

shaperdropsentbyte

Sent bytes dropped by shaper

uint32

10

shaperdroprcvdbyte

Received bytes dropped by shaper

uint32

10

sessionid

Session ID

uint32

10

service

Name of Service

string

80

sentpktdelta

uint32

20

sentpkt

Sent Packets

uint32

10

sentdelta

Delta Sent Bytes

uint64

20

sentbyte

Sent Bytes

uint64

20

saasname

string

80

replysrcintf

string

32

replydstintf

string

32

realserverid

uint32

10

rcvdpktdelta

uint32

20

rcvdpkt

Received Packets

uint32

10

rcvddelta

Delta Received Bytes

uint64

20

rcvdbyte

Received Bytes

uint64

20

radioband

Radio Band

string

64

psrcport

uint16

5

proxyapptype

string

16

proto

Protocol Number

uint8

3

poluuid

UUID of the Firewall Policy

string

37

policytype

Policy type

string

24

policyname

Policy name

string

36

policymode

string

8

policyid

Firewall Policy ID

uint32

10

pdstport

uint16

5

osname

Name of the device's OS

string

66

msg

Log message

string

512

mastersrcmac

The master MAC address for a host that has multiple network interfaces

string

17

masterdstmac

Destination master MAC address

string

17

logid

Log ID

string

10

level

Log Level

string

11

lanout

LAN outgoing traffic in bytes

uint64

20

lanin

LAN incoming traffic in bytes

uint64

20

identifier

uint16

5

group

User group name

string

512

gatewayid

uint32

10

fwdsrv

string

64

fctuid

FortiClient UID

string

32

eventtime

Epoch time in nanoseconds

uint64

20

emstag2

string

80

emstag

string

80

emsconnection

string

8

durationdelta

uint32

20

duration

Duration of the session

uint32

10

dstuuid

UUID of the Destination Address Object

string

37

dstuser

string

256

dstunauthusersource

string

66

dstunauthuser

string

66

dstthreatfeed

string

36

dstswversion

string

66

dstssid

Destination SSID

string

33

dstserver

Destination Server

uint8

3

dstreputation

uint32

10

dstregion

string

64

dstport

Destination Protocol Port Number

uint16

5

dstosname

Destination OS name

string

66

dstname

Destination name

string

256

dstmac

Destination Mac Address

string

17

dstip

Destination IP Address

ip

39

dstintfrole

Destination Interface's assigned role (LAN, WAN, etc.)

string

10

dstintf

Destination Interface

string

32

dstinetsvc

Internet service name for the destination

string

64

dsthwversion

string

66

dsthwvendor

string

66

dstfamily

string

66

dstdevtype

Destination Device Type

string

66

dstcountry

Country name for the destination IP

string

64

dstcity

string

64

dstauthserver

string

64

devtype

Device Type

string

66

devid

Device Serial Number

string

16

date

Date

string

10

crscore

Threat Weight score

uint32

10

crlevel

Threat Weight level

string

10

craction

Action performed by Threat Weight

uint32

10

comment

Customized policy comment

string

1024

clientdevicetags

string

512

clientdeviceowner

string

80

clientdevicemanageable

string

16

clientdeviceid

string

80

clientdeviceems

string

16

clientcert

string

10

channel

WiFi Channel

uint32

10

centralnatid

central-snat-map id

uint32

10

authserver

Remote Authentication server

string

64

apsn

Access Point serial number

string

36

apprisk

Application Risk Level

string

16

applist

Application Control profile (name)

string

64

appid

Application ID

uint32

10

appcat

Application category

string

64

appact

The security action from app control

string

16

app

Application Name

string

96

ap

Access Point name

string

36

agent

User agent - eg. agent="Mozilla/5.0"

string

1024

action

The status of the session: deny - Session was denied accept - Allowed Forward session start - Session starts (log message was created when the session was created) dns - DNS query return error ip-conn - Failed connection attempts close - Local-traffic session allowed timeout - Allowed session was timeout client-rst - Session reset by client server-rst - Session reset by server

string

16

accessproxy

string

80

accessctrl

string

80

21 - LOG_ID_TRAFFIC_SNIFFER_STAT

21 - LOG_ID_TRAFFIC_SNIFFER_STAT

Message ID: 21

Message Description: LOG_ID_TRAFFIC_SNIFFER_STAT

Message Meaning: Sniffer traffic statistics

Type: Traffic

Category: sniffer

Severity: Notice

Log Field Name

Description

Data Type

Length

wanout

WAN outgoing traffic in bytes

uint64

20

wanoptapptype

WAN Optimization Application type

string

9

wanin

WAN incoming traffic in bytes

uint64

20

vwpvlanid

Virtual Wire Pair vlan id

uint32

10

vwlservice

Application that is matched by the traffic (internet-service-app-ctrl)

string

64

vwlquality

Quality info of the service rule that is matched by traffic

string

320

vwlname

string

36

vwlid

Virtual Wan Link (SD-WAN) service id

uint32

10

vrf

Virtual router forwarding

uint16

3

vpntype

The type of the VPN tunnel

string

14

vip

string

64

vd

Virtual domain name

string

32

utmaction

Security action performed by UTM

string

32

user

User name

string

256

url

URL

string

512

unauthusersource

The method used to detect unauthenticated user name

string

66

unauthuser

Unauthenticated user name

string

66

tz

Time zone

string

5

type

Log type

string

16

tunnelid

uint32

10

transport

NAT Source Protocol Port

uint16

5

transip

NAT Source IP

ip

39

tranport

NAT Destination Port

uint16

5

tranip

NAT Destination IP

ip

39

trandisp

NAT translation type

string

16

time

Time

string

8

tcpsynrtrs

uint32

10

tcpsynackrtrs

uint32

10

tcpsrt

uint32

10

tcprst

string

6

tcprplrtrs

uint32

10

tcporgrtrs

uint32

10

tcpnrt

uint32

10

subtype

Subtype of the traffic

string

20

sslaction

Action taken by ssl-ssh-profile

string

26

srcuuid

UUID of the Source Address Object

string

37

srcthreatfeed

string

36

srcswversion

string

66

srcssid

Source SSID

string

33

srcserver

Source server

uint8

3

srcreputation

uint32

10

srcremote

ip

39

srcregion

string

64

srcport

Source protocol port number

uint16

5

srcname

Source name

string

256

srcmacvendor

string

66

srcmac

MAC address associated with the Source IP

string

17

srcip

Source IP address

ip

39

srcintfrole

Source Interface's assigned role (LAN, WAN, etc.)

string

10

srcintf

Source interface name

string

32

srcinetsvc

Internet service name for the source

string

64

srchwversion

string

66

srchwvendor

string

66

srcfamily

string

66

srcdomain

string

255

srccountry

Country name for Source IP

string

64

srccity

string

64

snr

int8

4

signal

int8

4

shapingpolicyname

string

36

shapingpolicyid

Shaping Policy ID

uint32

10

shapersentname

Traffic shaper name for sent traffic

string

36

shaperrcvdname

Traffic shaper name for received traffic

string

36

shaperperipname

Traffic shaper name (per IP)

string

36

shaperperipdropbyte

Dropped bytes per IP by shaper

uint32

10

shaperdropsentbyte

Sent bytes dropped by shaper

uint32

10

shaperdroprcvdbyte

Received bytes dropped by shaper

uint32

10

sessionid

Session ID

uint32

10

service

Name of Service

string

80

sentpktdelta

uint32

20

sentpkt

Sent Packets

uint32

10

sentdelta

Delta Sent Bytes

uint64

20

sentbyte

Sent Bytes

uint64

20

saasname

string

80

replysrcintf

string

32

replydstintf

string

32

realserverid

uint32

10

rcvdpktdelta

uint32

20

rcvdpkt

Received Packets

uint32

10

rcvddelta

Delta Received Bytes

uint64

20

rcvdbyte

Received Bytes

uint64

20

radioband

Radio Band

string

64

psrcport

uint16

5

proxyapptype

string

16

proto

Protocol Number

uint8

3

poluuid

UUID of the Firewall Policy

string

37

policytype

Policy type

string

24

policyname

Policy name

string

36

policymode

string

8

policyid

Firewall Policy ID

uint32

10

pdstport

uint16

5

osname

Name of the device's OS

string

66

msg

Log message

string

512

mastersrcmac

The master MAC address for a host that has multiple network interfaces

string

17

masterdstmac

Destination master MAC address

string

17

logid

Log ID

string

10

level

Log Level

string

11

lanout

LAN outgoing traffic in bytes

uint64

20

lanin

LAN incoming traffic in bytes

uint64

20

identifier

uint16

5

group

User group name

string

512

gatewayid

uint32

10

fwdsrv

string

64

fctuid

FortiClient UID

string

32

eventtime

Epoch time in nanoseconds

uint64

20

emstag2

string

80

emstag

string

80

emsconnection

string

8

durationdelta

uint32

20

duration

Duration of the session

uint32

10

dstuuid

UUID of the Destination Address Object

string

37

dstuser

string

256

dstunauthusersource

string

66

dstunauthuser

string

66

dstthreatfeed

string

36

dstswversion

string

66

dstssid

Destination SSID

string

33

dstserver

Destination Server

uint8

3

dstreputation

uint32

10

dstregion

string

64

dstport

Destination Protocol Port Number

uint16

5

dstosname

Destination OS name

string

66

dstname

Destination name

string

256

dstmac

Destination Mac Address

string

17

dstip

Destination IP Address

ip

39

dstintfrole

Destination Interface's assigned role (LAN, WAN, etc.)

string

10

dstintf

Destination Interface

string

32

dstinetsvc

Internet service name for the destination

string

64

dsthwversion

string

66

dsthwvendor

string

66

dstfamily

string

66

dstdevtype

Destination Device Type

string

66

dstcountry

Country name for the destination IP

string

64

dstcity

string

64

dstauthserver

string

64

devtype

Device Type

string

66

devid

Device Serial Number

string

16

date

Date

string

10

crscore

Threat Weight score

uint32

10

crlevel

Threat Weight level

string

10

craction

Action performed by Threat Weight

uint32

10

comment

Customized policy comment

string

1024

clientdevicetags

string

512

clientdeviceowner

string

80

clientdevicemanageable

string

16

clientdeviceid

string

80

clientdeviceems

string

16

clientcert

string

10

channel

WiFi Channel

uint32

10

centralnatid

central-snat-map id

uint32

10

authserver

Remote Authentication server

string

64

apsn

Access Point serial number

string

36

apprisk

Application Risk Level

string

16

applist

Application Control profile (name)

string

64

appid

Application ID

uint32

10

appcat

Application category

string

64

appact

The security action from app control

string

16

app

Application Name

string

96

ap

Access Point name

string

36

agent

User agent - eg. agent="Mozilla/5.0"

string

1024

action

The status of the session: deny - Session was denied accept - Allowed Forward session start - Session starts (log message was created when the session was created) dns - DNS query return error ip-conn - Failed connection attempts close - Local-traffic session allowed timeout - Allowed session was timeout client-rst - Session reset by client server-rst - Session reset by server

string

16

accessproxy

string

80

accessctrl

string

80