Hello all, We're using Fortigate 600C and just upgraded FortiOS to
v5.6.6 from v5.4. While using v5.4, action=accept in our traffic logs
was only referring to non-TCP connections and we were looking for
action=close for successfully ended TCP connect...
Hi, Thank you for your detailed reply, it's very enlightening. Is it
somehow possible to disable only LOG_ID_TRAFFIC_STAT (i.e.
logid="0000000020")? Thanks jhouvenaghel wrote:You mentionned : "For the
same policy,[ul]action=accept takes logid="000000...
Hi, For the same policy,[ul]action=accept takes
logid="0000000020"action=close takes logid="0000000013"[/ul]However, on
some other policies, action=accept is taking logid="0000000013" as well.
On the other hand, action=close never takes logid="000000...
Hi Ken, Thank you for your reply. I checked the policy and
logtraffic-start is not enabled. Only the command below is there: set
logtraffic all Plus, our traffic logs never take action=start values and
this supports my finding above. Any other ideas?...
