Troubleshooting Tip: Threat feed log IDs explained

avp · ‎04-21-2025

Description

This article explains how to filter and identify the threat feed (External Connectors) related events from the system event logs based on the log IDs.

Scope

FortiGate.

Solution

Whenever a threat feed is updated successfully or fails to update, it generates certain system event logs. It can be filtered by the Message, Log Description, or Log IDs as follows:

If the Threat feed is updated successfully:-

Log Description: 'Threat feed updated'.
Message: 'Threat feed 'ext-root.<Threat feed name>' updated successfully'.
Log ID: '0100022220'.

Threat feed updated.png

date=2025-04-19 time=05:43:47 eventtime=1745037826712555447 tz="+0100" logid="0100022220" type="event" subtype="system" level="information" vd="root" logdesc="Threat feed updated" status="success" msg="Threat feed 'ext-root.test' updated successfully" desc="threat-feed"

If the Threat feed update fails:

Log Description: 'Threat feed update failed'.
Message: 'Threat feed 'ext-root.<Threat feed name>' updated failed'.
Log ID: '0100022221'.

Threat feed failed.png

date=2025-04-19 time=05:43:06 eventtime=1745037786334327015 tz="+0100" logid="0100022221" type="event" subtype="system" level="warning" vd="root" logdesc="Threat feed update failed" status="failed" msg="Threat feed 'ext-root.test' update failed" reason="0-Resource not found" desc="threat-feed"

Troubleshooting Tip: Threat feed log IDs explained

You are leaving our website