Fortinet black logo

Handbook

Security Logs

Security Logs

The FortiView>Security>Security Logs page displays Web application firewall logs that the system has generated, from Log & Report > Log Browsing. It has two types of logs: Security and Aggregate.

Security Log

The security log can show you two logs, the AV Log or the WAF Log. You can choose between them by clicking on the upper right. There, you will also have the option to select the timespan for the logs generated.

Click on the graph to see information.

Note: The information parameters for the WAF and AV Logs are identical. Also, these logs will also appear in the Aggregate tab.

AV/WAF Log Description

Date

Log date

Time

Log time

Severity

Rule severity

Source

Source IP address

Destination

Destination IP address.

Aggregate Log

The Aggregate Log provides an aggregated view of security logs within a selected time frame.

There are fivetypes of aggregated security logs:

  • Synflood—Traffic logged by the SYN Flood feature
  • Geo—Traffic logged by the Geo IP block list feature
  • IP Reputation—Traffic logged by the IP Reputation feature
  • WAF—Traffic logged by the WAF feature
  • AV—Traffic logged by the Anti virus module

To view an aggregate log:

  1. Click log type.
  2. Select a time frame.
  3. Click Refresh to apply the filter and redisplay the log.

The following table shows the detailed information of an aggregated GEO log. The other aggregated logs show the same details.

Details of an aggregated GEO log

Column Example Description
Date 2016-12-02 Log date
Time 10:27:01 Log time
Count 1 For DoS, number of timeouts sent per destination
Severity high Always “high” for DoS
Source 173.177.99.94 Source IP address
Destination 10.61.2.100 Destination IP address
Action deny Policy action

Security Logs

The FortiView>Security>Security Logs page displays Web application firewall logs that the system has generated, from Log & Report > Log Browsing. It has two types of logs: Security and Aggregate.

Security Log

The security log can show you two logs, the AV Log or the WAF Log. You can choose between them by clicking on the upper right. There, you will also have the option to select the timespan for the logs generated.

Click on the graph to see information.

Note: The information parameters for the WAF and AV Logs are identical. Also, these logs will also appear in the Aggregate tab.

AV/WAF Log Description

Date

Log date

Time

Log time

Severity

Rule severity

Source

Source IP address

Destination

Destination IP address.

Aggregate Log

The Aggregate Log provides an aggregated view of security logs within a selected time frame.

There are fivetypes of aggregated security logs:

  • Synflood—Traffic logged by the SYN Flood feature
  • Geo—Traffic logged by the Geo IP block list feature
  • IP Reputation—Traffic logged by the IP Reputation feature
  • WAF—Traffic logged by the WAF feature
  • AV—Traffic logged by the Anti virus module

To view an aggregate log:

  1. Click log type.
  2. Select a time frame.
  3. Click Refresh to apply the filter and redisplay the log.

The following table shows the detailed information of an aggregated GEO log. The other aggregated logs show the same details.

Details of an aggregated GEO log

Column Example Description
Date 2016-12-02 Log date
Time 10:27:01 Log time
Count 1 For DoS, number of timeouts sent per destination
Severity high Always “high” for DoS
Source 173.177.99.94 Source IP address
Destination 10.61.2.100 Destination IP address
Action deny Policy action