FortiAnalyzer version 6.0.3 includes the following new features and enhancements:
The following new default Event Handlers have been added:
- Default-Suspicious-File Detection
Log ID for long sessions
In FortiView, Log ID = 0000000020 indicates a long session that is not yet closed. A long session has multiple logs but is still considered one session. The sent/received data of long sessions counts all interim traffic data reported by lines with Log ID = 0000000020.
When the session is closed, the Log ID is 13.