Fortinet Community

Shilpa1 · ‎12-15-2021

Description

This article describes thatEMS logs are recorded for dynamic address related events, including adding, updating, and removing EMS tags.

The dynamic address list includes EMS tags, such as the MAC tag:

# diagnose firewall dynamic list

MAC_FCTEMSTA20-----8_ems135_winOS_tag(total-addr: 2): ID(62) TAG()

MAC(02:00:4C:4F:4F:50)

MAC(64:00:6A:8E:95:62)

Scope

Solution

To view the logs from GUI.

1) Go to Log & Report -> Events and select 'SDN Connector Events':

Log examples.

# execute log filter device 2
# execute log filter category 1
# execute log filter field subtype connector
# execute log display
112 logs found.
10 logs returned.

1: date=2021-02-11 time=15:12:29 id=6928147977798156362 itime="2021-02-11 15:12:33" euid=3 epid=3 dsteuid=3 dstepid=3 logver=604051825 logid=0112053203 type=event subtype=connector level=information msg="Updated tag FCTEMS_ALL_FORTICLOUD_SERVERS." logdesc="Dynamic address updated" addr=FCTEMS_ALL_FORTICLOUD_SERVERS eventtime=1613085150627684117 fctemssn=(null) tz=-0800 devid=FWF61ETK20-----3 vd=root csf=EC_61E_Faric dtime="2021-02-11 15:12:29" itime_t=1613085153 devname=EC_61E

2: date=2021-02-11 time=15:12:30 id=6928147964913254410 itime="2021-02-11 15:12:30" euid=3 epid=3 dsteuid=3 dstepid=3 logver=604051825 logid=0112053203 type=event subtype=connector level=information msg="Updated tag FCTEMS_ALL_FORTICLOUD_SERVERS." logdesc="Dynamic address updated" addr=FCTEMS_ALL_FORTICLOUD_SERVERS eventtime=1613085150686659727 fctemssn=(null) tz=-0800 devid=FWF61ETK18002255 vd=root csf=EC_61E_Faric dtime="2021-02-11 15:12:30" itime_t=1613085150 devname=EC_61E
...

Dynamic address added.

10: date=2021-02-10 time=17:34:28 eventtime=1613007268451987782 tz="-0800" logid="0112053200" type="event" subtype="connector" level="information" vd="root" logdesc="Dynamic address added" fctemssn="FCTEMSTA20-----8" addr="FCTEMSTA20-----8_all_registered_clients" msg="Created new tag FCTEMSTA20-----8_all_registered_clients."

Dynamic address expired removed.

11: date=2021-02-10 time=17:33:29 eventtime=1613007209497390822 tz="-0800" logid="0112053201" type="event" subtype="connector" level="information" vd="root" logdesc="Dynamic address removed" fctemssn="FCTEMSTA20-----8" addr="all_registered_clients" msg="Removed expired tag all_registered_clients."

Dynamic address updated.

14: date=2021-02-10 time=17:27:19 eventtime=1613006839576044092 tz="-0800" logid="0112053203" type="event" subtype="connector" level="information" vd="root" logdesc="Dynamic address updated" fctemssn="FCTEMSTA20-----8" addr="FCTEMSTA20-----8_all_registered_clients" msg="Updated tag FCTEMSTA20-----8_all_registered_clients."

Dynamic address removed.

30: date=2021-02-10 time=11:38:40 eventtime=1612985920771374086 tz="-0800" logid="0112053201" type="event" subtype="connector" level="information" vd="vdom1" logdesc="Dynamic address removed" fctemssn="FCTEMSTA20-----8" addr="MAC_FCTEMSTA20-----8_Critical" msg="Removed tag MAC_FCTEMSTA20-----8_Critical."