Fortinet white logo
Fortinet white logo

FortiOS Log Message Reference

3 - LOG_ID_TRAFFIC_DENY

3 - LOG_ID_TRAFFIC_DENY

Message ID: 3

Message Description: LOG_ID_TRAFFIC_DENY

Message Meaning: Traffic violation

Type: Traffic

Category: FORWARD

Severity: Warning

Log Field Name

Description

Data Type

Length

action

status of the session. Uses following definition: - Deny = blocked by firewall policy. - Start = session start log (special option to enable logging at start of a session). This means firewall allowed. - All Others = allowed by Firewall Policy and the status indicates how it was closed.

string

16

agent

string

64

ap

string

36

app

Application name

string

96

appact

The security action from app control

string

16

appcat

Application category

string

64

appid

Application ID

uint32

10

applist

Application Control profile (name)

string

64

apprisk

Application Risk Level

string

16

apsn

string

36

authserver

string

32

centralnatid

Central NAT ID

uint32

10

channel

uint32

10

comment

string

1024

craction

Action performed by Client Reputation

uint32

10

crlevel

string

10

crscore

Client Reputation score

uint32

10

date

Date

string

10

devid

Device serial number

string

16

devtype

Device type

string

66

dstauthserver

string

32

dstcountry

Country name for the destination IP

string

64

dstdevtype

string

66

dstfamily

string

66

dstgroup

string

64

dsthwvendor

string

66

dsthwversion

string

66

dstinetsvc

string

64

dstintf

Destination Interface

string

32

dstintfrole

string

10

dstip

Destination IP Address

ip

39

dstmac

string

17

dstname

The destination name.

string

66

dstosname

string

66

dstport

Destination Port

uint16

5

dstserver

uint8

3

dstssid

Destination SSID

string

33

dstswversion

string

66

dstunauthuser

string

66

dstunauthusersource

string

66

dstuser

string

256

dstuuid

UUID of the Destination IP address

string

37

duration

Duration of the session

uint32

10

eventtime

uint64

20

fctuid

string

32

group

User group name

string

64

identifier

uint16

5

lanin

LAN incoming traffic in bytes

uint64

20

lanout

LAN outgoing traffic in bytes

uint64

20

level

Log Level

string

11

logid

Log ID

string

10

masterdstmac

string

17

mastersrcmac

The master MAC address for a host that has multiple network interfaces

string

17

msg

Log message

string

64

osname

Name of the device's OS

string

66

policyid

Firewall Policy ID

uint32

10

policyname

string

36

policytype

string

24

poluuid

UUID of the Firewall Policy

string

37

proto

protocol number

uint8

3

radioband

string

64

rcvdbyte

Received Bytes

uint64

20

rcvddelta

uint64

20

rcvdpkt

Received Packets

uint32

10

sentbyte

Sent Bytes

uint64

20

sentdelta

uint64

20

sentpkt

Sent Packets

uint32

10

service

Name of service

string

80

sessionid

Session ID

uint32

10

shaperdroprcvdbyte

Received bytes dropped by shaper

uint32

10

shaperdropsentbyte

Sent bytes dropped by shaper

uint32

10

shaperperipdropbyte

Dropped bytes per IP by shaper

uint32

10

shaperperipname

Traffic shaper name (per IP)

string

36

shaperrcvdname

Traffic shaper name for received traffic

string

36

shapersentname

Traffic shaper name for sent traffic

string

36

shapingpolicyid

uint32

10

srccountry

Country name for Source IP

string

64

srcdomain

string

255

srcfamily

string

66

srchwvendor

string

66

srchwversion

string

66

srcinetsvc

string

64

srcintf

Source interface name

string

32

srcintfrole

string

10

srcip

Source IP address

ip

39

srcmac

MAC address associated with the Source IP

string

17

srcname

Source name

string

66

srcport

Source port number

uint16

5

srcserver

uint8

3

srcssid

Source SSID

string

33

srcswversion

string

66

srcuuid

UUID of the Source IP Address

string

37

sslaction

string

26

subtype

Subtype of the traffic

string

20

time

Time

string

8

trandisp

NAT translation type

string

16

tranip

NAT destination IP

ip

39

tranport

NAT Destination Port

uint16

5

transip

NAT Source IP

ip

39

transport

NAT Source Port

uint16

5

type

Log type

string

16

tz

string

5

unauthuser

Unauthenticated user name

string

66

unauthusersource

The method used to detect unauthenticated user name

string

66

url

string

512

user

User name

string

256

utmaction

Security action performed by UTM

string

32

vd

Virtual domain name

string

32

vpn

The name of the VPN tunnel

string

32

vpntype

The type of the VPN tunnel

string

14

vrf

uint8

3

vwlid

uint32

10

vwlname

string

36

vwlquality

string

320

vwlservice

string

64

vwpvlanid

uint32

10

wanin

WAN incoming traffic in bytes

uint64

20

wanoptapptype

WAN Optimization Application type

string

9

wanout

WAN outgoing traffic in bytes

uint64

20

3 - LOG_ID_TRAFFIC_DENY

3 - LOG_ID_TRAFFIC_DENY

Message ID: 3

Message Description: LOG_ID_TRAFFIC_DENY

Message Meaning: Traffic violation

Type: Traffic

Category: FORWARD

Severity: Warning

Log Field Name

Description

Data Type

Length

action

status of the session. Uses following definition: - Deny = blocked by firewall policy. - Start = session start log (special option to enable logging at start of a session). This means firewall allowed. - All Others = allowed by Firewall Policy and the status indicates how it was closed.

string

16

agent

string

64

ap

string

36

app

Application name

string

96

appact

The security action from app control

string

16

appcat

Application category

string

64

appid

Application ID

uint32

10

applist

Application Control profile (name)

string

64

apprisk

Application Risk Level

string

16

apsn

string

36

authserver

string

32

centralnatid

Central NAT ID

uint32

10

channel

uint32

10

comment

string

1024

craction

Action performed by Client Reputation

uint32

10

crlevel

string

10

crscore

Client Reputation score

uint32

10

date

Date

string

10

devid

Device serial number

string

16

devtype

Device type

string

66

dstauthserver

string

32

dstcountry

Country name for the destination IP

string

64

dstdevtype

string

66

dstfamily

string

66

dstgroup

string

64

dsthwvendor

string

66

dsthwversion

string

66

dstinetsvc

string

64

dstintf

Destination Interface

string

32

dstintfrole

string

10

dstip

Destination IP Address

ip

39

dstmac

string

17

dstname

The destination name.

string

66

dstosname

string

66

dstport

Destination Port

uint16

5

dstserver

uint8

3

dstssid

Destination SSID

string

33

dstswversion

string

66

dstunauthuser

string

66

dstunauthusersource

string

66

dstuser

string

256

dstuuid

UUID of the Destination IP address

string

37

duration

Duration of the session

uint32

10

eventtime

uint64

20

fctuid

string

32

group

User group name

string

64

identifier

uint16

5

lanin

LAN incoming traffic in bytes

uint64

20

lanout

LAN outgoing traffic in bytes

uint64

20

level

Log Level

string

11

logid

Log ID

string

10

masterdstmac

string

17

mastersrcmac

The master MAC address for a host that has multiple network interfaces

string

17

msg

Log message

string

64

osname

Name of the device's OS

string

66

policyid

Firewall Policy ID

uint32

10

policyname

string

36

policytype

string

24

poluuid

UUID of the Firewall Policy

string

37

proto

protocol number

uint8

3

radioband

string

64

rcvdbyte

Received Bytes

uint64

20

rcvddelta

uint64

20

rcvdpkt

Received Packets

uint32

10

sentbyte

Sent Bytes

uint64

20

sentdelta

uint64

20

sentpkt

Sent Packets

uint32

10

service

Name of service

string

80

sessionid

Session ID

uint32

10

shaperdroprcvdbyte

Received bytes dropped by shaper

uint32

10

shaperdropsentbyte

Sent bytes dropped by shaper

uint32

10

shaperperipdropbyte

Dropped bytes per IP by shaper

uint32

10

shaperperipname

Traffic shaper name (per IP)

string

36

shaperrcvdname

Traffic shaper name for received traffic

string

36

shapersentname

Traffic shaper name for sent traffic

string

36

shapingpolicyid

uint32

10

srccountry

Country name for Source IP

string

64

srcdomain

string

255

srcfamily

string

66

srchwvendor

string

66

srchwversion

string

66

srcinetsvc

string

64

srcintf

Source interface name

string

32

srcintfrole

string

10

srcip

Source IP address

ip

39

srcmac

MAC address associated with the Source IP

string

17

srcname

Source name

string

66

srcport

Source port number

uint16

5

srcserver

uint8

3

srcssid

Source SSID

string

33

srcswversion

string

66

srcuuid

UUID of the Source IP Address

string

37

sslaction

string

26

subtype

Subtype of the traffic

string

20

time

Time

string

8

trandisp

NAT translation type

string

16

tranip

NAT destination IP

ip

39

tranport

NAT Destination Port

uint16

5

transip

NAT Source IP

ip

39

transport

NAT Source Port

uint16

5

type

Log type

string

16

tz

string

5

unauthuser

Unauthenticated user name

string

66

unauthusersource

The method used to detect unauthenticated user name

string

66

url

string

512

user

User name

string

256

utmaction

Security action performed by UTM

string

32

vd

Virtual domain name

string

32

vpn

The name of the VPN tunnel

string

32

vpntype

The type of the VPN tunnel

string

14

vrf

uint8

3

vwlid

uint32

10

vwlname

string

36

vwlquality

string

320

vwlservice

string

64

vwpvlanid

uint32

10

wanin

WAN incoming traffic in bytes

uint64

20

wanoptapptype

WAN Optimization Application type

string

9

wanout

WAN outgoing traffic in bytes

uint64

20