Source & Destination UUID Logging
This feature has two parts:
- The
log-uuid
setting insystem global
is split into two settings:log-uuid-address
andlog-uuid policy
. - Two
internet-service
name fields are added to the traffic log: Source Internet Service (srcinetsvc
) and Destination Internet Service (dstinetsvc
).
Log UUIDs
This feature allows matching UUIDs for each source and destination that match a policy to be added to the traffic log. This allows the address objects to be referenced in log analysis and reporting.
As this may consume a significant amount of storage space, this feature is optional. By default, policy UUID insertion is enabled and address UUID insertion is disabled.
To enable insertion of address and policy UUIDs to traffic logs in the GUI:
- Go to Log Settings.
- Under UUIDs in Traffic Log, enable Policy and/or Address.
- Click Apply.
To enable insertion of address and policy UUIDs to traffic logs in the CLI:
Enter the following CLI commands:
config system global
set log-uuid-address enable
set log-uuid-policy enable
end
Example forward traffic log:
# date=2019-01-25 time=11:32:55 logid="0000000013" type="traffic" subtype="forward" level="notice" vd="vdom1" eventtime=1528223575 srcip=192.168.1.183 srcname="PC24" srcport=33709 srcintf="lan" srcintfrole="lan" dstip=192.168.70.184 dstport=80 dstintf="wan1" dstintfrole="wan" srcuuid="27dd503e‑883c‑51e7‑ade1‑7e015d46494f" dstuuid="27dd503e-883c-51e7-ade1-7e015d46494f" poluuid="9e0fe24c‑1808‑51e8‑1257‑68ce4245572c" sessionid=5181 proto=6 action="client-rst" policyid=4 policytype="policy" service="HTTP" trandisp="snat" transip=192.168.70.228 transport=33709 appid=38783 app="Wget" appcat="General.Interest" apprisk="low" applist="default" duration=5 sentbyte=450 rcvdbyte=2305 sentpkt=6 wanin=368 wanout=130 lanin=130 lanout=130 utmaction="block" countav=2 countapp=1 crscore=50 craction=2 devtype="Linux PC" devcategory="None" osname="Linux" mastersrcmac="00:0c:29:36:5c:c3" srcmac="00:0c:29:36:5c:c3" srcserver=0 utmref=65523-1018
Internet service name fields
The forward traffic log for internet-service has two new fields: Source Internet Service and Destination Internet Service.
Example internet-service name fields in forward traffic log:
# date=2019-01-25 time=14:17:04 logid="0000000013" type="traffic" subtype="forward" level="notice" vd="vdom1" eventtime=1548454622 srcip=10.1.100.11 srcport=51112 srcintf="port3" srcintfrole="undefined" dstip=172.217.14.228 dstport=80 dstintf="port1" dstintfrole="undefined" poluuid="af519380-2094-51e9-391c-b78e8edbddfc" srcinetsvc="isdb-875099" dstinetsvc="Google.Gmail" sessionid=6930 proto=6 action="close" policyid=2 policytype="policy" service="HTTP" dstcountry="United States" srccountry="Reserved" trandisp="snat" transip=172.16.200.2 transport=51112 duration=11 sentbyte=398 rcvdbyte=756 sentpkt=6 rcvdpkt=4 appcat="unscanned" devtype="Router/NAT Device" devcategory="Fortinet Device" mastersrcmac="90:6c:ac:41:7a:24" srcmac="90:6c:ac:41:7a:24" srcserver=0 dstdevtype="Unknown" dstdevcategory="Fortinet Device" masterdstmac="08:5b:0e:1f:ed:ed" dstmac="08:5b:0e:1f:ed:ed" dstserver=0