Help
FortiAnalyzer
FortiAnalyzer can receive logs and Windows host events directly from endpoints connected to EMS, and you can use FortiAnalyzer to analyze the logs and run reports.
Gaetan_
Staff
Staff

Created on ‎08-21-2023 05:47 AM Edited on ‎08-21-2023 05:50 AM By Community Manager

Article Id 269598

Technical Tip: Inserting CAPWAP traffic into Analytics

Description

This article describes how to make CAPWAP logs data part of FortiAnalyzer Analytics (reports, FortiView, etc...).
Scope

FortiAnalyzer.
Solution

By default, when FortiAnalyzer receives logs from FortiGate regarding CAPWAP tunnels, those are not inserted in Analytics. Thus, when generating a report or looking at FortiView graphs (Top Source or Destination, for example), those sessions aren't displayed.

As CAWAP tunnels may consume an important part of the bandwidth (between a WiFi access point and a WiFi controller, for example), it can be useful to add the related logs data into Analytics.

 

The solution is to disable CAPWAP exclusion 'set exclude-capwap disableunder 'config system report setting':

 

FAZ_CAPWAP.jpg
209
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.