Description
How to enable logging for all email, not just spam logging.
Options to enable logging or archiving of all emails have changed since FortiOS 3.0. Customers may wish to log ALL emails that pass through a FortiGate. This may be to archive and send the data to a FortiAnalyzer.
This article ONLY applies to FortiOS 4.0. Summary archiving will be added back into FortiOS 4.1.
Solution
In FortiOS 4.0 users will need to enable data Leak Prevention in a protection profile and apply this to a policy. The steps required to create and apply these rules are documented on page 511 of the FortiGate Administration Guide.
Configuration is performed in the UTM>Data Leak Prevention menu. DLP Sensors are created and then given DLP Rules.
Firewall>Protection Profile>Data Leak Prevention Sensor
Once a DLP sensor has been created, a Rule or Compound Rule will be applied to the sensor. In doing this the IMPORTANT step is to enable archive.
'Archive enable' must be set for all 'Actions' in order to gather complete information for logging purposes.