Fortinet Document Library

Version:

Version:

Version:

Version:

Version:


Table of Contents

Administration Guide

Log & Report

Use the Log & Report page to view and download all logs collected by the device, access scheduled reports, and generate reports. You can see logs local to FortiSandbox, or set up a remote log server, such as one linking to FortiAnalyzer.

Note

Local logs retain up to 1 GB of overall logs. If this limit is reached, logs are rotated to keep the latest ones.

Log Details

To view more details about a specific log in the log list, simply select that log. A log details pane is available at the bottom of the window.

The log details pane contains the same information as the log message list, except with a full message in lieu of a shortened one.

Logging Levels

FortiSandbox logs can be Emergency (reserved), Alert, Critical, Error, Warning, Information, or Debug. The following table provides example logs for each log level.

Log Level

Description

Example Log Entry

Alert

Immediate action is required.

Suspicious URL visit domain.com from 192.12.1.12 to 42.156.162.21:80.

Critical

Functionality is affected.

System database is not ready. A program should have started to rebuild it and it shall be ready after a while.

Error

An erroneous condition exists and functionality is probably effected.

Errors that occur when deleting certificates.

Warning

Functionality might be affected.

Submitted file AVSInstallPack.exe is too large: 292046088.

Information

General information about system operations.

LDAP server information that was successfully updated.

Debug

Detailed information useful for debugging purposes.

Launching job for file. jobid=2726271637747836543 filename=log md5=ebe5ae2bec3b653c2970e8cec9f5f1d9 sha1=06ea6108d02513f0d278ecc8d443df86dac2885b sha256=d678da5fb9ea3ee20af779a4ae13c402585ebb 070edcf20091cb20509000f74b

Raw logs

You can download and save raw logs to the management computer using the Download Log button. Raw logs are saved as a text file with the extension .log.gz. You can search the system log for more information.

Sample raw logs file content

itime=1458669062 date=2016-03-22 time=17:51:02 logid=1220000020 type=event subtype=unknown pri=alert user=system ui=system action=rating status=success reason=none letype=6 msg=fname=v32.cab jobid=2725911139058114340 sha1=f61045626e5f4f74108fb6b15dde284fe0249370 sha256=f75fca6300e48ec4876661314475cdd7f38d4c73e87dfb5a423ef34a7ce0154f rating=Clean scantime=11 malwarename=N/A srcip=204.79.197.200 dstip=208.91.115.250 protocol=HTTP device=() url=http://officecdn.microsoft.com/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32.cab

itime=1458669062 date=2016-03-22 time=17:51:02 logid=0106000001 type=event subtype=system pri=debug user=system ui=system action=controller status=success reason=none letype=6 pid=8605 msg="Sandboxing environment is not available for job 2725913445926977878, file type: htm, file extension: htm"

itime=1458669062 date=2016-03-22 time=17:51:02 logid=1220000020 type=event subtype=unknown pri=alert user=system ui=system action=rating status=success reason=none letype=6 msg=fname=0_22_93_0_0_2_0_0_1.html jobid=2725913445926977878 sha1=098a2ca8d81979f2bb281af236f9baa651d557d5 sha256=424c62eaaa4736740e43f5c7376ec6f209b0d3df0e0cadcc94324280eafa101f rating=Clean scantime=12 malwarename=N/A srcip=125.39.193.250 dstip=208.91.115.12 protocol=HTTP device=() url=http://all.17k.com/lib/book/0_22_93_0_0_2_0_0_1.html

Fort detailed log format information, please refer to the FortiSandbox 4.0.1 Log Reference available on the Fortinet Document Library.

Log & Report

Use the Log & Report page to view and download all logs collected by the device, access scheduled reports, and generate reports. You can see logs local to FortiSandbox, or set up a remote log server, such as one linking to FortiAnalyzer.

Note

Local logs retain up to 1 GB of overall logs. If this limit is reached, logs are rotated to keep the latest ones.

Log Details

To view more details about a specific log in the log list, simply select that log. A log details pane is available at the bottom of the window.

The log details pane contains the same information as the log message list, except with a full message in lieu of a shortened one.

Logging Levels

FortiSandbox logs can be Emergency (reserved), Alert, Critical, Error, Warning, Information, or Debug. The following table provides example logs for each log level.

Log Level

Description

Example Log Entry

Alert

Immediate action is required.

Suspicious URL visit domain.com from 192.12.1.12 to 42.156.162.21:80.

Critical

Functionality is affected.

System database is not ready. A program should have started to rebuild it and it shall be ready after a while.

Error

An erroneous condition exists and functionality is probably effected.

Errors that occur when deleting certificates.

Warning

Functionality might be affected.

Submitted file AVSInstallPack.exe is too large: 292046088.

Information

General information about system operations.

LDAP server information that was successfully updated.

Debug

Detailed information useful for debugging purposes.

Launching job for file. jobid=2726271637747836543 filename=log md5=ebe5ae2bec3b653c2970e8cec9f5f1d9 sha1=06ea6108d02513f0d278ecc8d443df86dac2885b sha256=d678da5fb9ea3ee20af779a4ae13c402585ebb 070edcf20091cb20509000f74b

Raw logs

You can download and save raw logs to the management computer using the Download Log button. Raw logs are saved as a text file with the extension .log.gz. You can search the system log for more information.

Sample raw logs file content

itime=1458669062 date=2016-03-22 time=17:51:02 logid=1220000020 type=event subtype=unknown pri=alert user=system ui=system action=rating status=success reason=none letype=6 msg=fname=v32.cab jobid=2725911139058114340 sha1=f61045626e5f4f74108fb6b15dde284fe0249370 sha256=f75fca6300e48ec4876661314475cdd7f38d4c73e87dfb5a423ef34a7ce0154f rating=Clean scantime=11 malwarename=N/A srcip=204.79.197.200 dstip=208.91.115.250 protocol=HTTP device=() url=http://officecdn.microsoft.com/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32.cab

itime=1458669062 date=2016-03-22 time=17:51:02 logid=0106000001 type=event subtype=system pri=debug user=system ui=system action=controller status=success reason=none letype=6 pid=8605 msg="Sandboxing environment is not available for job 2725913445926977878, file type: htm, file extension: htm"

itime=1458669062 date=2016-03-22 time=17:51:02 logid=1220000020 type=event subtype=unknown pri=alert user=system ui=system action=rating status=success reason=none letype=6 msg=fname=0_22_93_0_0_2_0_0_1.html jobid=2725913445926977878 sha1=098a2ca8d81979f2bb281af236f9baa651d557d5 sha256=424c62eaaa4736740e43f5c7376ec6f209b0d3df0e0cadcc94324280eafa101f rating=Clean scantime=12 malwarename=N/A srcip=125.39.193.250 dstip=208.91.115.12 protocol=HTTP device=() url=http://all.17k.com/lib/book/0_22_93_0_0_2_0_0_1.html

Fort detailed log format information, please refer to the FortiSandbox 4.0.1 Log Reference available on the Fortinet Document Library.