Skip to main content
m_raza
m_raza
New Member
August 28, 2017
Question

FAZ not logging URLs

  • August 28, 2017
  • 1 reply
  • 8849 views

We are using Forti-Analyzer 200D with Firmware version v5.4.2-build1151 161213 (GA). Our FAZ getting proper log from our Fortigate 200D but in all traffic logs it show blank in the column of URL. we are not getting any URL that our user opened.

 

In fortigate i enabled all logs and in web and application security i set Monitored for all allowed websites and applications but still failed to get any URLs.

 

Please guide me if i am missing something to get URL log.

    1 reply

    emnoc
    emnoc
    New Member
    August 28, 2017

    try this from the FAZ  cli

     

    "diag fortilogd   msgrate-type"

     

    Does the "Web Filter" line show any status?

     

     

    If not , than I would go back to the fortigate and review the webfllter  log status and the actual  fwpolic   set log-traffic value.

     

    Ken

     

     

    m_raza
    m_razaAuthor
    New Member
    August 29, 2017

    Yes i am getting this status.. 

     

    Web Filter.:      2.38      4.25      3.61

    Traffic.:     19.24     20.57     18.57

    emnoc
    emnoc
    New Member
    August 29, 2017

    Okay good

     

    Now here's what you should do.

     

    1: set memory logging for elimination

    2: ensure your profile  has log enable

     

    3: query memory for log messages? Does it log ?

     

     

    e.g

    execute log filter dev  3

    execute log file cat 3

    execute log display

    3: date=2017-08-29 time=13:06:21 logid=0315012544 type=utm subtype=webfilter eventtype=urlfilter level=warning vd="root" urlfilteridx=0 policyid=1 sessionid=1451617118 user="" srcip=x.x.x.x  srcport=52969 srcintf="wan1" dstip=153.121.72.211 dstport=80 dstintf="wan1" proto=6 service=HTTP hostname="ifconfig.me" profile="SCHOOL" action=blocked reqtype=direct url="/" sentbyte=122 rcvdbyte=0 direction=outgoing msg="URL was blocked because it is in the URL filter list" crscore=30 crlevel=high

    Ensure the firewall policy has log utm enable , ensure the url-flter profile has log enable

     

    e.g

    config webfilter profile     edit "SCHOOL"         set comment "ALLOW LIMITED"         set options block-invalid-url             config override                 set ovrd-user-group ""             end             config web                 set urlfilter-table 1             end             config ftgd-wf                     config filters                         edit 1                             set category 140                         next                         edit 2                             set category 141                         next                     end             end         set log-all-url enable     next end

    Terms & ConditionsAccessibility statement