Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
pjang
Staff & Editor
Staff & Editor

Created on ‎04-20-2022 10:53 PM Edited on ‎01-12-2026 10:44 PM By Community Manager

Article Id 209863

Technical Tip: Finding Outbreak prevention antivirus logs based on the Advanced Threat prevention statistics widget

Description

 

This article describes how to assist administrators with locating Outbreak Prevention-specific AntiVirus logs based on what is reported in the Advanced Threat Prevention (ATP) Statistics widget.

 

As a reference, the Advanced Threat Prevention (ATP) Statistics widget on the FortiGate Dashboard shows a summary of results for AntiVirus scans, including:

  • The number of scanned files.
  • How many were malicious/suspicious/clean.
  • How many files were detected using external services, such as the FortiGuard Outbreak Prevention service, External Malware Block Lists, and EMS Threat Feeds.

 

pjang_0-1650484922824.png

 

As of FortiOS v7.2.0 and earlier, the ATP Statistics widget does not directly link to corresponding AntiVirus logs, so an administrator must search the event logs manually for the related Outbreak Prevention logs.

 

Scope

 

FortiOS v7.2 and earlier.

 

Solution

 

First, AntiVirus-specific logs can be found in the following locations in the FortiOS Web UI :

  • FortiOS v7.2: Log & Report -> Security Events -> AntiVirus.
  • FortiOS v7.0 and earlier: Log & Report -> AntiVirus.

 

The following is a list of useful Log Fields and known-associated values that can be used with the log filter to assist an administrator in locating Outbreak Prevention-related AntiVirus logs :

  • Event Type ('eventtype'): outbreak-prevention.
  • Log ID ('logid'): 0204008202.
  • Detection Type ('dtype'): outbreak-prevention.
  • Message ('msg'): Blocked by Virus Outbreak Prevention service.

 

Further information on Outbreak Prevention-related log entries can be found here:

 

For reference, the following is a sample of an Outbreak Prevention log in the GUI, as well as the same entry in the CLI/text log format :

 

outbreak_gui_1.png

 

outbreak_gui_2.png

 

outbreak_cli_1.png

 

As a final note, keep the following in mind when checking for AntiVirus logs:

  • The ATP Statistics Widget is updated as the AntiVirus processes on the FortiGate scan files; it does not appear to use existing logs when generating these statistics.
  • This can result in potential inconsistencies between the event count presented by the ATP Statistics widget vs. the actual number of log entries if the log facility being checked (i.e. FortiGate Cloud, FortiAnalyzer, Disk, etc.) has deleted/overwritten old logs due to storage space and/or logging volume constraints.

 

Note:
Starting with FortiOS v7.6.0, FortiGate models without an HDD will no longer have the ATP widget available. See this document for reference: Expanded support for Advanced Threat Protection Statistics widget.

 

Related documents:

Technical Tip: Displaying logs via FortiGate's CLI

FortiGuard outbreak prevention for antivirus
FortiGuard outbreak prevention

2692
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2026 Fortinet, Inc. All Rights Reserved.