Hello
How can I change the format of the "Source" value in "Log view" -> "FortiGate" -> "Traffic" from e.g. "0d42e9ab-05es-4202-bg6a-7r937cstff36" to an IP address? Some of the endings are represented by an IP address, and some by such an identifier as above. What it comes from?
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Can you try the auto-script configuration?
Hello Wojtek,
Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.
Thanks,
This looks like UUID, can you check if you have the below config enabled on the fortigate, if so please disable and check?
config system global set log-uuid-address enable set log-uuid-policy enable end
Ref:
@srajeswaran - I have the default value, i.e. log-uuid-address I have disabled
Can you share the raw log for one of these?
Hello,
The Source column is srcname=02324cbd-e1df-495f-8c88-74e98e918474.
date=2023-02-21 time=13:05:10 id=7202579023459778565 itime=2023-02-21 13:05:10 euid=3 epid=1062 dsteuid=3 dstepid=101 type=traffic subtype=forward level=notice action=accept policyid=19 sessionid=2114816 srcip=MY_IP_LAN dstip=216.239.32.116 transip=MY_IP_WAN srcport=58637 dstport=443 transport=58637 trandisp=snat duration=139 proto=6 sentbyte=4509 rcvdbyte=8890 sentdelta=4509 rcvddelta=8890 sentpkt=26 rcvdpkt=25 logid=0000000020 srcname=02324cbd-e1df-495f-8c88-74e98e918474 service=Google-Gmail app=Google.Services appcat=General.Interest srcintfrole=lan dstintfrole=wan srcserver=0 appid=42533 appact=detected apprisk=elevated policytype=policy eventtime=1676981110095095080 poluuid=1a4d0300-040c-51ed-ecdf-c719b12820bd srcmac=MAC_ADDRESS mastersrcmac=MAC_ADDRESS srchwvendor=ASUS srcswversion=10 osname=Windows srccountry=Reserved dstcountry=United States srcintf=internal dstintf=wan2 dstinetsvc=Google-Gmail applist=_standardowyAPP_mr policyname=WWW.FTP.PPTP_mr tz=+0100 dstregion=California dstcity=Mountain View dstreputation=5 devid=FGTXXX vd=root dtime=2023-02-21 13:05:10 itime_t=1676981110
Although this is not always the case. Currently is srcname=NAME_MY_COMPUTER
date=2023-03-06 time=08:31:17 id=7207332551529070594 itime=2023-03-06 08:31:17 euid=3 epid=1062 dsteuid=3 dstepid=101 type=traffic subtype=forward level=notice action=accept utmaction=allow policyid=19 sessionid=3646215 srcip=MY_IP_LAN dstip=142.250.203.138 transip=MY_IP_WAN srcport=59499 dstport=443 transport=59499 trandisp=snat duration=186 proto=17 sentbyte=13223 rcvdbyte=22016 sentpkt=28 rcvdpkt=43 logid=0000000013 srcname=NAME_MY_COMPUTER service=Google-Web app=QUIC appcat=Network.Service srcintfrole=lan dstintfrole=wan srcserver=0 appid=40169 appact=detected apprisk=low policytype=policy eventtime=1678087877445394150 countapp=2 countweb=1 poluuid=1a4d0300-040c-51ed-ecdf-c719b12820bd srcmac=MAC_ADDRESS mastersrcmac=MAC_ADDRESS srchwvendor=ASUS srcswversion=10 osname=Windows srccountry=Reserved dstcountry=Poland srcintf=internal dstintf=wan2 dstinetsvc=Google-Web applist=_standardowyAPP_mr policyname=WWW.FTP.PPTP_mr hostname=safebrowsing.googleapis.com catdesc=Information Technology tz=+0100 dstregion=Masovian dstcity=Warsaw dstreputation=4 devid=FGTXXX vd=root dtime=2023-03-06 08:31:17 itime_t=1678087877
Can you try the auto-script configuration?
Hello,
For now, I used "diag user device clear" and all "Source" took the form of IP addresses. After some time, some of the records in "Source" still have IP addresses, and some of the host name. I honestly admit that I would prefer to unify it somehow (I would only prefer IP addresses)...
If you prefer IP address, can you turn off the device identification/detection from the interface?
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1517 | |
1013 | |
749 | |
443 | |
209 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.