This article explains how to ensure all types of events are logged to memory.
To ensure all types of filters are applied to the memory log and fully visible in the Log &Report >Log Access in the web-based manager.
The correct filter for log memory on the CLI must be activated as below.
FGT# config log memory filter
FGT(filter) # set ? (enter)
allowed whether to log
policy allowed traffic messages
anomaly whether to log
attack anomaly messages
app-ctrl whether to log
application control
app-ctrl-all whether to log
application control(subcategory)
attack whether to log
attack messages
blocked whether to log
filename blocked messages
discovery whether to log netscan
discovery events
dlp whether to log
DLP events
dlp-all whether to log all
subcategories of DLP events
email
whether
to log email filter messages
email-log-imap whether to log imap spam
email detected messages
email-log-pop3 whether to log pop3 spam
email detected messages
email-log-smtp whether to log smtp spam email detected
messages
ftgd-wf-block whether to log FortiGuard
Web Filter block messages
ftgd-wf-errors whether to log FortiGuard
Web Filter error messages
infected whether to log virus infected messages
netscan whether to log
network vulnerability scanning events
other-traffic whether to log other
traffic messages
oversized whether to log file
oversized messages
scanerror whether to log virus
scan error messages
severity the least severity
level to log
signature whether to log attack
signature messages
traffic whether to log traffic messages
url-filter whether to log URL
filter messages
violation whether to log policy
violation traffic messages
virus whether to log
virus messages
vulnerability whether to log netscan
vulnerability events
wanopt-traffic whether to log wanopt
traffic messages
web whether to log
web filter messages
web-content whether to log
web-content block messages
web-filter-activex whether to log activex block
messages
web-filter-applet whether to log java applet
block messages
web-filter-cookie whether to log cookie block
messages
web-filter-ftgd-quota whether to log daily ftgd quota
levels
web-filter-ftgd-quota-counting whether to log ftgd quota counting messages
web-filter-ftgd-quota-expired whether to log ftgd quota expired messages
webcache-traffic whether to log web cache
traffic messages
2. Select the filter required for the log memory (example below for WEB events) :
3. Check on the web-based manager that the filter has been applied correctly in Log &Report >Log Access>Web Filtering.
