Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

UDP Flood Log line understanding


In the below log line. What does this 793 times represent ?

and what does this threshold represent ?

Can we consider this single log as a attack or We need to correlate many logs.

Aug 10 19:28:44 date=2017-08-10 time=19:28:49 devname=GGHL-FG-TTC-SECONDRY devid=FG20101119 logid=0720018432 type=anomaly
subtype=anomaly level=alert vd=root severity=critical srcip= srccountry="United States" dstip= srcintf="port2"
sessionid=0 action=clear_session proto=17 service="VC_Port" count=793 attack="udp_flood" srcport=46503 dstport=61688 attackid=285212772
policyid=3 policytype=DoS-policy ref="" msg="anomaly: udp_flood, 2001 > threshold 2000, repeats 793
times" crscore=50 crlevel=critical
New Contributor

hey powerlin.g93,


It depends.


A lot of udp requests in a amount of time, might be a valid traffic or an attack/ invalid traffic we need to know about the application.

In example, the QUIC protocol of Google, this protocol love to do this 'floods', in this case is valid,a caracteristic of application.



Andre Otta

Top Kudoed Authors