I enabled a few IPv4 DoS policies on a 600E running 6.4.3 with Logging enabled and an Action of Monitor.
I'd like to look through the syslogs (or other logs?) to find if the default thresholds are working correctly before I set the DoS Policy for Block.
Would I find these messages in the syslog output? If so, what keyword(s) would I be looking for? I can't seem to find much info on the logging/monitoring.
Even better, I'd love to see information on my current values (tcp_syn, for example) so as to better set the Thresholds based on our "normal" traffic values.
Can anyone please help?
According to FortiNet Tech Support, I should be looking for the following anomalies: 18432, 18433, 18434. See https://docs.fortinet.com/document/fortigate/6.2.0/fortios-log-message-reference/688125/anomaly
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2023 Fortinet, Inc. All Rights Reserved.