date=XXXX-XX-XX time=XX:XX:XX itime="XXXX-XX-XX XX:XX:XX" logver=52 logid=0201009233 type=utm subtype=virus level=notice devid=FGXXXXXXXXXX vd=root msg="File submitted to Sandbox." action=analytics service=HTTP srcip=X.X.X.X dstip=X.X.X.X srcport=51779 dstport=80 sessionid=2013193656 direction=incoming filename=File name sent for inspection quarskip=No-skip url=http://dl.google.com/release2/JYM2KPQ8t30/File sent for inspection profile=AV-Profile agent=Mozilla/5.0 proto=6 eventtype=analytics analyticscksum=52b0dda51113acec993dbbb40a2ff7f1024d0fc998de2d61d6b479ffe26d9be4 analyticssubmit=true policyid=510 srcintf=portXX dstintf=portXX dtime="XXXX-XX-XX XX:XX:XX" itime_t=1492446015 devname=HA_Perimetral2) The quarantine process is used in the FortiGates to send files to ForitSandbox; the following debug commands can also be run to review how the files are sent:
# diag debug resetLeave the debug running for some minutes then disable this as follow:
# diag debug disable
# diag debug application quarantine -1
# diag debug enable
# diag debug reset
# diag debug disable
FortiSandbox side:
1) On the GUI interface go to Logs & Report -> All Events; select "History Logs" and look for the serial number of the FortiGate.
2) Run the debug to check all file sending processes and connections to the FortiGate:> diagnose-debug device FortiGate_Serial_NumberLeave the debug program running for a few minutes before stopping it with CTRL+C.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.