This can be enabled on the specific firewall policy:
config firewall policy
edit <id>
set logtraffic-start enable
end
Notes:
- To log traffic in forward traffic logs, a session has to be created in the session table.
It can be checked by the command:
diagnose sys session filter <filter> <---- Filter.
diagnose sys session list
Refer to this article to understand more information about the session table: Troubleshooting Tip: FortiGate session table information.
- Normal behavior is that the logs are generated when the session closes. For creating logs when the session starts, as well as the 'Generate logs when session starts' must be enabled. This way, there will be generated two logs, one at the start and one when the session ends.
- Security Rating under Security Setting -> Security Posture -> Audit Logs Setting recommends enabling this feature.
- This feature will affect CPU and Memory utilization depending on the traffic size, log size, etc., therefore, caution is recommended when enabling this feature.
- This feature is not recommended for small-grade devices as this will cause conserve mode. This can be enabled when troubleshooting.
