I have a Fortigate F2K60FTK21900432 Fortigate proxy.
We have explisit-web-proxy policies that we normally use and its logs are sent to FortiAnalyzer . example :
But we also have the Implicit Deny policy found in Firewall Policy.
My problem is that the logs of the latter (Implicit Deny - Firewall Policy) appear in FortiAnalyzer and I do not want to have them because they generate confusion when analyzing the traffic in Fortinalizer.
Question: how can I prevent these logs from not being sent to Fortianalyzer.
Thanks for your help team
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
You can check the policy if the option 'Log IPv4 Violation Traffic' is enabled like shown here.
Hello ebilcari thank you for your cooperation but:
I had already seen this information on that website, anyway I did the test but I still see these local logs in my Fortianalyzer.
To be exact there are:
Forward Traffic - the ones I want to see in Fortianalyzer
Local Traffic - I don't want to see them in Fortianalyzer
Hello Leovigildo
Could you please share to the forum the output of " show full log setting" CLI command in that fortigate?
regards
/ Abel
PROXY_MFG12_1 # show full log setting
config log setting
set resolve-ip disable
set resolve-port enable
set log-user-in-upper disable
set fwpolicy-implicit-log disable
set fwpolicy6-implicit-log disable
set log-invalid-packet disable
set local-in-allow disable
set local-in-deny-unicast disable
set local-in-deny-broadcast disable
set local-out enable
set local-out-ioc-detection enable
set neighbor-event disable
set brief-traffic-format disable
set user-anonymize disable
set fortiview-weekly-data disable
set expolicy-implicit-log enable
set log-policy-comment disable
set faz-override disable
set syslog-override disable
set rest-api-set disable
set rest-api-get disable
end
this is my proxy configuration
You can read more about the local logs and policy 0 (without an ID) in this article here.
There is the option to enable or disable local traffic logs from CLI:
config log setting
set local-in-allow <enable/disable>
set local-in-deny-unicast <enable/disable>
set local-in-deny-broadcast <enable/disable>
set local-out <enable/disable>
this is my proxy configuration
PROXY_MFG12_1 # show full log setting
config log setting
set resolve-ip disable
set resolve-port enable
set log-user-in-upper disable
set fwpolicy-implicit-log disable
set fwpolicy6-implicit-log disable
set log-invalid-packet disable
set local-in-allow disable
set local-in-deny-unicast disable
set local-in-deny-broadcast disable
set local-out enable
set local-out-ioc-detection enable
set neighbor-event disable
set brief-traffic-format disable
set user-anonymize disable
set fortiview-weekly-data disable
set expolicy-implicit-log enable
set log-policy-comment disable
set faz-override disable
set syslog-override disable
set rest-api-set disable
set rest-api-get disable
end
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1732 | |
1106 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.