Log types Log&Report
FortiGate Version 4.0 MR1 Administration Guide
734 01-410-89802-20090903
http://docs.fortinet.com/ • Feedback
Log types
The FortiGate unit provides a wide range of features to log, enabling you to better monitor
activity that is occurring on your network. For example, you can enable logging of IM/P2P
features, to obtain detailed information on the activity occurring on your network where
IM/P2P programs are used.
Before enabling FortiGate features, you need to configure what type of logging device will
store the logs. For more information, see “Configuring how a FortiGate unit stores logs” on
page 710.
This topic also provides details on each log type and explains how to enable logging of the
log type.
Traffic log
The Traffic log records all the traffic to and through the FortiGate interfaces. You can
configure logging of traffic controlled by firewall policies and for traffic between any source
and destination addresses. You can also filter to customize the traffic logged:
• Allowed traffic – The FortiGate unit logs all traffic that is allowed according to the
firewall policy settings.
• Violation traffic – The FortiGate unit logs all traffic that violates the firewall policy
settings.
If you are logging “other-traffic”, the FortiGate unit will incur a higher system load because
“other-traffic” logs log individual traffic packets. Fortinet recommends logging firewall
policy traffic since it minimizes the load. Logging “other-traffic” is disabled by default.
Table 58: Log severity levels
Levels Description Generated by
0 - Emergency The system has become unstable. Event logs, specifically administrative
events, can generate an emergency
severity level.
1 - Alert Immediate action is required. Attack logs are the only logs that generate
an Alert severity level.
2 - Critical Functionality is affected. Event, Antivirus, and Spam filter logs.
3 - Error An error condition exists and
functionality could be affected.
Event and Spam filter logs.
4 - Warning Functionality could be affected. Event and Antivirus logs.
5 - Notification Information about normal events. Traffic and Web Filter logs.
6 - Information General information about system
operations.
DLP Archive, Event, and Spam filter logs.
6 - Debug Displays debugging messages. The Debug severity level is rarely used. It
is the lowest log severity level and usually
contains some firmware status information
that is useful when the FortiGate unit is
not functioning properly. Debug log
messages are generated by all types of
FortiGate features.
Note: If the FortiGate unit is in Transparent mode, certain settings and options for logging
may not be available because they do not support logging, or are not available in
Transparent mode. For example, SSL VPN events are not available in Transparent mode.
To Next Page
Loading...
Need help?
General