Message ID: 24577
Message Description: LOG_ID_DLP_NOTIF
Message Meaning: Data loss detected by specified DLP sensor rule
Type: DLP
Category: dlp
Severity: Notice
|
Log Field Name |
Description |
Data Type |
Length |
|---|---|---|---|
|
vrf |
Virtual Routing Forwarding |
uint16 |
3 |
|
vd |
Virtual domain name |
string |
32 |
|
user |
User name |
string |
256 |
|
url |
The URL address |
string |
512 |
|
unauthusersource |
Unauthenticated user source |
string |
66 |
|
unauthuser |
Unauthenticated user |
string |
66 |
|
tz |
|
string |
5 |
|
type |
Log type |
string |
16 |
|
trueclntip |
True client's IP |
ip |
39 |
|
transid |
|
uint32 |
10 |
|
to |
Email address(es) from the Email Headers (IMAP/POP3/SMTP) |
string |
512 |
|
time |
Time |
string |
8 |
|
subtype |
Log subtype |
string |
20 |
|
subservice |
|
string |
16 |
|
subject |
The subject title of the email message |
string |
256 |
|
srcuuid |
|
string |
37 |
|
srcport |
Source Port |
uint16 |
5 |
|
srcname |
|
string |
64 |
|
srcmac |
|
string |
17 |
|
srcip |
Source IP |
ip |
39 |
|
srcintfrole |
Source Interface's assigned role (LAN, WAN, etc.) |
string |
10 |
|
srcintf |
Source Interface |
string |
32 |
|
srcdomain |
|
string |
255 |
|
srccountry |
|
string |
64 |
|
severity |
Severity level of a DLP rule |
string |
8 |
|
sessionid |
Session ID |
uint32 |
10 |
|
service |
Service name |
string |
36 |
|
sender |
Email address from the SMTP envelope |
string |
128 |
|
rulename |
|
string |
128 |
|
ruleid |
|
uint32 |
10 |
|
referralurl |
|
string |
512 |
|
recipient |
Email addresses from the SMTP envelope |
string |
512 |
|
rawdata |
Raw Data |
string |
20480 |
|
psrcport |
|
uint16 |
5 |
|
proto |
Protocol number |
uint8 |
3 |
|
profile |
DLP profile name |
string |
64 |
|
poluuid |
|
string |
37 |
|
policytype |
|
string |
24 |
|
policymode |
|
string |
8 |
|
policyid |
Policy ID |
uint32 |
10 |
|
pdstport |
|
uint16 |
5 |
|
messageid |
|
string |
256 |
|
logid |
Log ID |
string |
10 |
|
level |
Log Level |
string |
11 |
|
infectedfiletype |
Infected File Type |
string |
23 |
|
infectedfilesize |
Infected File Size |
uint64 |
10 |
|
infectedfilename |
Infected File Name |
string |
256 |
|
infectedfilelevel |
Infected File Level (Critical,Warning etc) |
uint32 |
10 |
|
httpmethod |
|
string |
20 |
|
hostname |
The host name of a URL |
string |
256 |
|
group |
User group name |
string |
512 |
|
from |
Email address from the Email Headers (IMAP/POP3/SMTP) |
string |
128 |
|
forwardedfor |
Forwarded For |
string |
128 |
|
filtertype |
DLP filter type |
string |
23 |
|
filtercat |
DLP filter category |
string |
8 |
|
filetype |
File type |
string |
23 |
|
filesize |
File size in bytes |
uint64 |
10 |
|
filename |
File name |
string |
256 |
|
fctuid |
FortiClient User ID |
string |
32 |
|
eventtype |
DLP event type |
string |
32 |
|
eventtime |
Event Time, time when DLP event detected. |
uint64 |
20 |
|
eventid |
The serial number of the dlparchive file in the same epoch |
uint32 |
10 |
|
epoch |
Epoch used for locating file |
uint32 |
10 |
|
dstuuid |
|
string |
37 |
|
dstuser |
|
string |
256 |
|
dstport |
Destination Port |
uint16 |
5 |
|
dstip |
Destination IP |
ip |
39 |
|
dstintfrole |
Destination Interface's assigned role (LAN, WAN, etc.) |
string |
10 |
|
dstintf |
Destination Interface |
string |
32 |
|
dstcountry |
|
string |
64 |
|
dstauthserver |
|
string |
64 |
|
dlpextra |
DLP extra information |
string |
256 |
|
direction |
Direction of packets |
string |
8 |
|
devid |
Device ID |
string |
16 |
|
date |
Date |
string |
10 |
|
cc |
|
string |
512 |
|
authserver |
Authentication Server |
string |
64 |
|
attachment |
|
string |
3 |
|
agent |
User agent - eg. agent="Mozilla/5.0" |
string |
1024 |
|
action |
The status of the session: log-only - DLP event is detected , but NOT blocked (similar to monitor action) block - Blocked exempt - Allowed ban - blocked (Not in used since FortiOS 5.0, replaced by blocked) ban-sender - blocks all data being sent by an ip or user (Not in used since FortiOS 5.0, replaced by quarantine) quarantine-ip - Blocked and band the source ip (Not in used since FortiOS 5.0) quarantine-interface - Blocked and band the source interface (Not in used since FortiOS 5.0) |
string |
20 |