Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
mlehner
New Contributor

Log viewing

Hi all,

 

I'm new to FortiGate UTM appliances, so forgive my ignorance  I have a FortiGate 30E deployed in a production environment and I have it setup to forward logs to FortiCloud. There's a few things I'm unclear about. In my old SonicWall units, I could send logs to an e-mail address. Those logs used to look like this:

 

17 07/28/2016 13:36:23.064NoticeNetwork AccessUDP packet dropped66.186.74.173, 10787, X176.9., 60771, X1UDP Port: 60771 18 07/28/2016 13:36:37.112NoticeNetwork AccessICMP packet dropped due to policy45.55.107.153, 3, X176.9., 3, X1ICMP Destination Unreachable, Code: 10 19 07/28/2016 13:36:52.128NoticeNetwork AccessTCP connection dropped60.249.103.226, 4956, X176.9., 1433, X1TCP RPC Services 20 07/28/2016 13:36:55.496DebugNetwork AccessHTTP method detected; examining stream for host header192.168., 49340, X052.9.90.51, 80, X1TCP HTTP 21 07/28/2016 13:37:34.464NoticeNetwork AccessUDP packet dropped219.79.60.75, 40752, X176.9., 23653, X1UDP Port: 23653 22 07/28/2016 13:37:57.224DebugNetwork AccessHTTP method detected; examining stream for host header192.168., 50862, X052.9.90.51, 80, X1TCP HTTP

These logs showed me when traffic was blocked by the WAN->LAN DENY ALL firewall policy. It's a requirement for me to be able to see these block connections. In FortiCloud, unless I'm missing it somewhere, I can't find where I would see this. Even statistically, for example, "Top Block Connections" or whatever. The FortiGate's firewall policy is implicit and was created by default, but I have turned on the only logging option that I can on it (see attached screenshot to this post).

 

Anyone with any insight ?

2 REPLIES 2
mlehner
New Contributor

bump ? Anyone ?

ede_pfau

hi,

 

traffic is only logged if the logging level is as low as 'Information'.

Second, you can receive logs via email as well, and this sometimes is more detailed than the log entries. Alert email is configured in 'Log Settings' as well.

Ede Kernel panic: Aiee, killing interrupt handler!
Ede Kernel panic: Aiee, killing interrupt handler!
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors