Fortinet black logo

FortiOS Log Message Reference

Home FortiGate / FortiOS 6.0.3 FortiOS Log Message Reference
6.0.3
7.4.3
7.4.2
7.4.1
7.4.0
7.2.8
7.2.7
7.2.6
7.2.5
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0
7.0.15
7.0.14
7.0.13
7.0.12
7.0.11
7.0.10
7.0.9
7.0.8
7.0.7
7.0.6
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0
6.4.15
6.4.14
6.4.13
6.4.12
6.4.11
6.4.10
6.4.9
6.4.8
6.4.7
6.4.6
6.4.5
6.4.4
6.4.3
6.4.2
6.4.1
6.4.0
6.2.16
6.2.15
6.2.14
6.2.13
6.2.12
6.2.11
6.2.10
6.2.9
6.2.8
6.2.7
6.2.6
6.2.5
6.2.4
6.2.3
6.2.2
6.2.1
6.2.0
6.0.18
6.0.17
6.0.16
6.0.15
6.0.14
6.0.13
6.0.12
6.0.11
6.0.10
6.0.9
6.0.8
6.0.7
6.0.6
6.0.5
6.0.4
6.0.3
6.0.2
6.0.1
6.0.0
5.6.14
5.6.13
5.6.12
5.6.11
5.6.10
5.6.9
5.6.8
5.6.7
5.6.6
5.6.5
5.6.4
5.6.3
5.6.2
5.6.1
5.6.0
5.4.13
5.4.12
5.4.11
5.4.9
5.4.8
5.4.7
5.4.6
5.4.5
5.4.4
5.4.3
5.4.2
5.4.1
5.4.0
5.2.15
5.2.14
5.2.13
5.2.12
5.2.11
5.2.10
5.2.8
5.2.7
5.2.6
5.2.5
5.2.4
5.2.3
5.2.2
5.2.1

Email Spamfilter log support for CEF

Email Spamfilter log support for CEF

Following is an example of an email spamfilter log on the FortiGate disk:

date=2016-02-12 time=14:01:12 logid=0509020482 type=utm subtype=emailfilter eventtype=pop3 level=notice vd="vdom1" sessionid=64465 user="" srcip=192.168.1.183 srcport=33244 srcintf="port15" dstip=192.168.70.184 dstport=110 dstintf="port19" proto=6 service=POP3 profile="default" action=tagged from="jj@fortinet.com" to="mm@fortinet.com" recipient="testpc3" sentbyte=27 rcvdbyte=1592 direction=incoming msg="email is reported as spam by ASE" subject="[SMTP]: MyTest" attachment=no

Following is an example of an email spamfilter log sent in CEF format to a syslog server:

Feb 12 14:01:12 syslog-800c CEF:0|Fortinet|Fortigate|v5.6.0|20482|utm:emailfilter pop3 tagged|3|FTNTFGTlogid=0509020482 cat=utm:emailfilter FTNTFGTsubtype=emailfilter FTNTFGTeventtype=pop3 FTNTFGTlevel=notice FTNTFGTvd=vdom1 externalId=64465 duser= src=192.168.1.183 spt=33244 deviceInboundInterface=port15 dst=192.168.70.184 dpt=110 deviceOutboundInterface=port19 proto=6 app=POP3 FTNTFGTprofile=default act=tagged suser=jj@fortinet.com duser=mm@fortinet.com FTNTFGTrecipient=testpc3 out=27 in=1592 deviceDirection=0 msg=email is reported as spam by ASE FTNTFGTsubject=[SMTP]: MyTest FTNTFGTattachment=no

The following table maps FortiOS log field names to CEF field names.

FortiOS Log Field Name

CEF Field Name

from

suser

to

duser

Previous
Next

Email Spamfilter log support for CEF

Following is an example of an email spamfilter log on the FortiGate disk:

date=2016-02-12 time=14:01:12 logid=0509020482 type=utm subtype=emailfilter eventtype=pop3 level=notice vd="vdom1" sessionid=64465 user="" srcip=192.168.1.183 srcport=33244 srcintf="port15" dstip=192.168.70.184 dstport=110 dstintf="port19" proto=6 service=POP3 profile="default" action=tagged from="jj@fortinet.com" to="mm@fortinet.com" recipient="testpc3" sentbyte=27 rcvdbyte=1592 direction=incoming msg="email is reported as spam by ASE" subject="[SMTP]: MyTest" attachment=no

Following is an example of an email spamfilter log sent in CEF format to a syslog server:

Feb 12 14:01:12 syslog-800c CEF:0|Fortinet|Fortigate|v5.6.0|20482|utm:emailfilter pop3 tagged|3|FTNTFGTlogid=0509020482 cat=utm:emailfilter FTNTFGTsubtype=emailfilter FTNTFGTeventtype=pop3 FTNTFGTlevel=notice FTNTFGTvd=vdom1 externalId=64465 duser= src=192.168.1.183 spt=33244 deviceInboundInterface=port15 dst=192.168.70.184 dpt=110 deviceOutboundInterface=port19 proto=6 app=POP3 FTNTFGTprofile=default act=tagged suser=jj@fortinet.com duser=mm@fortinet.com FTNTFGTrecipient=testpc3 out=27 in=1592 deviceDirection=0 msg=email is reported as spam by ASE FTNTFGTsubject=[SMTP]: MyTest FTNTFGTattachment=no

The following table maps FortiOS log field names to CEF field names.

FortiOS Log Field Name

CEF Field Name

from

suser

to

duser

Previous
Next