Help
FortiProxy
FortiProxy provides enterprise-class protection against internet-borne threats and Advanced Web Content Caching
jhussain_FTNT
Staff
Staff

Created on ‎08-13-2024 03:01 AM Edited on ‎08-13-2024 03:02 AM By Community Manager

Article Id 332618

Technical Tip: How to enable 'httpmethod' and 'referrer url' parameters in the HTTP transaction logs for FortiAnalyzer or syslog or FortiSIEM

Description This article describes how to enable 'httpmethod' and 'referrer url' parameters in the HTTP transaction logs for FortiAnalyzer or syslog or FortiSIEM
Scope ForitProxy.
Solution

The default HTTP transaction logs in Fortiproxy do not include information regarding the 'http method' and 'referrer URL' parameters.

 

9692785.jpg

 

 

To include 'http method' and 'referralurl' parameters in Fortiproxy logs, configure the Firewall policy to set log-http-transaction to all and enable extended-log:

 

config firewall policy
    edit <policy id>
        set logtraffic all
        set logtraffic-start enable
        set log-http-transaction all
        set extended-log enable
    next
end

 

After enabling the settings, the 'http method' and 'referralurl' parameter information are in the logs.

 

FortiProxy:


date=2024-08-12 time=13:12:47 eventtime=1723457567180725453 tz="+0300" logid="0010000099" type="traffic" subtype="http-transaction" level="notice" vd="root" srcip=10.212.3.1 dstip=147.182.197.70 clientip=10.212.3.1 scheme="http" srcport=64088 dstport=80 hostname="www.nekocloud.com" url="http://www.nekocloud.com/vendor/jquery-easing/jquery.easing.min.js" prefetch=0 policyid=23 sessionid=1231606552 transid=67108915 reqlength=360 resplength=1160 rcvdbyte=1160 sentbyte=360 resptype="normal" referralurl="http://www.nekocloud.com/" httpmethod="GET" agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:129.0) Gecko/20100101 Firefox/129.0" statuscode="200" rawdata="Time=336ms|Header-Host=www.nekocloud.com|Response-Content-Type=text/javascript" reqtime=1723457566 resptime=1723457567 respfinishtime=1723457567 duration=335 appcat="unscanned"


FortiAnalyzer:


logver=0704040603 idseq=229240816239902721 itime=1723453889 devid="FPX2KET318000006" devname="MRJ-FortiProxy-SEC-02" vd="root" date=2024-08-12 time=13:12:47 eventtime=1723457567180725453 tz="+0300" logid="0010000099" type="traffic" subtype="http-transaction" level="notice" srcip=10.212.3.1 dstip=147.182.197.70 clientip=10.212.3.1 scheme="http" srcport=64088 dstport=80 hostname="www.nekocloud.com" url="http://www.nekocloud.com/vendor/jquery-easing/jquery.easing.min.js" prefetch=0 policyid=23 sessionid=1231606552 transid=67108915 reqlength=360 resplength=1160 rcvdbyte=1160 sentbyte=360 resptype="normal" referralurl="http://www.nekocloud.com/" httpmethod="GET" agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:129.0) Gecko/20100101 Firefox/129.0" statuscode="200" rawdata="Time=336ms|Header-Host=www.nekocloud.com|Response-Content-Type=text/javascript" reqtime=1723457566 resptime=1723457567 respfinishtime=1723457567 duration=335 appcat="unscanned"
161
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.