Log Types; Traffic Log - Fortinet FortiGate Series Administration Manual
Hide thumbs
Also See for FortiGate Series:
- Administration manual (60 pages) ,
- Install manual (51 pages) ,
- Quick start manual (14 pages)
Table of Contents
Advertisement
Log types
Log types
Traffic log
734
Table 58: Log severity levels
Levels
Description
0 - Emergency
The system has become unstable.
1 - Alert
Immediate action is required.
2 - Critical
Functionality is affected.
3 - Error
An error condition exists and
functionality could be affected.
4 - Warning
Functionality could be affected.
5 - Notification
Information about normal events.
6 - Information
General information about system
operations.
6 - Debug
Displays debugging messages.
The FortiGate unit provides a wide range of features to log, enabling you to better monitor
activity that is occurring on your network. For example, you can enable logging of IM/P2P
features, to obtain detailed information on the activity occurring on your network where
IM/P2P programs are used.
Before enabling FortiGate features, you need to configure what type of logging device will
store the logs. For more information, see
page
710.
This topic also provides details on each log type and explains how to enable logging of the
log type.
Note: If the FortiGate unit is in Transparent mode, certain settings and options for logging
may not be available because they do not support logging, or are not available in
Transparent mode. For example, SSL VPN events are not available in Transparent mode.
The Traffic log records all the traffic to and through the FortiGate interfaces. You can
configure logging of traffic controlled by firewall policies and for traffic between any source
and destination addresses. You can also filter to customize the traffic logged:
•
Allowed traffic – The FortiGate unit logs all traffic that is allowed according to the
firewall policy settings.
•
Violation traffic – The FortiGate unit logs all traffic that violates the firewall policy
settings.
If you are logging "other-traffic", the FortiGate unit will incur a higher system load because
"other-traffic" logs log individual traffic packets. Fortinet recommends logging firewall
policy traffic since it minimizes the load. Logging "other-traffic" is disabled by default.
Generated by
Event logs, specifically administrative
events, can generate an emergency
severity level.
Attack logs are the only logs that generate
an Alert severity level.
Event, Antivirus, and Spam filter logs.
Event and Spam filter logs.
Event and Antivirus logs.
Traffic and Web Filter logs.
DLP Archive, Event, and Spam filter logs.
The Debug severity level is rarely used. It
is the lowest log severity level and usually
contains some firmware status information
that is useful when the FortiGate unit is
not functioning properly. Debug log
messages are generated by all types of
FortiGate features.
"Configuring how a FortiGate unit stores logs" on
FortiGate Version 4.0 MR1 Administration Guide
http://docs.fortinet.com/
Log&Report
01-410-89802-20090903
•
Feedback
Advertisement
Table of Contents
