Strange syslog for Fortigate device

Question

Hi, Guys,

We found some strange syslog as the following, we have not configured or defined these policies ?

Any recommendation to fix these problems:

uID : 5025117 Date : Today 03:46:51 Host : 10.16.9.6 Messagetype : Syslog Facility : LOCAL7 Severity : ERR Syslogtag : date=2020-12-23 Checksum : 0 Message time=03:46:50 devname="Forti400e_Fw02" devid="FG4H000000000004" logid="1501054200" type="utm" subtype="dns" eventtype="dns-response" level="error" vd="root" eventtime=1608709611360453548 tz="-0400" policyid=0 sessionid=0 srcport=0 srcintf="unknown0" srcintfrole="undefined" dstip=169.254.0.2 dstport=53 dstintf="unknown0" dstintfrole="undefined" proto=17 xid=47105 qname="login.microsoft.com " qtype="A" qtypeval=1 qclass="IN" msg="A DNS resolution error occurs" action="pass" error="DNS query timeout"

Details for the syslog messages with id '5032066' uID : 5032066 Date : Today 04:03:27 Host : 10.16.9.6 Messagetype : Syslog Facility : LOCAL7 Severity : WARNING Syslogtag : date=2020-12-23 Checksum : 0

Message time=04:03:27 devname="Forti400e_Fw02" devid="FG4H000000000005" logid="0113022923" type="event" subtype="sdwan" level="warning" vd="root" eventtime=1608710608185897467 tz="-0400" logdesc="Virtual WAN Link status" eventtype="Service" serviceid=3 service="To_01DC" msg="Service disabled caused by no outgoing path."

Many thanks

Benoit_Rech_FTNT · Accepted Answer

Hello Benson,

this syslog is not related to firewall policy (we can see that is the syslog the policy-id is set to 0) but are generated by the system: * first one: a DNS query haven't received a response * second one: routing issue on SD-WAN, with on path unavailable. There a some filter you can apply on syslog, and also configure filter on event.

#config log syslogd filter

# get severity : information forward-traffic : enable local-traffic : enable multicast-traffic : enable sniffer-traffic : enable anomaly : enable voip : enable gtp : enable filter : filter-type : include

and

# config log eventfilter

# get event : enable system : enable vpn : enable user : enable router : enable wireless-activity : enable wan-opt : enable endpoint : enable ha : enable security-rating : enable fortiextender : enable connector : enable

Best regards, Benoit

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded