FortiGate IPv4 DoS Logging - What should I be looking for in the logs?

Forum|Forum|5 years ago
March 24, 2021
1 reply
4700 views

Hello!

I enabled a few IPv4 DoS policies on a 600E running 6.4.3 with Logging enabled and an Action of Monitor.

I'd like to look through the syslogs (or other logs?) to find if the default thresholds are working correctly before I set the DoS Policy for Block.

Would I find these messages in the syslog output? If so, what keyword(s) would I be looking for? I can't seem to find much info on the logging/monitoring.

Even better, I'd love to see information on my current values (tcp_syn, for example) so as to better set the Thresholds based on our "normal" traffic values.

Can anyone please help?

Dave

FortiGate

dbaddorfAuthor

New Member

According to FortiNet Tech Support, I should be looking for the following anomalies: 18432, 18433, 18434. See https://docs.fortinet.com/document/fortigate/6.2.0/fortios-log-message-reference/688125/anomaly

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded