Help
FortiWeb
A FortiWeb can be configured to join a Security Fabric through the root or downstream FortiGate.
shafiq23
Staff & Editor
Staff & Editor

Created on ‎05-27-2024 10:49 PM

Article Id 317628

Technical Tip: How to include HTTP data in traffic log sent to FortiAnalyzer

Description This article describes how to enable traffic packet(HTTP headers  & body) sent to FortiAnalyzer logging.
Scope FortiWeb and FortiWeb-VM.
Solution

By default, FortiWeb only sends the traffic raw log to FortiAnalyzer for analytical log view. This would limit administrator visibility on traffic details such as HTTP headers and body.

 

No traffic payload data.PNG

 

From CLI:

 

FWB-02 # config log forti-analyzer

FWB-02 (forti-analyzer) # show full-configuration
config log forti-analyzer
    set status enable
    set severity information
    set traffic_packet disable <----- Disabled by default.
    set fortianalyzer-policy FAZ
end

 

FWB-02 (forti-analyzer) # set traffic_packet enable <----- Enable traffic packet forwarding

 

FWB-02 (forti-analyzer) # show full-configuration
config log forti-analyzer
    set status enable
    set severity information
    set traffic_packet enable
    set fortianalyzer-policy FAZ
end

 

From FortiAnalyzer GUI:

  1. Navigate to Log View > FortiWeb > Traffic.
  2. Select and double-click the log entry.
  3.  Find the Data field.
  4. Select Data icon to view packet details.

 

traffic payload data.PNG

 

traffic payload data 2.PNG

 

Refer to below documentation for more information on FortiWeb-FortiAnalyzer logging integration:
Logging 
480
0 Kudos
Suggest New Article
Article Feedback
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.