Configuring Event logging Log&Report
FortiGate Version 4.0 MR1 Administration Guide
718 01-410-89802-20090903
http://docs.fortinet.com/ • Feedback
Data Leak Prevention log
Data Leak Prevention (DLP) provides additional information for administrators that can
better analyze and detect data leaks. You can enable logging of your configured settings
for Data Leak Prevention in a protection profile.
Before enabling logging of DLP events, verify that the correct DLP sensor is available for
what you want to log. A DLP sensor is required for both logging and DLP archiving of DLP
events. You cannot apply multiple DLP sensors for logging or DLP archiving of DLP
events.
To enable logging of Data Leak Prevention settings
1 Go to Firewall > Protection Profile.
2 Select the Expand Arrow to view the policy list for a policy.
3 Select Edit beside the policy that you want.
4 Select the Expand Arrow to view the Data Leak Prevention options.
5 Select the check box next to the sensor list.
6 Select a sensor from the list.
7 Select the Expand Arrow to view the Logging options.
8 Select the Data Leak Prevention Log DLP check box.
Application Control log
This log file includes IPS, IM/P2P and VoIP events that the FortiGate unit records. The
application control log also includes some IPS activities.
Before enabling logging of Application Control events, verify that the correct application
control list is available for what you want to log. An application control list is required for
logging application control events.
To enable logging of Application Control settings
1 Go to Firewall > Protection Profile.
2 Select Edit beside the protection profile that you want.
3 Select the Expand arrow to expand Application Control.
4 Select the check box beside the application control list.
5 Select a list from the application control list.
Pattern update
event
All pattern update events, such as antivirus and IPS pattern updates and
update failures.
SSL VPN user
authentication event
All user authentication events for an SSL VPN connection, such as logging
in, logging out and timeout due to inactivity.
SSL VPN
administration event
All administration events related to SSL VPN, such as SSL configuration
and CA certificate loading and removal.
SSL VPN session
event
All session activity such as application launches and blocks, timeouts, and
verifications.
VIP ssl event All server-load balancing events happening during SSL sessions, especially
details about handshaking.
VIP server health
monitor event
All related VIP server health monitor events that occur when the VIP health
monitor is configured, such as an interface failure.
CPU & memory
usage (every 5 min)
All real-time CPU and memory events, at 5-minute intervals.
To Next Page
Loading...
Need help?
General