Unlock Exclusive Benefits
Join Our Community Today!
Join our community and post in the forum to earn your exclusive Holiday badge! Become a member today!
LOGIN/REGISTER
CONTINUE AS A GUEST
- Support Forum
- Knowledge Base
- Customer Service
- Internal Article Nominations
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDLP
- FortiDevSec
- FortiDeceptor
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiHypervisor
- FortiGuard
- FortiInsight
- FortiIsolator
- FortiMail
- FortiMonitor
- FortiManager
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPhish
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSRA
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- FortiAppSec Cloud
- Lacework
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Support Forum
- log-all-urls, extended-utm-log, web browsing Repo...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
log-all-urls, extended-utm-log, web browsing Reporting, syslog ...
In another thread GembuL wrote
on FortiOS 5 you should enable extended-utm-log via CLI for each UTM profile to show your UTM logs, otherwise all of UTM logs will recognize as a normal traffic logI' m confused about what the extended-utm-log setting does. By chance, I was talking to FortiNet tech support recently, and I think I understood them to tell me that, if I enable extended-utm-log in a web filter profile, then all URLs browsed will get logged. I want to avoid that both for volume and for employee privacy purposes. (This is separate from the config webfilter profile -> edit profilename -> set log-all-urls setting, which I assume would also log all URLs). But, is it that, if I don' t enable extended-utm-log, then I cannot get detailed reports on volumes of sites used? To be clear, I want detailed web browsing consumption reporting, but I' d like to avoid logging all actual URLs visited if possible, for data protection reasons. I' ve done some more experimentation with this. I noticed, in the FortiOS 5.0 Handbook (version 5.0.4, date Sept 27, 2013, page 647, section Viewing log messages and archives) that it says:
If you have configured either a Syslog or WebTrends server, you will not be able to view log messages from the web-based manager or CLI.This seems odd. But it also seems true. I simply cannot find any URLs in the logs which I can view in the FortiGate' s own GUI. But URLs ARE being logged to my syslog server. And, in fact, as I have it configured presently, with both log-all-urls and extended-utm-log enabled, the nightly Reports from the FortiGate don' t include URL details. I' ll turn off syslog for the moment, and see if the nightly reports start including more details, and I can start seeing URLs in the logs in the FortiGate GUI. But it just seems weird. Anyone else have experience to share about this? .. and the different ' log all URLs' / ' enable extended utm log' settings? thanks,
Nominate a Forum Post for Knowledge Article Creation
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
7 REPLIES 7
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I think I have to retract this.
I think I do now have both on-FortiGate logging, with viewed URLs visible in the Log & Report section and in the nightly security reports, and also to a syslogd server at the same time.
The confusion, I think, is that the log-all-urls setting and the extended-utm-log setting seems to have some kind of relation, where turning off extended-utm-log will also automatically silently turn off log-all-url, and turning back on extended-utm-log will NOT automatically return log-all-url to its former setting.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Dear All,
i have problem related to report on fortigate...
1) i want to have a full report of url visiting by each using and bandwidth consuming
2) normally the report only display for top 5 application or top 10 web but instead of that i want more like a full report more than top 10 . Is it possible
3) web url are not also display even enable extended utm log
4) i have decided to configure a syslog server with will running ivew softeware on the syslog server but its not working log are not generate
can someone ever done it on cyberoam ivew software with fortigate
fortinet firmware running v5 patch 1 model 100
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Silver.
First thing, apply the 5.0.5 update which came out a few days ago. v5.0 is very much a work-in-progress, and the earliest releases were problematic.
Second, make sure that you have both extended-utm-log and also log-all-urls settings enabled. Both are necessary for detailed URL logs to be created.
Third, about syslog:
FG# config log syslogd setting
FG(setting)# set status enable
FG(setting)# set server " 11.22.33.44" <- " IP address of your syslogd server"
FG(setting)# set source-ip 55.66.77.88 <- IP address on your FG from which to send syslog messages
FG(setting)# end
On the syslogd receiver - I have no specific experience with the cyberoam server you mention - make sure that
a) the syslog server is configured to accept remote syslog messages from other systems at all. Many syslog servers by default do not listen for syslog messages being logged to them over the network.
b) the firewall on the server where you are running the syslog server software is configured to accept UDP port 514
As for the ultimate goal you' ve stated, to have much more detailed reports, I do not know whether FortiOS supports such more detailed reports. It would be interesting to know.
Do be careful about setting your users' privacy expectations correctly, both as a matter of good ethical practice, and as a matter of legal and regulatory compliance depending on your geography and the relevant laws.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I notice (FortiOS 5.0.4) that the Log & Report -> Report -> Local menu allows generation of a report with <selectable> " Top Users By Bandwidth" .
Perhaps that meets your needs, Silver?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Dear Jay Libove,
Thank you very much for your input. The reason why i am looking to setup a syslog server is that i cannot get more that top then users for url visiting etc.
its only give reporting for top 10 but not more than 10.
is it possible to modify this on the local fortigate report.
and can you tell me how to schedule a report from forticloud to send to my email plz
thanks
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Jay,
while i enable extended-utm-log and log-all-url
only extended-utm-log display while doing show command but log-all-url are not display enable while.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I don' t use FortiCloud, so I can' t offer any help there.
As for extended-utm-log and log-all-url, note that my experience is with 5.0.4. As noted elsewhere, the 5.0 series is very much evolving. I think I recall that you were on an earlier 5.0 release. This may be affected by updating.
In 5.0.4, the log-all-url setting only appears after you enable extended-utm-log. So:
# config webfilter profile
(profile)# edit default
(default)# set extended-utm-log enabled
(default)# set log-all-url enabled
(default)# end
Note that log-all-url likely only appears in specific security profiles (webfilter, for one); in which config subsection are you trying to set log-all-url ?
Announcements
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
Labels
-
FortiGate
8,738 -
FortiClient
1,775 -
5.2
801 -
FortiManager
736 -
5.4
639 -
FortiAnalyzer
562 -
FortiSwitch
476 -
FortiAP
474 -
FortiClient EMS
436 -
6.0
416 -
5.6
362 -
FortiMail
320 -
6.2
251 -
SSL-VPN
248 -
FortiAuthenticator v5.5
234 -
IPsec
212 -
FortiWeb
206 -
5.0
196 -
FortiNAC
190 -
FortiGuard
139 -
6.4
128 -
SD-WAN
117 -
FortiAuthenticator
105 -
FortiGateCloud
102 -
FortiSIEM
99 -
FortiCloud Products
97 -
FortiToken
92 -
Firewall policy
84 -
Customer Service
80 -
Wireless Controller
80 -
4.0MR3
64 -
FortiProxy
60 -
High Availability
56 -
FortiADC
54 -
Fortivoice
53 -
FortiEDR
52 -
vlan
52 -
ZTNA
49 -
Routing
47 -
FortiExtender
45 -
FortiSandbox
44 -
DNS
44 -
FortiDNS
42 -
LDAP
42 -
BGP
40 -
Authentication
39 -
FortiGate v5.4
35 -
SAML
35 -
NAT
35 -
Certificate
35 -
FortiSwitch v6.4
34 -
RADIUS
34 -
SSO
33 -
Interface
31 -
FortiConnect
30 -
VDOM
30 -
FortiLink
29 -
FortiWAN
27 -
Application control
27 -
Web profile
27 -
FortiConverter
25 -
Logging
25 -
Virtual IP
25 -
FortiGate v5.2
24 -
SSL SSH inspection
23 -
FortiPAM
22 -
Fortigate Cloud
20 -
FortiSwitch v6.2
19 -
FortiPortal
19 -
FortiGate-VM
18 -
FortiMonitor
18 -
Traffic shaping
17 -
SSID
16 -
WAN optimization
16 -
FortiDDoS
15 -
OSPF
15 -
Automation
15 -
FortiGate v5.0
14 -
FortiSoar
14 -
Static route
14 -
System settings
14 -
Web application firewall profile
14 -
IP address management - IPAM
14 -
SNMP
13 -
FortiCASB
12 -
Admin
12 -
FortiManager v5.0
11 -
FortiRecorder
11 -
Security profile
11 -
Proxy policy
11 -
FortiManager v4.0
10 -
FortiBridge
10 -
IPS signature
10 -
FortiAP profile
10 -
4.0MR2
9 -
FortiGate v4.0 MR3
9 -
FortiWeb v5.0
9 -
Traffic shaping policy
9 -
Intrusion prevention
9 -
FortiDeceptor
8 -
RMA Information and Announcements
8 -
Port policy
8 -
4.0
7 -
FortiAnalyzer v5.0
7 -
FortiCache
7 -
DNS filter
7 -
Antivirus profile
7 -
Fabric connector
7 -
Web rating
7 -
Fortinet Engage Partner Program
7 -
FortiToken Cloud
6 -
Explicit proxy
6 -
trunk
6 -
Packet capture
6 -
Traffic shaping profile
6 -
API
5 -
FortiTester
5 -
Users
5 -
Email filter profile
5 -
3.6
4 -
FortiCarrier
4 -
FortiScan
4 -
FortiDirector
4 -
Internet service database
4 -
Application signature
4 -
Authentication rule and scheme
4 -
DLP sensor
4 -
Netflow
4 -
Replacement messages
4 -
Cloud Management Security
4 -
FortiDB
3 -
FortiHypervisor
3 -
FortiNDR
3 -
NAC policy
3 -
DLP Dictionary
3 -
DLP profile
3 -
DoS policy
3 -
Protocol option
3 -
TACACS
3 -
SDN connector
3 -
Service
3 -
VoIP profile
3 -
Multicast routing
3 -
FortiInsight
2 -
FortiAI
2 -
Kerberos
2 -
Schedule
2 -
Multicast policy
2 -
Zone
2 -
Vulnerability Management
2 -
4.0MR1
1 -
FortiManager-VM
1 -
FortiCWP
1 -
Subscription Renewal Policy
1 -
Video Filter
1 -
ICAP profile
1
Top Kudoed Authors
| User | Count |
|---|---|
| 1732 | |
| 1105 | |
| 752 | |
| 447 | |
| 240 |
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.