Source and Source IP columns in Fortianalyzer?

Mick · ‎04-18-2016

My problem is the name listed in the source column which I see as the hostname don't match up with ip address in the source ip column. The hostname field is completely blank in our setup. I want to see the hostname for both the source and destination ip addresses.

We migrated over from Check Point. In Check Point there's a icon in the ribbon that you simple clicked on to toggle between the hostname and ip address.

Fortianalyzer firmware version is 5.2.5 Build 3175, Fortigate is a 600D firmware version 5.2.6.

Let me know if you need more info.

awasfi_FTNT · ‎04-20-2016

Hello,

1) Make sure the following configuration enabled on the FortiGate(CLI):

config log setting

set resolve-ip enabl

end

config webfilter profile

edit <profile_name> <<-- which is being used on the firewall policy

set log-all-url enable

Enable SSL inspection on the firewall policy to inspect HTTPS traffic.

2) On FortiAnalyzer add column "Destination Name" to "Log View" (Right click at the header of any column and select destination name from the list).

Regards,

AWASFI

awasfi_FTNT · ‎04-20-2016

Hello,

Source IP : The IP address of the traffic’s origin. The source varies by the direction:

• In HTTP requests, this is the web browser or other client.

• In HTTP responses, this is the physical server.

Refer to the following document for more details regarding logs:

http://docs.fortinet.com/uploaded/files/2588/fortigate-fortios-log-message-reference.pdf

AWASFI

Source and Source IP columns in Fortianalyzer?

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website