DescriptionDepending on the type of Firewall policy that has been configured, Accept or Deny as action, a FortiGate will provide different logging solutions.
Logging of Permitted traffic or Violating for denied traffic respectively. IPSec policy traffic can be logged as well and option is similar to Allow action policies.
This document first explains the steps required to enable logging to hard disk. Following that is a basic verification section.ScopeTraffic log setup in FortiGate devices. This procedure is written for FortiGate devices containing an internal hard drive.SolutionEnable logging to Hard Disk
Enable logging to disk can only be done from CLI.
#config log disk setting
(setting)# set status enable
(setting)# end
Important. Once these steps have been performed in CLI the user must log out and log in as a GUI option has been added.
Configure logging
Depending on the type of Firewall policy that has been configured, Accept or Deny as action, a FortiGate will provide different logging solutions.
Logging of permitted traffic or denied traffic respectively. This document explains how to enable logging of these types of traffic to an internal FortiGate hard drive.
Log Permitted traffic
1. Once the steps to 'enable' logging to Hard Drive have been performed the user will continue with Policy setup. Firewall > Policy menu.
2. To log traffic through an Allow policy select the Log Allowed Traffic option.
3. Action of IPSec
Log option appears similar to Allow
Log Denied 'Violation' Traffic
1. To log traffic hitting a Deny policy select Log Violation Traffic option.
Verification
In order to generate log events for the settings now made a CLI command can be used. Console in the GUI can be used in order to perform this in simple steps.
CLI command:
#diagnose log test
Once this test command has been run, test log messages should appear in Hard Drive logs. This can be seen in Log & Report, Log Access, Disk Tab
Related Articles
Configure logging to internal Hard Drive using FortiOS
Technical Tip : Troubleshoot and verify if traffic is hitting a Firewall Policy