Fortinet black logo

Log and Debug

Copy Link
Copy Doc ID ae0496b8-ce8d-11e9-8977-00505692583a:596874
Download PDF

Log and Debug

Syslog and statistics

Log header

date

The year, month and day of when the event occurred in yyyy-mm-dd format

time=(12:55:06)

The hour, minute and second of when the event occurred in the format hh:mm:ss.

log_id

A five or ten-digit unique identification number

type

Attack for IPS

subtype

The subtype category of the log message(IPS)

level

The priority level of the event.

vd

The name of the virtual domain where the action/event occurred in.

Log body fields

Log body

source

Source IP address

dstination

Destination IP address

proto

Protocol

policy

Virtual server name

service

Service

action

Policy action

sigid

Attack signature ID

srccountry

Location of the source IP address

dstcountry

Location of the destination IP address

msg

Security profile name, category, subcategory, and description of the attack.

count

Rule match count

Browsing Log over GUI

  1. Go to Log Report > Log Browsing.
  2. Select the Security Log and then click IPS.
  3. All the traffic triggered IPS will be listed.
  4. Click the Detail icon; the details of the traffic are according to the format provided above.

Debug

#diagnose debug module ips-engine

Option

Content

show

show ips engine debug status

packet

ips engine packet debug info

packet-detail

ips engine packet detail debug info

timeout

ips engine timeout debug info

cfg

ips engine config debug info

cfg-delay

ips engine config delay debug info

#diagnose ips session

Option

Content

clear

clear all sessions in ips engine

content

show ips session content statistics

list

list all sessions in ips engine

performance

show ips session performance statistics

status

show ips session status

Log and Debug

Syslog and statistics

Log header

date

The year, month and day of when the event occurred in yyyy-mm-dd format

time=(12:55:06)

The hour, minute and second of when the event occurred in the format hh:mm:ss.

log_id

A five or ten-digit unique identification number

type

Attack for IPS

subtype

The subtype category of the log message(IPS)

level

The priority level of the event.

vd

The name of the virtual domain where the action/event occurred in.

Log body fields

Log body

source

Source IP address

dstination

Destination IP address

proto

Protocol

policy

Virtual server name

service

Service

action

Policy action

sigid

Attack signature ID

srccountry

Location of the source IP address

dstcountry

Location of the destination IP address

msg

Security profile name, category, subcategory, and description of the attack.

count

Rule match count

Browsing Log over GUI

  1. Go to Log Report > Log Browsing.
  2. Select the Security Log and then click IPS.
  3. All the traffic triggered IPS will be listed.
  4. Click the Detail icon; the details of the traffic are according to the format provided above.

Debug

#diagnose debug module ips-engine

Option

Content

show

show ips engine debug status

packet

ips engine packet debug info

packet-detail

ips engine packet detail debug info

timeout

ips engine timeout debug info

cfg

ips engine config debug info

cfg-delay

ips engine config delay debug info

#diagnose ips session

Option

Content

clear

clear all sessions in ips engine

content

show ips session content statistics

list

list all sessions in ips engine

performance

show ips session performance statistics

status

show ips session status