Skip to main content
Mick
Mick
New Member
April 18, 2016
Question

Source and Source IP columns in Fortianalyzer?

  • April 18, 2016
  • 2 replies
  • 7003 views

My problem is the name listed in the source column which I see as the hostname don't match up with ip address in the source ip column.  The hostname field is completely blank in our setup.  I want to see the hostname for both the source and destination ip addresses.

 

We migrated over from Check Point.  In Check Point there's a icon in the ribbon that you simple clicked on to toggle between the hostname and ip address. 

 

Fortianalyzer firmware version is 5.2.5 Build 3175, Fortigate is a 600D firmware version 5.2.6.

 

Let me know if you need more info.

    2 replies

    awasfi_FTNT
    Staff
    awasfi_FTNT
    Staff
    April 20, 2016

    Hello,

     

    1) Make sure the following configuration enabled on the FortiGate(CLI):

    config log setting

    set resolve-ip enabl

    end

     

    config webfilter profile

    edit <profile_name>   <<-- which is being used on the firewall policy

    set log-all-url enable

    next

    end

     

    Enable SSL inspection on the firewall policy to inspect HTTPS traffic.

     

    2) On FortiAnalyzer add column "Destination Name" to "Log View" (Right click at the header of any column and select destination name from the list).

     

    Regards,

    awasfi_FTNT
    Staff
    awasfi_FTNT
    Staff
    April 20, 2016

    Hello,

     

    Source IP : The IP address of the traffic’s origin. The source varies by the direction:

    • In HTTP requests, this is the web browser or other client.

    • In HTTP responses, this is the physical server.

     

    Refer to the following document for more details regarding logs:

    http://docs.fortinet.com/uploaded/files/2588/fortigate-fortios-log-message-reference.pdf

    Terms & ConditionsAccessibility statement