Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Debbie_FTNT
Staff
Staff

Created on ‎08-01-2017 01:22 AM

Article Id 197188

Technical Note: Hostname and Destination name in traffic and UTM logs in FortiOS 5.4

Description
This article provides a clarification on the "hostname" and "destination name" fields used in FortiOS traffic and UTM logs.

Solution
The raw traffic log does not contain a "hostname" field, but may contain the field "dstname".  "dstname" is only available if 'resolve-ip' is 'enabled' under 'config log settings'.  The data of "dstname" is obtained by a reverse DNS query for the IP address of "dstip", against the DNS servers configured under 'config system dns'.

If the system DNS servers return no response or no PTR record, "dstname" will contain the same data as in "dstip".

The raw UTM logs do not contain a "dstname" field, but do contain a "hostname" field.  The hostname field is provided by the respective UTM process, after inspecting the traffic.  "hostname" can be blank if no information is supplied.

More information on the logs files may be found in the FortiOS 5.4.5 Log Reference guide.

Labels:
4192
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.