- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Fortinet UTM logs field country
Hello everyone,
I apologize because I am using the translator to request help.
I clarify that I do not have knowledge in fortinet not am I an administrator of one of these devices, I am an administrator of a SIEM and I am currently receiving the UTM type logs through Syslog and I see that within this log the origin country and destination country fields do not arrive .
I would like to know if there is any way for this field to be included to send the request to the administrator of said firewall
I exactly need to know which IPs are from Russia since I need to get a report of the incoming and outgoing connections from this country to the firewall
tnx
Solved! Go to Solution.
- Labels:
-
FortiGate
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
Some fields are missing from syslog messages unless you enable the UTM extended logging.
This is possible when selecting mode reliable.
If there are still the country entries missing then please clarify which exact log item is affected.
i.e.
type="utm" subtype="ips" eventtype="botnet" level="warning"
type="utm" subtype="virus" eventtype="analytics" level="notice"
Sorry I am not a FortiSiem expert, but does the FortiSiem not have its own function to resolve IP addresses from logs to countries ?
Regards
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
Some fields are missing from syslog messages unless you enable the UTM extended logging.
This is possible when selecting mode reliable.
If there are still the country entries missing then please clarify which exact log item is affected.
i.e.
type="utm" subtype="ips" eventtype="botnet" level="warning"
type="utm" subtype="virus" eventtype="analytics" level="notice"
Sorry I am not a FortiSiem expert, but does the FortiSiem not have its own function to resolve IP addresses from logs to countries ?
Regards
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello, thank you very much for taking the time to answer my question.
Yes, the SIEM has a command called iplocation that allows this data to be retrieved, but in this specific case I need it to arrive in the log from the source.