Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

Related Videos

Log View Detail Pane: Event Logs

  • 397 views
  • 8 months ago

Administration Guide

Types of logs collected for each device

FortiAnalyzer can collect logs from managed FortiGate, FortiCarrier, FortiCache, FortiMail, FortiManager, FortiSandbox, FortiWeb, FortiClient, and syslog servers. Following is a description of the types of logs FortiAnalyzer collects from each type of device:

Device Type

Log Type

FortiAnalyzer

Event

FortiAuthenticator

Event

FortiGate

Traffic

Security: Antivirus, Intrusion Prevention, Application Control, Web Filter, DNS, Data Leak Prevention, Email Filter, Web Application Firewall, Vulnerability Scan, VoIP, FortiClient

Event: Endpoint, HA, Compliance, System, Router, VPN, User, WAN Opt. & Cache, WiFi

FortiCarrier

Traffic, Event, GTP

FortiCache

Traffic, Event, Antivirus, Web Filter

FortiClient

Traffic, Event, Vulnerability Scan

FortiDDoS

Event, Intrusion Prevention

FortiMail

History, Event, Antivirus, Email Filter

FortiManager

Event

FortiSandbox

Malware, Network Alerts

FortiWeb

Event, Intrusion Prevention, Traffic

Syslog

Generic

Traffic logs

Traffic logs record the traffic flowing through your FortiGate unit. Since traffic needs firewall policies to properly flow through FortiGate, this type of logging is also called firewall policy logging. Firewall policies control all traffic attempting to pass through the FortiGate unit, between FortiGate interfaces, zones, and VLAN sub-interfaces.

Security logs

Security logs (FortiGate) record all antivirus, web filtering, application control, intrusion prevention, email filtering, data leak prevention, vulnerability scan, and VoIP activity on your managed devices.

DNS logs

DNS logs (FortiGate) record the DNS activity on your managed devices.

Event logs

Event logs record administration management and Fortinet device system activity, such as when a configuration changes, or admin login or HA events occur. Event logs are important because they record Fortinet device system activity which provides valuable information about how your Fortinet unit is performing. FortiGate event logs includes System, Router, VPN, User, and WiFi menu objects to provide you with more granularity when viewing and searching log data.

The logs displayed on your FortiAnalyzer depends on the device type logging to it and the enabled features. FortiGate, FortiCarrier, FortiCache, FortiMail, FortiManager, FortiWeb, FortiSandbox, FortiClient, and Syslog logging is supported. ADOMs must be enabled to support non-FortiGate logging.
In a Security Fabric ADOM, all device logs are displayed.

Related Videos

Log View Detail Pane: Event Logs

  • 397 views
  • 8 months ago

Types of logs collected for each device

FortiAnalyzer can collect logs from managed FortiGate, FortiCarrier, FortiCache, FortiMail, FortiManager, FortiSandbox, FortiWeb, FortiClient, and syslog servers. Following is a description of the types of logs FortiAnalyzer collects from each type of device:

Device Type

Log Type

FortiAnalyzer

Event

FortiAuthenticator

Event

FortiGate

Traffic

Security: Antivirus, Intrusion Prevention, Application Control, Web Filter, DNS, Data Leak Prevention, Email Filter, Web Application Firewall, Vulnerability Scan, VoIP, FortiClient

Event: Endpoint, HA, Compliance, System, Router, VPN, User, WAN Opt. & Cache, WiFi

FortiCarrier

Traffic, Event, GTP

FortiCache

Traffic, Event, Antivirus, Web Filter

FortiClient

Traffic, Event, Vulnerability Scan

FortiDDoS

Event, Intrusion Prevention

FortiMail

History, Event, Antivirus, Email Filter

FortiManager

Event

FortiSandbox

Malware, Network Alerts

FortiWeb

Event, Intrusion Prevention, Traffic

Syslog

Generic

Traffic logs

Traffic logs record the traffic flowing through your FortiGate unit. Since traffic needs firewall policies to properly flow through FortiGate, this type of logging is also called firewall policy logging. Firewall policies control all traffic attempting to pass through the FortiGate unit, between FortiGate interfaces, zones, and VLAN sub-interfaces.

Security logs

Security logs (FortiGate) record all antivirus, web filtering, application control, intrusion prevention, email filtering, data leak prevention, vulnerability scan, and VoIP activity on your managed devices.

DNS logs

DNS logs (FortiGate) record the DNS activity on your managed devices.

Event logs

Event logs record administration management and Fortinet device system activity, such as when a configuration changes, or admin login or HA events occur. Event logs are important because they record Fortinet device system activity which provides valuable information about how your Fortinet unit is performing. FortiGate event logs includes System, Router, VPN, User, and WiFi menu objects to provide you with more granularity when viewing and searching log data.

The logs displayed on your FortiAnalyzer depends on the device type logging to it and the enabled features. FortiGate, FortiCarrier, FortiCache, FortiMail, FortiManager, FortiWeb, FortiSandbox, FortiClient, and Syslog logging is supported. ADOMs must be enabled to support non-FortiGate logging.
In a Security Fabric ADOM, all device logs are displayed.