Security Logs
The FortiView > Security Logs page provides you with graphical analysis tools to view and analyze the statistical data collected from Log & Report > Security Log. All security logs from Log & Report > Security Log can be accessed from FortiView > Security Logs except for logs related to the Firewall module.
There are two types of FortiView logs:
-
Security Log — displays a bar graph of the security log event count against a specific time-period, from where you can drill down to a detailed view of particular logs.
-
Aggregate Log — displays a doughnut chart and bar graph that provide an aggregate view of security logs within a selected time-frame.
Security Log
From the Security Log tab, you can generate a bar graph of the log count and time-period of your choosing. The default selection is ALL, which generates a second bar graph of the log count of all security logs by category.
To view and filter the security log data:
- Navigate to the settings along the top of the window.
- Select the Security Log Category. The table below lists the available log options and their associated security module.
Security Log Category
Security Module
AV Detection Anti Virus HTTP Access Limit DoS Protection HTTP Connection Flood HTTP Request Flood IP Fragmentation Attack TCP Access Flood TCP Slow Data Attack TCP SYN Flood
GEO Blocklist
Geo IP Blocklist
IP Reputation
IP Reputation
Intrusion Detection
Intrusion Prevention System (IPS)
Anti Defacement
Web Application Firewall (WAF)
API Gateway
Bot Detection
Brute Force Login
Cookie Security
CORS Protection
Credential Stuffing Defense
CSRF Protection
Data Leak Prevention
SQL/XSS Inject Detection
HTTP Input Validation
HTTP Protocol Constraint
JSON Validation
OpenAPI Validation Detection
SOAP Validation
URL Protection
Attacks(Signature)
Web Scraping
XML Validation
- Select the time-period from which the selected security logs should be included to generate the graph.
You have the following options:
- 1 Hour
- 6 Hours
- 1 Day
- 1 Week
- 1 Month
- 1 Year
From each graph, you can click on any data point to view the associated logs for further analysis. The log columns displayed depends on the security log category. For additional detail, click the (Detail icon) to show the log details. For further description of each log message, see the FortiADC Log Reference.
The following table describes the columns for each security log.
Column |
Description |
---|---|
Date | Log date. |
Time | Log time. |
Count |
The Count column is only available for security logs related to DoS Protection, Geo IP Blocklist, and IP Reputation. Rule match count. |
Source | Source IP address. |
Destination | Destination IP address. |
Action | Action type that was taken as a result. |
Destination | Destination IP address. |
Service |
The Service column is only available for security logs related to Anti Virus and IPS. Specifies the service type. |
Severity |
The Service column is only available for security logs related to Anti Virus, Geo IP Blocklist, IPS and WAF. Specifies the security level. |
Virus Category |
The Virus Category column is only available for security logs related to Anti Virus. Specifies the virus category. |
Rule Name |
The Rule Name column is only available for security logs related to IPS. Specifies the security rule name. |
WAF Subcategory |
The WAF Subcategory column is only available for security logs related to WAF. Specifies the Web Application Firewall subcategory. |
Action | Action type that was taken as a result. |
(Detail icon) |
Click the (Detail icon) for the log details. For further description of each log message, see the FortiADC Log Reference. For WAF related security logs, the following actions may be performed directly from the log details:
|
Aggregate Log
From the Aggregate Log tab, you can generate two graphs, a doughnut chart of the security logs by date and a horizontal bar graph of the security logs by category. these graphs provide an aggregate view of security logs within the time-period of your choosing.
To view and filter the aggregate log data:
- Navigate to the settings along the top of the window.
- Select the security logs from the following options:
- IP Reputation — Traffic logged by the IP Reputation feature.
- DDoS — Traffic logged by the DoS Protection feature.
- WAF — Traffic logged by the Web Application Firewall feature.
- GEO — Traffic logged by the Geo IP block list feature.
- AV — Traffic logged by the Anti Virus module.
- IPS — Traffic logged by the IPS feature.
- 3 Days
- 5 Days
- 7 Days
From each graph, you can click on any data point to view the associated logs for further analysis. The log columns displayed depends on the security log category. For additional detail, click the (Detail icon) to show the log details. For further description of each log message, see the FortiADC Log Reference.
The following table describes the columns for each security log.
Column |
Description |
---|---|
Date | Log date. |
Time | Log time. |
Count |
The Count column is only available for DDoS, GEO, and IP Reputation. Rule match count. |
Source | Source IP address. |
Destination | Destination IP address. |
Action | Action type that was taken as a result. |
Destination | Destination IP address. |
Service |
The Service column is only available for AV and IPS. Specifies the service type. |
Severity |
The Service column is only available for security logs related to AV, GEO, IPS and WAF. Specifies the security level. |
Virus Category |
The Virus Category column is only available for security logs related to AV. Specifies the virus category. |
Rule Name |
The Rule Name column is only available for security logs related to IPS. Specifies the security rule name. |
WAF Subcategory |
The WAF Subcategory column is only available for security logs related to WAF. Specifies the Web Application Firewall subcategory. |
Action | Action type that was taken as a result. |
(Detail icon) |
Click the (Detail icon) for the log details. For further description of each log message, see the FortiADC Log Reference. For WAF security logs, the following actions may be performed directly from the log details:
|