Fortinet black logo

New Features

FortiADC logging 6.4.3

Copy Link
Copy Doc ID 437aa0e1-63d2-11ea-9384-00505692583a:818530
Download PDF

FortiADC logging 6.4.3

FortiADC logs are supported on FortiAnalyzer.

To enable FortiADC logging:
  1. On FortiADC, go to Logs & Report > Log Setting and click the Syslog Server tab.
  2. Click Create New to create a remote log server. In the Proto field select UDP. FortiADC currently only supports this protocol. Click Save once complete.

    Once the remote log server is created and logs are generated on the FortiADC, the logs are sent to FortiAnalyzer.
  3. On FortiAnalyzer, go to the Device Manager and click the Unauthorized view to see the FortiADC device.
    Promote the FortiADC device to a Fabric ADOM, for example the root ADOM. FortiADC devices can only be added to Fabric ADOMs.

    After the FortiADC device is registered in the Device Manager, the FortiADC's logs can be stored and displayed in Log View.
Sample FortiADC Logs:

Traffic log:

id=6878052772042768384 itime=2020-09-29 16:17:34 euid=1 epid=1 dsteuid=1 dstepid=1 date=2020-08-19 time=17:13:37 type=traffic subtype=slb_layer4 log_id=0100008000 pri=information msg_id=8891139290341374 proto=6 src=20.20.0.1 src_port=55442 dst=20.20.0.100 dst_port=80 policy=VS1 action=none srccountry=United dstcountry=United duration=3 ibytes=398 obytes=1075 service=tcp trans_src=20.20.0.1 trans_src_port=55442 trans_dst=20.20.2.3 trans_dst_port=80 real_server=pool1-3 device_id=FADV040000002384 vd=root dtime=2020-08-19 17:13:37 itime_t=1601421454 devname=FADV040000002384

Security Log:

id=6878052935251525632 itime=2020-09-29 16:18:12 euid=1 epid=1 dsteuid=1 dstepid=1 date=2020-08-19 time=15:04:13 type=attack subtype=ip_reputation log_id=0200006001 pri=warning msg_id=8891139290340651 count=1 severity=high proto=6 service=http src=20.20.0.1 src_port=55194 dst=20.20.0.100 dst_port=80 policy=VS1 action=deny srccountry=United dstcountry=United msg=IP Reputation Violation: Botnet was detected. device_id=FADV040000002384 vd=root dtime=2020-08-19 15:04:13 itime_t=1601421492 devname=FADV040000002384

Event Log:

d=6878052845057212416 itime=2020-09-29 16:17:51 euid=1 epid=1 dsteuid=1 dstepid=1 date=2020-08-19 time=16:32:11 type=event subtype=config log_id=0000000100 pri=information msg_id=8891139290341031 user=admin ui=telnet(10.106.3.210) action=add logdesc=Change msg=added cfgpath=system cfgobj=name cfgattr=HC_dnsv6 device_id=FADV040000002384 vd=root dtime=2020-08-19 16:32:11 itime_t=1601421471 devname=FADV040000002384

FortiADC logging 6.4.3

FortiADC logs are supported on FortiAnalyzer.

To enable FortiADC logging:
  1. On FortiADC, go to Logs & Report > Log Setting and click the Syslog Server tab.
  2. Click Create New to create a remote log server. In the Proto field select UDP. FortiADC currently only supports this protocol. Click Save once complete.

    Once the remote log server is created and logs are generated on the FortiADC, the logs are sent to FortiAnalyzer.
  3. On FortiAnalyzer, go to the Device Manager and click the Unauthorized view to see the FortiADC device.
    Promote the FortiADC device to a Fabric ADOM, for example the root ADOM. FortiADC devices can only be added to Fabric ADOMs.

    After the FortiADC device is registered in the Device Manager, the FortiADC's logs can be stored and displayed in Log View.
Sample FortiADC Logs:

Traffic log:

id=6878052772042768384 itime=2020-09-29 16:17:34 euid=1 epid=1 dsteuid=1 dstepid=1 date=2020-08-19 time=17:13:37 type=traffic subtype=slb_layer4 log_id=0100008000 pri=information msg_id=8891139290341374 proto=6 src=20.20.0.1 src_port=55442 dst=20.20.0.100 dst_port=80 policy=VS1 action=none srccountry=United dstcountry=United duration=3 ibytes=398 obytes=1075 service=tcp trans_src=20.20.0.1 trans_src_port=55442 trans_dst=20.20.2.3 trans_dst_port=80 real_server=pool1-3 device_id=FADV040000002384 vd=root dtime=2020-08-19 17:13:37 itime_t=1601421454 devname=FADV040000002384

Security Log:

id=6878052935251525632 itime=2020-09-29 16:18:12 euid=1 epid=1 dsteuid=1 dstepid=1 date=2020-08-19 time=15:04:13 type=attack subtype=ip_reputation log_id=0200006001 pri=warning msg_id=8891139290340651 count=1 severity=high proto=6 service=http src=20.20.0.1 src_port=55194 dst=20.20.0.100 dst_port=80 policy=VS1 action=deny srccountry=United dstcountry=United msg=IP Reputation Violation: Botnet was detected. device_id=FADV040000002384 vd=root dtime=2020-08-19 15:04:13 itime_t=1601421492 devname=FADV040000002384

Event Log:

d=6878052845057212416 itime=2020-09-29 16:17:51 euid=1 epid=1 dsteuid=1 dstepid=1 date=2020-08-19 time=16:32:11 type=event subtype=config log_id=0000000100 pri=information msg_id=8891139290341031 user=admin ui=telnet(10.106.3.210) action=add logdesc=Change msg=added cfgpath=system cfgobj=name cfgattr=HC_dnsv6 device_id=FADV040000002384 vd=root dtime=2020-08-19 16:32:11 itime_t=1601421471 devname=FADV040000002384