Hello, We use two FortiGate 3700D (HA cluster) running FortiOS 5.2.1 build0618, managed from FortiManager v5.2.1-build0662. We checked logs on mgmt1 port into FortiView (and into other log file analyzer), and we noticed two things about these logs: - we don't see logs from "start" action (we see deny and close action logs only), - all "close" action logs have the Policy ID "0" ("deny" too). Do you know why we don't see logs from "start" action?
Note: "Log All Sessions" and "Generate Logs when Session Starts" into "Logging Options" are activated in all rules. Regards, Chris
Hi! Does someone have any idea about this question? Thanks, Chris
chrbar wrote:Hello, We use two FortiGate 3700D (HA cluster) running FortiOS 5.2.1 build0618, managed from FortiManager v5.2.1-build0662. We checked logs on mgmt1 port into FortiView (and into other log file analyzer), and we noticed two things about these logs: - we don't see logs from "start" action (we see deny and close action logs only), - all "close" action logs have the Policy ID "0" ("deny" too). Do you know why we don't see logs from "start" action?
Note: "Log All Sessions" and "Generate Logs when Session Starts" into "Logging Options" are activated in all rules. Regards, Chris
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.