Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
SebastianRogers
New Contributor

Created on ‎03-22-2022 05:35 AM

Fortiweb CEF Malformatted

i have seen this a couple of times and just wondering if anyone else has come across this. and can add any logic, so i can add to my notes for resolution. when the logotype has been set to CEF, via the GUI.

however the format it seem to come out in the local disk value not the expected CEF e.g  expected output  CEF:0|Fortinet|Fortigate|version|etc

not the ondisk format

date=2022-03-20 time=14:55:20 logid="1203030258" type="utm" subtype="waf" eventtype="waf-http-constraint" level="warning"

 

Labels:
3293
0 Kudos
1 Solution
ddsouza_FTNT
Staff
Staff
In response to ddsouza_FTNT

Created on ‎03-30-2022 02:57 AM

@SebastianRogers As per the Engineering team, this is a bug in 6.3, and it will be fixed in  version 6.3.19 GA. 

View solution in original post

3197
6 REPLIES 6
ddsouza_FTNT
Staff
Staff

Created on ‎03-22-2022 07:56 AM

I haven't come across this problem yet. Could you please provide the output of the following commands, so I can investigate from my end?

get system status
show log siem-policy
show log siem-message-policy
show log syslog-policy
show log syslogd

 

3215
0 Kudos
SebastianRogers
New Contributor
In response to ddsouza_FTNT

Created on ‎03-22-2022 10:16 AM

get system status
International Version: FortiWeb-Azure_OnDemand 6.3.17,build1195(GA),211130
Serial-Number: Sanitized
Bios version: 04000002
Log hard disk: Available
Hostname: Sanitized-FWB-A
Operation Mode: Reverse Proxy
FIPS-CC mode: disabled
Current HA mode: standalone
Database Status: Available
Current Manager role: standalone

 

show log siem-policy
config log siem-policy
end

 

show log siem-message-policy

config log siem-message-policy
end

 

show log syslog-policy
config log syslog-policy
edit "SampleSyslog"
config syslog-server-list
edit 1
set server XX.XXX.XX.XXX
set format cef
next
end
next
end

 

show log syslogd config log syslogd
set status enable
set facility local0
set policy SampleSyslog
config custom-field
end

3207
0 Kudos
ddsouza_FTNT
Staff
Staff
In response to SebastianRogers

Created on ‎03-24-2022 08:05 AM

@SebastianRogers I am able to reproduce this problem in my lab environment but running on a 6.3.18 GA release with the same configuration. I am checking internally. I shall get back to you with some updates. Stay tuned!

3194
0 Kudos
SebastianRogers
New Contributor
In response to ddsouza_FTNT

Created on ‎03-28-2022 12:52 AM

Thanks Denzil, its good to know it not just me it happens to. I do appreciate the time you have spent on this. I look forward to what you come back with 

3143
0 Kudos
ddsouza_FTNT
Staff
Staff
In response to SebastianRogers

Created on ‎03-29-2022 01:29 AM

@SebastianRogers No problem.  Engineering team are looking into this. I will get back to you as soon as there is an update from them. 

3134
0 Kudos
ddsouza_FTNT
Staff
Staff
In response to ddsouza_FTNT

Created on ‎03-30-2022 02:57 AM

@SebastianRogers As per the Engineering team, this is a bug in 6.3, and it will be fixed in  version 6.3.19 GA. 

3198
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.