Javascript is required for MOREAL Online Documentation to function properly. Please enable Javascript by adjusting your browser settings.

Fortigate Log Structure

Fortigate logs consist of a Header and a Body. The header contains specific universal information associated with the event log, whereas the body contains event type-specific information. The fields are transmitted as key-value pairs (and as such, it is usually easy to parse and/or extract information).

  • Date : The year, month and day of when the event occurred in yyyy-mm-dd format.
  • Time : The hour, minute and second of when the event occurred in the format hh:mm:ss.
  • Log_id : A five or ten-digit unique identification number. The number represents that log message and is unique to that log message. This ten-digit number helps to identify the log message.
  • Type : The section of system where the event occurred. (e.g. utm/traffic/etc.)
  • Subtype : The subtype category of the log message based on type.
  • Level : The severity level of the event, compliant with the syslog event severity scheme.
Level Severity Description
0 emergency System unusable
1 alert Immediate action needed
2 critical Critical conditions
3 error Error conditions
4 warning Warning conditions
5 notification Normal but significant conditions
6 informational Informational messages
7 debugging Debugging messages

** Note: The Debug priority level (7) is rarely used. It is the lowest log priority level and usually contains some firmware status information that is useful when the FortiGate unit is not functioning properly.