Fortinet white logo
Fortinet white logo

FortiOS Log Message Reference

30260 - LOGID_WAF_URL_ACCESS_BYPASS

30260 - LOGID_WAF_URL_ACCESS_BYPASS

Message ID: 30260

Message Description: LOGID_WAF_URL_ACCESS_BYPASS

Message Meaning: Web application firewall allowed application by URL access bypass

Type: WAF

Category: waf-url-access

Severity: Warning

Log Field Name

Description

Data Type

Length

action

Status of the session. Uses following definition: - Deny = blocked by firewall policy. - Start = session start log (special option to enable logging at start of a session). This means firewall allowed. - All Others = allowed by Firewall Policy and the status indicates how it was closed.

string

17

agent

Agent

string

64

authserver

Authentication Server

string

64

constraint

WAF HTTP protocol restrictions

string

4096

date

Date

string

10

devid

Device ID

string

16

direction

Direction

string

4096

dstauthserver

string

64

dstcountry

string

64

dstintf

Destination Interface

string

32

dstintfrole

Destination Interface's assigned role (LAN, WAN, etc.)

string

10

dstip

Destination IP Address

ip

39

dstport

Destination Port

uint16

5

dstuser

string

256

dstuuid

string

37

eventid

Event ID

uint32

10

eventtime

Event Time, Time when WAF event detected

uint64

20

eventtype

Event Type

string

32

fctuid

FortiClient UID

string

32

group

User Group Name

string

64

level

Log Level

string

11

logid

Log ID

string

10

method

HTTP Method

string

4096

msg

Log Message

string

4096

name

Method or custom signature name

string

64

policyid

Policy ID

uint32

10

policytype

string

24

poluuid

string

37

profile

Full profile name

string

64

proto

Protocol

uint8

3

rawdata

Raw Data

string

1024

service

Service name

string

5

sessionid

Session ID

uint32

10

severity

Severity

string

6

srccountry

string

64

srcdomain

string

255

srcintf

Source Interface

string

32

srcintfrole

Source Interface's assigned role (LAN, WAN, etc.)

string

10

srcip

Source IP Address

ip

39

srcport

Source Port

uint16

5

srcuuid

string

37

subtype

Log Subtype

string

20

time

Time

string

8

type

Log Type

string

16

tz

Time zone

string

5

unauthuser

Unauthenticated user

string

66

unauthusersource

Unauthenticated user source

string

66

url

URL

string

512

user

User Name

string

256

vd

Virtual Domain Name

string

32

30260 - LOGID_WAF_URL_ACCESS_BYPASS

30260 - LOGID_WAF_URL_ACCESS_BYPASS

Message ID: 30260

Message Description: LOGID_WAF_URL_ACCESS_BYPASS

Message Meaning: Web application firewall allowed application by URL access bypass

Type: WAF

Category: waf-url-access

Severity: Warning

Log Field Name

Description

Data Type

Length

action

Status of the session. Uses following definition: - Deny = blocked by firewall policy. - Start = session start log (special option to enable logging at start of a session). This means firewall allowed. - All Others = allowed by Firewall Policy and the status indicates how it was closed.

string

17

agent

Agent

string

64

authserver

Authentication Server

string

64

constraint

WAF HTTP protocol restrictions

string

4096

date

Date

string

10

devid

Device ID

string

16

direction

Direction

string

4096

dstauthserver

string

64

dstcountry

string

64

dstintf

Destination Interface

string

32

dstintfrole

Destination Interface's assigned role (LAN, WAN, etc.)

string

10

dstip

Destination IP Address

ip

39

dstport

Destination Port

uint16

5

dstuser

string

256

dstuuid

string

37

eventid

Event ID

uint32

10

eventtime

Event Time, Time when WAF event detected

uint64

20

eventtype

Event Type

string

32

fctuid

FortiClient UID

string

32

group

User Group Name

string

64

level

Log Level

string

11

logid

Log ID

string

10

method

HTTP Method

string

4096

msg

Log Message

string

4096

name

Method or custom signature name

string

64

policyid

Policy ID

uint32

10

policytype

string

24

poluuid

string

37

profile

Full profile name

string

64

proto

Protocol

uint8

3

rawdata

Raw Data

string

1024

service

Service name

string

5

sessionid

Session ID

uint32

10

severity

Severity

string

6

srccountry

string

64

srcdomain

string

255

srcintf

Source Interface

string

32

srcintfrole

Source Interface's assigned role (LAN, WAN, etc.)

string

10

srcip

Source IP Address

ip

39

srcport

Source Port

uint16

5

srcuuid

string

37

subtype

Log Subtype

string

20

time

Time

string

8

type

Log Type

string

16

tz

Time zone

string

5

unauthuser

Unauthenticated user

string

66

unauthusersource

Unauthenticated user source

string

66

url

URL

string

512

user

User Name

string

256

vd

Virtual Domain Name

string

32