Fortinet white logo
Fortinet white logo

Log Message Reference

28737 - LOGID_APP_CTRL_PROTO_ENF

28737 - LOGID_APP_CTRL_PROTO_ENF

Message ID: 28737

Message Description: LOGID_APP_CTRL_PROTO_ENF

Message Meaning: Application control protocol enforcement

Type: app-ctrl

Category: protocol-violation

Severity: Warning

Log Field Name

Description

Data Type

Length

action

The status of the session: pass - Application is allowed block - Application is blocked (silent) reject - Quarantine reset - Application is blocked and Reset was sent Sometimes, there is a block page for blocking

string

16

app

Application name

string

96

appcat

Application category name

string

64

appid

Application ID

uint32

10

applist

Application Control profile name

string

64

apprisk

Application risk level

string

16

authserver

Authentication server for the user

string

64

ccertissuer

string

64

cloudaction

Action performed by cloud application

string

32

clouduser

User login ID detected by the Deep Application Control feature

string

256

craction

Client Reputation Action

uint32

10

crlevel

Client Reputation Level

string

10

crscore

Client Reputation Score

uint32

10

date

Date

string

10

devid

Deivce ID

string

16

direction

Direction of the packets

string

8

dstauthserver

string

64

dstcountry

string

64

dstintf

Destination Interface

string

64

dstintfrole

Destination Interface's assigned role (LAN, WAN, etc.)

string

10

dstip

Destination IP

ip

39

dstport

Destination Port

uint16

5

dstuser

string

256

eventtime

Event Time

uint64

20

eventtype

App Control Event Type

string

32

fctuid

FortiClient UID

string

32

filename

File name

string

256

filesize

File size in bytes

uint64

10

forwardedfor

X-Forwarded-For HTTP header

string

128

group

User group name

string

64

hostname

The host name of a URL

string

256

incidentserialno

Incident serial number

uint32

10

level

Log Level

string

11

logid

Log ID

string

10

msg

Log message for the attack

string

512

parameters

string

512

pdstport

uint16

5

policyid

Policy ID

uint32

10

policymode

string

8

policytype

string

24

poluuid

string

37

profile

Profile name for IPS

string

36

profiletype

Profile Type

string

36

proto

Protocol number

uint8

3

psrcport

uint16

5

rawdata

Extended logging data including HTTP method, URL, client content type, server content type, user agent, referer, x-forwarded-for

string

1024

rawdataid

string

10

scertcname

server certificate name

string

64

scertissuer

server certificate issuer

string

64

service

Service name

string

80

sessionid

Session ID

uint32

10

srccountry

Country name for Source IP

string

64

srcdomain

string

255

srcintf

Source Interface

string

64

srcintfrole

Source Interface's assigned role (LAN, WAN, etc.)

string

10

srcip

Source IP

ip

39

srcport

Source Port

uint16

5

subtype

Log Subtype

string

20

time

Time

string

8

trueclntip

True-Client-IP

ip

39

type

Log type

string

16

tz

string

5

unauthuser

Unauthenticated user

string

66

unauthusersource

Unauthenticated user source

string

66

url

The URL address

string

512

user

User name

string

256

vd

Virtual domain name

string

32

vrf

Virtual router forwarding

uint8

3

28737 - LOGID_APP_CTRL_PROTO_ENF

28737 - LOGID_APP_CTRL_PROTO_ENF

Message ID: 28737

Message Description: LOGID_APP_CTRL_PROTO_ENF

Message Meaning: Application control protocol enforcement

Type: app-ctrl

Category: protocol-violation

Severity: Warning

Log Field Name

Description

Data Type

Length

action

The status of the session: pass - Application is allowed block - Application is blocked (silent) reject - Quarantine reset - Application is blocked and Reset was sent Sometimes, there is a block page for blocking

string

16

app

Application name

string

96

appcat

Application category name

string

64

appid

Application ID

uint32

10

applist

Application Control profile name

string

64

apprisk

Application risk level

string

16

authserver

Authentication server for the user

string

64

ccertissuer

string

64

cloudaction

Action performed by cloud application

string

32

clouduser

User login ID detected by the Deep Application Control feature

string

256

craction

Client Reputation Action

uint32

10

crlevel

Client Reputation Level

string

10

crscore

Client Reputation Score

uint32

10

date

Date

string

10

devid

Deivce ID

string

16

direction

Direction of the packets

string

8

dstauthserver

string

64

dstcountry

string

64

dstintf

Destination Interface

string

64

dstintfrole

Destination Interface's assigned role (LAN, WAN, etc.)

string

10

dstip

Destination IP

ip

39

dstport

Destination Port

uint16

5

dstuser

string

256

eventtime

Event Time

uint64

20

eventtype

App Control Event Type

string

32

fctuid

FortiClient UID

string

32

filename

File name

string

256

filesize

File size in bytes

uint64

10

forwardedfor

X-Forwarded-For HTTP header

string

128

group

User group name

string

64

hostname

The host name of a URL

string

256

incidentserialno

Incident serial number

uint32

10

level

Log Level

string

11

logid

Log ID

string

10

msg

Log message for the attack

string

512

parameters

string

512

pdstport

uint16

5

policyid

Policy ID

uint32

10

policymode

string

8

policytype

string

24

poluuid

string

37

profile

Profile name for IPS

string

36

profiletype

Profile Type

string

36

proto

Protocol number

uint8

3

psrcport

uint16

5

rawdata

Extended logging data including HTTP method, URL, client content type, server content type, user agent, referer, x-forwarded-for

string

1024

rawdataid

string

10

scertcname

server certificate name

string

64

scertissuer

server certificate issuer

string

64

service

Service name

string

80

sessionid

Session ID

uint32

10

srccountry

Country name for Source IP

string

64

srcdomain

string

255

srcintf

Source Interface

string

64

srcintfrole

Source Interface's assigned role (LAN, WAN, etc.)

string

10

srcip

Source IP

ip

39

srcport

Source Port

uint16

5

subtype

Log Subtype

string

20

time

Time

string

8

trueclntip

True-Client-IP

ip

39

type

Log type

string

16

tz

string

5

unauthuser

Unauthenticated user

string

66

unauthusersource

Unauthenticated user source

string

66

url

The URL address

string

512

user

User name

string

256

vd

Virtual domain name

string

32

vrf

Virtual router forwarding

uint8

3