Fortinet black logo

New Features

Extend log timestamp to nanoseconds  6.2.1

Copy Link
Copy Doc ID 761d83e3-4a7b-11e9-94bf-00505692583a:274515
Download PDF

Extend log timestamp to nanoseconds 6.2.1

This feature extends the log eventtime field from seconds to nanoseconds, making epoch timestamp more accurate and event sequencing more manageable.

Existing log data before this version is not converted and retain the timestamp in seconds.

When some logs have the timestamp in seconds and some in nanoseconds, the log range filter cannot display results based on a calibrated unit. For example, the command execute log filter field eventtime nanosec1-nanosec2 does not include logs recorded in seconds even if they are within the time range.

The nanosecond epoch timestamp is displayed in the Log Details pane in the Other section in the Log event original timestamp field. See the sample traffic log and the sample UTM log below.

In the CLI, the eventtime field shows the nanosecond epoch timestamp. See the sample logs below.

          1: date=2019-05-06 time=18:10:42 logid="0000000013" type="traffic" subtype="forward" level="notice" vd="root" eventtime=1557191442762142681 srcip=10.1.100.11 identifier=19586 srcintf="port1" srcintfrole="lan" dstip=172.16.200.44 dstintf="to_Server" dstintfrole="undefined" poluuid="3eee2894-6ba6-51e9-701a-3e36040a7691" sessionid=18577 proto=1 action="accept" policyid=5 policytype="policy" service="PING" dstcountry="Reserved" srccountry="Reserved" trandisp="noop" duration=132 sentbyte=6132 rcvdbyte=6132 sentpkt=73 rcvdpkt=73 vpn="to_Server" vpntype="ipsec-static" appcat="unscanned" devtype="Linux PC" devcategory="None" osname="Linux" osversion="Debian" mastersrcmac="00:0c:29:8d:4b:85" srcmac="00:0c:29:8d:4b:85" srcserver=0
          2: date=2019-05-06 time=17:59:54 logid="0000000013" type="traffic" subtype="forward" level="notice" vd="root" eventtime=1557190793962136380 srcip=10.1.100.11 identifier=19504 srcintf="port1" srcintfrole="lan" dstip=172.16.200.55 dstintf="port2" dstintfrole="lan" poluuid="4756c21c-66d2-51e9-1813-5ac7998004b1" sessionid=17902 proto=1 action="accept" policyid=3 policytype="policy" service="PING" dstcountry="Reserved" srccountry="Reserved" trandisp="snat" transip=172.16.200.5 transport=0 duration=62 sentbyte=168 rcvdbyte=168 sentpkt=2 rcvdpkt=2 appcat="unscanned" devtype="Linux PC" devcategory="None" osname="Linux" osversion="Debian" mastersrcmac="00:0c:29:8d:4b:85" srcmac="00:0c:29:8d:4b:85" srcserver=0

Extend log timestamp to nanoseconds 6.2.1

This feature extends the log eventtime field from seconds to nanoseconds, making epoch timestamp more accurate and event sequencing more manageable.

Existing log data before this version is not converted and retain the timestamp in seconds.

When some logs have the timestamp in seconds and some in nanoseconds, the log range filter cannot display results based on a calibrated unit. For example, the command execute log filter field eventtime nanosec1-nanosec2 does not include logs recorded in seconds even if they are within the time range.

The nanosecond epoch timestamp is displayed in the Log Details pane in the Other section in the Log event original timestamp field. See the sample traffic log and the sample UTM log below.

In the CLI, the eventtime field shows the nanosecond epoch timestamp. See the sample logs below.

          1: date=2019-05-06 time=18:10:42 logid="0000000013" type="traffic" subtype="forward" level="notice" vd="root" eventtime=1557191442762142681 srcip=10.1.100.11 identifier=19586 srcintf="port1" srcintfrole="lan" dstip=172.16.200.44 dstintf="to_Server" dstintfrole="undefined" poluuid="3eee2894-6ba6-51e9-701a-3e36040a7691" sessionid=18577 proto=1 action="accept" policyid=5 policytype="policy" service="PING" dstcountry="Reserved" srccountry="Reserved" trandisp="noop" duration=132 sentbyte=6132 rcvdbyte=6132 sentpkt=73 rcvdpkt=73 vpn="to_Server" vpntype="ipsec-static" appcat="unscanned" devtype="Linux PC" devcategory="None" osname="Linux" osversion="Debian" mastersrcmac="00:0c:29:8d:4b:85" srcmac="00:0c:29:8d:4b:85" srcserver=0
          2: date=2019-05-06 time=17:59:54 logid="0000000013" type="traffic" subtype="forward" level="notice" vd="root" eventtime=1557190793962136380 srcip=10.1.100.11 identifier=19504 srcintf="port1" srcintfrole="lan" dstip=172.16.200.55 dstintf="port2" dstintfrole="lan" poluuid="4756c21c-66d2-51e9-1813-5ac7998004b1" sessionid=17902 proto=1 action="accept" policyid=3 policytype="policy" service="PING" dstcountry="Reserved" srccountry="Reserved" trandisp="snat" transip=172.16.200.5 transport=0 duration=62 sentbyte=168 rcvdbyte=168 sentpkt=2 rcvdpkt=2 appcat="unscanned" devtype="Linux PC" devcategory="None" osname="Linux" osversion="Debian" mastersrcmac="00:0c:29:8d:4b:85" srcmac="00:0c:29:8d:4b:85" srcserver=0