Description | This article describes how to get information regarding logs that exceed the threshold limit stipulated in the DoS policy configurations. |
Scope | FortiGate. |
Solution |
There are different types of L3 and L4 DoS anomalies and threshold values pre-defined by Fortinet. These values should be studied based on each environment, but it is always recommended to keep the values set to the default and in monitor mode at the first configuration and adjust them based on the logs generated in the 'anomaly' menu. Follow these steps to view the logs:
From v7.2.x, the Anomaly log is visible under Log & Report -> Security Events -> Summary/ Log.
To view the log, choose Logs at the top to be redirected to the logs page:
The same can be collected via the CLI, utilizing the commands below:
Available categories: 0: traffic Related articles: Technical Tip: Denial of Service (DoS) anomalies explained Technical Tip: DoS attack log according to action set on DoS policy |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.