Fortinet black logo

Log Reference

Antivirus logs

Copy Link
Copy Doc ID a45c6ff5-b74f-11eb-b70b-00505692583a:577125
Download PDF

Antivirus logs

This chapter contains information regarding antivirus log messages, including an example of an antivirus log message.

Antivirus log messages have a subtype called “infected”. Antivirus log messages inform you of viruses detected by your FortiMail unit.

Antivirus uses a dynamic error reporting scheme. This scheme is unable to create a definitive list of log messages that you may encounter. Errors are logged in a format similar to the following example.

You can cross-search an antivirus log message to get more information about it. For more information about log message cross search, see Log message cross search .

Example

If you send the FortiMail log messages to a remote Syslog server (including FortiAnalyzer), an antivirus log would look like the following and the log fields would appear in the following order:

date=2012-07-24 time=17:07:42 device_id=FE100C3909600504 log_id=0100000924 type=virus subtype=infected pri=information from="syntax@www.ca" to="user2@1.ca" src=172.20.140.94 session_id="q6OL7fsQ018870-q6OL7fsR018870" msg="The file inline-16-69.dat is infected with EICAR_TEST_FILE."

Antivirus logs

This chapter contains information regarding antivirus log messages, including an example of an antivirus log message.

Antivirus log messages have a subtype called “infected”. Antivirus log messages inform you of viruses detected by your FortiMail unit.

Antivirus uses a dynamic error reporting scheme. This scheme is unable to create a definitive list of log messages that you may encounter. Errors are logged in a format similar to the following example.

You can cross-search an antivirus log message to get more information about it. For more information about log message cross search, see Log message cross search .

Example

If you send the FortiMail log messages to a remote Syslog server (including FortiAnalyzer), an antivirus log would look like the following and the log fields would appear in the following order:

date=2012-07-24 time=17:07:42 device_id=FE100C3909600504 log_id=0100000924 type=virus subtype=infected pri=information from="syntax@www.ca" to="user2@1.ca" src=172.20.140.94 session_id="q6OL7fsQ018870-q6OL7fsR018870" msg="The file inline-16-69.dat is infected with EICAR_TEST_FILE."