- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The " duration" value in log files
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I am having the same question, and not finding much information on what the unit of time is. This has been open since 2007 and no response from Fortinet?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hey jtatum1,
we're still catching up a lot; the Forums were changed to Community last November, and we have a team in place to keep a better eye on things.
As for the question in this thread:
- the 'duration' is in seconds
- FortiGate generates the log after a session is removed from its session table
-> in newer firmware versions it also generates interim traffic logs every two minutes for ongoing sessions
-> a session is closed (and the log written) if it times out, an RST packet or FIN/ACK exchange is observed, the session is cleared manually, and a few other reasons (such as a user authentication timing out)
Let me know if you have more questions on the 'duration' field :)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
> - FortiGate generates the log after a session is removed from its session table
how is log's "duration" calculated for UDP sessions? UDP session only terminates at idle-timeout, right?
R's, Alex
