What’s new in FortiOS 6.0 Logging

What’s new in FortiOS 6.0

The following list contains new Logging & Reporting features added in FortiOS 6.0.

Automatic synchronization of log display location

In previous versions, log display location could differ between Log & Report and FortiView, which could result in empty log screens if the two were not synchronized. Now, both log viewers automatically pick the best available log device. A different log device can be manually selected.

As a result, the associated CLI command log gui-display location has been removed.

Improved log messages for SD-WAN link quality changes

FortiOS 6.0 introduces two new log messages:

  • 22923: LOG_ID_EVENT_VWL_LQTY_STATUS is created when a member’s link quality is changed.
  • 22924: LOG_ID_EVENT_VWL_VOLUME_STATUS is used only when load-balance-mode is set to

measured-volume-based. The log is created when a member starts or stops receiving traffic.

Extended UTM logging and improved syslog configuration

Multiple UTM features now have the ability to enable extended logging: WAF, Web Filtering, DLP, AntiVirus.

These new features can be enabled in the CLI:

config waf profile edit <profile name> set extended-log {enable | disable} end

config webfilter profile edit <profile name> set web-extended-log {enable | disable} set web-extended-all-action-log {enable | disable} end

config dlp sensor edit <sensor name> set dlp-extended-log {enable | disable} end

config antivirus profile edit <profile name> set av-extended-log {enable | disable} end

Updated reliable syslog encryption to comply with RFC 5425

In order to align with RFC 5425 (syslog on an encrypted TLS connection over TCP) and general logging security standards for syslog, reliable syslog encryption is customizable in the CLI: config log syslog setting set enc-algorithm {high-medium | high | low | disable} end

Also, syslog options for reliable logging transmission have been expanded:

config log syslog setting set mode {udp | legacy-reliable | reliable} end

See the FortiOS CLI Reference for more information about these commands.

Improved log display consistency at high load

Previous versions could display inconsistent log data when using Drill Down charts and when navigating between different log tables (in both Log & Report and FortiView). The maximum number of records now varies based on length that logs are kept, relative to device model size. Record numbers are configurable in config report setting.

Log database queries used to collect Top Sources and Top Destinations data are significantly more efficient due to improved indexing speed.

Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

Don't Forget To visit the YouTube Channel for the latest Fortinet Training Videos and Question / Answer sessions!
- FortinetGuru YouTube Channel
- FortiSwitch Training Videos