Log header variations

Log header formats vary, depending on the logging device that the logs are sent to. For example, a Syslog device can display log information with commas if the Comma Separated Values (CSV) format is enabled.

Local disk or memory buffer log header format

Logs sent to the FortiGate local disk or system memory displays log headers as follows: 

2007-01-22 1:15:50 log_id=0100030101 type=event subtype=admin pri=information vd=root

Remote Syslog log header format

Logs sent to a Syslog server (or multiple Syslog servers) displays log headers as follows: 

date=2007-05-28 time=16:09:58 dev_name=FGT100280102104 device_id=FGT100280102104  log_id=0317099510 type=webfilter subtype=fgtd pri=notice vd=root

Logs that are saved in CSV format display the same log header asabove, but with commas.

WebTrends log header format

Logs sent to a remote NetIQ WebTrends firewall reporting server display log headers as follows:

id=firewall time="2007-05-01 14:01:01" fw=FGT4002801021089 pri=6 log_id=0100030101 type=event subtype=admin