o. File Filter
- Svetlana Sheptiy
- Karein Directo (Unlicensed)
Records file filter events.
Sample Events
date=2019-03-28 time=10:39:12 logid="1800063001" type="utm" subtype="cifs" eventtype="cifsfilefilter" level="notice" vd="vdom1" eventtime=1553794751 msg="File was detected by file filter." direction="incoming" action="passthrough" service="CIFS" srcip=10.1.100.11 dstip=172.16.200.44 srcport=33370 dstport=445 srcintf="wan2" srcintfrole="wan" dstintf="wan1" dstintfrole="wan" policyid=1 proto=16 profile="cifs" filesize="81975" filename="virus\screen.png" filtername="2" filetype="png"
date=2019-03-28 time=10:33:55 logid="1800063000" type="utm" subtype="cifs" eventtype="cifsfilefilter" level="warning" vd="vdom1" eventtime=1553794434 msg="File was blocked by file filter." direction="incoming" action="blocked" service="CIFS" srcip=10.1.100.11 dstip=172.16.200.44 srcport=33352 dstport=445 srcintf="wan2" srcintfrole="wan" dstintf="wan1" dstintfrole="wan" policyid=1 proto=16 profile="cifs" filesize="28432" filename="filetypes\mpnotify.exe" filtername="3" filetype="exe"
Fields
Field | Description |
|---|---|
DATE | Event date, in the format YYYY-MM-DD |
TIME | Event time, in the format HH:MM:SS |
SYSTEM | The source system |
TABLE | FortiGateFileFilter |
CRITICALITY |
|
LOGID | Unique 10-digit identifier (log type, subtype/event type and message ID) for that specific log and includes information about the log entry |
TYPE | Represented by the first two digits of the log ID |
SUBTYPE | Represented by the first/second two digits of the log ID |
EVENTTYPE | Represented by the second two digits of the log ID |
DEVNAME |
|
DEVID | Serial number of the device for the traffic's origin |
LEVEL | Security level rating |
VD | Name of the virtual domain in which the log message was recorded |
EVENTTIME | Epoch time the log was triggered by FortiGate |
TZ |
|
POLICYID | Policy ID |
SESSIONID | Session ID |
SRCIP | Source IP |
SRCPORT | Source port |
SRCINTF | Source interface |
SRCINTFROLE |
|
DSTIP | Destination IP |
DSTPORT | Destination port |
DSTINTF | Destination interface |
DSTINTFROLE |
|
PROTO |
|
SERVICE |
|
SUBSERVICE |
|
PROFILE |
|
DIRECTION |
|
ACTION |
|
FILTERNAME |
|
FILENAME |
|
FILESIZE |
|
FILETYPE |
|
MSG | Message text |
SNAREDATAMAP | All other data in the event will be pushed to this field |
Notes
Log Message Reference Documentation: https://docs.fortinet.com/document/fortigate/6.4.2/fortios-log-message-reference