Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
AndreaSoliva
Contributor III

How a full log config looks like for 5.0.x / 5.2.x

Hi only because again I see log questions etc. Here a full overview for logging: NOTE Activating under 5.2.x Disk for logging for the smaller is not anymore possible. Disk is available but " config log disk" command is not anymore present! Only memory, FAZ, fortiguard and syslogd is for such device possible. Please ref to Software Matrix overview! Activate/Deactivate DLP UTM-Log/Log # config dlp sensor # edit [Name of Profil] # set extended-utm-log [enable | disable] # set dlp-log [enable | disable] # set nac-quar-log [enable | disable] # end NOTE For FortiOS 5.2 Option " extended-utm-log" does not exist anymore! Activate/Deactivate Antivirus UTM-Log/Log # config antivirus profile # edit [Name of Profil] # set extended-utm-log [enable | disable] # set av-block-log [enable | disable] # set av-virus-log [enable | disable] # end NOTE For FortiOS 5.2 Option " extended-utm-log" does not exist anymore! Activate/Deactivate VoiP UTM-Log/Log # config voip profile # edit [Name of Profil] # set extended-utm-log [enable | disable] # config sip # set status [enable | disable] # set log-violations [enable | disable] # set log-call-summary [enable | disable] # end # config sccp # set status [enable | disable] # set log-call-summary [enable | disable] # set log-violations [enable | disable] # end # end NOTE For FortiOS 5.2 Option " extended-utm-log" does not exist anymore! Activate/Deactivate Application UTM-Log/Log # config application list # edit [Name of Profil] # set extended-utm-log [enable | disable] # set log [enable | disable] # set other-application-log [enable | disable] # set unknown-application-log [enable | disable] # end NOTE For FortiOS 5.2 Option " extended-utm-log" does not exist anymore! Activate/Deactivate Deep-Inspection, SSL-SSL-Profile UTM-Log/Log # config firewall deep-inspection-options # edit [Name des Profiles] # set extended-utm-log [enable | disable] # set ssl-invalid-server-cert-log [enable | disable] # set allow-invalid-server-cert [enable | disable] # end NOTE For FortiOS 5.2 " deep-inspection-options" does not exist anymore and was renamed/moved to " ssl-ssh-profile" . The Option " extended-utm-log" does not exist anymore: # config firewall ssl-ssh-profile # edit [Name of Profil] # set ssl-invalid-server-cert-log [enable | disable] # end Activate/Deactivate Protocol Options UTM-Log/Log # config firewall profile-protocol-options # edit [Name of Profil] # set extended-utm-log [enable | disable] # set oversize-log [enable | disable] # set switching-protocols-log [enable | disable] # end NOTE For FortiOS 5.2 Option " extended-utm-log" does not exist anymore! Activate/Deactivate WebFilter UTM-Log/Log # config webfilter profile # edit [Name of Profil] # set extended-utm-log [enable | disable] # config web # set log-search [enable | disable] # end # set log-all-url [enable | disable] # set web-content-log [enable | disable] # set web-filter-command-block-log [enable | disable] # set web-filter-cookie-log [enable | disable] # set web-filter-applet-log [enable | disable] # set web-filter-jscript-log [enable | disable] # set web-filter-js-log [enable | disable] # set web-filter-vbs-log [enable | disable] # set web-filter-unknown-log [enable | disable] # set web-filter-referer-log [enable | disable] # set web-filter-cookie-removal-log [enable | disable] # set web-url-log [enable | disable] # set web-invalid-domain-log [enable | disable] # set web-ftgd-err-log [enable | disable] # set web-ftgd-quota-usage [enable | disable] # end NOTE For FortiOS 5.2 Option " extended-utm-log" does not exist anymore! Activate/Deactivate WebFilter [Minimal] UTM-Log/Log # config webfilter profile # edit [Name of Profil] # set extended-utm-log enable # config web # set log-search [enable | disable] # end # set log-all-url enable # set web-url-log enable # set web-ftgd-err-log enable # end Activate/Deactivate Spamfilter UTM-Log/Log # config spamfilter profile # edit [Name of Profil] # set extended-utm-log [enable | disable] # config imap # set log enable # end # config pop3 # set log enable # end # config smtp # set log enable # end # config mapi # set log enable # end # config msn-hotmail # set log enable # end # config yahoo-mail # set log enable # end # config gmail # end # end NOTE For FortiOS 5.2 Option " extended-utm-log" does not exist anymore! New Options for FortiOS 5.2 are: # config spam-log [enable | disable] Activate/Deactivate Global Settings Log # config log setting # set brief-traffic-format [enable | disable] # set daemon-log [enable | disable] # set neighbor-event [enable | disable] # set fwpolicy-implicit-log [enable | disable] # set fwpolicy6-implicit-log [enable | disable] # set gui-location [fortianalyzer] # set log-invliad-packet [enable | disable] # set local-in-allow [enable | disable] # set local-in-deny [enable | disable] # set local-out [enable | disable] # set resolve-apps [enable | disable] # set resolve-hosts [enable | disable] # set resolve-ip [enable | disable] # set user-anonymize [enable | disable] # set log-user-in-upper [enable | disable] # end NOTE For FortiOS 5.2 following options does not exist anymore: gui-location local-in-deny resolve-apps resolve-hosts New Options for FortiOS 5.2 are: # set resolve-port [enable | disable] # set local-in-deny-unicast [enable | disable] # set local-in-deny-broadcast [enable | disable] # set daemon-log [enable | disable] # set neighbor-event [enable | disable] # set brief-traffic-format [enable | disable] Activate/Deactivate Global Settings (Recommendation] Log FortiOS 5.0 # config log setting # set fwpolicy-implicit-log enable # set gui-location [fortianalyzer] # set local-in-allow disable # set local-in-deny disable # set local-out disable # set resolve-apps enable # set resolve-hosts enable # set resolve-ip enable # set user-anonymize disable # end FortiOS 5.2 # config log setting # set fwpolicy-implicit-log enable # set local-in-allow disable # set local-in-deny-unicast disable # set local-in-deny-broadcast disable # set local-out disable # set resolve-ip enable # set resolve-port enable # set user-anonymize disable # set daemon-log enable # set neighbor-event disable # set brief-traffic-format disable # end Activate/Deactivate Gui Location (FortiOS 5.2.x only): # config log gui-display # set location [forticloud | memory | disk | fortianalyzer | syslogd] # set resolve-hosts [enable | disable] # set resolve-apps [enable | disable] # end Activate/Deactivate Eventfilter Log # config log eventfilter # set event [enable | disable] # set router [enable | disable] # set system [enable | disable] # set user [enable | disable] # set vpn [enable | disable] # set wan-opt [enable | disable] # set wireless-activity [enable | disable] # end Activate/Deactivate Logging Devices " fortianalyzer" # config log fortianalyzer setting # set status enable # set ips-archive enable # set server [FortiAnalyzer IP] # set enc-algorithm default # set localid [set a local ID for Device like Serial Nr.] # set psksecret [Password for Preshared Key] # set conn-timeout 10 # set monitor-keepalive-period 5 # set monitor-failure-retry-period 5 # set source-ip 0.0.0.0 # set upload-option realtime # set reliabl enable # end # config log fortianalyzer filter # severity information # fortward-traffic enable # local-traffic enable # multicast-traffic enable # sniffer-traffic enable # anomaly enable # netscandiscovery enable # netscan-vulnerability enable # voip enable # dlp-archive enable # end Activate/Deactivate Logging Devices " memory" # config log memory setting # set status [enable | disable] # set diskfull overwrite # end # config log memory filter # severity information # fortward-traffic enable # local-traffic enable # multicast-traffic enable # sniffer-traffic enable # anomaly enable # netscandiscovery enable # netscan-vulnerability enable # voip enable # dlp-archive enable # end Activate/Deactivate Logging Devices " disk" # config log disk setting # set status [enable | disable] # set diskfull overwrite # end # config log disk filter # severity information # fortward-traffic enable # local-traffic enable # multicast-traffic enable # sniffer-traffic enable # anomaly enable # netscandiscovery enable # netscan-vulnerability enable # voip enable # dlp-archive enable # end Activate/Deactivate Logging Devices " syslogd" # config log syslogd setting # set status [enable | disable] # set server [IPv4 Adresse; FQDN Syslog Server] # set facility local0 # end # config log syslogd filter # severity information # fortward-traffic enable # local-traffic enable # multicast-traffic enable # sniffer-traffic enable # anomaly enable # netscandiscovery enable # netscan-vulnerability enable # voip enable # dlp-archive enable # end Activate/Deactivate Logging Devices " fortiguard" # config log fortiguard setting # set status [enable | disable] # end NOT To aktivate FortiGuard ID is required!
4 REPLIES 4
zack
New Contributor

Awesome!!

(2) FortiGate 300A (clustered) 4.2.9 (1) Fortigate 310B 4.2.9 (1) Fortianalyzer 100C 4.2.4
seadave
Contributor III

Much appreciated.

rastt
New Contributor

Very Nice!!

Shawn_W
Contributor

This is great.  Thank you!