Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
AndreaSoliva
Contributor III

How a full log config looks like for 5.0.x / 5.2.x

Hi only because again I see log questions etc. Here a full overview for logging: NOTE Activating under 5.2.x Disk for logging for the smaller is not anymore possible. Disk is available but " config log disk" command is not anymore present! Only memory, FAZ, fortiguard and syslogd is for such device possible. Please ref to Software Matrix overview! Activate/Deactivate DLP UTM-Log/Log # config dlp sensor # edit [Name of Profil] # set extended-utm-log [enable | disable] # set dlp-log [enable | disable] # set nac-quar-log [enable | disable] # end NOTE For FortiOS 5.2 Option " extended-utm-log" does not exist anymore! Activate/Deactivate Antivirus UTM-Log/Log # config antivirus profile # edit [Name of Profil] # set extended-utm-log [enable | disable] # set av-block-log [enable | disable] # set av-virus-log [enable | disable] # end NOTE For FortiOS 5.2 Option " extended-utm-log" does not exist anymore! Activate/Deactivate VoiP UTM-Log/Log # config voip profile # edit [Name of Profil] # set extended-utm-log [enable | disable] # config sip # set status [enable | disable] # set log-violations [enable | disable] # set log-call-summary [enable | disable] # end # config sccp # set status [enable | disable] # set log-call-summary [enable | disable] # set log-violations [enable | disable] # end # end NOTE For FortiOS 5.2 Option " extended-utm-log" does not exist anymore! Activate/Deactivate Application UTM-Log/Log # config application list # edit [Name of Profil] # set extended-utm-log [enable | disable] # set log [enable | disable] # set other-application-log [enable | disable] # set unknown-application-log [enable | disable] # end NOTE For FortiOS 5.2 Option " extended-utm-log" does not exist anymore! Activate/Deactivate Deep-Inspection, SSL-SSL-Profile UTM-Log/Log # config firewall deep-inspection-options # edit [Name des Profiles] # set extended-utm-log [enable | disable] # set ssl-invalid-server-cert-log [enable | disable] # set allow-invalid-server-cert [enable | disable] # end NOTE For FortiOS 5.2 " deep-inspection-options" does not exist anymore and was renamed/moved to " ssl-ssh-profile" . The Option " extended-utm-log" does not exist anymore: # config firewall ssl-ssh-profile # edit [Name of Profil] # set ssl-invalid-server-cert-log [enable | disable] # end Activate/Deactivate Protocol Options UTM-Log/Log # config firewall profile-protocol-options # edit [Name of Profil] # set extended-utm-log [enable | disable] # set oversize-log [enable | disable] # set switching-protocols-log [enable | disable] # end NOTE For FortiOS 5.2 Option " extended-utm-log" does not exist anymore! Activate/Deactivate WebFilter UTM-Log/Log # config webfilter profile # edit [Name of Profil] # set extended-utm-log [enable | disable] # config web # set log-search [enable | disable] # end # set log-all-url [enable | disable] # set web-content-log [enable | disable] # set web-filter-command-block-log [enable | disable] # set web-filter-cookie-log [enable | disable] # set web-filter-applet-log [enable | disable] # set web-filter-jscript-log [enable | disable] # set web-filter-js-log [enable | disable] # set web-filter-vbs-log [enable | disable] # set web-filter-unknown-log [enable | disable] # set web-filter-referer-log [enable | disable] # set web-filter-cookie-removal-log [enable | disable] # set web-url-log [enable | disable] # set web-invalid-domain-log [enable | disable] # set web-ftgd-err-log [enable | disable] # set web-ftgd-quota-usage [enable | disable] # end NOTE For FortiOS 5.2 Option " extended-utm-log" does not exist anymore! Activate/Deactivate WebFilter [Minimal] UTM-Log/Log # config webfilter profile # edit [Name of Profil] # set extended-utm-log enable # config web # set log-search [enable | disable] # end # set log-all-url enable # set web-url-log enable # set web-ftgd-err-log enable # end Activate/Deactivate Spamfilter UTM-Log/Log # config spamfilter profile # edit [Name of Profil] # set extended-utm-log [enable | disable] # config imap # set log enable # end # config pop3 # set log enable # end # config smtp # set log enable # end # config mapi # set log enable # end # config msn-hotmail # set log enable # end # config yahoo-mail # set log enable # end # config gmail # end # end NOTE For FortiOS 5.2 Option " extended-utm-log" does not exist anymore! New Options for FortiOS 5.2 are: # config spam-log [enable | disable] Activate/Deactivate Global Settings Log # config log setting # set brief-traffic-format [enable | disable] # set daemon-log [enable | disable] # set neighbor-event [enable | disable] # set fwpolicy-implicit-log [enable | disable] # set fwpolicy6-implicit-log [enable | disable] # set gui-location [fortianalyzer] # set log-invliad-packet [enable | disable] # set local-in-allow [enable | disable] # set local-in-deny [enable | disable] # set local-out [enable | disable] # set resolve-apps [enable | disable] # set resolve-hosts [enable | disable] # set resolve-ip [enable | disable] # set user-anonymize [enable | disable] # set log-user-in-upper [enable | disable] # end NOTE For FortiOS 5.2 following options does not exist anymore: gui-location local-in-deny resolve-apps resolve-hosts New Options for FortiOS 5.2 are: # set resolve-port [enable | disable] # set local-in-deny-unicast [enable | disable] # set local-in-deny-broadcast [enable | disable] # set daemon-log [enable | disable] # set neighbor-event [enable | disable] # set brief-traffic-format [enable | disable] Activate/Deactivate Global Settings (Recommendation] Log FortiOS 5.0 # config log setting # set fwpolicy-implicit-log enable # set gui-location [fortianalyzer] # set local-in-allow disable # set local-in-deny disable # set local-out disable # set resolve-apps enable # set resolve-hosts enable # set resolve-ip enable # set user-anonymize disable # end FortiOS 5.2 # config log setting # set fwpolicy-implicit-log enable # set local-in-allow disable # set local-in-deny-unicast disable # set local-in-deny-broadcast disable # set local-out disable # set resolve-ip enable # set resolve-port enable # set user-anonymize disable # set daemon-log enable # set neighbor-event disable # set brief-traffic-format disable # end Activate/Deactivate Gui Location (FortiOS 5.2.x only): # config log gui-display # set location [forticloud | memory | disk | fortianalyzer | syslogd] # set resolve-hosts [enable | disable] # set resolve-apps [enable | disable] # end Activate/Deactivate Eventfilter Log # config log eventfilter # set event [enable | disable] # set router [enable | disable] # set system [enable | disable] # set user [enable | disable] # set vpn [enable | disable] # set wan-opt [enable | disable] # set wireless-activity [enable | disable] # end Activate/Deactivate Logging Devices " fortianalyzer" # config log fortianalyzer setting # set status enable # set ips-archive enable # set server [FortiAnalyzer IP] # set enc-algorithm default # set localid [set a local ID for Device like Serial Nr.] # set psksecret [Password for Preshared Key] # set conn-timeout 10 # set monitor-keepalive-period 5 # set monitor-failure-retry-period 5 # set source-ip 0.0.0.0 # set upload-option realtime # set reliabl enable # end # config log fortianalyzer filter # severity information # fortward-traffic enable # local-traffic enable # multicast-traffic enable # sniffer-traffic enable # anomaly enable # netscandiscovery enable # netscan-vulnerability enable # voip enable # dlp-archive enable # end Activate/Deactivate Logging Devices " memory" # config log memory setting # set status [enable | disable] # set diskfull overwrite # end # config log memory filter # severity information # fortward-traffic enable # local-traffic enable # multicast-traffic enable # sniffer-traffic enable # anomaly enable # netscandiscovery enable # netscan-vulnerability enable # voip enable # dlp-archive enable # end Activate/Deactivate Logging Devices " disk" # config log disk setting # set status [enable | disable] # set diskfull overwrite # end # config log disk filter # severity information # fortward-traffic enable # local-traffic enable # multicast-traffic enable # sniffer-traffic enable # anomaly enable # netscandiscovery enable # netscan-vulnerability enable # voip enable # dlp-archive enable # end Activate/Deactivate Logging Devices " syslogd" # config log syslogd setting # set status [enable | disable] # set server [IPv4 Adresse; FQDN Syslog Server] # set facility local0 # end # config log syslogd filter # severity information # fortward-traffic enable # local-traffic enable # multicast-traffic enable # sniffer-traffic enable # anomaly enable # netscandiscovery enable # netscan-vulnerability enable # voip enable # dlp-archive enable # end Activate/Deactivate Logging Devices " fortiguard" # config log fortiguard setting # set status [enable | disable] # end NOT To aktivate FortiGuard ID is required!
4 REPLIES 4
zack
New Contributor

Awesome!!

(2) FortiGate 300A (clustered) 4.2.9 (1) Fortigate 310B 4.2.9 (1) Fortianalyzer 100C 4.2.4
(2) FortiGate 300A (clustered) 4.2.9 (1) Fortigate 310B 4.2.9 (1) Fortianalyzer 100C 4.2.4
seadave
Contributor III

Much appreciated.

rastt
New Contributor

Very Nice!!

Shawn_W
Contributor

This is great.  Thank you!

Labels
Top Kudoed Authors