Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Ashika17
Staff
Staff

Created on ‎06-11-2023 10:13 PM Edited on ‎09-03-2023 11:43 PM By Moderator

Article Id 259807

Technical Tip: Logs generated while using the 'diagnose log test' command

Description This article describes the expected output while executing a log entry test using 'diagnose log test' command.
Scope FortiGate
Solution

The command 'diagnose log test' is utilized to create test log entries on the unit’s hard drive to a configured external logging server say Syslog server, FortiAnalzyer, etc.

 

Related article:

Technical Tip: How to perform a syslog and log test on a FortiGate with the 'diagnose log test' comm...

 

Note:

The output of the command 'diagnose log test' may vary with FortiOS versions.

 

Ashika17_0-1686536709483.png

 

 

However, this leads to a definite set of log entries that can be found in the Log & Report -> Forward Traffic section as seen below:

 

Ashika17_1-1686536709492.png

 

Below are the categorized log details on each event :

Anomaly Events :

 

Anomoly_Event.png

 

Anti-Spam Events :

Anti_Spam_Events.png

 

Antivirus Events :

AntiVirus_Event.png

Application control Events :

App_Control_Events.png

 

Data Leak Prevention Events :

  

Data_Link_Event.png

 

 

DNS query Events :

DNS_query_Event.png

IPS Events : 

IPS_Event.png

 

Sniffer Events :

Sniffer_Event.png

SSH Events :

SSH_Event.png

SSL Events : 

SSL_Event.png

 

User Events :

User_Events.png

Web Filter Events :

Web_filter_event.png

The test log entries usually generated from the below source addresses:

  • 168.10.199.186 (Most common).
  • 172.16.78.32.
  • 170.10.199.186.
  • 171.10.199.186.
  • 173.10.199.186.
  • 174.10.199.186.
  • 175.10.199.186.
  • 176.10.199.186.
  • 177.10.199.186.

 

Also, some of the test logs will be generated from 'test user' as the source, even if there is no user-configured like this in the FortiGate.

 

Ashika17_2-1686536709493.png

 

The logs' details sometimes can show traffic passing from interfaces that are disabled.

 

Ashika17_3-1686536709494.png

 

These test logs also tend to display traffic hitting implicit deny or a policy ID that is not ideally configured in the FortiGate.

 

Ashika17_4-1686536709495.png

 

The above test logs are only triggered when using the command 'diagnose log test' in the CLI and do not indicate any kind of attack or illegitimate traffic traversing the FortiGate.
3284
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.