I am having the same question, and not finding much information on what the unit of time is. This has been open since 2007 and no response from Fortinet?
Hey jtatum1,
we're still catching up a lot; the Forums were changed to Community last November, and we have a team in place to keep a better eye on things.
As for the question in this thread:
- the 'duration' is in seconds
- FortiGate generates the log after a session is removed from its session table
-> in newer firmware versions it also generates interim traffic logs every two minutes for ongoing sessions
-> a session is closed (and the log written) if it times out, an RST packet or FIN/ACK exchange is observed, the session is cleared manually, and a few other reasons (such as a user authentication timing out)
Let me know if you have more questions on the 'duration' field :)
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2023 Fortinet, Inc. All Rights Reserved.