Log files and types
As the log messages are being recorded, log messages are also being put into different log files. The log file contains the log messages that belong to that log type, for example, traffic log messages are put in the traffic log file.
When downloading the log file from within Log & Report, the file name indicates the log type and the device on which it is stored, as well as the date, time, and a unique id for that log.
This name is in the format <logtype> – <logdevice> – <date> T <time> . <id>.log.
For example, AntiVirusLog-disk-2012-09-13T11_07_57.922495.log.
Below, each of the different log files are explained. Traffic and Event logs come in multiple types, but all contain the base type such as ‘Event’ in the filename. Log Types based on network traffic
|Traffic||The traffic logs records all traffic to and through the FortiGate interface. Different categories monitor different kinds of traffic, whether it be forward, local, or sniffer.|
|Event||The event logs record management and activity events within the device in particular areas: System, Router, VPN, User, Endpoint, HA, WAN Opt./Cache, and WiFi. For example, when an administrator logs in or logs out of the web-based manager, it is logged both in System and in User events.|
|Antivirus||The antivirus log records virus incidents in Web, FTP, and email traffic.|
|Web Filter||The web filter log records HTTP FortiGate log rating errors including web content blocking actions that the FortiGate unit performs.|
|Application Control||The application log records application usage, monitoring or blocking as configured in the security profiles.|
|Intrusion||The intrusion log records attacks that are detected and prevented by the FortiGate unit.|
|Email Filter||The email filter log records blocking of email address patterns and content in SMTP, IMAP, and POP3 traffic.|
Log database and datasets
|Vulnerability Scan||The Vulnerability Scan (Netscan) log records vulnerabilities found during the scanning of the network.|
|Data Leak Prevention||The Data Leak Prevention log records log data that is considered sensitive and that should not be made public. This log also records data that a company does not want entering their network.|
|VoIP||The VoIP log records VoIP traffic and messages. It only appears if VoIP is enabled on the Administrator Settings page.|
Having trouble configuring your Fortinet hardware or have some questions you need answered? Ask your questions in the comments below!!! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!