Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
mlehner
New Contributor

Created on ‎07-29-2016 08:58 AM

Log viewing

Hi all,

 

I'm new to FortiGate UTM appliances, so forgive my ignorance  I have a FortiGate 30E deployed in a production environment and I have it setup to forward logs to FortiCloud. There's a few things I'm unclear about. In my old SonicWall units, I could send logs to an e-mail address. Those logs used to look like this:

 

17 07/28/2016 13:36:23.064NoticeNetwork AccessUDP packet dropped66.186.74.173, 10787, X176.9., 60771, X1UDP Port: 60771 18 07/28/2016 13:36:37.112NoticeNetwork AccessICMP packet dropped due to policy45.55.107.153, 3, X176.9., 3, X1ICMP Destination Unreachable, Code: 10 19 07/28/2016 13:36:52.128NoticeNetwork AccessTCP connection dropped60.249.103.226, 4956, X176.9., 1433, X1TCP RPC Services 20 07/28/2016 13:36:55.496DebugNetwork AccessHTTP method detected; examining stream for host header192.168., 49340, X052.9.90.51, 80, X1TCP HTTP 21 07/28/2016 13:37:34.464NoticeNetwork AccessUDP packet dropped219.79.60.75, 40752, X176.9., 23653, X1UDP Port: 23653 22 07/28/2016 13:37:57.224DebugNetwork AccessHTTP method detected; examining stream for host header192.168., 50862, X052.9.90.51, 80, X1TCP HTTP

These logs showed me when traffic was blocked by the WAN->LAN DENY ALL firewall policy. It's a requirement for me to be able to see these block connections. In FortiCloud, unless I'm missing it somewhere, I can't find where I would see this. Even statistically, for example, "Top Block Connections" or whatever. The FortiGate's firewall policy is implicit and was created by default, but I have turned on the only logging option that I can on it (see attached screenshot to this post).

 

Anyone with any insight ?

Preview file
84 KB
2631
0 Kudos
2 REPLIES 2
mlehner
New Contributor

Created on ‎08-02-2016 06:53 PM

bump ? Anyone ?

1232
0 Kudos
ede_pfau
SuperUser
SuperUser
In response to mlehner

Created on ‎08-03-2016 03:52 AM

hi,

 

traffic is only logged if the logging level is as low as 'Information'.

Second, you can receive logs via email as well, and this sometimes is more detailed than the log entries. Alert email is configured in 'Log Settings' as well.

Ede Kernel panic: Aiee, killing interrupt handler!
Ede Kernel panic: Aiee, killing interrupt handler!
1232
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.