- Forums
- Knowledge Base
- Customer Service
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- FortiWebCloud
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- Client MAC Address Absent in Logs
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Client MAC Address Absent in Logs
Hi all,
We recently installed a FortiGate 100D cluster (Active-Active) at the edge of our wireless network. The appliances issue IP addresses via DHCP for client devices connecting to the wireless network. However, when examining the ' Forward Traffic' logs the MAC Address of the client isn' t shown. It isn' t even an additional column which can be selected.
The ' Router' Event Log shows the MAC address whenever an IP address is allocated.
Is it by design that MAC addrresses are omitted from the ' Forward Traffic' Logs or is there some way I can get them to be shown?
Many thanks,
JP
4 REPLIES 4
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I' m running 5.0.4 and don' t see MACs in the traffic logs on any of my FGs or the FAZ. Wasn' t this supposed to be a feature for v5?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
We are using a dedicated vdom for clients that has client reputation enabled, device detection on the interfaces and some additional log options.
MACs are logged with the app-control traffic merged into the traffic logs (FGT+FAZ).
MACs are not logged from webfilter traffic however.
2 sample consecutive tlog entries from FAZ which show the same traffic via webfilter traffic and app-control traffic:
itime=1387758029 date=2013-12-23 time=01:20:29 devid=xxxxxxxxxxxxxxxx vd=xxxxxxxxxxx type=traffic subtype=forward catdesc=" Information Technology" dstcountry=" United States" dstintf=" vlink_xxxxx" dstip=65.54.238.213 dstport=80 duration=91 hostname=" stats1.update.microsoft.com" lanin=2660 lanout=636 level=notice logid=0000000008 osname=" Windows" osversion=" XP (x86)" policyid=2 service=HTTP srccountry=" xxx" srcintf=" VLANxxxx" srcip=xx.xx.xx.100 srcname=xxxxxxxxxx srcport=1474 utmaction=passthrough utmevent=webfilter utmsubtype=ftgd-cat wanin=636 wanoptapptype=http wanout=2660
itime=1387758040 date=2013-12-23 time=01:20:40 devid=xxxxxxxxxxxxxxxx vd=xxxxxxxxxxx type=traffic subtype=forward app=" SOAP" appcat=" Network.Service" appid=16730 applist=" Clients_AF" devtype=" Windows PC" dstcountry=" United States" dstintf=" vlink_xxxxx" dstip=65.54.238.213 dstport=80 duration=101 level=notice logid=0000000013 mastersrcmac=xx:xx:xx:6d:d4:1a osname=" Windows" osversion=" XP (x86)" policyid=2 proto=6 rcvdbyte=844 rcvdpkt=5 sentbyte=2928 sentpkt=5 service=HTTP sessionid=2239257 srccountry=" xxx" srcintf=" VLANxxxx" srcip=xx.xx.xx.100 srcmac=xx:xx:xx:6d:d4:1a srcname=xxxxxxxxxx srcport=1474 status=close trandisp=noop
A part of a sample screenshot from FAZ/FGT from this traffic is attached.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Many thanks for the pointers folks. It appears we may have a ' buggy' installation (not my words!!) which requires an upgrade to the latest version. I will post of any changes/resolution when the upgrade has been carried out.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
One or two additional points to note:
The displayed ' split logging' of webfilter and app-control traffic on our systems is apparently caused by enabling web cache in the same firewall policies the webfilter profile and application control profile are added.
When using webcache in policies of the management (outer) vdom, the client vdom traffic is routed through, it creates nice logging entries for the client vdom containing all the above information.
Also, as mentioned in the forums, we have extended-utm-log enabled in the application list settings.
Related Posts
- 2 VIP with same external IPs 412 Views
- FortiMail issue ip reputation 290 Views
- IPSec client is blocked by implicit... 713 Views
- FortiOS 7.2.4 IPSec split-tunnel breaks local... 409 Views
- Automatically Ban Malicious Inbound IPs using... 524 Views
Labels
-
FortiGate
6,811 -
FortiClient
1,351 -
5.2
801 -
5.4
639 -
FortiManager
585 -
FortiAnalyzer
430 -
6.0
416 -
5.6
362 -
FortiAP
351 -
FortiSwitch
348 -
FortiClient EMS
276 -
FortiMail
266 -
6.2
251 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
164 -
6.4
128 -
FortiNAC
114 -
FortiGuard
108 -
FortiSIEM
92 -
FortiGateCloud
90 -
IPsec
90 -
FortiCloud Products
85 -
FortiToken
74 -
SSL-VPN
73 -
Customer Service
70 -
4.0MR3
64 -
Wireless Controller
62 -
FortiProxy
47 -
FortiADC
44 -
FortiEDR
42 -
Fortivoice
41 -
SD-WAN
37 -
FortiDNS
35 -
FortiExtender
34 -
FortiGate v5.4
34 -
FortiSandbox
33 -
FortiSwitch v6.4
30 -
Firewall policy
30 -
FortiAuthenticator
24 -
High Availability
24 -
FortiConnect
24 -
VLAN
23 -
FortiWAN
22 -
FortiConverter
21 -
ZTNA
20 -
FortiPortal
18 -
FortiSwitch v6.2
16 -
FortiGate v5.2
16 -
Certificate
16 -
SAML
15 -
DNS
15 -
LDAP
15 -
FortiMonitor
14 -
BGP
14 -
Interface
14 -
Logging
14 -
FortiGate v5.0
13 -
FortiDDoS
13 -
Routing
12 -
FortiCASB
12 -
VDOM
12 -
fortilink
11 -
RADIUS
10 -
Authentication
10 -
Virtual IP
10 -
FortiRecorder
10 -
FortiWeb v5.0
9 -
SSL SSH inspection
9 -
Traffic shaping
9 -
FortiManager v5.0
9 -
NAT
9 -
4.0MR2
9 -
SSID
8 -
Fortigate Cloud
8 -
SSO
8 -
Application control
8 -
FortiGate v4.0 MR3
8 -
RMA Information and Announcements
7 -
FortiSOAR
7 -
FortiAnalyzer v5.0
7 -
Admin
7 -
4.0
7 -
IP address management - IPAM
7 -
Security profile
6 -
FortiBridge
6 -
SNMP
6 -
Web application firewall profile
6 -
Web profile
6 -
Proxy policy
5 -
Traffic shaping policy
5 -
FortiAP profile
5 -
FortiManager v4.0
5 -
Static route
5 -
FortiDirector
4 -
IPS signature
4 -
Packet capture
4 -
Antivirus profile
4 -
Automation
4 -
WAN optimization
4 -
DNS Filter
4 -
FortiTester
4 -
FortiCarrier
4 -
FortiCache
4 -
OSPF
4 -
3.6
4 -
FortiScan
4 -
Port policy
4 -
FortiToken Cloud
3 -
DoS policy
3 -
Email filter profile
3 -
Web rating
3 -
Intrusion prevention
3 -
FortiDB
3 -
trunk
3 -
FortiDeceptor
2 -
System settings
2 -
FortiInsight
2 -
NAC policy
2 -
Fortinet Engage Partner Program
2 -
Users
2 -
Traffic shaping profile
2 -
FortiPAM
2 -
VoIP profile
2 -
FortiAI
2 -
FortiHypervisor
2 -
Netflow
2 -
Protocol option
2 -
4.0MR1
1 -
TACACS
1 -
Replacement messages
1 -
Subscription Renewal Policy
1 -
Schedule
1 -
FortiCWP
1 -
FortiNDR
1 -
SDN connector
1 -
Application signature
1 -
Authentication rule and scheme
1 -
FortiManager-VM
1 -
Internet Service Database
1 -
Fabric connector
1 -
Multicast routing
1 -
Explicit proxy
1 -
Zone
1
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.