Fortinet white logo
Fortinet white logo

FortiOS Log Message Reference

28705 - LOGID_APP_CTRL_IPS_BLOCK

28705 - LOGID_APP_CTRL_IPS_BLOCK

Message ID: 28705

Message Description: LOGID_APP_CTRL_IPS_BLOCK

Message Meaning: Application control (IPS) (block)

Type: APP-CTRL

Category: signature

Severity: Warning

Log Field Name

Description

Data Type

Length

action

The status of the session: pass - Application is allowed block - Application is blocked (silent) reject - Quarantine reset - Application is blocked and Reset was sent Sometimes, there is a block page for blocking

string

16

app

Application name

string

96

appcat

Application category name

string

64

applist

Application Control profile name

string

64

authserver

Authentication server for the user

string

64

date

Date

string

10

devid

Deivce ID

string

16

direction

Direction of the packets

string

8

dstcountry

string

64

dstintf

Destination Interface

string

64

dstintfrole

Destination Interface's assigned role (LAN, WAN, etc.)

string

10

dstip

Destination IP

ip

39

dstport

Destination Port

uint16

5

eventtime

Event Time

uint64

20

eventtype

App Control Event Type

string

32

fctuid

FortiClient User ID

string

32

group

User group name

string

512

level

Log level

string

11

logid

Log ID

string

10

policyid

Policy ID

uint32

10

profile

string

36

profiletype

Profile Type

string

36

proto

Protocol number

uint8

3

service

Service name

string

80

sessionid

Session ID

uint32

10

srccountry

string

64

srcdomain

string

255

srcintf

Source Interface

string

64

srcintfrole

Source Interface's assigned role (LAN, WAN, etc.)

string

10

srcip

Source IP

ip

39

srcport

Source Port

uint16

5

subtype

Log subtype

string

20

time

Time

string

8

type

Log type

string

16

tz

string

5

unauthuser

Unauthenticated user

string

66

unauthusersource

Unauthenticated user source

string

66

user

User name

string

256

vd

Virtual domain name

string

32

vrf

Virtual Routing Forwarding

uint8

3

agent

string

1024

appid

Application ID

uint32

10

apprisk

Application risk level

string

16

ccertissuer

string

64

cloudaction

Action performed by cloud application

string

32

clouddevice

string

256

clouduser

User login ID detected by the Deep Application Control feature

string

256

craction

Client Reputation Action

uint32

10

crlevel

Client Reputation Level

string

10

crscore

Client Reputation Score

uint32

10

dstauthserver

string

64

dstuser

string

256

filename

File name

string

256

filesize

File size in bytes

uint64

10

forwardedfor

Forwarded For

string

128

hostname

The host name of a URL

string

256

httpmethod

string

20

incidentserialno

Incident serial number

uint32

10

msg

Log message

string

512

parameters

string

512

pdstport

uint16

5

policymode

string

8

policytype

string

24

poluuid

string

37

psrcport

uint16

5

rawdata

Extended logging data including HTTP method, URL, client content type, server content type, user agent, referer, x-forwarded-for

string

1024

rawdataid

string

10

referralurl

string

512

scertcname

server certificate name

string

64

scertissuer

server certificate issuer

string

64

trueclntip

True-Client-IP

ip

39

url

The URL address

string

512

28705 - LOGID_APP_CTRL_IPS_BLOCK

28705 - LOGID_APP_CTRL_IPS_BLOCK

Message ID: 28705

Message Description: LOGID_APP_CTRL_IPS_BLOCK

Message Meaning: Application control (IPS) (block)

Type: APP-CTRL

Category: signature

Severity: Warning

Log Field Name

Description

Data Type

Length

action

The status of the session: pass - Application is allowed block - Application is blocked (silent) reject - Quarantine reset - Application is blocked and Reset was sent Sometimes, there is a block page for blocking

string

16

app

Application name

string

96

appcat

Application category name

string

64

applist

Application Control profile name

string

64

authserver

Authentication server for the user

string

64

date

Date

string

10

devid

Deivce ID

string

16

direction

Direction of the packets

string

8

dstcountry

string

64

dstintf

Destination Interface

string

64

dstintfrole

Destination Interface's assigned role (LAN, WAN, etc.)

string

10

dstip

Destination IP

ip

39

dstport

Destination Port

uint16

5

eventtime

Event Time

uint64

20

eventtype

App Control Event Type

string

32

fctuid

FortiClient User ID

string

32

group

User group name

string

512

level

Log level

string

11

logid

Log ID

string

10

policyid

Policy ID

uint32

10

profile

string

36

profiletype

Profile Type

string

36

proto

Protocol number

uint8

3

service

Service name

string

80

sessionid

Session ID

uint32

10

srccountry

string

64

srcdomain

string

255

srcintf

Source Interface

string

64

srcintfrole

Source Interface's assigned role (LAN, WAN, etc.)

string

10

srcip

Source IP

ip

39

srcport

Source Port

uint16

5

subtype

Log subtype

string

20

time

Time

string

8

type

Log type

string

16

tz

string

5

unauthuser

Unauthenticated user

string

66

unauthusersource

Unauthenticated user source

string

66

user

User name

string

256

vd

Virtual domain name

string

32

vrf

Virtual Routing Forwarding

uint8

3

agent

string

1024

appid

Application ID

uint32

10

apprisk

Application risk level

string

16

ccertissuer

string

64

cloudaction

Action performed by cloud application

string

32

clouddevice

string

256

clouduser

User login ID detected by the Deep Application Control feature

string

256

craction

Client Reputation Action

uint32

10

crlevel

Client Reputation Level

string

10

crscore

Client Reputation Score

uint32

10

dstauthserver

string

64

dstuser

string

256

filename

File name

string

256

filesize

File size in bytes

uint64

10

forwardedfor

Forwarded For

string

128

hostname

The host name of a URL

string

256

httpmethod

string

20

incidentserialno

Incident serial number

uint32

10

msg

Log message

string

512

parameters

string

512

pdstport

uint16

5

policymode

string

8

policytype

string

24

poluuid

string

37

psrcport

uint16

5

rawdata

Extended logging data including HTTP method, URL, client content type, server content type, user agent, referer, x-forwarded-for

string

1024

rawdataid

string

10

referralurl

string

512

scertcname

server certificate name

string

64

scertissuer

server certificate issuer

string

64

trueclntip

True-Client-IP

ip

39

url

The URL address

string

512