Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Debbie_FTNT
Staff
Staff

Created on ‎08-01-2017 01:22 AM Edited on ‎09-09-2024 09:31 PM By Community Manager

Article Id 197188

Technical Tip: Hostname and Destination name in traffic and UTM logs in FortiOS

Description

 

This article provides a clarification on the 'hostname' and 'destination name' fields used in FortiOS traffic and UTM logs.
 
Scope
 
FortiGate.


Solution

 

The raw traffic log does not contain a 'hostname' field, but may contain the field 'dstname'.  'dstname' is only available if 'resolve-ip' is 'enabled' under 'config log settings'.  The data of 'dstname' is obtained by a reverse DNS query for the IP address of 'dstip', against the DNS servers configured under 'config system dns'.

If the system DNS servers return no response or no PTR record, 'dstname' will contain the same data as in 'dstip'.

The raw UTM logs do not contain a 'dstname' field, but do contain a 'hostname' field.  The hostname field is provided by the respective UTM process, after inspecting the traffic.  'hostname' can be blank if no information is supplied.

Related documents:

FortiOS Log Reference guide.

Technical Tip: Configuring FortiGate and FortiAnalyzer to resolve IPs to hostname

Labels:
5878
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.