Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
unknown1020
New Contributor III

WAF profile in fortigate

Friends, a question, I enabled the WAF profile in monitoring mode in a publication that I created in my firewall. However, it doesn't show me logs. In my FAZ it doesn't show me the WAF option in security either.
Is there a command to enable log sending? Or is it normal that it doesn't show me logs?

4 REPLIES 4
mpftnt
Staff
Staff
unknown1020
New Contributor III

Hello, thanks for the link, checking the configuration in the CLI of my firewall, it does not mention "log disable".
Do I have to run " set log enable " in all main config?

This is what it shows me on my firewall:
config signature
config main-class 10000000
set status enable
end
config main-class 20000000
set status enable
end
config main-class 30000000
set status enable
set severity high
end
config main-class 40000000
set status enable
end
config main-class 50000000
set status enable
set severity high
end
config main-class 60000000
set status enable
end
config main-class 70000000
set status enable
set severity high
end
config main-class 80000000
set status enable
set severity low
end

AEK

Did you simulate an attack and didn't get WAF log? I guess there is no log if there is no detected attack.

AEK
AEK
rosatechnocrat
Contributor II

For an attack log to be generated it has to match a attack signature. 

 

You can try simulating a attack or an basic SQL injection which should match signature. 

Rosa Technocrat --

Also on YouTube---

Please do Subscribe
Rosa Technocrat --Also on YouTube---Please do Subscribe
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors