Fortinet black logo

Log Reference

Home FortiMail 7.0.0 Log Reference
7.0.0
7.4.0
7.2.0
7.0.0
6.4.0
6.2.0
6.0.4
5.4.7

History/Statistics logs

History/Statistics logs

This chapter contains information regarding history, or statistics log messages. History log messages record all mail traffic going through the FortiMail unit.

History logs are used to quickly determine the disposition of a message. History logs describe what action was taken by the FortiMail unit. Administrators use the history logs to quickly determine the status of a message for a specific recipient, then either right-click that log message and select Cross Search, or click the Session ID link. All correlating history, event, antivirus and antispam log messages appear in a new tab where you can find out why that particular action was taken.

For more information about log message cross search, see Log message cross search .

Example

If you export the FortiMail log messages to a remote Syslog server (including FortiAnalyzer), a history/statistics log will look like the following:

date=2013-02-25 time=07:01:34 device_id=FE100C3909600504 log_id=0200025843 type=statistics pri=information session_id="r1PF1YTh025836-r1PF1YTh025836" client_name="172.20.140.108" dst_ip="172.20.140.13" endpoint="" from="aaa@bbb.com" to="user1@example.com" polid="0:1:0" domain="" subject="" mailer="proxy" transfer_time="" scan_time="" resolved="" direction="unknown" virus="" disposition="0x200" classifier="0x17" message_length="199986"

For the Microsoft 365 view, the following MS365-specific log fields will be added:

read_status="read (or unread)" folder="(user email inbox folder)" received_time="" notification_delay=""

Previous
Next

History/Statistics logs

This chapter contains information regarding history, or statistics log messages. History log messages record all mail traffic going through the FortiMail unit.

History logs are used to quickly determine the disposition of a message. History logs describe what action was taken by the FortiMail unit. Administrators use the history logs to quickly determine the status of a message for a specific recipient, then either right-click that log message and select Cross Search, or click the Session ID link. All correlating history, event, antivirus and antispam log messages appear in a new tab where you can find out why that particular action was taken.

For more information about log message cross search, see Log message cross search .

Example

If you export the FortiMail log messages to a remote Syslog server (including FortiAnalyzer), a history/statistics log will look like the following:

date=2013-02-25 time=07:01:34 device_id=FE100C3909600504 log_id=0200025843 type=statistics pri=information session_id="r1PF1YTh025836-r1PF1YTh025836" client_name="172.20.140.108" dst_ip="172.20.140.13" endpoint="" from="aaa@bbb.com" to="user1@example.com" polid="0:1:0" domain="" subject="" mailer="proxy" transfer_time="" scan_time="" resolved="" direction="unknown" virus="" disposition="0x200" classifier="0x17" message_length="199986"

For the Microsoft 365 view, the following MS365-specific log fields will be added:

read_status="read (or unread)" folder="(user email inbox folder)" received_time="" notification_delay=""

Previous
Next