Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Administration Guide

    Home FortiAnalyzer 7.6.0 Administration Guide
    7.6.0
    7.6.1
    7.6.0
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.15
    6.4.14
    6.4.13
    6.4.12
    6.4.11
    6.4.10
    6.4.9
    6.4.8
    6.4.7
    6.4.6
    6.4.5
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.2.13
    6.2.12
    6.2.11
    6.2.10
    6.2.9
    6.2.8
    6.2.7
    6.2.6
    6.2.5
    6.2.3
    6.2.2
    6.2.1
    6.2.0
    6.0.12
    6.0.11
    6.0.10
    6.0.9
    6.0.8
    6.0.7
    6.0.6
    6.0.5
    6.0.4
    6.0.3
    6.0.2
    6.0.1
    6.0.0
    5.6.11
    5.6.10
    5.6.10
    5.6.9
    5.6.8
    5.6.7
    5.6.6
    5.6.5
    5.6.4
    5.6.3
    5.6.2
    5.6.1
    5.6.0
    5.4.7
    5.4.6
    5.4.5
    5.4.4
    5.4.3
    5.4.2
    5.4.1
    5.4.0
    5.2.10
    5.2.9
    5.2.7
    5.2.6
    5.2.5
    5.2.4
    5.2.3
    5.2.2
    5.2.1
    5.2.0
    5.0.13
    5.0.11
    5.0.10
    5.0.9
    5.0.8
    5.0.7
    5.0.6
    5.0.5
    5.0.4
    5.0.3
    5.0.2
    4.3.0
    4.2.0
    4.1.0
    4.0.0

    Viewing message details

    Viewing message details

    To view message details:
    1. Double-click a message in the message list.

      The details pane is displayed to the right of the message list, with the fields categorized in tree view.

      You can display the log details pane below the message list by clicking the Bottom icon in the log details pane. When the log details pane is displayed below the message list, you can move it to the right of the log message list by clicking the Right icon. This is sometimes referred to as docking the pane to the bottom or right of the screen.

    The log details pane provides shortcuts for adding or replacing filters and for showing or hiding a column. Right-click a log field to select an option.

    If the log message contains UTM logs, you can click the UTM log icon in the log details pane to open the UTM log view window.
    Note

    If the log message contains IPS signature information, you can click the IPS signature link under Attack Name to view the IPS Signature details in a dialog window.
    To view FortiWEB packet logs:
    1. Go to Log View > Logs > Fortinet Logs, and select the FortiWeb device type.
    2. From the log type dropdown, select Attack log.
    3. Double-click a message in the list to open the log details pane.
    4. In the Data field, click the Device icon. The View Attack Content dialog displays a subset of FortiWEB's packet log (headers, arguments, and a truncated HTTP body). The maximum size of the packet log is 8 KB.

    Tooltip

    The Device icon is also available in the Data column. To display the column, click More Columns, and select Data from the dropdown.
    To download an encrypted archive file in ZIP format:

    You can set packet capture (PCAP) files to download from FortiAnalyzer encrypted and/or in ZIP format.

    By default, PCAP files are downloaded in ZIP format. To adjust this setting, use the following command in the FortiAnalyzer CLI:

    config system log pcap-file

    set download-mode {plain | zip | zip-with-password}

    end

    You can download archive files from logs via the FortiAnalyzer GUI in the log detail panel. The below example demonstrates how to download a PCAP file that is encrypted in ZIP format.

    1. In the FortiAnalyzer CLI, set the pcap-file download mode to zip-with-password:

      config system log pcap-file

      set download-mode zip-with-password

      end

    2. In the FortiAnalyzer GUI, go to Log View and double-click a log containing an archive file.

    3. In the Data section, click the download icon for the Archive field.

      The file is downloaded and the password displays in the FortiAnalyzer GUI. You can copy the password, as needed.

      To unlock the downloaded file, if appropriate, you must use the password.

    Previous
    Next

    Viewing message details

    Viewing message details

    To view message details:
    1. Double-click a message in the message list.

      The details pane is displayed to the right of the message list, with the fields categorized in tree view.

      You can display the log details pane below the message list by clicking the Bottom icon in the log details pane. When the log details pane is displayed below the message list, you can move it to the right of the log message list by clicking the Right icon. This is sometimes referred to as docking the pane to the bottom or right of the screen.

    The log details pane provides shortcuts for adding or replacing filters and for showing or hiding a column. Right-click a log field to select an option.

    If the log message contains UTM logs, you can click the UTM log icon in the log details pane to open the UTM log view window.
    Note

    If the log message contains IPS signature information, you can click the IPS signature link under Attack Name to view the IPS Signature details in a dialog window.
    To view FortiWEB packet logs:
    1. Go to Log View > Logs > Fortinet Logs, and select the FortiWeb device type.
    2. From the log type dropdown, select Attack log.
    3. Double-click a message in the list to open the log details pane.
    4. In the Data field, click the Device icon. The View Attack Content dialog displays a subset of FortiWEB's packet log (headers, arguments, and a truncated HTTP body). The maximum size of the packet log is 8 KB.

    Tooltip

    The Device icon is also available in the Data column. To display the column, click More Columns, and select Data from the dropdown.
    To download an encrypted archive file in ZIP format:

    You can set packet capture (PCAP) files to download from FortiAnalyzer encrypted and/or in ZIP format.

    By default, PCAP files are downloaded in ZIP format. To adjust this setting, use the following command in the FortiAnalyzer CLI:

    config system log pcap-file

    set download-mode {plain | zip | zip-with-password}

    end

    You can download archive files from logs via the FortiAnalyzer GUI in the log detail panel. The below example demonstrates how to download a PCAP file that is encrypted in ZIP format.

    1. In the FortiAnalyzer CLI, set the pcap-file download mode to zip-with-password:

      config system log pcap-file

      set download-mode zip-with-password

      end

    2. In the FortiAnalyzer GUI, go to Log View and double-click a log containing an archive file.

    3. In the Data section, click the download icon for the Archive field.

      The file is downloaded and the password displays in the FortiAnalyzer GUI. You can copy the password, as needed.

      To unlock the downloaded file, if appropriate, you must use the password.

    Previous
    Next