Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
juanc
New Contributor

Fortinet UTM logs field country

Hello everyone,

I apologize because I am using the translator to request help.

 

I clarify that I do not have knowledge in fortinet not am I an administrator of one of these devices, I am an administrator of a SIEM and I am currently receiving the UTM type logs through Syslog and I see that within this log the origin country and destination country fields do not arrive .

 

I would like to know if there is any way for this field to be included to send the request to the administrator of said firewall

 

I exactly need to know which IPs are from Russia since I need to get a report of the incoming and outgoing connections from this country to the firewall

 

tnx

1 Solution
lol
Staff
Staff

Hello,


Some fields are missing from syslog messages unless you enable the UTM extended logging.
This is possible when selecting mode reliable.

Refer to https://docs.fortinet.com/document/fortigate/7.0.6/fortios-log-message-reference/496081/enabling-ext...

 

If there are still the country entries missing then please clarify which exact log item is affected.
i.e.
type="utm" subtype="ips" eventtype="botnet" level="warning"
type="utm" subtype="virus" eventtype="analytics" level="notice"

 


Sorry I am not a FortiSiem expert, but does the FortiSiem not have its own function to resolve IP addresses from logs to countries ?


Regards

View solution in original post

2 REPLIES 2
lol
Staff
Staff

Hello,


Some fields are missing from syslog messages unless you enable the UTM extended logging.
This is possible when selecting mode reliable.

Refer to https://docs.fortinet.com/document/fortigate/7.0.6/fortios-log-message-reference/496081/enabling-ext...

 

If there are still the country entries missing then please clarify which exact log item is affected.
i.e.
type="utm" subtype="ips" eventtype="botnet" level="warning"
type="utm" subtype="virus" eventtype="analytics" level="notice"

 


Sorry I am not a FortiSiem expert, but does the FortiSiem not have its own function to resolve IP addresses from logs to countries ?


Regards

juanc
New Contributor

Hello, thank you very much for taking the time to answer my question.

Yes, the SIEM has a command called iplocation that allows this data to be retrieved, but in this specific case I need it to arrive in the log from the source.

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors