Skip to main content
Ralph1973
Ralph1973
New Member
December 7, 2015
Question

full logging needed for analyzer reports?

  • December 7, 2015
  • 1 reply
  • 2928 views

Hello, I was looking for a description of what log settings are needed to let FortiAnalyzer create reports;

In my opinion it is like this:

- application + used bandwidth ->  application monitor and full logging (?)

- virus, ips etc. -> only UTM logging

 

So my question is, whether we need full logging to have a reliable overview about applications and the bandwidth they have used. Thanks for any help,

 

Ralph Willemsen

Arnhem, Netherlands

    1 reply

    awasfi_FTNT
    Staff
    awasfi_FTNT
    Staff
    December 17, 2015

    Hello,

     

    Depends on your needs. However I recommend you to check the CLI guide as there are many logging options under each security profile which is not available from GUI.

     

    1) Check the following in CLI guide:

    # config antivirus profile

    # config application list

    # config ips ensor

    # config spamfilter profile

     

    2) Also check:

    # config log setting

    # config log fortianalyzer filter

     

    3) Enable log all traffic on the firewall policies.

     

    CLI guide can be found on the following link:

    - v5.2

    ---------

    http://docs.fortinet.com/d/fortigate-fortios-5.2-cli-reference

    - v5.0

    ---------

    http://docs.fortinet.com/d/fortigate-cli-reference-pdf

     

    Regards,

    Ralph1973
    Ralph1973Author
    New Member
    December 21, 2015

    Thank you for your information. In the NSE FAZ training I discovered that you can configure the app monitor like this:

    - Allow => traffic is allowed but  NOT logged

    - Monitor=> traffic is allowed and also logged

    -block, reset, traffic shaping => logged

    This was actually the missing part for me.

     

    Rgds, Ralph

    Terms & ConditionsAccessibility statement