Not applicable
Created on 06-03-2010 09:25 PM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
enable syslog with kiwi
hi. would i capture all user traffic with url record and transfer to kiwi syslog throught fortinet syslog function. Which " minimum log level" and " facility" i have to choose. Thanks
8 REPLIES 8
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Tonycd,
Minimum log level - Information
Facility - local7
http://www.hidayetaltun.com
http://www.hidayetaltun.com
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Just an FYI, the traffic logs contain the stats for session bandwidth. The web-filter logs contain the information on urls visited (within a session). You will have to do a lot of parsing, crunching, and correlating to get that data into a single logical " row" of information.
Good luck!
[link=http://logMojo.com]logMojo[/link] by Security Confidence
Cloud Based - Logging â— Alerting â— Reporting â— Monitoring â— Management
Signup today!
[link=http://logMojo.com]logMojo[/link] by Security Confidence Cloud
Based - Logging â— Alerting â— Reporting â— Monitoring â— Management
Signup today!
Not applicable
Created on 06-06-2010 11:25 PM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
thanks all..but i can' t see any url from the syslog. what i did wrong..
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
make sure everything is enabled that you would want via:
config log syslogd filterAlso make sue you are set to log everything in the protection profile you are using.
[link=http://logMojo.com]logMojo[/link] by Security Confidence
Cloud Based - Logging â— Alerting â— Reporting â— Monitoring â— Management
Signup today!
[link=http://logMojo.com]logMojo[/link] by Security Confidence Cloud
Based - Logging â— Alerting â— Reporting â— Monitoring â— Management
Signup today!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Unlike the FortiAnalyzer, I think the syslog only outputs IP addresses.
Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com
Bob - self proclaimed posting junkie!See my Fortigate related scripts
at: http://fortigate.camerabob.com
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
rwpatterson -
which field are you referring to? I am almost 100% sure that the syslog logs have everything available in it that fortianalyzer logs have. We use the FortiAnalyzer protocol for our service (which allows for easy 3DES encryption of the stream and a DLP of coarse) but have used the syslog transport method in the past without degradation of the available log data.
[link=http://logMojo.com]logMojo[/link] by Security Confidence
Cloud Based - Logging â— Alerting â— Reporting â— Monitoring â— Management
Signup today!
[link=http://logMojo.com]logMojo[/link] by Security Confidence Cloud
Based - Logging â— Alerting â— Reporting â— Monitoring â— Management
Signup today!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
LOL! You' re probably right. The one syslog server I set up was capturing inbound traffic. Hence no URI information, duh!
Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com
Bob - self proclaimed posting junkie!See my Fortigate related scripts
at: http://fortigate.camerabob.com
Not applicable
Created on 06-07-2010 09:25 PM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
may i was misleading you guys that i want to capture the user traffic log without using fortianalyzer. Thanks all again....