Fortinet black logo

FortiManager log message example

FortiManager log message example

2018-04-02 14:03:47 log_id=0021030002 type=event subtype=objcfg pri=notice desc="cdb event log for object changed" user="admin" userfrom="" msg="dev=,vdom=global,type=user_device_device,act=add,key=0c:c4:7a:09:a5:d8,intf=mgmt,ip=10.3.171.2" adom=""

Log message breakdown

Log Field

Description

Date: 2018-04-02

The year, month, and day when the event occurred in the format: YY-MM-DD

Time: 14:03:47

The hour, minute, and second of when the event occurred.

Log ID: 0021030002

A ten-digit number that identifies the log type. The first two digits represent the log type, and the following two digits represent the log subtype. The last six digits represent the message ID number.

Type: event

The section of the system where the event occurred.

Subtype: objcfg

The subtype of each log message.

Pri: notice

The severity level or priority of the event. There are several severity or priority levels. See Priority levels.

Desc: cdb event log for object changed

Describes the activity or event that the FortiManager unit recorded.

User: admin

The name of the user creating the traffic.

Userfrom:

Where the user initiated the activity or event, if applicable.

Msg: dev=,vdom=global,type=user_device_ device,act=add,key=0c:c4:7a:09:a5:d8, intf=mgmt,ip=10.3.171.2" adom=

Explains the activity or event that the FortiAnalyzer unit recorded.

FortiManager log message example

2018-04-02 14:03:47 log_id=0021030002 type=event subtype=objcfg pri=notice desc="cdb event log for object changed" user="admin" userfrom="" msg="dev=,vdom=global,type=user_device_device,act=add,key=0c:c4:7a:09:a5:d8,intf=mgmt,ip=10.3.171.2" adom=""

Log message breakdown

Log Field

Description

Date: 2018-04-02

The year, month, and day when the event occurred in the format: YY-MM-DD

Time: 14:03:47

The hour, minute, and second of when the event occurred.

Log ID: 0021030002

A ten-digit number that identifies the log type. The first two digits represent the log type, and the following two digits represent the log subtype. The last six digits represent the message ID number.

Type: event

The section of the system where the event occurred.

Subtype: objcfg

The subtype of each log message.

Pri: notice

The severity level or priority of the event. There are several severity or priority levels. See Priority levels.

Desc: cdb event log for object changed

Describes the activity or event that the FortiManager unit recorded.

User: admin

The name of the user creating the traffic.

Userfrom:

Where the user initiated the activity or event, if applicable.

Msg: dev=,vdom=global,type=user_device_ device,act=add,key=0c:c4:7a:09:a5:d8, intf=mgmt,ip=10.3.171.2" adom=

Explains the activity or event that the FortiAnalyzer unit recorded.