Description
Solution
This article explains how to set up a DLP security profile to log attachment information sent in an email.
Solution
Go to Security Profiles > Data Leak Prevention and create a new filter (For example, Microsoft Office for word files).
Add the newly created DLP profile to your policy and also enable SSL deep-inspection.
In the CLI, under your DLP sensor, make sure you enable extended-utm-log so that you can observe attachment information in DLP log.
config dlp sensor
edit "Test_dlp "
set comment "summary archive email and web traffic"
set replacemsg-group ''
config filter
edit 1
set type file
set proto smtp pop3 imap http-get http-post ftp nntp
set filter-by file-type
set file-type 3
set action log-only
next
end
set extended-utm-log enable
set dlp-log enable
Also, in the memory log settings, set severity to “information”
config log memory filter
set severity information
Now, whenever an email is sent across the FortiGate with msoffice related files (for example a word file), the information about the attachment will be logged in the DLP logs under “Log & Report”
Add the newly created DLP profile to your policy and also enable SSL deep-inspection.
In the CLI, under your DLP sensor, make sure you enable extended-utm-log so that you can observe attachment information in DLP log.
config dlp sensor
edit "Test_dlp "
set comment "summary archive email and web traffic"
set replacemsg-group ''
config filter
edit 1
set type file
set proto smtp pop3 imap http-get http-post ftp nntp
set filter-by file-type
set file-type 3
set action log-only
next
end
set extended-utm-log enable
set dlp-log enable
Also, in the memory log settings, set severity to “information”
config log memory filter
set severity information
Now, whenever an email is sent across the FortiGate with msoffice related files (for example a word file), the information about the attachment will be logged in the DLP logs under “Log & Report”
