Log fields by type
securityevent
Log Field Name |
Description |
Data Type |
Length |
---|---|---|---|
action |
block or monitor |
string |
32 |
file |
file location |
string |
256 |
virus |
virus name |
string |
512 |
sigid |
signature id |
string |
260 |
from |
email from |
string |
128 |
to |
email to |
string |
512 |
service |
network protocol |
string |
64 |
vpn |
vpn tunnel name |
string |
32 |
filesize |
file size |
int |
20 |
checksum |
file crc32 checksum |
int |
20 |
detectedby |
the security feature that detected virus |
enumeration string |
64 |
detectedin |
where the virus is detected |
enumeration string |
64 |
viruscat |
virus category |
string |
260 |
vulnid |
id of the vulnerability |
int |
20 |
vulnname |
name of the vulnerability |
string |
128 |
vulnseverity |
severity level |
string |
8 |
vulncat |
category |
string |
32 |
vulncvss |
cvss score |
string |
64 |
vulnref |
reference of the vulnerability |
string |
256 |
vulnengine |
engine version |
string |
64 |
vulnsignature |
signature version |
string |
260 |
vulnproducts |
name of the vulnerable product |
string |
2048 |
date |
date |
string |
260 |
time |
time |
string |
260 |
logver |
log protocol version |
int |
20 |
id |
log id |
int |
20 |
type |
Traffic, Security Event or System Event |
string |
16 |
subtype |
AntiVirus, FireWall, WebFilter ... |
enumeration string |
32 |
eventtype |
type of event |
enumeration string |
32 |
level |
log level |
enumeration string |
20 |
uid |
FortiClient unique ID |
string |
32 |
devid |
device ID |
string |
16 |
hostname |
host name of local machine |
string |
256 |
pcdomain |
domain name of local machine |
string |
128 |
deviceip |
device IP address |
string |
20 |
devicemac |
device MAC address |
string |
17 |
vd |
vdom |
string |
512 |
fctver |
FCT version |
string |
16 |
fgtserial |
FGT serial number |
string |
16 |
emsserial |
EMS serial number |
string |
16 |
usingpolicy |
current policy name |
string |
64 |
os |
operating system |
string |
96 |
user |
current logged on user |
string |
256 |
msg |
description of this log |
string |
512 |
systemevent
Log Field Name |
Description |
Data Type |
Length |
---|---|---|---|
eponlinest |
online status |
enumeration string |
32 |
epplace |
EP place |
enumeration string |
32 |
emshostname |
EMS host name |
string |
64 |
status |
status description |
string |
16 |
emsip |
EMS IP |
string |
20 |
fctip |
FCT IP |
string |
20 |
epmgmtst |
management status |
enumeration string |
64 |
epquarmsg |
quarant message |
string |
260 |
epfeatures |
installed features list |
string |
128 |
epenfeatures |
enabled features list |
string |
128 |
ephbemsduration |
EMS heart beat duration |
int |
20 |
ephbemslast |
EMS heart beat last time |
string |
64 |
social_email |
social email |
string |
128 |
social_phone |
social phone number |
string |
64 |
social_srvc |
social service |
string |
64 |
social_user |
social user name |
string |
256 |
date |
date |
string |
260 |
time |
time |
string |
260 |
logver |
log protocol version |
int |
20 |
id |
log id |
int |
20 |
type |
Traffic, Security Event or System Event |
string |
16 |
subtype |
AntiVirus, FireWall, WebFilter ... |
enumeration string |
32 |
eventtype |
type of event |
enumeration string |
32 |
level |
log level |
enumeration string |
20 |
uid |
FortiClient unique ID |
string |
32 |
devid |
device ID |
string |
16 |
hostname |
host name of local machine |
string |
256 |
pcdomain |
domain name of local machine |
string |
128 |
deviceip |
device IP address |
string |
20 |
devicemac |
device MAC address |
string |
17 |
vd |
vdom |
string |
512 |
fctver |
FCT version |
string |
16 |
fgtserial |
FGT serial number |
string |
16 |
emsserial |
EMS serial number |
string |
16 |
usingpolicy |
current policy name |
string |
64 |
os |
operating system |
string |
96 |
user |
current logged on user |
string |
256 |
msg |
description of this log |
string |
512 |