Skip to main content
Giovanna
Giovanna
Explorer II
July 2, 2025
Solved

Categorization of Logs in FortiGate

  • July 2, 2025
  • 1 reply
  • 1846 views

Dear all,

Could you please let me know which category the following logs:

- Anomaly

 

- APP-CTRL


- DLP


- DNS


- EmailFilter


- FILE-FILTER


- FORTI-SWITCH


- GTP


- ICAP


- IPS


- SSH


- SSL


- Virus


- VoIP


- WAF


- Webfilter

 

 in FortiGate belong to, based on the categories shown in the image from fortigate GUI? I found this categories in the table from "Log Reference" section in fortigate guide. I can't understand for example the "anomaly" logs which category do they belog according to the fortigate list in gui (shown in immage).


Thank you in advance for your support.

Best regards,

fortigate.jpg

Best answer by funkylicious

if you are refering to SSL/SSH Inspection - which is a security profile, then it should be found under Security Events, a separate view for each one ( SSH and SSL )

 

L.E. i see that you are running a older version than 7.2 , in which case they should be found under SSL .

1 reply

funkylicious
SuperUser
funkylicious
SuperUser
July 2, 2025

hi,

usually those logs ( for Application Control, Web Filtering, DNS Filter, etc which are security profiles )  are found under Security Events when they are used in policies ( either UTM or Log all session enabled ) and in the actual profiles is set to log different traffic ( Monitor/Block )  , https://docs.fortinet.com/document/fortigate/7.6.3/administration-guide/876272/security-events-log-page and Anomaly should be contain DoS policy events if a DoS policy is set and when it is triggered ,

"jack of all trades, master of none"
    Giovanna
    GiovannaAuthor
    Explorer II
    July 3, 2025

    Many thanks for your reply!

    Do you happen to know which category SSH logs belong to, in the fortigate gui I can't see them while the others are present (immage below)? I don’t see them listed under “Security Events,” and I was wondering whether this is something that needs to be configured, or if such logs are generated by default.

    I tried to monitor logs while opening an SSH session and traced them in the syslog collector. The log appears with ID 32002, type: event, and category: system — not the “SSH” type I expected.

    fortiLogs.jpg

    funkylicious
    SuperUser
    funkyliciousAnswer
    SuperUser
    July 3, 2025

    if you are refering to SSL/SSH Inspection - which is a security profile, then it should be found under Security Events, a separate view for each one ( SSH and SSL )

     

    L.E. i see that you are running a older version than 7.2 , in which case they should be found under SSL .

    "jack of all trades, master of none"
      Terms & ConditionsAccessibility statement