FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
jintrah_FTNT
Staff
Staff
Article Id 334269
Description

 

This article describes Historical and Realtime Debug Logs for determining RCA.

 

Scope

 

FortiGate.

 

Solution

 

Historical Logs:

  • Stored data about past system events.
  • Covers a wide array of incidents to understand general trends about the system health, network, etc.
  • Helps establish a baseline for environment normalcy, and also understand any changes to it over time.
  • May not contain sufficient or detailed information for specific incidents, and therefore needs to run real-time debugging.
  • Logs fetched from Device Disk/FortiAnalyzer, Syslog, etc: System Event logs, HA Event logs, IPS logs, Traffic Logs, etc.

 

Realtime Debug Logs:

  • Captures live data from a running system, application, or service, and helps quickly understand what that is happening in the environment.
  • Useful for identifying transient or intermittent problems.
  • Records data to capture specific issue(s) in detail.
  • Logs may sometimes be too verbose, therefore requiring applicable filters to be set before issuance.
  • A few debug logs are fetched from the CLI in realtime:

 

For effective RCA, the best approach would be to gather a combination of both real-time debug logs and historical logs for analysis.