What's new
This section identifies major changes in the Log Reference from version 7.4.0 and later. For more information about new features, please see the FortiOS 7.4 New Features Guide.
FortiOS 7.4.5
Log field values
No log field values are changed.
Log ID changes
The following log IDs are changed:
event logs:
|
Log ID |
Message |
Change |
|---|---|---|
| 22905 | LOG_ID_LOGDEV_STATUS_CHANGE | Log ID Added |
| 22906 | LOG_ID_SECURITY_LEVEL_CHANGE | Log ID Added |
| 46527 | LOG_ID_INTERNAL_LTE_MODEM_SIM_SWITCH_SIM_STATE | Log ID Added |
| 53050 | LOG_ID_FTC_AUTH_FAILED | Log ID Added |
| 53402 | LOG_ID_FGFM_RECOVERY | Log ID Added |
| 53407 | LOG_ID_FABRIC_VPN_PSK_SECRET_UPG_SET | Log ID Added |
ssh logs:
|
Log ID |
Message |
Change |
|---|---|---|
|
61014 |
LOG_ID_SSH_UNSUPPORT_PROTO_BLOCK |
Log ID Added |
|
61015 |
LOG_ID_SSH_UNSUPPORT_PROTO_PASS |
Log ID Added |
FortiOS 7.4.4
Log field values
The following log field values are changed:
casb logs:
|
Field |
Change |
|---|---|
| operation | Field Added |
|
policytype |
Field Added |
event logs:
|
Field |
Change |
|---|---|
| requesttype | Field Added |
traffic logs:
|
Field |
Change |
|---|---|
| srcremote | Field Added |
virus logs:
|
Field |
Change |
|---|---|
| contentencoding | Field Added |
webfilter logs:
|
Field |
Change |
|---|---|
| contentencoding | Field Removed |
Log ID changes
The following log IDs are changed:
event logs:
|
Log ID |
Message |
Change |
|---|---|---|
| 22024 | LOG_ID_IPPOOLPBA_INTERIM | Log ID Added |
| 22070 | LOG_ID_FORTIGSLB_COMMUNICATION_ERROR | Log ID Added |
| 22071 | LOG_ID_FORTIGSLB_CLOUD_CONFIG_UPDATED | Log ID Added |
| 22224 | LOG_ID_EXT_RESOURCE_OVERFLOW | Log ID Added |
| 22750 | LOG_ID_METERED_BILLING_ACCEPTED | Log ID Added |
| 22751 | LOG_ID_METERED_BILLING_FAIL | Log ID Added |
| 22752 | LOG_ID_METERED_BILLING_VALID | Log ID Added |
| 22753 | LOG_ID_METERED_BILLING_INVALID | Log ID Added |
| 32618 | LOG_ID_FGT_SWITCH_EXPORT_POOL_UNDO | Log ID Added |
| 32619 | LOG_ID_FGT_SWITCH_EXPORT_VDOM_UNDO | Log ID Added |
| 32620 | LOG_ID_FGT_SWITCH_GROUP_ADD_MEMBER | Log ID Added |
| 32621 | LOG_ID_FGT_SWITCH_GROUP_DEL_MEMBER | Log ID Added |
| 32622 | LOG_ID_FGT_SWITCH_FORTILINK_CONNECTED | Log ID Added |
| 32623 | LOG_ID_FGT_SWITCH_LOCATION_CHANGE | Log ID Added |
| 32624 | LOG_ID_FGT_SWITCH_NEW_PEER_DETECT | Log ID Added |
| 43720 | LOG_ID_EVENT_WIRELESS_FIPS | Log ID Added |
| 43721 | LOG_ID_EVENT_WIRELESS_STA_WPA_MSG_EXT_MPSK_RESULT | Log ID Added |
| 43778 | LOG_ID_EVENT_NAC_QUARANTINE_EXPIRY | Log ID Added |
| 53010 | LOG_ID_INTERNAL_FDS_FTC | Log ID Added |
virus logs:
|
Log ID |
Message |
Change |
|---|---|---|
|
9241 |
LOG_ID_UNKNOWN_CE_BLOCK |
Log ID Added |
|
9242 |
LOG_ID_UNKNOWN_CE_BYPASS |
Log ID Added |
webfilter logs:
|
Log ID |
Message |
Change |
|---|---|---|
|
13696 |
LOG_ID_UNKNOWN_CE_BLOCK |
Log ID Removed |
|
13697 |
LOG_ID_UNKNOWN_CE_BYPASS |
Log ID Removed |
FortiOS 7.4.3
There are no major log changes between FortiOS 7.4.2 and 7.4.3.
FortiOS 7.4.2
Log field values
The following log field values are changed:
casb logs:
|
Field |
Change |
|---|---|
| dstuuid | Field Added |
|
srcuuid |
Field Added |
dlp logs:
|
Field |
Change |
|---|---|
| filteridx | Field Removed |
| filtername | Field Removed |
| ruleid | Field Added |
| rulename | Field Added |
event logs:
|
Field |
Change |
|---|---|
| switchaclid | Field Added |
| switchautoip | Field Added |
| switchinterface | Field Added |
| switchl2capacity | Field Added |
| switchl2count | Field Added |
| switchmirrorsession | Field Added |
| switchphysicalport | Field Added |
| switchsysteminterface | Field Added |
| switchtrunk | Field Added |
| switchtrunkinterface | Field Added |
| unit | Field Removed |
| vlan | Field Added |
file-filter logs:
|
Field |
Change |
|---|---|
| filtername | Field Removed |
|
rulename |
Field Added |
icap logs:
|
Field |
Change |
|---|---|
| reason | Field Added |
traffic logs:
|
Field |
Change |
|---|---|
| clientcert | Field Added |
| clientdeviceems | Field Added |
| durationdelta | Field Added |
| rcvdpktdelta | Field Added |
| sentpktdelta | Field Added |
webfilter logs:
|
Field |
Change |
|---|---|
| videodesc |
Field Added |
|
videotitle |
Field Added |
Log ID changes
The following log IDs are changed:
event logs:
|
Log ID |
Message |
Change |
|---|---|---|
| 20139 | LOG_ID_FGCS_ACC_LIC_EXPIRE | Log ID Added |
| 20140 | LOG_ID_FSPA_LIC_EXPIRE | Log ID Added |
| 20141 | LOG_ID_FSFG_LIC_EXPIRE | Log ID Added |
| 22022 | LOG_ID_ENTER_EXTREME_LOW_MEM_MODE | Log ID Added |
| 22023 | LOG_ID_LEAVE_EXTREME_LOW_MEM_MODE | Log ID Added |
| 22104 | LOG_ID_POWER_RESTORE | Log ID Removed |
| 22817 | LOG_ID_SCANUNIT_DLP_SIGNATURE_REMOVE | Log ID Added |
| 22874 | LOG_ID_FLTUND_NEW_CONN | Log ID Added |
| 22875 | LOG_ID_FLTUND_CONN_DOWN | Log ID Added |
| 22876 | LOG_ID_FLTUND_RCV_BOOTSTRAP | Log ID Added |
| 22877 | LOG_ID_FLTUND_CONN_ONLINE | Log ID Added |
| 22878 | LOG_ID_FLTUND_CONN_OFFLINE | Log ID Added |
| 34420 | LOG_ID_NP6XLITE_HPE_PACKET_DROP | Log ID Added |
| 34421 | LOG_ID_NP6XLITE_HPE_PACKET_FLOOD | Log ID Added |
| 45101 | LOG_ID_EC_REG_SUCCEED | Log ID Added |
| 45132 | LOG_ID_EC_EMS_UPGRADE_FAIL | Log ID Added |
| 45133 | LOG_ID_EC_SHM_MISSING_QUERY | Log ID Added |
ssl logs:
|
Log ID |
Message |
Change |
|---|---|---|
|
62309 |
LOG_ID_SSL_ANOMALY_CERT_INVALID |
Log ID Added |
virtual-patch logs:
|
Log ID |
Message |
Change |
|---|---|---|
|
64610 |
LOG_ID_LOCALIN_VPATCH_BLOCK |
Log ID Added |
|
64611 |
LOG_ID_LOCALIN_VPATCH_LOG |
Log ID Added |
virus logs:
|
Log ID |
Message |
Change |
|---|---|---|
|
8982 |
MESGID_SCAN_AV_MAX_MEMORY_REACHED_ERROR |
Log ID Added |
webfilter logs:
|
Log ID |
Message |
Change |
|---|---|---|
| 13617 | LOG_ID_CONTENT_TYPE_EXEMPT | Log ID Added |
| 13712 | LOG_ID_VIDEOFILTER_TITLE_BLOCK | Log ID Added |
| 13713 | LOG_ID_VIDEOFILTER_TITLE_MONITOR | Log ID Added |
| 13714 | LOG_ID_VIDEOFILTER_TITLE_ALLOW | Log ID Added |
| 13728 | LOG_ID_VIDEOFILTER_DESCRIPTION_BLOCK | Log ID Added |
| 13729 | LOG_ID_VIDEOFILTER_DESCRIPTION_MONITOR | Log ID Added |
| 13730 | LOG_ID_VIDEOFILTER_DESCRIPTION_ALLOW | Log ID Added |
FortiOS 7.4.1
Log type and subtype changes
The virtual-patch and casb log types are added.
Log field values
The following log field values are changed:
casb logs:
|
Field |
Change |
|---|---|
|
action |
Field Added |
|
activitycategory |
Field Added |
|
date |
Field Added |
|
devid |
Field Added |
|
dstintf |
Field Added |
|
dstintfrole |
Field Added |
|
dstip |
Field Added |
|
dstport |
Field Added |
|
eventtime |
Field Added |
|
eventtype |
Field Added |
|
group |
Field Added |
|
level |
Field Added |
|
logid |
Field Added |
|
msg |
Field Added |
|
policyid |
Field Added |
|
poluuid |
Field Added |
|
profile |
Field Added |
|
proto |
Field Added |
|
saasapp |
Field Added |
|
sessionid |
Field Added |
|
srcintf |
Field Added |
|
srcintfrole |
Field Added |
|
srcip |
Field Added |
|
srcport |
Field Added |
|
subtype |
Field Added |
|
time |
Field Added |
|
type |
Field Added |
|
tz |
Field Added |
|
url |
Field Added |
|
user |
Field Added |
|
useractivity |
Field Added |
|
vd |
Field Added |
|
vrf |
Field Added |
event logs:
|
Field |
Change |
|---|---|
|
connection_type |
Field Removed |
|
license_limit |
Field Removed |
|
snprev |
Field Added |
|
used_for_type |
Field Removed |
ssh logs:
|
Field |
Change |
|---|---|
|
poluuid |
Field Added |
traffic logs:
|
Field |
Change |
|---|---|
|
countcasb |
Field Added |
|
countvpatch |
Field Added |
|
replydstintf |
Field Added |
|
replysrcintf |
Field Added |
virtual-patch logs:
|
Field |
Change |
|---|---|
|
action |
Field Added |
|
agent |
Field Added |
|
attack |
Field Added |
|
attackcontext |
Field Added |
|
attackcontextid |
Field Added |
|
attackid |
Field Added |
|
authserver |
Field Added |
|
date |
Field Added |
|
devid |
Field Added |
|
direction |
Field Added |
|
dstauthserver |
Field Added |
|
dstcountry |
Field Added |
|
dstintf |
Field Added |
|
dstintfrole |
Field Added |
|
dstip |
Field Added |
|
dstport |
Field Added |
|
dstuser |
Field Added |
|
eventtime |
Field Added |
|
eventtype |
Field Added |
|
fctuid |
Field Added |
|
forwardedfor |
Field Added |
|
group |
Field Added |
|
hostname |
Field Added |
|
httpmethod |
Field Added |
|
level |
Field Added |
|
logid |
Field Added |
|
pdstport |
Field Added |
|
policyid |
Field Added |
|
policymode |
Field Added |
|
policytype |
Field Added |
|
poluuid |
Field Added |
|
profile |
Field Added |
|
proto |
Field Added |
|
psrcport |
Field Added |
|
rawdata |
Field Added |
|
rawdataid |
Field Added |
|
referralurl |
Field Added |
|
service |
Field Added |
|
sessionid |
Field Added |
|
severity |
Field Added |
|
srccountry |
Field Added |
|
srcdomain |
Field Added |
|
srcintf |
Field Added |
|
srcintfrole |
Field Added |
|
srcip |
Field Added |
|
srcport |
Field Added |
|
subtype |
Field Added |
|
time |
Field Added |
|
trueclntip |
Field Added |
|
type |
Field Added |
|
tz |
Field Added |
|
unauthuser |
Field Added |
|
unauthusersource |
Field Added |
|
url |
Field Added |
|
user |
Field Added |
|
vd |
Field Added |
|
vrf |
Field Added |
Log ID changes
The following log IDs are changed:
casb logs:
|
Log ID |
Message |
Change |
|---|---|---|
|
10000 |
LOG_ID_CASB_ACCESS_BLOCKED |
Log ID Added |
|
10001 |
LOG_ID_CASB_ACCESS_BYPASS |
Log ID Added |
|
10002 |
LOG_ID_CASB_ACCESS_MONITOR |
Log ID Added |
event logs:
|
Log ID |
Message |
Change |
|---|---|---|
|
20137 |
LOG_ID_FGSA_LIC_EXPIRE |
Log ID Added |
|
20138 |
LOG_ID_SWOS_LIC_EXPIRE |
Log ID Added |
|
20235 |
LOG_ID_SYS_SECURITY_MOUNT_VIOLATION |
Log ID Added |
|
22939 |
LOG_ID_EVENT_VWL_FAIL_DETECT |
Log ID Added |
|
22940 |
LOG_ID_EVENT_LINK_MONITOR_FAIL_DETECT |
Log ID Added |
|
32019 |
LOG_ID_CC_ENTER_ERR_MOD |
Log ID Removed |
|
32055 |
LOG_ID_CC_KAT_SUCCESS |
Log ID Added |
|
32264 |
LOG_ID_BLE_FIRMWARE_CHECK |
Log ID Added |
|
32265 |
LOG_ID_BLE_FIRMWARE_UPDATE |
Log ID Added |
|
45057 |
LOG_ID_FCC_ADD |
Log ID Removed |
|
45058 |
LOG_ID_FCC_CLOSE |
Log ID Removed |
|
45061 |
LOG_ID_FCC_CLOSE_BY_TYPE |
Log ID Removed |
|
46506 |
LOG_ID_INTERNAL_LTE_MODEM_BILLING_DAILY_LOG |
Log ID Removed |
|
46522 |
LOG_ID_INTERNAL_LTE_MODEM_BILLING_DATA_ALERT |
Log ID Added |
|
46523 |
LOG_ID_INTERNAL_LTE_MODEM_BILLING_TIME_REFRESH |
Log ID Added |
|
46524 |
LOG_ID_INTERNAL_LTE_MODEM_SIM_SWITCH_DATA_PLAN |
Log ID Added |
|
46525 |
LOG_ID_INTERNAL_LTE_MODEM_BILLING_STOP_NETWORK |
Log ID Added |
|
46526 |
LOG_ID_INTERNAL_LTE_MODEM_BILLING_DATA_PLAN_OVER |
Log ID Added |
|
53406 |
LOG_ID_2GB_CSF_UPGRADE |
Log ID Added |
ssl logs:
|
Log ID |
Message |
Change |
|---|---|---|
|
62308 |
LOG_ID_SSL_ANOMALY_HANDSHAKE_FAILURE |
Log ID Added |
virtual-patch logs:
|
Log ID |
Message |
Change |
|---|---|---|
|
64600 |
LOG_ID_VPATCH_BLOCK |
Log ID Added |
|
64601 |
LOG_ID_VPATCH_LOG |
Log ID Added |
FortiOS 7.4.0
Log field values
The following log field values are changed:
app-ctrl logs:
|
Field |
Change |
|---|---|
|
icmpcode |
Field Added |
|
icmpid |
Field Added |
|
icmptype |
Field Added |
event logs:
|
Field |
Change |
|---|---|
|
app |
Field Added |
|
apperror |
Field Added |
|
appid |
Field Added |
|
downbandwidthmeasured |
Field Added |
|
extension |
Field Added |
|
filename |
Field Added |
|
model |
Field Added |
|
networktransfertime |
Field Added |
|
product |
Field Added |
|
serveraddr |
Field Added |
|
servername |
Field Added |
|
serverresponsetime |
Field Added |
|
speedtestserver |
Field Added |
|
srccountry |
Field Added |
|
ticket |
Field Added |
|
timestamp |
Field Added |
|
upbandwidthmeasured |
Field Added |
|
vendor |
Field Added |
|
versionmax |
Field Added |
|
versionmin |
Field Added |
|
vulncnt |
Field Added |
|
vulnresult |
Field Added |
traffic logs:
|
Field |
Change |
|---|---|
|
fwdsrv |
Field Added |
|
realserverid |
Field Added |
virus logs:
|
Field |
Change |
|---|---|
|
fndraction |
Field Removed |
|
fndrconfidence |
Field Removed |
|
fndrfileid |
Field Removed |
|
fndrfiletype |
Field Removed |
|
fndrseverity |
Field Removed |
|
fndrverdict |
Field Removed |
|
fsaaction |
Field Removed |
|
fsafileid |
Field Removed |
|
fsafiletype |
Field Removed |
|
fsaseverity |
Field Removed |
|
icbaction |
Field Added |
|
icbconfidence |
Field Added |
|
icbfileid |
Field Added |
|
icbfiletype |
Field Added |
|
icbseverity |
Field Added |
|
icbverdict |
Field Added |
voip logs:
|
Field |
Change |
|---|---|
|
logsrc |
Field Added |
Log ID changes
The following log IDs are changed:
event logs:
|
Log ID |
Message |
Change |
|---|---|---|
|
20136 |
LOG_ID_DLP_LIC_EXPIRE |
Log ID Added |
|
20150 |
LOG_ID_DEV_VUNL_FTGD_LOOKUP |
Log ID Added |
|
20230 |
LOG_ID_SYS_SECURITY_WRITE_VIOLATION |
Log ID Added |
|
20231 |
LOG_ID_SYS_SECURITY_HARDLINK_VIOLATION |
Log ID Added |
|
20232 |
LOG_ID_SYS_SECURITY_LOAD_MODULE_VIOLATION |
Log ID Added |
|
20233 |
LOG_ID_SYS_SECURITY_FILE_HASH_MISSING |
Log ID Added |
|
20234 |
LOG_ID_SYS_SECURITY_FILE_HASH_MISMATCH |
Log ID Added |
|
22094 |
LOG_ID_FEDERATED_UPGRADE_ROOT_COMPLETED |
Log ID Added |
|
22095 |
LOG_ID_FEDERATED_UPGRADE_ROOT_NOT_COMPLETED |
Log ID Added |
|
22111 |
LOG_ID_PSU_ACTION_FPC_DOWN |
Log ID Added |
|
22112 |
LOG_ID_PSU_ACTION_FPC_UP |
Log ID Added |
|
22937 |
LOG_ID_EVENT_VWL_APP_PERF_METRICS |
Log ID Added |
|
22938 |
LOG_ID_EVENT_VWL_WAN_SPEEDTEST_RESULT |
Log ID Added |
|
32270 |
LOG_ID_SSH_HOST_KEY_REGEN |
Log ID Added |
|
35051 |
LOG_ID_PCP_MAPPING_CREATE |
Log ID Added |
|
35052 |
LOG_ID_PCP_MAPPING_DELETE |
Log ID Added |
|
35053 |
LOG_ID_PCP_MAPPING_RENEW |
Log ID Added |
|
40961 |
LOGID_EVENT_ICAP_REMOTE_SRV_STAT |
Log ID Added |
|
41011 |
LOG_ID_UPD_DB_UNSIGNED_INSTALLED |
Log ID Added |
|
42201 |
LOG_ID_NETX_VMX_ATTACH |
Log ID Removed |
|
42202 |
LOG_ID_NETX_VMX_DETACH |
Log ID Removed |
|
42203 |
LOG_ID_NETX_VMX_DENIED |
Log ID Removed |
|
46518 |
LOG_ID_INTERNAL_LTE_MODEM_SIM_SWITCH |
Log ID Added |
|
46519 |
LOG_ID_INTERNAL_LTE_MODEM_SIM_SWITCH_CONNECTION_STATE |
Log ID Added |
|
46520 |
LOG_ID_INTERNAL_LTE_MODEM_SIM_SWITCH_LINK_MONITOR |
Log ID Added |
|
46521 |
LOG_ID_INTERNAL_LTE_MODEM_SIM_FLIP |
Log ID Added |
|
53100 |
LOG_ID_VPN_OCVPN_REGISTERED |
Log ID Removed |
|
53101 |
LOG_ID_VPN_OCVPN_UNREGISTERED |
Log ID Removed |
|
53102 |
LOG_ID_VPN_OCVPN_COMM_ESTABLISHED |
Log ID Removed |
|
53103 |
LOG_ID_VPN_OCVPN_COMM_ERROR |
Log ID Removed |
|
53104 |
LOG_ID_VPN_OCVPN_DNS_ERROR |
Log ID Removed |
|
53105 |
LOG_ID_VPN_OCVPN_ROUTE_ERROR |
Log ID Removed |
|
53320 |
LOG_ID_FORTICONVERTER_RESULT_READY |
Log ID Added |
|
53321 |
LOG_ID_FORTICONVERTER_CONFIG_UPLOADED |
Log ID Added |
virus logs:
|
Log ID |
Message |
Change |
|---|---|---|
|
8232 |
MESGID_ICB_FSA_WARNING |
Log ID Removed |
|
8233 |
MESGID_ICB_FSA_NOTIF |
Log ID Removed |
|
8234 |
MESGID_MIME_ICB_FSA_WARNING |
Log ID Removed |
|
8235 |
MESGID_MIME_ICB_FSA_NOTIF |
Log ID Removed |
|
8236 |
MESGID_ICB_FSA_TIMEOUT_WARNING |
Log ID Removed |
|
8237 |
MESGID_ICB_FSA_TIMEOUT_NOTIF |
Log ID Removed |
|
8238 |
MESGID_MIME_ICB_FSA_TIMEOUT_WARNING |
Log ID Removed |
|
8239 |
MESGID_MIME_ICB_FSA_TIMEOUT_NOTIF |
Log ID Removed |
|
8240 |
MESGID_ICB_FSA_ERROR_WARNING |
Log ID Removed |
|
8241 |
MESGID_ICB_FSA_ERROR_NOTIF |
Log ID Removed |
|
8242 |
MESGID_MIME_ICB_FSA_ERROR_WARNING |
Log ID Removed |
|
8243 |
MESGID_MIME_ICB_FSA_ERROR_NOTIF |
Log ID Removed |