Académique Documents
Professionnel Documents
Culture Documents
Notice
Warning
Error
Critical
Alert
Emergency
Logging Severity Levels
Information
Local logging
Remote logging
Log Types
Event logs
Traffic logs
Attack logs
Antivirus logs
Web filter logs
UTM logs
Page: 90
Generating Logs in Firewall Policies
Page: 92
Generating Logs in Event Log
Page: 91
Log Viewer Filtering
❑ Use Filter Settings to customize the display of log messages to show
specific information in log messages
▪ Reduce the number of log entries that are displayed
▪ Easily locate specific information
Log Viewer Filtering
❑ Example: View only traffic log messages recorded last one hour
Download Raw Logs
❑ Raw logs can be downloaded, including archived log messages
❑ Raw log file is downloaded to the management computer and saved as a
text file
▪ Can be viewed in a text editor such as Notepad
❑ Log file name format:
<log name><number>.log (for example: elog0101.log)
Viewing Log Messages (Raw)
❑ Fields in each log message are arranged into two groups:
▪ Log header
2011-01-08 12:55:06 log_id=32001 type=dlp
subtype=dlp pri=notice vd=root
▪ Log body
policyid=1 identidx=0 serial=73855 src=“10.10.10.1”
sport=1190 src_port=1190 srcint=internal dst=“192.168.1.122”
dport=80 dst_port=80 dst_int=“wan1” service=“https”
status=“detected”
hostname=“example.com”url=“/image/trees_pine_forest/
”msg=“data leak detected(Data Leak Prevention Rule matched)”
rulename=“All-HTTP” action=“log-only” severity=1
Viewing Log Messages (Raw)
❑ Fields in each log message are arranged into two groups:
▪ Log header
2011-01-08 12:55:06 log_id=32001 type=dlp
subtype=dlp pri=notice vd=root
▪ Log body
policyid=1 identidx=0 serial=73855 src=“10.10.10.1”
sport=1190 src_port=1190 srcint=internal dst=“192.168.1.122”
dport=80 dst_port=80 dst_int=“wan1” service=“https”
status=“detected”
hostname=“example.com”url=“/image/trees_pine_forest/
”msg=“data leak detected(Data Leak Prevention Rule matched)”
rulename=“All-HTTP” action=“log-only” severity=1
The type and subtype fields = log file that message is recorded in (for
example, data leak prevention)
Viewing Log Messages (Raw)
❑ Fields in each log message are arranged into two groups:
▪ Log header
2011-01-08 12:55:06 log_id=32001 type=dlp
subtype=dlp pri=notice vd=root
▪ Log body
policyid=1 identidx=0 serial=73855 src=“10.10.10.1”
sport=1190 src_port=1190 srcint=internal dst=“192.168.1.122”
dport=80 dst_port=80 dst_int=“wan1” service=“https”
status=“detected”
hostname=“example.com”url=“/image/trees_pine_forest/
”msg=“data leak detected(Data Leak Prevention Rule matched)”
rulename=“All-HTTP” action=“log-only” severity=1
Each message has a unit a unique log id number that helps to identify them
Viewing Log Messages (Raw)
❑ Fields in each log message are arranged into two groups:
▪ Log header
2011-01-08 12:55:06 log_id=32001 type=dlp
subtype=dlp pri=notice vd=root
▪ Log body
policyid=1 identidx=0 serial=73855 src=“10.10.10.1”
sport=1190 src_port=1190 srcint=internal dst=“192.168.1.122”
dport=80 dst_port=80 dst_int=“wan1” service=“https”
status=“detected”
hostname=“example.com”url=“/image/trees_pine_forest/
”msg=“data leak detected(Data Leak Prevention Rule matched)”
rulename=“All-HTTP” action=“log-only” severity=1
msg = activity that was recorded, for example, DLP detected (matched the
rule called All-HTTP in the DLP sensor)
Viewing Log Messages (Raw)
❑ Fields in each log message are arranged into two groups:
▪ Log header
2011-01-08 12:55:06 log_id=32001 type=dlp
subtype=dlp pri=notice vd=root
▪ Log body
policyid=1 identidx=0 serial=73855 src=“10.10.10.1”
sport=1190 src_port=1190 srcint=internal dst=“192.168.1.122”
dport=80 dst_port=80 dst_int=“wan1” service=“https”
status=“detected”
hostname=“example.com”url=“/image/trees_pine_forest/
”msg=“data leak detected(Data Leak Prevention Rule matched)”
rulename=“All-HTTP” action=“log-only” severity=1
action = how Firewall unit deals with the activity, for example, log the event
only
LOG SETTINGS
Logging to a Firewall Device
Register
Logging to Fortianalyzer Device / Local
Reports
Logging to a FortiAnalyzer Device
Ignore connection
Archive
Content Archiving
❑ Log and archive copies of content transmitted over
the network
❑ Summary archives
▪ Metadata only
❑ Full archives
▪ Summary and hyperlink to archived file or
message
❑ Enabled through Data Leak Prevention rules
❑ When logging to multiple Firewall units, DLP
archives can be sent to both the second and third
FirewallAnalyzer units
Archive
▪ Avoids any lost DLP archives
Logging to FirewallCloud
Registration to FirewallCloud
❑ Registered Devices
Firewallcloud Dashboard
Firewallcloud Management
FirewallCloud Backup
Alert Email
Alert Email
Report
Reporting
❑ Default Report
Reporting
❑ Report Editor
Reporting
❑ Historical Reports
Monitor
❑ Monitor sub-menus found in Web Config for all main function menus
❑ User-friendly display of monitored information
❑ View activity of a specific feature being monitored such as Firewall, UTM,
VPN, Router, WiFi, Endpoint Security etc.