Sample Events
date=2020-03-29 time=16:41:30 logid="0113022923" type="event" subtype="sdwan" level="notice" vd="root" eventtime=1585525290513555981 tz="-0700" logdesc="Virtual WAN Link status" eventtype="Health Check" healthcheck="ping1" slatargetid=1 oldvalue="1" newvalue="2" msg="Number of pass member changed."
date=2020-03-29 time=16:51:27 logid="0113022925" type="event" subtype="sdwan" level="notice" vd="root" eventtime=1585525888177637570 tz="-0700" logdesc="Virtual WAN Link SLA information" eventtype="SLA" healthcheck="ping1" slatargetid=1 interface="R150" status="up" latency="0.013" jitter="0.001" packetloss="100.000%" inbandwidth="0kbps" outbandwidth="0kbps" bibandwidth="0kbps" slamap="0x0" metric="packetloss" msg="Health Check SLA status. SLA failed due to being over the performance metric threshold."
Fields
Field | Description |
|---|---|
DATE | Event date, in the format YYYY-MM-DD |
TIME | Event time, in the format HH:MM:SS |
SYSTEM | The source system |
TABLE | FortiGateSDWAN |
CRITICALITY | |
LOGID | Unique 10-digit identifier (log type, subtype/event type and message ID) for that specific log and includes information about the log entry |
TYPE | Represented by the first two digits of the log ID |
SUBTYPE | Represented by the first/second two digits of the log ID |
EVENTTYPE | Represented by the second two digits of the log ID |
DEVNAME | |
DEVID | Serial number of the device for the traffic's origin |
LEVEL | Security level rating |
VD | Name of the virtual domain in which the log message was recorded |
EVENTTIME | Epoch time the log was triggered by FortiGate |
TZ | |
LOGDESC | Log description |
HEALTHCHECK | |
SLATARGETID | |
INTERFACE | |
OLDVALUE | |
NEWVALUE | |
STATUS | |
LATENCY | |
JITTER | |
PACKETLOSS | |
INBANDWIDTH | |
OUTBANDWIDTH | |
BIBANDWIDTH | |
SLAMAP | |
METRIC | |
MSG | Message text |
SNAREDATAMAP | All other data in the event will be pushed to this field |
Notes
Log Message Reference Documentation: https://docs.fortinet.com/document/fortigate/6.4.2/fortios-log-message-reference