Fortinet white logo
Fortinet white logo

FortiOS Log Message Reference

8720 - MESGID_SWITCH_PROTO_WARNING

8720 - MESGID_SWITCH_PROTO_WARNING

Message ID: 8720

Message Description: MESGID_SWITCH_PROTO_WARNING

Message Meaning: Switching protocols request (warning)

Type: Virus

Category: switchproto

Severity: Warning

Log Field Name

Description

Data Type

Length

vrf

uint16

3

vd

VDOM name

string

32

user

Username (authentication)

string

256

url

The URL address

string

512

unauthusersource

string

66

unauthuser

string

66

tz

Time Zone

string

5

type

Log type

string

16

transid

uint32

10

to

Email address(es) from the Email Headers (IMAP/POP3/SMTP)

string

512

time

Time

string

8

switchproto

string

128

subtype

Subtype of the virus log

string

20

subservice

string

16

srcuuid

string

37

srcport

Source Port

uint16

5

srcname

string

64

srcmac

string

17

srcip

Source IP Address

ip

39

srcintfrole

Source Interface's assigned role (LAN, WAN, etc.)

string

10

srcintf

Source Interface

string

32

srcdomain

string

255

srccountry

string

64

sessionid

Session ID

uint32

10

service

Proxy service which scanned this traffic

string

5

referralurl

string

512

psrcport

uint16

5

proto

Protocol number

uint8

3

profile

The name of the profile that was used to detect and take action

string

64

poluuid

string

37

policytype

string

24

policyid

Policy ID

uint32

10

pdstport

uint16

5

msg

Log message

string

4096

logid

Log ID

string

10

level

Log level

string

11

httpmethod

string

20

group

Group name (authentication)

string

512

from

Email address from the Email Headers (IMAP/POP3/SMTP)

string

128

fctuid

Forticlient user ID

string

32

eventtype

Event type of AV

string

32

eventtime

Time when detection occured

uint64

20

dstuuid

string

37

dstuser

string

256

dstport

Destination Port

uint16

5

dstip

Destination IP Address

ip

39

dstintfrole

Destination Interface's assigned role (LAN, WAN, etc.)

string

10

dstintf

Destination Interface

string

32

dstcountry

string

64

dstauthserver

string

64

direction

Message/packets direction

string

8

devid

string

16

date

Date

string

10

crscore

Threat Weight Score

uint32

10

crlevel

Threat Weight Level

string

10

craction

Threat Weight action

uint32

10

authserver

Server used to authenticate the involved user

string

64

agent

User agent - eg. agent="Mozilla/5.0"

string

1024

action

The status of the session: blocked - Blocked infected file by AV engine passthrough - Allowed by AV engine monitored - Log, but do NOT block infected file analytics - Submitted to Sandbox for analysis

string

18

8720 - MESGID_SWITCH_PROTO_WARNING

8720 - MESGID_SWITCH_PROTO_WARNING

Message ID: 8720

Message Description: MESGID_SWITCH_PROTO_WARNING

Message Meaning: Switching protocols request (warning)

Type: Virus

Category: switchproto

Severity: Warning

Log Field Name

Description

Data Type

Length

vrf

uint16

3

vd

VDOM name

string

32

user

Username (authentication)

string

256

url

The URL address

string

512

unauthusersource

string

66

unauthuser

string

66

tz

Time Zone

string

5

type

Log type

string

16

transid

uint32

10

to

Email address(es) from the Email Headers (IMAP/POP3/SMTP)

string

512

time

Time

string

8

switchproto

string

128

subtype

Subtype of the virus log

string

20

subservice

string

16

srcuuid

string

37

srcport

Source Port

uint16

5

srcname

string

64

srcmac

string

17

srcip

Source IP Address

ip

39

srcintfrole

Source Interface's assigned role (LAN, WAN, etc.)

string

10

srcintf

Source Interface

string

32

srcdomain

string

255

srccountry

string

64

sessionid

Session ID

uint32

10

service

Proxy service which scanned this traffic

string

5

referralurl

string

512

psrcport

uint16

5

proto

Protocol number

uint8

3

profile

The name of the profile that was used to detect and take action

string

64

poluuid

string

37

policytype

string

24

policyid

Policy ID

uint32

10

pdstport

uint16

5

msg

Log message

string

4096

logid

Log ID

string

10

level

Log level

string

11

httpmethod

string

20

group

Group name (authentication)

string

512

from

Email address from the Email Headers (IMAP/POP3/SMTP)

string

128

fctuid

Forticlient user ID

string

32

eventtype

Event type of AV

string

32

eventtime

Time when detection occured

uint64

20

dstuuid

string

37

dstuser

string

256

dstport

Destination Port

uint16

5

dstip

Destination IP Address

ip

39

dstintfrole

Destination Interface's assigned role (LAN, WAN, etc.)

string

10

dstintf

Destination Interface

string

32

dstcountry

string

64

dstauthserver

string

64

direction

Message/packets direction

string

8

devid

string

16

date

Date

string

10

crscore

Threat Weight Score

uint32

10

crlevel

Threat Weight Level

string

10

craction

Threat Weight action

uint32

10

authserver

Server used to authenticate the involved user

string

64

agent

User agent - eg. agent="Mozilla/5.0"

string

1024

action

The status of the session: blocked - Blocked infected file by AV engine passthrough - Allowed by AV engine monitored - Log, but do NOT block infected file analytics - Submitted to Sandbox for analysis

string

18