Technical Tip: Log information for Application, Source, Destination and Web Sites not seen in FortiView
Description
This article concerns a FortiGate running in one-arm sniffer mode. Traffic can be seen in the Traffic log -> Sniffer Traffic, but there is no log information showing in FortiView for Applications, Sources, Destinations, or WebSites.
Scope
FortiGate.
Solution
Ensure that sniffer-traffic for report-source is enabled by using the CLI:
config report setting
set report-source forward-traffic sniffer-traffic
end
set report-source forward-traffic sniffer-traffic
end
After enabling sniffer-traffic in report-source, information should be seen in FortiView:
Additional note: The above command is no longer valid on the new FortiOS versions.
The view of the FortiView tabs on the latest versions (in this case, v7.4.5 of the FortiOS), is as follows:
In general, to be able to get the logs on the FortiView Dashboards, the following requirements must be met:
- Logging device set up and connected (in this case, as an example, FortiAnalyzer, FortiGate Cloud or syslog server).
- The Historical FortiView under Log Settings must be enabled.
- The traffic logging must be enabled on the firewall policies.
However, each of these features has its own requirements that can be checked when clicking on each of the options separately.
This might include Application Control, Web Filter and other security profiles being enabled on the policies, or requires the device to have a Log disk available.
For more information, a few documents are attached on each Tab to help with the configuration, as seen:
