f. WAD
- Svetlana Sheptiy
- Karein Directo (Unlicensed)
Sample Events
date=2019-05-14 time=09:37:46 logid="0105048039" type="event" subtype="wad" level="error" vd="root" eventtime=1557851867382676560 logdesc="SSL fatal alert sent" session_id=0 policyid=0 srcip=0.0.0.0 srcport=0 dstip=208.91.113.83 dstport=636 action="send" alert="2" desc="certificate unknown" msg="SSL Alert sent"
date=2019-05-10 time=15:48:31 logid="0105048038" type="event" subtype="wad" level="error" vd="root" eventtime=1557528511221374615 logdesc="SSL Fatal Alert received" session_id=5f88ddd1 policyid=0 srcip=172.18.70.15 srcport=59880 dstip=91.189.89.223 dstport=443 action="receive" alert="2" desc="unknown ca" msg="SSL Alert received"
Fields
Field | Description |
|---|---|
DATE | Event date, in the format YYYY-MM-DD |
TIME | Event time, in the format HH:MM:SS |
SYSTEM | The source system |
TABLE | FortiGateWAD |
CRITICALITY |
|
LOGID | Unique 10-digit identifier (log type, subtype/event type and message ID) for that specific log and includes information about the log entry |
TYPE | Represented by the first two digits of the log ID |
SUBTYPE | Represented by the first/second two digits of the log ID |
EVENTTYPE | Represented by the second two digits of the log ID |
DEVNAME |
|
DEVID | Serial number of the device for the traffic's origin |
LEVEL | Security level rating |
VD | Name of the virtual domain in which the log message was recorded |
EVENTTIME | Epoch time the log was triggered by FortiGate |
LOGDESC | Log description |
SESSION_ID | Session ID |
POLICYID | Policy ID |
SRCIP | Source IP |
SRCPORT | Source port |
DSTIP | Destination IP |
DSTPORT | Destination port |
ACTION | Action |
ALERT | Alert |
DESC | Description |
MSG | Message text |
SNAREDATAMAP | All other data in the event will be pushed to this field |
Notes
Log Message Reference Documentation: https://docs.fortinet.com/document/fortigate/6.4.2/fortios-log-message-reference