Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
SebastianRogers
New Contributor

Fortiweb CEF Malformatted

i have seen this a couple of times and just wondering if anyone else has come across this. and can add any logic, so i can add to my notes for resolution. when the logotype has been set to CEF, via the GUI.

however the format it seem to come out in the local disk value not the expected CEF e.g  expected output  CEF:0|Fortinet|Fortigate|version|etc

not the ondisk format

date=2022-03-20 time=14:55:20 logid="1203030258" type="utm" subtype="waf" eventtype="waf-http-constraint" level="warning"

 

1 Solution
ddsouza_FTNT

@SebastianRogers As per the Engineering team, this is a bug in 6.3, and it will be fixed in  version 6.3.19 GA. 

View solution in original post

6 REPLIES 6
ddsouza_FTNT
Staff
Staff

I haven't come across this problem yet. Could you please provide the output of the following commands, so I can investigate from my end?

get system status
show log siem-policy
show log siem-message-policy
show log syslog-policy
show log syslogd

 

SebastianRogers

get system status
International Version: FortiWeb-Azure_OnDemand 6.3.17,build1195(GA),211130
Serial-Number: Sanitized
Bios version: 04000002
Log hard disk: Available
Hostname: Sanitized-FWB-A
Operation Mode: Reverse Proxy
FIPS-CC mode: disabled
Current HA mode: standalone
Database Status: Available
Current Manager role: standalone

 

show log siem-policy
config log siem-policy
end

 

show log siem-message-policy

config log siem-message-policy
end

 

show log syslog-policy
config log syslog-policy
edit "SampleSyslog"
config syslog-server-list
edit 1
set server XX.XXX.XX.XXX
set format cef
next
end
next
end

 

show log syslogd config log syslogd
set status enable
set facility local0
set policy SampleSyslog
config custom-field
end

ddsouza_FTNT

@SebastianRogers I am able to reproduce this problem in my lab environment but running on a 6.3.18 GA release with the same configuration. I am checking internally. I shall get back to you with some updates. Stay tuned!

SebastianRogers

Thanks Denzil, its good to know it not just me it happens to. I do appreciate the time you have spent on this. I look forward to what you come back with 

ddsouza_FTNT

@SebastianRogers No problem.  Engineering team are looking into this. I will get back to you as soon as there is an update from them. 

ddsouza_FTNT

@SebastianRogers As per the Engineering team, this is a bug in 6.3, and it will be fixed in  version 6.3.19 GA. 

Labels
Top Kudoed Authors