Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
epernot
New Contributor

Created on ‎04-09-2018 04:51 AM

Malformated CEF

Hello, 

 

From FortiWEB 5.4 to 5.8  the CEF  logs has been changed. 

The FortiWEB is sending the destination hostname with  " in the field, this is not supposed to be done that way because then arcsight doesnt eliminate the " from the hostname.  

 

Another issue it the fact that destination hostname sometime is a IP when there's already an IP in the destination address field.  

 

The CEF field "request" is supposed to contain the protocol, hostname/IP, port and path but now there's only the path in it. 

 

FortiWEB in the version 5.4 was way better than 5.8, is there a way to get the reasons why the logs are gettings such bad quality now ?  

 

 

Thanks 

Sad User

2766
0 Kudos
2 REPLIES 2
emnoc
Esteemed Contributor III

Created on ‎04-09-2018 05:44 AM

Have you open a case with FTNT-support ? They could address the issues, and I'm assuming the format was different before the upgrade?

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
1455
0 Kudos
epernot
New Contributor
In response to emnoc

Created on ‎04-09-2018 06:26 AM

I should ask my customer to open a ticket, he's doing it already , lets see the answer.

I was open to see someone from fortinet replying because this is impacted many more customer. 

1455
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.