Skip to main content
anhdungle
anhdungle
New Member
March 30, 2021
Question

Local log encrypted ?

  • March 30, 2021
  • 1 reply
  • 7038 views

Hello everybody,

I would like to know if the log stored locally on the FG is encrypted ?

I know that there's an option to encrypte logs sending to the FortiAnalyzer but how about the local logs ?

 

Thank you for your inputs.

Have a great day all.

    1 reply

    emnoc
    emnoc
    New Member
    March 30, 2021

    None that I know of encrypt logs locally.

     

    The logs are stored in a local file such as tlog and are simple text-fles. If you need encryption you need to export the logs and encrypt at rest but seriously for traffic/config/system/vpn logs nothing should be sensitive by nature of those logs types if basic logs are used. When you start logging details of user/filename/usernames/dpi etc....maybe a small case could be made but that the information shadows the border line of sensitive.

     

    I haven't read the release notes for fortios 7 but maybe a anonymizer is coming within fortios ( i hope ) . A lot of gov agency are mandating random ip/user/file details in logs that are export for analysis or support assistance.

     

    Ken Felix

     

    anhdungle
    anhdungleAuthor
    New Member
    March 31, 2021

    Hi Ken,

    Thanks for replying me. Any logs could be sensitive, especially web filtering log where you have the user and his/her browsing data.

    I don't think the local log is encrypted either but is the hard-drive encrypted by default ? the idea is if the device or the hard-drive get lost, the thief/attacker will not able to extract any information because the drive is encrypted.

     

    Have a good day!

    emnoc
    emnoc
    New Member
    March 31, 2021

    No the  drive is not encrypted. And yes that is why you export the logs from the device and do not log locally unless it memory and even then I rather not waste mem on log messages & surely for historical.

     

    I would  be also just equally worried if the device was stolen|lost that your configuration is on the drive.That would could give details about your accounts, psk|password, and topology.

     

    The traffic logs with no user details is not as sensitive but we should always be thinking about Snowden and his many campaigns telling us the big biz, gov, NSO, and such are doing this at all level. 

     

    Example,  google know all of your traffic and search history and even your shopping history :)

     

    Ken Felix

     

     

     

    Terms & ConditionsAccessibility statement