Fortinet black logo

Handbook

VPN event logs

6.0.0
Copy Link
Copy Doc ID 4afb0436-a998-11e9-81a4-00505692583a:730095
Download PDF

VPN event logs

You can configure the FortiGate unit to log VPN events. For IPsec VPNs, Phase 1 and Phase 2 authentication and encryption events are logged. For information about how to interpret log messages, see the FortiGate Log Message Reference.

Logging VPN events
  1. Go to Log & Report > Log Settings.
  2. Verify that the VPN activity event option is selected.
  3. Select Apply.
Viewing event logs
  1. Go to Log & Report > VPN Events.
  2. Select the Log location.

Sending tunnel statistics to FortiAnalyzer

By default, logged events include tunnel-up and tunnel-down status events. Other events, by default, will appear in the FortiAnalyzer report as "No Data Available". More accurate results require logs with action=tunnel-stats, which is used in generating reports on the FortiAnalyzer (rather than the tunnel-up and tunnel-down event logs). The FortiGate does not, by default, send tunnel-stats information.

To allow VPN tunnel-stats to be sent to FortiAnalyzer, configure the FortiGate unit as follows using the CLI:

config system settings

set vpn-stats-log ipsec ssl

set vpn-stats-period 300

end

VPN event logs

You can configure the FortiGate unit to log VPN events. For IPsec VPNs, Phase 1 and Phase 2 authentication and encryption events are logged. For information about how to interpret log messages, see the FortiGate Log Message Reference.

Logging VPN events
  1. Go to Log & Report > Log Settings.
  2. Verify that the VPN activity event option is selected.
  3. Select Apply.
Viewing event logs
  1. Go to Log & Report > VPN Events.
  2. Select the Log location.

Sending tunnel statistics to FortiAnalyzer

By default, logged events include tunnel-up and tunnel-down status events. Other events, by default, will appear in the FortiAnalyzer report as "No Data Available". More accurate results require logs with action=tunnel-stats, which is used in generating reports on the FortiAnalyzer (rather than the tunnel-up and tunnel-down event logs). The FortiGate does not, by default, send tunnel-stats information.

To allow VPN tunnel-stats to be sent to FortiAnalyzer, configure the FortiGate unit as follows using the CLI:

config system settings

set vpn-stats-log ipsec ssl

set vpn-stats-period 300

end