Fortinet white logo
Fortinet white logo

FortiOS Log Message Reference

13648 - LOG_ID_WEB_WF_ANTIPHISH_MATCH_URL_ALLOW

13648 - LOG_ID_WEB_WF_ANTIPHISH_MATCH_URL_ALLOW

Message ID: 13648

Message Description: LOG_ID_WEB_WF_ANTIPHISH_MATCH_URL_ALLOW

Message Meaning: Antiphishing matched a URL filter rule without blocking the request.

Type: Webfilter

Category: antiphishing

Severity: Warning

Log Field Name

Description

Data Type

Length

vrf

Virtual router forwarding

uint16

3

vd

Virtual domain name

string

32

user

User name

string

256

url

The URL address

string

512

unauthusersource

Unauthenticated user source

string

66

unauthuser

Unauthenticated user

string

66

tz

Time Zone

string

5

type

Log type

string

16

trueclntip

True-Client-IP HTTP header

ip

39

transid

Transaction ID

uint32

10

time

Time

string

8

subtype

Log subtype

string

20

srcuuid

string

37

srcport

Source Port

uint16

5

srcname

string

64

srcmac

string

17

srcip

Source IP

ip

39

srcintfrole

Source Interface's assigned role (LAN, WAN, etc.)

string

10

srcintf

Source Interface

string

32

srcdomain

string

255

srccountry

string

64

sessionid

Session ID

uint32

10

service

Service name

string

36

sentbyte

Sent Bytes

uint64

20

reqtype

Request type

string

8

referralurl

Referrer URI

string

512

rcvdbyte

Received Bytes

uint64

20

rawdata

Extended logging data including HTTP method, URL, client content type, server content type, user agent, referer, x-forwarded-for

string

20480

ratemethod

string

6

proto

Protocol number

uint8

3

profile

Web Filter profile name

string

64

poluuid

string

37

policytype

string

24

policymode

string

8

policyid

Policy ID

uint32

10

msg

Log message

string

512

logid

Log ID

string

10

level

Log Level

string

11

initiator

The initiator user for override

string

64

httpmethod

string

20

hostname

The host name of a URL

string

256

group

User group name

string

512

forwardedfor

X-Forwarded-For HTTP header

string

128

fctuid

FortiClient UID

string

32

eventtype

Web Filter event type

string

32

eventtime

Web Filter event time

uint64

20

dstuuid

string

37

dstuser

string

256

dstport

Destination Port

uint16

5

dstip

Destination IP

ip

39

dstintfrole

Destination Interface's assigned role (LAN, WAN, etc.)

string

10

dstintf

Destination Interface

string

32

dstcountry

string

64

dstauthserver

string

64

direction

Direction of the web traffic

string

8

devid

Device ID

string

16

date

Date

string

10

crscore

Client Reputation Score

uint32

10

crlevel

Client Reputation level

string

10

craction

Client Reputation Action

uint32

10

catdesc

Web category description

string

64

cat

Web category ID

uint8

3

authserver

Authentication server for the user

string

64

antiphishrule

string

64

antiphishdc

string

64

agent

User agent - eg. agent="Mozilla/5.0"

string

1024

action

Security action performed by WF: blocked - url is blocked by webfilter passthrough - url is allowed by webfilter

string

11

13648 - LOG_ID_WEB_WF_ANTIPHISH_MATCH_URL_ALLOW

13648 - LOG_ID_WEB_WF_ANTIPHISH_MATCH_URL_ALLOW

Message ID: 13648

Message Description: LOG_ID_WEB_WF_ANTIPHISH_MATCH_URL_ALLOW

Message Meaning: Antiphishing matched a URL filter rule without blocking the request.

Type: Webfilter

Category: antiphishing

Severity: Warning

Log Field Name

Description

Data Type

Length

vrf

Virtual router forwarding

uint16

3

vd

Virtual domain name

string

32

user

User name

string

256

url

The URL address

string

512

unauthusersource

Unauthenticated user source

string

66

unauthuser

Unauthenticated user

string

66

tz

Time Zone

string

5

type

Log type

string

16

trueclntip

True-Client-IP HTTP header

ip

39

transid

Transaction ID

uint32

10

time

Time

string

8

subtype

Log subtype

string

20

srcuuid

string

37

srcport

Source Port

uint16

5

srcname

string

64

srcmac

string

17

srcip

Source IP

ip

39

srcintfrole

Source Interface's assigned role (LAN, WAN, etc.)

string

10

srcintf

Source Interface

string

32

srcdomain

string

255

srccountry

string

64

sessionid

Session ID

uint32

10

service

Service name

string

36

sentbyte

Sent Bytes

uint64

20

reqtype

Request type

string

8

referralurl

Referrer URI

string

512

rcvdbyte

Received Bytes

uint64

20

rawdata

Extended logging data including HTTP method, URL, client content type, server content type, user agent, referer, x-forwarded-for

string

20480

ratemethod

string

6

proto

Protocol number

uint8

3

profile

Web Filter profile name

string

64

poluuid

string

37

policytype

string

24

policymode

string

8

policyid

Policy ID

uint32

10

msg

Log message

string

512

logid

Log ID

string

10

level

Log Level

string

11

initiator

The initiator user for override

string

64

httpmethod

string

20

hostname

The host name of a URL

string

256

group

User group name

string

512

forwardedfor

X-Forwarded-For HTTP header

string

128

fctuid

FortiClient UID

string

32

eventtype

Web Filter event type

string

32

eventtime

Web Filter event time

uint64

20

dstuuid

string

37

dstuser

string

256

dstport

Destination Port

uint16

5

dstip

Destination IP

ip

39

dstintfrole

Destination Interface's assigned role (LAN, WAN, etc.)

string

10

dstintf

Destination Interface

string

32

dstcountry

string

64

dstauthserver

string

64

direction

Direction of the web traffic

string

8

devid

Device ID

string

16

date

Date

string

10

crscore

Client Reputation Score

uint32

10

crlevel

Client Reputation level

string

10

craction

Client Reputation Action

uint32

10

catdesc

Web category description

string

64

cat

Web category ID

uint8

3

authserver

Authentication server for the user

string

64

antiphishrule

string

64

antiphishdc

string

64

agent

User agent - eg. agent="Mozilla/5.0"

string

1024

action

Security action performed by WF: blocked - url is blocked by webfilter passthrough - url is allowed by webfilter

string

11