Friends, a question, I enabled the WAF profile in monitoring mode in a publication that I created in my firewall. However, it doesn't show me logs. In my FAZ it doesn't show me the WAF option in security either.
Is there a command to enable log sending? Or is it normal that it doesn't show me logs?
Hi @unknown1020 .
Please refer to the following link:
https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-How-to-investigate-if-WAF-is-not-gen...
Created on 01-30-2024 08:46 PM Edited on 01-30-2024 08:57 PM
Hello, thanks for the link, checking the configuration in the CLI of my firewall, it does not mention "log disable".
Do I have to run " set log enable " in all main config?
This is what it shows me on my firewall:
config signature
config main-class 10000000
set status enable
end
config main-class 20000000
set status enable
end
config main-class 30000000
set status enable
set severity high
end
config main-class 40000000
set status enable
end
config main-class 50000000
set status enable
set severity high
end
config main-class 60000000
set status enable
end
config main-class 70000000
set status enable
set severity high
end
config main-class 80000000
set status enable
set severity low
end
Did you simulate an attack and didn't get WAF log? I guess there is no log if there is no detected attack.
For an attack log to be generated it has to match a attack signature.
You can try simulating a attack or an basic SQL injection which should match signature.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1740 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.