Skip to main content
JohnMeteo
JohnMeteo
New Member
June 12, 2015
Solved

Session logging

  • June 12, 2015
  • 4 replies
  • 25445 views

Good day.

 

Is there a way for logging to happen at session start? We notice that when we do an FTP, until we close the session, nothing appears in the log.

 

Thanks.

 

JM

Best answer by Pradhumna_FTNT

Hi,

 

Yes,

 

This can be enabled on the specific firewall policy

 

config firewall policy

edit <id>

 set logtraffic-start enable

end

 

This will generate a log message , when the session is started and also a log message after the session is closed.

 

Regards,

Pradhumna chandra

 

4 replies

Pradhumna_FTNT
Staff
Pradhumna_FTNTAnswer
Staff
June 12, 2015

Hi,

 

Yes,

 

This can be enabled on the specific firewall policy

 

config firewall policy

edit <id>

 set logtraffic-start enable

end

 

This will generate a log message , when the session is started and also a log message after the session is closed.

 

Regards,

Pradhumna chandra

 

JohnMeteo
JohnMeteoAuthor
New Member
June 12, 2015

Many thanks. It does work and I did some tests like establish a FTP session and download some files but nothing is log during the session. When I close the ftp session, I get a log but the bytes send/receive does not match the transfer I did.

 

How do I get the session log properly?

 

Thanks,

 

JM

Pradhumna_FTNT
Staff
Pradhumna_FTNT
Staff
June 15, 2015

Hi,

 

Thanks for your update.

 

If your device has NP (Network processor) after the connection is setup the traffic gets offloaded to Network processor, due to which we will not be able to see the complete traffic details in the log.

 

We can disable this option on the specific firewall policy

 

config firewall policy

edit <id>

set auto-asic-offload disable

end

 

You can also refer this KB for more information regarding the same

 

http://kb.fortinet.com/kb...c&externalId=13851

 

Regards,

Pradhumna chandra

emnoc
emnoc
New Member
June 16, 2015

I would  suggest not doing that, you will not offload this to traffic and will drive the cpu higher . Is there any reason why you need ongoing active/realtime sessions information?

 

As explained earlier the traffic is offloaded, so you can't really gain ongoing session statistics until the session is closed.

 

    Terms & ConditionsAccessibility statement