This chapter contains information regarding history, or statistics log messages. History log messages record all mail traffic going through the FortiMail unit.
History logs are used to quickly determine the disposition of a message. History logs describe what action was taken by the FortiMail unit. Administrators use the history logs to quickly determine the status of a message for a specific recipient, then either right-click that log message and select Cross Search, or click the Session ID link. All correlating history, event, antivirus and antispam log messages appear in a new tab where you can find out why that particular action was taken.
For more information about log message cross search, see Log message cross search .
If you export the FortiMail log messages to a remote Syslog server (including FortiAnalyzer), a history/statistics log would look like the following and the log fields would appear in the following order:
date=2013-02-25 time=07:01:34 device_id=FE100C3909600504 log_id=0200025843 type=statistics pri=information session_id="r1PF1YTh025836-r1PF1YTh025836" client_name="172.20.140.108" dst_ip="172.20.140.13" endpoint="" from="email@example.com" to="firstname.lastname@example.org" polid="0:1:0" domain="" subject="" mailer="proxy" resolved="" direction="unknown" virus="" disposition="0x200" classifier="0x17" message_length="199986"