Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • FortiOS Log Message Reference

    Home FortiGate / FortiOS 7.6.1 FortiOS Log Message Reference
    7.6.1
    7.6.1
    7.6.0
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.16
    7.0.15
    7.0.14
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.15
    6.4.14
    6.4.13
    6.4.12
    6.4.11
    6.4.10
    6.4.9
    6.4.8
    6.4.7
    6.4.6
    6.4.5
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.2.16
    6.2.15
    6.2.14
    6.2.13
    6.2.12
    6.2.11
    6.2.10
    6.2.9
    6.2.8
    6.2.7
    6.2.6
    6.2.5
    6.2.4
    6.2.3
    6.2.2
    6.2.1
    6.2.0
    6.0.18
    6.0.17
    6.0.16
    6.0.15
    6.0.14
    6.0.13
    6.0.12
    6.0.11
    6.0.10
    6.0.9
    6.0.8
    6.0.7
    6.0.6
    6.0.5
    6.0.4
    6.0.3
    6.0.2
    6.0.1
    6.0.0
    5.6.14
    5.6.13
    5.6.12
    5.6.11
    5.6.10
    5.6.9
    5.6.8
    5.6.7
    5.6.6
    5.6.5
    5.6.4
    5.6.3
    5.6.2
    5.6.1
    5.6.0
    5.4.13
    5.4.12
    5.4.11
    5.4.9
    5.4.8
    5.4.7
    5.4.6
    5.4.5
    5.4.4
    5.4.3
    5.4.2
    5.4.1
    5.4.0
    5.2.15
    5.2.14
    5.2.13
    5.2.12
    5.2.11
    5.2.10
    5.2.8
    5.2.7
    5.2.6
    5.2.5
    5.2.4
    5.2.3
    5.2.2
    5.2.1

    9238 - MESGID_ANALYTICS_FSA_RESULT

    9238 - MESGID_ANALYTICS_FSA_RESULT

    Message ID: 9238

    Message Description: MESGID_ANALYTICS_FSA_RESULT

    Message Meaning: File verdict returned from FortiSandbox

    Type: Virus

    Category: analytics

    Severity: Notice

    Log Field Name

    Description

    Data Type

    Length

    fsaverdict

    FortiSandbox Verdict returned to FortiGate after analysis (clean, low risk, med risk, high risk, malicious)

    string

    32

    vd

    VDOM name

    string

    32

    unauthusersource

    string

    66

    unauthuser

    string

    66

    tz

    Time Zone

    string

    5

    type

    Log type

    string

    16

    time

    Time

    string

    8

    subtype

    Subtype of the virus log

    string

    20

    srcport

    Source Port

    uint16

    5

    srcip

    Source IP Address

    ip

    39

    srcdomain

    string

    255

    service

    Proxy service which scanned this traffic

    string

    5

    logid

    Log ID

    string

    10

    level

    Log level

    string

    11

    filename

    File name

    string

    256

    fctuid

    Forticlient user ID

    string

    32

    eventtype

    Event type of AV

    string

    32

    eventtime

    Time when detection occured

    uint64

    20

    dtype

    Data type for virus category

    string

    32

    dstport

    Destination Port

    uint16

    5

    dstip

    Destination IP Address

    ip

    39

    devid

    string

    16

    date

    Date

    string

    10

    analyticscksum

    The checksum of the file submitted for analytics

    string

    64

    action

    The status of the session: blocked - Blocked infected file by AV engine passthrough - Allowed by AV engine monitored - Log, but do NOT block infected file analytics - Submitted to Sandbox for analysis

    string

    18
    Previous
    Next

    9238 - MESGID_ANALYTICS_FSA_RESULT

    9238 - MESGID_ANALYTICS_FSA_RESULT

    Message ID: 9238

    Message Description: MESGID_ANALYTICS_FSA_RESULT

    Message Meaning: File verdict returned from FortiSandbox

    Type: Virus

    Category: analytics

    Severity: Notice

    Log Field Name

    Description

    Data Type

    Length

    fsaverdict

    FortiSandbox Verdict returned to FortiGate after analysis (clean, low risk, med risk, high risk, malicious)

    string

    32

    vd

    VDOM name

    string

    32

    unauthusersource

    string

    66

    unauthuser

    string

    66

    tz

    Time Zone

    string

    5

    type

    Log type

    string

    16

    time

    Time

    string

    8

    subtype

    Subtype of the virus log

    string

    20

    srcport

    Source Port

    uint16

    5

    srcip

    Source IP Address

    ip

    39

    srcdomain

    string

    255

    service

    Proxy service which scanned this traffic

    string

    5

    logid

    Log ID

    string

    10

    level

    Log level

    string

    11

    filename

    File name

    string

    256

    fctuid

    Forticlient user ID

    string

    32

    eventtype

    Event type of AV

    string

    32

    eventtime

    Time when detection occured

    uint64

    20

    dtype

    Data type for virus category

    string

    32

    dstport

    Destination Port

    uint16

    5

    dstip

    Destination IP Address

    ip

    39

    devid

    string

    16

    date

    Date

    string

    10

    analyticscksum

    The checksum of the file submitted for analytics

    string

    64

    action

    The status of the session: blocked - Blocked infected file by AV engine passthrough - Allowed by AV engine monitored - Log, but do NOT block infected file analytics - Submitted to Sandbox for analysis

    string

    18
    Previous
    Next