Hi

 

this is based on the categories action which mean:

 

if you set within a category block or whatever this means --> Log also (including monitor)

if you set within a category "allow" this means --> NO Log

 

This means all category which are set as allow must be set to "monitor". Without monitor no logging for allow category.

 

Unter 5.2.x you have also within the WebFilter a position which has to be activated which indicates "Log all".

 

hope this helps

 

have fun

 

Andrea

Hi,

 

I have to disagree with Andrea.  Done many setup with the action "allow" and the logs are working.

 

Here, what I've done to make it work :

Use CLI to edit each webfilter profile to log all urls :

 

Config webfilter profile

Edit [nameOfWebfilterProfile]

Set log-all-url enable

end

 

Hope this help

 

Hi

 

this is not 100% true which means this option you mention has following fuction:

 

"Enable to log all URLs, even if FortiGuard is not enabled."

 

From this point of view if you like to log all URLS go for my comment and activate the position mentioned after that you are 100% fine :) This option was introduced in 5.2 and does not exist under 5.0. You can actually use a webfilter without FortiGuard but not based on categories which means if you use NO fortiguard categories but you use the webfilter as internal url filter you have to use this option. Makes sens...or not :)

 

kind regards

 

have fun

 

Andrea

Thank you Andrea for the clarification...

Have to decide now if it makes sense of not in my situation!

 

(and don't want to argue with you, but I have a setup right here with firmware 5.0 build 271 and the option log-all-url exist)

Hi

 

nothing to worry :) you are right....overlooked it but keep in mind that this option has under 5.0 the same function but in cooperation with utm-log which means without utm-log nothing happens:

 

[LEFT]Enable to log all URLs, even if FortiGuard is not enabled. extended-utm-log [size="2"]must be enabled.[/size][/LEFT]

 

[LEFT][size="2"]From this point of view trust me under 5.0 YOU MUST set category to MONITOR otherwise nothing will be looked for ALLOW. I always use on 5.0 following:[/size][/LEFT]

 

[LEFT][size="2"][size="2"]config webfilter profile edit [Name of profile][/size][/size][/LEFT][LEFT][size="2"]set extended-utm-log enable config web set log-search enable end set log-all-url enable set web-content-log enable set web-filter-activex-log enable set web-filter-command-block-log enable set web-filter-cookie-log enable set web-filter-applet-log enable set web-filter-jscript-log enable set web-filter-js-log enable set web-filter-vbs-log enable set web-filter-unknown-log enable set web-filter-referer-log enable set web-filter-cookie-removal-log enable # set web-filter-sdns-action: redirect # web-filter-sdns-portal: 0.0.0.0 set web-url-log enable set web-invalid-domain-log enable set web-ftgd-err-log enable set web-ftgd-quota-usage enable end[/size][/LEFT]

 

[LEFT][size="2"]Config all categories to block or monitor (which means allow) and all will be logged as long as your device log is correct configured as the gui as the correcsponding policy.[/size][/LEFT]

 

[LEFT][size="2"]have fun[/size][/LEFT]

 

[LEFT][size="2"]Andrea[/size][/LEFT]