Fortinet black logo

Log Message Reference

Home FortiWeb 7.4.0 Log Message Reference
7.4.0
7.4.0
7.2.2
7.2.1
7.2.0
7.0.4
7.0.3
7.0.2
7.0.0
6.4.2
6.4.1
6.3.17
6.3.16
6.3.15
6.3.14
6.3.13
6.3.11
6.3.10
6.3.9
6.3.4
6.3.3
6.3.2
6.3.1
6.3.0
6.2.6
6.2.5
6.2.4
6.2.3
6.2.2
6.2.1
4.4.6
4.4.4
4.4.3
4.4.2
4.4.1

20000017

20000017

Meaning

File upload restrictions violation

Field name Description

log_id

20000017

See Log ID numbers.

main_type

File Upload Restriction

subtype

  • Antivirus Detection
  • Trojan Detection
  • FortiSandbox Detection
  • Illegal File Type
  • Illegal File Size

Examples

date=2022-07-10 time=16:32:45 log_id=20000017 msg_id=000000175392 device_id=FVVM08TM21000756 vd="root" timezone="(GMT-8:00)Pacific Time(US&Canada)" timezone_dayst="GMTa+7" type=attack pri=alert main_type="File Upload Restriction" sub_type="Illegal File Type" trigger_policy="N/A" severity_level=Medium proto=tcp service=http backend_service=unknown action=Alert policy="FWB_Policy_Default_AutoTest" src=192.168.1.8 src_port=54507 dst=10.102.0.1 dst_port=80 http_method=post http_url="/upload/servlet/UploadServlet" http_host="10.0.0.147:8090" http_agent="Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)" http_session_id=none msg="File name [filup.pdf]: Illegal file type" signature_subclass="N/A" signature_id="N/A" signature_cve_id="N/A" srccountry="Reserved" content_switch_name="none" server_pool_name="FWB_server_pool" false_positive_mitigation="none" user_name="Unknown" monitor_status="Disabled" http_refer="http://10.12.0.39:1001/upload/~upload" http_version="1.x" dev_id="none" es=0 threat_weight=50 history_threat_weight=0 threat_level=Substantial ftp_mode="N/A" ftp_cmd="N/A" cipher_suite="none" ml_log_hmm_probability=0.000000 ml_log_sample_prob_mean=0.000000 ml_log_sample_arglen_mean=0.000000 ml_log_arglen=0 ml_svm_log_main_types=0 ml_svm_log_match_types="none" ml_svm_accuracy="none" ml_domain_index=0 ml_url_dbid=0 ml_arg_dbid=0 ml_allow_method="none" owasp_top10="A05:2021-Security Misconfiguration" bot_info="none" client_level="Unidentified" x509_cert_subject="none"
Previous
Next

20000017

Meaning

File upload restrictions violation

Field name Description

log_id

20000017

See Log ID numbers.

main_type

File Upload Restriction

subtype

  • Antivirus Detection
  • Trojan Detection
  • FortiSandbox Detection
  • Illegal File Type
  • Illegal File Size

Examples

date=2022-07-10 time=16:32:45 log_id=20000017 msg_id=000000175392 device_id=FVVM08TM21000756 vd="root" timezone="(GMT-8:00)Pacific Time(US&Canada)" timezone_dayst="GMTa+7" type=attack pri=alert main_type="File Upload Restriction" sub_type="Illegal File Type" trigger_policy="N/A" severity_level=Medium proto=tcp service=http backend_service=unknown action=Alert policy="FWB_Policy_Default_AutoTest" src=192.168.1.8 src_port=54507 dst=10.102.0.1 dst_port=80 http_method=post http_url="/upload/servlet/UploadServlet" http_host="10.0.0.147:8090" http_agent="Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)" http_session_id=none msg="File name [filup.pdf]: Illegal file type" signature_subclass="N/A" signature_id="N/A" signature_cve_id="N/A" srccountry="Reserved" content_switch_name="none" server_pool_name="FWB_server_pool" false_positive_mitigation="none" user_name="Unknown" monitor_status="Disabled" http_refer="http://10.12.0.39:1001/upload/~upload" http_version="1.x" dev_id="none" es=0 threat_weight=50 history_threat_weight=0 threat_level=Substantial ftp_mode="N/A" ftp_cmd="N/A" cipher_suite="none" ml_log_hmm_probability=0.000000 ml_log_sample_prob_mean=0.000000 ml_log_sample_arglen_mean=0.000000 ml_log_arglen=0 ml_svm_log_main_types=0 ml_svm_log_match_types="none" ml_svm_accuracy="none" ml_domain_index=0 ml_url_dbid=0 ml_arg_dbid=0 ml_allow_method="none" owasp_top10="A05:2021-Security Misconfiguration" bot_info="none" client_level="Unidentified" x509_cert_subject="none"
Previous
Next