Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY 7.6.6
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    FortiOS Log Message Reference

    Home FortiGate / FortiOS 7.6.6 FortiOS Log Message Reference
    7.6.6
    7.6.6
    7.6.5
    7.6.4
    7.6.3
    7.6.2
    7.6.1
    7.6.0
    7.4.11
    7.4.10
    7.4.9
    7.4.8
    7.4.7
    7.4.6
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.13
    7.2.12
    7.2.11
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.19
    7.0.18
    7.0.17
    7.0.16
    7.0.15
    7.0.14
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.0
    6.2.0
    6.0.18
    6.0.17
    6.0.16
    6.0.15
    6.0.14
    6.0.13
    6.0.12
    6.0.11
    6.0.10
    6.0.9
    6.0.8
    6.0.7
    6.0.6
    6.0.5
    6.0.4
    6.0.3
    6.0.2
    6.0.1
    6.0.0
    5.6.14
    5.6.13
    5.6.12
    5.6.11
    5.6.10
    5.6.9
    5.6.8
    5.6.7
    5.6.6
    5.6.5
    5.6.4
    5.6.3
    5.6.2
    5.6.1
    5.6.0
    5.4.13
    5.4.12
    5.4.11
    5.4.9
    5.4.8
    5.4.7
    5.4.6
    5.4.5
    5.4.4
    5.4.3
    5.4.2
    5.4.1
    5.4.0
    5.2.15
    5.2.14
    5.2.13
    5.2.12
    5.2.11
    5.2.10
    5.2.8
    5.2.7
    5.2.6
    5.2.5
    5.2.4
    5.2.3
    5.2.2
    5.2.1

    28738 - LOGID_APP_CTRL_DETECT_L2

    28738 - LOGID_APP_CTRL_DETECT_L2

    Message ID: 28738

    Message Description: LOGID_APP_CTRL_DETECT_L2

    Message Meaning: Ethernet protocols detection

    Type: APP-CTRL

    Category: signature

    Severity: Warning

    Log Field Name

    Description

    Data Type

    Length

    srcmac

    string

    17

    ethertype

    uint16

    10

    dstmac

    string

    17

    usecase

    string

    64

    trueclntip

    True-Client-IP

    ip

    39

    srczone

    string

    32

    scertissuer

    server certificate issuer

    string

    64

    scertcname

    server certificate name

    string

    64

    rawdataid

    string

    10

    rawdata

    Extended logging data including HTTP method, URL, client content type, server content type, user agent, referer, x-forwarded-for

    string

    20480

    prompt

    string

    512

    poluuid

    string

    37

    policytype

    string

    24

    policymode

    string

    8

    parameters

    string

    512

    msg

    Log message

    string

    512

    model

    string

    64

    forwardedfor

    Forwarded For

    string

    128

    filename

    File name

    string

    256

    dstzone

    string

    32

    dcgeo

    string

    64

    crscore

    Client Reputation Score

    uint32

    10

    crlevel

    Client Reputation Level

    string

    10

    craction

    Client Reputation Action

    uint32

    10

    clouduser

    User login ID detected by the Deep Application Control feature

    string

    256

    cloudgenai

    string

    1024

    clouddevice

    string

    256

    ccertissuer

    string

    64

    apprisk

    Application risk level

    string

    16

    appid

    Application ID

    uint32

    10

    aiuser

    string

    64

    vrf

    Virtual Routing Forwarding

    uint16

    3

    vd

    Virtual domain name

    string

    32

    tz

    string

    5

    type

    Log type

    string

    16

    time

    Time

    string

    8

    subtype

    Log subtype

    string

    20

    srcintfrole

    Source Interface's assigned role (LAN, WAN, etc.)

    string

    10

    srcintf

    Source Interface

    string

    64

    profiletype

    Profile Type

    string

    36

    profilegroup

    string

    48

    profile

    string

    36

    policyid

    Policy ID

    uint32

    10

    logid

    Log ID

    string

    10

    level

    Log level

    string

    11

    eventtype

    App Control Event Type

    string

    32

    eventtime

    Event Time

    uint64

    20

    dstintfrole

    Destination Interface's assigned role (LAN, WAN, etc.)

    string

    10

    dstintf

    Destination Interface

    string

    64

    devid

    Deivce ID

    string

    16

    date

    Date

    string

    10

    appcat

    Application category name

    string

    64

    app

    Application name

    string

    96

    action

    The status of the session: pass - Application is allowed block - Application is blocked (silent) reject - Quarantine reset - Application is blocked and Reset was sent Sometimes, there is a block page for blocking

    string

    16
    Previous
    Next

    28738 - LOGID_APP_CTRL_DETECT_L2

    28738 - LOGID_APP_CTRL_DETECT_L2

    Message ID: 28738

    Message Description: LOGID_APP_CTRL_DETECT_L2

    Message Meaning: Ethernet protocols detection

    Type: APP-CTRL

    Category: signature

    Severity: Warning

    Log Field Name

    Description

    Data Type

    Length

    srcmac

    string

    17

    ethertype

    uint16

    10

    dstmac

    string

    17

    usecase

    string

    64

    trueclntip

    True-Client-IP

    ip

    39

    srczone

    string

    32

    scertissuer

    server certificate issuer

    string

    64

    scertcname

    server certificate name

    string

    64

    rawdataid

    string

    10

    rawdata

    Extended logging data including HTTP method, URL, client content type, server content type, user agent, referer, x-forwarded-for

    string

    20480

    prompt

    string

    512

    poluuid

    string

    37

    policytype

    string

    24

    policymode

    string

    8

    parameters

    string

    512

    msg

    Log message

    string

    512

    model

    string

    64

    forwardedfor

    Forwarded For

    string

    128

    filename

    File name

    string

    256

    dstzone

    string

    32

    dcgeo

    string

    64

    crscore

    Client Reputation Score

    uint32

    10

    crlevel

    Client Reputation Level

    string

    10

    craction

    Client Reputation Action

    uint32

    10

    clouduser

    User login ID detected by the Deep Application Control feature

    string

    256

    cloudgenai

    string

    1024

    clouddevice

    string

    256

    ccertissuer

    string

    64

    apprisk

    Application risk level

    string

    16

    appid

    Application ID

    uint32

    10

    aiuser

    string

    64

    vrf

    Virtual Routing Forwarding

    uint16

    3

    vd

    Virtual domain name

    string

    32

    tz

    string

    5

    type

    Log type

    string

    16

    time

    Time

    string

    8

    subtype

    Log subtype

    string

    20

    srcintfrole

    Source Interface's assigned role (LAN, WAN, etc.)

    string

    10

    srcintf

    Source Interface

    string

    64

    profiletype

    Profile Type

    string

    36

    profilegroup

    string

    48

    profile

    string

    36

    policyid

    Policy ID

    uint32

    10

    logid

    Log ID

    string

    10

    level

    Log level

    string

    11

    eventtype

    App Control Event Type

    string

    32

    eventtime

    Event Time

    uint64

    20

    dstintfrole

    Destination Interface's assigned role (LAN, WAN, etc.)

    string

    10

    dstintf

    Destination Interface

    string

    64

    devid

    Deivce ID

    string

    16

    date

    Date

    string

    10

    appcat

    Application category name

    string

    64

    app

    Application name

    string

    96

    action

    The status of the session: pass - Application is allowed block - Application is blocked (silent) reject - Quarantine reset - Application is blocked and Reset was sent Sometimes, there is a block page for blocking

    string

    16
    Previous
    Next