Question on Logging Configuration in Firewall Policy
Being new to the FortiGates, I probably have a misunderstanding on the log settings within the firewall policy. In the FortiManager, we have certain lines set to "Log All Sessions" that we are particular interested in, with the majority set to either "Log Violation Traffic" (for blocks) or "Log Security Events", and it's set this way with the intent of somewhat restricting logs that are being sent to our SIEM. We have to pay for extra log data, so we'd like to trim out what isn't needed.
After troubleshooting today, I believe this affects what's presented in the Log & Report > Forward Traffic. There were no results for a lline configured with "Log Security Events", but there was after this was changed to "Log All Sessions."
Is it typical practice to set every line in the Firewall Policy to "Log All Sessions." I understand there is a logging level configured in the syslog configuration, but does the logging level in the firewall policy affect what goes out via syslog?
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.