The Event Log table displays logs related to system-wide status and administrator activity.
Figure 59 shows the Event log table. By default, the log is filtered to display configuration changes, and the table lists the most recent records first.
You can use the following category filters to review logs of interest:
Within each category, you can use Filter Setting controls to filter the table based on the values of matching data.
You can use the Download link to download the logs. Filters are applied to the set that is collected for download.
Category Filters | Data Filters |
---|---|
Configuration |
|
System |
|
Admin |
|
User |
|
Health Check |
|
SLB, LLB, GLB, Firewall |
|
The last column in each table includes a link to log details.
Before you begin:
The log page displays the Event Logs tab.
to list the log columns for the event log types in the order in which they appear in the log.
Column | Example | Description |
---|---|---|
date | date=2014-12-01 | Log date. |
time | time=15:50:37 | Log time. |
log_id | log_id=0000000085 | Log ID. |
type | type=event | Log type. |
subtype | subtype=config | Log subtype. |
pri | pri=information | Log level. |
vd | vd=root | Virtual domain. |
msg_id | msg_id=522000 | Message ID. |
user | user=admin | User that performed the operation. |
ui | ui=GUI(172.30.144.8) | User interface from which the operation was performed. |
action | action=add | Administrator action: add, edit, delete. |
cfgpath | cfgpath=firewall qos-queue | Configuration that was changed. |
cfgobj | cfgobj=name | Configuration setting changed. |
cfgattr | cfgattr=queue | Configuration value changed. |
logdesc | logdesc=Change the configuration | A column added for compatibility with FortiAnalyzer. |
msg | msg=added a new entry 'queue' for "firewall qos-queue" on domain "root" | Log message. |
Column | Example | Description |
---|---|---|
date | date=2014-12-01 | Log date. |
time | time=16:00:09 | Log time. |
log_id | log_id=0003000011 | Log ID. |
type | type=event | Log type. |
subtype | subtype=system | Log subtype. |
pri | pri=error | Log level. |
vd | vd=root | Virtual domain. |
msg_id | msg_id=522008 | Message ID. |
submod | submod=update | System submodule. |
user | user=none | None. |
ui | ui=none | None. |
action | action=update | System action, such as (firmware) update, HA join and leave, and the like. |
status | status=failure | Status message: success or failure. |
logdesc | logdesc=Update FortiGuard | A column added for compatibility with FortiAnalyzer. |
msg | msg= | Log message (if any). |
Column | Example | Description |
---|---|---|
date | date=2014-12-01 | Log date. |
time | time=15:44:38 | Log time. |
log_id | log_id=0001016834 | Log ID. |
type | type=event | Log type. |
subtype | subtype=admin | Log subtype. |
pri | pri=information | Log level. |
vd | vd=root | Virtual domain. |
msg_id | msg_id=521996 | Message ID. |
user | user=admin | User that performed the operation. |
ui | ui=GUI(172.30.144.8) | User interface from which the operation was performed. |
action | action=logout | System action. |
status | statue=success | Status message: success or failure. |
reason | reason=none | Reason string (if any). |
logdesc | logdesc=Admin login | A column added for compatibility with FortiAnalyzer. |
msg | msg=User admin logout from GUI(172.30.144.8). | Log message. |
Column | Example | Description |
---|---|---|
date | date=2014-12-01 | Log date. |
time | time=15:44:38 | Log time. |
log_id | log_id=0001016834 | Log ID. |
type | type=event | Log type. |
subtype | subtype=user | Log subtype. |
pri | pri=information | Log level. |
vd | vd=root | Virtual domain. |
msg_id | msg_id=521996 | Message ID. |
user | user=user1 | User name |
usergrp | usergrp=customerABC | User group. |
policy | policy=membersOnly | Authentication policy. |
action | action=login | System action. |
status | statue=success | Status message: success or failure. |
reason | reason=none | Reason string (if any). |
logdesc | logdesc= | A column added for compatibility with FortiAnalyzer. |
msg | msg=User admin logout from GUI(172.30.144.8). | Log message. |
Column | Example | Description |
---|---|---|
date | date=2015-12-30 | Log date. |
time | time=12:07:47 | Log time. |
log_id | log_id=2002502 | Log ID. |
type | type=event | Log type. |
subtype | subtype=health | Log subtype. |
pri | pri=alert | Log level. |
vd | vd=root | Virtual domain. |
msg_id | msg_id=35661161 | Message ID. |
module | smodule=slb | System module: slb, llb. |
policy | policy=HTTPS_VIP | Virtual server configuration to which the event applies. |
group | group=test2 | Real server pool group or link group. |
member | member=1 | Real server member ID or gateway ID. |
attrtype | attrtype=none | Attribute type (if any). |
attrname | attrname=none | Attribute type (if any). |
action | action=health_check | Type of message: health check. |
status | status=failure | Health check result: success or failure. |
logdesc | logdesc=SLB Virtual server change state | A column added for compatibility with FortiAnalyzer. |
msg | msg=Virtual server HTTPS_VIP, status is down | Log message. |
Column | Example | Description |
---|---|---|
date | date=2016-01-13 | Log date. |
time | time=08:30:12 | Log time. |
log_id | log_id=0005001704 | Log ID. |
type | type=event | Log type. |
subtype | subtype=slb | Log subtype: dns (glb), slb, llb, fw. |
pri | pri=alert | Log level. |
vd | vd=root | Virtual domain. |
msg_id | msg_id=115208 | Message ID. |
policy | policy=L7vs_tcps | Policy to which the event applies—the virtual server configuration name, for example. |
group | group=none | Real server pool group or link group. |
member | member=none | Real server member ID or gateway ID. |
attrtype | attrtype=none | Additional configuration attributes, if applicable. |
attrname | attrname=none | Additional configuration values, if applicable. |
action | action=ssl | Module that took action. |
status | status=failure | Status of action. |
logdesc | logdesc=SLB SSL Handshake | A column added for compatibility with FortiAnalyzer. |
msg | msg=Client 31.1.1.103 failed to establish SSL connection with VS 41.1.1.123 | Log message. |
The value "none" appears in logs when the value is irrelevant to the status or action. For example, a health check log for a virtual server shows "none" in the Group and Member columns even though its real server pool and members are known—these details are just not relevant. Likewise, a health check log for a real server pool member shows "none" in the Policy column even though its virtual server is known. |