Description | This article describes how to receive IPS logs in FortiGate. |
Scope | FortiGate. |
Solution |
config firewall policy
config ips sensor
Download the EICAR file from Anti Malware Testfile. However, no logs are being generated.
Check the version of Attack Definitions/ Attack Extended Definitions by using the command: 'diagnose autoupdate versions'.
eventtime=1723714477181988079 tz="+0200" logid="0419016384" type="utm" subtype="ips" eventtype="signature" level="alert" vd="root" severity="info" srcip=172.16.1.2 srccountry="Reserved" dstip=89.238.73.97 dstcountry="Germany" srcintf="port3" srcintfrole="undefined" dstintf="port1" dstintfrole="undefined" sessionid=2148164589 action="dropped" proto=6 service="HTTPS" policyid=1 poluuid="9441a5c0-50b4-51ef-352d-269f586485de" policytype="policy" attack="Eicar.Virus.Test.File" srcport=59557 dstport=443 hostname="www.eicar.org" url="/download-anti-malware-testfile/" agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36" httpmethod="GET" referralurl="https://www.eicar.org/download-anti-malware-testfile/" direction="incoming" attackid=29844 profile="test-eicar" ref="http://www.fortinet.com/ids/VID29844" incidentserialno=188743687 msg="file_transfer: Eicar.Virus.Test.File" |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.