FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
GGMACHAIN
Staff
Staff
Article Id 341247
Description This article describes how to get information regarding logs that exceed the threshold limit stipulated in the DoS policy configurations.
Scope FortiGate.
Solution

There are different types of L3 and L4 DoS anomalies and threshold values pre-defined by Fortinet.

These values should be studied based on each environment, but it is always recommended to keep the values set to the default and in monitor mode at the first configuration and adjust them based on the logs generated in the 'anomaly' menu. Follow these steps to view the logs:

 

From v7.2.x, the Anomaly log is visible under Log & Report -> Security Events -> Summary/ Log.

 

To view the log, choose Logs at the top to be redirected to the logs page:

 

DoS anomalies logs generatedDoS anomalies logs generated

 

 

 

The same can be collected via the CLI, utilizing the commands below:


execute log filter category 7
execute log display

4 logs found.
4 logs returned.

 

Available categories:

0: traffic
1: event
2: utm-virus
3: utm-webfilter
4: utm-ips
5: utm-emailfilter
7: utm-anomaly
8: utm-voip
9: utm-dlp
10: utm-app-ctrl
12: utm-waf
15: utm-dns
16: utm-ssh
17: utm-ssl
19: utm-file-filter
20: utm-icap
22: utm-sctp-filter


Related articles:

Technical Tip: Denial of Service (DoS) anomalies explained

Technical Tip: DoS attack log according to action set on DoS policy

Technical Tip: How to view security log in firmware 7.2.x