Description
Scope
UTM Application control logging
Solution
Traffic log message generated by UTM application control
Application control log message
These two log messages correspond to the same traffic flow.
The information found in only one type of log are:
In Traffic log only:
Volume of traffic (sent and received bytes, sent and received packets) Traffic shaping counters NAT details (source and destination NAT) VPN detailsIn Application log only:
Application Control list Message Attack ID UTM typeDisabling Application Control log (CLI only)
At the application control list level by using set log disable. For example:
config application list
edit "test-appl"
config entries
edit 1
set action pass
set application 16339 15889
set log disable
next
Disabling Traffic Log for Application Control events (CLI only)
At the policy level by using set logtraffic-app disable. For example:
config firewall policy
edit 572
set srcintf "port1"
set dstintf "port2"
set srcaddr "all"
set dstaddr "all"
set action accept
set schedule "always"
set service "ANY"
set utm-status enable
set logtraffic-app disable
set application-list "test-appl"
set profile-protocol-options "default"
next
end
With 4.0 MR3 a new default logging behaviour of application control was introduced: by default application control generate logs in "Traffic Log" and in "Application Control Log"
With 5.0 this behavior will change and by default application log will generate log only in "Traffic Log"
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.