Types of logs collected for each device
FortiAnalyzer can collect logs from managed FortiGate, FortiCarrier, FortiCache, FortiMail, FortiManager, FortiSandbox, FortiWeb, FortiClient, and syslog servers. Following is a description of the types of logs FortiAnalyzer collects from each type of device:
Device Type |
Log Type |
---|---|
FortiAnalyzer |
Event |
FortiAuthenticator |
Event |
FortiGate |
Traffic Security: Antivirus, Intrusion Prevention, Application Control, Web Filter, DNS, Data Leak Prevention, Email Filter, Web Application Firewall, Vulnerability Scan, VoIP, FortiClient Event: Endpoint, HA, Compliance, System, Router, VPN, User, WAN Opt. & Cache, WiFi |
FortiCarrier |
Traffic, Event, GTP |
FortiCache |
Traffic, Event, Antivirus, Web Filter |
FortiClient |
Traffic, Event, Vulnerability Scan |
FortiDDoS |
Event, Intrusion Prevention |
FortiMail |
History, Event, Antivirus, Email Filter |
FortiManager |
Event |
FortiSandbox |
Malware, Network Alerts |
FortiWeb |
Event, Intrusion Prevention, Traffic |
Syslog |
Generic |
Traffic logs
Traffic logs record the traffic flowing through your FortiGate unit. Since traffic needs firewall policies to properly flow through FortiGate, this type of logging is also called firewall policy logging. Firewall policies control all traffic attempting to pass through the FortiGate unit, between FortiGate interfaces, zones, and VLAN sub-interfaces.
Security logs
Security logs (FortiGate) record all antivirus, web filtering, application control, intrusion prevention, email filtering, data leak prevention, vulnerability scan, and VoIP activity on your managed devices.
DNS logs
DNS logs (FortiGate) record the DNS activity on your managed devices.
Event logs
Event logs record administration management and Fortinet device system activity, such as when a configuration changes, or admin login or HA events occur. Event logs are important because they record Fortinet device system activity which provides valuable information about how your Fortinet unit is performing. FortiGate event logs includes System, Router, VPN, User, and WiFi menu objects to provide you with more granularity when viewing and searching log data.
The logs displayed on your FortiAnalyzer depends on the device type logging to it and the enabled features. FortiGate, FortiCarrier, FortiCache, FortiMail, FortiManager, FortiWeb, FortiSandbox, FortiClient, and Syslog logging is supported. ADOMs must be enabled to support non-FortiGate logging. |
For more information on logging see the Logging and Reporting for FortiOS Handbook in the Fortinet Document Library.