Fortinet black logo

New Features

Source & Destination UUID Logging

Copy Link
Copy Doc ID 761d83e3-4a7b-11e9-94bf-00505692583a:282134
Download PDF

Source & Destination UUID Logging

This feature has two parts:

  • The log-uuid setting in system global is split into two settings: log-uuid-address and log-uuid policy.
  • Two internet-service name fields are added to the traffic log: Source Internet Service (srcinetsvc) and Destination Internet Service (dstinetsvc).

Log UUIDs

This feature allows matching UUIDs for each source and destination that match a policy to be added to the traffic log. This allows the address objects to be referenced in log analysis and reporting.

As this may consume a significant amount of storage space, this feature is optional. By default, policy UUID insertion is enabled and address UUID insertion is disabled.

To enable insertion of address and policy UUIDs to traffic logs in the GUI:
  1. Go to Log Settings.

  2. Under UUIDs in Traffic Log, enable Policy and/or Address.
  3. Click Apply.
To enable insertion of address and policy UUIDs to traffic logs in the CLI:

Enter the following CLI commands:

config system global

set log-uuid-address enable

set log-uuid-policy enable

end

Example forward traffic log:

# date=2019-01-25 time=11:32:55 logid="0000000013" type="traffic" subtype="forward" level="notice" vd="vdom1" eventtime=1528223575 srcip=192.168.1.183 srcname="PC24" srcport=33709 srcintf="lan" srcintfrole="lan" dstip=192.168.70.184 dstport=80 dstintf="wan1" dstintfrole="wan" srcuuid="27dd503e‑883c‑51e7‑ade1‑7e015d46494f" dstuuid="27dd503e-883c-51e7-ade1-7e015d46494f" poluuid="9e0fe24c‑1808‑51e8‑1257‑68ce4245572c" sessionid=5181 proto=6 action="client-rst" policyid=4 policytype="policy" service="HTTP" trandisp="snat" transip=192.168.70.228 transport=33709 appid=38783 app="Wget" appcat="General.Interest" apprisk="low" applist="default" duration=5 sentbyte=450 rcvdbyte=2305 sentpkt=6 wanin=368 wanout=130 lanin=130 lanout=130 utmaction="block" countav=2 countapp=1 crscore=50 craction=2 devtype="Linux PC" devcategory="None" osname="Linux" mastersrcmac="00:0c:29:36:5c:c3" srcmac="00:0c:29:36:5c:c3" srcserver=0 utmref=65523-1018

Internet service name fields

The forward traffic log for internet-service has two new fields: Source Internet Service and Destination Internet Service.

Example internet-service name fields in forward traffic log:

# date=2019-01-25 time=14:17:04 logid="0000000013" type="traffic" subtype="forward" level="notice" vd="vdom1" eventtime=1548454622 srcip=10.1.100.11 srcport=51112 srcintf="port3" srcintfrole="undefined" dstip=172.217.14.228 dstport=80 dstintf="port1" dstintfrole="undefined" poluuid="af519380-2094-51e9-391c-b78e8edbddfc" srcinetsvc="isdb-875099" dstinetsvc="Google.Gmail" sessionid=6930 proto=6 action="close" policyid=2 policytype="policy" service="HTTP" dstcountry="United States" srccountry="Reserved" trandisp="snat" transip=172.16.200.2 transport=51112 duration=11 sentbyte=398 rcvdbyte=756 sentpkt=6 rcvdpkt=4 appcat="unscanned" devtype="Router/NAT Device" devcategory="Fortinet Device" mastersrcmac="90:6c:ac:41:7a:24" srcmac="90:6c:ac:41:7a:24" srcserver=0 dstdevtype="Unknown" dstdevcategory="Fortinet Device" masterdstmac="08:5b:0e:1f:ed:ed" dstmac="08:5b:0e:1f:ed:ed" dstserver=0

Source & Destination UUID Logging

This feature has two parts:

  • The log-uuid setting in system global is split into two settings: log-uuid-address and log-uuid policy.
  • Two internet-service name fields are added to the traffic log: Source Internet Service (srcinetsvc) and Destination Internet Service (dstinetsvc).

Log UUIDs

This feature allows matching UUIDs for each source and destination that match a policy to be added to the traffic log. This allows the address objects to be referenced in log analysis and reporting.

As this may consume a significant amount of storage space, this feature is optional. By default, policy UUID insertion is enabled and address UUID insertion is disabled.

To enable insertion of address and policy UUIDs to traffic logs in the GUI:
  1. Go to Log Settings.

  2. Under UUIDs in Traffic Log, enable Policy and/or Address.
  3. Click Apply.
To enable insertion of address and policy UUIDs to traffic logs in the CLI:

Enter the following CLI commands:

config system global

set log-uuid-address enable

set log-uuid-policy enable

end

Example forward traffic log:

# date=2019-01-25 time=11:32:55 logid="0000000013" type="traffic" subtype="forward" level="notice" vd="vdom1" eventtime=1528223575 srcip=192.168.1.183 srcname="PC24" srcport=33709 srcintf="lan" srcintfrole="lan" dstip=192.168.70.184 dstport=80 dstintf="wan1" dstintfrole="wan" srcuuid="27dd503e‑883c‑51e7‑ade1‑7e015d46494f" dstuuid="27dd503e-883c-51e7-ade1-7e015d46494f" poluuid="9e0fe24c‑1808‑51e8‑1257‑68ce4245572c" sessionid=5181 proto=6 action="client-rst" policyid=4 policytype="policy" service="HTTP" trandisp="snat" transip=192.168.70.228 transport=33709 appid=38783 app="Wget" appcat="General.Interest" apprisk="low" applist="default" duration=5 sentbyte=450 rcvdbyte=2305 sentpkt=6 wanin=368 wanout=130 lanin=130 lanout=130 utmaction="block" countav=2 countapp=1 crscore=50 craction=2 devtype="Linux PC" devcategory="None" osname="Linux" mastersrcmac="00:0c:29:36:5c:c3" srcmac="00:0c:29:36:5c:c3" srcserver=0 utmref=65523-1018

Internet service name fields

The forward traffic log for internet-service has two new fields: Source Internet Service and Destination Internet Service.

Example internet-service name fields in forward traffic log:

# date=2019-01-25 time=14:17:04 logid="0000000013" type="traffic" subtype="forward" level="notice" vd="vdom1" eventtime=1548454622 srcip=10.1.100.11 srcport=51112 srcintf="port3" srcintfrole="undefined" dstip=172.217.14.228 dstport=80 dstintf="port1" dstintfrole="undefined" poluuid="af519380-2094-51e9-391c-b78e8edbddfc" srcinetsvc="isdb-875099" dstinetsvc="Google.Gmail" sessionid=6930 proto=6 action="close" policyid=2 policytype="policy" service="HTTP" dstcountry="United States" srccountry="Reserved" trandisp="snat" transip=172.16.200.2 transport=51112 duration=11 sentbyte=398 rcvdbyte=756 sentpkt=6 rcvdpkt=4 appcat="unscanned" devtype="Router/NAT Device" devcategory="Fortinet Device" mastersrcmac="90:6c:ac:41:7a:24" srcmac="90:6c:ac:41:7a:24" srcserver=0 dstdevtype="Unknown" dstdevcategory="Fortinet Device" masterdstmac="08:5b:0e:1f:ed:ed" dstmac="08:5b:0e:1f:ed:ed" dstserver=0