# config firewall policyCheck the log settings and select from the following:
edit <Policy_id>
set logtraffic all/utm
end
# config log settingExample:
setendresolve-ip <----- Add resolved domain name into traffic log if possible.
resolve-port <----- Add resolved service name into traffic log if possible.
log-user-in-upper <----- Enable/disable collect log with user-in-upper.
fwpolicy-implicit-log <----- Enable/disable collect firewall implicit policy log.
fwpolicy6-implicit-log <----- Enable/disable collect firewall implicit policy6 log.
log-invalid-packet <----- Enable/disable collect invalid packet traffic log.
local-in-allow <----- Enable/disable collect local-in-allow log.
local-in-deny-unicast <----- Enable/disable collect local-in-deny-unicast log.
local-in-deny-broadcast <----- Enable/disable collect local-in-deny-broadcast log.
local-out <----- Enable/disable collect local-out log.
daemon-log <----- Enable/disable collect daemon log.
neighbor-event <----- Enable/disable collect neighbor event log.
brief-traffic-format <----- Enable/disable use of brief format for traffic log.
user-anonymize <----- Enable/disable anonymize log user name.
expolicy-implicit-log <----- Enable/disable collect explicit proxy firewall implicit policy log.
log-policy-comment <----- Enable/disable insertion of policy comment in to traffic log.
set resolve-ip enableConfigure where the logs will be sent:
# config log memory/disk/fortianalyzer/syslog settingSelect the source of the log information in FortiView:
set status enable
end
# config log gui-displayCheck the severity is set to information, to view all the logs from the lowest level:
set location
memory <----- Display memory log.
disk <----- Display disk log.
fortianalyzer <----- Display FortiAnalyzer log.
forticloud <----- Display FortiCloud log.
end
# config log memory/disk/fortianalyzer/syslog filterExecute the following command to restart the process:
set severity information
set
forward-traffic : enable
local-traffic : enable
multicast-traffic : enable
sniffer-traffic : enable
anomaly : enable
voip : enable
dns : enable
filter :
filter-type : include
#diag sys top 2 50Wait some seconds to verify the PID of miglog, in this example "55".
newcli 2151 R 1.4 1.0Run a log test:
sshd 2149 S 0.4 0.7
httpsd 147 S 0.0 1.6
pyfcgid 2147 S 0.0 1.5
miglogd 55 S 0.0 1.4
#diag sys kill 11 <PID> --> #diag sys kill 11 55
# diag log testTo view the logs in FortiView from the FortiGate GUI either:
# config firewall policyNote:
edit <policy_id>
set auto-asic-offload disable
next
end
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.