Fortinet white logo
Fortinet white logo

FortiOS Log Message Reference

54600 - LOG_ID_DNS_BOTNET_IP

54600 - LOG_ID_DNS_BOTNET_IP

Message ID: 54600

Message Description: LOG_ID_DNS_BOTNET_IP

Message Meaning: Domain blocked by DNS botnet C&C (IP)

Type: DNS

Category: dns-response

Severity: Warning

Log Field Name

Description

Data Type

Length

action

Security action performed by DNS filter

string

16

botnetdomain

Botnet domain name

string

256

botnetip

Botnet IP address

ip

39

cat

DNS category ID

uint8

3

catdesc

DNS category description

string

64

date

Date

string

10

devid

Device ID

string

16

domainfilteridx

Domain Filter Index

uint8

3

domainfilterlist

Domain Filter List

string

512

dstintf

Destination Interface

string

32

dstintfrole

Destination Interface Role

string

10

dstip

Destination IP

ip

39

dstport

Destination Port

uint16

5

error

DNS filter service error message

string

256

eventtime

Event Timestamp

uint64

20

eventtype

DNS Type (DNS query/DNS response)

string

32

exchange

Mail Exchanges from DNS response answer section

string

256

fctuid

FortiClient ID

string

32

group

User group name

string

64

ipaddr

IP addresses from DNS response answer section

string

512

level

Log Level

string

11

logid

Log ID

string

10

msg

Log message

string

512

policyid

Policy ID

uint32

10

profile

Profile name for DNS filter

string

64

proto

Protocol number

uint8

3

qclass

Query class

string

32

qname

Query domain name

string

256

qtype

Query type description

string

32

qtypeval

Query Type Value

uint16

5

rcode

uint8

3

sessionid

Session ID

uint32

10

srcdomain

string

255

srcintf

Source Interface

string

32

srcintfrole

Source Interface Role

string

10

srcip

Source IP

ip

39

srcmac

MAC address associated with the Source IP

string

17

srcport

Source Port

uint16

5

sscname

Safe Search CNAME

string

256

subtype

Log Subtype

string

20

time

Time

string

8

translationid

uint32

10

type

Log Type

string

16

tz

Time zone

string

5

unauthuser

Unauthenticated User

string

66

unauthusersource

Unauthenticated User Source

string

66

user

User name

string

256

vd

Virtual Domain Name

string

32

xid

Transaction ID

uint16

5

54600 - LOG_ID_DNS_BOTNET_IP

54600 - LOG_ID_DNS_BOTNET_IP

Message ID: 54600

Message Description: LOG_ID_DNS_BOTNET_IP

Message Meaning: Domain blocked by DNS botnet C&C (IP)

Type: DNS

Category: dns-response

Severity: Warning

Log Field Name

Description

Data Type

Length

action

Security action performed by DNS filter

string

16

botnetdomain

Botnet domain name

string

256

botnetip

Botnet IP address

ip

39

cat

DNS category ID

uint8

3

catdesc

DNS category description

string

64

date

Date

string

10

devid

Device ID

string

16

domainfilteridx

Domain Filter Index

uint8

3

domainfilterlist

Domain Filter List

string

512

dstintf

Destination Interface

string

32

dstintfrole

Destination Interface Role

string

10

dstip

Destination IP

ip

39

dstport

Destination Port

uint16

5

error

DNS filter service error message

string

256

eventtime

Event Timestamp

uint64

20

eventtype

DNS Type (DNS query/DNS response)

string

32

exchange

Mail Exchanges from DNS response answer section

string

256

fctuid

FortiClient ID

string

32

group

User group name

string

64

ipaddr

IP addresses from DNS response answer section

string

512

level

Log Level

string

11

logid

Log ID

string

10

msg

Log message

string

512

policyid

Policy ID

uint32

10

profile

Profile name for DNS filter

string

64

proto

Protocol number

uint8

3

qclass

Query class

string

32

qname

Query domain name

string

256

qtype

Query type description

string

32

qtypeval

Query Type Value

uint16

5

rcode

uint8

3

sessionid

Session ID

uint32

10

srcdomain

string

255

srcintf

Source Interface

string

32

srcintfrole

Source Interface Role

string

10

srcip

Source IP

ip

39

srcmac

MAC address associated with the Source IP

string

17

srcport

Source Port

uint16

5

sscname

Safe Search CNAME

string

256

subtype

Log Subtype

string

20

time

Time

string

8

translationid

uint32

10

type

Log Type

string

16

tz

Time zone

string

5

unauthuser

Unauthenticated User

string

66

unauthusersource

Unauthenticated User Source

string

66

user

User name

string

256

vd

Virtual Domain Name

string

32

xid

Transaction ID

uint16

5