filtre logs sent to the fortianalyzer

Forum|Forum|11 years ago
December 16, 2014
2 replies
7136 views

Hello,

Please, how I can keep the traffic logs allowed by all the access list, and send just a logs of SOME rules to the FortiAnalyzer ?

to better explain:

for exemple: keep on the fortigate disk the trafic log of the rules id: 1 and 2 and 3, and send only the traffic log of the rule id 3 to the fortianalyzer.

Best answer by Jeff_FTNT

If enable " Av/Web filter/Application control/IPS, etc on policy, it will have log for security event, it is call "Security log"

Local traffic mean traffic terminate or initiate from FGT, like if you login FGT with GUI/Telnet/SSH. Thanks.

Jeff_FTNT

Staff

Log filter is based on log type, can not based on policy.

FG800C3912800675 # config log fortianalyzer filter FG800C3912800675 (filter) # get severity : information forward-traffic : enable local-traffic : enable multicast-traffic : enable sniffer-traffic : enable

...

Your scenario can not reach, thanks.

leila07Author

New Member

thanks for the reply.

I want to know please, the logging option "security log" what does it mean exactly?.

last question: what kind of traffic can we found on "local traffic" ?

thanks again for your help.

Jeff_FTNTAnswer

Staff

If enable " Av/Web filter/Application control/IPS, etc on policy, it will have log for security event, it is call "Security log"

Local traffic mean traffic terminate or initiate from FGT, like if you login FGT with GUI/Telnet/SSH. Thanks.

leila07Author

New Member

thanks a lot

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded