Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Log Message Reference

    Home FortiManager 7.0.10 Log Message Reference
    7.0.10
    7.6.1
    7.6.0
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.15
    6.4.14
    6.4.13
    6.4.12
    6.4.11
    6.4.10
    6.4.9
    6.4.8
    6.4.7
    6.4.6
    6.4.5
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.2.13
    6.2.12
    6.2.11
    6.2.10
    6.2.9
    6.2.8
    6.2.7
    6.2.6
    6.2.5
    6.2.3
    6.2.2
    6.2.1
    6.2.0
    6.0.12
    6.0.11
    6.0.10
    6.0.9
    6.0.8
    6.0.7
    6.0.6
    6.0.5
    6.0.4
    6.0.3
    6.0.2
    6.0.1
    6.0.0
    5.6.11
    5.6.10
    5.6.9
    5.6.8
    5.6.7
    5.6.6
    5.6.5
    5.6.4
    5.6.3
    5.6.2
    5.6.1
    5.6.0
    5.4.7
    5.4.6
    5.4.5
    5.4.4
    5.4.3
    5.4.2
    5.4.1
    5.4.0
    5.0.1
    4.3.0
    4.1.0

    FortiAnalyzer application log message example

    FortiAnalyzer application log message example

    id=6826113487735881741 itime=2020-05-12 17:06:37 euid=1 epid=1 dsteuid=1 dstepid=1 vd=root logid=110269 type=appevent subtype=playbook eventtype=run-stat level=notice date=2020-05-12 time=17:06:38 user=system user_from=system desc=Incident Attachment Added msg=Task 'Attach Events to Incident' executed successfully. status=success playbook_name=Demo Playbook- Compromised Host Incident trigger_type=event trigger_name=202005121000000012 task_name=Attach Events to Incident event_id=202005121000000012 devid=FAZ-VMTM20004698 devname=FAZ-VMTM20004698 dtime=2020-05-12 17:06:37 itime_t=1589328397

    application log message breakdown

    Log Field

    Description

    Date/Time: 17:06:37

    The hour, minute, and second of when the event occurred.

    Description (desc): Incident Attachment Added

    A description of the activity or event recorded by the FortiAnalyzer unit.

    Destination End User ID (dsteuid): 1

    An identification number for the destination end user.

    Destination Endpoint ID (dstepid): 1

    An identification number for the destination endpoint.

    Device ID (devid): FAZ-VMTM20004698

    An identification number for the device that recorded the event.

    Device Name (devname): FAZ-VMTM20004698

    The name of the device that recorded the event.

    Device Time (dtime): 2020-05-12 17:06:37

    The year, month, and day when the event occurred in the format: YY-MM-DD. It also includes the hour, minute, and second of when the event occurred.

    End User ID (euid): 1

    An identification number for the end user.

    Endpoint ID (epid): 1

    An identification number for the endpoint user.

    Event ID (id): 6826113487735881741

    An identification number for the event.

    Event Type (eventtype): run-stat

    The type of event recorded.

    Level (level): notice

    The severity level or priority of the event. There are several severity or priority levels. See Priority levels.

    Log ID (logid): 110269

    The message ID number.

    Message (msg): Task 'Attach Events to Incident' executed successfully.

    Explains the activity or event that the FortiAnalyzer unit recorded.

    Playbook name (playbook_name): Demo Playbook- Compromised Host Incident

    The name of the playbook.

    Status (status): success

    The status of the playbook.

    Subtype (subtype): playbook

    The subtype of each log message.

    Task Name (task_name): Attach Events to Incident event_

    The name of the playbook task.

    Trigger Name (trigger_name): 202005121000000012

    The identification number for the trigger.

    Trigger Type (trigger_type): event

    The type of trigger.

    Type (type): appevent

    The section of the system where the event occurred.

    User (user): system

    The name of the user creating the traffic.

    User From (user_from): system

    Where the user initiated the activity or event, if applicable.

    Virtual Domain (vd): root

    The name of the VDOM, if applicable.
    Previous
    Next

    FortiAnalyzer application log message example

    FortiAnalyzer application log message example

    id=6826113487735881741 itime=2020-05-12 17:06:37 euid=1 epid=1 dsteuid=1 dstepid=1 vd=root logid=110269 type=appevent subtype=playbook eventtype=run-stat level=notice date=2020-05-12 time=17:06:38 user=system user_from=system desc=Incident Attachment Added msg=Task 'Attach Events to Incident' executed successfully. status=success playbook_name=Demo Playbook- Compromised Host Incident trigger_type=event trigger_name=202005121000000012 task_name=Attach Events to Incident event_id=202005121000000012 devid=FAZ-VMTM20004698 devname=FAZ-VMTM20004698 dtime=2020-05-12 17:06:37 itime_t=1589328397

    application log message breakdown

    Log Field

    Description

    Date/Time: 17:06:37

    The hour, minute, and second of when the event occurred.

    Description (desc): Incident Attachment Added

    A description of the activity or event recorded by the FortiAnalyzer unit.

    Destination End User ID (dsteuid): 1

    An identification number for the destination end user.

    Destination Endpoint ID (dstepid): 1

    An identification number for the destination endpoint.

    Device ID (devid): FAZ-VMTM20004698

    An identification number for the device that recorded the event.

    Device Name (devname): FAZ-VMTM20004698

    The name of the device that recorded the event.

    Device Time (dtime): 2020-05-12 17:06:37

    The year, month, and day when the event occurred in the format: YY-MM-DD. It also includes the hour, minute, and second of when the event occurred.

    End User ID (euid): 1

    An identification number for the end user.

    Endpoint ID (epid): 1

    An identification number for the endpoint user.

    Event ID (id): 6826113487735881741

    An identification number for the event.

    Event Type (eventtype): run-stat

    The type of event recorded.

    Level (level): notice

    The severity level or priority of the event. There are several severity or priority levels. See Priority levels.

    Log ID (logid): 110269

    The message ID number.

    Message (msg): Task 'Attach Events to Incident' executed successfully.

    Explains the activity or event that the FortiAnalyzer unit recorded.

    Playbook name (playbook_name): Demo Playbook- Compromised Host Incident

    The name of the playbook.

    Status (status): success

    The status of the playbook.

    Subtype (subtype): playbook

    The subtype of each log message.

    Task Name (task_name): Attach Events to Incident event_

    The name of the playbook task.

    Trigger Name (trigger_name): 202005121000000012

    The identification number for the trigger.

    Trigger Type (trigger_type): event

    The type of trigger.

    Type (type): appevent

    The section of the system where the event occurred.

    User (user): system

    The name of the user creating the traffic.

    User From (user_from): system

    Where the user initiated the activity or event, if applicable.

    Virtual Domain (vd): root

    The name of the VDOM, if applicable.
    Previous
    Next