Skip to main content
Skip table of contents

Syslog Fortinet FortiGate - V 2.0 : UTM : Web-Filter

Vendor Documentation

Classification

Rule Name

Rule Type

Common Event

Classification

V 2.0 : UTM : Web-Filter

Base Rule

General Web Filter Message

Information

V 2.0 : Webfilter Url Filter Block

Sub Rule

Web Activity Blocked

Failed Activity

V 2.0 : Webfilter Url Filter Exempt

Sub Rule

URL Exempted

Activity

V 2.0 : Webfilter Url Filter Allow

Sub Rule

General WebFilter URLFilter

Information

V 2.0 : Webfilter Url Filter Srv Cert Err Blk

Sub Rule

Session Information

Information

V 2.0 : Webfilter Url Filter Srv Cert Err Pass

Sub Rule

Session Information

Information

V 2.0 : Webfilter Web Ftgd Warning

Sub Rule

Rating Error

Error

V 2.0 : Webfilter Web Ftgd Cat Blk

Sub Rule

Blocked Message

Failed Activity

V 2.0 : Webfilter Web Ftgd Cat Warn

Sub Rule

General Warning

Warning

V 2.0 : Webfilter Web Ftgd Cat Allow

Sub Rule

URL Information

Information

V 2.0 : Webfilter Web Url

Sub Rule

URL Information

Information

V 2.0 : Webfilter Web Scriptfilter ActiveX

Sub Rule

ActiveX Script Removed

Information

V 2.0 : Web Content Banned Word Found

Sub Rule

Banned Word Notice

Information

V 2.0 : Web Content MMS Banned Word Found

Sub Rule

Blocked Message Banned Attachment

Failed Activity

V 2.0 : Web Content Exempt Word Found

Sub Rule

Web Content MMS Exempt Word

Activity

V 2.0 : Web Content MMS Exempt Word Found

Sub Rule

Web Content MMS Exempt Word

Activity

V 2.0 : Message Contain A KeyWord In Profile List

Sub Rule

General WEB Information

Information

V 2.0 : Search Phrase Detected

Sub Rule

Search

Information

V 2.0 : Web Content MMS Banned Word

Sub Rule

Banned Word Notice

Information

V 2.0 : Request Contained An Invalid Domain Name

Sub Rule

Invalid Domain Name

Information

V 2.0 : HTTP Cert Request Contain Invalid Domain

Sub Rule

Invalid Domain Name

Information

V 2.0 : HTTP Certi Req Contained An Invalid Name

Sub Rule

Invalid Name

Warning

V 2.0 : HTTP Certi Req Contained An Invalid Name

Sub Rule

Invalid Name

Warning

V 2.0 : Insufficient Resources

Sub Rule

Insufficient Resources

Critical

V 2.0 : Getting The Host Name Failed

Sub Rule

Hostname Not Found

Warning

V 2.0 : Server Certificate Validation Failed

Sub Rule

Certificate Verification Failure

Error

V 2.0 : SSL Session Blocked

Sub Rule

Session Invalidated

Warning

V 2.0 : Service Not Active

Sub Rule

FortiGuard Service Not Enabled

Critical

V 2.0 : Rating Error Occurred

Sub Rule

Rating Error

Error

V 2.0 : URL Passed

Sub Rule

URL Information

Information

V 2.0 : URL Blocked By Websense Service

Sub Rule

Web Site Blocked - Category

Failed Activity

V 2.0 : URL Blocked With Redirect Msg By Websense

Sub Rule

Web Site Blocked - Category

Failed Activity

V 2.0 : URL Allowed By Websense Service

Sub Rule

URL Information

Information

V 2.0 : URL Address Exempted

Sub Rule

URL Exempted

Activity

V 2.0 : Rating Error Occurred

Sub Rule

Rating Error

Error

V 2.0 : Daily FortiGuard Quota Status

Sub Rule

URL Access Statistics

Information

V 2.0 : URL Belongs To An Override Rule

Sub Rule

URL Information

Information

V 2.0 : URL Belongs To An Override Rule

Sub Rule

URL Information

Information

V 2.0 : FortiGuard Web Filter Category Quota Expir

Sub Rule

URL Access Statistics

Information

V 2.0 : Cookie Removed

Sub Rule

Cookie Removed

Information

V 2.0 : Java Applet Removed

Sub Rule

Java Applet Removed

Information

V 2.0 : Script Entity Removed

Sub Rule

ActiveX Script Removed

Information

V 2.0 : Cookie Removed Entirely

Sub Rule

Cookie Removed

Information

V 2.0 : Referrer Removed From Request

Sub Rule

Object Modified

Access Success

V 2.0 : Command Blocked

Sub Rule

Process Blocked

Failed Activity

V 2.0 : Blocked By HTTP Header Content Type

Sub Rule

Blocked Message

Failed Activity

V 2.0 : Depends On Info In Msg Field

Sub Rule

General WEB Information

Information

V 2.0 : Depends On Info In Msg Field

Sub Rule

General WEB Information

Information

V 2.0 : FortiGuard WebFilter Cate Quota Count Log

Sub Rule

URL Access Statistics

Information

V 2.0 : CONTENT_TYPE_EXEMPT

Sub Rule

URL Exempted

Activity

V 2.0 : ANTIPHISH_MATCH_URL_ALLOW

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

V 2.0 : ANTIPHISH_MATCH_FTGD_ALLOW

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

V 2.0 : ANTIPHISH_MATCH_DEFAULT_ALLOW

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

V 2.0 : ANTIPHISH_MATCH_URL_BLOCK

Sub Rule

Traffic Denied by Network Firewall

Network Deny

V 2.0 : ANTIPHISH_MATCH_FTGD_BLOCK

Sub Rule

Traffic Denied by Network Firewall

Network Deny

V 2.0 : ANTIPHISH_MATCH_DEFAULT_BLOCK

Sub Rule

Traffic Denied by Network Firewall

Network Deny

V 2.0 : VIDEOFILTER_CATEGORY_BLOCK

Sub Rule

Blocked Message

Failed Activity

V 2.0 : VIDEOFILTER_CATEGORY_MONITOR

Sub Rule

General MONITOR Message

Information

V 2.0 : VIDEOFILTER_CATEGORY_ALLOW

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

V 2.0 : VIDEOFILTER_CHANNEL_BLOCK

Sub Rule

Traffic Denied by Network Firewall

Network Deny

V 2.0 : VIDEOFILTER_CHANNEL_MONITOR

Sub Rule

General MONITOR Message

Information

V 2.0 : VIDEOFILTER_CHANNEL_ALLOW

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

V 2.0 : UNKNOWN_CE_BLOCK

Sub Rule

Traffic Denied by Network Firewall

Network Deny

V 2.0 : UNKNOWN_CE_BYPASS

Sub Rule

Traffic Redirected

Network Traffic

V 2.0 : VIDEOFILTER_TITLE_BLOCK

Sub Rule

Traffic Denied by Network Firewall

Network Deny

V 2.0 : VIDEOFILTER_TITLE_MONITOR

Sub Rule

General MONITOR Message

Information

V 2.0 : VIDEOFILTER_TITLE_ALLOW

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

V 2.0 : VIDEOFILTER_DESCRIPTION_BLOCK

Sub Rule

Traffic Denied by Network Firewall

Network Deny

V 2.0 : VIDEOFILTER_DESCRIPTION_MONITOR

Sub Rule

General MONITOR Message

Information

V 2.0 : VIDEOFILTER_DESCRIPTION_ALLOW

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

Mapping with LogRhythm Schema

Device Key in Log Message

LogRhythm Schema

Data Type

Schema Description

date

N/A

N/A

The date of the log event.

time

N/A

N/A

The time of the log event.

logid

<vmid>

Number

A unique identifier for the log event.

type

<vendorinfo>

Text/String

The type of log event. In this case, it is an UTM event.

subtype

N/A

N/A

The subtype of the log event. In this case, it is a webfilter event.

eventtype

N/A

N/A

The event type of the log event. In this case, it is a ftgd_blk event.

level

<severity>

Text/String

The severity level of the log event. In this case, it is a warning.

vd

N/A

N/A

The vdom in which the log event occurred.

eventtime

N/A

N/A

The time at which the log event occurred.

policyid

<policy>

Number

The policy ID that was used to block the URL.

sessionid

<session>

Number

The session ID of the web browsing session.

user

<login>

Text/String

The user who logged in.

srcip

<sip>

IP Address

The source IP address of the web browsing session.

srcport

<sport>

Number

The source port of the web browsing session.

srcintf

<sinterface>

Text/String

The source interface of the web browsing session.

srcintfrole

N/A

N/A

The role of the source interface of the web browsing session.

dstip

<dip>

IP Address

The destination IP address of the web browsing session.

dstport

<dport>

Number

The destination port of the web browsing session.

dstintf

<dinterface>

Text/String

The destination interface of the web browsing session.

dstintfrole

N/A

N/A

The role of the destination interface of the web browsing session.

proto

<protnum>

Number

The protocol of the web browsing session.

service

<protname>

Text/String

The service of the web browsing session.

hostname

<dname>

Text/String

The hostname of the blocked URL.

profile

<account>

Text/String

The profile that was used to block the URL.

action

<action>

Text/String

The action that was taken. In this case, it was a blocked.

reqtype

<objecttype>

Text/String

The request type.

url

<url>

Text/String

The URL that was blocked.

sentbyte

<bytesout>

Number

The number of bytes sent in the HTTP request.

rcvdbyte

<bytesin>

Number

The number of bytes received in the HTTP response.

direction

N/A

N/A

The direction of the web browsing session.

msg

<subject>

Text/String

The message associated with the log event.

method

<command>

Text/String

The method used to block the URL.

cat

N/A

N/A

The category of the blocked URL.

catdesc

<threatname>

Text/String

The description of the category of the blocked URL.

crscore

<threatid>

Number

The risk score of the blocked URL.

craction

N/A

N/A

The action to be taken if the URL is encountered again.

crlevel

N/A

N/A

The severity level of the blocked URL.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.