Fortinet Document Library

Version:


Table of Contents

6.2.1
Download PDF
Copy Link

Consolidated file filtering logs

Log subtype: File-filter has been introduced under UTM log type to consolidate file filtering logs generated by different UTM engines.

FortiAnalyzer added new subtype under Security - File Filter:

Sample logs from FortiAnalyzer:
  • File filter log for JPEG:

    itime=2019-06-26 13:37:57 vd=root filetype=unknown direction=incoming agent=Debian date=2019-06-26 dstip=91.189.91.26 srcintfrole=undefined dstintfrole=undefined tz=-0700 service=HTTP proto=6 matchfiletype=tar eventtype=file-filter hostname=ca.archive.ubuntu.com devid=FGVM2VTM18000169 filename=usb-creator-common_0.3.5ubuntu18.04.1_amd64.deb matchfilename=data.tar dstintf=port1 filesize=14000 msg=File was detected by file filter. idseq=165023391265325067 dstport=80 type=utm dtime=2019-06-26 09:34:10 profile=new-ff-gui eventtime=1561566850632028919 filtername=jpeg devname=FGVM2VTM18000169 dsteuid=2074 sessionid=2418062 itime_t=1561567077 policyid=1 srcintf=port2 srcip=10.1.120.242 dstepid=101 level=notice url=/ubuntu/pool/main/u/usb-creator/usb-creator-common_0.3.5ubuntu18.04.1_amd64.deb epid=18027 srcport=42552 logid=1900064001 subtype=file-filter time=09:34:10 action=passthrough euid=0

  • File filter log for GIF:

    itime=2019-06-24 17:26:39 vd=root filetype=unknown direction=incoming agent=Debian date=2019-06-24 dstip=91.189.88.24 srcintfrole=undefined dstintfrole=undefined tz=-0700 service=HTTP proto=6 matchfiletype=gif eventtype=file-filter hostname=ca.archive.ubuntu.com devid=FGVM2VTM18000169 filename=firefox_67.0.4+build1-0ubuntu0.18.04.1_amd64.deb matchfilename=./usr/lib/firefox/Throbber-small.gif dstintf=port1 filesize=1048065 msg=File was detected by file filter. idseq=165023391265325057 dstport=80 type=utm dtime=2019-06-24 13:23:02 profile=new-ff-gui eventtime=1561407784293617478 filtername=gif devname=FGVM2VTM18000169 dsteuid=0 sessionid=1754867 itime_t=1561407999 policyid=1 srcintf=port2 srcip=10.1.120.242 dstepid=101 level=notice url=/ubuntu/pool/main/f/firefox/firefox_67.0.4+build1-0ubuntu0.18.04.1_amd64.deb epid=18027 srcport=55634 logid=1900064001 subtype=file-filter time=13:23:02 action=passthrough euid=0

Consolidated file filtering logs

Log subtype: File-filter has been introduced under UTM log type to consolidate file filtering logs generated by different UTM engines.

FortiAnalyzer added new subtype under Security - File Filter:

Sample logs from FortiAnalyzer:
  • File filter log for JPEG:

    itime=2019-06-26 13:37:57 vd=root filetype=unknown direction=incoming agent=Debian date=2019-06-26 dstip=91.189.91.26 srcintfrole=undefined dstintfrole=undefined tz=-0700 service=HTTP proto=6 matchfiletype=tar eventtype=file-filter hostname=ca.archive.ubuntu.com devid=FGVM2VTM18000169 filename=usb-creator-common_0.3.5ubuntu18.04.1_amd64.deb matchfilename=data.tar dstintf=port1 filesize=14000 msg=File was detected by file filter. idseq=165023391265325067 dstport=80 type=utm dtime=2019-06-26 09:34:10 profile=new-ff-gui eventtime=1561566850632028919 filtername=jpeg devname=FGVM2VTM18000169 dsteuid=2074 sessionid=2418062 itime_t=1561567077 policyid=1 srcintf=port2 srcip=10.1.120.242 dstepid=101 level=notice url=/ubuntu/pool/main/u/usb-creator/usb-creator-common_0.3.5ubuntu18.04.1_amd64.deb epid=18027 srcport=42552 logid=1900064001 subtype=file-filter time=09:34:10 action=passthrough euid=0

  • File filter log for GIF:

    itime=2019-06-24 17:26:39 vd=root filetype=unknown direction=incoming agent=Debian date=2019-06-24 dstip=91.189.88.24 srcintfrole=undefined dstintfrole=undefined tz=-0700 service=HTTP proto=6 matchfiletype=gif eventtype=file-filter hostname=ca.archive.ubuntu.com devid=FGVM2VTM18000169 filename=firefox_67.0.4+build1-0ubuntu0.18.04.1_amd64.deb matchfilename=./usr/lib/firefox/Throbber-small.gif dstintf=port1 filesize=1048065 msg=File was detected by file filter. idseq=165023391265325057 dstport=80 type=utm dtime=2019-06-24 13:23:02 profile=new-ff-gui eventtime=1561407784293617478 filtername=gif devname=FGVM2VTM18000169 dsteuid=0 sessionid=1754867 itime_t=1561407999 policyid=1 srcintf=port2 srcip=10.1.120.242 dstepid=101 level=notice url=/ubuntu/pool/main/f/firefox/firefox_67.0.4+build1-0ubuntu0.18.04.1_amd64.deb epid=18027 srcport=55634 logid=1900064001 subtype=file-filter time=13:23:02 action=passthrough euid=0