Accessing and viewing log messages Log&Report
FortiGate Version 4.0 MR1 Administration Guide
720 01-410-89802-20090903
http://docs.fortinet.com/ • Feedback
Attack log (IPS)
The Attack (IPS) log records attacks detected and prevented by the FortiGate unit. The
FortiGate unit logs the following:
• Attack Signature – The FortiGate unit logs all detected and prevented attacks based
on the attack signature, and the action taken by the FortiGate unit.
• Attack Anomaly – The FortiGate unit logs all detected and prevented attacks based
on unknown or suspicious traffic patterns, and the action taken by the FortiGate unit.
You can view attack log messages from either the Memory or Remote tab.
To enable the attack logs
1 Go to Firewall > Protection Profile.
2 Select Edit beside the protection profile that you want.
3 Select the Expand Arrow beside Logging to reveal the available options.
4 Select Log Intrusions under IPS.
5 Select OK.
Accessing and viewing log messages
You can use the Log Access feature in the FortiGate web-based manager to view logs
stored in memory, on a hard disk, stored on a FortiAnalyzer unit running FortiAnalyzer 3.0,
and on the FortiGuard Analysis server.
To view log messages go to Log&Report > Log Access and then select:
• Remote to view log messages stored on a FortiAnalyzer unit or the FortiGuard
Analysis and Management Service
• Memory to view log messages stored in FortiGate unit system memory
• Disk to view log messages stored on a hard disk such as an internal hard disk or an
AMC hard disk.
Log Access provides tabs for viewing logs according to these locations. Each tab provides
options for viewing log messages, such as search and filtering options, and choice of log
type. The Remote tab displays logs stored on either the FortiGuard Analysis server or
FortiAnalyzer unit, whichever one is configured for logging.
Log information is displayed in the Log Access menu. Different tabs in Log Access display
log information stored on the FortiAnalyzer unit, FortiGate system memory and hard disk if
available, including the FortiGuard Analysis server.
The columns that appear reflect the content found in the log file. The top portion of the Log
Access page includes navigational features to help you move through the log messages
and locate specific information.
To view log messages, go to Log&Report > Log Access and then select the tab that
corresponds to the log storage device used: Remote, Memory or Disk. If you are logging
to the FortiGate unit’s hard disk, select Edit beside a rolled log file to view log messages.
Note: Make sure attack signature and attack anomaly DoS sensor settings are enabled to
log the attack. The logging options for the signatures included with the FortiGate unit are
set by default. Ensure any custom signatures also have the logging option enabled. For
more information, see “Intrusion Protection” on page 531.
To Next Page
Loading...
Need help?
General