30250 - LOGID_WAF_SIGNATURE_ERASE
Message ID: 30250
Message Description: LOGID_WAF_SIGNATURE_ERASE
Message Meaning: Web application firewall erased application by signature
Type: WAF
Category: waf-signature
Severity: Warning
Log Field Name |
Description |
Data Type |
Length |
---|---|---|---|
vd |
Virtual Domain Name |
string |
32 |
user |
User Name |
string |
256 |
url |
URL |
string |
512 |
unauthusersource |
Unauthenticated user source |
string |
66 |
unauthuser |
Unauthenticated user |
string |
66 |
tz |
Time zone |
string |
5 |
type |
Log Type |
string |
16 |
transid |
|
uint32 |
10 |
time |
Time |
string |
8 |
subtype |
Log Subtype |
string |
20 |
srcuuid |
|
string |
37 |
srcport |
Source Port |
uint16 |
5 |
srcip |
Source IP Address |
ip |
39 |
srcintfrole |
Source Interface's assigned role (LAN, WAN, etc.) |
string |
10 |
srcintf |
Source Interface |
string |
32 |
srcdomain |
|
string |
255 |
srccountry |
|
string |
64 |
severity |
Severity |
string |
6 |
sessionid |
Session ID |
uint32 |
10 |
service |
Service name |
string |
5 |
referralurl |
|
string |
512 |
rawdata |
Raw Data |
string |
20480 |
ratemethod |
|
string |
4096 |
proto |
Protocol |
uint8 |
3 |
profile |
Full profile name |
string |
64 |
poluuid |
|
string |
37 |
policytype |
|
string |
24 |
policyid |
Policy ID |
uint32 |
10 |
name |
Method or custom signature name |
string |
64 |
msg |
Log Message |
string |
4096 |
logid |
Log ID |
string |
10 |
level |
Log Level |
string |
11 |
httpmethod |
|
string |
20 |
group |
User Group Name |
string |
512 |
fctuid |
FortiClient UID |
string |
32 |
eventtype |
Event Type |
string |
32 |
eventtime |
Event Time, Time when WAF event detected |
uint64 |
20 |
eventid |
Event ID |
uint32 |
10 |
dstuuid |
|
string |
37 |
dstuser |
|
string |
256 |
dstport |
Destination Port |
uint16 |
5 |
dstip |
Destination IP Address |
ip |
39 |
dstintfrole |
Destination Interface's assigned role (LAN, WAN, etc.) |
string |
10 |
dstintf |
Destination Interface |
string |
32 |
dstcountry |
|
string |
64 |
dstauthserver |
|
string |
64 |
direction |
Direction |
string |
4096 |
devid |
Device ID |
string |
16 |
date |
Date |
string |
10 |
constraint |
WAF HTTP protocol restrictions |
string |
4096 |
authserver |
Authentication Server |
string |
64 |
agent |
Agent |
string |
1024 |
action |
Status of the session. Uses following definition: - Deny = blocked by firewall policy. - Start = session start log (special option to enable logging at start of a session). This means firewall allowed. - All Others = allowed by Firewall Policy and the status indicates how it was closed. |
string |
17 |