Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
JohnMeteo
New Contributor

Session logging

Good day.

 

Is there a way for logging to happen at session start? We notice that when we do an FTP, until we close the session, nothing appears in the log.

 

Thanks.

 

JM

1 Solution
Pradhumna_FTNT

Hi,

 

Yes,

 

This can be enabled on the specific firewall policy

 

config firewall policy

edit <id>

 set logtraffic-start enable

end

 

This will generate a log message , when the session is started and also a log message after the session is closed.

 

Regards,

Pradhumna chandra

 

View solution in original post

4 REPLIES 4
Pradhumna_FTNT

Hi,

 

Yes,

 

This can be enabled on the specific firewall policy

 

config firewall policy

edit <id>

 set logtraffic-start enable

end

 

This will generate a log message , when the session is started and also a log message after the session is closed.

 

Regards,

Pradhumna chandra

 

JohnMeteo
New Contributor

Many thanks. It does work and I did some tests like establish a FTP session and download some files but nothing is log during the session. When I close the ftp session, I get a log but the bytes send/receive does not match the transfer I did.

 

How do I get the session log properly?

 

Thanks,

 

JM

Pradhumna_FTNT

Hi,

 

Thanks for your update.

 

If your device has NP (Network processor) after the connection is setup the traffic gets offloaded to Network processor, due to which we will not be able to see the complete traffic details in the log.

 

We can disable this option on the specific firewall policy

 

config firewall policy

edit <id>

set auto-asic-offload disable

end

 

You can also refer this KB for more information regarding the same

 

http://kb.fortinet.com/kb...c&externalId=13851

 

Regards,

Pradhumna chandra

emnoc
Esteemed Contributor III

I would  suggest not doing that, you will not offload this to traffic and will drive the cpu higher . Is there any reason why you need ongoing active/realtime sessions information?

 

As explained earlier the traffic is offloaded, so you can't really gain ongoing session statistics until the session is closed.

 

PCNSE 

NSE 

StrongSwan