Message ID: 28737
Message Description: LOGID_APP_CTRL_PROTO_ENF
Message Meaning: Application control protocol enforcement
Type: APP-CTRL
Category: protocol-violation
Severity: Warning
|
Log Field Name |
Description |
Data Type |
Length |
|---|---|---|---|
|
vrf |
Virtual Routing Forwarding |
uint16 |
3 |
|
vd |
Virtual domain name |
string |
32 |
|
user |
User name |
string |
256 |
|
url |
The URL address |
string |
512 |
|
unauthusersource |
Unauthenticated user source |
string |
66 |
|
unauthuser |
Unauthenticated user |
string |
66 |
|
tz |
|
string |
5 |
|
type |
Log type |
string |
16 |
|
trueclntip |
True-Client-IP |
ip |
39 |
|
transid |
|
uint32 |
10 |
|
time |
Time |
string |
8 |
|
subtype |
Log subtype |
string |
20 |
|
srcport |
Source Port |
uint16 |
5 |
|
srcip |
Source IP |
ip |
39 |
|
srcintfrole |
Source Interface's assigned role (LAN, WAN, etc.) |
string |
10 |
|
srcintf |
Source Interface |
string |
64 |
|
srcdomain |
|
string |
255 |
|
srccountry |
|
string |
64 |
|
sessionid |
Session ID |
uint32 |
10 |
|
service |
Service name |
string |
80 |
|
scertissuer |
server certificate issuer |
string |
64 |
|
scertcname |
server certificate name |
string |
64 |
|
referralurl |
|
string |
512 |
|
rawdataid |
|
string |
10 |
|
rawdata |
Extended logging data including HTTP method, URL, client content type, server content type, user agent, referer, x-forwarded-for |
string |
20480 |
|
psrcport |
|
uint16 |
5 |
|
proto |
Protocol number |
uint8 |
3 |
|
profiletype |
Profile Type |
string |
36 |
|
profile |
|
string |
36 |
|
poluuid |
|
string |
37 |
|
policytype |
|
string |
24 |
|
policymode |
|
string |
8 |
|
policyid |
Policy ID |
uint32 |
10 |
|
pdstport |
|
uint16 |
5 |
|
parameters |
|
string |
512 |
|
msg |
Log message |
string |
512 |
|
messageid |
|
string |
256 |
|
logid |
Log ID |
string |
10 |
|
level |
Log level |
string |
11 |
|
incidentserialno |
Incident serial number |
uint32 |
10 |
|
icmptype |
|
string |
6 |
|
icmpid |
|
string |
8 |
|
icmpcode |
|
string |
6 |
|
httpmethod |
|
string |
20 |
|
hostname |
The host name of a URL |
string |
256 |
|
group |
User group name |
string |
512 |
|
forwardedfor |
Forwarded For |
string |
128 |
|
filesize |
File size in bytes |
uint64 |
10 |
|
filename |
File name |
string |
256 |
|
fctuid |
FortiClient User ID |
string |
32 |
|
eventtype |
App Control Event Type |
string |
32 |
|
eventtime |
Event Time |
uint64 |
20 |
|
dstuser |
|
string |
256 |
|
dstport |
Destination Port |
uint16 |
5 |
|
dstip |
Destination IP |
ip |
39 |
|
dstintfrole |
Destination Interface's assigned role (LAN, WAN, etc.) |
string |
10 |
|
dstintf |
Destination Interface |
string |
64 |
|
dstcountry |
|
string |
64 |
|
dstauthserver |
|
string |
64 |
|
direction |
Direction of the packets |
string |
8 |
|
devid |
Deivce ID |
string |
16 |
|
date |
Date |
string |
10 |
|
crscore |
Client Reputation Score |
uint32 |
10 |
|
crlevel |
Client Reputation Level |
string |
10 |
|
craction |
Client Reputation Action |
uint32 |
10 |
|
clouduser |
User login ID detected by the Deep Application Control feature |
string |
256 |
|
clouddevice |
|
string |
256 |
|
cloudaction |
Action performed by cloud application |
string |
32 |
|
ccertissuer |
|
string |
64 |
|
authserver |
Authentication server for the user |
string |
64 |
|
apprisk |
Application risk level |
string |
16 |
|
applist |
Application Control profile name |
string |
64 |
|
appid |
Application ID |
uint32 |
10 |
|
appcat |
Application category name |
string |
64 |
|
app |
Application name |
string |
96 |
|
agent |
|
string |
1024 |
|
action |
The status of the session: pass - Application is allowed block - Application is blocked (silent) reject - Quarantine reset - Application is blocked and Reset was sent Sometimes, there is a block page for blocking |
string |
16 |