Unique log ID for the logs

AtiT · ‎09-17-2014

Hi, I have a question. Is there any identifier in the logs where I can specify exactly what log I want to search for. Let' s say I have a log in the Traffic Log that shows the following: Source IP, Destination (let' s say facebook), service(HTTPS), etc.... But I can see the same log under the Webfilter log. The question is whether there is a possibility to make a test in the dataset something like: traffic.uniqueLogID=web.uniqueLogID Or, is there any ID in the logs what is the same for the session or through the all log types? I tried to use the Sequence Number but it can be found several times during the day/week so it is not usable.

AtiT

hzhao_FTNT · ‎09-17-2014

Hi AtiT, There is no such log field(s) in DB to allow you " join" traffic log and webfilter log. For FOS 5.2, both traffic log and webfilter log are coming from the same log file -- tlog.log, so you may find complete log details in log browse. Thanks, hzhao_FTNT

L_FTNT · ‎09-18-2014

Hi AtiT, FAZ 5.2 added the ability in Log Viewer to correlate a traffic session with its associated UTM logs. In the ' Security Event List' column, it will show all UTM logs that are linked with that session. Does this save you to write the query? LC

Ling Lu

Unique log ID for the logs

Nominate a Forum Post for Knowledge Article Creation