i have seen this a couple of times and just wondering if anyone else has come across this. and can add any logic, so i can add to my notes for resolution. when the logotype has been set to CEF, via the GUI.
however the format it seem to come out in the local disk value not the expected CEF e.g expected output CEF:0|Fortinet|Fortigate|version|etc
not the ondisk format
date=2022-03-20 time=14:55:20 logid="1203030258" type="utm" subtype="waf" eventtype="waf-http-constraint" level="warning" |
Solved! Go to Solution.
@SebastianRogers As per the Engineering team, this is a bug in 6.3, and it will be fixed in version 6.3.19 GA.
I haven't come across this problem yet. Could you please provide the output of the following commands, so I can investigate from my end?
get system status
show log siem-policy
show log siem-message-policy
show log syslog-policy
show log syslogd
get system status
International Version: FortiWeb-Azure_OnDemand 6.3.17,build1195(GA),211130
Serial-Number: Sanitized
Bios version: 04000002
Log hard disk: Available
Hostname: Sanitized-FWB-A
Operation Mode: Reverse Proxy
FIPS-CC mode: disabled
Current HA mode: standalone
Database Status: Available
Current Manager role: standalone
show log siem-policy
config log siem-policy
end
show log siem-message-policy
config log siem-message-policy
end
show log syslog-policy
config log syslog-policy
edit "SampleSyslog"
config syslog-server-list
edit 1
set server XX.XXX.XX.XXX
set format cef
next
end
next
end
show log syslogd config log syslogd
set status enable
set facility local0
set policy SampleSyslog
config custom-field
end
@SebastianRogers I am able to reproduce this problem in my lab environment but running on a 6.3.18 GA release with the same configuration. I am checking internally. I shall get back to you with some updates. Stay tuned!
Thanks Denzil, its good to know it not just me it happens to. I do appreciate the time you have spent on this. I look forward to what you come back with
@SebastianRogers No problem. Engineering team are looking into this. I will get back to you as soon as there is an update from them.
@SebastianRogers As per the Engineering team, this is a bug in 6.3, and it will be fixed in version 6.3.19 GA.
User | Count |
---|---|
2677 | |
1412 | |
810 | |
703 | |
455 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.