Staff

Troubleshooting Tip: Threat feed log IDs explained

Forum|Forum|1 year ago
April 21, 2025
0 replies
1204 views

Description

This article explains how to filter and identify the threat feed (External Connectors) related events from the system event logs based on the log IDs.

Scope

FortiGate.

Solution

Whenever a threat feed is updated successfully or fails to update, it generates certain system event logs. It can be filtered by the Message, Log Description, or Log IDs as follows:

If the Threat feed is updated successfully:-

Log Description: 'Threat feed updated'.
Message: 'Threat feed 'ext-root.<Threat feed name>' updated successfully'.
Log ID: '0100022220'.

Threat feed updated.png

date=2025-04-19 time=05:43:47 eventtime=1745037826712555447 tz="+0100" logid="0100022220" type="event" subtype="system" level="information" vd="root" logdesc="Threat feed updated" status="success" msg="Threat feed 'ext-root.test' updated successfully" desc="threat-feed"

If the Threat feed update fails:

Log Description: 'Threat feed update failed'.
Message: 'Threat feed 'ext-root.<Threat feed name>' updated failed'.
Log ID: '0100022221'.

Threat feed failed.png

date=2025-04-19 time=05:43:06 eventtime=1745037786334327015 tz="+0100" logid="0100022221" type="event" subtype="system" level="warning" vd="root" logdesc="Threat feed update failed" status="failed" msg="Threat feed 'ext-root.test' update failed" reason="0-Resource not found" desc="threat-feed"

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded