FortiOS 5.4 Online Help Link FortiOS 5.2 Online Help Link FortiOS 5.0 Online Help Link FortiOS 4.3 Online Help Link

Home > Online Help

> Chapter 10 - FortiView > Reference > Columns displayed

Columns displayed

The following columns appear in the initial window of the consoles. Some columns may only be visible by selecting them from the column drop-down menu. Options also vary depending on the console selected.

Column name Description
Action Displays the type of response taken to a security event. The types of possible actions are as follows:

  • Allowed: No threat was detected and the connection was let through.
  • Blocked: A threat was detected and the connection was not let through.
  • Reset: A possible issue was detected and the connection was reset.
  • Traffic Shape: Some data packets may have been delayed to improve system-wide performance.

Note: This column is only available in the All Sessions console.
Application Displays the application name and service. When Time Display is set to now, you can access further information about an application by selecting the column entry.
Application Category Displays the type of application used in the selected session, e.g. video player, social media.

Note: This column is only available in the All Sessions console.
Application ID Displays the identification number associated with the application used in the selected session.

Note:This column is only available in the All Sessions console.

Application Risk

Risk


Displays the application risk level. You can hover the mouse cursor over the entry in the column for additional information, and select the column header to sort entries by level of risk.

Risk uses a 5-point risk rating. The rating system is as follows:

  • Critical: Applications that are used to conceal activity to evade detection.
  • High: Applications that can cause data leakage, are prone to vulnerabilities, or may download malware.
  • Medium: Applications that can be misused.
  • Elevated: Applications that are used for personal communications or can lower productivity.
  • Low: Business-related applications or other harmless applications.

Browsing Time Displays the amount of time a user has spent browsing a web site (in seconds).

Note: This column is only available in the Web Sites console, in Categories view..
Bytes
(Sent/Received)
Displays the size of sent and received data packets, as measured in bytes. Select the column header to sort the entries by size.

Note: This information is available on some consoles as two separate columns: Sent and Received.
Category Displays the category descriptor appropriate to whatever console is being displayed. For example, threat categories are displayed in the Threats console.
Clean Displays the number of "clean" (safe) files found in the selected FortiSandbox session.

Note: This column is only available in the FortiSandbox console, in Source view.
Cloud User Displays the users accessing cloud applications by IP address.

Note: This column is only available in the Cloud Applications console, in Users view.
Configuration Changes Displays the number of configuration changes made by the user. You can hover the mouse cursor over an entry for additional information.

Note: This column is only available in the Admin Logins console.
Connections Displays the number of VPN connections made by the selected user..

Note: This column is only available in the VPN console.
Destination Displays the destination name, IP address and geographic region.
Destination Country Displays the country session data is being sent to.

Note: This column is only available in the All Sessions console.
Destination Interface Displays which interface session data is being sent through, e.g. wan1.
Destination Port Displays the port number of the destination server being used to accept data.

Note: This column is only available in the All Sessions console.
Device Displays the device IP address or Fully Qualified Domain Name (FQDN).
Domain Displays the domain associated with the selected web site, e.g. google.com.

Note: This column is only available in the Web Sites console.
DST Nat IP

NAT Destination
Displays the Network Address Translation (NAT) IP address associated with the destination server.

Note: This column is only available in the All Sessions console.
DST Nat Port

NAT Destination Port
Displays the Network Address Translation (NAT) port number associated with the destination server.

Note: This column is only available in the All Sessions console.
Duration Displays the amount of time (in seconds) a user has been logged in.

Note: This column is only available in the Admin Logins console.
Event Name (Description) Displays the name and description of the selected security event.

Note: This column is only available in the System Events console.
Events Displays the number of security events that occurred within a selected session.

Note: This column is only available in the System Events console.
Expires Displays the amount of time a session has (in seconds) before it is set to expire.

Note: This column is only available in the All Sessions console, in now Time Display view.
Failed Logins Displays the number of failed login attempts made by an administrator over the specified time period.

Note: This column is only available in the Admin Logins console.
Files (Up/Down) Displays the number of files uploaded and downloaded. Hover the mouse cursor over the entry in the column for additional information.

Note: This column is only available in the Cloud Applications console.
FortiASIC Displays the type of FortiASIC hardware acceleration used in the specified session, if present.

Note: This column is only available in the All Sessions console, in the now Time Display view.
Group Displays the group ID associated with the selected session.

Note: This column is only available in the All Sessions console.
Last Connection Time Displays the most recent instance of connection to the selected Virtual Private Network (VPN).

Note: This column is only available in the VPN console.
Level

Threat Level

Displays the threat level. Select the column header to sort entries by threat level.
Log ID Displays the identification number for the data log associated with this entry.

Note: This column is only available in the All Sessions console.
Login IDs Displays the number of login IDs associated with the selected cloud application.

Note: This column is only available in the Cloud Applications console, in Applications view.
Logins Displays the number of successful logins made by an administrator over the specified time period.

Note: This column is only available in the Admin Logins console.
Policy ID Displays the identification number of the policy under which the selected connection was allowed.
Policy UUID Displays the Universally Unique Identifier (UUID) of the selected policy, if present.

Note: This column is only available in the All Sessions console.
Protocol Displays the protocol type associated with the selected session, e.g. TCP.

Note: This column is only available in the All Sessions console.
Security Action Displays the action taken in response to the selected security event. The types of possible actions are as follows: 

  • Allowed: No threat was detected and the connection was let through.
  • Blocked: A threat was detected and the connection was not let through.
  • Reset: A possible issue was detected and the connection was reset.
  • Traffic Shape: Some data packets may have been delayed to improve system-wide performance.

Security Events Displays the type of security event detected in the selected session.

Note: This column only appears in the All Sessions console.
Sequence Number Displays the TCP sequence number associated with the selected session.

Note: This column only appears in the All Sessions console.
Service Displays the ID of the service application in use in the selected session.

Note: This column only appears in the All Sessions console.
Sessions Displays the number of sessions associated with the selected destination.

Note: This column only appears in the Destinations console, in the now Time Display view.
Sessions
(Blocked/Allowed)
Displays the number of sessions blocked and allowed by FortiOs.

In some consoles, entries can be sorted by number of sessions by selecting the column header..
Severity Displays the severity level (Critical, High, Medium or Low) associated with the selected security event.

Note: This column is only available in the System Events console.
Source Displays the source IP address and/or user ID, if applicable.
Source Interface Displays which interface is being used by the destination server (eg. wan1).
Source Port Displays the port number being used by the source server to send data.
Src NAT IP

NAT Source
Displays the Network Address Translation (NAT) IP address associated with the source server.
Src NAT Port

NAT Source Port
Displays the Network Address Translation (NAT) port number associated with the source server.
Status Displays the status of

Note: This column is only available in the FortiSandbox console, in Files view.
Submittted Displays the number of files submitted to the FortiSandbox for assessment in the selected session.

Note: This column is only available in the FortiSandbox console, in Files view.
Threat Displays the threat type detected in the selected session.
Threat Score
(Blocked/Allowed)
Displays the threat score value, a measurement of the total number of threats detected over the course of the session. You can select the column header to sort entries by threat score.
Threat Weight Displays the threat weight profile associated with the selected session.
Timestamp Displays the selected session's PHP timestamp.


User

User Name


Displays the user name associated with the selected administrator.
Videos Played Displays the number of videos played via cloud applications.

Note: This column is only available in the Cloud Applications console.
VPN Displays the Virtual Private Networks (VPNs) connected to the FortiGate, by name.

Note: This column is only available in the All Sessions console.
VPN Type Displays the type of VPN protocol (eg. PPTP, L2TP) in use by the associated connection.