20000008

Meaning
Parameter, URL, or other elements in the packets triggered signatures included in the signature policy.

Field name	Description
`log_id`	20000008 See Log ID numbers.
`main_type`	Signature Detection
`subtype`	Cross Site Scripting Cross Site Scripting (Extended) Generic Attacks Generic Attacks (Extended) Bad Robot Information Disclosure Known Exploits SQL Injection SQL Injection (Extended) SQL Injection (Syntax Based Detection) Personally Identifiable Information Trojans

Examples
date=2022-07-11 time=13:59:15 log_id=20000008 msg_id=000000192894 device_id=FVVM08TM21000756 vd="root" timezone="(GMT-8:00)Pacific Time(US&Canada)" timezone_dayst="GMTa+7" type=attack pri=alert main_type="Signature Detection" sub_type="Cross Site Scripting" trigger_policy="N/A" severity_level=High proto=tcp service=http backend_service=unknown action=Alert policy="FWB_Policy_Default_AutoTest" src=192.168.1.8 src_port=55395 dst=10.102.0.1 dst_port=80 http_method=get http_url="/autotest/server_protection/1.html?para1=mocha:" http_host="fortinet.fortiweb.com" http_agent="python-for-fortiweb" http_session_id=none msg="Parameter(para1) triggered signature ID 010000002 of Signatures policy FWB_server_protection" signature_subclass="Cross Site Scripting" signature_id="010000002" signature_cve_id="N/A" srccountry="Reserved" content_switch_name="none" server_pool_name="FWB_server_pool" false_positive_mitigation="none" user_name="Unknown" monitor_status="Disabled" http_refer="none" http_version="1.x" dev_id="none" es=0 threat_weight=25 history_threat_weight=0 threat_level=Moderate ftp_mode="N/A" ftp_cmd="N/A" cipher_suite="none" ml_log_hmm_probability=0.000000 ml_log_sample_prob_mean=0.000000 ml_log_sample_arglen_mean=0.000000 ml_log_arglen=0 ml_svm_log_main_types=0 ml_svm_log_match_types="none" ml_svm_accuracy="none" ml_domain_index=0 ml_url_dbid=0 ml_arg_dbid=0 ml_allow_method="none" owasp_top10="A03:2021-Injection" bot_info="none" client_level="Unidentified" x509_cert_subject="none" owasp_api_top10="N/A"

Examples

date=2022-07-11 time=13:59:15 log_id=20000008 msg_id=000000192894 device_id=FVVM08TM21000756 vd="root" timezone="(GMT-8:00)Pacific Time(US&Canada)" timezone_dayst="GMTa+7" type=attack pri=alert main_type="Signature Detection" sub_type="Cross Site Scripting" trigger_policy="N/A" severity_level=High proto=tcp service=http backend_service=unknown action=Alert policy="FWB_Policy_Default_AutoTest" src=192.168.1.8 src_port=55395 dst=10.102.0.1 dst_port=80 http_method=get http_url="/autotest/server_protection/1.html?para1=mocha:" http_host="fortinet.fortiweb.com" http_agent="python-for-fortiweb" http_session_id=none msg="Parameter(para1) triggered signature ID 010000002 of Signatures policy FWB_server_protection" signature_subclass="Cross Site Scripting" signature_id="010000002" signature_cve_id="N/A" srccountry="Reserved" content_switch_name="none" server_pool_name="FWB_server_pool" false_positive_mitigation="none" user_name="Unknown" monitor_status="Disabled" http_refer="none" http_version="1.x" dev_id="none" es=0 threat_weight=25 history_threat_weight=0 threat_level=Moderate ftp_mode="N/A" ftp_cmd="N/A" cipher_suite="none" ml_log_hmm_probability=0.000000 ml_log_sample_prob_mean=0.000000 ml_log_sample_arglen_mean=0.000000 ml_log_arglen=0 ml_svm_log_main_types=0 ml_svm_log_match_types="none" ml_svm_accuracy="none" ml_domain_index=0 ml_url_dbid=0 ml_arg_dbid=0 ml_allow_method="none" owasp_top10="A03:2021-Injection" bot_info="none" client_level="Unidentified" x509_cert_subject="none" owasp_api_top10="N/A"

Meaning
Parameter, URL, or other elements in the packets triggered signatures included in the signature policy.

Field name	Description
`log_id`	20000008 See Log ID numbers.
`main_type`	Signature Detection
`subtype`	Cross Site Scripting Cross Site Scripting (Extended) Generic Attacks Generic Attacks (Extended) Bad Robot Information Disclosure Known Exploits SQL Injection SQL Injection (Extended) SQL Injection (Syntax Based Detection) Personally Identifiable Information Trojans

Examples
date=2022-07-11 time=13:59:15 log_id=20000008 msg_id=000000192894 device_id=FVVM08TM21000756 vd="root" timezone="(GMT-8:00)Pacific Time(US&Canada)" timezone_dayst="GMTa+7" type=attack pri=alert main_type="Signature Detection" sub_type="Cross Site Scripting" trigger_policy="N/A" severity_level=High proto=tcp service=http backend_service=unknown action=Alert policy="FWB_Policy_Default_AutoTest" src=192.168.1.8 src_port=55395 dst=10.102.0.1 dst_port=80 http_method=get http_url="/autotest/server_protection/1.html?para1=mocha:" http_host="fortinet.fortiweb.com" http_agent="python-for-fortiweb" http_session_id=none msg="Parameter(para1) triggered signature ID 010000002 of Signatures policy FWB_server_protection" signature_subclass="Cross Site Scripting" signature_id="010000002" signature_cve_id="N/A" srccountry="Reserved" content_switch_name="none" server_pool_name="FWB_server_pool" false_positive_mitigation="none" user_name="Unknown" monitor_status="Disabled" http_refer="none" http_version="1.x" dev_id="none" es=0 threat_weight=25 history_threat_weight=0 threat_level=Moderate ftp_mode="N/A" ftp_cmd="N/A" cipher_suite="none" ml_log_hmm_probability=0.000000 ml_log_sample_prob_mean=0.000000 ml_log_sample_arglen_mean=0.000000 ml_log_arglen=0 ml_svm_log_main_types=0 ml_svm_log_match_types="none" ml_svm_accuracy="none" ml_domain_index=0 ml_url_dbid=0 ml_arg_dbid=0 ml_allow_method="none" owasp_top10="A03:2021-Injection" bot_info="none" client_level="Unidentified" x509_cert_subject="none" owasp_api_top10="N/A"

Examples