Technical Note: How to enable logging for specific application (HTTP) traffic using application control sensor profile

dhandinder_FTNT · ‎10-14-2015

Description

This article shows how to enable the logging for the specific application (HTTP) using the application control sensor.

Solution

The basic steps required are:

1. Create an application control sensor.
2. Apply that application control sensor on the firewall policy.
3. Browse any web site using Firefox.
4. Check the application control logs for HTTP.Browser_Firefox traffic.

Configuration CLI

Create an application control sensor.

#config application list
#edit "test"
#set other-application-log enable
#set unknown-application-log disable
#config entries
#edit 1
#set application 15893 34050
#set action pass
#set log enable
#set log-packet enable
#next
#end
#next
#end

In this example the signatures 15893 and 34050 are the signatures for HTTP.BROWSER & HTTP.BROWSER_Firefox.

Apply that application control sensor on the firewall policy.

#config firewall policy
#edit <id>
#set application-list "test"
#set logtraffic utm
#next
#end

Browse any web site using Firefox.

Verification of configuration

Check the application control logs for HTTP.Browser_Firefox traffic.

#exec log filter category utm-app-ctrl
#exec log display
date=2014-10-17 time=07:08:05 logid=1059028704 type=utm subtype=app-ctrl eventtype=app-ctrl-all level=information vd="root" appid=34050 srcip=10.185.1.1 srcport=1510 dstip=66.171.121.34 dstport=80 proto=6 service="HTTP" sessionid=22024 applist="test" appcat="Web.Others" app="HTTP.BROWSER_Firefox" action=pass hostname="www.fortinet.com" url="/sites/default/files/js/js_3_50vK6Nv28vcq9RH3Ip8iE7BpfMvwmtDIKqrFurrrM.js" msg="Web.Others: HTTP.BROWSER_Firefox," apprisk=elevated

Technical Note: How to enable logging for specific application (HTTP) traffic using application control sensor profile

You are leaving our website