Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
alex_d
New Contributor

Log traffic options for IPv4 Policy

Hi everybody,

I'm new in the FortiWorld, and I need to understand the exact difference between "Log Security Events" and "Log All Sessions" when I configure an IPv4 policy via FortiManager.

I would also like to understand the impact this choice will have on my infrastructure. (storage, ...)

I looked (a lot) in the documentation available at Fortinet, but I didn't find this information.

Thank in advance for your help.

2 REPLIES 2
Dave_Hall
Honored Contributor

Log Security Events will only log Security (UTM) events (e.g. AV, IPS, firewall webfilter), providing you have applied one of them to a firewall (rule) policy.  Log all traffic will do just that - personally, I would not enabled "Log all traffic" unless I need to troubleshoot something in near real time.

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
alex_d

First of all, thanks a lot for this quick answer. Just to be sure I understand correctly the difference, could you give me some examples of information that I will find by activating "Log All Sessions" and that I wouldn't find with "Log Security Events" (even if I add the "Generate Logs when Session Starts" option) for a specific IPv4 policy rule ?

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors