28705 - LOGID_APP_CTRL_IPS_BLOCK
Message ID: 28705
Message Description: LOGID_APP_CTRL_IPS_BLOCK
Message Meaning: Application control (IPS) (block)
Type: APP-CTRL
Category: signature
Severity: Warning
Log Field Name |
Description |
Data Type |
Length |
---|---|---|---|
action |
The status of the session: pass - Application is allowed block - Application is blocked (silent) reject - Quarantine reset - Application is blocked and Reset was sent Sometimes, there is a block page for blocking |
string |
16 |
app |
Application name |
string |
96 |
appcat |
Application category name |
string |
64 |
applist |
Application Control profile name |
string |
64 |
authserver |
Authentication server for the user |
string |
64 |
date |
Date |
string |
10 |
devid |
Deivce ID |
string |
16 |
direction |
Direction of the packets |
string |
8 |
dstcountry |
|
string |
64 |
dstintf |
Destination Interface |
string |
64 |
dstintfrole |
Destination Interface's assigned role (LAN, WAN, etc.) |
string |
10 |
dstip |
Destination IP |
ip |
39 |
dstport |
Destination Port |
uint16 |
5 |
eventtime |
Event Time |
uint64 |
20 |
eventtype |
App Control Event Type |
string |
32 |
fctuid |
FortiClient User ID |
string |
32 |
group |
User group name |
string |
512 |
level |
Log level |
string |
11 |
logid |
Log ID |
string |
10 |
policyid |
Policy ID |
uint32 |
10 |
profile |
|
string |
36 |
profiletype |
Profile Type |
string |
36 |
proto |
Protocol number |
uint8 |
3 |
service |
Service name |
string |
80 |
sessionid |
Session ID |
uint32 |
10 |
srccountry |
|
string |
64 |
srcdomain |
|
string |
255 |
srcintf |
Source Interface |
string |
64 |
srcintfrole |
Source Interface's assigned role (LAN, WAN, etc.) |
string |
10 |
srcip |
Source IP |
ip |
39 |
srcport |
Source Port |
uint16 |
5 |
subtype |
Log subtype |
string |
20 |
time |
Time |
string |
8 |
type |
Log type |
string |
16 |
tz |
|
string |
5 |
unauthuser |
Unauthenticated user |
string |
66 |
unauthusersource |
Unauthenticated user source |
string |
66 |
user |
User name |
string |
256 |
vd |
Virtual domain name |
string |
32 |
vrf |
Virtual Routing Forwarding |
uint8 |
3 |
agent |
|
string |
1024 |
appid |
Application ID |
uint32 |
10 |
apprisk |
Application risk level |
string |
16 |
ccertissuer |
|
string |
64 |
cloudaction |
Action performed by cloud application |
string |
32 |
clouddevice |
|
string |
256 |
clouduser |
User login ID detected by the Deep Application Control feature |
string |
256 |
craction |
Client Reputation Action |
uint32 |
10 |
crlevel |
Client Reputation Level |
string |
10 |
crscore |
Client Reputation Score |
uint32 |
10 |
dstauthserver |
|
string |
64 |
dstuser |
|
string |
256 |
filename |
File name |
string |
256 |
filesize |
File size in bytes |
uint64 |
10 |
forwardedfor |
Forwarded For |
string |
128 |
hostname |
The host name of a URL |
string |
256 |
httpmethod |
|
string |
20 |
incidentserialno |
Incident serial number |
uint32 |
10 |
msg |
Log message |
string |
512 |
parameters |
|
string |
512 |
pdstport |
|
uint16 |
5 |
policymode |
|
string |
8 |
policytype |
|
string |
24 |
poluuid |
|
string |
37 |
psrcport |
|
uint16 |
5 |
rawdata |
Extended logging data including HTTP method, URL, client content type, server content type, user agent, referer, x-forwarded-for |
string |
1024 |
rawdataid |
|
string |
10 |
referralurl |
|
string |
512 |
scertcname |
server certificate name |
string |
64 |
scertissuer |
server certificate issuer |
string |
64 |
trueclntip |
True-Client-IP |
ip |
39 |
url |
The URL address |
string |
512 |