FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Not applicable
Article Id 192688

Article

Log Type: Instant messaging, Peer-to-Peer
Severity: Information
FortiOS version: 3.0
Message: itime=milliseconds date=yy-mm-dd time=hh:mm:ss devname=dev_name device_id=dev_id log_id=log_id type=im subtype=im-all pri=severity_level vd=virtual_domain user=user_name group=user_group proto=Skype action={pass|block} laddr=local_ip raddr=user_ip repeat=action
Meaning:
itime The epoch time is when the FortiAnalyzer unit received the log entry. The time is in milliseconds. Epoch is the number of seconds elapsed for a specific time period.
date The date the FortiGate unit generated the log message.
time The time the FortiGate unit generated the log message.
devname The name of the device where the log was generated from.
device_id The device’s identification.
log_id The log identification number.
type The type of log recorded.
sub-type The sub-type of log recorded.
pri The priority of the log severity level.
vd The virtual domain that the log was recorded.
user The name of the user creating the traffic.
group The name of the group creating the traffic.
proto The protocol of the Instant Messaging program. The protocol can be BitTorrent, eDonkey, Gnutella, Kazaa, Skype or Winney.
action The action, either pass or block, taken by the FortiGate unit.
laddr The user’s local IP address.
raddr The IP of the address from the user who is trying or did connect to the local IP address.
repeat This indicates how many times the same action was detected or blocked in a period of 30 seconds. If a program is set to block and the user repeatedly tries to connect, instead of logging every single attempt, all attempts are logged in the 30 second period and logged as a single entry that indicates how many attempts the user made.

 

Contributors