The FortiView>Security>Security Logs page displays Web application firewall logs that the system has generated, from Log & Report > Log Browsing. It has two types of logs: Security and Aggregate.
The security log can show you two logs, the AV Log or the WAF Log. You can choose between them by clicking on the upper right. There, you will also have the option to select the timespan for the logs generated.
Click on the graph to see information.
Note: The information parameters for the WAF and AV Logs are identical. Also, these logs will also appear in the Aggregate tab.
Source IP address
Destination IP address.
The Aggregate Log provides an aggregated view of security logs within a selected time frame.
There are fivetypes of aggregated security logs:
- Synflood—Traffic logged by the SYN Flood feature
- Geo—Traffic logged by the Geo IP block list feature
- IP Reputation—Traffic logged by the IP Reputation feature
- WAF—Traffic logged by the WAF feature
- AV—Traffic logged by the Anti virus module
To view an aggregate log:
- Click log type.
- Select a time frame.
- Click Refresh to apply the filter and redisplay the log.
The following table shows the detailed information of an aggregated GEO log. The other aggregated logs show the same details.
|For DoS, number of timeouts sent per destination
|Always “high” for DoS
|Source IP address
|Destination IP address